net-snmp-coders — Discussion of internal project coding (Please use this OR -users, NOT both!)

Re: snmp5.9 v3 issues with initial user.

[Wes H. <har...@us...>]

Justin Cook <jc...@en...> writes:

It looks like this was resolved (passwords must be 8 characters long).
My memory says -X was optional because it would reused the -A password,
but my memory must be wrong.

Also, do make sure that your snmpd daemon isn't running when you create
new users with the net-snmp-config command, because when the agent shuts
down it will overwrite your new user that it doesn't yet have.

(you can also create new users live with the snmpusm tool, but it's a
bit more complex)
-- 
Wes Hardaker
Please mail all replies to net...@li...

Re: Traditional API & snmpv3

[Wes H. <har...@us...>]

Harald Krammer <hk...@hk...> writes:

> If an SNMPv3 node is missing, the function is blocked.

What function is getting blocked?  Anything in our library should return
with a timeout error just like v1/v2.  Yes, the engineID won't be
retrievable but it shouldn't cause anything to hang indefinitely.
-- 
Wes Hardaker
Please mail all replies to net...@li...

Posix_Spawn and snmpusm

[Justin C. <jc...@en...>]

Hi Coders,

I've uncovered an issue with our code base when using posix_spawn to create users for snmp.  The below is a snippet of our code.

sprintf_s(strIn, sizeof(strIn), "/usr/local/bin/snmpusm -n %c%c -v3 -u %s -l authNoPriv -a MD5 -A %s localhost create %s", '"', '"',
            strCloneFromUserName, strClonePassword, strUser);


printf("SNMP: execute %s\n", strCommandLine);
    while (strCommandLine[i])
    {
        argv[nArgs] = &strCommandLine[i];
        while (strCommandLine[i] && strCommandLine[i] != ' ')
        {
            ++i;
        }
        if (strCommandLine[i] == ' ')
        {
            strCommandLine[i] = 0;
            ++i;
        }
        ++nArgs;
    }
    argv[nArgs] = NULL;

posix_spawn(&pid, argv[0], NULL, NULL, argv, environ);

The behavior seen appears like the command is cut off when executing. Stating that no IP(localhost) was specified. We are running on centos 7 and I'm pretty sure this is an environment issue from when the spawn is setup. If I printf the command being sent to the spawn it runs to perfection.

Is this the correct approach or is there a better method built into the NET-SNMP library what we can compile into our binary?

Justin Cook


--- CONFIDENTIALITY NOTICE: This email and any attachments are for the exclusive and confidential use of the intended recipient. If you are not the intended recipient, please do not read, distribute or take action in reliance upon this message. If you have received this in error, please notify us immediately by return email and promptly delete this message and its attachments from your computer system.

Traditional API & snmpv3

[Harald K. <hk...@hk...>]

Hello !

I use the SNMP client on a small embedded system to generate a summary 
message for around 150 SNMP-Server nodes (only SNMPv1/v2). This works 
flawlessly and only requires one thread through the traditional API.

Now I should also support snmpv3. That works too, but...

If an SNMPv3 node is missing, the function is blocked. This is because 
of the generation of the SNMP Engine ID (that's also clear to me so 
far). I should realize the query interval under 1 ... 2 minutes.


Does anyone have an idea which way to go?
I currently have two ideas for a solution, but I don't like either.

- Switch to the snmp_sess_ API, but only have resources for 3..4 
threads. I will need management for available servers and unavailable 
servers, so that the poll interval is not too long.

- Install an additional state in the library and expire the session id 
via the select loop without blocking. But  I expect some problems in 
details. (I only see the resources :)


Any suggestion are welcome!

Harald

Re: snmp5.9 v3 issues with initial user.

[Craig S. <cs...@dr...>]

The snmp create user command put this line in my /var/lib/snmp/snmpd.conf
createUser myuser MD5 "my_password" DES ""

I got in my logs:
Feb 02 11:44:02 floyd snmpd[1401586]: Error: passphrase chosen is below the
length requirements of the USM (min=8).
Feb 02 11:44:02 floyd snmpd[1401586]: /var/lib/snmp/snmpd.conf: line 53:
Error: could not generate the authentication key from the supplied pass
phrase.

Yep, empty string is less than 8 characters.

Using the create user with an extra "-X my_password" makes it happy, you'll
see the createUser line go and a usmUser line appear.

Maybe the old tool just assumed if there was no -X it used the -A password
for both?

 - Craig

On Tue, 2 Feb 2021 at 02:22, Justin Cook <jc...@en...> wrote:

> Hi net-snmp-coders,
>
>
>
> I’ve been working on updating the net-snmp version of software we use on
> Centos 7 to net-snmp 5.9.  This is being required because of a
> vulnerability that is know in the NIST vulnerability database. We develop
> our own MIB groups in C and compile them in to source code repos that we
> pull for the site.  Everything has worked great for -v2c. We are now trying
> to get this implemented for -v3 and running into major issues.  I believe
> this is a configuration issues because running the following command on
> “net-snmp-config --create-snmpv3-user -a MD5 -A myuser12345 myuser”  from
> this guide
> <https://www.thegeekdiary.com/centos-rhel-6-install-and-configure-snmpv3/>.
> This creates everything here.
>
>
>
> [root@localhost]# net-snmp-config --create-snmpv3-user -a MD5 -A
> my_password myuser
>
> adding the following line to /var/net-snmp/snmpd.conf:
>
>    createUser myuser MD5 "my_password" DES ""
>
> adding the following line to /snmp/snmpd.conf:
>
>    rwuser myuser
>
>
>
> This appears to be where the issue happen.  When I start our compiled
> snmpd binary it seems to overwrite /var/net-snmp/snmpd.conf every time.
> Therefore I can never create our initial snmpv3 users and every time I run
> a snmpwalk I get.
>
>
>
> [evcLinuxAdmin@localhost ~]$ snmpwalk -v3 -u myuser -l authNoPriv -a MD5
> -A my_ password localhost
>
> snmpwalk: Unknown user name
>
>
>
> I’ve stepped back and stripped all our C mib-group code from the build to
> keep it all repo only code. I did this to ensure it’s not us.  Running into
> the same issue there I dropped back to run on the yum installed net-snmp
> version that is know to our yum repo created the user again following the
> guide from above.
>
>
>
> [user@localhost ~]$ /usr/sbin/snmpd --version
>
>
>
> NET-SNMP version:  5.7.2
>
> Web:               http://www.net-snmp.org/
>
> Email:             net...@li...
>
>
>
> [root]# net-snmp-config --create-snmpv3-user -a MD5 -A my_password myuser
>
> adding the following line to /var/net-snmp/snmpd.conf:
>
>    createUser myuser MD5 "my_password" DES ""
>
> adding the following line to /snmp/snmpd.conf:
>
>    rwuser myuser
>
>
>
> Then I started the snmp service
>
>
>
> [---@localhost ~]$ service snmpd start
>
> Redirecting to /bin/systemctl start snmpd.service
>
> ==== AUTHENTICATING FOR org.freedesktop.systemd1.manage-units ===
>
> Authentication is required to manage system services or units.
>
> Authenticating as:
>
> Password:
>
> ==== AUTHENTICATION COMPLETE ===
>
> [---@localhost ~]$
>
>
>
>
>
> Now that the system is running my snmpwalk command works for -v3
>
>         snmpwalk -v3 -u myuser -l authNoPriv -a MD5 -A my_password localhost
>
>
>
> I was also able to use the snmpusm command to create additional users.
> When using this on the 5.9 repo all I get is user not found.
>
>
>
> Jumping back to the 5.9 binary build I know the following
>
>
>
> sudo snmpd -Dread_config -H 2>&1 | grep Read | sort -u
>
> [sudo] password for evcLinuxAdmin:
>
> read_config:file: Reading configuration /etc/snmp/snmpd.conf (0)
>
> read_config:file: Reading configuration /etc/snmp/snmpd.conf (1)   -----à
> This file has my rwuser myuser
>
> read_config:file: Reading configuration /var/lib/net-snmp/snmpd.conf (0)
>
> read_config:file: Reading configuration /var/lib/net-snmp/snmpd.conf (1)
> –> I manually added the create user info to this file for myuser and it
> doesn’t seem to be picking it up.
>
>
>
> [evcLinuxAdmin@localhost ~]$ snmpd -Dread_config -H 2>&1 | grep
> config:path | sort -u
>
> read_config:path:  config path used for
> agentx:/usr/local/etc/snmp:/usr/local/share/snmp:/usr/local/lib/snmp:/home/evcLinuxAdmin/.snmp
> (persistent path:/var/net-snmp)
>
> read_config:path:  config path used for agentx:/var/net-snmp (persistent
> path:/var/net-snmp)  à This is where everything was originally created
> but deleted when snmpd starts.
>
> read_config:path:  config path used for
> snmpd:/usr/local/etc/snmp:/usr/local/share/snmp:/usr/local/lib/snmp:/home/evcLinuxAdmin/.snmp
> (persistent path:/var/net-snmp)
>
> read_config:path:  config path used for snmpd:/var/net-snmp (persistent
> path:/var/net-snmp)
>
> read_config:path:  config path used for
> snmp:/usr/local/etc/snmp:/usr/local/share/snmp:/usr/local/lib/snmp:/home/evcLinuxAdmin/.snmp
> (persistent path:/var/net-snmp)
>
> read_config:path:  config path used for snmp:/var/net-snmp (persistent
> path:/var/net-snmp)
>
>
>
> At this point I think it’s a configuration parameter but I don’t see
> anything that would effect or cause this behavior.  I didn’t see anything
> in the change log to suggest 5.9 was changed from 5.7.  Any help you can
> provide would be helpful as this is needed to meet a customer deliverable.
> Perhaps there is a clear document out there because I have been all over
> the net-snmp provided documents and nothing was found to solve my problem.
>
>
>
> Thanks
>
> Justin
>
>
>
>
>
> --- CONFIDENTIALITY NOTICE: This email and any attachments are for the
> exclusive and confidential use of the intended recipient. If you are not
> the intended recipient, please do not read, distribute or take action in
> reliance upon this message. If you have received this in error, please
> notify us immediately by return email and promptly delete this message and
> its attachments from your computer system.
> _______________________________________________
> Net-snmp-coders mailing list
> Net...@li...
> https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
>

snmp5.9 v3 issues with initial user

[Justin C. <jc...@en...>]

Hi net-snmp-coders,

I've been working on updating the net-snmp version of software we use on Centos 7 to net-snmp 5.9.  This is being required because of a vulnerability that is know in the NIST vulnerability database. We develop our own MIB groups in C and compile them in to source code repos that we pull for the site.  Everything has worked great for -v2c. We are now trying to get this implemented for -v3 and running into major issues.  I believe this is a configuration issues because running the following command on "net-snmp-config --create-snmpv3-user -a MD5 -A myuser12345 myuser"  from this guide<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.thegeekdiary.com%2Fcentos-rhel-6-install-and-configure-snmpv3%2F&data=04%7C01%7Cjcook%40envistacom.com%7C38ac1d1419234f50efe508d8c6c52549%7C8d7424e25e1b48f699abe818cd9f5507%7C1%7C0%7C637477897349851608%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=fH18R0pTYx5XrXTYoeCPOEdGF6brGEwSk5I0JGTprew%3D&reserved=0>. This creates everything here.


[root@localhost]# net-snmp-config --create-snmpv3-user -a MD5 -A my_password myuser
adding the following line to /var/net-snmp/snmpd.conf:
   createUser myuser MD5 "my_password" DES ""
adding the following line to /snmp/snmpd.conf:
   rwuser myuser

This appears to be where the issue happen.  When I start our compiled snmpd binary it seems to overwrite /var/net-snmp/snmpd.conf every time.  Therefore I can never create our initial snmpv3 users and every time I run a snmpwalk I get.

[evcLinuxAdmin@localhost ~]$ snmpwalk -v3 -u myuser -l authNoPriv -a MD5 -A my_ password localhost
snmpwalk: Unknown user name

I've stepped back and stripped all our C mib-group code from the build to keep it all repo only code. I did this to ensure it's not us.  Running into the same issue there I dropped back to run on the yum installed net-snmp version that is know to our yum repo created the user again following the guide from above.

[user@localhost ~]$ /usr/sbin/snmpd --version

NET-SNMP version:  5.7.2
Web:               http://www.net-snmp.org/
Email:             net...@li...<mailto:net...@li...>

[root]# net-snmp-config --create-snmpv3-user -a MD5 -A my_password myuser
adding the following line to /var/net-snmp/snmpd.conf:
   createUser myuser MD5 "my_password" DES ""
adding the following line to /snmp/snmpd.conf:
   rwuser myuser

Then I started the snmp service

[---@localhost ~]$ service snmpd start
Redirecting to /bin/systemctl start snmpd.service
==== AUTHENTICATING FOR org.freedesktop.systemd1.manage-units ===
Authentication is required to manage system services or units.
Authenticating as:
Password:
==== AUTHENTICATION COMPLETE ===
[---@localhost ~]$


Now that the system is running my snmpwalk command works for -v3

        snmpwalk -v3 -u myuser -l authNoPriv -a MD5 -A my_password localhost

I was also able to use the snmpusm command to create additional users. When using this on the 5.9 repo all I get is user not found.

Jumping back to the 5.9 binary build I know the following

sudo snmpd -Dread_config -H 2>&1 | grep Read | sort -u
[sudo] password for evcLinuxAdmin:
read_config:file: Reading configuration /etc/snmp/snmpd.conf (0)
read_config:file: Reading configuration /etc/snmp/snmpd.conf (1)   ------->  This file has my rwuser myuser
read_config:file: Reading configuration /var/lib/net-snmp/snmpd.conf (0)
read_config:file: Reading configuration /var/lib/net-snmp/snmpd.conf (1) -> I manually added the create user info to this file for myuser and it doesn't seem to be picking it up.

[evcLinuxAdmin@localhost ~]$ snmpd -Dread_config -H 2>&1 | grep config:path | sort -u
read_config:path:  config path used for agentx:/usr/local/etc/snmp:/usr/local/share/snmp:/usr/local/lib/snmp:/home/evcLinuxAdmin/.snmp (persistent path:/var/net-snmp)
read_config:path:  config path used for agentx:/var/net-snmp (persistent path:/var/net-snmp)  --> This is where everything was originally created but deleted when snmpd starts.
read_config:path:  config path used for snmpd:/usr/local/etc/snmp:/usr/local/share/snmp:/usr/local/lib/snmp:/home/evcLinuxAdmin/.snmp (persistent path:/var/net-snmp)
read_config:path:  config path used for snmpd:/var/net-snmp (persistent path:/var/net-snmp)
read_config:path:  config path used for snmp:/usr/local/etc/snmp:/usr/local/share/snmp:/usr/local/lib/snmp:/home/evcLinuxAdmin/.snmp (persistent path:/var/net-snmp)
read_config:path:  config path used for snmp:/var/net-snmp (persistent path:/var/net-snmp)

At this point I think it's a configuration parameter but I don't see anything that would effect or cause this behavior.  I didn't see anything in the change log to suggest 5.9 was changed from 5.7.  Any help you can provide would be helpful as this is needed to meet a customer deliverable.  Perhaps there is a clear document out there because I have been all over the net-snmp provided documents and nothing was found to solve my problem.

Thanks
Justin


Justin Cook
Software Technical Engineering Manager

[cid:image001.png@01D6F884.FA255350]

Envistacom, LLC
C: 301.712.5481
jc...@en...<mailto:jc...@en...>
www.envistacom.com<https://www.envistacom.com/>

--- CONFIDENTIALITY NOTICE: This email and any attachments are for the exclusive and confidential use of the intended recipient. If you are not the intended recipient, please do not read, distribute or take action in reliance upon this message. If you have received this in error, please notify us immediately by return email and promptly delete this message and its attachments from your computer system.

snmp5.9 v3 issues with initial user

[Justin C. <JMC...@ms...>]

Hi net-snmp-coders,

I’ve been working on updating the net-snmp version of software we use on Centos 7 to net-snmp 5.9.  This is being required because of a vulnerability that is know in the NIST vulnerability database. We develop our own MIB groups in C and compile them in to source code repos that we pull for the site.  Everything has worked great for -v2c. We are now trying to get this implemented for -v3 and running into major issues.  I believe this is a configuration issues because running the following command on “net-snmp-config --create-snmpv3-user -a MD5 -A myuser12345 myuser”  from this guide<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.thegeekdiary.com%2Fcentos-rhel-6-install-and-configure-snmpv3%2F&data=04%7C01%7Cjcook%40envistacom.com%7C38ac1d1419234f50efe508d8c6c52549%7C8d7424e25e1b48f699abe818cd9f5507%7C1%7C0%7C637477897349851608%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=fH18R0pTYx5XrXTYoeCPOEdGF6brGEwSk5I0JGTprew%3D&reserved=0>. This creates everything here.


[root@localhost]# net-snmp-config --create-snmpv3-user -a MD5 -A my_password myuser
adding the following line to /var/net-snmp/snmpd.conf:
   createUser myuser MD5 "my_password" DES ""
adding the following line to /snmp/snmpd.conf:
   rwuser myuser

This appears to be where the issue happen.  When I start our compiled snmpd binary it seems to overwrite /var/net-snmp/snmpd.conf every time.  Therefore I can never create our initial snmpv3 users and every time I run a snmpwalk I get.

[evcLinuxAdmin@localhost ~]$ snmpwalk -v3 -u myuser -l authNoPriv -a MD5 -A my_ password localhost
snmpwalk: Unknown user name

I’ve stepped back and stripped all our C mib-group code from the build to keep it all repo only code. I did this to ensure it’s not us.  Running into the same issue there I dropped back to run on the yum installed net-snmp version that is know to our yum repo created the user again following the guide from above.

[user@localhost ~]$ /usr/sbin/snmpd --version

NET-SNMP version:  5.7.2
Web:               http://www.net-snmp.org/
Email:             net...@li...<mailto:net...@li...>

[root]# net-snmp-config --create-snmpv3-user -a MD5 -A my_password myuser
adding the following line to /var/net-snmp/snmpd.conf:
   createUser myuser MD5 "my_password" DES ""
adding the following line to /snmp/snmpd.conf:
   rwuser myuser

Then I started the snmp service

[---@localhost ~]$ service snmpd start
Redirecting to /bin/systemctl start snmpd.service
==== AUTHENTICATING FOR org.freedesktop.systemd1.manage-units ===
Authentication is required to manage system services or units.
Authenticating as:
Password:
==== AUTHENTICATION COMPLETE ===
[---@localhost ~]$


Now that the system is running my snmpwalk command works for -v3

        snmpwalk -v3 -u myuser -l authNoPriv -a MD5 -A my_password localhost

I was also able to use the snmpusm command to create additional users. When using this on the 5.9 repo all I get is user not found.

Jumping back to the 5.9 binary build I know the following

sudo snmpd -Dread_config -H 2>&1 | grep Read | sort -u
[sudo] password for evcLinuxAdmin:
read_config:file: Reading configuration /etc/snmp/snmpd.conf (0)
read_config:file: Reading configuration /etc/snmp/snmpd.conf (1)   ------->  This file has my rwuser myuser
read_config:file: Reading configuration /var/lib/net-snmp/snmpd.conf (0)
read_config:file: Reading configuration /var/lib/net-snmp/snmpd.conf (1) –> I manually added the create user info to this file for myuser and it doesn’t seem to be picking it up.

[evcLinuxAdmin@localhost ~]$ snmpd -Dread_config -H 2>&1 | grep config:path | sort -u
read_config:path:  config path used for agentx:/usr/local/etc/snmp:/usr/local/share/snmp:/usr/local/lib/snmp:/home/evcLinuxAdmin/.snmp (persistent path:/var/net-snmp)
read_config:path:  config path used for agentx:/var/net-snmp (persistent path:/var/net-snmp)  -->This is where everything was originally created but deleted when snmpd starts.
read_config:path:  config path used for snmpd:/usr/local/etc/snmp:/usr/local/share/snmp:/usr/local/lib/snmp:/home/evcLinuxAdmin/.snmp (persistent path:/var/net-snmp)
read_config:path:  config path used for snmpd:/var/net-snmp (persistent path:/var/net-snmp)
read_config:path:  config path used for snmp:/usr/local/etc/snmp:/usr/local/share/snmp:/usr/local/lib/snmp:/home/evcLinuxAdmin/.snmp (persistent path:/var/net-snmp)
read_config:path:  config path used for snmp:/var/net-snmp (persistent path:/var/net-snmp)

At this point I think it’s a configuration parameter but I don’t see anything that would effect or cause this behavior.  I didn’t see anything in the change log to suggest 5.9 was changed from 5.7.  Any help you can provide would be helpful as this is needed to meet a customer deliverable.  Perhaps there is a clear document out there because I have been all over the net-snmp provided documents and nothing was found to solve my problem.

Thanks
Justin

snmp5.9 v3 issues with initial user.

[Justin C. <jc...@en...>]

Hi net-snmp-coders,

I've been working on updating the net-snmp version of software we use on Centos 7 to net-snmp 5.9.  This is being required because of a vulnerability that is know in the NIST vulnerability database. We develop our own MIB groups in C and compile them in to source code repos that we pull for the site.  Everything has worked great for -v2c. We are now trying to get this implemented for -v3 and running into major issues.  I believe this is a configuration issues because running the following command on "net-snmp-config --create-snmpv3-user -a MD5 -A myuser12345 myuser"  from this guide<https://www.thegeekdiary.com/centos-rhel-6-install-and-configure-snmpv3/>. This creates everything here.


[root@localhost]# net-snmp-config --create-snmpv3-user -a MD5 -A my_password myuser
adding the following line to /var/net-snmp/snmpd.conf:
   createUser myuser MD5 "my_password" DES ""
adding the following line to /snmp/snmpd.conf:
   rwuser myuser

This appears to be where the issue happen.  When I start our compiled snmpd binary it seems to overwrite /var/net-snmp/snmpd.conf every time.  Therefore I can never create our initial snmpv3 users and every time I run a snmpwalk I get.

[evcLinuxAdmin@localhost ~]$ snmpwalk -v3 -u myuser -l authNoPriv -a MD5 -A my_ password localhost
snmpwalk: Unknown user name

I've stepped back and stripped all our C mib-group code from the build to keep it all repo only code. I did this to ensure it's not us.  Running into the same issue there I dropped back to run on the yum installed net-snmp version that is know to our yum repo created the user again following the guide from above.

[user@localhost ~]$ /usr/sbin/snmpd --version

NET-SNMP version:  5.7.2
Web:               http://www.net-snmp.org/
Email:             net...@li...<mailto:net...@li...>

[root]# net-snmp-config --create-snmpv3-user -a MD5 -A my_password myuser
adding the following line to /var/net-snmp/snmpd.conf:
   createUser myuser MD5 "my_password" DES ""
adding the following line to /snmp/snmpd.conf:
   rwuser myuser

Then I started the snmp service

[---@localhost ~]$ service snmpd start
Redirecting to /bin/systemctl start snmpd.service
==== AUTHENTICATING FOR org.freedesktop.systemd1.manage-units ===
Authentication is required to manage system services or units.
Authenticating as:
Password:
==== AUTHENTICATION COMPLETE ===
[---@localhost ~]$


Now that the system is running my snmpwalk command works for -v3

        snmpwalk -v3 -u myuser -l authNoPriv -a MD5 -A my_password localhost

I was also able to use the snmpusm command to create additional users. When using this on the 5.9 repo all I get is user not found.

Jumping back to the 5.9 binary build I know the following

sudo snmpd -Dread_config -H 2>&1 | grep Read | sort -u
[sudo] password for evcLinuxAdmin:
read_config:file: Reading configuration /etc/snmp/snmpd.conf (0)
read_config:file: Reading configuration /etc/snmp/snmpd.conf (1)   ------->  This file has my rwuser myuser
read_config:file: Reading configuration /var/lib/net-snmp/snmpd.conf (0)
read_config:file: Reading configuration /var/lib/net-snmp/snmpd.conf (1) -> I manually added the create user info to this file for myuser and it doesn't seem to be picking it up.

[evcLinuxAdmin@localhost ~]$ snmpd -Dread_config -H 2>&1 | grep config:path | sort -u
read_config:path:  config path used for agentx:/usr/local/etc/snmp:/usr/local/share/snmp:/usr/local/lib/snmp:/home/evcLinuxAdmin/.snmp (persistent path:/var/net-snmp)
read_config:path:  config path used for agentx:/var/net-snmp (persistent path:/var/net-snmp)  --> This is where everything was originally created but deleted when snmpd starts.
read_config:path:  config path used for snmpd:/usr/local/etc/snmp:/usr/local/share/snmp:/usr/local/lib/snmp:/home/evcLinuxAdmin/.snmp (persistent path:/var/net-snmp)
read_config:path:  config path used for snmpd:/var/net-snmp (persistent path:/var/net-snmp)
read_config:path:  config path used for snmp:/usr/local/etc/snmp:/usr/local/share/snmp:/usr/local/lib/snmp:/home/evcLinuxAdmin/.snmp (persistent path:/var/net-snmp)
read_config:path:  config path used for snmp:/var/net-snmp (persistent path:/var/net-snmp)

At this point I think it's a configuration parameter but I don't see anything that would effect or cause this behavior.  I didn't see anything in the change log to suggest 5.9 was changed from 5.7.  Any help you can provide would be helpful as this is needed to meet a customer deliverable.  Perhaps there is a clear document out there because I have been all over the net-snmp provided documents and nothing was found to solve my problem.

Thanks
Justin



--- CONFIDENTIALITY NOTICE: This email and any attachments are for the exclusive and confidential use of the intended recipient. If you are not the intended recipient, please do not read, distribute or take action in reliance upon this message. If you have received this in error, please notify us immediately by return email and promptly delete this message and its attachments from your computer system.

RE: snmp5.9 v3 issues with initial user.

[Rick D. <rd...@en...>]

This is strange. I could see install possibly overwriting but not running.
I'll look when I get a chance.


Rick Davis
Research Scientist I

[cid:image001.png@01D6F878.319F3650]

O: 571.357.6358   C: 443.802.9996
rd...@en...<mailto:rd...@en...>
www.envistacom.com<https://www.envistacom.com/>
From: Justin Cook <jc...@en...>
Sent: Monday, February 1, 2021 8:48 AM
To: net...@li...
Subject: snmp5.9 v3 issues with initial user.

Hi net-snmp-coders,

I've been working on updating the net-snmp version of software we use on Centos 7 to net-snmp 5.9.  This is being required because of a vulnerability that is know in the NIST vulnerability database. We develop our own MIB groups in C and compile them in to source code repos that we pull for the site.  Everything has worked great for -v2c. We are now trying to get this implemented for -v3 and running into major issues.  I believe this is a configuration issues because running the following command on "net-snmp-config --create-snmpv3-user -a MD5 -A myuser12345 myuser"  from this guide<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.thegeekdiary.com%2Fcentos-rhel-6-install-and-configure-snmpv3%2F&data=04%7C01%7Crdavis%40envistacom.com%7C3055d97b3c7d45a5597b08d8c6b7f63b%7C8d7424e25e1b48f699abe818cd9f5507%7C1%7C0%7C637477840727439923%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=9jR%2FIJ%2FQwEV6juXJwT0rYTE9wAryMVsnrYesdqVgEl4%3D&reserved=0>. This creates everything here.


[root@localhost]# net-snmp-config --create-snmpv3-user -a MD5 -A my_password myuser
adding the following line to /var/net-snmp/snmpd.conf:
   createUser myuser MD5 "my_password" DES ""
adding the following line to /snmp/snmpd.conf:
   rwuser myuser

This appears to be where the issue happen.  When I start our compiled snmpd binary it seems to overwrite /var/net-snmp/snmpd.conf every time.  Therefore I can never create our initial snmpv3 users and every time I run a snmpwalk I get.

[evcLinuxAdmin@localhost ~]$ snmpwalk -v3 -u myuser -l authNoPriv -a MD5 -A my_ password localhost
snmpwalk: Unknown user name

I've stepped back and stripped all our C mib-group code from the build to keep it all repo only code. I did this to ensure it's not us.  Running into the same issue there I dropped back to run on the yum installed net-snmp version that is know to our yum repo created the user again following the guide from above.

[user@localhost ~]$ /usr/sbin/snmpd --version

NET-SNMP version:  5.7.2
Web:               http://www.net-snmp.org/
Email:             net...@li...<mailto:net...@li...>

[root]# net-snmp-config --create-snmpv3-user -a MD5 -A my_password myuser
adding the following line to /var/net-snmp/snmpd.conf:
   createUser myuser MD5 "my_password" DES ""
adding the following line to /snmp/snmpd.conf:
   rwuser myuser

Then I started the snmp service

[---@localhost ~]$ service snmpd start
Redirecting to /bin/systemctl start snmpd.service
==== AUTHENTICATING FOR org.freedesktop.systemd1.manage-units ===
Authentication is required to manage system services or units.
Authenticating as:
Password:
==== AUTHENTICATION COMPLETE ===
[---@localhost ~]$


Now that the system is running my snmpwalk command works for -v3

        snmpwalk -v3 -u myuser -l authNoPriv -a MD5 -A my_password localhost

I was also able to use the snmpusm command to create additional users. When using this on the 5.9 repo all I get is user not found.

Jumping back to the 5.9 binary build I know the following

sudo snmpd -Dread_config -H 2>&1 | grep Read | sort -u
[sudo] password for evcLinuxAdmin:
read_config:file: Reading configuration /etc/snmp/snmpd.conf (0)
read_config:file: Reading configuration /etc/snmp/snmpd.conf (1)   ------->  This file has my rwuser myuser
read_config:file: Reading configuration /var/lib/net-snmp/snmpd.conf (0)
read_config:file: Reading configuration /var/lib/net-snmp/snmpd.conf (1) -> I manually added the create user info to this file for myuser and it doesn't seem to be picking it up.

[evcLinuxAdmin@localhost ~]$ snmpd -Dread_config -H 2>&1 | grep config:path | sort -u
read_config:path:  config path used for agentx:/usr/local/etc/snmp:/usr/local/share/snmp:/usr/local/lib/snmp:/home/evcLinuxAdmin/.snmp (persistent path:/var/net-snmp)
read_config:path:  config path used for agentx:/var/net-snmp (persistent path:/var/net-snmp)  --> This is where everything was originally created but deleted when snmpd starts.
read_config:path:  config path used for snmpd:/usr/local/etc/snmp:/usr/local/share/snmp:/usr/local/lib/snmp:/home/evcLinuxAdmin/.snmp (persistent path:/var/net-snmp)
read_config:path:  config path used for snmpd:/var/net-snmp (persistent path:/var/net-snmp)
read_config:path:  config path used for snmp:/usr/local/etc/snmp:/usr/local/share/snmp:/usr/local/lib/snmp:/home/evcLinuxAdmin/.snmp (persistent path:/var/net-snmp)
read_config:path:  config path used for snmp:/var/net-snmp (persistent path:/var/net-snmp)

At this point I think it's a configuration parameter but I don't see anything that would effect or cause this behavior.  I didn't see anything in the change log to suggest 5.9 was changed from 5.7.  Any help you can provide would be helpful as this is needed to meet a customer deliverable.  Perhaps there is a clear document out there because I have been all over the net-snmp provided documents and nothing was found to solve my problem.

Thanks
Justin



--- CONFIDENTIALITY NOTICE: This email and any attachments are for the exclusive and confidential use of the intended recipient. If you are not the intended recipient, please do not read, distribute or take action in reliance upon this message. If you have received this in error, please notify us immediately by return email and promptly delete this message and its attachments from your computer system.

Re: A simple C program which sends v2c informs do not make retries in case of unavailable destination

[Craig S. <cs...@dr...>]

Hi,
  Maybe have a look at the source to snmptrap to see how its done there?

snmp_send seems to be a fire and forget.

You probably want snmp_synch_response or to look how it does the select,
read and timeout functions and copy that.

 - Craig


On Thu, 28 Jan 2021 at 01:35, <AYa...@ib...> wrote:

> Hello!
>
> Did anyone face the same behaviour?
> Why the retries are not accepted?
>
> What is necessary to do in order to resolve this situation?
>
> Best regards,
> Andrei Yahorau
>
>
>
> From:        Andrei Yahorau/IBA
> To:        net...@li...
> Date:        08.05.2020 10:37
> Subject:        A simple C program which sends v2c informs do not make
> retries in case of unavailable destination
> ------------------------------
>
>
> Hello Everyone!
>
> I have a question. I want to send SNMP v2c informs using C and net-snmp
> module in linux SLES 12.
> To do this I created the following simple program where everything comes
> to send_trap_to_sess() function :
>
> #include <net-snmp/net-snmp-config.h>
> #include <net-snmp/net-snmp-includes.h>
> oid             objid_sysuptime[] = { 1, 3, 6, 1, 2, 1, 1, 3, 0 };
> oid             objid_id[] = { 1,3,6,1,4,1,78945,1,1,2,4,0};
> oid             objid_name[] = { 1,3,6,1,4,1,78945,1,1,2,1,0};
> oid              trap_oid[] = {1,3,6,1,4,1,78945,1,1,1,1,1};
> int main()
> {
>    netsnmp_session session, *ss;
>    netsnmp_pdu    *pdu, *response;
>    char *trap = NULL;
>
>    char comm[] = "public";
>    snmp_sess_init( &session );
>    session.version = SNMP_VERSION_2c;
>    session.community = comm;
>    session.community_len = strlen(session.community);
>    session.peername = "192.168.4.10:1234";
>     session.retries = 3;
>     session.timeout = 1000;
>    ss = snmp_open(&session);
>    if (!ss) {
>      snmp_sess_perror("ack", &session);
>      exit(1);
>    }
>    pdu = snmp_pdu_create(SNMP_MSG_INFORM);
>    pdu->community = comm;
>    pdu->community_len = strlen(comm);
>    pdu->trap_type = SNMP_TRAP_ENTERPRISESPECIFIC;
>    long sysuptime;
>    char csysuptime [20];
>    sysuptime = get_uptime ();
>    sprintf (csysuptime, "%ld", sysuptime);
>    trap = csysuptime;
>    snmp_add_var (pdu, objid_sysuptime, sizeof (objid_sysuptime)/sizeof
> (oid),'t', trap);
>    snmp_add_var(pdu, trap_oid, OID_LENGTH(trap_oid), 'o',
> "1.3.6.1.4.1.78945.1.1.1.1.1");
>    snmp_add_var(pdu, objid_name, OID_LENGTH(objid_name), 's', "Test Name"
> );
>    snmp_add_var(pdu, objid_id, OID_LENGTH(objid_id) , 'i', "5468");
>    send_trap_to_sess (ss, pdu);
>    snmp_close(ss);
>    return (0);
> }
>
>
> Frankly speaking this is modified part of code taken from
> *https://stackoverflow.com/questions/30050542/how-to-send-v2-traps-in-net-snmp-using-c*
> <https://stackoverflow.com/questions/30050542/how-to-send-v2-traps-in-net-snmp-using-c>  where
> a user asked how to send snmp v2c trap using C.
> Here I modified creation of pdu:
> pdu = snmp_pdu_create(SNMP_MSG_INFORM);
> and added assignments of retries and timeout values for informs
> session.retries = 3;
> session.timeout = 1000;
>
> This example works quite well. I see that it sends inform request in
> wireshark output. But there is one problem: If the destination is not
> available it will not do any retries despite that this is an inform.
>
> Could you please give me a suggestion what I do wrong here?
> Thank you in advance.
>
> Best regards,
> Andrei Yahorau
> _______________________________________________
> Net-snmp-coders mailing list
> Net...@li...
> https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
>

Re: A simple C program which sends v2c informs do not make retries in case of unavailable destination

[<AYa...@ib...>]

Hello!

Did anyone face the same behaviour?
Why the retries are not accepted?

What is necessary to do in order to resolve this situation?

Best regards, 
Andrei Yahorau



From:   Andrei Yahorau/IBA
To:     net...@li...
Date:   08.05.2020 10:37
Subject:        A simple C program which sends v2c informs do not make 
retries in case of unavailable destination


Hello Everyone!

I have a question. I want to send SNMP v2c informs using C and net-snmp 
module in linux SLES 12.
To do this I created the following simple program where everything comes 
to send_trap_to_sess() function :

#include <net-snmp/net-snmp-config.h>
#include <net-snmp/net-snmp-includes.h>
oid             objid_sysuptime[] = { 1, 3, 6, 1, 2, 1, 1, 3, 0 };
oid             objid_id[] = { 1,3,6,1,4,1,78945,1,1,2,4,0};
oid             objid_name[] = { 1,3,6,1,4,1,78945,1,1,2,1,0};
oid              trap_oid[] = {1,3,6,1,4,1,78945,1,1,1,1,1};
int main()
{
    netsnmp_session session, *ss;
    netsnmp_pdu    *pdu, *response;
    char *trap = NULL;

    char comm[] = "public";
    snmp_sess_init( &session );
    session.version = SNMP_VERSION_2c;
    session.community = comm;
    session.community_len = strlen(session.community);
    session.peername = "192.168.4.10:1234";
    session.retries = 3;
    session.timeout = 1000;
    ss = snmp_open(&session);
    if (!ss) {
      snmp_sess_perror("ack", &session);
      exit(1);
    }
    pdu = snmp_pdu_create(SNMP_MSG_INFORM);
    pdu->community = comm;
    pdu->community_len = strlen(comm);
    pdu->trap_type = SNMP_TRAP_ENTERPRISESPECIFIC;
    long sysuptime;
    char csysuptime [20];
    sysuptime = get_uptime ();
    sprintf (csysuptime, "%ld", sysuptime);
    trap = csysuptime;
    snmp_add_var (pdu, objid_sysuptime, sizeof (objid_sysuptime)/sizeof
(oid),'t', trap);
    snmp_add_var(pdu, trap_oid, OID_LENGTH(trap_oid), 'o', 
"1.3.6.1.4.1.78945.1.1.1.1.1");
    snmp_add_var(pdu, objid_name, OID_LENGTH(objid_name), 's', "Test Name"
);
    snmp_add_var(pdu, objid_id, OID_LENGTH(objid_id) , 'i', "5468");
    send_trap_to_sess (ss, pdu);
    snmp_close(ss);
    return (0);
}


Frankly speaking this is modified part of code taken from 
https://stackoverflow.com/questions/30050542/how-to-send-v2-traps-in-net-snmp-using-c 
 where a user asked how to send snmp v2c trap using C. 
Here I modified creation of pdu:
pdu = snmp_pdu_create(SNMP_MSG_INFORM);
and added assignments of retries and timeout values for informs
session.retries = 3;
session.timeout = 1000;

This example works quite well. I see that it sends inform request in 
wireshark output. But there is one problem: If the destination is not 
available it will not do any retries despite that this is an inform.

Could you please give me a suggestion what I do wrong here? 
Thank you in advance.

Best regards, 
Andrei Yahorau

Re: cannot get mac address value starting by "00" with an snmp module

[dga <dam...@go...>]

Hello Bill,

Great ! You have found my bug !

My bad, I was  not aware of this difference between strncpy() and 
memcpy(. What's more I did not debuged it correctly ...

I just add below the code to clarify the BUG and the FIX (may be other 
people have this bug in there module and did not see the issue because 
they never have to get mac address starting by 00)

     case PHYSADDRESS: {
         if (get_field_ifTable_data(indexGpon_g , PHYSADDRESS) != NULL) {
             // strncpy (phy_address, get_field_ifTable_data(indexGpon_g 
, PHYSADDRESS), sizeof(phy_address));   // The BUG with strncpy
             memcpy (phy_address, get_field_ifTable_data(indexGpon_g , 
PHYSADDRESS), sizeof(phy_address));       // The FIX with memcpy
             *var_len = 6;
         } else
             *var_len = 0;
         long_ret = *phy_address;
     } return (u_char *) phy_address;

Thanks a lot Bill !

Best Regards,

Damien GARCIA


Le 21/01/2021 à 17:37, Bill Fenner a écrit :
> It's hard to say without seeing your code, but a common source of 
> problems like this is using functions that are meant for 
> nul-terminated strings (e.g., strncpy() ) instead of those meant for 
> moving bytes around (e.g., memcpy() ).
>
>   Bill
>
>
> On Fri, Jan 15, 2021 at 10:06 AM dga via Net-snmp-coders 
> <net...@li... 
> <mailto:net...@li...>> wrote:
>
>     Hello,
>
>     I would like to add more details to clarify the problem.
>
>     The 6 fields of mac address are returned to the agent under a
>     string of
>     6 chars: (let's say mac[6])
>
>     So for the following mac address : "00:48:65:6C:6C:6F" :
>
>     "00" => "NULL" = mac[0]
>
>     "48" => "H" = mac[1]
>
>     "65" => "e" = mac[2]
>
>     "6C" => "l" = mac[3]
>
>     "6C" => "l" = mac[4]
>
>     "6F" => "o" = mac[5]
>
>     it means we have : mac[6] = { '\0', 'H', 'e', 'l', 'l', 'o' , '\0'}
>
>     This string (mac[6]) is returned with an other parameter (size_t *
>     var_len) to giving the size of the string.  Here the size is 6 of
>     course.
>
>     But, when I get the corresponding oid value I get : "Hex-STRING:
>     00 00
>     00 00 00 00"
>
>     It seems to be a bug ...
>
>     Best Regards,
>
>     Damien GARCIA
>
>
>     Le 11/01/2021 à 20:27, dga a écrit :
>     > Hello,
>     >
>     > I have written an snmp module to include additional interfaces
>     in the
>     > mib2 interface. However I face an issue with the field
>     "ifPhysAddress"
>     > (mac address) if the mac address of the interface starts by "00"
>     > (example: "00:06:91:C6:B1:3F"). In that case I get "Hex-STRING:
>     00 00
>     > 00 00 00 00" instead of getting  "Hex-STRING: 00 06 91 C6 B1 3F"
>     . Is
>     > it a bug ?
>     >
>     > I have no issue with my module if the mac address that does NOT
>     start
>     > by "00".
>     >
>     > There is also no issue get mac address starting by "00" for the
>     > default interfaces of the snmp demon.
>     >
>     >
>     > May be someone has ever face the same issue ? Any help would be
>     > greatly appreciated !
>     >
>     >
>     > Best Regards,
>     >
>     > Damien GARCIA
>     >
>     >
>
>
>     _______________________________________________
>     Net-snmp-coders mailing list
>     Net...@li...
>     <mailto:Net...@li...>
>     https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
>

Re: cannot get mac address value starting by "00" with an snmp module

[Bill F. <fe...@gm...>]

It's hard to say without seeing your code, but a common source of problems
like this is using functions that are meant for nul-terminated strings
(e.g., strncpy() ) instead of those meant for moving bytes around (e.g.,
memcpy() ).

  Bill


On Fri, Jan 15, 2021 at 10:06 AM dga via Net-snmp-coders <
net...@li...> wrote:

> Hello,
>
> I would like to add more details to clarify the problem.
>
> The 6 fields of mac address are returned to the agent under a string of
> 6 chars: (let's say mac[6])
>
> So for the following mac address : "00:48:65:6C:6C:6F" :
>
> "00" => "NULL" = mac[0]
>
> "48" => "H" = mac[1]
>
> "65" => "e" = mac[2]
>
> "6C" => "l" = mac[3]
>
> "6C" => "l" = mac[4]
>
> "6F" => "o" = mac[5]
>
> it means we have : mac[6] = { '\0', 'H', 'e', 'l', 'l', 'o' , '\0'}
>
> This string (mac[6]) is returned with an other parameter (size_t *
> var_len) to giving the size of the string.  Here the size is 6 of course.
>
> But, when I get the corresponding oid value I get : "Hex-STRING: 00 00
> 00 00 00 00"
>
> It seems to be a bug ...
>
> Best Regards,
>
> Damien GARCIA
>
>
> Le 11/01/2021 à 20:27, dga a écrit :
> > Hello,
> >
> > I have written an snmp module to include additional interfaces in the
> > mib2 interface. However I face an issue with the field "ifPhysAddress"
> > (mac address) if the mac address of the interface starts by "00"
> > (example: "00:06:91:C6:B1:3F"). In that case I get "Hex-STRING: 00 00
> > 00 00 00 00" instead of getting  "Hex-STRING: 00 06 91 C6 B1 3F" . Is
> > it a bug ?
> >
> > I have no issue with my module if the mac address that does NOT start
> > by "00".
> >
> > There is also no issue get mac address starting by "00" for the
> > default interfaces of the snmp demon.
> >
> >
> > May be someone has ever face the same issue ? Any help would be
> > greatly appreciated !
> >
> >
> > Best Regards,
> >
> > Damien GARCIA
> >
> >
>
>
> _______________________________________________
> Net-snmp-coders mailing list
> Net...@li...
> https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
>

Re: cannot get mac address value starting by "00" with an snmp module

[dga <dam...@go...>]

Hello,

I would like to add more details to clarify the problem.

The 6 fields of mac address are returned to the agent under a string of 
6 chars: (let's say mac[6])

So for the following mac address : "00:48:65:6C:6C:6F" :

"00" => "NULL" = mac[0]

"48" => "H" = mac[1]

"65" => "e" = mac[2]

"6C" => "l" = mac[3]

"6C" => "l" = mac[4]

"6F" => "o" = mac[5]

it means we have : mac[6] = { '\0', 'H', 'e', 'l', 'l', 'o' , '\0'}

This string (mac[6]) is returned with an other parameter (size_t * 
var_len) to giving the size of the string.  Here the size is 6 of course.

But, when I get the corresponding oid value I get : "Hex-STRING: 00 00 
00 00 00 00"

It seems to be a bug ...

Best Regards,

Damien GARCIA


Le 11/01/2021 à 20:27, dga a écrit :
> Hello,
>
> I have written an snmp module to include additional interfaces in the 
> mib2 interface. However I face an issue with the field "ifPhysAddress" 
> (mac address) if the mac address of the interface starts by "00" 
> (example: "00:06:91:C6:B1:3F"). In that case I get "Hex-STRING: 00 00 
> 00 00 00 00" instead of getting  "Hex-STRING: 00 06 91 C6 B1 3F" . Is 
> it a bug ?
>
> I have no issue with my module if the mac address that does NOT start 
> by "00".
>
> There is also no issue get mac address starting by "00" for the 
> default interfaces of the snmp demon.
>
>
> May be someone has ever face the same issue ? Any help would be 
> greatly appreciated !
>
>
> Best Regards,
>
> Damien GARCIA
>
>

Re: A manager using a single socket and multiple agents?

[Ed F. <qua...@gm...>]

Craig,

Would you mind sharing some more details?  You mentioned that you use an
[asyncapp] stanza in your snmp.conf that limits configuration to just your
app - I can't seem to make this work.  I've learned that if I
init_snmp("my_app") that the API will scan ~/.snmp/my_app.conf, but I can't
seem to insert "clientaddr" and "clientaddrUsesPort" tokens into this file
- a (non-fatal) diagnostic is generated when I call init_snmp(), and the
behavior reverts to "random SRC PORT for each session".

Perhaps if you could cut and paste the relevant lines from your snmp.conf I
would see something obvious I'm missing.

As mentioned, I am able to force all sessions to use the same SRC PORT by
simply appending the clientaddr and clientaddrUsesPort tokens to the end of
~/.snmp/snmp.conf, but this change affects *all* net-snmp apps.  It would
be helpful/instructive to set the SRC PORT on an app-by-app basis (e.g.
my_app, my_app_2, my_app_3 all configured to use a different SRC PORT).


On Mon, Jan 11, 2021 at 5:26 PM Ed Fair <qua...@gm...> wrote:

> Craig -
>
> You are exactly right - the config file allows me to control this - thank
> you so much!  I couldn't use the [application name] syntax, but simply
> adding these two lines to the end of the config file had the desired effect
> of causing all outbound SNMP from SRC PORT 30000:
>
> clientaddr :30000
> clientaddrUsesPort yes
>
> I'll work to understand how to use the [program name] approach next.  I'm
> guessing the init_snmp() call sets the program name used.
>
> ed
>
> On Sun, Jan 10, 2021 at 6:48 PM Craig Small <csmall@dropbear.xyz> wrote:
>
>> Actually the snmplibrary already has a way of binding the ports.
>>
>> In my $HOME/.snmp/snmp.conf I just add this:
>>
>> [asyncapp]
>> #doDebugging 1
>> clientaddr 10.0.0.1:12345
>> clientaddrUsesPort yes
>>
>> asyncapp is the name of my program. I have bound outbound connections
>> with a source port of 12345 on interface 127.0.0.1 (for testing)
>> 10.0.0.1 is the local IP address of the computer that's sending the
>> request.
>>
>> Wireshark shows this:
>> User Datagram Protocol, Src Port: 12345, Dst Port: 161
>>
>>
>>
>>
>>
>>
>>
>> On Thu, 7 Jan 2021 at 15:03, Ed Fair <qua...@gm...> wrote:
>>
>>> Craig,
>>>
>>> The tutorials don't mention subsessions or traditional vs single session
>>> use, but the header/c files do (and that's all they do - mention them).
>>> I'm just curious what these abstractions are for since they seem, on the
>>> surface, related to my needs.
>>>
>>> As an exercise, I've tried but so far been unable to create a
>>> session/socket which uses a specific port - no errors, but no pdus/packets
>>> transmitted.  And anyway, I don't care if the port selected is random, my
>>> goal is to use *the same* port to query multiple agents.  I don't care how
>>> it's done, as long as the end result is "all outbound UDP use same SRC
>>> port".
>>>
>>>
>>> On Wed, Jan 6, 2021, 5:28 AM Craig Small <csmall@dropbear.xyz> wrote:
>>>
>>>> On Wed, 6 Jan 2021 at 10:01, Ed Fair <qua...@gm...> wrote:
>>>>
>>>>> Thanks for the reply.  The Simple_Async_Application in your link uses
>>>>> one session/socket/SRC port per agent.  I've compiled and run this sample
>>>>> successfully, but I haven't been able to modify it to use a single
>>>>> session/socket/SRC port.
>>>>>
>>>> It might need to be something more low-level as reusing sockets
>>>> (therefore the ports) is generally a bad idea.
>>>>
>>>> The netsnmp_session has an attribute of local_port. If this is set to
>>>> zero (the default) then it picks it randomly. I'd try setting that and see
>>>> what happens. A quick look in the snmplib source code shows it is used for
>>>> creating the transport.
>>>>
>>>> I understand "don't hammer agents" but I don't understand your "one
>>>>> query per agent" limit - is this a limitation of the API?
>>>>>
>>>> Not at all, a lot of agents are terrible and do stupid things like have
>>>> exclusive locks on important components of the system. I've killed many
>>>> devices (the remote agents, not my code) by being too enthusiastic about
>>>> querying them.
>>>>
>>>>
>>>>> I'm new to this API, I might be missing key concepts... but I am
>>>>> confused by the "traditional vs single" distinction, and I'm curious what
>>>>> "subsessions" are.
>>>>>
>>>> Are either of those mentioned in the tutorial? They could mean multiple
>>>> things but was trying to find the context of what you are asking here.
>>>>
>>>>  - Craig
>>>>
>>>

Re: A manager using a single socket and multiple agents?

[Ed F. <qua...@gm...>]

Craig -

You are exactly right - the config file allows me to control this - thank
you so much!  I couldn't use the [application name] syntax, but simply
adding these two lines to the end of the config file had the desired effect
of causing all outbound SNMP from SRC PORT 30000:

clientaddr :30000
clientaddrUsesPort yes

I'll work to understand how to use the [program name] approach next.  I'm
guessing the init_snmp() call sets the program name used.

ed

On Sun, Jan 10, 2021 at 6:48 PM Craig Small <csmall@dropbear.xyz> wrote:

> Actually the snmplibrary already has a way of binding the ports.
>
> In my $HOME/.snmp/snmp.conf I just add this:
>
> [asyncapp]
> #doDebugging 1
> clientaddr 10.0.0.1:12345
> clientaddrUsesPort yes
>
> asyncapp is the name of my program. I have bound outbound connections with
> a source port of 12345 on interface 127.0.0.1 (for testing)
> 10.0.0.1 is the local IP address of the computer that's sending the
> request.
>
> Wireshark shows this:
> User Datagram Protocol, Src Port: 12345, Dst Port: 161
>
>
>
>
>
>
>
> On Thu, 7 Jan 2021 at 15:03, Ed Fair <qua...@gm...> wrote:
>
>> Craig,
>>
>> The tutorials don't mention subsessions or traditional vs single session
>> use, but the header/c files do (and that's all they do - mention them).
>> I'm just curious what these abstractions are for since they seem, on the
>> surface, related to my needs.
>>
>> As an exercise, I've tried but so far been unable to create a
>> session/socket which uses a specific port - no errors, but no pdus/packets
>> transmitted.  And anyway, I don't care if the port selected is random, my
>> goal is to use *the same* port to query multiple agents.  I don't care how
>> it's done, as long as the end result is "all outbound UDP use same SRC
>> port".
>>
>>
>> On Wed, Jan 6, 2021, 5:28 AM Craig Small <csmall@dropbear.xyz> wrote:
>>
>>> On Wed, 6 Jan 2021 at 10:01, Ed Fair <qua...@gm...> wrote:
>>>
>>>> Thanks for the reply.  The Simple_Async_Application in your link uses
>>>> one session/socket/SRC port per agent.  I've compiled and run this sample
>>>> successfully, but I haven't been able to modify it to use a single
>>>> session/socket/SRC port.
>>>>
>>> It might need to be something more low-level as reusing sockets
>>> (therefore the ports) is generally a bad idea.
>>>
>>> The netsnmp_session has an attribute of local_port. If this is set to
>>> zero (the default) then it picks it randomly. I'd try setting that and see
>>> what happens. A quick look in the snmplib source code shows it is used for
>>> creating the transport.
>>>
>>> I understand "don't hammer agents" but I don't understand your "one
>>>> query per agent" limit - is this a limitation of the API?
>>>>
>>> Not at all, a lot of agents are terrible and do stupid things like have
>>> exclusive locks on important components of the system. I've killed many
>>> devices (the remote agents, not my code) by being too enthusiastic about
>>> querying them.
>>>
>>>
>>>> I'm new to this API, I might be missing key concepts... but I am
>>>> confused by the "traditional vs single" distinction, and I'm curious what
>>>> "subsessions" are.
>>>>
>>> Are either of those mentioned in the tutorial? They could mean multiple
>>> things but was trying to find the context of what you are asking here.
>>>
>>>  - Craig
>>>
>>

cannot get mac address value starting by "00" with an snmp module

[dga <dam...@go...>]

Hello,

I have written an snmp module to include additional interfaces in the 
mib2 interface. However I face an issue with the field "ifPhysAddress" 
(mac address) if the mac address of the interface starts by "00" 
(example: "00:06:91:C6:B1:3F"). In that case I get "Hex-STRING: 00 00 00 
00 00 00" instead of getting  "Hex-STRING: 00 06 91 C6 B1 3F" . Is it a 
bug ?

I have no issue with my module if the mac address that does NOT start by 
"00".

There is also no issue get mac address starting by "00" for the default 
interfaces of the snmp demon.


May be someone has ever face the same issue ? Any help would be greatly 
appreciated !


Best Regards,

Damien GARCIA

Re: A manager using a single socket and multiple agents?

[Craig S. <cs...@dr...>]

Actually the snmplibrary already has a way of binding the ports.

In my $HOME/.snmp/snmp.conf I just add this:

[asyncapp]
#doDebugging 1
clientaddr 10.0.0.1:12345
clientaddrUsesPort yes

asyncapp is the name of my program. I have bound outbound connections with
a source port of 12345 on interface 127.0.0.1 (for testing)
10.0.0.1 is the local IP address of the computer that's sending the request.

Wireshark shows this:
User Datagram Protocol, Src Port: 12345, Dst Port: 161







On Thu, 7 Jan 2021 at 15:03, Ed Fair <qua...@gm...> wrote:

> Craig,
>
> The tutorials don't mention subsessions or traditional vs single session
> use, but the header/c files do (and that's all they do - mention them).
> I'm just curious what these abstractions are for since they seem, on the
> surface, related to my needs.
>
> As an exercise, I've tried but so far been unable to create a
> session/socket which uses a specific port - no errors, but no pdus/packets
> transmitted.  And anyway, I don't care if the port selected is random, my
> goal is to use *the same* port to query multiple agents.  I don't care how
> it's done, as long as the end result is "all outbound UDP use same SRC
> port".
>
>
> On Wed, Jan 6, 2021, 5:28 AM Craig Small <csmall@dropbear.xyz> wrote:
>
>> On Wed, 6 Jan 2021 at 10:01, Ed Fair <qua...@gm...> wrote:
>>
>>> Thanks for the reply.  The Simple_Async_Application in your link uses
>>> one session/socket/SRC port per agent.  I've compiled and run this sample
>>> successfully, but I haven't been able to modify it to use a single
>>> session/socket/SRC port.
>>>
>> It might need to be something more low-level as reusing sockets
>> (therefore the ports) is generally a bad idea.
>>
>> The netsnmp_session has an attribute of local_port. If this is set to
>> zero (the default) then it picks it randomly. I'd try setting that and see
>> what happens. A quick look in the snmplib source code shows it is used for
>> creating the transport.
>>
>> I understand "don't hammer agents" but I don't understand your "one query
>>> per agent" limit - is this a limitation of the API?
>>>
>> Not at all, a lot of agents are terrible and do stupid things like have
>> exclusive locks on important components of the system. I've killed many
>> devices (the remote agents, not my code) by being too enthusiastic about
>> querying them.
>>
>>
>>> I'm new to this API, I might be missing key concepts... but I am
>>> confused by the "traditional vs single" distinction, and I'm curious what
>>> "subsessions" are.
>>>
>> Are either of those mentioned in the tutorial? They could mean multiple
>> things but was trying to find the context of what you are asking here.
>>
>>  - Craig
>>
>

Snmp is frozen if the snmpset is delayed in subagent

[Bláha J. <jb...@re...>]

Hello,

I'm coding subagent which registers some OIDS. If some request arrives to this subagent, it is marked as delayed. Then the UDP request is sent to another program and waits until gets UDP response. After getting UDP response is delayed SNMP request processed.

Now there is a problems:
Case no. 1) If the SNMPSET arrives to my subagent and it is marked as delayed, the while snmp system is frozen. No other clients can do snmp commands such as snmpget, snmpset, snmpwalk,.. After the delayed snmpset request is marked as non delayed, then clients can again communicate with master agent.

Case no. 2) If the SNMPGET arrives to my subagent and it is marked as delayed, the other snmp clients can do only snmpget, snmpwalks commands. If they want run snpmset, then processing snmpset is frozen until the delayed snmpget request is marked as non delayed.

I'm using Debian 10 with snmpd 5.7.3+dfsg-5+deb10u1.

Is it normal behaviour of the snmpd or something is missing to me?

Thank you in advance for your help.

Re: A manager using a single socket and multiple agents?

[Ed F. <qua...@gm...>]

Craig,

The tutorials don't mention subsessions or traditional vs single session
use, but the header/c files do (and that's all they do - mention them).
I'm just curious what these abstractions are for since they seem, on the
surface, related to my needs.

As an exercise, I've tried but so far been unable to create a
session/socket which uses a specific port - no errors, but no pdus/packets
transmitted.  And anyway, I don't care if the port selected is random, my
goal is to use *the same* port to query multiple agents.  I don't care how
it's done, as long as the end result is "all outbound UDP use same SRC
port".


On Wed, Jan 6, 2021, 5:28 AM Craig Small <csmall@dropbear.xyz> wrote:

> On Wed, 6 Jan 2021 at 10:01, Ed Fair <qua...@gm...> wrote:
>
>> Thanks for the reply.  The Simple_Async_Application in your link uses one
>> session/socket/SRC port per agent.  I've compiled and run this sample
>> successfully, but I haven't been able to modify it to use a single
>> session/socket/SRC port.
>>
> It might need to be something more low-level as reusing sockets (therefore
> the ports) is generally a bad idea.
>
> The netsnmp_session has an attribute of local_port. If this is set to zero
> (the default) then it picks it randomly. I'd try setting that and see what
> happens. A quick look in the snmplib source code shows it is used for
> creating the transport.
>
> I understand "don't hammer agents" but I don't understand your "one query
>> per agent" limit - is this a limitation of the API?
>>
> Not at all, a lot of agents are terrible and do stupid things like have
> exclusive locks on important components of the system. I've killed many
> devices (the remote agents, not my code) by being too enthusiastic about
> querying them.
>
>
>> I'm new to this API, I might be missing key concepts... but I am confused
>> by the "traditional vs single" distinction, and I'm curious what
>> "subsessions" are.
>>
> Are either of those mentioned in the tutorial? They could mean multiple
> things but was trying to find the context of what you are asking here.
>
>  - Craig
>

RE: Snmpv3 users details are not deleting from /var/net-snmp/snmpd.conf file

[Joan L. <JoL...@ad...>]

Try to call  update_config(); instead.

From: chandrasekharreddy chinnapareddygari <cha...@ho...>
Sent: Saturday, December 12, 2020 10:54 PM
To: net...@li...; net...@li...
Subject: Snmpv3 users details are not deleting from /var/net-snmp/snmpd.conf file

External email: [net...@li...]
________________________________
Hi team,
I'm using net-snmp 5.8 version .My requirement is conf files should updtae without restarting snmpd .

I'm sending SIGHUP signal to update SNMP data with out restarting snmpd . snmpv3 details are not updating .
Please help me how to proceed further.


Thanks,
Chandra.



Get Outlook for Android<https://urldefense.com/v3/__https:/aka.ms/ghei36__;!!PIqRGrUndTen!WFzQEYLtEhekam1LkX9jBJhQSvE8xsdmrbKibf8uIUnDZJnaD2-f9nG1PfGueg$>

Please see our privacy statement at https://www.adva.com/en/about-us/legal/privacy-statement for details of how ADVA processes personal information.

Re: A manager using a single socket and multiple agents?

[Craig S. <cs...@dr...>]

On Wed, 6 Jan 2021 at 10:01, Ed Fair <qua...@gm...> wrote:

> Thanks for the reply.  The Simple_Async_Application in your link uses one
> session/socket/SRC port per agent.  I've compiled and run this sample
> successfully, but I haven't been able to modify it to use a single
> session/socket/SRC port.
>
It might need to be something more low-level as reusing sockets (therefore
the ports) is generally a bad idea.

The netsnmp_session has an attribute of local_port. If this is set to zero
(the default) then it picks it randomly. I'd try setting that and see what
happens. A quick look in the snmplib source code shows it is used for
creating the transport.

I understand "don't hammer agents" but I don't understand your "one query
> per agent" limit - is this a limitation of the API?
>
Not at all, a lot of agents are terrible and do stupid things like have
exclusive locks on important components of the system. I've killed many
devices (the remote agents, not my code) by being too enthusiastic about
querying them.


> I'm new to this API, I might be missing key concepts... but I am confused
> by the "traditional vs single" distinction, and I'm curious what
> "subsessions" are.
>
Are either of those mentioned in the tutorial? They could mean multiple
things but was trying to find the context of what you are asking here.

 - Craig

Re: A manager using a single socket and multiple agents?

[Ed F. <qua...@gm...>]

Thanks for the reply.  The Simple_Async_Application in your link uses one
session/socket/SRC port per agent.  I've compiled and run this sample
successfully, but I haven't been able to modify it to use a single
session/socket/SRC port.

I understand "don't hammer agents" but I don't understand your "one query
per agent" limit - is this a limitation of the API?

I'm new to this API, I might be missing key concepts... but I am confused
by the "traditional vs single" distinction, and I'm curious what
"subsessions" are.







On Tue, Jan 5, 2021, 4:26 PM Craig Small <csmall@dropbear.xyz> wrote:

> Hi,
>   Wouldn't asynchronous queries do what you need? See
> http://net-snmp.sourceforge.net/wiki/index.php/TUT:Simple_Async_Application
>
> I've written something similar but was using pysnmp and it seemed to do
> the job.  The trick is you also have to make sure you don't hammer the
> agent; most agents are pretty awful and lock up if you hammer them too
> much.  For the reuse of the UDP port, you might need to go to socket level
> ioctls and use SO_REUSEPORT. The danger is you can have only one and only
> one query per agent.
>
>  - Craig
>
>
> On Sat, 2 Jan 2021 at 12:32, Ed Fair <qua...@gm...> wrote:
>
>> I'm trying to write an SNMP manager using the net-snmp API.  The manager
>> will use UDP in IPv4 and IPv6, and will be sending get-requests (and
>> getbulk, and getnext) to 10000 agents (arbitrary number, but you get the
>> idea - a relatively large number).  Is there any way to do this using just
>> a single session?
>>
>> I've compiled and experimented with the demo apps, they seem to use one
>> session per agent.
>>
>> Creating 10000 separate sessions seems excessive (as I understand, this
>> would consume 10000 sockets and 10000 distinct SRC PORTS from my host).
>>
>> Creating/using/closing 10000 sessions seems excessive as well.
>>
>> The reason I'm going here:  my manager must interact with a firewall
>> before sending any requests to any agents; a single firewall interaction
>> identifying a single UDP source port would be much more desirable than
>> 10000 firewall interactions identifying 10000 different UDP source ports.
>>
>> Thanks in advance for your comments.
>> _______________________________________________
>> Net-snmp-coders mailing list
>> Net...@li...
>> https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
>>
>

Re: A manager using a single socket and multiple agents?

[Craig S. <cs...@dr...>]

Hi,
  Wouldn't asynchronous queries do what you need? See
http://net-snmp.sourceforge.net/wiki/index.php/TUT:Simple_Async_Application

I've written something similar but was using pysnmp and it seemed to do the
job.  The trick is you also have to make sure you don't hammer the agent;
most agents are pretty awful and lock up if you hammer them too much.  For
the reuse of the UDP port, you might need to go to socket level ioctls and
use SO_REUSEPORT. The danger is you can have only one and only one query
per agent.

 - Craig


On Sat, 2 Jan 2021 at 12:32, Ed Fair <qua...@gm...> wrote:

> I'm trying to write an SNMP manager using the net-snmp API.  The manager
> will use UDP in IPv4 and IPv6, and will be sending get-requests (and
> getbulk, and getnext) to 10000 agents (arbitrary number, but you get the
> idea - a relatively large number).  Is there any way to do this using just
> a single session?
>
> I've compiled and experimented with the demo apps, they seem to use one
> session per agent.
>
> Creating 10000 separate sessions seems excessive (as I understand, this
> would consume 10000 sockets and 10000 distinct SRC PORTS from my host).
>
> Creating/using/closing 10000 sessions seems excessive as well.
>
> The reason I'm going here:  my manager must interact with a firewall
> before sending any requests to any agents; a single firewall interaction
> identifying a single UDP source port would be much more desirable than
> 10000 firewall interactions identifying 10000 different UDP source ports.
>
> Thanks in advance for your comments.
> _______________________________________________
> Net-snmp-coders mailing list
> Net...@li...
> https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
>

RE: EXTERNAL: How to initialize a struct netsnmp_transport_s?

[Roedersheimer, D. A. <Dre...@le...>]

Ed Fair <quackspasm@....>
writes:

> I'm trying to understand the extended session API, as documented in snmp_api.h.  These
> three functions require an netsnmp_transport_s*.   How can I initialize this structure?


You can get the transport from your session handle using snmp_sess_transport().  For
example (untested and no error checking):

struct snmp_session session_str;
void *sess_hdl = NULL;
netsnmp_transport *transport;


snmp_sess_init(&session_str);
sess_hdl = snmp_sess_open(&session_str);

transport = snmp_sess_transport(sess_hdl);



-Drew