net-snmp-coders — Discussion of internal project coding (Please use this OR -users, NOT both!)

Re: Convert cleartext password to localised key

[Pushpa T. <pus...@gm...>]

Hi Bill Fenner,

Thank you.  I will try the script.

Regards,
Pushpa.T

On Mon, Nov 20, 2023 at 8:41 PM Bill Fenner <fe...@gm...> wrote:

> Hi Pushpa,
>
> You can try
> https://gist.github.com/fenner/696cbb2d0e4429a8dff32af70b2bb8b1 for some
> sample python code.
>
>   Bill
>
>
> On Fri, Oct 20, 2023 at 4:45 AM Pushpa Thimmaiah <
> pus...@gm...> wrote:
>
>> Hi,
>>
>> I would like to convert cleartext password to localized key for trapsess
>> line.  I understood that one way is by using  'createUser' and copying keys
>> to trapsess line.  [
>> https://www.mail-archive.com/net...@li.../msg30097.html
>> ]
>>
>> Is there any alternate way or application that will provide localized key
>> for snmpv3 credentials?
>>
>>
>> Thank you,
>> Pushpa.T
>> _______________________________________________
>> Net-snmp-coders mailing list
>> Net...@li...
>> https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
>>
>

Re: Convert cleartext password to localised key

[Bill F. <fe...@gm...>]

Hi Pushpa,

You can try https://gist.github.com/fenner/696cbb2d0e4429a8dff32af70b2bb8b1
for some sample python code.

  Bill


On Fri, Oct 20, 2023 at 4:45 AM Pushpa Thimmaiah <pus...@gm...>
wrote:

> Hi,
>
> I would like to convert cleartext password to localized key for trapsess
> line.  I understood that one way is by using  'createUser' and copying keys
> to trapsess line.  [
> https://www.mail-archive.com/net...@li.../msg30097.html
> ]
>
> Is there any alternate way or application that will provide localized key
> for snmpv3 credentials?
>
>
> Thank you,
> Pushpa.T
> _______________________________________________
> Net-snmp-coders mailing list
> Net...@li...
> https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
>

Intermediate table example to create rows, edit columnar objects

[Prankur C. <pra...@gm...>]

Dear SNMP team,

Referring to the mib2c mfd tutorial for IF-MIB was helpful to understand
the read-only attributes/columns of the IF-MIB::ifTable.

What I also wanted to understand the setting of values / adding new rows
(as you guys mentioned in the Intermediate table tutorial) but I could not
find this tutorial anywhere.


-- 
Cheers
Prankur

Convert cleartext password to localised key

[Pushpa T. <pus...@gm...>]

Hi,

I would like to convert cleartext password to localized key for trapsess
line.  I understood that one way is by using  'createUser' and copying keys
to trapsess line.  [
https://www.mail-archive.com/net...@li.../msg30097.html
]

Is there any alternate way or application that will provide localized key
for snmpv3 credentials?


Thank you,
Pushpa.T

Re: Regarding enterprise OID lifespan

[Pushpa T. <pus...@gm...>]

Hi Magnus Fromreide,

Thanks a lot for information.  I will go through the RFS 2578.

Regards,
Pushpa.T

On Mon, Oct 16, 2023 at 11:35 PM Magnus Fromreide <ma...@ly...>
wrote:

> On Mon, Oct 16, 2023 at 02:14:28PM +0530, Pushpa Thimmaiah wrote:
> > Hi,
> >
> > Could you please  provide information about following
> > 1. Is there any  lifespan  for enterprise OID allocated by IANA.
>
> OID allocations are forever.
>
> > 2. When a company got acquired by another company,
> >     Eg: old company's mib tree    .*1.3.6.1.4.1.xxxx.1.2.5*
> >           New company's mib tree
> > *  .1.3.6.1.4.1.yyyy*
> >
> >     is it recommended to migrate exiting mib-objects unter new company's
> > enterprise OID?
>
> Customers that have bought a thingie from old-company expect to be
> able to continue using their OIDs under old-company.thingie so no, it is
> counter to good practice.
>
> >     i.e
> > *.1.3.6.1.4.1.yyyy.1.2.5*
> >     Can we retain  exiting  mib object as it is i.e  under old-company's
> > enterprise OID?
> >     i.e .
> > *1.3.6.1.4.1.xxxx.1.2.5  *
>
> You should do it but you could change their STATUS to deprecated.
>
> >
> > I feel if  enterprise-OID has no lifespan or renewal period then old
> > company's oid can be retained.
> >
> > Kindly guide.
>
> RFC 2578 (STD 58) section 10 is all about how MIB modules should be updated
> as time goes by and it lists the allowed changes to a MIB module.
>
> Read RFC 2578!!!
>
> /MF
>

Re: Regarding enterprise OID lifespan

[Magnus F. <ma...@ly...>]

On Mon, Oct 16, 2023 at 02:14:28PM +0530, Pushpa Thimmaiah wrote:
> Hi,
> 
> Could you please  provide information about following
> 1. Is there any  lifespan  for enterprise OID allocated by IANA.

OID allocations are forever.

> 2. When a company got acquired by another company,
>     Eg: old company's mib tree    .*1.3.6.1.4.1.xxxx.1.2.5*
>           New company's mib tree
> *  .1.3.6.1.4.1.yyyy*
> 
>     is it recommended to migrate exiting mib-objects unter new company's
> enterprise OID?

Customers that have bought a thingie from old-company expect to be
able to continue using their OIDs under old-company.thingie so no, it is
counter to good practice.

>     i.e
> *.1.3.6.1.4.1.yyyy.1.2.5*
>     Can we retain  exiting  mib object as it is i.e  under old-company's
> enterprise OID?
>     i.e .
> *1.3.6.1.4.1.xxxx.1.2.5  *

You should do it but you could change their STATUS to deprecated.

> 
> I feel if  enterprise-OID has no lifespan or renewal period then old
> company's oid can be retained.
> 
> Kindly guide.

RFC 2578 (STD 58) section 10 is all about how MIB modules should be updated
as time goes by and it lists the allowed changes to a MIB module.

Read RFC 2578!!!

/MF

Regarding enterprise OID lifespan

[Pushpa T. <pus...@gm...>]

Hi,

Could you please  provide information about following
1. Is there any  lifespan  for enterprise OID allocated by IANA.
2. When a company got acquired by another company,
    Eg: old company's mib tree    .*1.3.6.1.4.1.xxxx.1.2.5*
          New company's mib tree
*  .1.3.6.1.4.1.yyyy*

    is it recommended to migrate exiting mib-objects unter new company's
enterprise OID?
    i.e
*.1.3.6.1.4.1.yyyy.1.2.5*
    Can we retain  exiting  mib object as it is i.e  under old-company's
enterprise OID?
    i.e .
*1.3.6.1.4.1.xxxx.1.2.5  *

I feel if  enterprise-OID has no lifespan or renewal period then old
company's oid can be retained.

Kindly guide.

Thanks,
Pushpa.T

Re: Core dump generated in snmp_alarm.c

[Venkateswarlu K <ven...@gm...>]

Can someone help me with this ?


Thanks,

Venkateswarlu


On Tue, Oct 10, 2023 at 2:07 PM Venkateswarlu K <ven...@gm...>
wrote:

> Hi All,
>
> We are using net-snmp version 5.7.3 in our ARM based Access Point.
> Recently we are observing snmp core in snmp_alarm.c file with below bt.
>
> Reading symbols from
> /home/administrator/core_debug/SCG-145228-1/lib/libnetsnmpagent.so.30...done.
> Loaded symbols for
> /home/administrator/core_debug/SCG-145228-1/lib/libnetsnmpagent.so.30
> Reading symbols from
> /home/administrator/core_debug/SCG-145228-1/lib/libnetsnmpmibs.so.30...done.
> Loaded symbols for
> /home/administrator/core_debug/SCG-145228-1/lib/libnetsnmpmibs.so.30
> Reading symbols from
> /home/administrator/core_debug/SCG-145228-1/lib/libnetsnmp.so.30...done.
> Loaded symbols for
> /home/administrator/core_debug/SCG-145228-1/lib/libnetsnmp.so.30
> (gdb) bt
> #0 * 0x00000000 in ?? ()*
> #1  0x76e88be0 in run_alarms ()
>     at
> /home/administrator/Git/R7.0_11ax6e/opensource/buildroot/../../opensource/apps/net-snmp/5.7.3/snmplib/snmp_alarm.c:218
> #2  0x0000ae20 in receive () at
> /home/administrator/Git/R7.0_11ax6e/opensource/buildroot/../../opensource/apps/net-snmp/5.7.3/agent/snmpd.c:1383
> #3  main (argc=<optimized out>, argv=<optimized out>)
>     at
> /home/administrator/Git/R7.0_11ax6e/opensource/buildroot/../../opensource/apps/net-snmp/5.7.3/agent/snmpd.c:1133
>
> looks like the stack was corrupted.
>
> The code is pointing to the below highlighted line, after that I don't see
> any backtrace.
>
> Can someone please help to check ?
>
> [image: image.png]
>
> Thanks,
>
> Venkateswarlu
>

Core dump generated in snmp_alarm.c

[Venkateswarlu K <ven...@gm...>]

Hi All,

We are using net-snmp version 5.7.3 in our ARM based Access Point. Recently
we are observing snmp core in snmp_alarm.c file with below bt.

Reading symbols from
/home/administrator/core_debug/SCG-145228-1/lib/libnetsnmpagent.so.30...done.
Loaded symbols for
/home/administrator/core_debug/SCG-145228-1/lib/libnetsnmpagent.so.30
Reading symbols from
/home/administrator/core_debug/SCG-145228-1/lib/libnetsnmpmibs.so.30...done.
Loaded symbols for
/home/administrator/core_debug/SCG-145228-1/lib/libnetsnmpmibs.so.30
Reading symbols from
/home/administrator/core_debug/SCG-145228-1/lib/libnetsnmp.so.30...done.
Loaded symbols for
/home/administrator/core_debug/SCG-145228-1/lib/libnetsnmp.so.30
(gdb) bt
#0 * 0x00000000 in ?? ()*
#1  0x76e88be0 in run_alarms ()
    at
/home/administrator/Git/R7.0_11ax6e/opensource/buildroot/../../opensource/apps/net-snmp/5.7.3/snmplib/snmp_alarm.c:218
#2  0x0000ae20 in receive () at
/home/administrator/Git/R7.0_11ax6e/opensource/buildroot/../../opensource/apps/net-snmp/5.7.3/agent/snmpd.c:1383
#3  main (argc=<optimized out>, argv=<optimized out>)
    at
/home/administrator/Git/R7.0_11ax6e/opensource/buildroot/../../opensource/apps/net-snmp/5.7.3/agent/snmpd.c:1133

looks like the stack was corrupted.

The code is pointing to the below highlighted line, after that I don't see
any backtrace.

Can someone please help to check ?

[image: image.png]

Thanks,

Venkateswarlu

Looping on endOfMibView response

[Jenny Y. <jen...@gm...>]

Hi net-snmp-coders,


We are using net-snmp 5.9.1 as a proxy, and encountered a problem where net-snmp will loop at response with endOfMibView.

The snmpd.conf is like this:

proxy -Cn context_vt1 -v 2c -t 100 -r 1 -c _proxy_comm_vt1 127.0.0.1:7667 .1.3
proxy -Cn context_vt2 -v 2c -t 100 -r 1 -c _proxy_comm_vt2 127.0.0.1:7667 .1.3
rocommunity _proxy_comm_vt1 localhost
rocommunity _proxy_comm_vt2 localhost
view vt1 included 1.3.6.1.4.1.41916
view vt1 excluded 1.3.6.1.4.1.41916.11.1
view vt2 included 1.3.6.1.4.1.41916
createUser u1 SHA-256 "1234567890" AES-256 "1234567890"
 rouser u1 authpriv -V vt1 context_vt1
createUser u11 SHA-256 "1234567890" AES-256 "1234567890"
 rouser u11 authpriv -V vt1 context_vt1
createUser u2 SHA-256 "1234567890" AES-256 "1234567890"
 rouser u2 authpriv -V vt2 context_vt2
createUser u22 SHA-256 "1234567890" AES-256 "1234567890"
 rouser u22 authpriv -V vt2 context_vt2


We have done the following fix to solve the problem. Please review and advise if this is a good fix.


diff --git a/agent/snmp_agent.c b/agent/snmp_agent.c
index 3376357595..e7ac831380 100644
--- a/agent/snmp_agent.c
+++ b/agent/snmp_agent.c
@@ -2568,7 +2568,13 @@ check_acm(netsnmp_agent_session *asp, u_char type)
                                 }
                             }
                         }
-                        snmp_set_var_typed_value(vb, type, NULL, 0);
+                        /* Not to reset type for endOfMibView */
+                        if (vb->type != SNMP_ENDOFMIBVIEW) {
+                            snmp_set_var_typed_value(vb, type, NULL, 0);
+                        } else {
+                            DEBUGMSGTL(("check_acm",
+                                        "Not to reset for type endOfMibView\n"));
+                        }
                         if (ASN_PRIV_RETRY == type)
                             request->inclusive = 0;
                     }
@@ -3395,8 +3401,11 @@ check_getnext_results(netsnmp_agent_session *asp)
                  * illegal response from a subagent.  Change it back to NULL
                  *  xxx-rks: err, how do we know this is a subagent?
                  */
+                /* This may cause a proxy agent loop.
                 request->requestvb->type = ASN_NULL;
                 request->inclusive = 1;
+                 */
+                DEBUGMSGTL(("snmp_agent", "Not to mark endOfMibView NULL\n"));
             }

             if (request->requestvb->type == ASN_NULL ||

Thanks a lot.

Jenny

Not using context in the SNMP queries

[Jenny Y. <jen...@gm...>]

Hi net-snmp-coders,

We are net-snmp 5.9.1 with proxy. We use context to associate user/view/community and the context is based on the view (one view will have one corresponding context)
But we would like to hide the context from SNMP client.

The snmpd.conf is like this:

proxy -Cn context_vt1 -v 2c -t 100 -r 1 -c _proxy_comm_vt1 127.0.0.1:7667 .1.3
proxy -Cn context_vt2 -v 2c -t 100 -r 1 -c _proxy_comm_vt2 127.0.0.1:7667 .1.3
rocommunity _proxy_comm_vt1 localhost
rocommunity _proxy_comm_vt2 localhost
view vt1 included 1.3.6.1.4.1.41916
view vt1 excluded 1.3.6.1.4.1.41916.11.1
view vt2 included 1.3.6.1.4.1.41916
createUser u1 SHA-256 "1234567890" AES-256 "1234567890"
 rouser u1 authpriv -V vt1 context_vt1
createUser u11 SHA-256 "1234567890" AES-256 "1234567890"
 rouser u11 authpriv -V vt1 context_vt1
createUser u2 SHA-256 "1234567890" AES-256 "1234567890"
 rouser u2 authpriv -V vt2 context_vt2
createUser u22 SHA-256 "1234567890" AES-256 "1234567890"
 rouser u22 authpriv -V vt2 context_vt2

We would get the context from access list and add the context in the PDU data structure if the request PDU does not have context.
We will not send the context for the response PDU.

Attached please find our changes.

Could you please review our changes? Or if you have any other suggestion to achieve the goal?

Thanks,
Jenny Yao




Re: Encrypt snmpv3 username and snmpv2c username

[Pushpa T. <pus...@gm...>]

Hi Wes Hardaker,

Thank you for information.


Regards,
Pushpa.T

On Sat, Sep 16, 2023 at 3:06 AM Wes Hardaker <har...@us...>
wrote:

> Pushpa Thimmaiah <pus...@gm...> writes:
>
> > I am looking for method to save username and community in encrypted
> > format in / etc/snmp/snmpd.conf.   Could you please let me know it can
> > be done?
>
> Hi Pushpa,
>
> No it can't be done and there isn't really a way to properly do it in
> the first place, as the SNMPv3 protocol specification does not encrypt
> the username when transmitted over the network.  It was never intended
> to be a secret (unlike the security keys/passphrases which very much
> are).
>
> Your only other option is to use a different security backend transport
> than USM (TLS, SSH, etc which aren't as widely supported unfortunately).
>
> --
> Wes Hardaker
> Please mail all replies to net...@li...
>

Re: Encrypt snmpv3 username and snmpv2c username

[Wes H. <har...@us...>]

Pushpa Thimmaiah <pus...@gm...> writes:

> I am looking for method to save username and community in encrypted
> format in / etc/snmp/snmpd.conf.   Could you please let me know it can
> be done?

Hi Pushpa,

No it can't be done and there isn't really a way to properly do it in
the first place, as the SNMPv3 protocol specification does not encrypt
the username when transmitted over the network.  It was never intended
to be a secret (unlike the security keys/passphrases which very much
are).

Your only other option is to use a different security backend transport
than USM (TLS, SSH, etc which aren't as widely supported unfortunately).

-- 
Wes Hardaker
Please mail all replies to net...@li...

Re: Encrypt snmpv3 username and snmpv2c username

[Pushpa T. <pus...@gm...>]

Hi Feroz,

Thank you for response.

snmpusm will not save 'username' in encrypted format. It is similar to
'createUser'.
I am looking for options or mechanism that enables snmpd to save snmpv3
user and snmpv2c community string in encrypted format.


Thanks,
Pushpa.T

On Tue, Sep 12, 2023 at 7:35 PM Feroz <fer...@gm...> wrote:

> Can you check if snmpusm is what you are looking for?
>
> https://net-snmp.sourceforge.io/docs/man/snmpusm.html
>
>
> On Mon, Sep 11, 2023 at 1:34 PM Pushpa Thimmaiah <
> pus...@gm...> wrote:
>
>> Hi All,
>>
>> I am looking for method to save username and community in encrypted
>> format in /etc/snmp/snmpd.conf.   Could you please let me know it can be
>> done?
>>
>> *1.* I have noticed that snmpv3 username in usm-entry is not encrypted
>> as shown below.  Here snmpv3 user = 123user.  If I  remember correctly, an
>> older version of netsnmp was encrypting snmpv3 username too.
>>
>> usmUser 1 3 0x80001f8880103aeb4ddf04496000000000 "123user" "123user"
>> NULL .1.3.6.1.6.3.10.1.1.7 0x3ea47fb6bc78fdee1ad59c7987b72ca366c23e7d9
>>  1c2c03028e52e7c8435260a626d5b3bd59175a9dbb5484 .1.3.6.1.4.1.14832.1.3
>> 0x3ea47fb6bc78fdee1ad59c7987    b72ca366c23e7d91c2c030 0x
>>
>> *2.*  snmptrap, trasess will use option 3(MmKk) used to input key
>> instead of plain text password.   Is there any option to do the same for
>> encrypted username ?
>>
>> Thanks,
>> Pushpa.T
>> _______________________________________________
>> Net-snmp-coders mailing list
>> Net...@li...
>> https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
>>
>
>
> --
> Regards,
> Feroz Ahmed
>

Re: Encrypt snmpv3 username and snmpv2c username

[Feroz <fer...@gm...>]

Can you check if snmpusm is what you are looking for?

https://net-snmp.sourceforge.io/docs/man/snmpusm.html


On Mon, Sep 11, 2023 at 1:34 PM Pushpa Thimmaiah <pus...@gm...>
wrote:

> Hi All,
>
> I am looking for method to save username and community in encrypted format
> in /etc/snmp/snmpd.conf.   Could you please let me know it can be done?
>
> *1.* I have noticed that snmpv3 username in usm-entry is not encrypted
> as shown below.  Here snmpv3 user = 123user.  If I  remember correctly, an
> older version of netsnmp was encrypting snmpv3 username too.
>
> usmUser 1 3 0x80001f8880103aeb4ddf04496000000000 "123user" "123user" NULL
> .1.3.6.1.6.3.10.1.1.7 0x3ea47fb6bc78fdee1ad59c7987b72ca366c23e7d9
>  1c2c03028e52e7c8435260a626d5b3bd59175a9dbb5484 .1.3.6.1.4.1.14832.1.3
> 0x3ea47fb6bc78fdee1ad59c7987    b72ca366c23e7d91c2c030 0x
>
> *2.*  snmptrap, trasess will use option 3(MmKk) used to input key instead
> of plain text password.   Is there any option to do the same for  encrypted
> username ?
>
> Thanks,
> Pushpa.T
> _______________________________________________
> Net-snmp-coders mailing list
> Net...@li...
> https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
>


-- 
Regards,
Feroz Ahmed

Encrypt snmpv3 username and snmpv2c username

[Pushpa T. <pus...@gm...>]

Hi All,

I am looking for method to save username and community in encrypted format
in /etc/snmp/snmpd.conf.   Could you please let me know it can be done?

*1.* I have noticed that snmpv3 username in usm-entry is not encrypted  as
shown below.  Here snmpv3 user = 123user.  If I  remember correctly, an
older version of netsnmp was encrypting snmpv3 username too.

usmUser 1 3 0x80001f8880103aeb4ddf04496000000000 "123user" "123user" NULL
.1.3.6.1.6.3.10.1.1.7 0x3ea47fb6bc78fdee1ad59c7987b72ca366c23e7d9
 1c2c03028e52e7c8435260a626d5b3bd59175a9dbb5484 .1.3.6.1.4.1.14832.1.3
0x3ea47fb6bc78fdee1ad59c7987    b72ca366c23e7d91c2c030 0x

*2.*  snmptrap, trasess will use option 3(MmKk) used to input key instead
of plain text password.   Is there any option to do the same for  encrypted
username ?

Thanks,
Pushpa.T

Re: Getting listening port number while processing request

[Teus B. <teu...@gm...>]

On Fri, 8 Sept 2023 at 08:27, Craig Small <csmall@dropbear.xyz> wrote:
> I ran snmpd as
> snmpd -f -Le -Dnetsnmp_udp 2000,3000
> and got
> netsnmp_udp: recvfrom fd 6 got 41 bytes (from UDP: [127.0.0.1]:36600->[127.0.0.1]:2000)
> or port 3000 if I targeted that.
[...]

Hi, thank you for that. Initially I felt like "wow, how could I have
overlooked this". But then I realized that I had omitted some
information in the question, which is this: I run the SNMP daemon
listening on TCP instead of on UDP.

Running it with debug tokens "-Dnetsnmp_tcp,netsnmp_tcpbase" gives
this output on TCP:

netsnmp_tcpbase: recv fd 9 got 2461 bytes
Connection from TCP: [192.168.135.118]:46836->[0.0.0.0]:0

It means that it outputs the remote TCP port, and outputs the local,
listening TCP port as port 0.
It listens on port 2161 and 2162.

Since it is function "getsockname" that gets the port number from a
file descriptor, I searched the library for that call:

$ grep -R getsockname *
snmpSSHDomain.c:            if(getsockname(t->sock, to, &tolen) != 0){
snmpUDPBaseDomain.c:        int r2 = getsockname(s, dstip, dstlen);
snmpUDPIPv4BaseDomain.c:    rc = getsockname(t->sock, (struct
sockaddr*)&addr_pair->local_addr,
snmpUDPIPv6Domain.c:    rc = getsockname(t->sock, (struct
sockaddr*)&addr_pair->local_addr,
snmpUnixDomain.c:        if(getsockname(t->sock, to, &tolen) != 0){

It looks like it outputs the port number on domains SSH, UDP, and
Unix, but not on domain TCP.

If this analysis is correct, could this be translated into a feature
request for any next version of the Net-SNMP library?

Thanks for the hints,

Teus Benschop

Re: Getting listening port number while processing request

[Craig S. <cs...@dr...>]

On Tue, 5 Sept 2023 at 22:16, Teus Benschop <teu...@gm...> wrote:

> I could not find a way to display the port number, also not using the
> various debug tokens.
>
I ran snmpd as
snmpd -f -Le -Dnetsnmp_udp 2000,3000
and got
netsnmp_udp: recvfrom fd 6 got 41 bytes (from UDP:
[127.0.0.1]:36600->[127.0.0.1]:2000)
or port 3000 if I targeted that.
Port 36600 is my snmpwalk UDP port (i.e. the "remote" address) and 2000 is
what the agent was listening to.

That information looks like its filled in by netsnmp_udp_recvfrom()

 - Craig

Getting listening port number while processing request

[Teus B. <teu...@gm...>]

Hello,

I've been digging around in the library for a while to check out
whether the port number that the agent listens on, if it listens on
multiple ports, can be retrieved via the API, while the snmpd
processes a request via snmpget or snmpset.

I could not find a way to display the port number, also not using the
various debug tokens.

Question: Is there a way to retrieve the port number that a request
was received on, or do I need to hack the net-snmp library itself, or
is that never possible?

With kind regards,

Teus Benschop

Re: default retries for snmpinform

[Pushpa T. <pus...@gm...>]

Hi Wes,

Thank you for response.

Yes. I will be using 5.9 but would like to confirm if I am missing any
config  in 5.7.1.

I did download net-snmp-5.7.1 and net-snmp-5.9  on ubuntu (desktop) and
noticed default retry is 0 and 5 respectively.


Because, a product of our organization was using 5.7.1,  retry and timeout
are not configurable here and  customer would like to know value of retry
and timeout.
We have not used retry option in command 'snmptrap -Ci'  , so I was
expecting it should have default value.

Thank you,
Pushpa.T


On Fri, Aug 25, 2023 at 11:22 PM Wes Hardaker <
har...@us...> wrote:

> Pushpa Thimmaiah <pus...@gm...> writes:
>
> > Is this known issue in version 5.7.1?   I did test the same on
> net-snmp-5.9 and
> > could see 5 retries.
>
> I'd argue you should be using 5.9.4 then :-)  5.7 is long past supported.
> --
> Wes Hardaker
> Please mail all replies to net...@li...
>

Re: default retries for snmpinform

[Wes H. <har...@us...>]

Pushpa Thimmaiah <pus...@gm...> writes:

> Is this known issue in version 5.7.1?   I did test the same on net-snmp-5.9 and
> could see 5 retries.

I'd argue you should be using 5.9.4 then :-)  5.7 is long past supported.
-- 
Wes Hardaker
Please mail all replies to net...@li...

default retries for snmpinform

[Pushpa T. <pus...@gm...>]

Hi,


I am testing retry option in snmpcmd  and noticed that retries for snmpv2c
inform  is not 5.
According to snmpcmd man page default retries is 5. So I was expecting it
will use default value .
I am using net-snmp-5.7.1 and retries are not configured in snmp config
file.

Is this known issue in version 5.7.1?   I did test the same on net-snmp-5.9
and could see 5 retries.


*Test results:*

*snmptrap --version*
NET-SNMP version: 5.7.1

*Pushpa:/tmp#* snmptrap -Ci -v 2c  -c test123 10.12.70.97 ""
.1.3.6.1.4.1.8072.2.3.1 .1.3.6.1.4.1.8072.2.1.1 i 555
snmpinform: Timeout

*Pushpa:/tmp#* snmptrap -Ci -v 2c  -c test123 10.12.70.97 ""
.1.3.6.1.4.1.8072.2.3.1 .1.3.6.1.4.1.8072.2.1.1 i 666
snmpinform: Timeout

=============* tcpdump results*====================================
17:52:22.987127 IP 192.168.17.120.48784 > 192.168.17.97.snmp-trap:
 C=test123 Inform(75)  system.sysUpTime.0=464534 S:1.1.4.1.0=E:8072.2.3.1
E:8072.2.1.1=555
17:52:23.314174 IP 192.168.17.97 > 192.168.17.120: ICMP 192.168.17.97 udp
port snmp-trap unreachable, length 132
17:58:40.899853 IP 192.168.17.120.46812 > 192.168.17.97.snmp-trap:
 C=test123 Inform(75)  system.sysUpTime.0=502325 S:1.1.4.1.0=E:8072.2.3.1
E:8072.2.1.1=666
17:58:41.170006 IP 192.168.17.97 > 192.168.17.120: ICMP 192.168.17.97 udp
port snmp-trap unreachable, length 132

net-snmp 5.9.4 released

[Wes H. <har...@us...>]

I've published 5.9.4 today, thanks to the vast quantity of help from
many people that have contributed patches to the 5.9 branch.  Sorry for
the delay between 5.9.4.rc1 and the final version, but there was a bug
in the TLS support that turns out to be challenging due to multiple
issues.  In the end, we've decided to table the fix until after 5.9.4 to
get this out the door as is for now.

NEWS for 5.9.4:

*5.9.4*:

    IMPORTANT: SNMP over TLS and/or DTLS are not functioning properly
    in this release with various versions of OpenSSL and will be fixed
    in a future release.

    libsnmp:
      - Remove the SNMP_SWIPE_MEM() macro Remove this macro since it is not
	used in the Net-SNMP code base.
      - DISPLAY-HINT fixes
      - Miscellanious improvements to the transports
      - Handle multiple oldEngineID configuration lines 
      - fixes for DNS names longer than 63 characters

    agent:
      - Added a ignoremount configuration option for the HOST-MIB
      - disallow SETs with a NULL varbind
      - fix the --enable-minimalist build

    apps:
      - snmpset: allow SET with NULL varbind for testing
      - snmptrapd: improved MySQL logging code

    general:
      - configure: Remove -Wno-deprecated as it is no longer needed
      - miscellanious ther bug fixes, build fixes and cleanups


-- 
Wes Hardaker
Please mail all replies to net...@li...

Re: timeout and retry for snmptrap

[Pushpa T. <pus...@gm...>]

Hi Wes Hardader,

Thank you for confirming.

Regards,
Pushpa.T

On Thu, Aug 10, 2023 at 1:20 AM Wes Hardaker <har...@us...>
wrote:

> Pushpa Thimmaiah <pus...@gm...> writes:
>
> > I am using tool 'snmptrap'  to send informs .   I would like to know
> default
> > timeout and retry here.
> >   snmpcmd manpage says default timeout=1sec  and retry=5.
> > Could you confirm whether it is applicable to command 'snmptrap -Ci' ?
>
> Without double checking the source code, I'm pretty positive that the
> same default settings are used when using INFORMs too.
> --
> Wes Hardaker
> Please mail all replies to net...@li...
>

Re: timeout and retry for snmptrap

[Wes H. <har...@us...>]

Pushpa Thimmaiah <pus...@gm...> writes:

> I am using tool 'snmptrap'  to send informs .   I would like to know default
> timeout and retry here.
>   snmpcmd manpage says default timeout=1sec  and retry=5.
> Could you confirm whether it is applicable to command 'snmptrap -Ci' ?

Without double checking the source code, I'm pretty positive that the
same default settings are used when using INFORMs too.
-- 
Wes Hardaker
Please mail all replies to net...@li...