net-snmp-users — General discussion of the project (Please use this OR -coders, NOT both!)

Question about inconsistent log levels for CONTAINER_INSERT failures in tcpListenerTable vs tcpConnectionTable

[Sun, B. <Bi...@de...>]

Hello Net‑SNMP community,

I’m new to SNMP, and I’ve been investigating a syslog error “tcpListenerTable insert failed”.
This appears when running snmpwalk on the TCP‑MIB tables (specifically tcpListenerTable). The agent is running snmpd9.5.3.

Background: container index collisions
The MIB index is built from:

  *   AFI (InetAddressType)
  *   address bytes (4 for IPv4, 16 for IPv6)
  *   local port
Because the container uses only (AFI, address, port) as the key, certain Linux/SONiC scenarios naturally produce collisions—for example when both the host and a VRF have wildcard listeners for the same service:

LISTEN            0                 512                          0.0.0.0%Vrf-1:179                      0.0.0.0:*                users:(("bgpd",pid=32190,fd=23))
LISTEN            0                 512                           0.0.0.0:179                                0.0.0.0:*                users:(("bgpd",pid=32190,fd=26))

Since RFC 4022 does not include a VRF/namespace field in the TCP‑MIB indices, these entries collapse into the same SNMP key. Therefore:

  *   CONTAINER_INSERT() fails for the duplicate row
  *   snmpwalk still completes normally, returning one row per distinct MIB index
This behavior makes sense and aligns with the MFD model.

While studying the code, I noticed that duplicat-sert failures are logged differently depending on the table:
In tcpConnectionTable_data_access.c, when CONTAINER_INSERT() fails due to a duplicate, it logs:

NETSNMP_LOGONCE((LOG_DEBUG,
"Error inserting entry to tcpConnectionTable, entry already exists.\n"));

While in tcpListenerTable_data_access.c, for the same scenario (same key, failed insert), the code logs:

snmp_log(LOG_ERR, "tcpListenerTable insert failed.\n");

Is there a specific reason why tcpConnectionTable uses a one‑time LOG_DEBUG message for duplicate inserts, while tcpListenerTable logs these cases as LOG_ERR, even though both failures arise from the same type of duplicate key condition?
I’m trying to understand whether this difference is intentional or simply historical—and whether it would make sense to align tcpListenerTable with the more conservative logging behavior used in tcpConnectionTable.

Thanks for your time.

Best regards,

Bing



Internal Use - Confidential

Teo En Ming's Review of Vivo X100 Pro Android Phone 29 Dec 2025 Monday

[Turritopsis D. T. En M. <teo...@pr...>]

Subject: Teo En Ming's Review of Vivo X100 Pro Android Phone 29 Dec 2025 Monday

Good day from Singapore,

This is based on my personal experience at EOY 2025 cosplay convention at Raffles City Convention Center Singapore from 27-28 Dec 2025 (Saturday and Sunday). I have taken more than 1000 photos and videos (with photos being the majority and videos being the minority) with the Vivo X100 Pro Android Phone over these 2 days.

I can conclude that the Vivo X100 Pro Android Phone is an excellent top-of-the-line premium flagship smartphone designed for exceptional photography and videography.

Out of the more than 1000 photos I have taken, very few photos (only 2-3) turn out blur or out of focus.

Front Camera
=============

I can take selfie photos in rapid firing mode without any lag at all.

Almost all of the selfie photos are sharp and clear with AI beauty enhancements.

The front camera performs well in low light environment: even when the surroundings are dark, you can still take good quality and well-exposed photos without any external light source, thanks to its superior image processor.

Videos taken with the front camera have good quality.

Rear camera
============

I can also take portrait photos in rapid firing mode without any lag at all.

Almost all of the portrait photos are sharp and clear with AI beauty enhancements.

The rear camera also performs well in low light environment: even when the surroundings are dark, you can still take good quality and well-exposed photos without any external light source, thanks to its superior image processor.

Full HD and 4K videos taken with the rear camera have good quality, even up to 4.3x optical zoom. I have not tried taking 8K videos yet.

However, AI exposure adjustment does not apply to videos taken with the rear camera, so when the surroundings are dark, your recorded videos will also be dark. You will definitely need an external light source (e.g. LED video light) when you take videos with the rear camera.

I think the Vivo X100 Pro Android phone beats my premium super-zoom bridge cameras with 1-inch sensors hands down, due to AI beauty enhancements. You can definitely use the Vivo X100 Pro Android phone for model portraiture shoots instead of the traditional DSLR and mirrorless cameras.

Thank you for reading my concise review of the Vivo X100 Pro Android Phone.

Regards,

Mr. Turritopsis Dohrnii Teo En Ming
Extremely Democratic People's Republic of Singapore
29 Dec 2025 Monday 12.57 am Singapore Time

I have spent about 4 hours setting up my "new" Vivo X100 Pro 5G Android Phone today

[Turritopsis D. T. En M. <teo...@pr...>]

Subject: I have spent about 4 hours setting up my "new" Vivo X100 Pro 5G Android Phone today

Good day from Singapore,

I have spent about 4 hours from 5.00 PM to 9.00 PM on 26 Dec 2025 Friday evening setting up my "new" Vivo X100 Pro 5G Android phone today. It is a refurbished / used / 2nd hand unit.

My Oppo Reno10 Pro 5G Android phone became my secondary phone.

My Vivo V25 Pro 5G Android phone became my tertiary phone.

Normally / typically / usually it takes roughly about 4 hours to setup a brand new Android phone, when you transfer literally everything from old Android phone to new Android phone.

Regards,

Mr. Turritopsis Dohrnii Teo En Ming
Extremely Democratic People's Republic of Singapore
26 Dec 2025 Friday 10.20 pm Singapore Time

Net-SNMP 5.9.5.2 released -- minor bug fixes

[Wes H. <har...@us...>]

*5.9.5.2*

    building:
      - Fix an issue with needing limits.h included.
      - update to autoconf 2.72

*5.9.5.1*

Only a version numbering fix.

-- 
Wes Hardaker
Google

Bought Vivo X100 Pro 5G Android Phone on 19 Dec 2025 Friday

[Turritopsis D. T. En M. <teo...@pr...>]

Subject: Bought Vivo X100 Pro 5G Android Phone on 19 Dec 2025 Friday

Good day from Singapore,

It looks like a Malaysia set.

Color: Blue
RAM: 16 GB
Storage: 512 GB
Advertised selling condition: Excellent

Model: V2309

Serial number:
10AE*******021U

IMEI (slot 1):
8644*******4037

IMEI (slot 2):
8644*******4029

Purchase date: 19 Dec 2025 Friday 2.41 PM via online store (Singapore Time)

Delivery date: 22 Dec 2025 Monday 8.17 PM (Singapore Time)

Price: SGD$598
Express next working day shipping: SGD$15
Total: SGD$613
Payment Method: Grab PayLater x4 monthly installments

Installment details 
====================

1st installment payment on 19 Dec 2025 Friday: SGD$153.22
2nd installment payment on 19 Jan 2026 Monday: SGD$153.22
3rd installment payment on 19 Feb 2026 Thursday: SGD$153.22
4th and final installment payment on 19 Mar 2026 Thursday: SGD$153.24

Warranty: 3 months
AC adapter provided: NO
Accessories provided: USB-C to USB-C cable ONLY

More information
=================

About phone
===========

Funtouch OS 15

vivo V3 Chip

Processor: 3.25 GHz Dimensity 9300 Octa-core

RAM: 16 + 16 GB

Android version: 15

Phone storage: 512 GB

Software information
=====================

OS version: Funtouch OS 15

Model: V2309

Hardware version: MP_0.1

Build number: PD2324DF_EX_A_15.1.12.0.W20

Baseband version: MOLY.NR16.R2.MP3.TC19.PR1.SP.V1.P144

Linux Kernel version:

6.1.124-android14-11-g4a504128448d-ab13226672 #1 Mon Mar 17 02:05:11 UTC 2025

Compile time: 4 Jun 2025 14:39:15

Android security update: 1 June 2025

Google Play system update: 1 January 2025

Status
=======

IMEI SV: 41

MEID: A000-snipped-E8C9

EID: 8904-snipped-3920

Regards,

Mr. Turritopsis Dohrnii Teo En Ming
Extremely Democratic People's Republic of Singapore
23 Dec 2025 Tuesday 8.53 pm Singapore Time

Net-SNMP 5.9.5. and 5.10.pre2 released to address snmptrapd security vulnerability

[Wes H. <har...@us...>]

Today we are releasing Net-SNMP 5.9.5 and 5.10.pre2, which addresses a
critical security vulnerability (CVE-2025-68615) in snmptrapd.  All
users of the snmptrapd daemon are encouraged to update their software
immediately. In short, a specially crafted packet to an net-snmp
snmptrapd daemon can cause a buffer overflow and the daemon to crash.

Note that although Net-SNMP has had very few security vulnerabilities
over the years, the SNMP services of both the agent and the trap
receiver should never be run on untrusted networks due to the
sensitivity of the information SNMP has available to it.  If you are
running any agent or trap receiver on a non-private network, now is a
good time to re-evaluate your deployment model.

Credits:
We thank buddurid working with Trend Micro Zero Day Initiative for
finding and reproting this vulnerability.

Longer NEWS sections:

*5.10*:

    snmptrapd:
      - fixed a critical vulnerability triggered by a specially crafted trap

    snmplib:
      - Reject invalid input in asn_realloc_rbuild_string to prevent
        NULL dereference 
      - Fix memory leaks in parse_enumlist, netsnmp_transport_filter_add,
        and se_add_pair_to_list
      - Optimize init_snmp_enum to be faster by calling calloc once 
      - Do not truncate AGENT-CAPABILITIES descriptions 
      - Use libssh2_session_handshake when available instead of deprecated
        startup function 
      - Rework se_add_pair_to_slist to insert into storage before adding to list 
      - Check env_var before reading MIB 
      - Fix parsing of OIDs 0.40.x and 1.40.x 
      - Fix buffer overflow in ASN_OCTET_STR index allocation 
      - Fix stack buffer overflow in se_read_conf and other buffer overflows 
      - Fix out-of-bounds access in netsnmp_hex_to_binary and snmp_log_options 
      - Fix NULL pointer dereferences in netsnmp_ds_handle_config and
        netsnmp_ds_parse_boolean

    snmpd:
      - systemstats_linux: Improve support of "Ip:" fields list from 
        kernel /proc/net/snmp 
      - diskio: Use snprintf for device path generation on Linux  and add 
        malloc checks for BSDs
      - pingCtlTable: Unified handling of memory allocation errors and releases
      - Revert exclusion of certain MIBs if Netlink library is not available 
      - Fix segfaults when varbind cannot be constructed (null pointer) 
      - Fix use-after-free in unregister_mib_context 
      - Fix crash caused by buf being a null pointer in snmp_agent.c 
      - Fix loadave.c out-of-bounds access 
      - Fix possible unix socket path overflow with strncpy 
      - Fix write_vacmAccessStatus use-after-free in mibII 
      - Security vulnerabilty in the ping MIB reported by Christopher Ertl
        from Microsoft fixed

    apps:
      - mib2c-update: Fix broken search path and allow specifying
        generated file name 
      - mib2c: Install correct filename for generic-get-in_addr_t
      - snmpset/agentxtrap: Fix memory leaks 

    perl:
      - Do not send callbacks upon failures to avoid double-frees 
      - Do not crash on resend callbacks 
      - Revert "fix resource leaks" patch because it introduced crashes 
      - Suppress warning message for Socket6 

    building:
      - Support FreeBSD 15 and 16 
      - Support OpenBSD 8
      - Add build support for Windows on ARM
      - MinGW64: Switch from pkg-config to pkgconf 
      - Remove NOAUTODEPS support from Makefile.in 
      - Make --disable-des work
      - Add --with-wolfssl Add support for building and linking with the
        wolfSSL library instead of OpenSSL. Other changes that have been
        included in this patch are: - Only enable AES support if
        EVP_aes_128_cfb() is available. - Add support for detecting SSL
        functions if these have been defined as macros.


*5.9.5*

    snmptrapd:
      - fixed a critical vulnerability (CVE-2025-68615) which can be triggered
        by a specially crafted trap

    snmplib:
      - Add support for IPV6_RECVPKTINFO 
      - Port the SSH domain transport to FreeBSD 
      - Improve error handling in parse_enumlist and other parsing functions 
      - Filter out non-ASCII characters from output 
      - Fix multiple memory leaks in MIB parsing, OID handling, and transport filters 
      - Fix multiple buffer overflows triggered when creating ASN packets
      - Fix handling of large/negative values (integer underflows/overflows) 
      - Fix segmentation faults when `varbind` cannot be constructed or buf is null 
      - Fix crash in netsnmp_parse_args when passing invalid argument lists 
      - Fix SNMPv3 multithreading support for snmp_sess_open() 

    snmpd:
      - Make UCD-SNMP::dskTable dynamic if includeAllDisks is set.") added
	a verification that drops all filesystems not present in other_fs[]
	table. So add 'ubifs' in other_fs[] to fix it.
      - Fix SIGHUP handling for engineID changes and agent port changes 
      - Fix a use-after-free in unregister_mib_context() 
      - Fix regression of memory leak when using RPMDB macros 
      - Improve cache management: clear timer_id on stop, keep cache flags unchanged 
      - Always open libkvm in "safe mode" on FreeBSD 
      - Fix crash when snmptrapd subagent terminates the TCP connection 

    apps:
      - snmpusm: Improve error handling and fix memory leaks 
      - sshtosnmp: Avoid EINVAL when passing credentials over SSH unix domain socket 
      - snmptest: Plug a possible memory leak 
      - snmpget: Avoid leak if parsing OID fails 

    MIBs:
      - EtherLike-MIB: Optimize Linux implementation to use netlink statistics 
      - IP-MIB: Add Linux 6.7 compatibility for parsing /proc/net/snmp 
      - LM-SENSORS-MIB: Support negative temperatures 
      - SNMP-TLS-TM-MIB: Update to RFC 9456 and allow TLS protocols higher than TLS1.0 
      - HOST-RESOURCES-MIB: Add support for RPM SQLite DB background 

    building:
      - Add support for Windows on ARM 
      - Support OpenBSD 8, FreeBSD 15/16, and DragonflyBSD 
      - Fix build for OS/X versions prior to 10.6.0 
      - Windows: Bump OpenSSL version and fix library paths 
      - MinGW64: Switch from pkg-config to pkgconf 
      - Add --with-wolfssl Add support for building and linking with the
	wolfSSL library instead of OpenSSL. Other changes that have been
	included in this patch are: - Only enable AES support if
	EVP_aes_128_cfb() is available. - Add support for detecting SSL
	functions if these have been defined as macros.


-- 
Wes Hardaker
Please mail all replies to net...@li...

Configuring local users in Fortigate firewalls SSL VPN for email MFA, password expiration and password complexity requirements

[Turritopsis D. T. En M. <teo...@pr...>]

Subject: Configuring local users in Fortigate firewalls SSL VPN for email MFA, password expiration and password complexity requirements

Good day from Singapore,

Author: Mr. Turritopsis Dohrnii Teo En Ming
Country: Singapore
Date of document: 23 Nov 2025 Sunday

config user password-policy
	edit "passwordpolicy"
		set expire-days 90
		set warn-days 5
		set expired-password-renewal disable
		set expire-status enable
		set minimum-length 12
		set min-lower-case-letter 1
		set min-upper-case-letter 1
		set min-non-alphanumeric 1
		set min-number 1
		set reuse-password disable
	next
end

config user local
	edit "agent1.local"
		set passwd-policy "passwordpolicy"
	next
end	

config user local
	edit "agent2.local"
		set passwd-policy "passwordpolicy"
	next
end	

config user local
	edit "agent3.local"
		set passwd-policy "passwordpolicy"
	next
end	

config user local
	edit "agent4.local"
		set passwd-policy "passwordpolicy"
	next
end


config user local
    edit "agent1.local"
        set type password
        set two-factor email
        set email-to "ag...@se..."
        set passwd-policy "passwordpolicy"
        set passwd-time 2025-11-20 09:55:27
        set passwd ENC 
    next
end

config user local
    edit "agent2.local"
        set type password
        set two-factor email
        set email-to "ag...@se..."
        set passwd-policy "passwordpolicy"
        set passwd-time 2025-11-21 14:04:45
        set passwd ENC 
    next
end

config user local
    edit "agent3.local"
        set type password
        set two-factor email
        set email-to "ag...@se..."
        set passwd-policy "passwordpolicy"
        set passwd-time 2025-11-19 11:55:34
        set passwd ENC 
    next
end

config user local
    edit "agent4.local"
        set type password
        set two-factor email
        set email-to "ag...@se..."
        set passwd-policy "passwordpolicy"
        set passwd-time 2025-11-21 14:01:47
        set passwd ENC 
    next
end	

Regards,

Mr. Turritopsis Dohrnii Teo En Ming
Singapore
23 Nov 2025 Sunday 3.00 PM Singapore Time

Teo En Ming's overseas holiday trips in the year 2025 AD

[Turritopsis D. T. En M. <teo...@pr...>]

Subject: Teo En Ming's overseas holiday trips in the year 2025 AD

FOR IMMEDIATE WORLDWIDE RELEASE
===============================

Teo En Ming's One World Government
==================================

Turritopsis Dohrnii Teo En Ming (Teo En Ming) was in Tokyo, Japan for a 3 Days 2 Nights (3D2N) holiday trip from 4 May 2025 to 6 May 2025, right after the Singapore General Elections on 3 May 2025.
The entire holiday trip was SPONSORED by SGMUSTWATCHLA. According to sgmustwatchla, the sponsored amount was approximately SGD$1200 to SGD$1300 per pax, which covers every thing from air tickets to Airbnb to food and meals to transport. It was an all expenses paid sponsored holiday trip. Teo En Ming paid for the travel insurance himself.

Turritopsis Dohrnii Teo En Ming (Teo En Ming) was in Taipei, Taiwan for a 7 Days 6 Nights (7D6N) holiday trip from 6 August 2025 to 12 August 2025. He landed in Singapore in the early morning hours of 13 August 2025.
The approximate TOTAL expenses in Taiwan was about SGD$3050, paid out of Teo En Ming's very own pocket. Simply put, Teo En Ming paid for the total expenses of approximately SGD$3050 in Taiwan himself.
There is a SGD$300 sponsorship from TurisVPN. Jonathan Leong (Singaplex) helped to secure the SGD$300 TurisVPN sponsorship.
Teo En Ming was largely able to fund his Taipei Red Expo TRE 2025 (Taiwan Adult Expo) holiday trip with a COMPENSATION PAYMENT of SGD$3,500 from SBS TRANSIT LTD on 17 June 2025, supplemented by TWO (2) GST voucher payouts of SGD$850 EACH in August 2025. One GST voucher payout of SGD$850 was for Teo En Ming and another GST voucher payout of SGD$850 was for Teo En Ming's mother. Another source of funding for the Taiwan holiday trip came from Jobseeker unemployment (UNEMPLOYMENT) payouts, which began on 8 May 2025. The Jobseeker Unemployment Payout Scheme is a Singapore Government scheme to help Singapore Citizens who are INVOLUNTARILY unemployed. Teo En Ming joined SBS TRANSIT LTD on 10 Feb 2025 as a Network Engineer and was retrenched on 3rd April 2025, barely 2 months later.

Teo En Ming is a 47 year old Singaporean Chinese with a Bachelor's degree in Mechanical Engineering (Honours) from the National University of Singapore (NUS). He also has 2 diplomas from Singapore Polytechnic: Diploma in Mechatronics Engineering with Merit and Diploma in Computer Networking. In 1994, Teo En Ming was the GCE "O" Levels Top Student at Ahmad Ibrahim Secondary School in Yishun, Singapore. He has ***NEVER*** visited the United States, Canada, Europe, Australia and New Zealand in his entire life, because he lives in EXTREME POVERTY in Singapore. And also because he has Government-Induced Schizophrenia mental illness for the past 18 years since 2007. Teo En Ming graduated from NUS in December 2006.

According to the Presidential Records Act (PRA) enacted by the United States Congress, Teo En Ming must keep proper presidential records and he cannot delete the presidential records himself.

Regards,

Mr. Turritopsis Dohrnii Teo En Ming
TARGETED INDIVIDUALS IN SINGAPORE
GIMP = Government-Induced Medical Problems
National Archives and Records Administration (NARA)
Recorded 16 August 2025 Saturday 11.31 PM Singapore Time

Teo En Ming's One World Government
==================================

Query to port net-snmp stack for TI AM437xx target

[Sanjay S. <San...@lk...>]

Hi,

I want to use net-snmp stack for our development.

Please guide me to build net-snmp-5.8 stack for SNMPV1 implementation with following environment
Host Machine : Windows 10
Target Machine : TI AM437 Based Embedded platform with RTLinux
Cross-compiler : GNU compiler Toolchain for AM437xx
Code IDE : Windows Eclipse

Provide details such as which minimum files to be included in project for net-snmp stack build for only snmpv1 implementation.

I tried to use following folders from net-snmp-5.8 stack but I am getting build errors

  *   Agent
  *   Include
  *   snmplib


Regards,
Sanjay Sarang




General

appending custom command to snmp daemon

[Lokesh C. <lve...@gm...>]

Hello,

I want to extend snmp with one command. I added one line to
/etc/snmp/snmpd.configuration
============================================================================
root@officelaptop:~# tail /etc/snmp/snmpd.conf
#
# rouser: a SNMPv3 read-only access username
#    arguments: username [noauth|auth|priv [OID | -V VIEW [CONTEXT]]]
rouser authPrivUser authpriv -V systemonly

# include a all *.conf files in a directory

rocommunity  public
extend my_own_cmd /usr/bin/echo Hello Lokesh
includeDir /etc/snmp/snmpd.conf.d
root@officelaptop:~#
============================================================================
After that, I did
 sudo systemctl restart snmpd

snmpd started and is active

If I try to execute the command my_own_cmd, I'm seeing the following error.

============================================================================
root@officelaptop:~# sudo snmpwalk -v2c -c public localhost
NET-SNMP-EXTEND-MIB::nsExtendOutput1Line."my_own_cmd"
NET-SNMP-EXTEND-MIB::nsExtendOutput1Line.my_own_cmd: Unknown Object
Identifier (Index out of range: my_own_cmd (nsExtendToken))
============================================================================

Can someone help me understand how to fix the issue ?


Thanks & Regards
--
Lokesh Chakka.

Re: python3-netsnmp and SHA512

[Bart V. A. <bva...@ac...>]

On 7/3/25 12:22 PM, Carl Jacobs via Net-snmp-users wrote:
> Are there plans to upgrade python3-netsnmp to support SHA-2 algorithms 
> and AES-256 encryption?

Net-SNMP is maintained by a team of volunteers.

If a patch is submitted that adds this functionality we can help with 
reviewing that patch.

Bart.

python3-netsnmp and SHA512

[Carl J. <cd...@us...>]

Are there plans to upgrade python3-netsnmp to support SHA-2 algorithms and AES-256 encryption?


--

Carl D. Jacobs
IBM Infrastructure
cd...@us...<mailto:cd...@us...>
(845) 435-1908
https://w3.ibm.com/w3publisher/oneit

Simple Gallery Pro gallery / album app for Oppo Reno10 Pro 5G Android Phone

[Turritopsis D. T. En M. <teo...@pr...>]

Subject: Simple Gallery Pro gallery / album app for Oppo Reno10 Pro 5G Android Phone

Good day from Singapore,

Developer email: he...@si...

Developers:

Aga-C, AlbertoPellitteri, Alfavio,
connyduck, correia55, dagkalis, DaPa,
ForgottenUmbrella, KryptKode,
Naveen3Singh, qertyfinger

Facebook: Simple Mobile Tools

GitHub: SimpleMobileTools

Reddit: SimpleMobileTools

Version 6.28.1 Pro

Made in Slovakia

App Settings
=================

Manage included folders
========================

/storage/emulated/0/DCIM/Camera

Manage excluded folders
=========================

/storage/emulated/0/Download

/storage/emulated/0/Android/media/org.telegram.messenger

/storage/emulated/0/DCIM/MyAlbums

/storage/emulated/0/Pictures

/storage/emulated/0/Android/media/com.whatsapp

Oppo Photos is the stock gallery / album app for Oppo Reno10 Pro 5G Android phone.

Regards,

Mr. Turritopsis Dohrnii Teo En Ming
Targeted Individuals in Singapore
GIMP = Government-Induced Medical Problems
7 June 2025 Saturday 7.32 PM Singapore Time

alma9, ifindex persistence for snmp

[sacawulu <cyu...@gm...>]

Hi,

We are running alma9 linux, and have problems with snmp network 
ifindexes that change between reboots. I am told by our network 
technicians that this causes an issue for them, with their Whatsup Gold 
network monitoring tool.

This is alma9, and comes with:

> net-snmp.x86_64                       1:5.9.1-17.el9                @appstream        
> net-snmp-agent-libs.x86_64            1:5.9.1-17.el9                @appstream        
> net-snmp-libs.x86_64                  1:5.9.1-17.el9                @appstream        
> net-snmp-utils.x86_64                 1:5.9.1-17.el9                @appstream

We know on cisco you can use

> snmp ifindex persist

to keep indexes consistent.

Is there a way to achieve the same behaviour on linux?

(and if this is not the proper place to ask...just let me know)

Thanks!

MJ

SEGFAULT in SNMP.so (__snmp_xs_cb)

[Sreenivasulu A. <sre...@gm...>]

Hi Team,
We upgraded the Net-Snmp to 5.9.1 and we are observing the SEGFAULT in
__snmp_xs_cb when we use SNMPv3.
The below back trace,

#0 0x00007f93ffd2be38 in Perl_hv_common () from
/etc/httpd/modules/mod_perl.so
#1 <https://github.com/net-snmp/net-snmp/issues/1> 0x00007f93ffd2d1be in
Perl_hv_common_key_len () from /etc/httpd/modules/mod_perl.so
#2 <https://github.com/net-snmp/net-snmp/issues/2> 0x00007f93f1c54053 in
__snmp_xs_cb () from
/opt/XXXX/lib64/perl5/x86_64-linux-thread-multi//x86_64-linux-thread-multi/auto/SNMP/SNMP.so
#3 <https://github.com/net-snmp/net-snmp/issues/3> 0x00007f93f1eb3543 in
_sess_process_packet () from /opt/XXXX/lib64/libnetsnmp.so.40
#4 <https://github.com/net-snmp/net-snmp/issues/4> 0x00007f93f1eb4526 in
_sess_read () from /opt/XXXX/lib64/libnetsnmp.so.40
#5 <https://github.com/net-snmp/net-snmp/pull/5> 0x00007f93f1eb505d in
snmp_sess_read2 () from /opt/XXXX/lib64/libnetsnmp.so.40
#6 <https://github.com/net-snmp/net-snmp/issues/6> 0x00007f93f1eb50ab in
snmp_read2 () from /opt/XXXX/lib64/libnetsnmp.so.40
#7 <https://github.com/net-snmp/net-snmp/pull/7> 0x00007f93f1eb5108 in
snmp_read () from /opt/XXXX/lib64/libnetsnmp.so.40
#8 <https://github.com/net-snmp/net-snmp/issues/8> 0x00007f93f1c4b7b8 in
XS_SNMP__read_on_fd () from
/opt/XXXX/lib64/perl5/x86_64-linux-thread-multi//x86_64-linux-thread-multi/auto/SNMP/SNMP.so
#9 <https://github.com/net-snmp/net-snmp/issues/9> 0x00007f93ffd38daf in
Perl_pp_entersub () from /etc/httpd/modules/mod_perl.so
#10 <https://github.com/net-snmp/net-snmp/issues/10> 0x00007f93ffd30b40 in
Perl_runops_standard () from /etc/httpd/modules/mod_perl.so
#11 <https://github.com/net-snmp/net-snmp/issues/11> 0x00007f93ffcda6cc in
Perl_eval_sv () from /etc/httpd/modules/mod_perl.so
#12 <https://github.com/net-snmp/net-snmp/issues/12> 0x00007f93ffcdc608 in
Perl_require_pv () from /etc/httpd/modules/mod_perl.so
#13 <https://github.com/net-snmp/net-snmp/pull/13> 0x00007f93ffcb4e2e in
modperl_require_file () from /etc/httpd/modules/mod_perl.so
#14 <https://github.com/net-snmp/net-snmp/pull/14> 0x00007f93ffcaf4ee in
modperl_config_apply_PerlRequire () from /etc/httpd/modules/mod_perl.so
#15 <https://github.com/net-snmp/net-snmp/issues/15> 0x00007f93ffcad068 in
modperl_startup () from /etc/httpd/modules/mod_perl.so
#16 <https://github.com/net-snmp/net-snmp/issues/16> 0x00007f93ffcace50 in
modperl_startup () from /etc/httpd/modules/mod_perl.so
#17 <https://github.com/net-snmp/net-snmp/issues/17> 0x00007f93ffcad2d6 in
modperl_init () from /etc/httpd/modules/mod_perl.so
#18 <https://github.com/net-snmp/net-snmp/pull/18> 0x00007f93ffcad436 in
modperl_hook_init () from /etc/httpd/modules/mod_perl.so
#19 <https://github.com/net-snmp/net-snmp/issues/19> 0x00005592a6791ff3 in
test_run_open_logs ()
#20 <https://github.com/net-snmp/net-snmp/pull/20> 0x00005592a676c6fe in
main ()

Could you please check and provide the patch for the same?

-- 
Thanks & Regards
*Sreenivasulu Alapaka*

Re: Can I override the defVersion in host specific conf files?

[Lee <le...@gm...>]

On Tue, Apr 22, 2025 at 8:28 AM Ari Rabinowitz  wrote:
>
> Hi Lee,
>
> Thanks for the confirmation of what I've been seeing. I've even tried adding "disableSNMPv3 yes" to the host.conf files for the hosts which don't do SNMPv3, but it still doesn't work.
> This is a sample of the host.conf files I've been trying:
> defVersion 2c
> defCommunity REDACTED
> disableSNMPv3 yes
> disableSNMPv2c no
>
> I have the feeling that once the configuration code sees any SNMPv3 parameters it can't reset them all and stop looking for SNMPv3, but I haven't looked at the source code to see. I'm afraid that this will end up being a large change for the developers, if anyone has the time to look into it and try to fix it.

I haven't looked at the code either but I can't imagine why putting
  defVersion 2c
in a host.conf file would fail yet putting '-v 2c' on the command line
would work.  Other than a bug.. assuming the man page is correct..

Regards,
Lee


> On Mon, Apr 21, 2025 at 5:57 PM Lee wrote:
>>
>> On Mon, Apr 21, 2025 at 4: 09 PM Ari Rabinowitz wrote: > > Hi, > > I'm trying to set up SNMP monitoring of many of our devices. Since most of them support SNMPv3 I've set up the following in my /etc/snmp/snmp. conf: > defVersion
>> ZjQcmQRYFpfptBannerStart
>> This Message Is From an External Sender
>> This message came from outside your organization.
>>
>> ZjQcmQRYFpfptBannerEnd
>>
>> On Mon, Apr 21, 2025 at 4:09 PM Ari Rabinowitz wrote:
>> >
>> > Hi,
>> >
>> > I'm trying to set up SNMP monitoring of many of our devices. Since most of them support SNMPv3 I've set up the following in my /etc/snmp/snmp.conf:
>> > defVersion 3
>> > defSecurityLevel authPriv
>> > defAuthType SHA
>> > defPrivType AES
>> > defAuthPassphrase REDACTED
>> > defPrivPassphrase  REDACTED
>> > defSecurityName USER
>> >
>> > I'm able to override the Version 3 parameters such as defSecurityLevel, defAuthType and the passphrases for the devices which support SNMPv3 in host specific configuration files in /etc/snmp/hosts/, but I can't find any way to specify in a host-specific configuration that the host uses version 2c or version 1. Is there any way to do that, if the general default is version 3?
>>
>> There's supposed to be a way - man snmp.conf says
>>        For example, if you wanted a particular host to use SNMPv2c  by  default
>>        you could create a ˜/.snmp/hosts/NAME.conf file and in it put:
>>
>>               defVersion 2c
>>
>> but it doesn't work for me
>>
>> $ cat ~/.snmp/librarysw.conf
>> defVersion 2c
>>
>> $ head -1 ~/.snmp/snmp.conf
>> defVersion 3
>>
>> $ snmpwalk  librarysw system
>> snmpwalk: Unknown user name (Sub-id not found: (top) -> system)
>>
>> $ snmpwalk -v 2c librarysw system
>> RFC1213-MIB::sysDescr.0 = STRING: "JetStream 24-Port Gigabit L2+
>> Managed Switch with 4 SFP Slots"
>> RFC1213-MIB::sysObjectID.0 = OID: TPLINK-MIB::tplinkProducts.122
>> RFC1213-MIB::sysUpTime.0 = Timeticks: (1501667371) 173 days, 19:17:53.71
>> RFC1213-MIB::sysContact.0 = STRING: "https://urldefense.proofpoint.com/v2/url?u=http-3A__www.tp-2Dlink.com&d=DwIFaQ&c=009klHSCxuh5AI1vNQzSO0KGjl4nbi2Q0M1QLJX9BeE&r=7VDP4N-fj98QvYr9AY4iLJh3GBO-d7Oa-o-8TLGIA7c&m=MYTKeSiGnacxnJ8w3AdGzcCgA2JLnsgcQuQPMWbIKhdCvra1_bSjV7RkureXLW2s&s=vK-iWeKK8GncVMQdwBeD57n_nPEBXBcsmJztBro84so&e="
>> RFC1213-MIB::sysName.0 = STRING: "librarysw"
>> RFC1213-MIB::sysLocation.0 = STRING: "Hong Kong"
>> RFC1213-MIB::sysServices.0 = INTEGER: 3
>>
>> hrmmm..  the man page says ˜/.snmp/hosts/NAME.conf so let's move the
>> librarysw.conf file to .snmp/hosts/ and try again
>>
>> $ cat ~/.snmp/hosts/librarysw.conf
>> defVersion 2c
>>
>> $ snmpwalk librarysw system
>> snmpwalk: Unknown user name (Sub-id not found: (top) -> system)
>>
>> still no :(
>>
>> Regards
>> Lee

NET-SNMP-EXTEND-MIB not showing command output

[Hamilton, A. <ham...@dy...>]

Hi everyone,

I'm very new to SNMP, Net-SNMP, and the field in general, so please have patience if there is an obvious fix to this.

I'm trying to configure an extend directive in the net-snmp/27/snmpd.conf file; I've set it up thus:

extend classmonitor /tmp/classmonitor.sh

I'm just having the script be a simple echo at this point to rule out any script errors. It looks like:

#!/bin/bash
echo Test

After restarting the daemon with a sudo snap restart net-snmp, the output of the snmpwalk for 1.3.6.1.4.1.8072.1.3.2 has the nsExtendOutFull line show an empty string, and nsExtendResult gives an exit code of 1. The nsExtendCommand line, however, points correctly to /tmp/classmonitor.sh. It seems like the daemon is somehow not able to get to the file or its output, but the permissions for reading/executing the file and directory align with what I have set for the user. Doing a su with the user running the daemon also shows that the script outputs fine into the terminal when run by itself.

Any troubleshooting would be much appreciated. Thanks!

-AH


D'YOUVILLE CONFIDENTIALITY NOTICE: This communication, including any attachments, may contain sensitive and/or confidential information and is intended only for the individual or entity to which it is addressed. Any unauthorized review, dissemination, distribution, or copying of this communication is strictly prohibited. If you are not the intended recipient, please contact the sender by reply email and delete and destroy all copies of the original message.

Re: Can I override the defVersion in host specific conf files?

[Ari R. <ar...@cs...>]

Hi Lee,

Thanks for the confirmation of what I've been seeing. I've even tried
adding "disableSNMPv3 yes" to the host.conf files for the hosts which don't
do SNMPv3, but it still doesn't work.
This is a sample of the host.conf files I've been trying:
defVersion 2c
defCommunity REDACTED
disableSNMPv3 yes
disableSNMPv2c no

I have the feeling that once the configuration code sees any SNMPv3
parameters it can't reset them all and stop looking for SNMPv3, but I
haven't looked at the source code to see. I'm afraid that this will end up
being a large change for the developers, if anyone has the time to look
into it and try to fix it.

Thanks,
Ari

On Mon, Apr 21, 2025 at 5:57 PM Lee <le...@gm...> wrote:

> On Mon, Apr 21, 2025 at 4: 09 PM Ari Rabinowitz wrote: > > Hi, > > I'm
> trying to set up SNMP monitoring of many of our devices. Since most of them
> support SNMPv3 I've set up the following in my /etc/snmp/snmp. conf: >
> defVersion
> ZjQcmQRYFpfptBannerStart
> This Message Is From an External Sender
> This message came from outside your organization.
>
> ZjQcmQRYFpfptBannerEnd
>
> On Mon, Apr 21, 2025 at 4:09 PM Ari Rabinowitz wrote:
> >
> > Hi,
> >
> > I'm trying to set up SNMP monitoring of many of our devices. Since most of them support SNMPv3 I've set up the following in my /etc/snmp/snmp.conf:
> > defVersion 3
> > defSecurityLevel authPriv
> > defAuthType SHA
> > defPrivType AES
> > defAuthPassphrase REDACTED
> > defPrivPassphrase  REDACTED
> > defSecurityName USER
> >
> > I'm able to override the Version 3 parameters such as defSecurityLevel, defAuthType and the passphrases for the devices which support SNMPv3 in host specific configuration files in /etc/snmp/hosts/, but I can't find any way to specify in a host-specific configuration that the host uses version 2c or version 1. Is there any way to do that, if the general default is version 3?
>
> There's supposed to be a way - man snmp.conf says
>        For example, if you wanted a particular host to use SNMPv2c  by  default
>        you could create a ˜/.snmp/hosts/NAME.conf file and in it put:
>
>               defVersion 2c
>
> but it doesn't work for me
>
> $ cat ~/.snmp/librarysw.conf
> defVersion 2c
>
> $ head -1 ~/.snmp/snmp.conf
> defVersion 3
>
> $ snmpwalk  librarysw system
> snmpwalk: Unknown user name (Sub-id not found: (top) -> system)
>
> $ snmpwalk -v 2c librarysw system
> RFC1213-MIB::sysDescr.0 = STRING: "JetStream 24-Port Gigabit L2+
> Managed Switch with 4 SFP Slots"
> RFC1213-MIB::sysObjectID.0 = OID: TPLINK-MIB::tplinkProducts.122
> RFC1213-MIB::sysUpTime.0 = Timeticks: (1501667371) 173 days, 19:17:53.71
> RFC1213-MIB::sysContact.0 = STRING: "https://urldefense.proofpoint.com/v2/url?u=http-3A__www.tp-2Dlink.com&d=DwIFaQ&c=009klHSCxuh5AI1vNQzSO0KGjl4nbi2Q0M1QLJX9BeE&r=7VDP4N-fj98QvYr9AY4iLJh3GBO-d7Oa-o-8TLGIA7c&m=MYTKeSiGnacxnJ8w3AdGzcCgA2JLnsgcQuQPMWbIKhdCvra1_bSjV7RkureXLW2s&s=vK-iWeKK8GncVMQdwBeD57n_nPEBXBcsmJztBro84so&e="
> RFC1213-MIB::sysName.0 = STRING: "librarysw"
> RFC1213-MIB::sysLocation.0 = STRING: "Hong Kong"
> RFC1213-MIB::sysServices.0 = INTEGER: 3
>
> hrmmm..  the man page says ˜/.snmp/hosts/NAME.conf so let's move the
> librarysw.conf file to .snmp/hosts/ and try again
>
> $ cat ~/.snmp/hosts/librarysw.conf
> defVersion 2c
>
> $ snmpwalk librarysw system
> snmpwalk: Unknown user name (Sub-id not found: (top) -> system)
>
> still no :(
>
> Regards
> Lee
>
>

Re: Can I override the defVersion in host specific conf files?

[Lee <le...@gm...>]

On Mon, Apr 21, 2025 at 4:09 PM Ari Rabinowitz wrote:
>
> Hi,
>
> I'm trying to set up SNMP monitoring of many of our devices. Since most of them support SNMPv3 I've set up the following in my /etc/snmp/snmp.conf:
> defVersion 3
> defSecurityLevel authPriv
> defAuthType SHA
> defPrivType AES
> defAuthPassphrase REDACTED
> defPrivPassphrase  REDACTED
> defSecurityName USER
>
> I'm able to override the Version 3 parameters such as defSecurityLevel, defAuthType and the passphrases for the devices which support SNMPv3 in host specific configuration files in /etc/snmp/hosts/, but I can't find any way to specify in a host-specific configuration that the host uses version 2c or version 1. Is there any way to do that, if the general default is version 3?

There's supposed to be a way - man snmp.conf says
       For example, if you wanted a particular host to use SNMPv2c  by  default
       you could create a ˜/.snmp/hosts/NAME.conf file and in it put:

              defVersion 2c

but it doesn't work for me

$ cat ~/.snmp/librarysw.conf
defVersion 2c

$ head -1 ~/.snmp/snmp.conf
defVersion 3

$ snmpwalk  librarysw system
snmpwalk: Unknown user name (Sub-id not found: (top) -> system)

$ snmpwalk -v 2c librarysw system
RFC1213-MIB::sysDescr.0 = STRING: "JetStream 24-Port Gigabit L2+
Managed Switch with 4 SFP Slots"
RFC1213-MIB::sysObjectID.0 = OID: TPLINK-MIB::tplinkProducts.122
RFC1213-MIB::sysUpTime.0 = Timeticks: (1501667371) 173 days, 19:17:53.71
RFC1213-MIB::sysContact.0 = STRING: "www.tp-link.com"
RFC1213-MIB::sysName.0 = STRING: "librarysw"
RFC1213-MIB::sysLocation.0 = STRING: "Hong Kong"
RFC1213-MIB::sysServices.0 = INTEGER: 3

hrmmm..  the man page says ˜/.snmp/hosts/NAME.conf so let's move the
librarysw.conf file to .snmp/hosts/ and try again

$ cat ~/.snmp/hosts/librarysw.conf
defVersion 2c

$ snmpwalk librarysw system
snmpwalk: Unknown user name (Sub-id not found: (top) -> system)

still no :(

Regards
Lee

Can I override the defVersion in host specific conf files?

[Ari R. <ar...@cs...>]

Hi,

I'm trying to set up SNMP monitoring of many of our devices. Since most of
them support SNMPv3 I've set up the following in my /etc/snmp/snmp.conf:
defVersion 3
defSecurityLevel authPriv
defAuthType SHA
defPrivType AES
defAuthPassphrase REDACTED
defPrivPassphrase  REDACTED
defSecurityName USER

I'm able to override the Version 3 parameters such as defSecurityLevel,
defAuthType and the passphrases for the devices which support SNMPv3 in
host specific configuration files in /etc/snmp/hosts/, but I can't find any
way to specify in a host-specific configuration that the host uses version
2c or version 1. Is there any way to do that, if the general default is
version 3?

I'm running NET-SNMP version: 5.9.1 on an Ubuntu 24.04 system.

Thanks,
Ari

-- 
Ari Rabinowitz
Systems Administrator
IT Infrastructure and Support
Computer Science Department
Columbia University
Tel: 212-853-8418

Re: No DLL when compiling with msys2

[<so...@te...>]

It seems that --enable-shared=yes is not working (for me).

I tried compiling with MS Visual Studio and get the netsnmp.dll in the bin folder.

More details here:  https://stackoverflow.com/questions/79564857/net-snmp-compiles-fine-but-missing-dll

thx

________________________________
From: so...@te...
Sent: Wednesday, April 9, 2025 9:09 AM
To: Net...@li...
Subject: No DLL when compiling with msys2

Dear All,

I am compiling fine and get all executables and static libs, but don't
get any DLL build.

Windows 10, Msys2, configure:

./configure --prefix="c:/snmp" --with-mibdirs="c:/snmp/share/snmp/mibs"
--with-mib-modules="agentx disman/event-mib winExtDLL examples/example"
--disable-embedded-perl --without-perl-modules --enable-shared=yes
--with-defaults

Thank you for any hints.

BR


_______________________________________________
Net-snmp-users mailing list
Net...@li...
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

No DLL when compiling with msys2

[<so...@te...>]

Dear All,

I am compiling fine and get all executables and static libs, but don't 
get any DLL build.

Windows 10, Msys2, configure:

./configure --prefix="c:/snmp" --with-mibdirs="c:/snmp/share/snmp/mibs" 
--with-mib-modules="agentx disman/event-mib winExtDLL examples/example" 
--disable-embedded-perl --without-perl-modules --enable-shared=yes 
--with-defaults

Thank you for any hints.

BR

snmpget oid limit?

[Wilhelm G. <ne...@er...>]

Hello,

Do you have an idea why the error below occours?

If we remove any OIDs the command it is working…

Not Working because too long / to much OIDs:

/usr/bin/snmpget -OQne -v 3 -u username -A PASSWORD -l authNoPriv -a MD5 
-t 10 172.20.1.23 1.3.6.1.4.1.6574.1.5.1.0 1.3.6.1.4.1.6574.1.5.2.0 
1.3.6.1.4.1.6574.1.5.3.0 1.3.6.1.4.1.6574.1.1.0 1.3.6.1.4.1.6574.1.2.0 
1.3.6.1.4.1.6574.1.3.0 1.3.6.1.4.1.6574.1.4.1.0 1.3.6.1.4.1.6574.1.4.2.0 
1.3.6.1.4.1.6574.2.1.1.2.0 1.3.6.1.4.1.6574.2.1.1.3.0 
1.3.6.1.4.1.6574.2.1.1.5.0 1.3.6.1.4.1.6574.2.1.1.6.0 
1.3.6.1.4.1.6574.2.1.1.2.1 1.3.6.1.4.1.6574.2.1.1.3.1 
1.3.6.1.4.1.6574.2.1.1.5.1 1.3.6.1.4.1.6574.2.1.1.6.1 
1.3.6.1.4.1.6574.2.1.1.2.2 1.3.6.1.4.1.6574.2.1.1.3.2 
1.3.6.1.4.1.6574.2.1.1.5.2 1.3.6.1.4.1.6574.2.1.1.6.2 
1.3.6.1.4.1.6574.2.1.1.2.3 1.3.6.1.4.1.6574.2.1.1.3.3 
1.3.6.1.4.1.6574.2.1.1.5.3 1.3.6.1.4.1.6574.2.1.1.6.3 
1.3.6.1.4.1.6574.2.1.1.2.4 1.3.6.1.4.1.6574.2.1.1.3.4 
1.3.6.1.4.1.6574.2.1.1.5.4 1.3.6.1.4.1.6574.2.1.1.6.4 
1.3.6.1.4.1.6574.2.1.1.2.5 1.3.6.1.4.1.6574.2.1.1.3.5 
1.3.6.1.4.1.6574.2.1.1.5.5 1.3.6.1.4.1.6574.2.1.1.6.5 
1.3.6.1.4.1.6574.2.1.1.2.6 1.3.6.1.4.1.6574.2.1.1.3.6 
1.3.6.1.4.1.6574.2.1.1.5.6 1.3.6.1.4.1.6574.2.1.1.6.6 
1.3.6.1.4.1.6574.2.1.1.2.7 1.3.6.1.4.1.6574.2.1.1.3.7 
1.3.6.1.4.1.6574.2.1.1.5.7 1.3.6.1.4.1.6574.2.1.1.6.7 
1.3.6.1.4.1.6574.2.1.1.2.8 1.3.6.1.4.1.6574.2.1.1.3.8 
1.3.6.1.4.1.6574.2.1.1.5.8 1.3.6.1.4.1.6574.2.1.1.6.8 
1.3.6.1.4.1.6574.2.1.1.2.9 1.3.6.1.4.1.6574.2.1.1.3.9 
1.3.6.1.4.1.6574.2.1.1.5.9 1.3.6.1.4.1.6574.2.1.1.6.9 
1.3.6.1.4.1.6574.2.1.1.2.10 1.3.6.1.4.1.6574.2.1.1.3.10 
1.3.6.1.4.1.6574.2.1.1.5.10 1.3.6.1.4.1.6574.2.1.1.6.10 
1.3.6.1.4.1.6574.2.1.1.2.11 1.3.6.1.4.1.6574.2.1.1.3.11

Working example with less oids:

/usr/bin/snmpget -OQne -v 3 -u username -A PASSWORD -l authNoPriv -a MD5 
-t 10 172.20.1.23 1.3.6.1.4.1.6574.1.5.1.0 1.3.6.1.4.1.6574.1.5.2.0 
1.3.6.1.4.1.6574.1.5.3.0 1.3.6.1.4.1.6574.1.1.0 1.3.6.1.4.1.6574.1.2.0 
1.3.6.1.4.1.6574.1.3.0 1.3.6.1.4.1.6574.1.4.1.0 1.3.6.1.4.1.6574.1.4.2.0 
1.3.6.1.4.1.6574.2.1.1.2.0 1.3.6.1.4.1.6574.2.1.1.3.0 
1.3.6.1.4.1.6574.2.1.1.5.0 1.3.6.1.4.1.6574.2.1.1.6.0 
1.3.6.1.4.1.6574.2.1.1.2.1 1.3.6.1.4.1.6574.2.1.1.3.1 
1.3.6.1.4.1.6574.2.1.1.5.1 1.3.6.1.4.1.6574.2.1.1.6.1 
1.3.6.1.4.1.6574.2.1.1.2.2 1.3.6.1.4.1.6574.2.1.1.3.2 
1.3.6.1.4.1.6574.2.1.1.5.2 1.3.6.1.4.1.6574.2.1.1.6.2 
1.3.6.1.4.1.6574.2.1.1.2.3 1.3.6.1.4.1.6574.2.1.1.3.3 
1.3.6.1.4.1.6574.2.1.1.5.3 1.3.6.1.4.1.6574.2.1.1.6.3 
1.3.6.1.4.1.6574.2.1.1.2.4 1.3.6.1.4.1.6574.2.1.1.3.4 
1.3.6.1.4.1.6574.2.1.1.5.4 1.3.6.1.4.1.6574.2.1.1.6.4 
1.3.6.1.4.1.6574.2.1.1.2.5 1.3.6.1.4.1.6574.2.1.1.3.5 
1.3.6.1.4.1.6574.2.1.1.5.5 1.3.6.1.4.1.6574.2.1.1.6.5 
1.3.6.1.4.1.6574.2.1.1.2.6 1.3.6.1.4.1.6574.2.1.1.3.6 
1.3.6.1.4.1.6574.2.1.1.5.6 1.3.6.1.4.1.6574.2.1.1.6.6 
1.3.6.1.4.1.6574.2.1.1.2.7 1.3.6.1.4.1.6574.2.1.1.3.7 
1.3.6.1.4.1.6574.2.1.1.5.7 1.3.6.1.4.1.6574.2.1.1.6.7 
1.3.6.1.4.1.6574.2.1.1.2.8 1.3.6.1.4.1.6574.2.1.1.3.8 
1.3.6.1.4.1.6574.2.1.1.5.8 1.3.6.1.4.1.6574.2.1.1.6.8 
1.3.6.1.4.1.6574.2.1.1.2.9 1.3.6.1.4.1.6574.2.1.1.3.9 
1.3.6.1.4.1.6574.2.1.1.5.9 1.3.6.1.4.1.6574.2.1.1.6.9 
1.3.6.1.4.1.6574.2.1.1.2.10 1.3.6.1.4.1.6574.2.1.1.3.10 
1.3.6.1.4.1.6574.2.1.1.5.10 1.3.6.1.4.1.6574.2.1.1.6.10

Thank you,

Wilhelm

Handling snmp v3 user authentication manually to implement rate-limiting?

[Janne P. <jpa...@gm...>]

Hello,

Background: I have a C/C++ .so agent module for snmpd. It works correctly.

However, now I am thinking about making it more resistant to brute-forcing.
Lets say I want to block the user if they make 5 failed requests in a row
(a naive example).

I was thinking about capturing the request during auth stage, verifying the
user credentials "manually" (then continuing the normal processing) and
keeping track of failed requests per user.

Is there any possibility using the Net-SNMP to achieve anything like this?
All kinds of ideas are appreciated. Even those needing to extend the
library/snmpd functionality.

Regards,
Janne Paalijarvi

Mr. Teo En Ming's Refugee Seeking Attempts as of 31 Jan 2025

[Turritopsis D. T. En M. <teo...@pr...>]

Subject: Mr. Teo En Ming's Refugee Seeking Attempts as of 31 Jan 2025

Good day from Singapore,

My name is Mr. Turritopsis Dohrnii Teo En Ming (Zhang Enming) @ Time Traveller. I am a Singapore Citizen, and was born in Singapore in 1978.

I have attempted to apply for political asylum and refugee status in the following countries.

[01] United Nations High Commissioner for Refugees (UNHCR) Bangkok, Thailand

I flew from Singapore to Bangkok, Thailand on 21 March 2017. Upon arrival at the airport, I took a taxi to UNHCR Bangkok building. A UNHCR Bangkok staff told me I would need to spend a few months waiting in Bangkok for the first interview. The UNHCR Bangkok staff told me there is no refugee shelter in Bangkok and there is no financial assistance whatsoever. At that time, SGD$300 is all the money that I had. I realized that I won't have enough money to book a hotel in Bangkok and pay for all expenses while waiting in Bangkok for a few months. I definitely won't be able to survive in Bangkok for a few months with just SGD$300 in my bank account. I flew back to Singapore on 22 March 2017.

After I returned to Singapore, UNHCR Bangkok informed me that I do not qualify to be a refugee.

[02] Taiwan (Republic of China)

I had applied for refugee status in person at the National Immigration Agency Ministry of the Interior in Taipei on 5 Aug 2019. Documents were submitted to the Director of the National Immigration Agency. Taiwanese immigration informed me that Taiwan does not have refugee laws and Taiwan does not accept refugees. I have not received any response from the Taiwanese government ever since.

[03] Australia

There is Form 842 - Application for an offshore humanitarian visa - Refugee and Humanitarian (Class XB) visa.

On 25 Dec 2019 (Christmas Day), I sent Form 842 by DHL to the following address in Australia.

Visa and Citizenship office - Canberra
Australian Capital Territory (ACT)
Department of Home Affairs
Australian Government
3 Lonsdale Street
Braddon ACT 2612
Australia

The Australian Department of Home Affairs NSW received my Form 842 on 27 Dec 2019.

Then on 8 Jan 2020, I sent Form 842 by postal mail to the Australian High Commission in Singapore.

On 17 Jan 2020 Friday at 1.25 PM, I received a call from Jennifer at the Australian High Commission in Singapore.

On 10 Mar 2020 Tuesday at 3.38 PM, I received another telephone call from Jennifer Munro at the Australian High Commission in Singapore.

The Australian High Commission in Singapore had referred my refugee application to the Australian High Commission in Kuala Lumpur, Malaysia.

On 10 Mar 2020, I received a letter from the Australian High Commission in Kuala Lumpur with the Subject: Acknowledgement of valid application for a REFUGEE AND HUMANITARIAN (Class XB) IN-COUNTRY SPECIAL HUMANITARIAN PROGRAM (Subclass 201) visa.

On 23 Apr 2020, I had received a final letter from the Australian High Commission in Kuala Lumpur with the Subject: Notification of the refusal of a REFUGEE AND HUMANITARIAN (Class XB) IN-COUNTRY SPECIAL HUMANITARIAN PROGRAM (Subclass 201) visa. That is to say that the Australian Government had rejected my refugee application. In the letter, the Australian Government recognized that I faced some degree of discrimination in Singapore but I still do not meet the requirements for a refugee visa.

[04] United Kingdom of Great Britain and Northern Ireland (UK)

On 22 Oct 2023, I flew from Singapore to Shanghai and then from Shanghai to London by Air China airline. I arrived at London Gatwick Airport on 23 Oct 2023. Upon arrival, I applied for refugee status at the airport immediately.

British immigration officers and London Gatwick Airport personnel told me:

(a) they have no idea how long the refugee status application processing may take.

(b) but the Worst Case Scenario was that I may need to wait for up to 5 years in a detention center.

(c) I will not be able to work or have a job in the UK for up to 5 years, until refugee status application is approved. Hence I will have no income for up to 5 years.

(d) I will not be able to step out of the detention center for up to 5 years and cannot go to coffee shops and shopping malls in the UK freely, until refugee status application is approved.

Even if refugee status application is approved:

(e) I will not be able to go back to Singapore to bring my elderly mother to the UK

(f) The British Government will not pay for my mother's stay in a mental hospital in the UK

(g) I will not be able to go back to Singapore to bring my personal belongings to the UK

(h) I will not be able to go back to Singapore to revoke my citizenship, and hence I cannot withdraw SGD$120,000 from my CPF account for spending in the UK

I was already 45 years old in the year 2023, if I waited for 5 years in the UK, and if Refugee Status Application is not approved and the British Government deported me back to Singapore at the end of 5 years, I would have wasted a lot of my time (half a decade). Because I am very old now. At that point in time, I decided to withdraw my refugee application in the UK.

After I had decided to withdraw my refugee application in the UK, I was transferred by a van from London Gatwick Airport to London Heathrow Airport. From there, the British Government fully paid for my FREE Singapore Airlines SIA SQ321 flight from London back to Singapore. I arrived in Singapore on 24 Oct 2023.

[05] South Korea

I flew from Singapore to Seoul, South Korea by Scoot airline on 7 Jan 2025 Tuesday. Upon arrival at Incheon Airport, I applied for refugee status immediately. I was transferred to the Refugee Waiting Room at Incheon Airport. On 9 Jan 2025 Thursday, I was interviewed by South Korean immigration with the help of an interpreter who can understand and speak English. The following day, on 10 Jan 2025 Friday, the Korean government had swiftly rejected my refugee application. One of the reasons the Korean government cited is that I had applied for refugee status in South Korea primarily and mainly out of economic reasons. But I had also informed the Korean government that I have government-induced schizophrenia mental illness and lots of numerous government-induced health and medical problems (slow kill). The Korean government then asked me to purchase a Scoot air ticket to fly back to Singapore. I was transferred from the Refugee Waiting Room to the Departure Waiting Room at Incheon Airport on 10 Jan 2025 Friday. I was allowed to roam the whole of Incheon Airport Terminal 1 with the exception of the concourse.

On 11 Jan 2025 Saturday at 10 pm, I took the Scoot flight from Incheon Airport back to Singapore. I arrived in Singapore on 12 Jan 2025 Sunday in the early hours of the morning.

Regards,

Mr. Turritopsis Dohrnii Teo En Ming
Targeted Individual in Singapore