Menu

#1296 Bind agent to interface patch

backport-needed
open
nobody
None
5
2018-11-04
2014-12-16
daniel danzberger
No

This patch adds the config parameter 'listendevice'

It uses the setsockopt SO_BINDTODEVICE option to bind the snmpd to an specific network interface.
This is required for forcing the snmpd to be available on only one interface, that's
address is not fix.

snmpd.conf example:

...
agentaddress UDP:161
listendevice eth0
...

Version: 5.8.dev
git (master): 2465d106bcb4ab478b939e3e3bc808716026af9d

Future:
- This could be implemented in the agentaddress option string.
- Allowing more than one interface.

Please apply.

1 Attachments
bindtoiface.patch

Discussion

  • claus klein

    claus klein - 2014-12-16

    The patch does not compile on BSD like systems!

    libtool: compile: gcc -I../include -I/Users/clausklein/Workspace/c/net-snmp/build/../include -I. -I../snmplib -I/Users/clausklein/Workspace/c/net-snmp/build/../snmplib -DNETSNMP_ENABLE_IPV6 -fno-strict-aliasing -I/opt/local/include -g -Wall -Wextra -Udarwin13 -Ddarwin13=darwin13 -Wall -Wstrict-prototypes -Wwrite-strings -Wcast-qual -c /Users/clausklein/Workspace/c/net-snmp/build/../snmplib/transports/snmpUDPBaseDomain.c -fno-common -DPIC -o transports/.libs/snmpUDPBaseDomain.o
    /Users/clausklein/Workspace/c/net-snmp/build/../snmplib/transports/snmpUDPBaseDomain.c:58:45: error: use of undeclared identifier
    'SO_BINDTODEVICE'
    if (iface && setsockopt(fd, SOL_SOCKET, SO_BINDTODEVICE, iface, strlen(iface)) == -1)
    ^
    /Users/clausklein/Workspace/c/net-snmp/build/../snmplib/transports/snmpUDPBaseDomain.c:137:50: warning: unused parameter
    'if_index' [-Wunused-parameter]
    socklen_t dstlen, int if_index)
    ^
    /Users/clausklein/Workspace/c/net-snmp/build/../snmplib/transports/snmpUDPBaseDomain.c:240:27: warning: missing field
    'msg_namelen' initializer [-Wmissing-field-initializers]
    struct msghdr m = { 0 };
    ^
    /Users/clausklein/Workspace/c/net-snmp/build/../snmplib/transports/snmpUDPBaseDomain.c:235:63: warning: unused parameter
    'if_index' [-Wunused-parameter]
    int netsnmp_udpbase_sendto(int fd, struct in_addr *srcip, int if_index,
    ^
    3 warnings and 1 error generated.
    make[1]: [transports/snmpUDPBaseDomain.lo] Error 1
    make:     [subdirs] Error 1
    Claus-MacBook-Pro:build clausklein$

     

  • daniel danzberger

    daniel danzberger - 2014-12-17

    Agree, I thought SO_BINTODEVICE is posix standard. But I was wrong.
    It seems there is no easy solution for binding sockets to network interfaces on non-linux systems.
    The ugly way to use the patch anyway would be to #ifdef linux around all setsockopts using so_bindtodevice. But that would leave all the additional
    'char *iface' parameters unused.

    ...Anyway I do not see a clean solution to implement this feature for all platforms yet. So forget this patch.

     

  • Sam Tannous

    Sam Tannous - 2018-02-21

    Instead of a global listendevice, perhaps we can we define a new syntax (borrowed from ipv6) that can associate a specific device with each agentAddress:

    agentAddress 10.10.10.10%eth0,20.20.20.20%eth1,[2001::1]%eth66

    This has the nice side effect of providing Linux VRF support natively in snmpd

    So I'm proposing that we take this patch (bindtoiface.patch), modify it to be
    portable (udpserv01.c patch), and add the new snmpd.conf syntax to provide
    general device to socket binding which will really make Linux VRF users happy
    (we would not need https://sourceforge.net/p/net-snmp/patches/1354/
    and I believe would help resolve https://sourceforge.net/p/net-snmp/mailman/message/33045144/)

    Thanks,
    Sam Tannous
    Cumulus Networks

     

  • Bart Van Assche

    Bart Van Assche - 2018-11-04

    Support for SO_BINDTODEVICE has been checked in on the v5.8 and master branches. Is that sufficient to close this ticket?

     

Log in to post a comment.