>Number: 174974
>Category: bin
>Synopsis: bsnmpd SNMPv3 engine discovery is broken
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Fri Jan 04 16:20:00 UTC 2013
>Closed-Date:
>Last-Modified:
>Originator: Paul Guyot
>Release: 9.1
>Organization:
Semiocast
>Environment:
FreeBSD serenae.semiocast.net 9.1-RELEASE FreeBSD 9.1-RELEASE #1 r244484M: Thu
Dec 20 12:17:24 UTC 2012
[email protected]:/usr/obj/usr/src/sys/GENERIC amd64
>Description:
bsnmpd apparently does not properly reply to discovery packets.
According to RFC3414 ยง 4, response to discovery packets should be of REPORT
type. Instead, bsnmpd replies with packets of RESPONSE type. As a result,
bsnmpd does not work with clients that require a Report PDU (or, more
precisely, that validate that Response PDUs match the EngineID of the Request).
bsnmp* clients accept both types of responses and is therefore unaffected.
>How-To-Repeat:
Install net-snmp from ports.
Configure bsnmpd with SNMPv3 authentication.
Try to connect with net-snmp to the bsnmpd server.
>Fix:
Attached patch fixes the problem by using the SNMP_MSG_AUTODISCOVER internal
flag of bsnmp. Patch is designed as the minimum change to fix the issue.
However, bsnmp implementation obviously does not match the layout of the RFC.
Also, compiling bsnmp with clang reveals several bad issues which should be
fixed...
Patch attached with submission follows:
Index: contrib/bsnmp/lib/snmpagent.c
===================================================================
--- contrib/bsnmp/lib/snmpagent.c (revision 245044)
+++ contrib/bsnmp/lib/snmpagent.c (working copy)
@@ -171,7 +171,11 @@
memset(resp, 0, sizeof(*resp));
strcpy(resp->community, pdu->community);
resp->version = pdu->version;
- resp->type = SNMP_PDU_RESPONSE;
+ if (pdu->flags & SNMP_MSG_AUTODISCOVER) {
+ resp->type = SNMP_PDU_REPORT; /* RFC 3414.4 */
+ } else {
+ resp->type = SNMP_PDU_RESPONSE;
+ }
resp->request_id = pdu->request_id;
resp->version = pdu->version;
Index: contrib/bsnmp/snmpd/main.c
===================================================================
--- contrib/bsnmp/snmpd/main.c (revision 245044)
+++ contrib/bsnmp/snmpd/main.c (working copy)
@@ -627,6 +627,7 @@
} else
community = comm->value;
} else if (pdu->nbindings == 0) {
+ pdu->flags |= SNMP_MSG_AUTODISCOVER;
/* RFC 3414 - snmpEngineID Discovery */
if (strlen(pdu->user.sec_name) == 0) {
asn_append_oid(&(pdu->bindings[pdu->nbindings++].var),
>Release-Note:
>Audit-Trail:
>Unformatted:
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-bugs
To unsubscribe, send any mail to "[email protected]"
