[
https://issues.apache.org/jira/browse/NIFI-14231?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
O-P Lamminen updated NIFI-14231:
--------------------------------
Description:
NiFi *ListenTrapSNMP* processor _(nifi-snmp-nar)_ does not properly handle
security levels with SNMP v3 traps.
In NiFi 1.x the processor processes all SNMP v3 traps regardless of security
level.
In NiFi 2.x the processor processes only {{noAuthNoPriv}} traps - other
security levels are not processed.
NiFi 1.x functionality tested with {{apache/nifi}} container tags:
{*}1.23.2{*}, *1.28.1*
NiFi 2.x functionality tested with {{apache/nifi}} container tags: {*}2.0.0{*},
*2.2.0*
h2. To reproduce
# Add *ListenTrapSNMP* processor _(org.apache.nifi - nifi-snmp-nar)_
** Set following properties
*** SNMP Manager Port: 16230
*** SNMP Version: v3
*** SNMP Security Level: authPriv
*** USM Users Source: Json Content
*** USM Users JSON content:
{code:java}
[
{
"securityName": "snmpuser",
"authProtocol": "SHA",
"authPassphrase": "authsecret",
"privProtocol": "AES128",
"privPassphrase": "privsecret"
}
]
{code}
# Add *LogAttribute* processor _(org.apache.nifi - nifi-standard-nar)_
** Use default properties
** Set success relationship to terminate
# Create Connection from *ListenTrapSNMP* to *LogAttribute* for all
relationships
# Start processors
# Send two SNMP traps from command line {{snmptrap}} _(net-snmp)_ using
commands
{code:java}
snmptrap -v 3 -n "" \
-e 0x010203040506070809 \
-l noAuthNoPriv -u snmpuser \
localhost:16230 '' \
.1.3.6.1.2.1.192 \
.1.3.6.1.2.1.192.1.2.1.11 s "noAuthNoPriv"
snmptrap -v 3 -n "" \
-e 0x010203040506070809 \
-l authPriv -u snmpuser \
-a SHA -A authsecret \
-x AES -X privsecret \
localhost:16230 '' \
.1.3.6.1.2.1.192 \
.1.3.6.1.2.1.192.1.2.1.11 s "authPriv"
{code}
h3. Expected behaviour
* First trap contents are not logged
* Second trap contents are logged as FlowFile Properties and show
{code:java}
Key: 'snmp$1.3.6.1.2.1.192.1.2.1.11$4'
Value: 'authPriv'
{code}
h3. Actual behaviour in NiFi 1.28.1
* First trap contents are logged as FlowFile Properties and show
{code:java}
Key: 'snmp$1.3.6.1.2.1.192.1.2.1.11$4'
Value: 'noAuthNoPriv'
{code}
* Second trap contents are logged as FlowFile Properties and show
{code:java}
Key: 'snmp$1.3.6.1.2.1.192.1.2.1.11$4'
Value: 'authPriv'
{code}
h3. Actual behaviour in NiFi 2.2.0
* First trap contents are logged as FlowFile Properties and show
{code:java}
Key: 'snmp$1.3.6.1.2.1.192.1.2.1.11$4'
Value: 'noAuthNoPriv'
{code}
* Second trap contents are not logged
was:
NiFi *ListenTrapSNMP* processor _(nifi-snmp-nar)_ does not properly handle
security levels with SNMP v3 traps.
In NiFi 1.x the processor processes all SNMP v3 traps regardless of security
level.
In NiFi 2.x the processor processes only {{noAuthNoPriv}} traps - other
security levels are not processed.
NiFi 1.x functionality tested with {{apache/nifi}} container tags:
{*}1.23.2{*}, *1.28.1*
NiFi 2.x functionality tested with {{apache/nifi}} container tags: {*}2.0.0{*},
*2.2.0*
h2. To reproduce
# Add *ListenTrapSNMP* processor _(org.apache.nifi - nifi-snmp-nar)_
** Set following properties
*** SNMP Manager Port: 16230
*** SNMP Version: v3
*** SNMP Security Level: authPriv
*** USM Users Source: Json Content
*** USM Users JSON content:
{code:java}
[
{
"securityName": "snmpuser",
"authProtocol": "SHA",
"authPassphrase": "authsecret",
"privProtocol": "AES128",
"privPassphrase": "privsecret"
}
]
{code}
# Add *LogAttribute* processor _(org.apache.nifi - nifi-standard-nar)_
** Use default properties
** Set success relationship to terminate
# Create Connection from *ListenTrapSNMP* to *LogAttribute* for all
relationships
# Start processors
# Send two SNMP traps from command line {{snmptrap}} _(net-snmp)_ using
commands
{code:java}
snmptrap -v 3 -n "" \
-e 0x010203040506070809 \
-l noAuthNoPriv -u snmpuser \
localhost:16230 '' \
.1.3.6.1.2.1.192 \
.1.3.6.1.2.1.192.1.2.1.11 s "noAuthNoPriv"
snmptrap -v 3 -n "" \
-e 0x010203040506070809 \
-l authPriv -u snmpuser \
-a SHA -A authsecret \
-x AES -X privsecret \
localhost:16230 '' \
.1.3.6.1.2.1.192 \
.1.3.6.1.2.1.192.1.2.1.11 s "authPriv"
{code}
h3. Expected behaviour
* First trap contents are not logged
* Second trap contents are logged as FlowFile Properties and show
{code:java}
Key: 'snmp$1.3.6.1.2.1.192.1.2.1.11$4'
Value: 'authPriv'
{code}
h3. Actual behaviour in NiFi 1.28.1
* First trap contents are logged as FlowFile Properties and show
{code:java}
Key: 'snmp$1.3.6.1.2.1.192.1.2.1.11$4'
Value: 'noAuthNoPriv'
{code}
* Second trap contents are logged as FlowFile Properties and show
{code:java}
Key: 'snmp$1.3.6.1.2.1.192.1.2.1.11$4'
Value: 'authPriv'
{code}
h3. Actual behaviour in NiFi 2.2.0
* First trap contents are logged as FlowFile Properties and show
{code:java}
Key: 'snmp$1.3.6.1.2.1.192.1.2.1.11$4'
Value: 'noAuthNoPriv'
{code}
* Second trap contents are not logged
> ListenTrapSNMP processor does not respect SNMP v3 security levels
> -----------------------------------------------------------------
>
> Key: NIFI-14231
> URL: https://issues.apache.org/jira/browse/NIFI-14231
> Project: Apache NiFi
> Issue Type: Bug
> Affects Versions: 1.28.1, 2.2.0
> Reporter: O-P Lamminen
> Priority: Major
>
> NiFi *ListenTrapSNMP* processor _(nifi-snmp-nar)_ does not properly handle
> security levels with SNMP v3 traps.
> In NiFi 1.x the processor processes all SNMP v3 traps regardless of security
> level.
> In NiFi 2.x the processor processes only {{noAuthNoPriv}} traps - other
> security levels are not processed.
> NiFi 1.x functionality tested with {{apache/nifi}} container tags:
> {*}1.23.2{*}, *1.28.1*
> NiFi 2.x functionality tested with {{apache/nifi}} container tags:
> {*}2.0.0{*}, *2.2.0*
> h2. To reproduce
> # Add *ListenTrapSNMP* processor _(org.apache.nifi - nifi-snmp-nar)_
> ** Set following properties
> *** SNMP Manager Port: 16230
> *** SNMP Version: v3
> *** SNMP Security Level: authPriv
> *** USM Users Source: Json Content
> *** USM Users JSON content:
> {code:java}
> [
> {
> "securityName": "snmpuser",
> "authProtocol": "SHA",
> "authPassphrase": "authsecret",
> "privProtocol": "AES128",
> "privPassphrase": "privsecret"
> }
> ]
> {code}
> # Add *LogAttribute* processor _(org.apache.nifi - nifi-standard-nar)_
> ** Use default properties
> ** Set success relationship to terminate
> # Create Connection from *ListenTrapSNMP* to *LogAttribute* for all
> relationships
> # Start processors
> # Send two SNMP traps from command line {{snmptrap}} _(net-snmp)_ using
> commands
> {code:java}
> snmptrap -v 3 -n "" \
> -e 0x010203040506070809 \
> -l noAuthNoPriv -u snmpuser \
> localhost:16230 '' \
> .1.3.6.1.2.1.192 \
> .1.3.6.1.2.1.192.1.2.1.11 s "noAuthNoPriv"
> snmptrap -v 3 -n "" \
> -e 0x010203040506070809 \
> -l authPriv -u snmpuser \
> -a SHA -A authsecret \
> -x AES -X privsecret \
> localhost:16230 '' \
> .1.3.6.1.2.1.192 \
> .1.3.6.1.2.1.192.1.2.1.11 s "authPriv"
> {code}
> h3. Expected behaviour
> * First trap contents are not logged
> * Second trap contents are logged as FlowFile Properties and show
> {code:java}
> Key: 'snmp$1.3.6.1.2.1.192.1.2.1.11$4'
> Value: 'authPriv'
> {code}
> h3. Actual behaviour in NiFi 1.28.1
> * First trap contents are logged as FlowFile Properties and show
> {code:java}
> Key: 'snmp$1.3.6.1.2.1.192.1.2.1.11$4'
> Value: 'noAuthNoPriv'
> {code}
> * Second trap contents are logged as FlowFile Properties and show
> {code:java}
> Key: 'snmp$1.3.6.1.2.1.192.1.2.1.11$4'
> Value: 'authPriv'
> {code}
> h3. Actual behaviour in NiFi 2.2.0
> * First trap contents are logged as FlowFile Properties and show
> {code:java}
> Key: 'snmp$1.3.6.1.2.1.192.1.2.1.11$4'
> Value: 'noAuthNoPriv'
> {code}
> * Second trap contents are not logged
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
