[
https://issues.apache.org/jira/browse/NIFI-14231?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17924400#comment-17924400
]
O-P Lamminen commented on NIFI-14231:
-------------------------------------
[~turcsanyip], [~Lehel44], SHA-256 indeed works, thanks! The listener still
processes traps from all security levels, though. Also if plain {{SHA}} is now
unsupported as an {{authProtocol}} it probably should raise some kind of an
error in the USM parser like e.g. using just {{SHA256}} without the {{HMAC192}}
part does:
{code:java}
org.apache.nifi.processor.exception.ProcessException: Could not parse USM user
file, please check the processor details for examples. {code}
> ListenTrapSNMP processor does not respect SNMP v3 security levels
> -----------------------------------------------------------------
>
> Key: NIFI-14231
> URL: https://issues.apache.org/jira/browse/NIFI-14231
> Project: Apache NiFi
> Issue Type: Bug
> Affects Versions: 1.28.1, 2.2.0
> Reporter: O-P Lamminen
> Assignee: Lehel Boér
> Priority: Major
>
> NiFi *ListenTrapSNMP* processor _(nifi-snmp-nar)_ does not properly handle
> security levels with SNMP v3 traps.
> In NiFi 1.x the processor processes all SNMP v3 traps regardless of security
> level.
> In NiFi 2.x the processor processes only {{noAuthNoPriv}} traps - other
> security levels are not processed.
> NiFi 1.x functionality tested with {{apache/nifi}} container tags:
> {*}1.23.2{*}, *1.28.1*
> NiFi 2.x functionality tested with {{apache/nifi}} container tags:
> {*}2.0.0{*}, *2.2.0*
> h2. To reproduce
> # Add *ListenTrapSNMP* processor _(org.apache.nifi - nifi-snmp-nar)_
> ** Set following properties
> *** SNMP Manager Port: 16230
> *** SNMP Version: v3
> *** SNMP Security Level: authPriv
> *** USM Users Source: Json Content
> *** USM Users JSON content:
> {code:java}
> [
> {
> "securityName": "snmpuser",
> "authProtocol": "SHA",
> "authPassphrase": "authsecret",
> "privProtocol": "AES128",
> "privPassphrase": "privsecret"
> }
> ]
> {code}
> # Add *LogAttribute* processor _(org.apache.nifi - nifi-standard-nar)_
> ** Use default properties
> ** Set success relationship to terminate
> # Create Connection from *ListenTrapSNMP* to *LogAttribute* for all
> relationships
> # Start processors
> # Send two SNMP traps from command line {{snmptrap}} _(net-snmp)_ using
> commands
> {code:java}
> snmptrap -v 3 -n "" \
> -e 0x010203040506070809 \
> -l noAuthNoPriv -u snmpuser \
> localhost:16230 '' \
> .1.3.6.1.2.1.192 \
> .1.3.6.1.2.1.192.1.2.1.11 s "noAuthNoPriv"
> snmptrap -v 3 -n "" \
> -e 0x010203040506070809 \
> -l authPriv -u snmpuser \
> -a SHA -A authsecret \
> -x AES -X privsecret \
> localhost:16230 '' \
> .1.3.6.1.2.1.192 \
> .1.3.6.1.2.1.192.1.2.1.11 s "authPriv"
> {code}
> h3. Expected behaviour
> * First trap contents are not logged
> * Second trap contents are logged as FlowFile Properties and show
> {code:java}
> Key: 'snmp$1.3.6.1.2.1.192.1.2.1.11$4'
> Value: 'authPriv'
> {code}
> h3. Actual behaviour in NiFi 1.28.1
> * First trap contents are logged as FlowFile Properties and show
> {code:java}
> Key: 'snmp$1.3.6.1.2.1.192.1.2.1.11$4'
> Value: 'noAuthNoPriv'
> {code}
> * Second trap contents are logged as FlowFile Properties and show
> {code:java}
> Key: 'snmp$1.3.6.1.2.1.192.1.2.1.11$4'
> Value: 'authPriv'
> {code}
> h3. Actual behaviour in NiFi 2.2.0
> * First trap contents are logged as FlowFile Properties and show
> {code:java}
> Key: 'snmp$1.3.6.1.2.1.192.1.2.1.11$4'
> Value: 'noAuthNoPriv'
> {code}
> * Second trap contents are not logged
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
