[
https://issues.apache.org/jira/browse/NIFI-14231?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17940326#comment-17940326
]
ASF subversion and git services commented on NIFI-14231:
--------------------------------------------------------
Commit ae4f80ab0967b4680044bc995639f82e072112d1 in nifi's branch
refs/heads/main from lehelb
[ https://gitbox.apache.org/repos/asf?p=nifi.git;h=ae4f80ab09 ]
NIFI-14231: Update ListenTrapSNMP to disable legacy SNMP versions when using
SNMPv3
Added trap version and security level handling.
Added validation to USM Users parsing. Added extra test case for legacy auth
and priv protocols. Enhanced documentation.
Refactored SNMPUtils::getOid
This closes #9824.
Signed-off-by: Peter Turcsanyi <[email protected]>
> ListenTrapSNMP processor does not respect SNMP v3 security levels
> -----------------------------------------------------------------
>
> Key: NIFI-14231
> URL: https://issues.apache.org/jira/browse/NIFI-14231
> Project: Apache NiFi
> Issue Type: Bug
> Affects Versions: 1.28.1, 2.2.0
> Reporter: O-P Lamminen
> Assignee: Lehel Boér
> Priority: Major
> Time Spent: 0.5h
> Remaining Estimate: 0h
>
> NiFi *ListenTrapSNMP* processor _(nifi-snmp-nar)_ does not properly handle
> security levels with SNMP v3 traps.
> In NiFi 1.x the processor processes all SNMP v3 traps regardless of security
> level.
> In NiFi 2.x the processor processes only {{noAuthNoPriv}} traps - other
> security levels are not processed.
> NiFi 1.x functionality tested with {{apache/nifi}} container tags:
> {*}1.23.2{*}, *1.28.1*
> NiFi 2.x functionality tested with {{apache/nifi}} container tags:
> {*}2.0.0{*}, *2.2.0*
> h2. To reproduce
> # Add *ListenTrapSNMP* processor _(org.apache.nifi - nifi-snmp-nar)_
> ** Set following properties
> *** SNMP Manager Port: 16230
> *** SNMP Version: v3
> *** SNMP Security Level: authPriv
> *** USM Users Source: Json Content
> *** USM Users JSON content:
> {code:java}
> [
> {
> "securityName": "snmpuser",
> "authProtocol": "SHA",
> "authPassphrase": "authsecret",
> "privProtocol": "AES128",
> "privPassphrase": "privsecret"
> }
> ]
> {code}
> # Add *LogAttribute* processor _(org.apache.nifi - nifi-standard-nar)_
> ** Use default properties
> ** Set success relationship to terminate
> # Create Connection from *ListenTrapSNMP* to *LogAttribute* for all
> relationships
> # Start processors
> # Send two SNMP traps from command line {{snmptrap}} _(net-snmp)_ using
> commands
> {code:java}
> snmptrap -v 3 -n "" \
> -e 0x010203040506070809 \
> -l noAuthNoPriv -u snmpuser \
> localhost:16230 '' \
> .1.3.6.1.2.1.192 \
> .1.3.6.1.2.1.192.1.2.1.11 s "noAuthNoPriv"
> snmptrap -v 3 -n "" \
> -e 0x010203040506070809 \
> -l authPriv -u snmpuser \
> -a SHA -A authsecret \
> -x AES -X privsecret \
> localhost:16230 '' \
> .1.3.6.1.2.1.192 \
> .1.3.6.1.2.1.192.1.2.1.11 s "authPriv"
> {code}
> h3. Expected behaviour
> * First trap contents are not logged
> * Second trap contents are logged as FlowFile Properties and show
> {code:java}
> Key: 'snmp$1.3.6.1.2.1.192.1.2.1.11$4'
> Value: 'authPriv'
> {code}
> h3. Actual behaviour in NiFi 1.28.1
> * First trap contents are logged as FlowFile Properties and show
> {code:java}
> Key: 'snmp$1.3.6.1.2.1.192.1.2.1.11$4'
> Value: 'noAuthNoPriv'
> {code}
> * Second trap contents are logged as FlowFile Properties and show
> {code:java}
> Key: 'snmp$1.3.6.1.2.1.192.1.2.1.11$4'
> Value: 'authPriv'
> {code}
> h3. Actual behaviour in NiFi 2.2.0
> * First trap contents are logged as FlowFile Properties and show
> {code:java}
> Key: 'snmp$1.3.6.1.2.1.192.1.2.1.11$4'
> Value: 'noAuthNoPriv'
> {code}
> * Second trap contents are not logged
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
