Hi,
we did run into a problem with net-snmp-5.4.pre1 when we use the TCP
transport for notifications. The snmptrapd performs this I believe new
access control check on incoming notifications. The access control
check at some point in time calls netsnmp_udp_getSecName() and this
fails because the format of the content of the parameter opaque has
changed.
The TCP transport stores the old format while the UDP transport now
uses a netsnmp_udp_addr_pair, which however is local to the UDP
transport. So it seems unclear what the proper fix for this is and we
need guidance (or even a patch) to solve this issue.
One option could be that every transport provides its own
netsnmp_xxx_getSecName() function and this would then localize the
format of the opaque data passed around. Another option could be to
share netsnmp_xxx_getSecName() functions between similar transport,
e.g. have a netsnmp_ipv4_getSecName() function and a
netsnmp_ipv6_getSecName() function. But in this case, the format of
the opaque data must be exported and agreed upon. There might be other
options - but since you know this code much better than we do, I
thought I first ask who you think is the right way to handle this.
/js
PS: I had problems to send this email so I meanwhile learned that
net-snmp-5.4.pre3 is out but from a quick look at the diff, it
seems nothing related to the problem described here has changed.
PS: It seems that the netsnmp_udp_addr_pair has been introduced in an
attempt to make sure that UDP/IPv4 response packets somehow use
the "correct" IP address. It seems that this patch ignores also
IPv6 and obviously kind of breaks the TCP-IPv4 transport since
the TCP/IPv4 transport uses the netsnmp_udp_getSecName() function
(which either is a conceptual bug by itself or at least a misnomer
of the function). See the thread "Make snmpd answer from the
correct IP address".
--
Juergen Schoenwaelder International University Bremen
<http://www.eecs.iu-bremen.de/> P.O. Box 750 561, 28725 Bremen, Germany
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Net-snmp-coders mailing list
Net-snmp-coders@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
