When using snmpd in proxy mode, there seem to be problems when more than
one OID is requested in a single PDU and (at least) one of them does not
exist in the agent to which the request is forwarded.
Consider this scenario:
snmpd is running on localhost:1611, the line relevant for proxying in
snmpd.conf is:
proxy -v 1 -c private localhost:1161 .1.3.6.1.4.1.7146
The agent has been started like this:
$ ./snmpd -Dproxy -f -r -V -c /etc/snmp/snmpd.conf 1611
Now consider the following request (the last OID does not exist):
$ snmpget -r 0 -t 10000 -v 1 -c public localhost:1611 \
.1.3.6.1.4.1.7146.1.2.2.2.1.1.17.115.110.109.112.45.116.101.115.116.45.114.117.110.110.105.110.97
\
.1.3.6.1.4.1.7146.1.2.2.2.1.1.17.115.110.109.112.45.116.101.115.116.45.114.117.110.110.105.110.103
\
.1.3.6.1.4.1.7146.1.2.2.2.1.1.17.115.110.109.112.45.116.101.115.116.45.115.116.111.112.112.101.100
\
snmpd forwards this request to the agent listening at port 1161 of the
same host, which duly returns an error PDU. However, it seems that
snmpd is then not handling this scenario correctly, as I've observed the
following results:
* In version 5.2.2, no answer is ever sent back to the client, the
request times out. The reason was that snmpd did not clear the
"delegated" flag for all parts of the request. This has been fixed in
the latest release.
* Even in the latest svn snapshot, however, handling is not as expected.
The standard demands the pdu be returned unaltered except for the
error-status and the error-index fields. snmpd, however, does not send
back the OIDs that have been requested. Therefore, snmpget assumes that
all three OIDs are erroneous. Usually, however, when answering a
request that is not proxied, snmpd returns a PDU with the correct
information. snmpget then resends the request without the offending
OID, receives a valid response and displays the result.
I'd therefore like to suggest the following patch (output of svn diff):
-------------------------BEGIN PATCH-------------------------------
Index: testing/RUNTESTS
===================================================================
--- testing/RUNTESTS (revision 16373)
+++ testing/RUNTESTS (working copy)
@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
#
# RUNTESTS [-h]...
#
Index: agent/mibgroup/ucd-snmp/proxy.c
===================================================================
--- agent/mibgroup/ucd-snmp/proxy.c (revision 16373)
+++ agent/mibgroup/ucd-snmp/proxy.c (working copy)
@@ -549,9 +549,13 @@
}
/*
- * update the original request varbinds with the results
+ * update the original request varbinds with the results.
+ *
+ * mg 17-May-2007: This must be done in the case of error
+ * packages as well, cf. section 4.1.2 of rfc 1067.
*/
- } else for (var = vars, request = requests;
+ }
+ for (var = vars, request = requests;
request && var;
request = request->next, var = var->next_variable) {
/*
Index: agent/snmp_agent.c
===================================================================
--- agent/snmp_agent.c (revision 16373)
+++ agent/snmp_agent.c (working copy)
@@ -3482,7 +3482,6 @@
netsnmp_request_set_error_idx(netsnmp_request_info *request,
int error_value, int idx)
{
- int i;
netsnmp_request_info *req = request;
if (!request || !request->agent_req_info)
@@ -3491,10 +3490,12 @@
/*
* Skip to the indicated varbind
*/
- for ( i=2; i<idx; i++) {
- req = req->next;
+ while (1) {
if (!req)
return SNMPERR_NO_VARS;
+ if (req->index == idx)
+ break;
+ req = req->next;
}
return _request_set_error(req, request->agent_req_info->mode,
--------------------------END PATCH--------------------------------
(The change to RUNTEST was needed on my Ubuntu Linux machine
because /bin/sh is a link to /bin/dash which demands more POSIX
compliance than bash; the change to snmp_agent.c is just intended to
make the code clearer -- which you may or may not agree it does...).
This patch has been tested on Linux 2.6.17, both manually to cover the
scenario described above and automatically using the test suite that
comes with net-snmp.
I'm looking forward to your thoughts on this suggestion.
Thanks,
Michael Granzow
PS: In today's svn snapshot, test 20 (SNMPv3 snmptrapd USM user
management with snmpusm) is failing.
-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Net-snmp-coders mailing list
Net-snmp-coders@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
