Hello,
Currently the behavior with regard to AgentX over TCP is as follows:
snmpd -x tcp: listens to *:705 (!)
agentxtrap -x tcp: connects to 0.0.0.0:705
The patch below changes the AgentX over TCP behavior into:
snmpd -x tcp: listens to localhost:705
agentxtrap -x tcp: connects to localhost:705
So this patch closes a security hole and makes it easier to use the
AgentX protocol over TCP.
Since the 5.4 branch is currently in release-candidate freeze mode,
this patch has to be voted upon before it can be applied to the 5.4
branch. Please vote whether or not you want to see this patch applied
on the 5.4 branch.
Bart.
Index: agent/mibgroup/agentx/agentx_config.c
===================================================================
--- agent/mibgroup/agentx/agentx_config.c (revision 18337)
+++ agent/mibgroup/agentx/agentx_config.c (working copy)
@@ -170,7 +170,7 @@ agentx_config_init(void)
netsnmp_register_default_domain("agentx", "unix tcp");
netsnmp_register_default_target("agentx", "unix", NETSNMP_AGENTX_SOCKET);
#define val(x) __STRING(x)
- netsnmp_register_default_target("agentx", "tcp", ":" val(AGENTX_PORT));
+ netsnmp_register_default_target("agentx", "tcp", "localhost:"
val(AGENTX_PORT));
#undef val
agentx_register_config_handler("agentxsocket",
agentx_parse_agentx_socket, NULL,
------------------------------------------------------------------------------
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
Net-snmp-coders mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
