snmpwalk: Decryption error

Krishnan . (krish2) Fri, 30 Dec 2011 01:19:51 -0800

Hi,


This is to request assistance with a problem I recently encountered
while trying to execute an snmp V3 walk on my system.

 

The snmp agent implementation, briefly described, is as follows:

 

n  Uses net-snmp-5.5 library linked dynamically.

n  Configured and built with "--with-openssl" ( I see the aes.h and
des.h generated in net-snmp-5.5/include/net-snmp/net-snmp-config.h and
included in net-snmp-5.5/snmplib/scapi.c)

n  Open SSSL Version 0.9.8r used.

n  Snmp Tables for static data/inventory implemented.

n  V2C/V3 Traps (send_v2trap()/send_v3trap()) used to send event
notification traps with custom varbinds.

n  uname -a  = Linux Unknown 2.6.16.12 #1 Fri Dec 30 02:06:07 IST 2011
exported armv5tejl GNU/Linux

 

Problem Description:

 

n  Snmp v2c and v3 walks work fine and all information obtained
correctly before event generation. Both AES and DES encryptions work.

n  V2C traps work fine and all varbinds seen correctly.

n  The moment an event is generated, and v3 traps are configured for
use, "snmpwalk: Decryption error" shows up during the next v3 walk. V2C
walk continues to work fine.

n  Able to recover from the error only when "snmpd" service is
restarted.

n  Problem seen only with AES encryption. DES encryption works fine.

n  Snmpd.conf values for the settings used are as follows:

 

trapsess -v3 -u krish -l authpriv <IP Address>

sysContact who@where

sysLocation unknown

sysServices 72

trapcommunity public

rouser krish priv

trapsess -v3 -u krish -l authpriv 10.104.96.232

rouser krish priv

usmUser 1 3 0x80001f8880acf4e0149c080000 0x6b7269736800 0x6b7269736800
NULL .1.3.6.1.6.3.10.1.1.2 0x4817a5acbc9b73a8aae4fc93e46a9d75
.1.3.6.1.6.3.10.1.2.2 0x4817a5acbc9b73a8aae4fc......

 

The snmpwalk command used is as follows:

 

snmpwalk -v3 -u krish -a MD5 -A krish123 -x DES -X krish123 -l authpriv
localhost 1.3.6

 

The aforementioned command works fine till a V3 trap is generated.

 

Observations:

 

n  Commented the call to send_v2trap() and send_v3trap() and the V3 walk
works fine.

 

Your assistance in rectifying this issue would be appreciated.

 

Regards,

Krishnan.

------------------------------------------------------------------------------
Ridiculously easy VDI. With Citrix VDI-in-a-Box, you don't need a complex
infrastructure or vast IT resources to deliver seamless, secure access to
virtual desktops. With this all-in-one solution, easily deploy virtual 
desktops for less than the cost of PCs and save 60% on VDI infrastructure 
costs. Try it free! http://p.sf.net/sfu/Citrix-VDIinabox

_______________________________________________
Net-snmp-coders mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders

snmpwalk: Decryption error

Reply via email to