Hi all

We are using net-snmp on Solaris and I have compiled Net-SNMP 
with TLS and DTLS Support
# ./configure --with-security-modules=tsm --with-transports=TLSTCP,DTLSUDP

And while testing, I ran the server
                  snmpd dtlsudp:10161

But when I do a snmpget in the client, got following error.

snmpget -v3 -l authPriv -T 
dtlsudp:localhost:10161 sysContact.0

failed to send a DTLS specific packet
tsm: needed to free transport data
failed to send a DTLS specific packet
tsm: needed to free transport data
tsm: needed to free transport data
tsm: needed to free transport data
tsm: needed to free transport data
failed rfc5343 contextEngineID probing
snmpget: Timeout (Error 0)

Then I have root-caused the issue and the reason for this failure is 
client will "connect" to the udp socket and then tries to send data by 
using sendto or sendmsg.
Sendto and sendmsg are not able to send the data when the udp socket is 
in connected mode and the destination address is specified and return 
the error EISCONN(A destination address was specified and the socket is 
already connected) as per the man page.

Trace of connect-sendmsg

connect(5, 0xFFFF80D8303A8D20, 16, SOV_XPG4_2)  = 0
sendmsg(5, 0xFFFF80D8303857F0, 33408)           Err#133 EISCONN

Trace of connect-sendto

connect(5, 0xFFFF80D420661790, 16, SOV_XPG4_2)  = 0
sendto(5, 0xFFFF80D42064E3B0, 192, 32768, 0x1C63196E0, 16) Err#133 EISCONN

The connect got called in the function 

1473    if (!local) {
1474        /* dtls needs to bind the socket for SSL_write to work */
1475        if (connect(t->sock, (struct sockaddr *) addr, 
sizeof(*addr)) == -1)
1476            snmp_log(LOG_ERR, "dtls: failed to connect\n");
1477    }

And sendmsg or sendto got called in the function 

#ifdef netsnmp_udpbase_recvfrom_sendto_defined
340            rc = netsnmp_udp_sendto(t->sock,
341                    addr_pair ? &(addr_pair->local_addr.sin.sin_addr) 
342                    addr_pair ? addr_pair->if_index : 0, to, buf, size);
344            rc = sendto(t->sock, buf, size, 0, to, sizeof(struct 
345#endif /* netsnmp_udpbase_recvfrom_sendto_defined */

Could you please provide your input on this whether its a bug or not, 
and how to fix this issue.

Thank You

Check out the vibrant tech community on one of the world's most 
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
Net-snmp-coders mailing list

Reply via email to