On Wed, 4 Jul 2018 18:07:51 +0530 Thommandra wrote:
TG> > For snmpd, you can configure VACM views in snmpd.conf to
TG> > exclude certain OIDS. It's not very intuitive, but should be
TG> > possible. 
TG> 
TG> Can we remove the OIDs at compile time (using configure option)
TG> like we do for modules? Changing VACM views is tedious and has
TG> to be configures for all communities/users etc.
TG> And if the list of OIDs is huge, it is not feasible.

Configure can exclude entire MIBs, but not individual OIDs. You can
modify the code, but make sure you deal with get and get-next
properly.

TG> Actually I understand that. I went further and enabled debug on
TG> snmpgetnext to find that the failure is due to the error during
TG> snmp_parse() And it is because the getnext PDU contains an
TG> IP_ADDR as a value (vrrpOperMasterIpAddr OID)
TG> 
TG> On debugging further, I found that the below change in 5.7.3 is
TG> actually causing the issue
TG> 
TG> net-snmp-5.7.3/snmplib/snmp_api.c
TG> 
TG> 4594         case ASN_IPADDRESS:
TG> 4595             if (vp->val_len != 4)
TG> 4596                 return -1;
TG> 4597             /* fallthrough */
TG> 4598         case ASN_OCTET_STR:
TG> 4599         case ASN_OPAQUE:
TG> 4600         case ASN_NSAP:
TG> 
TG> We fail if ASN_IPADDRRESS len is not 4. Earlier in 5.7.2, we
TG> did not have this check.

ASN_IPADDRESS is specified as a 4 octet field, so anything else is
wrong.

TG> And looking at the history, it seems like you have
TG> modified/added those lines. May I know if this is a bug?
TG> BTW, removing that val_len check from snmp_api.c makes the
TG> snmpwalk work smooth.
TG> 
TG> Please note that our implementation of VRRP-MIB was done using
TG> mib2c utility. And so vrrpOperMasterIpAddr is implemented as
TG> u_long in the code.

The size of the data field shouldn't matter. Try stepping through
the mib2c generated code that creates the varbind and see where the
value in the varbind gets a bad value.

Robert

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Net-snmp-coders mailing list
Net-snmp-coders@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders

Reply via email to