RE: EXTERNAL: Re: 5.7.3 | snmptrap not populating EngineBoots or EngineTime for snmp v3 traps

Tue, 30 Oct 2018 16:33:01 -0700 

> From: Denis Hainsworth <denis.hainswo...@gmail.com> 
> Sent: Tuesday, October 30, 2018 7:57 AM
> To: net-snmp-coders@lists.sourceforge.net
> Subject: EXTERNAL: Re: 5.7.3 | snmptrap not populating EngineBoots or 
> EngineTime for snmp v3 traps
>
> Just a note to anyone that might run into this.  I was interested in all the 
> evidence that snmptrap/d used to process boots/time correctly for v3 and so 
> built
> 5.1.4.2 and found that snmptrap in that version does in fact correctly set 
> boots/time
> based on the -Z command line argument and if -Z is not used it does use 
> uptime as coded.
>
> I also confirmed that snmptrapd from 5.1.4.2 actually checks those values 
> while 5.7.3
> does not which is probably why most people dont care because they are 
> probably using both
> binaries so even if snmptrap isnt setting the values snmptrapd is ignoring 
> them anyway so
> it just works.
>
> No clue yet when it broke or how easy it might be to fix.
>
> -denis


This interested me for selfish reasons, so I investigated it.  It appears that 
the local cache
of SNMP engine ID/boot/time is not getting updated from the switches supplied 
at the command
line.  When the message is sent out, there is no entry in the cache, so default 
values of 0
are used.

I have pinned down the regression to this commit:

commit 0dd182f682b6f6cbb18b948718238750ca3404e4
Author: Robert Story <rst...@users.sourceforge.net>
Date:   Thu Jun 2 23:14:07 2005 +0000

    delay SNMPv3 EngineID probe until needed



I have also tested a patch for this that seems to work.  I'd be interested in 
the developers'
opinions, as I'm not sure this is the best location for the fix or if I missed 
something.

Patch is against v5.8:

diff -urN old-5.8/apps/snmptrap.c new-5.8/apps/snmptrap.c
--- old-5.8/apps/snmptrap.c     2018-07-16 09:33:40.000000000 -0500
+++ new-5.8/apps/snmptrap.c     2018-10-30 18:25:26.652014237 -0500
@@ -214,6 +214,9 @@
             session.engineBoots = 1;
         if (session.engineTime == 0)    /* not really correct, */
             session.engineTime = get_uptime();  /* but it'll work. Sort of. */
+
+        set_enginetime(session.securityEngineID, session.securityEngineIDLen,
+                       session.engineBoots, session.engineTime, TRUE);
     }

     ss = snmp_add(&session,




Denis: can you easily test this patch with your system?


-Drew



_______________________________________________
Net-snmp-coders mailing list
Net-snmp-coders@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders

Reply via email to