Hello !
I'm working on a net-snmp agent integrated into an industrial embedded system
(ARM-based).
The agent is working perfectly for v1 and v2c, and also with v3 and
'AuthNoPriv' mode. I'm doing my tests with SnmpB software as a client.
But SHA and DES/AES is not working :
My snmpd.conf :
# Listening connections :
agentAddress udp:161
#
# User list :
createUser myuser MD5 authpass
rouser myuser
createUser vincent SHA authpass DES privauthpass
rwuser vincent priv
GET an integer with SNMPv3 is working for user "myuser" (configured with
'authNoPriv' and empty context info in SnmpB) , but that is not working for
user "vincent" (configured with 'authPriv' in SnmpB) : embedded agent returns
me the security level is not supported (oid 1.3.6.1.6.3.15.1.1.1.0, see
wireshark trace below) . Same problem occurs with AES.
Why is it not supported ?
I tried different combinations with 'createUser' adding 'priv' on it, or add it
at the end of 'rwuser'
I didn't see something relevant into the snmpd.log, so I guess the openssl is
correctly loaded.
I don't know what I'm missing. Could you help me please ?
Many thanks !
Vincent.
----->>>
Some useful resources :
My install switches :
./configure --prefix=$(INSTALL_PREFIX) --host=$(HOST) \
--disable-applications --enable-debugging --disable-embedded-perl
--without-perl-modules \
--enable-reentrant \
--with-cc=$(CC) --with-linkcc=$(CC) --with-ar=$(AR) --with-ldflags="$(LDFLAGS)"
--with-cflags="$(CFLAGS_EXT)" \
--with-openssl=$(LIB_DIRS) \
--without-rpm \
--with-logfile="/tmp/var/snmpd.log" \
--with-default-snmp-version="3" \
--with-transports="UDP,TCP,DTLSUDP,TLSTCP" --with-security-modules="usm,tsm" \
--with-sys-contact="vincent.gil...@ovarro.com" \
--with-sys-location="Ovarro" \
--with-persistent-directory="/var/net-snmp" \
--enable-shared=yes --enable-static=no --enable-tagCC-libtool
Wireshark capture (request of SnmpB, followed by answer from embedded net-snmp
agent) :
No. Time Source Destination Protocol
Length Info
4488 49.862297 10.65.84.14 172.25.110.169 SNMP 183
encryptedPDU: privKey Unknown
Frame 4488: 183 bytes on wire (1464 bits), 183 bytes captured (1464 bits) on
interface \Device\NPF_{71745524-1B4D-4E06-8D78-0E258F5FBAED}, id 0
Ethernet II, Src: Cisco_3c:7a:00 (00:05:9a:3c:7a:00), Dst: CIMSYS_33:44:55
(00:11:22:33:44:55)
Internet Protocol Version 4, Src: 10.65.84.14, Dst: 172.25.110.169
User Datagram Protocol, Src Port: 49987, Dst Port: 161
Simple Network Management Protocol
msgVersion: snmpv3 (3)
msgGlobalData
msgID: 1572876
msgMaxSize: 4096
msgFlags: 07
.... .1.. = Reportable: Set
.... ..1. = Encrypted: Set
.... ...1 = Authenticated: Set
msgSecurityModel: USM (3)
msgAuthoritativeEngineID: 80001f88801cfa42209b6fa665
1... .... = Engine ID Conformance: RFC3411 (SNMPv3)
Engine Enterprise ID: net-snmp (8072)
Engine ID Format: Reserved/Enterprise-specific (128): Net-SNMP Random
Engine ID Data: 1cfa4220
Engine ID Data: Creation Time: Jan 16, 2024 12:59:23 Paris, Madrid
msgAuthoritativeEngineBoots: 17
msgAuthoritativeEngineTime: 67315
msgUserName: vincent
msgAuthenticationParameters: 90d824057790ccf09d9cdf94
msgPrivacyParameters: 000000110000904f
msgData: encryptedPDU (1)
encryptedPDU:
6ca45160f625888a5d5578eab7db81b466dc8d98901c8a706eee1031ca939c6e1a825c7f...
No. Time Source Destination Protocol
Length Info
4496 49.945101 172.25.110.169 10.65.84.14 SNMP 154
report 1.3.6.1.6.3.15.1.1.1.0
Frame 4496: 154 bytes on wire (1232 bits), 154 bytes captured (1232 bits) on
interface \Device\NPF_{71745524-1B4D-4E06-8D78-0E258F5FBAED}, id 0
Ethernet II, Src: CIMSYS_33:44:55 (00:11:22:33:44:55), Dst: Cisco_3c:7a:00
(00:05:9a:3c:7a:00)
Internet Protocol Version 4, Src: 172.25.110.169, Dst: 10.65.84.14
User Datagram Protocol, Src Port: 161, Dst Port: 49987
Simple Network Management Protocol
msgVersion: snmpv3 (3)
msgGlobalData
msgID: 1572876
msgMaxSize: 65507
msgFlags: 00
.... .0.. = Reportable: Not set
.... ..0. = Encrypted: Not set
.... ...0 = Authenticated: Not set
msgSecurityModel: USM (3)
msgAuthoritativeEngineID: 80001f88801cfa42209b6fa665
1... .... = Engine ID Conformance: RFC3411 (SNMPv3)
Engine Enterprise ID: net-snmp (8072)
Engine ID Format: Reserved/Enterprise-specific (128): Net-SNMP Random
Engine ID Data: 1cfa4220
Engine ID Data: Creation Time: Jan 16, 2024 12:59:23 Paris, Madrid
msgAuthoritativeEngineBoots: 17
msgAuthoritativeEngineTime: 67315
msgUserName: vincent
msgAuthenticationParameters: <MISSING>
msgPrivacyParameters: <MISSING>
msgData: plaintext (0)
plaintext
contextEngineID: 80001f88801cfa42209b6fa665
1... .... = Engine ID Conformance: RFC3411 (SNMPv3)
Engine Enterprise ID: net-snmp (8072)
Engine ID Format: Reserved/Enterprise-specific (128): Net-SNMP
Random
Engine ID Data: 1cfa4220
Engine ID Data: Creation Time: Jan 16, 2024 12:59:23 Paris,
Madrid
contextName:
data: report (8)
report
request-id: 0
error-status: noError (0)
error-index: 0
variable-bindings: 1 item
1.3.6.1.6.3.15.1.1.1.0: 10
Object Name: 1.3.6.1.6.3.15.1.1.1.0
(iso.3.6.1.6.3.15.1.1.1.0)
Value (Counter32): 10
_______________________________________________
Net-snmp-coders mailing list
Net-snmp-coders@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
