On Wed, 18 Sept 2024 at 14:35, Craig Small <csm...@dropbear.xyz> wrote: [...]
Hello, Thank you lots for confirming what I already feared would be the case. I like the idea of putting something in front of the SNMP daemon that will manage ports opening and closing, I never thought of this, but when thinking about it, it seems like a good solution. I guess that something controlling iptables on the fly would do this well. Thanks again, Regards, Teus Benschop On Mon, 16 Sept 2024 at 22:44, Teus Benschop <teusjanne...@gmail.com> wrote: > >> The daemon kept the same ports open as before editing the snmpd.conf even >> in case some agentaddress entries were removed from snmpd.conf. >> > Some changes to the configuration file can be enabled with a reload or HUP > and some things need a complete restart. > > Changing ports is one of those complete restart things. > > There might be many reasons for it, but one of them would be that binding > to low ports needs root (or capabilities) > but you can also change to a different user after binding the ports. Once > you're non root, there's no going back > so binding to ports could fail. > > Interestingly enough, that "snmpd restarted" message is in > snmpd_reconfig(). Technically it's not restarting. > > The port bindings happen in init_master_agent() with the repeated calls in > netsnmp_agent_listen_on() > In theory you could do a bunch of nsap_unregisters then copy that do-while > loop into snmpd_reconfig() but I think the end-result > is something that sort of does what you want but breaks in new interesting > random ways because I'm sure something somewhere > in snmpd assumes the NSAPs (the sockets effectively) remain the same. > > If I needed to shift ports around dynamically, I'd approach it from > restarting the daemon and saving the state somehow > or do some funky DNAT/load balancer type thing that moved the ports for me > and left snmpd alone. >
_______________________________________________ Net-snmp-coders mailing list Net-snmp-coders@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
