After further reflection I believe that the vacm library is actually
correct and that I was not setting up the notify filter tables
correctly. Unfortunately I still see what appears to be incorrect
behavior.
The way I set up the filters now is to define as I indicated below and
if I start the agent with that configuration in place everything filters
correctly. However, if I start adding and removing OIDs to exclude the
agent will sometime be unable to locate any filters even though a walk
of the notifyTable shows filters exist. If I continue to manipulate the
table by creating or destroying more filters the agent sometimes returns
to filtering but usually is unable to locate any filters. If I
restart snmpd everything works again. Very strange.
Jeff
-----Original Message-----
From: Miller, Jeff (eng)
Sent: Thursday, March 15, 2007 4:32 PM
To: 'net-snmp-users@lists.sourceforge.net'
Subject: Is vacm library routing filtering correctly for notification
mib?
It seems that if I set up the notification mib to have a
notifyFilterTable entry that specifies oid .1 with a mask of
0xffffffffffffffffff and a type of include that this should enable all
traps that are not specifically excluded to be sent. I should then be
able to set specific trap oids with a type of exclude to filter only
those specific traps. In practice, on 5.3 I see that all traps get
excluded. I believe this is related to the snmplib/vacm.c code which is
the same in 5.4.
I captured the code from vacm.c that I think is causing the problem and
highlighted the particular conditional that I think results in the
excluded oid overriding the include statement. My interpretation is
that since the oid in the vacm filter is longer then the previous vpret
that it causes the excluded oid to override the include oid. My
assertion is that this is incorrect because I believe that only up to
the common oids should be checked.
Is this a bug?
if (mode == VACM_MODE_CHECK_SUBTREE) {
vpret = vp;
} else if (vpret == NULL
/**** the following line includes oids that should not necessarily
be included ****/
|| vp->viewSubtreeLen > vpret->viewSubtreeLen
/**** the above line is the line that I think is in error *****/
|| (vp->viewSubtreeLen == vpret->viewSubtreeLen
&& snmp_oid_compare(vp->viewSubtree + 1,
vp->viewSubtreeLen - 1,
vpret->viewSubtree + 1,
vpret->viewSubtreeLen - 1) >
0)) {
vpret = vp;
}
Jeff
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users
