Hi
We are facing a problem when trying to send an SNMPv3 INFORM PDU
to the snmptrapd
Following is what I have tried
1. Run the snmpTrapd daemon with following options
./snmptrapd -Le -f -d -C -c
"/home/meghana/snmp/share/snmp/snmptrapd_inform.conf
2. The configuration file snmptrapd_inform.conf has the following
entries
createUser myinformuser MD5 mypasswd AES mypasswd
authUser log myinformuser authNoPriv
ENGINE ID ISNT SPECIFIED AS THE RECEIVER OF SNMPINFORM MSG IS AUTHORITATIVE
3. It try to run the command
snmpinform -v 3 -u myinformuser -a MD5 -A mypasswd -l authNoPriv
10.100.10.61 42 coldStart.0
[I added some prints in the netsnmp source to trace the control flow]
With this I get the following error from snmptrapd daemon process and there
is a segmentation fault because of
Some incorrect error handling
a) snmptrapd does a snmp_read() from the socket
b) It then invokes snmp_create_sess_pdu(). This results in the call to
function snmpv3_parse()
c) Snmpv3_parse identifies the security model !=
SNMP_SEC_LEVEL_AUTHPRIV
d) It then calls usm_secmod_process_in_msg(), which results in a call
to usm_parse_security_parameters()
Which outputs engine ID len as 0 and secname = empty
e) Then the security name, engine ID, and security level are getting
cached
f) ISENGINEKNOWN() function gets called and it returns
SNMPERR_USM_UNKNOWNENGINEID
[return value = -48 ]
Because of this snmpv3_parse() returns failure
The control flows then results in a call to find_sec_mod() to handle any
special errors
AND THIS RESULTS IN SEGMENTATION FAULT !!!
4) I face the same issue (Point no 3) when I write my own application
(instead of snmpinform command)
In the application, I am filling the following members of session
information to pass the PDU
Fill in
i.
Version = 3
ii.
Peername and port
iii. Set
the default trap port to 162 using the statement
netsnmp_ds_set_int(NETSNMP_DS_LIBRARY_ID, NETSNMP_DS_LIB_DEFAULT_PORT,
SNMP_TRAP_PORT);
iv. Local
name
v.
Security engine ID = NULL and engineIDlen = 0
vi.
Security level = authnoPriv
vii.
Security model = default value
viii. Security
name = myinformuser, Len = string length of security name
ix.
securityAuthProto = MD5
x.
securityAuthProtoLen, securityAuthKeyLen are filled appropriately to
sizeof(usmHMACMD5AuthProtocol)/sizeof(oid) and USM_AUTH_KU_LEN
xi. We then
generate the key using generate_Ku()
xii.
securityPrivProto = AES
xiii. context
name = null
Open the session and fill the PDU and send using snmp_synch_response()
QUESTIONS:
1. why is the net snmp code for snmpv3_parse looking for an engine ID
when it is not required for snmpinform case (As the receiver is
authoritative in case of snmp inform msgs)
Hence it returns SNMPERR_USM_UNKNOWNENGINEID ???
2. Is the authuser directive required to be specified for snmp informs
in CONF file?
I tried removing it from conf file but here was no change in behavior
Regards,
Meghana
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Net-snmp-users mailing list
[email protected]
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users
