I posted this to the coders list, but it probably makes more sense on the user's list.
Could someone try using an invalid privacy password with net-snmp-5.4.1 and an snmpv3 user and let me know what happens? According to the RFC, I think that I should receive an authentication failure rather than the timeout failure that I'm currently getting. I'm not sure if I have a code configuration problem that is causing the timeout, or if this is standard behavior. Thanks. --Mike Mike Harless <[EMAIL PROTECTED]> wrote: > > I'm finally getting back to this, and wondered if someone else > can run a test to see if the problem that I'm seeing is just in > my setup/code, or is the way things actually work. > > What I see, is that if I use net-snmp-5.4.1, and try to use AuthPriv > with a snmpv3 user, I'm getting an 'ASN.1 parse error in message' in > the server and the client request times out if the privacy password > is incorrect. According to Dave and looking at RFC3414, it looks like > I should be getting a decryption error instead. If the authentication > password is incorrect, I get an authentication failure like I expect. > > Could someone try this and see if they get the same behavior? I'm seeing > this with both MD5/DES and SHA/AES snmpv3 users. > > Thanks. > > --Mike > > > > > "Mike Harless <[EMAIL PROTECTED]> See http":[EMAIL PROTECTED] wrote: > > > > > Dave, > > > > > Dave Shield <[EMAIL PROTECTED]> wrote: > > > > > > > On 03/04/2008, Mike Harless <[EMAIL PROTECTED]> wrote: > > > > > I've got a question on how failures are supposed to work with snmpv3 > > > > > when I'm using authPriv and I supply a bad privPassword. Is the > > > > > request > > > > > just supposed to timeout (like I'm seeing), or should I get some type > > > > > of error back (like I do with a bad authPassword)? Thanks. > > > > > > > > The agent should receive the request, and attempt to decrypt it. > > > > This decryption will fail (since the request was encrypted using > > > > the wrong password), and the agent should return a REPORT message, > > > > (decryptionError). > > > > Sorry, I should have turned on all debugging before posting. > > It looks like when I supply an invalid privacy password, I get > > a parse error rather than a decryption error, and I think that > > is probably why I'm getting the timeout rather than error returned > > to the client: > > > > > > trace: usm_get_user_from_list(): ../../snmplib/snmpusm.c, 2999: > > usm: match on user operator > > trace: usm_check_secLevel(): ../../snmplib/snmpusm.c, 2876: > > comparex: Comparing: 1 3 SNMP-USER-BASED-SM-MIB::usmNoPrivProtocol > > trace: sc_check_keyed_hash(): ../../snmplib/scapi.c, 544: > > trace: sc_generate_keyed_hash(): ../../snmplib/scapi.c, 278: > > trace: sc_get_properlength(): ../../snmplib/scapi.c, 117: > > trace: usm_process_in_msg(): ../../snmplib/snmpusm.c, 2472: > > usm: Verification succeeded. > > trace: sc_decrypt(): ../../snmplib/scapi.c, 919: > > trace: usm_process_in_msg(): ../../snmplib/snmpusm.c, 2654: > > usm: USM processing completed. > > trace: snmpv3_parse(): ../../snmplib/snmp_api.c, 3868: > > dumph_recv: ScopedPDU > > trace: _snmp_parse(): ../../snmplib/snmp_api.c, 4196: > > snmp_parse: Parsed SNMPv3 message (secName:operator, secLevel:authPriv): > > ASN.1 parse error in message > > trace: _sess_process_packet(): ../../snmplib/snmp_api.c, 5173: > > sess_process_packet: parse fail > > trace: _sess_process_packet(): ../../snmplib/snmp_api.c, 5178: > > sess_process_packet: post-parse fail > > trace: _sess_read(): ../../snmplib/snmp_api.c, 5445: > > sess_read: not reading 8 (fdset 0xbfef7d70 set 0) > > trace: _sess_read(): ../../snmplib/snmp_api.c, 5445: > > sess_read: not reading 9 (fdset 0xbfef7d70 set 0) > > trace: _sess_read(): ../../snmplib/snmp_api.c, 5445: > > sess_read: not reading 6 (fdset 0xbfef7d70 set 0) > > trace: _sess_read(): ../../snmplib/snmp_api.c, 5445: > > sess_read: not reading 4 (fdset 0xbfef7d70 set 0) > > trace: snmp_sess_select_info(): ../../snmplib/snmp_api.c, 5868: > > sess_select: for all sessions: 10 8 9 6 4 > > sess_select: next alarm 3.587604 sec > > verbose:sess_select: timer due in 3.587604 sec > > verbose:sess_select: setting timer to 3.587604 sec, clear block (was 0) > > trace: receive(): ../../agent/snmpd.c, 1144: > > snmpd/select: select( numfds=11, ..., tvp=0xbfef7c58) > > trace: receive(): ../../agent/snmpd.c, 1146: > > timer: tvp 3.587604 > > trace: receive(): ../../agent/snmpd.c, 1148: > > snmpd/select: returned, count = 1 > > trace: netsnmp_udp_recvfrom(): ../../snmplib/snmpUDPDomain.c, 147: > > netsnmp_udp: got source addr: 15.80.223.237 > > trace: netsnmp_udp_recvfrom(): ../../snmplib/snmpUDPDomain.c, 152: > > netsnmp_udp: got destination (local) addr 15.80.223.27 > > trace: netsnmp_udp_recv(): ../../snmplib/snmpUDPDomain.c, 227: > > netsnmp_udp: recvfrom fd 10 got 142 bytes (from UDP: [15.80.223.237]:32774) > > trace: _sess_process_packet(): ../../snmplib/snmp_api.c, 5121: > > sess_process_packet: session 0x81188b0 fd 10 pkt 0x814e448 length 142 > > > > > > --Mike > > > > ------------------------------------------------------------------------- > > This SF.net email is sponsored by the 2008 JavaOne(SM) Conference > > Register now and save $200. Hurry, offer ends at 11:59 p.m., > > Monday, April 7! Use priority code J8TLD2. > > http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone > > _______________________________________________ > > Net-snmp-coders mailing list > > [EMAIL PROTECTED] > > https://lists.sourceforge.net/lists/listinfo/net-snmp-coders > > ------------------------------------------------------------------------- This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone _______________________________________________ Net-snmp-users mailing list [email protected] Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
