hi
i have 2 questions regarding traps
i set up my user in snmptrapd.conf as follows
createUser -e 0x8000000001020304 sancho SHA myAuthkey AES myPrivkey
then i authorise this user to send traps as follows:
authUser log,execute,net sancho priv
then i start the snmptrapd
sudo snmptrapd -f -Le -d -C -c snmptrapd.conf
then i configure my trap client as follows:
session.securityAuthKeyLen = USM_AUTH_KU_LEN;
if (generate_Ku(session.securityAuthProto,
session.securityAuthProtoLen,
(unsigned char *) "myAuthkey",
strlen("myAuthkey"), session.securityAuthKey,
&session.securityAuthKeyLen) != SNMPERR_SUCCESS) {
ERROR("error generating key from supplied pass phrase");
return -1;
}
size_t ebuf_len = 32;
size_t eout_len = 0;
u_char *ebuf = malloc(ebuf_len);
if (snmp_hex_to_binary(&ebuf, &ebuf_len, &eout_len, 1,
"0x8000000001020304") == 0) {
ERROR("bad engine ID");
free(ebuf);
return -1;
}
session.securityEngineID = ebuf;
session.securityEngineIDLen = eout_len;
session.securityPrivKeyLen = USM_PRIV_KU_LEN;
if (generate_Ku(session.securityAuthProto,
session.securityAuthProtoLen,
(unsigned char *) childInfo->securityPassword,
strlen(childInfo->securityPassword), session.securityPrivKey,
&session.securityPrivKeyLen) != SNMPERR_SUCCESS) {
ERROR("error generating key from supplied pass phrase");
return -1;
}
this works (i more or less copied this from the source of snmptrap.c)
1) my first question:
why does the second call to generate_Ku() use session.securityAuthProto and
session.securityAuthProtoLen as first and second parameters and NOT
session.securityPrivProto and session.securityPrivProtoLen? it's done the
same way in snmptrap.c (bug?!?)
2) as you can see from my snmptrapd.conf, the trap daemon should reject any
traps sent without encryption.
but when i send my traps without encryption, they still arrive!
(when i do session.securityLevel = SNMP_SEC_LEVEL_AUTHNOPRIV and leave out
the second call to generateKu())
it even works if i specify a WRONG password for a private key!!
can someone explain this??
thanks
martin
------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
trial. Simplify your report design, integration and deployment - and focus on
what you do best, core application coding. Discover what's new with
Crystal Reports now. http://p.sf.net/sfu/bobj-july
_______________________________________________
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users
