Hi there, I'm trying to get an embedded 'snmpd' agent working with IPv6 and I'm getting close to having this working in a basic, default configuration. However, I'm seeing some signs that indicate things aren't quite right. At a high level there are some basic indications of failure/mis-configuration. I've sleuthed this a fair bit and so far haven't been able to uncover a root cause. I'm hoping someone here might be able to help.
To begin I should say that the target is running a custom distribution (based on Debian/sysvinit) and includes Net-SNMP v5.7.2, built as follows: [target]# net-snmp-config --configure-options '--target=i686-netacquire-linux-gnu' '--host=i686-netacquire-linux-gnu' '--build=x86_64-redhat-linux' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--libdir=/usr/lib' '--libexecdir=/usr/lib' '--sysconfdir=/etc' '--datadir=/usr/share' '--localstatedir=/var' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--includedir=/usr/include' '--disable-nls' '--disable-Werror' '--enable-ipv6' '--with-perl-modules=no' '--without-rpm' '--with-default-snmp-version=3' '--with-sys-contact=supp...@netacquire.com' '--with-sys-location=unknown' '--with-logfile=/var/log/snmpd.log' '--with-persistent-directory=/var/net-snmp' '--with-endianness=little' '--disable-embedded-perl' 'build_alias=x86_64-redhat-linux' 'host_alias=i686-netacquire-linux-gnu' 'target_alias=i686-netacquire-linux-gnu' 'CC=i686-netacquire-linux-gnu-gcc' 'CFLAGS=-Os -march=i686 -mtune=generic -pipe' 'LDFLAGS=' Firstly, it seems that the specification of 'agentaddress udp:161,udp6:161' is ignored (or causes some kind of problem) in my snmpd.conf file. Here's what I see in my /var/log/snmpd.log file after invoking 'snmpd' as follows as root: snmpd -c /usr/share/snmp/snmpd.conf error on subcontainer 'ia_addr' insert (-1) /usr/share/snmp/snmpd.conf: line 126: Warning: Unknown token: rocommunity6. /usr/share/snmp/snmpd.conf: line 132: Warning: Unknown token: rwcommunity6. /usr/share/snmp/snmpd.conf: line 126: Warning: Unknown token: rocommunity6. /usr/share/snmp/snmpd.conf: line 132: Warning: Unknown token: rwcommunity6. Error opening specified endpoint "udp:161" Server Exiting with code 1 If I remove 'udp:161' I see the following: error on subcontainer 'ia_addr' insert (-1) /usr/share/snmp/snmpd.conf: line 126: Warning: Unknown token: rocommunity6. /usr/share/snmp/snmpd.conf: line 132: Warning: Unknown token: rwcommunity6. /usr/share/snmp/snmpd.conf: line 126: Warning: Unknown token: rocommunity6. /usr/share/snmp/snmpd.conf: line 132: Warning: Unknown token: rwcommunity6. Error opening specified endpoint "udp6:161" Server Exiting with code 1 I can get the agent to listen on for IPv6 by explicitly entering the listening endpoint as follows: snmpd -c /usr/share/snmp/snmpd.conf udp6:161 Now I see the following: error on subcontainer 'ia_addr' insert (-1) /usr/share/snmp/snmpd.conf: line 126: Warning: Unknown token: rocommunity6. /usr/share/snmp/snmpd.conf: line 132: Warning: Unknown token: rwcommunity6. /usr/share/snmp/snmpd.conf: line 126: Warning: Unknown token: rocommunity6. /usr/share/snmp/snmpd.conf: line 132: Warning: Unknown token: rwcommunity6. snmpd: send_trap: No securityName specified snmpd: send_trap: No securityName specified NET-SNMP version 5.7.2 And an appropriate 'lsof' shows 'snmpd' listening on the proper IPV6 endpoint. At this point I can issue an IPv6 query from another client (in this case a Fedora20 box with the latest Net-SNMP version installed - 5.7.2.1). However in this case I see the client error out with: Timeout: No Response from udp6:[fe80::21b:21ff:fe0a:2103] I can see the request come in on the target (inspect this using 'tcpdump') and I suspect this is failing because of the 'r[ow]community6' error seen above (in fact I see authentication failure traps being issued in this case - likely community string related). Indeed when I issue an "snmpd -H" command on the target I see the following error too: error on subcontainer 'ia_addr' insert (-1) /usr/share/snmp/snmpd.conf: line 126: Warning: Unknown token: rocommunity6. /usr/share/snmp/snmpd.conf: line 132: Warning: Unknown token: rwcommunity6. I have no idea what the 'ia_addr' error is that keeps coming up. Any ideas for what might be going on here? Why isn't the 'agentaddress' token being parsed/handled correctly and why aren't the 'r[ow]community6' tokens being recognized? BTW, my 'snmpd.conf' configuration is super simple (I think) and is based on the suggestions for setting up a non-secure agent (no VACM configuration and only define v1/2c community strings). Let me know if I should post this also. One final thing: my Fedora 20 agent runs fine using the same configuration file (none of the errors are reported and IPv6 client requests are processed properly). So this seems somehow related to the target's snmpd configuration/build. For background here's the Fedora 20 agent autoconf result: [fedora20]# net-snmp-config --configure-options '--build=x86_64-redhat-linux-gnu' '--host=x86_64-redhat-linux-gnu' '--program-prefix=' '--disable-dependency-tracking' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64' '--libexecdir=/usr/libexec' '--localstatedir=/var' '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--disable-static' '--enable-shared' '--with-cflags=-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic -D_RPM_4_4_COMPAT' '--with-ldflags=-Wl,-z,relro -Wl,-z,now' '--with-sys-location=Unknown' '--with-logfile=/var/log/snmpd.log' '--with-persistent-directory=/var/lib/net-snmp' '--with-mib-modules=host agentx smux ucd-snmp/diskio tcp-mib udp-mib mibII/mta_sendmail ip-mib/ipv4InterfaceTable ip-mib/ipv6InterfaceTable ip-mib/ipAddressPrefixTable/ipAddressPrefixTable ip-mib/i pDefaultRouterTable/ipDefaultRouterTable ip-mib/ipv6ScopeZoneIndexTable ip-mib/ipIfStatsTable sctp-mib rmon-mib etherlike-mib ucd-snmp/lmsensorsMib' '--with-libwrap=yes' '--sysconfdir=/etc' '--enable-ipv6' '--enable-ucd-snmp-compatibility' '--with-openssl' '--with-pic' '--enable-embedded-perl' '--enable-as-needed' '--with-perl-modules=INSTALLDIRS=vendor' '--enable-mfd-rewrites' '--enable-local-smux' '--with-temp-file-pattern=/var/run/net-snmp/snmp-tmp-XXXXXX' '--with-transports=DTLSUDP TLSTCP' '--with-security-modules=tsm' '--with-mysql' '--with-systemd' '--with-sys-contact=root@localhost' 'build_alias=x86_64-redhat-linux-gnu' 'host_alias=x86_64-redhat-linux-gnu' 'CFLAGS=-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic' 'LDFLAGS=-Wl,-z,relro ' Please let me know if I've missed submitting (or describing) something. Thanks in advance for any help/pointers on this! Regards, -David PS: The target is able to issue IPv6 *client* requests correctly because I'm able to go in the opposite direction OK; i.e., I can walk, via IPv6, the Fedora 20's 'system' group with the target's 'snmpwalk' utility... ------------------------------------------------------------------------------ _______________________________________________ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
