Apparently I do like to break the rules! :) Thank you so much for taking the time to do this testing. I use com2sec (and the other items) in the snmpd.conf file to declare my v2c community strings. It turns out that there's a discrepancy with how the backslash is handled in the code. One function treats it as an escape character and another does not.
I opened a bug report and submitted a patch: https://sourceforge.net/p/net-snmp/bugs/2765/ ---- On Tue, 14 Feb 2017 23:57:55 -0800 Fredrik Björk<f...@skulle.se> wrote ---- > Hi! > > You really like to bend the rules, don't you :) Keep it up, I like it! > > I tried this in a Juniper EX: > > admin@EX2200# show snmp | display set > set snmp community public authorization read-only > set snmp community test authorization read-only > set snmp community "test\\" authorization read-only" > set snmp community "test\\test" authorization read-only > > It turned out kind of weird: > > admin@EX2200# show snmp > community rwcomm { > authorization read-only; > client-list-name TELE2-MGMT; > } > community public { > authorization read-only; > } > community test { > authorization read-only; > } > community "test\\" authorization read-only"; <- Not the normal > syntax, but checks out! > community "test\\test" { > authorization read-only; > } > > committed and running... > > snmpbulkwalk -v 2c -c 'test\\test' 10.67.11.253 SNMPv2-MIB::sysDescr > -m all > SNMPv2-MIB::sysDescr.0 = STRING: Juniper Networks, Inc. ex2200-c-12p-2g > Ethernet Switch, kernel JUNOS 15.1R1.8, Build date: 2015-05-29 08:09:50 > UTC Copyright (c) 1996-2015 Juniper Networks, Inc. > > # snmpbulkwalk -v 2c -c 'test\\test' 10.67.11.253 > SNMPv2-MIB::sysDescr > -m all > SNMPv2-MIB::sysDescr.0 = STRING: Juniper Networks, Inc. ex2200-c-12p-2g > Ethernet Switch, kernel JUNOS 15.1R1.8, Build date: 2015-05-29 08:09:50 > UTC Copyright (c) 1996-2015 Juniper Networks, Inc. > > tcpdump of it: > > 08:42:53.851825 IP (tos 0x0, ttl 64, id 61330, offset 0, flags [DF], > proto UDP (17), length 74) > 10.67.11.11.50819 > 10.67.11.253.161: { SNMPv2c C=test\\test { > GetBulk(27) R=578438959 N=0 M=10 .1.3.6.1.2.1.1.1 } } > 08:42:53.893568 IP (tos 0x0, ttl 64, id 8022, offset 0, flags [none], > proto UDP (17), length 400) > 10.67.11.253.161 > 10.67.11.11.50819: { SNMPv2c C=test\\test { > GetResponse(349) R=578438959 .1.3.6.1.2.1.1.1.0="Juniper Networks, Inc. > ex2200-c-12p-2g Ethernet Switch, kernel JUNOS 15.1R1.8, Build date: > 2015-05-29 08:09:50 UTC Copyright (c) 1996-2015 Juniper Networks, Inc." > .1.3.6.1.2.1.1.2.0=.1.3.6.1.4.1.2636.1.1.1.2.43 > .1.3.6.1.2.1.1.3.0=851048621 .1.3.6.1.2.1.1.4.0="" > .1.3.6.1.2.1.1.5.0="EX2200" .1.3.6.1.2.1.1.6.0="" .1.3.6.1.2.1.1.7.0=6 > .1.3.6.1.2.1.2.1.0=63 .1.3.6.1.2.1.2.2.1.1.4=4 .1.3.6.1.2.1.2.2.1.1.5=5 } } > > I also tried "test\test" for community and it worked (and sent > "test\test" on the wire according to tcpdump). > > So, in the Juniper case, it actually works. JunOS seems to interpret the > first "test \\" in a special way (seems to include the " in the > process), but the others work like a charm. > > Even an Alcatel 6250-8M works: > > # snmpbulkwalk -v 2c -c 'test\\test' 10.67.11.5 SNMPv2-MIB::sysDescr > -m all > SNMPv2-MIB::sysDescr.0 = STRING: Alcatel-Lucent OS6250-8M 6.7.1.108.R04 > Service Release, January 04, 2017. > > > That said, I wouldn't trust this method to work on any given system > without testing, so I'd strongly advise against using \ in a community > for devices where you may or may not have 100 % control of them. It > could even be that in the next software release you put on a > switch/router/... it stops working, not to mention how to use these > special communities in different NMS applications. I'm pretty sure you > can easily find a switch model that won't interpret the \ correctly in a > community. Just because it works at one point, doesn't necessaily mean > that it's a good idea to use it :) > > /Fredrik > > Den 2017-02-14 kl. 22:10, skrev christopher.wu: > > I'm trying to determine if a community name or userid can contain a > > backslash. I've created a v2c SNMP community name called "testing\" > > and I cannot get it to work with an snmpwalk (I tried with version 5.7.3 > > on Linux). I realize that backslash is an escape character so I made sure > > to account for that in the command line. > > > > snmpwalk -m ALL -M . -v 2c -c testing\\ 10.10.11.1 sysUpTime > > Timeout: No Response from 10.10.11.1 > > > > I did a trace to verify that "testing\" is sent via the network. > > > > sudo tcpdump -n -vvv -i eth0 port 161 > > tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size > > 65535 bytes > > 19:02:11.223073 IP (tos 0x0, ttl 64, id 26922, offset 0, flags [DF], proto > > UDP (17), length 72) > > 10.10.11.2.44029 > 10.10.11.1.161: [bad udp cksum 0x2a5c -> 0x6912!] { > > SNMPv2c C=testing\ { GetNextRequest(27) R=1008098937 .1.3.6.1.2.1.1.3 > > } } > > 19:02:12.224149 IP (tos 0x0, ttl 64, id 26989, offset 0, flags [DF], proto > > UDP (17), length 72) > > 10.10.11.2.44029 > 10.10.11.1.161: [bad udp cksum 0x2a5c -> 0x6912!] { > > SNMPv2c C=testing\ { GetNextRequest(27) R=1008098937 .1.3.6.1.2.1.1.3 > > } } > > 19:02:13.225253 IP (tos 0x0, ttl 64, id 27002, offset 0, flags [DF], proto > > UDP (17), length 72) > > > > I even modified the code in netsnmp_udp_getSecName() to verify that > > "testing\" was being compared and both sides of the comparison had > > that value. > > > > If I remove the backslash it works fine. Is backslash not allowed or is > > this a bug? > > > > > > ------------------------------------------------------------------------------ > > > > Check out the vibrant tech community on one of the world's most > > engaging tech sites, SlashDot.org! http://sdm.link/slashdot > > _______________________________________________ > > Net-snmp-users mailing list > > Net-snmp-users@lists.sourceforge.net > > Please see the following page to unsubscribe or change other options: > > https://lists.sourceforge.net/lists/listinfo/net-snmp-users > > > ------------------------------------------------------------------------------ > > Check out the vibrant tech community on one of the world's most > engaging tech sites, SlashDot.org! http://sdm.link/slashdot > _______________________________________________ > Net-snmp-users mailing list > Net-snmp-users@lists.sourceforge.net > Please see the following page to unsubscribe or change other options: > https://lists.sourceforge.net/lists/listinfo/net-snmp-users > > ------------------------------------------------------------------------------ Announcing the Oxford Dictionaries API! The API offers world-renowned dictionary content that is easy and intuitive to access. Sign up for an account today to start using our lexical data to power your apps and projects. Get started today and enter our developer competition. http://sdm.link/oxford _______________________________________________ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
