Hello again,
just another short question regarding SNMP over DTLS!
I am using the NetSNMP::TrapReceiver for decoding incoming traps and to basically send them into a MessageQueue for further processing in another program.
I used the tutorial at http://search.cpan.org/~hardaker/NetSNMP-TrapReceiver-5.0301/TrapReceiver.pm which is working fine for SNMPv3.
For example using a simple snmtrap command with SNMPv3 i get the following snmptrapd output message:
2017-07-12 15:02:28 malp00011.ppc-ag.de [192.168.247.181] (via UDP: [127.0.0.1]:161->[127.0.0.1]:162) TRAP, SNMP v1, community public
NET-SNMP-MIB::netSnmpAgentOIDs.10 Cold Start Trap (0) Uptime: 0:00:00.14
NET-SNMP-MIB::netSnmpAgentOIDs.10 Cold Start Trap (0) Uptime: 0:00:00.14
And the command and output for using DTLS:
snmpinform -T our_identity=68:81:57:BE:22:FA:98:30:F2:6A:9E:97:86:F5:9C:48:76:73:08:08 -T their_identity=1A:E8:10:DA:D0:BB:29:AC:59:9D:36:99:3D:15:92:3C:6F:E4:4B:79 dtlsudp:192.168.2.89:10162 "" coldStart.0
2017-07-12 15:40:19 DTLSUDP: unknown [DTLSUDP: unknown]:
DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (123184649) 14 days, 6:10:46.49 SNMPv2-MIB::snmpTrapOID.0 = OID: SNMPv2-MIB::coldStart.0
DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (123184649) 14 days, 6:10:46.49 SNMPv2-MIB::snmpTrapOID.0 = OID: SNMPv2-MIB::coldStart.0
As you can see it is not possible to get the sender IP address anymore which is really important for the further processing since i need to know from which device i got the trap. Is this a know bug or am i missing some important configurations? I also had to use "snmpinform" since the same command with "snmptrap" results in a "Client Hello", "Hello Verify Request" and then in a "Destination unreachable (Port unreachable)" message in Wireshark and it doesn't even shows up in the Perl Trap Handler.
This is my current NET-SNMP configuration:
./configure --enable-shared --enable-embedded-perl --with-perl-modules --enable-ipv6 --with-security-modules="tsm usm" --with-transports="UDP UDPIPv6 TCPIPv6 TCP DTLSUDP TLSTCP" --with-default-snmp-version=3 --with-logfile="/var/log/snmpd.log" --with-persistent-directory="/var/net-snmp" --with-openssl="/usr/local/ssl/lib"
Thanks in forward for the help!
Best regards,
Kevin
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
