On Fri, Feb 21, 2014 at 11:06:55AM +0100, Bruno Thomsen wrote: > Enabled SHA authentication and AES privacy (encryption) using OpenSSL. > Upgraded from libnl1 to libnl3 dependency. > > Tested SNMPv3 with USM (User-based Security Model) SHA auth + AES priv, > minimal agent option disabled. > > Signed-off-by: Bruno Thomsen <[email protected]> > --- > rules/net-snmp.in | 12 +++++++++++- > rules/net-snmp.make | 14 ++++++++++++-- > 2 files changed, 23 insertions(+), 3 deletions(-) > > diff --git a/rules/net-snmp.in b/rules/net-snmp.in > index 9821328..10bbbd9 100644 > --- a/rules/net-snmp.in > +++ b/rules/net-snmp.in > @@ -5,8 +5,10 @@ menuconfig NET_SNMP > select LIBC_M > select GCCLIBS_GCC_S if NET_SNMP_AGENT > select LIBC_DL if NET_SNMP_AGENT || NET_SNMP_APPLICATIONS > - select LIBNL if NET_SNMP_AGENT || NET_SNMP_APPLICATIONS > + select LIBNL3 if NET_SNMP_AGENT || NET_SNMP_APPLICATIONS
Are you sure about this? libnl3 requieres -$SYSROOT/libnl3 and I don't see how this is added. The rest looks ok, although the whole file could really use come cleanup. But that's unrelated to this patch. Michael > select LM_SENSORS if NET_SNMP_MIB_MODULES_LM_SENSORS > + select OPENSSL if NET_SNMP_SHA_AES > + select NET_SNMP_PRIVACY if NET_SNMP_SHA_AES || NET_SNMP_DES > > if NET_SNMP > > @@ -200,6 +202,10 @@ config NET_SNMP_SNMPV2C > bool > prompt "support for SNMPv2c" > > +config NET_SNMP_PRIVACY > + bool > + prompt "support for privacy (encryption)" > + > config NET_SNMP_DES > bool > prompt "DES encryption" > @@ -208,6 +214,10 @@ config NET_SNMP_MD5 > bool > prompt "MD5 authentication" > > +config NET_SNMP_SHA_AES > + bool > + prompt "SHA authentication and AES encryption" > + > config NET_SNMP_DOM_SOCK_ONLY > bool "Disable UDP/TCP transports for agentx" if NET_SNMP_AGENT > default y > diff --git a/rules/net-snmp.make b/rules/net-snmp.make > index 6bdecd8..1397c2c 100644 > --- a/rules/net-snmp.make > +++ b/rules/net-snmp.make > @@ -47,7 +47,6 @@ NET_SNMP_AUTOCONF := \ > $(GLOBAL_IPV6_OPTION) \ > --with-defaults \ > --disable-manuals \ > - --without-openssl \ > --with-mib-modules="$(NET_SNMP_MIB_MODULES-y)" \ > --with-out-mib-modules="$(NET_SNMP_MIB_MODULES-)" \ > --with-mibs=$(PTXCONF_NET_SNMP_DEFAULT_MIBS) \ > @@ -58,7 +57,6 @@ NET_SNMP_AUTOCONF := \ > --disable-embedded-perl \ > --without-perl-modules \ > --disable-static \ > - --disable-privacy \ > --disable-internal-md5 \ > --$(call ptx/endis, > PTXCONF_NET_SNMP_DOM_SOCK_ONLY)-agentx-dom-sock-only \ > --enable-mib-config-checking \ > @@ -121,6 +119,12 @@ else > NET_SNMP_AUTOCONF += --disable-snmpv2c > endif > > +ifdef PTXCONF_NET_SNMP_PRIVACY > +NET_SNMP_AUTOCONF += --enable-privacy > +else > +NET_SNMP_AUTOCONF += --disable-privacy > +endif > + > ifdef PTXCONF_NET_SNMP_DES > NET_SNMP_AUTOCONF += --enable-des > else > @@ -133,6 +137,12 @@ else > NET_SNMP_AUTOCONF += --disable-md5 > endif > > +ifdef PTXCONF_NET_SNMP_SHA_AES > +NET_SNMP_AUTOCONF += --with-openssl > +else > +NET_SNMP_AUTOCONF += --without-openssl > +endif > + > ifdef PTXCONF_NET_SNMP_SNMPTRAPD > NET_SNMP_AUTOCONF += --enable-snmptrapd-subagent > else > -- > 1.7.9.5 > > > -- > ptxdist mailing list > [email protected] > -- Pengutronix e.K. | | Industrial Linux Solutions | http://www.pengutronix.de/ | Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 | -- ptxdist mailing list [email protected]
