On Thu, Mar 13, 2014 at 03:20:26PM +0100, Bruno Thomsen wrote: > Enabled SHA authentication and AES privacy (encryption) using OpenSSL. > Upgraded from libnl1 to libnl3 dependency, and explicitly request libnl3. > Disable minimal agent when privacy is enabled. > > Tested SNMPv3 with USM (User-based Security Model) SHA auth + AES priv, > minimal agent option disabled.
This still doesn't work with nl3: ptxdist -f clean && ptxdist prepare net-snmp [...] checking for library containing nl_connect... no [...] I've applied this without the nl1 -> nl3 change. Michael > > Signed-off-by: Bruno Thomsen <[email protected]> > --- > rules/net-snmp.in | 13 ++++++++++++- > rules/net-snmp.make | 5 +++-- > 2 files changed, 15 insertions(+), 3 deletions(-) > > diff --git a/rules/net-snmp.in b/rules/net-snmp.in > index 9821328..052e59e 100644 > --- a/rules/net-snmp.in > +++ b/rules/net-snmp.in > @@ -5,8 +5,10 @@ menuconfig NET_SNMP > select LIBC_M > select GCCLIBS_GCC_S if NET_SNMP_AGENT > select LIBC_DL if NET_SNMP_AGENT || NET_SNMP_APPLICATIONS > - select LIBNL if NET_SNMP_AGENT || NET_SNMP_APPLICATIONS > + select LIBNL3 if NET_SNMP_AGENT || NET_SNMP_APPLICATIONS > select LM_SENSORS if NET_SNMP_MIB_MODULES_LM_SENSORS > + select OPENSSL if NET_SNMP_SHA_AES > + select NET_SNMP_PRIVACY if NET_SNMP_SHA_AES || NET_SNMP_DES > > if NET_SNMP > > @@ -174,6 +176,7 @@ endchoice > config NET_SNMP_MINI_AGENT > bool > default y > + depends on ! NET_SNMP_PRIVACY > prompt "minimal agent" > > config NET_SNMP_AGENT > @@ -200,6 +203,10 @@ config NET_SNMP_SNMPV2C > bool > prompt "support for SNMPv2c" > > +config NET_SNMP_PRIVACY > + bool > + prompt "support for privacy (encryption)" > + > config NET_SNMP_DES > bool > prompt "DES encryption" > @@ -208,6 +215,10 @@ config NET_SNMP_MD5 > bool > prompt "MD5 authentication" > > +config NET_SNMP_SHA_AES > + bool > + prompt "SHA authentication and AES encryption" > + > config NET_SNMP_DOM_SOCK_ONLY > bool "Disable UDP/TCP transports for agentx" if NET_SNMP_AGENT > default y > diff --git a/rules/net-snmp.make b/rules/net-snmp.make > index 6bdecd8..fd97886 100644 > --- a/rules/net-snmp.make > +++ b/rules/net-snmp.make > @@ -47,18 +47,19 @@ NET_SNMP_AUTOCONF := \ > $(GLOBAL_IPV6_OPTION) \ > --with-defaults \ > --disable-manuals \ > - --without-openssl \ > + --$(call ptx/wwo, PTXCONF_NET_SNMP_SHA_AES)-openssl \ > --with-mib-modules="$(NET_SNMP_MIB_MODULES-y)" \ > --with-out-mib-modules="$(NET_SNMP_MIB_MODULES-)" \ > --with-mibs=$(PTXCONF_NET_SNMP_DEFAULT_MIBS) \ > --with-logfile=$(call remove_quotes,$(PTXCONF_NET_SNMP_LOGFILE)) \ > --with-persistent-directory=$(call > remove_quotes,$(PTXCONF_NET_SNMP_PERSISTENT_DIR)) \ > --with-default-snmp-version=$(call > remove_quotes,$(PTXCONF_NET_SNMP_DEFAULT_VERSION)) \ > + --$(call ptx/wwo, PTXCONF_LIBNL3)-nl$(call ptx/ifdef, PTXCONF_LIBNL3, > =$(SYSROOT)/usr/include/libnl3, ) \ > --enable-shared \ > --disable-embedded-perl \ > --without-perl-modules \ > --disable-static \ > - --disable-privacy \ > + --$(call ptx/endis, PTXCONF_NET_SNMP_PRIVACY)-privacy \ > --disable-internal-md5 \ > --$(call ptx/endis, > PTXCONF_NET_SNMP_DOM_SOCK_ONLY)-agentx-dom-sock-only \ > --enable-mib-config-checking \ > -- > 1.7.9.5 > > > -- > ptxdist mailing list > [email protected] > -- Pengutronix e.K. | | Industrial Linux Solutions | http://www.pengutronix.de/ | Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 | -- ptxdist mailing list [email protected]
