date:20180406

Re: Does Net-SNMP support AES192 or AES256?

2018-04-06 Thread Bill Fenner

Simon,

The USM AES192 and AES256 support is based upon an Internet Draft, which
never became a standard - therefore, you have to pass
"--enable-blumenthal-aes" to ./configure. (You don't have to enable TSM or
the TLS transports; that's a whole different kettle of fish.)

  Bill


On Fri, Apr 6, 2018 at 12:01 PM, Simon Chamlian 
wrote:

> Thanks for the tip.
>
> I did compile with the following options:
>
> --disable-embedded-perl
> --without-perl-modules with_endianness=big
> --enable-mini-agent
> --with-default-snmp-version="3"
> --enable-ipv6
> --disable-debugging
> --with-sys-contact="who@where"
> --with-logfile="/var/log/snmp"
>
> *--with-transports="DTLSUDP TLSTCP" --with-security-modules="tsm" *
>
>
> Still when I put
>
> createUser User2  MD5 "passwrd-00" AES192 (or AES-192) "default-00"
>
> I get an error message:
>
> snmpd.conf: line 27: Error: unknown privProtocol
>
> So does SNMP 5.8 support AES192 and AES256?
> Is it another syntax I need in snmpd.conf?
>
> Thanks,
>
> S.
>
>
>
>
> On Thu, Apr 5, 2018 at 5:14 PM, Keith Mendoza  wrote:
>
>> Simon,
>> Those options have to be enabled in the configure options. I suggest
>> building with the following configure options:
>> --with-transports="DTLSUDP" --with-security-modules="tsm"
>>
>> There might be other configure options that you need to make it work.
>>
>> Just note though that SNMPv3 RFC _does not_ specify AES192 and AES256;
>> they specified some older algorithms that were "latest and greatest"
>> at the time it was being drafted :(
>>
>> Thanks,
>> Keith
>> Thanks,
>> Keith
>>
>>
>> On Thu, Apr 5, 2018 at 1:54 PM, Simon Chamlian 
>> wrote:
>> >
>> >
>> >
>> > Hi,
>> >
>> > Does Net-SNMP support AES192 or AES256?
>> >
>> > According to this link
>> >
>> > http://www.net-snmp.org/wiki/index.php/Strong_Authentication
>> _or_Encryption
>> >
>> > The short answer is Yes, starting with release 5.8 AES193 and AES256
>> are an
>> > optional configure option.
>> >
>> > So I downloaded version 5.8.pre2 and tried:
>> >
>> >
>> >   createUser user2  SHA "passwrd-00" AES192 "default-00"
>> >   rwuser   user2
>> >
>> >   createUser user3  SHA "passwrd-00" AES256 "default-00"
>> >   rwuser   user3
>> >
>> >
>> > Does not work. I get an error:
>> >   snmpd.conf: line 27: Error: unknown privProtocol
>> >   snmpd.conf: line 31: Error: unknown privProtocol
>> >
>> > Any insight will be highly appreciated.
>> >
>> > S.
>> >
>> >
>> >
>> >
>> > 
>> --
>> > Check out the vibrant tech community on one of the world's most
>> > engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>> > ___
>> > Net-snmp-coders mailing list
>> > Net-snmp-coders@lists.sourceforge.net
>> > https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
>> >
>>
>
>
> 
> --
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> ___
> Net-snmp-coders mailing list
> Net-snmp-coders@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
>
>
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
Net-snmp-coders mailing list
Net-snmp-coders@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders

Re: IRC chat to help our new guard get on board?

2018-04-06 Thread Keith Mendoza

net-snmp developers,
Please join us for an IRC chat on #newguard at freenode.net on April
12 5:30 AM PDT/6:30 AM MDT/7:30 AM CDT/8:30 AM EDT/12:30 PM UTC for a
meet-and-greet with ICEI's newguards who wants to contribute to the
net-snmp project.

Looking forward to chatting with you guys.

Thanks,
Keith


On Wed, Apr 4, 2018 at 10:18 PM, Eric S. Raymond  wrote:
> Keith Mendoza :
>> So far, this is the time that may work for everyone if we do it the
>> week of April 8 (UTC and US time zones): 5:30 AM PDT/6:30 AM MDT/7:30
>> AM CDT/8:30 AM EDT/12:30 PM UTC--6:00 AM PDT/7:00 AM MDT/8:00 AM
>> CDT/9:00 AM EDT/1:00 PM UTC.
>>
>> Eric,
>> How do you feel about having the meeting the week of April 16 to see
>> if we can get better timing and more people to come?
>
> I don't have a preference.  I think you're collecting better information
> to base a decision on than I am.
> --
> http://www.catb.org/~esr/;>Eric S. Raymond
>
> My work is funded by the Internet Civil Engineering Institute: 
> https://icei.org
> Please visit their site and donate: the civilization you save might be your 
> own.
>
>

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
Net-snmp-coders mailing list
Net-snmp-coders@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders

Re: snmpd log file

2018-04-06 Thread Ashutosh Kumar

Hi Simon,

Hope you're doing well.

These weird looking messages are actually representation of the data that
is sent from an snmpd agent to a sub-agent or vice versa.

Generally, when I'm starting my snmpd agent's binary I use the following
command:

*./snmpd -d -Lo -f -c /{Path_to_snmp.conf}/snmpd.conf*

Note the flag -d which indicates that debug mode is on, and the agent will
log/print all the incoming or outgoing packets byte by byte.

To disable these debug messages, you can skip the -d flag and instead use
the following command:

*./snmpd -Lo -f -c /{Path_to_snmp.conf}/snmpd.conf*

Hope it solves your problem.
(By the way, I'm just a beginner with SNMP protocol and net-snmp library.
So pardon me for some mistakes, which might be there in my understanding.
@snmp devs: please correct me, if I've misinterpret something.)

Thanks & Regards,

Ashutosh Kumar

On Fri, Apr 6, 2018 at 1:52 AM, Simon Chamlian 
wrote:

> Hi,
>
> I am seeing some weird messages in the log file generated by snmpd.
>
> Example:
>
> Sending 194 bytes to UDP: [172.27.37.227]:60682->[172.27.42.214]:161
> : 30 81 BF 02  01 03 30 0D  02 01 0A 02  02 05 C0 04
>  0.0.
> 0016: 01 01 02 01  03 04 2E 30  2C 04 0D 80  00 1F 88 80
>  ...0,...
> 0032: 23 29 E6 83  5A C5 2C 68  02 01 0A 02  01 48 04 05
>  #)..Z.,h.H..
> 0048: 41 64 6D 69  6E 04 0C 8D  14 AF 4A EF  E3 C7 E0 13
> hello.J.
> 0064: 8D 33 96 04  00 30 7B 04  0D 80 00 1F  88 80 23 29
>  .3...0{...#)
> 0080: E6 83 5A C5  2C 68 04 00  A2 68 02 01  0A 02 01 00
>  ..Z.,h...h..
> 0096: 02 01 00 30  5D 30 17 06  0F 2B 06 01  04 01 A2 70
>  ...0]0...+.p
> 0112: 02 03 04 01  01 01 02 08  40 04 C0 03  01 FD 30 17
>  @.0.
> 0128: 06 0F 2B 06  01 04 01 A2  70 02 03 04  01 01 01 02
>  ..+.p...
> 0144: 08 40 04 C0  03 01 FD 30  13 06 0F 2B  06 01 04 01
>  .@.0...+
> 0160: A2 70 02 03  04 01 01 01  03 08 04 00  30 14 06 0F
>  .p..0...
> 0176: 2B 06 01 04  01 A2 70 02  03 04 01 01  01 04 08 02
>  +.p.
> 0192: 01 02 ..
>
>
> Received 192 byte packet from UDP: [172.27.37.227]:60682->[172.27.42.214]:161
>
> 
>
>
> How can I disable these messages?
>
> I cannot even find them in source code to comment them out.
>
> Thanks,
> S
>
>
>
>
>
> 
> --
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> ___
> Net-snmp-coders mailing list
> Net-snmp-coders@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
>
>
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
Net-snmp-coders mailing list
Net-snmp-coders@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders

Re: Some bugs that need closing

2018-04-06 Thread Ian Bruene




On 04/06/2018 11:33 AM, Keith Mendoza wrote:

After going through the list, we feel that any bugs created before
2012 Nov 8 should just be closed/dropped at this point. That way we
can focus our efforts on working on bugs that are left after that
date.


I can explain the reasoning behind /this/ particular date. If you sort 
the list of open bugs by last modification time you will find about 
380-something bugs with identical modification dates. Clearly something 
was done to the database at that time - perhaps an upgrade - and those 
bugs haven't been touched since.


I have a difficult time seeing a lump of bugs that haven't been touched 
in five and a half years as vital to keep open. If someone knows of 
specific bugs in that time-frame which are still relevant please point 
us at them, but the undifferentiated mass just increases the bug counter 
to no benefit.


--
/"In the end; what separates a Man, from a Slave? Money? Power? No. A 
Man Chooses, a Slave Obeys."/ -- Andrew Ryan


/"Utopia cannot precede the Utopian. It will exist the moment we are fit 
to occupy it."/ -- Sophia Lamb


--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
Net-snmp-coders mailing list
Net-snmp-coders@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders

Re: Some bugs that need closing

2018-04-06 Thread Keith Mendoza

net-snmp dev team,
Ian and I went through another round of going through the bug lists
for ones that we feel can either be closed, or placed in WONTFIX:
* 1989, 2490, 2101, 1765, 2554: These have proposed patches that
doesn't appear to have been applied.

* 2438: Fixed in patch 1249, which is merged.

* 2462: user had a different version of a library.

* 2327, 2282 2558: These 3 are issues related to the Perl binding
printing messages to STDERR. Patch 1285 as containing the solution.

* 2769: Website has been back up since March 2018 after the migration.

* 2576, 2577: The POC code is suspect to me. Code will never do
snmp_close(); who knows what cleanup is never happening with this not
happening at program termination. At least they didn't
website with a flashy name.

* 2479: Gives screenshot *sigh* but no other info.

* 2429: Not enough info to show that there's indeed a leak.

After going through the list, we feel that any bugs created before
2012 Nov 8 should just be closed/dropped at this point. That way we
can focus our efforts on working on bugs that are left after that
date.

Thanks,
Keith

Thanks,
Keith

On Sun, Apr 1, 2018 at 7:21 AM, Ian Bruene  wrote:
>
>
> On 03/31/2018 02:18 PM, Bill Fenner wrote:
>
> On Wed, Mar 28, 2018 at 1:09 PM, Ian Bruene  wrote:
>>
>>
>> #2823 Is fixed.
>
>
> This was the one that you later mentioned on irc, and the formatting misled
> you into thinking that it was fixed but it isn't?
>
>
> Yes, looking into it now.
>
>
> [various closings]
>
> Thanks!
>   Bill
>
>
> Thanks!
>
> --
> "In the end; what separates a Man, from a Slave? Money? Power? No. A Man
> Chooses, a Slave Obeys." -- Andrew Ryan
>
> "Utopia cannot precede the Utopian. It will exist the moment we are fit to
> occupy it." -- Sophia Lamb
>
>
> --
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> ___
> Net-snmp-coders mailing list
> Net-snmp-coders@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
>

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
Net-snmp-coders mailing list
Net-snmp-coders@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders

Re: Does Net-SNMP support AES192 or AES256?

2018-04-06 Thread Simon Chamlian

Thanks for the tip.

I did compile with the following options:

--disable-embedded-perl
--without-perl-modules with_endianness=big
--enable-mini-agent
--with-default-snmp-version="3"
--enable-ipv6
--disable-debugging
--with-sys-contact="who@where"
--with-logfile="/var/log/snmp"

*--with-transports="DTLSUDP TLSTCP" --with-security-modules="tsm" *


Still when I put

createUser User2  MD5 "passwrd-00" AES192 (or AES-192) "default-00"

I get an error message:

snmpd.conf: line 27: Error: unknown privProtocol

So does SNMP 5.8 support AES192 and AES256?
Is it another syntax I need in snmpd.conf?

Thanks,

S.




On Thu, Apr 5, 2018 at 5:14 PM, Keith Mendoza  wrote:

> Simon,
> Those options have to be enabled in the configure options. I suggest
> building with the following configure options:
> --with-transports="DTLSUDP" --with-security-modules="tsm"
>
> There might be other configure options that you need to make it work.
>
> Just note though that SNMPv3 RFC _does not_ specify AES192 and AES256;
> they specified some older algorithms that were "latest and greatest"
> at the time it was being drafted :(
>
> Thanks,
> Keith
> Thanks,
> Keith
>
>
> On Thu, Apr 5, 2018 at 1:54 PM, Simon Chamlian 
> wrote:
> >
> >
> >
> > Hi,
> >
> > Does Net-SNMP support AES192 or AES256?
> >
> > According to this link
> >
> > http://www.net-snmp.org/wiki/index.php/Strong_
> Authentication_or_Encryption
> >
> > The short answer is Yes, starting with release 5.8 AES193 and AES256 are
> an
> > optional configure option.
> >
> > So I downloaded version 5.8.pre2 and tried:
> >
> >
> >   createUser user2  SHA "passwrd-00" AES192 "default-00"
> >   rwuser   user2
> >
> >   createUser user3  SHA "passwrd-00" AES256 "default-00"
> >   rwuser   user3
> >
> >
> > Does not work. I get an error:
> >   snmpd.conf: line 27: Error: unknown privProtocol
> >   snmpd.conf: line 31: Error: unknown privProtocol
> >
> > Any insight will be highly appreciated.
> >
> > S.
> >
> >
> >
> >
> > 
> --
> > Check out the vibrant tech community on one of the world's most
> > engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> > ___
> > Net-snmp-coders mailing list
> > Net-snmp-coders@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
> >
>
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
Net-snmp-coders mailing list
Net-snmp-coders@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders

Re: Does Net-SNMP support AES192 or AES256?

Re: IRC chat to help our new guard get on board?

Re: snmpd log file

Re: Some bugs that need closing

Re: Some bugs that need closing

Re: Does Net-SNMP support AES192 or AES256?

6 matches

Site Navigation

Mail list logo

Footer information