Re: Enterprise subtree problem...

[cnelson]

 ...
 If I can see the subtree using snmptranslate, but not snmpwalk, 
 ...

As I understand it, snmptranslate processes the MIB files on your local
system but snmpwalk talks to the remote agent.  You can have MIB files
for all sorts of MIBs that aren't implemented in the agent.

-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Does disman require IPv6?

[cnelson]

I'm trying to add DISMAN MIB support to an existing configuration,
cross-compiling Net-SNMP v5.2.2 from Intel Linux to ARM Linux.  I
configure like this:

export CROSS_COMPILE=arm-linux
ac_cv_CAN_USE_SYSCTL=no \
export CFLAG=-I/opt/denx/arm/usr/include/linux
./configure --prefix=/usr \
--target=arm-linux \
--host=arm-linux \
--build=i386-pc-linux \
--with-openssl=/usr/local/ssl/bin \
--with-endianness=little \
--with-cc=arm-linux-gcc \
--with-ar=arm-linux-ar \
--with-install-prefix=/IPm \
--with-cflags=-O2 \
--enable-applications \
--disable-scripts \
--disable-debugging \
--without-kmem-usage \
--disable-mib-loading \
--with-out-mib-modules=examples/ucdDemoPublic \
--with-mib-modules=disman \
--disable-ipv6 \
--with-sys-location=Set location of switch \
--with-sys-contact=Set name (and e-mail) of contact for
switch \
--with-logfile=/var/log/snmpd.log \
--with-default-snmp-version=3 \
--with-persistent-directory=/var/net-snmp \
--with-persistent-mask=007

and the build complains that pingCtlTable.h can't find in6.h and ipv6.h
to include.  But I've disabled IPv6.  Does disman require ipv6?  If so,
it'd be nice if configure told me that.  Or is pingCtrTable.h not
sufficiently parameterized with #ifdef stuff to disable ipv6 when ipv6
isn't to be used?  I'll take a crack at fixing this but I'm not sure
what direction to go in.

 Chris

P.S. I'm also curious about this section in pingCtlTable.h:

  /* #include linux/in6.h */
  /* #include linux/ipv6.h */

  #include in6.h
  #include ipv6.h

which looks a little weird and inconsistent.


-
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT  business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: Does disman require IPv6?

[cnelson]

 On 05/04/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
  Does disman require ipv6?
 
 No.

Thanks.


Or is pingCtrTable.h not
  sufficiently parameterized with #ifdef stuff to disable ipv6 when 
  ipv6 isn't to be used?
 
 The DisMan code in general is relatively immature in the 5.2.x line,
 and I wouldn't recommend relying too heavily on it.  Things have
 improved significantly in the 5.3.x and 5.4 releases.
 
   The RemoteOps implementations in particular (ping et al)
 are even less reliable, and have been removed from the disman
 build altogether in 5.3.x and above.   (I'm a little surprised to
 realise that they're still included in the current 5.2.x disman.h,
 but it's probably too late to change that).
 
 It does not surprise me in the slightest that you're having problems
 with these particular modules.  I'd suggest you delete from disman.h,
 and rebuild.

Delete *what* from disman.h?


Isn't the monitor directive part of disman?  That's what I really want.
 If I don't have to include disman to get it, what configure directive
do I need to get monitor?

-
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT  business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: Does disman require IPv6?

[cnelson]

 On 05/04/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
 ...
  Isn't the monitor directive part of disman?
 
 It's part of the DisMan Event MIB, yes.
 But that's only one of a collection of MIBs produced by the DisMan
 working group.
 
 That's what I really want.
 
 Then all you need is disman/event-mib.
 Configure with that, and don't worry about using the higher-level
 disman grouping module.

Bingo!  Thanks.



-
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT  business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: Monitoring disk usage

[cnelson]

 On 23/03/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
  I can't get these traps to fire.  Then again, when I try to walk
  dskTable, I get a failiure response so maybe that MIB isn't in my 
  agent.  But I tried with memTotalFree and nothing happens.
  /usr/share/snmpd/snmpd.conf contains:
 
agentSecName internal
rouser internal
monitor -r 30 memTotalFree  2500
 
 Silly question, but do you have a createUser internal ... anywhere?

Uhm, no.  That was a flaw in that particular experiment.  I create new
users so infrequently that I kind of thought the rouser internal line
did that here.

 Try running the agent using the debug flag -Ddisman
 What output do you see?

I've found that disman is not built into my agent and that when I try to
build it in, I get lots of compiler errors (apparently due to missing
includes in my cross-build tool chain).  I'm still battling with it.

-
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT  business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: Monitoring disk usage

[cnelson]

 On 22/03/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
   The other possibility would be to set up a monitor entry on 
   dskUsed. Slightly forced, but a delta monitor compared against
   0 might fo the trick.
 
  That sounds great but I admit the snmpd.conf man page isn't 
  sufficiently clear to me for me to do that.  Got any examples?
 
 Untested but:
 
monitor -D    dskUsed  0
 ...

I can't get these traps to fire.  Then again, when I try to walk
dskTable, I get a failiure response so maybe that MIB isn't in my agent.
 But I tried with memTotalFree and nothing happens. 
/usr/share/snmpd/snmpd.conf contains:

  agentSecName internal
  rouser internal
  monitor -r 30 memTotalFree  2500

and when I look at the system I see:

  ~ # grep -i memfree /proc/meminfo
  MemFree:  1848 kB

and when I try to get memTotalFree with snmpwalk, I get meaningful
values.  But never a trap.  How can I diagnose the problem?  I looked at
versionConfigureOptions and there doesn't seem to be anything there that
disables these traps (or dskTable, for that matter).  I've tried running
snmpd -f but it doesn't complain about any unknown options or anything.

-
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT  business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Monitoring disk usage

[cnelson]

I've seen and experimented with the disk directive in snmpd.conf but
it's not quite doing what I need and I'm hoping someone can suggest a
way to use it or another method to accomplish what I need.

I have several programs which log to /var/log.  Generally, there are
links there that point to /dev/null so I can enable logging by removing
the link and restarting the program.  But if I ship a system without the
links or add a new log source and don't create the link or something, I
could end up with an ever-growing log file.  

What I'd like to do is be able to remotely determine if any file in
/var/log is growing.  I suppose I could have a startup script which
figured out the current usage on /, subtracted from 100, and put that in
as a percentage in snmpd.conf but that's kind of indirect and awkward. 
Is there a better way?

Chris

-
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT  business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: Monitoring disk usage

[cnelson]

  ...
  The other possibility would be to set up a monitor entry on 
  dskUsed. Slightly forced, but a delta monitor compared against 0 
  might fo the trick.
 
 That sounds great but I admit the snmpd.conf man page isn't 
 sufficientlyclear to me for me to do that.  Got any examples?

http://www.net-snmp.org/docs/man/snmpd.examples.html may do the trick...

-
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT  business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: Monitoring disk usage

[cnelson]

 On 22/03/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
   The other possibility would be to set up a monitor entry on 
   dskUsed. Slightly forced, but a delta monitor compared against 
   0 might fo the trick.
 
  That sounds great but I admit the snmpd.conf man page isn't 
  sufficiently clear to me for me to do that.  Got any examples?
 
 Untested but:
 
monitor -D    dskUsed  0
 
 (which would trigger on *any* increase in these files),
 ...

I've got:

   monitor -u private -r 10 -D Log growth dskUsed  0

which it seems to me should use private's privileges (private is a rw
user) to monitor disk usage every 10 seconds and send the default trap
when it changes at all.  I get link up/down traps at the expected
address but nothing about disk usage.


-
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT  business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

MIBs for IEEE compliance?

[cnelson]

I'm reviewing the PICS for 802.1Q-2005 and trying to relate it to SNMP
MIB entries.  Section A.14 is all about management.  Some of the items
are fairly clear to me; for MGT-3, I can see that the sysDescr seems to
satisfy the requirement.  But some are quite unclear; does any standard
MIB support Discover Bridge as described in 802.1Q-2005, Section
12.4.1.1?  Is there any resource which relates PICS items and MIB
entries? 

-
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT  business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

unknown value

[cnelson]

In various MIBs I see unknown sometimes as the lowest value and
sometimes as the highest.  

ipv6IfNetToMediaState OBJECT-TYPE
SYNTAX  INTEGER {
 reachable(1), -- confirmed reachability

 ...

 unknown(6)-- state can not be determined
   -- for some reason.
}

and

dot1dStpProtocolSpecification OBJECT-TYPE
SYNTAX  INTEGER {
unknown(1),
decLb100(2),
ieee8021d(3)
}

Is it just random or is one an old convention and one new?  Which is
preferred for new MBIs?  It seems to me that 0 (or the lowest value) is
better because we might lack the foresight to realize that more values
will be needed later and if we use the highest, current value, we run
the risk of having unknown in the middle of the list.


-
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Can I get snmptranslate to tell me where it's finding MIBs?

[cnelson]

When I run snmptranslate, it finds things that aren't in
/usr/share/snmp/mibs/*.txt.  Where else is it looking?  Can I get it to
tell me its search path?


-
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Identifier scoping in MIBs

[cnelson]

OK, I'm a little slow today.  Sorry for harrassing the list.

What is the scope of identifers in MIBs.  If I do:

pppTable OBJECT-TYPE
SYNTAX  SEQUENCE OF PppEntry
MAX-ACCESS  not-accessible
STATUS  current
DESCRIPTION
A list of interface entries.
::= { myTables 1 }

pppEntry OBJECT-TYPE
SYNTAX  PppEntry
MAX-ACCESS  not-accessible
STATUS  current
DESCRIPTION
An entry containing management information applicable to a
particular interface.
INDEX   { ifIndex }
::= { pppTable 1 }

PppEntry ::=
SEQUENCE {
ifIndex InterfaceIndex
}

Why does http://www.ibr.cs.tu-bs.de/bin/smitools.cgi complain:

mibs/SOMEMIB.txt:243: [5] {identifier-external-redefined} warning:
redefinition of identifier `IF-MIB::ifIndex'
/usr/local/share/mibs/ietf/IF-MIB:185: [6] {previous-definition} info:
previous definition of `ifIndex'


I don't want to redefine the IF-MIB ifEntry, I want my own.





-
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Renaming a MIB entity

[cnelson]

I was a little short sighted in creating a MIB a year or so ago.  I have
an entity with too-restictive a name.  I'd like to revise the MIB so
that with the new one in place users can use symbolic names to get the
entity with a more meaninful name.  Basically, I've got a branch in my
MIB tree something like foo9portBar when it should really just be
fooBar.  Is there a way to put an alias or something in my MIB so with
the new MIB in place, a user will get the same result from:

   snmptranslate -I b foo9portBar

and

   snmptranslate -I b fooBar

?

 Chris

Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Fwd: Re: One table, two agents?

[cnelson]

I don't believe I got any feedback on this.  (Maybe I deleted it in an
overzealous SPAM purge.)  I'd really appreciate some input on this.  The
best I've come up with is to take the ifTable structure and graft it
onto my enterprise MIB but that seems kludgey.
---BeginMessage---
 Can I have two subagents each responsible for a diferent range of 
 recordin a table?  ...

Well, I've half answered my own question.  Section 4.1 of RFC 2741
(AgentX) says:

   An entity acting in a subagent role performs the following functions:
  ...
  -  Registers MIB regions with the master agent.

and I'm tantalized by 4.2 which says

   This section discusses several typical usage scenarios.
   ...
   2) Subagents implement rows in a simple table.  A simple table is
  one in which row creation is not specified, and for which the MIB
  does not define an object that counts entries in the table.
  Examples of simple tables are rdbmsDbTable, udpTable, and
  hrSWRunTable.

But then I'm disheartened by

   5) Subagents implement rows in tables whose MIB also defines an
  object that counts entries in the table, for example the MIB-2
  ifTable (due to ifNumber).  The subagent that implements such a
  counter object (like ifNumber) must go beyond AgentX to correctly
  implement it.  This is an implementation issue (and most new MIB
  designs no longer include such objects).

Because, of course, the table I need to split between subagents is
ifTable!  I want to write a PPP sub-agent which supplements the system's
idea of ifNumber with however many PPP interfaces are configured and
active.  I'd be very grateful for brainstorming on techniques to go
beyond AgentX to accomplish that.  I have as a strict requirement that
I assume an existing agent or subagent that implements ifTable and that
I can't change that existing code.  How can I install a PPP subagent
that coerces the master agent to summing multiple ifNumbers or something
and taking rows from multiple subagents?  (I don't mind at all if the
master agent has to be Net-SNMP's snmpd; Net-SNMP on Linux is the only
target I absolutely have to support.)

TIA.

   Chris


---
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users
---End Message---

Re: One table, two agents?

[cnelson]

 Can I have two subagents each responsible for a diferent range of 
 recordin a table?  ...

Well, I've half answered my own question.  Section 4.1 of RFC 2741
(AgentX) says:

   An entity acting in a subagent role performs the following functions:
  ...
  -  Registers MIB regions with the master agent.

and I'm tantalized by 4.2 which says

   This section discusses several typical usage scenarios.
   ...
   2) Subagents implement rows in a simple table.  A simple table is
  one in which row creation is not specified, and for which the MIB
  does not define an object that counts entries in the table.
  Examples of simple tables are rdbmsDbTable, udpTable, and
  hrSWRunTable.

But then I'm disheartened by

   5) Subagents implement rows in tables whose MIB also defines an
  object that counts entries in the table, for example the MIB-2
  ifTable (due to ifNumber).  The subagent that implements such a
  counter object (like ifNumber) must go beyond AgentX to correctly
  implement it.  This is an implementation issue (and most new MIB
  designs no longer include such objects).

Because, of course, the table I need to split between subagents is
ifTable!  I want to write a PPP sub-agent which supplements the system's
idea of ifNumber with however many PPP interfaces are configured and
active.  I'd be very grateful for brainstorming on techniques to go
beyond AgentX to accomplish that.  I have as a strict requirement that
I assume an existing agent or subagent that implements ifTable and that
I can't change that existing code.  How can I install a PPP subagent
that coerces the master agent to summing multiple ifNumbers or something
and taking rows from multiple subagents?  (I don't mind at all if the
master agent has to be Net-SNMP's snmpd; Net-SNMP on Linux is the only
target I absolutely have to support.)

TIA.

   Chris


---
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: One table, two agents?

[cnelson]

 ...
   This section discusses several typical usage scenarios.
   ...
   2) Subagents implement rows in a simple table.  A simple table is
  one in which row creation is not specified, and for which the 
  MIB does not define an object that counts entries in the table.
  Examples of simple tables are rdbmsDbTable, udpTable, and
  hrSWRunTable.
 
 But then I'm disheartened by
 
   5) Subagents implement rows in tables whose MIB also defines an
  object that counts entries in the table, for example the MIB-2
  ifTable (due to ifNumber).  The subagent that implements such a
  counter object (like ifNumber) must go beyond AgentX to 
  correctly implement it.  This is an implementation issue (and 
  most new MIB designs no longer include such objects).
 
 Because, of course, the table I need to split between subagents is
 ifTable!  ...

Moving on, I want to implement ifAddrTable in my PPP subagent.  It
should supplement the ifAddrTable rows that (I believe) come out of the
master agent (snmpd).  There is nothing like ifNumber in this table but
though I build a subagent that registers to handle ifTable, I get only
the rows handled by the master.  How do I get my subagent to be able to
add to snmpd's ifAddrTable?

  Chris


---
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

MIBs for RS232 and PPP

[cnelson]

In case someone else cares, I'm in the process of implementing MIBs for
RS232-like devices (RFC 1317) and PPP (several RFCs, not sure which I'll
get to).  I'm targeting Linux and New-SNMP and hope to release the
implementation as an open source AgentX subagent.  I've had some
interest from the pppd project in rolling this subagent in with their
distribution.

   Chris


---
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

One table, two agents?

[cnelson]

Can I have two subagents each responsible for a diferent range of record
in a table?  RFC 1471 says that the RS232 interface underlying a PPP
link should have an entry in ifTable but I've got an existing subagent
that deals with my real network interfaces and I'd rather not clutter
it with PPP code.  What I really want to do is write a subagent that
deals with all PPP-related data.  So I'd want my existing subagent to
continue to be responseible for 

   RFC1213-MIB::ifIndex.1 = INTEGER: 1
   ...
   RFC1213-MIB::ifIndex.9 = INTEGER: 9
   RFC1213-MIB::ifIndex.16 = INTEGER: 16
   RFC1213-MIB::ifDescr.1 = STRING: Port 1
   ...
   RFC1213-MIB::ifDescr.9 = STRING: Port 9
   RFC1213-MIB::ifDescr.16 = STRING: Management port
   RFC1213-MIB::ifType.1 = INTEGER: ethernet-csmacd(6)
   ...
   RFC1213-MIB::ifType.9 = INTEGER: ethernet-csmacd(6)

but have my PPP subagent responible for something like:

   RFC1213-MIB::ifIndex.100 = INTEGER: 100
   RFC1213-MIB::ifDescr.100 = STRING: ppp0
   RFC1213-MIB::ifType.100 = INTEGER: ppp(23)
   RFC1213-MIB::ifSpecific.101 = something that refers to 101 below
   RFC1213-MIB::ifIndex.101 = INTEGER: 101
   RFC1213-MIB::ifDescr.101 = STRING: ttyS01
   RFC1213-MIB::ifType.101 = INTEGER: other(1)

Can I do that?  Can I make multiple subagents responsible for different
ranges of the same table?  Where do I adjust that?

TIA.

 Chris







---
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Which MIBs for PPP?

[cnelson]

RFC 1473 is pretty clear on its applicability:

   This document specifies the following group:

   The PPP IP Group

   The PPP IP Group contains configuration, status, and control
   variables that apply to the operation of IP over PPP.

   Implementation of this group is mandatory for all implementations
   of PPP that support IP over PPP.

But (earlier) it also says:

   The PPP MIB is organized into several MIB Groups, including, but not
   limited to, the following groups:

  o The PPP Link Group
  o The PPP LQR Group
  o The PPP LQR Extensions Group
  o The PPP IP Group
  o The PPP Bridge Group
  o The PPP Security Group

Without clear references to where those groups come from.  Since
PPP-IP-NCP-MIB imports ppp from PPP-LCP-MIB, I guess I need to at least
look at RFC1471.  I'm not so sure of the others.

I also found RFC 1317 which shows PPP in a protocol stack with RS-232
says:

   The RS-232-like Hardware Device MIB is mandatory for all systems
   that have such a hardware port supporting services managed
   through some other MIB, for example, the Character MIB or PPP MIB.

But the objects defined in 1317 are numerous, don't seem particularly
useful to me, and at least some of them will be difficult to implement.

So, mandatory or not, what MIBs are commonly implemented on systems
supporting PPP?

Chris



---
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

MIB warnings I don't understand

[cnelson]

I'm trying to add to an existing, private MIB and I'm having no end of
trouble.  I was previously pointed to the MIB lint sort of tool at
http://www.ibr.cs.tu-bs.de/bin/smitools.cgi and it's very nice.  I
cleaned up quite a few little things that have been in my MIB for some
time.  However, I'm left with two things I don't understand.

First, smitools.cgi says:

mibs/MY-MIB.txt:171: [5] {identifier-external-redifined} warning:
redefinition of identifier `IF-MIB::ifIndex'
/usr/local/share/mibs/ietf/IF-MIB:185: [6] {previous-definition} info:
previous definition of `ifIndex'

Where I've got:

ifIndex OBJECT-TYPE
SYNTAX  InterfaceIndex
MAX-ACCESS  not-accessible
STATUS  current
DESCRIPTION 
::= { portTestEntry 1 }
 
I don't understand MIB scoping but I'd have expected I was creating this
object in *my* MIB, not as a global  Why the conflict?


Second, smitool.cgi complains:

mibs/MY-MIB.txt:82: [4] {group-membership} warning: node `p1status'
must be contained in at least one conformance group
mibs/MY-MIB.txt:94: [4] {group-membership} warning: node `p2status'
must be contained in at least one conformance group

(and 8 other objects, too).  Confirmance group?  What's that?

Chris



---
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnkkid=110944bid=241720dat=121642
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: What's Too Long mean? - resolved

[cnelson]

My client appears to have been built with bad headers.  I maintain two
builds: one for a big-endian system, one for a little-endian system and
somehow something didn't get completely updated when I switched.  I did
a thorough cleaning this morning, rebuild for the problem platform and
it works now.  Thanks for the direction on adding debug tokens.  I've
filed it for future reference.

  Chris


---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnkkid=103432bid=230486dat=121642
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: What's Too Long mean?

[cnelson]

 On Mon, 2006-01-30 at 16:32 -0500, [EMAIL PROTECTED] wrote:
  I have an application based on Net-SNMP v5.2 which I build for 
  PPC and Arm.  On PPC it works fine.  On Arm [it] gives
  
 GetSysValues: Too Long
  
  in the log.  Can someone help me understand what that's about?

 ...
 
 Try running with '-Dsess_async_send,usm to pin down exactly
 what is throwing this particular error.

That produces no output.

Strangely, I can get the desired values with snmpwalk from another
system, it's the function which does on-node access for the UI that
fails.  That uses a different community but why that should lead to Too
long is a mystery.  (The community strings are the same length.)
shrug  I'll look into the source more, see where that maximum message
size is set and used.


---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnkkid=103432bid=230486dat=121642
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: What's Too Long mean?

[cnelson]

 On Tue, 2006-01-31 at 08:25 -0500, [EMAIL PROTECTED] wrote:
  But I ran _snmpd_ with -Dsess_async_send and I think this is
  reported by the client.  Did you mean to run the client with -D?
 
 It could be either.
 It might be the agent receiving the request, but being unable
 to return a response.  Or the client may be unable to send
 the request in the first place.
   Running the agent with '-d' would indicate whether it's
 receiving the request or not.

Apparently not, no output.

 (Particularly if you send a single 'snmpget' or 'snmpgetnext'
 request, rather than the repeated requests of 'snmpwalk')
 
 
I don't think my
  client is smart enough to pass command-line options to SNMP
  library initialization.
 
 If your client doesn't handle the standard command-line options,
 then try adding:
 
   debug_register_tokens(sess_async_send);
 
 to the code.

I'll do that.  Thanks.

I wonder if these some endian issue with the max. messsage size?  PPC
and Arm have different endianness.  But surely I wouldn't be the first
to find this.  And that doesn't explain that it works off-node but not on.


---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnkkid=103432bid=230486dat=121642
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: What's Too Long mean?

[cnelson]

 On Tue, 2006-01-31 at 08:07 -0500, [EMAIL PROTECTED] wrote:
  Strangely, I can get the desired values with snmpwalk from another
  system, it's the function which does on-node access for the UI that
  fails.  That uses a different community but why that should lead 
  to Too long is a mystery.  (The community strings are the same
length.)
 
 Ah - this is using one of the community-based versions, then?
 That would tend to rule out the USM-related sources of this message.
 
 The only other place I could see where this error is set was
 checking against the two msgMaxSize limits (in _sess_async_send)
 But running the agent with -Dsess_async_send should have
 reported this.

But I ran _snmpd_ with -Dsess_async_send and I think this is reported by
the client.  Did you mean to run the client with -D?  I don't think my
client is smart enough to pass command-line options to SNMP library
initialization.



---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnkkid=103432bid=230486dat=121642
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

What's Too Long mean?

[cnelson]

I have an application based on Net-SNMP v5.2 which I build for PPC and
Arm.  On PPC it works fine.  On Arm, 

   status = snmp_synch_response(ss, pdu, response);
   ...
   if (status == STAT_SUCCESS)
   snmp_log(LOG_ERR, Error in packet. Reason: %s\n,
snmp_errstring(response-errstat));
   else
   snmp_sess_perror(GetSysValues, ss);

gives

   GetSysValues: Too Long

in the log.  Can someone help me understand what that's about?

   Chris


---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnkkid=103432bid=230486dat=121642
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

How to perform long-running task in subagent

[cnelson]

I seem to recall seeing something like this on the list before but I had
trouble picking keywords to search the archive and the hits I did find,
didn't answer my question.

I want to use SNMP to trigger a long-running process, mostly during
testing, not in production.  For example, I want to set a bit in a
testing MIB that'll cause my device to exercise the on-board LEDs.  I
need to turn the LEDs on and off in relatively long-duration patterns to
that a tester can observe them.  This can take 30-60 seconds.  I've got
it prototyped but when I use snmpset to set the bit, it reports a
timeout because the subagent takes so long.

Is there a common idiom for doing something that takes a long time in an
agent?  Do I need a separate thread for those actions and have the agent
just set a bit the thread can see?  Is there a a better way?

  Chris


---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

What am I going wrong with mib2c?

[cnelson]

I know I've done this before with success -- on this MIB -- but today
after adding another column to a table in my private MIB, mib2c refuses
to see my table.

  [root] # head `which mib2c`
  #!/usr/bin/perl
  #!/usr/bin/perl
 
  #
  # $Id: mib2c,v 5.57 2004/09/10 12:30:15 dts12 Exp $
  #

  [root] # mib2c SNMPv2-SMI::enterprises.20540.2.1..1
  writing to -
  mib2c has multiple configuration files depending on the type of
  code you need to write.  You must pick one depending on your need.

  You requested mib2c to be run on the following part of the MIB tree:
OID:et9ms
numeric translation:.1.3.6.1.4.1.20540.2.1
number of scalars within: 3
number of tables within:  0
number of notifications within:   0

But there's a table in that MIB!  I've looked and looked at my addition
to the MIB and can't see any syntacic problem with it.  Is there a MIB
syntax verifier I can't find?  Can snmptranslate be tricked into doing it?

   Chris


---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Ownership of agent persistent stores

[cnelson]

In http://sourceforge.net/mailarchive/message.php?msg_id=9547341 I asked
how to set ownership of persistent files.  I must have gotten an answer
(or figured it out) because my v5.1.1-based system has been working for
ages.  But I'm trying to move to v5.2.2 now and I'm seeing the same
problem.  The e-mail archives shows now answers to my question.  Help.

On a related matter, wouldn't it be nice if PERSISTENT_MASK could be set
with a configure option like --with-persistent-directory?

   Chris



---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: Ownership of agent persistent stores

[cnelson]

 In http://sourceforge.net/mailarchive/message.php?msg_id=9547341 I 
 askedhow to set ownership of persistent files.  I must have gotten 
 an answer (or figured it out) because my v5.1.1-based system has 
 been working forages.  But I'm trying to move to v5.2.2 now and 
 I'm seeing the same problem.  The e-mail archives shows now answers
 to my question.  Help.
 
 On a related matter, wouldn't it be nice if PERSISTENT_MASK could 
 be set with a configure option like --with-persistent-directory?

I also found
http://sourceforge.net/mailarchive/message.php?msg_id=9550619 which
describes a patch I'd made to read_config.c in v5.1.1.  I'd like to
avoid the patch in v5.2.2 if I can but with v5.2.2 modifified with
PERSISTENT_MASK 007, I still get the file owned by root/root, not by
root/agentgroup (where 'agentgroup' is found in /usr/share/snmp/snmpd.conf).





---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

No traps in v5.2.2.rc6?

[cnelson]

This is a preliminary report -- I'm still trying to prove I'm not doing
something wrong -- but I can't get any traps out of v5.2.2 rc6.  I've
rebuilt my whole system against v5.5.2 headers and libraries and my
configuration definitely calls for authorization traps and my subagent
sends link up/down traps but there's nothing going out.  Is anyone else
having problems with traps in v5.2.2?

   Chris


---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: Re-reading a persistent store

[cnelson]

 On Wed, 2005-11-09 at 14:11 -0500, [EMAIL PROTECTED] wrote:
  I found code in the agent to re-read configuration when a SIGHUP is
  received but changing my-subagent.conf and issuing SIGHUP to snmpd
  didn't reread the persistent store.
 
 That should have triggered the main snmpd agent to re-read its
 configuration (including the persistent storage).  But the main
 agent and the subagent are two completely independent processes.
 Reconfiguring one won't have any effect on the other.

Yeah, I know that they're two different processes but I thought that the
agent and subagent communicated more.  I thought -- and perhaps I
haven't looked at this closely enough -- that on shutdown the agent
tells the subagent to save its persistent values.  Based on that perhaps
weak assumption, I thought it would also tell it to reread config.

Do I need to send SIGHUP to my sub-agent?
 
 You certainly need to tell your sub-agent to re-read its
 configuration.  Without seeing the exact code, I wouldn't
 like to say whether SIGHUP would do the trick, but it's
 worth a try.

Well, I was asking if the subagent code set up a signal handler for
SIGHUP.  I guess I see now that that's unlikely.  

 Suck it and see.

Huh?



---
SF.Net email is sponsored by:
Tame your development challenges with Apache's Geronimo App Server. Download
it for free - -and be entered to win a 42 plasma tv or your very own
Sony(tm)PSP.  Click here to play: http://sourceforge.net/geronimo.php
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: Re-reading a persistent store

[cnelson]

 On Thu, 2005-11-10 at 07:37 -0500, [EMAIL PROTECTED] wrote:
I thought . that on shutdown the agent
  tells the subagent to save its persistent values.
 
 Hmmm...  that's an idea, I suppose.
 In general, the administration side of the AgentX protocol
 is very much driven by the subagent - the master agent just
 listens for incoming registrations.
 
 But the master agent *does* explicitly close any AgentX
 connections when it shuts down.  I suppose that could
 potentially trigger saving the configuration.

I think it does.  It's been a while since I worked on that code but I
don't think _I'm_ doing anything to trigger that save.  Maybe I am...

 ...
  Well, I was asking if the subagent code set up a signal handler for
  SIGHUP.  I guess I see now that that's unlikely.  
 
 Not necessarily.
 If you're using the main Net-SNMP agent in a subagent role,
 then that will inherit the same behaviour as the master agent,
 so *would* include the usual SIGHUP handling.
  I haven't looked at the stripped-down subagent framework,
 to see whether that does or not.  But it wouldn't be too
 difficult to add if necessary.
 
 And if the subagent is mostly code you've written yourself, then
 it'd depend on whether you coded SIGHUP handling or not :-)

:-)  Yes, my subagent is mostly my code, a 3-thread program with the
subagent in one thread.

   Suck it and see.
  
  Huh?
 
 Sorry - must be a British expression.
 ...

I guessed that might be the case from your .uk address.


---
SF.Net email is sponsored by:
Tame your development challenges with Apache's Geronimo App Server. Download
it for free - -and be entered to win a 42 plasma tv or your very own
Sony(tm)PSP.  Click here to play: http://sourceforge.net/geronimo.php
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re-reading a persistent store

[cnelson]

I'm using v5.1.1 (soon to upgrade to v5.2.2) and I have a sub-agent
which stores data in a persisent store (/var/net-snmp/my-subagent.conf).
 In my subagent, I have:

//
// Handle persistent storage of per-port link up/down trap enable

// The read callback
for (port = 1; port  numports; ++port) {
char token[128];
sprintf(token, %s_%d, TRAP_CONFIG_TOKEN, port);
register_config_handler(NULL, 
token,
parseTrapEnable,
NULL,
NULL);
}

// The store callback
snmp_register_callback(SNMP_CALLBACK_LIBRARY,
   SNMP_CALLBACK_STORE_DATA,
   storeTrapEnable,
   0);

On startup the values get read from the persistent store and on shutdown
the store is rewritten.  However, I want to be able to change the file
while snmpd (and the sub-agent) are running and have the values re-read.  

I found code in the agent to re-read configuration when a SIGHUP is
received but changing my-subagent.conf and issuing SIGHUP to snmpd
didn't reread the persistent store.  Am I missing something?  Is there
another callback I need to register for reconfig?  Do I need to send
SIGHUP to my sub-agent?


---
SF.Net email is sponsored by:
Tame your development challenges with Apache's Geronimo App Server. Download
it for free - -and be entered to win a 42 plasma tv or your very own
Sony(tm)PSP.  Click here to play: http://sourceforge.net/geronimo.php
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Can't disable authentication traps

[cnelson]

I'm using v5.1.1 and I find that I can't disable generation of
authentication traps.  I've used snmpget to verify that the setting is
disabled and I've looked at the persistent store in snmpd.conf and
verified that pauthenabled is 2 (disabled).

Looking for authentication as a keyword for any bug or patch on
SourceForge found no hits at all and the closest e-mail I found in the
archives was
http://sourceforge.net/mailarchive/message.php?msg_id=8682029 but the
thread seems to stop after 3 message with no resolution.  (Can I just
say I hate the archives of this list?  If there's a way to sort by date
or to thread messages, I can't find it. sigh)

Is it possible to turn off authentication failures in Net-SNMP v5.1.1? 
If not, was this fixed in later version?

Thanks in advance...

Chris




---
SF.Net email is sponsored by:
Tame your development challenges with Apache's Geronimo App Server. Download
it for free - -and be entered to win a 42 plasma tv or your very own
Sony(tm)PSP.  Click here to play: http://sourceforge.net/geronimo.php
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Tracing SNMPD activity

[cnelson]

I imagine I'm being stupid this morning but I can't figure this out.  I
appreciate any pointers.

I'm using Net-SNMP v5.1.1 and I have an SNMP subagent that's crapping
out with a segfault but I can't narrow down what object it's handling
when it dies.  I do an snmpwalk and the output ends with:

  Q-BRIDGE-MIB::dot1qTpFdbStatus.0.'...Â..'.14 = INTEGER: mgmt(5)
  Q-BRIDGE-MIB::dot1qTpFdbStatus.0.'...Â..'.15 = INTEGER: mgmt(5)
   Error in packet.
   Reason: (genError) A general failure occured
   Failed object: Q-BRIDGE-MIB::dot1qTpFdbStatus.0.'...Â..'.15

Q-BRIDGE-MIB::dot1qTpFdbStatus.0.'...Â..'.15 is the last TpFdbStatus I
expect (the preceeding list of TpFdbPort ends at 15) so I _think_ my
subagent is being asked for the next item in the MIB, whatever that
might be.  Ethereal shows a GET_NEXT packet with the dot1qTpFdbStatus
OID above.  On an older system that works, the next object retrieved is
IF-MIB::ifName.1 but when I instrument my get_ifName function, it
appears it never gets called.

Looking at http://www.net-snmp.org/docs/man/snmpd.html, it seemed that
the -d option would help me.  But when I do:

   /usr/sbin/snmpd -I -interface -I -icmp -f -d 

(I always do -I -interface -I -icmp), I see only:

   create_trap_session() with version 1
   add_trap_session() creating version 1 trap

and no Dump (in hexadecimal) the sent and received SNMP packets.  What
am I doing wrong?

Alternatively, is there a Net-SNMP tool that will tell me what the next
OID after Q-BRIDGE-MIB::dot1qTpFdbStatus.0.'...Â..'.15 is?

Thanks.

Chris










---
SF.Net email is sponsored by:
Tame your development challenges with Apache's Geronimo App Server. Download
it for free - -and be entered to win a 42 plasma tv or your very own
Sony(tm)PSP.  Click here to play: http://sourceforge.net/geronimo.php
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Debugging illegal instruction in v5.1.1 when sending traps

[cnelson]

As suggested here recently, I got my application in a debugger and
recreated the problem.  I'm running gdbserver on PPC (the target host)
with Insight on x86 Linux (the development environment).  When the
problem occurs, the Source Window of Insight says, Select a function
name to disassemble  the status line says, Program stopped at
0x1007e668, the function list (I think) is empty, and the Stack window
has one line: ??.   If I continue, the illegal instuction signal is
processed and the program terminates.  I'm guessing that the stack got
corrupt and I've branched off into the weeds somewhere.  But I've got no
stack to pop, how do I get back to where it went wrong?  The line before
where I think it goes bad is hit often enough that I can't really set a
breakpoint there 'cuz I don't know which trip there will fail.

Chris


---
SF.Net email is Sponsored by the Better Software Conference  EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile  Plan-Driven Development * Managing Projects  Teams * Testing  QA
Security * Process Improvement  Measurement * http://www.sqe.com/bsce5sf
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Threading and Net-SNMP

[cnelson]

I'm still having trouble finding my illegal instruction error and I've
gotten to thinking about threads.  I have a multi-threaded program that
sends traps from one thread and acts as a sub-agent in another thread. 
Traps are asychronous and don't require any kind of session or state so
this is all safe, right?

   Chris


---
SF.Net email is Sponsored by the Better Software Conference  EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile  Plan-Driven Development * Managing Projects  Teams * Testing  QA
Security * Process Improvement  Measurement * http://www.sqe.com/bsce5sf
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: Illegal instruction when sending traps in v5.1.1

[cnelson]

 On Fri, 05 Aug 2005 10:33:17 -0400 [EMAIL PROTECTED] wrote:
 CRC template_v2pdu-command = sink-pdutype;
 CRC send_trap_to_sess(sink-sesp, template_v2pdu);
 CRC 
 CRC the last executable line in that (sending with template_v2pdu) 
 CRC is where my program crashes.
 
 can you get this to happen in a debugger? A stack trace would be 
 helpful. Have you stepped into send_trap_to_sess() to see what's
 happening there?

I'm going to try that tomorrow but it's cross-platform remote debugging
of an embedded system.


---
SF.Net email is Sponsored by the Better Software Conference  EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile  Plan-Driven Development * Managing Projects  Teams * Testing  QA
Security * Process Improvement  Measurement * http://www.sqe.com/bsce5sf
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Illegal instruction when sending traps in v5.1.1

[cnelson]

I wrote a few weeks ago about a problem I was having in send_v2trap(). 
I've narrowed it down but while I continue to research, I'd appreciate
any feedback or insight members of this list have.

In agent_trap.c, toward the end of netsnmp_send_traps(), I find:

/*
 *  Now loop through the list of trap sinks
 *   and call the trap callback routines,
 *   providing an appropriately formatted PDU in each case
 */
for (sink = sinks; sink; sink = sink-next) {
if (sink-version == SNMP_VERSION_1) {
send_trap_to_sess(sink-sesp, template_v1pdu);
} else {
template_v2pdu-command = sink-pdutype;
send_trap_to_sess(sink-sesp, template_v2pdu);
}
}

the last executable line in that (sending with template_v2pdu) is where
my program crashes.  I've already peppered this routine with:

   printf(%s:%d\n, __FILE__, __LINE__);

to find this out.  If I change that to

printf(%s:%d, sink-version:%d\n, __FILE__, __LINE__, sink-version);

between the for and the if, the value printed is 193.

If sink-version is tested against SNMP_VERSION_1 (defined as 0 in
include/net-snmp/library/snmp.h), I'd expect other legal values to be
SNMP_VERSION_2c and SNMP_VERSION_3 (from the same include file).  But
193 isn't listed at all, even as an illegal or unused value.  Am I right
about where this comes from, what expected values are?  

Granted that there's some problem elsewhere that puts this 193 where it
oughtn't to be, might this bit of code be safer as:

for (sink = sinks; sink; sink = sink-next) {
switch (sink-version) {
case SNMP_VERSION_1:
send_trap_to_sess(sink-sesp, template_v1pdu);
break;
case SNMP_VERSION_2c:
template_v2pdu-command = sink-pdutype;
send_trap_to_sess(sink-sesp, template_v2pdu);
break;
default:
// Log unexpected value
}
}


Thanks for any feedback.

 Chris


---
SF.Net email is Sponsored by the Better Software Conference  EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile  Plan-Driven Development * Managing Projects  Teams * Testing  QA
Security * Process Improvement  Measurement * http://www.sqe.com/bsce5sf
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: Illegal instruction when sending traps in v5.1.1

[cnelson]

 
printf(%s:%d, sink-version:%d\n, __FILE__, __LINE__, sink-version);

 between the for and the if, the value printed is 193.

OK. So I see that 193 is AGENTX_VERSON_BASE | 0x1.  I guess that's
valid.  I'll dig deeper.


---
SF.Net email is Sponsored by the Better Software Conference  EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile  Plan-Driven Development * Managing Projects  Teams * Testing  QA
Security * Process Improvement  Measurement * http://www.sqe.com/bsce5sf
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

IP address in com2sec directive?

[cnelson]

I have a configuration tool which uses SNMP locally to talk to the agent
and retrieve and set some data.  I've recently run into a problem where
mis-configured networking prevented host resolution (`ping localhost`
hung).  I'd like to convert my utility to connect to 127.0.0.1  (which
will always be localhost, at least on my system) so name resolutino is
needed and I wonder if I can also put that in snmpd.conf in the SOURCE
field of a com2sec directive.  The description of com2sec documentation
on snmpd.conf.5 isn't clear (to me)  and searching the list archives for
localhost or localhost com2sec found no relevant hits.  I'd guess I
can at least put 127.0.0.1/32 but would 127.0.0.1 work?

Chris


---
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477alloc_id=16492op=click
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Illegal instruction in send_v2trap(), any thoughts?

[cnelson]

I realize this is a long shot, that I'm behind revisions, and all that
but have a little pity on me, please, I'm working with an old embedded
system.

Recently, I've seen a problem in send_v2trap() that's fairly easy to
reproduce (though with a sequence that's very specific to my system and
I don't know that I can generalize it; I'll work on that).  I'm using
Net-SNMP 5.1.1, cross-compiled from Intel to PPC Linux and calling
send_v2trap() results in an Illegal Instruction error.  The code looks like:

oid objid_snmptrap[] = { 1, 3, 6, 1, 6, 3, 1, 1, 4, 1, 0 };
size_t objid_snmptrap_len = OID_LENGTH(objid_snmptrap);

// 0 overwritten below with 3 (down) or 4 (up)
oid notification_oid[] = {1, 3, 6, 1, 6, 3, 1, 1, 5, 0 };
size_t notification_oid_len = OID_LENGTH(notification_oid);

oid ifindex_oid[] = { 1, 3, 6, 1, 2, 1, 2, 2, 1, 1 };
size_t ifindex_oidlen = OID_LENGTH(ifindex_oid);

netsnmp_variable_list *notification_vars = NULL;

static int port;

if (port-MAC_Operational)
notification_oid[notification_oid_len-1] = 4; // Up
else
notification_oid[notification_oid_len-1] = 3; // Down

/*
 * add in the trap definition object 
 */
snmp_varlist_add_variable(notification_vars,
  objid_snmptrap, objid_snmptrap_len,
  ASN_OBJECT_ID,
  (u_char*)notification_oid,
  notification_oid_len * sizeof(oid));

/* and the interface number */
port = port-portId;
snmp_varlist_add_variable(notification_vars,
  ifindex_oid, ifindex_oidlen,
  ASN_INTEGER,
  (u_char*)port,
  sizeof(port));
/*
 * send the trap out.  This will send it to all registered
 * receivers (see the SETTING UP TRAP AND/OR INFORM
 * DESTINATIONS section of the snmpd.conf manual page.  */
send_v2trap(notification_vars);

I've peppered this with printf(%s:%d\n, __FILE__, __LINE__) and I
get to the line before send_v2trap() but never the line after.  I'll dig
into the code, put in more debugging, etc. but any Net-SNMP-unique
insight would be appreciated.  Thanks.

   Chris


---
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477alloc_id=16492op=click
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Passing extra data to table handlers

[cnelson]

I used mib2c to create a subagent which handles dot1dBridge MIB entries.
 Specifically, I am now working on dot1dTpFdbTable.  My main program
knows about something that the get_dot1dTpFdb*() routines need to know
to get data.  I could make it a global, but that's so grody. ;-)  I
started down the path of adding a void* (or some more type-specific
pointer argument) to init_dot1dBridgeT() and passing it down to
initialize_table_dot1dTpFdbTable() but then I hit a dead end.  Or is the
myvoid field on netsnmp_iterator_info intended for that?


---
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477alloc_id=16492op=click
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: Slightly OT: Can I _set_ interface speed via a standard MIB?

[cnelson]

 On Tue, 07 Jun 2005 11:17:08 -0400 [EMAIL PROTECTED] wrote:
 CRC I see RFC1213-MIB::ifSpeed is read-only.  Is there a MIB entry 
 CRC that will allow me to force a specific speed for an interface?  
 
 No, but some OS support configuring it in snmpd.conf (see interface 
 directivein man page).

Thanks but I need to do this dynamically for testing (and I want to make
sure end users never see these entries with snmpwalk or whatever). 
Here's an idea:

- I add speed setting entries to my enterprise MIB

- I set up security so that those entries are excluded from all views

- On my test machine, I add a view or remove the restriction so I can
see those entries

Does that sound good?  Any better ideas?

Chris


---
This SF.Net email is sponsored by: NEC IT Guy Games.  How far can you shotput
a projector? How fast can you ride your desk chair down the office luge track?
If you want to score the big prize, get to know the little guy.  
Play to win an NEC 61 plasma display: http://www.necitguy.com/?r=20
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Slightly OT: Can I _set_ interface speed via a standard MIB?

[cnelson]

I see RFC1213-MIB::ifSpeed is read-only.  Is there a MIB entry that will
allow me to force a specific speed for an interface?  


---
This SF.Net email is sponsored by: NEC IT Guy Games.  How far can you shotput
a projector? How fast can you ride your desk chair down the office luge track?
If you want to score the big prize, get to know the little guy.  
Play to win an NEC 61 plasma display: http://www.necitguy.com/?r=20
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

What's dot1qForwardAllTable for?

[cnelson]

I've read RFC 2674 and Q-BRIDGE-MIB, I've taken a look at section 12 of IEEE 
802.1Q and I still don't get what dot1qForwardAllTable is for.  I look at the 
description of dot1qForwardAllPorts and I see:

   The complete set of ports in this VLAN to which all
   multicast group-addressed frames are to be
   forwarded. This includes ports for which this need
   has been determined dynamically by GMRP, or
   configured statically by management.

And I'm not sure I understand what they mean by all.  If IGMP or GVRP is 
being used, isn't it true that (generally) _no_ ports will receive _all_ 
multicasts?  That is, that each multicast GDA will be filtered to only go to 
certain ports.  Is dot1qForwardAllPorts the intersection of all the filters?



---
SF email is sponsored by - The IT Product Guide
Read honest  candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595alloc_id=14396op=click
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Q-BRIDGE-MIB::dot1qTpFdbTable entry format

[cnelson]

I think I've seen a discussion of this sort of thing before -- I may even have 
been in it -- but I can't remember the solution.

I'm using Net-SNMP 5.1.1 and I've used mib2c to generate a template for the 
802.1Q MIB.  I've filled in a lot of the table but I'm getting back unreadable 
entry OIDs:

]$ snmpwalk -v 2c -c public ipm dot1qTpFdbTable
Q-BRIDGE-MIB::dot1qTpFdbPort.0.'.. .( '.26 = INTEGER: 16
Q-BRIDGE-MIB::dot1qTpFdbPort.0.'.. .c¬'.24 = INTEGER: 16

Why isn't the middle of that OID readable?  

Actually, my 802.1D table has the same problem:

snmpwalk -v 2c -c public ipm dot1dTpFdbTable
BRIDGE-MIB::dot1dTpFdbAddress.'. .( .' = Hex-STRING: 00 A0 1D 28 A0 1A 
BRIDGE-MIB::dot1dTpFdbAddress.'. .c¬.' = Hex-STRING: 00 A0 1D 63 AC 18 

TIA.

Chris



---
SF email is sponsored by - The IT Product Guide
Read honest  candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_ide95alloc_id396op=click
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: Table iterators and mydata

[cnelson]

 On Fri, 08 Apr 2005 16:09:00 -0400 [EMAIL PROTECTED] wrote:
 ...
 CRC I take it from the my in mydata that Net-SNMP doesn't 
 dereference it
 CRC and try to access fields on a netsnmp_iterator_info structure 
 CRC but I'm not CRC 100% sure.  

Is it true that Net-SNMP won't dereferenced mydata?


 CRC Can I do something like:
 CRC 
 CRCmydata = (netsnmp_iterator_info*)-1;
 CRC 
 CRC to pass data to my get_next_data() function?
 
 No, C doesn't work that way. Values assigned to a parameter in a 
 function don't
 change the original value outside the function. That's why the two 
 contextvariables are pointers to pointers..

Duh!  Of course.  I rushed through my posting Friday (and I've been writing too 
much Tcl lately).  

 mydata is supposed to be the data associated with the index you set in
 get_first or get_next. The agent will remember the mydata pointer 
 for the index
 is selects for each varbind in a request.

Hmmm.  I'm not understanding the intent.  Why isn't it just a void** or 
something so I can put whatever I want there.  Can you point me at a little 
example of it's proper use?



---
SF email is sponsored by - The IT Product Guide
Read honest  candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595alloc_id=14396op=click
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Table iterators and mydata

[cnelson]

I've looked at mib2c generated code and in table_iterator.h and don't feel I 
have a clear idea of this yet.  mib2c created functions like:

netsnmp_variable_list *
ifTable_get_first_data_point(void **my_loop_context,
 void **my_data_context,
 netsnmp_variable_list * put_index_data,
 netsnmp_iterator_info *mydata)

I take it from the my in mydata that Net-SNMP doesn't dereference it and 
try to access fields on a netsnmp_iterator_info structure but I'm not 100% 
sure.  Can I do something like:

   mydata = (netsnmp_iterator_info*)-1;

to pass data to my get_next_data() function?

   Chris



---
SF email is sponsored by - The IT Product Guide
Read honest  candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595alloc_id=14396op=click
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Formatting of TpFdbTable entries

[cnelson]

I'm sure this has worked for me before and I don't know what may have changed 
to cause this problem.  Today when I try to walk the TpFdbTable 
(.1.3.6.1.2.1.17.4.3), I get gibberish:

  $ snmpwalk -v 2c -c public 10.93.0.15 .1.3.6.1.2.1.17.4.3 | more
  BRIDGE-MIB::dot1dTpFdbAddress.'..' = STRING: ÿÿ
  BRIDGE-MIB::dot1dTpFdbPort.'..' = INTEGER: 8
  BRIDGE-MIB::dot1dTpFdbStatus.'..' = INTEGER: learned(3)

This seems to me to be a presentation issue (in snmpwalk) not an agent issue 
(in my sub-agent code) but my NetSNMP installation hasn't changed.  Any insight 
appreciated...




---
SF email is sponsored by - The IT Product Guide
Read honest  candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_ide95alloc_id396op=click
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: Non-standard interfaces in ifTable

[cnelson]

 ...
 As far as future compatibility goes, getting the kernel to 
 recognize your
 interfaces is the best option. If that's not possible, then you'll 
 have to
 maintain proprietary patches against net-snmp.

Robert, I know you're the expert here but I've got non-standard Interfaces 
working without patching code.  I disabled interfaces in the agent (-I 
-interfaces) and then have a sub-agent which implements interfaces (I ran mib2c 
on the interfaces MIB and filled in the code).  I'd _love_ to be able to have 
both and another active thread on this list (Managing multiple instances of a 
MIB) suggests I can.  But you can, at least, implement interfaces without 
patching anything.  Or maybe I misunderstand the OP's intent.



---
SF email is sponsored by - The IT Product Guide
Read honest  candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595alloc_id=14396op=click
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: Timeout with local connection to snmpd

[cnelson]

 On Mon, 14 Feb 2005 14:58:24 -0500 [EMAIL PROTECTED] wrote:
 CRC session.peername = localhost;
 CRC session.retries = 3;
 CRC session.version = SNMP_VERSION_2c;
 CRC session.community = private;
 CRC session.community_len = strlen(session.community);
 CRC 
 CRC ss = snmp_open(session);
 CRC 
 CRC I don't see private in those packets.  Should I?
 
 Yes.
 
 CRC  Any idea why this doesn't work?
 
 Nope.
 
 What does the session structure look like after you call snmp_open?

My code says:

session.peername = localhost;
session.retries = 1;
session.version = SNMP_VERSION_2c;
session.community = config;
session.community_len = strlen(session.community);

/* establish the session */
ss = snmp_open(session);

snmp_log(LOG_INFO, peername:%s\n, session.peername);
snmp_log(LOG_INFO, community:%s\n, session.community);

and the log output is:

   peername:localhost
   community:(null)

What the heck is _that_ about?





---
SF email is sponsored by - The IT Product Guide
Read honest  candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595alloc_id=14396op=click
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: Timeout with local connection to snmpd

[cnelson]

 On Tue, 15 Feb 2005 08:33:40 -0500 [EMAIL PROTECTED] wrote:
 CRC session.peername = localhost;
 CRC session.community = config;
 CRC session.community_len = strlen(session.community);
 CRC 
 CRC /* establish the session */
 CRC ss = snmp_open(session);
 CRC 
 CRC snmp_log(LOG_INFO, peername:%s\n, session.peername);
 CRC snmp_log(LOG_INFO, community:%s\n, session.community);
 CRC 
 CRC and the log output is:
 CRC 
 CRCpeername:localhost
 CRCcommunity:(null)
 CRC 
 CRC What the heck is _that_ about?
 
 Excellent question. 

Yeah, I'm full of 'em. ;-)

 I don't see anything in the code that would 
 clear the
 memory in the input session. Is ss NULL? If not, what does it 
 contain for
 community?

I'll look.

 Whenever something really weird like this happens, my first thought is
 'mismatched libraries.' 

Yeah, we've had that discussion before.  I was pretty careful to scrub by 
development and test systems for 5.1 libraries before I did this.  I did `make 
-n` and looked at all the directories listed for -L options.  I've done 
ldconfig.

 Check that
 
   ls /usr/lib/*snmp* /usr/local/lib/*snmp*
 
 doesn't return multiple versions of the libraries. 

Nothing in /usr/local/lib, all 5.2.1 in /usr/lib.

 I'd also 
 recommend building
 a static version (configure --disable-shared --enable-static) for 
 easierdebugging, and stepping into snmp_open and following it down 
 the stack,
 watching to see where the community gets cleared.

OK.  I'll try that now.  Thanks.



---
SF email is sponsored by - The IT Product Guide
Read honest  candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595alloc_id=14396op=click
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: Non-standard interfaces in ifTable

[cnelson]

 On Tue, 15 Feb 2005 07:47:23 -0500 [EMAIL PROTECTED] wrote:
 CRC  ...
 CRC  As far as future compatibility goes, getting the kernel to 
 CRC  recognize your interfaces is the best option. If that's not 
 possible,CRC  then you'll have to maintain proprietary patches 
 against net-snmp.
 CRC 
 CRC Robert, I know you're the expert here but I've got non-
 standard Interfaces
 CRC working without patching code.  I disabled interfaces in the 
 agent (-I
 CRC -interfaces) and then have a sub-agent which implements 
 interfaces
 Well, I consider removing some code (-I -interfaces) and adding 
 other code
 (subagent) a form of patching. i.e. it isn't going to work out of 
 the box.

I guess we have a problem of definition then.  I'm not patching unless I have 
to keep track of my changes and update distributed source with `patch`.  (And 
my -I is done at runtime, not build time).

 CRC I'd _love_ to be
 CRC able to have both and another active thread on this list 
 (ManagingCRC multiple instances of a MIB) suggests I can.
 
 Summarizing from my FAQ here:
 
   http://www.freesnmp.com/net-snmp/faqs/#multidev
 
 You can have both by using contexts, but:
 ...
 Having said that, there is another way to have both, but it does 
 have some
 risks. See my next response to Jeff in this same thread.

OK.  Thanks.



---
SF email is sponsored by - The IT Product Guide
Read honest  candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595alloc_id=14396op=click
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: Timeout with local connection to snmpd

[cnelson]

 ... Is ss NULL? If not, what does it 
 contain for community?
 ...

OK.  I've built with static libraries and my code now looks like:

session.peername = localhost;
session.retries = 1;
session.version = SNMP_VERSION_2c;
session.community = config;
session.community_len = strlen(session.community);

/* establish the session */
ss = snmp_open(session);

snmp_log(LOG_INFO, session.peername:%s\n, session.peername);
snmp_log(LOG_INFO, session.community:%s\n, session.community);


if ( ! ss) {
snmp_perror(ack);
snmp_log(LOG_ERR, Could not establish session with SNMP daemon.\n);
return NULL;
}

snmp_log(LOG_INFO, ss:%p\n, ss);
snmp_log(LOG_INFO, ss-peername:%s\n, ss-peername);
snmp_log(LOG_INFO, ss-community:%s\n, ss-community);

and my log says:

  session.peername:localhost
  session.community:(null)
  ss:0x101689e0
  ss-peername:localhost
  ss-community:(null)

I can't really step into the code because the target environment is an embedded 
system where I don't have good debugging support.  I can pepper snmp_open() 
with fprintf()s. :-/  But you say that you don't see anything there that would 
trash the community...



---
SF email is sponsored by - The IT Product Guide
Read honest  candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595alloc_id=14396op=click
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Timeout with local connection to snmpd

[cnelson]

I'm trying to validate that SourceForge bug 1016849 is no longer a problem -- I 
seem to be the only person who's seen it -- in v5.2 and I'm running into 
_other_ problems.  

I DLd and built and installed 5.2.1.  I can snmpget remotely but my application 
which does local access to snmpd times out.  I added:

  netsnmp_ds_set_boolean(NETSNMP_DS_LIBRARY_ID,
 NETSNMP_DS_LIB_DUMP_PACKET,
 1);

and the dump looks like:

Sending 93 bytes to UDP: [127.0.0.1]:161
: 30 5B 02 01  01 04 00 A0  54 02 04 24  FE 8E F8 020[..T..$
0016: 01 00 02 01  00 30 46 30  0C 06 08 2B  06 01 02 01.0F0...+
0032: 01 01 00 05  00 30 0C 06  08 2B 06 01  02 01 01 04.0...+..
0048: 00 05 00 30  0C 06 08 2B  06 01 02 01  01 05 00 05...0...+
0064: 00 30 0C 06  08 2B 06 01  02 01 01 06  00 05 00 30.0...+.0
0080: 0C 06 08 2B  06 01 02 01  01 03 00 05  00 ...+.

repeated 3x, then the timeout.  I'm trying to do v2c access with private as a 
community string (which works remotely).  

session.peername = localhost;
session.retries = 3;
session.version = SNMP_VERSION_2c;
session.community = private;
session.community_len = strlen(session.community);

ss = snmp_open(session);

I don't see private in those packets.  Should I?  Any idea why this doesn't 
work?  



---
SF email is sponsored by - The IT Product Guide
Read honest  candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595alloc_id=14396op=click
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: Non-standard interfaces in ifTable

[cnelson]

 I have an embedded Linux system with some interfaces that are not
 standard, i.e. the default ifTable implementation isn't getting 
 part or
 all of the information. From looking at the code, it appears that I 
 willneed to directly modify the source that comes with net-snmp. 
 ...

You can tell the agent to not handle individual MIBs.  I think it's something 
like -I -interfaces then you can have a sub-agent register to handle the 
interfaces MIB.  I'm not sure what you'd do if you want the standard interfaces 
and your own.



---
SF email is sponsored by - The IT Product Guide
Read honest  candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595alloc_id=14396op=click
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: RE: Non-standard interfaces in ifTable

[cnelson]

   I have an embedded Linux system with some interfaces that are not
   standard, i.e. the default ifTable implementation isn't getting
   part or
   all of the information. From looking at the code, it appears 
 that I
   willneed to directly modify the source that comes with net-snmp.
   ...
  
  You can tell the agent to not handle individual MIBs.  I think it's
  something like -I -interfaces then you can have a sub-agent 
 register to
  handle the interfaces MIB.  I'm not sure what you'd do if you 
 want the
  standard interfaces and your own.
 
 This is basically the approach I was thinking. Disable the 
 automatic build
 of the IF-MIB, ...

Sorry I wasn't clear.  -I -interfaces is a _runtime_ switch.  Start a 
standard snmpd up with it and it _won't_ serve out the interfaces MIB.



---
SF email is sponsored by - The IT Product Guide
Read honest  candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595alloc_id=14396op=click
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: New front end for the Net-SNMP website.

[cnelson]

 ...
 Getting the correct balance between completeness and compactness is
 a Non Trivial Problem.

But is it NP-Complete? ;-)



---
SF email is sponsored by - The IT Product Guide
Read honest  candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now. 
http://productguide.itmanagersjournal.com/
___
Net-snmp-users mailing list
[EMAIL PROTECTED]
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: RE: New front end for the Net-SNMP website.

[cnelson]

Quite nice overall but several nits, if I may.  Curiously, all in:

   Net-SNMP is available for many Unix and Unix like
   operating systems and also for Windows.

I've often been corrected that as a TM of Bell Labs (or whoever), UNIX is all 
capitals.  (I've generally said Unix to mean UNIX and work-alike operating 
systems.)

As an adjective, Unix-like should be hyphenated.

It bugs me that Microsoft has coopted so many nouns for their own use.  While I 
don't think Windows is unclear, Microsoft Windows would be more precise and 
less painful. ;-)

Chris



---
SF email is sponsored by - The IT Product Guide
Read honest  candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now. 
http://productguide.itmanagersjournal.com/
___
Net-snmp-users mailing list
[EMAIL PROTECTED]
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: Is there a MIB value for geographic location?

[cnelson]

 ...
 There is the sysLocation value, which is easily accessible in the 
 snmpd.conffile, but I guess that normally this is not used for a 
 latitude and longitude.
 Are there any difficulties in using it this way?   All the examples 
 talk about
 this as a geographic location, but then give examples using it as a 
 postaladdress.
 ...

We use sysLocation for things like, Wiring closet 3, rack 2.  I imagine that if for 
your deployment you set a convention of putting a latitude and longitude in 
sysLocation, you'll be fine.  (Of course, someone else may chime in and say that there 
is a better place for that.)



---
This SF.Net email is sponsored by:
Sybase ASE Linux Express Edition - download now for FREE
LinuxWorld Reader's Choice Award Winner for best database on Linux.
http://ads.osdn.com/?ad_id=5588alloc_id=12065op=click
___
Net-snmp-users mailing list
[EMAIL PROTECTED]
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Linking to static Net-SNMP libraries

[cnelson]

I'm trying to confirm that a problem I'm having with 5.2rc1 is in my use of dynamic 
libraries leading to some conflict but when I try to link against static libraries, I 
get an error.  I've modified the Makefile link line for my client to:

$(CC) $(CFLAGS) -o $(PROGNAME) $(OBJS) \
 -static -lnetsnmp -dynamic -ldl -lcrypto -lm

But I get:

  ld: cannot find -lcrypto
  collect2: ld returned 1 exit status

I know I'm a little dim this week but shouldn't surrounding -lnetsnmp by -static 
and -dynmaic leave everything else unchanged?

TIA




---
This SF.Net email is sponsored by:
Sybase ASE Linux Express Edition - download now for FREE
LinuxWorld Reader's Choice Award Winner for best database on Linux.
http://ads.osdn.com/?ad_id=5588alloc_id=12065op=click
___
Net-snmp-users mailing list
[EMAIL PROTECTED]
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: Linking to static Net-SNMP libraries

[cnelson]

 Are you attempting to build this on Linux? 

Actually, I'm cross-building on i386 Linux for PPC Linux.

 If so you need to have a 
 completeinstallation. Not partial when installing on linux.
 You will get missing libraries if you only partially installing and 
 yeslcrypto is one of those missing libs. I also hit this problem.

I'm pretty sure I have a complete installation.  Would that requirement change between 
a static and dynamic build.  Oh, yeah, I guess it would.  If the static libraries 
aren't available locally then it won't build at all but if the dynamic libraries 
aren't avaiable locally, it would fail at run time, not build time.  Still, I 
_thought_ was making only net-snmp static. Hmm



---
This SF.Net email is sponsored by:
Sybase ASE Linux Express Edition - download now for FREE
LinuxWorld Reader's Choice Award Winner for best database on Linux.
http://ads.osdn.com/?ad_id=5588alloc_id=12065op=click
___
Net-snmp-users mailing list
[EMAIL PROTECTED]
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: snmp_open() problem in 5.2.rc1

[cnelson]

   This smells of library conflicts to me. Make sure you don't 
 have a mix 
 of
   snmp libraries installed in /usr/lib/*snmp* and/or 
 /usr/local/lib/*snmp*. Also,
   try building with static libraries (configure --enable-static
   --disable-shared).
 
  That's a good clue.  Thanks.  I'm out of the office Friday.  
 Probably won't be able to try this until Monday.
 
 Okay, but we'll remember that when it's time for promotions

Well, since my _promotion_ is on the line, I dragged myself into the office today. ;-)

I removed all traces of *snmp* from /usr/lib, rebuilt and reinstalled my client and 
found the same results.  I pass a valid session-community into snmp_open() and it's 
null at the first executable line of snmp_open().  Any other ideas?



---
This SF.Net email is sponsored by:
Sybase ASE Linux Express Edition - download now for FREE
LinuxWorld Reader's Choice Award Winner for best database on Linux.
http://ads.osdn.com/?ad_id=5588alloc_id=12065op=click
___
Net-snmp-users mailing list
[EMAIL PROTECTED]
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

snmp_open() problem in 5.2.rc1

[cnelson]

I'm trying to figure out why I have a null community in my agent when using 5.2.rc1 
but the same code works OK with 5.1.1.   I've got:

struct snmp_session session;
init_snmp(snmpapp);
snmp_sess_init( session ); 
session.peername = localhost;
session.retries = 1;
session.version = SNMP_VERSION_2c;
session.community = config;
session.community_len = strlen(session.community);

snmp_log(LOG_INFO, session.community:%s, community_len:%d\n,
 session.community, session.community_len);

ss = snmp_open(session);
snmp_log(LOG_INFO, ss-community:%s, community_len:%d\n,
 ss-community, ss-community_len);

which shows session.community to be config and ss-community to be null.  I edited 
snmp_open() to start:

struct session_list *slp;
snmp_log(LOG_INFO,
 %d:session-community=%s\n,
 __LINE__, session-community);

and find that session-community is NULL *on* *entry* to snmp_open().  Then I noticed 
that I'm passing snmp_open() a struct snmp_session* but it's defined as:

   netsnmp_session *
   snmp_open(netsnmp_session *session)
   {
   

Which leaves me wondering if snmp_session and netsnmp_session used to be compatible 
and aren't any more.  Any other explanation that the community pointer on the 
structure gets trashed by invoking snmp_open()?

Chris



---
This SF.Net email is sponsored by:
Sybase ASE Linux Express Edition - download now for FREE
LinuxWorld Reader's Choice Award Winner for best database on Linux.
http://ads.osdn.com/?ad_id=5588alloc_id=12065op=click
___
Net-snmp-users mailing list
[EMAIL PROTECTED]
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: Possible problem with authorization in 5.2.rc1

[cnelson]

 ...
 More particularly, the dump begins:
 
 30 5B // request sequence
   02 01 01// version = SNMPv2c
   04 00   // community = 
   A0 54   // GET PDU
  etc
 
 So the request is being sent with an empty community string
 (hence it's not suprising that the agent is discarding it).
 
 That tends to point the finger at the client again - in particular
 the 'snmp_open' call.   What does the 'ss' structure look like?

My code looks like this:

snmp_sess_init( session );   /* set up defaults */
snmp_log(LOG_INFO, snmp_sess_init() complete\n);

session.peername = localhost;
session.retries = 1;
session.version = SNMP_VERSION_2c;
session.community = config;
session.community_len = strlen(session.community);

snmp_log(LOG_INFO, session.community:%s, community_len:%d\n,
 session.community, session.community_len);

/* establish the session */
ss = snmp_open(session);
snmp_log(LOG_INFO, ss-community:%s, community_len:%d\n,
 ss-community, ss-community_len);

and the resulting log is:

init_snmp() complete
snmp_sess_init() complete
session.community:config, community_len:6
snmp_open() complete
ss-community:(null), community_len:1
connected

Sending 93 bytes to UDP: [127.0.0.1]:161
: 30 5B 02 01  01 04 00 A0  54 02 04 70  59 6C 67 020[..T..pYlg.
0016: 01 00 02 01  00 30 46 30  0C 06 08 2B  06 01 02 01.0F0...+
0032: 01 01 00 05  00 30 0C 06  08 2B 06 01  02 01 01 04.0...+..
0048: 00 05 00 30  0C 06 08 2B  06 01 02 01  01 05 00 05...0...+
0064: 00 30 0C 06  08 2B 06 01  02 01 01 06  00 05 00 30.0...+.0
0080: 0C 06 08 2B  06 01 02 01  01 03 00 05  00 ...+.



So, snmp_open() appears to not be copying the community string.  How come?  I'll look 
into it a bit shortly.



---
This SF.Net email is sponsored by:
Sybase ASE Linux Express Edition - download now for FREE
LinuxWorld Reader's Choice Award Winner for best database on Linux.
http://ads.osdn.com/?ad_id=5588alloc_id=12065op=click
___
Net-snmp-users mailing list
[EMAIL PROTECTED]
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: Possible problem with authorization in 5.2.rc1

[cnelson]

 ...
 So, snmp_open() appears to not be copying the community string.  
 How come?  I'll look into it a bit shortly.

I think I found the problem.  Around line 998 of snmplib/snmp_api.c, there is a recent 
addition of:

   #if !defined(DISABLE_SNMPV1) || !defined(DISABLE_SNMPV2C)

which DeMorgan tells us is really:

   #if defined(DISABLE_SNMPV1)  defined(DISABLE_SNMPV2C)

and if I read the code around it properly, this says that community strings will 
*only* be copied if *neither* SNMPv1 or SNMPv2c was compiled into the agent.  Not what 
was intended, I imagine.



---
This SF.Net email is sponsored by:
Sybase ASE Linux Express Edition - download now for FREE
LinuxWorld Reader's Choice Award Winner for best database on Linux.
http://ads.osdn.com/?ad_id=5588alloc_id=12065op=click
___
Net-snmp-users mailing list
[EMAIL PROTECTED]
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: Possible problem with authorization in 5.2.rc1

[cnelson]

  I think I found the problem.  Around line 998 of snmplib/snmp_api.c,
  there is a recent addition of:
  
 #if !defined(DISABLE_SNMPV1) || !defined(DISABLE_SNMPV2C)
  
  which DeMorgan tells us is really:
  
 #if defined(DISABLE_SNMPV1)  defined(DISABLE_SNMPV2C)
 
 
 Err no.
 Surely DeMorgan equates this to
 
 #if !(defined(DISABLE_SNMPV1)  defined(DISABLE_SNMPV2C))
 
 i.e. the exact opposite.

Yes, you're right.  SIGH  It's been one of those days.  I knew I shouldn't try to 
program with my brains scrambled. :-/

  and if I read the code around it properly, this says that community
  strings will *only* be copied if *neither* SNMPv1 or SNMPv2c was
  compiled into the agent.  Not what was intended, I imagine.
 
 I *think* (and there are a few too many negations for comfort!)

That's for sure!  At least I have some excuse for my poor DeMorganizing. ;-)

 that this is saying that this block should only be omitted if
 *both* SNMPv1 and SNMPv2c have been removed from the library.
 
 Which sounds right.

Yes, I agree.

 But there's an easy way to tell - comment out this particular test,
 and recompile.  Does that fix the problem?

I modified the test to match my poor Boolean transformation.  Obviously, that wasn't 
right.  I'll try now to just remove it.



---
This SF.Net email is sponsored by:
Sybase ASE Linux Express Edition - download now for FREE
LinuxWorld Reader's Choice Award Winner for best database on Linux.
http://ads.osdn.com/?ad_id=5588alloc_id=12065op=click
___
Net-snmp-users mailing list
[EMAIL PROTECTED]
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: Possible problem with authorization in 5.2.rc1

[cnelson]

   I can use snmpget on another system to read, for example,
  system.sysDescr.0 but on-node, when I try to use the config
  community to get values, snmp_get() times out.
 
 What if you try with snmpget on that same node (not from a remote 
 system)?If you run essentially the same command locally:
 
   snmpget -v 2c -c config localhost sysDescr.0
 
 does it work or not?

The local system is an embedded system with few resources.  I haven't installed the 
tools (e.g., snmpget).  I may be able to set up to do that with some n/w storage.  
I'll try...



---
This SF.net email is sponsored by: IT Product Guide on ITManagersJournal
Use IT products in your business? Tell us what you think of them. Give us
Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more
http://productguide.itmanagersjournal.com/guidepromo.tmpl
___
Net-snmp-users mailing list
[EMAIL PROTECTED]
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: Possible problem with authorization in 5.2.rc1

[cnelson]

 ... you should be able to
 see if a packet goes out, if the agent receives it, if the agent sends a
 response and if the app receives it.

Thanks.  
My client logs:


Sending 93 bytes to UDP: [127.0.0.1]:161
: 30 5B 02 01  01 04 00 A0  54 02 04 77  0B 12 D2 020[..T..w
0016: 01 00 02 01  00 30 46 30  0C 06 08 2B  06 01 02 01.0F0...+
0032: 01 01 00 05  00 30 0C 06  08 2B 06 01  02 01 01 04.0...+..
0048: 00 05 00 30  0C 06 08 2B  06 01 02 01  01 05 00 05...0...+
0064: 00 30 0C 06  08 2B 06 01  02 01 01 06  00 05 00 30.0...+.0
0080: 0C 06 08 2B  06 01 02 01  01 03 00 05  00 ...+.


Resending 93 bytes to UDP: [127.0.0.1]:161
: 30 5B 02 01  01 04 00 A0  54 02 04 77  0B 12 D2 020[..T..w
0016: 01 00 02 01  00 30 46 30  0C 06 08 2B  06 01 02 01.0F0...+
0032: 01 01 00 05  00 30 0C 06  08 2B 06 01  02 01 01 04.0...+..
0048: 00 05 00 30  0C 06 08 2B  06 01 02 01  01 05 00 05...0...+
0064: 00 30 0C 06  08 2B 06 01  02 01 01 06  00 05 00 30.0...+.0
0080: 0C 06 08 2B  06 01 02 01  01 03 00 05  00 ...+.

GetSysValues: Timeout


and the agent logs:


Turning on AgentX master support.
NET-SNMP version 5.2.rc1

Received 93 bytes from UDP: [127.0.0.1]:49154
: 30 5B 02 01  01 04 00 A0  54 02 04 77  0B 12 D2 020[..T..w
0016: 01 00 02 01  00 30 46 30  0C 06 08 2B  06 01 02 01.0F0...+
0032: 01 01 00 05  00 30 0C 06  08 2B 06 01  02 01 01 04.0...+..
0048: 00 05 00 30  0C 06 08 2B  06 01 02 01  01 05 00 05...0...+
0064: 00 30 0C 06  08 2B 06 01  02 01 01 06  00 05 00 30.0...+.0
0080: 0C 06 08 2B  06 01 02 01  01 03 00 05  00 ...+.

Received SNMP packet(s) from UDP: [127.0.0.1]:49154
  GET message
-- SNMPv2-MIB::sysDescr.0
-- SNMPv2-MIB::sysContact.0
-- SNMPv2-MIB::sysName.0
-- SNMPv2-MIB::sysLocation.0
-- SNMPv2-MIB::sysUpTime.0

Received 93 bytes from UDP: [127.0.0.1]:49154
: 30 5B 02 01  01 04 00 A0  54 02 04 77  0B 12 D2 020[..T..w
0016: 01 00 02 01  00 30 46 30  0C 06 08 2B  06 01 02 01.0F0...+
0032: 01 01 00 05  00 30 0C 06  08 2B 06 01  02 01 01 04.0...+..
0048: 00 05 00 30  0C 06 08 2B  06 01 02 01  01 05 00 05...0...+
0064: 00 30 0C 06  08 2B 06 01  02 01 01 06  00 05 00 30.0...+.0
0080: 0C 06 08 2B  06 01 02 01  01 03 00 05  00 ...+.

Received SNMP packet(s) from UDP: [127.0.0.1]:49154
  GET message
-- SNMPv2-MIB::sysDescr.0
-- SNMPv2-MIB::sysContact.0
-- SNMPv2-MIB::sysName.0
-- SNMPv2-MIB::sysLocation.0
-- SNMPv2-MIB::sysUpTime.0


It seems that the communication is one-way; the agent doesn't say anything about 
sending a packet back to the client.



---
This SF.net email is sponsored by: IT Product Guide on ITManagersJournal
Use IT products in your business? Tell us what you think of them. Give us
Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more
http://productguide.itmanagersjournal.com/guidepromo.tmpl
___
Net-snmp-users mailing list
[EMAIL PROTECTED]
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: Possible problem with authorization in 5.2.rc1

[cnelson]

Well, I've come full circle.  I think I've confirmed that I have an authorization 
problem.

- snmpget on the local host times out just as my client application does

- When the client times out, there's a note in the log that it tried (and failed, but 
that's another issue) to send an authorization failure trap.

So, what's the problem?  Did the format or expected content of com2sec, etc. change 
between 5.1.1 and 5.2.rc1?  I've got the configuration shown below.  The public 
community works on- and off-node, config doesn't work at all.  This configuration 
works with 5.1.1, fails with 5.2.rc2

com2sec config localhost config
group config v2c config
view config included .1
access config  any noauth exact config config config

com2sec public default public
view public included .1
group public_v2 v1 public
group public_v2 v2c public
access public_v2  any noauth exact public none none
group public_v3 usm public
access public_v3  any auth exact public none none





---
This SF.net email is sponsored by: IT Product Guide on ITManagersJournal
Use IT products in your business? Tell us what you think of them. Give us
Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more
http://productguide.itmanagersjournal.com/guidepromo.tmpl
___
Net-snmp-users mailing list
[EMAIL PROTECTED]
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Possible problem with authorization in 5.2.rc1

[cnelson]

I'm trying to see if Bug 1016849 
(https://sourceforge.net/tracker/?func=detailatid=112694aid=1016849group_id=12694) 
is still in 5.2.  I've installed 45.2.rc1 and I'm having unrelated problems which are 
preventing me from validating the bug.

My /usr/share/snmp/snmpd.conf (which works with 5.1.1) includes:

com2sec config localhost config
group config v2c config
view config included .1
access config  any noauth exact config config config

com2sec public default public
view public included .1
group public_v2 v1 public
group public_v2 v2c public
access public_v2  any noauth exact public none none
group public_v3 usm public
access public_v3  any auth exact public none none

com2sec private default private
view private included .1
group private_v2 v1 private
group private_v2 v2c private
access private_v2  any noauth exact private private private
group private_v3 usm private
access private_v3  any auth exact private private private

and /var/net-snmp/snmpd.conf (also unchanged) has usmUser directives that make that 
work.  I can use snmpget on another system to read, for example, system.sysDescr.0 but 
on-node, when I try to use the config community to get values, snmp_get() times out.  
My code -- unchange from when it worked with 5.1.1 -- includes:

init_snmp(snmpapp);
snmp_sess_init( session );

session.peername = localhost;
session.retries = 1;
session.version = SNMP_VERSION_2c;
session.community = config;
session.community_len = strlen(session.community);

ss = snmp_open(session);

if ( ! ss) {
snmp_perror(ack);
snmp_log(LOG_ERR, Could not establish session with SNMP daemon.\n);
return NULL;
}
return ss;

and does not log a failure.  


Are there issues with authentication in 5.2.rc1 that someone else has discovered?  Did 
something in the snmp_sess_init() or snmp_open() change?



---
This SF.net email is sponsored by: IT Product Guide on ITManagersJournal
Use IT products in your business? Tell us what you think of them. Give us
Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more
http://productguide.itmanagersjournal.com/guidepromo.tmpl
___
Net-snmp-users mailing list
[EMAIL PROTECTED]
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: extending the agent

[cnelson]

 ... apparently you have to modify some of the code. Doesn't 
 the mib2c generates it all?

mib2c really can't know where your data is coming from (or going to, for a set 
request).  What it generates is a skeleton you can hang your own code on.  It really 
is 90% of the work.

 There are some places that say:
 snmp_set_var_typed_value(requests-requestvb, ASN_OCTET_STR,
 (u_char *) /* XXX: a pointer 
 to the 
 scalar's data */,
 /* XXX: the length of the data 
 in bytes 
 */);
 where I suppose you have to fill in the XXX. What do you have to do 
 in order to complete this?

It depends on your application.  You might have to get a value from come global and 
return it, you might have to look something up, query a database, make a system call.

 ...
 Can mib2c generate the full code? one you don't have to modify?

No, that's really not possible.

 Lastly, I would like to know if for snmpv3, the snmp message 
 travels encripted? 

If you use authentication, the user's password is encrypted.  If you also use privacy, 
the PDU is encrypted.

 How do you set up an enviroment to work with snmpv3? 

For MD5 authentication, you don't really need to do anything beyond building the 
agent.  For SHA authentication and for privacy (which only uses DES), you have to 
build the agent with OpenSSL support.  I'm pretty sure you _don't_ have to have a 
full-blown SSL installation with keys, etc.; Net-SNMP only uses some of the algorithms 
from OpenSSL.

 When using 
 snmpv3 you execute the commands with -v 3 and the message comes 
 back encripted?

I'm not sure what you're asking.  Yes, both directions of v3 communication are 
encrypted (if you use authentication and privacy).

Chris



---
This SF.net email is sponsored by: IT Product Guide on ITManagersJournal
Use IT products in your business? Tell us what you think of them. Give us
Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more
http://productguide.itmanagersjournal.com/guidepromo.tmpl
___
Net-snmp-users mailing list
[EMAIL PROTECTED]
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: Help, please. Can't get privacy to work

[cnelson]

 ...
   How can I prove that snmpd has SSL build in?
 
 U...
 
   a)   Try
   snmpget  UCD-SNMP-MIB::versionConfigureOptions.0
 
 That won't say explicitly, but will indicate how the suite was
 configured (which may indicate if it either turned on or turned off
 use of OpenSSL).

I get:

UCD-SNMP-MIB::versionConfigureOptions.0 = STRING: '--prefix=/usr' 
'--target=powerpc-linux' '--host=powerpc-linux' '--build=i386-pc-linux' 
'--with-endianness=big' '--with-cc=powerpc-linux-gcc' '--with-ar=powerpc-linux-ar' 
'--with-install-prefix=/IPm' '--with-cflags=-O2' '--disable-applications' 
'--disable-scripts' '--with-sys-location=Set location of switch' 
'--with-sys-contact=Set name (and e-mail) of contact for switch' 
'--with-logfile=/var/log/snmpd.log' '--with-default-snmp-version=3' 
'--with-persistent-directory=/var/net-snmp' 'build_alias=i386-pc-linux' 
'host_alias=powerpc-linux' 'target_alias=powerpc-linux'

Which _doesn't_ include ssl explicityly but does include SNMPv3 
(--with-default-snmp-version=3).  It seems that the configure script should either 
include SSL or complain if v3 is enabled and SSL isn't included.

   b)   ldd  snmpd
 
 That will show you which libraries are being linked to - any mention
 of 'libcrypto' or something similar would tend to indicate that it
 should support encrption

Alas, ldd isn't available on my target and ldd on the system where I cross-build 
doesn't seem to recognize the foreign binary as a program:

  $ ldd snmpd
  not a dynamic executable
  $ file snmpd
  snmpd: ELF 32-bit MSB executable, PowerPC or cisco 4500, version 1, dynamically 
linked (uses shared libs), stripped

   c)   nm snmpd | grep -i encrypt

  $ nm snmpd
  nm: snmpd: no symbols

 ...
   d)   strings snmpd| grep -i encrypt
   strings libnetsnmp.a | grep -i encrypt

That seems telling:

  $ strings libnetsnmp.so.5.1.1 | grep -i encrypt
  sc_encrypt
  USM encryption error
  Encryption support not enabled.
  sc_encrypt
  Encrypt function not defined.
  Encryption successful.
  couldn't malloc %d bytes for encrypted PDU
  encrypted sPDU
  Failed while parsing encrypted sPDU.


 If either of these include the message
Encryption support not enabled
   (or similar) then you're out of luck.
 (or at least would need to reconfigure/recompile)

OK.  I'll rebuild and see what I see.

 Though in fact, the remote agent should probably be logging this 
 anyway.

Yeah, that would be helpful.

 It might also be worth running the remote agent with  '-Dscapi'
 and seeing what the debug output says.

If rebuilding doesn't work...

 A few things for you to try, anyway.

Thanks.



---
This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
Project Admins to receive an Apple iPod Mini FREE for your judgement on
who ports your project to Linux PPC the best. Sponsored by IBM.
Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php
___
Net-snmp-users mailing list
[EMAIL PROTECTED]
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: Help, please. Can't get privacy to work

[cnelson]

My agent was missing ssl.  After much pain rebuilding, all it well.  Thanks.



---
This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
Project Admins to receive an Apple iPod Mini FREE for your judgement on
who ports your project to Linux PPC the best. Sponsored by IBM.
Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php
___
Net-snmp-users mailing list
[EMAIL PROTECTED]
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: Help, please. Can't get privacy to work

[cnelson]

 I'm trying to get v3 security to work.  I can use -l authNopriv but 
 -l authpriv gives decryption error.  I don't understand that.  
 Cryptography isn't my strong suit; I'm using a network sniffer to 
 look at packets ...

Ethereal reports that the reply to my encrypted PDU requesting sysLocation is a value 
of 3 for 
SNMP-USER-BASED-SM-MIB::usmStatsDecryptionErrors.0.  Each additional attempt to use 
privacy results in that value being incremented.



---
This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
Project Admins to receive an Apple iPod Mini FREE for your judgement on
who ports your project to Linux PPC the best. Sponsored by IBM.
Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php
___
Net-snmp-users mailing list
[EMAIL PROTECTED]
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: Help, please. Can't get privacy to work

[cnelson]

  I'm trying to get v3 security to work.  I can use -l authNopriv 
 but 
  -l authpriv gives decryption error.  I don't understand that.  
  Cryptography isn't my strong suit; I'm using a network sniffer to 
  look at packets ...
 
 Ethereal reports that the reply to my encrypted PDU requesting 
 sysLocation is a value of 3 for 
 SNMP-USER-BASED-SM-MIB::usmStatsDecryptionErrors.0.  Each 
 additional attempt to use privacy results in that value being 
 incremented.

I've now found that I can use SNMPv3 authpriv to access my local host which is running 
the same version (5.1.1) of net-snmp and has identical usr/vacm configuration.  So, I 
infer that something about snmpd on my target isn't handling DES decryption.  However, 
there's nothing in snmpd.log on the target.  I know I read somewhere -- and can't find 
now -- that I have to have build snmpd with SSL to get encryption.  How can I prove 
that snmpd has SSL build in?



---
This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
Project Admins to receive an Apple iPod Mini FREE for your judgement on
who ports your project to Linux PPC the best. Sponsored by IBM.
Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php
___
Net-snmp-users mailing list
[EMAIL PROTECTED]
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: How can I get createUser to be processed?

[cnelson]

(Ooops.  The first time I replied only to Thomas.)

 [EMAIL PROTECTED] wrote:
  The man page for snmpd.conf says:
 
 ...
 This directive should be placed into the  /var/net-
 snmp/snmpd.conf  file  instead  of the other normal
 locations.  The reason is that the  information  is
 read  from  the  file  and then the line is removed
 (eliminating the storage of the master password for
 that  user)  and  replaced  with  the  key  that is
 derived from it.  ...
 
  But the only time I see /var/net-snmp/snmpd.conf being rewritten
 is if I kill the agent and start it again.

 Yes, that's current behaviour. The persistent file is only saved on
 shutdown.However, I'd tend to agree that it'd be useful to be able
 to force the *running*
 agent to save this file. Currently not implemented, though, AFAICS.


When you say only _saved_ on shutdown, are you saying that if I write a createUser 
directive to /var/net-snmp/snmpd.c and hit the re-read config bit that the user will 
be created but the usmUser won't be written until the next shutdown?  That's not what 
I'm seeing.  The new user doesn't seem to be active until I restart.

If re-writing the persistent file is deemed useful, I might do it and send a patch.  
Can anyone say how likely that patch would be to be accepted?

   Chris





---
This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
Project Admins to receive an Apple iPod Mini FREE for your judgement on
who ports your project to Linux PPC the best. Sponsored by IBM.
Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php
___
Net-snmp-users mailing list
[EMAIL PROTECTED]
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Permissions on /var/net-snmp/snmpd.conf

[cnelson]

I have an administrative user, admin, who uses a configuration utility to manipulate 
parts of the system setup, including snmp users.  To do this, I've set 
/var/net-snmp/snmpd.conf to look like:

  # ls -ld /var/net-snmp/
  drwxrwxr-x2 root admin   0 Jan  1 02:14 /var/net-snmp/
  # ls -l /var/net-snmp/snmpd.conf 
  -rw-rw1 adminadmin 381 Jan  1 02:14 /var/net-snmp/snmpd.conf

But everytime I restart the agent, this file gets rewritten to be:

  # ls -l /var/net-snmp/snmpd.conf 
  -rw---1 root root  381 Jan  1 

And then the administrative user can't access the file any longer.

I found PERSISTENT_MASK but don't see any way to affect the _ownership_ of the 
recreated persistent file.  Am I missing something?  If not, I'm considering modifying 
whatever function rewrites the file to preserve ownership and mode.  Is there a good 
alternative?  A reason I shouldnt' do this?  If it's a good idea, what function am I 
looking for?  I'll keep looking but what a tangle web is net-snmp. ;-)

Chris



---
This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
Project Admins to receive an Apple iPod Mini FREE for your judgement on
who ports your project to Linux PPC the best. Sponsored by IBM.
Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php
___
Net-snmp-users mailing list
[EMAIL PROTECTED]
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: Am I confused or is read_config_read_octet_string broken?

[cnelson]

 On Wed, 15 Sep 2004 13:09:54 -0400 [EMAIL PROTECTED] wrote:
 CRC I'm trying to use read_config_read_octet_string() (in 5.1.1) 
 and I'm not
 CRC getting the results I expect.
 
 ghost voiceUse the source, Luke.../ghost voice

Yeah, I'm trying (that's where I found the snippet I posted).  But it's not exactly a 
small, clear code base.

 ...
 No, the function is inconsistent in its use of the len parameter. 
 In the case
 of a non-hex string and a user provided buffer, it passes len to a 
 functionthat expects it to be a buffer size.Thus, adding one line 
 before the read will
 fix your problem:
 
len = sizeof(value);

Thanks.



---
This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
Project Admins to receive an Apple iPod Mini FREE for your judgement on
who ports your project to Linux PPC the best. Sponsored by IBM.
Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php
___
Net-snmp-users mailing list
[EMAIL PROTECTED]
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: How can I get createUser to be processed?

[cnelson]

 ... I was unclear.  Here's what I'm doing:
 
 - writing a createUser directive to /var/net-snmp/snmpd.conf
 
 - Poking the reconfig bit in the agent's MIB
 ...

Here's the rub.  I wan't actually poking the reconfig bit as I thought I was.  That 
works now.  Never mind.



---
This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
Project Admins to receive an Apple iPod Mini FREE for your judgement on
who ports your project to Linux PPC the best. Sponsored by IBM.
Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php
___
Net-snmp-users mailing list
[EMAIL PROTECTED]
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Order of usmUser lines in /var/net-snmp/snmpd.conf

[cnelson]

If I put multiple createUser lines in /var/net-snmp/snmpd.conf and restart the agent, 
can I expect or rely upon the resulting usmUser lines being in the same order?  I'd 
like to be able to delete or modify one of several users but the usmUser lines are 
encrypted so I can't see which one corresponds to which of my original createUser 
lines.  If I could count on them being in the same order, I'd be fine.

 Chris



---
This SF.Net email is sponsored by: thawte's Crypto Challenge Vl
Crack the code and win a Sony DCRHC40 MiniDV Digital Handycam
Camcorder. More prizes in the weekly Lunch Hour Challenge.
Sign up NOW http://ad.doubleclick.net/clk;10740251;10262165;m
___
Net-snmp-users mailing list
[EMAIL PROTECTED]
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: Order of usmUser lines in /var/net-snmp/snmpd.conf

[cnelson]

Thomas Anders wrote:
 No need to rely on the order. The usmUser lines aren't really 
 encrypted, they 
 just contain localized keys and some of the data (like the user 
 name) in hex.
 
 The (notoriously undocumented) format actually is:
 
 usmUser userStatus userStorageType engineID name secName 
 cloneFrom 
 authProtocol authKey privProtocol privKey userPublicString
 
 It's very easy to find the entry you're looking for once you know 
 this format.
 
 
 Hope this helps,

Some but...

In all my experimenting, the name and secName fields seem to be the same.  Is that 
right?  What would make them different?

What's the userPublicString?



---
This SF.Net email is sponsored by: thawte's Crypto Challenge Vl
Crack the code and win a Sony DCRHC40 MiniDV Digital Handycam
Camcorder. More prizes in the weekly Lunch Hour Challenge.
Sign up NOW http://ad.doubleclick.net/clk;10740251;10262165;m
___
Net-snmp-users mailing list
[EMAIL PROTECTED]
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Am I confused or is read_config_read_octet_string broken?

[cnelson]

I'm trying to use read_config_read_octet_string() (in 5.1.1) and I'm not getting the 
results I expect.  It is written to allocate space for the return value if needed:

/*
 * malloc data space if needed (+1 for good measure) 
 */
if (*str == NULL) {
if ((cptr = (u_char *) malloc(*len + 1)) == NULL) {
return NULL;
}
*str = cptr;
} else {
cptr = *str;
}

and if I do:

   ...
   char* pt;
   size_t len;
   char* value;
   ...
   value = NULL;
   read_config_read_octet_string(pt, 
 (u_char**)value,
 len);

I get a value parsed out of the string pointed to by pt.  But, if I do:

   ...
   char* pt;
   size_t len;
   char value[32];
   ...
   read_config_read_octet_string(pt, 
 (u_char**)value,
 len);

len has the same value but only one character is copied into value.  Am I missing 
something obvious and stupid?

Chris



---
This SF.Net email is sponsored by: thawte's Crypto Challenge Vl
Crack the code and win a Sony DCRHC40 MiniDV Digital Handycam
Camcorder. More prizes in the weekly Lunch Hour Challenge.
Sign up NOW http://ad.doubleclick.net/clk;10740251;10262165;m
___
Net-snmp-users mailing list
[EMAIL PROTECTED]
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

How can I get createUser to be processed?

[cnelson]

The man page for snmpd.conf says:

   ...
   This directive should be placed into the  /var/net-
   snmp/snmpd.conf  file  instead  of the other normal
   locations.  The reason is that the  information  is
   read  from  the  file  and then the line is removed
   (eliminating the storage of the master password for
   that  user)  and  replaced  with  the  key  that is
   derived from it.  ...

But the only time I see /var/net-snmp/snmpd.conf being rewritten is if I kill the 
agent and start it again.  Poking  UCD-SNMP-MIB::versionUpdateConfig.0 
(.1.3.6.1.4.1.2021.100.11.0) doesn't seem to do it.  Is that a bug or my 
misunderstanding and bad expectations?

Chris



---
This SF.Net email is sponsored by: thawte's Crypto Challenge Vl
Crack the code and win a Sony DCRHC40 MiniDV Digital Handycam
Camcorder. More prizes in the weekly Lunch Hour Challenge.
Sign up NOW http://ad.doubleclick.net/clk;10740251;10262165;m
___
Net-snmp-users mailing list
[EMAIL PROTECTED]
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Complex views in VACM

[cnelson]

How can I -- or, for that matter, can I -- create complex views of the MIB.  For 
example, I'd like three users: public (read-only), private (read/write to most of the 
MIB), admin (read/write anything).  How do I say, public can see everything except 
the VACM tables and the snmpd reset bit and private can set everything except the 
VACM tables and the snmpd reset bit?

Chris



---
This SF.Net email is sponsored by: thawte's Crypto Challenge Vl
Crack the code and win a Sony DCRHC40 MiniDV Digital Handycam
Camcorder. More prizes in the weekly Lunch Hour Challenge.
Sign up NOW http://ad.doubleclick.net/clk;10740251;10262165;m
___
Net-snmp-users mailing list
[EMAIL PROTECTED]
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: SNMPv3 and encryption

[cnelson]

  ...
  I'd suggest you downgrade this to be auth rather than priv,
  make sure the passwords are consistent, and concentrate on getting
  SNMPv3 authentication working first.
   *Then* try adding privacy as well.
 
 Thanks.  I've got auth working and imagine priv isn't far behind.  

I spoke too soon.  In /var/net-snmp/snmpd.conf, I've tried:

   createUser admin MD5 adminpwd DES adminpwd

and

   createUser admin MD5 adminpwd DES

and in /usr/share/snmp/snmpd.conf, I've got:

  accessadminanyauth   exact  all   allall
  accessadminanypriv   exact  all   allall

Which I _think_ gives admin the same access whether using privacy or not.  I've tried 
this with and without the auth line.  After rebooting the system where the agent runs 
and seeing createUser turned into usmUser, I see:

  $ snmpwalk -v 3 -n  -u admin -a MD5 -A adminpwd -x DES -X adminpwd -l authPriv 
theserver system
  snmpwalk: Decryption error

Is this snmpwalk saying it couldn't decrpyt what came back from the agent?  How do I 
fix it?



---
This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
Project Admins to receive an Apple iPod Mini FREE for your judgement on
who ports your project to Linux PPC the best. Sponsored by IBM. 
Deadline: Sept. 13. Go here: http://sf.net/ppc_contest.php
___
Net-snmp-users mailing list
[EMAIL PROTECTED]
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: SNMPv3 and encryption

[cnelson]

  I put the following in /var/net-snmp/snmpd.conf:
  
createUser admin MD5 admin DES
 
  [but] When I try:
  
snmpwalk -v 3 -n  -u admin -a MD5 -A adminpwd -x DES -X 
 adminpwd   -l authPriv theserver system
  
  I get:
snmpwalk: Decryption error
 
 
 Either adminpwd should be admin in the command,
 or (the second) admin should be adminpwd in the createUser line.

Yes, of course.  Thank you.  I actually had it consistent on my system but copied the 
wrong lines in to my mail.

 ...
 I'd suggest you downgrade this to be auth rather than priv,
 make sure the passwords are consistent, and concentrate on getting
 SNMPv3 authentication working first.
  *Then* try adding privacy as well.

Thanks.  I've got auth working and imagine priv isn't far behind.  



---
This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
Project Admins to receive an Apple iPod Mini FREE for your judgement on
who ports your project to Linux PPC the best. Sponsored by IBM. 
Deadline: Sept. 13. Go here: http://sf.net/ppc_contest.php
___
Net-snmp-users mailing list
[EMAIL PROTECTED]
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: SNMPv3 and encryption

[cnelson]

- Original Message -
From: Dave Shield [EMAIL PROTECTED]
Date: Friday, September 10, 2004 9:28 am
Subject: Re: SNMPv3 and encryption

 ...
 After rebooting the system where the agent runs and seeing 
 createUser turned into usmUser, I see:
  
$ snmpwalk -v 3 . -l authPriv theserver system
snmpwalk: Decryption error
 
 Try running the agent using something like
 
   snmpd -f -Le -d
 
 and give a *single* (encrypted) snmpgetnext command.
 Something like
 
 snmpget -r 0 -t 600 -v 3  -l authPriv theserver system
 
 You ought to see four packets at the agent - two request/response 
 pairs.(The first to detect the engineID/bootInfo, and the second 
 for the
 request itself)
 
 What do you actually see?   

That's what I see (attached).

 Any error messages at the agent end?

Nope.


snmpd.log
Description: Binary data

SNMPv3 and encryption

[cnelson]

I'm trying to get my head around SNMPv3, specifically the security aspects.  I've read 
the FAQ and skimmed the RFCs but I need a little more orientation, if someone could 
oblige.

The/a big differenece between v2c and v3 is that v2c uses a community string, passed 
in the clear whereas v3 uses a user and password passed on an encrypted channel.  Is 
that right?  I believe I know that v3 uses SSL for its encryption.  And I think I know 
that if I use the net-snmp API or command-line tools on a client to contact net-snmp 
agent on a remote host, that all the encryption is handled for me under the covers.  

What I don't understand -- if that's all true -- is where the keys come from for 
establishing the connection.  Do I have to generate keys?  Do the agent and the API 
have keys that they know and use to trust each other?  If there's a FAQ or tutorial on 
this, I'd be happy for the pointer but I haven't found anything that says, If you 
want to use v3, you have to generate keys and install them like this

TIA.

  Chris



---
This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
Project Admins to receive an Apple iPod Mini FREE for your judgement on
who ports your project to Linux PPC the best. Sponsored by IBM. 
Deadline: Sept. 13. Go here: http://sf.net/ppc_contest.php
___
Net-snmp-users mailing list
[EMAIL PROTECTED]
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Default community configuration

[cnelson]

Looking at snmpd.conf.5, I find:

  The default configuration of the agent, as shipped, is functionally 
  equivalent to the following entries:

com2sec   publicdefault   public
group publicv1   public
group publicv2c  public
group publicusm  public
view  all  included  .1
accesspublic   any  noauthexact all 

But what about private, the default r/w community?



---
This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
Project Admins to receive an Apple iPod Mini FREE for your judgement on
who ports your project to Linux PPC the best. Sponsored by IBM. 
Deadline: Sept. 13. Go here: http://sf.net/ppc_contest.php
___
Net-snmp-users mailing list
[EMAIL PROTECTED]
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Secure access to agent

[cnelson]

I want to limit access to the net-snmp agent (snmpd) to only secure (encrypted) 
channels.  In the simplest case, I can include rouser and rwuser in snmpd.conf and 
omit rocommunity and rwcommunity.  Is that right?   

If i want to get a little more sophisitcated, I can omit v1 and v2c from my group 
table like:

  # sec.model  sec.name
  # group MyRWGroup v1 local
  # group MyRWGroup v2clocal
  group MyRWGroup   usmlocal
  # group MyROGroup v1 mynetwork
  # group MyROGroup v2cmynetwork
  group MyROGroup usmmynetwork

Is that right?

What if I want a local user/community to use within a configuration utility but never 
want remote, unencrypted access.  I'd include the MyRWGroup/v2c line above, right?

Finally, am I correct that in v5.1.x, there's no way to compile v1 or v2c out of the 
agent?  The best I can do is not configure insecure access?

TIA.

  Chris



---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=5047alloc_id=10808op=click
___
Net-snmp-users mailing list
[EMAIL PROTECTED]
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: Saving persistent values *now*

[cnelson]

(I've read this 3 times but I guess it's been a long day 'cuz it doesn't make sense to 
me.)

 Ok what I do is keep a local copy 

Local to what function?  Where?

 of the set request data in an array. This
 could easily be a linked list of objects. When a set request is 
 made I check
 a COMMIT flags in my MIB to see if that is set. If it is set when 
 the commit
 function gets called (following the set action) I then pack the 
 contents of
 the row into a message. This message is then parsed and columns 
 extractedand pushed into a
 linked list/ vector. The store function is called and writes the 
 linked list
 into persistence. By doing this updates to persistence are passed 
 to the
 user and not when the agent is killed. Make sence?

It sounds like you're talking about adding a row to a table.  I'm updating, not 
adding, and I'm doing one value on each of several rows.  But however it's done, my 
question is how do I force persistent values to be stored when set?  Can I safely and 
reasonably call the callback I registered to save on shutdown?  Since I don't use any 
of the values it gets passed, can I call

   mySaveFunc(0, 0, NULL, NULL);

?

 Chris



---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=5047alloc_id=10808op=click
___
Net-snmp-users mailing list
[EMAIL PROTECTED]
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: Help, please. Is there something wrong with this code?

[cnelson]

   You need to pass a pointer to the actual (binary) value - not a 
   printable version of it.
 
snmp_add_var(pdu, auth_OID, auth_OID_len, 'i', value);
 
 
  Thanks but:
  
x.c:1022: warning: passing arg 5 of `snmp_add_var' from
   incompatible pointer 
 type
 OK - so cast it to the expected type:
 
snmp_add_var(pdu, auth_OID, auth_OID_len, 'i', (u_char *)value);
 
 
 
  value is
  
char value[20]
  
  so it already _was_ a pointer.
 
 
 Yes - but a pointer to the wrong value.
 snmp_add_var is expecting a pointer to the *binary* value,
 not to a printable representation of it.
 
 For example, if value has the value 255,
 then snmp_add_var would expect a single byte containing 0xff,
 not three bytes containing the ascii characters '2', '5', '5'.
 (Well, actually it'd expect the 4-octet value 0x00ff,
 but you get the idea).
 
 The Net-SNMP suite invariably handles MIB value parameters as
 u_char*, but this doesn't mean a printable string.  It's best
 thought of as a generic pointer - i.e. similar to void*
 
 OK?

Well, no.  I really appreciate your quick feedback and explanation but now I'm worse 
off than I was.  Before, my set routine got called n times for port 1, now it doesn't 
get called at all!  

Now I've got:

  int SetTrapsEnabled(int links[])
  {
struct snmp_pdu *pdu;
struct snmp_pdu *response;

size_t port;
int status;
int retval;

pdu = snmp_pdu_create(SNMP_MSG_SET);

for (port = 0; port  NUM_IF; ++port) {
link_OID[link_OID_len-1] = port+1;
snmp_add_var(pdu, link_OID, link_OID_len, 'i',
 (u_char*)(links[port]));
}

status = snmp_synch_response(ss, pdu, response);

...

And nothing happens!



---
SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
Save 50% off Retail on Ink  Toner - Free Shipping and Free Gift.
http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285
___
Net-snmp-users mailing list
[EMAIL PROTECTED]
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Help, please. Is there something wrong with this code?

[cnelson]

I'm trying to manipulate ifLinkUpDownTrapEnable values.  I used mib2c to create a 
ifXTable module and I can get and set values with snmpget and snmpset just fine.  Now 
I'm trying to write a utility routine to update all the values with one call.  I've 
got something like:

// IF-MIB::ifLinkUpDownTrapEnable (.1.3.6.1.2.1.31.1.1.1.14).
// 0 replaced by port number below.
static oid link_OID[] = { SNMP_OID_MIB2, 31, 1, 1, 1, 14, 0 };
static size_t link_OID_len = OID_LENGTH(link_OID);

  int SXSNMPSetTrapsEnabled(int auth, int links[])
  {
struct snmp_pdu *pdu;
struct snmp_pdu *response;

size_t port;
char value[20];

int status;

int retval;

/*
 * Create the PDU for the data for our request.
 */
pdu = snmp_pdu_create(SNMP_MSG_SET);

sprintf(value, %d, auth);
snmp_add_var(pdu, auth_OID, auth_OID_len, 'i', value);

for (port = 0; port  NUM_IF; ++port) {
link_OID[link_OID_len-1] = port+1;
sprintf(value, %d, links[port]);

snmp_add_var(pdu, link_OID, link_OID_len, 'i', value);
}

/*
 * Send the Request out.
 */
status = snmp_synch_response(ss, pdu, response);
if (status == STAT_SUCCESS) {
retval = SXSNMP_SUCCESS;
} else {
snmp_log(LOG_ERR, Unable to set trap enable values\n);
retval = SXSNMP_FAILURE;
}

if (response)
snmp_free_pdu(response);

return retval;
  }

and I've added tracing to my set_ifLinkUpDownTrapEnable function.  When I use snmpset 
to set individual objects, I get things like:

  set_ifLinkUpDownTrapEnable: port 8, value 1
  set_ifLinkUpDownTrapEnable: port 1, value 1
  set_ifLinkUpDownTrapEnable: port 3, value 1

but when I call the function above, the value column is correct but the port is 1 for 
all the invocations.  

I drilled down through snmp_add_var() and it copies the OID so I don't see a problem 
with using the same OID variable over and over, changing just the last element.  And 
I've printed out the OID in the loop that calls snmp_add_var() and I get the correct 
values there.

Any pointers or insights appreciated.  Thanks!



---
SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
Save 50% off Retail on Ink  Toner - Free Shipping and Free Gift.
http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285
___
Net-snmp-users mailing list
[EMAIL PROTECTED]
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

What is bandwidth?

[cnelson]

RFC 2233 says ifHighSpeed is:

   An estimate of the interface's current bandwidth in
   units of 1,000,000 bits per second.  ...

Which suggests to me that a 10Mbps half-duplex port has ifHighSpeed = 10 and a 10Mbps 
full-duplex port (which has twice the _bandwidth_) has ifHighSpeed = 20.  I can't find 
anything that clarifies this.  Can any one on this list offer opinions or 
authoritative refereneces?  TIA.



---
SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
Save 50% off Retail on Ink  Toner - Free Shipping and Free Gift.
http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285
___
Net-snmp-users mailing list
[EMAIL PROTECTED]
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Re: Enabling authentication traps

[cnelson]

  ...
$ snmpget -v 2c -c public mynode SNMPv2-
 MIB::snmpEnableAuthenTraps.0   RFC1213-
 MIB::snmpEnableAuthenTraps.0 = INTEGER: disabled(2)
$ snmpset -v 2c -c public mynode SNMPv2-
 MIB::snmpEnableAuthenTraps.0 i 1
Error in packet.
Reason: notWritable (that object does not support modification)
 
 The two most likely causes are either access control, or a (read-only)
 config setting.   You say that you don't have an authentrapenable
 in your config files, so that would tend to point the finger at access
 control.
   public isn't normally configured as a writeable community.
 What access control setting do you have?
 Can you use public to write to other MIB objects?

Tactfully put.  I'm an idiot!  No, I can't set things with public.  Thanks for 
loaning my your eyes.



---
SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
Save 50% off Retail on Ink  Toner - Free Shipping and Free Gift.
http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285
___
Net-snmp-users mailing list
[EMAIL PROTECTED]
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Persistent values in/from a table

[cnelson]

I've found read_config.c and read the comments there about callbacks and 
read_config_store() and I've looked at how the net-snmp distribution deals with 
snmpEnableAuthenTraps but I'm having trouble applying those concepts to my problem.

I'm implementing ifXTable and want to make the per-port setting 
IF-MIB::ifLinkUpDownTrapEnable persistent.  I'd appreciate some pointers on what to 
put into my mib2c generated access routines to accomplish this.  Thanks.



---
SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
Save 50% off Retail on Ink  Toner - Free Shipping and Free Gift.
http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285
___
Net-snmp-users mailing list
[EMAIL PROTECTED]
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Enabling link up/down traps

[cnelson]

I'm missing something.  I look at IF-MIB.txt and I see ifLinkUpDownTrapEnable but I've 
used mib2c to build code to handle interfaces and there's no ifLinkUpDownTrapEnable 
objects in that code.  I see that the enable object is on an ifXEntry in the ifXTable 
but how do I get to that?  I just want users to be able to turn link up/down traps on 
and off. TIA.



---
SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
Save 50% off Retail on Ink  Toner - Free Shipping and Free Gift.
http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285
___
Net-snmp-users mailing list
[EMAIL PROTECTED]
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users