Re: snmptrap v3 authentication

[Simon Chamlian]

Something else.

I tried with SimpleMib browser as well as MGSOFT Mib browser.




On Tue, Apr 25, 2023 at 10:30 AM Niels Baggesen via Net-snmp-coders <
net-snmp-coders@lists.sourceforge.net> wrote:

> Which trap receiver are you using? snmptrapd, or something else?
>
> /Niels
> Den 25-04-2023 kl. 15:10 skrev Simon Chamlian:
>
> I tried the command:
>
> snmptrap -v 3 -u  Simon  -a MD5 -A  SimonPass -l authNoPriv 172.27.37.227
> "" coldStart.0
>
> (with  security name  : Simon and   authentication password  : SimonPass ).
>
> These parameters are not set in any config files anywhere.
>
> On another PC with IP 172.27.37.227, I have a MIB browser and trap
> receiver. The trap receiver is receiving the trap even when it is not
> configured with the  security name  : Simon and   authentication password
> : SimonPass .
>
> I was not expecting to receive the trap until I configured the trap
> receiver with the same security name and authentication password!?!
>
> Simon
>
>
>
>
> On Tue, Apr 25, 2023 at 3:17 AM Craig Small via Net-snmp-coders <
> net-snmp-coders@lists.sourceforge.net> wrote:
>
>> On Sat, 15 Apr 2023 at 11:12, Simon Chamlian 
>> wrote:
>>
>>>
>>> snmptrap -v 3 -u  Simon  -a MD5 -A  SimonPass -l authNoPriv
>>> 172.27.37.227 "" coldStart.0
>>>
>>> I do receive the trap on my Trap Receiver even if I didn't specify a
>>> Username and Authentication password in the MIB browser (on 172.27.37.227 )
>>> !
>>>
>> Do you mean the security name instead of the username?
>> The -u sets the security name, -A sets the authentication password.
>> They're set in the example you gave.
>>
>> Or are you saying that you tried that command without the username and
>> authentication password?
>> If so, are you sure that you don't have those parameters set in an snmp
>> configuration file?
>>
>> Trying the command with -Dread_config:line may help here.
>>
>> I tried snmptrap 5.9.3 with no -u and -A flags and with/without a
>> configuration file and it only worked with the configuration file.
>>
>>  - Craig
>>
>> ___
>> Net-snmp-coders mailing list
>> Net-snmp-coders@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
>>
>
>
> ___
> Net-snmp-coders mailing 
> listNet-snmp-coders@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/net-snmp-coders
>
> --
> Niels Baggesen -- @home -- Århus -- Denmark -- n...@users.sourceforge.net
>The purpose of computing is insight, not numbers  --  R W Hamming
>
> ___
> Net-snmp-coders mailing list
> Net-snmp-coders@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
>
___
Net-snmp-coders mailing list
Net-snmp-coders@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders

Re: snmptrap v3 authentication

[Simon Chamlian]

I tried the command:

snmptrap -v 3 -u  Simon  -a MD5 -A  SimonPass -l authNoPriv 172.27.37.227
"" coldStart.0

(with  security name  : Simon and   authentication password  : SimonPass ).

These parameters are not set in any config files anywhere.

On another PC with IP 172.27.37.227, I have a MIB browser and trap
receiver. The trap receiver is receiving the trap even when it is not
configured with the  security name  : Simon and   authentication password
: SimonPass .

I was not expecting to receive the trap until I configured the trap
receiver with the same security name and authentication password!?!

Simon




On Tue, Apr 25, 2023 at 3:17 AM Craig Small via Net-snmp-coders <
net-snmp-coders@lists.sourceforge.net> wrote:

> On Sat, 15 Apr 2023 at 11:12, Simon Chamlian 
> wrote:
>
>>
>> snmptrap -v 3 -u  Simon  -a MD5 -A  SimonPass -l authNoPriv 172.27.37.227
>> "" coldStart.0
>>
>> I do receive the trap on my Trap Receiver even if I didn't specify a
>> Username and Authentication password in the MIB browser (on 172.27.37.227 )
>> !
>>
> Do you mean the security name instead of the username?
> The -u sets the security name, -A sets the authentication password.
> They're set in the example you gave.
>
> Or are you saying that you tried that command without the username and
> authentication password?
> If so, are you sure that you don't have those parameters set in an snmp
> configuration file?
>
> Trying the command with -Dread_config:line may help here.
>
> I tried snmptrap 5.9.3 with no -u and -A flags and with/without a
> configuration file and it only worked with the configuration file.
>
>  - Craig
>
> ___
> Net-snmp-coders mailing list
> Net-snmp-coders@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
>
___
Net-snmp-coders mailing list
Net-snmp-coders@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders

Fwd: snmptrap v3 authentication

[Simon Chamlian]

Hi,

The snmptrap v3 authentication does not seem to be working.

I am using Version:  5.9.1

>From my agent, I issue:

snmptrap -v 3 -u  Simon  -a MD5 -A  SimonPass -l authNoPriv 172.27.37.227
"" coldStart.0

I do receive the trap on my Trap Receiver even if I didn't specify a
Username and Authentication password in the MIB browser (on 172.27.37.227 )
!

I was NOT expecting to receive any traps until I set up the Username and
Authentication!?!

Any explanation?

Thanks,
S
___
Net-snmp-coders mailing list
Net-snmp-coders@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders

Re: Diffie-Hellman Key

[Simon Chamlian]

So once it is compiled in, how do you add the Diffie-Hellman in
createUser instruction
in the snmpd.conf file?

-Simon


On Wed, Sep 7, 2022 at 11:21 AM Wes Hardaker 
wrote:

> Craig Small via Net-snmp-coders 
> writes:
>
> > My understanding is the only way of adding the key is with the snmpusm
> > command.  Except it doesn't work for me.
>
> snmpusm is used to change a key, but isn't really doing DH for each
> transaction after that.  It's still using a shared-secret.
>
> (D)TLS support is available, however, for using certificates instead
> which is a more modern cryptographic mechanism.
>
> > $ snmpusm -v3 -u simon -l authPriv -a SHA1 -A simon-pass -x AES128 -X
> simon-priv
> > localhost changekey simon
> > snmpusm:
> > Can't get diffie-helman exchange from the agent
> >   (maybe it doesn't support the SNMP-USM-DH-OBJECTS-MIB MIB)
>
> That may have meant it wasn't complied in.  Make sure the
> snmp-usm-dh-objects-mib module is complied into the agent.
>
> --
> Wes Hardaker
> Please mail all replies to net-snmp-coders@lists.sourceforge.net
>
___
Net-snmp-coders mailing list
Net-snmp-coders@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders

Diffie-Hellman Key

[Simon Chamlian]

Hi,

Does NET-SNMP 5.9.x support Diffie-Hellman?
If so, how do I configure it in snmpd.configuration?

For example, if I have the following in snmpd.conf:

createUser simon  SHA "simon-pass" AES128   "simon-priv"
rwuser simon


How do I add a DH key?

Thanks,
S.
___
Net-snmp-coders mailing list
Net-snmp-coders@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders

MIB search path

[Simon Chamlian]

Hi,

When using snmpinform, I get the messages:

SNMPInform failed: MIB search path: /root/.snmp/mibs:/usr/share/snmp/mibs

Where are these MIB search paths defined?

When I issue:
# net-snmp-config --default-mibdirs
/home/root/.snmp/mibs:/usr/share/snmp/mibs

So it should look for:
 /home/root/.snmp/mibs  but instead it looks for /root/.snmp/mibs.

Also,
# echo $HOME
/home/root

Why are the applications looking for the MIB in the wrong path ?

Thanks,
S.
___
Net-snmp-coders mailing list
Net-snmp-coders@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders

NET-SNMP version: 5.8 - v1/ v2 blocked, v3 works

[Simon Chamlian]

Hi,

Seems like v1/v2 is blocked while v3 works fine.


*V3 works Fine*
# snmpget  -v 3 -u Simon -a MD5 -A simon123 -l authNoPriv  localhost
 NEM-DCI-MIB::nemDCISnmpTrapPort.0
NEM-DCI-MIB::nemDCISnmpTrapPort.0 = INTEGER: 162

*V1/V2 does not work*
# snmpget -v 2c -c public localhost  NEM-DCI-MIB::nemDCISnmpTrapPort.0
NEM-DCI-MIB::nemDCISnmpTrapPort.0 = No Such Object available on this agent
at this OID

# snmpget -v 1 -c public localhost  NEM-DCI-MIB::nemDCISnmpTrapPort.0
Error in packet
Reason: (noSuchName) There is no such variable name in this MIB.
Failed object: NEM-DCI-MIB::nemDCISnmpTrapPort.0


*The config file I have is:*

createUser SimonMD5 "simon123"
rwuser Simon
# rocommunity: a SNMPv1/SNMPv2c read-only access community name
rocommunity  public

# rwcommunity: a SNMPv1/SNMPv2c read-write access community name
rwcommunity  private


Any clues on why this is happening?

Thanks,
Simon
___
Net-snmp-coders mailing list
Net-snmp-coders@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders

Compiling Net-SNMP with TLS and DTLS Support

[Simon Chamlian]

Hi,

Compiling Net-SNMP with TLS and DTLS Support

Just ensure you have a recent version of OpenSSL
 installed as well
as run configure with the following two options in addition to your normal
options:

# ./configure *--with-security-modules=tsm --with-transports=TLSTCP,DTLSUDP*


When these flags (--with-security-modules and --with-transports) are not
specified, what does snmpv3 uses by default?

Thanks,
S.



>
___
Net-snmp-coders mailing list
Net-snmp-coders@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders

Re: Net-SNMP 5.8 compatibility issue

[Simon Chamlian]

The incompatibility started when I upgraded OpenSSL.

Since I am compiling NET-SNMP within yocto, I cannot do 'make install'.



On Mon, Aug 31, 2020 at 11:18 AM Wes Hardaker <
harda...@users.sourceforge.net> wrote:

> Simon Chamlian  writes:
>
> > There seems to be a compatibility issue between net-snmp and the crypto
> > library.
>
> Was that a self-built Net-SNMP 5.8?  And it was built recently after the
> system upgraded to the newer libcrypto?
>
> And did you try a 'make install' to see if the installation works or is
> that running in the agent directory itself with the libtool wrapper script?
> --
> Wes Hardaker
> Please mail all replies to net-snmp-coders@lists.sourceforge.net
>
___
Net-snmp-coders mailing list
Net-snmp-coders@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders

Net-SNMP 5.8 compatibility issue

[Simon Chamlian]

Hi,

There seems to be a compatibility issue between net-snmp and the crypto
library.

The libcrypto has been updated to 1.1, but snmp still calls for 1.0.2
instead of using the link.



~# snmpd -v
snmpd: error while loading shared libraries: libcrypto.so.1.0.2: cannot
open shared object file: No such file or directory


# ls -l /usr/lib/libcrypto*
lrwxrwxrwx 1 root root  16 Jun 30 21:18 /usr/lib/libcrypto.so ->
libcrypto.so.1.1
-rwxr-xr-x 1 root root 2034008 Jul  6 13:01 /usr/lib/libcrypto.so.1.1
___
Net-snmp-coders mailing list
Net-snmp-coders@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders

Re: v5.8 - Error opening specified endpoint ""

[Simon Chamlian]

It is not the case!

# netstat -tulpn | grep LISTEN
tcp0  0 0.0.0.0:36847   0.0.0.0:*   LISTEN
 248/rpc.statd
tcp0  0 0.0.0.0:111 0.0.0.0:*   LISTEN
 238/rpcbind
tcp0  0 0.0.0.0:21  0.0.0.0:*   LISTEN
 246/vsftpd
tcp0  0 0.0.0.0:53550.0.0.0:*   LISTEN
 232/systemd-resolve
tcp6   0  0 :::111  :::*LISTEN
 238/rpcbind
tcp6   0  0 :::80   :::*LISTEN
 530/httpd
tcp6   0  0 :::22   :::*LISTEN
 1/init
tcp6   0  0 :::55423:::*LISTEN
 248/rpc.statd
tcp6   0  0 :::5355 :::*LISTEN
 232/systemd-resolve
#


# cat /etc/services | grep 161
snmp 161/tcp # Simple Net Mgmt Protocol
snmp 161/udp
#








On Fri, Mar 6, 2020 at 4:30 PM David Moriconi (dmoricon) 
wrote:

> This error can also happen when port 161 is already in use. Make sure it
> is not the case.
>
>
>
> *From: *Simon Chamlian 
> *Date: *Friday, March 6, 2020 at 3:50 PM
> *To: *Larry Hayes 
> *Cc: *Net-SNMP Coders ,
> net-snmp-users 
> *Subject: *Re: v5.8 - Error opening specified endpoint ""
>
>
>
> when I run your suggestion, I get:
>
>
>
> Error opening specified endpoint "udp:0.0.0.0:161"
>
>
>
>
>
>
>
> On Fri, Mar 6, 2020 at 3:13 PM Larry Hayes  wrote:
>
> Have you tried specifying the listening address, I know it's optional
> but...
>
>
>
> snmpd  -c /home/user/my_snmpd.conf  -Lf /tmp/snmpd_log.txt udp:0.0.0.0:161
>
>
>
> On Thu, Mar 5, 2020 at 11:53 AM Simon Chamlian 
> wrote:
>
> Hi,
>
>
>
> When I start snmpd agent, it exists with an error message:
>
>  Error opening specified endpoint ""
>
>
>
> I start as root with:
>
>  snmpd  -c /home/user/my_snmpd.conf  -Lf /tmp/snmpd_log.txt
>
>
>
>
>
> The config file my_snmpd.conf is very simple:
>
> createUser Simon   MD5 "Simon-pass"
> rwuser Simon
> rocommunity  public
> rwcommunity  private
>
>
>
> This method used to work on other platforms but suddenly, I am getting the
> above error.
>
>
>
> I found a few mentions of this problem:
>
>
>
> https://sourceforge.net/p/net-snmp/mailman/message/36398374/
>
>
> https://stackoverflow.com/questions/50054564/net-snmp-on-start-says-error-opening-specified-endpoint-in-raspberry-pi-j
>
>
>
> but they don't work.
>
>
>
> Any hint on what to do?
>
>
>
> Thx,
>
> S
>
>
>
>
>
> ___
> Net-snmp-coders mailing list
> Net-snmp-coders@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
>
>
___
Net-snmp-coders mailing list
Net-snmp-coders@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders

Re: v5.8 - Error opening specified endpoint ""

[Simon Chamlian]

when I run your suggestion, I get:

Error opening specified endpoint "udp:0.0.0.0:161"



On Fri, Mar 6, 2020 at 3:13 PM Larry Hayes  wrote:

> Have you tried specifying the listening address, I know it's optional
> but...
>
> snmpd  -c /home/user/my_snmpd.conf  -Lf /tmp/snmpd_log.txt udp:0.0.0.0:161
>
> On Thu, Mar 5, 2020 at 11:53 AM Simon Chamlian 
> wrote:
>
>> Hi,
>>
>> When I start snmpd agent, it exists with an error message:
>>  Error opening specified endpoint ""
>>
>> I start as root with:
>>  snmpd  -c /home/user/my_snmpd.conf  -Lf /tmp/snmpd_log.txt
>>
>>
>> The config file my_snmpd.conf is very simple:
>> createUser Simon   MD5 "Simon-pass"
>> rwuser Simon
>> rocommunity  public
>> rwcommunity  private
>>
>> This method used to work on other platforms but suddenly, I am getting
>> the above error.
>>
>> I found a few mentions of this problem:
>>
>> https://sourceforge.net/p/net-snmp/mailman/message/36398374/
>>
>> https://stackoverflow.com/questions/50054564/net-snmp-on-start-says-error-opening-specified-endpoint-in-raspberry-pi-j
>>
>> but they don't work.
>>
>> Any hint on what to do?
>>
>> Thx,
>> S
>>
>>
>> ___
>> Net-snmp-coders mailing list
>> Net-snmp-coders@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
>>
>
___
Net-snmp-coders mailing list
Net-snmp-coders@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders

v5.8 - Error opening specified endpoint ""

[Simon Chamlian]

Hi,

When I start snmpd agent, it exists with an error message:
 Error opening specified endpoint ""

I start as root with:
 snmpd  -c /home/user/my_snmpd.conf  -Lf /tmp/snmpd_log.txt


The config file my_snmpd.conf is very simple:
createUser Simon   MD5 "Simon-pass"
rwuser Simon
rocommunity  public
rwcommunity  private

This method used to work on other platforms but suddenly, I am getting the
above error.

I found a few mentions of this problem:

https://sourceforge.net/p/net-snmp/mailman/message/36398374/
https://stackoverflow.com/questions/50054564/net-snmp-on-start-says-error-opening-specified-endpoint-in-raspberry-pi-j

but they don't work.

Any hint on what to do?

Thx,
S
___
Net-snmp-coders mailing list
Net-snmp-coders@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders

SNMP Reflection DDOS Attacks

[Simon Chamlian]

Hi,

According to the following synopsis

https://www.akamai.com/us/en/multimedia/documents/state-of-the-internet/snmp-reflector-attacks-threat-advisory.pdf


The remote SNMP daemon is responding with a large amount of data to a
'GETBULK' request with a larger than normal value for 'max-repetitions'. A
remote attacker can use this SNMP server to conduct a reflected distributed
denial of service attack on an arbitrary remote host.


What is the actual ’max-repetitions'  of NET-SNMP  version 5.7.1  ?
Is this value the same for version 5.8.x ?


Thanks,
Simon
___
Net-snmp-coders mailing list
Net-snmp-coders@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders

Re: Authentication failed for user

[Simon Chamlian]

the source of the error is in:   net-snmp-5.8/snmplib/snmpusm.c




/*
 * Check the authentication credentials of the message.
 */
if (secLevel == SNMP_SEC_LEVEL_AUTHNOPRIV
|| secLevel == SNMP_SEC_LEVEL_AUTHPRIV) {
if (sc_check_keyed_hash(user->authProtocol, user->authProtocolLen,
user->authKey, user->authKeyLen,
wholeMsg, wholeMsgLen,
signature, signature_length)
!= SNMP_ERR_NOERROR) {
DEBUGMSGTL(("usm", "Verification failed.\n"));
snmp_increment_statistic(STAT_USMSTATSWRONGDIGESTS);
snmp_log(LOG_WARNING, "Authentication failed for %s\n",
user->name);
return SNMPERR_USM_AUTHENTICATIONFAILURE;
}

DEBUGMSGTL(("usm", "Verification succeeded.\n"));
}




On Thu, Apr 25, 2019 at 2:28 PM Simon Chamlian 
wrote:

> Hi,
>
> I am issuing an inform, (*which works fine* as I get the inform) but
> getting the following error:
>
> snmpinform -v 3 -r 1 -t 1 -u "User" -a MD5 -A "UserPass" -l authNoPriv
> 172.27.37.222 ""  DCI-MIB::DCITrapCritical DCI-MIB::NEID s "NE_Identif"
>
> *Authentication failed for User*
>
> Any reason why I am getting this error message?
>
> Thx,
> S
>
>
>
___
Net-snmp-coders mailing list
Net-snmp-coders@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders

Authentication failed for user

[Simon Chamlian]

Hi,

I am issuing an inform, (*which works fine* as I get the inform) but
getting the following error:

snmpinform -v 3 -r 1 -t 1 -u "User" -a MD5 -A "UserPass" -l authNoPriv
172.27.37.222 ""  DCI-MIB::DCITrapCritical DCI-MIB::NEID s "NE_Identif"

*Authentication failed for User*

Any reason why I am getting this error message?

Thx,
S
___
Net-snmp-coders mailing list
Net-snmp-coders@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders

Re: Net-SNMP 5.8 - Having both snmp v2 and v3 available.

[Simon Chamlian]

I got it working.

Since I was compiling under Yocto, the cache wasn't cleared.

Thanks,
S


On Tue, Sep 11, 2018 at 11:17 AM, Wes Hardaker <
harda...@users.sourceforge.net> wrote:

> Simon Chamlian  writes:
>
> > I am not seeing and compilation errors. It compiles fine but v2 does
> > not work:
>
> Very odd.  What options did you compile with (IE, configure options...
> run ./config.status --version to find out, or 'net-snmp-config
> --configure-options'.
>
> You might also run snmpd with -Dvacm to get debugging output for the
> authorization code.
> --
> Wes Hardaker
> Please mail all replies to net-snmp-coders@lists.sourceforge.net
>
___
Net-snmp-coders mailing list
Net-snmp-coders@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders

Re: Net-SNMP 5.8 - Having both snmp v2 and v3 available.

[Simon Chamlian]

I am not seeing and compilation errors. It compiles fine but v2 does not
work:


*with 5.7.3*
$ snmpset -v 3 -u Simon -a MD5 -A Simon-00 -l authNoPriv 172.27.43.15
MPBC-1RU-MIB::mpbc1RUAckTrapCriticalEnable.0 i 1
MPBC-1RU-MIB::mpbc1RUAckTrapCriticalEnable.0 = INTEGER: true(1)

$ snmpget -v 2c -c public 172.27.43.15
MPBC-1RU-MIB::mpbc1RUAckTrapCriticalEnable.0
MPBC-1RU-MIB::mpbc1RUAckTrapCriticalEnable.0 = INTEGER: true(1)


*with 5.8 (another machine)*
$ snmpset -v 3 -u Simon -a MD5 -A Simon-00 -l authNoPriv 172.27.43.2
MPBC-1RU-MIB::mpbc1RUAckTrapCriticalEnable.0 i 1
MPBC-1RU-MIB::mpbc1RUAckTrapCriticalEnable.0 = INTEGER: true(1)

$ snmpget -v 2c -c public 172.27.43.2
MPBC-1RU-MIB::mpbc1RUAckTrapCriticalEnable.0
MPBC-1RU-MIB::mpbc1RUAckTrapCriticalEnable.0 = No Such Object available on
this agent at this OID


both have the same snmpd.conf :

createUser Simon  MD5 "Simon-00"
rwuser Simon

rocommunity  public
rwcommunity  private


and same code.

I launch the agent using:

snmpd -c /home/simon/snmpd.conf -Lf /tmp/snmpd_log.txt







But when I run it, from my MIB browser, I can communicate only using snmpv3.

When trying to get data using v2, it simply

On Fri, Aug 31, 2018 at 11:33 AM, Wes Hardaker <
harda...@users.sourceforge.net> wrote:

> Simon Chamlian  writes:
>
> > With snmp 5.7.3 I used to have the agent handling both v2 and v3.
> >
> > With 5.8, only v3 seems to be available.
>
> No, they should both work.  Can you be more specific about how you
> compiled it and what errors you're seeing?
> --
> Wes Hardaker
> Please mail all replies to net-snmp-coders@lists.sourceforge.net
>
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
Net-snmp-coders mailing list
Net-snmp-coders@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders

Net-SNMP 5.8 - Having both snmp v2 and v3 available.

[Simon Chamlian]

Greetings,

With snmp 5.7.3 I used to have the agent handling both v2 and v3.

With 5.8, only v3 seems to be available.

Did the compilation flags changed ?

Do I need a specific flag (something like --enable_v2) to enable both v2
and v3?

Thanks,
S
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
Net-snmp-coders mailing list
Net-snmp-coders@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders

snmpwalk - " Error in packet. Reason: (genError) A general failure occured "

[Simon Chamlian]

Hi,

Issuing a snmpwalk on a table is getting the whole table and then finishes
with :
 " Error in packet. Reason: (genError) A general failure occured "
error.

Is this a known bug?

Thanks,
S
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
Net-snmp-coders mailing list
Net-snmp-coders@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders

Re: Net-snmp 5.7.3 Yocto - [No Such Object available on this agent at this OID]

[Simon Chamlian]

Did anyone used net-snmp under systemd ?



On Thu, Aug 23, 2018 at 3:24 PM, Simon Chamlian 
wrote:

> Hi,
>
> I have been working several days on this issue without any success.
>
> On our old Linux embedded system (using LTIB - Linux target Integrated
> Builder), the agent was working fine. Now I am trying to port it on a new
> system using Yocto to build the image.
>
> Basically I have my own MIB and associated code which I am compiling with
> the agent.
>
> Here is the summary of the configuration:
>
> $ cat configure-summary
>   SNMP Versions Supported:1 2c 3
>   Building for:   linux
>   Net-SNMP Version:   5.7.3
>   Network transport support:  Callback Unix Alias UDP TCP UDPIPv4Base
> UDPBase IPv4Base SocketBase TCPBase
>   SNMPv3 Security Modules: usm
>   *Agent MIB code:default_modules my_file1  my_file2
> my_Timer_Util* =>  snmpv3mibs mibII/snmp_mib mibII/system_mib
> mibII/sysORTable mibII/vacm_vars mibII/vacm_conf
>   MYSQL Trap Logging: unavailable
>   Embedded Perl support:  disabled
>   SNMP Perl modules:  disabled
>   SNMP Python modules:disabled
>   Crypto support from:internal
>   Authentication support: MD5 SHA1
>   Encryption support: DES AES
>   Local DNSSEC validation:disabled
> $
>
>
> my_file1  my_file2  my_Timer_Util  are my C code to handle my MIB.
>
> *This method was used on old system with no problems.*
>
>
> On the new system (172.27.43.2) I have:
>
> root@NEM:/etc/snmp#  snmptranslate   -IR -On mpbc1RUDateTime
> .1.3.6.1.4.1.4464.2.3.4.2.3
> root@NEM:/etc/snmp#
>
> So the MIB is recognized!
>
> But a snmpget is failing
>
> root@NEM:/etc/snmp# snmpget  -v 3 -u Simon -a MD5 -A Simon-00 -l
> authNoPriv -t 5 172.27.43.2  MPBC-1RU-MIB::mpbc1RUDateTime.0
> MPBC-1RU-MIB::mpbc1RUDateTime.0 = No Such Object available on this agent
> at this OID
> root@NEM:/etc/snmp#
>
> root@NEM:/etc/snmp# snmpget -v 2c -c public 172.27.43.2
> MPBC-1RU-MIB::mpbc1RUDateTime.0
> MPBC-1RU-MIB::mpbc1RUDateTime.0 = No Such Object available on this agent
> at this OID
> root@NEM:/etc/snmp#
>
>
>
>
> Needless to say, in snmpd.conf I have:
> createUser Simon  MD5 "Simon-00"
> rwuser Simon
>
> # SNMPv1/SNMPv2c
> rocommunity  public
> rwcommunity  private
>
>
> What am I missing?
>
> Any hint will be greatly appreciated.
>
> S.
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
Net-snmp-coders mailing list
Net-snmp-coders@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders

Net-snmp 5.7.3 Yocto - [No Such Object available on this agent at this OID]

[Simon Chamlian]

Hi,

I have been working several days on this issue without any success.

On our old Linux embedded system (using LTIB - Linux target Integrated
Builder), the agent was working fine. Now I am trying to port it on a new
system using Yocto to build the image.

Basically I have my own MIB and associated code which I am compiling with
the agent.

Here is the summary of the configuration:

$ cat configure-summary
  SNMP Versions Supported:1 2c 3
  Building for:   linux
  Net-SNMP Version:   5.7.3
  Network transport support:  Callback Unix Alias UDP TCP UDPIPv4Base
UDPBase IPv4Base SocketBase TCPBase
  SNMPv3 Security Modules: usm
  *Agent MIB code:default_modules my_file1  my_file2
my_Timer_Util* =>  snmpv3mibs mibII/snmp_mib mibII/system_mib
mibII/sysORTable mibII/vacm_vars mibII/vacm_conf
  MYSQL Trap Logging: unavailable
  Embedded Perl support:  disabled
  SNMP Perl modules:  disabled
  SNMP Python modules:disabled
  Crypto support from:internal
  Authentication support: MD5 SHA1
  Encryption support: DES AES
  Local DNSSEC validation:disabled
$


my_file1  my_file2  my_Timer_Util  are my C code to handle my MIB.

*This method was used on old system with no problems.*


On the new system (172.27.43.2) I have:

root@NEM:/etc/snmp#  snmptranslate   -IR -On mpbc1RUDateTime
.1.3.6.1.4.1.4464.2.3.4.2.3
root@NEM:/etc/snmp#

So the MIB is recognized!

But a snmpget is failing

root@NEM:/etc/snmp# snmpget  -v 3 -u Simon -a MD5 -A Simon-00 -l authNoPriv
-t 5 172.27.43.2  MPBC-1RU-MIB::mpbc1RUDateTime.0
MPBC-1RU-MIB::mpbc1RUDateTime.0 = No Such Object available on this agent at
this OID
root@NEM:/etc/snmp#

root@NEM:/etc/snmp# snmpget -v 2c -c public 172.27.43.2
MPBC-1RU-MIB::mpbc1RUDateTime.0
MPBC-1RU-MIB::mpbc1RUDateTime.0 = No Such Object available on this agent at
this OID
root@NEM:/etc/snmp#




Needless to say, in snmpd.conf I have:
createUser Simon  MD5 "Simon-00"
rwuser Simon

# SNMPv1/SNMPv2c
rocommunity  public
rwcommunity  private


What am I missing?

Any hint will be greatly appreciated.

S.
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
Net-snmp-coders mailing list
Net-snmp-coders@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders

Re: Adding c files to build agent

[Simon Chamlian]

It is not that easy in my case because I am cross compiling the agent for
an embedded target system. Also, the whole package is being compiled from
within Yocto (bitbake).

So I ran ./configure --with-mib-modules " file1 file2"

I noticed this created couple of Makefiles.

Then I ran
 bitbake net-snmp
which compiled the agent. I hoped that my modules would be integrated but
when I burn the image on the target embedded system,
snmpd is running but somehow my modules aren't being called so a get on my
mib is not returning the expected value.







On Tue, Aug 21, 2018 at 9:38 AM, Bart Van Assche  wrote:

> On 08/21/18 06:01, Simon Chamlian wrote:
> > Any pointers on how I can use AgentX ?
>
> Please keep the list in Cc: when replying.
>  More information about AgentX is available at
> http://net-snmp.sourceforge.net/wiki/index.php/TUT:Writing_a_Subagent.
> Since it has been a while since that page has been updated, if any
> information on that page would be outdated, please let us know.
>
> Bart.
>
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
Net-snmp-coders mailing list
Net-snmp-coders@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders

Adding c files to build agent

[Simon Chamlian]

Hi,

I am trying to adapt the agent to our requirements. In order to do so, I
need to add some code (c files) to the agent to handle our own MIB.

The agent is running on an embedded system (Linux-systemd) using Yocto to
build it.

Where (in which makefile) do I add my own code?

I need to do something like:

 --with-mib-modules=" file1  file2  file3 "

Any hints will be appriciated.

Thanks,
S
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
Net-snmp-coders mailing list
Net-snmp-coders@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders

porting Net-SNMP 5.8 to Yocto

[Simon Chamlian]

Hi,

While trying to port the newly released net-snmp to yocto, I am getting the
following error:

ERROR: This autoconf log indicates errors, it looked at host include and/or
library paths while determining system capabilities.
Rerun configure task after fixing this.
DEBUG: Python function do_qa_configure finished
ERROR: Function failed: do_qa_configure


Any hints?

Thanks,
S
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
Net-snmp-coders mailing list
Net-snmp-coders@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders

Creating a user with NoAuthNoPriv

[Simon Chamlian]

 Hi,

It is not possible to create a user with no authentication and no privacy
in snmpd.conf?

I tried (http://net-snmp.sourceforge.net/wiki/index.php/TUT:SNMPv3_Options):

rouser noAuthUser
createUser NoAuthUser

but I get the following error:

# snmpgetnext -v 3 -n "" -u noAuthUser -l noAuthNoPriv
test.net-snmp.org sysUpTime
Error in packet.
Reason: authorizationError (access denied to that object)



Thanks,
S
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
Net-snmp-coders mailing list
Net-snmp-coders@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders

Re: Does Net-SNMP support AES192 or AES256?

[Simon Chamlian]

Test results (omitted rwuser instruction for brevity):

createUser user0  MD5 "authpw-00"   Works
createUser user1  MD5 "authpw-00" AES "default-00"  Works

createUser user2  MD5 "authpw-00" AES192  "default-00"  FAILED
createUser user2c MD5 "authpw-00" AES192C "default-00"  Works

createUser user3  SHA "authpw-00" AES192  "default-00"  FAILED
createUser user3c SHA "authpw-00" AES192C "default-00"  Works

createUser user4  SHA "authpw-00" AES256  "default-00"  FAILED
createUser user4c SHA "authpw-00" AES256C "default-00"  Works

In summary, it works when 'C' is added ("Cisco" algorithm);

Unfortunately I couldn't try SHA224, SHA256, SHA384 and SHA512 since my
browser supports only SHA96

Thank you Bill !!

Simon







On Mon, Apr 9, 2018 at 4:13 PM, Bill Fenner  wrote:

> On Mon, Apr 9, 2018 at 12:21 PM, Simon Chamlian 
> wrote:
>
>> Hi ,
>>
>> Thanks for the information Bill. So  --with-transports="DTLSUDP"
>> --with-security-modules="tsm" are not required but simply
>> --enable-blumenthal-aes
>>
>> So I compiled the agent using the following configuration:
>>
>> ./configure  --disable-embedded-perl
>>  --without-perl-modules with_endianness=big
>>  --enable-mini-agent --with-default-snmp-version="3"
>>  --disable-debugging
>>  --with-sys-contact="who@where"
>> --with-logfile="/var/log/snmp"
>>  --with-transports="UDP TCP"
>>  --enable-blumenthal-aes
>>
>> In snmpd.conf I have:
>>
>>createUser user   MD5 "authpw-00"
>>rwuser user
>>
>>createUser user1  MD5 "authpw-00" AES "default-00"
>>rwuser user1
>>
>>createUser user2  MD5 "authpw-00" AES192 "default-00"
>>rwuser user2
>>
>> 1) The error message unknown privProtocol has disappeared from log file.
>> 2) From the MIB browser, I do a GET on one of the OID using user
>> (noPriv) and it works fine.
>> 3) From the MIB browser, I do a GET on one of the OID using user2 using
>> AES-128 and it works fine .
>> 4) From the MIB browser, I do a GET on one of the OID using user3 using
>> AES-192 and it DOES NOT work! I get the following error in the log file:
>>
>>  security service 3 error parsing ScopedPDU
>>
>>  What I am missing?
>>
>
> There are two ways to take a short auth key and lengthen it for a strong
> privacy algorithm.  Two things to try:
>
> 1. Use "AES192C" for the user instead of "AES192" (this uses the "Cisco"
> algorithm);
> 2. Use a stronger auth mechanism, which creates a longer auth key, which
> doesn't have to be lengthened for the strong privacy algorithm, avoiding
> the question of how to lengthen it. I think SHA suffices, but of course
> SHA224, SHA256, SHA384 and SHA512 are available to try.
>
>   Bill
>
>
>>
>> On Fri, Apr 6, 2018 at 8:49 PM, Bill Fenner  wrote:
>>
>>> Simon,
>>>
>>> The USM AES192 and AES256 support is based upon an Internet Draft, which
>>> never became a standard - therefore, you have to pass
>>> "--enable-blumenthal-aes" to ./configure. (You don't have to enable TSM or
>>> the TLS transports; that's a whole different kettle of fish.)
>>>
>>>   Bill
>>>
>>>
>>> On Fri, Apr 6, 2018 at 12:01 PM, Simon Chamlian 
>>> wrote:
>>>
>>>> Thanks for the tip.
>>>>
>>>> I did compile with the following options:
>>>>
>>>> --disable-embedded-perl
>>>> --without-perl-modules with_endianness=big
>>>> --enable-mini-agent
>>>> --with-default-snmp-version="3"
>>>> --enable-ipv6
>>>> --disable-debugging
>>>> --with-sys-contact="who@where"
>>>> --with-logfile="/var/log/snmp"
>>>>
>>>> *--with-transports="DTLSUDP TLSTCP" --with-security-modules="tsm" *
>>>>
>>>>
>>>> Still when I put
>>>>
>>>> createUser User2  MD5 "passwrd-00" AES192 (or AES-192) "default-00"
>>>>
>>>> I get an error message:
>>>>
>>>> snmpd.conf: line 27: Error: unknown privProtocol
>>>>

Re: Does Net-SNMP support AES192 or AES256?

[Simon Chamlian]

Hi ,

Thanks for the information Bill. So  --with-transports="DTLSUDP"
--with-security-modules="tsm" are not required but simply
--enable-blumenthal-aes

So I compiled the agent using the following configuration:

./configure  --disable-embedded-perl
 --without-perl-modules with_endianness=big
 --enable-mini-agent --with-default-snmp-version="3"
 --disable-debugging
 --with-sys-contact="who@where"
--with-logfile="/var/log/snmp"
 --with-transports="UDP TCP"
 --enable-blumenthal-aes

In snmpd.conf I have:

   createUser user   MD5 "authpw-00"
   rwuser user

   createUser user1  MD5 "authpw-00" AES "default-00"
   rwuser user1

   createUser user2  MD5 "authpw-00" AES192 "default-00"
   rwuser user2

1) The error message unknown privProtocol has disappeared from log file.
2) From the MIB browser, I do a GET on one of the OID using user  (noPriv)
and it works fine.
3) From the MIB browser, I do a GET on one of the OID using user2 using
AES-128 and it works fine .
4) From the MIB browser, I do a GET on one of the OID using user3 using
AES-192 and it DOES NOT work! I get the following error in the log file:

 security service 3 error parsing ScopedPDU

 What I am missing?

Thanks,
Simon




On Fri, Apr 6, 2018 at 8:49 PM, Bill Fenner  wrote:

> Simon,
>
> The USM AES192 and AES256 support is based upon an Internet Draft, which
> never became a standard - therefore, you have to pass
> "--enable-blumenthal-aes" to ./configure. (You don't have to enable TSM or
> the TLS transports; that's a whole different kettle of fish.)
>
>   Bill
>
>
> On Fri, Apr 6, 2018 at 12:01 PM, Simon Chamlian 
> wrote:
>
>> Thanks for the tip.
>>
>> I did compile with the following options:
>>
>> --disable-embedded-perl
>> --without-perl-modules with_endianness=big
>> --enable-mini-agent
>> --with-default-snmp-version="3"
>> --enable-ipv6
>> --disable-debugging
>> --with-sys-contact="who@where"
>> --with-logfile="/var/log/snmp"
>>
>> *--with-transports="DTLSUDP TLSTCP" --with-security-modules="tsm" *
>>
>>
>> Still when I put
>>
>> createUser User2  MD5 "passwrd-00" AES192 (or AES-192) "default-00"
>>
>> I get an error message:
>>
>> snmpd.conf: line 27: Error: unknown privProtocol
>>
>> So does SNMP 5.8 support AES192 and AES256?
>> Is it another syntax I need in snmpd.conf?
>>
>> Thanks,
>>
>> S.
>>
>>
>>
>>
>> On Thu, Apr 5, 2018 at 5:14 PM, Keith Mendoza 
>> wrote:
>>
>>> Simon,
>>> Those options have to be enabled in the configure options. I suggest
>>> building with the following configure options:
>>> --with-transports="DTLSUDP" --with-security-modules="tsm"
>>>
>>> There might be other configure options that you need to make it work.
>>>
>>> Just note though that SNMPv3 RFC _does not_ specify AES192 and AES256;
>>> they specified some older algorithms that were "latest and greatest"
>>> at the time it was being drafted :(
>>>
>>> Thanks,
>>> Keith
>>> Thanks,
>>> Keith
>>>
>>>
>>> On Thu, Apr 5, 2018 at 1:54 PM, Simon Chamlian 
>>> wrote:
>>> >
>>> >
>>> >
>>> > Hi,
>>> >
>>> > Does Net-SNMP support AES192 or AES256?
>>> >
>>> > According to this link
>>> >
>>> > http://www.net-snmp.org/wiki/index.php/Strong_Authentication
>>> _or_Encryption
>>> >
>>> > The short answer is Yes, starting with release 5.8 AES193 and AES256
>>> are an
>>> > optional configure option.
>>> >
>>> > So I downloaded version 5.8.pre2 and tried:
>>> >
>>> >
>>> >   createUser user2  SHA "passwrd-00" AES192 "default-00"
>>> >   rwuser   user2
>>> >
>>> >   createUser user3  SHA "passwrd-00" AES256 "default-00"
>>> >   rwuser   user3
>>> >
>>> >
>>> > Does not work. I get an error:
>>> >   snmpd.conf: line 27: Error: unknown privProtocol
>>> >   snmpd.conf: line 31: Error: unknown privProtocol
>>> >
>>> > Any insight will be highly appreciated.
>>> >

Re: Does Net-SNMP support AES192 or AES256?

[Simon Chamlian]

Thanks for the tip.

I did compile with the following options:

--disable-embedded-perl
--without-perl-modules with_endianness=big
--enable-mini-agent
--with-default-snmp-version="3"
--enable-ipv6
--disable-debugging
--with-sys-contact="who@where"
--with-logfile="/var/log/snmp"

*--with-transports="DTLSUDP TLSTCP" --with-security-modules="tsm" *


Still when I put

createUser User2  MD5 "passwrd-00" AES192 (or AES-192) "default-00"

I get an error message:

snmpd.conf: line 27: Error: unknown privProtocol

So does SNMP 5.8 support AES192 and AES256?
Is it another syntax I need in snmpd.conf?

Thanks,

S.




On Thu, Apr 5, 2018 at 5:14 PM, Keith Mendoza  wrote:

> Simon,
> Those options have to be enabled in the configure options. I suggest
> building with the following configure options:
> --with-transports="DTLSUDP" --with-security-modules="tsm"
>
> There might be other configure options that you need to make it work.
>
> Just note though that SNMPv3 RFC _does not_ specify AES192 and AES256;
> they specified some older algorithms that were "latest and greatest"
> at the time it was being drafted :(
>
> Thanks,
> Keith
> Thanks,
> Keith
>
>
> On Thu, Apr 5, 2018 at 1:54 PM, Simon Chamlian 
> wrote:
> >
> >
> >
> > Hi,
> >
> > Does Net-SNMP support AES192 or AES256?
> >
> > According to this link
> >
> > http://www.net-snmp.org/wiki/index.php/Strong_
> Authentication_or_Encryption
> >
> > The short answer is Yes, starting with release 5.8 AES193 and AES256 are
> an
> > optional configure option.
> >
> > So I downloaded version 5.8.pre2 and tried:
> >
> >
> >   createUser user2  SHA "passwrd-00" AES192 "default-00"
> >   rwuser   user2
> >
> >   createUser user3  SHA "passwrd-00" AES256 "default-00"
> >   rwuser   user3
> >
> >
> > Does not work. I get an error:
> >   snmpd.conf: line 27: Error: unknown privProtocol
> >   snmpd.conf: line 31: Error: unknown privProtocol
> >
> > Any insight will be highly appreciated.
> >
> > S.
> >
> >
> >
> >
> > 
> --
> > Check out the vibrant tech community on one of the world's most
> > engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> > ___
> > Net-snmp-coders mailing list
> > Net-snmp-coders@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
> >
>
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
Net-snmp-coders mailing list
Net-snmp-coders@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders

Fwd: Does Net-SNMP support AES192 or AES256?

[Simon Chamlian]

Hi,

Does Net-SNMP support AES192 or AES256?

According to this link

http://www.net-snmp.org/wiki/index.php/Strong_Authentication_or_Encryption

The short answer is Yes, starting with release 5.8 AES193 and AES256 are an
optional configure option.
So I downloaded version 5.8.pre2 and tried:


  createUser user2  SHA "passwrd-00" AES192 "default-00"
  rwuser   user2

  createUser user3  SHA "passwrd-00" AES256 "default-00"
  rwuser   user3


Does not work. I get an error:
  snmpd.conf: line 27: Error: unknown privProtocol
  snmpd.conf: line 31: Error: unknown privProtocol

Any insight will be highly appreciated.

S.
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
Net-snmp-coders mailing list
Net-snmp-coders@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders

snmpd log file

[Simon Chamlian]

Hi,

I am seeing some weird messages in the log file generated by snmpd.

Example:

Sending 194 bytes to UDP: [172.27.37.227]:60682->[172.27.42.214]:161
: 30 81 BF 02  01 03 30 0D  02 01 0A 02  02 05 C0 040.0.
0016: 01 01 02 01  03 04 2E 30  2C 04 0D 80  00 1F 88 80...0,...
0032: 23 29 E6 83  5A C5 2C 68  02 01 0A 02  01 48 04 05#)..Z.,h.H..
0048: 41 64 6D 69  6E 04 0C 8D  14 AF 4A EF  E3 C7 E0 13hello.J.
0064: 8D 33 96 04  00 30 7B 04  0D 80 00 1F  88 80 23 29.3...0{...#)
0080: E6 83 5A C5  2C 68 04 00  A2 68 02 01  0A 02 01 00..Z.,h...h..
0096: 02 01 00 30  5D 30 17 06  0F 2B 06 01  04 01 A2 70...0]0...+.p
0112: 02 03 04 01  01 01 02 08  40 04 C0 03  01 FD 30 17@.0.
0128: 06 0F 2B 06  01 04 01 A2  70 02 03 04  01 01 01 02..+.p...
0144: 08 40 04 C0  03 01 FD 30  13 06 0F 2B  06 01 04 01.@.0...+
0160: A2 70 02 03  04 01 01 01  03 08 04 00  30 14 06 0F.p..0...
0176: 2B 06 01 04  01 A2 70 02  03 04 01 01  01 04 08 02+.p.
0192: 01 02 ..


Received 192 byte packet from UDP:
[172.27.37.227]:60682->[172.27.42.214]:161



How can I disable these messages?

I cannot even find them in source code to comment them out.

Thanks,
S
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
Net-snmp-coders mailing list
Net-snmp-coders@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders

Re: NET-SNMP version: 5.7.3 and IPv6

[Simon Chamlian]

  SNMP Versions Supported:1 2c 3
  Building for:   linux
  Net-SNMP Version:   5.7.3
  Network transport support:  Callback Unix Alias TCPIPv6 UDPIPv6 UDP TCP
IPv6Base SocketBase TCPBase UDPBase UDPIPv4Base IPv4Base
  SNMPv3 Security Modules: usm
  *** MIB Module warning *** mib module '\' is both included and excluded.
It has been excluded.
  Agent MIB code:default_modules . =>  snmpv3mibs
mibII/snmp_mib mibII/system_mib mibII/sysORTable mibII/vacm_vars
mibII/vacm_conf
  MYSQL Trap Logging: unavailable
  Embedded Perl support:  disabled
  SNMP Perl modules:  disabled
  SNMP Python modules:disabled
  Crypto support from:crypto
  Authentication support: MD5
  Encryption support:
  Local DNSSEC validation:disabled

Note that I am cross compiling net-snmp for an embedded target.
I wonder if I am forgetting to download something?

I usually download the applications and libraries:
libnetsnmphelpers.so.30.0.3
libnetsnmp.so.30.0.3
libnetsnmpmibs.so.30.0.3
libnetsnmpagent.so.30.0.3
libnetsnmptrapd.so.30.0.3

S.


On Wed, Jan 24, 2018 at 11:57 AM, Bill Fenner  wrote:

> Can you paste the end of your configuration run, where it summarizes the
> results? The “rocommunity6” configuration directive will be available if
> that configuration summary includes “UDPIPv6” in the “Network transport
> support:” list - e.g.,
>
> -
> Net-SNMP configuration summary:
> -
>
>   SNMP Versions Supported:1 2c 3
>   Building for:   linux
>   Net-SNMP Version:   5.8.pre1
>   Network transport support:  Callback Unix Alias TCP UDP TCPIPv6 UDPIPv6 
> IPv4Base SocketBase TCPBase UDPIPv4Base UDPBase IPv6Base
>
> How did you build your net-snmp? Is there any chance that you built the
> agent/ subdirectory without IPv6 support, and the snmplib/ subdirectory
> with IPv6 support? That would cause “rocommunity6” to not work but
> “agentaddress udp6:…” would work.
>
> Bill
> ​
>
> On Wed, Jan 24, 2018 at 11:42 AM, Simon Chamlian 
> wrote:
>
>> Seems like --enable-ipv6  is not enough to make SNMPv2 work with IPv6
>> since:
>>
>> # ./snmpd  -H 2>&1 | grep community
>> trapsink host [community] [port]
>> trap2sinkhost [community] [port]
>> informsink   host [community] [port]
>> trapcommunitycommunity-string
>> com2sec  [-Cn CONTEXT] secName
>> IPv4-network-address[/netmask] community
>> com2sec6 [-Cn CONTEXT] secName
>> IPv6-network-address[/netmask] community
>> com2secunix  [-Cn CONTEXT] secName sockpath community
>> authcommunityauthtype1,authtype2 community
>> [default|hostname|network/bits [oid|-V view [context]]]
>> rwcommunity  community [default|hostname|network/bits
>> [oid|-V view [context]]]
>> rocommunity  community [default|hostname|network/bits
>> [oid|-V view [context]]]
>>
>> does not show  rwcommunity6 and rocommunity6 .
>>
>> So what other flags do I need in addition to (--enable-ipv6) to
>> re-compile to make rwcommunity6/rocommunity6 available?
>>
>> S.
>>
>>
>>
>> On Mon, Jan 15, 2018 at 2:37 PM, Simon Chamlian 
>> wrote:
>>
>>> Hi,
>>>
>>> Just recompiled the agent by enabling IPv6 (  --enable-ipv6).
>>>
>>> The agent is working fine but don't seem to be able to use IPv6.
>>>
>>> Example:
>>>
>>> # snmpget -v 3 -u Admin -a MD5 -A Admin-00 -l authNoPriv 172.27.42.199
>>> MPBC-1RU-MIB::mpbc1RUNEID.0 -Oqv
>>> "TestNew"
>>>
>>> works fine.
>>>
>>>
>>> In Ipv6:
>>>
>>> # snmpget -v 3 -u Admin -a MD5 -A Admin-00 -l authNoPriv
>>> udp6:'[fe80::6eff:beff:fe02:d0%eth0]':161 MPBC-1RU-MIB::mpbc1RUNEID.0
>>> -Oqv
>>> snmpget: Timeout
>>>
>>> I also tried without the port
>>> # snmpget -v 3 -u Admin -a MD5 -A Admin-00 -l authNoPriv
>>> udp6:'[fe80::6eff:beff:fe02:d0%eth0]' MPBC-1RU-MIB::mpbc1RUNEID.0 -Oqv
>>> snmpget: Timeout
>>>
>>>
>>> Gives me timeout. What am I doing wrong? Do I need any special
>>> instructions in snmpd.conf file?
>>>
>>> Note that when I launch the agent, I get the following error message in
>>> the log:
>>> Error opening specified endpoint ""
>>> Server Exiting with co

Re: NET-SNMP version: 5.7.3 and IPv6

[Simon Chamlian]

Seems like --enable-ipv6  is not enough to make SNMPv2 work with IPv6 since:

# ./snmpd  -H 2>&1 | grep community
trapsink host [community] [port]
trap2sinkhost [community] [port]
informsink   host [community] [port]
trapcommunitycommunity-string
com2sec  [-Cn CONTEXT] secName
IPv4-network-address[/netmask] community
com2sec6 [-Cn CONTEXT] secName
IPv6-network-address[/netmask] community
com2secunix  [-Cn CONTEXT] secName sockpath community
authcommunityauthtype1,authtype2 community
[default|hostname|network/bits [oid|-V view [context]]]
rwcommunity  community [default|hostname|network/bits
[oid|-V view [context]]]
rocommunity  community [default|hostname|network/bits
[oid|-V view [context]]]

does not show  rwcommunity6 and rocommunity6 .

So what other flags do I need in addition to (--enable-ipv6) to re-compile
to make rwcommunity6/rocommunity6 available?

S.



On Mon, Jan 15, 2018 at 2:37 PM, Simon Chamlian 
wrote:

> Hi,
>
> Just recompiled the agent by enabling IPv6 (  --enable-ipv6).
>
> The agent is working fine but don't seem to be able to use IPv6.
>
> Example:
>
> # snmpget -v 3 -u Admin -a MD5 -A Admin-00 -l authNoPriv 172.27.42.199
> MPBC-1RU-MIB::mpbc1RUNEID.0 -Oqv
> "TestNew"
>
> works fine.
>
>
> In Ipv6:
>
> # snmpget -v 3 -u Admin -a MD5 -A Admin-00 -l authNoPriv
> udp6:'[fe80::6eff:beff:fe02:d0%eth0]':161 MPBC-1RU-MIB::mpbc1RUNEID.0 -Oqv
> snmpget: Timeout
>
> I also tried without the port
> # snmpget -v 3 -u Admin -a MD5 -A Admin-00 -l authNoPriv
> udp6:'[fe80::6eff:beff:fe02:d0%eth0]' MPBC-1RU-MIB::mpbc1RUNEID.0 -Oqv
> snmpget: Timeout
>
>
> Gives me timeout. What am I doing wrong? Do I need any special
> instructions in snmpd.conf file?
>
> Note that when I launch the agent, I get the following error message in
> the log:
> Error opening specified endpoint ""
> Server Exiting with code 1
>
> But the agent works fine with IPv4.
>
> Thanks,
> S
>
>
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
Net-snmp-coders mailing list
Net-snmp-coders@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders

Re: NET-SNMP version: 5.7.3 and IPv6

[Simon Chamlian]

I am sure about the compilation with --enable-ipv6 because it works with
snmp v3

# snmpget -v 3 -u Admin -a MD5 -A Admin-00 -l authNoPriv 172.27.42.15
MPBC-1RU-MIB::mpbc1RUNEID.0 -Oqv
"VERSA_199"

# snmpget -v 3 -u Admin -a MD5 -A Admin-00 -l authNoPriv
[fe80::6eff:beff:fe02:d0%eth0] MPBC-1RU-MIB::mpbc1RUNEID.0 -Oqv
"VERSA_199"

It is only with snmpv2 that both addresses (Ipv4/IPv6) don't work.

#  snmpget -v 2c -c public 172.27.42.15 MPBC-1RU-MIB::mpbc1RUNEID.0
MPBC-1RU-MIB::mpbc1RUNEID.0 = STRING: "VERSA_199"

#  snmpget -v 2c -c public [fe80::6eff:beff:fe02:d0%eth0]
MPBC-1RU-MIB::mpbc1RUNEID.0
Timeout: No Response from [fe80::6eff:beff:fe02:d0%eth0].


>From what I understand from your answer is that having
rocommunity6/rwcommunity6 in the snmpd.conf file is a must?









On Wed, Jan 24, 2018 at 2:21 AM, Niels Baggesen 
wrote:

> On Wed, Jan 17, 2018 at 10:58:40AM -0500, Simon Chamlian wrote:
> > but these tokens are not recognized:
> > ./snmpd.conf: line 12: Warning: Unknown token: rocommunity6.
> > ./snmpd.conf: line 13: Warning: Unknown token: rwcommunity6.
>
> This means that snmpd did not understand you config, and accordingly it
> does not support community access for IPv6.
>
> Are you sure you are running the version compiled with --enable-ipv6?
>
> What other config options did you use?
>
> /Niels
>
> --
> Niels Baggesen - @home - Århus - Denmark - n...@users.sourceforge.net
> The purpose of computing is insight, not numbers   ---   R W Hamming
>
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
Net-snmp-coders mailing list
Net-snmp-coders@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders

Re: NET-SNMP version: 5.7.3 and IPv6

[Simon Chamlian]

Since there is no reply, let me ask a different question:

Was anyone able to use IPv6 with SNMPv2?

IPv4
 # snmpget -v 2c -c public 172.27.42.199 MPBC-1RU-MIB::mpbc1RUNEID.0
 MPBC-1RU-MIB::mpbc1RUNEID.0 = STRING: "VERSA_199"

works fine


IPv6

# snmpget -v 2c -c public [fe80::6eff:beff:fe02:d0%eth0]
MPBC-1RU-MIB::mpbc1RUNEID.0
Timeout: No Response from [fe80::6eff:beff:fe02:d0%eth0].

or without the '%eth0'

# snmpget -v 2c -c public [fe80::6eff:beff:fe02:d0]
MPBC-1RU-MIB::mpbc1RUNEID.0
Timeout: No Response from [fe80::6eff:beff:fe02:d0].


does NOT work.

Thanks,
S.



On Wed, Jan 17, 2018 at 10:58 AM, Simon Chamlian 
wrote:

> I got the Ipv6 working finally with SNMP v3. I had to add:
> agentaddress udp:161
> agentaddress udp6:161
>
> in snmpd.conf.
>
>
> Now the problem is SNMPv2 that does not work with IPv6.
>
> I added:
>  rocommunity6 public
>  rwcommunity6 private
>
> but these tokens are not recognized:
> ./snmpd.conf: line 12: Warning: Unknown token: rocommunity6.
> ./snmpd.conf: line 13: Warning: Unknown token: rwcommunity6.
>
> Any hint will be much appreciated.
>
> Simon
>
>
>
>
>
>
>
>
>
>
> On Tue, Jan 16, 2018 at 4:54 PM, Bill Fenner  wrote:
>
>> Simon,
>>
>> Can you try with global addresses? I wouldn't be horribly surprised if
>> scope zones were not supported properly.  (Global v6 addresses have worked
>> for me in net-snmp for years.)
>>
>>   Bill
>>
>>
>> On Mon, Jan 15, 2018 at 2:37 PM, Simon Chamlian 
>> wrote:
>>
>>> Hi,
>>>
>>> Just recompiled the agent by enabling IPv6 (  --enable-ipv6).
>>>
>>> The agent is working fine but don't seem to be able to use IPv6.
>>>
>>> Example:
>>>
>>> # snmpget -v 3 -u Admin -a MD5 -A Admin-00 -l authNoPriv 172.27.42.199
>>> MPBC-1RU-MIB::mpbc1RUNEID.0 -Oqv
>>> "TestNew"
>>>
>>> works fine.
>>>
>>>
>>> In Ipv6:
>>>
>>> # snmpget -v 3 -u Admin -a MD5 -A Admin-00 -l authNoPriv
>>> udp6:'[fe80::6eff:beff:fe02:d0%eth0]':161 MPBC-1RU-MIB::mpbc1RUNEID.0
>>> -Oqv
>>> snmpget: Timeout
>>>
>>> I also tried without the port
>>> # snmpget -v 3 -u Admin -a MD5 -A Admin-00 -l authNoPriv
>>> udp6:'[fe80::6eff:beff:fe02:d0%eth0]' MPBC-1RU-MIB::mpbc1RUNEID.0 -Oqv
>>> snmpget: Timeout
>>>
>>>
>>> Gives me timeout. What am I doing wrong? Do I need any special
>>> instructions in snmpd.conf file?
>>>
>>> Note that when I launch the agent, I get the following error message in
>>> the log:
>>> Error opening specified endpoint ""
>>> Server Exiting with code 1
>>>
>>> But the agent works fine with IPv4.
>>>
>>> Thanks,
>>> S
>>>
>>>
>>> 
>>> --
>>> Check out the vibrant tech community on one of the world's most
>>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>>> ___
>>> Net-snmp-coders mailing list
>>> Net-snmp-coders@lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
>>>
>>>
>>
>
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
Net-snmp-coders mailing list
Net-snmp-coders@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders

Re: NET-SNMP version: 5.7.3 and IPv6

[Simon Chamlian]

I got the Ipv6 working finally with SNMP v3. I had to add:
agentaddress udp:161
agentaddress udp6:161

in snmpd.conf.


Now the problem is SNMPv2 that does not work with IPv6.

I added:
 rocommunity6 public
 rwcommunity6 private

but these tokens are not recognized:
./snmpd.conf: line 12: Warning: Unknown token: rocommunity6.
./snmpd.conf: line 13: Warning: Unknown token: rwcommunity6.

Any hint will be much appreciated.

Simon










On Tue, Jan 16, 2018 at 4:54 PM, Bill Fenner  wrote:

> Simon,
>
> Can you try with global addresses? I wouldn't be horribly surprised if
> scope zones were not supported properly.  (Global v6 addresses have worked
> for me in net-snmp for years.)
>
>   Bill
>
>
> On Mon, Jan 15, 2018 at 2:37 PM, Simon Chamlian 
> wrote:
>
>> Hi,
>>
>> Just recompiled the agent by enabling IPv6 (  --enable-ipv6).
>>
>> The agent is working fine but don't seem to be able to use IPv6.
>>
>> Example:
>>
>> # snmpget -v 3 -u Admin -a MD5 -A Admin-00 -l authNoPriv 172.27.42.199
>> MPBC-1RU-MIB::mpbc1RUNEID.0 -Oqv
>> "TestNew"
>>
>> works fine.
>>
>>
>> In Ipv6:
>>
>> # snmpget -v 3 -u Admin -a MD5 -A Admin-00 -l authNoPriv
>> udp6:'[fe80::6eff:beff:fe02:d0%eth0]':161 MPBC-1RU-MIB::mpbc1RUNEID.0
>> -Oqv
>> snmpget: Timeout
>>
>> I also tried without the port
>> # snmpget -v 3 -u Admin -a MD5 -A Admin-00 -l authNoPriv
>> udp6:'[fe80::6eff:beff:fe02:d0%eth0]' MPBC-1RU-MIB::mpbc1RUNEID.0 -Oqv
>> snmpget: Timeout
>>
>>
>> Gives me timeout. What am I doing wrong? Do I need any special
>> instructions in snmpd.conf file?
>>
>> Note that when I launch the agent, I get the following error message in
>> the log:
>> Error opening specified endpoint ""
>> Server Exiting with code 1
>>
>> But the agent works fine with IPv4.
>>
>> Thanks,
>> S
>>
>>
>> 
>> --
>> Check out the vibrant tech community on one of the world's most
>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>> ___
>> Net-snmp-coders mailing list
>> Net-snmp-coders@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
>>
>>
>
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
Net-snmp-coders mailing list
Net-snmp-coders@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders

Re: Adding description within trap PDU

[Simon Chamlian]

Never mind,

I found the answer. Yes it can by adding a '-s "some text".

Thanks,
S


On Mon, Jan 15, 2018 at 2:16 PM, Simon Chamlian 
wrote:

> Hi,
>
> Is it possible to add a description within a trap (either v2 or v3)?
>
> for example:
> snmptrap -v 2c -c public 172.27.37.227  "" coldStart.0
> snmptrap -v 3 -u Admin -a MD5 -A Admin-00 -l authNoPriv 172.27.37.227 ""
> coldStart.0
>
> Is there an way to add a descriptive text?
>
> As far as I know, the answer is no but would like to confirm.
>
> Thanks,
> S
>
>
>
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
Net-snmp-coders mailing list
Net-snmp-coders@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders

Adding description within trap PDU

[Simon Chamlian]

Hi,

Is it possible to add a description within a trap (either v2 or v3)?

for example:
snmptrap -v 2c -c public 172.27.37.227  "" coldStart.0
snmptrap -v 3 -u Admin -a MD5 -A Admin-00 -l authNoPriv 172.27.37.227 ""
coldStart.0

Is there an way to add a descriptive text?

As far as I know, the answer is no but would like to confirm.

Thanks,
S
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
Net-snmp-coders mailing list
Net-snmp-coders@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders

NET-SNMP version: 5.7.3 and IPv6

[Simon Chamlian]

Hi,

Just recompiled the agent by enabling IPv6 (  --enable-ipv6).

The agent is working fine but don't seem to be able to use IPv6.

Example:

# snmpget -v 3 -u Admin -a MD5 -A Admin-00 -l authNoPriv 172.27.42.199
MPBC-1RU-MIB::mpbc1RUNEID.0 -Oqv
"TestNew"

works fine.


In Ipv6:

# snmpget -v 3 -u Admin -a MD5 -A Admin-00 -l authNoPriv
udp6:'[fe80::6eff:beff:fe02:d0%eth0]':161 MPBC-1RU-MIB::mpbc1RUNEID.0 -Oqv
snmpget: Timeout

I also tried without the port
# snmpget -v 3 -u Admin -a MD5 -A Admin-00 -l authNoPriv
udp6:'[fe80::6eff:beff:fe02:d0%eth0]' MPBC-1RU-MIB::mpbc1RUNEID.0 -Oqv
snmpget: Timeout


Gives me timeout. What am I doing wrong? Do I need any special instructions
in snmpd.conf file?

Note that when I launch the agent, I get the following error message in the
log:
Error opening specified endpoint ""
Server Exiting with code 1

But the agent works fine with IPv4.

Thanks,
S
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
Net-snmp-coders mailing list
Net-snmp-coders@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders

where the PDU came from?

[Simon Chamlian]

Greetings,

I know this has been discussed with no solution:

https://sourceforge.net/p/net-snmp/mailman/message/14061653/

but I need to know where the PDU came from (the IP address of the manager
station where the SNMP-GET PDU came) in the agent.

Reason is I have a requirement to restrict access to the agent by IP
address.

For snmp v1/v2, it can easily be done by modifying the snmpd.cong file:

# rocommunity: SNMPv1/SNMPv2c read-only access
rocommunity  public  178.27.37.186
rocommunity  public  178.27.37.227

There seem to be noway to do it for snmp v3 by snmpd.cong file.

Therefore, in the agent code,I would like to catch theIP address of sender.

Thanks,
SVC
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
Net-snmp-coders mailing list
Net-snmp-coders@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders