Hi Thierry,
Your singleton factory method is NOT thread safe. This could create issues and
need to be fixed.
Anything else does not seem to be a real issue with SNMP.
The notInTimeWindow report is normal when two SNMPv3 entities
exchange messages for the first time (the time needs to be synchronised).
Best regards,
Frank
> On 23 Sep 2016, at 15:57, TESSALONIKOS, THIERRY
> <thierry.tessaloni...@atos.net> wrote:
>
> Hi,
>
> I need to use SNMP4J API in multi-threading design, because I must send 2
> snmp set in parallel toward 2 Network Elements for sending them a parameters…
>
> So, I have a main thread that initialize the SNMP4J API, with a singleton
> like this :
>
> public class SNMP4JInitialize implements SNMPEngineInitInterface{
>
> // properties SNMP4J
> private static SNMP4JInitialize snmp4JInitializeInstance;
> private static TransportMapping transport;
> private static Snmp snmp;
> private static USM usm;
> private static OctetString localEngineID;
>
>
> private SNMP4JInitialize() throws IOException {
>
> // Intialisation SNMP4J
> transport = new DefaultUdpTransportMapping(); //@TODO utiliser un
> autre constructeur pour positionner adresse IP d'écoute
> snmp = new Snmp(transport);
> localEngineID = new OctetString(MPv3.createLocalEngineID());
> usm = new USM(SecurityProtocols.getInstance(), localEngineID, 0);
> SecurityModels.getInstance().addSecurityModel(usm);
> SecurityProtocols.getInstance().addPrivacyProtocol(new
> PrivAES256With3DESKeyExtension());
> transport.listen();
> // Instanaciation de la classe qui gere les UsmUer automatiquement à
> partir des MAJ JMS envoyées par l'appli JEE
>
> OctetString securityName1 = new OctetString("toto");
> UsmUser usmUser1 = new UsmUser(securityName1, // securityName
> AuthMD5.ID, // authenticationProtocol
> new OctetString("toto123456"), // authenticationPassphrase
> PrivAES128.ID, // privacyProtocol
> new OctetString("toto123456")); // privacyPassphrase
> snmp.getUSM().addUser(usmUser1);
>
>
> OctetString securityName2 = new OctetString("titi");
> UsmUser usmUser2 = new UsmUser(securityName2, // securityName
> AuthSHA.ID, // authenticationProtocol
> new OctetString("toto123456"), // authenticationPassphrase
> PrivAES256With3DESKeyExtension.ID, // privacyProtocol
> //PrivAES256.ID, // privacyProtocol
> new OctetString("toto123456")); // privacyPassphrase
> snmp.getUSM().addUser(usmUser2);
> }
>
> public static Snmp getSnmp() {
> return snmp;
> }
>
> public static SNMP4JInitialize getInstance() throws IOException,
> Exception {
>
> if (snmp4JInitializeInstance == null) {
> snmp4JInitializeInstance = new SNMP4JInitialize();
> }
> return (snmp4JInitializeInstance);
> }
> }
>
> And after I launch 2 thread in parallel (from a thread pool, managed by
> ExecutorService class…)
>
> Each thread create a new UserTarget and getSNMP instance from the
> Initialization Singleton, and send the PDU with snmp.send(pdu, target) like
> this :
>
> public class SNMP4JRequestSender implements SNMPModuleSenderInterface {
>
> public RequestTaskStatus sendsnmpv3Request(RequestTaskStatus
> requestTaskStatus, RequestTaskSNMP requestTaskSNMP) throws IOException {
>
> final Address targetAddress =
> GenericAddress.parse(requestTaskSNMP.getSnmpTargetURL());
>
> // create the target
> UserTarget target = new UserTarget();
> target.setAddress(targetAddress);
> target.setRetries(requestTaskSNMP.getRetry());
> target.setTimeout(requestTaskSNMP.getTimout());
> target.setVersion(SnmpConstants.version3);
> target.setSecurityLevel(SecurityLevel.AUTH_PRIV);
> target.setSecurityName(requestTaskSNMP.getSecurityName()); // The
> same name used for usmUser
>
> //create the PDU
> ScopedPDU pdu = new ScopedPDU();
>
> List<VariableBinding> variableBindings = requestTaskSNMP.getOids();
>
> if ((variableBindings == null) || (variableBindings.isEmpty())) {
> requestTaskStatus.setResultStatus(GeneralResultStatusEnum.Failed);
>
> requestTaskStatus.setReasonStatus(ReasonStatusEnum.NoOIDinSNMPRequest);
> return (requestTaskStatus);
> }
> for (VariableBinding variableBinding : variableBindings) {
> pdu.add(variableBinding);
> }
>
> pdu.setType(requestTaskSNMP.getPDUType());
>
> // send the PDU
> final ResponseEvent response = SNMP4JInitialize.getSnmp().send(pdu,
> target);
>
> // extract the response PDU (could be null if timed out)
> final PDU responsePDU = response.getResponse();
>
> if (responsePDU == null) {
> requestTaskStatus.setResultStatus(GeneralResultStatusEnum.Failed);
>
> requestTaskStatus.setReasonStatus(ReasonStatusEnum.NoResponseFromNetworkElement);
>
> }
> return (requestTaskStatus);
> }
> }
>
> Is this design is correct or supported with SNMP4J API ? (thread safe, …).
>
> It seems work well when I launch in parallel the 2 thread for sending 2 snmp
> request toward to different IP address target.
>
> But when I launch the 2 thread toward the same IP address (but each thread
> use its own instance of UserTarget, but with the same IP) a have the
> following error only for the second request :
> org.snmp4j.MessageException : Operation not permitted
> In this context, I observe with wireshark that the targets responds with SNMP
> Report : usmStatsNotInTimeWindows.0 but at my class SNMP4JInitalize is a
> Singleton, I do not recreate new instances of snmp() class or I do not reinit
> the EngineID…
>
> I have this problem only one time, at the first run, I a second run I do not
> have any error. Is usmStatsNotInTimeWindows.0 is normal the first time for
> initializing the global instance of EngineID ?
>
>
> Wireshark trace with iptable permit all (iptables –F) :
> No. Time Source Destination
> Protocol Length Info
> 1 2016-09-23 13:26:35.033849965 192.168.1.3 192.168.1.4
> SNMP 103 get-request
> 2 2016-09-23 13:26:35.034764515 192.168.1.4 192.168.1.3
> SNMP 141 report SNMP-USER-BASED-SM-MIB::usmStatsUnknownEngineIDs.0
> 3 2016-09-23 13:26:35.214557739 192.168.1.3 192.168.1.4
> SNMP 180 get-request
> SNMPv2-SMI::enterprises.7483.2.2.4.3.4.190.1.3.16975104
> 4 2016-09-23 13:26:35.215829657 192.168.1.4 192.168.1.3
> SNMP 157 report SNMP-USER-BASED-SM-MIB::usmStatsNotInTimeWindows.0
> 5 2016-09-23 13:26:35.216503803 192.168.1.3 192.168.1.4
> SNMP 181 get-request
> SNMPv2-SMI::enterprises.7483.2.2.4.3.4.190.1.3.16975104
> 6 2016-09-23 13:26:35.218085613 192.168.1.4 192.168.1.3
> SNMP 185 get-response
> SNMPv2-SMI::enterprises.7483.2.2.4.3.4.190.1.3.16975104
> 7 2016-09-23 13:26:40.037023750 192.168.1.3 192.168.1.4
> SNMP 181 get-request
> SNMPv2-SMI::enterprises.7483.2.2.4.3.4.190.1.3.16974080
> 8 2016-09-23 13:26:40.043708644 192.168.1.4 192.168.1.3
> SNMP 185 get-response
> SNMPv2-SMI::enterprises.7483.2.2.4.3.4.190.1.3.16974080
>
> SNMP4J do not receive : get-response
> SNMPv2-SMI::enterprises.7483.2.2.4.3.4.190.1.3.16974080 and instead :
> org.snmp4j.MessageException : Operation not permitted.
>
> I also observe that the response from the second target is OK, but seems to
> be blocked by iptable. But my iptable permit all. So, when I completely stop
> the firewalld, this works with no error, but in observe SNMP Report :
> usmStatsNotInTimeWindows.0 only for the 2 first request :
>
> Wirewhark trace without firewalld : no error SNMP4J but Report :
> usmStatsNotInTimeWindows.0
>
> No. Time Source Destination
> Protocol Length Info
> 1 2016-09-23 13:41:22.582650149 192.168.1.3 192.168.1.4
> SNMP 103 get-request
> 2 2016-09-23 13:41:22.582658266 192.168.1.3 192.168.1.4
> SNMP 103 get-request
> 3 2016-09-23 13:41:22.583463629 192.168.1.4 192.168.1.3
> SNMP 141 report SNMP-USER-BASED-SM-MIB::usmStatsUnknownEngineIDs.0
> 4 2016-09-23 13:41:22.583987192 192.168.1.4 192.168.1.3
> SNMP 141 report SNMP-USER-BASED-SM-MIB::usmStatsUnknownEngineIDs.0
> 5 2016-09-23 13:41:22.745228783 192.168.1.3 192.168.1.4
> SNMP 180 get-request
> SNMPv2-SMI::enterprises.7483.2.2.4.3.4.190.1.3.16974080
> 6 2016-09-23 13:41:22.745775804 192.168.1.3 192.168.1.4
> SNMP 180 get-request
> SNMPv2-SMI::enterprises.7483.2.2.4.3.4.190.1.3.16975104
> 7 2016-09-23 13:41:22.746921812 192.168.1.4 192.168.1.3
> SNMP 157 report SNMP-USER-BASED-SM-MIB::usmStatsNotInTimeWindows.0
> 8 2016-09-23 13:41:22.747486766 192.168.1.3 192.168.1.4
> SNMP 181 get-request
> SNMPv2-SMI::enterprises.7483.2.2.4.3.4.190.1.3.16974080
> 9 2016-09-23 13:41:22.747921357 192.168.1.4 192.168.1.3
> SNMP 157 report SNMP-USER-BASED-SM-MIB::usmStatsNotInTimeWindows.0
> 10 2016-09-23 13:41:22.748393948 192.168.1.3 192.168.1.4
> SNMP 181 get-request
> SNMPv2-SMI::enterprises.7483.2.2.4.3.4.190.1.3.16975104
> 11 2016-09-23 13:41:22.749550684 192.168.1.4 192.168.1.3
> SNMP 185 get-response
> SNMPv2-SMI::enterprises.7483.2.2.4.3.4.190.1.3.16974080
> 12 2016-09-23 13:41:22.750722158 192.168.1.4 192.168.1.3
> SNMP 185 get-response
> SNMPv2-SMI::enterprises.7483.2.2.4.3.4.190.1.3.16975104
>
> Is the error org.snmp4j.MessageException : Operation not permitted is because
> of my multi-thread design or because of Linux environment firewall ?
>
> Is it normal to have report
> SNMP-USER-BASED-SM-MIB::usmStatsNotInTimeWindows.0 at the first time or is
> because of my multi-thread design ?
>
> So we I launch a lot of request like in the same execution program, I have at
> each time, the first time report
> SNMP-USER-BASED-SM-MIB::usmStatsNotInTimeWindows.0, and the other
> request/response are normal like this :
>
> No. Time Source Destination
> Protocol Length Info
> 1 2016-09-23 13:32:50.405161233 192.168.1.3 192.168.1.4
> SNMP 181 get-request
> SNMPv2-SMI::enterprises.7483.2.2.4.3.4.190.1.3.16975104
> 2 2016-09-23 13:32:50.405629005 192.168.1.3 192.168.1.4
> SNMP 181 get-request
> SNMPv2-SMI::enterprises.7483.2.2.4.3.4.190.1.3.16974080
> 3 2016-09-23 13:32:50.406982591 192.168.1.4 192.168.1.3
> SNMP 185 get-response
> SNMPv2-SMI::enterprises.7483.2.2.4.3.4.190.1.3.16975104
> 4 2016-09-23 13:32:50.408058738 192.168.1.4 192.168.1.3
> SNMP 185 get-response
> SNMPv2-SMI::enterprises.7483.2.2.4.3.4.190.1.3.16974080
>
> Thank you for your help/opinion (multi-thread design problem or linux
> firewalling problem or else ) ?
>
> Best Regards,
> Thierry TESSALONIKOS
_______________________________________________
SNMP4J mailing list
SNMP4J@agentpp.org
https://oosnmp.net/mailman/listinfo/snmp4j
