CVSROOT: /cvs Module name: src Changes by: mart...@cvs.openbsd.org 2021/08/09 12:14:53
Modified files: usr.sbin/snmpd : parse.y snmpd.c snmpd.conf.5 snmpd.h snmpe.c util.c Log message: Allow setting the engineid. The previous engineid was based aronud the engine boottime and a random value, which gives problems when sending/receiving unacknowledged PDUs (trapv2) over SNMPv3 with authentication enabled, which need a consistent engineid across restarts to determine the correct user from the sender. The new default engineid takes a sha256 hash (chosen for its longer output) of gethostname(3) and places the first 27 bytes after the new format number 129. This should give us a very low probability of collisions, assuming all machines have a unique name. The other formats as specified in SNMP-FRAMEWORK-MIB (RFC3411) are also supported as well as arbitrary formats in the range 128-255 for other private enterprise numbers in hex format. OK jmatthew@