CVSROOT:        /cvs
Module name:    src
Changes by:     mart...@cvs.openbsd.org 2021/08/09 12:14:53

Modified files:
        usr.sbin/snmpd : parse.y snmpd.c snmpd.conf.5 snmpd.h snmpe.c 
                         util.c 

Log message:
Allow setting the engineid.

The previous engineid was based aronud the engine boottime and a random
value, which gives problems when sending/receiving unacknowledged PDUs
(trapv2) over SNMPv3 with authentication enabled, which need a consistent
engineid across restarts to determine the correct user from the sender.

The new default engineid takes a sha256 hash (chosen for its longer output)
of gethostname(3) and places the first 27 bytes after the new format number
129. This should give us a very low probability of collisions, assuming
all machines have a unique name.

The other formats as specified in SNMP-FRAMEWORK-MIB (RFC3411) are also
supported as well as arbitrary formats in the range 128-255 for other
private enterprise numbers in hex format.

OK jmatthew@

Reply via email to