The following diff adds support for listening multiple addresses (thus
for dual-stack setups). Multiple "listen on" settings are allowed, the
default is to listen on 0.0.0.0 and :: (currently, only 0.0.0.0).
A single "listen on hostname" line arbitrarily supports up to 16
addresses.
It also tweaks the host*() functions so that addresses are used in the
order where they are resolved*. This affects bind addresses, but also
"trap receiver" addresses. So in "trap receiver hostname", if hostname
resolves to both an IPv4 and an IPv6 address, the address that is picked
up respects the order defined by the "family" keyword in resolv.conf.
This *could* break existing setups.
Feedback and oks welcome,
* httpd, relayd and ldapd might also benefit from such a change
Index: control.c
===================================================================
RCS file: /d/cvs/src/usr.sbin/snmpd/control.c,v
retrieving revision 1.39
diff -u -p -r1.39 control.c
--- control.c 2 Sep 2016 13:28:36 -0000 1.39
+++ control.c 9 Nov 2016 23:09:28 -0000
@@ -592,7 +592,7 @@ control_dispatch_agentx(int fd, short ev
}
}
dispatch:
- snmpe_dispatchmsg(msg);
+ snmpe_dispatchmsg(msg, fd);
break;
}
Index: parse.y
===================================================================
RCS file: /d/cvs/src/usr.sbin/snmpd/parse.y,v
retrieving revision 1.40
diff -u -p -r1.40 parse.y
--- parse.y 9 Nov 2016 20:31:56 -0000 1.40
+++ parse.y 9 Nov 2016 23:31:13 -0000
@@ -198,25 +198,13 @@ yesno : STRING {
;
main : LISTEN ON STRING {
- struct addresslist al;
- struct address *h;
-
- TAILQ_INIT(&al);
- if (host($3, &al, 1, SNMPD_PORT, NULL, NULL, NULL)
- <= 0) {
+ if (host($3, &conf->sc_addresses, 16, SNMPD_PORT, NULL,
+ NULL, NULL) <= 0) {
yyerror("invalid ip address: %s", $3);
free($3);
YYERROR;
}
free($3);
- h = TAILQ_FIRST(&al);
- bcopy(&h->ss, &conf->sc_address.ss, sizeof(*h));
- conf->sc_address.port = h->port;
-
- while ((h = TAILQ_FIRST(&al)) != NULL) {
- TAILQ_REMOVE(&al, h, entry);
- free(h);
- }
}
| READONLY COMMUNITY STRING {
if (strlcpy(conf->sc_rdcommunity, $3,
@@ -989,8 +977,7 @@ parse_config(const char *filename, u_int
conf->sc_flags = flags;
conf->sc_confpath = filename;
- conf->sc_address.ss.ss_family = AF_INET;
- conf->sc_address.port = SNMPD_PORT;
+ TAILQ_INIT(&conf->sc_addresses);
conf->sc_ps.ps_csock.cs_name = SNMPD_SOCKET;
TAILQ_INIT(&conf->sc_ps.ps_rcsocks);
strlcpy(conf->sc_rdcommunity, "public", SNMPD_MAXCOMMUNITYLEN);
@@ -1011,6 +998,22 @@ parse_config(const char *filename, u_int
endservent();
+ if (TAILQ_EMPTY(&conf->sc_addresses)) {
+ struct address *h;
+ h = calloc(1, sizeof(*h));
+ if (h == NULL)
+ fatal("snmpe: %s", __func__);
+ h->ss.ss_family = AF_INET;
+ h->port = SNMPD_PORT;
+ TAILQ_INSERT_TAIL(&conf->sc_addresses, h, entry);
+ h = calloc(1, sizeof(*h));
+ if (h == NULL)
+ fatal("snmpe: %s", __func__);
+ h->ss.ss_family = AF_INET6;
+ h->port = SNMPD_PORT;
+ TAILQ_INSERT_TAIL(&conf->sc_addresses, h, entry);
+ }
+
/* Free macros and check which have not been used. */
for (sym = TAILQ_FIRST(&symhead); sym != NULL; sym = next) {
next = TAILQ_NEXT(sym, entry);
@@ -1215,7 +1218,7 @@ host_dns(const char *s, struct addressli
h->sa_srcaddr = src;
- TAILQ_INSERT_HEAD(al, h, entry);
+ TAILQ_INSERT_TAIL(al, h, entry);
cnt++;
}
if (cnt == max && res) {
@@ -1262,7 +1265,7 @@ host(const char *s, struct addresslist *
}
h->sa_srcaddr = src;
- TAILQ_INSERT_HEAD(al, h, entry);
+ TAILQ_INSERT_TAIL(al, h, entry);
return (1);
}
Index: snmpd.h
===================================================================
RCS file: /d/cvs/src/usr.sbin/snmpd/snmpd.h,v
retrieving revision 1.72
diff -u -p -r1.72 snmpd.h
--- snmpd.h 9 Nov 2016 20:31:56 -0000 1.72
+++ snmpd.h 9 Nov 2016 23:09:28 -0000
@@ -518,6 +518,18 @@ struct address {
};
TAILQ_HEAD(addresslist, address);
+struct sock {
+ int fd;
+ TAILQ_ENTRY(sock) entry;
+};
+TAILQ_HEAD(socklist, sock);
+
+struct evnode {
+ struct event event;
+ TAILQ_ENTRY(evnode) entry;
+};
+TAILQ_HEAD(eventlist, evnode);
+
enum usmauth {
AUTH_NONE = 0,
AUTH_MD5, /* HMAC-MD5-96, RFC3414 */
@@ -556,9 +568,7 @@ struct snmpd {
#define SNMPD_F_NONAMES 0x02
const char *sc_confpath;
- struct address sc_address;
- int sc_sock;
- struct event sc_ev;
+ struct addresslist sc_addresses;
struct timeval sc_starttime;
u_int32_t sc_engine_boots;
@@ -652,7 +662,7 @@ struct kif_arp *karp_getaddr(struct sock
/* snmpe.c */
void snmpe(struct privsep *, struct privsep_proc *);
void snmpe_shutdown(void);
-void snmpe_dispatchmsg(struct snmp_message *);
+void snmpe_dispatchmsg(struct snmp_message *, int);
/* trap.c */
void trap_init(void);
Index: snmpe.c
===================================================================
RCS file: /d/cvs/src/usr.sbin/snmpd/snmpe.c,v
retrieving revision 1.45
diff -u -p -r1.45 snmpe.c
--- snmpe.c 9 Nov 2016 20:31:56 -0000 1.45
+++ snmpe.c 9 Nov 2016 23:09:28 -0000
@@ -53,6 +53,8 @@ int snmpe_encode(struct snmp_message *)
void snmp_msgfree(struct snmp_message *);
struct imsgev *iev_parent;
+struct socklist snmpesocks;
+struct eventlist snmpeevents;
static struct privsep_proc procs[] = {
{ "parent", PROC_PARENT, snmpe_dispatch_parent }
@@ -62,6 +64,8 @@ void
snmpe(struct privsep *ps, struct privsep_proc *p)
{
struct snmpd *env = ps->ps_env;
+ struct address *h;
+ struct sock *so;
#ifdef DEBUG
char buf[BUFSIZ];
struct oid *oid;
@@ -74,9 +78,18 @@ snmpe(struct privsep *ps, struct privsep
}
#endif
- /* bind SNMP UDP socket */
- if ((env->sc_sock = snmpe_bind(&env->sc_address)) == -1)
- fatalx("snmpe: failed to bind SNMP UDP socket");
+ TAILQ_INIT(&snmpesocks);
+
+ /* bind SNMP UDP sockets */
+ TAILQ_FOREACH(h, &env->sc_addresses, entry) {
+ so = calloc(1, sizeof(*so));
+ if (so == NULL)
+ fatal("snmpe: %s", __func__);
+ so->fd = snmpe_bind(h);
+ if (so->fd == -1)
+ fatal("snmpe: failed to bind SNMP UDP socket");
+ TAILQ_INSERT_TAIL(&snmpesocks, so, entry);
+ }
proc_run(ps, p, procs, nitems(procs), snmpe_init, NULL);
}
@@ -86,16 +99,26 @@ void
snmpe_init(struct privsep *ps, struct privsep_proc *p, void *arg)
{
struct snmpd *env = ps->ps_env;
+ struct sock *so;
+ struct evnode *ev;
kr_init();
trap_init();
timer_init();
usm_generate_keys();
+ TAILQ_INIT(&snmpeevents);
+
/* listen for incoming SNMP UDP messages */
- event_set(&env->sc_ev, env->sc_sock, EV_READ|EV_PERSIST,
- snmpe_recvmsg, env);
- event_add(&env->sc_ev, NULL);
+ TAILQ_FOREACH(so, &snmpesocks, entry) {
+ ev = calloc(1, sizeof(*ev));
+ if (ev == NULL)
+ fatal("%s", __func__);
+ event_set(&ev->event, so->fd, EV_READ|EV_PERSIST,
+ snmpe_recvmsg, env);
+ event_add(&ev->event, NULL);
+ TAILQ_INSERT_TAIL(&snmpeevents, ev, entry);
+ }
}
void
@@ -519,18 +542,18 @@ snmpe_recvmsg(int fd, short sig, void *a
}
}
- snmpe_dispatchmsg(msg);
+ snmpe_dispatchmsg(msg, fd);
}
void
-snmpe_dispatchmsg(struct snmp_message *msg)
+snmpe_dispatchmsg(struct snmp_message *msg, int sock)
{
if (snmpe_parsevarbinds(msg) == 1)
return;
/* not dispatched to subagent; respond directly */
msg->sm_context = SNMP_C_GETRESP;
- snmpe_response(snmpd_env->sc_sock, msg);
+ snmpe_response(sock, msg);
}
void
Index: traphandler.c
===================================================================
RCS file: /d/cvs/src/usr.sbin/snmpd/traphandler.c,v
retrieving revision 1.6
diff -u -p -r1.6 traphandler.c
--- traphandler.c 28 Oct 2016 09:07:08 -0000 1.6
+++ traphandler.c 9 Nov 2016 23:11:55 -0000
@@ -43,9 +43,9 @@
#include "snmpd.h"
#include "mib.h"
-int trapsock;
-struct event trapev;
-char trap_path[PATH_MAX];
+struct socklist trapsocks;
+struct eventlist trapevents;
+char trap_path[PATH_MAX];
void traphandler_init(struct privsep *, struct privsep_proc *, void *arg);
int traphandler_dispatch_parent(int, struct privsep_proc *, struct imsg *);
@@ -76,10 +76,20 @@ void
traphandler(struct privsep *ps, struct privsep_proc *p)
{
struct snmpd *env = ps->ps_env;
+ struct address *h;
+ struct sock *so;
- if (env->sc_traphandler &&
- (trapsock = traphandler_bind(&env->sc_address)) == -1)
- fatal("could not create trap listener socket");
+ TAILQ_INIT(&trapsocks);
+
+ if (env->sc_traphandler) {
+ TAILQ_FOREACH(h, &env->sc_addresses, entry) {
+ so = calloc(1, sizeof(*so));
+ so->fd = traphandler_bind(h);
+ if (so->fd == -1)
+ fatal("could not create trap listener socket");
+ TAILQ_INSERT_TAIL(&trapsocks, so, entry);
+ }
+ }
proc_run(ps, p, procs, nitems(procs), traphandler_init, NULL);
}
@@ -88,20 +98,31 @@ void
traphandler_init(struct privsep *ps, struct privsep_proc *p, void *arg)
{
struct snmpd *env = ps->ps_env;
+ struct sock *so;
+ struct evnode *ev;
+
+ TAILQ_INIT(&trapevents);
if (!env->sc_traphandler)
return;
/* listen for SNMP trap messages */
- event_set(&trapev, trapsock, EV_READ|EV_PERSIST, traphandler_recvmsg,
- ps);
- event_add(&trapev, NULL);
+ TAILQ_FOREACH(so, &trapsocks, entry) {
+ ev = calloc(1, sizeof (*ev));
+ if (ev == NULL)
+ fatal("%s", __func__);
+ event_set(&ev->event, so->fd, EV_READ|EV_PERSIST,
+ traphandler_recvmsg, ps);
+ event_add(&ev->event, NULL);
+ TAILQ_INSERT_TAIL(&trapevents, ev, entry);
+ }
}
int
traphandler_bind(struct address *addr)
{
int s;
+ char buf[512];
if ((s = snmpd_socket_af(&addr->ss, htons(SNMPD_TRAPPORT))) == -1)
return (-1);
@@ -112,6 +133,11 @@ traphandler_bind(struct address *addr)
if (bind(s, (struct sockaddr *)&addr->ss, addr->ss.ss_len) == -1)
goto bad;
+ if (print_host(&addr->ss, buf, sizeof(buf)) == NULL)
+ goto bad;
+
+ log_info("%s: binding to address %s:%d", __func__, buf, SNMPD_TRAPPORT);
+
return (s);
bad:
close (s);
@@ -121,8 +147,14 @@ traphandler_bind(struct address *addr)
void
traphandler_shutdown(void)
{
- event_del(&trapev);
- close(trapsock);
+ struct evnode *ev;
+ struct sock *so;
+
+ TAILQ_FOREACH(ev, &trapevents, entry)
+ event_del(&ev->event);
+
+ TAILQ_FOREACH(so, &trapsocks, entry)
+ close(so->fd);
}
int
--
jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE
