[uClinux-dev] RE: net-snmp 5.2.1 trapsess problem

Thu, 17 May 2007 10:29:23 -0700 

Hello Jay,
We have v3 traps working on our system (IXP425, snapgear-3.3.0 distro. 2.4 kernel). Here is a patch that we needed for v3 traps. Although I didn't develop the patch, the comments indicate that they are needed for trapsess. The patch also includes a few more changes which the comments describe. 


I've also included the configuration files that we use for snmpd.  The 
trap types we are using are cold start, link up, link down and auth.


Brian
-----

# snmpd --version

NET-SNMP version:  5.2.1
Web:               http://www.net-snmp.org/
Email:             [EMAIL PROTECTED]

#
# cat snmp.conf
defVersion 1
#
#
# cat snmpd.conf
ewn_trapagentaddress 10.10.10.113
rocommunity public
trapsink 192.168.6.105 public
createUser public MD5 "password" DES "password"
rouser public authnopriv

trapsess -v 3 -u public -l authnopriv -n brian -a MD5 -A password 
192.168.6.105:162

authtrapenable 1
agentSecName internal
rouser internal

notificationEvent  linkUpTrap    .1.3.6.1.6.3.1.1.5.4 
.1.3.6.1.2.1.2.2.1.1 .1.3.6.1.2.1.2

.2.1.7 .1.3.6.1.2.1.2.2.1.8

notificationEvent  linkDownTrap  .1.3.6.1.6.3.1.1.5.3 
.1.3.6.1.2.1.2.2.1.1 .1.3.6.1.2.1.2

.2.1.7 .1.3.6.1.2.1.2.2.1.8
monitor -r 10 -e linkUpTrap   "Generate linkUp"   .1.3.6.1.2.1.2.2.1.8 != 2
monitor -r 10 -e linkDownTrap "Generate linkDown" .1.3.6.1.2.1.2.2.1.8 == 2
#
#
-----

--- net-snmp/Makefile.in        2006-07-19 17:11:53.000000000 -0700
+++ net-snmp-new/Makefile.in    2006-07-19 17:08:30.000000000 -0700
@@ -320,3 +320,11 @@

 .PHONY: docs docsdir mancp testdirs test TAGS
 # note: tags and docs are phony to force rebulding
+
+# [EMAIL PROTECTED] - for snapgear build of romfs
+#
+.PHONY: romfs
+romfs:
+       for i in $(SUBDIRS) ; do \
+       $(MAKE) -C $$i romfs || exit $?; \
+       done
--- net-snmp/agent/snmp_agent.c 2006-07-19 17:49:52.000000000 -0700
+++ net-snmp-new/agent/snmp_agent.c     2006-07-19 17:10:00.000000000 -0700
@@ -1152,10 +1152,22 @@
         /*
          * No, so just specify the default port.
          */
+
+        /* [EMAIL PROTECTED]

+         *   fixing the bug in net-snmp 5.0.9, use def_port if 
agent_port undefined

+         * [EMAIL PROTECTED]
+         *   ported bug fix forward to 5.2.rc3
+         */
+        unsigned short def_port;

+        if( netsnmp_ds_get_int(NETSNMP_DS_LIBRARY_ID, 
NETSNMP_DS_LIB_DEFAULT_PORT) > 0  )
+            def_port = netsnmp_ds_get_int(NETSNMP_DS_LIBRARY_ID, 
NETSNMP_DS_LIB_DEFAULT_PORT);

+        else
+            def_port = SNMP_PORT;
+

         if (netsnmp_ds_get_int(NETSNMP_DS_APPLICATION_ID, 
NETSNMP_DS_AGENT_FLAGS) & SNMP_FLAGS_STREAM_SOCKET) {

-            sprintf(buf, "tcp:%d", SNMP_PORT);
+            sprintf(buf, "tcp:%d", def_port);
         } else {
-            sprintf(buf, "udp:%d", SNMP_PORT);
+            sprintf(buf, "udp:%d", def_port);
         }
     }

--- net-snmp/configure  2006-07-19 17:12:43.000000000 -0700
+++ net-snmp-new/configure      2006-07-19 17:10:38.000000000 -0700
@@ -2209,8 +2209,8 @@
     elif test -d "$withval"; then

   if test "x$withval" != x -a -d $withval; then
-     if test -d $withval/lib; then
-       LDFLAGS="-L$withval/lib $LDFLAGS"
+     if test -d $withval; then
+       LDFLAGS="-L$withval $LDFLAGS"
      fi
      if test -d $withval/include; then
        CPPFLAGS="-I$withval/include $CPPFLAGS"
@@ -10195,7 +10195,7 @@
 fi

 SNMPCONFPATH=""
-tmpset="$sysconfdir/snmp"
+tmpset="$sysconfdir"
 while test "x$tmpset" != "x$SNMPCONFPATH"; do
   SNMPCONFPATH="$tmpset"
   eval tmpset="$tmpset"
@@ -18983,7 +18983,7 @@




-for ac_header in sys/conf.h netinet/in_systm.h netinet/tcp.h 
netinet/udp.h netinet/in_var.h netinet/if_ether.h netinet/ip_var.h 
netinet/tcp_timer.h netinet/tcp_var.h netinet/tcp_fsm.h 
netinet/udp_var.h netinet/icmp_var.h sys/protosw.h nlist.h ioctls.h 
asm/page.h netipx/ipx.h
+for ac_header in sys/conf.h netinet/in_systm.h netinet/tcp.h 
netinet/udp.h netinet/in_var.h netinet/if_ether.h netinet/ip_var.h 
netinet/tcp_timer.h netinet/tcp_var.h netinet/tcp_fsm.h 
netinet/udp_var.h netinet/icmp_var.h sys/protosw.h ppoop_nlist.h 
ioctls.h asm/page.h netipx/ipx.h

 do
 as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
 if eval "test \"\${$as_ac_Header+set}\" = set"; then
--- net-snmp/snmpCallbackDomain.c       2006-07-19 17:12:58.000000000 -0700

+++ net-snmp-new/snmplib/snmpCallbackDomain.c   2006-07-19 
17:11:19.000000000 -0700

@@ -386,11 +386,51 @@
     mydata->data = NULL;
     t->data = mydata;

+    /* Sun Dec 19 23:37:54 MST 2004 <[EMAIL PROTECTED]>
+     *
+     * The following hack allows the callback transport to work
+     * correctly when the snmpd is run without stdout or stderr open,
+     * for example from init as a daemon.  This is needed for the
+     * trapsess directive to send snmpv3 encrypted traps, for example.
+     *
+     * The pipe fds can be equal to stdout and stderr.  Ideally, this
+     * shouldn't be a problem, but somewhere in the deamon some code
+     * is erroneously writing to stdout and/or stderr.  This causes
+     * the first callback transport constructed (the master) to
+     * erroneously receive pdus that are never actually sent to it.
+     *
+     * It would be best to track down the errant code which doesn't
+     * appropriately handle write errors, but in the mean time, this
+     * hack attempts to open a pipe which is not in the range of
+     * stdin, stdout, or stderr.
+     */
+    {
+        int tfds[2];
+
+#ifdef WIN32
+        rc = create_winpipe_transport( tfds );
+#else
+        rc = pipe( tfds );
+#endif
+
+        if( ! rc )
+            if( tfds[0] < 3 || tfds[1] < 3 )
+            {
 #ifdef WIN32
-    rc = create_winpipe_transport(mydata->pipefds);
+                rc = create_winpipe_transport(mydata->pipefds);
 #else
-    rc = pipe(mydata->pipefds);
+                rc = pipe(mydata->pipefds);
 #endif
+                close( tfds[0] );
+                close( tfds[1] );
+            }
+            else
+            {
+                mydata->pipefds[0] = tfds[0];
+                mydata->pipefds[1] = tfds[1];
+            }
+    }
+
     t->sock = mydata->pipefds[0];

     if (rc) {
@@ -408,12 +448,12 @@
     netsnmp_transport_add_to_list(&trlist, t);

     if (to)
-        DEBUGMSGTL(("transport_callback", "initialized %d linked to %d\n",
-                    mydata->callback_num, to));

+        DEBUGMSGTL(("transport_callback", "initialized %d linked to %d 
pipe fds[%d,%d]\n",
+                    mydata->callback_num, to, mydata->pipefds[0], 
mydata->pipefds[1] ));

     else
         DEBUGMSGTL(("transport_callback",
-                    "initialized master listening on %d\n",
-                    mydata->callback_num));
+                    "initialized master listening on %d pipe fds[%d,%d]\n",

+                    mydata->callback_num, mydata->pipefds[0], 
mydata->pipefds[1] ));

     return t;
 }

@@ -471,7 +511,10 @@
         callback_pop_queue(((netsnmp_callback_info *) transport->data)->
                            callback_num);
     if (!cp)
+    {
+        DEBUGMSGTL(("transport_callback", "no pdu found\n"));
         return NULL;
+    }
     pdu = cp->pdu;
     pdu->transport_data = opaque;
     pdu->transport_data_length = olength;






Jay Kidd wrote:

Has anyone experienced a problem parsing the trapsess line in the
snmpd.conf file using net-snmp 5.2.1? I get the following error
"snmpd-trapsess: illegal option -- o". The file is read from a jffs2
file system and the 'o' arguments does not appear when I turn on the
debug messages.

Thanks,
Jay Kidd



_______________________________________________
uClinux-dev mailing list
[email protected]
http://mailman.uclinux.org/mailman/listinfo/uclinux-dev
This message was resent by [email protected]
To unsubscribe see:
http://mailman.uclinux.org/mailman/options/uclinux-dev














    











					Reply via email to