Date: Fri, 4 Jan 2013 16:12:08 GMT From: Paul Guyot <pguyot@kallisys.net> To: freebsd-gnats-submit@FreeBSD.org Subject: bin/174974: bsnmpd SNMPv3 engine discovery is broken Message-ID: <201301041612.r04GC8Qd047459@red.freebsd.org> Resent-Message-ID: <201301041620.r04GK0GM036747@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 174974
>Category: bin
>Synopsis: bsnmpd SNMPv3 engine discovery is broken
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Fri Jan 04 16:20:00 UTC 2013
>Closed-Date:
>Last-Modified:
>Originator: Paul Guyot
>Release: 9.1
>Organization:
Semiocast
>Environment:
FreeBSD serenae.semiocast.net 9.1-RELEASE FreeBSD 9.1-RELEASE #1 r244484M: Thu Dec 20 12:17:24 UTC 2012 root@serenae.semiocast.net:/usr/obj/usr/src/sys/GENERIC amd64
>Description:
bsnmpd apparently does not properly reply to discovery packets.
According to RFC3414 § 4, response to discovery packets should be of REPORT type. Instead, bsnmpd replies with packets of RESPONSE type. As a result, bsnmpd does not work with clients that require a Report PDU (or, more precisely, that validate that Response PDUs match the EngineID of the Request).
bsnmp* clients accept both types of responses and is therefore unaffected.
>How-To-Repeat:
Install net-snmp from ports.
Configure bsnmpd with SNMPv3 authentication.
Try to connect with net-snmp to the bsnmpd server.
>Fix:
Attached patch fixes the problem by using the SNMP_MSG_AUTODISCOVER internal flag of bsnmp. Patch is designed as the minimum change to fix the issue. However, bsnmp implementation obviously does not match the layout of the RFC.
Also, compiling bsnmp with clang reveals several bad issues which should be fixed...
Patch attached with submission follows:
Index: contrib/bsnmp/lib/snmpagent.c
===================================================================
--- contrib/bsnmp/lib/snmpagent.c (revision 245044)
+++ contrib/bsnmp/lib/snmpagent.c (working copy)
@@ -171,7 +171,11 @@
memset(resp, 0, sizeof(*resp));
strcpy(resp->community, pdu->community);
resp->version = pdu->version;
- resp->type = SNMP_PDU_RESPONSE;
+ if (pdu->flags & SNMP_MSG_AUTODISCOVER) {
+ resp->type = SNMP_PDU_REPORT; /* RFC 3414.4 */
+ } else {
+ resp->type = SNMP_PDU_RESPONSE;
+ }
resp->request_id = pdu->request_id;
resp->version = pdu->version;
Index: contrib/bsnmp/snmpd/main.c
===================================================================
--- contrib/bsnmp/snmpd/main.c (revision 245044)
+++ contrib/bsnmp/snmpd/main.c (working copy)
@@ -627,6 +627,7 @@
} else
community = comm->value;
} else if (pdu->nbindings == 0) {
+ pdu->flags |= SNMP_MSG_AUTODISCOVER;
/* RFC 3414 - snmpEngineID Discovery */
if (strlen(pdu->user.sec_name) == 0) {
asn_append_oid(&(pdu->bindings[pdu->nbindings++].var),
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201301041612.r04GC8Qd047459>