[AGENT++] Response to wrong snmpEngineId

Fehde, Marcus Marcus.Fehde at draeger.com
Thu Dec 1 17:47:56 CET 2005 

Frank,

some additions to my previous posting:

Accordingly to RFC3414, ch. 3.2, 3) the agent should return a REPORT-PDU containing the varbind usmUnknownEngineId.
As far as I've analyzed the code this does not happen. There are (at least) two places where the engineId is checked.
One is in USM::process_msg where usm_time_table->check_time() is called. Surprisingly for me, this method succeeds. Unfortunately I cannot debug it due to the REENTRANT macro and due to our development environment I cannot change the code temporarily. So I don't know why this method seems to find the engine in its table.
The second check of the engineId is done in v3MP::snmp_parse 
...
      if (!(unsignedCharCompare(securityEngineID.data(), securityEngineID.len(),
                                own_engine_id, own_engine_id_len))) {
        debugprintf(0, "snmp_parse: securityEngineID doesn't match own_engine_id.");
        usm->delete_sec_state_reference(securityStateReference);
        return SNMPv3_MP_MATCH_ERROR;
...

But this check seems only to force the PDU to be discarded, but without sending a REPORT.

Furthermore I think that a unknownEngineId report would / could trigger a new discovery in the manager. I don't know if SNMP++ does this implicitly on reception of a unknownEngineId report, but it would be at least an indicator for the application.

Regards,
Marcus

-----Original Message-----
From: agentpp-bounces at agentpp.org [mailto:agentpp-bounces at agentpp.org] On Behalf Of Fehde, Marcus
Sent: Donnerstag, 1. Dezember 2005 16:33
To: Frank Fock
Cc: Agent++ Mailing List
Subject: RE: [AGENT++] Response to wrong snmpEngineId


Frank,

We've found the problem. We're adding the user only as localized user (for some particular reasons, you might remember from previous postings). This leads to the following situation: when getting the user from the USM during message processing the agent don't find it neither in the usm_user_table nor in the usm_user_name_table and hence it didn't add it afterwards implicitly. The agent identifies the user as unknown and sends a usmUnknownUser report, but with its own engineId that is different from the SNMP manager. This leads to the observed error. 
Now we add the user explicitly once before adding the localized instances of the user. The agent finds the user in the usm_user_name_table and adds it afterwards. This leads now to skipping the message at the agent side and to a timeout at the manager side accordingly.

I'm only wondering whether timeout is appropriate or if I should receive an unknownEngineId report. Can you tell me which behavior is the right one?

-Marcus

-----Original Message-----
From: Frank Fock [mailto:fock at agentpp.com] 
Sent: Donnerstag, 1. Dezember 2005 02:25
To: Fehde, Marcus
Cc: Agent++ Mailing List
Subject: Re: [AGENT++] Response to wrong snmpEngineId


Marcus,

Are you sure that the engine ID is not already known by the agent? Anyway, I will have a look at the sources...

Best regards,
Frank

Fehde, Marcus wrote:

>Hi,
> 
>I observed that the SNMP agent responses a report to a message
>containing a wrong snmpEngineId. This happened accidently, but as far 
>as I know the command responder / message processor should response a 
>report containing an "usmStatsUnknownEngineIDs" varbind 
>(1.3.6.1.6.3.15.1.1.4.0). But the report contained an 
>"usmStatsUnknownUserNames" varbind (1.3.6.1.6.3.15.1.1.3.0) instead. After forcing a new discovery in order to synchronize the engines everthing if fine again. Unfortunately I'm not able to activate the agent locking. I analyzed this only with Packetyzer. The Agent++ version is 3.5.22 compiled for the Win32 target.
> 
>Best regards/Mit freundlichen Gruessen
>
>Marcus Fehde
>Dipl. Ing. Technische Informatik (FH)
>
>Research & Development
>Business Unit Perioperative Care
>_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
>
>DRÄGER MEDICAL
>
>Dräger Medical AG & Co. KG
>Moislinger Allee 53-55
>D-23542 Lübeck
>
>Tel:  + 49-451-882-3646
>Fax: + 49-451-882-4410
>E-mail: marcus.fehde at draeger.com 
>www.draeger-medical.com 
>_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
>
> 
>
> 
>
> 
>
> 
> 
>  
>
>-----------------------------------------------------------------------
>-
>
>_______________________________________________
>AGENTPP mailing list
>AGENTPP at agentpp.org http://lists.agentpp.org/mailman/listinfo/agentpp
>  
>


-- 
AGENT++
http://www.agentpp.com
http://www.mibexplorer.com
http://www.mibdesigner.com
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: InterScan_Disclaimer.txt
Url: http://lists.agentpp.org/pipermail/agentpp/attachments/20051201/b69c2bc4/attachment.txt

More information about the AGENTPP mailing list