[AGENT++] No response for empty view instead of noSuchName
Dave White | Networking
dave.white at efi.com
Thu May 17 03:53:40 CEST 2007
Hi Frank,
If a version1 request is received for a valid community name but there is no
view in VACM for the access type, then the request is ignored. I think this
behavior is wrong. In my test, I send a version1 Set request but VACM has
only a read view and no write view. The result is a timeout by the SNMP
manager who sent the request.
According to RFC 3415 (VACM, p.10) if the view is empty, then isAccessAllowed
should return noSuchView. The code does this functionality correctly. RFC
3413 (SNMP Applications, p.12) states that if isAccessAllowed returns
noSuchView, then the error-status should become authorizationError. The code
does this correctly only if the request is version3, but ignores the request
if it is not version3 (see RequestList::receive() in request.cpp). RFC 3584
(Coexistence between SNMP versions, p25) maps the authorizationError to
noSuchName.
If I remove the "VACM_noSuchName" case in the RequestList::receive() function
and let it process the request, AND I add a "SNMP_ERROR_AUTH_ERR" case to the
RequestList::answer() function to map it to SNMP_ERROR_NO_SUCH_NAME for
version1 requests, then Agent++ seems to follow my understanding of the RFCs.
Have I interpreted the RFCs correctly? Do my changes to request.cpp seem
reasonable?
Thanks,
Dave
___________________
Dave White
Sr. Software Engineer
(650) 357-3980
More information about the AGENTPP
mailing list