[AGENT++] Problems with sending SNMPv3 traps after agent restart
Alex Agranov
Alex.Agranov at audiocodes.com
Mon Apr 28 22:59:17 CEST 2008
Hi,
Sorry to bother you again on the same subject - but I have another issue with MIB persistency.
I managed to configure SNMPv3 user and can access my MIB from remote (SNMPv3 with SHA-1/DES). It seems to work nicely. I also used add_v3_trap_destination() API to configure TRAPs to be sent to my manager (the only tweak was to configure TRAPs to be sent with authPriv security level - I did this by modifying corresponding entry in snmpTargetAddrTable after the call to add_v3_trap_destination()). TRAPs also seem to work OK.
Now I call mib->save_all() and restart my agent. When it starts up, it calls mib->init() and restores all my configuration. I can successfully access MIB from my manager via SNMPv3. However when I try to send TRAP - I get 1404 "unknown security name" error during message construction. Is this some known issue? Or am I doing something wrong again?
While looking through the code, I found that USM class in SNMP++ library has save_users() method. Do I need to use it explicitly? Or should persistency provided by mib->save_all()/init() APIs in AGENT++ be enough?
One more point - I noticed that when my agent reads usmUsersTable from persistent storage (as part of mib->init() call) - it produces an error "Unknown priv protocol (3)". I tracked this error down to the UsmUserTable::initialize_key_change() function - I think that there's a small bug there, that may be fixed as follows:
*** v3_mib.cpp Mon Apr 28 23:40:03 2008
--- v3_mib.old Sun Nov 11 17:11:36 2007
***************
*** 595,598 ****
if ((op == oidUsmNoPrivProtocol) ||
! (priv_base.len() + 1 != op.len()) ||
! (!priv_base.is_root_of(op)))
{
--- 595,598 ----
if ((op == oidUsmNoPrivProtocol) ||
! (auth_base.len() + 1 != o.len()) ||
! (!auth_base.is_root_of(o)))
{
***************
*** 602,604 ****
{
! unsigned long priv_prot = op.last();
--- 602,604 ----
{
! unsigned long priv_prot = o.last();
***************
*** 616,619 ****
! ukc8->initialize(hashlength, priv_prot, PRIVKEY, ukc9);
! ukc9->initialize(hashlength, priv_prot, PRIVKEY, ukc8);
}
--- 616,619 ----
! ukc8->initialize(hashlength, auth_prot, PRIVKEY, ukc9);
! ukc9->initialize(hashlength, auth_prot, PRIVKEY, ukc8);
}
I'm pretty sure about the fix on lines 595-598 and 602-604 (as soon as I applied it, the error during USM table load disappeared). I'm not very confident about lines 616-619 - though it seems logical to me too... Also, there's another place that may need a fix similar to lines 616-619 - it's inside UsmUserTable constructor, and IMHO should be modified as follows:
***************
*** 518,521 ****
! ukc8->initialize(hashlength, user->usmUserPrivProtocol, PRIVKEY, ukc9);
! ukc9->initialize(hashlength, user->usmUserPrivProtocol, PRIVKEY, ukc8);
}
--- 518,521 ----
! ukc8->initialize(hashlength, user->usmUserAuthProtocol, PRIVKEY, ukc9);
! ukc9->initialize(hashlength, user->usmUserAuthProtocol, PRIVKEY, ukc8);
}
In any case, none of the above fixes solves my problem with the SNMPv3 TRAPs not being properly generated after agent restart...
Best regards,
Alex
This email and any files transmitted with it are confidential material. They are intended solely for the use of the designated individual or entity to whom they are addressed. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, use, distribution or copying of this communication is strictly prohibited and may be unlawful.
If you have received this email in error please immediately notify the sender and delete or destroy any copy of this message
More information about the AGENTPP
mailing list