[AGENT++] RE: Problems with sending SNMPv3 traps after agent restart

Jochen Katz katz at agentpp.com
Sat May 31 22:18:18 CEST 2008 

Hi Alex,

it took a while, but now I had time to look at this issue.

>> I've been debugging this issue closely, and as far as I can tell it's
>> caused by the fact that for the UsmUserTable entries that are loaded
>> from the persistent storage, there is no corresponding entry neither
>> in USM->usm_user_table, nor in USM->usm_user_name_table. As a result
>> of that, when AGENT++ performs EngineID discovery and processes the
>> REPORT reply - it can't find USM user name.
> 
> yes, when loading tables from file, the users are not added to USM 
> (because the MibTable rows are added in a way that does not trigger the 
> call to the USM add_user function).

My response above is not correct.

MibTableRow *r = uut->addNewRow("MD5DES",
                        SNMPv3_usmHMACMD5AuthProtocol,
                        SNMPv3_usmDESPrivProtocol,
                        "MD5DESUserAuthPassword",
                        "MD5DESUserPrivPassword");
  r->get_nth(11)->set_value(4); // make entry permanent

This code creates the row in the mib and adds the user to the USM as 
localized user with the local engine id and with passwords, so engine id 
discovery works.

If the row is saved through mib->save_all(), only the mib table row 
content is saved to file and as the row does not hold the passwords,
mib->init() can only load the row and triggers a call to 
usm->add_localized_user(). So managers can contact the agent, but 
informs to new managers will fail, as engine id discovery does not work.

Therefore I now cannot see a problem with traps: For the trap the agent 
is authoritative and so the localized entry should be sufficient.


>> // when MIB is changed
>  > m_mib->save_all();
>> m_v3mp->get_usm()->save_users(D_USM_USERS_FILE); 
>> m_v3mp->get_usm()->save_localized_users(D_USM_LOCALIZED_USERS_FILE);
>>
>> ...
>>
>> // at startup
>  > m_mib->init();
>> m_v3mp->get_usm()->load_users(D_USM_USERS_FILE); 
>> m_v3mp->get_usm()->load_localized_users(D_USM_LOCALIZED_USERS_FILE);
>>
>> This seems to solve the problem with the TRAP. However it looks to me
>> more like a workaround than as a real solution. What do you think?
> 
> Yes, the USM load/save functions were added for manager applications and 
> should not be needed in agents, so you're indeed using a workaround.

With what I wrote above, the calls to save/load_localized_users() are 
not needed.

If you need engine id discovery yo will have to keep the calls to 
save/load_users(), as the mib table cannot save the passwords.


> I will fix the UsmUserTable class for the next release. Then also the 
> two fixes (595-598 and 602-604) from your last mail are included.

These two fixes are in the next snapshot.

> For the remainig I will first have to think about.

A short look at the UsmKeyChange::initialize() function shows that it 
needs a hash function as param, therefore the current code that passes 
the auth protocol is right.

Regards,
   Jochen

More information about the AGENTPP mailing list