[AGENT++] agentX++ and IPv6 problems

Claus Klein claus.klein at arcormail.de
Wed Aug 18 21:57:13 CEST 2010 

Hi Frank,

you mean the this code from agentX++/examples/master/src/master.cpp:

#ifdef _SNMPv3
void allow_agentx_tcp_from_localhost()
{
	// init AgentX source address validation
	if (snmpTargetAddrEntry::instance &&
		snmpTargetAddrExtEntry::instance) {
		snmpTargetAddrEntry::instance->
		    add_entry("AgentXLocalhost", "1.3.6.1.2.1.100.1.5",
			      OctetStr::from_hex_string("7F 00 00 01 00 00"),
					  "agentX", "null");
		MibTableRow* r =
		    snmpTargetAddrExtEntry::instance->
		    add_row(Oidx::from_string("AgentXLocalhost", FALSE));
		snmpTargetAddrExtEntry::instance->
		    set_row(r, OctetStr::from_hex_string("FF FF FF FF 00 00"),
			    1500);
		r = agentppAgentXExtSrcAddrEntry::instance->
		    add_row(Oidx::from_string("localhost"));
		r->get_nth(0)->replace_value(new OctetStr("agentX"));
		r->get_nth(1)->replace_value(new SnmpInt32(rowActive));
	}
}
#endif

Ok, if this works, I have not tested it, the connect request may be  
discarded.
But the is an open TCP port 705 on the host the Master is started.
I think it is better to listen only at the localhost addr, than the  
host has no port scan isues while a security audit.


But more Important to me is the question why is the slave code  
supporting IPv6 but ...

>> Only when I disable all IPv6 code at agentx.cpp, it works fine with
>> localhost.

and net-snmp which listen at the tcp6:localhost:705 port and
tcp:loclhost:705 port.

With regards,
Claus


On 15.08.2010, at 21:46, Frank Fock wrote:

> Hi Claus,
>
> The master can be configured to accept packets from
> a certain group of interfaces.
> The master can be configured to listen to a
> specific IP address only. This applies to the TCP
> interface for AgentX as well as the UDP interface
> for SNMP.
>
> Best regards,
> Frank
>
> On 15.08.2010 20:35, Claus Klein wrote:
>> Hi
>>
>> with IPv6 enabled, if have problems to compile agentX++ on windows.
>> For this, I found the issues in code and corrected them. But today, I
>> can only crosscompile on my MacBook.
>>
>> So I tested the MAC-OS version with IPv6 enabled.
>>
>> SNMP with udp6:localhost:161 works fine.
>>
>> claus-kleins-macbook-pro:AgentPro clausklein$ snmpwalk -u testUser -n
>> 'subagent' 'udp6:localhost:161' system
>> DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (2253) 0:00:22.53
>> claus-kleins-macbook-pro:AgentPro clausklein$ snmpwalk -u testUser -n
>> '' 'udp6:localhost:161' system
>> SNMPv2-MIB::sysDescr.0 = STRING: AgentX++ v1.4.17 example agent
>> SNMPv2-MIB::sysObjectID.0 = OID: AGENTPP-GLOBAL-REG::agentpp
>> DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (4490) 0:00:44.90
>> SNMPv2-MIB::sysContact.0 = STRING:
>> SNMPv2-MIB::sysName.0 = STRING:
>> SNMPv2-MIB::sysLocation.0 = STRING:
>> SNMPv2-MIB::sysServices.0 = INTEGER: 10
>> SNMPv2-MIB::sysORLastChange.0 = Timeticks: (1018) 0:00:10.18
>> SNMPv2-MIB::sysORID.1 = OID: AGENTPP-GLOBAL-REG::agentppCaps.1.1
>> SNMPv2-MIB::sysORDescr.1 = STRING: AGENT++ agent built-in  
>> capabilities
>> SNMPv2-MIB::sysORUpTime.1 = Timeticks: (1018) 0:00:10.18
>> claus-kleins-macbook-pro:AgentPro clausklein$
>>
>>
>>
>> But the AgentX TCP connection does not work!
>>
>>
>> claus-kleins-macbook-pro:macbuild clausklein$ sudo ./agentX++/ 
>> examples/
>> master/src/master 161
>> 20100815.20:12:56: 15930: (1)EVENT  : main: SNMP listen port:
>> ([0000:0000:0000:0000:0000:0000:0000:0000]/161)
>> 20100815.20:12:56: 15930: (1)ERROR  : UsmUserTable: Unsupported
>> privProtocol: (9)
>> 20100815.20:12:56: 15930: (1)ERROR  : UsmUserTable: Unsupported
>> privProtocol: (9)
>> 20100815.20:12:56: 15930: (1)EVENT  : AgentX Master Agent starting
>> 20100815.20:12:56: 15930: (1)EVENT  : AgentXMaster: listening on TCP
>> (socket)(addr)(port): (5), (0.0.0.0), (705)
>> 20100815.20:12:56: 15930: (1)EVENT  : NotificationGenerator: sent v1
>> trap (id)(tdomain)(addr)(vbs)(community): (1.3.6.1.6.3.1.1.5.1), (1),
>> (127.0.0.1/162), (0), (public)
>>
>> ....
>>
>> #===========================
>>
>> claus-kleins-macbook-pro:macbuild clausklein$ sudo ./agentX++/ 
>> examples/
>> subagent/src/subagent 127.0.0.1
>> 20100815.20:13:54: 15935: (3)DEBUG  : MibContext: adding MIB object
>> (context)(oid): (subagent), (1.3.6.1.4.1.4976.6.1.1)
>> 20100815.20:13:54: 15935: (3)DEBUG  : MibContext: adding MIB object
>> (context)(oid): (subagent), (1.3.6.1.2.1.1.3.0)
>> 20100815.20:13:54: 15935: (1)DEBUG  : TaskManager: thread started
>> 20100815.20:13:54: 15935: (1)DEBUG  : TaskManager: thread started
>> 20100815.20:13:54: 15935: (1)DEBUG  : Thread: started (tid):
>> (-1342107648)
>> 20100815.20:13:54: 15935: (1)DEBUG  : Thread: started (tid):
>> (-1342033920)
>> 20100815.20:13:54: 15935: (1)DEBUG  : Thread: started (tid):
>> (-1341960192)
>> 20100815.20:13:54: 15935: (1)DEBUG  : TaskManager: thread started
>> 20100815.20:13:54: 15935: (1)DEBUG  : Thread: started (tid):
>> (-1341886464)
>> 20100815.20:13:54: 15935: (1)DEBUG  : TaskManager: thread started
>> 20100815.20:13:54: 15935: (1)DEBUG  : Thread: started (tid):
>> (-1341812736)
>> 20100815.20:13:54: 15935: (1)DEBUG  : TaskManager: thread started
>> 20100815.20:13:54: 15935: (2)EVENT  : SubAgentXMib: opening socket
>> 20100815.20:13:54: 15935: (1)DEBUG  : Thread: started (tid):
>> (-1341739008)
>> 20100815.20:13:54: 15935: (1)EVENT  : AgentXSlave: connecting on TCP
>> (socket)(addr)(port): (3), (127.0.0.1), (705)
>> 20100815.20:13:54: 15935: (1)ERROR  : AgentXSlave: could not connect
>> TCP socket (port)(errno): (705), (Invalid argument)
>> 20100815.20:13:54: 15935: (1)ERROR  : SuAgentXMib: could not bind any
>> port. Aborting.
>> 20100815.20:13:54: 15935: (1)WARNING: SubAgentXMib: not connected  
>> with
>> master agent!
>> 20100815.20:14:14: 15935: (5)INFO   : AgentXSlave: no request within
>> (milli seconds): (20000)
>>
>> #-------------------------------------------or
>>
>> claus-kleins-macbook-pro:macbuild clausklein$ sudo ./agentX++/ 
>> examples/
>> subagent/src/subagent ::1
>> 20100815.20:13:04: 15933: (3)DEBUG  : MibContext: adding MIB object
>> (context)(oid): (subagent), (1.3.6.1.4.1.4976.6.1.1)
>> 20100815.20:13:04: 15933: (3)DEBUG  : MibContext: adding MIB object
>> (context)(oid): (subagent), (1.3.6.1.2.1.1.3.0)
>> 20100815.20:13:04: 15933: (1)DEBUG  : Thread: started (tid):
>> (-1342107648)
>> 20100815.20:13:04: 15933: (1)DEBUG  : TaskManager: thread started
>> 20100815.20:13:04: 15933: (1)DEBUG  : Thread: started (tid):
>> (-1342033920)
>> 20100815.20:13:04: 15933: (1)DEBUG  : TaskManager: thread started
>> 20100815.20:13:04: 15933: (1)DEBUG  : Thread: started (tid):
>> (-1341960192)
>> 20100815.20:13:04: 15933: (1)DEBUG  : TaskManager: thread started
>> 20100815.20:13:04: 15933: (1)DEBUG  : Thread: started (tid):
>> (-1341886464)
>> 20100815.20:13:04: 15933: (1)DEBUG  : TaskManager: thread started
>> 20100815.20:13:04: 15933: (1)DEBUG  : Thread: started (tid):
>> (-1341812736)
>> 20100815.20:13:04: 15933: (1)DEBUG  : TaskManager: thread started
>> 20100815.20:13:04: 15933: (1)DEBUG  : Thread: started (tid):
>> (-1341739008)
>> 20100815.20:13:04: 15933: (2)EVENT  : SubAgentXMib: opening socket
>> 20100815.20:13:04: 15933: (1)EVENT  : AgentXSlave: connecting on TCP
>> (socket)(addr)(port): (3), (0000:0000:0000:0000:0000:0000:0000:0001),
>> (705)
>> 20100815.20:13:04: 15933: (1)ERROR  : AgentXSlave: could not connect
>> TCP socket (port)(errno): (705), (Address family not supported by
>> protocol family)
>> 20100815.20:13:04: 15933: (1)ERROR  : SuAgentXMib: could not bind any
>> port. Aborting.
>> 20100815.20:13:04: 15933: (1)WARNING: SubAgentXMib: not connected  
>> with
>> master agent!
>>
>>
>> Only when I disable all IPv6 code at agentx.cpp, it works fine with
>> localhost.
>>
>> What me wondered at agentx.cpp is that the master code does not
>> support IPv6, but the slave?
>>
>> Too I found, that the master  listen on all interfaces, not only on
>> localhost address?
>> In my opinion, that should be a parameter.
>>
>> Has someone tested IPv6 with agentX++?
>>
>> With best regards,
>>
>> Claus
>>
>>
>>
>>
>>
>> _______________________________________________
>> AGENTPP mailing list
>> AGENTPP at agentpp.org
>> http://lists.agentpp.org/mailman/listinfo/agentpp
>
> -- 
> AGENT++
> http://www.agentpp.com
> http://www.snmp4j.com
> http://www.mibexplorer.com
> http://www.mibdesigner.com
>
> _______________________________________________
> AGENTPP mailing list
> AGENTPP at agentpp.org
> http://lists.agentpp.org/mailman/listinfo/agentpp

More information about the AGENTPP mailing list