[AGENT++] Agent++ handling SNMP requests that are too big

Frank Fock fock at agentpp.com
Wed Jun 12 23:05:22 CEST 2013 

Hi Damien,

The tooBigError is supposed to be returned by an agent only. If a 
command responder is
not able to handle a big message, it will silently drop the message. See 
the RFCs for details.

To solve this problem, you have basically two options:

1. Increasde the AGENT++ buffer to 64k (this will solve all such 
problems in one step).
2. Use only SNMPv3. AGENT++ here sets the maxResponsePduSize value to 
its buffer
size. If the agent is SNMPv3 compliant, a tooBigError will not occur.

Best regards,
Frank

Am 12.06.2013 15:01, schrieb SCOTT Damien:
> Hi all,
>
> There appear to be some issues with the way in which Agent++ handles SNMP requests that are 'too big' (i.e. exceed MAX_SNMP_PACKET).  I expected a GET-RESPONSE message with the error status set to 'TooBig'.
>
> 1) While using Agent++ v3.5.31, running on QNX (a POSIX-compliant OS), I noticed that I didn't receive a reply for SNMP requests that were too big.  The problem appears to be in Snmpx::receive() in snmp_pp_ext.cpp (see code excerpt below).
>
> It looks like the 'community' and 'version' are set in the call to unload().  However, this unload() function is not called if receive_buffer_len exceeds MAX_SNMP_PACKET.  So for SNMP requests that are too big, the 'community' field is invalid and an authentication failure occurs.
>
> Can anyone confirm that this is a problem, and whether or not it still exists in Agent++ v4.0?  I had a look at the v4.0 code and the above function still appears to return before unload() can be called if the received message is too big.  However, the way in which the calling code (RequestList::receive() in request.cpp) detects authentication failures has changed.  Does the new implementation return a GET-RESPONSE for SNMP requests that are too big?
>
> 2) There also appears to be a separate issue with the same piece of code running under Windows.  As I understand it, the call to recvfrom() will set receive_buffer_len to -1 if the received message is too big.  This means that SNMP_CLASS_TL_FAILED is returned instead of SNMP_ERROR_TOO_BIG.
>
> Any help on either of these issues would be appreciated.
>
> Thanks
>
> Damien
>
>
>       do
>       {
>         receive_buffer_len = (long)recvfrom(iv_snmp_session,
>                                   (char *) receive_buffer,
>                                   MAX_SNMP_PACKET, 0,
>                                   (struct sockaddr*)&from_addr,
>                                   &fromlen);
>       } while (receive_buffer_len < 0 && EINTR == errno);
>
>       if (receive_buffer_len <= 0 )        // error or no data pending
>         return SNMP_CLASS_TL_FAILED;
>
>       if (receive_buffer_len >= MAX_SNMP_PACKET)
>         return SNMP_ERROR_TOO_BIG;
>
>       // copy fromaddress and remote port
>       char* addr = inet_ntoa (from_addr.sin_addr);
>       fromaddr = addr;
>       fromaddr.set_port(ntohs(from_addr.sin_port));
>
>       debugprintf(1, "++ AGENT++: data received from %s.",
>                 fromaddr.get_printable());
>       debughexprintf(5, receive_buffer, receive_buffer_len);
>
>       snmpmsg.load(receive_buffer, receive_buffer_len);
>
>       // return the status of unload method
>       return snmpmsg.unload(pdu, community, version);
>
>
>
> _______________________________________________
> AGENTPP mailing list
> AGENTPP at agentpp.org
> http://lists.agentpp.org/mailman/listinfo/agentpp

-- 
---
AGENT++
Maximilian-Kolbe-Str. 10
73257 Koengen, Germany
https://agentpp.com
Phone: +49 7024 8688230
Fax:   +49 7024 8688231

More information about the AGENTPP mailing list