[SNMP4J] Security Issue? - Some clients work, some don't

. . nfn_nln at hotmail.com
Mon Aug 22 03:36:36 CEST 2005 

***Setup: I setup an SNMP Agent and populated it with 2 OIDs

***Problem:

Using one program to query the OIDs results in the correct value returned.
  OID: 1.3.6.1.4.1.318.1.1.1.2.2.1  type: snmp.SNMPInteger  value: 100

The other program throws an exception here:
                // check error status; if retrieval problem, throw 
SNMPGetException
                if (receivedPDU.getErrorStatus() != 0)
                    throw new SNMPGetException("OID " + itemID + " not 
available for retrieval", receivedPDU.getErrorIndex(), 
receivedPDU.getErrorStatus());

Exception in thread "main" snmp.SNMPGetException: OID 
1.3.6.1.4.1.318.1.1.1.2.2.1 not available for retrieval
        at 
snmp.SNMPv1CommunicationInterface.getMIBEntry(SNMPv1CommunicationInterface.java:291)


***snmp4j Agent Logs:

<Response to program that works>
228627 [Thread-1] DEBUG org.snmp4j.transport.DefaultUdpTransportMapping  - 
Received message from /10.0.1.207/36222 with length 45: 
30:2b:02:01:00:04:06:70:75:62:6c:69:63:a0:1e:02:01:01:02:01:00:02:01:00:30:13:30:11:06:0d:2b:06:01:04:01:82:3e:01:01:01:02:02:01:05:00
228628 [Thread-1] DEBUG org.snmp4j.Snmp  - Fire process PDU event: 
CommandResponderEvent[transportMapping=org.snmp4j.transport.DefaultUdpTransportMapping at 16c163fpeerAddress=10.0.1.207/36222, 
processed=false, pdu=[GET[reqestID=1, timestamp=0:00:00.00, enterprise=, 
genericTrap=0, specificTrap=0, VBS[1.3.6.1.4.1.318.1.1.1.2.2.1 = Null]]], 
securityName=[B at 16f144c, securityModel=1, securityLevel=1]
228629 [Thread-1] DEBUG org.snmp4j.agent.mo.snmp.VacmMIB  - Matching view 
found for group name 'v1v2group' is 'fullReadView'
228629 [Thread-1] DEBUG org.snmp4j.agent.DefaultMOServer  - Scanning managed 
object: 1.3.6.1.4.1.318.1.1.1.2.2.1-1.3.6.1.4.1.318.1.1.1.2.2.1 for 
org.snmp4j.agent.CommandProcessor$VACMQuery[viewName=fullReadView]=1.3.6.1.4.1.318.1.1.1.2.2.1<= 
x <=1.3.6.1.4.1.318.1.1.1.2.2.1
228630 [Thread-1] DEBUG org.snmp4j.agent.mo.snmp.VacmMIB  - Access allowed 
for view 'fullReadView' by subtree 1.3 for OID 1.3.6.1.4.1.318.1.1.1.2.2.1
228636 [Thread-1] DEBUG org.snmp4j.transport.DefaultUdpTransportMapping  - 
Sending message to 10.0.1.207/36222 with length 46: 
30:2c:02:01:00:04:06:70:75:62:6c:69:63:a2:1f:02:01:01:02:01:00:02:01:00:30:14:30:12:06:0d:2b:06:01:04:01:82:3e:01:01:01:02:02:01:02:01:64
</Response to program that works>

<Response to program that fails>
219808 [Thread-1] DEBUG org.snmp4j.transport.DefaultUdpTransportMapping  - 
Received message from /10.0.1.207/36222 with length 46: 
30:2c:02:01:00:04:07:70:72:69:76:61:74:65:a0:1e:02:01:01:02:01:00:02:01:00:30:13:30:11:06:0d:2b:06:01:04:01:82:3e:01:01:01:02:02:01:05:00
219810 [Thread-1] DEBUG org.snmp4j.Snmp  - Fire process PDU event: 
CommandResponderEvent[transportMapping=org.snmp4j.transport.DefaultUdpTransportMapping at 16c163fpeerAddress=10.0.1.207/36222, 
processed=false, pdu=[GET[reqestID=1, timestamp=0:00:00.00, enterprise=, 
genericTrap=0, specificTrap=0, VBS[1.3.6.1.4.1.318.1.1.1.2.2.1 = Null]]], 
securityName=[B at 1e232b5, securityModel=1, securityLevel=1]
219816 [Thread-1] DEBUG org.snmp4j.transport.DefaultUdpTransportMapping  - 
Sending message to 10.0.1.207/36222 with length 46: 
30:2c:02:01:00:04:07:70:72:69:76:61:74:65:a2:1e:02:01:01:02:01:10:02:01:00:30:13:30:11:06:0d:2b:06:01:04:01:82:3e:01:01:01:02:02:01:05:00
</Response to program that fails>

*** Both programs are querying the same OID, why does one pass and one fail?
Is there something wrong here?:

    protected void addViews(VacmMIB vacm) {
	vacm.addGroup(SecurityModel.SECURITY_MODEL_SNMPv1,
		      new OctetString("public"),
		      new OctetString("v1v2group"),
		      StorageType.nonVolatile);
	vacm.addGroup(SecurityModel.SECURITY_MODEL_SNMPv2c,
		      new OctetString("public"),
		      new OctetString("v1v2group"),
		      StorageType.nonVolatile);

	vacm.addAccess(new OctetString("v1v2group"), new OctetString(),
		       SecurityModel.SECURITY_MODEL_ANY,
		       SecurityLevel.NOAUTH_NOPRIV, VacmMIB.vacmExactMatch,
		       new OctetString("fullReadView"),
		       new OctetString("fullWriteView"),
		       new OctetString("fullNotifyView"),
		       StorageType.nonVolatile);

	vacm.addViewTreeFamily(new OctetString("fullReadView"), new OID("1.3"),
			       new OctetString(), VacmMIB.vacmViewIncluded,
			       StorageType.nonVolatile);
	vacm.addViewTreeFamily(new OctetString("fullWriteView"), new OID("1.3"),
			       new OctetString(), VacmMIB.vacmViewIncluded,
			       StorageType.nonVolatile);
	vacm.addViewTreeFamily(new OctetString("fullNotifyView"), new OID("1.3"),
			       new OctetString(), VacmMIB.vacmViewIncluded,
			       StorageType.nonVolatile);
    }

More information about the SNMP4J mailing list