[SNMP4J] Security Issue? - Some clients work, some don't

Frank Fock fock at agentpp.com
Mon Aug 22 22:06:54 CEST 2005 

Hi ..

You are using "private" as community in the SNMP message that returned 
an error status 16,
but you did not configured "private" to be a valid community for the 
readView.
When you use "public" it works, because "public" is configured to be a 
valid community
for the readView.

It would have been nice to post here with your real name and it would have
been nice to mention that you varied the community string when sending the
packets.

Best regards,
Frank

. . wrote:

>
> ***Setup: I setup an SNMP Agent and populated it with 2 OIDs
>
> ***Problem:
>
> Using one program to query the OIDs results in the correct value 
> returned.
>  OID: 1.3.6.1.4.1.318.1.1.1.2.2.1  type: snmp.SNMPInteger  value: 100
>
> The other program throws an exception here:
>                // check error status; if retrieval problem, throw 
> SNMPGetException
>                if (receivedPDU.getErrorStatus() != 0)
>                    throw new SNMPGetException("OID " + itemID + " not 
> available for retrieval", receivedPDU.getErrorIndex(), 
> receivedPDU.getErrorStatus());
>
> Exception in thread "main" snmp.SNMPGetException: OID 
> 1.3.6.1.4.1.318.1.1.1.2.2.1 not available for retrieval
>        at 
> snmp.SNMPv1CommunicationInterface.getMIBEntry(SNMPv1CommunicationInterface.java:291) 
>
>
>
> ***snmp4j Agent Logs:
>
> <Response to program that works>
> 228627 [Thread-1] DEBUG 
> org.snmp4j.transport.DefaultUdpTransportMapping  - Received message 
> from /10.0.1.207/36222 with length 45: 
> 30:2b:02:01:00:04:06:70:75:62:6c:69:63:a0:1e:02:01:01:02:01:00:02:01:00:30:13:30:11:06:0d:2b:06:01:04:01:82:3e:01:01:01:02:02:01:05:00 
>
> 228628 [Thread-1] DEBUG org.snmp4j.Snmp  - Fire process PDU event: 
> CommandResponderEvent[transportMapping=org.snmp4j.transport.DefaultUdpTransportMapping at 16c163fpeerAddress=10.0.1.207/36222, 
> processed=false, pdu=[GET[reqestID=1, timestamp=0:00:00.00, 
> enterprise=, genericTrap=0, specificTrap=0, 
> VBS[1.3.6.1.4.1.318.1.1.1.2.2.1 = Null]]], securityName=[B at 16f144c, 
> securityModel=1, securityLevel=1]
> 228629 [Thread-1] DEBUG org.snmp4j.agent.mo.snmp.VacmMIB  - Matching 
> view found for group name 'v1v2group' is 'fullReadView'
> 228629 [Thread-1] DEBUG org.snmp4j.agent.DefaultMOServer  - Scanning 
> managed object: 
> 1.3.6.1.4.1.318.1.1.1.2.2.1-1.3.6.1.4.1.318.1.1.1.2.2.1 for 
> org.snmp4j.agent.CommandProcessor$VACMQuery[viewName=fullReadView]=1.3.6.1.4.1.318.1.1.1.2.2.1<= 
> x <=1.3.6.1.4.1.318.1.1.1.2.2.1
> 228630 [Thread-1] DEBUG org.snmp4j.agent.mo.snmp.VacmMIB  - Access 
> allowed for view 'fullReadView' by subtree 1.3 for OID 
> 1.3.6.1.4.1.318.1.1.1.2.2.1
> 228636 [Thread-1] DEBUG 
> org.snmp4j.transport.DefaultUdpTransportMapping  - Sending message to 
> 10.0.1.207/36222 with length 46: 
> 30:2c:02:01:00:04:06:70:75:62:6c:69:63:a2:1f:02:01:01:02:01:00:02:01:00:30:14:30:12:06:0d:2b:06:01:04:01:82:3e:01:01:01:02:02:01:02:01:64 
>
> </Response to program that works>
>
> <Response to program that fails>
> 219808 [Thread-1] DEBUG 
> org.snmp4j.transport.DefaultUdpTransportMapping  - Received message 
> from /10.0.1.207/36222 with length 46: 
> 30:2c:02:01:00:04:07:70:72:69:76:61:74:65:a0:1e:02:01:01:02:01:00:02:01:00:30:13:30:11:06:0d:2b:06:01:04:01:82:3e:01:01:01:02:02:01:05:00 
>
> 219810 [Thread-1] DEBUG org.snmp4j.Snmp  - Fire process PDU event: 
> CommandResponderEvent[transportMapping=org.snmp4j.transport.DefaultUdpTransportMapping at 16c163fpeerAddress=10.0.1.207/36222, 
> processed=false, pdu=[GET[reqestID=1, timestamp=0:00:00.00, 
> enterprise=, genericTrap=0, specificTrap=0, 
> VBS[1.3.6.1.4.1.318.1.1.1.2.2.1 = Null]]], securityName=[B at 1e232b5, 
> securityModel=1, securityLevel=1]
> 219816 [Thread-1] DEBUG 
> org.snmp4j.transport.DefaultUdpTransportMapping  - Sending message to 
> 10.0.1.207/36222 with length 46: 
> 30:2c:02:01:00:04:07:70:72:69:76:61:74:65:a2:1e:02:01:01:02:01:10:02:01:00:30:13:30:11:06:0d:2b:06:01:04:01:82:3e:01:01:01:02:02:01:05:00 
>
> </Response to program that fails>
>
> *** Both programs are querying the same OID, why does one pass and one 
> fail?
> Is there something wrong here?:
>
>    protected void addViews(VacmMIB vacm) {
>     vacm.addGroup(SecurityModel.SECURITY_MODEL_SNMPv1,
>               new OctetString("public"),
>               new OctetString("v1v2group"),
>               StorageType.nonVolatile);
>     vacm.addGroup(SecurityModel.SECURITY_MODEL_SNMPv2c,
>               new OctetString("public"),
>               new OctetString("v1v2group"),
>               StorageType.nonVolatile);
>
>     vacm.addAccess(new OctetString("v1v2group"), new OctetString(),
>                SecurityModel.SECURITY_MODEL_ANY,
>                SecurityLevel.NOAUTH_NOPRIV, VacmMIB.vacmExactMatch,
>                new OctetString("fullReadView"),
>                new OctetString("fullWriteView"),
>                new OctetString("fullNotifyView"),
>                StorageType.nonVolatile);
>
>     vacm.addViewTreeFamily(new OctetString("fullReadView"), new 
> OID("1.3"),
>                    new OctetString(), VacmMIB.vacmViewIncluded,
>                    StorageType.nonVolatile);
>     vacm.addViewTreeFamily(new OctetString("fullWriteView"), new 
> OID("1.3"),
>                    new OctetString(), VacmMIB.vacmViewIncluded,
>                    StorageType.nonVolatile);
>     vacm.addViewTreeFamily(new OctetString("fullNotifyView"), new 
> OID("1.3"),
>                    new OctetString(), VacmMIB.vacmViewIncluded,
>                    StorageType.nonVolatile);
>    }
>
>
> _______________________________________________
> SNMP4J mailing list
> SNMP4J at agentpp.org
> http://lists.agentpp.org/mailman/listinfo/snmp4j
>
>


-- 
AGENT++
http://www.agentpp.com
http://www.mibexplorer.com
http://www.mibdesigner.com

More information about the SNMP4J mailing list