[SNMP4J] Counting Invalid Traps
Elise Atkins
elise.atkins at tavve.com
Fri Oct 30 14:08:37 CET 2009
Frank,
Thanks for making the change so quickly. I have one nit picky comment.
If you have a ASN.1 parse error, it gets counted as an error and then
processing continues and the MPv1 class throws an exception and it
counted again as an invalid packet. A cleaner solution to prevent double
counting would be to add a return after the first counter event is fired
or log it and not count it and continue processing and have the
catch(IOException) block count it.
Thanks,
Elise
Frank Fock wrote:
> Hi Elise,
>
> Thank you for reporting this bug [SJF-18].
> The current snapshot contains a fix for it,
> which is slightly different to yours.
>
> Regards,
> Frank
>
> Elise Atkins wrote:
>> I have used SNMP4J for several years and have been very satisfied.
>> Recently I did some testing to see what happens when invalid V1 traps
>> and snmp requests were received by the snmp4j code. A CounterListner
>> was added to the MessageDispatcherImpl and the number of incoming
>> traps/requests were accurately counted but the number of invalid
>> traps was not. The large majority of traps were silently discarded.
>> After looking at the following code snippet from
>> MessageDispatcherImpl and the MPv1.java code I concluded that when
>> the MPv1 encountered an error it threw an exception that was caught
>> by the catch block near the end of the snippet. The packet is then
>> silently discarded unless the Snmp4JSettings.forwardRuntimeExceptions
>> is true and the TransportMapping class catches and counts the
>> exception.
>>
>> I think that a better solution would be to add the following lines
>> the catch block:
>> CounterEvent event = new CounterEvent(this,
>>
>> SnmpConstants.snmpInvalidMsgs);
>> fireIncrementCounter(event);
>>
>> The packet would be then counted as invalid. I did set the
>> forwardRuntimeExceptions to true and was able to get a count of the
>> invalid packets and all seemed ok until a little later. I also use
>> AgentXSubagent to connect to the snmpd service. When that service was
>> not running or misconfigured and the subagent could not connect, a
>> socket was orphaned and eventually things stopped working because
>> there were too many sockets opened. I fixed that by calling close and
>> disconnect on the subagent when the connect method failed. But I am
>> now worried that having the forwardRuntimeExceptions set to true will
>> cause additional problems down the line.
>>
>> public void processMessage(TransportMapping sourceTransport,
>> Address incomingAddress,
>> BERInputStream wholeMessage) {
>> fireIncrementCounter(new CounterEvent(this,
>> SnmpConstants.snmpInPkts));
>> if (!wholeMessage.markSupported()) {
>> String txt = "Message stream must support marks";
>> logger.error(txt);
>> throw new IllegalArgumentException(txt);
>> }
>> try {
>> wholeMessage.mark(16);
>> BER.MutableByte type = new BER.MutableByte();
>> // decode header but do not check length here, because we do
>> only decode
>> // the first 16 bytes.
>> BER.decodeHeader(wholeMessage, type, false);
>> if (type.getValue() != BER.SEQUENCE) {
>> logger.error("ASN.1 parse error (message is not a sequence)");
>> CounterEvent event = new CounterEvent(this,
>>
>> SnmpConstants.snmpInASNParseErrs);
>> fireIncrementCounter(event);
>> }
>> Integer32 version = new Integer32();
>> version.decodeBER(wholeMessage);
>> MessageProcessingModel mp =
>> getMessageProcessingModel(version.getValue());
>> if (mp == null) {
>> logger.warn("SNMP version "+version+" is not supported");
>> CounterEvent event = new CounterEvent(this,
>>
>> SnmpConstants.snmpInBadVersions);
>> fireIncrementCounter(event);
>> }
>> else {
>> // reset it
>> wholeMessage.reset();
>> // dispatch it
>> dispatchMessage(sourceTransport, mp, incomingAddress,
>> wholeMessage);
>> }
>> }
>> catch (Exception ex) {
>> logger.error(ex);
>> if (logger.isDebugEnabled()) {
>> ex.printStackTrace();
>> }
>> if (SNMP4JSettings.isFowardRuntimeExceptions()) {
>> throw new RuntimeException(ex);
>> }
>> }
>> catch (OutOfMemoryError oex) {
>> logger.error(oex);
>> if (SNMP4JSettings.isFowardRuntimeExceptions()) {
>> throw oex;
>> }
>> }
>> }
>>
>> Sincerely,
>> Elise Atkins
>>
>
--
ZoneRanger "Management Through Firewalls" <http://www.tavve.com/?leadlander>
--
ZoneRanger "Management Through Firewalls" <http://www.tavve.com/?leadlander>
More information about the SNMP4J
mailing list