[SNMP4J] V3 traps failing when multiple senders exist.
Frank Fock
fock at agentpp.com
Tue Mar 6 22:49:53 CET 2012
Hi David,
If you read the SNMPv3 RFCs carefully you will see that
it cannot work what you are trying.
SNMP4J handles the different situations correctly.
The .0 is the suffix of a scalar. It will never be incremented.
The value of the counter increments, though.
There are two possible solutions:
(1) Add the user (can be same security name/password)
for each trap sender's engine ID. How you get that uniqe(!)
engine ID is implementation/scenario dependent.
(2) Use INFORM PDUs instead TRAPs/NOTIFICATIONs. With
INFORM, the PDU receiver is authoritative. Thus, you can
use a single username/password with all inform senders.
Best regards,
Frank
Am 06.03.2012 22:37, schrieb david jones:
> I was trying to test code that receives traps from 2 different senders
> using the same security name, but different passwords. One senders PDUs
> are parsed correctly, the others are not (mostly 1.3.6.1.6.3.15.1.1.5.0 =
> 0 (wrong digest)). I assume i have to do an addUser() for each different
> password, what else is needed? do i also need to set the engineID for each
> addUser?
>
> I tried some scaffolding code that created a UserTarget for each sender's
> IP and then did " discoverAuthoritativeEngineID(userTarget.getAddress(),
> 5000)", with intent of adding the found engineID to the addUser but the
> results were empty, but is that on the right track? Or is there something
> (unique engineIDs?) senders aren't generating correctly?
>
> I then tried getting rid of the multiple users and try it with just one
> addUser and all senders using the same password: Still only one of the
> senders PDUs are successfully read, the others are rejected, now
> with 1.3.6.1.6.3.15.1.1.5.2.0 = 0 (not in time window). Is this still the
> same underlying cause, or do i need to reboot the receivers and senders to
> resynch or ??
>
> I also noticed the warnings messages that indicate errors all have *oid = *0.
> Isn't the = n value supposed to be incrementing, not always 0?
>
> Below is a code snipet:
>
> transport = new DefaultUdpTransportMapping(new
> UdpAddress(ServerProperties.getSnmpTrapPort())); // using private port,
> not 161/162
> MessageDispatcher mtDispatcher = new MessageDispatcherImpl();
> // add message processing models
> mtDispatcher.addMessageProcessingModel(new MPv1());
> mtDispatcher.addMessageProcessingModel(new MPv2c());
> mtDispatcher.addMessageProcessingModel(new MPv3());
> // add all security protocols
> SecurityProtocols.getInstance().addDefaultProtocols();
>
> snmp = new Snmp(mtDispatcher, transport);
>
>
> if (version == SnmpConstants.version3) {
> usm = new USM(SecurityProtocols.getInstance(), engineID, 0);
> SecurityModels.getInstance().addSecurityModel(usm);
>
>
> snmp.setLocalEngine(engineID.getValue(), 0, 0);
>
> // Add some predefined users
>
> snmp.getUSM ().addUser (
> new OctetString ("mytrap"),
> new UsmUser (
> new OctetString ("mytrap"), AuthMD5.ID,
> new OctetString ("AAAAAAAA"),null,null);
>
> snmp.getUSM ().addUser (
> new OctetString ("mytrap"),
> new UsmUser (
> new OctetString ("mytrap"), AuthMD5.ID,
> new OctetString ("BBBBBBBB"),null,null);
>
> }
> snmp.addCommandResponder(this);
> transport.listen();
>
--
---
AGENT++
Maximilian-Kolbe-Str. 10
73257 Koengen, Germany
https://agentpp.com
Phone: +49 7024 8688230
Fax: +49 7024 8688231
More information about the SNMP4J
mailing list