[SNMP4J] V3 traps failing when multiple senders exist.

david jones jonesda24 at gmail.com
Wed Mar 7 14:37:03 CET 2012 

so my current approach of:
"discoverAuthoritativeEngineID(userTarget.getAddress(), 5000)" is  not
working (returns null) so I must be hitting the scenario/implementation
dependentness, any pointers, code samples of how to approach? Sender is a
different product, so changing to INFORMs is unlikely.

thanks again,
David

On Tue, Mar 6, 2012 at 4:49 PM, Frank Fock <fock at agentpp.com> wrote:

> Hi David,
>
> If you read the SNMPv3 RFCs carefully you will see that
> it cannot work what you are trying.
> SNMP4J handles the different situations correctly.
> The .0 is the suffix of a scalar. It will never be incremented.
> The value of the counter increments, though.
>
> There are two possible solutions:
>
> (1) Add the user (can be same security name/password)
> for each trap sender's engine ID. How you get that uniqe(!)
> engine ID is implementation/scenario dependent.
>
> (2) Use INFORM PDUs instead TRAPs/NOTIFICATIONs. With
> INFORM, the PDU receiver is authoritative. Thus, you can
> use a single username/password with all inform senders.
>
> Best regards,
> Frank
>
> Am 06.03.2012 22:37, schrieb david jones:
> > I was trying to test code that receives traps from 2 different senders
> > using the same security name, but different passwords.  One senders PDUs
> > are parsed correctly, the others are not (mostly  1.3.6.1.6.3.15.1.1.5.0
> =
> > 0 (wrong digest)).   I assume i have to do an addUser() for each
> different
> > password, what else is needed? do i also need to set the engineID for
> each
> > addUser?
> >
> > I tried some scaffolding code that created a UserTarget for each sender's
> > IP and then did " discoverAuthoritativeEngineID(userTarget.getAddress(),
> > 5000)", with intent of adding the found engineID to the addUser but the
> > results were empty, but is that on the right track? Or is there something
> > (unique engineIDs?) senders aren't generating correctly?
> >
> > I then tried getting rid of the multiple users and try it with just one
> > addUser and all senders using the same password: Still only one of the
> > senders PDUs are successfully read, the others are rejected, now
> > with 1.3.6.1.6.3.15.1.1.5.2.0 = 0 (not in time window). Is this still the
> > same underlying cause, or do i need to reboot the receivers and senders
> to
> > resynch or ??
> >
> > I also noticed the warnings messages that indicate errors all have *oid
> = *0.
> > Isn't the = n value supposed to be incrementing, not always 0?
> >
> > Below is a code snipet:
> >
> > transport = new DefaultUdpTransportMapping(new
> > UdpAddress(ServerProperties.getSnmpTrapPort()));  // using private port,
> > not 161/162
> >   MessageDispatcher mtDispatcher = new MessageDispatcherImpl();
> >   // add message processing models
> >   mtDispatcher.addMessageProcessingModel(new MPv1());
> >   mtDispatcher.addMessageProcessingModel(new MPv2c());
> >   mtDispatcher.addMessageProcessingModel(new MPv3());
> >   // add all security protocols
> >   SecurityProtocols.getInstance().addDefaultProtocols();
> >
> >   snmp = new Snmp(mtDispatcher, transport);
> >
> >
> >   if (version == SnmpConstants.version3) {
> >       usm = new USM(SecurityProtocols.getInstance(), engineID, 0);
> >       SecurityModels.getInstance().addSecurityModel(usm);
> >
> >
> >       snmp.setLocalEngine(engineID.getValue(), 0, 0);
> >
> >       // Add some predefined users
> >
> >       snmp.getUSM ().addUser (
> > new OctetString ("mytrap"),
> > new UsmUser (
> > new OctetString ("mytrap"), AuthMD5.ID,
> >          new OctetString ("AAAAAAAA"),null,null);
> >
> >       snmp.getUSM ().addUser (
> > new OctetString ("mytrap"),
> >     new UsmUser (
> > new OctetString ("mytrap"), AuthMD5.ID,
> > new OctetString ("BBBBBBBB"),null,null);
> >
> >   }
> > snmp.addCommandResponder(this);
> > transport.listen();
> >
>
> --
> ---
> AGENT++
> Maximilian-Kolbe-Str. 10
> 73257 Koengen, Germany
> https://agentpp.com
> Phone: +49 7024 8688230
> Fax:   +49 7024 8688231
>
> _______________________________________________
> SNMP4J mailing list
> SNMP4J at agentpp.org
> http://lists.agentpp.org/mailman/listinfo/snmp4j
>



-- 
David Jones
jonesda24 at gmail.com
c) 302-5648

More information about the SNMP4J mailing list