[SNMP4J] V3 traps failing when multiple senders exist.

Frank Fock fock at agentpp.com
Wed Mar 7 21:08:39 CET 2012 

David,

Then you have to follow these steps:
(1) Make sure that the trap sender are using unique engine IDs and 
properly constantly
increment their engine boots counters
(2) Use USM users that are localized by the engine ID of each target.

Best regards,
Frank

Am 07.03.2012 14:37, schrieb david jones:
>
> so my current approach of:  
> "discoverAuthoritativeEngineID(userTarget.getAddress(), 5000)" is  not 
> working (returns null) so I must be hitting the 
> scenario/implementation dependentness, any pointers, code samples of 
> how to approach? Sender is a different product, so changing to INFORMs 
> is unlikely.
>
> thanks again,
> David
>
> On Tue, Mar 6, 2012 at 4:49 PM, Frank Fock <fock at agentpp.com 
> <mailto:fock at agentpp.com>> wrote:
>
>     Hi David,
>
>     If you read the SNMPv3 RFCs carefully you will see that
>     it cannot work what you are trying.
>     SNMP4J handles the different situations correctly.
>     The .0 is the suffix of a scalar. It will never be incremented.
>     The value of the counter increments, though.
>
>     There are two possible solutions:
>
>     (1) Add the user (can be same security name/password)
>     for each trap sender's engine ID. How you get that uniqe(!)
>     engine ID is implementation/scenario dependent.
>
>     (2) Use INFORM PDUs instead TRAPs/NOTIFICATIONs. With
>     INFORM, the PDU receiver is authoritative. Thus, you can
>     use a single username/password with all inform senders.
>
>     Best regards,
>     Frank
>
>     Am 06.03.2012 22:37, schrieb david jones:
>     > I was trying to test code that receives traps from 2 different
>     senders
>     > using the same security name, but different passwords.  One
>     senders PDUs
>     > are parsed correctly, the others are not (mostly
>      1.3.6.1.6.3.15.1.1.5.0 =
>     > 0 (wrong digest)).   I assume i have to do an addUser() for each
>     different
>     > password, what else is needed? do i also need to set the
>     engineID for each
>     > addUser?
>     >
>     > I tried some scaffolding code that created a UserTarget for each
>     sender's
>     > IP and then did "
>     discoverAuthoritativeEngineID(userTarget.getAddress(),
>     > 5000)", with intent of adding the found engineID to the addUser
>     but the
>     > results were empty, but is that on the right track? Or is there
>     something
>     > (unique engineIDs?) senders aren't generating correctly?
>     >
>     > I then tried getting rid of the multiple users and try it with
>     just one
>     > addUser and all senders using the same password: Still only one
>     of the
>     > senders PDUs are successfully read, the others are rejected, now
>     > with 1.3.6.1.6.3.15.1.1.5.2.0 = 0 (not in time window). Is this
>     still the
>     > same underlying cause, or do i need to reboot the receivers and
>     senders to
>     > resynch or ??
>     >
>     > I also noticed the warnings messages that indicate errors all
>     have *oid = *0.
>     > Isn't the = n value supposed to be incrementing, not always 0?
>     >
>     > Below is a code snipet:
>     >
>     > transport = new DefaultUdpTransportMapping(new
>     > UdpAddress(ServerProperties.getSnmpTrapPort()));  // using
>     private port,
>     > not 161/162
>     >   MessageDispatcher mtDispatcher = new MessageDispatcherImpl();
>     >   // add message processing models
>     >   mtDispatcher.addMessageProcessingModel(new MPv1());
>     >   mtDispatcher.addMessageProcessingModel(new MPv2c());
>     >   mtDispatcher.addMessageProcessingModel(new MPv3());
>     >   // add all security protocols
>     >   SecurityProtocols.getInstance().addDefaultProtocols();
>     >
>     >   snmp = new Snmp(mtDispatcher, transport);
>     >
>     >
>     >   if (version == SnmpConstants.version3) {
>     >       usm = new USM(SecurityProtocols.getInstance(), engineID, 0);
>     >       SecurityModels.getInstance().addSecurityModel(usm);
>     >
>     >
>     >       snmp.setLocalEngine(engineID.getValue(), 0, 0);
>     >
>     >       // Add some predefined users
>     >
>     >       snmp.getUSM ().addUser (
>     > new OctetString ("mytrap"),
>     > new UsmUser (
>     > new OctetString ("mytrap"), AuthMD5.ID,
>     >          new OctetString ("AAAAAAAA"),null,null);
>     >
>     >       snmp.getUSM ().addUser (
>     > new OctetString ("mytrap"),
>     >     new UsmUser (
>     > new OctetString ("mytrap"), AuthMD5.ID,
>     > new OctetString ("BBBBBBBB"),null,null);
>     >
>     >   }
>     > snmp.addCommandResponder(this);
>     > transport.listen();
>     >
>
>     --
>     ---
>     AGENT++
>     Maximilian-Kolbe-Str. 10
>     73257 Koengen, Germany
>     https://agentpp.com
>     Phone: +49 7024 8688230 <tel:%2B49%207024%208688230>
>     Fax: +49 7024 8688231 <tel:%2B49%207024%208688231>
>
>     _______________________________________________
>     SNMP4J mailing list
>     SNMP4J at agentpp.org <mailto:SNMP4J at agentpp.org>
>     http://lists.agentpp.org/mailman/listinfo/snmp4j
>
>
>
>
> -- 
> David Jones
> jonesda24 at gmail.com <mailto:jonesda24 at gmail.com>
> c) 302-5648

-- 
---
AGENT++
Maximilian-Kolbe-Str. 10
73257 Koengen, Germany
https://agentpp.com
Phone: +49 7024 8688230
Fax:   +49 7024 8688231

More information about the SNMP4J mailing list