[SNMP4J] Creating public / private v2c communities

Marek Hajduczenia marek.hajduczenia at gmail.com
Mon Apr 1 19:17:34 CEST 2013 

I have further tried to experiment with port numbers, names of communities,
etc., but so far I was unable to add properly the private community support.


 

Is there a way to check whether the private community definition is added
properly into the configuration of the agent ?

 

Regards

 

Marek

 

From: Marek Hajduczenia [mailto:marek.hajduczenia at gmail.com] 
Sent: Sunday, 31 March, 2013 10:47 AM
To: snmp4j at agentpp.org
Subject: Creating public / private v2c communities

 

Dear colleagues, 

Following the online tutorials and the structure of the BaseAgent.java
class, I am trying to add read and write community definitions into my
project. I am extending the BaseAgent.java class, and I have done the
following changes to the following extensions:

[1] changes in method protected void addCommunities(SnmpCommunityMIB
communityMIB)

              Variable[] com2sec1 = new Variable[] 

              { 

                     new OctetString("public"),

                     new OctetString("cpublic"), // security name

                     getAgent().getContextEngineID(), // local engine ID

                     new OctetString("public"), // default context name

                     new OctetString(), // transport tag

                     new Integer32(StorageType.nonVolatile), // storage type

                     new Integer32(RowStatus.active) // row status

              };

              

              Variable[] com2sec2 = new Variable[] 

              { 

                     new OctetString("private"),

                     new OctetString("cprivate"), // security name

                     getAgent().getContextEngineID(), // local engine ID

                     new OctetString("private"), // default context name

                     new OctetString(), // transport tag

                     new Integer32(StorageType.nonVolatile), // storage type

                     new Integer32(RowStatus.active) // row status

              };            

              

              MOTableRow row2 =
communityMIB.getSnmpCommunityEntry().createRow(new
OctetString("private").toSubIndex(true), com2sec2);

              MOTableRow row1 =
communityMIB.getSnmpCommunityEntry().createRow(new
OctetString("public").toSubIndex(true), com2sec1);

              communityMIB.getSnmpCommunityEntry().addRow(row2);

              communityMIB.getSnmpCommunityEntry().addRow(row1);

if I understand the code correctly, I am adding here information about two
communities, one with the name "public" and another with the name "private"
(names will be changed later on, after testing is done). The respectove
entries ae added into the communityMIB. 

[2] changes in the method protected void addViews(VacmMIB vacm)

       {

              vacm.addGroup(SecurityModel.SECURITY_MODEL_SNMPv2c, new
OctetString("cpublic"), new OctetString("v1v2group"),
StorageType.nonVolatile);

              vacm.addGroup(SecurityModel.SECURITY_MODEL_SNMPv2c, new
OctetString("cprivate"), new OctetString("v1v2group"),
StorageType.nonVolatile);

              

              vacm.addAccess(new OctetString("v1v2group"), new
OctetString("public"), SecurityModel.SECURITY_MODEL_ANY,
SecurityLevel.NOAUTH_NOPRIV, MutableVACM.VACM_MATCH_EXACT, new
OctetString("fullReadView"), new OctetString("fullWriteView"), new
OctetString("fullNotifyView"), StorageType.nonVolatile);

              vacm.addAccess(new OctetString("v1v2group"), new
OctetString("private"), SecurityModel.SECURITY_MODEL_SNMPv2c,
SecurityLevel.NOAUTH_NOPRIV, MutableVACM.VACM_MATCH_EXACT, new
OctetString("fullReadView"), new OctetString("fullWriteView"), new
OctetString("fullNotifyView"), StorageType.nonVolatile);

              

              vacm.addViewTreeFamily(new OctetString("fullReadView"), new
OID("1.3"), new OctetString(), VacmMIB.vacmViewIncluded,
StorageType.nonVolatile);

       }

where I only replicated the entries for public community already in place
before for the private community. I did not replicate the
vacm.addViewTreeFamily entry though, since I cannot really figure out how it
is connected to communities. 

I would appreciate any pointers to what else needs to be done to make sure
that some of the managed objects I am adding in the programe can be actually
set?

Right now, every time I try to set an object at OID 1.3.6.1.3.22.2.10.1
(defined with MOAccessImpl.ACCESS_READ_WRITE), I get the following debug
sequence and the following Euthorization Error. I can clearly see that the
"private" community was found correctly in the definitions, and that the
requests are created correctly, but for some reason the processing stops and
error is thrown out. 

27709 [DefaultUDPTransportMapping_127.0.0.1/2002] DEBUG
org.snmp4j.transport.DefaultUdpTransportMapping  - Received message from
localhost/127.0.0.1/60096 with length 45:
30:2b:02:01:01:04:07:70:72:69:76:61:74:65:a3:1d:02:04:51:b3:d9:86:02:01:00:0
2:01:00:30:0f:30:0d:06:08:2b:06:01:03:16:02:0a:01:02:01:01

27709 [DefaultUDPTransportMapping_127.0.0.1/2002] DEBUG org.snmp4j.Snmp  -
Fire process PDU event: CommandResponderEvent[securityModel=2,
securityLevel=1, maxSizeResponsePDU=65535, pduHandle=PduHandle[1370741126],
stateReference=StateReference[msgID=0,pduHandle=PduHandle[1370741126],securi
tyEngineID=null,securityModel=null,securityName=private,securityLevel=1,cont
extEngineID=null,contextName=null,retryMsgIDs=null],
pdu=SET[requestID=1370741126, errorStatus=Success(0), errorIndex=0,
VBS[1.3.6.1.3.22.2.10.1 = 1]], messageProcessingModel=1,
securityName=private, processed=false, peerAddress=127.0.0.1/60096,
transportMapping=org.snmp4j.transport.DefaultUdpTransportMapping at b50daf,
tmStateReference=null]

27710 [DefaultUDPTransportMapping_127.0.0.1/2002] DEBUG
org.snmp4j.agent.mo.snmp.SnmpCommunityMIB  - Looking up coexistence info for
'private'

27710 [DefaultUDPTransportMapping_127.0.0.1/2002] DEBUG
org.snmp4j.agent.mo.snmp.SnmpCommunityMIB  - Found coexistence info for
'private'=CoexistenceInfo[securityName=cprivate,contextEngineID=80:00:13:70:
01:c0:a8:01:04,contextName=private,transportTag=]

27710 [DefaultUDPTransportMapping_127.0.0.1/2002] DEBUG
org.snmp4j.agent.mo.snmp.SnmpCommunityMIB  - Address 127.0.0.1/60096 passes
filter, because source address filtering is disabled

27710 [DefaultUDPTransportMapping_127.0.0.1/2002] DEBUG
org.snmp4j.agent.request.SnmpRequest  - Created subrequest 0 with scope
org.snmp4j.agent.DefaultMOContextScope[context=private,lowerBound=1.3.6.1.3.
22.2.10.1,lowerIncluded=true,upperBound=1.3.6.1.3.22.2.10.1,upperIncluded=tr
ue] from 1.3.6.1.3.22.2.10.1 = 1

27710 [DefaultUDPTransportMapping_127.0.0.1/2002] DEBUG
org.snmp4j.agent.request.SnmpRequest  - SnmpSubRequests initialized:
[org.snmp4j.agent.request.SnmpRequest$SnmpSubRequest[scope=org.snmp4j.agent.
DefaultMOContextScope[context=private,lowerBound=1.3.6.1.3.22.2.10.1,lowerIn
cluded=true,upperBound=1.3.6.1.3.22.2.10.1,upperIncluded=true],vb=1.3.6.1.3.
22.2.10.1 =
1,status=org.snmp4j.agent.request.RequestStatus at 1e820764,query=null,index=0,
targetMO=null]]

27715 [DefaultUDPTransportMapping_127.0.0.1/2002] DEBUG
org.snmp4j.transport.DefaultUdpTransportMapping  - Sending message to
127.0.0.1/60096 with length 45:
30:2b:02:01:01:04:07:70:72:69:76:61:74:65:a2:1d:02:04:51:b3:d9:86:02:01:10:0
2:01:01:30:0f:30:0d:06:08:2b:06:01:03:16:02:0a:01:02:01:01

java.lang.Exception: Error 'Authorization error' generated at:
1.3.6.1.3.22.2.10.1 = 1

       at
org.snmp4j.agent.request.SnmpRequest$SnmpSubRequest.requestStatusChanged(Snm
pRequest.java:617)

       at
org.snmp4j.agent.request.RequestStatus.fireRequestStatusChanged(RequestStatu
s.java:89)

       at
org.snmp4j.agent.request.RequestStatus.setErrorStatus(RequestStatus.java:52)

       at
org.snmp4j.agent.CommandProcessor.setAuthorizationError(CommandProcessor.jav
a:499)

       at
org.snmp4j.agent.CommandProcessor.processRequest(CommandProcessor.java:378)

       at
org.snmp4j.agent.CommandProcessor.dispatchCommand(CommandProcessor.java:339)

       at
org.snmp4j.agent.CommandProcessor$Command.run(CommandProcessor.java:559)

       at
org.snmp4j.agent.CommandProcessor.processPdu(CommandProcessor.java:162)

       at
org.snmp4j.MessageDispatcherImpl.fireProcessPdu(MessageDispatcherImpl.java:6
64)

       at
org.snmp4j.MessageDispatcherImpl.dispatchMessage(MessageDispatcherImpl.java:
297)

       at
org.snmp4j.MessageDispatcherImpl.processMessage(MessageDispatcherImpl.java:3
68)

       at
org.snmp4j.MessageDispatcherImpl.processMessage(MessageDispatcherImpl.java:3
28)

       at
org.snmp4j.transport.AbstractTransportMapping.fireProcessMessage(AbstractTra
nsportMapping.java:76)

       at
org.snmp4j.transport.DefaultUdpTransportMapping$ListenThread.run(DefaultUdpT
ransportMapping.java:378)

       at java.lang.Thread.run(Unknown Source)

Thank you in advance

Marek

More information about the SNMP4J mailing list