[SNMP4J] V3 Not In Time Window and Client Clock Drift

Elise Atkins eatkins at tavve.com
Thu May 23 17:52:07 CEST 2013 

We have been successfully using snmp4j using v3 for both requests and 
traps but have recently run into a problem with a client whose engine 
time clock runs slow.

Initial time synchronization  goes ok and the  SNMP v3 requests and 
responses flow properly.  Eventually this client's engine time becomes 
more 150 seconds behind the time SNMP4j is expecting and the responses 
are marked as Not In Time.  I have looked at RFC 2574 Section 3.2 
subsection 7b and the code in the UsmTimeTable class, checkTime method 
and have questions about the order of testing for timeliness.

Based on the RFC, I would expect the code to test for the conditions in 
1 first and update if needed before testing the conditions in 2 but the 
code seems to test in the reverse order. Testing 1 and updating reboots 
and time first will allow the client's clock to drift (fast or slow) as 
long as it is always increasing and remain in the time window. Am I 
missing something here?

Elise Atkins

The RFC says:

3.2.  Processing an Incoming SNMP Message
   7)  If the securityLevel indicates an authenticated message, then
       the local values of snmpEngineBoots, snmpEngineTime
       and latestReceivedEngineTime
       corresponding to the value of the msgAuthoritativeEngineID
       field are extracted from the Local Configuration Datastore.

       b) If the extracted value of msgAuthoritativeEngineID is not the
          same as the value snmpEngineID of the processing SNMP engine
          (meaning this is not the authoritative SNMP engine), then:

          1) if at least one of the following conditions is true:

             - the extracted value of the msgAuthoritativeEngineBoots
               field is greater than the local notion of the value of
               snmpEngineBoots; or,

             - the extracted value of the msgAuthoritativeEngineBoots
               field is equal to the local notion of the value of
               snmpEngineBoots, and the extracted value of
               msgAuthoritativeEngineTime field is greater than the
               value of latestReceivedEngineTime,

             then the LCD entry corresponding to the extracted value
             of the msgAuthoritativeEngineID field is updated, by
             setting:

                - the local notion of the value of snmpEngineBoots to
                  the value of the msgAuthoritativeEngineBoots field,
                - the local notion of the value of snmpEngineTime to
                  the value of the msgAuthoritativeEngineTime field,
                  and
                - the latestReceivedEngineTime to the value of the
                  value of the msgAuthoritativeEngineTime field.

          2) if any of the following conditions is true, then the
             message is considered to be outside of the Time Window:

             - the local notion of the value of snmpEngineBoots is
               2147483647;

             - the value of the msgAuthoritativeEngineBoots field is
               less than the local notion of the value of
               snmpEngineBoots; or,

             - the value of the msgAuthoritativeEngineBoots field is
               equal to the local notion of the value of
               snmpEngineBoots and the value of the
               msgAuthoritativeEngineTime field is more than 150
               seconds less than the local notion of the value of
               snmpEngineTime.

             If the message is considered to be outside of the Time
             Window then an error indication (notInTimeWindow) is
             returned to the calling module.

More information about the SNMP4J mailing list