On Mon, 2022-10-31 at 20:14 -0700, Ryan Freeman wrote:
>
> I can confirm the snmpd process is no-longer disappearing with this
> patch. Almost 24 hours on one VM and 16 hours on another. Thanks!
>
> -Ryan
To be complete, what happens is the following:
- snmpd sends a getnext request to the backend on a scalar
- libagentx increments the current OID to the OID of the table
column following the scalar, which contains no elements and after
reaching the last column it has reached the end OID of the original
request, resulting in an endOfMibView, but forgets to reset the OID to
the original start OID (as per RFC3416 section 4.2.2)
- snmpd validates the output from the backend and sees that the
OID of the EOMV doesn't match the requested OID and decides that
it doesn't trust the backend anymore; It is then closed with a
"too many parse errors" notification.
- Upon the closing of the agentx socket the backend shuts itself
down:
1) It gets its fd from snmpd and it doesn't know where to connect
to.
2) We don't want lingering processes if snmpd itself goes away
- Once a backend disappears snmpd shuts itself down. Basically for
the fail, fail loud reasons.
Note that this only goes for backends under libexec/snmpd, not for
backends that connect over the agentx listener, like vmd or relayd.
So there's no crash, just a backend that's being kicked for returning a
non-compliant varbind, which escalated to a premature exit. I also don't
expect too many people will actually hit this, because it's quite a
specific set of circumstances: I've had to set up an instance under kvm
and disable viomb(4) to get an empty sensors table, although there might
be other ways to trigger this.
Ergo: I *don't* think it's worth creating an errata for this.
OK?
martijn@
Index: agentx.c
===================================================================
RCS file: /cvs/src/lib/libagentx/agentx.c,v
retrieving revision 1.19
diff -u -p -r1.19 agentx.c
--- agentx.c 14 Oct 2022 15:26:58 -0000 1.19
+++ agentx.c 30 Oct 2022 08:19:29 -0000
@@ -3426,6 +3426,8 @@ agentx_varbind_endofmibview(struct agent
return;
}
+ bcopy(&(axv->axv_start), &(axv->axv_vb.avb_oid),
+ sizeof(axv->axv_start));
axv->axv_vb.avb_type = AX_DATA_TYPE_ENDOFMIBVIEW;
if (axv->axv_axo != NULL)
