Regarding error using Net-SNMP compiled with TLS and DTLS Support

Mon, 17 Oct 2016 05:04:28 -0700 

Hi all

We are using net-snmp 5.7.2.1 on Solaris and I have compiled Net-SNMP 
with TLS and DTLS Support
# ./configure --with-security-modules=tsm --with-transports=TLSTCP,DTLSUDP

And while testing, I ran the server
                  snmpd dtlsudp:10161

But when I do a snmpget in the client, got following error.

snmpget -v3 -l authPriv -T 
our_identity=13:5D:66:3D:96:05:B2:FB:B8:E7:EA:0D:32:C6:39:5D:07:7A:CA:F9 
-T 
their_identity=FF:24:CE:70:84:D8:DF:57:3D:AF:2C:A2:2E:04:BE:0B:A1:E8:F2:10 
dtlsudp:localhost:10161 sysContact.0

failed to send a DTLS specific packet
tsm: needed to free transport data
failed to send a DTLS specific packet
tsm: needed to free transport data
tsm: needed to free transport data
tsm: needed to free transport data
tsm: needed to free transport data
failed rfc5343 contextEngineID probing
snmpget: Timeout (Error 0)


Then I have root-caused the issue and the reason for this failure is 
client will "connect" to the udp socket and then tries to send data by 
using sendto or sendmsg.
Sendto and sendmsg are not able to send the data when the udp socket is 
in connected mode and the destination address is specified and return 
the error EISCONN(A destination address was specified and the socket is 
already connected) as per the man page.

Trace of connect-sendmsg

connect(5, 0xFFFF80D8303A8D20, 16, SOV_XPG4_2)  = 0
sendmsg(5, 0xFFFF80D8303857F0, 33408)           Err#133 EISCONN

Trace of connect-sendto

connect(5, 0xFFFF80D420661790, 16, SOV_XPG4_2)  = 0
sendto(5, 0xFFFF80D42064E3B0, 192, 32768, 0x1C63196E0, 16) Err#133 EISCONN


The connect got called in the function 
netsnmp_dtlsudp6_transport(net-snmp-5.7.2.1/snmplib/transports/snmpDTLSUDPDomain.c)

1472
1473    if (!local) {
1474        /* dtls needs to bind the socket for SSL_write to work */
1475        if (connect(t->sock, (struct sockaddr *) addr, 
sizeof(*addr)) == -1)
1476            snmp_log(LOG_ERR, "dtls: failed to connect\n");
1477    }
1478

And sendmsg or sendto got called in the function 
netsnmp_udpbase_send(net-snmp-5.7.2.1/snmplib/transports/snmpUDPBaseDomain.c)

#ifdef netsnmp_udpbase_recvfrom_sendto_defined
340            rc = netsnmp_udp_sendto(t->sock,
341                    addr_pair ? &(addr_pair->local_addr.sin.sin_addr) 
: NULL,
342                    addr_pair ? addr_pair->if_index : 0, to, buf, size);
343#else
344            rc = sendto(t->sock, buf, size, 0, to, sizeof(struct 
sockaddr));
345#endif /* netsnmp_udpbase_recvfrom_sendto_defined */

Could you please provide your input on this whether its a bug or not, 
and how to fix this issue.

Thank You
Vishwas

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most 
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Net-snmp-coders mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders

Reply via email to