Hi Emilio, Let me share my experience here. I have observed that to receive a V3 Trap with net-snmp library, its Engine ID need to be defined in the snmptrap.conf file of the reciever. Otherwise the trap is not identified by usm engine.
I am also stuck for a solution where I can recieve SNMPv3 traps without knowing the EngineID's. Regards, Ajit On Sun, Dec 20, 2015 at 6:38 PM, Ilya Etingof <i...@glas.net> wrote: > Since there is no SNMP engine ID discovery being performed for SNMPv3 TRAP > messages, your Notification > Receiver must have [the authoritative] SNMP engine ID of your Notification > Originator explicitly configured > to its LCD. Technically, it’s engineID + username. > > In other words, there is no need to have two distinct engine IDs at your > trap sender, just set one to a unique and > fixed value, then configure it to your Notification Receivers. The other > [very hackerish] way that may also work would > be for your trap sender to temporarily “borrow" SNMP engine IDs of your > Notification Receivers [one at a time] and use > them as its own while sending TRAPs. But that’s against SNMP design, so > I’d not do that. > > More info: > > http://www.net-snmp.org/wiki/index.php/TUT:snmptrap_SNMPv3 > > On 14 Dec 2015, at 17:46, Emilio FG Fuoco <emiliofu...@gmail.com> wrote: > > Some news about my issue: it seems something related to engine ID. > If I'm going to send the same V3 trap to two peers I have to define two > unique engine IDs (one for each remote peer) in my trap sender. > If I use the same engine ID only the first trap sending works. > Someone could confirm this? > Thanks. > > On Sun, Dec 6, 2015 at 9:37 AM, Emilio FG Fuoco <emiliofu...@gmail.com> > wrote: > >> Hi, >> >> following my code used in order to send the same V3 trap to multiple >> hosts. >> >> Now, this is en example scenario: Host #1 with wrong V3 credentials Host >> #2 with correct V3 credentials >> >> V3 trap not sent to host #1 => OK because I've wrong credentials V3 trap >> *not* sent to host #2 => NOK because I've correct credentials >> >> Why? It seems SNMP session related to host #2 "inherits" something from >> host #1 session. >> >> Thanks for your help. >> >> >> void MyClass::sendV3Trap(string p_notificationDescriptor, const >> vector<GcpfTrapVariable>& p_trapVariables) >> { >> // SNMP system OID of trap >> oid objid_snmptrap[]= { 1, 3, 6, 1, 6, 3, 1, 1, 4, 1, 0 }; >> // for each configured remote hosts >> for (...) >> { >> netsnmp_session session; >> char* p_posix = strdup("POSIXLY_CORRECT=1"); >> putenv(p_posix); >> // inits the SNMP session >> snmp_sess_init(&session); >> // SNMP version >> session.version = SNMP_VERSION_3; >> // manages the security name >> session.securityName= "snmpuser"; >> session.securityNameLen= strlen("snmpuser"); >> // security level is Auth-Priv >> session.securityLevel= SNMP_SEC_LEVEL_AUTHPRIV; >> // manages auth protocol (for example MD5) >> session.securityAuthProto= usmHMACMD5AuthProtocol; >> session.securityAuthProtoLen= USM_AUTH_PROTO_MD5_LEN; >> // manages priv protocol (for example DES) >> session.securityPrivProto= usmDESPrivProtocol; >> session.securityPrivProtoLen= USM_PRIV_PROTO_DES_LEN; >> // manages auth password >> char* Apsz= "authPassword"; >> // manages priv password >> char* Xpsz= "privPassword"; >> // >> init_snmp("gcpf_trap_sender"); >> // makes master key from pass phrases >> session.securityAuthKeyLen= USM_AUTH_KU_LEN; >> if (SNMPERR_SUCCESS!= generate_Ku(session.securityAuthProto, >> session.securityAuthProtoLen, (u_char*)Apsz, strlen(Apsz), >> session.securityAuthKey, &session.securityAuthKeyLen)) >> printf("Error generating a key (Ku) from the supplied >> authentication pass phrase"); >> session.securityPrivKeyLen= USM_PRIV_KU_LEN; >> if (SNMPERR_SUCCESS!= generate_Ku(session.securityAuthProto, >> session.securityAuthProtoLen, (u_char*)Xpsz, strlen(Xpsz), >> session.securityPrivKey, &session.securityPrivKeyLen)) >> printf("Error generating a key (Ku) from the supplied privacy >> pass phrase"); >> // peer name (IP address and port of the remote host) >> session.peername= ...; >> // socket and callbacks >> SOCK_STARTUP; >> session.callback = NULL; >> session.callback_magic = NULL; >> // setup the local engineID which may be for either or both of the >> // contextEngineID and/or the securityEngineID >> setup_engineID(NULL, NULL); >> // use our internal engineID as the context >> session.contextEngineID= >> snmpv3_generate_engineID(&session.contextEngineIDLen); >> // sets the engine ID >> size_t ebuf_len= 32; >> size_t eout_len= 0; >> u_char* ebuf= (u_char*)malloc(ebuf_len); >> char* optarg= "0x8000000001"; >> if (!snmp_hex_to_binary(&ebuf, &ebuf_len, &eout_len, 1, optarg)) >> printf("Bad engine ID value specified in the config file"); >> if ((eout_len < 5) || (eout_len > 32)) >> printf("Invalid engine ID value specified in the config file"); >> session.securityEngineID = ebuf; >> session.securityEngineIDLen = eout_len; >> // >> session.engineBoots= 1; >> // >> session.engineTime= get_uptime(); >> netsnmp_session* ss= snmp_add(&session, >> netsnmp_transport_open_client("snmptrap", session.peername), NULL, NULL); >> if (NULL== ss) >> printf("Error snmp_add"); >> else >> { >> netsnmp_pdu* pdu= snmp_pdu_create(SNMP_MSG_TRAP2); >> pdu->trap_type = SNMP_TRAP_ENTERPRISESPECIFIC; >> if (!pdu) >> printf("Failed to create notification PDU"); >> else >> { >> // for each variable of the trap >> for (...) >> snmp_add_var(pdu, it->m_trapVariableOid, >> sizeof(it->m_trapVariableOid) / sizeof(oid), it->m_trapVariableType, >> it->m_trapVariableValue.c_str()); >> snmp_add_var(pdu, objid_snmptrap, sizeof(objid_snmptrap) / >> sizeof(oid), 'o', p_notificationDescriptor.c_str()); >> send_trap_to_sess (ss, pdu); >> snmp_free_pdu(pdu); >> snmp_close(ss); >> } >> } >> } // end for} >> >> > > ------------------------------------------------------------------------------ > _______________________________________________ > Net-snmp-users mailing list > Net-snmp-users@lists.sourceforge.net > Please see the following page to unsubscribe or change other options: > https://lists.sourceforge.net/lists/listinfo/net-snmp-users > > > > > ------------------------------------------------------------------------------ > > _______________________________________________ > Net-snmp-users mailing list > Net-snmp-users@lists.sourceforge.net > Please see the following page to unsubscribe or change other options: > https://lists.sourceforge.net/lists/listinfo/net-snmp-users > > -- Ambekar Ajit Shivaji Mumbai.
------------------------------------------------------------------------------
_______________________________________________ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
