RE: nsNotifyRestart traps generated in place of link up/down.

2019-02-11 Thread Kiran Kumar Pamula -X (kpamula - HCL TECHNOLOGIES LIMITED at Cisco) via Net-snmp-users 
Hi Experts,

Could you kindly help with your inputs on this and how to recover from the 
problem.

Thanks,
Kiran

From: Kiran Kumar Pamula -X (kpamula - HCL TECHNOLOGIES LIMITED at Cisco)
Sent: 08 February 2019 23:49
To: 'net-snmp-users@lists.sourceforge.net' 

Cc: Sreenivasa Reddy Pappuri -X (spappuri - HCL TECHNOLOGIES LIMITED at Cisco) 
; Apparao Podile -X (apodile - HCL TECHNOLOGIES LIMITED at 
Cisco) ; Mathuvappan Sokkalingam -X (msokkali - HCL AMERICA 
INC at Cisco) ; Naresh Pindukuru -X (narpindu - HCL 
TECHNOLOGIES LIMITED at Cisco) ; Saravanan Adhikesavan -X 
(sadhikes - HCL TECHNOLOGIES LIMITED at Cisco) ; Kondalraj 
Kosalram -X (kkosalra - HCL TECHNOLOGIES LIMITED at Cisco) 
Subject: nsNotifyRestart traps generated in place of link up/down.

Hi Experts,

In our product we are using Net-snmp 5.7.3 and today a customer is hitting a 
strange issue with
some undesired nsNotifyRestart traps being generated, in place of link up/down 
traps,
when performed shut/noshut operations on selected intetrface.

Here is the SNMP v1 config Used by Customer:

snmp-server host x.y.z.w snmpComm1ab
snmp-server enable traps snmp linkup
snmp-server enable traps snmp linkdown

Here is the Unwanted nsNotifyRestart trap getting generated when performed 
interface shut/noshut operations

2019-02-08 17:07:19 x.x.x.x(via UDP: [x.x.x.x]:x->[x.x.x.x]:x) TRAP, SNMP v1, 
community snmpComm1ab
NET-SNMP-MIB::netSnmpNotificationPrefix Enterprise Specific Trap 
(NET-SNMP-AGENT-MIB::nsNotifyRestart) Uptime: 0:00:05.44

Any thoughts when "nsNotifyRestart" traps are generated and why they are 
blocking the expected link up/down traps here ?
And how to proceed forward on this case with customer ?

Could you please advise.

Thanks,
Kiran
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Unsubscribe

2019-02-11 Thread Ananth Laxminarasimhan (alaxmina) via Net-snmp-users 

___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

Problem sending traps

2019-02-11 Thread Mostafa Kassem 
Greetings,
Our trap sink parameters are modified per 2 MIB entries, one for the IP address 
and one for the port.

We would like to set the trap sink programmatically on powerup and when we 
receive an snmp request.
On powerup and every time we receive a request to change the trap sink IP 
address or port, we parse the snmpd.conf file to get the username, 
authentication and privacy protocols and passwords.  Our snmpd.conf file looks 
like this:

# setup authorization
CreateUser myUserName SHA "myAuthenticationPassword" AES " myPrivacyPassword "
rwuser myUserName authPriv

# include Agentx setup
master agentx
authtrapenable  1

And our code to set the trap session on power up, is written in C++ and is as 
follows:

bool TrapSession::createSnmpV3TrapSession()
{
std::stringstream connectingString;
netsnmp_session session, *sesp;
memset(&session, 0, sizeof(netsnmp_session));
snmp_sess_init (&session);   // Set up defaults

 session.version = SNMP_VERSION_3;

// Peer name
std::stringstream connectionString;
connectionString << "udp6:[" << ipV6AddressAsString << "]:" << sinkPort;
session.peername = strdup(connectionString.str().c_str());

// set the SNMPV3 user name
session.securityName = strdup( userName.c_str());
session.securityNameLen = strlen(userName.c_str());

// Security
session.securityLevel = SNMP_SEC_LEVEL_AUTHPRIV;
session.securityModel = SNMP_SEC_MODEL_USM;

// Authentication Protocol
session.securityAuthKeyLen = USM_AUTH_KU_LEN;
session.securityAuthProto = snmp_duplicate_objid(usmHMACSHA1AuthProtocol, 
USM_AUTH_PROTO_SHA_LEN);
session.securityAuthProtoLen = USM_AUTH_PROTO_SHA_LEN;

if (generate_Ku(session.securityAuthProto,
  session.securityAuthProtoLen,
  (const uint8_t *) authenticationPassword.c_str(),
  authenticationPassword.length(),
  session.securityAuthKey,
  &session.securityAuthKeyLen) != SNMPERR_SUCCESS)
{
LOG_ERROR("Error generating authentication KU for authentication 
password: " << authenticationPassword);
return false;
}

// Privacy Protocol
session.securityPrivKeyLen = USM_PRIV_KU_LEN;
session.securityPrivProto = snmp_duplicate_objid(usmAESPrivProtocol, 
USM_PRIV_PROTO_AES_LEN);
session.securityPrivProtoLen = USM_PRIV_PROTO_AES_LEN;

if (generate_Ku(session.securityAuthProto,
  session.securityAuthProtoLen,
  (const uint8_t *)privacyPassword.c_str(), 
privacyPassword.length(),
  session.securityPrivKey,
  &session.securityPrivKeyLen) != SNMPERR_SUCCESS)
{
LOG_ERROR("Error generating privacy KU for privacy password: " << 
privacyPassword);
return false;
}

// open the session
sesp = snmp_open(&session);
if (!sesp) {
LOG_ERROR("Unable to open a trap session to: " << session.peername << " 
with user: " << userName);
throw std::runtime_error("Unable to open SNMP session!");
return false;
}

add_trap_session(sesp, SNMP_MSG_TRAP2, FALSE, SNMP_VERSION_3);
return true;
}

However, we are getting this error: [SNMP 3] : snmpd: send_trap: USM unknown 
security name (no such user exists)

What are we doing wrong?

If we add this line to the snmpd.conf and not use the above-mentioned code, we 
have no problem sending traps.

trapsess -v 3 -u myUserName -l authPriv -a SHA -A " myAuthenticationPassword " 
-x AES -X " myPrivacyPassword " udp6:[2001:bb::f8]:162

Thanks,

Mostafa
___
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users