Re: snmpd allow walk on agentx [1/2]
On 9/25/19 8:55 AM, Martijn van Duren wrote:
> Hello,
>
> Mischa found that relayd's agentx support is pretty much unusable for
> the uninitiated, because you have to know the tables beforehand.
>
> I managed to track it down to two issue with both snmpd and relayd.
> The fix is far from proper support for agentx, but it's good enough
> for going on a walk.
>
Part 2:
If the requested OID is a predecessor of what we support and the request
is getnext we should retrieve the first available mib.
OK?
martijn@
Index: snmp.c
===
RCS file: /cvs/src/usr.sbin/relayd/snmp.c,v
retrieving revision 1.29
diff -u -p -r1.29 snmp.c
--- snmp.c 28 May 2017 10:39:15 - 1.29
+++ snmp.c 25 Sep 2019 06:58:21 -
@@ -321,21 +321,27 @@ snmp_agentx_process(struct agentx_handle
bcopy(, , sizeof(oid));
- /*
-* If the requested OID is not part of the registered
-* MIB, return "no such object", per RFC
-*/
if (snmp_oid_cmp(, ) == -1) {
- if (snmp_agentx_varbind(resp, ,
- AGENTX_NO_SUCH_OBJECT, NULL, 0) == -1) {
- log_warn("%s: unable to generate"
- " response", __func__);
- snmp_agentx_pdu_free(resp);
- resp = NULL;
+ /*
+* If the requested OID is not part of the
registered
+* MIB, return "no such object", per RFC
+*/
+ if (pdu->hdr->type == AGENTX_GET) {
+ if (snmp_agentx_varbind(resp, ,
+ AGENTX_NO_SUCH_OBJECT, NULL, 0) ==
-1) {
+ log_warn("%s: unable to
generate"
+ " response", __func__);
+ snmp_agentx_pdu_free(resp);
+ resp = NULL;
+ }
+ goto reply;
}
- goto reply;
+ bcopy(, , sizeof(oid));
+ }
+ if (oid.o_n == 9) {
+ oid.o_id[9] = 1;
+ oid.o_n++;
}
-
if (oid.o_n != OIDIDX_relaydInfo + 2 + 1) {
/* GET requests require the exact OID */
if (pdu->hdr->type == AGENTX_GET)
snmpd allow walk on agentx [1/2]
Hello,
Mischa found that relayd's agentx support is pretty much unusable for
the uninitiated, because you have to know the tables beforehand.
I managed to track it down to two issue with both snmpd and relayd.
The fix is far from proper support for agentx, but it's good enough
for going on a walk.
This mail contains the snmp parts:
1) smi.c: I misread the manpage in that RB_NFIND can also return the
searched object itself instead of always returning the next one.
This oversight hasn't introduced any new issues, since the older
code already returned the object itself.
2) mps.c: We don't look into the parent elements to see if the
requested element is part of a registered tree.
With both diffs applied:
$ snmp walk -On 127.0.0.1 1.3.6.1.4.1.30155.3
.1.3.6.1.4.1.30155.3.2.1.1.1 = INTEGER: 1
.1.3.6.1.4.1.30155.3.2.1.2.1 = INTEGER: 3
.1.3.6.1.4.1.30155.3.2.1.3.1 = STRING: www
.1.3.6.1.4.1.30155.3.2.1.4.1 = Counter64: 0
.1.3.6.1.4.1.30155.3.2.1.5.1 = INTEGER: 0
.1.3.6.1.4.1.30155.3.2.1.6.1 = INTEGER: 0
.1.3.6.1.4.1.30155.3.2.1.7.1 = INTEGER: 0
.1.3.6.1.4.1.30155.3.2.1.8.1 = INTEGER: 0
.1.3.6.1.4.1.30155.3.2.1.9.1 = INTEGER: 0
.1.3.6.1.4.1.30155.3.2.1.10.1 = INTEGER: 0
.1.3.6.1.4.1.30155.3.2.2.1.2 = INTEGER: 2
.1.3.6.1.4.1.30155.3.2.2.2.2 = INTEGER: 1
.1.3.6.1.4.1.30155.3.2.2.3.2 = STRING: httpproxy
.1.3.6.1.4.1.30155.3.2.2.4.2 = Counter64: 0
.1.3.6.1.4.1.30155.3.2.2.5.2 = INTEGER: 0
.1.3.6.1.4.1.30155.3.2.2.6.2 = INTEGER: 0
.1.3.6.1.4.1.30155.3.2.2.7.2 = INTEGER: 0
.1.3.6.1.4.1.30155.3.2.2.8.2 = INTEGER: 0
.1.3.6.1.4.1.30155.3.2.2.9.2 = INTEGER: 0
.1.3.6.1.4.1.30155.3.2.2.10.2 = INTEGER: 0
.1.3.6.1.4.1.30155.3.2.5.1.1 = INTEGER: 1
.1.3.6.1.4.1.30155.3.2.5.1.2 = INTEGER: 2
.1.3.6.1.4.1.30155.3.2.5.1.3 = INTEGER: 3
.1.3.6.1.4.1.30155.3.2.5.2.1 = INTEGER: 0
.1.3.6.1.4.1.30155.3.2.5.2.2 = INTEGER: 0
.1.3.6.1.4.1.30155.3.2.5.2.3 = INTEGER: 0
.1.3.6.1.4.1.30155.3.2.5.3.1 = INTEGER: 1
.1.3.6.1.4.1.30155.3.2.5.3.2 = INTEGER: 1
.1.3.6.1.4.1.30155.3.2.5.3.3 = INTEGER: 2
.1.3.6.1.4.1.30155.3.2.5.4.1 = STRING: 10.0.0.1
.1.3.6.1.4.1.30155.3.2.5.4.2 = STRING: 10.0.0.2
.1.3.6.1.4.1.30155.3.2.5.4.3 = STRING: 127.0.0.1
.1.3.6.1.4.1.30155.3.2.5.5.1 = Hex-STRING: 0A 00 00 01 00 00 00 00 00 00 00 00
00 00 00 00
.1.3.6.1.4.1.30155.3.2.5.5.2 = Hex-STRING: 0A 00 00 02 00 00 00 00 00 00 00 00
00 00 00 00
.1.3.6.1.4.1.30155.3.2.5.5.3 = Hex-STRING: 7F 00 00 01 00 00 00 00 00 00 00 00
00 00 00 00
.1.3.6.1.4.1.30155.3.2.5.6.1 = INTEGER: 1
.1.3.6.1.4.1.30155.3.2.5.6.2 = INTEGER: 1
.1.3.6.1.4.1.30155.3.2.5.6.3 = INTEGER: 1
.1.3.6.1.4.1.30155.3.2.5.7.1 = INTEGER: 2
.1.3.6.1.4.1.30155.3.2.5.7.2 = INTEGER: 2
.1.3.6.1.4.1.30155.3.2.5.7.3 = INTEGER: 0
.1.3.6.1.4.1.30155.3.2.5.8.1 = INTEGER: 12
.1.3.6.1.4.1.30155.3.2.5.8.2 = INTEGER: 12
.1.3.6.1.4.1.30155.3.2.5.8.3 = INTEGER: 12
.1.3.6.1.4.1.30155.3.2.5.9.1 = INTEGER: 0
.1.3.6.1.4.1.30155.3.2.5.9.2 = INTEGER: 0
.1.3.6.1.4.1.30155.3.2.5.9.3 = INTEGER: 12
.1.3.6.1.4.1.30155.3.2.5.10.1 = INTEGER: 10
.1.3.6.1.4.1.30155.3.2.5.10.2 = INTEGER: 10
.1.3.6.1.4.1.30155.3.2.5.10.3 = INTEGER: 3
.1.3.6.1.4.1.30155.3.2.7.1.1 = INTEGER: 1
.1.3.6.1.4.1.30155.3.2.7.1.2 = INTEGER: 2
.1.3.6.1.4.1.30155.3.2.7.2.1 = STRING: webhosts:80
.1.3.6.1.4.1.30155.3.2.7.2.2 = STRING: fallback:80
.1.3.6.1.4.1.30155.3.2.7.3.1 = INTEGER: 0
.1.3.6.1.4.1.30155.3.2.7.3.2 = INTEGER: 0
OK?
martijn@
Index: mps.c
===
RCS file: /cvs/src/usr.sbin/snmpd/mps.c,v
retrieving revision 1.25
diff -u -p -r1.25 mps.c
--- mps.c 16 May 2019 05:00:00 - 1.25
+++ mps.c 25 Sep 2019 06:46:17 -
@@ -208,7 +208,20 @@ mps_getnextreq(struct snmp_message *msg,
bzero(, sizeof(key));
bcopy(o, _id, sizeof(struct ber_oid));
smi_oidlen(_id); /* Strip off any trailing .0. */
- value = smi_nfind();
+ do {
+ value = smi_find();
+ if (value->o_flags == 0)
+ value = NULL;
+ if (key.o_id.bo_n != 0)
+ key.o_id.bo_n--;
+ } while (value == NULL && key.o_id.bo_n > 0);
+ if (value == NULL || !(value->o_flags & OID_REGISTERED)) {
+ bcopy(o, _id, sizeof(struct ber_oid));
+ smi_oidlen(_id); /* Strip off any trailing .0. */
+ value = smi_nfind();
+ while (value != NULL && value->o_flags == 0)
+ value = smi_nfind(value);
+ }
if (value == NULL)
goto fail;
Index: smi.c
===
RCS file: /cvs/src/usr.sbin/snmpd/smi.c,v
retrieving revision 1.24
diff -u -p -r1.24 smi.c
--- smi.c 16 May 2019 05:00:00 - 1.24
+++ smi.c 25 Sep 2019 06:46:17 -
@@ -244,7 +244,11 @@ smi_find(struct oid *oid)
struct oid *
smi_nfind(struct oid *oid)
{
- return (RB_NFIND(oidtree, _oidtree, oid));
+ struct oid *n;
+ n = RB_NFIND(oidtree, _oidtree, oid);
+
