CVSROOT: /cvs
Module name: src
Changes by: mart...@cvs.openbsd.org 2021/01/21 23:33:27
Modified files:
usr.sbin/snmpd : parse.y snmpd.c snmpd.conf.5 snmpd.h snmpe.c
traphandler.c
Log message:
Remove the traphandler process, which was nothing more then a sham.
It did nothing more then receive a message over UDP, do some basic ber
and ASN.1 parsing and forward the packet to the parent process. snmpe can
do/does the same thing but with a far more thorough ASN.1 validation.
Because we move trap receiving to snmpe we get trap over tcp for free.
However, to make sure that a normal snmp port doesn't automatically start
handling traps a new set of "listen on" flags are introduced: read, write,
and notify. To enable trap handling either let snmpd listen on port 162
without flags, or add the notify flag. Only a flag without port results in
listening on port 162.
To keep current behaviour copy all UDP-based "listen on" lines without port
and add the notify keyword:
listen on 127.0.0.1 port 666
becomes
listen on 127.0.0.1 port 666
listen on 127.0.0.1 notify
This change also enforces snmpd to honor trap community on receiving a
trap, where previously no community was checked before handling a packet.
OK denis@, rob@
