On Sun, Sep 06, 2020 at 10:11:02PM +0200, Martijn van Duren wrote:
> Moving towards individual transport mappings, it's becoming more
> convenient to have the protocol directly after the listen on statement.
> This gives me more flexibility in using mapping-specific APIs, also
> when other transport mappings might become available in the future it
> allows for easier mapping-specific features.
>
> While here I decided to also add port support for snmpe, which at this
> point is rather trivial. Traphandler is not my point of focus at this
> time.
>
> having udp|tcp at the last position is still supported, but generates a
> pretty deprecated warning. Probably to be removed after release.
>
> OK?
>
OK denis@
Can you check that port > 0 ? Because it prints "snmpd.conf:7: invalid
address: ::1" which is not correct (though using 0 or -1 for port is a weird
idea).
> martijn@
>
> Index: parse.y
> ===================================================================
> RCS file: /cvs/src/usr.sbin/snmpd/parse.y,v
> retrieving revision 1.60
> diff -u -p -r1.60 parse.y
> --- parse.y 6 Sep 2020 15:51:28 -0000 1.60
> +++ parse.y 6 Sep 2020 20:08:08 -0000
> @@ -40,6 +40,7 @@
> #include <err.h>
> #include <errno.h>
> #include <event.h>
> +#include <inttypes.h>
> #include <limits.h>
> #include <stdint.h>
> #include <stdarg.h>
> @@ -92,6 +93,7 @@ char *symget(const char *);
> struct snmpd *conf = NULL;
> static int errors = 0;
> static struct usmuser *user = NULL;
> +static char *snmpd_port = SNMPD_PORT;
>
> int host(const char *, const char *, int,
> struct sockaddr_storage *, int);
> @@ -122,11 +124,11 @@ typedef struct {
> %token SYSTEM CONTACT DESCR LOCATION NAME OBJECTID SERVICES RTFILTER
> %token READONLY READWRITE OCTETSTRING INTEGER COMMUNITY TRAP RECEIVER
> %token SECLEVEL NONE AUTH ENC USER AUTHKEY ENCKEY ERROR DISABLED
> -%token HANDLE DEFAULT SRCADDR TCP UDP PFADDRFILTER
> +%token HANDLE DEFAULT SRCADDR TCP UDP PFADDRFILTER PORT
> %token <v.string> STRING
> %token <v.number> NUMBER
> %type <v.string> hostcmn
> -%type <v.string> srcaddr
> +%type <v.string> srcaddr port
> %type <v.number> optwrite yesno seclevel proto
> %type <v.data> objtype cmd
> %type <v.oid> oid hostoid trapoid
> @@ -193,28 +195,7 @@ yesno : STRING {
> }
> ;
>
> -main : LISTEN ON STRING proto {
> - struct sockaddr_storage ss[16];
> - int nhosts, i;
> -
> - nhosts = host($3, SNMPD_PORT, $4, ss, nitems(ss));
> - if (nhosts < 1) {
> - yyerror("invalid address: %s", $3);
> - free($3);
> - YYERROR;
> - }
> - if (nhosts > (int)nitems(ss))
> - log_warn("%s resolves to more than %zu hosts",
> - $3, nitems(ss));
> - free($3);
> -
> - for (i = 0; i < nhosts; i++) {
> - if (listen_add(&(ss[i]), $4) == -1) {
> - yyerror("calloc");
> - YYERROR;
> - }
> - }
> - }
> +main : LISTEN ON listenproto
> | READONLY COMMUNITY STRING {
> if (strlcpy(conf->sc_rdcommunity, $3,
> sizeof(conf->sc_rdcommunity)) >=
> @@ -295,6 +276,128 @@ main : LISTEN ON STRING proto {
> }
> ;
>
> +listenproto : UDP listen_udp
> + | TCP listen_tcp
> + | listen_empty
> +
> +listen_udp : STRING port {
> + struct sockaddr_storage ss[16];
> + int nhosts, i;
> +
> + nhosts = host($1, $2, SOCK_DGRAM, ss, nitems(ss));
> + if (nhosts < 1) {
> + yyerror("invalid address: %s", $1);
> + free($1);
> + if ($2 != snmpd_port)
> + free($2);
> + YYERROR;
> + }
> + if (nhosts > (int)nitems(ss))
> + log_warn("%s:%s resolves to more than %zu
> hosts",
> + $1, $2, nitems(ss));
> +
> + free($1);
> + if ($2 != snmpd_port)
> + free($2);
> + for (i = 0; i < nhosts; i++) {
> + if (listen_add(&(ss[i]), SOCK_DGRAM) == -1) {
> + yyerror("calloc");
> + YYERROR;
> + }
> + }
> + }
> +
> +listen_tcp : STRING port {
> + struct sockaddr_storage ss[16];
> + int nhosts, i;
> +
> + nhosts = host($1, $2, SOCK_STREAM, ss, nitems(ss));
> + if (nhosts < 1) {
> + yyerror("invalid address: %s", $1);
> + free($1);
> + if ($2 != snmpd_port)
> + free($2);
> + YYERROR;
> + }
> + if (nhosts > (int)nitems(ss))
> + log_warn("%s:%s resolves to more than %zu
> hosts",
> + $1, $2, nitems(ss));
> +
> + free($1);
> + if ($2 != snmpd_port)
> + free($2);
> + for (i = 0; i < nhosts; i++) {
> + if (listen_add(&(ss[i]), SOCK_STREAM) == -1) {
> + yyerror("calloc");
> + YYERROR;
> + }
> + }
> + }
> +
> +/* Remove after deprecation period and replace with listen_udp */
> +listen_empty : STRING port proto {
> + struct sockaddr_storage ss[16];
> + int nhosts, i;
> +
> + nhosts = host($1, $2, $3, ss, nitems(ss));
> + if (nhosts < 1) {
> + yyerror("invalid address: %s", $1);
> + free($1);
> + if ($2 != snmpd_port)
> + free($2);
> + YYERROR;
> + }
> + if (nhosts > (int)nitems(ss))
> + log_warn("%s:%s resolves to more than %zu
> hosts",
> + $1, $2, nitems(ss));
> +
> + free($1);
> + if ($2 != snmpd_port)
> + free($2);
> + for (i = 0; i < nhosts; i++) {
> + if (listen_add(&(ss[i]), $3) == -1) {
> + yyerror("calloc");
> + YYERROR;
> + }
> + }
> + }
> +
> +port : /* empty */ {
> + $$ = snmpd_port;
> + }
> + | PORT STRING {
> + $$ = $2;
> + }
> + | PORT NUMBER {
> + char *number;
> +
> + if ($2 > UINT16_MAX) {
> + yyerror("port number too large");
> + YYERROR;
> + }
> + if (asprintf(&number, "%"PRId64, $2) == -1) {
> + yyerror("malloc");
> + YYERROR;
> + }
> + $$ = number;
> + }
> + ;
> +
> +proto : /* empty */ {
> + $$ = SOCK_DGRAM;
> + }
> + | UDP {
> + log_warnx("udp as last keyword on listen on line is "
> + "deprecated");
> + $$ = SOCK_DGRAM;
> + }
> + | TCP {
> + log_warnx("tcp as last keyword on listen on line is "
> + "deprecated");
> + $$ = SOCK_STREAM;
> + }
> + ;
> +
> system : SYSTEM sysmib
> ;
>
> @@ -541,11 +644,6 @@ enc : STRING {
> }
> ;
>
> -proto : /* empty */ { $$ = SOCK_DGRAM; }
> - | TCP { $$ = SOCK_STREAM; }
> - | UDP { $$ = SOCK_DGRAM; }
> - ;
> -
> cmd : STRING {
> struct trapcmd *cmd;
> size_t span, limit;
> @@ -646,6 +744,7 @@ lookup(char *s)
> { "none", NONE },
> { "oid", OBJECTID },
> { "on", ON },
> + { "port", PORT },
> { "read-only", READONLY },
> { "read-write", READWRITE },
> { "receiver", RECEIVER },
> Index: snmpd.conf.5
> ===================================================================
> RCS file: /cvs/src/usr.sbin/snmpd/snmpd.conf.5,v
> retrieving revision 1.43
> diff -u -p -r1.43 snmpd.conf.5
> --- snmpd.conf.5 30 Jun 2020 17:11:49 -0000 1.43
> +++ snmpd.conf.5 6 Sep 2020 20:08:08 -0000
> @@ -95,7 +95,7 @@ Routing table information will not be av
> reduced during bulk updates.
> The default is
> .Ic no .
> -.It Ic listen on Ar address Op Ic tcp | udp
> +.It Ic listen on Oo Ic tcp | udp Oc Ar address Op Ic port Ar port
> Specify the local address
> .Xr snmpd 8
> should listen on for incoming SNMP messages.
>
