I've opened a JIRA [1] to follow up with this issue. [1] - https://issues.apache.org/jira/browse/CAMEL-12132
Zanini On Tue, Jan 9, 2018 at 10:52 AM, Ricardo Zanini <ricardozan...@gmail.com> wrote: > Hi Thomas! > > Nice that you could handle it. Do you mind sending a PR to improve the > component [1]? Although some tests needed to make sure this behavior > remains the same with a single user scenario. > > [1] - https://github.com/apache/camel/blob/master/CONTRIBUTING.md > > Cheers! > > Zanini > > On Tue, Jan 9, 2018 at 10:37 AM, Schuster, Thomas <ts.schus...@siemens.com > > wrote: > >> Hello Ricardo (sorry for the misspelling of your name in the last mail), >> >> The following change in the SnmpOIDPoller solves my exception and >> multiple servers with different credentials can be polled (for completeness >> I send the whole method): >> >> protected void doStart() throws Exception { >> super.doStart(); >> >> this.targetAddress = GenericAddress.parse(this.endp >> oint.getAddress()); >> >> // either tcp or udp >> if ("tcp".equals(endpoint.getProtocol())) { >> this.transport = new DefaultTcpTransportMapping(); >> } else if ("udp".equals(endpoint.getProtocol())) { >> this.transport = new DefaultUdpTransportMapping(); >> } else { >> throw new IllegalArgumentException("Unknown protocol: " + >> endpoint.getProtocol()); >> } >> >> if (SnmpConstants.version3 == endpoint.getSnmpVersion()) { >> >> USM usm = new USM(SecurityProtocols.getInstance(), new >> OctetString(MPv3.createLocalEngineID()), 0); >> >> OID authProtocol = convertAuthenticationProtocol( >> endpoint.getAuthenticationProtocol()); >> OctetString authPwd = convertToOctetString(endpoint. >> getAuthenticationPassphrase()); >> OID privProtocol = convertPrivacyProtocol(endpoin >> t.getPrivacyProtocol()); >> OctetString privPwd = convertToOctetString(endpoint. >> getPrivacyPassphrase()); >> >> UsmUser user = new >> UsmUser(convertToOctetString(endpoint.getSecurityName()), >> authProtocol, authPwd, privProtocol, privPwd); >> usm.addUser(convertToOctetString(endpoint.getSecurityName()), >> user); >> >> MessageDispatcherImpl dispatcher = new >> MessageDispatcherImpl(); >> >> dispatcher.addMessageProcessingModel(new MPv1()); >> dispatcher.addMessageProcessingModel(new MPv2c()); >> dispatcher.addMessageProcessingModel(new MPv3(usm)); >> >> this.snmp = new Snmp(dispatcher, transport); >> >> UserTarget userTarget = new UserTarget(); >> >> userTarget.setSecurityLevel(endpoint.getSecurityLevel()); >> userTarget.setSecurityName(convertToOctetString(endpoint.get >> SecurityName())); >> userTarget.setAddress(targetAddress); >> userTarget.setRetries(endpoint.getRetries()); >> userTarget.setTimeout(endpoint.getTimeout()); >> userTarget.setVersion(endpoint.getSnmpVersion()); >> >> this.target = userTarget; >> >> ScopedPDU scopedPDU = new ScopedPDU(); >> >> if (endpoint.getSnmpContextEngineId() != null) { >> scopedPDU.setContextEngineID(new >> OctetString(endpoint.getSnmpContextEngineId())); >> } >> >> if (endpoint.getSnmpContextName() != null) { >> scopedPDU.setContextName(new >> OctetString(endpoint.getSnmpContextName())); >> } >> >> this.pdu = scopedPDU; >> } else { >> this.snmp = new Snmp(this.transport); >> >> CommunityTarget communityTarget = new CommunityTarget(); >> >> communityTarget.setCommunity(convertToOctetString(endpoint.g >> etSnmpCommunity())); >> communityTarget.setAddress(targetAddress); >> communityTarget.setRetries(endpoint.getRetries()); >> communityTarget.setTimeout(endpoint.getTimeout()); >> communityTarget.setVersion(endpoint.getSnmpVersion()); >> >> this.target = communityTarget; >> >> this.pdu = new PDU(); >> } >> >> // listen to the transport >> if (LOG.isDebugEnabled()) { >> LOG.debug("Starting OID poller on {} using {} protocol", >> endpoint.getAddress(), endpoint.getProtocol()); >> } >> this.transport.listen(); >> if (LOG.isInfoEnabled()) { >> LOG.info("Started OID poller on {} using {} protocol", >> endpoint.getAddress(), endpoint.getProtocol()); >> } >> } >> >> Thanks for your help. >> >> Kind regards >> Thomas >> >> >> >> >> > You're right. My intention was just to point out that duo to v3, other >> > aspects of the SNMP camel component interaction may change. I couldn't >> > find >> > any tests with v3 [1], though. Maybe there's room for improvement or a >> bug >> > in the code. >> > >> > Many thanks for your snippet, I'm going to run some tests myself with it >> > and report my finds to the list. >> > >> > [1] - >> > https://github.com/apache/camel/tree/master/components/camel- >> > snmp/src/test/java/org/apache/camel/component/snmp >> > >> > Best Regards, >> > >> > Zanini >> > >> > On Tue, Jan 9, 2018 at 7:52 AM, Schuster, Thomas < >> ts.schus...@siemens.com> >> > wrote: >> > >> > > Hi Ricardi, >> > > >> > > thanks for your answer >> > > >> > > > SNMP v3 has some differences regarding the message model [1]. Maybe >> > > you'll >> > > > need to adjust your route / processing to it, take a look into this >> > > answer >> > > > [2]. >> > > > >> > > > [1] - http://www.snmp.com/products/techinfo/secmodels.shtml >> > > > [2] - >> > > > https://stackoverflow.com/questions/47764846/camel-snmp-cant >> -resive- >> > > > snmpversion-3-info/47799223#47799223 >> > > >> > > First: our communication counterpart implements USM only, so I don't >> > have >> > > to consider TSM. >> > > Second: we wanted to simply use the snmp endpoint (which should hide >> the >> > > handling of security), so we concentrated on the camel component only. >> > Your >> > > second reference deals with snmp4j directly, which will be our next >> > > approach (and not use the camel snmp component). >> > > >> > > In my first mail I just wanted to point out that the camel-snmp >> > component >> > > (especially the class org.apache.camel.component.snmp.SnmpOIDPoller) >> has >> > > at least a bug in the security handling (when snmp version3 and >> multiple >> > > sets of credentials are involved). >> > > >> > > The handling in the SnmpOIDPoller.doStart() should be similar to (NOT >> > > dropin compatible :-) >> > > >> > > Address targetAddress = GenericAddress.parse(address); >> > > SecurityProtocols.getInstance().addDefaultProtocols(); >> > > >> > > // add user to the USM >> > > USM usm = new USM(SecurityProtocols.getInstance(), new >> > > OctetString(MPv3.createLocalEngineID()), 0); >> > > usm.addUser(new OctetString(userName), new UsmUser(new >> > > OctetString(userName), AuthMD5.ID, >> > > new OctetString(authPw), PrivDES.ID, new >> OctetString(privPw))); >> > > >> > > MessageDispatcherImpl dispatcher = new MessageDispatcherImpl(); >> > > >> > > // dispatcher.addMessageProcessingModel(new MPv1()); >> > > // dispatcher.addMessageProcessingModel(new MPv2c()); >> > > dispatcher.addMessageProcessingModel(new MPv3(usm)); >> > > >> > > TransportMapping<?> transport = new DefaultUdpTransportMapping(); >> > > Snmp snmp = new Snmp(dispatcher, transport); >> > > >> > > // create the target >> > > UserTarget target = new UserTarget(); >> > > target.setAddress(targetAddress); >> > > target.setRetries(1); >> > > target.setTimeout(5000); >> > > target.setVersion(SnmpConstants.version3); >> > > target.setSecurityLevel(SecurityLevel.AUTH_PRIV); >> > > target.setSecurityName(new OctetString(userName)); >> > > >> > > // create the PDU >> > > PDU pdu = new ScopedPDU(); >> > > pdu.add(new VariableBinding(new OID("1.3.6"))); >> > > pdu.setType(PDU.GETNEXT); >> > > >> > > // send the PDU >> > > ResponseEvent response = snmp.send(pdu, target); >> > > >> > > Note the use of an individual dispatcher per Snmp object. >> > > This doesn't change the (singleton) USM (like in the original >> > > implementation) but assigns a specific USM with individual credentials >> > to >> > > the snmp message processing. >> > > >> > > >> > > With best regards, >> > > Thomas Schuster >> > > >> > > > >> > > > Cheers! >> > > > >> > > > Zanini >> > > > >> > > > On Mon, Jan 8, 2018 at 10:20 AM, Schuster, Thomas >> > > > <ts.schus...@siemens.com> >> > > > wrote: >> > > > >> > > > > Hello, >> > > > > >> > > > > we want to use camel with multiple polling endpoints of type SNMP. >> > The >> > > > > restrictions we have are: >> > > > > - snmp version 3 with authentication and privacy >> > > > > - each endpoint might have different credentials und securityName >> > > > (user). >> > > > > >> > > > > When we configure two endpoint with the URIs >> > > > > >> > > > > snmp:192.168.56.101:161?snmpVersion=3&type=POLL&oids= >> > > 1.3.6.1.2.1.7.5.1& >> > > > > authenticationPassphrase=11111111&authenticationProtocol=SHA1 >> > > > > &privacyPassphrase=11111111&privacyProtocol=PrivAES128& >> > > > > securityName=secname111&securityLevel=3 >> > > > > >> > > > > and >> > > > > >> > > > > snmp:192.168.56.102:1612?snmpVersion=3&type=POLL&oids= >> > > 1.3.6.1.2.1.7.5.1& >> > > > > authenticationPassphrase=22222222&authenticationProtocol=SHA1 >> > > > > &privacyPassphrase=22222222&privacyProtocol=PrivAES128& >> > > > > securityName=secname222&securityLevel=3 >> > > > > >> > > > > We get exceptions when polling the first endpoint >> > > > > >> > > > > 2018-01-08 13:05:12.124 WARN 3076 --- [.168.56.101:161] >> > > > > o.a.c.c.s.SnmpOIDPoller : Consumer >> Consumer[snmp:// >> > > > > >> > > > 192.168.56.101:161?authenticationPassphrase= >> > > xxxxxx&authenticationProtocol= >> > > > > SHA1&oids=1.3.6.1.2.1.7.5.1&privacyPassphrase=xxxxxx& >> > > > > privacyProtocol=AES128&securityLevel=3&securityName= >> > > > > secname111&snmpVersion=3&type=POLL] failed polling endpoint: >> > > snmp://udp: >> > > > > 192.168.56.101/161. Will try again at next poll. Caused by: >> > > > > [org.snmp4j.MessageException - Message processing model 3 returned >> > > > error: >> > > > > Unknown security name] >> > > > > >> > > > > org.snmp4j.MessageException: Message processing model 3 returned >> > error: >> > > > > Unknown security name >> > > > > at org.snmp4j.MessageDispatcherImpl.sendPdu( >> > > > > MessageDispatcherImpl.java:520) ~[snmp4j-2.5.0.jar:?] >> > > > > at org.snmp4j.Snmp.sendMessage(Snmp.java:1059) >> > > > > ~[snmp4j-2.5.0.jar:?] >> > > > > at org.snmp4j.Snmp.send(Snmp.java:1029) ~[snmp4j- >> > 2.5.0.jar:?] >> > > > > at org.snmp4j.Snmp.send(Snmp.java:1013) ~[snmp4j- >> > 2.5.0.jar:?] >> > > > > at >> > > > org.apache.camel.component.snmp.SnmpOIDPoller.poll( >> > > SnmpOIDPoller.java:176) >> > > > > ~[camel-snmp-2.19.4.jar:2.19.4] >> > > > > at org.apache.camel.impl.ScheduledPollConsumer.doRun( >> > > > > ScheduledPollConsumer.java:174) [camel-core-2.19.4.jar:2.19.4] >> > > > > at org.apache.camel.impl.ScheduledPollConsumer.run( >> > > > > ScheduledPollConsumer.java:101) [camel-core-2.19.4.jar:2.19.4] >> > > > > at >> > java.util.concurrent.Executors$RunnableAdapter.call(Unknown >> > > > > Source) [?:1.8.0_112] >> > > > > at java.util.concurrent.FutureTask.runAndReset(Unknown >> > Source) >> > > > > [?:1.8.0_112] >> > > > > at java.util.concurrent.ScheduledThreadPoolExecutor$ >> > > > > ScheduledFutureTask.access$301(Unknown Source) [?:1.8.0_112] >> > > > > at java.util.concurrent.ScheduledThreadPoolExecutor$ >> > > > > ScheduledFutureTask.run(Unknown Source) [?:1.8.0_112] >> > > > > at java.util.concurrent.ThreadPoo >> lExecutor.runWorker(Unknown >> > > > > Source) [?:1.8.0_112] >> > > > > at >> > java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown >> > > > > Source) [?:1.8.0_112] >> > > > > at java.lang.Thread.run(Unknown Source) [?:1.8.0_112] >> > > > > >> > > > > It seems that after configuration of the second endpoint the >> > security >> > > > > information of the first endpoint is not found/used anymore. >> > > > > >> > > > > Remark: in the moment I am testing without a real, running snmp >> > server, >> > > > so >> > > > > I will not get an answer, but the exception is thrown before >> sending >> > > the >> > > > > request. >> > > > > >> > > > > With best regards, >> > > > > Thomas Schuster >> > > > > >> > > >> > >
