summaryrefslogtreecommitdiff
path: root/usr.sbin/snmpd/README
diff options
context:
space:
mode:
Diffstat (limited to 'usr.sbin/snmpd/README')
-rw-r--r--usr.sbin/snmpd/README121
1 files changed, 121 insertions, 0 deletions
diff --git a/usr.sbin/snmpd/README b/usr.sbin/snmpd/README
new file mode 100644
index 00000000000..8025c02be2b
--- /dev/null
+++ b/usr.sbin/snmpd/README
@@ -0,0 +1,121 @@
+# $OpenBSD: README,v 1.1 2007/12/05 09:22:44 reyk Exp $
+
+SNMP daemon
+-----------
+
+(Scary Network Management Protocol Daemon)
+
+ This is the very experimental implementation of a simple SNMP daemon.
+ Even if SNMP is not our favorite protocol, it is a very important
+ key requirement in many corporate networks; sync to reality. And
+ we don't want to rely on horrid SNMP implementations in this case.
+
+DESIGN
+
+ The main amazingly new thing is that this daemon will use the imsg
+ privsep approach using several different processes ("engines") to
+ separate privileges when handling the requests.
+
+ It uses a new ASN.1/BER implementation to parse and create the SNMP
+ messages. It is a simple implementation which does what we need.
+
+ I may change the layout a to look a bit more like RFC 2271. But
+ the proposed design in RFC 2271 is a bad joke; it uses too many
+ subsystems with the requirement to communicate with ASN.1/BER
+ messages.
+
+ The following picture is based on section 3.1 of RFC 2271 describing
+ the proposed design of SNMPv3 entities and the current mapping in
+ snmpd:
+
+ +-------------------------------------------------------------------+
+ | SNMP entity (snmpd(8)) |
+ | snmpd(8) |
+ | +-------------------------------------------------------------+ |
+ | | SNMP engine (identified by snmpEngineID) | |
+ | | snmpe.c | |
+ | | +------------+ +------------+ +-----------+-+-----------+ | |
+ | | | | | | | |\ | | |
+ | | | Dispatcher | | Message | | Security | | Access | | |
+ | | | | | Processing | | Subsystem | | Control | | |
+ | | | IMSG, | | Subsystem | | | | Subsystem | | |
+ | | | event(3) | | mps.c | | TODO \| | | |
+ | | +------------+ +------------+ +-----------+-+-----------+ | |
+ | | || || | | |
+ | +--------||-----------||---|----------------------------------+ |
+ | || || | |
+ | || || | --> application |
+ | || || | (unpriv, functions calls) |
+ | || || | |
+ | || || ------> application |
+ | || || | (priv, IMSGs to snmpd.c) |
+ | || || | |
+ . ||--------------------> external application .
+ . || || | (IMSGs via /var/run/snmpd.sock) .
+ . || || | .
+ . +--------||-----------||---|----------------------------------+ .
+ | | Application(s) | |
+ | | snmpd.c, snmpctl(8), possible: ospfd, bgpd, relayd, ... | |
+ | | +-------------+ +--------------+ +--------------+ | |
+ | | | Command | | Notification | | Proxy | | |
+ | | | Generator | | Receiver | | Forwarder | | |
+ | | +-------------+ +--------------+ +--------------+ | |
+ | | | |
+ | | +-------------+ +--------------+ +--------------+ | |
+ | | | Command | | Notification | | Other | | |
+ | | | Responder | | Originator | | | | |
+ | | +-------------+ +--------------+ +--------------+ | |
+ | | | |
+ | +-------------------------------------------------------------+ |
+ | |
+ +-------------------------------------------------------------------+
+
+FUZZ
+
+ There is at least one SNMP fuzzer. Of course, it will not crash snmpd.
+ http://www.hackingciscoexposed.com/tools/snmp-fuzzer-0.1.1.tar.gz
+
+TODO
+
+ snmpd:
+ - Implement the advanced SNMPv2 features like INFORM
+ - Implement USM (User-based Security Model)
+ - Implement some MIBs (SNMPv2/3 standard MIBs)
+ - MIB-2 (mostly done)
+ - IF-MIB (mostly done)
+ - IP-MIB
+ - TCP-MIB
+ - UDP-MIB
+ - BRIDGE-MIB
+ - OPENBSD-MIB (for sensors, etc.)
+ - ...
+ - Review review review
+ - Separate mps and snmpe?
+ - add trap receiver/logger
+ - manpages
+
+ - There is a SNMP over SSH draft, interesting reading:
+ http://tools.ietf.org/html/draft-ietf-isms-secshell-09
+ http://tools.ietf.org/wg/isms/
+
+ snmpctl:
+ - Add commands to query the SNMP mibtree via imsg
+ - Add commands to query/set remote SNMP daemons (instead snmpwalk etc.)
+ - Internal status, lalala, ...
+ - manpage
+
+NOT TO DO
+
+ - Do not implement all the zillions of MIBs from ucdavis/net-snmp
+ - Do not provide a complex API for plugins, modules, and pimp-my-SNMP
+ - ...
+
+THANKS
+
+ To .vantronix for supporting this work - it is time to get a
+ nice(r) SNMP implementation for OpenBSD.
+
+ Thanks to claudio@ and mbalmer@ for starting the implementation
+ of ASN.1/BER encoding.
+
+reyk
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-25 03:43:17 +0000