| Age | Commit message (Collapse) | Author |
|---|
|
The previous engineid was based aronud the engine boottime and a random
value, which gives problems when sending/receiving unacknowledged PDUs
(trapv2) over SNMPv3 with authentication enabled, which need a consistent
engineid across restarts to determine the correct user from the sender.
The new default engineid takes a sha256 hash (chosen for its longer output)
of gethostname(3) and places the first 27 bytes after the new format number
129. This should give us a very low probability of collisions, assuming
all machines have a unique name.
The other formats as specified in SNMP-FRAMEWORK-MIB (RFC3411) are also
supported as well as arbitrary formats in the range 128-255 for other
private enterprise numbers in hex format.
OK jmatthew@
|
|
reason to start using them in the future.
OK tb@
|
|
snmpctl has been removed two releases ago, which makes the control
interface obsolete.
agentx support has always been quirky at best, but got completely broken
with the BER_MAX_OID_LEN increase in ber.h. This change resulted in the
oid length on the snmp side being left uninitialized because of size
difference, resulting in weird behaviour. No one reported the breakage,
even after 6.7 was released.
This change requires users to remove the socket keyword from their
snmpd.conf.
OK denis@
|
|
so move our BER API to the unused ober_* prefix to avoid some
breakage in ports.
Problem diagnosed by jmatthew with ber_free() in samba, but
there are many others as pointed out by sthen.
tests & ok rob
ok sthen (who had an almost identical diff for libutil)
"go head hit it" deraadt
|
|
snmpctl. Separate copies of ber.[ch] have existed and been maintained in sync
in ldap, ldapd, ypldap and snmpd.
This commit moves the BER API into /usr/lib/libutil. All current consumers
already link libutil. ldapd and snmpd regress passes, and release builds.
With help from tb@ and guenther@.
ok deraadt@, tb@
|
|
This replaces log_verbose() and "extern int verbose" with the two functions
log_setverbose() and log_getverbose().
Pointed out by benno@
OK krw@ eric@ gilles@ (OK gilles@ for the snmpd bits as well)
|
|
- send replies using a source address equal to the destination address
of queries, using IP_SENDSRCADDR. This help in multihomed setups and
can remove the need to explicitely configure a bind address.
- config knob to set the source address of packets sent to trap
receivers. "trap receiver" gains an optional "source-address"
setting.
Source address issues reported by Andy Lemin. ok benno@
|
|
a copy of the same log.c file is shared by relayd, httpd, iked, and
snmpd. No functional changes.
|
|
varbinds received from subagents
ok reyk@
|
|
Pointed out by dickman@.
ok sthen@ phessler@
|
|
in net/pfvar.h sys/proc.h sys/ucred.h arpa/nameser.h
change to PATH_MAX, reduce use of MIN() and MAX(), HOST_NAME_MAX+1,
LOGIN_NAME_MAX, etc etc
ok millert guenther, some review by doug
|
|
snmp requests are now packaged into pseudo-continuations
to allow for being dispatched to seperate processes;
lightly tested for interoperability with NetSNMP, but
doesn't implement the complete set of AgentX messages
while here, clean up return types of mps_get* functions,
and make smi_insert refuse to insert duplicate OIDs
okay benno@ reyk@
|
