| Age | Commit message (Collapse) | Author |
|---|
|
reason to start using them in the future.
OK tb@
|
|
to privsep_procid.
ok mortimer
|
|
It did nothing more then receive a message over UDP, do some basic ber
and ASN.1 parsing and forward the packet to the parent process. snmpe can
do/does the same thing but with a far more thorough ASN.1 validation.
Because we move trap receiving to snmpe we get trap over tcp for free.
However, to make sure that a normal snmp port doesn't automatically start
handling traps a new set of "listen on" flags are introduced: read, write,
and notify. To enable trap handling either let snmpd listen on port 162
without flags, or add the notify flag. Only a flag without port results in
listening on port 162.
To keep current behaviour copy all UDP-based "listen on" lines without port
and add the notify keyword:
listen on 127.0.0.1 port 666
becomes
listen on 127.0.0.1 port 666
listen on 127.0.0.1 notify
This change also enforces snmpd to honor trap community on receiving a
trap, where previously no community was checked before handling a packet.
OK denis@, rob@
|
|
Two things of note:
1) traphandler_v1translate now translates v1 traps to v2 traps in line with
RFC3584 section 3.1 before handing them over to the "command". This can
cause compatibility issues if you still receive v1 traps.
2) sysUpTime and snmpTrapOID are now always taken from the varbindlist,
which means that if you run snmpd with -N the names will now show up
numerical in the script, instead of by their full symbolic name.
lots of feedback and OK rob@
|
|
used anywhere.
OK jan@
|
|
OK deraadt@
|
|
|
|
of different protocols in the future. The old syntax is still supported for
for now, but will generate a deprecation warning and will be removed in a
future release.
While here add support for specifying a tcp/udp port. This will be used for
snmp services, "trap handle" will still only run on port 162.
Feedback and OK denis@
|
|
It's an empty stub and proc.c will put implement proc_dispatch_null if not
set, which does the exact same thing.
OK denis@
|
|
OK martijn@
|
|
code surrounding this struct and struct address.
No functional change intended, except that trap receiver's source-address
may now be a resolvable hostname.
Tweaks and OK jan@
|
|
overhead and 18LoC.
OK jan@
|
|
1) Bulkget broke because mps_getbulkreq doesn't exactly do what it says on
the tin, so use it how it works for now.
2) A break statement got left behind resulting in only a single varbind
being answered.
Reported and tested by sthen@
|
|
except for some minor changes in the handling of snmp_intotal{req,set}vars
no functional changes intended.
OK jan@
|
|
INT32_MAX by increasing the hrStorageAllocationUnits value until they fit.
Original patch from Johan Huldtgren (johan+openbsd-tech <at> huldtgren <dot> com)
OK sthen@
|
|
|
|
snmpctl has been removed two releases ago, which makes the control
interface obsolete.
agentx support has always been quirky at best, but got completely broken
with the BER_MAX_OID_LEN increase in ber.h. This change resulted in the
oid length on the snmp side being left uninitialized because of size
difference, resulting in weird behaviour. No one reported the breakage,
even after 6.7 was released.
This change requires users to remove the socket keyword from their
snmpd.conf.
OK denis@
|
|
Reported by Prof. Dr. Steffen Wendzel <wendzel @ hs-worms . de>,
thanks!
OK martijn@ sthen@
|
|
In pf(4), the pf_status.since timestamp is set with time_uptime(9).
This is a low-res snapshot of nanouptime(9). nanouptime(9) is used to
implement CLOCK_BOOTTIME for clock_gettime(2). It is not used to
implement CLOCK_UPTIME, though. The names are misleading.
Switch to CLOCK_BOOTTIME in places in userspace where we use
pf_status.since so we are working with the right clock.
Technically CLOCK_MONOTONIC is equivalent, but we shouldn't use that
here. CLOCK_MONOTONIC is not necessarily the "time since boot": the
standard says its absolute value is meaningless.
ok patrick@ bluhm@
|
|
community.
Issue reported by Steven Surdock ssurdock <at> engineered-net <dot> com
OK deraadt@ claudio@ sthen@
|
|
This also prevents the access of an initialized pointer in
traphandler_fork_handler as found by jan@.
OK jan@
|
|
OK gerhard@
|
|
manual pages that document the corresponding configuration files;
OK jmc@, and general direction discussed with many
|
|
OK florian@, martijn@. reads ok benno@
|
|
to export them via snmp.
Introduce option filter-pf-addresses similar to filter-routes which
prevents exporting below the OPENBSD-PF-MIB::pfTblAddrTable oid.
Other pf table statistics are uneffected by this and still available.
With this I can do a bulkwalk starting at pfMIBObjects without hitting
timeouts and without spinning the cpu at 100% for days to export 300k
prefixes.
man page input kn
OK claudio, sthen. martijn is also fine with it going in.
|
|
This probably needs a cleaner approach in the long run, but fixes the
ober_oid_cmp for now.
From gerhard_roth <at> genua <dot> de
|
|
so move our BER API to the unused ober_* prefix to avoid some
breakage in ports.
Problem diagnosed by jmatthew with ber_free() in samba, but
there are many others as pointed out by sthen.
tests & ok rob
ok sthen (who had an almost identical diff for libutil)
"go head hit it" deraadt
|
|
scalar.
For example if you getnext request 1.3.6.1.4.1.30155.6.1.1 you get a
varbind oid of 1.3.6.1.4.1.30155.6.1.1.0, but the value of
1.3.6.1.4.1.30155.6.1.2.0. I have a fix in the making, but we're too close
to release and here be too many dragons.
Found by bluhm@
|
|
elements exists and is a (agentx) registered element. If so, forward the
getnext to the subagent, else get the actual next element.
This is only a partial fix, but lets us at least (together with a different
patch for relayd) walk relayd's elements.
OK claudio@
|
|
- pdu header has 3 elements, not 4
- additional varbinds are optional.
This is needed to make ber_scanf_elements stricter.
Note that people using "trap handle" in their snmpd.conf and expect a trap
without additional varbinds to show the trapoid to appear twice will have
to adjust their "command".
OK rob@
|
|
for this MIB in the first place, this has now been removed in ifq changes.
Since the MIB is marked as deprecated anyway, simply return 0. ok claudio@
|
|
much what this counter is for. For sure better than net.inet.ip.ifq.drops
which no longer exists.
Found by and OK martijn@ and OK sthen@
|
|
|
|
to misread.
as per suggestion by and OK deraadt@
|
|
value < 0. errno is only updated in this case. Change all (most?)
callers of syscalls to follow this better, and let's see if this strictness
helps us in the future.
|
|
OK claudio@, gerhard@
|
|
preparation for SHA-2 support.
OK claudio@, gerhard@
|
|
oids needing to be part of the snmpd loaded tree.
This is in line with RFC3416.
OK gerhard@ who apparently has the exact same diff in his repo.
|
|
snmpEngineBoots and snmpEngineTime by sending an AuthPriv request with the
requested values set to zero and with a valid user.
Move the engine_boots and engine_time down after the user check and remove
the 0-check, so we can reply with the appropriate usmStatsNotInTimeWindows.
This allows us to use p5-Net-SNMP against snmpd with seclevel enc.
OK rob@
|
|
snmpEngineID by sending a noAuthNoPriv request. Move the seclevel check to
after the usm_decode phase, so we can reply with the mandatory
usmStatsUnknownEngineIDs instead of usmStatsUnsupportedSecLevels.
This brings us one step closer to using p5-Net-SNMP with seclevel enc.
OK tb@, rob@
|
|
snmpctl. Separate copies of ber.[ch] have existed and been maintained in sync
in ldap, ldapd, ypldap and snmpd.
This commit moves the BER API into /usr/lib/libutil. All current consumers
already link libutil. ldapd and snmpd regress passes, and release builds.
With help from tb@ and guenther@.
ok deraadt@, tb@
|
|
ok reyk@
|
|
ok claudio@
|
|
fixes a problem when handling large negative integers.
ok claudio@
|
|
|
|
larger types really is a range reduction...
Almost any cast to (unsigned) is a bug.
ok millert tb benno
|
|
where the "wrong" #define was used.
ok dlg@
|
|
Dup /dev/null to the stdio file descriptors in the children.
based on a fix for httpd(8) and relayd(8); from Jan Klemkow
|
|
OK deraadt@, tb@, claudio@
|
|
Change distance sensor type to be displayed as meters with 3 decimals
instead of millimeters.
ok mpi@ kettenis@
|
