| Age | Commit message (Collapse) | Author |
|---|
|
OK martijn@
|
|
ok miod@ millert@
|
|
various *d, *conf, *ctl files (where relevant) and simple;
also makes "man -k routing" more useful;
help from claudio and florian
ok claudio florian millert
|
|
ok florian@ bluhm@
ok for vmd mlarkin@
|
|
any parts of his diff not taken are noted on tech
|
|
OK sthen@, kn@
|
|
snmp uses signed 32 bits integers and agentx uses unsigned 16 bits
integers. I somehow ended up somewhere in between.
OK sthen@, kn@
|
|
we overflow the encbuf. Allocate encbuf on the fly so that we always have
enough room.
Give decryption the same treatment, although this one is not at risk, since
the input is limited to READ_BUF_SIZE.
OK sthen@, kn@
|
|
write(2), make sure that we don't restart the message on the next write
out, but continue where we left of.
OK sthen@, kn@
|
|
DPADD bit pointed out by deraadt@
"No kidding" deraadt@
|
|
snmpd_metrics.
OK benno@ sthen@
|
|
value. The ber NULL case is there for when it was received via a PDU.
The NULL pointer case can happen if application.c runs into a timeout
or when a backend runs into problems.
The NULL pointer case however was overlooked in appl_varbind_valid and
results in an "missing value" error, (needlessly) terminating the
connection to the backend.
Found the hard way by Mischa Peters while stress testing agentx support
for vmd.
OK tb@, sthen@
|
|
This uses the just imported snmpd_metrics as a new (agentx-based) backend.
Snmpd(8) executes all files in /usr/libexec/snmpd and treats regions
registered by these binaries as authorative, so that no other agentx
backends can overwrite them. The snmpe process is now pledged
"stdio recvfd inet unix".
This removes quite a few entries from the sysORTable, but the current
entries are non-compliant anyway and should be completely revisisted at a
later time.
Reduces the time for a full walk by about a factor of 4, bringing us close
to the original speed before application.c was introduced.
General design discussed with claudio@
Tested by and OK sthen
Release build test and OK tb@
|
|
The old one had a bug which allowed it to move backwards on overlapping
regions and also didn't always returned the optimal end position.
OK tb@
|
|
OK tb@
|
|
set.
There's a bit of inverted logic in there and this feature will probably get
in the way of the blocklist feature (and maybe others)
OK tb@
|
|
the searchrange end oid.
OK tb@
|
|
OK tb@
|
|
are identical.
OK tb@
|
|
OK tb@
|
|
traverse back in the tree; Make sure this doesn't happen.
OK tb@
|
|
outstanding requests are handled by the next backend, instead of leaking
memory.
OK tb@
|
|
If the returned OID is beyond the searchrange end we have two cases:
- If the backend supports searchranges (agentx) we generate a GENERR and
close the connection.
- If the backend doesn't support searchranges (legacy and maybe a future
snmp proxy) we simply fix-up the result.
OK tb@
|
|
Current omissions in protocol support are notifications,
index (de)allocation, and agent capabilities.
Help testing sthen@
Feedback/tweaks/OK jmatthew@
|
|
blocklist pfTblAddrTable in full.
Requested by and OK sthen@, who also OKed the previous commit.
|
|
This allows the admin to specify a full region of the OID tree to be
blocked and simply returns NOSUCHOBJECT/ENDOFMIBVIEW.
This deprecates filter-pf-addresses in favour of:
blocklist pfTblAddrTable
OK tb@
|
|
Keep the old implementation around as smi_print_element_legacy for the
trap handler scripts, so these don't break.
Should help with request tracing.
OK sthen@
|
|
This allows admins to configure oids as pretty symbolic names, next to the
current numeric names.
OK sthen@
|
|
The old code had a potential off by one underflow, which is unlikely to be
hit with the current builtin backend, and didn't show the returned
varbindlist correct.
OK sthen@
|
|
This prevents us from spewing garbage on error.
regionbuf case pointed out by tb@
OK deraadt@ tb@
|
|
jmc@ dislikes a comma before "then" in a conditional, so leave those
untouched.
ok jmc@
|
|
ober_scanf_elements.
Found the hard way on octeon and patch tested by sebastian <at> rostwald
<dot> de
OK tb
|
|
OK benno@
|
|
If a table has mixed IPv4 and IPv6 addresses and we walk over it an IPv6
address could be returned if it followed an IPv4 address, causing an
error.
Found by florian@
OK florian@ millert@
|
|
OK jmatthew@
tested as part of larger diff by sthen@ and Joel Carnat
|
|
- Asynchronous design, which should allow us to cleanly implement agentx
support.
- Cluster requests when sending them to backends
- Return a better error code in a lot of cases.
- Allow bulkget to return row by row instead of column by column (as per
RFC3416)
- Better SNMPv1 mapping as per RFC3584
- Allow registration of overlapping regions.
- Stricter OID comparison.
- We loose write support. Previous write support didn't guarantee
atomicity, wasn't persistent across restarts and didn't implement
anything useful. This can be added later if it's missed.
- This is quite a bit slower, but this should clear up once the current
mps.c and mib.c code gets pushed out. Other tricks could help speed
things up, but I don't want to resort to extra tricks if it's not needed.
- More detailed debugging output.
This commit is stand-alone and gets hooked in with the following commit.
"Looks good at first glance" benno@
minor issues pointed out by and OK jmatthew@
Performance loss aceptable to sthen@
tested as part of larger diff by sthen@ and Joel Carnat
|
|
messages through the current transport mapping code.
OK jmatthew@
tested as part of larger diff by sthen@ and Joel Carnat
|
|
OK jmatthew@
tested as part of larger diff by sthen@ and Joel Carnat
|
|
application layer.
OK jmatthew@
tested as part of larger diff by sthen@ and Joel Carnat
|
|
These are needed for a new application layer, where a lot of the snmpd.h
stuff just clutter.
OK jmatthew@
tested as part of larger diff by sthen@ and Joel Carnat
|
|
These functions are needed from the new application layer and don't
really belong in snmpd.h.
OK jmatthew@
tested as part of larger diff by sthen@ and Joel Carnat
|
|
This is needed for a new application layer where, where a lot of the
snmpd.h stuff just clutter.
Requested by benno@
OK jmatthew@
tested as part of larger diff by sthen@ and Joel Carnat
|
|
longer needed EVP_MD_CTX_reset().
ok martijn
|
|
ok martijn
|
|
It would be nice if someone added error checking for the EVP_Digest*
calls.
tested by & ok martijn
|
|
if family in resolv.conf is not set to its specific family.
e.g. 0.0.0.0 will not resolve if family is set to "family inet6"
Fix this by first trying to resolve with AI_NUMERIC set and if EAI_NONAME
is returned (it's an actual hostname) retry with an empty ai_flags.
bug reported by and OK sthen@
|
|
Reported by Johan Huldtgren (jhuldtgren <at> gmail <dot> com) via sthen@
OK sthen@
|
|
smi_debug_elements
OK sthen@
|
|
OK sthen@
|
|
OK tb@
|
