#
d16fa18d |
| 20-May-2021 |
martijn <martijn@openbsd.org> |
Rename context to pdutype. This is in line with the naming schema from the RFCs.
While here remove a duplicate sm_type that snuck in during traphandler merger and use human readable names in debug l
Rename context to pdutype. This is in line with the naming schema from the RFCs.
While here remove a duplicate sm_type that snuck in during traphandler merger and use human readable names in debug log entries from packages.
OK jan@
show more ...
|
#
2df89b54 |
| 05-Feb-2021 |
martijn <martijn@openbsd.org> |
Introduce a transaction id. This is currently mostly a dummy-variable, but will later on be needed for when we reintroduce agentx master support.
feedback and OK dlg@, rob@
|
#
ddc6a539 |
| 28-Jan-2021 |
martijn <martijn@openbsd.org> |
Remove print_{debug,verbose} since they're currently unused and I see no reason to start using them in the future.
OK tb@
|
#
488a4384 |
| 27-Jan-2021 |
deraadt <deraadt@openbsd.org> |
these programs (with common ancestry) had a -fno-common problem related to privsep_procid. ok mortimer
|
#
20f2292f |
| 22-Jan-2021 |
martijn <martijn@openbsd.org> |
Remove the traphandler process, which was nothing more then a sham. It did nothing more then receive a message over UDP, do some basic ber and ASN.1 parsing and forward the packet to the parent proce
Remove the traphandler process, which was nothing more then a sham. It did nothing more then receive a message over UDP, do some basic ber and ASN.1 parsing and forward the packet to the parent process. snmpe can do/does the same thing but with a far more thorough ASN.1 validation. Because we move trap receiving to snmpe we get trap over tcp for free.
However, to make sure that a normal snmp port doesn't automatically start handling traps a new set of "listen on" flags are introduced: read, write, and notify. To enable trap handling either let snmpd listen on port 162 without flags, or add the notify flag. Only a flag without port results in listening on port 162.
To keep current behaviour copy all UDP-based "listen on" lines without port and add the notify keyword: listen on 127.0.0.1 port 666 becomes listen on 127.0.0.1 port 666 listen on 127.0.0.1 notify
This change also enforces snmpd to honor trap community on receiving a trap, where previously no community was checked before handling a packet.
OK denis@, rob@
show more ...
|
#
967754d5 |
| 06-Sep-2020 |
martijn <martijn@openbsd.org> |
Split "trap receiver" into its own trap_address struct and clean up the code surrounding this struct and struct address.
No functional change intended, except that trap receiver's source-address may
Split "trap receiver" into its own trap_address struct and clean up the code surrounding this struct and struct address.
No functional change intended, except that trap receiver's source-address may now be a resolvable hostname.
Tweaks and OK jan@
show more ...
|
#
c7465d6e |
| 23-Aug-2020 |
martijn <martijn@openbsd.org> |
Merge listen_sock into address, since there's a 1:1 correlation. Save some overhead and 18LoC.
OK jan@
|
#
a395eaf7 |
| 08-Aug-2020 |
martijn <martijn@openbsd.org> |
Greatly simplify snmpe_parsevarbinds. except for some minor changes in the handling of snmp_intotal{req,set}vars no functional changes intended.
OK jan@
|
#
62153df3 |
| 30-Jun-2020 |
martijn <martijn@openbsd.org> |
Remove agentx and control socket support.
snmpctl has been removed two releases ago, which makes the control interface obsolete.
agentx support has always been quirky at best, but got completely br
Remove agentx and control socket support.
snmpctl has been removed two releases ago, which makes the control interface obsolete.
agentx support has always been quirky at best, but got completely broken with the BER_MAX_OID_LEN increase in ber.h. This change resulted in the oid length on the snmp side being left uninitialized because of size difference, resulting in weird behaviour. No one reported the breakage, even after 6.7 was released.
This change requires users to remove the socket keyword from their snmpd.conf.
OK denis@
show more ...
|
#
5ec2ddb5 |
| 02-Jan-2020 |
florian <florian@openbsd.org> |
When many prefixes are stored in pf tables it is not sensible to export them via snmp. Introduce option filter-pf-addresses similar to filter-routes which prevents exporting below the OPENBSD-PF-MIB:
When many prefixes are stored in pf tables it is not sensible to export them via snmp. Introduce option filter-pf-addresses similar to filter-routes which prevents exporting below the OPENBSD-PF-MIB::pfTblAddrTable oid. Other pf table statistics are uneffected by this and still available. With this I can do a bulkwalk starting at pfMIBObjects without hitting timeouts and without spinning the cpu at 100% for days to export 300k prefixes. man page input kn OK claudio, sthen. martijn is also fine with it going in.
show more ...
|
#
8360a08a |
| 11-Jun-2019 |
martijn <martijn@openbsd.org> |
Implement SHA-2 (RFC7860) support for authentication.
OK claudio@, gerhard@
|
#
bc869f1f |
| 11-Jun-2019 |
martijn <martijn@openbsd.org> |
The digestlength is not always 12 bytes. Make this value variable in preparation for SHA-2 support.
OK claudio@, gerhard@
|
#
9aae882a |
| 16-May-2019 |
martijn <martijn@openbsd.org> |
Allow arbitrary oids to be specified for the getnext request, instead of oids needing to be part of the snmpd loaded tree.
This is in line with RFC3416.
OK gerhard@ who apparently has the exact sam
Allow arbitrary oids to be specified for the getnext request, instead of oids needing to be part of the snmpd loaded tree.
This is in line with RFC3416.
OK gerhard@ who apparently has the exact same diff in his repo.
show more ...
|
#
d4b95dc4 |
| 11-May-2019 |
rob <rob@openbsd.org> |
The BER API is currently used by ldap, ldapd, ldapctl, ypldap, snmpd, and snmpctl. Separate copies of ber.[ch] have existed and been maintained in sync in ldap, ldapd, ypldap and snmpd.
This commit
The BER API is currently used by ldap, ldapd, ldapctl, ypldap, snmpd, and snmpctl. Separate copies of ber.[ch] have existed and been maintained in sync in ldap, ldapd, ypldap and snmpd.
This commit moves the BER API into /usr/lib/libutil. All current consumers already link libutil. ldapd and snmpd regress passes, and release builds.
With help from tb@ and guenther@.
ok deraadt@, tb@
show more ...
|
#
9f020842 |
| 08-Jan-2019 |
bluhm <bluhm@openbsd.org> |
The child processes of snmpd(8) did not detach from the terminal. Dup /dev/null to the stdio file descriptors in the children. based on a fix for httpd(8) and relayd(8); from Jan Klemkow
|
#
4480d17b |
| 05-Aug-2018 |
mestre <mestre@openbsd.org> |
Remove cpath pledge(2) promise. We decided that not deleting the unix control sockets cause no harm and this way we close another attack surface by not allowing the daemon to create/delete any more f
Remove cpath pledge(2) promise. We decided that not deleting the unix control sockets cause no harm and this way we close another attack surface by not allowing the daemon to create/delete any more files.
While here also scramble pledge promises to their canonical form.
OK florian@
show more ...
|
#
8d831f14 |
| 31-Jul-2018 |
claudio <claudio@openbsd.org> |
Make ber type and encoding a unsigned int instead of unsigned long. This way the size is the same on all archs and 32bit should be good enough. OK rob@
|
#
7bfcc0c0 |
| 15-Apr-2018 |
mpf <mpf@openbsd.org> |
Add TCP support to snmpd.
This implements RFC 3430, with the exception of processing multiple incoming requests in parallel (Section 2.1). This required too much code and is optional anyway.
Initia
Add TCP support to snmpd.
This implements RFC 3430, with the exception of processing multiple incoming requests in parallel (Section 2.1). This required too much code and is optional anyway.
Initial review by reyk@, very thorough reviews by jca@. Thanks!
OK jca@, gerhard@
show more ...
|
#
ca0e6eeb |
| 08-Feb-2018 |
claudio <claudio@openbsd.org> |
Bump the read sockbuf of the routing socket to 2MB, may help reduce some of the desync cases. OK benno@
|
#
a188d1e7 |
| 28-Jul-2017 |
florian <florian@openbsd.org> |
Make the engine id is just binary data so make it uint8_t. clang pointed out that we tried to store 128 in a signed char. OK gerhard
|
#
9e5d066d |
| 21-Apr-2017 |
jca <jca@openbsd.org> |
Repair AgentX support.
which I broke when adding support for multiple listen address. SNMP data should be sent to the client using the appropriate socket, which we now store when we receive the que
Repair AgentX support.
which I broke when adding support for multiple listen address. SNMP data should be sent to the client using the appropriate socket, which we now store when we receive the query.
Reported & fix tested by Rivo Nurges.
show more ...
|
#
871fc12c |
| 09-Jan-2017 |
reyk <reyk@openbsd.org> |
Stop accessing verbose and debug variables from log.c directly.
This replaces log_verbose() and "extern int verbose" with the two functions log_setverbose() and log_getverbose().
Pointed out by ben
Stop accessing verbose and debug variables from log.c directly.
This replaces log_verbose() and "extern int verbose" with the two functions log_setverbose() and log_getverbose().
Pointed out by benno@ OK krw@ eric@ gilles@ (OK gilles@ for the snmpd bits as well)
show more ...
|
#
c7cb8e65 |
| 18-Nov-2016 |
jca <jca@openbsd.org> |
Add support for multiple listening sockets
One can now specify multiple "listen on" statements. The default is to listen on 0.0.0.0 and ::, which means better handling of dual-stack setups. ok sthe
Add support for multiple listening sockets
One can now specify multiple "listen on" statements. The default is to listen on 0.0.0.0 and ::, which means better handling of dual-stack setups. ok sthen@ on a previous version, input and ok reyk@.
show more ...
|
#
f005ecdc |
| 09-Nov-2016 |
jca <jca@openbsd.org> |
Improve source IP address handling.
- send replies using a source address equal to the destination address of queries, using IP_SENDSRCADDR. This help in multihomed setups and can remove the ne
Improve source IP address handling.
- send replies using a source address equal to the destination address of queries, using IP_SENDSRCADDR. This help in multihomed setups and can remove the need to explicitely configure a bind address. - config knob to set the source address of packets sent to trap receivers. "trap receiver" gains an optional "source-address" setting.
Source address issues reported by Andy Lemin. ok benno@
show more ...
|
#
7be2c8aa |
| 28-Oct-2016 |
rzalamena <rzalamena@openbsd.org> |
Sync snmpd(8) with other daemons proc.c and teach him how to fork+exec.
ok jca@, reyk@
|