1This file contains a summary of the major changes in released revisions. 2Please see the CHANGES file for a more detailed list of specific bugs/patches 3that have been fixed/applied, and the ChangeLog file for a comprehensive 4listing of all changes made to the code. 5 6*5.9* 7 snmplib: 8 - Add IPv6 support to DTLSUDP transport CHANGES: snmplib: use new 9 netsnmp_sockaddr_storage in netsnmp_addr_pair CHANGES: snmplib: add 10 base_transport ptr for tunneled transports 11 12 snmpd: 13 - Security vulnerabilty in the ping MIB reported by Christopher Ertl 14 from Microsoft fixed 15 - Changing to a different uid/gid can only be done once 16 - The extend mib is now read-only by default 17 18 snmptrap: 19 - BUG: 2899: Patch from Drew Roedersheimer to set library 20 engineboots/time values before sending 21 22 unspecified: 23 - Add pkg-config support for building applications and sub-agents Use 24 the netsnmp package when building Net-SNMP applications. Use the 25 netsnmp-agent package when building Net-SNMP subagents. 26 27*5.8* 28 snmplib: 29 - TLS/DTLS fixes 30 - fix usm keychanges for new algorithms and longer keylengths 31 - IP address formatting fixes 32 - BUG: 2592: from Stuart Kendrick - increase MAXTC to 16384 33 - add new sha2 auth protocols 34 - Restore AES-192 and AES-256 privacy protocols - from 35 draft-blumenthal-aes-usm-04 (precursor to RFC 3826) 36 - Use OIDs from http://www.snmp.com/eso/esoConsortiumMIB.txt 37 - Some code borrowed from PATCH 1346, thanks to 38 Alexander Ivanov and Vladimir Sukhorukov. 39 - BUG: 2622: Fix excessive indents in log file 40 - new config tokens: 41 - sendMessageMaxSize 42 - disableSNMPv1 / disableSNMPv2c 43 - new api for dynamic debug log level (netsnmp_set_debug_log_level) 44 45 snmpd: 46 - SNMP-TARGET-MIB: Fix snmpTargetAddrTAddress 47 - Com2sec and com2sec6 SOURCE values may deny sources as well as 48 permit. 49 - allow trap sinks to set Target-MIB characteristics (name, tag, profile) 50 - add source addr/port option to trapsink/trap2sink/informsink 51 - packet filtering by source ip (enableSourceFiltering/filtersource) 52 - several getbulk handling improvements 53 - several new APIs introduced for run-time configuration of agent: 54 - netsnmp_vacm_simple_usm_add/del 55 - usm_create_usmUser_* 56 - netsnmp_udp_com2SecEntry_create/netsnmp_udp_com2SecList_remove 57 - netsnmp_agent_listen_on to open agent port 58 59 Win32: 60 - Add support for the DTLS-UDP and TLS-TCP transports 61 62 scripts: 63 - A new 'checkbandwidth' script to check host min/max bandwidth 64 65 snmptranslate: 66 - Introduce bulk translation mode The special argument "-" causes 67 snmptranslate to enter bulk translation mode, in which it expects 68 one OID per line. Whitespace is treated as the end of the OID, and 69 only that portion of the line is replaced, meaning that this can be 70 used to translate, e.g., "snmpwalk" output without the proper MIBs 71 loaded: snmptranslate -m all -OX < numeric.txt > symbolic.txt 72 73 building: 74 - Add Travis and Appveyor CI support 75 - IPv6 support is now compiled by default. If you need an IPv4-only 76 agent, use --disable-ipv6. 77 - Fixed/improved support for several non-Linux platforms 78 - Many fixes found by Coverity anf Fortify scans 79 80*5.7.3* 81 Many many bug fixes and minor improvements 82 83 snmpd, snmptrapd and apps: 84 - Patch 2525: from Ryan Steinmetz: Fix argument length parsing of the 85 host resources mib 86 - Make ENV_SEPARATOR_CHAR configurable 87 - SECURITY: a denial of service attack vector was discovered on 88 the linux implementation of the ICMP-MIB. This release fixes 89 this bug and all users are encouraged to update their SNMP 90 agent if they make use of the ICMP-MIB table objects. 91 92 perl: 93 - BUG: 2402: Add support for SNMPv3 traps 94 95 Windows: 96 - Port batch build infrastructure to Visual Studio 2010 and later 97 From Visual Studio 2010 on it is no longer possible to specify 98 include or library directories globally - these have to be 99 specified per project. Hence two additional menu entries in 100 build.bat that allow to specify these directories. 101 - Patch from Bart Van Assche to improve cygwin building 102 103*5.7.2* 104 snmp: 105 - BUG: 3526549: CVE-2012-2141 Array index error leading to crash 106 107 snmpd: 108 - BUG: 3532090: Fix high ifIndex values crashing hrDeviceDescr 109 110 building: 111 - PATCH: 2091156: correctly declare dependencies in Makefile. 'make 112 -j <N>' should work now. Backport this to V5-4 as it is needed for 113 correct operation in the single threaded case of make miblib as 114 well. 115 116 Many other miscellaneous minor bug fixes 117 118*5.7.1* 119 120 libnetsnmp: 121 - Fixed the mib-parsing-bug introduced shortly before 5.7 122 123 agent: 124 - fixed rounding errors for disk percentage calculations 125 126 openbsd: 127 - better support for recent openbsd releases 128 129 features: 130 - bug fixes with minimalist support after additional user feedback 131 132 Many other miscellaneous minor bug fixes 133 134*5.7* 135 136 snmpd: 137 - Delivery of data via regularily scheduled notifications. 138 (see "Data Delivery via Notfications" in snmpd.conf) 139 - Many time-based config options can take (m)ins, (h)ours, ... arguments 140 (see the snmpd.conf manual page) 141 - The PING and TRACEROUTE MIBs now compile and work-ish on linux 142 http://www.net-snmp.org/wiki/index.php/DISMAN 143 - Mib handlers can now implement a data_clone function for 144 cloning the myvoid structure variable to avoid dangling pointers 145 - Fixed persistent storage of VACM MIB configuration 146 - Multi-homed agents send UDP responses from the proper IP address 147 - The hrStorageTable implementation now supports large filesystems better 148 - optimizations for large route tables 149 - Added a deliveryByNotify config token for regular data delivery 150 (see the snmpd.conf manual page and the NET-SNMP-PERIODIC-NOTIFY-MIB) 151 - [PATCH 3141462]: fix agentx subagent issues with multiple-object requests 152 - [PATCH 3057093]: linux uses libpci for creating useful ifDescr strings 153 - [PATCH 3131397]: huge speedups of the TCP/UDP Tables 154 155 libnetsnmp: 156 - Removed the older CMU compatibility support 157 - The SSH transport is now configurable 158 159 TLS/DTLS support: 160 - The SNMP over DTLS transport now properly supports IPv6 161 - Introduced new configuration tokens: localCert/peerCert 162 (deprecating serverCert, clientCert, defX509ServerPub, defX509ClientPub) 163 - Various fixes for the TLS/DTLS transports 164 165 apps: 166 - Added a per-variable timed output support to snmpwalk using -CT 167 - snmpinform now correctly uses the local engineID for informs 168 - A number of mib2c bug fixes 169 - New snmp.conf tokens for timeouts and retries 170 171 building: 172 - New flags to reduce the amount of compiled code to bare minimums. 173 This is provided by a new generic feature marking/selection mechanism. 174 http://www.net-snmp.org/wiki/index.php/Feature_Marking_and_Selection 175 - It's now possible to build without SNMPv3/USM 176 (e.g., if you only want TLS/DTLS with SNMPv3/TSM) 177 - It's possible to build the suite with no SET support 178 configure using --enable-read-only 179 - It's possible to build the agent as a notify-only agent 180 configure using --enable-notify-only 181 - Added a script to test memory usage with various config options 182 (see the local/minimalist/sizetests script) 183 - Net-SNMP can now be built to perform local DNSSEC validation 184 (install DNSSEC-Tools' libval and use --with-local-dnssec-validation) 185 186 testing: 187 - a number of new API unit-tests have been added to the suite 188 (to run the tests: cd testing && ./RUNFULLTESTS -g unit-tests) 189 - The unit tests can be more easily run under valgrind 190 (See http://bit.ly/jsgRnv for details) 191 192 openbsd: 193 - Support for updating the routing table via SNMP 194 195 win32: 196 - The testing suite works better under win32 environments 197 - Many building fixes for the win32 environment(s) 198 199 solaris: 200 - Net-SNMP now supports the SCTP-MIB 201 202 DragonFlyBSD, FreeBSD8: 203 - Net-SNMP should now work on DragonFlyBSD and FreeBSD8 204 205 And of course: 206 - Many other bug fixes. See the CHANGES and ChangeLog for details. 207 208*5.6* 209 210 all: 211 - Implemented the SNMP over TLS and SNMP over DTLS protocols [RFC-to-be] 212 See http://www.net-snmp.org/wiki/index.php/TUT:Using_TLS 213 - Implemented the "Transport Security Model" [RFC5591] 214 - Generic host-specific configuration .conf files are now read. 215 See the HOST-SPECIFIC FILES section of the snmp.conf manual page 216 and http://www.net-snmp.org/wiki/index.php/Configuration 217 - Include statements can now be used in .conf files. 218 See http://www.net-snmp.org/wiki/index.php/Configuration 219 220 snmpd: 221 - Fix handling of multiple matching VACM entries. (Use the "best" 222 match, rather than the first one). Reported by Adam Lewis. Note 223 that this could potentially affect the behaviour of existing access 224 control configurations. 225 - Agent will no longer call table handlers if a set request for the 226 handler has invalid indexes 227 - table_data/tdata next handler will not be called during get 228 processing if no valid rows are found for the handler 229 - [PATCH 2952708]: Added Perl implementation of BRIDGE-MIB 230 - moved all functions defined in libnetsnmphelpers to 231 libnetsnmpagent. libnetsnmphelpers is now an empty library. 232 - Implemented the TSM-MIB and the TLSTM-MIB 233 - new API for indicating that persistent store needs to be saved 234 after the current request finishes processing 235 - [PATCH 2931446]: make the load averages writable. 236 237 apps: 238 - A new tool 'net-snmp-cert' that easily creates and manages 239 X.509 certificates for use with the SNMP over (D)TLS protocols. 240 - Added an 'agentxtrap' command to send notifications via AgentX 241 (See http://www.net-snmp.org/wiki/index.php/TUT:agentxtrap for details) 242 - -T command line flag can be used to pass configuration 243 directly to transports that can accept configuration tokens 244 - A new 'snmptls' command for manipulating the agent's TLS configuration 245 246 snmplib: 247 - A more modular transport subsystem that allows third party 248 extensions and dependencies for code reuse. 249 - New transport functions: f_config, f_open, f_copy and f_setup_session 250 - Transports can now specify session defaults 251 - E.G. dtlsudp: auto-sets the SNMP version and the security model. 252 - [PATCH 2942940]: Add a new function, netsnmp_parse_args, that is 253 like snmp_parse_args but takes an additional bitmask, flags, to 254 affect the behaviour. Also remove the magic handling of some 255 application names. 256 - A new X.509 certificate API for indexing and reading certificates 257 - new experimental row creation API which uses a state machine 258 to try really hard to create a row from a given varbind list 259 - netsnmp_container enhancements: 260 - added a free_item function 261 - added a CONTAINER_FREE_ALL macro/function 262 - added an interface for duplicating a container (CONTAINER_DUP) 263 - added a remove function to container_iterators 264 - added an ability to set options on binary_array containers 265 - new snmp token logOption allows specifying log destinations 266 via configuration conf files 267 - A very significant reduction in compiler warning output 268 - new experimental simple state machine handling API 269 270 building: 271 - Support for a stream-line stripped down version of internal 272 OpenSSL support using --with-openssl=internal. 273 - Do not require that the UDP transport is included. 274 - Building Net-SNMP with dmalloc support enabled is again possible. 275 276 mib2c: 277 - mib2c can now optionally run sed on generated code 278 279 testing: 280 - A brand new test infrastructure supporting multiple test suites 281 See perldoc testing/RUNFULLTESTS for details 282 283 python: 284 - walking broken agents won't cause an infinite loop 285 286 win32: 287 - IPv6 is only supported under Cygwin 1.7 or later. 288 - [BUG 2939168]: byte order of udpLocalPort is now correct. 289 - [BUG 2939168]: fixed test infrastructure ("make test"). This has 290 been fixed by using the proper environment separator character and 291 by adding the path of the netstat executable for Cygwin in 292 testing/TESTCONF.sh. 293 - building with another OpenSSL package than the Cygwin-provided 294 packages openssl and openssl-devel is again possible. 295 - running the regression test suite is again possible ('make test'). 296 - winExtDLL compiles now under MinGW. 297 - the snmpd.conf keyword 'extend' is now supported under MinGW 298 - the snmptrapd.conf keyword traphandle is now supported under MinGW 299 300 qnx6: 301 - [PATCH 2836895]: support for QNX6 302 303*5.5* 304 305 All applications: 306 - Added the ability to "alias" transports to a more simple name 307 (see the "alias" keyword in the snmp.conf manual page) 308 - The -t (timeout) switch will accept floating point numbers (eg: .1) 309 310 snmpd: 311 - [BUG 1712988]: default/configurable max # varbinds returned by GETBULK 312 - [PATCH 1585146]: Extend range of available error codes 313 - [PATCH 1654424]: Handle row deletion issues in dataset tables 314 - [PATCH 1666737]: Include IPv6 traffic in various UDP counters 315 - [PATCH 1700157]: Fix ordering of exec tokens in MIB output 316 - [PATCH 1719253]: fix skipNFSInHostResources for multiple walks 317 - [PATCH 1723611]: New implementation of the RMON alarmTable 318 - [PATCH 1737439]: automatic link up/down traps on a walk 319 - [PATCH 1806501]: Add API for sending traps with a snmpv3 context 320 - [PATCH 1882621]: Add LVM support to the partition table 321 - [PATCH 1893468]: fixed registration of OIDs with ranges 322 - [PATCH 1901764]: Support date-based logwatch files 323 - [PATCH 1909813]: fix table_iterator handling of SORTED hint 324 - [PATCH 1916840]: new config option to set SNMPv1 trap agent address 325 - [PATCH 2103492]: implement RMON-MIB::etherStatsJabbers 326 - [PATCH 2449210]: add 64-bit usage statistics to UCD-SNMP-MIB::dskTable 327 - Add support for a user provided length variable 328 and C string values to the watcher helper. 329 - Automatically reregister sysORTable entries from AgentX subagents. 330 - Fix various memory leaks 331 - Implement ipAddressSpinLock 332 - Implement ipNetToPhysicalLastUpdated 333 - Suppress annoying "registration != duplicate" warning for root oids 334 335 snmptrapd: 336 - [PATCH 1908288]: Run perl END block on termination 337 - Add trap handler for logging traps to a mysql database 338 - Withdraw deprecated options. 339 340 snmpnetstat: 341 - [PATCH 2564538]: Support GETBULK in v2c+ snmp versions 342 343 snmpusm: 344 - [PATCH 1591355]: Allow cloning to arbitrary engineIDs 345 346 snmplib: 347 - [BUG 1619827]: Improve handling of link dependencies 348 - [PATCH 700681]: limited support for UDPv4 broadcast addresses 349 - [PATCH 1882069]: Add token for specifying an exact SNMPv3 engineID 350 - Fix assorted memory leaks 351 - Implemented RFC5343 contextEngineID probing. 352 - Support for the TSM security model for use with tunneling 353 354 misc: 355 - Add config reread support to "net-snmp-config --compile-subagent" code 356 - Preliminary (alpha) support for SNMP over SSH and DTLS/UDP. 357 - Preliminary (alpha) support for the TSM security model 358 - Separate user management into new net-snmp-create-v3-user script 359 360 building: 361 - Improved cross-compilation support 362 - Improved library layering & dependency handling when linking apps 363 - Improved RPM spec files, for consistency with vendor-provided packages. 364 - Mechanism for selecting build environment based on version 365 - New test scripts to test Net-SNMP transport functionality 366 - Restructure configure template 367 - Update to autoconf 2.63 & libtool 2.2.6 368 369 perl: 370 - [BUG 1619827]: improve handling of link dependencies 371 - [PATCH 1956193]: beta threadable perl module code for SNMPv1/2c usage. 372 373 python: 374 - [PATCH 1716114]: Let python build in source tree (Debian patch #38) 375 376 Linux: 377 - [PATCH 1704105]: Add IPv6 support to the inetNetToMediaTable 378 - [PATCH 1705594]: Various fixes to ipAddressPrefixTable reporting 379 - [PATCH 1708243]: Implement ipDefaultRouteTable 380 - [PATCH 1715405]: Implement ipv6ScopeZoneIndexTable 381 - [PATCH 1724602]: MfD-based ipDefaultRouterTable implementation 382 - [PATCH 1828602]: Support ipDefaultTTL and ipForwarding SETs 383 - [PATCH 1927751]: Implement icmpMsgStatsTable 384 - [PATCH 2023633]: Implement SCTP-MIB 385 - [PATCH 2053273]: Implement EtherLike MIB 386 387 AIX: 388 - Add support for AIX 6.x 389 - Fix default shared library building instead of forcing static 390 391 FreeBSD: 392 - [BUG 1633483]: Support CPU HAL on FreeBSD4.x 393 - [PATCH 1623874]: add GNU/kFreeBSD support 394 395 IRIX: 396 - [PATCH 1709748]: Optimized IRIX cpu stats 397 - [PATCH 1675869]: CPU statistics for IRIX based on PCP 398 399 MacOSX: 400 - [PATCH 1600522]: CPU HAL implementation for mach/darwin 401 402 Solaris: 403 - [PATCH 1719730]: support for ipSystemStatsTable and ipAddressTable 404 405 Win32: 406 - [PATCH 2686248]: Fix several winExtDLL bugs. 407 - [PATCH 1706344]: Fix compilation with cygwin 408 - Fix AES support 409 410 411*5.4* 412 413 Important Changes: 414 - The default configuration now enables embedded Perl and the Perl 415 modules by default when possible unless explicitly disabled. You 416 may use the --disable-embedded-perl and --without-perl-modules 417 configure options, respectively, to revert to the former default 418 configuration. 419 420 New: 421 python: 422 - Python bindings to the Net-SNMP project are now available in 423 the python sub-directory. See the README file there for details. 424 425 build: 426 - Some preliminary support for automatic building of dynamically 427 loadable mib module code. 428 - Most net-snmp specific defines are now (also) available under 429 a proper NETSNMP_ prefix. The older, potentially conflicting 430 names as well as the autoconf variables can now be turned off 431 easily within 3rd party code. 432 - libtool update to 1.5.22 433 - enable-as-needed will try to link built libraries against needed 434 libraries at library link time, rather than application link time. 435 This is preliminary support for what will likely be better in 5.5. 436 437 snmplib: 438 - [PATCH 1282566]: to rework transport creation to allow for 439 alternative interpretations of the address and a more flexible 440 transport registration system 441 - [PATCH 1509943]: responses will get sent from the original dest IP 442 address when possible. 443 444 snmpd: 445 - new MIB table for managing Net-SNMP access control extensions 446 (see NET-SNMP-VACM-MIB). These extensions to the VACM MIB are 447 Net-SNMP specific and are used primarily by snmptrapd at this point. 448 - [PATCH 1550725]: A new uint instance helper to match the existing 449 int, long and ulong helpers 450 - [PATCH 1534877]: to add support for skipping NFS entries in the 451 host resources hrStorageTable. See the skipNFSInHostResources 452 token in the snmpd.conf file for details. 453 - A "hardware abstraction layer", to localise the O/S-specific 454 aspects of retrieving system data. This first appeared in the 455 5.3.x line, but this release now starts to actively use it for 456 implementing particular MIB modules. 457 This has resulted in some minor changes in behaviour - some index 458 values in the hrStorageTable have changed from earlier releases, 459 and the (non-raw) memory statistics are now consistent, reporting 460 percentage usage calculated over the last minute on _all_ systems. 461 - Agent builds default module list from a default_mibs.h rather than 462 a hard coded configure list 463 - [PATCH 1568150]: Extend pass_persist error messages that can be 464 passed back from the script 465 - [PATCH 1570982]: Solaris IF-MIB: Support for IPv6-only interfaces 466 467 snmptrapd: 468 - the traphandle directive now supports a -t switch to indicate 469 matching any OID in the tree below the specified OID 470 471 mib2c: 472 - New mib2c.emulation.conf provides a quick way to do simplistic 473 emulation of an entire MIB or MIB branch. 474 - A new perl module NetSNMP::agent::Support provides easier embedded 475 perl support. (patch 1369996 from Peter Martin) 476 Run "mib2c -c mib2c.perl.conf OID" to help you start using it. 477 478 perl: 479 - gettable() now supports asynchronous callback functions 480 - update default_store module to latest default_store c-binding 481 tokens 482 483 snmpusm: 484 - performance improvement when changing localized keys 485 - new option -Cp to set usmUserPublic value 486 487 snmpvacm: 488 - new commands to manipulate Net-SNMP access control extensions 489 490 Ports: 491 Linux: 492 - add IPv6 aware UDP and TCP mibs to default module list 493 494 Solaris, FreeBSD, OpenBSD: 495 - Experimental support for 64bit interface counters (ifXTable). Enable 496 via '--with-mib-modules=if-mib --enable-mfd-rewrites'. 497 - [PATCH 1569537,1569539]: new UDP-MIB and TCP-MIB implementation 498 (enable through --with-mib-modules=udp-mib,tcp-mib) 499 500 Win32: 501 - new winExtDLL extension module to allow snmpd to load Windows SNMP 502 Service extension DLLs to provide support for HOST-RESOURCES-MIB 503 and other MIBs provided with Windows. 504 505 AIX: 506 - HOST-RESOURCES-MIB implementation added to default module list 507 508 uCLinux 509 - [PATCH 1551948]: Make pass_persist usable on uClinux 510 511 Fixes: 512 snmplib: 513 - fix OID lookups for fully qualified object names (eg .iso.org) 514 (official patch 1421725) 515 - UDPIPv6 and TCPIPv6 transports now compile on recent UN*X platforms 516 517 snmpd: 518 - fix disman/event monitoring crashes (official patch 1429059) 519 - fix re-init of daemons after SIGHUP (official patch 1473289) 520 - fix trap processing from SMUX peers (patch 1430824) 521 - [BUG 1527930]: fix smux authentication 522 - [BUG 1427410]: Set auth engineID for SNMPv3 traps. 523 - [BUG 1535903]: Support spaces within security names 524 - fix 8 byte IpAddress in at, ip and route MIBs. 525 - [PATCH 1562688]: fix ping/reattach agentx code 526 527 snmptrapd: 528 - fix bug 1420758/1458815: snmptrapd aborts/loops in select() 529 (official patch 1420758) 530 - fix re-init of daemons after SIGHUP (official patch 1473289) 531 532 perl: 533 - Fixed the perl bulkwalk function 534 - gettable() was fairly broken in prior versions 535 - OID handling was fully broken on various 64bit platforms 536 - fixes for 64-bit platforms 537 538 misc: 539 - Many misc fixes 540 541*5.3.0.1* 542 543 *** Security Fix *** 544 545 - In version 5.3 much of the authorization control was rewritten. 546 There was a bug in the new code that resulted in granting write 547 access to read-only users or communities which were configured 548 using the "rocommunity" or "rouser" snmpd.conf tokens. 5.3.0.1 549 fixes this problem. Users are encouraged to immediately update 550 their installations if they use either of these tokens. 551 552 553*5.3* 554 555 *** Important Notes *** 556 557 Several very significant changes have been made in Net-SNMP for this 558 release that warrant special attention. 559 560 - shared library version number no longer matches the release number. We 561 now follow the versioning scheme recommended by libtool. For the 5.3 562 release this means that the libraries now have a SONAME ending with 563 ".so.10", e.g. libnetsnmp.so.10. 564 565 - snmpd has not been truncating log files at startup, as documented in 566 the man pages, for a while now. This default behaviour has been restored. 567 Please use the '-A' flag if you want to continue appending to your log 568 files at startup. 569 570 - snmptrapd will no longer accept all traps by default. It must be 571 configured with authorized SNMPv1/v2c community strings and/or SNMPv3 572 users. Non-authorized traps/informs will be dropped. 573 574 - Due to a copyright statement that didn't allow modifications, 575 snmpnetstat has been completely rewritten. The new version now 576 accepts the same command-line options as the other tools, which 577 has introduced a number of incompatible changes. However, it 578 does now finally support SNMPv3. 579 580 New: 581 Building: 582 - new option to disable set support in the agent (--disable-set-support) 583 584 snmpd: 585 - implement notification logging 586 - implement notification filtering 587 - AgentX, host resources and disman/event mibs added to default module list 588 - updated and new disman mib implementations 589 590 snmptrapd: 591 - allow a non-default AgentX socket 592 - a brand new authorization scheme that is based on the VACM 593 authorization scheme from snmpd. 594 - Note: now drops unauthenticated notifications by default 595 - registers the snmpEngine MIB group under the "snmptrapd" context 596 597 snmplib: 598 - new helper for ascii file based scalar integers (think Linux /proc/) 599 - new utilities for dealing with files 600 - new utilities for parsing text files 601 - granular config/persistent file disablement (noPersistentLoad and 602 noPersistentSave snmp.conf tokens) 603 604 mib2c: 605 - mib2c.mfd.conf now generates code for persistence row storage 606 - many enhancements and bug fixes 607 608 snmpusm: 609 - allows to use old and/or new localized key instead of passphrase with 610 option -Ck 611 - new option -CE to specify usmUserEngineID (necessary to manage 612 snmptrapd's usmUserTable) 613 614 Ports: 615 Linux: 616 - new experimental tables 617 - tcpConnectionTable, tcpListenerTable 618 - ipAddressPrefixTable 619 - udpEndpointTable 620 - ipv4InterfaceTable, ipv6InterfaceTable 621 - inetCidrRouteTable supports dynamic ipv4 route creation/deletion 622 - added ipv6IpForwarding.0 and ipv6IpDefaultHopLimit.0 (read-write) 623 624 Win32: 625 - Cygwin compiler fixes 626 - MSVC: agent (snmpd) support for pass and pass_persist 627 - MinGW: agent (snmpd) support for pass 628 - Fix for 'select: No such file or directory' in snmpdelta 629 630 Fixes: 631 - Persistent files in directory defined by snmp.conf persistentDir were 632 not being loaded at startup 633 - Perl getnext didn't honor explicit reference to MIB file 634 - AgentX sub-agent connection delayed til after config files read 635 - Build fixes for --disable-agent, --disable-snmpv1 and --disable-snmpv2c 636 - Lots of bug fixes 637 638 639*5.2* 640 New: 641 For the security paranoid (like Wes): 642 - Insecure versions of SNMP may be completely disabled at compile time. 643 (configure using one or both of --disable-snmpv1 --disable-snmpv2c) 644 - Less secure versions of SNMPv3 authentication and encryption 645 algorithms may be completely disabled at compile time. 646 (configure using one or both of --disable-des --disable-md5) 647 (This requires you have OpenSSL to support SHA1 and AES instead) 648 - Diffie-Helman key negotiation (perfect-forward-secrecy - RFC2786) 649 has been implemented in both the agent and "snmpusm". 650 - Better support for direct use of localized and master keys 651 (randomly generated keys have more entropy than passwords). See 652 the -3m -3M -3k and -3K options, and the defAuthLocalizedKey, 653 defPrivLocalizedKey, defAuthMasterKey, defPrivMasterKey 654 snmp.conf tokens) 655 656 library: 657 - send and receive buffer sizes for UDP/TCP are configurable 658 - .conf file token registration can now search multiple files 659 (separate file names to search by a :. IE, "snmpd:agentx") 660 661 snmptrapd: 662 - Embedded perl support for trap handlers (much faster than traphandles). 663 (configure --with-embedded-perl ; see 'perldoc NetSNMP::TrapReceiver') 664 - the snmptrapd usmUser table can be controlled through SNMP & AgentX 665 (the snmptrapd registers MIBs under the "snmptrapd" SNMPv3 context) 666 667 agent: 668 - community strings can be mapped to individual SNMPv3 contexts 669 (see the snmpd.conf manual on "com2sec"). 670 - AgentX should work properly with SNMPv3 contexts now. 671 - improved version of "exec" extension directive - "extend": 672 supports multi-line output, configurable command input, SET 673 handling, a valid relocatable MIB output structure, etc 674 - more flexibility added to netsnmp_cache helper, including periodic 675 refreshing of caches and cache pre-loading. 676 - experimental implementation of DisMan Remote Operations MIB groups 677 (remote nslookup, ping, traceroute and expressions via SNMP) 678 - The proxy supports a new -Cc flag which passes the community 679 name through to the other side rather than hard-coding it. 680 - The config_require() and other modules can now be placed 681 inside of CPP directievs (#if, /* ... */) as header files are 682 now passed through CPP processing first. 683 - new config_exclude() macro for excluding certain modules 684 - new config_belongs_in() macro to specify if a chunk of code 685 found by --with-mib-modules belongs in the agent library or 686 the mib module library. 687 - Uses a smaller function stack. 688 689 commands: 690 - snmpusm: A number of key-change improvements 691 (EG, changing localized keys supported, diffie-helman support, ...) 692 - New -Ln option to completely disable logging. 693 694 mib2c: 695 - a number of new or updated configuration templates: 696 - mib2c.iterate.conf: the iterator-based table config 697 now produces fuller template code than before. 698 - mib2c.table_data.conf and mib2c.container.conf: 699 two new "internal-row" style configs 700 - mib2c.mfd.conf: "MIBs for Dummies" (or MFD) - intended to 701 reduce the SNMP knowledge needed to develop MIB modules 702 and add flexibility at the same time. Run "mib2c -S 703 mfd_interactive_setup=1 -c mib2c.mfd.conf OID" and follow 704 its guided instructions to help you tailor its results to 705 meet your needs. 706 - mib2c.genhtml.conf: Generates an easier-to-read HTML view of 707 a MIB tree structure. (See http://www.Net-SNMP.org/mibs/ 708 for example output.) 709 - more node tags available for conf file writers 710 - additional search directories may be set via MIB2C_DIRS env var. 711 - mib2c-update: new utility to help update mib2c generated code 712 when conf file changes. 713 - a mib2c.conf manual page to describe how to write mib2c .conf files. 714 - support for embedded perl code in mib2c.conf files 715 716 documentation: 717 - New README.agent-mibs: an attempt to start documenting what 718 MIBs are implemented in the agent and on what architectures. 719 720 perl: 721 - An improved SNMP::gettable() method. Uses GETBULK if possible and 722 better GETNEXT requests if not, decodes indexes from OIDs, 723 requests multiple variables at once, ... ("perldoc SNMP" for details) 724 - A NetSNMP::OID::get_indexes() function to extract index values 725 from an OID. 726 727 Ports: 728 Linux: 729 - new experimental tables/rewrites for Linux, including: 730 ifTable, ifXTable, inetCidrRouteTable, ipCidrRouteTable, 731 ipAddressTable, ipSystemStatsTable, ipNetToPhysicalTable. 732 - Enable these talbles by specifying --enable-mfd-rewrites to configure. 733 - Most of these tables have IPv6 support as well. 734 - ifIndex no longer changes when interfaces are added/removed, and all 735 tables/object will now use the same ifIndex for the same interface. 736 737 Solaris: 738 - new experimental support for ucd-snmp/lmSensors MIB module 739 740 Win32: 741 - Support for the MinGW compiler 742 - Support for snmptrapd running as a service 743 - A Win32 specific build and install script 744 - Support for a .exe installer 745 (we'll make binaries available using it) 746 747 Fixes: 748 - AgentX memory leak on sets 749 - SNMPv3 not-in-time window after 248 days 750 - Agent hang in HOST-RESOURCES MIB 751 - double free on duplicate registration 752 - OIDs with IP Addresses as indexes now print prettier 753 -'Lazy' installation of headers (only install if newer) 754 - allow whitespace in rocommunity/rwcommunity 755 - many miscellaneous bug reports 756 757 758*5.1.2* 759 New: 760 - Minor improvements to snmpdelta (error reporting) 761 - Minor improvements to snmpnetstat (IPv6 output) 762 763 Fixes: 764 - Misc 64bit processor fixes. 765 - Misc perl build and install fixes. 766 767 Ports: 768 - Linux 2.6 improvements 769 - Win32 support for TCP and UDP over IPv6 via Winsock version 2 770 - Win32 fixes in many places. 771 - Win32 service support for snmptrapd 772 - Win32 support for snmpconf 773 774*5.1.1* 775 New: 776 - test suite supports testing over other transports (tcp, udp6, unix, ...) 777 (see the -P switch to the testing/RUNTESTS script) 778 - Solaris supports the use of it's PKCS#11 library for supporting 779 cryptographic functions (OpenSSL isn't required if PKCS#11 is available) 780 (see configure's --with-pkcs flag) 781 782 Fixes: 783 - Improvements on 64 bit architectures. 784 - A few minor memory leaks fixed. 785 - An extremely large number of minor bug fixes. 786 - Many perl module specific bug fixes. 787 - snmpd will safely handle more signals. 788 789 Ports: 790 - Many many significant Windows improvements. 791 - AgentX support is working again under windows. 792 - SCM support is built into the agent to allow the agent to be 793 started as a windows service. 794 - MSDOS names are supported in path names. 795 - A win32 build script in win32/build.pl 796 - Support for the MinGW compiler 797 - (see the README.win32 file for details on new ports) 798 - Various helpful win32/*.bat files for installation, etc. 799 - Some linux 2.6 support improvements 800 801*5.1* 802 New: 803 804 Building: 805 - configure is now generated using autoconf 2.57. 806 - The make system now supports "make uninstall" 807 - configure & make supports a --with-install-prefix option 808 - new configure options to disable building of the agent, apps, ... 809 ./configure --help for a list of package sections that can be excluded. 810 - new configure option to remove specific code pieces (mib reading, ...) 811 ./configure --help for a list of code areas that can be excluded. 812 813 snmpd: 814 - linkUp and linkDown notifications can be enabled 815 (see the linkUpDownNotifications snmpd.conf token documentation) 816 - notifications (traps) can be generated for disman/monitor events. 817 (see the snmpd.conf documentation on "monitor" and "notificatonEvent") 818 - new snmpd.conf tokens: includeAllDisks 819 - the UCD-DISKIO-MIB will now work on linux. 820 - com2sec mappings for SNMP over unix sockets. 821 - some speed improvements have been made that should increase the 822 speed of the agent's processing time. 823 - for mib code using the table iterator, an auto-caching mechanism 824 which can greatly speed up access at the cost of caching. 825 (see "stash_cache" in the injectHandler token docs in snmpd.conf(5)) 826 - Some of the agent modules were completely rewritten (and 827 should be faster and cleaner). 828 - A number of new APIs and helper modules are available, but 829 there is no major summary to easily list. 830 - A number of new Net-SNMP specific MIBs now exist. 831 832 snmptrapd: 833 - snmptrapd now supports forwarding of notifications. 834 (see the snmptrapd.conf manual for details) 835 - snmptrapd's new -t switch can be used to disable syslog. 836 (useful for a no-output snmptrapd with only traphandle support) 837 838 apps: 839 - snmptable sports 3 new options: fixed width, max-repeaters, 840 left-justify. (see snmptable -h for details) 841 - mib2c walks you through instructions to help you generate code 842 "just for you". Including some new forms of output code, like 843 notification code generation. Run mib2c SOMETHING for details. 844 - mib2c has about a billion other improvements, including the 845 ability to generate trap generation code templates. 846 - snmpwalk supports a new -Ct option for timing how long a walk takes. 847 - net-snmp-config supports a number of new options. 848 - All applications support a consistent -L flag for turning on 849 which forms of output logging should be used. 850 851 perl: 852 - the SNMP module supports a new get_table() call. 853 854 Fixes: 855 - More patches to properly demonize snmpd (close std*, double fork, ...). 856 - Version numbers of all packages/perl-modules/etc are better synchronized. 857 - more documentation, especially for APIs 858 - all perl module version numbers are synchronized with the 859 net-snmp package. 860 - Many many misc bug fixes, as always. 861 862 Ports: 863 - diskio MIB support for Darwin. 864 - ifSpeed under Linux should now be correct for most network cards. 865 - more windows build fixes 866 867*5.0.9* 868 869 SECURITY: 870 - An existing user/community could get access to data in MIB 871 objects that were explicitly excluded from their view. 872 873 Fixes: 874 - Perl build environment should better under Windows 875 - Misc kerberos support fixes. 876 - Improvements on various manual pages. 877 - A annoying bug with SETs being passed to pass scripts was fixed. 878 - The often talked about VACM optimization improvement was fixed again. 879 - mib2c handles augmentation tables better now. 880 - Various 64 bit issues have been addressed. 881 882*5.0.8* 883 New: 884 - No new features will be added to the 5.0.x line. 885 886 Ports: 887 - Update libtool to version 1.4.3, for the benefit of Darwin 888 - diskio support for Darwin 889 - Updates for OpenBSD 3. 890 - Updates to solaris README 891 892 Fixes: 893 - find libwrap w/nsl on RedHat 894 - fix for openssl 0.9.7 895 - Fix some AgentX memory leaks 896 - use macro for inline function prototypes 897 - Attempt to find unused port before running tests 898 - Use SNMP_SLEEP environment variable when running tests 899 - calculate a proper ifSpeed under linux when possible 900 - better daemonization of snmpd 901 - close and reopen snmptrapd log files on HUP 902 - support for 16 bit reuqest ids 903 - Recognize new 't' code in display hints 904 - misc other fixes 905 906*5.0.7* 907 New: 908 - VACM (access control) optimizations which will greatly benefit 909 people who wish to exclude large portions of the MIB tree from 910 some people. Previously this was a large resource drain. 911 - Add command line option to snmpd to set syslog facility 912 - Reverse DISPLAY-HINT processing, i.e. it allows you to input data 913 formatted like a DISPLAY-HINT prescribes 914 - Support setting of sysDescr and sysObjectID via snmpd.conf 915 configuration directives 916 - New output option to force display of strings as hex 917 - Persistent directory can be specified at runtime 918 - Add support for Linux virtual interfaces in the ipAddressTable. 919 - implemented the mteEventTable and the mteEventNotificationTable 920 form the DISMAN-EVENT-MIB. 921 922 Fixes: 923 - AgentX no longer flagged as experimental 924 - A few memory leak fixes for the table_iterator agent API. 925 - Processed flag cleared before each pass of a set request 926 - Remove snmpd pid file on exit 927 - Restore default behaviour of building shared libraries 928 - misc other fixes 929 930*5.0.6* 931 932 Fixes: 933 - prevent denial of service attack from authenticated users 934 (really this time). 935 - misc other fixes 936 937*5.0.5* 938 939 New: 940 - Support for OpenSSL 0.9.7 941 - Beginning of support for AES encryption. 942 ( Currently only usable with Net-SNMP and OpenSNMP software. ) 943 944 Ports: 945 - win32 new project files win32sdk.dsw for those with the win32 946 platform sdk. 947 - win32 builds should work properly again, minus callbacks and thus 948 AgentX. 949 950 Fixes: 951 - Several AgentX (the subagent protocol) specific bugs have been fixed 952 - prevent denial of service attack from authenticated users 953 - many many misc fixes 954 - The perl agent module plugin should now work. 955 - Many other perl module related fixes. 956 - net-snmp-config --ldflags properly supplies -L flags 957 - misc make test fixes and improvements. 958 959*5.0.4* 960 961 During the testing for release 5.0.4, a release candidate was uploaded 962 to Sourceforge and marked as hidden. For various reasons, the release 963 was delayed and further changes and fixes were made. However, the 964 release candidate files still appeared on the public FTP server and our 965 mirrors. To avoid the confusion that could occur to users who may have 966 downloaded this release candidate, we are bumping the revision number 967 to 5.0.5. If you downloaded net-snmp-5.0.4.tar.gz, please upgrade 968 to net-snmp-5.0.5.tar.gz. 969 970*5.0.3* 971 972 New: 973 - the "dist" directory contains the beginnings of some init 974 scripts and packaging utilities. 975 976 Ports: 977 - win32 builds should work properly again. 978 979 Fixes: 980 - the 5.0.2 package had a few broken packaging problems. Opps. 981 - a few misc fixes. 982 983 Perl: 984 - the perl modules should work with older versions of perl again. 985 986*5.0.2* 987 988 New: 989 - mib2c support for the old-4.X style api and for scalars. 990 - many improvements to the netsh shell environment. 991 992 Fixes: 993 - tcpwrappers support should work significantly better. 994 - NFS file systems are better supported in the hrStorageTable 995 - the memory reporting no longer accidentally reports -1 integers 996 - a few memory leaks fixed in the table_iterator API 997 - fixes for Sun's "make" 998 - ds_ prefix name-space protection (-> netsnmp_ds_) 999 (run configure with --enable-ucd-compatibility for old API) 1000 - v1/v2c access control fixes for ipv6 addresses 1001 - many many misc fixes 1002 1003 Perl: 1004 - The perl modules have a number of fixes, and the build process 1005 was fixed (again). 1006 - all make test suites should pass for people now. 1007 (there are still some known minor limitations, but we removed the tests) 1008 1009*5.0.1* 1010 1011 New: 1012 - A new flag: -OQ which does quick printing (-Oq), but with an '=' sign. 1013 - All output should now have type tags in front of them. 1014 (STRING: and INTEGER: were added) 1015 - the snmplib/mib.c file has been instrumented with doxygen comments. 1016 - two new mib2c configuration files for generating column and enum defines. 1017 - a agent coding example: agent/mibgroup/examples/notification.c 1018 1019 Perl: 1020 - the SNMP perl module properly uses snmp.conf values as defaults. 1021 - --with-perl should work this time. 1022 - more embedded perl support, but it still isn't complete yet. 1023 (the NetSNMP::OID module has received many new features) 1024 1025 Ports: 1026 - added vmstat and memory support for hpux11 1027 - other misc improvements for hpux11 1028 1029 Fixes: 1030 - the agent should properly handle requests in the right order. 1031 (e.g., restrict the agent to processing only one SET at a time) 1032 - net-snmp-config --compile-subagent has been greatly improved. 1033 - the tools should report the right version number. 1034 - large /proc/stat files on linux shouldn't crash the agent. 1035 - the smux module should handle multiple registrations better. 1036 - various documentation clean ups. 1037 - 64 bit address clean ups. 1038 - misc other bug fixes. 1039 1040*5.0* 1041 1042 New: 1043 1044 - Much of the agent internals were completely rewritten and sports 1045 a new module API to make your life easier. See the 1046 agent/mibgroup/examples directory for example code that makes 1047 use of some of the new functionality. 1048 (Also see http://www.net-snmp.org/tutorial-5/agent/ which has 1049 some incomplete documentation) 1050 - The agent sports embedded perl, see the perl details further below. 1051 - The agent supports multiple SNMPv3 contexts and mib modules can 1052 now register themselves under different contexts. (see the -n 1053 option in the snmpcmd manual page for details on specifying 1054 context strings in requests) 1055 - The proxy code has been completely rewritten and now supports 1056 the use of SNMPv3 contexts to help select which proxied host you 1057 wish to talk to. See the snmpd.conf manual page. 1058 - All the tools take --configToken=value options now. (see -H 1059 output from any command for what configTokens it accepts) 1060 - All the tools can speak over many different transport layers 1061 now, including UDP/TCP (ipv4 and ipv6), AAL5pvc, and IPX. See 1062 ./configure --help for details on enabling them. 1063 Note: the -p and -T flags to all the applications have been 1064 removed. Use hostname strings like "tcp:localhost:9999" 1065 instead. See the snmpcmd manual page for details. 1066 - snmptrapd now acts as an agentx subagent and implements portions 1067 of the NOTIFICATION-LOG-MIB to allow captured traps and informs 1068 to be queried. 1069 - A "net-snmp-config" script will get installed which can report 1070 how the various tools were built (which libraries they were 1071 linked against, etc). It will also help you do other things as 1072 well, like setting up snmpv3. Run net-snmp-config --help for details. 1073 - kerberos authenticated and encrypted SNMPv3 is now possible. 1074 See ./configure --help for details on enabling the ksm security module. 1075 - The AgentX subagent protocol implementation has many new 1076 features and fixes. 1077 - mib2c was completely rewritten and has a much improved 1078 configuration file specification. 1079 - Much of the code is getting documented with "doxygen" style 1080 documentation. Run "make docs" if you have doxygen installed. 1081 - some RMON support is available. 1082 (See agent/mibgroup/Rmon/README for details.) 1083 - The source tree has been reorganized and all the exported header 1084 files are now in the include subdirectory. You can now point to 1085 the includes easily without having to run "make install" first. 1086 - the agent now requires a configuration file to access any information. 1087 - The entire code base has had indent run on it to effect a 1088 consistent coding style. See the CodingStyle file for details. 1089 1090 Perl: 1091 1092 - The SNMP perl module now calls init_snmp() like real net-snmp 1093 applications, which means it will read snmp.conf configuration 1094 files, etc. 1095 - new perl specific configure options --with-perl-modules & 1096 --enable-embedded-perl. See ./configure --help for details. 1097 - The beginnings of some new Perl modules (alpha level quality) 1098 are in the perl directory, including: 1099 - NetSNMP::agent which allows perl scripts to become net-snmp 1100 master or subagents 1101 - AnyData::SNMP is available that implements a perl DBI 1102 interface to map SQL commands to SNMP. Included is a "netsh" 1103 shell where SQL commands can be typed, aliases created, etc. 1104 See the perl/AnyData_SNMP/INSTALL file for details. 1105 - Beginning (alpha level quality) support for embedding perl 1106 subroutines directly within the net-snmp agent. 1107 1108UCD-SNMP NEWS: 1109 1110*4.2.6* 1111 Big fixes: 1112 - Fixes to the Tunnel mib. 1113 - Deprecated the non-raw objects in the system stats MIB portion. 1114 - Testing harness fixes. 1115 - Network file system improvements fro the hrStorageTable. 1116 - fixed snmptable. 1117 - fixed the memory table (again) locking to 2^31 in value. 1118 - Misc documentation fixes and clean-ups. 1119 - Many other misc fixes. 1120 1121*4.2.5* 1122 Bug fixes: 1123 - The perl module actually works. Sorry about that. 1124 - don't overwrite the PID of an already-running snmpd with the PID 1125 of an abortive snmpd. 1126 - a 64 bit architecture socket fix 1127 - smux authentication fixed for multiple connected sessions. 1128 - dynamic module support testing in the configure 1129 - memory values > 32bits are now reported as a maxed out 32bit number 1130 1131*4.2.4* 1132 New: 1133 - badCommunityNames and badCommunityUses Counters supported. 1134 - tcp_wrappers support for snmptrapd. 1135 1136 Bug fixes: 1137 - A security issue involving the snmpnetstat command accepting 1138 illegal data from a faked snmp server. 1139 - RPM library support fixes. 1140 - shared libraries built by default. 1141 - many bug fixes for conformance of target, notification, and vacm tables 1142 - many other fixes. 1143 1144 Ports: 1145 - HPUX 11 1146 - Dynix/PTX 4.4 1147 - The snmpd demon can properly run as a windows service 1148 1149*4.2.3* 1150 New: 1151 - sysLocation, sysContact, sysName and snmpEnableAuthenTraps are 1152 persistent after being set remotely. 1153 - New "ignoredisk" directive to ignore disks in the host resources mib. 1154 1155 Bug Fixes: 1156 - The ifTable on Linux no longer reports duplicate interfaces. 1157 - perl scripts print better error messages if needed modules 1158 aren't available. 1159 - trap sinks aren't duplicated after a SIGHUP. 1160 - misc other fixes. 1161 1162 Ports: 1163 - improved irix support. 1164 - more mibII support for windows. 1165 1166*4.2.2* 1167 Security Bug Fixes: 1168 - A few security bugs have been found and fixed. No known exploits 1169 have been released to date. However, users are encouraged to 1170 upgrade to the 4.2.2 release as soon as possible. 1171 1172 Bug fixes: 1173 - many misc bug fixes. 1174 - misc documentation corrections. 1175 - updated libtool to 1.4. This fixes a couple of platforms (eg, NetBSD). 1176 1177 Ports: 1178 - mibII support for win32 1179 - It should compile and work on MacOS X (Darwin) 1180 - udpTable supported on solaris. 1181 - win32 borland compiler supported (see win32/config.h.borland) 1182 1183 New: 1184 - tkmib supports SETs and saving of configuration data. 1185 - snmpwalk detects out of order OIDs being returned from an agent. 1186 - snmpset accepts the '=' sign for a datatype if the mib is 1187 available to extract the datatype from instead. 1188 1189*4.2.1* 1190 Administrative: 1191 - The http://www.net-snmp.org/ web site and domain name is now active. 1192 - Copyright statement for changes beyond 4.2 is now a true BSD license. 1193 (see the COPYING file for details) 1194 1195 Major Bug fixes: 1196 - AgentX master agent no longer crashes when a subagent disconnects. 1197 - counter64 encoding fixed. 1198 - oids with large numbers embedded in them should work properly (again). 1199 - Fixed behavior of agent_check_and_process() and alarms. 1200 - mib2c handles more variable types. 1201 - traps/informs are sent properly from agentx subagents. 1202 - many many more bug fixes have gone into this release. 1203 1204 New: 1205 - The snmpconf configuration file editor can create snmptrapd.conf files. 1206 - AgentX support is compiled in by default, but must be configured now. 1207 (Add "master on" to your snmpd.conf file to enable agentx support) 1208 1209*4.2* 1210 1211 Administrative: 1212 - project services moved to http://www.net-snmp.org/project/ 1213 1214 Features: 1215 - Packets sequences are now shorter when possible, reducing packet sizes. 1216 - A new configuration file creation tool: snmpconf. 1217 (try snmpconf -g basic_setup) 1218 - A new command to remotely list disk space: snmpdf. 1219 - the agent VACM tables are now writable. 1220 - a new snmpvacm tool can be used to change the running vacm configuration. 1221 - dynamicly loadable mib module support for the agent. 1222 (see snmpd.conf on the dlmod directive) 1223 - minimal proxy support for snmpd 1224 (see snmpd.conf on the proxy directive) 1225 - libtool is now used to compile the package (better shared-library support) 1226 - the agent now supports the SNMP-NOTIFICATION-MIB. 1227 (enabled by default). 1228 - the agent can set trapsink using snmpcmd command line style parameters 1229 (see the trapsess section of the snmpd.conf manual page) 1230 - index matching in oids has been improved 1231 (see the snmpcmd manual page on -Ox, -OE, and -Ob). 1232 - snmptrapd has new formatting directives. 1233 (see the snmptrapd manual page on format1 and format2). 1234 - the agent can listen to multiple ports. 1235 - the agent can be restricted to listening on only certain interfaces. 1236 - the agent can be told at run time which mib modules (not) to initialize. 1237 (see the -I option in the snmpd.conf manual page) 1238 - the agent can run as a particular user. 1239 - snmptable takes a -Ci argument to show table indices. 1240 - snmptable uses GETBULK requests when it can (unless -CB is specified). 1241 - The "make test" suite contains a lot of new tests. 1242 - cross-compiling support. 1243 - snmpset checks types and range values for legality. 1244 - Significant improvements to the AgentX support. 1245 (Code is still beta, but probably safe for use on non-critical systems). 1246 1247 Perl: 1248 - bulkwalk functionality for the SNMP perl module. 1249 - entirely numeric OID support. 1250 - support for best guess mode for OIDs. 1251 - range and default value access added. 1252 - build can now be targeted against a non-standard net-snmp install path. 1253 1254 Fixes: 1255 - v3 traps/informs handled properly now. 1256 - Many more misc bug fixes. 1257 - snmpv3 engineIDs not IP address specific. 1258 1259*4.1.2* 1260 Fixes: 1261 - Host resources fixes for FreeBSD and NetBSD 1262 - ucd-snmp memory/vmstat fixes for FreeBSD-3 1263 - configure --enable-ipv6 fixes 1264 - AIX fix (use knlist) 1265 - fix init_master_agent calling exit 1266 - bad free in subagent.c 1267 - dont let a agentx subagent be a smux master 1268 - ucd-snmp/loadave fix for AIX 1269 - fix doing a set on a pass variable 1270 - snmptable fixes 1271 - snmpnetstat fixes for v2c exceptions 1272 - man page fixes 1273 1274 Features: 1275 - Some UnixWare 5 configuration support 1276 - configure --enable-mini-agent --without-openssl 1277 - snmptrapd -n 1278 - snmp_log callbacks 1279 - noTokenWarnings and noRangeCheck in snmp.conf 1280 - using a counter type in snmpset/snmptrap 1281 1282*4.1.1* 1283 Fixes: 1284 - Better agent handling of unauthorized requests. 1285 - Better "make test" support. 1286 - Misc bug fixes. 1287 1288*4.1* 1289 New: 1290 - Many new command line flags have been added for input/output flexibility. 1291 (see the snmpcmd(1) manual page on the -O flag and -I flag) 1292 - The tools support regex matching of oids on the command line. 1293 (see the snmpcmd(1) manual page on the -Ib option) 1294 - A ucd-snmp usage tutorial has been placed on the main web page. 1295 (see http://www.net-snmp.org/tutorial/) 1296 - snmptable is much smarter and handles sparse tables better. 1297 - tkmib supports snmpv3. 1298 - New agent libraries to embed SNMP and AgentX agents into other programs. 1299 (see the snmp_agent_api(3) manual page and the tutorial) 1300 - SNMP over TCP is supported. 1301 (-T TCP on the command lines) 1302 - OpenSSL has replaced KMT for SHA authentication and DES encryption. 1303 (Get OpenSSL from http://www.openssl.org/). 1304 - Some easier-to-use access-control snmpd.conf directives for simple setups. 1305 (see the snmpd.conf(5) manual page) 1306 - Easier setup of SNMPv3 support for the agent. 1307 (see the README.snmpv3 file). 1308 - Command line argument parsing has been reworked for getopt() use. 1309 (currently backwards compatible; see the snmpcmd(1) manual page) 1310 - Table rows with embedded strings are dealt with for both input and output. 1311 (see the snmpcmd(1) manual on the -Ob flag) 1312 - Many more snmp.conf directives supported. 1313 (see the snmp.conf(5) manual page) 1314 - Many AgentX improvements. 1315 - All of our distributed mibs have been updated to be SMIv2 compliant. 1316 - Trap support in the agent has been cleaned up and an API created. 1317 1318 Perl: 1319 - Joe Marzot's perl module is now included with the ucd-snmp source. 1320 (this should help people trying to synchronize the two packages) 1321 1322 Fixes: 1323 - SMUX support has been reintegrated into the agent in a better way. 1324 - Many many others. 1325 1326*4.0.1* 1327 New: 1328 - defVersion in snmp.conf supported. 1329 Fixes: 1330 - An option was accidentally turned on by default that shouldn't have been. 1331 - misc minor fixes. 1332 1333*4.0* 1334 New: 1335 - SNMPv3 protocol support!!! 1336 (See the README.snmpv3, snmpusm(1), snmp.conf(5), snmpd.conf(5)) 1337 - historic v2party support removed. 1338 - complete re-write of the agent. 1339 - The extensible AgentX protocol is in alpha-test mode. 1340 (to use, compile with the mib-module "agentx" or 1341 "agentx/master" or "agentx/client"). 1342 - syslog support for the agent (and everything else for that matter). 1343 - Per-process/per-exec-script based fix scripts implemented. 1344 (see snmpd.conf(5) for details) 1345 - many more config file options supported. 1346 (run any command with -H and see appropriate .conf manual pages) 1347 - The start of a "make test" suite. 1348 - many other things we've forgotten. 1349 - code is ANSI C now, and requires a ANSI C compiler. 1350 1351 API Changes: 1352 - A small change to the write functions in mib modules. 1353 (data passed in has already be BER-decoded and is a pointer to a 1354 variable of the correct type). 1355 - The config_load_mib mib-module .h file directive is now 1356 obsolete. Use REGISTER_MIB inside your init function instead. 1357 1358*3.6.2* 1359 Fixes: 1360 - An important multi-session bug fix, especially needed for the 1361 SNMP perl module. 1362 - Many minor bug fixes. 1363 1364*3.6.1* 1365 Fixes: 1366 - Minor last second fixes mostly. 1367 1368*3.6* 1369 New: 1370 - All of the services for ucd-snmp have moved from the sites in 1371 ece.ucdavis.edu to ucd-snmp.ucdavis.edu, including http, ftp, 1372 and the mailing lists. 1373 - The configure --help output has been greatly improved for better 1374 readability and has been broken into sections. 1375 - The agent's SMUX support has been greatly improved and should 1376 function with applications other than gated now. 1377 - The snmptrapd has been make extensible so you can call other 1378 programs and scripts when a trap has been received. 1379 (see snmptrapd.conf(5)) 1380 - More configuration files have been created and can be used to 1381 specify defaults and configuration information to the various 1382 applications. Run each command with -H to see what it understands. 1383 (see snmp_config(5), snmpd.conf(5), snmp.conf(5), snmptrapd.conf(5)) 1384 - The configuration file parser looks in ~/.snmp by default as 1385 well, allowing each user to have his/her own setup files for the 1386 various applications. 1387 - The mib parser supports a variety of options dictating how 1388 strictly it parses mib files. 1389 (see snmpcmd.1 on "-P") 1390 - Debugging output with the -D flag now accepts a list of 1391 debugging information types to print. 1392 (see snmpcmd.1 on "-D") 1393 - Minimal multi-thread support using a modified version of the 1394 session API. 1395 (see snmp_sess_api(3)) 1396 - persistent storage of information is possible from the agent's 1397 mib modules now. 1398 (see read_config(3)) 1399 - The target mib has been implemented as an optional module. 1400 - More documentation has been written. 1401 - The recommended mib module API has changed slightly, but is 1402 backwards compatible as well. See the AGENT.txt file for new 1403 documentation on how to write mib modules for the agent. 1404 1405 Fixes: 1406 - many misc bug fixes, as always. 1407 1408 Ports: 1409 - snmpnetstat has been ported to the win32 environment. 1410 1411*3.5.3* 1412 - Bug fixes, including row creation sets to mib modules should work again. 1413 1414*3.5.2* 1415 - very small last minute bug fixes for win32 and freebsd mostly. 1416 1417*3.5.1* 1418 1419 Fixes: 1420 - Many bug fixes submitted by users and the ucd-snmp-coders. 1421 - v2party support in the agent has been fixed. 1422 - The UCD-SNMP-MIB is SMICng compliant and should work under HP OV better. 1423 - Most sections of the mibII tree are 64bit clean. 1424 1425 Copyright: 1426 - Simplification. 1427 1428*3.5* 1429 1430 New: 1431 - agent/mibgroup directory reorganized hierarchically. 1432 - this may break the agent compilation with some compilers. 1433 - floats, doubles, counter64s, int64s, uint64s support via opaque types. 1434 - new modules: misc/ipfwacc. 1435 - use of dynamicly loadable modules now possible, but not fully supported. 1436 - New application command line flags: -s, -S, -m MIBS, -M MIBDIRS. 1437 - new configure options: --with-cc=CC and --with-cflags=CFLAGS 1438 1439 Fixes: 1440 - Solaris core dumps. 1441 - Fixes for NetBSD 1.3. 1442 - The apps work again on 64bit machines. 1443 - misc other bug fixes. 1444 1445 Ports: 1446 - host resources module should work on more platforms: NetBSD, 1447 FreeBSD, SunOS (almost). 1448 1449*3.4* 1450 1451 Important: 1452 - the UCD-SNMP specific mib structure changed. 1453 - many of the table oids have changed location and have been renamed. 1454 - the View Based Access Control module was implemented in the agent. 1455 Therefore, the "community" snmpd.conf parameter no longer 1456 exists. See the snmpd.conf file for how to control access via 1457 community names now. 1458 - The header file #defines have changed. You may have to compile 1459 third party applications with -DCMU_COMPATIBLE (like perl-SNMP <= V1.7). 1460 - The parser is more strict about unlinked OIDs and end-of-comment 1461 conditions. You may see problems in a few broken mibs that used 1462 to parse ok with the older parser. 1463 1464 New: 1465 - dynamic library support: configure with --enable-shared. 1466 - the beginnings of a Perl/Tk/SNMP mib browser: tkmib 1467 - all applications support -R for random oid-name lookups. 1468 - default mib list changes when you add or remove agent mib-groups. 1469 - debugging in the agent can be turned on and off using snmpsets. 1470 - a new mib module displays a list of all loaded mib modules. 1471 - the internal structure of the agent's mib modules is now hierarchical. 1472 - the agent looks for .conf files in both the lib/ and share/ directories. 1473 - more improvements/options to snmptable. 1474 - new vmstat module to report vmstat related information under linux. 1475 - a perl based mib2c translator to convert mib sections to C code templates. 1476 1477 Fixes: 1478 - The code was run through purify for memory leaks and a few were found. 1479 - snmptrap sends to the correct default port of 162 again. 1480 1481 Ports: 1482 - irix 6.2 support improved. 1483 - openbsd. 1484 - the host resources mib compiles on Solaris. 1485 1486*3.3.1* 1487 1488 New: 1489 - "make install" installs the library and header files. 1490 1491 Fixes: 1492 - compilation on many architectures (sunos for example). 1493 - snmptrapd doesn't exit if v2party files don't exist. 1494 - host resources works a bit better (ie, it compiles) under solaris. 1495 1496 1497*3.3* 1498 1499 Path changes: 1500 - the default paths to the installed mibs and snmpd.conf file have 1501 changed to /usr/local/share/snmp (set differently using --datadir). 1502 - the default path of the snmpd and snmptrapd have changed to 1503 /usr/local/sbin (set differently using --sbindir). 1504 1505 New: 1506 - basic SNMPV2c support. 1507 - Not fully tested (feedback please!), and not RFC compliant. 1508 - all apps require '-v 2c' for v2c and '-v 2p' for the older party code. 1509 - basic host-resources mib support for linux, and hpux. 1510 - All environment variables can be set with a preceding '+' for 1511 indicating additions to the default values. 1512 - mib modules cleaned up more and can be added and removed more easily. 1513 - mib modules have a new macro for callbacks when reading a .conf file. 1514 - apps command line interfaces have merged together for standardization. 1515 - the libsnmp library no longer forces printing of errors. 1516 - 2 new applications: snmpdelta and snmptable. 1517 - the mib parser caches mib directory scans for speed improvements. 1518 - snmptrapd is snmp-version multi-lingual. 1519 1520 Ported: 1521 - irix should be more complete. 1522 - aix 4.1.5. 1523 - fixes for hpux 10.20. 1524 - linux 2.1.x support. 1525 - library and apps supported under 32bit windows systems. 1526 1527 Fixes: 1528 - too numerous to mention. 1529 1530*3.2* 1531 1532 New: 1533 - Top level of the mib parser has been restructured 1534 - no longer reads 'mib.txt' 1535 - no longer reads everything (MIBS/MIBDIRS) 1536 - reads import clauses to load other required modules 1537 - new man page: mib_api.3 1538 - The agent has been completely restructured (modularized) to 1539 allow for easier extension via C code and requires no 1540 modification of the ucd-snmp distributed source code to add in 1541 new C coded mib modules. See the README file in the 1542 agent/mibgroup subdirectory for details. Modules are added and/or 1543 removed via configure options. 1544 - agent can send traps to multiple trap destinations. 1545 - configure can be run outside the default source directory. 1546 - Optional modules: SMUX support to talk with a running gated. 1547 - All configure prompted questions can be set on the command line instead. 1548 1549 Fixes: 1550 - Memory leaks. 1551 - code is now prototyped and many related bugs have been found. 1552 (an ANSI compiler is still optional.) 1553 - Many others. 1554 1555 Ported: 1556 - linux-2.* 1557 - mips-sgi-irix6.3 (agent needs 2 mib-modules removed still) 1558 1559*3.1.3* 1560 1561 New: 1562 - FAQ file! 1563 - bug-report script! 1564 - Agent can read .conf files from more places: 1565 - SNMPCONFPATH environment variable. 1566 - command line options: -c FILE and -C. 1567 - Agent can send coldstart and authentication traps. 1568 - All requests/patches/questions should go to 1569 ucd-snmp-coders@ece.ucdavis.edu 1570 - snmp variables mib implemented. 1571 - more udp, ip, ipNetToMedia tables implemented. 1572 1573 Fixes: 1574 - Memory leaks. 1575 - Many other system specific fixes. 1576 1577 Misc: 1578 - configure script updated to autoconf 2.12. 1579 1580 Removed: 1581 - Very ancient tk/tcl code. 1582 1583*3.1.2* 1584 1585 New: 1586 - extensible mib moved to ucdavis enterprise mib: .1.3.6.1.4.1.2021. 1587 - PORTING file added. 1588 - new configure switch: --without-root-access. 1589 1590 Ports: 1591 - BSDi, and possibly irix, and linux is not too far off. 1592 - massive improvements for netbsd, freebsd, hpux. 1593 1594 Fixes: 1595 - Massive parser improvements. (Niels Baggesen <recnba@mediator.uni-c.dk>) 1596 - configure script upgraded to autoconf 2.11. 1597 1598*3.1.1* 1599 1600 New: 1601 - init_mib() now reads all files in PREFIX/lib/snmp/mibs as mibs. 1602 - sysContact and sysLocation settable in snmpd.conf. 1603 - TC information retained (from Joe Marzot). 1604 1605 Fixes: 1606 - snmpset on a pass script works now. 1607 - pass scripts more throughly tested and debugged. 1608 - community 5 can be set now. 1609 - Many others. 1610 1611*3.1.0.1* 1612 1613 Ported: 1614 - FreeBSD 2.? 1615 1616 Fixes: 1617 - snmptrap greatly improved! (Niels Baggesen <recnba@mediator.uni-c.dk>) 1618 - other small stuff. 1619 - default logfile location moved to /var/log if exists, else /usr/adm. 1620 1621 New: 1622 - snmptrap man page. (Niels Baggesen <recnba@mediator.uni-c.dk>) 1623 1624*3.1* 1625 1626 Features: 1627 - Pass thru extensibility added! 1628 - snmpnetstat greatly improved (Niels Baggesen <recnba@mediator.uni-c.dk>) 1629 - improved solaris info caching (Dan A. Dickey <ddickey@transition.com>) 1630 1631 Bug fixes: 1632 - many fixes for solaris (Niels Baggesen <recnba@mediator.uni-c.dk> 1633 and "Dan A. Dickey" <ddickey@transition.com>) 1634 - greatly reduced memory usage by mib parser (Niels Baggesen) 1635 - disk checks fixed for solaris and osf. 1636 - improved Mib parsing from Mike Perik <mikep@crt.com> 1637 - TRAP-TYPE/NOTIFICATION-TYPE now handled. 1638 - IMPORTS definition no longer required. 1639 - SIZE syntax fixed. 1640 - sedscript compiles correctly with Solaris's spro compiler. 1641 - many more small ones. 1642 1643 Misc: 1644 - Upgraded to autoconf-2.10 1645 1646*3.0.7.2* 1647 1648 Major solaris patches from Niels Baggesen <recnba@mediator.uni-c.dk>. Thanks! 1649 Other misc patches 1650 1651*3.0.7.1* 1652 1653 Bug fixes. 1654 1655*3.0.7* 1656 1657 Features: 1658 - Two new operating systems supported: hppa1.1-hp-hpux10.01, *-netbsd1.1 1659 - Two new ./configure options: 1660 --enable-debugging: includes nlist and other warnings in log-file output. 1661 --with-defaults: Assumes you want the defaults for all user prompts. 1662 1663 Bug fixes: 1664 - make clean in man/ works. 1665 - Fixed the mib.txt capitalization problem. 1666 - Fixed a gcc cpp problem (added -x c to the command line options). 1667 - Added NULL to the second gettimeofday argument. 1668 1669 Misc: 1670 - Upgraded to autoconf-2.9 1671 - snmpcheck upgraded to perl5.002 and Tk-b10 1672 - totally re-did the routing tables (required by hpux10.01). 1673 1674*3.0.6* 1675 1676 Features: 1677 - snmpV1 community names can be set in the configuration files now! 1678 - new app: apps/snmptrap, as requested by many, many people. 1679 - New man page (rough still): snmpd.conf.5. 1680 - Returns new values for system.sysObjectID for each supported OS. 1681 - Better OpenView support for changing the icons & etc. See ov/README. 1682 1683 Bug fixes. 1684 - -p PORT -l LOGFILE now work as advertised. 1685 - printed values of timeticks are no longer negative. 1686 - Correctly finds the Solaris 2.5 kernel. 1687 - the restart-agent mib entry now sets an 1 second alarm to 1688 restart so it can return a proper snmp response first. 1689 - Truncates existing logfiles. 1690 - nlist warnings removed. 1691 - more... (see the ChangeLog) 1692 1693*3.0.5* 1694 1695 Bug fixes: 1696 - 'make' should not call 'autoconf' and associates anymore. 1697 - Fixed sun4 exit codes. Really. 1698 - Changed config.h a bit to fix the mib.txt file's errors when 1699 some mibs were not defined for usage. 1700 1701 Misc: 1702 - Updated configure to autoconf 2.7 1703 1704*3.0.4* 1705 1706 Mainly a bug fix release: 1707 - fixed another 32/64 bit problem: returned exit codes on alphas 1708 were incorrect. 1709 - many system errors (e.g., no mem) were causing the agent to 1710 return error flags when it really was clueless. 1711 - found a memory leak in the CMU routing table implementation. 1712 - More configure cleanups, mostly for Solaris. 1713 - snmp_open calls getservbyname only once now, at the request of Gary 1714 Hayward <gah@dirac.bellcore.com>. Mainly for Perl users. 1715 1716 New example file: EXAMPLE.conf file (created at build time). 1717 1718 local/snmpcheck has drastically improved, and now requires Tk-b8. 1719 1720 You can now mung with all sorts of numbers in config.h and the 1721 mib.txt file will be mostly built from it if you change my defaults. 1722 1723*3.0.3* 1724 1725 *** default location for .conf and mib.txt files moved to 1726 .configure's --prefix location 1727 1728 Now using GNU's auto-conf for better portability 1729 - prompts for important config.h information as well 1730 1731 Port to Sun4/Solaris 2.4 1732 1733 -h/--help and -v/--version flags added to snmpd 1734 1735*3.0.2.1* 1736 1737 Compilation bug fix 1738 1739*3.0.2* 1740 1741 Port to dec-alpha/OSF 3.1 1742 - quite a few more CMU bugs found during port. 1743 1744 (docs/snmpd.1) Beginnings of documentation/man pages. 1745 1746 (local/snmpcheck) Many changes/improvements. Still very (usable) Beta. 1747 1748 (NEWS) Added this file! 1749 1750*3.0.1* 1751 1752 (agent/snmpd) 1753 2 Command line options added: 1754 -l LOGFILE Outputs stderr/out to LOGFILE (overrides config.h def) 1755 -L Do NOT write to a log file (overrides config.h) 1756 1757 (agent/snmpd) 1758 New built in mib functions: 1759 MIB.VERSIONMIBNUM.VERUPDATECONFIG (default: .1.3.6.1.4.10.100.11) 1760 -- set to 'integer:1' to tell the agent to re-read the config file(s). 1761 1762 MIB.VERSIONMIBNUM.VERRESTARTAGENT (default: .1.3.6.1.4.10.100.12) 1763 -- set to 'integer:1' to tell the agent to restart (exec and quits) 1764 1765 Bug fixes/more CMU clean up 1766 1767*3.0* 1768 1769 Initial (public) Release 1770