Tibbe, David
2016-12-13 09:06:10 UTC
Hi all,
I'm using Net-SNMP V5.7.0 on Windows as a proxy for my own SNMP agent. Recently, I've observed some issues that look like Net-SNMP is muddling up in this scenario.. To investigate the issue, I've setup the following scenario:
Host A, 192.168.10.58: SNMP monitoring application and Wireshark to get the packages send to/from Net-SNMP to the monitoring application Host B, 192.168.10.92: Net-SNMP proxy host Host C, 192.168.10.75: My agent and Wireshark to get the packages from/to Net-SNMP from my application
The snmpd.conf looks like this:
com2sec public default public
group worldGroup v1 public
group worldGroup v2c public
view myView included .1.3.6.1.2.1.1.1
view myView included .1.3.6.1.4.1
view myView excluded .1.3.6.1.4.1.8072
view myView excluded .1.3.6.1.4.1.2021
view myView included .1.3.6.1.4.1.35600
view myView included .1.3.6.1.6.3.1.1.6
access worldGroup "" any noauth exact myView none none
proxy -v 2c -c public 192.168.10.75:1161 .1.3.6.1.4.1. 35600 master on agentaddress 161
The goal is to proxy all requests to the enterprise OID 35600 to my agent. Other OIDs need not to be answered, but .1.3 itself must be answered in order to make the monitoring app querying further OIDs.
In the Wireshark trace on host A, I can see a get-net-request for OID .1.3.6.1.4.1.35600.4.4.2.2.3.2.1 and request-id 1610726619. The get-response for this id is for OID 1.3.6.1.6.3.1.1.6.1.0 and I cannot see a request for this OID in Wireshark on Host C.
So for me it looks as if Net-SNMP is jumbling with the requests here and does not forward the request to the real agent. Instead, it answers the request with its own next OID.
During my analysis, it seemed as if this only happens when there are multiple requests coming to Net-SNMP at one time. If I query .1.3.6.1.4.1.35600.4.4.2.2.3.2.1 when there are no requests from the monitoring app, I'm getting the correct answer and thus, I can see also the requests towards my own agent on Host C.
I tried using another SNMP proxy and that one worked fine. So the issue must be caused by Net-SNMP.
The proxy is necessary as it also does SNMPv3-to-SNMPv2 conversion if required.
Questions:
* Does anybody have observed similar issues?
* Is there anything in my configuration faulty so that Net-SNMP answers the get-next-request itself rather that proxying it?
* Is there a ore recent official binary version of Net-SNMP than 5.7.0?
Thanks & BR,
David
I'm using Net-SNMP V5.7.0 on Windows as a proxy for my own SNMP agent. Recently, I've observed some issues that look like Net-SNMP is muddling up in this scenario.. To investigate the issue, I've setup the following scenario:
Host A, 192.168.10.58: SNMP monitoring application and Wireshark to get the packages send to/from Net-SNMP to the monitoring application Host B, 192.168.10.92: Net-SNMP proxy host Host C, 192.168.10.75: My agent and Wireshark to get the packages from/to Net-SNMP from my application
The snmpd.conf looks like this:
com2sec public default public
group worldGroup v1 public
group worldGroup v2c public
view myView included .1.3.6.1.2.1.1.1
view myView included .1.3.6.1.4.1
view myView excluded .1.3.6.1.4.1.8072
view myView excluded .1.3.6.1.4.1.2021
view myView included .1.3.6.1.4.1.35600
view myView included .1.3.6.1.6.3.1.1.6
access worldGroup "" any noauth exact myView none none
proxy -v 2c -c public 192.168.10.75:1161 .1.3.6.1.4.1. 35600 master on agentaddress 161
The goal is to proxy all requests to the enterprise OID 35600 to my agent. Other OIDs need not to be answered, but .1.3 itself must be answered in order to make the monitoring app querying further OIDs.
In the Wireshark trace on host A, I can see a get-net-request for OID .1.3.6.1.4.1.35600.4.4.2.2.3.2.1 and request-id 1610726619. The get-response for this id is for OID 1.3.6.1.6.3.1.1.6.1.0 and I cannot see a request for this OID in Wireshark on Host C.
So for me it looks as if Net-SNMP is jumbling with the requests here and does not forward the request to the real agent. Instead, it answers the request with its own next OID.
During my analysis, it seemed as if this only happens when there are multiple requests coming to Net-SNMP at one time. If I query .1.3.6.1.4.1.35600.4.4.2.2.3.2.1 when there are no requests from the monitoring app, I'm getting the correct answer and thus, I can see also the requests towards my own agent on Host C.
I tried using another SNMP proxy and that one worked fine. So the issue must be caused by Net-SNMP.
The proxy is necessary as it also does SNMPv3-to-SNMPv2 conversion if required.
Questions:
* Does anybody have observed similar issues?
* Is there anything in my configuration faulty so that Net-SNMP answers the get-next-request itself rather that proxying it?
* Is there a ore recent official binary version of Net-SNMP than 5.7.0?
Thanks & BR,
David