parent
50cbbbf506
commit
5adc16a159
@ -0,0 +1,163 @@
|
|||||||
|
From 9a0cd7c00947d5e1c6ceb54558d454f87c3b8341 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Bill Fenner <fenner@gmail.com>
|
||||||
|
Date: Tue, 24 Aug 2021 07:55:00 -0700
|
||||||
|
Subject: [PATCH] CHANGES: snmpd: recover SET status from delegated request
|
||||||
|
|
||||||
|
Reported by: Yu Zhang of VARAS@IIE, Nanyu Zhong of VARAS@IIE
|
||||||
|
Fixes by: Arista Networks
|
||||||
|
|
||||||
|
When a SET request includes a mix of delegated and
|
||||||
|
non-delegated requests (e.g., objects handled by master
|
||||||
|
agent and agentx sub-agent), the status can get lost while
|
||||||
|
waiting for the reply from the sub-agent. Recover the status
|
||||||
|
into the session from the requests even if it has already
|
||||||
|
been processed.
|
||||||
|
---
|
||||||
|
agent/snmp_agent.c | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/agent/snmp_agent.c b/agent/snmp_agent.c
|
||||||
|
index 84fbb42b47..095ee70985 100644
|
||||||
|
--- a/agent/snmp_agent.c
|
||||||
|
+++ b/agent/snmp_agent.c
|
||||||
|
@@ -2965,7 +2965,7 @@ netsnmp_check_requests_status(netsnmp_agent_session *asp,
|
||||||
|
if (requests->status != SNMP_ERR_NOERROR &&
|
||||||
|
(!look_for_specific || requests->status == look_for_specific)
|
||||||
|
&& (look_for_specific || asp->index == 0
|
||||||
|
- || requests->index < asp->index)) {
|
||||||
|
+ || requests->index <= asp->index)) {
|
||||||
|
asp->index = requests->index;
|
||||||
|
asp->status = requests->status;
|
||||||
|
}
|
||||||
|
From 67ebb43e9038b2dae6e74ae8838b36fcc10fc937 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Bill Fenner <fenner@gmail.com>
|
||||||
|
Date: Wed, 30 Jun 2021 14:00:28 -0700
|
||||||
|
Subject: [PATCH] CHANGES: snmpd: fix bounds checking in NET-SNMP-AGENT-MIB,
|
||||||
|
NET-SNMP-VACM-MIB, SNMP-VIEW-BASED-ACM-MIB, SNMP-USER-BASED-SM-MIB
|
||||||
|
|
||||||
|
Reported by: Yu Zhang of VARAS@IIE, Nanyu Zhong of VARAS@IIE
|
||||||
|
Fixes by: Arista Networks
|
||||||
|
---
|
||||||
|
agent/mibgroup/agent/nsLogging.c | 6 ++++++
|
||||||
|
agent/mibgroup/agent/nsVacmAccessTable.c | 16 ++++++++++++++--
|
||||||
|
agent/mibgroup/mibII/vacm_vars.c | 3 +++
|
||||||
|
agent/mibgroup/snmpv3/usmUser.c | 2 --
|
||||||
|
4 files changed, 23 insertions(+), 4 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/agent/mibgroup/agent/nsLogging.c b/agent/mibgroup/agent/nsLogging.c
|
||||||
|
index 9abdeb5bb7..7f4290490a 100644
|
||||||
|
--- a/agent/mibgroup/agent/nsLogging.c
|
||||||
|
+++ b/agent/mibgroup/agent/nsLogging.c
|
||||||
|
@@ -147,6 +147,8 @@ handle_nsLoggingTable(netsnmp_mib_handler *handler,
|
||||||
|
continue;
|
||||||
|
logh = (netsnmp_log_handler*)netsnmp_extract_iterator_context(request);
|
||||||
|
table_info = netsnmp_extract_table_info(request);
|
||||||
|
+ if (!table_info || !table_info->indexes)
|
||||||
|
+ continue;
|
||||||
|
|
||||||
|
switch (table_info->colnum) {
|
||||||
|
case NSLOGGING_TYPE:
|
||||||
|
@@ -201,6 +203,8 @@ handle_nsLoggingTable(netsnmp_mib_handler *handler,
|
||||||
|
}
|
||||||
|
logh = (netsnmp_log_handler*)netsnmp_extract_iterator_context(request);
|
||||||
|
table_info = netsnmp_extract_table_info(request);
|
||||||
|
+ if (!table_info || !table_info->indexes)
|
||||||
|
+ continue;
|
||||||
|
|
||||||
|
switch (table_info->colnum) {
|
||||||
|
case NSLOGGING_TYPE:
|
||||||
|
@@ -394,6 +398,8 @@ handle_nsLoggingTable(netsnmp_mib_handler *handler,
|
||||||
|
continue;
|
||||||
|
logh = (netsnmp_log_handler*)netsnmp_extract_iterator_context(request);
|
||||||
|
table_info = netsnmp_extract_table_info(request);
|
||||||
|
+ if (!table_info || !table_info->indexes)
|
||||||
|
+ continue;
|
||||||
|
|
||||||
|
switch (table_info->colnum) {
|
||||||
|
case NSLOGGING_TYPE:
|
||||||
|
diff --git a/agent/mibgroup/agent/nsVacmAccessTable.c b/agent/mibgroup/agent/nsVacmAccessTable.c
|
||||||
|
index cc61fce7e6..6c43210074 100644
|
||||||
|
--- a/agent/mibgroup/agent/nsVacmAccessTable.c
|
||||||
|
+++ b/agent/mibgroup/agent/nsVacmAccessTable.c
|
||||||
|
@@ -170,9 +170,13 @@ nsVacmAccessTable_handler(netsnmp_mib_handler *handler,
|
||||||
|
entry = (struct vacm_accessEntry *)
|
||||||
|
netsnmp_extract_iterator_context(request);
|
||||||
|
table_info = netsnmp_extract_table_info(request);
|
||||||
|
+ if (!table_info || !table_info->indexes)
|
||||||
|
+ continue;
|
||||||
|
|
||||||
|
/* Extract the authType token from the list of indexes */
|
||||||
|
idx = table_info->indexes->next_variable->next_variable->next_variable->next_variable;
|
||||||
|
+ if (idx->val_len >= sizeof(atype))
|
||||||
|
+ continue;
|
||||||
|
memset(atype, 0, sizeof(atype));
|
||||||
|
memcpy(atype, (char *)idx->val.string, idx->val_len);
|
||||||
|
viewIdx = se_find_value_in_slist(VACM_VIEW_ENUM_NAME, atype);
|
||||||
|
@@ -212,6 +216,8 @@ nsVacmAccessTable_handler(netsnmp_mib_handler *handler,
|
||||||
|
entry = (struct vacm_accessEntry *)
|
||||||
|
netsnmp_extract_iterator_context(request);
|
||||||
|
table_info = netsnmp_extract_table_info(request);
|
||||||
|
+ if (!table_info || !table_info->indexes)
|
||||||
|
+ continue;
|
||||||
|
ret = SNMP_ERR_NOERROR;
|
||||||
|
|
||||||
|
switch (table_info->colnum) {
|
||||||
|
@@ -247,6 +253,8 @@ nsVacmAccessTable_handler(netsnmp_mib_handler *handler,
|
||||||
|
* Extract the authType token from the list of indexes
|
||||||
|
*/
|
||||||
|
idx = table_info->indexes->next_variable->next_variable->next_variable->next_variable;
|
||||||
|
+ if (idx->val_len >= sizeof(atype))
|
||||||
|
+ continue;
|
||||||
|
memset(atype, 0, sizeof(atype));
|
||||||
|
memcpy(atype, (char *)idx->val.string, idx->val_len);
|
||||||
|
viewIdx = se_find_value_in_slist(VACM_VIEW_ENUM_NAME, atype);
|
||||||
|
@@ -294,8 +302,10 @@ nsVacmAccessTable_handler(netsnmp_mib_handler *handler,
|
||||||
|
idx = idx->next_variable; model = *idx->val.integer;
|
||||||
|
idx = idx->next_variable; level = *idx->val.integer;
|
||||||
|
entry = vacm_createAccessEntry( gName, cPrefix, model, level );
|
||||||
|
- entry->storageType = ST_NONVOLATILE;
|
||||||
|
- netsnmp_insert_iterator_context(request, (void*)entry);
|
||||||
|
+ if (entry) {
|
||||||
|
+ entry->storageType = ST_NONVOLATILE;
|
||||||
|
+ netsnmp_insert_iterator_context(request, (void*)entry);
|
||||||
|
+ }
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
@@ -321,6 +331,8 @@ nsVacmAccessTable_handler(netsnmp_mib_handler *handler,
|
||||||
|
|
||||||
|
/* Extract the authType token from the list of indexes */
|
||||||
|
idx = table_info->indexes->next_variable->next_variable->next_variable->next_variable;
|
||||||
|
+ if (idx->val_len >= sizeof(atype))
|
||||||
|
+ continue;
|
||||||
|
memset(atype, 0, sizeof(atype));
|
||||||
|
memcpy(atype, (char *)idx->val.string, idx->val_len);
|
||||||
|
viewIdx = se_find_value_in_slist(VACM_VIEW_ENUM_NAME, atype);
|
||||||
|
diff --git a/agent/mibgroup/mibII/vacm_vars.c b/agent/mibgroup/mibII/vacm_vars.c
|
||||||
|
index 469a1eba59..62c9a3d051 100644
|
||||||
|
--- a/agent/mibgroup/mibII/vacm_vars.c
|
||||||
|
+++ b/agent/mibgroup/mibII/vacm_vars.c
|
||||||
|
@@ -997,6 +997,9 @@ access_parse_oid(oid * oidIndex, size_t oidLen,
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
groupNameL = oidIndex[0];
|
||||||
|
+ if ((groupNameL + 1) > (int) oidLen) {
|
||||||
|
+ return 1;
|
||||||
|
+ }
|
||||||
|
contextPrefixL = oidIndex[groupNameL + 1]; /* the initial name length */
|
||||||
|
if ((int) oidLen != groupNameL + contextPrefixL + 4) {
|
||||||
|
return 1;
|
||||||
|
diff --git a/agent/mibgroup/snmpv3/usmUser.c b/agent/mibgroup/snmpv3/usmUser.c
|
||||||
|
index 0f52aaba49..0edea53cfb 100644
|
||||||
|
--- a/agent/mibgroup/snmpv3/usmUser.c
|
||||||
|
+++ b/agent/mibgroup/snmpv3/usmUser.c
|
||||||
|
@@ -1505,8 +1505,6 @@ write_usmUserStatus(int action,
|
||||||
|
if (usmStatusCheck(uptr)) {
|
||||||
|
uptr->userStatus = RS_ACTIVE;
|
||||||
|
} else {
|
||||||
|
- SNMP_FREE(engineID);
|
||||||
|
- SNMP_FREE(newName);
|
||||||
|
return SNMP_ERR_INCONSISTENTVALUE;
|
||||||
|
}
|
||||||
|
} else if (long_ret == RS_CREATEANDWAIT) {
|
||||||
|
|
@ -0,0 +1,43 @@
|
|||||||
|
diff -urNp a/agent/mibgroup/if-mib/data_access/interface_linux.c b/agent/mibgroup/if-mib/data_access/interface_linux.c
|
||||||
|
--- a/agent/mibgroup/if-mib/data_access/interface_linux.c 2024-07-16 10:05:43.294653089 +0200
|
||||||
|
+++ b/agent/mibgroup/if-mib/data_access/interface_linux.c 2024-07-16 10:23:55.392041022 +0200
|
||||||
|
@@ -609,7 +609,6 @@ netsnmp_arch_interface_container_load(ne
|
||||||
|
{
|
||||||
|
FILE *devin;
|
||||||
|
char line[256];
|
||||||
|
- netsnmp_interface_entry *entry = NULL;
|
||||||
|
static char scan_expected = 0;
|
||||||
|
int fd;
|
||||||
|
int interfaces = 0;
|
||||||
|
@@ -690,6 +689,7 @@ netsnmp_arch_interface_container_load(ne
|
||||||
|
* and retrieve (or create) the corresponding data structure.
|
||||||
|
*/
|
||||||
|
while (fgets(line, sizeof(line), devin)) {
|
||||||
|
+ netsnmp_interface_entry *entry = NULL;
|
||||||
|
char *stats, *ifstart = line;
|
||||||
|
u_int flags;
|
||||||
|
oid if_index;
|
||||||
|
@@ -733,8 +733,13 @@ netsnmp_arch_interface_container_load(ne
|
||||||
|
* ip version is to look for ip addresses. If anyone
|
||||||
|
* knows a better way, put it here!
|
||||||
|
*/
|
||||||
|
-#ifdef NETSNMP_ENABLE_IPV6
|
||||||
|
if_index = netsnmp_arch_interface_index_find(ifstart);
|
||||||
|
+ if (if_index == 0) {
|
||||||
|
+ DEBUGMSGTL(("access:interface", "network interface %s is gone",
|
||||||
|
+ ifstart));
|
||||||
|
+ continue;
|
||||||
|
+ }
|
||||||
|
+#ifdef NETSNMP_ENABLE_IPV6
|
||||||
|
_arch_interface_has_ipv6(if_index, &flags, addr_container);
|
||||||
|
#endif
|
||||||
|
netsnmp_access_interface_ioctl_has_ipv4(fd, ifstart, 0, &flags, &ifc);
|
||||||
|
@@ -752,7 +757,7 @@ netsnmp_arch_interface_container_load(ne
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
|
||||||
|
- entry = netsnmp_access_interface_entry_create(ifstart, 0);
|
||||||
|
+ entry = netsnmp_access_interface_entry_create(ifstart, if_index);
|
||||||
|
if(NULL == entry) {
|
||||||
|
#ifdef NETSNMP_ENABLE_IPV6
|
||||||
|
netsnmp_access_ipaddress_container_free(addr_container, 0);
|
@ -0,0 +1,120 @@
|
|||||||
|
From f5ae6baf0018abda9dedc368fe6d52c0d7a8ab8f Mon Sep 17 00:00:00 2001
|
||||||
|
From: Philippe Troin <phil+github-commits@fifi.org>
|
||||||
|
Date: Sat, 3 Feb 2024 10:30:30 -0800
|
||||||
|
Subject: [PATCH] Add Linux 6.7 compatibility parsing /proc/net/snmp
|
||||||
|
|
||||||
|
Linux 6.7 adds a new OutTransmits field to Ip in /proc/net/snmp.
|
||||||
|
This breaks the hard-coded assumptions about the Ip line length.
|
||||||
|
Add compatibility to parse Linux 6.7 Ip header while keep support
|
||||||
|
for previous versions.
|
||||||
|
---
|
||||||
|
.../ip-mib/data_access/systemstats_linux.c | 46 +++++++++++++++----
|
||||||
|
1 file changed, 37 insertions(+), 9 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/agent/mibgroup/ip-mib/data_access/systemstats_linux.c b/agent/mibgroup/ip-mib/data_access/systemstats_linux.c
|
||||||
|
index 49e0a34d5c..f04e828a94 100644
|
||||||
|
--- a/agent/mibgroup/ip-mib/data_access/systemstats_linux.c
|
||||||
|
+++ b/agent/mibgroup/ip-mib/data_access/systemstats_linux.c
|
||||||
|
@@ -36,7 +36,7 @@ netsnmp_access_systemstats_arch_init(void)
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
- /proc/net/snmp
|
||||||
|
+ /proc/net/snmp - Linux 6.6 and lower
|
||||||
|
|
||||||
|
Ip: Forwarding DefaultTTL InReceives InHdrErrors InAddrErrors ForwDatagrams InUnknownProtos InDiscards InDelivers OutRequests OutDiscards OutNoRoutes ReasmTimeout ReasmReqds ReasmOKs ReasmFails FragOKs FragFails FragCreates
|
||||||
|
Ip: 2 64 7083534 0 0 0 0 0 6860233 6548963 0 0 1 286623 63322 1 259920 0 0
|
||||||
|
@@ -49,6 +49,26 @@ netsnmp_access_systemstats_arch_init(void)
|
||||||
|
|
||||||
|
Udp: InDatagrams NoPorts InErrors OutDatagrams
|
||||||
|
Udp: 1491094 122 0 1466178
|
||||||
|
+*
|
||||||
|
+ /proc/net/snmp - Linux 6.7 and higher
|
||||||
|
+
|
||||||
|
+ Ip: Forwarding DefaultTTL InReceives InHdrErrors InAddrErrors ForwDatagrams InUnknownProtos InDiscards InDelivers OutRequests OutDiscards OutNoRoutes ReasmTimeout ReasmReqds ReasmOKs ReasmFails FragOKs FragFails FragCreates OutTransmits
|
||||||
|
+ Ip: 1 64 50859058 496 0 37470604 0 0 20472980 7515791 1756 0 0 7264 3632 0 3548 0 7096 44961424
|
||||||
|
+
|
||||||
|
+ Icmp: InMsgs InErrors InCsumErrors InDestUnreachs InTimeExcds InParmProbs InSrcQuenchs InRedirects InEchos InEchoReps InTimestamps InTimestampReps InAddrMasks InAddrMaskReps OutMsgs OutErrors OutRateLimitGlobal OutRateLimitHost OutDestUnreachs OutTimeExcds OutParmProbs OutSrcQuenchs OutRedirects OutEchos OutEchoReps OutTimestamps OutTimestampReps OutAddrMasks OutAddrMaskReps
|
||||||
|
+ Icmp: 114447 2655 0 17589 0 0 0 0 66905 29953 0 0 0 0 143956 0 0 572 16610 484 0 0 0 59957 66905 0 0 0 0
|
||||||
|
+
|
||||||
|
+ IcmpMsg: InType0 InType3 InType8 OutType0 OutType3 OutType8 OutType11
|
||||||
|
+ IcmpMsg: 29953 17589 66905 66905 16610 59957 484
|
||||||
|
+
|
||||||
|
+ Tcp: RtoAlgorithm RtoMin RtoMax MaxConn ActiveOpens PassiveOpens AttemptFails EstabResets CurrEstab InSegs OutSegs RetransSegs InErrs OutRsts InCsumErrors
|
||||||
|
+ Tcp: 1 200 120000 -1 17744 13525 307 3783 6 18093137 9277788 3499 8 7442 0
|
||||||
|
+
|
||||||
|
+ Udp: InDatagrams NoPorts InErrors OutDatagrams RcvbufErrors SndbufErrors InCsumErrors IgnoredMulti MemErrors
|
||||||
|
+ Udp: 2257832 1422 0 2252835 0 0 0 84 0
|
||||||
|
+
|
||||||
|
+ UdpLite: InDatagrams NoPorts InErrors OutDatagrams RcvbufErrors SndbufErrors InCsumErrors IgnoredMulti MemErrors
|
||||||
|
+ UdpLite: 0 0 0 0 0 0 0 0 0
|
||||||
|
*/
|
||||||
|
|
||||||
|
|
||||||
|
@@ -101,10 +121,10 @@ _systemstats_v4(netsnmp_container* container, u_int load_flags)
|
||||||
|
FILE *devin;
|
||||||
|
char line[1024];
|
||||||
|
netsnmp_systemstats_entry *entry = NULL;
|
||||||
|
- int scan_count;
|
||||||
|
+ int scan_count, expected_scan_count;
|
||||||
|
char *stats, *start = line;
|
||||||
|
int len;
|
||||||
|
- unsigned long long scan_vals[19];
|
||||||
|
+ unsigned long long scan_vals[20];
|
||||||
|
|
||||||
|
DEBUGMSGTL(("access:systemstats:container:arch", "load v4 (flags %x)\n",
|
||||||
|
load_flags));
|
||||||
|
@@ -126,10 +146,17 @@ _systemstats_v4(netsnmp_container* container, u_int load_flags)
|
||||||
|
*/
|
||||||
|
NETSNMP_IGNORE_RESULT(fgets(line, sizeof(line), devin));
|
||||||
|
len = strlen(line);
|
||||||
|
- if (224 != len) {
|
||||||
|
+ switch (len) {
|
||||||
|
+ case 224:
|
||||||
|
+ expected_scan_count = 19;
|
||||||
|
+ break;
|
||||||
|
+ case 237:
|
||||||
|
+ expected_scan_count = 20;
|
||||||
|
+ break;
|
||||||
|
+ default:
|
||||||
|
fclose(devin);
|
||||||
|
snmp_log(LOG_ERR, "systemstats_linux: unexpected header length in /proc/net/snmp."
|
||||||
|
- " %d != 224\n", len);
|
||||||
|
+ " %d not in { 224, 237 } \n", len);
|
||||||
|
return -4;
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -178,20 +205,20 @@ _systemstats_v4(netsnmp_container* container, u_int load_flags)
|
||||||
|
memset(scan_vals, 0x0, sizeof(scan_vals));
|
||||||
|
scan_count = sscanf(stats,
|
||||||
|
"%llu %llu %llu %llu %llu %llu %llu %llu %llu %llu"
|
||||||
|
- "%llu %llu %llu %llu %llu %llu %llu %llu %llu",
|
||||||
|
+ "%llu %llu %llu %llu %llu %llu %llu %llu %llu %llu",
|
||||||
|
&scan_vals[0],&scan_vals[1],&scan_vals[2],
|
||||||
|
&scan_vals[3],&scan_vals[4],&scan_vals[5],
|
||||||
|
&scan_vals[6],&scan_vals[7],&scan_vals[8],
|
||||||
|
&scan_vals[9],&scan_vals[10],&scan_vals[11],
|
||||||
|
&scan_vals[12],&scan_vals[13],&scan_vals[14],
|
||||||
|
&scan_vals[15],&scan_vals[16],&scan_vals[17],
|
||||||
|
- &scan_vals[18]);
|
||||||
|
+ &scan_vals[18],&scan_vals[19]);
|
||||||
|
DEBUGMSGTL(("access:systemstats", " read %d values\n", scan_count));
|
||||||
|
|
||||||
|
- if(scan_count != 19) {
|
||||||
|
+ if(scan_count != expected_scan_count) {
|
||||||
|
snmp_log(LOG_ERR,
|
||||||
|
"error scanning systemstats data (expected %d, got %d)\n",
|
||||||
|
- 19, scan_count);
|
||||||
|
+ expected_scan_count, scan_count);
|
||||||
|
netsnmp_access_systemstats_entry_free(entry);
|
||||||
|
return -4;
|
||||||
|
}
|
||||||
|
@@ -223,6 +250,7 @@ _systemstats_v4(netsnmp_container* container, u_int load_flags)
|
||||||
|
entry->stats.HCOutFragFails.high = scan_vals[17] >> 32;
|
||||||
|
entry->stats.HCOutFragCreates.low = scan_vals[18] & 0xffffffff;
|
||||||
|
entry->stats.HCOutFragCreates.high = scan_vals[18] >> 32;
|
||||||
|
+ /* entry->stats. = scan_vals[19]; / * OutTransmits */
|
||||||
|
|
||||||
|
entry->stats.columnAvail[IPSYSTEMSTATSTABLE_HCINRECEIVES] = 1;
|
||||||
|
entry->stats.columnAvail[IPSYSTEMSTATSTABLE_INHDRERRORS] = 1;
|
||||||
|
|
Loading…
Reference in new issue