aboutsummaryrefslogtreecommitdiffstats
path: root/lib
diff options
context:
space:
mode:
authorMicael Karlberg <[email protected]>2013-07-04 11:25:58 +0200
committerMicael Karlberg <[email protected]>2013-07-04 11:25:58 +0200
commite0fa927ff00f7e6a4b25664a10a379e20ab50407 (patch)
tree051a8e4d9168e8d369663ddcfb68fc9bb9fb5af0 /lib
parent8cece79b77952c991e62ae595bcf71cde016a052 (diff)
parenta6ba7a3327b146d8472b154cc8ba4544f9d4d0fe (diff)
downloadotp-e0fa927ff00f7e6a4b25664a10a379e20ab50407.tar.gz
otp-e0fa927ff00f7e6a4b25664a10a379e20ab50407.tar.bz2
otp-e0fa927ff00f7e6a4b25664a10a379e20ab50407.zip
Merge branch 'bmk/snmp/agent/fix_vacm_mask/OTP-11177' into bmk/snmp/snmp4241_integration/r16
Diffstat (limited to 'lib')
-rw-r--r--lib/snmp/doc/src/notes.xml74
-rw-r--r--lib/snmp/doc/src/snmp_agent_config_files.xml260
-rw-r--r--lib/snmp/src/agent/snmp_view_based_acm_mib.erl133
-rw-r--r--lib/snmp/src/app/snmp.appup.src12
-rw-r--r--lib/snmp/src/misc/snmp_conf.erl35
-rw-r--r--lib/snmp/vsn.mk2
6 files changed, 358 insertions, 158 deletions
diff --git a/lib/snmp/doc/src/notes.xml b/lib/snmp/doc/src/notes.xml
index 80de9738f1..9f668bf28a 100644
--- a/lib/snmp/doc/src/notes.xml
+++ b/lib/snmp/doc/src/notes.xml
@@ -34,6 +34,80 @@
<section>
+ <title>SNMP Development Toolkit 4.24.1</title>
+ <p>Version 4.24.1 supports code replacement in runtime from/to
+ version 4.24, 4.23.1 and 4.23. </p>
+
+ <section>
+ <title>Improvements and new features</title>
+ <p>-</p>
+
+<!--
+ <list type="bulleted">
+ <item>
+ <p>[agent,manager] Updated to support the new crypto interface. </p>
+ <p>Own Id: OTP-11009</p>
+ </item>
+
+ </list>
+-->
+
+ </section>
+
+ <section>
+ <title>Fixed Bugs and Malfunctions</title>
+<!--
+ <p>-</p>
+-->
+
+ <list type="bulleted">
+ <item>
+ <p>[agent] Reading the value of the vacmViewTreeFamilyMask returns
+ it in the wrong (internal bitlist) format. </p>
+ <p>The vacmViewTreeFamilyMask is defined as a bit string in the MIB
+ (OCTET STRING). Internally a bitlist (list of 1's and 0's,
+ see <seealso marker="snmp_agent_config_files#vacm">vacm config file</seealso>
+ for more info) is used.
+ However, the MIB implementation assumed the latter, effectively
+ rendering all attempts to read/set masks via SNMP unsuccessful. </p>
+ <p>Since the mask is used in hot paths (e.g. access permission checks
+ for each SNMP operation, the bitlist representation of the mask has
+ benefits (e.g. faster processing). Reading/writing the view mask
+ objects is less time-critical. Therefore, to fix the issue, convert
+ between the bitlist (internal) representation and bitstring
+ (external) when the vacmViewTreeFamilyMask objects are accessed. </p>
+ <p>Also, the check of the vacm config file was invalid with
+ regard to the mask value. It was assumed to be a proper oid, which
+ is not strictly the case (see bitlist above). </p>
+ <p>Own Id: OTP-11177</p>
+ <p>Stefan Zegenhagen</p>
+ </item>
+
+ </list>
+
+ </section>
+
+ <section>
+ <title>Incompatibilities</title>
+ <p>-</p>
+
+<!--
+ <list type="bulleted">
+ <item>
+ <p>[manager] The old Addr-and-Port based API functions, previously
+ long deprecated and marked for deletion in R16B, has now been
+ removed. </p>
+ <p>Own Id: OTP-10027</p>
+ </item>
+
+ </list>
+-->
+ </section>
+
+ </section> <!-- 4.24.1 -->
+
+
+ <section>
<title>SNMP Development Toolkit 4.24</title>
<p>Version 4.24 supports code replacement in runtime from/to
version 4.23.1 and 4.23. </p>
diff --git a/lib/snmp/doc/src/snmp_agent_config_files.xml b/lib/snmp/doc/src/snmp_agent_config_files.xml
index bd5c537522..866b00b77b 100644
--- a/lib/snmp/doc/src/snmp_agent_config_files.xml
+++ b/lib/snmp/doc/src/snmp_agent_config_files.xml
@@ -4,7 +4,7 @@
<chapter>
<header>
<copyright>
- <year>1997</year><year>2011</year>
+ <year>1997</year><year>2013</year>
<holder>Ericsson AB. All Rights Reserved.</holder>
</copyright>
<legalnotice>
@@ -32,13 +32,15 @@
<file>snmp_agent_config_files.xml</file>
</header>
<p>All configuration data must be included in configuration files
- that are located in the configuration directory. The name of this
- directory is given in the <c>config_dir</c> configuration
- parameter. These files are read at start-up, and are used to
- initialize the SNMPv2-MIB or STANDARD-MIB, SNMP-FRAMEWORK-MIB,
- SNMP-MPD-MIB, SNMP-VIEW-BASED-ACM-MIB, SNMP-COMMUNITY-MIB,
- SNMP-USER-BASED-SM-MIB, SNMP-TARGET-MIB and SNMP-NOTIFICATION-MIB
- (refer to the <seealso marker="snmp_agent_funct_descr#management">Management of the Agent</seealso> for a description of the MIBs). </p>
+ that are located in the configuration directory. The name of this
+ directory is given in the <c>config_dir</c> configuration
+ parameter. These files are read at start-up, and are used to
+ initialize the SNMPv2-MIB or STANDARD-MIB, SNMP-FRAMEWORK-MIB,
+ SNMP-MPD-MIB, SNMP-VIEW-BASED-ACM-MIB, SNMP-COMMUNITY-MIB,
+ SNMP-USER-BASED-SM-MIB, SNMP-TARGET-MIB and SNMP-NOTIFICATION-MIB
+ (refer to the
+ <seealso marker="snmp_agent_funct_descr#management">Management of the Agent</seealso>
+ for a description of the MIBs). </p>
<p>The files are: </p>
<list type="bulleted">
<item>
@@ -79,35 +81,35 @@
</item>
</list>
<p>The directory where the configuration files are found is given as
- a parameter to the agent. </p>
+ a parameter to the agent. </p>
<p>The entry format in all files are Erlang terms, separated by a
- '<em>.</em>' and a <em>newline</em>. In the following sections, the
- formats of these terms are described. Comments may be specified as
- ordinary Erlang comments. </p>
+ '<em>.</em>' and a <em>newline</em>. In the following sections, the
+ formats of these terms are described. Comments may be specified as
+ ordinary Erlang comments. </p>
<p>Syntax errors in these files are discovered and reported with the
- function <c>config_err/2</c> of the error report module at start-up. </p>
-
+ function <c>config_err/2</c> of the error report module at start-up. </p>
+
+ <marker id="agent_information"></marker>
+
<section>
- <marker id="agent_information"></marker>
<title>Agent Information</title>
<p>The agent information should be stored in a file called
- <c>agent.conf</c>.
- </p>
- <p>Each entry is a tuple of size two:
- </p>
+ <c>agent.conf</c>. </p>
+ <p>Each entry is a tuple of size two:</p>
<p><c>{AgentVariable, Value}.</c></p>
<list type="bulleted">
- <item><c>AgentVariable</c> is one of the variables is
- SNMP-FRAMEWORK-MIB or one of the internal variables
- <c>intAgentUDPPort</c>, which defines which UDP port the agent
- listens to, or <c>intAgentIpAddress</c>, which defines the IP
- address of the agent.
+ <item>
+ <p><c>AgentVariable</c> is one of the variables is
+ SNMP-FRAMEWORK-MIB or one of the internal variables
+ <c>intAgentUDPPort</c>, which defines which UDP port the agent
+ listens to, or <c>intAgentIpAddress</c>, which defines the IP
+ address of the agent. </p>
</item>
- <item><c>Value</c> is the value for the variable.
+ <item>
+ <p><c>Value</c> is the value for the variable.</p>
</item>
</list>
- <p>The following example shows a <c>agent.conf</c> file:
- </p>
+ <p>The following example shows a <c>agent.conf</c> file: </p>
<pre>
{intAgentUDPPort, 4000}.
{intAgentIpAddress,[141,213,11,24]}.
@@ -115,49 +117,47 @@
{snmpEngineMaxPacketSize, 484}.
</pre>
<p>The value of <c>snmpEngineID</c> is a string, which for a
- deployed agent should have a very specific structure. See
- RFC 2271/2571 for details.
- </p>
+ deployed agent should have a very specific structure. See
+ RFC 2271/2571 for details.</p>
+
+ <marker id="context"></marker>
</section>
<section>
- <marker id="context"></marker>
<title>Contexts</title>
<p>The context information should be stored in a file called
- <c>context.conf</c>. The default context <c>""</c>
- need not be present.
- </p>
+ <c>context.conf</c>. The default context <c>""</c>
+ need not be present.</p>
<p>Each row defines a context in the agent. This information is
- used in the table <c>vacmContextTable</c> in the
- SNMP-VIEW-BASED-ACM-MIB.
- </p>
- <p>Each entry is a term:
- </p>
+ used in the table <c>vacmContextTable</c> in the
+ SNMP-VIEW-BASED-ACM-MIB.</p>
+ <p>Each entry is a term:</p>
<p><c>ContextName.</c></p>
<list type="bulleted">
- <item><c>ContextName</c> is a string.
+ <item>
+ <p><c>ContextName</c> is a string.</p>
</item>
</list>
+
+ <marker id="system_information"></marker>
</section>
<section>
- <marker id="system_information"></marker>
<title>System Information</title>
<p>The system information should be stored in a file called
- <c>standard.conf</c>.
- </p>
- <p>Each entry is a tuple of size two:
- </p>
+ <c>standard.conf</c>.</p>
+ <p>Each entry is a tuple of size two:</p>
<p><c>{SystemVariable, Value}.</c></p>
<list type="bulleted">
- <item><c>SystemVariable</c> is one of the variables in the
- system group, or <c>snmpEnableAuthenTraps</c>.
+ <item>
+ <p><c>SystemVariable</c> is one of the variables in the
+ system group, or <c>snmpEnableAuthenTraps</c>. </p>
</item>
- <item><c>Value</c> is the value for the variable.
+ <item>
+ <p><c>Value</c> is the value for the variable. </p>
</item>
</list>
- <p>The following example shows a valid <c>standard.conf</c> file:
- </p>
+ <p>The following example shows a valid <c>standard.conf</c> file: </p>
<pre>
{sysDescr, "Erlang SNMP agent"}.
{sysObjectID, [1,2,3]}.
@@ -167,59 +167,60 @@
{snmpEnableAuthenTraps, enabled}.
</pre>
<p>A value must be provided for all variables, which lack default
- values in the MIB.
- </p>
+ values in the MIB. </p>
+
+ <marker id="community"></marker>
</section>
<section>
- <marker id="community"></marker>
<title>Communities</title>
<p>The community information should be stored in a file called
- <c>community.conf</c>. It must be present if the agent is
- configured for SNMPv1 or SNMPv2c.
- </p>
+ <c>community.conf</c>. It must be present if the agent is
+ configured for SNMPv1 or SNMPv2c. </p>
<p>An SNMP <em>community</em> is a relationship between an SNMP
agent and a set of SNMP managers that defines authentication, access
control and proxy characteristics. </p>
<p>The corresponding table is <c>snmpCommunityTable</c> in the
- SNMP-COMMUNITY-MIB. </p>
+ SNMP-COMMUNITY-MIB. </p>
<p>Each entry is a term: </p>
- <p><c>{CommunityIndex, CommunityName, SecurityName, ContextName, TransportTag}.</c></p>
+ <p><c>{CommunityIndex, CommunityName, SecurityName, ContextName, TransportTag}.</c> </p>
<list type="bulleted">
- <item><c>CommunityIndex</c> is a non-empty string.
+ <item>
+ <p><c>CommunityIndex</c> is a non-empty string.</p>
</item>
- <item><c>CommunityName</c> is a string.
+ <item>
+ <p><c>CommunityName</c> is a string.</p>
</item>
- <item><c>SecurityName</c> is a string.
+ <item>
+ <p><c>SecurityName</c> is a string.</p>
</item>
- <item><c>ContextName</c> is a string.
+ <item>
+ <p><c>ContextName</c> is a string.</p>
</item>
- <item><c>TransportTag</c> is a string.
+ <item>
+ <p><c>TransportTag</c> is a string.</p>
</item>
</list>
+
+ <marker id="vacm"></marker>
</section>
<section>
- <marker id="vacm"></marker>
<title>MIB Views for VACM</title>
<p>The information about MIB Views for VACM should be stored in a
- file called
- <c>vacm.conf</c>.
- </p>
+ file called <c>vacm.conf</c>.</p>
<p>The corresponding tables are <c>vacmSecurityToGroupTable</c>,
- <c>vacmAccessTable</c> and <c>vacmViewTreeFamilyTable</c> in the
- SNMP-VIEW-BASED-ACM-MIB.
- </p>
+ <c>vacmAccessTable</c> and <c>vacmViewTreeFamilyTable</c> in the
+ SNMP-VIEW-BASED-ACM-MIB.</p>
<p>Each entry is one of the terms, one entry corresponds to one
- row in one of the tables.
- </p>
+ row in one of the tables.</p>
<p><c>{vacmSecurityToGroup, SecModel, SecName, GroupName}.</c></p>
<p><c>{vacmAccess, GroupName, Prefix, SecModel, SecLevel, Match, ReadView, WriteView, NotifyView}.</c></p>
<p><c>{vacmViewTreeFamily, ViewIndex, ViewSubtree, ViewStatus, ViewMask}.</c></p>
<list type="bulleted">
<item>
<p><c>SecModel</c> is <c>any</c>, <c>v1</c>, <c>v2c</c>, or
- <c>usm</c>.</p>
+ <c>usm</c>.</p>
</item>
<item>
<p><c>SecName</c> is a string.</p>
@@ -232,7 +233,7 @@
</item>
<item>
<p><c>SecLevel</c> is <c>noAuthNoPriv</c>, <c>authNoPriv</c>,
- or <c>authPriv</c></p>
+ or <c>authPriv</c></p>
</item>
<item>
<p><c>Match</c> is <c>prefix</c> or <c>exact</c>.</p>
@@ -244,8 +245,7 @@
<p><c>WriteView</c> is a string.</p>
</item>
<item>
- <p><c>NotifyView</c> is a string.
- </p>
+ <p><c>NotifyView</c> is a string.</p>
</item>
<item>
<p><c>ViewIndex</c> is an integer.</p>
@@ -258,33 +258,29 @@
</item>
<item>
<p><c>ViewMask</c> is either <c>null</c> or a list of ones and
- zeros. Ones nominate that an exact match is used for this
- sub-identifier. Zeros are wild-cards which match any
- sub-identifier. If the mask is shorter than the sub-tree, the
- tail is regarded as all ones. <c>null</c> is shorthand for a
- mask with all ones.</p>
+ zeros. Ones nominate that an exact match is used for this
+ sub-identifier. Zeros are wild-cards which match any
+ sub-identifier. If the mask is shorter than the sub-tree, the
+ tail is regarded as all ones. <c>null</c> is shorthand for a
+ mask with all ones. </p>
</item>
</list>
+
+ <marker id="usm"></marker>
</section>
<section>
- <marker id="usm"></marker>
<title>Security data for USM</title>
<p>The information about Security data for USM should be stored in a
- file called
- <c>usm.conf</c>, which must be present if the agent is configured
- for SNMPv3.
- </p>
+ file called <c>usm.conf</c>, which must be present if the agent is
+ configured for SNMPv3. </p>
<p>The corresponding table is <c>usmUserTable</c> in the
- SNMP-USER-BASED-SM-MIB.
- </p>
- <p>Each entry is a term:
- </p>
+ SNMP-USER-BASED-SM-MIB.</p>
+ <p>Each entry is a term:</p>
<p><c>{EngineID, UserName, SecName, Clone, AuthP, AuthKeyC, OwnAuthKeyC, PrivP, PrivKeyC, OwnPrivKeyC, Public, AuthKey, PrivKey}.</c></p>
<list type="bulleted">
<item>
- <p><c>EngineID</c> is a string.
- </p>
+ <p><c>EngineID</c> is a string.</p>
</item>
<item>
<p><c>UserName</c> is a string.</p>
@@ -297,7 +293,7 @@
</item>
<item>
<p><c>AuthP</c> is a <c>usmNoAuthProtocol</c>,
- <c>usmHMACMD5AuthProtocol</c>, or <c>usmHMACSHAAuthProtocol</c>.</p>
+ <c>usmHMACMD5AuthProtocol</c>, or <c>usmHMACSHAAuthProtocol</c>.</p>
</item>
<item>
<p><c>AuthKeyC</c> is a string.</p>
@@ -307,7 +303,7 @@
</item>
<item>
<p><c>PrivP</c> is a <c>usmNoPrivProtocol</c>,
- <c>usmDESPrivProtocol</c> or <c>usmAesCfb128Protocol</c>.</p>
+ <c>usmDESPrivProtocol</c> or <c>usmAesCfb128Protocol</c>.</p>
</item>
<item>
<p><c>PrivKeyC</c> is a string.</p>
@@ -319,66 +315,59 @@
<p><c>Public</c> is a string.</p>
</item>
<item>
- <p><c>AuthKey</c> is a list (of integer). This is the User's secret
- localized authentication key. It is not visible in the MIB. The length
- of this key needs to be 16 if <c>usmHMACMD5AuthProtocol</c> is used, and
- 20 if <c>usmHMACSHAAuthProtocol</c> is used.</p>
+ <p><c>AuthKey</c> is a list (of integer). This is the User's secret
+ localized authentication key. It is not visible in the MIB. The length
+ of this key needs to be 16 if <c>usmHMACMD5AuthProtocol</c> is used,
+ and 20 if <c>usmHMACSHAAuthProtocol</c> is used.</p>
</item>
<item>
<p><c>PrivKey</c> is a list (of integer). This is the User's secret
- localized encryption key. It is not visible in the MIB. The length
- of this key needs to be 16 if <c>usmDESPrivProtocol</c> or
- <c>usmAesCfb128Protocol</c> is used.
- </p>
+ localized encryption key. It is not visible in the MIB. The length
+ of this key needs to be 16 if <c>usmDESPrivProtocol</c> or
+ <c>usmAesCfb128Protocol</c> is used. </p>
</item>
</list>
+
+ <marker id="notify"></marker>
</section>
<section>
- <marker id="notify"></marker>
<title>Notify Definitions</title>
<p>The information about Notify Definitions should be stored in a
- file called
- <c>notify.conf</c>.
- </p>
+ file called <c>notify.conf</c>. </p>
<p>The corresponding table is <c>snmpNotifyTable</c> in the
- SNMP-NOTIFICATION-MIB.
- </p>
- <p>Each entry is a term:
- </p>
+ SNMP-NOTIFICATION-MIB.</p>
+ <p>Each entry is a term:</p>
<p><c>{NotifyName, Tag, Type}.</c></p>
<list type="bulleted">
<item>
- <p><c>NotifyName</c> is a unique non-empty string.
- </p>
+ <p><c>NotifyName</c> is a unique non-empty string.</p>
</item>
<item>
- <p><c>Tag</c> is a string.
- </p>
+ <p><c>Tag</c> is a string.</p>
</item>
<item>
- <p><c>Type</c> is <c>trap</c> or <c>inform</c>.
- </p>
+ <p><c>Type</c> is <c>trap</c> or <c>inform</c>.</p>
</item>
</list>
+
+ <marker id="target_addr"></marker>
</section>
<section>
- <marker id="target_addr"></marker>
<title>Target Address Definitions</title>
<p>The information about Target Address Definitions should be
- stored in a file called <c>target_addr.conf</c>. </p>
+ stored in a file called <c>target_addr.conf</c>. </p>
<p>The corresponding tables are <c>snmpTargetAddrTable</c> in the
- SNMP-TARGET-MIB and <c>snmpTargetAddrExtTable</c> in the
- SNMP-COMMUNITY-MIB. </p>
+ SNMP-TARGET-MIB and <c>snmpTargetAddrExtTable</c> in the
+ SNMP-COMMUNITY-MIB. </p>
<p>Each entry is a term: </p>
<p><c>{TargetName, Ip, Udp, Timeout, RetryCount, TagList, ParamsName, EngineId}.</c> <br></br> or <br></br>
<c>{TargetName, Ip, Udp, Timeout, RetryCount, TagList, ParamsName, EngineId, TMask, MaxMessageSize}.</c> <br></br> or <br></br>
-<c>{TargetName, Domain, Ip, Udp, Timeout, RetryCount, TagList, ParamsName, EngineId, TMask, MaxMessageSize}.</c></p>
+<c>{TargetName, Domain, Ip, Udp, Timeout, RetryCount, TagList, ParamsName, EngineId, TMask, MaxMessageSize}.</c> </p>
<list type="bulleted">
<item>
- <p><c>TargetName</c> is a unique non-empty string.
- </p>
+ <p><c>TargetName</c> is a unique non-empty string. </p>
</item>
<item>
<p><c>Domain</c> is one of the atoms:
@@ -414,40 +403,37 @@
</item>
</list>
<p>Note that if <c>EngineId</c> has the value <c>discovery</c>,
- the agent cannot send
- <c>inform</c> messages to that manager until it has performed the
- <em>discovery</em> process with that manager. </p>
+ the agent cannot send
+ <c>inform</c> messages to that manager until it has performed the
+ <em>discovery</em> process with that manager. </p>
+
+ <marker id="target_params"></marker>
</section>
<section>
- <marker id="target_params"></marker>
<title>Target Parameters Definitions</title>
<p>The information about Target Parameters Definitions should be
- stored in a file called <c>target_params.conf</c>. </p>
+ stored in a file called <c>target_params.conf</c>. </p>
<p>The corresponding table is <c>snmpTargetParamsTable</c> in the
- SNMP-TARGET-MIB. </p>
+ SNMP-TARGET-MIB. </p>
<p>Each entry is a term: </p>
<p><c>{ParamsName, MPModel, SecurityModel, SecurityName, SecurityLevel}.</c></p>
<list type="bulleted">
<item>
- <p><c>ParamsName</c> is a unique non-empty string.
- </p>
+ <p><c>ParamsName</c> is a unique non-empty string. </p>
</item>
<item>
<p><c>MPModel</c> is <c>v1</c>, <c>v2c</c> or <c>v3</c></p>
</item>
<item>
- <p><c>SecurityModel</c> is <c>v1</c>, <c>v2c</c>, or <c>usm</c>.
- </p>
+ <p><c>SecurityModel</c> is <c>v1</c>, <c>v2c</c>, or <c>usm</c>.</p>
</item>
<item>
- <p><c>SecurityName</c> is a string.
- </p>
+ <p><c>SecurityName</c> is a string.</p>
</item>
<item>
<p><c>SecurityLevel</c> is <c>noAuthNoPriv</c>, <c>authNoPriv</c>
- or <c>authPriv</c>.
- </p>
+ or <c>authPriv</c>. </p>
</item>
</list>
</section>
diff --git a/lib/snmp/src/agent/snmp_view_based_acm_mib.erl b/lib/snmp/src/agent/snmp_view_based_acm_mib.erl
index ad9540e886..c0177b1cea 100644
--- a/lib/snmp/src/agent/snmp_view_based_acm_mib.erl
+++ b/lib/snmp/src/agent/snmp_view_based_acm_mib.erl
@@ -1,7 +1,7 @@
%%
%% %CopyrightBegin%
%%
-%% Copyright Ericsson AB 1999-2012. All Rights Reserved.
+%% Copyright Ericsson AB 1999-2013. All Rights Reserved.
%%
%% The contents of this file are subject to the Erlang Public License,
%% Version 1.1, (the "License"); you may not use this file except in
@@ -49,6 +49,14 @@
-endif.
+-type internal_view_mask() :: null | [internal_view_mask_element()].
+-type internal_view_mask_element() :: 0 | 1.
+
+-type external_view_mask() :: octet_string(). % At most length of 16 octet
+-type octet_string() :: [octet()].
+-type octet() :: byte().
+
+
%%-----------------------------------------------------------------
%% Func: configure/1
%% Args: Dir is the directory where the configuration files are found.
@@ -160,14 +168,7 @@ check_vacm({vacmViewTreeFamily, ViewName, Tree, Type, Mask}) ->
{ok, TypeVal} =
snmp_conf:check_atom(Type, [{included, ?view_included},
{excluded, ?view_excluded}]),
- MaskVal =
- case (catch snmp_conf:check_atom(Mask, [{null, []}])) of
- {error, _} ->
- snmp_conf:check_oid(Mask),
- Mask;
- {ok, X} ->
- X
- end,
+ {ok, MaskVal} = snmp_conf:check_imask(Mask),
Vacm = {ViewName, Tree, MaskVal, TypeVal,
?'StorageType_nonVolatile', ?'RowStatus_active'},
{ok, {vacmViewTreeFamily, Vacm}};
@@ -194,8 +195,8 @@ init_tabs(Sec2Group, Access, View) ->
ok.
init_sec2group_table([Row | T]) ->
-%% ?vtrace("init security-to-group table: "
-%% "~n Row: ~p",[Row]),
+ %% ?vtrace("init security-to-group table: "
+ %% "~n Row: ~p",[Row]),
Key1 = element(1, Row),
Key2 = element(2, Row),
Key = [Key1, length(Key2) | Key2],
@@ -953,13 +954,23 @@ verify_vacmViewTreeFamilyTable_col(?vacmViewTreeFamilySubtree, Tree) ->
wrongValue(?vacmViewTreeFamilySubtree)
end;
verify_vacmViewTreeFamilyTable_col(?vacmViewTreeFamilyMask, Mask) ->
+ %% Mask here is in the "external" format. That is, according
+ %% to the MIB, which means that its an OCTET STRING of max 16
+ %% octets.
+ %% We however store the mask as a list of 1's (exact) and
+ %% 0's (wildcard), which means we have to convert the mask.
case Mask of
- null -> [];
- [] -> [];
+ %% The Mask can only have this value if the vacmViewTreeFamilyTable
+ %% is called locally!
+ null ->
+ [];
+ [] ->
+ [];
_ ->
- case (catch snmp_conf:check_oid(Mask)) of
- ok ->
- Mask;
+ %% Check and convert to our internal format
+ case check_mask(Mask) of
+ {ok, IMask} ->
+ IMask;
_ ->
wrongValue(?vacmViewTreeFamilyMask)
end
@@ -977,6 +988,60 @@ verify_vacmViewTreeFamilyTable_col(_, Val) ->
Val.
+check_mask(Mask) when is_list(Mask) andalso (length(Mask) =< 16) ->
+ try
+ begin
+ {ok, emask2imask(Mask)}
+ end
+ catch
+ throw:{error, _} ->
+ {error, {bad_mask, Mask}};
+ T:E ->
+ {error, {bad_mask, Mask, T, E}}
+ end;
+check_mask(BadMask) ->
+ {error, {bad_mask, BadMask}}.
+
+-spec emask2imask(EMask :: external_view_mask()) ->
+ IMask :: internal_view_mask().
+
+%% Convert an External Mask (OCTET STRING) to Internal Mask (list of 0 or 1)
+emask2imask(EMask) ->
+ lists:flatten([octet2bits(Octet) || Octet <- EMask]).
+
+octet2bits(Octet)
+ when is_integer(Octet) andalso (Octet >= 16#00) andalso (16#FF >= Octet) ->
+ <<A:1, B:1, C:1, D:1, E:1, F:1, G:1, H:1>> = <<Octet>>,
+ [A, B, C, D, E, F, G, H];
+octet2bits(BadOctet) ->
+ throw({error, {bad_octet, BadOctet}}).
+
+-spec imask2emask(IMask :: internal_view_mask()) ->
+ EMask :: external_view_mask().
+
+%% Convert an Internal Mask (list of 0 or 1) to External Mask (OCTET STRING)
+imask2emask(IMask) ->
+ imask2emask(IMask, []).
+
+imask2emask([], EMask) ->
+ lists:reverse(EMask);
+imask2emask(IMask, EMask) ->
+ %% Make sure we have atleast 8 bits
+ %% (maybe extend with 1's)
+ IMask2 =
+ case length(IMask) of
+ Small when Small < 8 ->
+ IMask ++ lists:duplicate(8-Small, 1);
+ _ ->
+ IMask
+ end,
+ %% Extract 8 bits
+ [A, B, C, D, E, F, G, H | IMaskRest] = IMask2,
+ <<Octet:8>> = <<A:1, B:1, C:1, D:1, E:1, F:1, G:1, H:1>>,
+ imask2emask(IMaskRest, [Octet | EMask]).
+
+
+
table_next(Name, RestOid) ->
snmp_generic:table_next(db(Name), RestOid).
@@ -1014,11 +1079,41 @@ stc(vacmSecurityToGroupTable) -> ?vacmSecurityToGroupStorageType;
stc(vacmViewTreeFamilyTable) -> ?vacmViewTreeFamilyStorageType.
next(Name, RowIndex, Cols) ->
- snmp_generic:handle_table_next(db(Name), RowIndex, Cols,
- fa(Name), foi(Name), noc(Name)).
+ Result = snmp_generic:handle_table_next(db(Name), RowIndex, Cols,
+ fa(Name), foi(Name), noc(Name)),
+ externalize_next(Name, Result).
get(Name, RowIndex, Cols) ->
- snmp_generic:handle_table_get(db(Name), RowIndex, Cols, foi(Name)).
+ Result = snmp_generic:handle_table_get(db(Name), RowIndex, Cols,
+ foi(Name)),
+ externalize_get(Name, Cols, Result).
+
+
+externalize_next(Name, Result) when is_list(Result) ->
+ F = fun({[Col | _] = Idx, Val}) -> {Idx, externalize(Name, Col, Val)};
+ (Other) -> Other
+ end,
+ [F(R) || R <- Result];
+externalize_next(_, Result) ->
+ Result.
+
+
+externalize_get(Name, Cols, Result) when is_list(Result) ->
+ %% Patch returned values
+ F = fun({Col, {value, Val}}) -> {value, externalize(Name, Col, Val)};
+ ({_, Other}) -> Other
+ end,
+ %% Merge column numbers and return values. there must be as much
+ %% return values as there are columns requested. And then patch all values
+ [F(R) || R <- lists:zip(Cols, Result)];
+externalize_get(_, _, Result) ->
+ Result.
+
+externalize(vacmViewTreeFamilyTable, ?vacmViewTreeFamilyMask, Val) ->
+ imask2emask(Val);
+externalize(_, _, Val) ->
+ Val.
+
wrongValue(V) -> throw({wrongValue, V}).
diff --git a/lib/snmp/src/app/snmp.appup.src b/lib/snmp/src/app/snmp.appup.src
index 7ffa4a725d..106fed749d 100644
--- a/lib/snmp/src/app/snmp.appup.src
+++ b/lib/snmp/src/app/snmp.appup.src
@@ -22,6 +22,12 @@
%% ----- U p g r a d e -------------------------------------------------------
[
+ {"4.24",
+ [
+ {load_module, snmp_conf, soft_purge, soft_purge, []},
+ {load_module, snmp_view_based_acm_mib, soft_purge, soft_purge, [snmp_conf]}
+ ]
+ },
{"4.23.1", [{restart_application, snmp}]},
{"4.23", [{restart_application, snmp}]}
],
@@ -29,6 +35,12 @@
%% ------D o w n g r a d e ---------------------------------------------------
[
+ {"4.24",
+ [
+ {load_module, snmp_conf, soft_purge, soft_purge, []},
+ {load_module, snmp_view_based_acm_mib, soft_purge, soft_purge, [snmp_conf]}
+ ]
+ },
{"4.23.1", [{restart_application, snmp}]},
{"4.23", [{restart_application, snmp}]}
]
diff --git a/lib/snmp/src/misc/snmp_conf.erl b/lib/snmp/src/misc/snmp_conf.erl
index e1e7fab57b..46625989d5 100644
--- a/lib/snmp/src/misc/snmp_conf.erl
+++ b/lib/snmp/src/misc/snmp_conf.erl
@@ -1,7 +1,7 @@
%%
%% %CopyrightBegin%
%%
-%% Copyright Ericsson AB 1996-2012. All Rights Reserved.
+%% Copyright Ericsson AB 1996-2013. All Rights Reserved.
%%
%% The contents of this file are subject to the Erlang Public License,
%% Version 1.1, (the "License"); you may not use this file except in
@@ -50,6 +50,7 @@
check_packet_size/1,
check_oid/1,
+ check_imask/1, check_emask/1,
check_mp_model/1,
check_sec_model/1, check_sec_model/2, check_sec_model/3,
@@ -488,6 +489,7 @@ do_check_timer(WaitFor, Factor, Incr, Retry) ->
check_integer(Retry, {gte, 0}),
ok.
+
%% ---------
all_domains() ->
@@ -618,6 +620,37 @@ check_oid(X) ->
%% ---------
+%% Check a (view) mask in the internal form (all 0 and 1):
+check_imask(null) ->
+ {ok, []};
+check_imask(IMask) when is_list(IMask) ->
+ do_check_imask(IMask),
+ {ok, IMask}.
+
+do_check_imask([0|IMask]) ->
+ do_check_imask(IMask);
+do_check_imask([1|IMask]) ->
+ do_check_imask(IMask);
+do_check_imask([X|_]) ->
+ error({invalid_internal_mask_element, X}).
+
+
+%% Check a (view) mask in the external form (according to MIB,
+%% an OCTET STRING of at most length 16).
+check_emask(EMask) when is_list(EMask) andalso (length(EMask) =< 16) ->
+ do_check_emask(EMask).
+
+do_check_emask([]) ->
+ ok;
+do_check_emask([X|EMask])
+ when is_integer(X) andalso (X >= 16#00) andalso (X =< 16#FF) ->
+ do_check_emask(EMask);
+do_check_emask([X|_]) ->
+ error({invalid_external_mask_element, X}).
+
+
+%% ---------
+
all_integer([H|T]) when is_integer(H) -> all_integer(T);
all_integer([_H|_T]) -> false;
all_integer([]) -> true.
diff --git a/lib/snmp/vsn.mk b/lib/snmp/vsn.mk
index 0e48e7ea56..e987649e11 100644
--- a/lib/snmp/vsn.mk
+++ b/lib/snmp/vsn.mk
@@ -18,6 +18,6 @@
# %CopyrightEnd%
APPLICATION = snmp
-SNMP_VSN = 4.24
+SNMP_VSN = 4.24.1
PRE_VSN =
APP_VSN = "$(APPLICATION)-$(SNMP_VSN)$(PRE_VSN)"