aboutsummaryrefslogtreecommitdiffstats
path: root/lib/snmp/src
diff options
context:
space:
mode:
Diffstat (limited to 'lib/snmp/src')
-rw-r--r--lib/snmp/src/agent/snmpa_acm.erl26
-rw-r--r--lib/snmp/src/agent/snmpa_agent.erl5
-rw-r--r--lib/snmp/src/agent/snmpa_authentication_service.erl9
-rw-r--r--lib/snmp/src/agent/snmpa_conf.erl4
-rw-r--r--lib/snmp/src/agent/snmpa_mpd.erl44
-rw-r--r--lib/snmp/src/agent/snmpa_net_if.erl47
-rw-r--r--lib/snmp/src/agent/snmpa_trap.erl2
-rw-r--r--lib/snmp/src/misc/snmp_conf.erl31
8 files changed, 122 insertions, 46 deletions
diff --git a/lib/snmp/src/agent/snmpa_acm.erl b/lib/snmp/src/agent/snmpa_acm.erl
index 6ad4f0b442..b37c82429c 100644
--- a/lib/snmp/src/agent/snmpa_acm.erl
+++ b/lib/snmp/src/agent/snmpa_acm.erl
@@ -62,11 +62,13 @@
%% {error, Reason} |
%% {discarded, Variable, Reason}
%% Types: Pdu = #pdu
-%% ACMData = acm_data() = {community, Community, Address} |
-%% {v3, MsgID, SecModel, SecName, SecLevel,
-%% ContextEngineID, ContextName, SecData}
+%% ACMData = acm_data() =
+%% {community, SecModel, Community, TDomain, TAddress} |
+%% {v3, MsgID, SecModel, SecName, SecLevel,
+%% ContextEngineID, ContextName, SecData}
%% Community = string()
-%% Address = ip() ++ udp() (list)
+%% TDomain = ?transportDomainUdpIpv4 | ?transportDomainUdpIpv6
+%% TAddress = ip() ++ udp() (list)
%% MsgID = integer() <not used>
%% SecModel = ?SEC_* (see snmp_types.hrl)
%% SecName = string()
@@ -114,7 +116,10 @@ error2status(_) -> genErr.
%% discarded: no error response is sent
%% authentication_failure: no error response is sent, a trap is generated
%%-----------------------------------------------------------------
-init_ca(Pdu, {community, SecModel, Community, TAddr}) ->
+init_ca(Pdu, {community, SecModel, Community, TAddress}) ->
+ TDomain = snmp_conf:mk_tdomain(snmp_transport_mib:default_domain()),
+ init_ca(Pdu, {community, SecModel, Community, TDomain, TAddress});
+init_ca(Pdu, {community, SecModel, Community, TDomain, TAddress}) ->
%% This is a v1 or v2c request. Use SNMP-COMMUNITY-MIB to
%% map the community to vacm parameters.
?vtrace("check access for ~n"
@@ -126,18 +131,18 @@ init_ca(Pdu, {community, SecModel, Community, TAddr}) ->
_ -> read
end,
?vtrace("View type: ~p", [ViewType]),
- CaCacheKey = {Community, SecModel, TAddr, ViewType},
+ CaCacheKey = {Community, SecModel, TDomain, TAddress, ViewType},
case check_ca_cache(CaCacheKey) of
false ->
- case snmp_community_mib:community2vacm(Community,
- {?snmpUDPDomain,TAddr}) of
+ case snmp_community_mib:community2vacm(Community,
+ {TDomain, TAddress}) of
{SecName, _ContextEngineId, ContextName} ->
%% Maybe we should check that the contextEngineID
%% matches the local engineID?
%% It better, since we don't impl. proxy.
?vtrace("get mib view"
"~n Security name: ~p"
- "~n Context name: ~p",[SecName,ContextName]),
+ "~n Context name: ~p",[SecName, ContextName]),
case snmpa_vacm:get_mib_view(ViewType, SecModel, SecName,
?'SnmpSecurityLevel_noAuthNoPriv',
ContextName) of
@@ -153,7 +158,7 @@ init_ca(Pdu, {community, SecModel, Community, TAddr}) ->
end;
undefined ->
{authentication_failure, snmpInBadCommunityNames,
- {bad_community_name, TAddr, Community}}
+ {bad_community_name, TDomain, TAddress, Community}}
end;
Res ->
Res
@@ -219,6 +224,7 @@ upd_ca_cache(KeyVal) ->
invalidate_ca_cache() ->
erase(ca_cache).
+
%%-----------------------------------------------------------------
%% Func: check(Res) -> {ok, MibView} | {discarded, Variable, Reason}
%% Args: Res = {ok, AccessFunc} |
diff --git a/lib/snmp/src/agent/snmpa_agent.erl b/lib/snmp/src/agent/snmpa_agent.erl
index f70885b2ec..c6a45c9f25 100644
--- a/lib/snmp/src/agent/snmpa_agent.erl
+++ b/lib/snmp/src/agent/snmpa_agent.erl
@@ -1470,7 +1470,10 @@ handle_backup_res([{Who, Crap}|Results], Acc) ->
%% because we (for some reason) support the function
%% snmpa:current_community().
%%-----------------------------------------------------------------
-cheat({community, _SecModel, Community, _IpUdp}, Address, ContextName) ->
+cheat({community, SecModel, Community, _TAddress}, Address, ContextName) ->
+ {Community, Address, ContextName};
+cheat({community, _SecModel, Community, _TDomain, _TAddress},
+ Address, ContextName) ->
{Community, Address, ContextName};
cheat(_, Address, ContextName) ->
{"", Address, ContextName}.
diff --git a/lib/snmp/src/agent/snmpa_authentication_service.erl b/lib/snmp/src/agent/snmpa_authentication_service.erl
index 572fab7fbf..d406c58ee4 100644
--- a/lib/snmp/src/agent/snmpa_authentication_service.erl
+++ b/lib/snmp/src/agent/snmpa_authentication_service.erl
@@ -29,11 +29,12 @@ behaviour_info(_) ->
%%-----------------------------------------------------------------
%% init_check_access(Pdu, ACMData)
%% Pdu = #pdu
-%% ACMData = acm_data() = {community, Community, Address} |
-%% {v3, MsgID, SecModel, SecName, SecLevel,
-%% ContextEngineID, ContextName, SecData}
+%% ACMData = acm_data() = {community, SecModel, Community, TDomain, TAddress} |
+%% {v3, MsgID, SecModel, SecName, SecLevel,
+%% ContextEngineID, ContextName, SecData}
%% Community = string()
-%% Address = ip() ++ udp() (list)
+%% TDomain = ?transportDomainUdpIpv4 | ?transportDomainUdpIpv6
+%% TAddress = ip() ++ udp() (list)
%% MsgID = integer() <not used>
%% SecModel = ?SEC_* (see snmp_types.hrl)
%% SecName = string()
diff --git a/lib/snmp/src/agent/snmpa_conf.erl b/lib/snmp/src/agent/snmpa_conf.erl
index c17256b258..75d31225e7 100644
--- a/lib/snmp/src/agent/snmpa_conf.erl
+++ b/lib/snmp/src/agent/snmpa_conf.erl
@@ -483,10 +483,10 @@ write_target_addr_config(Dir, Conf) ->
"%% in SNMP-COMMUNITY-MIB.\n"
"%% Each row is a 10 or 11-tuple (Domain is optional):\n"
"%% {Name, \n"
-"%% Domain, Ip, Udp, \n"
+"%% Domain, Ip, Port, \n"
"%% Timeout, RetryCount, TagList, ParamsName, EngineId,\n"
"%% TMask, MaxMessageSize}.\n"
-"%% The value of Domain deside the format of the Ip and TMask values. \n"
+"%% The value of Domain decide the format of the Ip and TMask values. \n"
"%% If not present, classic Ipv4 is assumed. \n"
"%% The EngineId value is only used if Inform-Requests are sent to this\n"
"%% target. If Informs are not sent, this value is ignored, and can be\n"
diff --git a/lib/snmp/src/agent/snmpa_mpd.erl b/lib/snmp/src/agent/snmpa_mpd.erl
index fd75b98f84..39a4246d26 100644
--- a/lib/snmp/src/agent/snmpa_mpd.erl
+++ b/lib/snmp/src/agent/snmpa_mpd.erl
@@ -115,8 +115,8 @@ reset() ->
%% Func: process_packet(Packet, TDomain, TAddress, State, Log) ->
%% {ok, SnmpVsn, Pdu, PduMS, ACMData} | {discarded, Reason}
%% Types: Packet = binary()
-%% TDomain = snmpUDPDomain | atom()
-%% TAddress = {Ip, Udp}
+%% TDomain = snmpUDPDomain | transportDomain()
+%% TAddress = {Ip, Udp} (*but* depends on TDomain)
%% State = #state
%% Purpose: This is the main Message Dispatching function. (see
%% section 4.2.1 in rfc2272)
@@ -182,24 +182,30 @@ discarded_pdu(Variable) -> inc(Variable).
%%-----------------------------------------------------------------
%% Handles a Community based message (v1 or v2c).
%%-----------------------------------------------------------------
-v1_v2c_proc(Vsn, NoteStore, Community, snmpUDPDomain,
+v1_v2c_proc(Vsn, NoteStore, Community, Domain,
{Ip, Udp}, LocalEngineID,
Data, HS, Log, Packet) ->
- TAddress = tuple_to_list(Ip) ++ [Udp div 256, Udp rem 256],
- AgentMS = get_engine_max_message_size(LocalEngineID),
- MgrMS = snmp_community_mib:get_target_addr_ext_mms(?snmpUDPDomain,
- TAddress),
- PduMS = case MgrMS of
- {ok, MMS} when MMS < AgentMS -> MMS - HS;
- _ -> AgentMS - HS
- end,
+ TDomain = snmp_conf:mk_tdomain(Domain),
+ TAddress = snmp_conf:mk_taddress(Domain, Ip, Udp),
+ AgentMS = get_engine_max_message_size(LocalEngineID),
+ MgrMS = snmp_community_mib:get_target_addr_ext_mms(TDomain, TAddress),
+ PduMS = case MgrMS of
+ {ok, MMS} when MMS < AgentMS -> MMS - HS;
+ _ -> AgentMS - HS
+ end,
case (catch snmp_pdus:dec_pdu(Data)) of
Pdu when is_record(Pdu, pdu) ->
Log(Pdu#pdu.type, Packet),
inc_snmp_in_vars(Pdu),
#pdu{request_id = ReqId} = Pdu,
- OkRes = {ok, Vsn, Pdu, PduMS,
- {community, sec_model(Vsn), Community, TAddress}},
+
+ %% <TDomain>
+ %% We have added TDomain, what are the consequences?
+ ACMData =
+ {community, sec_model(Vsn), Community, TDomain, TAddress},
+ OkRes = {ok, Vsn, Pdu, PduMS, ACMData},
+ %% </TDomain>
+
%% Make sure that we don't process duplicate SET request
%% twice. We don't know what could happen in that case.
%% The mgr does, so he has to generate a new SET request.
@@ -216,8 +222,6 @@ v1_v2c_proc(Vsn, NoteStore, Community, snmpUDPDomain,
snmp_note_store:set_note(NoteStore,
100, Key, true),
%% Uses ACMData that snmpa_acm knows of.
- %% snmpUDPDomain is implicit, since that's the only
- %% one we handle.
OkRes;
true ->
{discarded, duplicate_pdu}
@@ -275,12 +279,12 @@ v3_proc(NoteStore, Packet, LocalEngineID, V3Hdr, Data, Log) ->
"~n msgSecurityParameters = ~w",
[MsgID, MMS, MsgFlags, MsgSecurityModel, SecParams]),
%% 7.2.4
- SecModule = get_security_module(MsgSecurityModel),
+ SecModule = get_security_module(MsgSecurityModel),
%% 7.2.5
- SecLevel = check_sec_level(MsgFlags),
+ SecLevel = check_sec_level(MsgFlags),
IsReportable = snmp_misc:is_reportable(MsgFlags),
%% 7.2.6
- ?vtrace("v3_proc -> [7.2.6]"
+ ?vtrace("v3_proc -> [7.2.4-7.2.6]"
"~n SecModule = ~p"
"~n SecLevel = ~p"
"~n IsReportable = ~p",
@@ -531,7 +535,7 @@ check_sec_module_result(Res, V3Hdr, Data, LocalEngineID, IsReportable, Log) ->
?vdebug("security module result [7.2.6-b]:"
"~n Reason: ~p", [Reason]),
throw({discarded, {securityError, Reason}});
- {error, Reason, ErrorInfo} when IsReportable == true -> % case 7.2.6 a
+ {error, Reason, ErrorInfo} when IsReportable =:= true -> % case 7.2.6 a
?vdebug("security module result when reportable [7.2.6-a]:"
"~n Reason: ~p"
"~n ErrorInfo: ~p", [Reason, ErrorInfo]),
@@ -574,7 +578,7 @@ generate_response_msg(Vsn, RePdu, Type, ACMData, LocalEngineID, Log) ->
generate_response_msg(Vsn, RePdu, Type, ACMData, LocalEngineID, Log, 1).
generate_response_msg(Vsn, RePdu, Type,
- {community, _SecModel, Community, _IpUdp},
+ {community, _SecModel, Community, _TDomain, _TAddress},
LocalEngineID,
Log, _) ->
case catch snmp_pdus:enc_pdu(RePdu) of
diff --git a/lib/snmp/src/agent/snmpa_net_if.erl b/lib/snmp/src/agent/snmpa_net_if.erl
index d07829bd7e..d4bb5bdf9f 100644
--- a/lib/snmp/src/agent/snmpa_net_if.erl
+++ b/lib/snmp/src/agent/snmpa_net_if.erl
@@ -504,7 +504,6 @@ handle_discovery_response(_Ip, _Port, #pdu{request_id = ReqId} = Pdu,
S
end.
-
handle_recv(#state{usock = Sock,
mpd_state = MpdState,
note_store = NS,
@@ -513,7 +512,9 @@ handle_recv(#state{usock = Sock,
LogF = fun(Type, Data) ->
log(Log, Type, Data, Ip, Port)
end,
- case (catch snmpa_mpd:process_packet(Packet, snmpUDPDomain, {Ip, Port},
+ Domain = snmp_conf:which_domain(Ip), % What the ****...
+ case (catch snmpa_mpd:process_packet(Packet,
+ Domain, {Ip, Port},
MpdState, NS, LogF)) of
{ok, _Vsn, Pdu, _PduMS, {discovery, ManagerEngineId}} ->
handle_discovery_response(Ip, Port, Pdu, ManagerEngineId, S);
@@ -775,15 +776,49 @@ handle_send_pdu1(#state{log = Log,
usock = Sock,
filter = FilterMod}, Type, Addresses) ->
SendFun =
- fun({snmpUDPDomain, {Ip, Port}, Packet}) when is_binary(Packet) ->
- ?vdebug("sending packet:"
+ fun({snmpUDPDomain, {Ip, Port}, Packet})
+ when is_binary(Packet) ->
+ ?vdebug("[snmpUDPDomain] sending packet:"
+ "~n size: ~p"
+ "~n to: ~p:~p",
+ [sz(Packet), Ip, Port]),
+ maybe_udp_send(FilterMod, Log, Type, Sock, Ip, Port, Packet);
+
+ ({snmpUDPDomain, {Ip, Port}, {Packet, _LogData}})
+ when is_binary(Packet) ->
+ ?vdebug("[snmpUDPDomain] sending encrypted packet:"
+ "~n size: ~p"
+ "~n to: ~p:~p",
+ [sz(Packet), Ip, Port]),
+ maybe_udp_send(FilterMod, Log, Type, Sock, Ip, Port, Packet);
+
+ ({transportDomainUdpIpv4, {Ip, Port}, Packet})
+ when is_binary(Packet) ->
+ ?vdebug("[transportDomainUdpIpv4] sending packet:"
+ "~n size: ~p"
+ "~n to: ~p:~p",
+ [sz(Packet), Ip, Port]),
+ maybe_udp_send(FilterMod, Log, Type, Sock, Ip, Port, Packet);
+
+ ({transportDomainUdpIpv4, {Ip, Port}, {Packet, _LogData}})
+ when is_binary(Packet) ->
+ ?vdebug("[transportDomainUdpIpv4] sending encrypted packet:"
+ "~n size: ~p"
+ "~n to: ~p:~p",
+ [sz(Packet), Ip, Port]),
+ maybe_udp_send(FilterMod, Log, Type, Sock, Ip, Port, Packet);
+
+ ({transportDomainUdpIpv6, {Ip, Port}, Packet})
+ when is_binary(Packet) ->
+ ?vdebug("[transportDomainUdpIpv6] sending packet:"
"~n size: ~p"
"~n to: ~p:~p",
[sz(Packet), Ip, Port]),
maybe_udp_send(FilterMod, Log, Type, Sock, Ip, Port, Packet);
- ({snmpUDPDomain, {Ip, Port}, {Packet, _LogData}}) when is_binary(Packet) ->
- ?vdebug("sending encrypted packet:"
+ ({transportDomainUdpIpv6, {Ip, Port}, {Packet, _LogData}})
+ when is_binary(Packet) ->
+ ?vdebug("[transportDomainUdpIpv6] sending encrypted packet:"
"~n size: ~p"
"~n to: ~p:~p",
[sz(Packet), Ip, Port]),
diff --git a/lib/snmp/src/agent/snmpa_trap.erl b/lib/snmp/src/agent/snmpa_trap.erl
index 786512e0c9..648dd46508 100644
--- a/lib/snmp/src/agent/snmpa_trap.erl
+++ b/lib/snmp/src/agent/snmpa_trap.erl
@@ -1072,7 +1072,7 @@ mk_addr_communities(Recvs) ->
[{Addr, Comm} | T] = lists:keysort(2, Recvs),
mic(T, Comm, [Addr], []).
-mic([{Addr, Comm} | T], CurComm, AddrList, Res) when Comm == CurComm ->
+mic([{Addr, Comm} | T], CurComm, AddrList, Res) when Comm =:= CurComm ->
mic(T, CurComm, [Addr | AddrList], Res);
mic([{Addr, Comm} | T], CurComm, AddrList, Res) ->
mic(T, Comm, [Addr], [{CurComm, AddrList} | Res]);
diff --git a/lib/snmp/src/misc/snmp_conf.erl b/lib/snmp/src/misc/snmp_conf.erl
index 6fc261b07e..cda86d3f6f 100644
--- a/lib/snmp/src/misc/snmp_conf.erl
+++ b/lib/snmp/src/misc/snmp_conf.erl
@@ -40,6 +40,7 @@
check_domain/1,
check_tdomain/1,
mk_tdomain/1,
+ which_domain/1,
check_ip/1,
check_taddress/1, check_taddress/2,
mk_taddress/3,
@@ -516,16 +517,42 @@ check_domain(Domain) ->
%% point, so we dont need to do that again.
mk_taddress(snmpUDPDomain, Ip, Port) ->
mk_taddress(transportDomainUdpIpv4, Ip, Port);
-mk_taddress(transportDomainUdpIpv4, Ip, Port) ->
+mk_taddress(transportDomainUdpIpv4, Ip, Port) when is_list(Ip) ->
Ip ++ [Port div 256, Port rem 256];
-mk_taddress(transportDomainUdpIpv6, Ip, Port) ->
+mk_taddress(transportDomainUdpIpv4 = Domain, Ip, Port) when is_tuple(Ip) ->
+ mk_taddress(Domain, tuple_to_list(Ip), Port);
+mk_taddress(transportDomainUdpIpv6, Ip, Port) when is_list(Ip) ->
Ip ++ [Port div 256, Port rem 256];
+mk_taddress(transportDomainUdpIpv6 = Domain, Ip, Port) when is_tuple(Ip) ->
+ mk_taddress(Domain, tuple_to_list(Ip), Port);
+
+%% These are just for convenience
+mk_taddress(?snmpUDPDomain, Ip, Port) ->
+ mk_taddress(snmpUDPDomain, Ip, Port);
+mk_taddress(?transportDomainUdpIpv4, Ip, Port) ->
+ mk_taddress(transportDomainUdpIpv4, Ip, Port);
+mk_taddress(?transportDomainUdpIpv6, Ip, Port) ->
+ mk_taddress(transportDomainUdpIpv6, Ip, Port);
+
+%% Bad domain
mk_taddress(BadDomain, _Ip, _Port) ->
error({bad_domain, BadDomain}).
%% ---------
+which_domain(Ip) when is_list(Ip) andalso (length(Ip) =:= 4) ->
+ transportDomainUdpIpv4;
+which_domain(Ip) when is_tuple(Ip) andalso (size(Ip) =:= 4) ->
+ transportDomainUdpIpv4;
+which_domain(Ip) when is_list(Ip) andalso (length(Ip) =:= 8) ->
+ transportDomainUdpIpv6;
+which_domain(Ip) when is_tuple(Ip) andalso (size(Ip) =:= 8) ->
+ transportDomainUdpIpv6.
+
+
+%% ---------
+
check_ip(X) ->
check_ip(snmpUDPDomain, X).