diff options
Diffstat (limited to 'lib')
65 files changed, 2088 insertions, 2327 deletions
diff --git a/lib/common_test/src/ct_property_test.erl b/lib/common_test/src/ct_property_test.erl index e401fef669..39d089f04c 100644 --- a/lib/common_test/src/ct_property_test.erl +++ b/lib/common_test/src/ct_property_test.erl @@ -78,7 +78,8 @@ %%% %%% @doc Initializes Config for property testing. %%% -%%% <p>The function investigates if support is available for either Quickcheck or PropEr. +%%% <p>The function investigates if support is available for either Quickcheck, PropEr, +%%% or Triq. %%% The options <c>{property_dir,AbsPath}</c> and %%% <c>{property_test_tool,Tool}</c> is set in the Config returned.</p> %%% <p>The function is intended to be called in the init_per_suite in the test suite.</p> @@ -86,7 +87,7 @@ %%% @end init_per_suite(Config) -> - case which_module_exists([eqc,proper]) of + case which_module_exists([eqc,proper,triq]) of {ok,ToolModule} -> ct:pal("Found property tester ~p",[ToolModule]), Path = property_tests_path("property_test", Config), @@ -114,7 +115,8 @@ init_per_suite(Config) -> quickcheck(Property, Config) -> Tool = proplists:get_value(property_test_tool,Config), - mk_ct_return( Tool:quickcheck(Property) ). + F = function_name(quickcheck, Tool), + mk_ct_return( Tool:F(Property), Tool ). %%%================================================================ @@ -123,10 +125,10 @@ quickcheck(Property, Config) -> %%% %%% Make return values back to the calling Common Test suite -mk_ct_return(true) -> +mk_ct_return(true, _Tool) -> true; -mk_ct_return(Other) -> - try lists:last(hd(eqc:counterexample())) +mk_ct_return(Other, Tool) -> + try lists:last(hd(Tool:counterexample())) of {set,{var,_},{call,M,F,Args}} -> {fail, io_lib:format("~p:~p/~p returned bad result",[M,F,length(Args)])} @@ -174,5 +176,9 @@ compile_tests(Path, ToolModule) -> macro_def(eqc) -> [{d, 'EQC'}]; -macro_def(proper) -> [{d, 'PROPER'}]. +macro_def(proper) -> [{d, 'PROPER'}]; +macro_def(triq) -> [{d, 'TRIQ'}]. + +function_name(quickcheck, triq) -> check; +function_name(F, _) -> F. diff --git a/lib/crypto/c_src/crypto.c b/lib/crypto/c_src/crypto.c index e55a03d26a..e7215eeb64 100644 --- a/lib/crypto/c_src/crypto.c +++ b/lib/crypto/c_src/crypto.c @@ -462,9 +462,11 @@ static void hmac_context_dtor(ErlNifEnv* env, struct hmac_context*); /* #define PRINTF_ERR0(FMT) enif_fprintf(stderr, FMT "\n") #define PRINTF_ERR1(FMT, A1) enif_fprintf(stderr, FMT "\n", A1) +#define PRINTF_ERR2(FMT, A1, A2) enif_fprintf(stderr, FMT "\n", A1, A2) */ #define PRINTF_ERR0(FMT) #define PRINTF_ERR1(FMT,A1) +#define PRINTF_ERR2(FMT,A1,A2) #ifdef __OSE__ @@ -506,6 +508,23 @@ static int init_ose_crypto() { #define CHECK_OSE_CRYPTO() #endif + +static int verify_lib_version(void) +{ + const unsigned long libv = SSLeay(); + const unsigned long hdrv = OPENSSL_VERSION_NUMBER; + +# define MAJOR_VER(V) ((unsigned long)(V) >> (7*4)) + + if (MAJOR_VER(libv) != MAJOR_VER(hdrv)) { + PRINTF_ERR2("CRYPTO: INCOMPATIBLE SSL VERSION" + " lib=%lx header=%lx\n", libv, hdrv); + return 0; + } + return 1; +} + + #ifdef HAVE_DYNAMIC_CRYPTO_LIB # if defined(DEBUG) @@ -554,6 +573,9 @@ static int init(ErlNifEnv* env, ERL_NIF_TERM load_info) if (!INIT_OSE_CRYPTO()) return 0; + if (!verify_lib_version()) + return 0; + /* load_info: {301, <<"/full/path/of/this/library">>} */ if (!enif_get_tuple(env, load_info, &tpl_arity, &tpl_array) || tpl_arity != 2 diff --git a/lib/dialyzer/src/dialyzer_analysis_callgraph.erl b/lib/dialyzer/src/dialyzer_analysis_callgraph.erl index 6a33a2acb3..af1c2b7e3a 100644 --- a/lib/dialyzer/src/dialyzer_analysis_callgraph.erl +++ b/lib/dialyzer/src/dialyzer_analysis_callgraph.erl @@ -373,7 +373,16 @@ compile_byte(File, Callgraph, CServer, UseContracts) -> {error, " Could not get abstract code for: " ++ File ++ "\n" ++ " Recompile with +debug_info or analyze starting from source code"}; {ok, AbstrCode} -> - compile_common(File, AbstrCode, [], Callgraph, CServer, UseContracts) + compile_byte(File, AbstrCode, Callgraph, CServer, UseContracts) + end. + +compile_byte(File, AbstrCode, Callgraph, CServer, UseContracts) -> + case dialyzer_utils:get_compile_options_from_beam(File) of + error -> + {error, " Could not get compile options for: " ++ File ++ "\n" ++ + " Recompile or analyze starting from source code"}; + {ok, CompOpts} -> + compile_common(File, AbstrCode, CompOpts, Callgraph, CServer, UseContracts) end. compile_common(File, AbstrCode, CompOpts, Callgraph, CServer, UseContracts) -> diff --git a/lib/dialyzer/src/dialyzer_utils.erl b/lib/dialyzer/src/dialyzer_utils.erl index e1bcd72c0b..4e2ec67b35 100644 --- a/lib/dialyzer/src/dialyzer_utils.erl +++ b/lib/dialyzer/src/dialyzer_utils.erl @@ -31,6 +31,7 @@ format_sig/1, format_sig/2, get_abstract_code_from_beam/1, + get_compile_options_from_beam/1, get_abstract_code_from_src/1, get_abstract_code_from_src/2, get_core_from_abstract_code/1, @@ -136,6 +137,26 @@ get_abstract_code_from_beam(File) -> error end. +-spec get_compile_options_from_beam(file:filename()) -> 'error' | {'ok', [compile:option()]}. + +get_compile_options_from_beam(File) -> + case beam_lib:chunks(File, [compile_info]) of + {ok, {_, List}} -> + case lists:keyfind(compile_info, 1, List) of + {compile_info, CompInfo} -> compile_info_to_options(CompInfo); + _ -> error + end; + _ -> + %% No or unsuitable compile info. + error + end. + +compile_info_to_options(CompInfo) -> + case lists:keyfind(options, 1, CompInfo) of + {options, CompOpts} -> {ok, CompOpts}; + _ -> error + end. + -type get_core_from_abs_ret() :: {'ok', cerl:c_module()} | 'error'. -spec get_core_from_abstract_code(abstract_code()) -> get_core_from_abs_ret(). @@ -150,7 +171,9 @@ get_core_from_abstract_code(AbstrCode, Opts) -> %% performed them. In some cases we end up in trouble when %% performing them again. AbstrCode1 = cleanup_parse_transforms(AbstrCode), - try compile:forms(AbstrCode1, Opts ++ src_compiler_opts()) of + %% Remove parse_transforms (and other options) from compile options. + Opts2 = cleanup_compile_options(Opts), + try compile:forms(AbstrCode1, Opts2 ++ src_compiler_opts()) of {ok, _, Core} -> {ok, Core}; _What -> error catch @@ -419,6 +442,24 @@ cleanup_parse_transforms([Other|Left]) -> cleanup_parse_transforms([]) -> []. +-spec cleanup_compile_options([compile:option()]) -> [compile:option()]. + +%% Using abstract, not asm or core. +cleanup_compile_options([from_asm|Opts]) -> + Opts; +cleanup_compile_options([asm|Opts]) -> + Opts; +cleanup_compile_options([from_core|Opts]) -> + Opts; +%% The parse transform will already have been applied, may cause problems if it +%% is re-applied. +cleanup_compile_options([{parse_transform, _}|Opts]) -> + Opts; +cleanup_compile_options([Other|Opts]) -> + [Other|cleanup_compile_options(Opts)]; +cleanup_compile_options([]) -> + []. + -spec format_errors([{module(), string()}]) -> [string()]. format_errors([{Mod, Errors}|Left]) -> diff --git a/lib/dialyzer/test/dialyzer_SUITE.erl b/lib/dialyzer/test/dialyzer_SUITE.erl index 1b62291a00..8507525597 100644 --- a/lib/dialyzer/test/dialyzer_SUITE.erl +++ b/lib/dialyzer/test/dialyzer_SUITE.erl @@ -30,12 +30,12 @@ -export([init_per_testcase/2, end_per_testcase/2]). %% Test cases must be exported. --export([app_test/1, appup_test/1]). +-export([app_test/1, appup_test/1, beam_tests/1]). suite() -> [{ct_hooks,[ts_install_cth]}]. all() -> - [app_test, appup_test]. + [app_test, appup_test, beam_tests]. groups() -> []. @@ -75,3 +75,38 @@ app_test(Config) when is_list(Config) -> %% Test that the .appup file does not contain any `basic' errors appup_test(Config) when is_list(Config) -> ok = ?t:appup_test(dialyzer). + +beam_tests(Config) when is_list(Config) -> + Prog = <<" + -module(no_auto_import). + + %% Copied from erl_lint_SUITE.erl, clash6 + + -export([size/1]). + + size([]) -> + 0; + size({N,_}) -> + N; + size([_|T]) -> + 1+size(T). + ">>, + Opts = [no_auto_import], + {ok, BeamFile} = compile(Config, Prog, no_auto_import, Opts), + [] = run_dialyzer([BeamFile]), + ok. + +compile(Config, Prog, Module, CompileOpts) -> + Source = lists:concat([Module, ".erl"]), + PrivDir = ?config(priv_dir,Config), + Filename = filename:join([PrivDir, Source]), + ok = file:write_file(Filename, Prog), + Opts = [{outdir, PrivDir}, debug_info | CompileOpts], + {ok, Module} = compile:file(Filename, Opts), + {ok, filename:join([PrivDir, lists:concat([Module, ".beam"])])}. + +run_dialyzer(Files) -> + dialyzer:run([{analysis_type, plt_build}, + {files, Files}, + {from, byte_code}, + {check_plt, false}]). diff --git a/lib/diameter/include/diameter_gen.hrl b/lib/diameter/include/diameter_gen.hrl index 7e91ce375f..bc25f7d472 100644 --- a/lib/diameter/include/diameter_gen.hrl +++ b/lib/diameter/include/diameter_gen.hrl @@ -311,19 +311,55 @@ d(Name, Avp, Acc) -> Failed = relax(Name), %% Not AvpName or else a failed Failed-AVP %% decode is packed into 'AVP'. - try avp(decode, Data, AvpName) of + Mod = dict(Failed), %% Dictionary to decode in. + + try Mod:avp(decode, Data, AvpName) of V -> {Avps, T} = Acc, {H, A} = ungroup(V, Avp), {[H | Avps], pack_avp(Name, A, T)} catch error: Reason -> - d(undefined == Failed orelse is_failed(), Reason, Name, Avp, Acc) + d(undefined == Failed orelse is_failed(), + Reason, + Name, + trim(Avp), + Acc) after reset(?STRICT_KEY, Strict), reset(?FAILED_KEY, Failed) end. +%% trim/1 +%% +%% Remove any extra bit that was added in diameter_codec to induce a +%% 5014 error. + +trim(#diameter_avp{data = <<0:1, Bin/binary>>} = Avp) -> + Avp#diameter_avp{data = Bin}; + +trim(Avp) -> + Avp. + +%% dict/1 +%% +%% Retrieve the dictionary for the best-effort decode of Failed-AVP, +%% as put by diameter_codec:decode/2. See that function for the +%% explanation. + +dict(true) -> + case get({diameter_codec, dictionary}) of + undefined -> + ?MODULE; + Mod -> + Mod + end; + +dict(_) -> + ?MODULE. + +%% d/5 + %% Ignore a decode error within Failed-AVP ... d(true, _, Name, Avp, Acc) -> decode_AVP(Name, Avp, Acc); @@ -341,6 +377,8 @@ d(false, Reason, Name, Avp, {Avps, Acc}) -> {Rec, Failed} = Acc, {[Avp|Avps], {Rec, [rc(Reason, Avp) | Failed]}}. +%% relax/2 + %% Set false in the process dictionary as soon as we see a Grouped AVP %% that doesn't set the M-bit, so that is_strict() can say whether or %% not to ignore the M-bit on an encapsulated AVP. @@ -357,22 +395,23 @@ relax(_, _) -> is_strict() -> false /= getr(?STRICT_KEY). +%% relax/1 +%% %% Set true in the process dictionary as soon as we see Failed-AVP. %% Matching on 'Failed-AVP' assumes that this is the RFC AVP. %% Strictly, this doesn't need to be the case. + relax('Failed-AVP') -> - case getr(?FAILED_KEY) of - undefined -> - putr(?FAILED_KEY, true); - true = Yes -> - Yes - end; + is_failed() orelse putr(?FAILED_KEY, true); + relax(_) -> is_failed(). is_failed() -> true == getr(?FAILED_KEY). +%% reset/2 + reset(Key, undefined) -> eraser(Key); reset(_, _) -> @@ -453,8 +492,8 @@ pack_AVP(_, #diameter_avp{data = <<0:1, Data/binary>>} = Avp, Acc) -> {Rec, Failed} = Acc, {Rec, [{5014, Avp#diameter_avp{data = Data}} | Failed]}; -pack_AVP(Name, #diameter_avp{is_mandatory = M} = Avp, Acc) -> - case pack_arity(Name, M) of +pack_AVP(Name, #diameter_avp{is_mandatory = M, name = AvpName} = Avp, Acc) -> + case pack_arity(Name, AvpName, M) of 0 -> {Rec, Failed} = Acc, {Rec, [{if M -> 5001; true -> 5008 end, Avp} | Failed]}; @@ -462,10 +501,13 @@ pack_AVP(Name, #diameter_avp{is_mandatory = M} = Avp, Acc) -> pack(Arity, 'AVP', Avp, Acc) end. -%% Give Failed-AVP special treatment since it'll contain any -%% unrecognized mandatory AVP's. -pack_arity(Name, M) -> - NF = Name /= 'Failed-AVP' andalso not is_failed(), +%% Give Failed-AVP special treatment since (1) it'll contain any +%% unrecognized mandatory AVP's and (2) the RFC 3588 grammar failed to +%% allow for Failed-AVP in an answer-message. + +pack_arity(Name, AvpName, M) -> + IsFailed = Name == 'Failed-AVP' orelse is_failed(), + %% Not testing just Name /= 'Failed-AVP' means we're changing the %% packing of AVPs nested within Failed-AVP, but the point of %% ignoring errors within Failed-AVP is to decode as much as @@ -473,12 +515,18 @@ pack_arity(Name, M) -> %% packed into a dedicated field defeats that point. Note that we %% can't just test not is_failed() since this will be 'true' when %% packing an unknown AVP directly within Failed-AVP. - case NF andalso M andalso is_strict() of - true -> - 0; - false -> - avp_arity(Name, 'AVP') - end. + + pack_arity(IsFailed + orelse {Name, AvpName} == {'answer-message', 'Failed-AVP'} + orelse not M + orelse not is_strict(), + Name). + +pack_arity(true, Name) -> + avp_arity(Name, 'AVP'); + +pack_arity(false, _) -> + 0. %% 3588: %% diff --git a/lib/diameter/src/base/diameter_codec.erl b/lib/diameter/src/base/diameter_codec.erl index 06a4f5de64..a2b04bfd63 100644 --- a/lib/diameter/src/base/diameter_codec.erl +++ b/lib/diameter/src/base/diameter_codec.erl @@ -237,15 +237,35 @@ rec2msg(Mod, Rec) -> %% Unsuccessfully decoded AVPs will be placed in #diameter_packet.errors. --spec decode(module(), #diameter_packet{} | binary()) +-spec decode(module() | {module(), module()}, #diameter_packet{} | binary()) -> #diameter_packet{}. +%% An Answer setting the E-bit. The application dictionary is needed +%% for the best-effort decode of Failed-AVP, and the best way to make +%% this available to the AVP decode in diameter_gen.hrl, without +%% having to rewrite the entire codec generation, is to place it in +%% the process dictionary. It's the code in diameter_gen.hrl (that's +%% included by every generated codec module) that looks for the entry. +%% Not ideal, but it solves the problem relatively simply. +decode({Mod, Mod}, Pkt) -> + decode(Mod, Pkt); +decode({Mod, AppMod}, Pkt) -> + Key = {?MODULE, dictionary}, + put(Key, AppMod), + try + decode(Mod, Pkt) + after + erase(Key) + end; + +%% Or not: a request, or an answer not setting the E-bit. decode(Mod, Pkt) -> decode(Mod:id(), Mod, Pkt). -%% If we're a relay application then just extract the avp's without -%% any decoding of their data since we don't know the application in -%% question. +%% decode/3 + +%% Relay application: just extract the avp's without any decoding of +%% their data since we don't know the application in question. decode(?APP_ID_RELAY, _, #diameter_packet{} = Pkt) -> case collect_avps(Pkt) of {E, As} -> @@ -274,6 +294,8 @@ decode(Id, Mod, Bin) when is_binary(Bin) -> decode(Id, Mod, #diameter_packet{header = decode_header(Bin), bin = Bin}). +%% decode_avps/4 + decode_avps(MsgName, Mod, Pkt, {E, Avps}) -> ?LOG(invalid_avp_length, Pkt#diameter_packet.header), #diameter_packet{errors = Failed} diff --git a/lib/diameter/src/base/diameter_peer_fsm.erl b/lib/diameter/src/base/diameter_peer_fsm.erl index 31e570ae20..86fc43cdc5 100644 --- a/lib/diameter/src/base/diameter_peer_fsm.erl +++ b/lib/diameter/src/base/diameter_peer_fsm.erl @@ -477,6 +477,7 @@ send_CER(#state{state = {'Wait-Conn-Ack', Tmo}, hop_by_hop_id = Hid}} = Pkt = encode(CER, Dict), + incr(send, Pkt, Dict), send(TPid, Pkt), ?LOG(send, 'CER'), start_timer(Tmo, S#state{state = {'Wait-CEA', Hid, Eid}}). @@ -1100,6 +1101,7 @@ send_dpr(Reason, Opts, #state{transport = TPid, {'Origin-Realm', OR}, {'Disconnect-Cause', Cause}], Dict), + incr(send, Pkt, Dict), send(TPid, Pkt), dpa_timer(Tmo), ?LOG(send, 'DPR'), diff --git a/lib/diameter/src/base/diameter_service.erl b/lib/diameter/src/base/diameter_service.erl index b7cd311e02..ab56ca9cef 100644 --- a/lib/diameter/src/base/diameter_service.erl +++ b/lib/diameter/src/base/diameter_service.erl @@ -1573,7 +1573,8 @@ transports(#state{watchdogT = WatchdogT}) -> -define(OTHER_INFO, [connections, name, peers, - statistics]). + statistics, + info]). service_info(Item, S) when is_atom(Item) -> @@ -1663,6 +1664,7 @@ complete_info(Item, #state{service = Svc} = S) -> keys -> ?ALL_INFO ++ ?CAP_INFO ++ ?OTHER_INFO; all -> service_info(?ALL_INFO, S); statistics -> info_stats(S); + info -> info_info(S); connections -> info_connections(S); peers -> info_peers(S) end. @@ -1745,12 +1747,11 @@ peer_acc(PeerT, Acc, #watchdog{pid = Pid, state = WS, started = At, peer = TPid}) -> - dict:append(Ref, - [{type, Type}, - {options, Opts}, - {watchdog, {Pid, At, WS}} - | info_peer(PeerT, TPid, WS)], - Acc). + Info = [{type, Type}, + {options, Opts}, + {watchdog, {Pid, At, WS}} + | info_peer(PeerT, TPid, WS)], + dict:append(Ref, Info ++ [{info, info_process_info(Info)}], Acc). info_peer(PeerT, TPid, WS) when is_pid(TPid), WS /= ?WD_DOWN -> @@ -1762,6 +1763,49 @@ info_peer(PeerT, TPid, WS) info_peer(_, _, _) -> []. +info_process_info(Info) -> + lists:flatmap(fun ipi/1, Info). + +ipi({watchdog, {Pid, _, _}}) -> + info_pid(Pid); + +ipi({peer, {Pid, _}}) -> + info_pid(Pid); + +ipi({port, [{owner, Pid} | _]}) -> + info_pid(Pid); + +ipi(_) -> + []. + +info_pid(Pid) -> + case process_info(Pid, [message_queue_len, memory, binary]) of + undefined -> + []; + L -> + [{Pid, lists:map(fun({K,V}) -> {K, map_info(K,V)} end, L)}] + end. + +%% The binary list consists of 3-tuples {Ptr, Size, Count}, where Ptr +%% is a C pointer value, Size is the size of a referenced binary in +%% bytes, and Count is a global reference count. The same Ptr can +%% occur multiple times, once for each reference on the process heap. +%% In this case, the corresponding tuples will have Size in common but +%% Count may differ just because no global lock is taken when the +%% value is retrieved. +%% +%% The list can be quite large, and we aren't often interested in the +%% pointers or counts, so whittle this down to the number of binaries +%% referenced and their total byte count. +map_info(binary, L) -> + SzD = lists:foldl(fun({P,S,_}, D) -> dict:store(P,S,D) end, + dict:new(), + L), + {dict:size(SzD), dict:fold(fun(_,S,N) -> S + N end, 0, SzD)}; + +map_info(_, T) -> + T. + %% The point of extracting the config here is so that 'transport' info %% has one entry for each transport ref, the peer table only %% containing entries that have a living watchdog. @@ -1819,6 +1863,13 @@ mk_app(#diameter_app{} = A) -> info_pending(#state{} = S) -> diameter_traffic:pending(transports(S)). +%% info_info/1 +%% +%% Extract process_info from connections info. + +info_info(S) -> + [I || L <- conn_list(S), {info, I} <- L]. + %% info_connections/1 %% %% One entry per transport connection. Statistics for each entry are diff --git a/lib/diameter/src/base/diameter_traffic.erl b/lib/diameter/src/base/diameter_traffic.erl index 5fac61f416..280d09d7e8 100644 --- a/lib/diameter/src/base/diameter_traffic.erl +++ b/lib/diameter/src/base/diameter_traffic.erl @@ -129,6 +129,11 @@ incr(Dir, #diameter_header{} = H, TPid, Dict) -> %% incr_error/4 %% --------------------------------------------------------------------------- +%% Identify messages using the application dictionary, not the encode +%% dictionary, which may differ in the case of answer-message. +incr_error(Dir, T, Pid, {_Dict, AppDict}) -> + incr_error(Dir, T, Pid, AppDict); + %% Decoded message without errors. incr_error(recv, #diameter_packet{errors = []}, _, _) -> ok; @@ -169,7 +174,7 @@ incr_error(Dir, Id, TPid) -> incr_rc(Dir, Pkt, TPid, Dict0) -> try - incr_rc(Dir, Pkt, Dict0, TPid, Dict0) + incr_result(Dir, Pkt, TPid, {Dict0, Dict0, Dict0}) catch exit: {E,_} when E == no_result_code; E == invalid_error_bit -> @@ -471,7 +476,7 @@ send_A({Caps, Pkt}, TPid, Dict0, _RecvData) -> %% unsupported application #diameter_packet{errors = [RC|_]} = Pkt, send_A(answer_message(RC, Caps, Dict0, Pkt), TPid, - Dict0, + {Dict0, Dict0}, Pkt, [], []); @@ -479,7 +484,7 @@ send_A({Caps, Pkt}, TPid, Dict0, _RecvData) -> %% unsupported application send_A({Caps, Pkt, App, {T, EvalPktFs, EvalFs}}, TPid, Dict0, RecvData) -> send_A(answer(T, Caps, Pkt, App, Dict0, RecvData), TPid, - Dict0, + {App#diameter_app.dictionary, Dict0}, Pkt, EvalPktFs, EvalFs); @@ -489,8 +494,8 @@ send_A(_, _, _, _) -> %% send_A/6 -send_A(T, TPid, Dict0, ReqPkt, EvalPktFs, EvalFs) -> - reply(T, TPid, Dict0, EvalPktFs, ReqPkt), +send_A(T, TPid, DictT, ReqPkt, EvalPktFs, EvalFs) -> + reply(T, TPid, DictT, EvalPktFs, ReqPkt), lists:foreach(fun diameter_lib:eval/1, EvalFs). %% answer/6 @@ -648,32 +653,32 @@ is_loop(Code, Vid, OH, Dict0, Avps) -> %% reply/5 %% Local answer ... -reply({Dict, Ans}, TPid, Dict0, Fs, ReqPkt) -> - reply(Ans, Dict, TPid, Dict0, Fs, ReqPkt); +reply({Dict, Ans}, TPid, {AppDict, Dict0}, Fs, ReqPkt) -> + local(Ans, TPid, {Dict, AppDict, Dict0}, Fs, ReqPkt); %% ... or relayed. reply(#diameter_packet{} = Pkt, TPid, _Dict0, Fs, _ReqPkt) -> eval_packet(Pkt, Fs), send(TPid, Pkt). -%% reply/6 +%% local/5 %% %% Send a locally originating reply. %% Skip the setting of Result-Code and Failed-AVP's below. This is %% undocumented and shouldn't be relied on. -reply([Msg], Dict, TPid, Dict0, Fs, ReqPkt) +local([Msg], TPid, DictT, Fs, ReqPkt) when is_list(Msg); is_tuple(Msg) -> - reply(Msg, Dict, TPid, Dict0, Fs, ReqPkt#diameter_packet{errors = []}); + local(Msg, TPid, DictT, Fs, ReqPkt#diameter_packet{errors = []}); -reply(Msg, Dict, TPid, Dict0, Fs, ReqPkt) -> - Pkt = encode(Dict, +local(Msg, TPid, {Dict, AppDict, Dict0} = DictT, Fs, ReqPkt) -> + Pkt = encode({Dict, AppDict}, TPid, reset(make_answer_packet(Msg, ReqPkt), Dict, Dict0), Fs), - incr(send, Pkt, TPid, Dict), - incr_rc(send, Pkt, Dict, TPid, Dict0), %% count outgoing + incr(send, Pkt, TPid, AppDict), + incr_result(send, Pkt, TPid, DictT), %% count outgoing send(TPid, Pkt). %% reset/3 @@ -1038,29 +1043,29 @@ find(Pred, [H|T]) -> %% code, the missing vendor id, and a zero filled payload of the minimum %% required length for the omitted AVP will be added. -%% incr_rc/5 +%% incr_result/5 %% %% Increment a stats counter for result codes in incoming and outgoing %% answers. %% Outgoing message as binary: don't count. (Sending binaries is only %% partially supported.) -incr_rc(_, #diameter_packet{msg = undefined = No}, _, _, _) -> +incr_result(_, #diameter_packet{msg = undefined = No}, _, _) -> No; %% Incoming or outgoing. Outgoing with encode errors never gets here %% since encode fails. -incr_rc(Dir, Pkt, Dict, TPid, Dict0) -> +incr_result(Dir, Pkt, TPid, {Dict, AppDict, Dict0}) -> #diameter_packet{header = #diameter_header{is_error = E} = Hdr, msg = Msg, errors = Es} = Pkt, - Id = msg_id(Hdr, Dict), + Id = msg_id(Hdr, AppDict), %% Count incoming decode errors. - recv /= Dir orelse [] == Es orelse incr_error(Dir, Id, TPid, Dict), + recv /= Dir orelse [] == Es orelse incr_error(Dir, Id, TPid, AppDict), %% Exit on a missing result code. T = rc_counter(Dict, Msg), @@ -1074,12 +1079,27 @@ incr_rc(Dir, Pkt, Dict, TPid, Dict0) -> incr(TPid, {Id, Dir, Ctr}), Ctr. -%% Only count on known keeps so as not to be vulnerable to attack: -%% there are 2^32 (application ids) * 2^24 (command codes) * 2 (R-bits) -%% = 2^57 Ids for an attacker to choose from. +%% msg_id/2 + +msg_id(#diameter_packet{header = H}, Dict) -> + msg_id(H, Dict); + +%% Only count on known keys so as not to be vulnerable to attack: +%% there are 2^32 (application ids) * 2^24 (command codes) = 2^56 +%% pairs for an attacker to choose from. msg_id(Hdr, Dict) -> {_ApplId, Code, R} = Id = diameter_codec:msg_id(Hdr), - choose('' == Dict:msg_name(Code, 0 == R), unknown, Id). + case Dict:msg_name(Code, 0 == R) of + '' -> + unknown(Dict:id(), R); + _ -> + Id + end. + +unknown(?APP_ID_RELAY, R) -> + {relay, R}; +unknown(_, _) -> + unknown. %% No E-bit: can't be 3xxx. is_result(RC, false, _Dict0) -> @@ -1396,6 +1416,7 @@ send_R(Pkt0, packet = Pkt0}, try + incr(send, Pkt, TPid, Dict), TRef = send_request(TPid, Pkt, Req, SvcName, Timeout), Pid ! Ref, %% tell caller a send has been attempted handle_answer(SvcName, @@ -1431,14 +1452,14 @@ handle_answer(SvcName, App, {error, Req, Reason}) -> handle_error(App, Req, Reason, SvcName); handle_answer(SvcName, - #diameter_app{dictionary = Dict, + #diameter_app{dictionary = AppDict, id = Id} = App, {answer, Req, Dict0, Pkt}) -> - Mod = dict(Dict, Dict0, Pkt), - handle_A(errors(Id, diameter_codec:decode(Mod, Pkt)), + Dict = dict(AppDict, Dict0, Pkt), + handle_A(errors(Id, diameter_codec:decode({Dict, AppDict}, Pkt)), SvcName, - Mod, + Dict, Dict0, App, Req). @@ -1448,10 +1469,12 @@ handle_answer(SvcName, %% want to examine the answer? handle_A(Pkt, SvcName, Dict, Dict0, App, #request{transport = TPid} = Req) -> - incr(recv, Pkt, TPid, Dict), + AppDict = App#diameter_app.dictionary, + + incr(recv, Pkt, TPid, AppDict), try - incr_rc(recv, Pkt, Dict, TPid, Dict0) %% count incoming + incr_result(recv, Pkt, TPid, {Dict, AppDict, Dict0}) %% count incoming of _ -> answer(Pkt, SvcName, App, Req) catch @@ -1468,6 +1491,8 @@ handle_A(Pkt, SvcName, Dict, Dict0, App, #request{transport = TPid} = Req) -> answer(Pkt#diameter_packet{errors = [E|Es]}, SvcName, App, Req) end. +%% answer/4 + answer(Pkt, SvcName, #diameter_app{module = ModX, @@ -1568,13 +1593,18 @@ encode(Dict, TPid, Pkt, Fs) -> %% an encoded binary. This isn't the usual case and doesn't properly %% support retransmission but is useful for test. +encode(Dict, TPid, Pkt) + when is_atom(Dict) -> + encode({Dict, Dict}, TPid, Pkt); + %% A message to be encoded. -encode(Dict, TPid, #diameter_packet{bin = undefined} = Pkt) -> +encode(DictT, TPid, #diameter_packet{bin = undefined} = Pkt) -> + {Dict, AppDict} = DictT, try diameter_codec:encode(Dict, Pkt) catch exit: {diameter_codec, encode, T} = Reason -> - incr_error(send, T, TPid, Dict), + incr_error(send, T, TPid, AppDict), exit(Reason) end; @@ -1683,6 +1713,7 @@ resend_request(Pkt0, caps = Caps}, ?LOG(retransmission, Pkt#diameter_packet.header), + incr(TPid, {msg_id(Pkt, Dict), send, retransmission}), TRef = send_request(TPid, Pkt, Req, SvcName, Tmo), {TRef, Req}. diff --git a/lib/diameter/src/diameter.appup.src b/lib/diameter/src/diameter.appup.src index 3b6e259f5a..40580e3ce6 100644 --- a/lib/diameter/src/diameter.appup.src +++ b/lib/diameter/src/diameter.appup.src @@ -46,7 +46,16 @@ {load_module, diameter_gen_base_accounting}, {load_module, diameter_gen_relay}, {load_module, diameter_codec}, - {load_module, diameter_sctp}]} + {load_module, diameter_sctp}]}, + {"1.7", [{load_module, diameter_service}, %% 17.1 + {load_module, diameter_codec}, + {load_module, diameter_gen_base_rfc6733}, + {load_module, diameter_gen_acct_rfc6733}, + {load_module, diameter_gen_base_rfc3588}, + {load_module, diameter_gen_base_accounting}, + {load_module, diameter_gen_relay}, + {load_module, diameter_traffic}, + {load_module, diameter_peer_fsm}]} ], [ {"0.9", [{restart_application, diameter}]}, @@ -75,6 +84,15 @@ {load_module, diameter_peer_fsm}, {load_module, diameter_watchdog}, {load_module, diameter_traffic}, - {load_module, diameter_lib}]} + {load_module, diameter_lib}]}, + {"1.7", [{load_module, diameter_peer_fsm}, + {load_module, diameter_traffic}, + {load_module, diameter_gen_relay}, + {load_module, diameter_gen_base_accounting}, + {load_module, diameter_gen_base_rfc3588}, + {load_module, diameter_gen_acct_rfc6733}, + {load_module, diameter_gen_base_rfc6733}, + {load_module, diameter_codec}, + {load_module, diameter_service}]} ] }. diff --git a/lib/diameter/src/info/diameter_dbg.erl b/lib/diameter/src/info/diameter_dbg.erl index b5b3983afa..b536e5e80b 100644 --- a/lib/diameter/src/info/diameter_dbg.erl +++ b/lib/diameter/src/info/diameter_dbg.erl @@ -32,7 +32,8 @@ compiled/0, procs/0, latest/0, - nl/0]). + nl/0, + sizes/0]). -export([diameter_config/0, diameter_peer/0, @@ -69,7 +70,16 @@ -define(VALUES(Rec), tl(tuple_to_list(Rec))). %% ---------------------------------------------------------- -%% # table(TableName) +%% # sizes/0 +%% +%% Return sizes of named tables. +%% ---------------------------------------------------------- + +sizes() -> + [{T, ets:info(T, size)} || T <- ?LOCAL, T /= diameter_peer]. + +%% ---------------------------------------------------------- +%% # table/1 %% %% Pretty-print a diameter table. Returns the number of records %% printed, or undefined. @@ -97,7 +107,7 @@ split([F|Fs], [V|Vs]) -> {F, Fs, V, Vs}. %% ---------------------------------------------------------- -%% # TableName() +%% # TableName/0 %% ---------------------------------------------------------- -define(TABLE(Name), Name() -> table(Name)). @@ -111,7 +121,7 @@ split([F|Fs], [V|Vs]) -> ?TABLE(diameter_stats). %% ---------------------------------------------------------- -%% # tables() +%% # tables/0 %% %% Pretty-print diameter tables from all nodes. Returns the number of %% records printed. @@ -127,7 +137,7 @@ split(_, Fs, Vs) -> split(Fs, Vs). %% ---------------------------------------------------------- -%% # modules() +%% # modules/0 %% ---------------------------------------------------------- modules() -> @@ -140,49 +150,49 @@ appdir() -> [_|_] = code:lib_dir(?APP, ebin). %% ---------------------------------------------------------- -%% # versions() +%% # versions/0 %% ---------------------------------------------------------- versions() -> ?I:versions(modules()). %% ---------------------------------------------------------- -%% # versions() +%% # version_info/0 %% ---------------------------------------------------------- version_info() -> ?I:version_info(modules()). %% ---------------------------------------------------------- -%% # compiled() +%% # compiled/0 %% ---------------------------------------------------------- compiled() -> ?I:compiled(modules()). %% ---------------------------------------------------------- -%% procs() +%% # procs/0 %% ---------------------------------------------------------- procs() -> ?I:procs(?APP). %% ---------------------------------------------------------- -%% # latest() +%% # latest/0 %% ---------------------------------------------------------- latest() -> ?I:latest(modules()). %% ---------------------------------------------------------- -%% # nl() +%% # nl/0 %% ---------------------------------------------------------- nl() -> lists:foreach(fun(M) -> abcast = c:nl(M) end, modules()). %% ---------------------------------------------------------- -%% # pp(Bin) +%% # pp/1 %% %% Description: Pretty-print a message binary. %% ---------------------------------------------------------- @@ -317,7 +327,7 @@ ppp({Field, Value}) -> io:format(": ~-22s : ~p~n", [Field, Value]). %% ---------------------------------------------------------- -%% # subscriptions() +%% # subscriptions/0 %% %% Returns a list of {SvcName, Pid}. %% ---------------------------------------------------------- @@ -326,7 +336,7 @@ subscriptions() -> diameter_service:subscriptions(). %% ---------------------------------------------------------- -%% # children() +%% # children/0 %% ---------------------------------------------------------- children() -> diff --git a/lib/diameter/vsn.mk b/lib/diameter/vsn.mk index 560c2aed50..4e54e4eafc 100644 --- a/lib/diameter/vsn.mk +++ b/lib/diameter/vsn.mk @@ -18,5 +18,5 @@ # %CopyrightEnd% APPLICATION = diameter -DIAMETER_VSN = 1.7 +DIAMETER_VSN = 1.7.1 APP_VSN = $(APPLICATION)-$(DIAMETER_VSN)$(PRE_VSN) diff --git a/lib/inets/doc/src/httpd.xml b/lib/inets/doc/src/httpd.xml index 3830b2e5ab..4ca038cc99 100644 --- a/lib/inets/doc/src/httpd.xml +++ b/lib/inets/doc/src/httpd.xml @@ -139,7 +139,7 @@ <marker id="prop_server_root"></marker> <tag>{server_root, path()} </tag> <item> - <p>Defines the servers home directory where log files etc can + <p>Defines the server's home directory where log files etc can be stored. Relative paths specified in other properties refer to this directory. </p> </item> @@ -904,7 +904,7 @@ bytes <p>Fetches information about the HTTP server. When called with only the pid all properties are fetched, when called with a list of specific properties they are fetched. - Available properties are the same as the servers start options. + Available properties are the same as the server's start options. </p> <note><p>Pid is the pid returned from inets:start/[2,3]. @@ -930,7 +930,7 @@ bytes <p>Fetches information about the HTTP server. When called with only the Address and Port all properties are fetched, when called with a list of specific properties they are fetched. - Available properties are the same as the servers start + Available properties are the same as the server's start options. </p> @@ -956,7 +956,7 @@ bytes server. Incoming requests will be answered with a temporary down message during the time the it takes to reload.</p> - <note><p>Available properties are the same as the servers + <note><p>Available properties are the same as the server's start options, although the properties bind_address and port can not be changed.</p></note> @@ -1068,7 +1068,7 @@ bytes <type> <v>OldData = list()</v> <v>NewData = [{response,{StatusCode,Body}}] | [{response,{response,Head,Body}}] | [{response,{already_sent,Statuscode,Size}}] </v> - <v>StausCode = integer()</v> + <v>StatusCode = integer()</v> <v>Body = io_list() | nobody | {Fun, Arg}</v> <v>Head = [HeaderOption]</v> <v>HeaderOption = {Option, Value} | {code, StatusCode}</v> diff --git a/lib/inets/src/inets_app/inets.appup.src b/lib/inets/src/inets_app/inets.appup.src index 6991fb6d04..4bc49e1e67 100644 --- a/lib/inets/src/inets_app/inets.appup.src +++ b/lib/inets/src/inets_app/inets.appup.src @@ -17,6 +17,10 @@ %% %CopyrightEnd% {"%VSN%", [ + {"5.10.2", + [ + {load_module, httpd_request_handler, soft_purge, soft_purge, + []}]}, {"5.10.1", [{load_module, httpc_handler, soft_purge, soft_purge, []}, {load_module, httpd, soft_purge, soft_purge, []}, @@ -34,6 +38,10 @@ {<<"5\\..*">>,[{restart_application, inets}]} ], [ + {"5.10.2", + [ + {load_module, httpd_request_handler, soft_purge, soft_purge, + []}]}, {"5.10.1", [{load_module, httpc_handler, soft_purge, soft_purge, []}, {load_module, httpd, soft_purge, soft_purge, []}, diff --git a/lib/ose/doc/src/ose_intro.xml b/lib/ose/doc/src/ose_intro.xml index b5e3ef8b33..0ed470890b 100644 --- a/lib/ose/doc/src/ose_intro.xml +++ b/lib/ose/doc/src/ose_intro.xml @@ -65,7 +65,7 @@ erl /home/erlang --</code> <p> - The arguments are printed on seperate lines to make it possible to know + The arguments are printed on separate lines to make it possible to know what has to be quoted with ". Each line is one quotable unit. So taking the arguments above you can supply them to pm_create or just execute directly on the command line. For example:</p> @@ -75,7 +75,7 @@ pid: 0x110059 rtose@acp3400> pm_start 0x110059</code> <p> Also note that since we are running erl to figure out the arguments on a - seperate machine the paths have to be updated. In the example above + separate machine the paths have to be updated. In the example above <c>/usr/local/lib/erlang</c> was replaced by <c>/mst/erlang/</c>. The goal is to in future releases not have to do the special argument handling but for now (OTP 17.0) you have to do it. diff --git a/lib/public_key/doc/src/public_key.xml b/lib/public_key/doc/src/public_key.xml index 88b1a9248e..c1ea33f735 100644 --- a/lib/public_key/doc/src/public_key.xml +++ b/lib/public_key/doc/src/public_key.xml @@ -431,10 +431,12 @@ <name>pkix_path_validation(TrustedCert, CertChain, Options) -> {ok, {PublicKeyInfo, PolicyTree}} | {error, {bad_cert, Reason}} </name> <fsummary> Performs a basic path validation according to RFC 5280.</fsummary> <type> - <v> TrustedCert = #'OTPCertificate'{} | der_encode() | unknown_ca | selfsigned_peer </v> - <d>Normally a trusted certificate but it can also be one of the path validation - errors <c>unknown_ca </c> or <c>selfsigned_peer </c> that can be discovered while - constructing the input to this function and that should be run through the <c>verify_fun</c>.</d> + <v> TrustedCert = #'OTPCertificate'{} | der_encode() | atom() </v> + <d>Normally a trusted certificate but it can also be a path validation + error that can be discovered while + constructing the input to this function and that should be run through the <c>verify_fun</c>. + For example <c>unknown_ca </c> or <c>selfsigned_peer </c> + </d> <v> CertChain = [der_encode()]</v> <d>A list of DER encoded certificates in trust order ending with the peer certificate.</d> <v> Options = proplists:proplist()</v> @@ -442,8 +444,8 @@ rsa_public_key() | integer(), 'NULL' | 'Dss-Parms'{}}</v> <v> PolicyTree = term() </v> <d>At the moment this will always be an empty list as Policies are not currently supported</d> - <v> Reason = cert_expired | invalid_issuer | invalid_signature | unknown_ca | - selfsigned_peer | name_not_permitted | missing_basic_constraint | invalid_key_usage | crl_reason() + <v> Reason = cert_expired | invalid_issuer | invalid_signature | name_not_permitted | + missing_basic_constraint | invalid_key_usage | {revoked, crl_reason()} | atom() </v> </type> <desc> @@ -464,7 +466,7 @@ <code> fun(OtpCert :: #'OTPCertificate'{}, - Event :: {bad_cert, Reason :: atom()} | + Event :: {bad_cert, Reason :: atom() | {revoked, atom()}} | {extension, #'Extension'{}}, InitialUserState :: term()) -> {valid, UserState :: term()} | @@ -493,6 +495,35 @@ fun(OtpCert :: #'OTPCertificate'{}, on. </item> </taglist> + + <p> Possible reasons for a bad certificate are: </p> + <taglist> + <tag>cert_expired</tag> + <item>The certificate is no longer valid as its expiration date has passed.</item> + + <tag>invalid_issuer</tag> + <item>The certificate issuer name does not match the name of the issuer certificate in the chain.</item> + + <tag>invalid_signature</tag> + <item>The certificate was not signed by its issuer certificate in the chain.</item> + + <tag>name_not_permitted</tag> + <item>Invalid Subject Alternative Name extension.</item> + + <tag>missing_basic_constraint</tag> + <item>Certificate, required to have the basic constraints extension, does not have + a basic constraints extension.</item> + + <tag>invalid_key_usage</tag> + <item>Certificate key is used in an invalid way according to the key usage extension.</item> + + <tag>{revoked, crl_reason()}</tag> + <item>Certificate has been revoked.</item> + + <tag>atom()</tag> + <item>Application specific error reason that should be checked by the verify_fun</item> + </taglist> + </desc> </func> diff --git a/lib/snmp/.gitignore b/lib/snmp/.gitignore index 650c1d6865..aef73491a4 100644 --- a/lib/snmp/.gitignore +++ b/lib/snmp/.gitignore @@ -5,5 +5,4 @@ *.rej doc/index.html - - +mibs/.index diff --git a/lib/snmp/doc/src/snmp_agent_config_files.xml b/lib/snmp/doc/src/snmp_agent_config_files.xml index 1e8e879814..1e938c0dc8 100644 --- a/lib/snmp/doc/src/snmp_agent_config_files.xml +++ b/lib/snmp/doc/src/snmp_agent_config_files.xml @@ -4,7 +4,7 @@ <chapter> <header> <copyright> - <year>1997</year><year>2013</year> + <year>1997</year><year>2014</year> <holder>Ericsson AB. All Rights Reserved.</holder> </copyright> <legalnotice> @@ -102,20 +102,41 @@ <p><c>AgentVariable</c> is one of the variables is SNMP-FRAMEWORK-MIB or one of the internal variables <c>intAgentUDPPort</c>, which defines which UDP port the agent - listens to, or <c>intAgentIpAddress</c>, which defines the IP - address of the agent. </p> + listens to, or <c>intAgentTransports</c>, which defines the + transport domains and addresses of the agent. </p> </item> <item> <p><c>Value</c> is the value for the variable.</p> </item> </list> - <p>The following example shows a <c>agent.conf</c> file: </p> + <p>The following example shows an <c>agent.conf</c> file: </p> <pre> {intAgentUDPPort, 4000}. -{intAgentIpAddress,[141,213,11,24]}. +{intAgentTransports, + [{transportDomainUdpIpv4, {141,213,11,24}}, + {transportDomainUdpIpv6, {0,0,0,0,0,0,0,1}}]}. {snmpEngineID, "mbj's engine"}. {snmpEngineMaxPacketSize, 484}. </pre> + <p>The value of <c>intAgentTransports</c> is a list of + <c>{Domain, Addr}</c> tuples, where <c>Domain</c> + is either <c>transportDomainUdpIpv4</c> or <c>transportDomainUdpIpv6</c>, + and <c>Addr</c> is the address in the domain. + <c>Addr</c> can be specified either as an + <c>IpAddr</c> or as an <c>{IpAddr, IpPort}</c> tuple. + <c>IpAddr</c> is either a regular Erlang/OTP + <seealso marker="kernel:inet#type-ip_address"><c>ip_address()</c></seealso> + or a traditional SNMP integer list and <c>IpPort</c> is an integer. + </p> + + <p>When the <c>Addr</c> value does not contain a port number, + the value of <c>intAgentUDPPort</c> is used.</p> + + <p>The legacy and intermediate variables <c>intAgentIpAddress</c> + and <c>intAgentTransportDomain</c> are still supported so old + <c>agent.conf</c> files will work. + </p> + <p>The value of <c>snmpEngineID</c> is a string, which for a deployed agent should have a very specific structure. See RFC 2271/2571 for details.</p> @@ -362,9 +383,9 @@ SNMP-TARGET-MIB and <c>snmpTargetAddrExtTable</c> in the SNMP-COMMUNITY-MIB. </p> <p>Each entry is a term: </p> - <p><c>{TargetName, Ip, Udp, Timeout, RetryCount, TagList, ParamsName, EngineId}.</c> <br></br> or <br></br> -<c>{TargetName, Ip, Udp, Timeout, RetryCount, TagList, ParamsName, EngineId, TMask, MaxMessageSize}.</c> <br></br> or <br></br> -<c>{TargetName, Domain, Ip, Udp, Timeout, RetryCount, TagList, ParamsName, EngineId, TMask, MaxMessageSize}.</c> </p> + <p><c>{TargetName, Domain, Addr, Timeout, RetryCount, TagList, ParamsName, EngineId}.</c> + <br></br> or <br></br> + <c>{TargetName, Domain, Addr, Timeout, RetryCount, TagList, ParamsName, EngineId, TMask, MaxMessageSize}.</c> </p> <list type="bulleted"> <item> <p><c>TargetName</c> is a unique non-empty string. </p> @@ -374,11 +395,14 @@ <c>transportDomainUdpIpv4</c> | <c>transportDomainUdpIpv6</c>. </p> </item> <item> - <p><c>Ip</c> is a list of four or eight integers. </p> - </item> - <item> - <p><c>Udp</c> is an integer. </p> + <p><c>Addr</c> is either an <c>IpAddr</c> or + an <c>{IpAddr, IpPort}</c> tuple. <c>IpAddr</c> is either + a regular Erlang/OTP + <seealso marker="kernel:inet#type-ip_address"><c>ip_address()</c></seealso> + or a traditional SNMP integer list, and <c>IpPort</c> is an integer.</p> + <p>If <c>IpPort</c> is omitted <c>162</c> is used.</p> </item> + <item> <p><c>Timeout</c> is an integer. </p> </item> @@ -395,13 +419,17 @@ <p><c>EngineId</c> is a string or the atom <c>discovery</c>. </p> </item> <item> - <p><c>TMask</c> is a list of integer() of size 0, - size 6 or size 10 (default: []). </p> + <p><c>TMask</c> is specified just as <c>Addr</c> or as <c>[]</c>. + Note in particular that using a list of 6 bytes for IPv4 + or 8 words plus 2 bytes for IPv6 are still valid address formats + so old configurations will work.</p> </item> <item> <p><c>MaxMessageSize</c> is an integer (default: 2048). </p> </item> </list> + <p>The old tuple formats with <c>Ip</c> address and <c>Udp</c> + port number found in old configurations still work.</p> <p>Note that if <c>EngineId</c> has the value <c>discovery</c>, the agent cannot send <c>inform</c> messages to that manager until it has performed the diff --git a/lib/snmp/doc/src/snmp_agent_netif.xml b/lib/snmp/doc/src/snmp_agent_netif.xml index fccfc8857a..a9ce05e757 100644 --- a/lib/snmp/doc/src/snmp_agent_netif.xml +++ b/lib/snmp/doc/src/snmp_agent_netif.xml @@ -4,7 +4,7 @@ <chapter> <header> <copyright> - <year>1997</year><year>2013</year> + <year>1997</year><year>2014</year> <holder>Ericsson AB. All Rights Reserved.</holder> </copyright> <legalnotice> @@ -51,7 +51,8 @@ </p> <p>It is also possible to write your own Net if process. The default Net if process is implemented in the module <c>snmpa_net_if</c> and - it uses UDP as the transport protocol. + it uses UDP as the transport protocol i.e the transport domains + <c>transportDomainUdpIpv4</c> and/or <c>transportDomainUdpIpv6</c>. </p> <p>This section describes how to write a Net if process. </p> @@ -70,6 +71,12 @@ <p>The section <em>Messages</em> describes mandatory messages, which Net if must send and be able to receive. </p> + <p>In this section an <c>Address</c> field is a + <c>{Domain, Addr}</c> tuple where <c>Domain</c> is + <c>transportDomainUdpIpv4</c> or <c>transportDomainUdpIpv4</c>, + and <c>Addr</c> is an + <c>{<seealso marker="kernel:inet#type-ip_address">IpAddr</seealso>, + IpPort}</c> tuple.</p> <section> <marker id="outgoing_messages"></marker> @@ -96,10 +103,7 @@ MasterAgent ! {snmp_pdu, Vsn, Pdu, PduMS, ACMData, From, Extra} in use. Normally this is returned from <c>snmpa_mpd:process_packet</c> (see Reference Manual). </item> - <item><c>From</c> is the source address. If UDP over IP is - used, this should be a 2-tuple <c>{IP, UDPport}</c>, where - <c>IP</c> is a 4-tuple with the IP address, and <c>UDPport</c> - is an integer. + <item><c>From</c> is the source <c>Address</c>. </item> <item><c>Extra</c> is any term the Net if process wishes to send to the agent. This term can be retrieved by the @@ -127,10 +131,7 @@ Pid ! {snmp_response_received, Vsn, Pdu, From} </item> <item><c>Pdu</c> is the SNMP Pdu received </item> - <item><c>From</c> is the source address. If UDP over IP is - used, this should be a 2-tuple <c>{IP, UDPport}</c>, where - <c>IP</c> is a 4-tuple with the IP address, and <c>UDPport</c> - is an integer. + <item><c>From</c> is the source <c>Address</c>. </item> </list> </section> @@ -168,10 +169,9 @@ Pid ! {snmp_response_received, Vsn, Pdu, From} (see Reference Manual). </p> </item> <item> - <p><c>To</c> is the destination address. If UDP over IP - is used, this should be a 2-tuple <c>{IP, UDPport}</c>, - where <c>IP</c> is a 4-tuple with the IP address, and - <c>UDPport</c> is an integer. </p> + <p><c>To</c> is the destination <c>Address</c> that comes + from the <c>From</c> field in the corresponding <c>snmp_pdu</c> + message previously sent to the MasterAgent.</p> </item> <item> <p><c>Extra</c> is the term that the Net if process @@ -230,7 +230,8 @@ Pid ! {snmp_response_received, Vsn, Pdu, From} SNMPv3, it is the context information. </p> </item> <item> - <p><c>To</c> is a list of the destination addresses and + <p><c>To</c> is a list of <c>{Address, SecData}</c> + tuples i.e the destination addresses and their corresponding security parameters. This value is normally sent to <c>snmpa_mpd:generate_message/4</c>. </p> </item> @@ -268,7 +269,8 @@ Pid ! {snmp_response_received, Vsn, Pdu, From} SNMPv3, it is the context information. </p> </item> <item> - <p><c>To</c> is a list of the destination addresses and + <p><c>To</c> is a list of <c>{Address, SecData}</c> + tuples i.e the destination addresses and their corresponding security parameters. This value is normally sent to <c>snmpa_mpd:generate_message/4</c>. </p> </item> diff --git a/lib/snmp/doc/src/snmp_manager_config_files.xml b/lib/snmp/doc/src/snmp_manager_config_files.xml index 486ef7c170..d8bd4b0f3a 100644 --- a/lib/snmp/doc/src/snmp_manager_config_files.xml +++ b/lib/snmp/doc/src/snmp_manager_config_files.xml @@ -4,7 +4,7 @@ <chapter> <header> <copyright> - <year>2004</year><year>2013</year> + <year>2004</year><year>2014</year> <holder>Ericsson AB. All Rights Reserved.</holder> </copyright> <legalnotice> @@ -64,13 +64,42 @@ <item> <p><c>Variable</c> is one of the following:</p> <list type="bulleted"> - <item> - <p><c>address</c> - which defines the IP address of the - manager. Default is local host.</p> - </item> + <item> + <p><c>transports</c> - which defines the transport domains + and their addresses for the manager. <em>Mandatory</em> + </p> + <p><c>Value</c> is a list of <c>{Domain, Addr}</c> tuples + or <c>Domain</c> atoms. + </p> + <list type="bulleted"> + <item> + <p><c>Domain</c> is one of <c>transportDomainUdpIpv4</c> + or <c>transportDomainUdpIpv6</c>.</p> + </item> + <item> + <p><c>Addr</c> is for the currently supported domains + either an <c>IpAddr</c> or an <c>{IpAddr, IpPort}</c> + tuple.<c>IpAddr</c> is either a regular Erlang/OTP + <seealso marker="kernel:inet#type-ip_address"> + <c>ip_address()</c></seealso> or a traditional SNMP integer list + and <c>IpPort</c> is an integer. + </p> + <p>When <c>Addr</c> does not contain a port number, + the value of <c>port</c> is used. + </p> + <p>When a <c>Addr</c> is not specified i.e by + using only a <c>Domain</c> atom, the host's name + is resolved to find the IP address, and the value of + <c>port</c> is used. + </p> + </item> + </list> + </item> <item> <p><c>port</c> - which defines which UDP port the manager uses - for communicating with agents. <em>Mandatory</em>.</p> + for communicating with agents. + <em>Mandatory</em> if <c>transports</c> does not define + a port number for every transport.</p> </item> <item> <p><c>engine_id</c> - The <c>SnmpEngineID</c> as defined in @@ -87,11 +116,13 @@ </p> </item> </list> + <p>The legacy and intermediate variables <c>address</c> and <c>domain</c> + are still supported so old configurations will work.</p> <p>The following example shows a <c>manager.conf</c> file: </p> <pre> -{address, [141,213,11,24]}. -{port, 5000}. +{transports, [{transportDomainUdpIpv4, {{141,213,11,24}, 5000}}, + {transportDomainUdpIpv6, {{0,0,0,0,0,0,0,1}, 5000}}]}. {engine_id, "mgrEngine"}. {max_message_size, 484}. </pre> @@ -146,7 +177,7 @@ </p> <p>Each entry is a tuple: </p> - <p><c>{UserId, TargetName, Comm, Ip, Port, EngineID, Timeout, MaxMessageSize, Version, SecModel, SecName, SecLevel}.</c></p> + <p><c>{UserId, TargetName, Comm, Domain, Addr, EngineID, Timeout, MaxMessageSize, Version, SecModel, SecName, SecLevel}.</c></p> <list type="bulleted"> <item> <p><c>UserId</c> is the identity of the <em>manager user</em> @@ -160,10 +191,17 @@ <p><c>Comm</c> is the community string (string).</p> </item> <item> - <p><c>Ip</c> is the ip address of the agent (a list of four integers).</p> + <p><c>Domain</c> is the transport domain, either + <c>transportDomainUdpIpv4</c> or <c>transportDomainUdpIpv6</c>.</p> </item> <item> - <p><c>Port</c> is the port number of the agent (integer).</p> + <p><c>Addr</c> is the address in the transport domain, + either an <c>{IpAddr, IpPort}</c> tuple or a traditional SNMP + integer list containing port number. <c>IpAddr</c> is either + a regular Erlang/OTP + <seealso marker="kernel:inet#type-ip_address"><c>ip_address()</c></seealso> + or a traditional SNMP integer list not containing port number, + and <c>IpPort</c> is an integer.</p> </item> <item> <p><c>EngineID</c> is the engine-id of the agent (string).</p> @@ -190,6 +228,9 @@ authPriv).</p> </item> </list> + <p>Legacy configurations using tuples without <c>Domain</c> element, + as well as with all <c>TDomain</c>, <c>Ip</c> and <c>Port</c> elements + still work.</p> </section> <section> diff --git a/lib/snmp/doc/src/snmp_manager_netif.xml b/lib/snmp/doc/src/snmp_manager_netif.xml index 757ed32880..97cedf00c0 100644 --- a/lib/snmp/doc/src/snmp_manager_netif.xml +++ b/lib/snmp/doc/src/snmp_manager_netif.xml @@ -4,7 +4,7 @@ <chapter> <header> <copyright> - <year>2004</year><year>2013</year> + <year>2004</year><year>2014</year> <holder>Ericsson AB. All Rights Reserved.</holder> </copyright> <legalnotice> @@ -50,13 +50,14 @@ <p>The snmp application provides two different modules, <c>snmpm_net_if</c> (the default) and <c>snmpm_net_if_mt</c>, - both uses the UDP as the transport protocol. The difference - between the two modules is that the latter is "multi-threaded", - i.e. for each message/request a new process is created that - process the message/request and then exits. </p> + both uses UDP as the transport protocol i.e the transport domains + <c>transportDomainUdpIpv4</c> and/or <c>transportDomainUdpIpv6</c>. + The difference between the two modules is that the latter is + "multi-threaded", i.e. for each message/request a new process + is created that processes the message/request and then exits. </p> - <p>It is also possible to write your own Net if process, - this section describes how to write a Net if processdo that.</p> + <p>It is also possible to write your own Net if process and + this section describes how to do that.</p> <section> <marker id="mandatory_functions"></marker> @@ -70,11 +71,17 @@ <p>The section <em>Messages</em> describes mandatory messages, which Net if must send to the manager server process. </p> + <p>In this section a <c>Domain</c> field is the transport domain i.e + one of <c>transportDomainUdpIpv4</c> or <c>transportDomainUdpIpv6</c>, + and an <c>Addr</c> field is an + <c>{<seealso marker="kernel:inet#type-ip_address">IpAddr</seealso>, + IpPort}</c> tuple.</p> + <p>Net if must send the following message when it receives an SNMP PDU from the network that is aimed for the MasterAgent: </p> <pre> -Server ! {snmp_pdu, Pdu, Addr, Port} +Server ! {snmp_pdu, Pdu, Domain, Addr} </pre> <list type="bulleted"> <item> @@ -82,14 +89,14 @@ Server ! {snmp_pdu, Pdu, Addr, Port} <c>snmp_types.hrl</c>, with the SNMP request.</p> </item> <item> - <p><c>Addr</c> is the source address. </p> + <p><c>Domain</c> is the source transport domain. </p> </item> <item> - <p><c>Port</c> is port number of the sender.</p> + <p><c>Addr</c> is the source address. </p> </item> </list> <pre> -Server ! {snmp_trap, Trap, Addr, Port} +Server ! {snmp_trap, Trap, Domain, Addr} </pre> <list type="bulleted"> <item> @@ -97,14 +104,14 @@ Server ! {snmp_trap, Trap, Addr, Port} as defined in <c>snmp_types.hrl</c>, with the SNMP request.</p> </item> <item> - <p><c>Addr</c> is the source address. </p> + <p><c>Domain</c> is the source transport domain. </p> </item> <item> - <p><c>Port</c> is port number of the sender.</p> + <p><c>Addr</c> is the source address. </p> </item> </list> <pre> -Server ! {snmp_inform, Ref, Pdu, PduMS, Addr, Port} +Server ! {snmp_inform, Ref, Pdu, PduMS, Domain, Addr} </pre> <list type="bulleted"> <item> @@ -123,14 +130,14 @@ Server ! {snmp_inform, Ref, Pdu, PduMS, Addr, Port} <c>snmp_types.hrl</c>, with the SNMP request.</p> </item> <item> - <p><c>Addr</c> is the source address. </p> + <p><c>Domain</c> is the source transport domain. </p> </item> <item> - <p><c>Port</c> is port number of the sender.</p> + <p><c>Addr</c> is the source address. </p> </item> </list> <pre> -Server ! {snmp_report, Data, Addr, Port} +Server ! {snmp_report, Data, Domain, Addr} </pre> <list type="bulleted"> <item> @@ -152,10 +159,10 @@ Server ! {snmp_report, Data, Addr, Port} <p><c>ReasonInfo</c> is a term().</p> </item> <item> - <p><c>Addr</c> is the source address. </p> + <p><c>Domain</c> is the source transport domain. </p> </item> <item> - <p><c>Port</c> is port number of the sender.</p> + <p><c>Addr</c> is the source address. </p> </item> </list> diff --git a/lib/snmp/doc/src/snmp_target_mib.xml b/lib/snmp/doc/src/snmp_target_mib.xml index be6fa15c73..a076ff2d8e 100644 --- a/lib/snmp/doc/src/snmp_target_mib.xml +++ b/lib/snmp/doc/src/snmp_target_mib.xml @@ -4,7 +4,7 @@ <erlref> <header> <copyright> - <year>1998</year><year>2013</year> + <year>1998</year><year>2014</year> <holder>Ericsson AB. All Rights Reserved.</holder> </copyright> <legalnotice> @@ -38,18 +38,18 @@ functions for the SNMP-TARGET-MIB, and functions for configuring the database. </p> <p>The configuration files are described in the SNMP User's Manual.</p> + <p>Legacy API functions <c>add_addr/10</c> that does not specify + transport domain, and <c>add_addr/11</c> that has got separate + <c>IpAddr</c> and <c>PortNumber</c> arguments still work as before + for backwards compatibility reasons.</p> <marker id="types"></marker> </description> <section> <title>DATA TYPES</title> - <code type="none"><![CDATA[ -transportDomain() = transportDomainUdpIpv4 | transportDomainUdpIpv6 -transportAddressIPv4() = [integer()], length 4 -transportAddressIPv6() = [integer()], length 8 -transportAddressMask() = [integer()], length 0 (default), 6 (IPv4) or 10 (IPv6) - ]]></code> + <p>See the <seealso marker="snmpa_conf#types"> + data types in <c>snmpa_conf</c></seealso>.</p> <marker id="configure"></marker> </section> @@ -129,20 +129,18 @@ transportAddressMask() = [integer()], length 0 (default), 6 (IPv4) or 10 (IPv6) </func> <func> - <name>add_addr(Name, Ip, Port, Timeout, Retry, TagList, Params, EngineId, TMask, MMS) -> Ret</name> - <name>add_addr(Name, Domain, Ip, Port, Timeout, Retry, TagList, Params, EngineId, TMask, MMS) -> Ret</name> + <name>add_addr(Name, Domain, Addr, Timeout, Retry, TagList, Params, EngineId, TMask, MMS) -> Ret</name> <fsummary>Add one target address definition</fsummary> <type> <v>Name = string()</v> <v>Domain = transportDomain()</v> - <v>Ip = transportAddressIPv4() | transportAddressIPv6() (depends on the value of Domain)</v> - <v>Port = integer()</v> + <v>Addr = transportAddress() % Default port is 162</v> <v>Timeout = integer()</v> <v>Retry = integer()</v> <v>TagList = string()</v> <v>ParamsName = string()</v> <v>EngineId = string()</v> - <v>TMask = transportAddressMask() (depends on Domain)</v> + <v>TMask = transportAddressMask() % Depends on Domain</v> <v>MMS = integer()</v> <v>Ret = {ok, Key} | {error, Reason}</v> <v>Key = term()</v> diff --git a/lib/snmp/doc/src/snmpa_conf.xml b/lib/snmp/doc/src/snmpa_conf.xml index 99a56cd601..2780cec156 100644 --- a/lib/snmp/doc/src/snmpa_conf.xml +++ b/lib/snmp/doc/src/snmpa_conf.xml @@ -4,7 +4,7 @@ <erlref> <header> <copyright> - <year>2006</year><year>2013</year> + <year>2006</year><year>2014</year> <holder>Ericsson AB. All Rights Reserved.</holder> </copyright> <legalnotice> @@ -45,20 +45,56 @@ <title>DATA TYPES</title> <code type="none"><![CDATA[ transportDomain() = transportDomainUdpIpv4 | transportDomainUdpIpv6 -transportAddressIPv4() = [integer()], length 4 -transportAddressIPv6() = [integer()], length 8 -transportAddressMask() = [integer()], length 0 (default), 6 (IPv4) or 10 (IPv6) + +transportAddress() = + transportAddressIPv4() | transportAddressIPv6() + +transportAddressWithPort() = + transportAddressIPv4WithPort() | transportAddressIPv6WithPort() + +transportAddressWithoutPort() = + transportAddressIPv4WithoutPort() | transportAddressIPv6WithoutPort() + +transportAddressIPv4() = + transportAddressIPv4WithPort() | transportAddressIPv4WithoutPort() +transportAddressIPv4WithPort = + {transportAddressIPv4WithoutPort(), inet:port_number()} | + [byte() x 4, byte() x 2] +transportAddressIPv4WithoutPort = + inet:ip4_address() | [byte() x 4] + +transportAddressIPv6() = + transportAddressIPv6WithPort() | transportAddressIPv6WithoutPort() +transportAddressIPv6WithPort = + {transportAddressIPv6WithoutPort(), inet:port_number()} | + [word() x 8, inet:port_number()] | + [word() x 8, byte() x 2] | + {byte() x 16, byte() x 2] +transportAddressIPv6WithoutPort = + inet:ip6_address() | [word() x 8] | [byte() x 16] + +transportAddressMask() = + [] | transportAddressWithPort() + +byte() = 0..255 +word() = 0..65535 ]]></code> + <p>For <c>inet:ip4_address()</c>, <c>inet:ip6_address()</c> + and <c>inet:port_number()</c>, see also + <seealso marker="kernel:inet#type-ip_address"> + <c>inet:ip_address()</c></seealso></p> <marker id="agent_entry"></marker> </section> + + <funcs> <func> <name>agent_entry(Tag, Val) -> agent_entry()</name> <fsummary>Create an agent entry</fsummary> <type> - <v>Tag = intAgentIpAddress | intAgentUDPPort | intAgentMaxPacketSize | snmpEngineMaxMessageSize | snmpEngineID</v> + <v>Tag = intAgentTransports | intAgentUDPPort | intAgentMaxPacketSize | snmpEngineMaxMessageSize | snmpEngineID</v> <v>Val = term()</v> <v>agent_entry() = term()</v> </type> @@ -390,17 +426,15 @@ transportAddressMask() = [integer()], length 0 (default), 6 (IPv4) or 10 (IPv6) </func> <func> - <name>target_addr_entry(Name, Ip, TagList, ParamsName, EngineId) -> target_addr_entry()</name> - <name>target_addr_entry(Name, Ip, TagList, ParamsName, EngineId, TMask) -> target_addr_entry()</name> - <name>target_addr_entry(Name, Ip, Udp, TagList, ParamsName, EngineId, TMask, MaxMessageSize) -> target_addr_entry()</name> - <name>target_addr_entry(Name, Ip, Udp, Timeout, RetryCount, TagList, ParamsName, EngineId, TMask, MaxMessageSize) -> target_addr_entry()</name> - <name>target_addr_entry(Name, Domain, Ip, Udp, Timeout, RetryCount, TagList, ParamsName, EngineId, TMask, MaxMessageSize) -> target_addr_entry()</name> + <name>target_addr_entry(Name, Domain, Addr, TagList, ParamsName, EngineId) -> target_addr_entry()</name> + <name>target_addr_entry(Name, Domain, Addr, TagList, ParamsName, EngineId, TMask) -> target_addr_entry()</name> + <name>target_addr_entry(Name, Domain, Addr, TagList, ParamsName, EngineId, TMask, MaxMessageSize) -> target_addr_entry()</name> + <name>target_addr_entry(Name, Domain, Addr, Timeout, RetryCount, TagList, ParamsName, EngineId, TMask, MaxMessageSize) -> target_addr_entry()</name> <fsummary>Create an target_addr entry</fsummary> <type> <v>Name = string()</v> <v>Domain = transportDomain()</v> - <v>Ip = transportAddressIPv4() | transportAddressIPv6() (depends on Domain)</v> - <v>Udp = integer()</v> + <v>Ip = transportAddress() (depends on Domain)</v> <v>Timeout = integer()</v> <v>RetryCount = integer()</v> <v>TagList = string()</v> @@ -414,12 +448,12 @@ transportAddressMask() = [integer()], length 0 (default), 6 (IPv4) or 10 (IPv6) <p>Create an entry for the agent target_addr config file, <c>target_addr.conf</c>. </p> <p><c>Name</c> must be a <em>non-empty</em> string. </p> - <p><c>target_addr_entry/5</c> translates to the following call: - <c>target_addr_entry(Name, Ip, TagList, ParamsName, EngineId)</c>. </p> <p><c>target_addr_entry/6</c> translates to the following call: - <c>target_addr_entry(Name, Ip, 162, TagList, ParamsName, EngineId, TMask, 2048)</c>. </p> + <c>target_addr_entry(Name, Domain, Addr, TagList, ParamsName, EngineId, [])</c>. </p> + <p><c>target_addr_entry/7</c> translates to the following call: + <c>target_addr_entry(Name, Domain, Addr, TagList, ParamsName, EngineId, TMask, 2048)</c>. </p> <p><c>target_addr_entry/8</c> translates to the following call: - <c>target_addr_entry(Name, Ip, Udp, 1500, 3, TagList, ParamsName, EngineId, TMask, MaxMessageSize)</c>. </p> + <c>target_addr_entry(Name, Domain, Addr, 1500, 3, TagList, ParamsName, EngineId, TMask, MaxMessageSize)</c>. </p> <p>See <seealso marker="snmp_agent_config_files#target_addr">Target Address Definitions</seealso> for more info. </p> diff --git a/lib/snmp/doc/src/snmpa_mpd.xml b/lib/snmp/doc/src/snmpa_mpd.xml index c5ab0a0520..518100d30c 100644 --- a/lib/snmp/doc/src/snmpa_mpd.xml +++ b/lib/snmp/doc/src/snmpa_mpd.xml @@ -4,7 +4,7 @@ <erlref> <header> <copyright> - <year>1999</year><year>2013</year> + <year>1999</year><year>2014</year> <holder>Ericsson AB. All Rights Reserved.</holder> </copyright> <legalnotice> @@ -43,6 +43,12 @@ <marker id="init"></marker> </description> + <section> + <title>DATA TYPES</title> + <p>See the <seealso marker="snmpa_conf#types"> + data types in <c>snmpa_conf</c></seealso>.</p> + </section> + <funcs> <func> <name>init(Vsns) -> mpd_state()</name> @@ -63,16 +69,17 @@ </func> <func> - <name>process_packet(Packet, TDomain, TAddress, State, NoteStore, Log) -> {ok, Vsn, Pdu, PduMS, ACMData} | {discarded, Reason} | {discovery, DiscoPacket}</name> - <name>process_packet(Packet, TDomain, TAddress, LocalEngineID, State, NoteStore, Log) -> {ok, Vsn, Pdu, PduMS, ACMData} | {discarded, Reason} | {discovery, DiscoPacket}</name> + <name>process_packet(Packet, From, State, NoteStore, Log) -> {ok, Vsn, Pdu, PduMS, ACMData} | {discarded, Reason} | {discovery, DiscoPacket}</name> + <name>process_packet(Packet, From, LocalEngineID, State, NoteStore, Log) -> {ok, Vsn, Pdu, PduMS, ACMData} | {discarded, Reason} | {discovery, DiscoPacket}</name> <fsummary>Process a packet received from the network</fsummary> <type> <v>Packet = binary()</v> - <v>TDomain = snmpUDPDomain</v> - <v>TAddress = {Ip, Udp}</v> + <v>From = {TDomain, TAddr}</v> + <v>TDomain = transportDomainUdpIpv4 | transportDomainUdpIpv6</v> + <v>TAddr = {IpAddr, IpPort}</v> <v>LocalEngineID = string()</v> - <v>Ip = {integer(), integer(), integer(), integer()}</v> - <v>Udp = integer()</v> + <v>IpAddr = <seealso marker="kernel:inet#type-ip_address">inet:ip_address()</seealso></v> + <v>IpPort = inet:port_number()</v> <v>State = mpd_state()</v> <v>NoteStore = pid()</v> <v>Log = snmp_log()</v> @@ -85,7 +92,7 @@ </type> <desc> <p>Processes an incoming packet. Performs authentication and - decryption as necessary. The return values should be passed the + decryption as necessary. The return values should be passed to the agent.</p> <note> @@ -150,14 +157,20 @@ network. </p> <p><c>MsgData</c> is the message specific data used in - the SNMP message. This value is received in a <c>send_pdu</c> - or <c>send_pdu_req</c> message from the agent. In SNMPv1 and + the SNMP message. This value is received in a + <seealso marker="snmp_agent_netif#im_send_pdu"><c>send_pdu</c></seealso> + or + <seealso marker="snmp_agent_netif#im_send_pdu_req"> + <c>send_pdu_req</c></seealso> + message from the agent. In SNMPv1 and SNMPv2c, this message data is the community string. In - SNMPv3, it is the context information. - <c>To</c> is a list of the destination addresses and + SNMPv3, it is the context information.</p> + <p> + <c>To</c> is a list of destination addresses and their corresponding security parameters. This value is - also received from the requests mentioned above. - </p> + received in the same message from the agent and then transformed + trough <seealso marker="#process_taddrs"><c>process_taddrs</c></seealso> + before passed to this function.</p> <note> <p>Note that the use of the LocalEngineID argument is only intended @@ -166,6 +179,32 @@ (see SNMP-FRAMEWORK-MIB). </p> </note> + <marker id="process_taddrs"></marker> + </desc> + </func> + + <func> + <name>process_taddrs(TDests) -> Dests</name> + <fsummary>Transform addresses from internal MIB format to a less internal + </fsummary> + <type> + <v>TDests = [TDest]</v> + <v>TDest = {{TDomain, TAddr}, SecData} | {TDomain, TAddr}</v> + <v>TDomain = term() % Not at tuple</v> + <v>TAddr = term()</v> + <v>SecData = term()</v> + <v>Dests = [Dest]</v> + <v>Dest = {{Domain, Addr}, SecData} | {Domain, Addr}</v> + <v>Domain = transportDomain()</v> + <v>Addr = transportAddress() % Depends on Domain</v> + </type> + <desc> + <p>Transforms addresses from internal MIB format to one + more useful to <seealso marker="snmp_agent_netif">Agent Net if</seealso>. + </p> + <p>See also <seealso marker="#generate_msg"><c>generate_msg</c>.</seealso> + </p> + <marker id="discarded_pdu"></marker> </desc> </func> diff --git a/lib/snmp/doc/src/snmpa_network_interface_filter.xml b/lib/snmp/doc/src/snmpa_network_interface_filter.xml index e08a26ed92..eb640e1bc3 100644 --- a/lib/snmp/doc/src/snmpa_network_interface_filter.xml +++ b/lib/snmp/doc/src/snmpa_network_interface_filter.xml @@ -4,7 +4,7 @@ <erlref> <header> <copyright> - <year>2007</year><year>2013</year> + <year>2007</year><year>2014</year> <holder>Ericsson AB. All Rights Reserved.</holder> </copyright> <legalnotice> @@ -58,10 +58,10 @@ on two levels: </p> <list type="bulleted"> <item> - <p>The first level is at the UDP entry / exit point, i.e. - immediately after the receipt of the message, before any message + <p>The first level is at the transport entry / exit point, i.e. + immediately after the receipt of the message before any message processing is done (accept_recv) and - immediately before sending the message, after all message + immediately before sending the message after all message processing is done (accept_send).</p> </item> <item> @@ -78,6 +78,12 @@ <seealso marker="snmp_app#configuration_params">req_limit</seealso> and the function <seealso marker="snmpa#register_notification_filter">register_notification_filter</seealso>. </p> + <p>Legacy network interface filter modules used arguments on the form + <c>(IpAddr, PortNumber,...)</c> instead of + <c>(Domain, Addr, ...)</c>, and if the SNMP agent is run without + changing the configuration to use transport domains + the network interface filter will still get + the old arguments and work as before.</p> </description> <section> @@ -88,15 +94,17 @@ pdu_type() = 'get-request' | 'get-next-request' | 'get-response' | 'set-request' | trap | 'get-bulk-request' | 'inform-request' | report </code> + <p>See also the <seealso marker="snmpa_conf#types"> + data types in <c>snmpa_conf</c></seealso>.</p> <marker id="accept_recv"></marker> </section> <funcs> <func> - <name>accept_recv(Ip, Port) -> boolean()</name> + <name>accept_recv(Domain, Addr) -> boolean()</name> <fsummary>Shall the received message be accepted</fsummary> <type> - <v>Ip = ip_address()</v> - <v>Port = port()</v> + <v>Domain = transportDomain()</v> + <v>Addr = transportAddressWithPort()</v> </type> <desc> <p>Called at the reception of a message (before <em>any</em> processing @@ -107,11 +115,11 @@ pdu_type() = 'get-request' | 'get-next-request' | 'get-response' | </desc> </func> <func> - <name>accept_send(Ip, Port) -> boolean()</name> + <name>accept_send(Domain, Addr) -> boolean()</name> <fsummary>Shall the message be sent</fsummary> <type> - <v>Ip = ip_address()</v> - <v>Port = port()</v> + <v>Domain = transportDomain()</v> + <v>Addr = transportAddressWithPort()</v> </type> <desc> <p>Called before the sending of a message (after <em>all</em> processing @@ -122,11 +130,11 @@ pdu_type() = 'get-request' | 'get-next-request' | 'get-response' | </desc> </func> <func> - <name>accept_recv_pdu(Ip, Port, PduType) -> boolean()</name> + <name>accept_recv_pdu(Domain, Addr, PduType) -> boolean()</name> <fsummary>Shall the received pdu be accepted</fsummary> <type> - <v>Ip = ip_address()</v> - <v>Port = port()</v> + <v>Domain = transportDomain()</v> + <v>Addr = transportAddressWithPort()</v> <v>PduType = pdu_type()</v> </type> <desc> @@ -144,7 +152,9 @@ pdu_type() = 'get-request' | 'get-next-request' | 'get-response' | <type> <v>Targets = targets()</v> <v>targets() = [target()]</v> - <v>target() = {ip_address(), port()}</v> + <v>target() = {Domain, Addr}</v> + <v>Domain = transportDomain()</v> + <v>Addr = transportAddressWithPort()</v> <v>PduType = pdu_type() > 0</v> <v>Reply = boolean() | NewTargets</v> <v>NewTargets = targets()</v> @@ -155,7 +165,7 @@ pdu_type() = 'get-request' | 'get-next-request' | 'get-response' | <p>For the message to be discarded all together, the function <em>must</em> return <em>false</em>. </p> <p>Note that it is possible for this function to filter out targets - (but <em>not</em> add its own) by returning an updated + (but <em>not</em> to add its own) by returning an updated <c>Targets</c> list (<c>NewTargets</c>). </p> </desc> </func> diff --git a/lib/snmp/doc/src/snmpa_notification_delivery_info_receiver.xml b/lib/snmp/doc/src/snmpa_notification_delivery_info_receiver.xml index aff71688b6..814f02a14c 100644 --- a/lib/snmp/doc/src/snmpa_notification_delivery_info_receiver.xml +++ b/lib/snmp/doc/src/snmpa_notification_delivery_info_receiver.xml @@ -5,7 +5,7 @@ <header> <copyright> <year>2008</year> - <year>2013</year> + <year>2014</year> <holder>Ericsson AB, All Rights Reserved</holder> </copyright> <legalnotice> @@ -45,22 +45,30 @@ must export the following functions: </p> <list type="bulleted"> <item> - <p><seealso marker="#delivery_targets">delivery_targets/3</seealso></p> + <p><seealso marker="#delivery_targets/3">delivery_targets/3</seealso></p> </item> <item> - <p><seealso marker="#delivery_info">delivery_info/4</seealso></p> + <p><seealso marker="#delivery_info/4">delivery_info/4</seealso></p> </item> </list> <p>The semantics of them and their exact signatures are explained below. </p> + <p>Legacy notification delivery information receiver modules + used a target argument on the form + <c>{IpAddr, PortNumber}</c> instead of + <c>{Domain, Addr}</c>, and if the SNMP Agent is run without + changing the configuration to use transport domains + the notification delivery information receiver will still get + the old arguments and work as before.</p> + </description> <section> <title>DATA TYPES</title> - <code type="none"><![CDATA[ -address() = A 4-tuple - ]]></code> + <p>See the <seealso marker="snmpa_conf#types"> + data types in <c>snmpa_conf</c></seealso>.</p> + <marker id="accept_recv"></marker> <marker id="delivery_targets"></marker> </section> @@ -71,10 +79,8 @@ address() = A 4-tuple <fsummary>Inform about target addresses</fsummary> <type> <v>Tag = term()</v> - <v>Targets = [target()]</v> - <v>target() = {Address, Port}</v> - <v>Address = address()</v> - <v>Port = integer()</v> + <v>Targets = [Target]</v> + <v>Target = {transportDomain(), transportAddressWithPort()</v> <v>Extra = term()</v> </type> <desc> @@ -94,10 +100,8 @@ address() = A 4-tuple <fsummary>Inform about delivery result</fsummary> <type> <v>Tag = term()</v> - <v>Target = target()</v> - <v>target() = {Address, Port}</v> - <v>Address = address()</v> - <v>Port = integer()</v> + <v>Targets = [Target]</v> + <v>Target = {transportDomain(), transportAddressWithPort()</v> <v>DeliveryResult = delivery_result()</v> <v>delivery_result() = no_response | got_response</v> <v>Extra = term()</v> diff --git a/lib/snmp/doc/src/snmpm.xml b/lib/snmp/doc/src/snmpm.xml index dc8226bb87..ff90e49968 100644 --- a/lib/snmp/doc/src/snmpm.xml +++ b/lib/snmp/doc/src/snmpm.xml @@ -4,7 +4,7 @@ <erlref> <header> <copyright> - <year>2004</year><year>2013</year> + <year>2004</year><year>2014</year> <holder>Ericsson AB. All Rights Reserved.</holder> </copyright> <legalnotice> @@ -69,6 +69,9 @@ sec_name() = string() sec_level() = noAuthNoPriv | authNoPriv | authPriv ]]></code> + <p>See also the <seealso marker="snmpa_conf#types"> + data types in <c>snmpa_conf</c></seealso>.</p> + <marker id="monitor"></marker> </section> <funcs> @@ -300,9 +303,9 @@ sec_level = noAuthNoPriv | authNoPriv | authPriv <p>The type of <c>Val</c> depends on <c>Item</c>: </p> <code type="none"><![CDATA[ [mandatory] engine_id = string() -[mandatory] address = ip_address() -[optional] port = integer() -[optional] tdomain = transportDomainUdpIpv4 | transportDomainUdpIpv6 +[mandatory] tadress = transportAddress() % Depends on tdomain +[optional] port = inet:port_number() +[optional] tdomain = transportDomain() [optional] community = string() [optional] timeout = integer() | snmp_timer() [optional] max_message_size = integer() @@ -313,7 +316,8 @@ sec_level = noAuthNoPriv | authNoPriv | authPriv ]]></code> <p>Note that if no <c>tdomain</c> is given, the default value, <c>transportDomainUdpIpv4</c>, is used.</p> - <p>Note that if no <c>port</c> is given, the default value is used.</p> + <p>Note that if no <c>port</c> is given and if <c>taddress</c> does not + contain a port number, the default value is used.</p> <marker id="unregister_agent"></marker> </desc> diff --git a/lib/snmp/doc/src/snmpm_conf.xml b/lib/snmp/doc/src/snmpm_conf.xml index 0cc9ff3379..8635fb705b 100644 --- a/lib/snmp/doc/src/snmpm_conf.xml +++ b/lib/snmp/doc/src/snmpm_conf.xml @@ -4,7 +4,7 @@ <erlref> <header> <copyright> - <year>2006</year><year>2013</year> + <year>2006</year><year>2014</year> <holder>Ericsson AB. All Rights Reserved.</holder> </copyright> <legalnotice> @@ -195,14 +195,14 @@ </desc> </func> <func> - <name>agents_entry(UserId, TargetName, Comm, Ip, Port, EngineID, Timeout, MaxMessageSize, Version, SecModel, SecName, SecLevel) -> agents_entry()</name> + <name>agents_entry(UserId, TargetName, Comm, Domain, Addr, EngineID, Timeout, MaxMessageSize, Version, SecModel, SecName, SecLevel) -> agents_entry()</name> <fsummary>Create an agents entry</fsummary> <type> <v>UserId = term()</v> <v>TargetName = string()</v> <v>Comm = string()</v> - <v>Ip = string()</v> - <v>Port = integer()</v> + <v>Domain = transportDomain()</v> + <v>Addr = transportAddress()</v> <v>EngineID = string()</v> <v>Timeout = integer()</v> <v>MaxMessageSize = integer()</v> diff --git a/lib/snmp/doc/src/snmpm_mpd.xml b/lib/snmp/doc/src/snmpm_mpd.xml index ad72fd7bc0..c23b2b6833 100644 --- a/lib/snmp/doc/src/snmpm_mpd.xml +++ b/lib/snmp/doc/src/snmpm_mpd.xml @@ -4,7 +4,7 @@ <erlref> <header> <copyright> - <year>2004</year><year>2013</year> + <year>2004</year><year>2014</year> <holder>Ericsson AB. All Rights Reserved.</holder> </copyright> <legalnotice> @@ -39,7 +39,12 @@ It is supposed to be used from a Network Interface process (<seealso marker="snmp_manager_netif">Definition of Manager Net if</seealso>). </p> + + <p>Legacy API function <c>process_msg/7</c> that has got separate + <c>IpAddr</c> and <c>PortNumber</c> arguments still works as before + for backwards compatibility reasons.</p> </description> + <funcs> <func> <name>init_mpd(Vsns) -> mpd_state()</name> @@ -58,13 +63,12 @@ </desc> </func> <func> - <name>process_msg(Msg, TDomain, Addr, Port, State, NoteStore, Logger) -> {ok, Vsn, Pdu, PduMS, MsgData} | {discarded, Reason}</name> + <name>process_msg(Msg, Domain, Addr, State, NoteStore, Logger) -> {ok, Vsn, Pdu, PduMS, MsgData} | {discarded, Reason}</name> <fsummary>Process a message received from the network</fsummary> <type> <v>Msg = binary()</v> - <v>TDomain = snmpUDPDomain</v> - <v>Addr = {integer(), integer(), integer(), integer()}</v> - <v>Port = integer()</v> + <v>Domain = transportDomainUdpIpv4 | transportDomainUdpIpv6</v> + <v>Addr = {<seealso marker="kernel:inet#type-ip_address">inet:ip_address(), inet:port_number()</seealso>} </v> <v>State = mpd_state()</v> <v>NoteStore = pid()</v> <v>Logger = function()</v> diff --git a/lib/snmp/doc/src/snmpm_network_interface.xml b/lib/snmp/doc/src/snmpm_network_interface.xml index 6cf7bd6ed7..bea6b46dc7 100644 --- a/lib/snmp/doc/src/snmpm_network_interface.xml +++ b/lib/snmp/doc/src/snmpm_network_interface.xml @@ -4,7 +4,7 @@ <erlref> <header> <copyright> - <year>2004</year><year>2013</year> + <year>2004</year><year>2014</year> <holder>Ericsson AB. All Rights Reserved.</holder> </copyright> <legalnotice> @@ -69,6 +69,10 @@ <p>The semantics of them and their exact signatures are explained below. </p> + <p>Legacy API function <c>send_pdu/7</c> that has got separate + <c>IpAddr</c> and <c>PortNumber</c> arguments still works as before + for backwards compatibility reasons.</p> + <marker id="start_link"></marker> </description> @@ -103,15 +107,15 @@ </func> <func> - <name>send_pdu(Pid, Pdu, Vsn, MsgData, Addr, Port, ExtraInfo) -> void()</name> + <name>send_pdu(Pid, Pdu, Vsn, MsgData, Domain, Addr, ExtraInfo) -> void()</name> <fsummary>Request the network interface process to send this pdu</fsummary> <type> <v>Pid = pid()</v> <v>Pdu = pdu()</v> <v>Vsn = 'version-1' | 'version-2' | 'version-3'</v> <v>MsgData = term()</v> - <v>Addr = address()</v> - <v>Port = integer()</v> + <v>Domain = transportDomainUdpIpv4 | transportDomainUdpIpv6</v> + <v>Addr = {<seealso marker="kernel:inet#type-ip_address">inet:ip_address(), inet:port_number()</seealso>} </v> <v>ExtraInfo = term()</v> </type> <desc> diff --git a/lib/snmp/doc/src/snmpm_network_interface_filter.xml b/lib/snmp/doc/src/snmpm_network_interface_filter.xml index f0526269b3..1ef4f29c0f 100644 --- a/lib/snmp/doc/src/snmpm_network_interface_filter.xml +++ b/lib/snmp/doc/src/snmpm_network_interface_filter.xml @@ -4,7 +4,7 @@ <erlref> <header> <copyright> - <year>2007</year><year>2013</year> + <year>2007</year><year>2014</year> <holder>Ericsson AB. All Rights Reserved.</holder> </copyright> <legalnotice> @@ -76,6 +76,12 @@ The default filter accepts all messages.</p> <p>A network interface filter can e.g. be used during testing or for load regulation. </p> + <p>Legacy network interface filter modules used arguments on the form + <c>(IpAddr, PortNumber,...)</c> instead of + <c>(Domain, Addr, ...)</c>, and if the SNMP manager is run without + changing the configuration to use transport domains + the network interface filter will still get + the old arguments and work as before.</p> </description> <section> @@ -86,16 +92,18 @@ pdu_type() = 'get-request' | 'get-next-request' | 'get-response' | 'set-request' | trap | 'get-bulk-request' | 'inform-request' | report | trappdu </code> + <p>See also the <seealso marker="snmpa_conf#types"> + data types in <c>snmpa_conf</c></seealso>.</p> <marker id="accept_recv"></marker> </section> <funcs> <func> - <name>accept_recv(Addr, Port) -> boolean()</name> + <name>accept_recv(Domain, Addr) -> boolean()</name> <fsummary>Shall the received message be accepted</fsummary> <type> - <v>Addr = ip_address()</v> - <v>Port = port()</v> + <v>Domain = transportDomain()</v> + <v>Addr = transportAddressWithPort()</v> </type> <desc> <p>Called at the reception of a message (before <em>any</em> processing @@ -107,11 +115,11 @@ pdu_type() = 'get-request' | 'get-next-request' | 'get-response' | </func> <func> - <name>accept_send(Addr, Port) -> boolean()</name> + <name>accept_send(Domain, Addr) -> boolean()</name> <fsummary>Shall the message be sent</fsummary> <type> - <v>Addr = ip_address()</v> - <v>Port = port()</v> + <v>Domain = transportDomain()</v> + <v>Addr = transportAddressWithPort()</v> </type> <desc> <p>Called before the sending of a message (after <em>all</em> processing @@ -123,11 +131,11 @@ pdu_type() = 'get-request' | 'get-next-request' | 'get-response' | </func> <func> - <name>accept_recv_pdu(Addr, Port, PduType) -> boolean()</name> + <name>accept_recv_pdu(Domain, Addr, PduType) -> boolean()</name> <fsummary>Shall the received pdu be accepted</fsummary> <type> - <v>Addr = ip_address()</v> - <v>Port = port()</v> + <v>Domain = transportDomain()</v> + <v>Addr = transportAddressWithPort()</v> <v>PduType = pdu_type()</v> </type> <desc> @@ -141,11 +149,11 @@ pdu_type() = 'get-request' | 'get-next-request' | 'get-response' | </func> <func> - <name>accept_send_pdu(Addr, Port, PduType) -> boolean()</name> + <name>accept_send_pdu(Domain, Addr, PduType) -> boolean()</name> <fsummary>Shall the pdu be sent</fsummary> <type> - <v>Addr = ip_address()</v> - <v>Port = port()</v> + <v>Domain = transportDomain()</v> + <v>Addr = transportAddressWithPort()</v> <v>PduType = pdu_type() > 0</v> </type> <desc> diff --git a/lib/snmp/doc/src/snmpm_user.xml b/lib/snmp/doc/src/snmpm_user.xml index 6f412d90f8..a4492839cd 100644 --- a/lib/snmp/doc/src/snmpm_user.xml +++ b/lib/snmp/doc/src/snmpm_user.xml @@ -4,7 +4,7 @@ <erlref> <header> <copyright> - <year>2004</year><year>2013</year> + <year>2004</year><year>2014</year> <holder>Ericsson AB. All Rights Reserved.</holder> </copyright> <legalnotice> @@ -63,10 +63,15 @@ <p>The semantics of them and their exact signatures are explained below. </p> <p>Some of the function has no defined return value (<c>void()</c>), - they can ofcourse return anythyng. But the functions that do have + they can of course return anything. But the functions that do have specified return value(s) <em>must</em> adhere to this. None of the functions can use exit of throw to return. </p> + <p>If the manager is not configured to use any particular + transport domain, the behaviour <c>handle_agent/4</c> + will for backwards copmpatibility reasons be called with the old + <c>IpAddr</c> and <c>PortNumber</c> arguments</p> + <marker id="types"></marker> </description> @@ -116,11 +121,11 @@ snmp_v1_trap_info() :: {Enteprise :: snmp:oid(), </func> <func> - <name>handle_agent(Addr, Port, Type, SnmpInfo, UserData) -> Reply</name> + <name>handle_agent(Domain, Addr, Type, SnmpInfo, UserData) -> Reply</name> <fsummary>Handle agent</fsummary> <type> - <v>Addr = ip_address()</v> - <v>Port = integer()</v> + <v>Domain = transportDomainUdpIpv4 | transportDomainUdpIpv6</v> + <v>Addr = {<seealso marker="kernel:inet#type-ip_address">inet:ip_address(), inet:port_number()</seealso>} </v> <v>Type = pdu | trap | report | inform</v> <v>SnmpInfo = SnmpPduInfo | SnmpTrapInfo | SnmpReportInfo | SnmpInformInfo</v> <v>SnmpPduInfo = snmp_gen_info()</v> diff --git a/lib/snmp/src/agent/snmp_framework_mib.erl b/lib/snmp/src/agent/snmp_framework_mib.erl index 9d3f7ef5e7..6ff9224d34 100644 --- a/lib/snmp/src/agent/snmp_framework_mib.erl +++ b/lib/snmp/src/agent/snmp_framework_mib.erl @@ -207,22 +207,28 @@ check_agent({intAgentIpAddress = Tag, Ip} = Entry, {Domain, Port} = State) -> [{Tag, FixedIp}, {intAgentTransports, [{Domain, {FixedIp, Port}}]}] end, State}; -check_agent({intAgentTransports = Tag, Transports}, {_, Port} = State) -> +check_agent({intAgentTransports = Tag, Transports}, {_, Port} = State) + when is_list(Transports) -> CheckedTransports = - [case - case Port of - undefined -> - snmp_conf:check_address(Domain, Address); - _ -> - snmp_conf:check_address(Domain, Address, Port) - end - of - ok -> - Transport; - {ok, FixedAddress} -> - {Domain, FixedAddress} + [case Transport of + {Domain, Address} -> + case + case Port of + undefined -> + snmp_conf:check_address(Domain, Address); + _ -> + snmp_conf:check_address(Domain, Address, Port) + end + of + ok -> + Transport; + {ok, FixedAddress} -> + {Domain, FixedAddress} + end; + _ -> + error({bad_transport, Transport}) end - || {Domain, Address} = Transport <- Transports], + || Transport <- Transports], {{ok, {Tag, CheckedTransports}}, State}; check_agent(Entry, State) -> {check_agent(Entry), State}. diff --git a/lib/snmp/src/agent/snmp_target_mib.erl b/lib/snmp/src/agent/snmp_target_mib.erl index e916f17d6a..ef9503cda8 100644 --- a/lib/snmp/src/agent/snmp_target_mib.erl +++ b/lib/snmp/src/agent/snmp_target_mib.erl @@ -182,6 +182,10 @@ check_target_addr( Name, Domain, Address, Timeout, RetryCount, TagList, Params, EngineId, TMask, MMS); check_target_addr( + {_Name, Domain, Address, _Timeout, _RetryCount, _TagList, _Params, + _EngineId, _TMask, _MMS}) -> % Arity 10 + error({bad_address, {Domain, Address}}); +check_target_addr( {Name, Domain, Address, Timeout, RetryCount, TagList, Params, EngineId}) % Arity 8 when is_atom(Domain) -> @@ -197,6 +201,10 @@ check_target_addr( check_target_addr( Name, Domain, Address, Timeout, RetryCount, TagList, Params, EngineId); +check_target_addr( + {_Name, Domain, Address, _Timeout, _RetryCount, _TagList, _Params, + _EngineId}) ->% Arity 8 + error({bad_address, {Domain, Address}}); %% Use dummy engine id if the old style is found check_target_addr( {Name, Domain, Address, Timeout, RetryCount, TagList, Params}) % Arity 7 @@ -210,6 +218,9 @@ check_target_addr( Address = {Ip, Udp}, check_target_addr( Name, Domain, Address, Timeout, RetryCount, TagList, Params); +check_target_addr( + {_Name, Domain, Address, _Timeout, _RetryCount, _TagList, _Params}) -> % Arity 7 + error({bad_address, {Domain, Address}}); %% Use dummy engine id if the old style is found check_target_addr( {Name, Domain, Address, Timeout, RetryCount, TagList, Params, @@ -225,6 +236,10 @@ check_target_addr( Address = {Ip, Udp}, check_target_addr( Name, Domain, Address, Timeout, RetryCount, TagList, Params, TMask, MMS); +check_target_addr( + {_Name, Domain, Address, _Timeout, _RetryCount, _TagList, _Params, + _TMask, _MMS}) -> % Arity 9 + error({bad_address, {Domain, Address}}); check_target_addr(X) -> error({invalid_target_addr, X}). @@ -291,7 +306,7 @@ check_engine_id(EngineId) -> snmp_conf:check_string(EngineId). check_address(Domain, Address) -> - case snmp_conf:check_address(Domain, Address) of + case snmp_conf:check_address(Domain, Address, 162) of ok -> Address; {ok, NAddress} -> @@ -301,7 +316,11 @@ check_address(Domain, Address) -> check_mask(_Domain, [] = Mask) -> Mask; check_mask(Domain, Mask) -> - try check_address(Domain, Mask) + try snmp_conf:check_address(Domain, Mask) of + ok -> + Mask; + {ok, NMask} -> + NMask catch {error, {bad_address, Info}} -> error({bad_mask, Info}) @@ -365,16 +384,21 @@ table_del_row(Tab, Key) -> snmpa_mib_lib:table_del_row(db(Tab), Key). -add_addr(Name, Ip, Port, Timeout, Retry, TagList, - Params, EngineId, TMask, MMS) -> - Domain = default_domain(), - add_addr(Name, Domain, Ip, Port, Timeout, Retry, TagList, - Params, EngineId, TMask, MMS). - -add_addr(Name, Domain, Ip, Port, Timeout, Retry, TagList, - Params, EngineId, TMask, MMS) -> - Addr = {Name, Domain, Ip, Port, Timeout, Retry, TagList, - Params, EngineId, TMask, MMS}, +add_addr( + Name, Domain_or_Ip, Addr_or_Port, Timeout, Retry, TagList, Params, + EngineId, TMask, MMS) -> + add_addr( + {Name, Domain_or_Ip, Addr_or_Port, Timeout, Retry, TagList, Params, + EngineId, TMask, MMS}). +%% +add_addr( + Name, Domain, Ip, Port, Timeout, Retry, TagList, Params, + EngineId, TMask, MMS) -> + add_addr( + {Name, Domain, Ip, Port, Timeout, Retry, TagList, Params, + EngineId, TMask, MMS}). +%% +add_addr(Addr) -> case (catch check_target_addr(Addr)) of {ok, Row} -> Key = element(1, Row), diff --git a/lib/snmp/src/agent/snmpa_conf.erl b/lib/snmp/src/agent/snmpa_conf.erl index b4d32dc928..534d0e447b 100644 --- a/lib/snmp/src/agent/snmpa_conf.erl +++ b/lib/snmp/src/agent/snmpa_conf.erl @@ -47,7 +47,7 @@ read_standard_config/1, %% target_addr.conf - target_addr_entry/5, target_addr_entry/6, + target_addr_entry/5, target_addr_entry/6, target_addr_entry/7, target_addr_entry/8, target_addr_entry/10, target_addr_entry/11, write_target_addr_config/2, write_target_addr_config/3, append_target_addr_config/2, @@ -386,6 +386,12 @@ target_addr_entry( target_addr_entry(Name, Ip, TagList, ParamsName, EngineId, []). target_addr_entry( + Name, Domain, Addr, TagList, + ParamsName, EngineId) when is_atom(Domain) -> + target_addr_entry( + Name, Domain, Addr, TagList, + ParamsName, EngineId, []); +target_addr_entry( Name, Ip, TagList, ParamsName, EngineId, TMask) -> target_addr_entry( @@ -394,6 +400,13 @@ target_addr_entry( target_addr_entry( Name, Domain_or_Ip, Addr_or_Port, TagList, + ParamsName, EngineId, TMask) -> + target_addr_entry( + Name, Domain_or_Ip, Addr_or_Port, TagList, + ParamsName, EngineId, TMask, 2048). + +target_addr_entry( + Name, Domain_or_Ip, Addr_or_Port, TagList, ParamsName, EngineId, TMask, MaxMessageSize) -> target_addr_entry( Name, Domain_or_Ip, Addr_or_Port, 1500, 3, TagList, @@ -475,6 +488,16 @@ write_target_addr_conf(Fd, Conf) -> do_write_target_addr_conf( Fd, + {Name, Domain, Address, Timeout, RetryCount, TagList, + ParamsName, EngineId, TMask, MaxMessageSize}) + when is_atom(Domain) -> + io:format( + Fd, + "{\"~s\", ~w, ~w, ~w, ~w, \"~s\", \"~s\", \"~s\", ~w, ~w}.~n", + [Name, Domain, Address, Timeout, RetryCount, TagList, + ParamsName, EngineId, TMask, MaxMessageSize]); +do_write_target_addr_conf( + Fd, {Name, Ip, Udp, Timeout, RetryCount, TagList, ParamsName, EngineId, TMask, MaxMessageSize}) when is_integer(Udp) -> @@ -485,15 +508,10 @@ do_write_target_addr_conf( {Name, Domain, Address, Timeout, RetryCount, TagList, ParamsName, EngineId, TMask, MaxMessageSize}); do_write_target_addr_conf( - Fd, - {Name, Domain, Address, Timeout, RetryCount, TagList, - ParamsName, EngineId, TMask, MaxMessageSize}) - when is_atom(Domain) -> - io:format( - Fd, - "{\"~s\", ~w, ~w, ~w, ~w, \"~s\", \"~s\", \"~s\", ~w, ~w}.~n", - [Name, Domain, Address, Timeout, RetryCount, TagList, - ParamsName, EngineId, TMask, MaxMessageSize]); + _Fd, + {_Name, Domain, Address, _Timeout, _RetryCount, _TagList, + _ParamsName, _EngineId, _TMask, _MaxMessageSize}) -> + error({bad_address, {Domain, Address}}); do_write_target_addr_conf( Fd, {Name, Domain, Ip, Udp, Timeout, RetryCount, TagList, diff --git a/lib/snmp/src/app/snmp.appup.src b/lib/snmp/src/app/snmp.appup.src index ae79e3c1d1..1cc1a17b1d 100644 --- a/lib/snmp/src/app/snmp.appup.src +++ b/lib/snmp/src/app/snmp.appup.src @@ -28,6 +28,7 @@ %% {update, snmpa_local_db, soft, soft_purge, soft_purge, []} %% {add_module, snmpm_net_if_mt} [ + {"5.0", [{restart_application, snmp}]}, {"4.25.1", [{restart_application, snmp}]}, {"4.25.0.1", [{restart_application, snmp}]}, {"4.25", [{restart_application, snmp}]}, @@ -42,6 +43,7 @@ %% {remove, {snmpm_net_if_mt, soft_purge, soft_purge}} [ + {"5.0", [{restart_application, snmp}]}, {"4.25.1", [{restart_application, snmp}]}, {"4.25.0.1", [{restart_application, snmp}]}, {"4.25", [{restart_application, snmp}]}, diff --git a/lib/snmp/src/manager/depend.mk b/lib/snmp/src/manager/depend.mk index 2e7783c8ed..60f61b0d3b 100644 --- a/lib/snmp/src/manager/depend.mk +++ b/lib/snmp/src/manager/depend.mk @@ -2,7 +2,7 @@ # %CopyrightBegin% # -# Copyright Ericsson AB 2004-2012. All Rights Reserved. +# Copyright Ericsson AB 2004-2014. All Rights Reserved. # # The contents of this file are subject to the Erlang Public License, # Version 1.1, (the "License"); you may not use this file except in @@ -50,10 +50,11 @@ $(EBIN)/snmpm_net_if.$(EMULATOR): \ snmpm_network_interface.erl $(EBIN)/snmpm_net_if_mt.$(EMULATOR): \ + snmpm_net_if_mt.erl \ ../../include/snmp_types.hrl \ ../misc/snmp_debug.hrl \ ../misc/snmp_verbosity.hrl \ - snmpm_net_if_mt.erl \ + snmpm_net_if.erl \ snmpm_network_interface.erl $(EBIN)/snmpm_server.$(EMULATOR): \ diff --git a/lib/snmp/src/manager/snmpm_conf.erl b/lib/snmp/src/manager/snmpm_conf.erl index 888f19aec6..087ef6c6ea 100644 --- a/lib/snmp/src/manager/snmpm_conf.erl +++ b/lib/snmp/src/manager/snmpm_conf.erl @@ -114,6 +114,7 @@ do_write_manager_conf(Fd, {Tag, Val}) when Tag =:= domain; Tag =:= address; Tag =:= port; + Tag =:= transports; Tag =:= max_message_size -> io:format(Fd, "{~w, ~w}.~n", [Tag, Val]); do_write_manager_conf(Fd, {Tag, Val}) @@ -199,9 +200,10 @@ do_write_users_conf(_Fd, Crap) -> %% ------ agents.conf ------ %% -agents_entry(UserId, TargetName, Comm, Ip, Port, EngineID, Timeout, - MaxMessageSize, Version, SecModel, SecName, SecLevel) -> - {UserId, TargetName, Comm, Ip, Port, EngineID, Timeout, +agents_entry( + UserId, TargetName, Comm, Domain_or_Ip, Addr_or_Port, EngineID, Timeout, + MaxMessageSize, Version, SecModel, SecName, SecLevel) -> + {UserId, TargetName, Comm, Domain_or_Ip, Addr_or_Port, EngineID, Timeout, MaxMessageSize, Version, SecModel, SecName, SecLevel}. diff --git a/lib/snmp/src/manager/snmpm_config.erl b/lib/snmp/src/manager/snmpm_config.erl index 013fefa4e2..5cab81baf6 100644 --- a/lib/snmp/src/manager/snmpm_config.erl +++ b/lib/snmp/src/manager/snmpm_config.erl @@ -442,8 +442,31 @@ agent_info(TargetName, all) -> All -> {ok, [{Item, Val} || {{_, Item}, Val} <- All]} end; +%% Begin backwards compatibility +agent_info(TargetName, address) -> + case agent_info({TargetName, taddress}) of + {ok, Val} -> + {Addr, _} = Val, + {ok, Addr}; + _ -> + %% This should be redundant since 'taddress' should exist + agent_info({TargetName, address}) + end; +agent_info(TargetName, port) -> + case agent_info({TargetName, taddress}) of + {ok, Val} -> + {_, Port} = Val, + {ok, Port}; + _ -> + %% This should be redundant since 'taddress' should exist + agent_info({TargetName, port}) + end; +%% End backwards compatibility agent_info(TargetName, Item) -> - case ets:lookup(snmpm_agent_table, {TargetName, Item}) of + agent_info({TargetName, Item}). + +agent_info(Key) -> + case ets:lookup(snmpm_agent_table, Key) of [{_, Val}] -> {ok, Val}; [] -> @@ -456,29 +479,29 @@ agent_info(Domain, Address, Item) when is_atom(Domain) -> do_agent_info(Domain, NAddress, Item) catch _Thrown -> - p(?MODULE_STRING":agent_info(~p, ~p, ~p) throwed ~p at.~n" - " ~p", - [Domain, Address, Item, _Thrown, erlang:get_stacktrace()]), + %% p(?MODULE_STRING":agent_info(~p, ~p, ~p) throwed ~p at.~n" + %% " ~p", + %% [Domain, Address, Item, _Thrown, erlang:get_stacktrace()]), {error, not_found} end; -agent_info(Ip, Port, Item) -> - p(?MODULE_STRING":agent_info(~p, ~p, ~p) entry~n", - [Ip, Port, Item]), +agent_info(Ip, Port, Item) when is_integer(Port) -> + %% p(?MODULE_STRING":agent_info(~p, ~p, ~p) entry~n", + %% [Ip, Port, Item]), Domain = default_transport_domain(), try fix_address(Domain, {Ip, Port}) of Address -> do_agent_info(Domain, Address, Item) catch _Thrown -> - p(?MODULE_STRING":agent_info(~p, ~p, ~p) throwed ~p at.~n" - " ~p", - [Ip, Port, Item, _Thrown, erlang:get_stacktrace()]), + %% p(?MODULE_STRING":agent_info(~p, ~p, ~p) throwed ~p at.~n" + %% " ~p", + %% [Ip, Port, Item, _Thrown, erlang:get_stacktrace()]), {error, not_found} end. do_agent_info(Domain, Address, target_name = Item) -> - p(?MODULE_STRING":do_agent_info(~p, ~p, ~p) entry~n", - [Domain, Address, Item]), + %% p(?MODULE_STRING":do_agent_info(~p, ~p, ~p) entry~n", + %% [Domain, Address, Item]), case ets:lookup(snmpm_agent_table, {Domain, Address, Item}) of [{_, Val}] -> {ok, Val}; @@ -486,8 +509,8 @@ do_agent_info(Domain, Address, target_name = Item) -> {error, not_found} end; do_agent_info(Domain, Address, Item) -> - p(?MODULE_STRING":do_agent_info(~p, ~p, ~p) entry~n", - [Domain, Address, Item]), + %% p(?MODULE_STRING":do_agent_info(~p, ~p, ~p) entry~n", + %% [Domain, Address, Item]), case do_agent_info(Domain, Address, target_name) of {ok, TargetName} -> agent_info(TargetName, Item); @@ -1287,36 +1310,6 @@ verify_options(Opts, Mandatory) -> verify_mandatory_options(Opts, Mandatory), verify_options(Opts). -%% mandatory() -> [mand()] -%% mand() -> atom() | {atom, [atom()]} -verify_mandatory_options(_Opts, []) -> - ok; -verify_mandatory_options(Opts, [Mand|Mands]) -> - verify_mandatory_option(Opts, Mand), - verify_mandatory_options(Opts, Mands). - -verify_mandatory_option(Opts, {Mand, MandSubOpts}) -> - ?d("verify_mandatory_option -> entry with" - "~n Mand: ~p" - "~n MandSubObjs: ~p", [Mand, MandSubOpts]), - case lists:keysearch(Mand, 1, Opts) of - {value, {Mand, SubOpts}} -> - verify_mandatory_options(SubOpts, MandSubOpts); - false -> - ?d("missing mandatory option: ~w [~p]", [Mand, MandSubOpts]), - error({missing_mandatory, Mand, MandSubOpts}) - end; -verify_mandatory_option(Opts, Mand) -> - ?d("verify_mandatory_option -> entry with" - "~n Mand: ~p", [Mand]), - case lists:keymember(Mand, 1, Opts) of - true -> - ok; - false -> - ?d("missing mandatory option: ~w", [Mand]), - error({missing_mandatory, Mand}) - end. - verify_options([]) -> ?d("verify_options -> done", []), ok; @@ -1632,7 +1625,38 @@ verify_verbosity(Verbosity) -> _ -> error({invalid_verbosity, Verbosity}) end. + +%% mandatory() -> [mand()] +%% mand() -> atom() | {atom, [atom()]} +verify_mandatory_options(_Opts, []) -> + ok; +verify_mandatory_options(Opts, [Mand|Mands]) -> + verify_mandatory_option(Opts, Mand), + verify_mandatory_options(Opts, Mands). + +verify_mandatory_option(Opts, {Mand, MandSubOpts}) -> + ?d("verify_mandatory_option -> entry with" + "~n Mand: ~p" + "~n MandSubObjs: ~p", [Mand, MandSubOpts]), + case lists:keysearch(Mand, 1, Opts) of + {value, {Mand, SubOpts}} -> + verify_mandatory_options(SubOpts, MandSubOpts); + false -> + ?d("missing mandatory option: ~w [~p]", [Mand, MandSubOpts]), + error({missing_mandatory, Mand, MandSubOpts}) + end; +verify_mandatory_option(Opts, Mand) -> + ?d("verify_mandatory_option -> entry with" + "~n Mand: ~p", [Mand]), + case lists:keymember(Mand, 1, Opts) of + true -> + ok; + false -> + ?d("missing mandatory option: ~w", [Mand]), + error({missing_mandatory, Mand}) + end. + %% ------------------------------------------------------------------------ init_manager_config([]) -> @@ -1654,69 +1678,10 @@ init_agent_default() -> {version, v2}, % MPModel {sec_model, v2c}, % SecModel {sec_name, "initial"}, % SecName - {sec_level, noAuthPriv}, % SecLevel + {sec_level, noAuthNoPriv}, % SecLevel {community, "all-rights"}], % Community do_update_agent_info(default_agent, AgentDefaultConfig). -%% %% Port -%% init_agent_default(port, ?DEFAULT_AGENT_PORT), - -%% %% Timeout -%% init_agent_default(timeout, 10000), - -%% %% Max message (packet) size -%% init_agent_default(max_message_size, 484), - -%% %% MPModel -%% init_agent_default(version, v2), - -%% %% SecModel -%% init_agent_default(sec_model, v2c), - -%% %% SecName -%% init_agent_default(sec_name, "initial"), - -%% %% SecLevel -%% init_agent_default(sec_level, noAuthNoPriv), - -%% %% Community -%% init_agent_default(community, "all-rights"), -%% ok. - - -%% init_agent_default(Item, Val) when Item =/= user_id -> -%% case do_update_agent_info(default_agent, Item, Val) of -%% ok -> -%% ok; -%% {error, Reason} -> -%% error(Reason) -%% end. - -%% read_agents_config_file(Dir) -> -%% Verify = fun check_agent_config2/1, -%% case read_file(Dir, "agents.conf", Verify, []) of -%% {ok, Conf} -> -%% Conf; -%% Error -> -%% ?vlog("agent config error: ~p", [Error]), -%% throw(Error) -%% end. - -%% check_agent_config2(Agent) -> -%% case (catch check_agent_config(Agent)) of -%% {ok, {UserId, TargetName, Conf, Version}} -> -%% {ok, Vsns} = system_info(versions), -%% case lists:member(Version, Vsns) of -%% true -> -%% {ok, {UserId, TargetName, Conf}}; -%% false -> -%% error({version_not_supported_by_manager, -%% Version, Vsns}) -%% end; -%% Err -> -%% throw(Err) -%% end. - read_agents_config_file(Dir) -> Order = fun snmp_conf:no_order/2, Check = fun check_agent_config/2, @@ -1739,21 +1704,35 @@ check_agent_config(Agent, State) -> %% For backward compatibility check_agent_config( + {UserId, TargetName, Community, Domain, Addr, + EngineId, Timeout, MaxMessageSize, + Version, SecModel, SecName, SecLevel}) when is_atom(Domain) -> + check_agent_config( + UserId, TargetName, Community, Domain, Addr, + EngineId, Timeout, MaxMessageSize, + Version, SecModel, SecName, SecLevel); +check_agent_config( {UserId, TargetName, Community, Ip, Port, EngineId, Timeout, MaxMessageSize, - Version, SecModel, SecName, SecLevel}) -> + Version, SecModel, SecName, SecLevel}) when is_integer(Port) -> Domain = default_transport_domain(), - Addr = fix_address(Domain, {Ip, Port}), + Addr = {Ip, Port}, check_agent_config( UserId, TargetName, Community, Domain, Addr, EngineId, Timeout, MaxMessageSize, Version, SecModel, SecName, SecLevel); check_agent_config( + {_UserId, _TargetName, _Community, Domain, Addr, + _EngineId, _Timeout, _MaxMessageSize, + _Version, _SecModel, _SecName, _SecLevel}) -> + error({bad_address, {Domain, Addr}}); +check_agent_config( {UserId, TargetName, Community, Domain, Ip, Port, EngineId, Timeout, MaxMessageSize, Version, SecModel, SecName, SecLevel}) -> + Addr = {Ip, Port}, check_agent_config( - UserId, TargetName, Community, Domain, {Ip, Port}, + UserId, TargetName, Community, Domain, Addr, EngineId, Timeout, MaxMessageSize, Version, SecModel, SecName, SecLevel); check_agent_config(Agent) -> @@ -1776,7 +1755,7 @@ check_agent_config( Conf = [{reg_type, target_name}, {tdomain, Domain}, - {taddress, Addr}, + {taddress, fix_address(Domain, Addr)}, {community, Comm}, {engine_id, EngineId}, {timeout, Timeout}, @@ -1860,7 +1839,11 @@ verify_agent_config( {TD, VerifiedConf}; _ -> %% Insert tdomain since it is missing - TD = default_transport_domain(), + %% Note: not default_transport_domain() since + %% taddress is the new format hence the application + %% should be tdomain aware and therefore addresses + %% on the Domain, Addr format should be used and understood. + TD = transportDomainUdpIpv4, {TD, [{tdomain, TD}|VerifiedConf]} end, case snmp_conf:check_address(TDomain, Address, 0) of @@ -1946,16 +1929,6 @@ verify_agent_entry(Item, _) -> -%% read_users_config_file(Dir) -> -%% Verify = fun check_user_config/1, -%% case read_file(Dir, "users.conf", Verify, []) of -%% {ok, Conf} -> -%% Conf; -%% Error -> -%% ?vlog("failure reading users config file: ~n ~p", [Error]), -%% throw(Error) -%% end. - read_users_config_file(Dir) -> Order = fun snmp_conf:no_order/2, Check = fun (User, State) -> {check_user_config(User), State} end, @@ -2074,14 +2047,6 @@ verify_default_agent_config(Conf) -> error({bad_default_agent_config, Error}) end. -%% read_usm_config_file(Dir) -> -%% Verify = fun check_usm_user_config/1, -%% case read_file(Dir, "usm.conf", Verify, []) of -%% {ok, Conf} -> -%% Conf; -%% Error -> -%% throw(Error) -%% end. read_usm_config_file(Dir) -> Order = fun snmp_conf:no_order/2, @@ -2268,24 +2233,6 @@ is_crypto_supported(Func) -> snmp_misc:is_crypto_supported(Func). -%% read_manager_config_file(Dir) -> -%% Verify = fun check_manager_config/1, -%% case read_file(Dir, "manager.conf", Verify) of -%% {ok, Conf} -> -%% ?d("read_manager_config_file -> ok: " -%% "~n Conf: ~p", [Conf]), -%% %% If the address is not specified, then we assume -%% %% it should be the local host. -%% %% If the address is not possible to determine -%% %% that way, then we give up... -%% verify_mandatory(Conf, [port,engine_id,max_message_size]), -%% ensure_config(default_manager_config(), Conf); -%% %% check_mandatory_manager_config(Conf), -%% %% ensure_manager_config(Conf); -%% Error -> -%% throw(Error) -%% end. - read_manager_config_file(Dir) -> Order = fun order_manager_config/2, Check = fun check_manager_config/2, @@ -2296,13 +2243,15 @@ read_manager_config_file(Dir) -> %% it should be the local host. %% If the address is not possible to determine %% that way, then we give up... - verify_mandatory(Conf, [port,engine_id,max_message_size]), + verify_someof(Conf, [port, transports]), + verify_mandatory(Conf, [engine_id, max_message_size]), default_manager_config(Conf). default_manager_config(Conf) -> - %% Ensure address of right family - case lists:keyfind(address, 1, Conf) of + %% Ensure valid transports entry + case lists:keyfind(transports, 1, Conf) of false -> + {port, Port} = lists:keyfind(port, 1, Conf), Domain = case lists:keyfind(domain, 1, Conf) of false -> @@ -2311,55 +2260,77 @@ default_manager_config(Conf) -> D end, Family = snmp_conf:tdomain_to_family(Domain), - {ok, HostName} = inet:gethostname(), - case inet:getaddr(HostName, Family) of + {ok, Hostname} = inet:gethostname(), + case inet:getaddr(Hostname, Family) of {ok, Address} -> - [{address, Address} | Conf]; + lists:sort( + fun order_manager_config/2, + [{transports, [{Domain, {Address, Port}}]} | Conf]); {error, _Reason} -> ?d("default_manager_config -> " "failed getting ~w address for ~s:~n" - " _Reason: ~p", [Family, HostName, _Reason]), + " _Reason: ~p", [Family, Hostname, _Reason]), Conf end; _ -> Conf end. -default_manager_config() -> - {ok, HostName} = inet:gethostname(), - case inet:getaddr(HostName, inet) of - {ok, A} -> - [{address, tuple_to_list(A)}]; - {error, _Reason} -> - ?d("default_manager_config -> failed getting address: " - "~n _Reason: ~p", [_Reason]), - [] - end. - order_manager_config(EntryA, EntryB) -> - snmp_conf:keyorder(1, EntryA, EntryB, [domain]). - -check_manager_config({domain, D}, _Domain) -> - {snmp_conf:check_domain(D), D}; -check_manager_config({address = Tag, Ip}, D) -> - Domain = - case D of - undefined -> - default_transport_domain(); - _ -> - D - end, + snmp_conf:keyorder(1, EntryA, EntryB, [domain, port]). + +check_manager_config(Entry, undefined) -> + check_manager_config(Entry, {default_transport_domain(), undefined}); +check_manager_config({domain, Domain}, {_, Port}) -> + {snmp_conf:check_domain(Domain), {Domain, Port}}; +check_manager_config({port, Port}, {Domain, _}) -> + {ok = snmp_conf:check_port(Port), {Domain, Port}}; +check_manager_config({address, _}, {_, undefined}) -> + error({missing_mandatory, port}); +check_manager_config({address = Tag, Ip} = Entry, {Domain, Port} = State) -> {case snmp_conf:check_ip(Domain, Ip) of ok -> - ok; + [Entry, + {transports, [{Domain, {Ip, Port}}]}]; {ok, FixedIp} -> - {ok, {Tag, FixedIp}} - end, Domain}; -check_manager_config(Entry, Domain) -> - {check_manager_config(Entry), Domain}. + [{Tag, FixedIp}, + {transports, [{Domain, {FixedIp, Port}}]}] + end, State}; +check_manager_config({transports = Tag, Transports}, {_, Port} = State) + when is_list(Transports) -> + CheckedTransports = + [case Transport of + {Domain, Address} -> + case + case Port of + undefined -> + snmp_conf:check_address(Domain, Address); + _ -> + snmp_conf:check_address(Domain, Address, Port) + end + of + ok -> + Transport; + {ok, FixedAddress} -> + {Domain, FixedAddress} + end; + _Domain when Port =:= undefined-> + error({missing_mandatory, port}); + Domain -> + Family = snmp_conf:tdomain_to_family(Domain), + {ok, Hostname} = inet:gethostname(), + case inet:getaddr(Hostname, Family) of + {ok, IpAddr} -> + {Domain, {IpAddr, Port}}; + {error, _} -> + error({bad_address, {Domain, Hostname}}) + end + end + || Transport <- Transports], + {{ok, {Tag, CheckedTransports}}, State}; +check_manager_config(Entry, State) -> + {check_manager_config(Entry), State}. -check_manager_config({port, Port}) -> - snmp_conf:check_port(Port); check_manager_config({engine_id, EngineID}) -> snmp_conf:check_string(EngineID); check_manager_config({max_message_size, Max}) -> @@ -2368,45 +2339,6 @@ check_manager_config(Conf) -> error({unknown_config, Conf}). -%% check_mandatory_manager_config(Conf) -> -%% Mand = [port, engine_id, max_message_size], -%% check_mandatory_manager_config(Mand, Conf). - -%% check_mandatory_manager_config([], _Conf) -> -%% ok; -%% check_mandatory_manager_config([Item|Mand], Conf) -> -%% case lists:keysearch(Item, 1, Conf) of -%% false -> -%% error({missing_mandatory_manager_config, Item}); -%% _ -> -%% check_mandatory_manager_config(Mand, Conf) -%% end. - - -%% ensure_manager_config(Confs) -> -%% ensure_manager_config(Confs, default_manager_config()). - -%% ensure_manager_config(Confs, []) -> -%% Confs; -%% ensure_manager_config(Confs, [{Key,_} = DefKeyVal|Defs]) -> -%% case lists:keysearch(Key, 1, Confs) of -%% false -> -%% ensure_manager_config([DefKeyVal|Confs], Defs); -%% {value, _Conf} -> -%% ensure_manager_config(Confs, Defs) -%% end. - -% ensure_manager_config([], Defs, Confs) -> -% Confs ++ Defs; -% ensure_manager_config(Confs0, [{Key, DefVal}|Defs], Acc) -> -% case lists:keysearch(Key, 1, Confs0) of -% false -> -% ensure_manager_config(Confs0, Defs, [{Key, DefVal}|Acc]); -% {value, Conf} -> -% Confs = lists:keydelete(Key, 1, Confs0), -% ensure_manager_config(Confs, Defs, [Conf|Acc]) -% end. - read_file(Dir, FileName, Order, Check, Default) -> try snmp_conf:read(filename:join(Dir, FileName), Order, Check) catch @@ -2424,87 +2356,6 @@ read_file(Dir, FileName, Order, Check) -> erlang:raise(throw, Error, erlang:get_stacktrace()) end. - - - - - -%% read_file(Dir, FileName, Verify, Default) -> -%% File = filename:join(Dir, FileName), -%% case file:read_file_info(File) of -%% {ok, _} -> -%% read_file(File, Verify); -%% {error, Reason} -> -%% ?vlog("failed reading config from ~s: ~p", [FileName, Reason]), -%% {ok, Default} -%% end. - -%% read_file(Dir, FileName, Verify) -> -%% File = filename:join(Dir, FileName), -%% case file:read_file_info(File) of -%% {ok, _} -> -%% read_file(File, Verify); -%% {error, Reason} -> -%% error_msg("failed reading config from ~s: ~p", [FileName, Reason]), -%% {error, {failed_reading, FileName, Reason}} -%% end. - -%% read_file(File, Verify) -> -%% Check = fun (Config, State) -> {Verify(Config), State} end, -%% try snmp_conf:read(File, Check) of -%% Conf -> -%% ?vtrace("read_file -> read ok" -%% "~n Conf: ~p", [Conf]), -%% {ok, Conf} -%% catch -%% Error -> -%% ?vtrace("read_file -> read failed:" -%% "~n Error: ~p", [Error]), -%% Error -%% end. - -%% XXX remove - -%% read_file(Dir, FileName, Check, Default) -> -%% File = filename:join(Dir, FileName), -%% case file:read_file_info(File) of -%% {ok, _} -> -%% case (catch do_read(File, Check)) of -%% {ok, Conf} -> -%% {ok, Conf}; -%% Error -> -%% ?vtrace("read_file -> read failed:" -%% "~n Error: ~p", [Error]), -%% Error -%% end; -%% {error, Reason} -> -%% ?vlog("failed reading config from ~s: ~p", [FileName, Reason]), -%% {ok, Default} -%% end. - -%% read_file(Dir, FileName, Check) -> -%% File = filename:join(Dir, FileName), -%% case file:read_file_info(File) of -%% {ok, _} -> -%% case (catch do_read(File, Check)) of -%% {ok, Conf} -> -%% ?vtrace("read_file -> read ok" -%% "~n Conf: ~p", [Conf]), -%% {ok, Conf}; -%% Error -> -%% ?vtrace("read_file -> read failed:" -%% "~n Error: ~p", [Error]), -%% Error -%% end; -%% {error, Reason} -> -%% error_msg("failed reading config from ~s: ~p", [FileName, Reason]), -%% {error, {failed_reading, FileName, Reason}} -%% end. - -%% do_read(File, Check) -> -%% {ok, snmp_conf:read(File, Check)}. - - %%-------------------------------------------------------------------- %% Func: handle_call/3 %% Returns: {reply, Reply, State} | @@ -3580,6 +3431,5 @@ error_msg(F, A) -> %% p(F) -> %% p(F, []). -p(F, A) -> - io:format("~w:" ++ F ++ "~n", [?MODULE | A]). - +%% p(F, A) -> +%% io:format("~w:" ++ F ++ "~n", [?MODULE | A]). diff --git a/lib/snmp/src/manager/snmpm_net_if.erl b/lib/snmp/src/manager/snmpm_net_if.erl index 860b0b83dd..cb72871177 100644 --- a/lib/snmp/src/manager/snmpm_net_if.erl +++ b/lib/snmp/src/manager/snmpm_net_if.erl @@ -17,7 +17,9 @@ %% %CopyrightEnd% %% +-ifndef(snmpm_net_if_mt). -module(snmpm_net_if). +-endif. -behaviour(gen_server). -behaviour(snmpm_network_interface). @@ -59,8 +61,7 @@ { server, note_store, - domain, - sock, + transports = [], mpd_state, log, irb = auto, % auto | {user, integer()} @@ -68,6 +69,9 @@ filter }). +-record(transport, + {socket, + domain = snmpUDPDomain}). -define(DEFAULT_FILTER_MODULE, snmpm_net_if_filter). -define(DEFAULT_FILTER_OPTS, [{module, ?DEFAULT_FILTER_MODULE}]). @@ -147,6 +151,64 @@ filter_reset(Pid) -> %%%------------------------------------------------------------------- +%%% Multi-thread manager +%%%------------------------------------------------------------------- + +-ifdef(snmpm_net_if_mt). + +%% This function is called through the macro below to +%% (in the not multithreaded case) avoid creating the +%% Failer/4 fun, and to avoid calling the Worker through a fun +%% (now it shall not be a fun, just a code snippet). + +worker(Worker, Failer, #state{log = Log} = State) -> + Verbosity = get(verbosity), + spawn_opt( + fun () -> + try + put(sname, mnifw), + put(verbosity, Verbosity), + NewState = + case do_reopen_log(Log) of + Log -> + State; + NewLog -> + State#state{log = NewLog} + end, + Worker(NewState) + of + Result -> + %% Winds up in handle_info {'DOWN', ...} + erlang:exit({net_if_worker, Result}) + catch + Class:Reason -> + %% Winds up in handle_info {'DOWN', ...} + erlang:exit( + {net_if_worker, Failer, + Class, Reason, erlang:get_stacktrace()}) + end + end, + [monitor]). +-define( + worker(S, Worker, Failer, State), + begin + worker( + fun (S) -> begin Worker end end, + begin Failer end, + (State)) + end). + +-else. + +-define( + worker(S, Worker, _Failer, State), + begin (S) = (State), begin Worker end end). + +-endif. + + + +%%%------------------------------------------------------------------- %%% Callback functions from gen_server %%%------------------------------------------------------------------- @@ -161,12 +223,19 @@ init([Server, NoteStore]) -> ?d("init -> entry with" "~n Server: ~p" "~n NoteStore: ~p", [Server, NoteStore]), - case (catch do_init(Server, NoteStore)) of + try do_init(Server, NoteStore) + catch {error, Reason} -> - {stop, Reason}; - {ok, State} -> - {ok, State} + {stop, Reason} end. + +-ifdef(snmpm_net_if_mt). +%% This should really be protected, but it also needs to +%% be writable for the worker processes, so... +-define(inform_table_opts, [set, public, named_table, {keypos, 1}]). +-else. +-define(inform_table_opts, [set, protected, named_table, {keypos, 1}]). +-endif. do_init(Server, NoteStore) -> process_flag(trap_exit, true), @@ -176,18 +245,18 @@ do_init(Server, NoteStore) -> process_flag(priority, Prio), %% -- Create inform request table -- - ets:new(snmpm_inform_request_table, - [set, protected, named_table, {keypos, 1}]), + ets:new(snmpm_inform_request_table, ?inform_table_opts), %% -- Verbosity -- {ok, Verbosity} = snmpm_config:system_info(net_if_verbosity), - put(sname,mnif), - put(verbosity,Verbosity), + put(sname, mnif), + put(verbosity, Verbosity), ?vlog("starting", []), %% -- MPD -- {ok, Vsns} = snmpm_config:system_info(versions), MpdState = snmpm_mpd:init(Vsns), + ?vdebug("MpdState: ~w", [MpdState]), %% -- Module dependent options -- {ok, Opts} = snmpm_config:system_info(net_if_options), @@ -196,21 +265,6 @@ do_init(Server, NoteStore) -> {ok, IRB} = snmpm_config:system_info(net_if_irb), IrGcRef = irgc_start(IRB), - %% -- Socket -- - SndBuf = get_opt(Opts, sndbuf, default), - RecBuf = get_opt(Opts, recbuf, default), - BindTo = get_opt(Opts, bind_to, false), - NoReuse = get_opt(Opts, no_reuse, false), - {ok, Port} = snmpm_config:system_info(port), - Domain = - case snmpm_config:system_info(domain) of - {ok, D} -> - D; - _ -> - snmpm_config:default_transport_domain() - end, - {ok, Sock} = do_open_port(Port, SndBuf, RecBuf, Domain, BindTo, NoReuse), - %% Flow control -- FilterOpts = get_opt(Opts, filter, []), FilterMod = create_filter(FilterOpts), @@ -219,83 +273,104 @@ do_init(Server, NoteStore) -> %% -- Audit trail log --- {ok, ATL} = snmpm_config:system_info(audit_trail_log), Log = do_init_log(ATL), + ?vdebug("Log: ~w", [Log]), + + {ok, DomainAddresses} = snmpm_config:system_info(transports), + ?vdebug("DomainAddresses: ~w",[DomainAddresses]), + CommonSocketOpts = common_socket_opts(Opts), + BindTo = get_opt(Opts, bind_to, false), + case + [begin + {IpPort, SocketOpts} = + socket_params(Domain, Address, BindTo, CommonSocketOpts), + Socket = socket_open(IpPort, SocketOpts), + #transport{socket = Socket, domain = Domain} + end || {Domain, Address} <- DomainAddresses] + of + [] -> + ?vinfo("No transports configured: ~p", [DomainAddresses]), + throw({error, {no_transports,DomainAddresses}}); + Transports -> + %% -- Initiate counters --- + init_counters(), + + %% -- We are done --- + State = #state{ + server = Server, + note_store = NoteStore, + mpd_state = MpdState, + transports = Transports, + log = Log, + irb = IRB, + irgc = IrGcRef, + filter = FilterMod}, + ?vdebug("started", []), + {ok, State} + end. - %% -- Initiate counters --- - init_counters(), - - %% -- We are done --- - State = #state{server = Server, - note_store = NoteStore, - mpd_state = MpdState, - domain = Domain, - sock = Sock, - log = Log, - irb = IRB, - irgc = IrGcRef, - filter = FilterMod}, - ?vdebug("started", []), - {ok, State}. - - -%% Open port -do_open_port(Port, SendSz, RecvSz, Domain, BindTo, NoReuse) -> - ?vtrace("do_open_port -> entry with~n" - " Port: ~p~n" - " SendSz: ~p~n" - " RecvSz: ~p~n" - " Domain: ~p~n" - " BindTo: ~p~n" - " NoReuse: ~p", - [Port, SendSz, RecvSz, Domain, BindTo, NoReuse]), - IpOpts1 = bind_to(BindTo), - IpOpts2 = no_reuse(NoReuse), - IpOpts3 = recbuf(RecvSz), - IpOpts4 = sndbuf(SendSz), - IpOpts = - [binary, - snmp_conf:tdomain_to_family(Domain) | - IpOpts1 ++ IpOpts2 ++ IpOpts3 ++ IpOpts4], - OpenRes = - case init:get_argument(snmpm_fd) of - {ok, [[FdStr]]} -> - Fd = list_to_integer(FdStr), - gen_udp:open(0, [{fd, Fd}|IpOpts]); - error -> - gen_udp:open(Port, IpOpts) - end, - case OpenRes of +socket_open(IpPort, SocketOpts) -> + ?vtrace("socket_open -> entry with~n" + " IpPort: ~p~n" + " SocketOpts: ~p", [IpPort, SocketOpts]), + case gen_udp:open(IpPort, SocketOpts) of {error, _} = Error -> throw(Error); - OK -> - OK + {ok, Socket} -> + Socket end. -bind_to(true) -> - case snmpm_config:system_info(address) of - {ok, Addr} when is_list(Addr) -> - [{ip, list_to_tuple(Addr)}]; - {ok, Addr} -> - [{ip, Addr}]; +socket_params(Domain, {IpAddr, IpPort}, BindTo, CommonSocketOpts) -> + Family = snmp_conf:tdomain_to_family(Domain), + SocketOpts = + case Family of + inet6 -> + [Family, {ipv6_v6only, true} | CommonSocketOpts]; + Family -> + [Family | CommonSocketOpts] + end, + case Family of + inet -> + case init:get_argument(snmp_fd) of + {ok, [[FdStr]]} -> + Fd = list_to_integer(FdStr), + case BindTo of + true -> + {IpPort, [{ip, IpAddr}, {fd, Fd} | SocketOpts]}; + _ -> + {0, [{fd, Fd} | SocketOpts]} + end; + error -> + {IpPort, [{ip, IpAddr} | SocketOpts]} + end; _ -> - [] - end; -bind_to(_) -> - []. - -no_reuse(false) -> - [{reuseaddr, true}]; -no_reuse(_) -> - []. - -recbuf(default) -> - []; -recbuf(Sz) -> - [{recbuf, Sz}]. + case BindTo of + true -> + {IpPort, [{ip, IpAddr} | SocketOpts]}; + _ -> + {IpPort, SocketOpts} + end + end. -sndbuf(default) -> - []; -sndbuf(Sz) -> - [{sndbuf, Sz}]. +common_socket_opts(Opts) -> + [binary + | case get_opt(Opts, sndbuf, default) of + default -> + []; + Sz -> + [{sndbuf, Sz}] + end ++ + case get_opt(Opts, recbuf, default) of + default -> + []; + Sz -> + [{sndbuf, Sz}] + end ++ + case get_opt(Opts, no_reuse, false) of + false -> + [{reuseaddr, true}]; + _ -> + [] + end]. create_filter(Opts) when is_list(Opts) -> @@ -310,6 +385,10 @@ create_filter(BadOpts) -> throw({error, {bad_filter_opts, BadOpts}}). +%% ---------------------------------------------------------------------- +%% Audit Trail Logger +%% ---------------------------------------------------------------------- + %% Open log do_init_log(false) -> ?vtrace("do_init_log(false) -> entry", []), @@ -330,24 +409,69 @@ do_init_log(true) -> Function = increment_counter, Args = [atl_seqno, Initial, Max], SeqNoGen = {Module, Function, Args}, - case snmp_log:create(Name, File, - SeqNoGen, Size, Repair, true) of + case snmp_log:create( + Name, File, SeqNoGen, Size, Repair, true) of {ok, Log} -> ?vdebug("log created: ~w", [Log]), - {Log, Type}; + {Name, Log, Type}; {error, Reason} -> throw({error, {failed_create_audit_log, Reason}}) end; _ -> case snmp_log:create(Name, File, Size, Repair, true) of {ok, Log} -> - {Log, Type}; + ?vdebug("log created: ~w", [Log]), + {Name, Log, Type}; {error, Reason} -> throw({error, {failed_create_audit_log, Reason}}) end end. - +-ifdef(snmpm_net_if_mt). +do_reopen_log(undefined) -> + undefined; +do_reopen_log({Name, Log, Type}) -> + case snmp_log:open(Name, Log) of + {ok, NewLog} -> + {Name, NewLog, Type}; + {error, Reason} -> + warning_msg( + "NetIf worker ~p failed to open ATL:~n" + " ~p", [self(), Reason]), + undefined + end. +-endif. + +%% Close log +do_close_log(undefined) -> + ok; +do_close_log({_Name, Log, _Type}) -> + (catch snmp_log:sync(Log)), + (catch snmp_log:close(Log)), + ok; +do_close_log(_) -> + ok. + +%% Log +logger(undefined, _Type, _Domain, _Addr) -> + fun(_) -> + ok + end; +logger({_Name, Log, Types}, Type, Domain, Addr) -> + case lists:member(Type, Types) of + true -> + AddrString = + iolist_to_binary(snmp_conf:mk_addr_string({Domain, Addr})), + fun(Msg) -> + snmp_log:log(Log, Msg, AddrString) + end; + false -> + fun(_) -> + ok + end + end. + + %%-------------------------------------------------------------------- %% Func: handle_call/3 %% Returns: {reply, Reply, State} | @@ -409,7 +533,7 @@ handle_cast({send_pdu, Pdu, Vsn, MsgData, Domain, Addr, ExtraInfo}, " Vsn: ~p~n" " MsgData: ~p~n" " Domain: ~p~n" - " Addr : ~p", [Pdu, Vsn, MsgData, Domain, Addr]), + " Addr: ~p", [Pdu, Vsn, MsgData, Domain, Addr]), maybe_process_extra_info(ExtraInfo), maybe_handle_send_pdu(Pdu, Vsn, MsgData, Domain, Addr, State), {noreply, State}; @@ -439,11 +563,20 @@ handle_cast(Msg, State) -> %% {stop, Reason, State} (terminate/2 is called) %%-------------------------------------------------------------------- handle_info( - {udp, Sock, Ip, Port, Bytes}, - #state{sock = Sock, domain = Domain} = State) -> - ?vlog("received ~w bytes from ~p:~p [~w]", [size(Bytes), Ip, Port, Sock]), - maybe_handle_recv_msg(Domain, {Ip, Port}, Bytes, State), - {noreply, State}; + {udp, Socket, IpAddr, IpPort, Bytes}, + #state{transports = Transports} = State) -> + Size = byte_size(Bytes), + case lists:keyfind(Socket, #transport.socket, Transports) of + #transport{socket = Socket, domain = Domain} -> + ?vlog("received ~w bytes from ~p:~p [~w]", + [Size, IpAddr, IpPort, Socket]), + maybe_handle_recv_msg(Domain, {IpAddr, IpPort}, Bytes, State), + {noreply, State}; + false -> + warning_msg("Received ~w bytes on unknown port: ~p from ~s", + [Size, Socket, format_address({IpAddr, IpPort})]), + {noreply, State} + end; handle_info(inform_response_gc, State) -> ?vlog("received inform_response_gc message", []), @@ -456,11 +589,42 @@ handle_info({disk_log, _Node, Log, Info}, State) -> State2 = handle_disk_log(Log, Info, State), {noreply, State2}; +handle_info({'DOWN', _, _, _, _} = Info, State) -> + handle_info_down(Info, State); + handle_info(Info, State) -> + handle_info_unknown(Info, State). + + +handle_info_unknown(Info, State) -> warning_msg("received unknown info: ~n~p", [Info]), {noreply, State}. +-ifdef(snmpm_net_if_mt). +handle_info_down( + {'DOWN', _MRef, process, _Pid, + {net_if_worker, _Result}}, + State) -> + ?vdebug("received DOWN message from net_if worker [~w]: " + "~n Result: ~p", [_Pid, _Result]), + {noreply, State}; +handle_info_down( + {'DOWN', _MRef, process, Pid, + {net_if_worker, Failer, Class, Reason, Stacktrace} = _ExitStatus}, + State) -> + ?vdebug("received DOWN message from net_if worker [~w]: " + "~n ExitStatus: ~p", [Pid, _ExitStatus]), + Failer(Pid, Class, Reason, Stacktrace), + {noreply, State}; +handle_info_down(Info, State) -> + handle_info_unknown(Info, State). +-else. +handle_info_down(Info, State) -> + handle_info_unknown(Info, State). +-endif. + + %%-------------------------------------------------------------------- %% Func: terminate/2 %% Purpose: Shutdown the server @@ -474,68 +638,12 @@ terminate(Reason, #state{log = Log, irgc = IrGcRef}) -> ok. -do_close_log({Log, _Type}) -> - (catch snmp_log:sync(Log)), - (catch snmp_log:close(Log)), - ok; -do_close_log(_) -> - ok. - - %%---------------------------------------------------------------------- %% Func: code_change/3 %% Purpose: Convert process state when code is changed %% Returns: {ok, NewState} %%---------------------------------------------------------------------- -code_change({down, _Vsn}, OldState, downgrade_to_pre_4_14) -> - ?d("code_change(down, downgrade_to_pre_4_14) -> entry with" - "~n OldState: ~p", [OldState]), - #state{server = Server, - note_store = NoteStore, - sock = Sock, - mpd_state = MpdState, - log = {OldLog, Type}, - irb = IRB, - irgc = IRGC} = OldState, - NewLog = snmp_log:downgrade(OldLog), - State = - {state, Server, NoteStore, Sock, MpdState, {NewLog, Type}, IRB, IRGC}, - {ok, State}; - -code_change({down, _Vsn}, OldState, downgrade_to_pre_4_16) -> - ?d("code_change(down, downgrade_to_pre_4_16) -> entry with" - "~n OldState: ~p", [OldState]), - {OldLog, Type} = OldState#state.log, - NewLog = snmp_log:downgrade(OldLog), - State = OldState#state{log = {NewLog, Type}}, - {ok, State}; - -% upgrade -code_change(_Vsn, OldState, upgrade_from_pre_4_14) -> - ?d("code_change(up, upgrade_from_pre_4_14) -> entry with" - "~n OldState: ~p", [OldState]), - {state, Server, NoteStore, Sock, MpdState, {OldLog, Type}, IRB, IRGC} = - OldState, - NewLog = snmp_log:upgrade(OldLog), - State = #state{server = Server, - note_store = NoteStore, - sock = Sock, - mpd_state = MpdState, - log = {NewLog, Type}, - irb = IRB, - irgc = IRGC, - filter = ?DEFAULT_FILTER_MODULE}, - {ok, State}; - -code_change(_Vsn, OldState, upgrade_from_pre_4_16) -> - ?d("code_change(up, upgrade_from_pre_4_16) -> entry with" - "~n OldState: ~p", [OldState]), - {OldLog, Type} = OldState#state.log, - NewLog = snmp_log:upgrade(OldLog), - State = OldState#state{log = {NewLog, Type}}, - {ok, State}; - code_change(_Vsn, State, _Extra) -> ?d("code_change -> entry with" "~n Vsn: ~p" @@ -548,80 +656,88 @@ code_change(_Vsn, State, _Extra) -> %%% Internal functions %%%------------------------------------------------------------------- -maybe_handle_recv_msg( +maybe_handle_recv_msg(Domain, Addr, Bytes, State) -> + ?worker( + S, maybe_handle_recv_msg_mt(Domain, Addr, Bytes, S), + fun (Pid, Class, Reason, Stacktrace) -> + warning_msg( + "Worker process (~p) terminated " + "while processing (incomming) message from %s:~n" + "~w:~w at ~p", + [Pid, snmp_conf:mk_addr_string({Domain, Addr}), + Class, Reason, Stacktrace]) + end, + State). + +maybe_handle_recv_msg_mt( Domain, Addr, Bytes, - #state{filter = FilterMod, domain = ManagerDomain} = State) -> - {Arg1, Arg2} = fix_filter_address(ManagerDomain, {Domain, Addr}), + #state{filter = FilterMod, transports = Transports} = State) -> + {Arg1, Arg2} = fix_filter_address(Transports, {Domain, Addr}), case (catch FilterMod:accept_recv(Arg1, Arg2)) of false -> %% Drop the received packet - inc(netIfMsgInDrops), - ok; + inc(netIfMsgInDrops); _ -> handle_recv_msg(Domain, Addr, Bytes, State) - end. + end, + ok. handle_recv_msg(Domain, Addr, Bytes, #state{server = Pid}) when is_binary(Bytes) andalso (size(Bytes) =:= 0) -> - Pid ! {snmp_error, {empty_message, Domain, Addr}, Domain, Addr}, - ok; - + Pid ! {snmp_error, {empty_message, Domain, Addr}, Domain, Addr}; +%% handle_recv_msg( Domain, Addr, Bytes, - #state{server = Pid, - note_store = NoteStore, - mpd_state = MpdState, - log = Log} = State) -> + #state{ + server = Pid, + note_store = NoteStore, + mpd_state = MpdState, + log = Log} = State) -> Logger = logger(Log, read, Domain, Addr), - case (catch snmpm_mpd:process_msg(Bytes, Domain, Addr, - MpdState, NoteStore, Logger)) of + case (catch snmpm_mpd:process_msg( + Bytes, Domain, Addr, MpdState, NoteStore, Logger)) of {ok, Vsn, Pdu, MS, ACM} -> - maybe_handle_recv_pdu(Domain, Addr, Vsn, Pdu, MS, ACM, - Logger, State); + maybe_handle_recv_pdu( + Domain, Addr, Vsn, Pdu, MS, ACM, Logger, State); {discarded, Reason, Report} -> ?vdebug("discarded: ~p", [Reason]), ErrorInfo = {failed_processing_message, Reason}, Pid ! {snmp_error, ErrorInfo, Domain, Addr}, - maybe_udp_send(Domain, Addr, Report, State), - ok; + maybe_udp_send(Domain, Addr, Report, State); {discarded, Reason} -> ?vdebug("discarded: ~p", [Reason]), ErrorInfo = {failed_processing_message, Reason}, - Pid ! {snmp_error, ErrorInfo, Domain, Addr}, - ok; + Pid ! {snmp_error, ErrorInfo, Domain, Addr}; Error -> error_msg("processing of received message failed: " - "~n ~p", [Error]), - ok + "~n ~p", [Error]) end. maybe_handle_recv_pdu( Domain, Addr, Vsn, #pdu{type = Type} = Pdu, PduMS, ACM, Logger, - #state{filter = FilterMod, domain = ManagerDomain} = State) -> - {Arg1, Arg2} = fix_filter_address(ManagerDomain, {Domain, Addr}), + #state{filter = FilterMod, transports = Transports} = State) -> + {Arg1, Arg2} = fix_filter_address(Transports, {Domain, Addr}), case (catch FilterMod:accept_recv_pdu(Arg1, Arg2, Type)) of false -> - inc(netIfPduInDrops), - ok; + inc(netIfPduInDrops); _ -> handle_recv_pdu( Domain, Addr, Vsn, Pdu, PduMS, ACM, Logger, State) end; maybe_handle_recv_pdu( Domain, Addr, Vsn, Trap, PduMS, ACM, Logger, - #state{filter = FilterMod, domain = ManagerDomain} = State) + #state{filter = FilterMod, transports = Transports} = State) when is_record(Trap, trappdu) -> - {Arg1, Arg2} = fix_filter_address(ManagerDomain, {Domain, Addr}), + {Arg1, Arg2} = fix_filter_address(Transports, {Domain, Addr}), case (catch FilterMod:accept_recv_pdu(Arg1, Arg2, trappdu)) of false -> - inc(netIfPduInDrops), - ok; + inc(netIfPduInDrops); _ -> handle_recv_pdu( Domain, Addr, Vsn, Trap, PduMS, ACM, Logger, State) @@ -703,6 +819,19 @@ handle_inform_request( end. handle_inform_response(Ref, Domain, Addr, State) -> + ?worker( + S, handle_inform_response_mt(Ref, Domain, Addr, S), + fun (Pid, Class, Reason, Stacktrace) -> + warning_msg( + "Worker process (~p) terminated " + "while processing (outgoing) inform response for %s:~n" + "~w:~w at ~p", + [Pid, snmp_conf:mk_addr_string({Domain, Addr}), + Class, Reason, Stacktrace]) + end, + State). + +handle_inform_response_mt(Ref, Domain, Addr, State) -> Key = {Ref, Domain, Addr}, case ets:lookup(snmpm_inform_request_table, Key) of [{Key, _, {Vsn, ACM, RePdu}}] -> @@ -718,10 +847,11 @@ handle_inform_response(Ref, Domain, Addr, State) -> maybe_send_inform_response( RePdu, Vsn, ACM, Domain, Addr, Logger, - #state{server = Pid, - filter = FilterMod, - domain = ManagerDomain} = State) -> - {Arg1, Arg2} = fix_filter_address(ManagerDomain, {Domain, Addr}), + #state{ + server = Pid, + filter = FilterMod, + transports = Transports} = State) -> + {Arg1, Arg2} = fix_filter_address(Transports, {Domain, Addr}), case (catch FilterMod:accept_send_pdu( Arg1, Arg2, pdu_type_of(RePdu))) of @@ -737,8 +867,7 @@ maybe_send_inform_response( "~n Reason: ~p", [Reason]), ReqId = RePdu#pdu.request_id, ErrorInfo = {failed_generating_response, {RePdu, Reason}}, - Pid ! {snmp_error, ReqId, ErrorInfo, Domain, Addr}, - ok + Pid ! {snmp_error, ReqId, ErrorInfo, Domain, Addr} end end. @@ -771,24 +900,37 @@ irgc_stop(undefined) -> irgc_stop(Ref) -> (catch erlang:cancel_timer(Ref)). - -maybe_handle_send_pdu( +maybe_handle_send_pdu(Pdu, Vsn, MsgData, Domain, Addr, State) -> + ?worker( + S, maybe_handle_send_pdu_mt(Pdu, Vsn, MsgData, Domain, Addr, S), + fun (Pid, Class, Reason, Stacktrace) -> + warning_msg( + "Worker process (~p) terminated " + "while processing (outgoing) pdu for %s:~n" + "~w:~w at ~p", + [Pid, snmp_conf:mk_addr_string({Domain, Addr}), + Class, Reason, Stacktrace]) + end, + State). + +maybe_handle_send_pdu_mt( Pdu, Vsn, MsgData, Domain, Addr, - #state{filter = FilterMod, domain = ManagerDomain} = State) -> - {Arg1, Arg2} = fix_filter_address(ManagerDomain, {Domain, Addr}), + #state{filter = FilterMod, transports = Transports} = State) -> + {Arg1, Arg2} = fix_filter_address(Transports, {Domain, Addr}), case (catch FilterMod:accept_send_pdu(Arg1, Arg2, pdu_type_of(Pdu))) of false -> - inc(netIfPduOutDrops), - ok; + inc(netIfPduOutDrops); _ -> handle_send_pdu(Pdu, Vsn, MsgData, Domain, Addr, State) - end. + end, + ok. handle_send_pdu( Pdu, Vsn, MsgData, Domain, Addr, - #state{server = Pid, - note_store = NoteStore, - log = Log} = State) -> + #state{ + server = Pid, + note_store = NoteStore, + log = Log} = State) -> Logger = logger(Log, write, Domain, Addr), case (catch snmpm_mpd:generate_msg( Vsn, NoteStore, Pdu, MsgData, Logger)) of @@ -799,43 +941,58 @@ handle_send_pdu( ?vlog("PDU not sent: " "~n PDU: ~p" "~n Reason: ~p", [Pdu, Reason]), - Pid ! {snmp_error, Pdu, Reason}, - ok + Pid ! {snmp_error, Pdu, Reason} end. maybe_udp_send( Domain, Addr, Msg, - #state{sock = Sock, filter = FilterMod, domain = ManagerDomain}) -> - {Arg1, Arg2} = fix_filter_address(ManagerDomain, {Domain, Addr}), + #state{filter = FilterMod, transports = Transports}) -> + To = {Domain, Addr}, + {Arg1, Arg2} = fix_filter_address(Transports, To), case (catch FilterMod:accept_send(Arg1, Arg2)) of false -> inc(netIfMsgOutDrops), ok; _ -> - %% XXX There should be some kind of lookup of socket - %% from transport domain here - {Ip, Port} = Addr, - udp_send(Sock, Ip, Port, Msg) + case select_transport_from_domain(Domain, Transports) of + false -> + error_msg( + "Can not find transport~n" + " size: ~p~n" + " to: ~s", + [sz(Msg), format_address(To)]); + #transport{socket = Socket} -> + udp_send(Socket, Addr, Msg) + end end. - - -udp_send(Sock, Ip, Port, Msg) -> - case (catch gen_udp:send(Sock, Ip, Port, Msg)) of + +udp_send(Sock, To, Msg) -> + {IpAddr, IpPort} = + case To of + {Domain, Addr} when is_atom(Domain) -> + Addr; + {_, P} = Addr when is_integer(P) -> + Addr + end, + try gen_udp:send(Sock, IpAddr, IpPort, Msg) of ok -> ?vdebug("sent ~w bytes to ~w:~w [~w]", - [sz(Msg), Ip, Port, Sock]), + [sz(Msg), IpAddr, IpPort, Sock]), ok; {error, Reason} -> - error_msg("failed sending message to ~p:~p: " - "~n ~p",[Ip, Port, Reason]); - Error -> - error_msg("failed sending message to ~p:~p: " - "~n ~p",[Ip, Port, Error]) + error_msg("failed sending message to ~p:~p:~n" + " ~p",[IpAddr, IpPort, Reason]) + catch + error:Error -> + error_msg("failed sending message to ~p:~p:~n" + " error:~p~n" + " ~p", + [IpAddr, IpPort, Error, erlang:get_stacktrace()]) end. sz(B) when is_binary(B) -> - size(B); + byte_size(B); sz(L) when is_list(L) -> length(L); sz(_) -> @@ -1025,26 +1182,45 @@ handle_set_log_type(State, _NewType) -> {State, {error, not_enabled}}. +select_transport_from_domain(Domain, Transports) when is_atom(Domain) -> + Pos = #transport.domain, + case lists:keyfind(Domain, Pos, Transports) of + #transport{domain = Domain} = Transport -> + Transport; + false when Domain == snmpUDPDomain -> + lists:keyfind(transportDomainUdpIpv4, Pos, Transports); + false when Domain == transportDomainUdpIpv4 -> + lists:keyfind(snmpUDPDomain, Pos, Transports); + false -> + false + end. + %% If the manager uses legacy snmpUDPDomain e.g has not set %% {domain, _}, then make sure snmpm_network_interface_filter %% gets legacy arguments to not break backwards compatibility. %% -fix_filter_address(snmpUDPDomain, {Domain, Addr}) - when Domain =:= snmpUDPDomain; - Domain =:= transportDomainUdpIpv4 -> - Addr; -fix_filter_address(_ManagerDomain, {Domain, _} = Address) - when is_atom(Domain) -> - Address; -fix_filter_address(snmpUDPDomain, {_, Port} = Addr) - when is_integer(Port) -> - Addr. +fix_filter_address(Transports, Address) -> + DefaultDomain = snmpm_config:default_transport_domain(), + case Transports of + [#transport{domain = DefaultDomain}, DefaultDomain] -> + case Address of + {Domain, Addr} when is_atom(Domain) -> + Addr; + {_, IpPort} = Addr when is_integer(IpPort) -> + Addr + end; + _ -> + Address + end. address(Domain, Addr) when is_atom(Domain) -> {Domain, Addr}; address(Ip, Port) when is_integer(Port) -> {snmpm_config:default_transport_domain(), {Ip, Port}}. +format_address(Address) -> + iolist_to_binary(snmp_conf:mk_addr_string(Address)). + %% ------------------------------------------------------------------- make_response_pdu(#pdu{request_id = ReqId, varbinds = Vbs}) -> @@ -1085,27 +1261,6 @@ t() -> %% ------------------------------------------------------------------- -logger(undefined, _Type, _Domain, _Addr) -> - fun(_) -> - ok - end; -logger({Log, Types}, Type, Domain, Addr) -> - case lists:member(Type, Types) of - true -> - AddrString = - iolist_to_binary(snmp_conf:mk_addr_string({Domain, Addr})), - fun(Msg) -> - snmp_log:log(Log, Msg, AddrString) - end; - false -> - fun(_) -> - ok - end - end. - - -%% ------------------------------------------------------------------- - %% info_msg(F, A) -> %% ?snmpm_info("NET-IF server: " ++ F, A). @@ -1130,10 +1285,11 @@ get_opt(Opts, Key, Def) -> %% ------------------------------------------------------------------- -get_info(#state{sock = Id}) -> +get_info(#state{transports = Transports}) -> ProcSize = proc_mem(self()), - PortInfo = get_port_info(Id), - [{process_memory, ProcSize}, {port_info, PortInfo}]. + [{process_memory, ProcSize} + | [{port_info, get_port_info(Socket)} + || #transport{socket = Socket} <- Transports]]. proc_mem(P) when is_pid(P) -> case (catch erlang:process_info(P, memory)) of @@ -1248,4 +1404,3 @@ call(Pid, Req, Timeout) -> cast(Pid, Msg) -> gen_server:cast(Pid, Msg). - diff --git a/lib/snmp/src/manager/snmpm_net_if_mt.erl b/lib/snmp/src/manager/snmpm_net_if_mt.erl index 2937f5cc87..62f6023657 100644 --- a/lib/snmp/src/manager/snmpm_net_if_mt.erl +++ b/lib/snmp/src/manager/snmpm_net_if_mt.erl @@ -17,1309 +17,7 @@ %% %CopyrightEnd% %% --module(snmpm_net_if_mt). - --behaviour(gen_server). --behaviour(snmpm_network_interface). - - -%% Network Interface callback functions --export([ - start_link/2, - stop/1, - send_pdu/6, % Backward compatibility - send_pdu/7, % Partly backward compatibility - send_pdu/8, % Backward compatibility - - inform_response/4, - - note_store/2, - - info/1, - verbosity/2, - %% system_info_updated/2, - get_log_type/1, set_log_type/2, - filter_reset/1 - ]). - -%% gen_server callbacks --export([init/1, handle_call/3, handle_cast/2, handle_info/2, - code_change/3, terminate/2]). - --define(SNMP_USE_V3, true). --include("snmp_types.hrl"). --include("snmpm_internal.hrl"). --include("snmpm_atl.hrl"). --include("snmp_debug.hrl"). - -%% -define(VMODULE,"NET_IF"). --include("snmp_verbosity.hrl"). - --record(state, - { - server, - note_store, - domain, - sock, - mpd_state, - log, - irb = auto, % auto | {user, integer()} - irgc, - filter - }). - - --define(DEFAULT_FILTER_MODULE, snmpm_net_if_filter). --define(DEFAULT_FILTER_OPTS, [{module, ?DEFAULT_FILTER_MODULE}]). - --ifdef(snmp_debug). --define(GS_START_LINK(Args), - gen_server:start_link(?MODULE, Args, [{debug,[trace]}])). --else. --define(GS_START_LINK(Args), - gen_server:start_link(?MODULE, Args, [])). --endif. - - --define(IRGC_TIMEOUT, timer:minutes(5)). - --define(ATL_SEQNO_INITIAL, 1). --define(ATL_SEQNO_MAX, 2147483647). - - -%%%------------------------------------------------------------------- -%%% API -%%%------------------------------------------------------------------- -start_link(Server, NoteStore) -> - ?d("start_link -> entry with" - "~n Server: ~p" - "~n NoteStore: ~p", [Server, NoteStore]), - Args = [Server, NoteStore], - ?GS_START_LINK(Args). - -stop(Pid) -> - call(Pid, stop). - -send_pdu(Pid, Pdu, Vsn, MsgData, Domain_or_Ip, Addr_or_Port) -> - send_pdu( - Pid, Pdu, Vsn, MsgData, Domain_or_Ip, Addr_or_Port, ?DEFAULT_EXTRA_INFO). - -send_pdu(Pid, Pdu, Vsn, MsgData, Domain_or_Ip, Addr_or_Port, ExtraInfo) - when is_record(Pdu, pdu) -> - ?d("send_pdu -> entry with~n" - " Pid: ~p~n" - " Pdu: ~p~n" - " Vsn: ~p~n" - " MsgData: ~p~n" - " Domain/IP: ~p~n" - " Addr/Port : ~p", - [Pid, Pdu, Vsn, MsgData, Domain_or_Ip, Addr_or_Port]), - {Domain, Addr} = address(Domain_or_Ip, Addr_or_Port), - cast(Pid, {send_pdu, Pdu, Vsn, MsgData, Domain, Addr, ExtraInfo}). - -send_pdu(Pid, Pdu, Vsn, MsgData, Domain, Ip, Port, ExtraInfo) -> - send_pdu(Pid, Pdu, Vsn, MsgData, Domain, {Ip, Port}, ExtraInfo). - -note_store(Pid, NoteStore) -> - call(Pid, {note_store, NoteStore}). - -inform_response(Pid, Ref, Domain_or_Ip, Addr_or_Port) -> - {Domain, Addr} = address(Domain_or_Ip, Addr_or_Port), - cast(Pid, {inform_response, Ref, Domain, Addr}). - -info(Pid) -> - call(Pid, info). - -verbosity(Pid, V) -> - call(Pid, {verbosity, V}). - -%% system_info_updated(Pid, What) -> -%% call(Pid, {system_info_updated, What}). - -get_log_type(Pid) -> - call(Pid, get_log_type). - -set_log_type(Pid, NewType) -> - call(Pid, {set_log_type, NewType}). - -filter_reset(Pid) -> - cast(Pid, filter_reset). - - -%%%------------------------------------------------------------------- -%%% Callback functions from gen_server -%%%------------------------------------------------------------------- - -%%-------------------------------------------------------------------- -%% Func: init/1 -%% Returns: {ok, State} | -%% {ok, State, Timeout} | -%% ignore | -%% {stop, Reason} -%%-------------------------------------------------------------------- -init([Server, NoteStore]) -> - ?d("init -> entry with" - "~n Server: ~p" - "~n NoteStore: ~p", [Server, NoteStore]), - case (catch do_init(Server, NoteStore)) of - {error, Reason} -> - {stop, Reason}; - {ok, State} -> - {ok, State} - end. - -do_init(Server, NoteStore) -> - process_flag(trap_exit, true), - - %% -- Prio -- - {ok, Prio} = snmpm_config:system_info(prio), - process_flag(priority, Prio), - - %% -- Create inform request table -- - %% This should really be protected, but it also needs to - %% be writable for the worker processes, so... - ets:new(snmpm_inform_request_table, - [set, public, named_table, {keypos, 1}]), - - %% -- Verbosity -- - {ok, Verbosity} = snmpm_config:system_info(net_if_verbosity), - put(sname, mnif), - put(verbosity, Verbosity), - ?vlog("starting", []), - - %% -- MPD -- - {ok, Vsns} = snmpm_config:system_info(versions), - MpdState = snmpm_mpd:init(Vsns), - ?vdebug("MpdState: ~w", [MpdState]), - - %% -- Module dependent options -- - {ok, Opts} = snmpm_config:system_info(net_if_options), - - %% -- Inform response behaviour -- - {ok, IRB} = snmpm_config:system_info(net_if_irb), - IrGcRef = irgc_start(IRB), - - %% -- Socket -- - SndBuf = get_opt(Opts, sndbuf, default), - RecBuf = get_opt(Opts, recbuf, default), - BindTo = get_opt(Opts, bind_to, false), - NoReuse = get_opt(Opts, no_reuse, false), - {ok, Port} = snmpm_config:system_info(port), - Domain = - case snmpm_config:system_info(domain) of - {ok, D} -> - D; - _ -> - snmpm_config:default_transport_domain() - end, - {ok, Sock} = do_open_port(Port, SndBuf, RecBuf, Domain, BindTo, NoReuse), - - %% Flow control -- - FilterOpts = get_opt(Opts, filter, []), - FilterMod = create_filter(FilterOpts), - ?vdebug("FilterMod: ~w", [FilterMod]), - - %% -- Audit trail log --- - {ok, ATL} = snmpm_config:system_info(audit_trail_log), - Log = do_init_log(ATL), - ?vdebug("Log: ~w", [Log]), - - %% -- Initiate counters --- - init_counters(), - - %% -- We are done --- - State = #state{server = Server, - note_store = NoteStore, - mpd_state = MpdState, - domain = Domain, - sock = Sock, - log = Log, - irb = IRB, - irgc = IrGcRef, - filter = FilterMod}, - ?vdebug("started", []), - {ok, State}. - - -%% Open port -do_open_port(Port, SendSz, RecvSz, Domain, BindTo, NoReuse) -> - ?vtrace("do_open_port -> entry with~n" - " Port: ~p~n" - " SendSz: ~p~n" - " RecvSz: ~p~n" - " Domain: ~p~n" - " BindTo: ~p~n" - " NoReuse: ~p", - [Port, SendSz, RecvSz, Domain, BindTo, NoReuse]), - IpOpts1 = bind_to(BindTo), - IpOpts2 = no_reuse(NoReuse), - IpOpts3 = recbuf(RecvSz), - IpOpts4 = sndbuf(SendSz), - IpOpts = - [binary, - snmp_conf:tdomain_to_family(Domain) | - IpOpts1 ++ IpOpts2 ++ IpOpts3 ++ IpOpts4], - OpenRes = - case init:get_argument(snmpm_fd) of - {ok, [[FdStr]]} -> - Fd = list_to_integer(FdStr), - gen_udp:open(0, [{fd, Fd}|IpOpts]); - error -> - gen_udp:open(Port, IpOpts) - end, - case OpenRes of - {error, _} = Error -> - throw(Error); - OK -> - OK - end. - -bind_to(true) -> - case snmpm_config:system_info(address) of - {ok, Addr} when is_list(Addr) -> - [{ip, list_to_tuple(Addr)}]; - {ok, Addr} -> - [{ip, Addr}]; - _ -> - [] - end; -bind_to(_) -> - []. - -no_reuse(false) -> - [{reuseaddr, true}]; -no_reuse(_) -> - []. - -recbuf(default) -> - []; -recbuf(Sz) -> - [{recbuf, Sz}]. - -sndbuf(default) -> - []; -sndbuf(Sz) -> - [{sndbuf, Sz}]. - - -create_filter(Opts) when is_list(Opts) -> - case get_opt(Opts, module, ?DEFAULT_FILTER_MODULE) of - ?DEFAULT_FILTER_MODULE = Mod -> - Mod; - Module -> - snmpm_network_interface_filter:verify(Module), - Module - end; -create_filter(BadOpts) -> - throw({error, {bad_filter_opts, BadOpts}}). - - -%% ---------------------------------------------------------------------- -%% Audit Trail Logger -%% ---------------------------------------------------------------------- - -%% Open log -do_init_log(false) -> - ?vtrace("do_init_log(false) -> entry", []), - undefined; -do_init_log(true) -> - ?vtrace("do_init_log(true) -> entry", []), - {ok, Type} = snmpm_config:system_info(audit_trail_log_type), - {ok, Dir} = snmpm_config:system_info(audit_trail_log_dir), - {ok, Size} = snmpm_config:system_info(audit_trail_log_size), - {ok, Repair} = snmpm_config:system_info(audit_trail_log_repair), - Name = ?audit_trail_log_name, - File = filename:absname(?audit_trail_log_file, Dir), - case snmpm_config:system_info(audit_trail_log_seqno) of - {ok, true} -> - Initial = ?ATL_SEQNO_INITIAL, - Max = ?ATL_SEQNO_MAX, - Module = snmpm_config, - Function = increment_counter, - Args = [atl_seqno, Initial, Max], - SeqNoGen = {Module, Function, Args}, - case snmp_log:create(Name, File, SeqNoGen, Size, Repair, true) of - {ok, Log} -> - ?vdebug("log created: ~w", [Log]), - {Name, Log, Type}; - {error, Reason} -> - throw({error, {failed_create_audit_log, Reason}}) - end; - _ -> - case snmp_log:create(Name, File, Size, Repair, true) of - {ok, Log} -> - ?vdebug("log created: ~w", [Log]), - {Name, Log, Type}; - {error, Reason} -> - throw({error, {failed_create_audit_log, Reason}}) - end - end. - - -%% ---------------------------------------------------------------------- - -%%-------------------------------------------------------------------- -%% Func: handle_call/3 -%% Returns: {reply, Reply, State} | -%% {reply, Reply, State, Timeout} | -%% {noreply, State} | -%% {noreply, State, Timeout} | -%% {stop, Reason, Reply, State} | (terminate/2 is called) -%% {stop, Reason, State} (terminate/2 is called) -%%-------------------------------------------------------------------- -handle_call({verbosity, Verbosity}, _From, State) -> - ?vlog("received verbosity request", []), - put(verbosity, Verbosity), - {reply, ok, State}; - -%% handle_call({system_info_updated, What}, _From, State) -> -%% ?vlog("received system_info_updated request with What = ~p", [What]), -%% {NewState, Reply} = handle_system_info_updated(State, What), -%% {reply, Reply, NewState}; - -handle_call(get_log_type, _From, State) -> - ?vlog("received get-log-type request", []), - Reply = (catch handle_get_log_type(State)), - {reply, Reply, State}; - -handle_call({set_log_type, NewType}, _From, State) -> - ?vlog("received set-log-type request with NewType = ~p", [NewType]), - {NewState, Reply} = (catch handle_set_log_type(State, NewType)), - {reply, Reply, NewState}; - -handle_call({note_store, Pid}, _From, State) -> - ?vlog("received new note_store: ~w", [Pid]), - {reply, ok, State#state{note_store = Pid}}; - -handle_call(stop, _From, State) -> - ?vlog("received stop request", []), - Reply = ok, - {stop, normal, Reply, State}; - -handle_call(info, _From, State) -> - ?vlog("received info request", []), - Reply = get_info(State), - {reply, Reply, State}; - -handle_call(Req, From, State) -> - warning_msg("received unknown request (from ~p): ~n~p", [Req, From]), - {reply, {error, {invalid_request, Req}}, State}. - - -%%-------------------------------------------------------------------- -%% Func: handle_cast/2 -%% Returns: {noreply, State} | -%% {noreply, State, Timeout} | -%% {stop, Reason, State} (terminate/2 is called) -%%-------------------------------------------------------------------- -handle_cast({send_pdu, Pdu, Vsn, MsgData, Domain, Addr, ExtraInfo}, - State) -> - ?vlog("received send_pdu message with~n" - " Pdu: ~p~n" - " Vsn: ~p~n" - " MsgData: ~p~n" - " Domain: ~p~n" - " Addr: ~p", [Pdu, Vsn, MsgData, Domain, Addr]), - maybe_process_extra_info(ExtraInfo), - handle_send_pdu(Pdu, Vsn, MsgData, Domain, Addr, State), - {noreply, State}; - -handle_cast({inform_response, Ref, Domain, Addr}, State) -> - ?vlog("received inform_response message with~n" - " Ref: ~p~n" - " Domain: ~p~n" - " Addr: ~p", [Ref, Domain, Addr]), - handle_inform_response(Ref, Domain, Addr, State), - {noreply, State}; - -handle_cast(filter_reset, State) -> - ?vlog("received filter_reset message", []), - reset_counters(), - {noreply, State}; - -handle_cast(Msg, State) -> - warning_msg("received unknown message: ~n~p", [Msg]), - {noreply, State}. - - -%%-------------------------------------------------------------------- -%% Func: handle_info/2 -%% Returns: {noreply, State} | -%% {noreply, State, Timeout} | -%% {stop, Reason, State} (terminate/2 is called) -%%-------------------------------------------------------------------- -handle_info( - {udp, Sock, Ip, Port, Bytes}, - #state{sock = Sock, domain = Domain} = State) -> - ?vlog("received ~w bytes from ~p:~p", [size(Bytes), Ip, Port]), - handle_udp(Domain, {Ip, Port}, Bytes, State), - {noreply, State}; - -handle_info(inform_response_gc, State) -> - ?vlog("received inform_response_gc message", []), - State2 = handle_inform_response_gc(State), - {noreply, State2}; - -handle_info({disk_log, _Node, Log, Info}, State) -> - ?vlog("received disk_log message: " - "~n Info: ~p", [Info]), - State2 = handle_disk_log(Log, Info, State), - {noreply, State2}; - -handle_info({'DOWN', _MRef, process, Pid, {net_if_worker, ExitStatus}}, - State) -> - ?vdebug("received DOWN message from net_if-worker: " - "~n ExitStatus: ~p", [ExitStatus]), - handle_worker_exit(Pid, ExitStatus), - {noreply, State}; - -handle_info(Info, State) -> - warning_msg("received unknown info: ~n~p", [Info]), - {noreply, State}. - - -%%-------------------------------------------------------------------- -%% Func: terminate/2 -%% Purpose: Shutdown the server -%% Returns: any (ignored by gen_server) -%%-------------------------------------------------------------------- -terminate(Reason, #state{log = Log, irgc = IrGcRef}) -> - ?vdebug("terminate: ~p", [Reason]), - irgc_stop(IrGcRef), - %% Close logs - do_close_log(Log), - ok. - - -do_close_log({Log, _Type}) -> - (catch snmp_log:sync(Log)), - (catch snmp_log:close(Log)), - ok; -do_close_log(_) -> - ok. - - -%%---------------------------------------------------------------------- -%% Func: code_change/3 -%% Purpose: Convert process state when code is changed -%% Returns: {ok, NewState} -%%---------------------------------------------------------------------- - -code_change(_Vsn, State, _Extra) -> - ?d("code_change -> entry with" - "~n Vsn: ~p" - "~n State: ~p" - "~n Extra: ~p", [_Vsn, State, _Extra]), - {ok, State}. - - -%%%------------------------------------------------------------------- -%%% Internal functions -%%%------------------------------------------------------------------- - -handle_udp(Domain, Addr, Bytes, State) -> - Verbosity = get(verbosity), - spawn_opt( - fun() -> - Log = worker_init(State, Verbosity), - Res = - (catch maybe_handle_recv_msg( - Domain, Addr, Bytes, - State#state{log = Log})), - worker_exit(udp, {Domain, Addr}, Res) - end, - [monitor]). - - -maybe_handle_recv_msg( - Domain, Addr, Bytes, - #state{filter = FilterMod, domain = ManagerDomain} = State) -> - {Arg1, Arg2} = fix_filter_address(ManagerDomain, {Domain, Addr}), - case (catch FilterMod:accept_recv(Arg1, Arg2)) of - false -> - %% Drop the received packet - inc(netIfMsgInDrops), - ok; - _ -> - handle_recv_msg(Domain, Addr, Bytes, State) - end. - - -handle_recv_msg(Domain, Addr, Bytes, #state{server = Pid}) - when is_binary(Bytes) andalso (size(Bytes) =:= 0) -> - Pid ! {snmp_error, {empty_message, Domain, Addr}, Domain, Addr}, - ok; - -handle_recv_msg( - Domain, Addr, Bytes, - #state{server = Pid, - note_store = NoteStore, - mpd_state = MpdState, - log = Log} = State) -> - Logger = logger(Log, read, Domain, Addr), - case (catch snmpm_mpd:process_msg(Bytes, Domain, Addr, - MpdState, NoteStore, Logger)) of - - {ok, Vsn, Pdu, MS, ACM} -> - maybe_handle_recv_pdu(Domain, Addr, Vsn, Pdu, MS, ACM, - Logger, State); - - {discarded, Reason, Report} -> - ?vdebug("discarded: ~p", [Reason]), - ErrorInfo = {failed_processing_message, Reason}, - Pid ! {snmp_error, ErrorInfo, Domain, Addr}, - maybe_udp_send(Domain, Addr, Report, State), - ok; - {discarded, Reason} -> - ?vdebug("discarded: ~p", [Reason]), - ErrorInfo = {failed_processing_message, Reason}, - Pid ! {snmp_error, ErrorInfo, Domain, Addr}, - ok; - - Error -> - error_msg("processing of received message failed: " - "~n ~p", [Error]), - ok - end. - - -maybe_handle_recv_pdu( - Domain, Addr, Vsn, #pdu{type = Type} = Pdu, PduMS, ACM, Logger, - #state{filter = FilterMod, domain = ManagerDomain} = State) -> - {Arg1, Arg2} = fix_filter_address(ManagerDomain, {Domain, Addr}), - case (catch FilterMod:accept_recv_pdu(Arg1, Arg2, Type)) of - false -> - inc(netIfPduInDrops), - ok; - _ -> - handle_recv_pdu( - Domain, Addr, Vsn, Pdu, PduMS, ACM, Logger, State) - end; -maybe_handle_recv_pdu( - Domain, Addr, Vsn, Trap, PduMS, ACM, Logger, - #state{filter = FilterMod, domain = ManagerDomain} = State) - when is_record(Trap, trappdu) -> - {Arg1, Arg2} = fix_filter_address(ManagerDomain, {Domain, Addr}), - case (catch FilterMod:accept_recv_pdu(Arg1, Arg2, trappdu)) of - false -> - inc(netIfPduInDrops), - ok; - _ -> - handle_recv_pdu( - Domain, Addr, Vsn, Trap, PduMS, ACM, Logger, State) - end; -maybe_handle_recv_pdu( - Domain, Addr, Vsn, Pdu, PduMS, ACM, Logger, State) -> - handle_recv_pdu(Domain, Addr, Vsn, Pdu, PduMS, ACM, Logger, State). - - -handle_recv_pdu( - Domain, Addr, Vsn, - #pdu{type = 'inform-request'} = Pdu, _PduMS, ACM, Logger, - #state{server = Pid, irb = IRB} = State) -> - handle_inform_request( - IRB, Pid, Vsn, Pdu, ACM, Domain, Addr, Logger, State); -handle_recv_pdu( - Domain, Addr, _Vsn, - #pdu{type = report} = Pdu, _PduMS, ok, _Logger, - #state{server = Pid} = _State) -> - ?vtrace("received report - ok", []), - Pid ! {snmp_report, {ok, Pdu}, Domain, Addr}, - ok; -handle_recv_pdu( - Domain, Addr, _Vsn, - #pdu{type = report} = Pdu, _PduMS, {error, ReqId, Reason}, _Logger, - #state{server = Pid} = _State) -> - ?vtrace("received report - error", []), - Pid ! {snmp_report, {error, ReqId, Reason, Pdu}, Domain, Addr}, - ok; -handle_recv_pdu( - Domain, Addr, _Vsn, - #pdu{type = 'snmpv2-trap'} = Pdu, _PduMS, _ACM, _Logger, - #state{server = Pid} = _State) -> - ?vtrace("received snmpv2-trap", []), - Pid ! {snmp_trap, Pdu, Domain, Addr}, - ok; -handle_recv_pdu( - Domain, Addr, _Vsn, Trap, _PduMS, _ACM, _Logger, - #state{server = Pid} = _State) when is_record(Trap, trappdu) -> - ?vtrace("received trappdu", []), - Pid ! {snmp_trap, Trap, Domain, Addr}, - ok; -handle_recv_pdu( - Domain, Addr, _Vsn, Pdu, _PduMS, _ACM, _Logger, - #state{server = Pid} = _State) when is_record(Pdu, pdu) -> - ?vtrace("received pdu", []), - Pid ! {snmp_pdu, Pdu, Domain, Addr}, - ok; -handle_recv_pdu( - _Domain, _Addr, _Vsn, Pdu, _PduMS, ACM, _Logger, _State) -> - ?vlog("received unexpected pdu: " - "~n Pdu: ~p" - "~n ACM: ~p", [Pdu, ACM]), - ok. - - -handle_inform_request( - auto, Pid, Vsn, Pdu, ACM, Domain, Addr, Logger, State) -> - ?vtrace("received inform-request (true)", []), - Pid ! {snmp_inform, ignore, Pdu, Domain, Addr}, - RePdu = make_response_pdu(Pdu), - maybe_send_inform_response(RePdu, Vsn, ACM, Domain, Addr, Logger, State); -handle_inform_request( - {user, To}, Pid, Vsn, #pdu{request_id = ReqId} = Pdu, - ACM, Domain, Addr, _Logger, _State) -> - ?vtrace("received inform-request (false)", []), - - Pid ! {snmp_inform, ReqId, Pdu, Domain, Addr}, - - %% Before we go any further, we need to check that we have not - %% already received this message (possible resend). - - Key = {ReqId, Domain, Addr}, - case ets:lookup(snmpm_inform_request_table, Key) of - [_] -> - %% OK, we already know about this. We assume this - %% is a resend. Either the agent is really eager or - %% the user has not answered yet. Bad user! - ok; - [] -> - RePdu = make_response_pdu(Pdu), - Expire = t() + To, - Rec = {Key, Expire, {Vsn, ACM, RePdu}}, - ets:insert(snmpm_inform_request_table, Rec) - end, - ok. - -handle_inform_response(Ref, Domain, Addr, State) -> - Verbosity = get(verbosity), - spawn_opt( - fun() -> - Log = worker_init(State, Verbosity), - Res = (catch do_handle_inform_response( - Ref, Domain, Addr, State#state{log = Log})), - worker_exit(inform_response, {Domain, Addr}, Res) - end, - [monitor]). - - - -do_handle_inform_response(Ref, Domain, Addr, State) -> - Key = {Ref, Domain, Addr}, - case ets:lookup(snmpm_inform_request_table, Key) of - [{Key, _, {Vsn, ACM, RePdu}}] -> - Logger = logger(State#state.log, read, Domain, Addr), - ets:delete(snmpm_inform_request_table, Key), - maybe_send_inform_response( - RePdu, Vsn, ACM, Domain, Addr, Logger, State); - [] -> - %% Already acknowledged, or the user was to slow to reply... - ok - end, - ok. - -maybe_send_inform_response( - RePdu, Vsn, ACM, Domain, Addr, Logger, - #state{server = Pid, - sock = Sock, - domain = ManagerDomain, - filter = FilterMod}) -> - {Arg1, Arg2} = fix_filter_address(ManagerDomain, {Domain, Addr}), - case (catch FilterMod:accept_send_pdu( - Arg1, Arg2, pdu_type_of(RePdu))) - of - false -> - inc(netIfPduOutDrops), - ok; - _ -> - case snmpm_mpd:generate_response_msg(Vsn, RePdu, ACM, Logger) of - {ok, Msg} -> - maybe_udp_send( - Domain, Addr, Msg, Sock, FilterMod, ManagerDomain); - {discarded, Reason} -> - ?vlog("failed generating response message:" - "~n Reason: ~p", [Reason]), - ReqId = RePdu#pdu.request_id, - ErrorInfo = {failed_generating_response, {RePdu, Reason}}, - Pid ! {snmp_error, ReqId, ErrorInfo, Domain, Addr}, - ok - end - end. - -handle_inform_response_gc(#state{irb = IRB} = State) -> - ets:safe_fixtable(snmpm_inform_request_table, true), - do_irgc(ets:first(snmpm_inform_request_table), t()), - ets:safe_fixtable(snmpm_inform_request_table, false), - State#state{irgc = irgc_start(IRB)}. - -%% We are deleting at the same time as we are traversing the table!!! -do_irgc('$end_of_table', _) -> - ok; -do_irgc(Key, Now) -> - Next = ets:next(snmpm_inform_request_table, Key), - case ets:lookup(snmpm_inform_request_table, Key) of - [{Key, BestBefore, _}] when BestBefore < Now -> - ets:delete(snmpm_inform_request_table, Key); - _ -> - ok - end, - do_irgc(Next, Now). - -irgc_start(auto) -> - undefined; -irgc_start(_) -> - erlang:send_after(?IRGC_TIMEOUT, self(), inform_response_gc). - -irgc_stop(undefined) -> - ok; -irgc_stop(Ref) -> - (catch erlang:cancel_timer(Ref)). - - -handle_send_pdu(Pdu, Vsn, MsgData, Domain, Addr, State) -> - Verbosity = get(verbosity), - spawn_opt( - fun() -> - Log = worker_init(State, Verbosity), - Res = (catch maybe_handle_send_pdu( - Pdu, Vsn, MsgData, - Domain, Addr, - State#state{log = Log})), - worker_exit(send_pdu, {Domain, Addr}, Res) - end, - [monitor]). - -maybe_handle_send_pdu( - Pdu, Vsn, MsgData, Domain, Addr, - #state{filter = FilterMod, domain = ManagerDomain} = State) -> - {Arg1, Arg2} = fix_filter_address(ManagerDomain, {Domain, Addr}), - case (catch FilterMod:accept_send_pdu(Arg1, Arg2, pdu_type_of(Pdu))) of - false -> - inc(netIfPduOutDrops), - ok; - _ -> - do_handle_send_pdu(Pdu, Vsn, MsgData, Domain, Addr, State) - end. - -do_handle_send_pdu( - Pdu, Vsn, MsgData, Domain, Addr, - #state{server = Pid, - note_store = NoteStore, - log = Log} = State) -> - Logger = logger(Log, write, Domain, Addr), - case (catch snmpm_mpd:generate_msg( - Vsn, NoteStore, Pdu, MsgData, Logger)) of - {ok, Msg} -> - ?vtrace("do_handle_send_pdu -> message generated", []), - maybe_udp_send(Domain, Addr, Msg, State); - {discarded, Reason} -> - ?vlog("PDU not sent: " - "~n PDU: ~p" - "~n Reason: ~p", [Pdu, Reason]), - Pid ! {snmp_error, Pdu, Reason}, - ok - end. - -maybe_udp_send( - Domain, Addr, Msg, - #state{sock = Sock, filter = FilterMod, domain = ManagerDomain}) -> - maybe_udp_send(Domain, Addr, Msg, Sock, FilterMod, ManagerDomain). - -maybe_udp_send(Domain, Addr, Msg, Sock, FilterMod, ManagerDomain) -> - {Arg1, Arg2} = fix_filter_address(ManagerDomain, {Domain, Addr}), - case (catch FilterMod:accept_send(Arg1, Arg2)) of - false -> - inc(netIfMsgOutDrops), - ok; - _ -> - %% XXX There should be some kind of lookup of socket - %% from transport domain here - {Ip, Port} = Addr, - udp_send(Sock, Ip, Port, Msg) - end. - - -udp_send(Sock, Ip, Port, Msg) -> - case (catch gen_udp:send(Sock, Ip, Port, Msg)) of - ok -> - ?vdebug("sent ~w bytes to ~w:~w [~w]", - [sz(Msg), Ip, Port, Sock]), - ok; - {error, Reason} -> - error_msg("failed sending message to ~p:~p: " - "~n ~p", [Ip, Port, Reason]), - ok; - Error -> - error_msg("failed sending message to ~p:~p: " - "~n ~p", [Ip, Port, Error]), - ok - end. - -sz(B) when is_binary(B) -> - size(B); -sz(L) when is_list(L) -> - length(L); -sz(_) -> - undefined. - - -handle_disk_log(_Log, {wrap, NoLostItems}, State) -> - ?vlog("Audit Trail Log - wrapped: ~w previously logged items where lost", - [NoLostItems]), - State; -handle_disk_log(_Log, {truncated, NoLostItems}, State) -> - ?vlog("Audit Trail Log - truncated: ~w items where lost when truncating", - [NoLostItems]), - State; -handle_disk_log(_Log, full, State) -> - error_msg("Failed to write to Audit Trail Log (full)", []), - State; -handle_disk_log(_Log, {error_status, ok}, State) -> - State; -handle_disk_log(_Log, {error_status, {error, Reason}}, State) -> - error_msg("Error status received from Audit Trail Log: " - "~n~p", [Reason]), - State; -handle_disk_log(_Log, _Info, State) -> - State. - - -%% mk_discovery_msg('version-3', Pdu, _VsnHdr, UserName) -> -%% ScopedPDU = #scopedPdu{contextEngineID = "", -%% contextName = "", -%% data = Pdu}, -%% Bytes = snmp_pdus:enc_scoped_pdu(ScopedPDU), -%% MsgID = get(msg_id), -%% put(msg_id,MsgID+1), -%% UsmSecParams = -%% #usmSecurityParameters{msgAuthoritativeEngineID = "", -%% msgAuthoritativeEngineBoots = 0, -%% msgAuthoritativeEngineTime = 0, -%% msgUserName = UserName, -%% msgPrivacyParameters = "", -%% msgAuthenticationParameters = ""}, -%% SecBytes = snmp_pdus:enc_usm_security_parameters(UsmSecParams), -%% PduType = Pdu#pdu.type, -%% Hdr = #v3_hdr{msgID = MsgID, -%% msgMaxSize = 1000, -%% msgFlags = snmp_misc:mk_msg_flags(PduType, 0), -%% msgSecurityModel = ?SEC_USM, -%% msgSecurityParameters = SecBytes}, -%% Msg = #message{version = 'version-3', vsn_hdr = Hdr, data = Bytes}, -%% case (catch snmp_pdus:enc_message_only(Msg)) of -%% {'EXIT', Reason} -> -%% error("Encoding error. Pdu: ~w. Reason: ~w",[Pdu, Reason]), -%% error; -%% L when list(L) -> -%% {Msg, L} -%% end; -%% mk_discovery_msg(Version, Pdu, {Com, _, _, _, _}, UserName) -> -%% Msg = #message{version = Version, vsn_hdr = Com, data = Pdu}, -%% case catch snmp_pdus:enc_message(Msg) of -%% {'EXIT', Reason} -> -%% error("Encoding error. Pdu: ~w. Reason: ~w",[Pdu, Reason]), -%% error; -%% L when list(L) -> -%% {Msg, L} -%% end. - - -%% mk_msg('version-3', Pdu, {Context, User, EngineID, CtxEngineId, SecLevel}, -%% MsgData) -> -%% %% Code copied from snmp_mpd.erl -%% {MsgId, SecName, SecData} = -%% if -%% tuple(MsgData), Pdu#pdu.type == 'get-response' -> -%% MsgData; -%% true -> -%% Md = get(msg_id), -%% put(msg_id, Md + 1), -%% {Md, User, []} -%% end, -%% ScopedPDU = #scopedPdu{contextEngineID = CtxEngineId, -%% contextName = Context, -%% data = Pdu}, -%% ScopedPDUBytes = snmp_pdus:enc_scoped_pdu(ScopedPDU), - -%% PduType = Pdu#pdu.type, -%% V3Hdr = #v3_hdr{msgID = MsgId, -%% msgMaxSize = 1000, -%% msgFlags = snmp_misc:mk_msg_flags(PduType, SecLevel), -%% msgSecurityModel = ?SEC_USM}, -%% Message = #message{version = 'version-3', vsn_hdr = V3Hdr, -%% data = ScopedPDUBytes}, -%% SecEngineID = case PduType of -%% 'get-response' -> snmp_framework_mib:get_engine_id(); -%% _ -> EngineID -%% end, -%% case catch snmp_usm:generate_outgoing_msg(Message, SecEngineID, -%% SecName, SecData, SecLevel) of -%% {'EXIT', Reason} -> -%% error("Encoding error. Pdu: ~w. Reason: ~w",[Pdu, Reason]), -%% error; -%% {error, Reason} -> -%% error("Encoding error. Pdu: ~w. Reason: ~w",[Pdu, Reason]), -%% error; -%% Packet -> -%% Packet -%% end; -%% mk_msg(Version, Pdu, {Com, _User, _EngineID, _Ctx, _SecLevel}, _SecData) -> -%% Msg = #message{version = Version, vsn_hdr = Com, data = Pdu}, -%% case catch snmp_pdus:enc_message(Msg) of -%% {'EXIT', Reason} -> -%% error("Encoding error. Pdu: ~w. Reason: ~w",[Pdu, Reason]), -%% error; -%% B when list(B) -> -%% B -%% end. - - -%% handle_system_info_updated(#state{log = {Log, _OldType}} = State, -%% audit_trail_log_type = _What) -> -%% %% Just to make sure, check that ATL is actually enabled -%% case snmpm_config:system_info(audit_trail_log) of -%% {ok, true} -> -%% {ok, Type} = snmpm_config:system_info(audit_trail_log_type), -%% NewState = State#state{log = {Log, Type}}, -%% {NewState, ok}; -%% _ -> -%% {State, {error, {adt_not_enabled}}} -%% end; -%% handle_system_info_updated(_State, _What) -> -%% ok. - -handle_get_log_type(#state{log = {_Log, Value}} = State) -> - %% Just to make sure, check that ATL is actually enabled - case snmpm_config:system_info(audit_trail_log) of - {ok, true} -> - Type = - case {lists:member(read, Value), lists:member(write, Value)} of - {true, true} -> - read_write; - {true, false} -> - read; - {false, true} -> - write; - {false, false} -> - throw({State, {error, {bad_atl_type, Value}}}) - end, - {ok, Type}; - _ -> - {error, not_enabled} - end; -handle_get_log_type(_State) -> - {error, not_enabled}. - -handle_set_log_type(#state{log = {Log, OldValue}} = State, NewType) -> - %% Just to make sure, check that ATL is actually enabled - case snmpm_config:system_info(audit_trail_log) of - {ok, true} -> - NewValue = - case NewType of - read -> - [read]; - write -> - [write]; - read_write -> - [read,write]; - _ -> - throw({State, {error, {bad_atl_type, NewType}}}) - end, - NewState = State#state{log = {Log, NewValue}}, - OldType = - case {lists:member(read, OldValue), - lists:member(write, OldValue)} of - {true, true} -> - read_write; - {true, false} -> - read; - {false, true} -> - write; - {false, false} -> - throw({State, {error, {bad_atl_type, OldValue}}}) - end, - {NewState, {ok, OldType}}; - _ -> - {State, {error, not_enabled}} - end; -handle_set_log_type(State, _NewType) -> - {State, {error, not_enabled}}. - - -%% ------------------------------------------------------------------- - -worker_init(#state{log = undefined = Log}, Verbosity) -> - worker_init2(Log, Verbosity); -worker_init(#state{log = {Name, Log, Type}}, Verbosity) -> - case snmp_log:open(Name, Log) of - {ok, NewLog} -> - worker_init2({Name, NewLog, Type}, Verbosity); - {error, Reason} -> - warning_msg("NetIf worker ~p failed opening ATL: " - "~n ~p", [self(), Reason]), - NewLog = undefined, - worker_init2({Name, NewLog, Type}, Verbosity) - end; -worker_init(State, Verbosity) -> - ?vinfo("worker_init -> entry with invalid data: " - "~n State: ~p" - "~n Verbosity: ~p", [State, Verbosity]), - exit({worker_init, State, Verbosity}). - -worker_init2(Log, Verbosity) -> - put(sname, mnifw), - put(verbosity, Verbosity), - Log. - - -worker_exit(Tag, Info, Result) -> - exit({net_if_worker, {Tag, Info, Result}}). - -handle_worker_exit(_, {_, _, ok}) -> - ok; -handle_worker_exit(Pid, {udp, {Domain, Addr}, ExitStatus}) -> - warning_msg( - "Worker process (~p) terminated " - "while processing (incomming) message from %s:~n" - "~p", [Pid, snmp_conf:mk_addr_string({Domain, Addr}), ExitStatus]), - ok; -handle_worker_exit(Pid, {send_pdu, {Domain, Addr}, ExitStatus}) -> - warning_msg( - "Worker process (~p) terminated " - "while processing (outgoing) pdu for %s:~n" - "~p", [Pid, snmp_conf:mk_addr_string({Domain, Addr}), ExitStatus]), - ok; -handle_worker_exit(Pid, {inform_response, {Domain, Addr}, ExitStatus}) -> - warning_msg( - "Worker process (~p) terminated " - "while processing (outgoing) inform response for %s:~n" - "~p", [Pid, snmp_conf:mk_addr_string({Domain, Addr}), ExitStatus]), - ok; -handle_worker_exit(_, _) -> - ok. - - -%% If the manager uses legacy snmpUDPDomain e.g has not set -%% {domain, _}, then make sure snmpm_network_interface_filter -%% gets legacy arguments to not break backwards compatibility. -%% -fix_filter_address(snmpUDPDomain, {Domain, Addr}) - when Domain =:= snmpUDPDomain; - Domain =:= transportDomainUdpIpv4 -> - Addr; -fix_filter_address(_ManagerDomain, {Domain, _} = Address) - when is_atom(Domain) -> - Address; -fix_filter_address(snmpUDPDomain, {_, Port} = Addr) - when is_integer(Port) -> - Addr. - -address(Domain, Addr) when is_atom(Domain) -> - {Domain, Addr}; -address(Ip, Port) when is_integer(Port) -> - {snmpm_config:default_transport_domain(), {Ip, Port}}. - -%% ------------------------------------------------------------------- - -make_response_pdu(#pdu{request_id = ReqId, varbinds = Vbs}) -> - #pdu{type = 'get-response', - request_id = ReqId, - error_status = noError, - error_index = 0, - varbinds = Vbs}. - - -%% ---------------------------------------------------------------- - -pdu_type_of(#pdu{type = Type}) -> - Type; -pdu_type_of(TrapPdu) when is_record(TrapPdu, trappdu) -> - trap. - - -%% ------------------------------------------------------------------- - -%% At this point this function is used during testing -maybe_process_extra_info(?DEFAULT_EXTRA_INFO) -> - ok; -maybe_process_extra_info({?SNMPM_EXTRA_INFO_TAG, Fun}) - when is_function(Fun, 0) -> - (catch Fun()), - ok; -maybe_process_extra_info(_ExtraInfo) -> - ok. - - -%% ------------------------------------------------------------------- - -t() -> - {A,B,C} = erlang:now(), - A*1000000000+B*1000+(C div 1000). - - -%% ------------------------------------------------------------------- - -logger(undefined, _Type, _Domain, _Addr) -> - fun(_) -> - ok - end; -logger({_Name, Log, Types}, Type, Domain, Addr) -> - case lists:member(Type, Types) of - true -> - AddrString = - iolist_to_binary(snmp_conf:mk_addr_string({Domain, Addr})), - fun(Msg) -> - snmp_log:log(Log, Msg, Domain, AddrString) - end; - false -> - fun(_) -> - ok - end - end. - - -%% ------------------------------------------------------------------- - -%% info_msg(F, A) -> -%% ?snmpm_info("NET-IF server: " ++ F, A). - -warning_msg(F, A) -> - ?snmpm_warning("NET-IF server: " ++ F, A). - -error_msg(F, A) -> - ?snmpm_error("NET-IF server: " ++ F, A). - - - -%%%------------------------------------------------------------------- - -% get_opt(Key, Opts) -> -% ?vtrace("get option ~w", [Key]), -% snmp_misc:get_option(Key, Opts). - -get_opt(Opts, Key, Def) -> - ?vtrace("get option ~w with default ~p", [Key, Def]), - snmp_misc:get_option(Key, Opts, Def). - - -%% ------------------------------------------------------------------- - -get_info(#state{sock = Id}) -> - ProcSize = proc_mem(self()), - PortInfo = get_port_info(Id), - [{process_memory, ProcSize}, {port_info, PortInfo}]. - -proc_mem(P) when is_pid(P) -> - case (catch erlang:process_info(P, memory)) of - {memory, Sz} when is_integer(Sz) -> - Sz; - _ -> - undefined - end. -%% proc_mem(_) -> -%% undefined. - - -get_port_info(Id) -> - PortInfo = - case (catch erlang:port_info(Id)) of - PI when is_list(PI) -> - [{port_info, PI}]; - _ -> - [] - end, - PortStatus = - case (catch prim_inet:getstatus(Id)) of - {ok, PS} -> - [{port_status, PS}]; - _ -> - [] - end, - PortAct = - case (catch inet:getopts(Id, [active])) of - {ok, PA} -> - [{port_act, PA}]; - _ -> - [] - end, - PortStats = - case (catch inet:getstat(Id)) of - {ok, Stat} -> - [{port_stats, Stat}]; - _ -> - [] - end, - IfList = - case (catch inet:getif(Id)) of - {ok, IFs} -> - [{interfaces, IFs}]; - _ -> - [] - end, - BufSz = - case (catch inet:getopts(Id, [recbuf, sndbuf, buffer])) of - {ok, Sz} -> - [{buffer_size, Sz}]; - _ -> - [] - end, - [{socket, Id}] ++ - IfList ++ - PortStats ++ - PortInfo ++ - PortStatus ++ - PortAct ++ - BufSz. - - -%%----------------------------------------------------------------- -%% Counter functions -%%----------------------------------------------------------------- -init_counters() -> - F = fun(Counter) -> maybe_create_counter(Counter) end, - lists:map(F, counters()). - -reset_counters() -> - F = fun(Counter) -> snmpm_config:reset_stats_counter(Counter) end, - lists:map(F, counters()). - -maybe_create_counter(Counter) -> - snmpm_config:maybe_cre_stats_counter(Counter, 0). - -counters() -> - [ - netIfMsgOutDrops, - netIfMsgInDrops, - netIfPduOutDrops, - netIfPduInDrops - ]. - -inc(Name) -> inc(Name, 1). -inc(Name, N) -> snmpm_config:incr_stats_counter(Name, N). - -%% get_counters() -> -%% Counters = counters(), -%% get_counters(Counters, []). - -%% get_counters([], Acc) -> -%% lists:reverse(Acc); -%% get_counters([Counter|Counters], Acc) -> -%% case snmpm_config:get_stats_counter(Counter) of -%% {ok, CounterVal} -> -%% get_counters(Counters, [{Counter, CounterVal}|Acc]); -%% _ -> -%% get_counters(Counters, Acc) -%% end. - - -%% ---------------------------------------------------------------- - -call(Pid, Req) -> - call(Pid, Req, infinity). - -call(Pid, Req, Timeout) -> - gen_server:call(Pid, Req, Timeout). - -cast(Pid, Msg) -> - gen_server:cast(Pid, Msg). +-define(snmpm_net_if_mt, true). +-module(snmpm_net_if_mt). +-include("snmpm_net_if.erl"). diff --git a/lib/snmp/src/manager/snmpm_server.erl b/lib/snmp/src/manager/snmpm_server.erl index ece5dad082..a75122d0bb 100644 --- a/lib/snmp/src/manager/snmpm_server.erl +++ b/lib/snmp/src/manager/snmpm_server.erl @@ -2079,7 +2079,16 @@ do_handle_agent(DefUserId, DefMod, SnmpInfo, DefData, State) -> ?vdebug("do_handle_agent -> entry when" "~n DefUserId: ~p", [DefUserId]), - try DefMod:handle_agent(Domain, Addr, Type, SnmpInfo, DefData) of + {Domain_or_Ip, Addr_or_Port} = + case Domain of + snmpUDPDomain -> + Addr; + _ -> + {Domain, Addr} + end, + try DefMod:handle_agent( + Domain_or_Ip, Addr_or_Port, Type, SnmpInfo, DefData) + of {register, UserId2, TargetName, Config} -> ?vtrace("do_handle_agent -> register: " "~n UserId2: ~p" diff --git a/lib/snmp/src/misc/snmp_conf.erl b/lib/snmp/src/misc/snmp_conf.erl index f4483995cb..153c8070c2 100644 --- a/lib/snmp/src/misc/snmp_conf.erl +++ b/lib/snmp/src/misc/snmp_conf.erl @@ -749,8 +749,6 @@ which_domain({A0, A1, A2, A3, A4, A5, A6, A7}) %% --------- -mk_addr_string({_IP, Port} = Addr) when is_integer(Port) -> - mk_addr_string({snmpUDPDomain, Addr}); mk_addr_string({Domain, Addr}) when is_atom(Domain) -> %% XXX There is only code for IP domains here case check_address_ip(Domain, Addr) of @@ -768,7 +766,11 @@ mk_addr_string({Domain, Addr}) when is_atom(Domain) -> mk_addr_string_ntoa(Domain, Addr); IP -> mk_addr_string_ntoa(Domain, IP) - end. + end; +mk_addr_string({_IP, Port} = Addr) when is_integer(Port) -> + mk_addr_string({snmpUDPDomain, Addr}); +mk_addr_string(Strange) -> + lists:flatten(io_lib:format("~w", [Strange])). mk_addr_string_ntoa({_, _, _, _} = IP) -> diff --git a/lib/snmp/src/misc/snmp_config.erl b/lib/snmp/src/misc/snmp_config.erl index 9e9865f3b5..17dfcd70b4 100644 --- a/lib/snmp/src/misc/snmp_config.erl +++ b/lib/snmp/src/misc/snmp_config.erl @@ -47,8 +47,8 @@ write_agent_snmp_vacm_conf/3, write_manager_snmp_files/8, - write_manager_snmp_conf/5, - write_manager_snmp_users_conf/2, + write_manager_snmp_conf/4, write_manager_snmp_conf/5, + write_manager_snmp_users_conf/2, write_manager_snmp_agents_conf/2, write_manager_snmp_usm_conf/2 @@ -1676,7 +1676,9 @@ write_agent_snmp_conf(Dir, AgentIP, AgentUDP, EngineID, MMS) {intAgentIpAddress, AgentIP}, {snmpEngineID, EngineID}, {snmpEngineMaxMessageSize, MMS}], - do_write_agent_snmp_conf(Dir, Conf). + do_write_agent_snmp_conf(Dir, Conf); +write_agent_snmp_conf(_Dir, Domain, AgentAddr, _EngineID, _MMS) -> + error({bad_address, {Domain, AgentAddr}}). do_write_agent_snmp_conf(Dir, Conf) -> Comment = @@ -2116,7 +2118,24 @@ write_manager_snmp_files(Dir, IP, Port, MMS, EngineID, %% ------ manager.conf ------ %% -write_manager_snmp_conf(Dir, IP, Port, MMS, EngineID) -> +write_manager_snmp_conf(Dir, Transports, MMS, EngineID) -> + Comment = +"%% This file defines the Manager local configuration info\n" +"%% Each row is a 2-tuple:\n" +"%% {Variable, Value}.\n" +"%% For example\n" +"%% {transports, [{transportDomainUdpIpv4, {{127,42,17,5}, 5000}}]}.\n" +"%% {engine_id, \"managerEngine\"}.\n" +"%% {max_message_size, 484}.\n" +"%%\n\n", + Hdr = header() ++ Comment, + Conf = + [{transports, Transports}, + {engine_id, EngineID}, + {max_message_size, MMS}], + write_manager_config(Dir, Hdr, Conf). + +write_manager_snmp_conf(Dir, Domain_or_IP, Addr_or_Port, MMS, EngineID) -> Comment = "%% This file defines the Manager local configuration info\n" "%% Each row is a 2-tuple:\n" @@ -2129,15 +2148,16 @@ write_manager_snmp_conf(Dir, IP, Port, MMS, EngineID) -> "%%\n\n", Hdr = header() ++ Comment, Conf = - case Port of - {Addr, P} when is_integer(P), is_atom(IP) -> - Domain = IP, - [{domain, Domain}, - {port, P}, - {address, Addr}]; - _ when is_integer(Port) -> - [{port, Port}, - {address, IP}] + case Addr_or_Port of + {IP, Port} when is_integer(Port), is_atom(Domain_or_IP) -> + [{domain, Domain_or_IP}, + {port, Port}, + {address, IP}]; + _ when is_integer(Addr_or_Port) -> + [{port, Addr_or_Port}, + {address, Domain_or_IP}]; + _ -> + error({bad_address, {Domain_or_IP, Addr_or_Port}}) end ++ [{engine_id, EngineID}, {max_message_size, MMS}], diff --git a/lib/snmp/test/snmp_agent_test.erl b/lib/snmp/test/snmp_agent_test.erl index 9a9258aa91..b4770ad0a9 100644 --- a/lib/snmp/test/snmp_agent_test.erl +++ b/lib/snmp/test/snmp_agent_test.erl @@ -532,6 +532,7 @@ groups() -> {v3_inform, [], v3_inform_cases()}, {v3_security, [], v3_security_cases()}, {standard_mibs, [], standard_mibs_cases()}, + {standard_mibs_ipv6, [], standard_mibs_cases_ipv6()}, {standard_mibs_2, [], standard_mibs2_cases()}, {standard_mibs_3, [], standard_mibs3_cases()}, {reported_bugs, [], reported_bugs_cases()}, @@ -651,11 +652,18 @@ init_per_group(GroupName, Config) -> init_per_group_ipv6(GroupName, Config, Init) -> case ct:require(ipv6_hosts) of ok -> - Init( - snmp_test_lib:init_group_top_dir( - GroupName, - [{ipfamily, inet6}, - {ip, ?LOCALHOST(inet6)} | lists:keydelete(ip, 1, Config)])); + case gen_udp:open(0, [inet6]) of + {ok, S} -> + ok = gen_udp:close(S), + Init( + snmp_test_lib:init_group_top_dir( + GroupName, + [{ipfamily, inet6}, + {ip, ?LOCALHOST(inet6)} + | lists:keydelete(ip, 1, Config)])); + {error, _} -> + {skip, "Host seems to not support IPv6"} + end; _ -> {skip, "Host does not support IPV6"} end. @@ -1714,7 +1722,7 @@ v1_cases_ipv6() -> next_across_sa, undo, %% {group, reported_bugs}, - {group, standard_mibs}, % snmp_standard_mib still failing, sends v1 trap + {group, standard_mibs_ipv6}, sparse_table, %% cnt_64, % sends v1 trap opaque @@ -4836,6 +4844,15 @@ standard_mibs_cases() -> snmp_view_based_acm_mib ]. +standard_mibs_cases_ipv6() -> + [ + %% snmp_standard_mib, % Sending v1 traps does not work over IPv6 + snmp_community_mib, + snmp_framework_mib, + snmp_target_mib, + snmp_notification_mib, + snmp_view_based_acm_mib + ]. %%----------------------------------------------------------------- %% For this test, the agent is configured for v1. diff --git a/lib/snmp/test/snmp_manager_config_test.erl b/lib/snmp/test/snmp_manager_config_test.erl index 2f5c68d14d..f37e957dae 100644 --- a/lib/snmp/test/snmp_manager_config_test.erl +++ b/lib/snmp/test/snmp_manager_config_test.erl @@ -1048,7 +1048,7 @@ start_with_invalid_agents_conf_file1(Conf) when is_list(Conf) -> case config_start(Opts) of {error, Reason51} -> p("start failed (as expected): ~p", [Reason51]), - ?line {failed_check, _, _, _, {bad_address, _}} = Reason51, + ?line {failed_check, _, _, _, {bad_domain, _}} = Reason51, await_config_not_running(); OK_51 -> exit({error, {unexpected_success, "51", OK_51}}) diff --git a/lib/snmp/test/snmp_manager_test.erl b/lib/snmp/test/snmp_manager_test.erl index 78352e59cf..fa90872172 100644 --- a/lib/snmp/test/snmp_manager_test.erl +++ b/lib/snmp/test/snmp_manager_test.erl @@ -584,17 +584,30 @@ init_per_group(event_tests_mt = GroupName, Config) -> init_per_group(ipv6_mt = GroupName, Config) -> case ct:require(ipv6_hosts) of ok -> - ipv6_init( - snmp_test_lib:init_group_top_dir( - GroupName, - [{manager_net_if_module, snmpm_net_if_mt} | Config])); + case gen_udp:open(0, [inet6]) of + {ok, S} -> + ok = gen_udp:close(S), + ipv6_init( + snmp_test_lib:init_group_top_dir( + GroupName, + [{manager_net_if_module, snmpm_net_if_mt} + | Config])); + {error, _} -> + {skip, "Host seems to not support IPv6"} + end; _ -> {skip, "Host does not support IPV6"} end; init_per_group(ipv6 = GroupName, Config) -> case ct:require(ipv6_hosts) of ok -> - ipv6_init(snmp_test_lib:init_group_top_dir(GroupName, Config)); + case gen_udp:open(0, [inet6]) of + {ok, S} -> + ok = gen_udp:close(S), + ipv6_init(snmp_test_lib:init_group_top_dir(GroupName, Config)); + {error, _} -> + {skip, "Host seems to not support IPv6"} + end; _ -> {skip, "Host does not support IPV6"} end; diff --git a/lib/snmp/test/snmp_manager_user.erl b/lib/snmp/test/snmp_manager_user.erl index ddbe156130..46c2b316be 100644 --- a/lib/snmp/test/snmp_manager_user.erl +++ b/lib/snmp/test/snmp_manager_user.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2005-2013. All Rights Reserved. +%% Copyright Ericsson AB 2005-2014. All Rights Reserved. %% %% The contents of this file are subject to the Erlang Public License, %% Version 1.1, (the "License"); you may not use this file except in @@ -109,7 +109,18 @@ start_link(Parent, Id) -> proc_lib:start_link(?MODULE, main, [true, Parent, self(), Id]). stop() -> - cast(stop). + MRef = erlang:monitor(process, ?SERVER), + cast(stop), + receive {'DOWN', MRef, _, _, Info} -> + case Info of + noproc -> + ok; + noconnection -> + ok; + normal -> + ok + end + end. info() -> call(info). diff --git a/lib/snmp/test/snmp_to_snmpnet_SUITE.erl b/lib/snmp/test/snmp_to_snmpnet_SUITE.erl index 6e9c57bce9..2f96493ac5 100644 --- a/lib/snmp/test/snmp_to_snmpnet_SUITE.erl +++ b/lib/snmp/test/snmp_to_snmpnet_SUITE.erl @@ -19,6 +19,7 @@ %% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %% This test suite uses the following external programs: %% snmpget From packet 'snmp' (in Ubuntu 12.04) +%% snmpd From packet 'snmpd' (in Ubuntu 12.04) %% snmptrapd From packet 'snmpd' (in Ubuntu 12.04) %% They originate from the Net-SNMP applications, see: %% http://net-snmp.sourceforge.net/ @@ -33,6 +34,7 @@ -include_lib("snmp/include/STANDARD-MIB.hrl"). -define(AGENT_ENGINE_ID, "ErlangSnmpAgent"). +-define(MANAGER_ENGINE_ID, "ErlangSnmpManager"). -define(AGENT_PORT, 4000). -define(MANAGER_PORT, 8989). -define(DEFAULT_MAX_MESSAGE_SIZE, 484). @@ -56,22 +58,32 @@ all() -> groups() -> [{ipv4, [], - [{group, get}, - {group, inform} + [{group, snmpget}, + {group, snmptrapd}, + {group, snmpd_mt}, + {group, snmpd} ]}, {ipv6, [], - [{group, get}, - {group, inform} + [{group, snmpget}, + {group, snmptrapd}, + {group, snmpd_mt}, + {group, snmpd} ]}, {ipv4_ipv6, [], - [{group, get}, - {group, inform} + [{group, snmpget}, + {group, snmptrapd}, + {group, snmpd_mt}, + {group, snmpd} ]}, %% - {get, [], + {snmpget, [], [erlang_agent_netsnmp_get]}, - {inform, [], - [erlang_agent_netsnmp_inform]} + {snmptrapd, [], + [erlang_agent_netsnmp_inform]}, + {snmpd_mt, [], + [erlang_manager_netsnmp_get]}, + {snmpd, [], + [erlang_manager_netsnmp_get]} ]. init_per_suite(Config) -> @@ -87,12 +99,22 @@ init_per_group(ipv6, Config) -> init_per_group(ipv4_ipv6, Config) -> init_per_group_ipv6([inet, inet6], Config); %% -init_per_group(get, Config) -> +init_per_group(snmpget = Exec, Config) -> %% From Ubuntu package snmp - find_executable(snmpget, Config); -init_per_group(inform, Config) -> + init_per_group_agent(Exec, Config); +init_per_group(snmptrapd = Exec, Config) -> %% From Ubuntu package snmpd - find_executable(snmptrapd, Config); + init_per_group_agent(Exec, Config); +init_per_group(snmpd_mt, Config) -> + %% From Ubuntu package snmp + init_per_group_manager( + snmpd, + [{manager_net_if_module, snmpm_net_if_mt} | Config]); +init_per_group(snmpd = Exec, Config) -> + %% From Ubuntu package snmp + init_per_group_manager( + Exec, + [{manager_net_if_module, snmpm_net_if} | Config]); %% init_per_group(_, Config) -> Config. @@ -100,16 +122,20 @@ init_per_group(_, Config) -> init_per_group_ipv6(Families, Config) -> case ct:require(ipv6_hosts) of ok -> - init_per_group_ip(Families, Config); + case gen_udp:open(0, [inet6]) of + {ok, S} -> + ok = gen_udp:close(S), + init_per_group_ip(Families, Config); + {error, _} -> + {skip, "Host seems to not support IPv6"} + end; _ -> - {skip, "Host does not support IPV6"} + {skip, "Test config ipv6_hosts is missing"} end. init_per_group_ip(Families, Config) -> - Dir = ?config(priv_dir, Config), AgentPort = ?config(agent_port, Config), ManagerPort = ?config(manager_port, Config), - Versions = [v2], {ok, Host} = inet:gethostname(), Transports = [begin @@ -121,10 +147,22 @@ init_per_group_ip(Families, Config) -> {ok, Addr} = inet:getaddr(Host, Family), {domain(Family), {Addr, ManagerPort}} end || Family <- Families], + [{transports, Transports}, {targets, Targets} | Config]. + +init_per_group_agent(Exec, Config) -> + Versions = [v2], + Dir = ?config(priv_dir, Config), + Transports = ?config(transports, Config), + Targets = ?config(targets, Config), agent_config(Dir, Transports, Targets, Versions), - [{port, ?AGENT_PORT}, {snmp_versions, Versions}, - {transports, Transports}, {targets, Targets} - | Config]. + find_executable(Exec, [{snmp_versions, Versions} | Config]). + +init_per_group_manager(Exec, Config) -> + Versions = [v2], + Dir = ?config(priv_dir, Config), + Targets = ?config(targets, Config), + manager_config(Dir, Targets), + find_executable(Exec, [{snmp_versions, Versions} | Config]). @@ -132,7 +170,7 @@ end_per_group(_GroupName, Config) -> Config. init_per_testcase(_Case, Config) -> - Dog = ct:timetrap(10000), + Dog = ct:timetrap(20000), application:stop(snmp), application:unload(snmp), [{watchdog, Dog} | Config]. @@ -179,7 +217,12 @@ find_sys_executable(Exec, ExecStr, [Dir | Dirs], Config) -> start_agent(Config) -> ok = application:load(snmp), - ok = application:set_env(snmp, agent, app_env(Config)), + ok = application:set_env(snmp, agent, agent_app_env(Config)), + ok = application:start(snmp). + +start_manager(Config) -> + ok = application:load(snmp), + ok = application:set_env(snmp, manager, manager_app_env(Config)), ok = application:start(snmp). %%-------------------------------------------------------------------- @@ -199,6 +242,39 @@ erlang_agent_netsnmp_get(Config) when is_list(Config) -> ok. %%-------------------------------------------------------------------- +erlang_manager_netsnmp_get() -> + [{doc,"Test that the erlang snmp manager can access snmpnet agent"}]. + +erlang_manager_netsnmp_get(Config) when is_list(Config) -> + Community = "happy-testing", + SysDescr = "Net-SNMP agent", + TargetName = "Target Net-SNMP agent", + Transports = ?config(transports, Config), + ProgHandle = start_snmpd(Community, SysDescr, Config), + start_manager(Config), + snmp_manager_user:start_link(self(), test_user), + [snmp_manager_user:register_agent( + TargetName++domain_suffix(Domain), + [{reg_type, target_name}, + {tdomain, Domain}, {taddress, Addr}, + {community, Community}, {engine_id, "EngineId"}, + {version, v2}, {sec_model, v2c}, {sec_level, noAuthNoPriv}]) + || {Domain, Addr} <- Transports], + Results = + [snmp_manager_user:sync_get( + TargetName++domain_suffix(Domain), + [?sysDescr_instance]) + || {Domain, _} <- Transports], + ct:pal("sync_get -> ~p", [Results]), + snmp_manager_user:stop(), + stop_program(ProgHandle), + [{ok, + {noError, 0, + [{varbind, ?sysDescr_instance, 'OCTET STRING', SysDescr,1}] }, + _} = R || R <- Results], + ok. + +%%-------------------------------------------------------------------- erlang_agent_netsnmp_inform(Config) when is_list(Config) -> DataDir = ?config(data_dir, Config), Mib = "TestTrapv2", @@ -267,7 +343,29 @@ start_snmptrapd(Mibs, Config) -> {ok, StartCheckMP} = re:compile("NET-SNMP version ", [anchored]), start_program(snmptrapd, SnmptrapdArgs, StartCheckMP, Config). +start_snmpd(Community, SysDescr, Config) -> + DataDir = ?config(data_dir, Config), + Targets = ?config(targets, Config), + Transports = ?config(transports, Config), + Port = mk_port_number(), + CommunityArgs = + ["--rocommunity"++domain_suffix(Domain)++"=" + ++Community++" "++inet_parse:ntoa(Ip) + || {Domain, {Ip, _}} <- Targets], + SnmpdArgs = + ["-f", "-r", %"-Dverbose", + "-c", filename:join(DataDir, "snmpd.conf"), + "-C", "-Lo", + "-m", "", + "--sysDescr="++SysDescr, + "--agentXSocket=tcp:localhost:"++integer_to_list(Port)] + ++ CommunityArgs + ++ [net_snmp_addr_str(Transports)], + {ok, StartCheckMP} = re:compile("NET-SNMP version ", [anchored]), + start_program(snmpd, SnmpdArgs, StartCheckMP, Config). + start_program(Prog, Args, StartCheckMP, Config) -> + ct:pal("Starting program: ~w ~p", [Prog, Args]), Path = ?config(Prog, Config), DataDir = ?config(data_dir, Config), StartWrapper = filename:join(DataDir, "start_stop_wrapper"), @@ -318,12 +416,13 @@ wait_program_stop({Pid, Mon}) -> end. run_program(Parent, StartWrapper, ProgAndArgs) -> + [Prog | _] = ProgAndArgs, Port = open_port( {spawn_executable, StartWrapper}, [{args, ProgAndArgs}, binary, stderr_to_stdout, {line, 80}, exit_status]), - ct:pal("Prog ~p started: ~p", [Port, ProgAndArgs]), + ct:pal("Prog ~p started: ~p", [Port, Prog]), run_program_loop(Parent, Port, []). run_program_loop(Parent, Port, Buf) -> @@ -352,7 +451,7 @@ run_program_loop(Parent, Port, Buf) -> end. -app_env(Config) -> +agent_app_env(Config) -> Dir = ?config(priv_dir, Config), Vsns = ?config(snmp_versions, Config), [{versions, Vsns}, @@ -372,6 +471,20 @@ app_env(Config) -> {note_store, [{verbosity, silence}]}, {net_if, [{verbosity, trace}]}]. +manager_app_env(Config) -> + Dir = ?config(priv_dir, Config), + Vsns = ?config(snmp_versions, Config), + NetIfModule = ?config(manager_net_if_module, Config), + [{versions, Vsns}, + {audit_trail_log, [{type, read_write}, + {dir, Dir}, + {size, {10240, 10}}]}, + {net_if, [{module, NetIfModule}]}, + {config, [{dir, Dir}, + {db_dir, Dir}, + {verbosity, trace}]} + ]. + oid_str([1 | Ints]) -> "iso." ++ oid_str_tl(Ints); oid_str(Ints) -> @@ -384,9 +497,6 @@ oid_str_tl([Int]) -> oid_str_tl([Int | Ints]) -> integer_to_list(Int) ++ "." ++ oid_str_tl(Ints). -agent_config(Dir, Transports, TargetDomain, TargetAddr, Versions) -> - agent_config(Dir, Transports, [{TargetDomain, TargetAddr}], Versions). -%% agent_config(Dir, Transports, Targets, Versions) -> EngineID = ?AGENT_ENGINE_ID, MMS = ?DEFAULT_MAX_MESSAGE_SIZE, @@ -403,6 +513,11 @@ agent_config(Dir, Transports, Targets, Versions) -> ok = snmp_config:write_agent_snmp_notify_conf(Dir, inform), ok = snmp_config:write_agent_snmp_vacm_conf(Dir, Versions, none). +manager_config(Dir, Targets) -> + EngineID = ?MANAGER_ENGINE_ID, + MMS = ?DEFAULT_MAX_MESSAGE_SIZE, + ok = snmp_config:write_manager_snmp_conf(Dir, Targets, MMS, EngineID). + net_snmp_version([v3 | _]) -> "-v3"; net_snmp_version([v2 | _]) -> @@ -431,3 +546,14 @@ net_snmp_addr_str({transportDomainUdpIpv6, {Addr, Port}}) -> "udp6:[" ++ inet_parse:ntoa(Addr) ++ "]:" ++ integer_to_list(Port). + +domain_suffix(transportDomainUdpIpv4) -> + ""; +domain_suffix(transportDomainUdpIpv6) -> + "6". + +mk_port_number() -> + {ok, Socket} = gen_udp:open(0, [{reuseaddr, true}]), + {ok, PortNum} = inet:port(Socket), + ok = gen_udp:close(Socket), + PortNum. diff --git a/lib/snmp/test/snmp_to_snmpnet_SUITE_data/snmpd.conf b/lib/snmp/test/snmp_to_snmpnet_SUITE_data/snmpd.conf new file mode 100644 index 0000000000..2a5f31680f --- /dev/null +++ b/lib/snmp/test/snmp_to_snmpnet_SUITE_data/snmpd.conf @@ -0,0 +1,12 @@ +sysLocation On the lab network +sysContact otptest <[email protected]> + +createUser myinternaluser SHA dropdead + +agentSecName myinternaluser + +master agentx + +[snmp] +noPersistentLoad yes +noPersistentSave yes diff --git a/lib/ssh/test/property_test/ssh_eqc_client_server.erl b/lib/ssh/test/property_test/ssh_eqc_client_server.erl index 3a84acebb3..cf895ae85e 100644 --- a/lib/ssh/test/property_test/ssh_eqc_client_server.erl +++ b/lib/ssh/test/property_test/ssh_eqc_client_server.erl @@ -27,6 +27,10 @@ -ifdef(PROPER). %% Proper is not supported. -else. +-ifdef(TRIQ). +%% Proper is not supported. +-else. + -include_lib("eqc/include/eqc.hrl"). -include_lib("eqc/include/eqc_statem.hrl"). @@ -600,3 +604,4 @@ erase_dir(Dir) -> file:del_dir(Dir). -endif. +-endif. diff --git a/lib/ssh/test/property_test/ssh_eqc_encode_decode.erl b/lib/ssh/test/property_test/ssh_eqc_encode_decode.erl index 6ddf2c9972..34630bdc91 100644 --- a/lib/ssh/test/property_test/ssh_eqc_encode_decode.erl +++ b/lib/ssh/test/property_test/ssh_eqc_encode_decode.erl @@ -22,20 +22,36 @@ -compile(export_all). +-proptest(eqc). +-proptest([triq,proper]). + +-include_lib("ct_property_test.hrl"). + -ifndef(EQC). -ifndef(PROPER). +-ifndef(TRIQ). -define(EQC,true). %%-define(PROPER,true). +%%-define(TRIQ,true). +-endif. -endif. -endif. -ifdef(EQC). -include_lib("eqc/include/eqc.hrl"). -define(MOD_eqc,eqc). + -else. -ifdef(PROPER). -include_lib("proper/include/proper.hrl"). -define(MOD_eqc,proper). + +-else. +-ifdef(TRIQ). +-define(MOD_eqc,triq). +-include_lib("triq/include/triq.hrl"). + +-endif. -endif. -endif. diff --git a/lib/ssh/test/ssh_property_test_SUITE.erl b/lib/ssh/test/ssh_property_test_SUITE.erl index c6c63d7367..ffad8ebbb7 100644 --- a/lib/ssh/test/ssh_property_test_SUITE.erl +++ b/lib/ssh/test/ssh_property_test_SUITE.erl @@ -57,10 +57,8 @@ init_per_suite(Config) -> %%% if we run proper. init_per_group(client_server, Config) -> case ?config(property_test_tool,Config) of - proper -> - {skip, "PropEr is not supported"}; - eqc -> - Config + eqc -> Config; + X -> {skip, lists:concat([X," is not supported"])} end; init_per_group(_, Config) -> Config. diff --git a/lib/ssl/doc/src/ssl.xml b/lib/ssl/doc/src/ssl.xml index ffee4bd1af..f14d0b8bb7 100644 --- a/lib/ssl/doc/src/ssl.xml +++ b/lib/ssl/doc/src/ssl.xml @@ -226,7 +226,7 @@ <p>The verification fun should be defined as:</p> <code> -fun(OtpCert :: #'OTPCertificate'{}, Event :: {bad_cert, Reason :: atom()} | +fun(OtpCert :: #'OTPCertificate'{}, Event :: {bad_cert, Reason :: atom() | {revoked, atom()}} | {extension, #'Extension'{}}, InitialUserState :: term()) -> {valid, UserState :: term()} | {valid_peer, UserState :: term()} | {fail, Reason :: term()} | {unknown, UserState :: term()}. @@ -252,7 +252,7 @@ fun(OtpCert :: #'OTPCertificate'{}, Event :: {bad_cert, Reason :: atom()} | always returns {valid, UserState}, the TLS/SSL handshake will not be terminated with respect to verification failures and the connection will be established. If called with an - extension unknown to the user application the return value + extension unknown to the user application, the return value {unknown, UserState} should be used.</p> <p>The default verify_fun option in verify_peer mode:</p> @@ -283,9 +283,29 @@ fun(OtpCert :: #'OTPCertificate'{}, Event :: {bad_cert, Reason :: atom()} | end, []} </code> -<p>Possible path validation errors: </p> + <p>Possible path validation errors are given on the form {bad_cert, Reason} where Reason is:</p> -<p> {bad_cert, cert_expired}, {bad_cert, invalid_issuer}, {bad_cert, invalid_signature}, {bad_cert, unknown_ca},{bad_cert, selfsigned_peer}, {bad_cert, name_not_permitted}, {bad_cert, missing_basic_constraint}, {bad_cert, invalid_key_usage}</p> + <taglist> + <tag>unknown_ca</tag> + <item>No trusted CA was found in the trusted store. The trusted CA is + normally a so called ROOT CA that is a self-signed cert. Trust may + be claimed for an intermediat CA (trusted anchor does not have to be self signed + according to X-509) by using the option <c>partial_chain</c></item> + + <tag>selfsigned_peer</tag> + <item>The chain consisted only of one self-signed certificate.</item> + + <tag>PKIX X-509-path validation error</tag> + <item> Possible such reasons see <seealso + marker="public_key#pkix_path_validation-3"> public_key:pkix_path_validation/3 </seealso></item> + </taglist> + + </item> + + <tag>{partial_chain, fun(Chain::[DerCert]) -> {trusted_ca, DerCert} | unknown_ca </tag> + <item> + Claim an intermediat CA in the chain as trusted. TLS will then perform the public_key:pkix_path_validation/3 + with the selected CA as trusted anchor and the rest of the chain. </item> <tag>{versions, [protocol()]}</tag> diff --git a/lib/ssl/src/ssl.appup.src b/lib/ssl/src/ssl.appup.src index b713f86c1e..650901ef54 100644 --- a/lib/ssl/src/ssl.appup.src +++ b/lib/ssl/src/ssl.appup.src @@ -1,12 +1,22 @@ %% -*- erlang -*- {"%VSN%", [ + {"5.3.5", [{load_module, ssl, soft_purge, soft_purge, [ssl_connection]}, + {load_module, ssl_handshake, soft_purge, soft_purge, [ssl_certificate]}, + {load_module, ssl_certificate, soft_purge, soft_purge, []}, + {load_module, ssl_connection, soft_purge, soft_purge, [tls_connection]}, + {update, tls_connection, {advanced, {up, "5.3.5", "5.3.6"}}, [ssl_handshake]}]}, {<<"5\\.3\\.[1-4]($|\\..*)">>, [{restart_application, ssl}]}, {<<"5\\.[0-2]($|\\..*)">>, [{restart_application, ssl}]}, {<<"4\\..*">>, [{restart_application, ssl}]}, {<<"3\\..*">>, [{restart_application, ssl}]} ], [ + {"5.3.5", [{load_module, ssl, soft_purge, soft_purge,[ssl_certificate]}, + {load_module, ssl_handshake, soft_purge, soft_purge,[ssl_certificate]}, + {load_module, ssl_certificate, soft_purge, soft_purge,[]}, + {load_module, ssl_connection, soft_purge, soft_purge,[tls_connection]}, + {update, tls_connection, {advanced, {down, "5.3.6", "5.3.5"}}, [ssl_handshake]}]}, {<<"5\\.3\\.[1-4]($|\\..*)">>, [{restart_application, ssl}]}, {<<"5\\.[0-2]($|\\..*)">>, [{restart_application, ssl}]}, {<<"4\\..*">>, [{restart_application, ssl}]}, diff --git a/lib/ssl/src/ssl.erl b/lib/ssl/src/ssl.erl index d741fa63fb..b4bea25942 100644 --- a/lib/ssl/src/ssl.erl +++ b/lib/ssl/src/ssl.erl @@ -569,21 +569,24 @@ handle_options(Opts0, #ssl_options{protocol = Protocol, cacerts = CaCerts0, cacertfile = CaCertFile0} = InheritedSslOpts) -> RecordCB = record_cb(Protocol), CaCerts = handle_option(cacerts, Opts0, CaCerts0), - {Verify, FailIfNoPeerCert, CaCertDefault, VerifyFun} = handle_verify_options(Opts0, CaCerts), + {Verify, FailIfNoPeerCert, CaCertDefault, VerifyFun, PartialChainHanlder} = handle_verify_options(Opts0, CaCerts), CaCertFile = case proplists:get_value(cacertfile, Opts0, CaCertFile0) of undefined -> CaCertDefault; CAFile -> CAFile end, + NewVerifyOpts = InheritedSslOpts#ssl_options{cacerts = CaCerts, cacertfile = CaCertFile, verify = Verify, verify_fun = VerifyFun, + partial_chain = PartialChainHanlder, fail_if_no_peer_cert = FailIfNoPeerCert}, SslOpts1 = lists:foldl(fun(Key, PropList) -> proplists:delete(Key, PropList) - end, Opts0, [cacerts, cacertfile, verify, verify_fun, fail_if_no_peer_cert]), + end, Opts0, [cacerts, cacertfile, verify, verify_fun, partial_chain, + fail_if_no_peer_cert]), case handle_option(versions, SslOpts1, []) of [] -> new_ssl_options(SslOpts1, NewVerifyOpts, RecordCB); @@ -603,10 +606,10 @@ handle_options(Opts0) -> ReuseSessionFun = fun(_, _, _, _) -> true end, CaCerts = handle_option(cacerts, Opts, undefined), - {Verify, FailIfNoPeerCert, CaCertDefault, VerifyFun} = handle_verify_options(Opts, CaCerts), + {Verify, FailIfNoPeerCert, CaCertDefault, VerifyFun, PartialChainHanlder} = + handle_verify_options(Opts, CaCerts), CertFile = handle_option(certfile, Opts, <<>>), - RecordCb = record_cb(Opts), Versions = case handle_option(versions, Opts, []) of @@ -620,6 +623,7 @@ handle_options(Opts0) -> versions = Versions, verify = validate_option(verify, Verify), verify_fun = VerifyFun, + partial_chain = PartialChainHanlder, fail_if_no_peer_cert = FailIfNoPeerCert, verify_client_once = handle_option(verify_client_once, Opts, false), depth = handle_option(depth, Opts, 1), @@ -656,7 +660,7 @@ handle_options(Opts0) -> }, CbInfo = proplists:get_value(cb_info, Opts, {gen_tcp, tcp, tcp_closed, tcp_error}), - SslOptions = [protocol, versions, verify, verify_fun, + SslOptions = [protocol, versions, verify, verify_fun, partial_chain, fail_if_no_peer_cert, verify_client_once, depth, cert, certfile, key, keyfile, password, cacerts, cacertfile, dh, dhfile, @@ -708,6 +712,8 @@ validate_option(verify_fun, Fun) when is_function(Fun) -> end, Fun}; validate_option(verify_fun, {Fun, _} = Value) when is_function(Fun) -> Value; +validate_option(partial_chain, Value) when is_function(Value) -> + Value; validate_option(fail_if_no_peer_cert, Value) when is_boolean(Value) -> Value; validate_option(verify_client_once, Value) when is_boolean(Value) -> @@ -1147,25 +1153,32 @@ handle_verify_options(Opts, CaCerts) -> UserFailIfNoPeerCert = handle_option(fail_if_no_peer_cert, Opts, false), UserVerifyFun = handle_option(verify_fun, Opts, undefined), - + PartialChainHanlder = handle_option(partial_chain, Opts, + fun(_) -> unknown_ca end), + %% Handle 0, 1, 2 for backwards compatibility case proplists:get_value(verify, Opts, verify_none) of 0 -> {verify_none, false, - ca_cert_default(verify_none, VerifyNoneFun, CaCerts), VerifyNoneFun}; + ca_cert_default(verify_none, VerifyNoneFun, CaCerts), + VerifyNoneFun, PartialChainHanlder}; 1 -> {verify_peer, false, - ca_cert_default(verify_peer, UserVerifyFun, CaCerts), UserVerifyFun}; + ca_cert_default(verify_peer, UserVerifyFun, CaCerts), + UserVerifyFun, PartialChainHanlder}; 2 -> {verify_peer, true, - ca_cert_default(verify_peer, UserVerifyFun, CaCerts), UserVerifyFun}; - verify_none -> + ca_cert_default(verify_peer, UserVerifyFun, CaCerts), + UserVerifyFun, PartialChainHanlder}; + verify_none -> {verify_none, false, - ca_cert_default(verify_none, VerifyNoneFun, CaCerts), VerifyNoneFun}; + ca_cert_default(verify_none, VerifyNoneFun, CaCerts), + VerifyNoneFun, PartialChainHanlder}; verify_peer -> {verify_peer, UserFailIfNoPeerCert, - ca_cert_default(verify_peer, UserVerifyFun, CaCerts), UserVerifyFun}; + ca_cert_default(verify_peer, UserVerifyFun, CaCerts), + UserVerifyFun, PartialChainHanlder}; Value -> throw({error, {options, {verify, Value}}}) end. diff --git a/lib/ssl/src/ssl_certificate.erl b/lib/ssl/src/ssl_certificate.erl index 53366b060c..9c0ed181fe 100644 --- a/lib/ssl/src/ssl_certificate.erl +++ b/lib/ssl/src/ssl_certificate.erl @@ -30,7 +30,7 @@ -include("ssl_internal.hrl"). -include_lib("public_key/include/public_key.hrl"). --export([trusted_cert_and_path/3, +-export([trusted_cert_and_path/4, certificate_chain/3, file_to_certificats/2, validate_extension/3, @@ -46,14 +46,14 @@ %%==================================================================== %%-------------------------------------------------------------------- --spec trusted_cert_and_path([der_cert()], db_handle(), certdb_ref()) -> +-spec trusted_cert_and_path([der_cert()], db_handle(), certdb_ref(), fun()) -> {der_cert() | unknown_ca, [der_cert()]}. %% %% Description: Extracts the root cert (if not presents tries to %% look it up, if not found {bad_cert, unknown_ca} will be added verification %% errors. Returns {RootCert, Path, VerifyErrors} %%-------------------------------------------------------------------- -trusted_cert_and_path(CertChain, CertDbHandle, CertDbRef) -> +trusted_cert_and_path(CertChain, CertDbHandle, CertDbRef, PartialChainHandler) -> Path = [Cert | _] = lists:reverse(CertChain), OtpCert = public_key:pkix_decode_cert(Cert, otp), SignedAndIssuerID = @@ -62,32 +62,23 @@ trusted_cert_and_path(CertChain, CertDbHandle, CertDbRef) -> {ok, IssuerId} = public_key:pkix_issuer_id(OtpCert, self), {self, IssuerId}; false -> - case public_key:pkix_issuer_id(OtpCert, other) of - {ok, IssuerId} -> - {other, IssuerId}; - {error, issuer_not_found} -> - case find_issuer(OtpCert, CertDbHandle) of - {ok, IssuerId} -> - {other, IssuerId}; - Other -> - Other - end - end + other_issuer(OtpCert, CertDbHandle) end, case SignedAndIssuerID of {error, issuer_not_found} -> %% The root CA was not sent and can not be found. - {unknown_ca, Path}; + handle_incomplete_chain(Path, PartialChainHandler); {self, _} when length(Path) == 1 -> {selfsigned_peer, Path}; {_ ,{SerialNr, Issuer}} -> case ssl_manager:lookup_trusted_cert(CertDbHandle, CertDbRef, SerialNr, Issuer) of - {ok, {BinCert,_}} -> - {BinCert, Path}; + {ok, Trusted} -> + %% Trusted must be selfsigned or it is an incomplete chain + handle_path(Trusted, Path, PartialChainHandler); _ -> %% Root CA could not be verified - {unknown_ca, Path} + handle_incomplete_chain(Path, PartialChainHandler) end end. @@ -222,28 +213,27 @@ certificate_chain(CertDbHandle, CertsDbRef, Chain, SerialNr, Issuer, _SelfSigned _ -> %% The trusted cert may be obmitted from the chain as the %% counter part needs to have it anyway to be able to - %% verify it. This will be the normal case for servers - %% that does not verify the clients and hence have not - %% specified the cacertfile. + %% verify it. {ok, lists:reverse(Chain)} end. find_issuer(OtpCert, CertDbHandle) -> - IsIssuerFun = fun({_Key, {_Der, #'OTPCertificate'{} = ErlCertCandidate}}, Acc) -> - case public_key:pkix_is_issuer(OtpCert, ErlCertCandidate) of - true -> - case verify_cert_signer(OtpCert, ErlCertCandidate#'OTPCertificate'.tbsCertificate) of - true -> - throw(public_key:pkix_issuer_id(ErlCertCandidate, self)); - false -> - Acc - end; - false -> - Acc - end; - (_, Acc) -> - Acc - end, + IsIssuerFun = + fun({_Key, {_Der, #'OTPCertificate'{} = ErlCertCandidate}}, Acc) -> + case public_key:pkix_is_issuer(OtpCert, ErlCertCandidate) of + true -> + case verify_cert_signer(OtpCert, ErlCertCandidate#'OTPCertificate'.tbsCertificate) of + true -> + throw(public_key:pkix_issuer_id(ErlCertCandidate, self)); + false -> + Acc + end; + false -> + Acc + end; + (_, Acc) -> + Acc + end, try ssl_pkix_db:foldl(IsIssuerFun, issuer_not_found, CertDbHandle) of issuer_not_found -> @@ -275,3 +265,41 @@ public_key(#'OTPSubjectPublicKeyInfo'{algorithm = #'PublicKeyAlgorithm'{algorith parameters = {params, Params}}, subjectPublicKey = Key}) -> {Key, Params}. + +other_issuer(OtpCert, CertDbHandle) -> + case public_key:pkix_issuer_id(OtpCert, other) of + {ok, IssuerId} -> + {other, IssuerId}; + {error, issuer_not_found} -> + case find_issuer(OtpCert, CertDbHandle) of + {ok, IssuerId} -> + {other, IssuerId}; + Other -> + Other + end + end. + +handle_path({BinCert, OTPCert}, Path, PartialChainHandler) -> + case public_key:pkix_is_self_signed(OTPCert) of + true -> + {BinCert, Path}; + false -> + handle_incomplete_chain(Path, PartialChainHandler) + end. + +handle_incomplete_chain(Chain, Fun) -> + case catch Fun(Chain) of + {trusted_ca, DerCert} -> + new_trusteded_chain(DerCert, Chain); + unknown_ca = Error -> + {Error, Chain}; + _ -> + {unknown_ca, Chain} + end. + +new_trusteded_chain(DerCert, [DerCert | Chain]) -> + {DerCert, Chain}; +new_trusteded_chain(DerCert, [_ | Rest]) -> + new_trusteded_chain(DerCert, Rest); +new_trusteded_chain(_, []) -> + unknown_ca. diff --git a/lib/ssl/src/ssl_connection.erl b/lib/ssl/src/ssl_connection.erl index 4ac4e81d9e..8ff9913cee 100644 --- a/lib/ssl/src/ssl_connection.erl +++ b/lib/ssl/src/ssl_connection.erl @@ -414,7 +414,9 @@ certify(#certificate{} = Cert, ssl_options = Opts} = State, Connection) -> case ssl_handshake:certify(Cert, CertDbHandle, CertDbRef, Opts#ssl_options.depth, Opts#ssl_options.verify, - Opts#ssl_options.verify_fun, Role) of + Opts#ssl_options.verify_fun, + Opts#ssl_options.partial_chain, + Role) of {PeerCert, PublicKeyInfo} -> handle_peer_cert(Role, PeerCert, PublicKeyInfo, State#state{client_certificate_requested = false}, Connection); diff --git a/lib/ssl/src/ssl_handshake.erl b/lib/ssl/src/ssl_handshake.erl index 94ffd180c5..22673e46e2 100644 --- a/lib/ssl/src/ssl_handshake.erl +++ b/lib/ssl/src/ssl_handshake.erl @@ -49,7 +49,7 @@ finished/5, next_protocol/1]). %% Handle handshake messages --export([certify/7, client_certificate_verify/6, certificate_verify/6, verify_signature/5, +-export([certify/8, client_certificate_verify/6, certificate_verify/6, verify_signature/5, master_secret/5, server_key_exchange_hash/2, verify_connection/6, init_handshake_history/0, update_handshake_history/2, verify_server_key/5 ]). @@ -383,13 +383,13 @@ verify_signature(_Version, Hash, {HashAlgo, ecdsa}, Signature, %%-------------------------------------------------------------------- -spec certify(#certificate{}, db_handle(), certdb_ref(), integer() | nolimit, - verify_peer | verify_none, {fun(), term}, + verify_peer | verify_none, {fun(), term}, fun(), client | server) -> {der_cert(), public_key_info()} | #alert{}. %% %% Description: Handles a certificate handshake message %%-------------------------------------------------------------------- certify(#certificate{asn1_certificates = ASN1Certs}, CertDbHandle, CertDbRef, - MaxPathLen, _Verify, VerifyFunAndState, Role) -> + MaxPathLen, _Verify, VerifyFunAndState, PartialChain, Role) -> [PeerCert | _] = ASN1Certs, ValidationFunAndState = @@ -421,7 +421,7 @@ certify(#certificate{asn1_certificates = ASN1Certs}, CertDbHandle, CertDbRef, try {TrustedErlCert, CertPath} = - ssl_certificate:trusted_cert_and_path(ASN1Certs, CertDbHandle, CertDbRef), + ssl_certificate:trusted_cert_and_path(ASN1Certs, CertDbHandle, CertDbRef, PartialChain), case public_key:pkix_path_validation(TrustedErlCert, CertPath, [{max_path_length, diff --git a/lib/ssl/src/ssl_internal.hrl b/lib/ssl/src/ssl_internal.hrl index fd0d87bd5f..85724de4bd 100644 --- a/lib/ssl/src/ssl_internal.hrl +++ b/lib/ssl/src/ssl_internal.hrl @@ -74,6 +74,7 @@ versions :: [ssl_record:ssl_version()], %% ssl_record:atom_version() in API verify :: verify_none | verify_peer, verify_fun, %%:: fun(CertVerifyErrors::term()) -> boolean(), + partial_chain :: fun(), fail_if_no_peer_cert :: boolean(), verify_client_once :: boolean(), %% fun(Extensions, State, Verify, AccError) -> {Extensions, State, AccError} diff --git a/lib/ssl/src/tls_connection.erl b/lib/ssl/src/tls_connection.erl index 26de51985a..7df73fb581 100644 --- a/lib/ssl/src/tls_connection.erl +++ b/lib/ssl/src/tls_connection.erl @@ -329,7 +329,10 @@ terminate(Reason, StateName, State) -> %% code_change(OldVsn, StateName, State, Extra) -> {ok, StateName, NewState} %% Description: Convert process state when code is changed %%-------------------------------------------------------------------- -code_change(_OldVsn, StateName, State, _Extra) -> +code_change(_OldVsn, StateName, State0, {Direction, From, To}) -> + State = convert_state(State0, Direction, From, To), + {ok, StateName, State}; +code_change(_OldVsn, StateName, State, _) -> {ok, StateName, State}. format_status(Type, Data) -> @@ -958,3 +961,14 @@ workaround_transport_delivery_problems(Socket, gen_tcp = Transport) -> Transport:recv(Socket, 0, 30000); workaround_transport_delivery_problems(Socket, Transport) -> Transport:close(Socket). + +convert_state(#state{ssl_options = Options} = State, up, "5.3.5", "5.3.6") -> + State#state{ssl_options = convert_options_partial_chain(Options, up)}; +convert_state(#state{ssl_options = Options} = State, down, "5.3.6", "5.3.5") -> + State#state{ssl_options = convert_options_partial_chain(Options, down)}. + +convert_options_partial_chain(Options, up) -> + {Head, Tail} = lists:split(5, tuple_to_list(Options)), + list_to_tuple(Head ++ [{partial_chain, fun(_) -> unknown_ca end}] ++ Tail); +convert_options_partial_chain(Options, down) -> + list_to_tuple(proplists:delete(partial_chain, tuple_to_list(Options))). diff --git a/lib/ssl/test/ssl_ECC_SUITE.erl b/lib/ssl/test/ssl_ECC_SUITE.erl index 77e4c80bbe..3566a8a0a5 100644 --- a/lib/ssl/test/ssl_ECC_SUITE.erl +++ b/lib/ssl/test/ssl_ECC_SUITE.erl @@ -163,11 +163,11 @@ client_ecdh_server_ecdh(Config) when is_list(Config) -> client_ecdh_server_rsa(Config) when is_list(Config) -> COpts = ?config(client_ecdh_rsa_opts, Config), - SOpts = ?config(server_verification_opts, Config), + SOpts = ?config(server_ecdh_rsa_verify_opts, Config), basic_test(COpts, SOpts, Config). client_rsa_server_ecdh(Config) when is_list(Config) -> - COpts = ?config(client_verification_opts, Config), + COpts = ?config(client_ecdh_rsa_opts, Config), SOpts = ?config(server_ecdh_rsa_verify_opts, Config), basic_test(COpts, SOpts, Config). @@ -183,11 +183,11 @@ client_ecdsa_server_ecdsa(Config) when is_list(Config) -> client_ecdsa_server_rsa(Config) when is_list(Config) -> COpts = ?config(client_ecdsa_opts, Config), - SOpts = ?config(server_verification_opts, Config), + SOpts = ?config(server_ecdsa_verify_opts, Config), basic_test(COpts, SOpts, Config). client_rsa_server_ecdsa(Config) when is_list(Config) -> - COpts = ?config(client_verification_opts, Config), + COpts = ?config(client_ecdsa_opts, Config), SOpts = ?config(server_ecdsa_verify_opts, Config), basic_test(COpts, SOpts, Config). diff --git a/lib/ssl/test/ssl_certificate_verify_SUITE.erl b/lib/ssl/test/ssl_certificate_verify_SUITE.erl index 14047c6e9c..b7864ba6e7 100644 --- a/lib/ssl/test/ssl_certificate_verify_SUITE.erl +++ b/lib/ssl/test/ssl_certificate_verify_SUITE.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2012-2013. All Rights Reserved. +%% Copyright Ericsson AB 2012-2014. All Rights Reserved. %% %% The contents of this file are subject to the Erlang Public License, %% Version 1.1, (the "License"); you may not use this file except in @@ -58,6 +58,10 @@ tests() -> server_verify_none, server_require_peer_cert_ok, server_require_peer_cert_fail, + server_require_peer_cert_partial_chain, + server_require_peer_cert_allow_partial_chain, + server_require_peer_cert_do_not_allow_partial_chain, + server_require_peer_cert_partial_chain_fun_fail, verify_fun_always_run_client, verify_fun_always_run_server, cert_expired, @@ -143,8 +147,8 @@ server_verify_none() -> [{doc,"Test server option verify_none"}]. server_verify_none(Config) when is_list(Config) -> - ClientOpts = ?config(client_opts, Config), - ServerOpts = ?config(server_opts, Config), + ClientOpts = ?config(client_verification_opts, Config), + ServerOpts = ?config(server_verification_opts, Config), Active = ?config(active, Config), ReceiveFunction = ?config(receive_function, Config), @@ -261,6 +265,163 @@ server_require_peer_cert_fail(Config) when is_list(Config) -> end. %%-------------------------------------------------------------------- + +server_require_peer_cert_partial_chain() -> + [{doc, "Client sends an incompleate chain, by default not acceptable."}]. + +server_require_peer_cert_partial_chain(Config) when is_list(Config) -> + ServerOpts = [{verify, verify_peer}, {fail_if_no_peer_cert, true} + | ?config(server_verification_opts, Config)], + ClientOpts = ?config(client_verification_opts, Config), + {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config), + + {ok, ClientCAs} = file:read_file(proplists:get_value(cacertfile, ClientOpts)), + [{_,RootCA,_}, {_, _, _}] = public_key:pem_decode(ClientCAs), + + + Server = ssl_test_lib:start_server_error([{node, ServerNode}, {port, 0}, + {from, self()}, + {mfa, {ssl_test_lib, no_result, []}}, + {options, [{active, false} | ServerOpts]}]), + Port = ssl_test_lib:inet_port(Server), + Client = ssl_test_lib:start_client_error([{node, ClientNode}, {port, Port}, + {host, Hostname}, + {from, self()}, + {mfa, {ssl_test_lib, no_result, []}}, + {options, [{active, false}, + {cacerts, [RootCA]} | + proplists:delete(cacertfile, ClientOpts)]}]), + receive + {Server, {error, {tls_alert, "unknown ca"}}} -> + receive + {Client, {error, {tls_alert, "unknown ca"}}} -> + ok; + {Client, {error, closed}} -> + ok + end + end. +%%-------------------------------------------------------------------- +server_require_peer_cert_allow_partial_chain() -> + [{doc, "Server trusts intermediat CA and accepts a partial chain. (partial_chain option)"}]. + +server_require_peer_cert_allow_partial_chain(Config) when is_list(Config) -> + ServerOpts = [{verify, verify_peer}, {fail_if_no_peer_cert, true} + | ?config(server_verification_opts, Config)], + ClientOpts = ?config(client_verification_opts, Config), + {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config), + + {ok, ServerCAs} = file:read_file(proplists:get_value(cacertfile, ServerOpts)), + [{_,_,_}, {_, IntermidiateCA, _}] = public_key:pem_decode(ServerCAs), + + PartialChain = fun(CertChain) -> + case lists:member(IntermidiateCA, CertChain) of + true -> + {trusted_ca, IntermidiateCA}; + false -> + unknown_ca + end + end, + + Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0}, + {from, self()}, + {mfa, {ssl_test_lib, send_recv_result_active, []}}, + {options, [{cacerts, [IntermidiateCA]}, + {partial_chain, PartialChain} | + proplists:delete(cacertfile, ServerOpts)]}]), + Port = ssl_test_lib:inet_port(Server), + Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port}, + {host, Hostname}, + {from, self()}, + {mfa, {ssl_test_lib, send_recv_result_active, []}}, + {options, ClientOpts}]), + ssl_test_lib:check_result(Server, ok, Client, ok), + ssl_test_lib:close(Server), + ssl_test_lib:close(Client). + + %%-------------------------------------------------------------------- +server_require_peer_cert_do_not_allow_partial_chain() -> + [{doc, "Server does not accept the chain sent by the client as ROOT CA is unkown, " + "and we do not choose to trust the intermediate CA. (partial_chain option)"}]. + +server_require_peer_cert_do_not_allow_partial_chain(Config) when is_list(Config) -> + ServerOpts = [{verify, verify_peer}, {fail_if_no_peer_cert, true} + | ?config(server_verification_opts, Config)], + ClientOpts = ?config(client_verification_opts, Config), + {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config), + + {ok, ServerCAs} = file:read_file(proplists:get_value(cacertfile, ServerOpts)), + [{_,_,_}, {_, IntermidiateCA, _}] = public_key:pem_decode(ServerCAs), + + PartialChain = fun(_CertChain) -> + unknown_ca + end, + + Server = ssl_test_lib:start_server_error([{node, ServerNode}, {port, 0}, + {from, self()}, + {mfa, {ssl_test_lib, no_result, []}}, + {options, [{cacerts, [IntermidiateCA]}, + {partial_chain, PartialChain} | + proplists:delete(cacertfile, ServerOpts)]}]), + + Port = ssl_test_lib:inet_port(Server), + Client = ssl_test_lib:start_client_error([{node, ClientNode}, {port, Port}, + {host, Hostname}, + {from, self()}, + {mfa, {ssl_test_lib, no_result, []}}, + {options, ClientOpts}]), + + receive + {Server, {error, {tls_alert, "unknown ca"}}} -> + receive + {Client, {error, {tls_alert, "unknown ca"}}} -> + ok; + {Client, {error, closed}} -> + ok + end + end. + + %%-------------------------------------------------------------------- +server_require_peer_cert_partial_chain_fun_fail() -> + [{doc, "If parial_chain fun crashes, treat it as if it returned unkown_ca"}]. + +server_require_peer_cert_partial_chain_fun_fail(Config) when is_list(Config) -> + ServerOpts = [{verify, verify_peer}, {fail_if_no_peer_cert, true} + | ?config(server_verification_opts, Config)], + ClientOpts = ?config(client_verification_opts, Config), + {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config), + + {ok, ServerCAs} = file:read_file(proplists:get_value(cacertfile, ServerOpts)), + [{_,_,_}, {_, IntermidiateCA, _}] = public_key:pem_decode(ServerCAs), + + PartialChain = fun(_CertChain) -> + ture = false %% crash on purpose + end, + + Server = ssl_test_lib:start_server_error([{node, ServerNode}, {port, 0}, + {from, self()}, + {mfa, {ssl_test_lib, no_result, []}}, + {options, [{cacerts, [IntermidiateCA]}, + {partial_chain, PartialChain} | + proplists:delete(cacertfile, ServerOpts)]}]), + + Port = ssl_test_lib:inet_port(Server), + Client = ssl_test_lib:start_client_error([{node, ClientNode}, {port, Port}, + {host, Hostname}, + {from, self()}, + {mfa, {ssl_test_lib, no_result, []}}, + {options, ClientOpts}]), + + receive + {Server, {error, {tls_alert, "unknown ca"}}} -> + receive + {Client, {error, {tls_alert, "unknown ca"}}} -> + ok; + {Client, {error, closed}} -> + ok + end + end. + +%%-------------------------------------------------------------------- verify_fun_always_run_client() -> [{doc,"Verify that user verify_fun is always run (for valid and valid_peer not only unknown_extension)"}]. @@ -434,10 +595,16 @@ cert_expired(Config) when is_list(Config) -> Client = ssl_test_lib:start_client_error([{node, ClientNode}, {port, Port}, {host, Hostname}, {from, self()}, - {options, [{verify, verify_peer} | ClientOpts]}]), - - ssl_test_lib:check_result(Server, {error, {tls_alert, "certificate expired"}}, - Client, {error, {tls_alert, "certificate expired"}}). + {options, [{verify, verify_peer} | ClientOpts]}]), + receive + {Client, {error, {tls_alert, "certificate expired"}}} -> + receive + {Server, {error, {tls_alert, "certificate expired"}}} -> + ok; + {Server, {error, closed}} -> + ok + end + end. two_digits_str(N) when N < 10 -> lists:flatten(io_lib:format("0~p", [N])); @@ -632,7 +799,7 @@ no_authority_key_identifier() -> no_authority_key_identifier(Config) when is_list(Config) -> ClientOpts = ?config(client_verification_opts, Config), - ServerOpts = ?config(server_opts, Config), + ServerOpts = ?config(server_verification_opts, Config), PrivDir = ?config(priv_dir, Config), KeyFile = filename:join(PrivDir, "otpCA/private/key.pem"), @@ -804,7 +971,7 @@ unknown_server_ca_fail() -> [{doc,"Test that the client fails if the ca is unknown in verify_peer mode"}]. unknown_server_ca_fail(Config) when is_list(Config) -> ClientOpts = ?config(client_opts, Config), - ServerOpts = ?config(server_opts, Config), + ServerOpts = ?config(server_verification_opts, Config), {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config), Server = ssl_test_lib:start_server_error([{node, ServerNode}, {port, 0}, {from, self()}, @@ -833,11 +1000,11 @@ unknown_server_ca_fail(Config) when is_list(Config) -> {verify_fun, FunAndState} | ClientOpts]}]), receive - {Server, {error, {tls_alert, "unknown ca"}}} -> + {Client, {error, {tls_alert, "unknown ca"}}} -> receive - {Client, {error, {tls_alert, "unknown ca"}}} -> + {Server, {error, {tls_alert, "unknown ca"}}} -> ok; - {Client, {error, closed}} -> + {Server, {error, closed}} -> ok end end. @@ -848,7 +1015,7 @@ unknown_server_ca_accept_verify_none() -> [{doc,"Test that the client succeds if the ca is unknown in verify_none mode"}]. unknown_server_ca_accept_verify_none(Config) when is_list(Config) -> ClientOpts = ?config(client_opts, Config), - ServerOpts = ?config(server_opts, Config), + ServerOpts = ?config(server_verification_opts, Config), {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config), Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0}, {from, self()}, @@ -873,7 +1040,7 @@ unknown_server_ca_accept_verify_peer() -> " with a verify_fun that accepts the unknown ca error"}]. unknown_server_ca_accept_verify_peer(Config) when is_list(Config) -> ClientOpts = ?config(client_opts, Config), - ServerOpts = ?config(server_opts, Config), + ServerOpts = ?config(server_verification_opts, Config), {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config), Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0}, {from, self()}, @@ -912,7 +1079,7 @@ unknown_server_ca_accept_backwardscompatibility() -> [{doc,"Test that old style verify_funs will work"}]. unknown_server_ca_accept_backwardscompatibility(Config) when is_list(Config) -> ClientOpts = ?config(client_opts, Config), - ServerOpts = ?config(server_opts, Config), + ServerOpts = ?config(server_verification_opts, Config), {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config), Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0}, {from, self()}, diff --git a/lib/ssl/vsn.mk b/lib/ssl/vsn.mk index 004cacf7fc..404b71374f 100644 --- a/lib/ssl/vsn.mk +++ b/lib/ssl/vsn.mk @@ -1 +1 @@ -SSL_VSN = 5.3.5 +SSL_VSN = 5.3.6 |