From a1c84a9eb253f8b7aa5cdc8b88ca17691ed52c14 Mon Sep 17 00:00:00 2001 From: Micael Karlberg Date: Wed, 14 Dec 2011 14:15:05 +0100 Subject: [snmp] Updated doc and fixed wrequest create macros Release notes updated, together with documentation of the new config option. Also fixed the wrequest create macros (forgot end parantesis). OTP-9700 --- lib/snmp/doc/src/notes.xml | 58 ++++++++++++++++++++ lib/snmp/doc/src/snmp_app.xml | 109 +++++++++++++++++++++++++++++++++++-- lib/snmp/doc/src/snmp_config.xml | 108 ++++++++++++++++++++++++++++++++---- lib/snmp/src/agent/snmpa_agent.erl | 6 +- 4 files changed, 263 insertions(+), 18 deletions(-) diff --git a/lib/snmp/doc/src/notes.xml b/lib/snmp/doc/src/notes.xml index 1e31d72a2c..8d9de1d70b 100644 --- a/lib/snmp/doc/src/notes.xml +++ b/lib/snmp/doc/src/notes.xml @@ -32,6 +32,64 @@ notes.xml +
+ SNMP Development Toolkit 4.17.3 + +

Version 4.17.3 supports code replacement in runtime from/to + version 4.17.2, 4.17.1, 4.17, 4.16.2, 4.16.1 and 4.16.

+ +
+ Improvements and new features + + + + +

[agent] DoS attack using GET-BULK with large value of + MaxRepetitions. + A preventive method has been implementing by simply + limit the number of varbinds that can be included in + a Get-BULK response message. This is specified by the + new config option, + gb_max_vbs. +

+

Own Id: OTP-9700

+
+ +
+ +
+ +
+ Reported Fixed Bugs and Malfunctions +

-

+ + + +
+ +
+ Incompatibilities +

-

+
+ +
+ +
SNMP Development Toolkit 4.17.2 diff --git a/lib/snmp/doc/src/snmp_app.xml b/lib/snmp/doc/src/snmp_app.xml index 694e619da1..f6abe783b3 100644 --- a/lib/snmp/doc/src/snmp_app.xml +++ b/lib/snmp/doc/src/snmp_app.xml @@ -1,10 +1,10 @@ - +
- 19972010 + 19972011 Ericsson AB. All Rights Reserved. @@ -78,7 +78,15 @@ ]. - + + +

Each snmp component has its own set of configuration parameters, even though some of the types are common to both components.

@@ -92,6 +100,7 @@ {agent_verbosity, verbosity()} | {discovery, agent_discovery()} | {versions, versions()} | + {gb_max_vbs, gb_max_vbs()} | {priority, priority()} | {multi_threaded, multi_threaded()} | {db_dir, db_dir()} | @@ -122,8 +131,10 @@ {def_user_data, def_user_data()} +

Agent specific config options and types:

+ ]]>

If master, one master agent is @@ -131,6 +142,7 @@

Default is master.

+ ]]>

agent_discovery_opt() = @@ -143,6 +155,7 @@

For defaults see the options in agent_discovery_opt().

+ ]]>

agent_terminating_discovery_opt() = @@ -160,6 +173,7 @@ + ]]>

agent_originating_discovery_opt() = @@ -173,6 +187,7 @@ + ]]>

If true, the agent is multi-threaded, with one @@ -180,11 +195,21 @@

Default is false.

+ ]]>

Defines where the SNMP agent internal db files are stored.

+ + ]]> + +

Defines the maximum number of varbinds allowed + in a Get-BULK response.

+

Default is 1000.

+
+ + ]]>

local_db_opt() = {repair, agent_repair()} | {auto_save, agent_auto_save()} | {verbosity, verbosity()}

@@ -192,6 +217,7 @@

For defaults see the options in local_db_opt().

+ ]]>

When starting snmpa_local_db it always tries to open an @@ -202,6 +228,7 @@

Default is true.

+ ]]>

The auto save interval. The table is flushed to disk @@ -209,6 +236,7 @@

Default is 5000.

+ ]]>

agent_net_if_opt() = {module, agent_net_if_module()} | {verbosity, verbosity()} | {options, agent_net_if_options()}

@@ -217,6 +245,7 @@

For defaults see the options in agent_net_if_opt().

+ ]]>

Module which handles the network interface part for the @@ -225,6 +254,7 @@

Default is snmpa_net_if.

+ ]]>

agent_net_if_option() = {bind_to, bind_to()} | @@ -239,12 +269,14 @@

For defaults see the options in agent_net_if_option().

+ ]]>

Max number of simultaneous requests handled by the agent.

Default is infinity.

+ ]]>

agent_net_if_filter_option() = {module, agent_net_if_filter_module()}

@@ -255,6 +287,7 @@ agent_net_if_filter_option().

+ ]]>

Module which handles the network interface filter part for the @@ -263,6 +296,7 @@

Default is snmpa_net_if_filter.

+ ]]>

Specifies a list of MIBs (including path) that defines which MIBs @@ -277,6 +311,7 @@

Default is [].

+ ]]>

Specifies how info retrieved from the mibs will be stored.

@@ -302,6 +337,7 @@ mnesia/dets table already exist.

+ ]]>

mib_server_opt() = {mibentry_override, mibentry_override()} | {trapentry_override, trapentry_override()} | {verbosity, verbosity()} | {cache, mibs_cache()}

@@ -309,6 +345,7 @@

For defaults see the options in mib_server_opt().

+ ]]>

If this value is false, then when loading a mib each mib- @@ -318,6 +355,7 @@

Default is false.

+ ]]>

If this value is false, then when loading a mib each trap @@ -327,6 +365,7 @@

Default is false.

+ ]]>

Shall the agent utilize the mib server lookup cache or not.

@@ -334,6 +373,7 @@ default values apply).

+ ]]>

mibs_cache_opt() = {autogc, mibs_cache_autogc()} | {gclimit, mibs_cache_gclimit()} | {age, mibs_cache_age()}

@@ -341,6 +381,7 @@

For defaults see the options in mibs_cache_opt().

+ ]]>

Defines if the mib server shall perform cache gc automatically or @@ -349,6 +390,7 @@

Default is true.

+ 0 ]]>

Defines how old the entries in the cache will be allowed before @@ -358,6 +400,7 @@

Default is 10 timutes.

+ 0 | infinity ]]>

When performing a GC, this is the max number of cache entries @@ -368,6 +411,7 @@

Default is 100.

+ ]]>

Defines an error report module, implementing the @@ -377,6 +421,7 @@

Default is snmpa_error_logger.

+ symbolic_store() = [symbolic_store_opt()]

symbolic_store_opt() = {verbosity, verbosity()}

@@ -384,23 +429,29 @@

For defaults see the options in symbolic_store_opt().

+ target_cache() = [target_cache_opt()]

target_cache_opt() = {verbosity, verbosity()}

Defines options specific for the SNMP agent target cache.

For defaults see the options in target_cache_opt().

+ + ]]>

agent_config_opt() = {dir, agent_config_dir()} | {force_load, force_load()} | {verbosity, verbosity()}

Defines specific config related options for the SNMP agent.

For defaults see the options in agent_config_opt().

+ + ]]>

Defines where the SNMP agent configuration files are stored.

+ ]]>

If true the configuration files are re-read @@ -412,14 +463,18 @@ +

Manager specific config options and types:

+ ]]>

server_opt() = {timeout, server_timeout()} | {verbosity, verbosity()}

Specifies the options for the manager server process.

Default is silence.

+ + ]]>

Asynchroneous request cleanup time. For every requests, @@ -440,6 +495,7 @@

Default is 30000.

+ ]]>

manager_config_opt() = {dir, manager_config_dir()} | {db_dir, manager_db_dir()} | {db_init_error, db_init_error()} | {repair, manager_repair()} | {auto_save, manager_auto_save()} | {verbosity, verbosity()}

@@ -447,16 +503,19 @@

For defaults see the options in manager_config_opt().

+ ]]>

Defines where the SNMP manager configuration files are stored.

+ ]]>

Defines where the SNMP manager store persistent data.

+ ]]>

Defines the repair option for the persistent database (if @@ -464,6 +523,7 @@

Default is true.

+ ]]>

The auto save interval. The table is flushed to disk @@ -471,6 +531,7 @@

Default is 5000.

+ ]]>

This option defines how the manager will handle the sending of @@ -500,6 +561,7 @@

Default is auto.

+ ]]>

Specifies a list of MIBs (including path) and defines which MIBs @@ -507,6 +569,7 @@

Default is [].

+ ]]>

manager_net_if_opt() = {module, manager_net_if_module()} | @@ -517,6 +580,7 @@

For defaults see the options in manager_net_if_opt().

+ ]]>

manager_net_if_option() = {bind_to, bind_to()} | @@ -530,6 +594,7 @@

For defaults see the options in manager_net_if_option().

+ ]]>

Module which handles the network interface part for the @@ -538,6 +603,7 @@

Default is snmpm_net_if.

+ ]]>

manager_net_if_filter_option() = {module, manager_net_if_filter_module()}

@@ -548,6 +614,7 @@ manager_net_if_filter_option().

+ ]]>

Module which handles the network interface filter part for the @@ -556,6 +623,7 @@

Default is snmpm_net_if_filter.

+ ]]>

The module implementing the default user. See the @@ -563,6 +631,7 @@

Default is snmpm_user_default.

+ ]]>

Data for the default user. Passed to the user module when @@ -571,8 +640,10 @@ +

Common config types:

+ restart_type() = permanent | transient | temporary

See supervisor @@ -580,6 +651,8 @@

Default is permanent for the agent and transient for the manager.

+ + db_init_error() = terminate | create

Defines what to do if the agent or manager is unable to open an @@ -588,23 +661,31 @@ agent/manager will remove the faulty file(s) and create new ones.

Default is terminate.

+ + ]]>

Defines the Erlang priority for all SNMP processes.

Default is normal.

+ + ]]>

version() = v1 | v2 | v3

Which SNMP versions shall be accepted/used.

Default is [v1,v2,v3].

+ + ]]>

Verbosity for a SNMP process. This specifies now much debug info is printed.

Default is silence.

+ + ]]>

If true, net_if binds to the IP address. @@ -612,6 +693,8 @@ where it is running.

Default is false.

+ + ]]>

If true, net_if does not specify that the IP @@ -619,22 +702,30 @@ the address is set to reusable.

Default is false.

+ + ]]>

Receive buffer size.

Default value is defined by gen_udp.

+ + ]]>

Send buffer size.

Default value is defined by gen_udp.

+ + ]]>

note_store_opt() = {timeout, note_store_timeout()} | {verbosity, verbosity()}

Specifies the start-up verbosity for the SNMP note store.

For defaults see the options in note_store_opt().

+ + ]]>

Note cleanup time. When storing a note in the note store, @@ -643,9 +734,9 @@ milli-seconds.

Default is 30000.

-
+ ]]>

audit_trail_log_opt() = {type, atl_type()} | {dir, atl_dir()} | {size, atl_size()} | {repair, atl_repair()} | {seqno, atl_seqno()}

@@ -655,6 +746,8 @@ size options are mandatory.

If not present, audit trail logging is not used.

+ + ]]>

Specifies what type of an audit trail log should be used. @@ -675,12 +768,16 @@

Default is read_write.

+ + ]]>

Specifies where the audit trail log should be stored.

If audit_trail_log specifies that logging should take place, this parameter must be defined.

+ + ]]>

Specifies the size of the audit @@ -688,6 +785,8 @@

If audit_trail_log specifies that logging should take place, this parameter must be defined.

+ + ]]>

Specifies if and how the audit trail log shall be repaired @@ -699,6 +798,8 @@ analysis.

Default is true.

+ + ]]>

Specifies if the audit trail log entries will be (sequence) diff --git a/lib/snmp/doc/src/snmp_config.xml b/lib/snmp/doc/src/snmp_config.xml index 769b908adc..ab66a11387 100644 --- a/lib/snmp/doc/src/snmp_config.xml +++ b/lib/snmp/doc/src/snmp_config.xml @@ -1,10 +1,10 @@ - +

- 19972010 + 19972011 Ericsson AB. All Rights Reserved. @@ -40,6 +40,7 @@ starting the application (agent and/or manager) debugging the application (agent and/or manager) +

Refer also to the chapter(s) Definition of Agent Configuration Files and Definition of Manager Configuration Files which contains more detailed information @@ -73,7 +74,14 @@ - + +

The agent and manager uses (application) configuration parameters to find out where these directories are located. The parameters should be @@ -87,6 +95,7 @@ {agent_verbosity, verbosity()} | {versions, versions()} | {discovery, agent_discovery()} | + {gb_max_vbs, gb_max_vbs()} | {priority, priority()} | {multi_threaded, multi_threaded()} | {db_dir, db_dir()} | @@ -117,8 +126,10 @@ {def_user_data, def_user_data()} +

Agent specific config options and types:

+ ]]>

If master, one master agent is @@ -126,6 +137,7 @@

Default is master.

+ ]]>

agent_discovery_opt() = @@ -138,6 +150,7 @@

For defaults see the options in agent_discovery_opt().

+ ]]>

agent_terminating_discovery_opt() = @@ -155,6 +168,7 @@ + ]]>

agent_originating_discovery_opt() = @@ -168,6 +182,7 @@ + ]]>

If true, the agent is multi-threaded, with one @@ -175,11 +190,21 @@

Default is false.

+ ]]>

Defines where the SNMP agent internal db files are stored.

+ + ]]> + +

Defines the maximum number of varbinds allowed + in a Get-BULK response.

+

Default is 1000.

+
+ + ]]>

local_db_opt() = {repair, agent_repair()} | {auto_save, agent_auto_save()} | {verbosity, verbosity()}

@@ -187,6 +212,7 @@

For defaults see the options in local_db_opt().

+ ]]>

When starting snmpa_local_db it always tries to open an @@ -197,6 +223,7 @@

Default is true.

+ ]]>

The auto save interval. The table is flushed to disk @@ -204,6 +231,7 @@

Default is 5000.

+ ]]>

agent_net_if_option() = {module, agent_net_if_module()} | @@ -214,6 +242,7 @@

For defaults see the options in agent_net_if_opt().

+ ]]>

Module which handles the network interface part for the @@ -222,6 +251,7 @@

Default is snmpa_net_if.

+ ]]>

agent_net_if_option() = {bind_to, bind_to()} | @@ -236,6 +266,14 @@

For defaults see the options in agent_net_if_option().

+ + ]]> + +

Max number of simultaneous requests handled by the agent.

+

Default is infinity.

+
+ + ]]>

@@ -245,6 +283,7 @@

For defaults see the options in agent_net_if_filter_option().

+ ]]>

Module which handles the network interface filter part for the @@ -254,12 +293,7 @@

Default is snmpa_net_if_filter.

- ]]> - -

Max number of simultaneous requests handled by the agent.

-

Default is infinity.

-
- + ]]>

Specifies a list of MIBs (including path) that defines which MIBs @@ -274,6 +308,7 @@

Default is [].

+ ]]>

Specifies how info retrieved from the mibs will be stored.

@@ -299,6 +334,7 @@ mnesia/dets table already exist.

+ ]]>

mib_server_opt() = {mibentry_override, mibentry_override()} | {trapentry_override, trapentry_override()} | {verbosity, verbosity()} | {cache, mibs_cache()}

@@ -306,6 +342,7 @@

For defaults see the options in mib_server_opt().

+ ]]>

If this value is false, then when loading a mib each mib- @@ -315,6 +352,7 @@

Default is false.

+ ]]>

If this value is false, then when loading a mib each trap @@ -324,6 +362,7 @@

Default is false.

+ ]]>

Shall the agent utilize the mib server lookup cache or not.

@@ -331,6 +370,7 @@ default values apply).

+ ]]>

mibs_cache_opt() = {autogc, mibs_cache_autogc()} | {gclimit, mibs_cache_gclimit()} | {age, mibs_cache_age()}

@@ -338,6 +378,7 @@

For defaults see the options in mibs_cache_opt().

+ ]]>

Defines if the mib server shall perform cache gc automatically or @@ -346,6 +387,7 @@

Default is true.

+ 0 ]]>

Defines how old the entries in the cache will be allowed before @@ -355,6 +397,7 @@

Default is 10 timutes.

+ 0 | infinity ]]>

When performing a GC, this is the max number of cache entries @@ -365,6 +408,7 @@

Default is 100.

+ ]]>

Defines an error report module, implementing the @@ -374,6 +418,7 @@

Default is snmpa_error_logger.

+ symbolic_store() = [symbolic_store_opt()]

symbolic_store_opt() = {verbosity, verbosity()}

@@ -381,12 +426,15 @@

For defaults see the options in symbolic_store_opt().

+ target_cache() = [target_cache_opt()]

target_cache_opt() = {verbosity, verbosity()}

Defines options specific for the SNMP agent target cache.

For defaults see the options in target_cache_opt().

+ + ]]>

agent_config_opt() = {dir, agent_config_dir()} | {force_load, force_load()} | {verbosity, verbosity()}

@@ -394,11 +442,13 @@

For defaults see the options in agent_config_opt().

+ ]]>

Defines where the SNMP agent configuration files are stored.

+ ]]>

If true the configuration files are re-read @@ -410,14 +460,18 @@ +

Manager specific config options and types:

+ ]]>

server_opt() = {timeout, server_timeout()} | {verbosity, verbosity()}

Specifies the options for the manager server process.

Default is silence.

+ + ]]>

Asynchroneous request cleanup time. For every requests, @@ -438,6 +492,7 @@

Default is 30000.

+ ]]>

manager_config_opt() = {dir, manager_config_dir()} | {db_dir, manager_db_dir()} | {db_init_error, db_init_error()} | {repair, manager_repair()} | {auto_save, manager_auto_save()} | {verbosity, verbosity()}

@@ -445,16 +500,19 @@

For defaults see the options in manager_config_opt().

+ ]]>

Defines where the SNMP manager configuration files are stored.

+ ]]>

Defines where the SNMP manager store persistent data.

+ ]]>

Defines the repair option for the persistent database (if @@ -462,6 +520,7 @@

Default is true.

+ ]]>

The auto save interval. The table is flushed to disk @@ -469,6 +528,7 @@

Default is 5000.

+ ]]>

This option defines how the manager will handle the sending of @@ -498,6 +558,7 @@

Default is auto.

+ ]]>

Specifies a list of MIBs (including path) and defines which MIBs @@ -505,6 +566,7 @@

Default is [].

+ ]]>

manager_net_if_opt() = {module, manager_net_if_module()} | @@ -515,6 +577,7 @@

For defaults see the options in manager_net_if_opt().

+ ]]>

manager_net_if_option() = {bind_to, bind_to()} | @@ -528,6 +591,7 @@

For defaults see the options in manager_net_if_option().

+ ]]>

Module which handles the network interface part for the @@ -536,6 +600,7 @@

Default is snmpm_net_if.

+ ]]>

manager_net_if_filter_option() = {module, manager_net_if_filter_module()}

@@ -546,6 +611,7 @@ manager_net_if_filter_option().

+ ]]>

Module which handles the network interface filter part for the @@ -554,6 +620,7 @@

Default is snmpm_net_if_filter.

+ ]]>

The module implementing the default user. See the @@ -561,6 +628,7 @@

Default is snmpm_user_default.

+ ]]>

Data for the default user. Passed to the user when calling @@ -569,8 +637,10 @@ +

Common config types:

+ restart_type() = permanent | transient | temporary

See supervisor @@ -579,6 +649,7 @@ for the manager.

+ db_init_error() = terminate | create

Defines what to do if the agent is unable to open an @@ -588,12 +659,14 @@

Default is terminate.

+ ]]>

Defines the Erlang priority for all SNMP processes.

Default is normal.

+ ]]>

version() = v1 | v2 | v3

@@ -601,6 +674,7 @@

Default is [v1,v2,v3].

+ ]]>

Verbosity for a SNMP process. This specifies now much debug info @@ -608,6 +682,7 @@

Default is silence.

+ ]]>

If true, net_if binds to the IP address. @@ -616,6 +691,7 @@

Default is false.

+ ]]>

If true, net_if does not specify that the IP @@ -624,17 +700,21 @@

Default is false.

+ ]]>

Receive buffer size.

Default value is defined by gen_udp.

+ + ]]>

Send buffer size.

Default value is defined by gen_udp.

+ ]]>

note_store_opt() = {timeout, note_store_timeout()} | {verbosity, verbosity()}

@@ -642,6 +722,7 @@

For defaults see the options in note_store_opt().

+ ]]>

Note cleanup time. When storing a note in the note store, @@ -649,10 +730,9 @@ process performs a GC to remove the expired note's. Time in milli-seconds.

Default is 30000.

- -
+ ]]>

audit_trail_log_opt() = {type, atl_type()} | {dir, atl_dir()} | {size, atl_size()} | {repair, atl_repair()} | {seqno, atl_seqno()}

@@ -663,6 +743,7 @@

If not present, audit trail logging is not used.

+ ]]>

Specifies what type of an audit trail log should be used. @@ -684,6 +765,7 @@

Default is read_write.

+ ]]>

Specifies where the audit trail log should be stored.

@@ -691,6 +773,7 @@ place, this parameter must be defined.

+ ]]>

Specifies the size of the audit @@ -699,6 +782,7 @@ take place, this parameter must be defined.

+ ]]>

Specifies if and how the audit trail log shall be repaired @@ -710,6 +794,8 @@ analysis.

Default is true.

+ + ]]>

Specifies if the audit trail log entries will be (sequence) diff --git a/lib/snmp/src/agent/snmpa_agent.erl b/lib/snmp/src/agent/snmpa_agent.erl index 0510d7b625..00fe9be098 100644 --- a/lib/snmp/src/agent/snmpa_agent.erl +++ b/lib/snmp/src/agent/snmpa_agent.erl @@ -112,7 +112,7 @@ {acm_data, ACMData}, {addr, Address}, {gb_max_vbs, GbMaxVBs}, - {extra, Extra}]}. + {extra, Extra}]}). -define(mk_send_trap_wreq(TrapRec, NotifyName, ContextName, Recv, Vbs, LocalEngineID), #wrequest{cmd = send_trap, @@ -121,7 +121,7 @@ {context_name, ContextName}, {receiver, Recv}, {varbinds, Vbs}, - {local_engine_id, LocalEngineID}]}. + {local_engine_id, LocalEngineID}]}). -define(mk_terminate_wreq(), #wrequest{cmd = terminate, info = []}). -define(mk_verbosity_wreq(V), #wrequest{cmd = verbosity, info = [{verbosity, V}]}). @@ -3585,7 +3585,7 @@ conv_res([VbListOfBytes | T], Bytes) -> conv_res([], Bytes) -> Bytes. -%% The only only other value, then a positive integer, is infinity. +%% The only other value, then a positive integer, is infinity. do_get_rep(_Sz, _MibView, Count, Max, _, _Res, GbNumVBs, GbMaxVBs) when (is_integer(GbMaxVBs) andalso (GbNumVBs > GbMaxVBs)) -> ?vinfo("Max Get-BULK VBs limit (~w) exceeded (~w) when:" -- cgit v1.2.3