From 7147e7a36b8a22ba6345356aa786029bab66f4e6 Mon Sep 17 00:00:00 2001 From: Micael Karlberg Date: Wed, 3 Jul 2013 09:39:40 +0200 Subject: [snmp/agent] Local DB counter increment wrap error The counter increment function in the local-db was incorrect. It did not handle counter wrap correctly. OTP-11192 --- lib/snmp/doc/src/notes.xml | 58 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 58 insertions(+) (limited to 'lib/snmp/doc') diff --git a/lib/snmp/doc/src/notes.xml b/lib/snmp/doc/src/notes.xml index 80de9738f1..40e761b2af 100644 --- a/lib/snmp/doc/src/notes.xml +++ b/lib/snmp/doc/src/notes.xml @@ -33,6 +33,64 @@ +
+ SNMP Development Toolkit 4.24.1 +

Version 4.24.1 supports code replacement in runtime from/to + version 4.24, 4.23.1 and 4.23.

+ +
+ Improvements and new features +

-

+ + + +
+ +
+ Fixed Bugs and Malfunctions + + + + +

[agent] The counter increment function in the local-db was + incorrect. It did not handle counter wrap correctly.

+

Own Id: OTP-11192

+ + + + +
+ +
+ Incompatibilities +

-

+ + +
+ +
+ +
SNMP Development Toolkit 4.24

Version 4.24 supports code replacement in runtime from/to -- cgit v1.2.3 From a6ba7a3327b146d8472b154cc8ba4544f9d4d0fe Mon Sep 17 00:00:00 2001 From: Micael Karlberg Date: Tue, 25 Jun 2013 12:38:17 +0200 Subject: [snmp/agent] Cleanup, renaming, appup, proper version and release notes Add utility functions for checking view masks. Code cleanup, function renaming and comment fix (%% instead of %). Also updated the mask check in the vacm config file check function. Finally, release notes and some cosmetic changes to the agent config-file(s) user guide chapter. --- lib/snmp/doc/src/notes.xml | 74 ++++++++ lib/snmp/doc/src/snmp_agent_config_files.xml | 260 +++++++++++++-------------- 2 files changed, 197 insertions(+), 137 deletions(-) (limited to 'lib/snmp/doc') diff --git a/lib/snmp/doc/src/notes.xml b/lib/snmp/doc/src/notes.xml index 80de9738f1..9f668bf28a 100644 --- a/lib/snmp/doc/src/notes.xml +++ b/lib/snmp/doc/src/notes.xml @@ -33,6 +33,80 @@ +

+ SNMP Development Toolkit 4.24.1 +

Version 4.24.1 supports code replacement in runtime from/to + version 4.24, 4.23.1 and 4.23.

+ +
+ Improvements and new features +

-

+ + + +
+ +
+ Fixed Bugs and Malfunctions + + + + +

[agent] Reading the value of the vacmViewTreeFamilyMask returns + it in the wrong (internal bitlist) format.

+

The vacmViewTreeFamilyMask is defined as a bit string in the MIB + (OCTET STRING). Internally a bitlist (list of 1's and 0's, + see vacm config file + for more info) is used. + However, the MIB implementation assumed the latter, effectively + rendering all attempts to read/set masks via SNMP unsuccessful.

+

Since the mask is used in hot paths (e.g. access permission checks + for each SNMP operation, the bitlist representation of the mask has + benefits (e.g. faster processing). Reading/writing the view mask + objects is less time-critical. Therefore, to fix the issue, convert + between the bitlist (internal) representation and bitstring + (external) when the vacmViewTreeFamilyMask objects are accessed.

+

Also, the check of the vacm config file was invalid with + regard to the mask value. It was assumed to be a proper oid, which + is not strictly the case (see bitlist above).

+

Own Id: OTP-11177

+

Stefan Zegenhagen

+ + + + +
+ +
+ Incompatibilities +

-

+ + +
+ +
+ +
SNMP Development Toolkit 4.24

Version 4.24 supports code replacement in runtime from/to diff --git a/lib/snmp/doc/src/snmp_agent_config_files.xml b/lib/snmp/doc/src/snmp_agent_config_files.xml index bd5c537522..866b00b77b 100644 --- a/lib/snmp/doc/src/snmp_agent_config_files.xml +++ b/lib/snmp/doc/src/snmp_agent_config_files.xml @@ -4,7 +4,7 @@

- 19972011 + 19972013 Ericsson AB. All Rights Reserved. @@ -32,13 +32,15 @@ snmp_agent_config_files.xml

All configuration data must be included in configuration files - that are located in the configuration directory. The name of this - directory is given in the config_dir configuration - parameter. These files are read at start-up, and are used to - initialize the SNMPv2-MIB or STANDARD-MIB, SNMP-FRAMEWORK-MIB, - SNMP-MPD-MIB, SNMP-VIEW-BASED-ACM-MIB, SNMP-COMMUNITY-MIB, - SNMP-USER-BASED-SM-MIB, SNMP-TARGET-MIB and SNMP-NOTIFICATION-MIB - (refer to the Management of the Agent for a description of the MIBs).

+ that are located in the configuration directory. The name of this + directory is given in the config_dir configuration + parameter. These files are read at start-up, and are used to + initialize the SNMPv2-MIB or STANDARD-MIB, SNMP-FRAMEWORK-MIB, + SNMP-MPD-MIB, SNMP-VIEW-BASED-ACM-MIB, SNMP-COMMUNITY-MIB, + SNMP-USER-BASED-SM-MIB, SNMP-TARGET-MIB and SNMP-NOTIFICATION-MIB + (refer to the + Management of the Agent + for a description of the MIBs).

The files are:

@@ -79,35 +81,35 @@

The directory where the configuration files are found is given as - a parameter to the agent.

+ a parameter to the agent.

The entry format in all files are Erlang terms, separated by a - '.' and a newline. In the following sections, the - formats of these terms are described. Comments may be specified as - ordinary Erlang comments.

+ '.' and a newline. In the following sections, the + formats of these terms are described. Comments may be specified as + ordinary Erlang comments.

Syntax errors in these files are discovered and reported with the - function config_err/2 of the error report module at start-up.

- + function config_err/2 of the error report module at start-up.

+ + +
- Agent Information

The agent information should be stored in a file called - agent.conf. -

-

Each entry is a tuple of size two: -

+ agent.conf.

+

Each entry is a tuple of size two:

{AgentVariable, Value}.

- AgentVariable is one of the variables is - SNMP-FRAMEWORK-MIB or one of the internal variables - intAgentUDPPort, which defines which UDP port the agent - listens to, or intAgentIpAddress, which defines the IP - address of the agent. + +

AgentVariable is one of the variables is + SNMP-FRAMEWORK-MIB or one of the internal variables + intAgentUDPPort, which defines which UDP port the agent + listens to, or intAgentIpAddress, which defines the IP + address of the agent.

- Value is the value for the variable. + +

Value is the value for the variable.

 -

The following example shows a agent.conf file: -

+

The following example shows a agent.conf file: 

 {intAgentUDPPort, 4000}.
 {intAgentIpAddress,[141,213,11,24]}.
@@ -115,49 +117,47 @@
 {snmpEngineMaxPacketSize, 484}.

The value of snmpEngineID is a string, which for a - deployed agent should have a very specific structure. See - RFC 2271/2571 for details. -

+ deployed agent should have a very specific structure. See + RFC 2271/2571 for details.

+ +
- Contexts

The context information should be stored in a file called - context.conf. The default context "" - need not be present. -

+ context.conf. The default context "" + need not be present.

Each row defines a context in the agent. This information is - used in the table vacmContextTable in the - SNMP-VIEW-BASED-ACM-MIB. -

-

Each entry is a term: -

+ used in the table vacmContextTable in the + SNMP-VIEW-BASED-ACM-MIB.

+

Each entry is a term:

ContextName.

- ContextName is a string. + +

ContextName is a string.

 + +
- System Information

The system information should be stored in a file called - standard.conf. -

-

Each entry is a tuple of size two: -

+ standard.conf.

+

Each entry is a tuple of size two:

{SystemVariable, Value}.

- SystemVariable is one of the variables in the - system group, or snmpEnableAuthenTraps. + +

SystemVariable is one of the variables in the + system group, or snmpEnableAuthenTraps.

- Value is the value for the variable. + +

Value is the value for the variable.

-

The following example shows a valid standard.conf file: -

+

The following example shows a valid standard.conf file: 

 {sysDescr, "Erlang SNMP agent"}.
 {sysObjectID, [1,2,3]}.
@@ -167,59 +167,60 @@
 {snmpEnableAuthenTraps, enabled}.

A value must be provided for all variables, which lack default - values in the MIB. -

+ values in the MIB.

+ +
- Communities

The community information should be stored in a file called - community.conf. It must be present if the agent is - configured for SNMPv1 or SNMPv2c. -

+ community.conf. It must be present if the agent is + configured for SNMPv1 or SNMPv2c.

An SNMP community is a relationship between an SNMP agent and a set of SNMP managers that defines authentication, access control and proxy characteristics.

The corresponding table is snmpCommunityTable in the - SNMP-COMMUNITY-MIB.

+ SNMP-COMMUNITY-MIB.

Each entry is a term:

-

{CommunityIndex, CommunityName, SecurityName, ContextName, TransportTag}.

+

{CommunityIndex, CommunityName, SecurityName, ContextName, TransportTag}.

- CommunityIndex is a non-empty string. + +

CommunityIndex is a non-empty string.

 - CommunityName is a string. + +

CommunityName is a string.

 - SecurityName is a string. + +

SecurityName is a string.

 - ContextName is a string. + +

ContextName is a string.

 - TransportTag is a string. + +

TransportTag is a string.

 + +
- MIB Views for VACM

The information about MIB Views for VACM should be stored in a - file called - vacm.conf. -

+ file called vacm.conf.

The corresponding tables are vacmSecurityToGroupTable, - vacmAccessTable and vacmViewTreeFamilyTable in the - SNMP-VIEW-BASED-ACM-MIB. -

+ vacmAccessTable and vacmViewTreeFamilyTable in the + SNMP-VIEW-BASED-ACM-MIB.

Each entry is one of the terms, one entry corresponds to one - row in one of the tables. -

+ row in one of the tables.

{vacmSecurityToGroup, SecModel, SecName, GroupName}.

{vacmAccess, GroupName, Prefix, SecModel, SecLevel, Match, ReadView, WriteView, NotifyView}.

{vacmViewTreeFamily, ViewIndex, ViewSubtree, ViewStatus, ViewMask}.

SecModel is any, v1, v2c, or - usm.

+ usm.

SecName is a string.

@@ -232,7 +233,7 @@

SecLevel is noAuthNoPriv, authNoPriv, - or authPriv

+ or authPriv

Match is prefix or exact.

@@ -244,8 +245,7 @@

WriteView is a string.

 -

NotifyView is a string. -

+

NotifyView is a string.

ViewIndex is an integer.

@@ -258,33 +258,29 @@

ViewMask is either null or a list of ones and - zeros. Ones nominate that an exact match is used for this - sub-identifier. Zeros are wild-cards which match any - sub-identifier. If the mask is shorter than the sub-tree, the - tail is regarded as all ones. null is shorthand for a - mask with all ones.

+ zeros. Ones nominate that an exact match is used for this + sub-identifier. Zeros are wild-cards which match any + sub-identifier. If the mask is shorter than the sub-tree, the + tail is regarded as all ones. null is shorthand for a + mask with all ones.

+ +
- Security data for USM

The information about Security data for USM should be stored in a - file called - usm.conf, which must be present if the agent is configured - for SNMPv3. -

+ file called usm.conf, which must be present if the agent is + configured for SNMPv3.

The corresponding table is usmUserTable in the - SNMP-USER-BASED-SM-MIB. -

-

Each entry is a term: -

+ SNMP-USER-BASED-SM-MIB.

+

Each entry is a term:

{EngineID, UserName, SecName, Clone, AuthP, AuthKeyC, OwnAuthKeyC, PrivP, PrivKeyC, OwnPrivKeyC, Public, AuthKey, PrivKey}.

-

EngineID is a string. -

+

EngineID is a string.

UserName is a string.

@@ -297,7 +293,7 @@

AuthP is a usmNoAuthProtocol, - usmHMACMD5AuthProtocol, or usmHMACSHAAuthProtocol.

+ usmHMACMD5AuthProtocol, or usmHMACSHAAuthProtocol.

AuthKeyC is a string.

@@ -307,7 +303,7 @@

PrivP is a usmNoPrivProtocol, - usmDESPrivProtocol or usmAesCfb128Protocol.

+ usmDESPrivProtocol or usmAesCfb128Protocol.

PrivKeyC is a string.

@@ -319,66 +315,59 @@

Public is a string.

 -

AuthKey is a list (of integer). This is the User's secret - localized authentication key. It is not visible in the MIB. The length - of this key needs to be 16 if usmHMACMD5AuthProtocol is used, and - 20 if usmHMACSHAAuthProtocol is used.

+

AuthKey is a list (of integer). This is the User's secret + localized authentication key. It is not visible in the MIB. The length + of this key needs to be 16 if usmHMACMD5AuthProtocol is used, + and 20 if usmHMACSHAAuthProtocol is used.

PrivKey is a list (of integer). This is the User's secret - localized encryption key. It is not visible in the MIB. The length - of this key needs to be 16 if usmDESPrivProtocol or - usmAesCfb128Protocol is used. -

+ localized encryption key. It is not visible in the MIB. The length + of this key needs to be 16 if usmDESPrivProtocol or + usmAesCfb128Protocol is used.

+ +
- Notify Definitions

The information about Notify Definitions should be stored in a - file called - notify.conf. -

+ file called notify.conf.

The corresponding table is snmpNotifyTable in the - SNMP-NOTIFICATION-MIB. -

-

Each entry is a term: -

+ SNMP-NOTIFICATION-MIB.

+

Each entry is a term:

{NotifyName, Tag, Type}.

-

NotifyName is a unique non-empty string. -

+

NotifyName is a unique non-empty string.

 -

Tag is a string. -

+

Tag is a string.

 -

Type is trap or inform. -

+

Type is trap or inform.

 + +
- Target Address Definitions

The information about Target Address Definitions should be - stored in a file called target_addr.conf.

+ stored in a file called target_addr.conf.

The corresponding tables are snmpTargetAddrTable in the - SNMP-TARGET-MIB and snmpTargetAddrExtTable in the - SNMP-COMMUNITY-MIB.

+ SNMP-TARGET-MIB and snmpTargetAddrExtTable in the + SNMP-COMMUNITY-MIB.

Each entry is a term:

{TargetName, Ip, Udp, Timeout, RetryCount, TagList, ParamsName, EngineId}.

or

{TargetName, Ip, Udp, Timeout, RetryCount, TagList, ParamsName, EngineId, TMask, MaxMessageSize}.

or

-{TargetName, Domain, Ip, Udp, Timeout, RetryCount, TagList, ParamsName, EngineId, TMask, MaxMessageSize}.

+{TargetName, Domain, Ip, Udp, Timeout, RetryCount, TagList, ParamsName, EngineId, TMask, MaxMessageSize}.

-

TargetName is a unique non-empty string. -

+

TargetName is a unique non-empty string.

Domain is one of the atoms: @@ -414,40 +403,37 @@

Note that if EngineId has the value discovery, - the agent cannot send - inform messages to that manager until it has performed the - discovery process with that manager.

+ the agent cannot send + inform messages to that manager until it has performed the + discovery process with that manager.

+ +
- Target Parameters Definitions

The information about Target Parameters Definitions should be - stored in a file called target_params.conf.

+ stored in a file called target_params.conf.

The corresponding table is snmpTargetParamsTable in the - SNMP-TARGET-MIB.

+ SNMP-TARGET-MIB.

Each entry is a term:

{ParamsName, MPModel, SecurityModel, SecurityName, SecurityLevel}.

-

ParamsName is a unique non-empty string. -

+

ParamsName is a unique non-empty string.

MPModel is v1, v2c or v3

 -

SecurityModel is v1, v2c, or usm. -

+

SecurityModel is v1, v2c, or usm.

 -

SecurityName is a string. -

+

SecurityName is a string.

SecurityLevel is noAuthNoPriv, authNoPriv - or authPriv. -

+ or authPriv.

-- cgit v1.2.3