![[BACK]](/icons/back.gif){kind=icon}
Up to [local] / src / usr.sbin / snmpd
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.43 / (download) - annotate - [select for diffs], Thu Feb 8 17:34:09 2024 UTC (3 months, 3 weeks ago) by martijn
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE,
OPENBSD_7_5,
HEAD
Changes since 1.42: +103 -24 lines
Diff to previous 1.42 (colored)
RFC2578 section 7.1 specifies the ranges and in the case of opaque the format to which the values need to adhere. Implement checks, so that we don't send illegal values to the client. OK tb@
Revision 1.42 / (download) - annotate - [select for diffs], Tue Feb 6 12:44:27 2024 UTC (3 months, 3 weeks ago) by martijn
Branch: MAIN
Changes since 1.41: +45 -30 lines
Diff to previous 1.41 (colored)
Replace most smi_oid2string() calls with the new mib_oid2string(). smi_oid2string() is still called from trap handle context to not break any existing scripts. OK tb@
Revision 1.41 / (download) - annotate - [select for diffs], Thu Dec 21 12:43:30 2023 UTC (5 months, 1 week ago) by martijn
Branch: MAIN
Changes since 1.40: +3 -1 lines
Diff to previous 1.40 (colored)
Clean up snmpd's header situation. With the help of tb@ and include-what-you-use. OK tb@
Revision 1.40 / (download) - annotate - [select for diffs], Thu Nov 16 14:35:25 2023 UTC (6 months, 2 weeks ago) by martijn
Branch: MAIN
Changes since 1.39: +3 -7 lines
Diff to previous 1.39 (colored)
In appl_processpdu() no need to set avi_next, and only set av_next up to varbindlen, since its only use is to print the varbindlist via appl_pdu_log() and both are further properly initialized in appl_request_upstream_resolve(). This fixes a cosmetic off by one for getbulk requests. OK tb@
Revision 1.39 / (download) - annotate - [select for diffs], Thu Nov 16 13:25:07 2023 UTC (6 months, 2 weeks ago) by martijn
Branch: MAIN
Changes since 1.38: +6 -2 lines
Diff to previous 1.38 (colored)
avi_origid must also be set when transitioning out of the APPL_VBSTATE_MUSTFILL state, else snmpd won't like use once we reach EOMV of our view of the world. OK tb@
Revision 1.38 / (download) - annotate - [select for diffs], Wed Nov 15 13:36:11 2023 UTC (6 months, 2 weeks ago) by martijn
Branch: MAIN
Changes since 1.37: +2 -2 lines
Diff to previous 1.37 (colored)
Make sure we allocate the correct size for an appl_agentcap. OK claudio@ miod@
Revision 1.37 / (download) - annotate - [select for diffs], Mon Nov 13 10:14:29 2023 UTC (6 months, 2 weeks ago) by martijn
Branch: MAIN
Changes since 1.36: +3 -1 lines
Diff to previous 1.36 (colored)
struct appl_varbind_internal's avi_index is used to give the index to the original varbindlist's index. In the case of a GetBulkRequest this must never be larger than the length of the original varbindlist. OK tb@
Revision 1.36 / (download) - annotate - [select for diffs], Sun Nov 12 16:07:34 2023 UTC (6 months, 2 weeks ago) by martijn
Branch: MAIN
Changes since 1.35: +1 -3 lines
Diff to previous 1.35 (colored)
Now that the last consumer of mps.c is gone, remove it and its application_legacy.c companion. OK tb@
Revision 1.35 / (download) - annotate - [select for diffs], Wed Nov 8 20:07:14 2023 UTC (6 months, 3 weeks ago) by martijn
Branch: MAIN
Changes since 1.34: +1 -2 lines
Diff to previous 1.34 (colored)
Let usm_make_report() utilize appl_report(). usm_make_report utilized mps_getstr(), which after moving the SNMPv2-SMI::snmpV2 into application_internal returned a noSuchObject. This doesn't seem to have broken any tools that I'm aware of, but this returns the correct result. OK tb@
Revision 1.34 / (download) - annotate - [select for diffs], Wed Nov 8 20:02:52 2023 UTC (6 months, 3 weeks ago) by martijn
Branch: MAIN
Changes since 1.33: +41 -23 lines
Diff to previous 1.33 (colored)
Let appl_report() collect its own metrics. This simplifies the interface and gives us a free report-pdu log line in debug mode. OK tb@
Revision 1.33 / (download) - annotate - [select for diffs], Wed Nov 8 19:59:46 2023 UTC (6 months, 3 weeks ago) by martijn
Branch: MAIN
Changes since 1.32: +9 -10 lines
Diff to previous 1.32 (colored)
Don't rely on aru_pdu to rebuild the original varbindlist on error. Now that we have avi_origid it's not needed anymore and aru_pdu needs to go. OK tb@
Revision 1.32 / (download) - annotate - [select for diffs], Wed Nov 8 19:54:52 2023 UTC (6 months, 3 weeks ago) by martijn
Branch: MAIN
Changes since 1.31: +10 -10 lines
Diff to previous 1.31 (colored)
Don't use aru_pdu for determining the requesttype. It's owned by snmp_message and getting rid of it is also needed for appl_report() to gather its own information. OK tb@
Revision 1.31 / (download) - annotate - [select for diffs], Wed Nov 8 19:46:28 2023 UTC (6 months, 3 weeks ago) by martijn
Branch: MAIN
Changes since 1.30: +18 -1 lines
Diff to previous 1.30 (colored)
export SNMP-TARGET-MIB::{snmpUnavailableContexts,snmpUnknownContexts}
via application_internal.
OK tb@
Revision 1.30 / (download) - annotate - [select for diffs], Mon Nov 6 11:02:57 2023 UTC (6 months, 3 weeks ago) by martijn
Branch: MAIN
Changes since 1.29: +101 -1 lines
Diff to previous 1.29 (colored)
Readd the sysORTable based on the new struct appl_agentcap. OK tb@
Revision 1.29 / (download) - annotate - [select for diffs], Mon Nov 6 11:00:46 2023 UTC (6 months, 3 weeks ago) by martijn
Branch: MAIN
Changes since 1.28: +122 -1 lines
Diff to previous 1.28 (colored)
Allow agent capabilities to be stored on a per appl_context basis.
This is needed for AgentX's {add,remove}agentcaps, and the sysORTable.
OK tb@
Revision 1.28 / (download) - annotate - [select for diffs], Sat Nov 4 09:22:52 2023 UTC (6 months, 3 weeks ago) by martijn
Branch: MAIN
Changes since 1.27: +3 -1 lines
Diff to previous 1.27 (colored)
Introduce application_internal.c. This backend is meant to replace application_legacy.c, mps.c, and mib.c. This commit just introduces the backend. The existing MIBs inside mib.c will be copied over in subsequent commits. OK tb@
Revision 1.27 / (download) - annotate - [select for diffs], Sun Oct 29 11:20:06 2023 UTC (7 months ago) by martijn
Branch: MAIN
Changes since 1.26: +5 -7 lines
Diff to previous 1.26 (colored)
When doing a get{next,bulk} below an instance we must move the OID to
the next sibling. Not simply copying over the value of the next to use
region, since that might be the parent and we would walk backwards in
the tree.
OK tb@
Revision 1.26 / (download) - annotate - [select for diffs], Sun Oct 29 11:12:57 2023 UTC (7 months ago) by martijn
Branch: MAIN
Changes since 1.25: +3 -3 lines
Diff to previous 1.25 (colored)
searchrange.end is non-inclusive. Adjust the tests for that. OK tb@
Revision 1.25 / (download) - annotate - [select for diffs], Fri Oct 27 10:32:11 2023 UTC (7 months ago) by martijn
Branch: MAIN
Changes since 1.24: +4 -10 lines
Diff to previous 1.24 (colored)
If an invalid varbindlist was returned by a backend we would call appl_request_upstream_resolve() twice where the first call would already return a reply and free the upstream request, leading to a use after free. Make appl_request_downstream_free() call appl_request_upstream_resolve() unconditionally and remove the call from appl_response(). OK tb@
Revision 1.24 / (download) - annotate - [select for diffs], Tue Oct 24 14:21:58 2023 UTC (7 months, 1 week ago) by martijn
Branch: MAIN
Changes since 1.23: +4 -1 lines
Diff to previous 1.23 (colored)
FC3416 section 4.2.1 (and others) tells us that if an error occurs the varbindlist in the response must be identical to the original request. OK tb@
Revision 1.23 / (download) - annotate - [select for diffs], Tue Oct 24 14:19:44 2023 UTC (7 months, 1 week ago) by martijn
Branch: MAIN
Changes since 1.22: +38 -1 lines
Diff to previous 1.22 (colored)
Certain error codes are only intended for certain request-types. Add an appl_error_valid() function to test for this. OK tb@
Revision 1.22 / (download) - annotate - [select for diffs], Tue Oct 24 14:17:20 2023 UTC (7 months, 1 week ago) by martijn
Branch: MAIN
Changes since 1.21: +30 -22 lines
Diff to previous 1.21 (colored)
If a backend registers as an instance it must never return OIDs below their registration. Add a test for this in appl_varbind_valid(). OK and minor nit tb@
Revision 1.21 / (download) - annotate - [select for diffs], Tue Oct 24 14:06:00 2023 UTC (7 months, 1 week ago) by martijn
Branch: MAIN
Changes since 1.20: +8 -1 lines
Diff to previous 1.20 (colored)
When returning an endOfMibView we must always set it on the requested OID. OK tb@
Revision 1.20 / (download) - annotate - [select for diffs], Tue Oct 24 13:50:47 2023 UTC (7 months, 1 week ago) by martijn
Branch: MAIN
Changes since 1.19: +37 -35 lines
Diff to previous 1.19 (colored)
Fix appl_unregister() when called with range_subid set to !0. OK tb@
Revision 1.19 / (download) - annotate - [select for diffs], Tue Oct 24 13:46:11 2023 UTC (7 months, 1 week ago) by martijn
Branch: MAIN
Changes since 1.18: +13 -12 lines
Diff to previous 1.18 (colored)
Fix appl_register() when called with range_subid set to !0. OK tb@
Revision 1.18 / (download) - annotate - [select for diffs], Tue Oct 24 13:28:11 2023 UTC (7 months, 1 week ago) by martijn
Branch: MAIN
Changes since 1.17: +2 -2 lines
Diff to previous 1.17 (colored)
Always check if the context is available inside appl_agentx_recv(). Not every PDU goes through application.c. OK tb@
Revision 1.17 / (download) - annotate - [select for diffs], Tue Dec 20 20:04:55 2022 UTC (17 months, 1 week ago) by martijn
Branch: MAIN
CVS Tags: OPENBSD_7_4_BASE,
OPENBSD_7_4,
OPENBSD_7_3_BASE,
OPENBSD_7_3
Changes since 1.16: +5 -5 lines
Diff to previous 1.16 (colored)
Make ar[du]_{nonrepeaters,maxrepetitions} uint16_t instead of int16_t.
snmp uses signed 32 bits integers and agentx uses unsigned 16 bits
integers. I somehow ended up somewhere in between.
OK sthen@, kn@
Revision 1.16 / (download) - annotate - [select for diffs], Tue Sep 13 10:22:07 2022 UTC (20 months, 2 weeks ago) by martijn
Branch: MAIN
CVS Tags: OPENBSD_7_2_BASE,
OPENBSD_7_2
Changes since 1.15: +6 -3 lines
Diff to previous 1.15 (colored)
varbind was designed to allow both a ber NULL and a NULL pointer for value. The ber NULL case is there for when it was received via a PDU. The NULL pointer case can happen if application.c runs into a timeout or when a backend runs into problems. The NULL pointer case however was overlooked in appl_varbind_valid and results in an "missing value" error, (needlessly) terminating the connection to the backend. Found the hard way by Mischa Peters while stress testing agentx support for vmd. OK tb@, sthen@
Revision 1.15 / (download) - annotate - [select for diffs], Wed Aug 31 09:19:22 2022 UTC (21 months ago) by martijn
Branch: MAIN
Changes since 1.14: +32 -24 lines
Diff to previous 1.14 (colored)
Rewrite the searchrange end calculation routine. The old one had a bug which allowed it to move backwards on overlapping regions and also didn't always returned the optimal end position. OK tb@
Revision 1.14 / (download) - annotate - [select for diffs], Tue Aug 30 17:37:03 2022 UTC (21 months ago) by martijn
Branch: MAIN
Changes since 1.13: +2 -2 lines
Diff to previous 1.13 (colored)
Remove now unused search variable. Missed in previous. OK tb@
Revision 1.13 / (download) - annotate - [select for diffs], Tue Aug 30 17:33:20 2022 UTC (21 months ago) by martijn
Branch: MAIN
Changes since 1.12: +1 -9 lines
Diff to previous 1.12 (colored)
Remove the downwards check for overlapping regions when the subtree flag is set. There's a bit of inverted logic in there and this feature will probably get in the way of the blocklist feature (and maybe others) OK tb@
Revision 1.12 / (download) - annotate - [select for diffs], Mon Aug 29 18:05:08 2022 UTC (21 months ago) by martijn
Branch: MAIN
Changes since 1.11: +5 -3 lines
Diff to previous 1.11 (colored)
Allow overlapping regions (if subtree claim flag is set) when the backends are identical. OK tb@
Revision 1.11 / (download) - annotate - [select for diffs], Mon Aug 29 18:02:37 2022 UTC (21 months ago) by martijn
Branch: MAIN
Changes since 1.10: +11 -10 lines
Diff to previous 1.10 (colored)
Make sure oidbuf is initialized when we hit the overlap case. OK tb@
Revision 1.10 / (download) - annotate - [select for diffs], Mon Aug 29 13:25:18 2022 UTC (21 months ago) by martijn
Branch: MAIN
Changes since 1.9: +9 -3 lines
Diff to previous 1.9 (colored)
When there are two overlapping regions handled by the same backend we might traverse back in the tree; Make sure this doesn't happen. OK tb@
Revision 1.9 / (download) - annotate - [select for diffs], Mon Aug 29 13:23:32 2022 UTC (21 months ago) by martijn
Branch: MAIN
Changes since 1.8: +10 -2 lines
Diff to previous 1.8 (colored)
When a backend disappears while handling a request, make sure that the outstanding requests are handled by the next backend, instead of leaking memory. OK tb@
Revision 1.8 / (download) - annotate - [select for diffs], Mon Aug 29 13:19:05 2022 UTC (21 months ago) by martijn
Branch: MAIN
Changes since 1.7: +33 -28 lines
Diff to previous 1.7 (colored)
Let snmpd check a response package against the requested searchrange end. If the returned OID is beyond the searchrange end we have two cases: - If the backend supports searchranges (agentx) we generate a GENERR and close the connection. - If the backend doesn't support searchranges (legacy and maybe a future snmp proxy) we simply fix-up the result. OK tb@
Revision 1.7 / (download) - annotate - [select for diffs], Tue Aug 23 08:56:20 2022 UTC (21 months, 1 week ago) by martijn
Branch: MAIN
Changes since 1.6: +12 -1 lines
Diff to previous 1.6 (colored)
(Re)add support for agentx in snmpd Current omissions in protocol support are notifications, index (de)allocation, and agent capabilities. Help testing sthen@ Feedback/tweaks/OK jmatthew@
Revision 1.6 / (download) - annotate - [select for diffs], Thu Jun 30 11:28:36 2022 UTC (23 months ago) by martijn
Branch: MAIN
Changes since 1.5: +3 -1 lines
Diff to previous 1.5 (colored)
Introduce a blocklist backend and keyword. This allows the admin to specify a full region of the OID tree to be blocked and simply returns NOSUCHOBJECT/ENDOFMIBVIEW. This deprecates filter-pf-addresses in favour of: blocklist pfTblAddrTable OK tb@
Revision 1.5 / (download) - annotate - [select for diffs], Mon Jun 27 10:31:17 2022 UTC (23 months ago) by martijn
Branch: MAIN
Changes since 1.4: +57 -49 lines
Diff to previous 1.4 (colored)
Mostly rewrite appl_request_upstream_reply. The old code had a potential off by one underflow, which is unlikely to be hit with the current builtin backend, and didn't show the returned varbindlist correct. OK sthen@
Revision 1.4 / (download) - annotate - [select for diffs], Mon Jun 27 10:25:32 2022 UTC (23 months ago) by martijn
Branch: MAIN
Changes since 1.3: +3 -1 lines
Diff to previous 1.3 (colored)
Initialize oidbuf and regionbuf when registering a region in appl_region. This prevents us from spewing garbage on error. regionbuf case pointed out by tb@ OK deraadt@ tb@
Revision 1.3 / (download) - annotate - [select for diffs], Tue Feb 22 15:59:13 2022 UTC (2 years, 3 months ago) by martijn
Branch: MAIN
CVS Tags: OPENBSD_7_1_BASE,
OPENBSD_7_1
Changes since 1.2: +2 -2 lines
Diff to previous 1.2 (colored)
requestid is a 32 bit integer, make sure that we request that with ober_scanf_elements. Found the hard way on octeon and patch tested by sebastian <at> rostwald <dot> de OK tb
Revision 1.2 / (download) - annotate - [select for diffs], Sun Jan 30 13:27:39 2022 UTC (2 years, 4 months ago) by martijn
Branch: MAIN
Changes since 1.1: +3 -2 lines
Diff to previous 1.1 (colored)
Add missing NULL check. OK benno@
Revision 1.1 / (download) - annotate - [select for diffs], Wed Jan 19 10:59:35 2022 UTC (2 years, 4 months ago) by martijn
Branch: MAIN
Add the new application layer. Changes include: - Asynchronous design, which should allow us to cleanly implement agentx support. - Cluster requests when sending them to backends - Return a better error code in a lot of cases. - Allow bulkget to return row by row instead of column by column (as per RFC3416) - Better SNMPv1 mapping as per RFC3584 - Allow registration of overlapping regions. - Stricter OID comparison. - We loose write support. Previous write support didn't guarantee atomicity, wasn't persistent across restarts and didn't implement anything useful. This can be added later if it's missed. - This is quite a bit slower, but this should clear up once the current mps.c and mib.c code gets pushed out. Other tricks could help speed things up, but I don't want to resort to extra tricks if it's not needed. - More detailed debugging output. This commit is stand-alone and gets hooked in with the following commit. "Looks good at first glance" benno@ minor issues pointed out by and OK jmatthew@ Performance loss aceptable to sthen@ tested as part of larger diff by sthen@ and Joel Carnat