Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 14 Apr 2018 21:38:15 +0000
From:      bugzilla-noreply@freebsd.org
To:        net@FreeBSD.org
Subject:   [Bug 227502] Unable to add pfsense as monitored target in ntopng
Message-ID:  <bug-227502-7501-29ulxfpo8f@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-227502-7501@https.bugs.freebsd.org/bugzilla/>
References:  <bug-227502-7501@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D227502

Eugene Grosbein <eugen@freebsd.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|New                         |Open
           Assignee|ports-bugs@FreeBSD.org      |harti@FreeBSD.org
                 CC|                            |eugen@freebsd.org,
                   |                            |net@FreeBSD.org

--- Comment #1 from Eugene Grosbein <eugen@freebsd.org> ---
I've reproduced the problem building and running third-party/snmp/test.c fr=
om
net/ntopng source tree. I run bsnmpd in debug mode:

/usr/sbin/bsnmpd -p /var/run/snmpd.pid -d -D dump,trace=3D0x30000000

Incoming SNMPv1 GetRequest as captured and decoded by tcpdump:

04:15:32.993260 IP (tos 0x0, ttl 62, id 21558, offset 0, flags [none], proto
UDP (17), length 81)
    X.X.X.X.46351 > X.X.X.X.Y: [udp sum ok]  { SNMPv1 C=3D"xxxxxxx" {
GetRequest(34) R=3D1  .1.3.6.1.2.1.1.5.0 } }

bsnmpd fails to parse it producing errors:

snmpd[45132]: ASN.1: non-minimal integer at 00 00 00 00 04 07 72 65 77 6f 7=
2 74
68 a0 22 02 04 00 00 00 01 02 04 00 00 00 00 02 04 00 00 00 00 30 0e 30 0c =
06
08 2b 06 01 02 01 01 05 00 05 00
snmpd[45132]: SNMP: cannot decode version

ntopng uses bundled copy of library https://github.com/ejrh/snmp to encode =
SNMP
data into packets and this library seems to produce incorrect DER/ASN.1 pac=
kets
always encoding integers with 4 bytes per value. The library itself is pret=
ty
old, it was not updated for 6 years.

snmpwalk, on the other hand, produces correct requests and bsnmpd answers j=
ust
fine.

It seems, net-snmpd tolerates such standard violation but bsnmpd does not.
Please note that other modern software tend to stick to strict validation t=
oo.=20
For example, golang's library encoding/asn1 rejects such invalid "non-minim=
al
integer encodings" since version 1.7: https://golang.org/doc/go1.7

--=20
You are receiving this mail because:
You are on the CC list for the bug.=

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-227502-7501-29ulxfpo8f>