From owner-freebsd-net@FreeBSD.ORG Tue Feb 14 14:57:03 2006 Return-Path: X-Original-To: freebsd-net@FreeBSD.org Delivered-To: freebsd-net@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C318116A422; Tue, 14 Feb 2006 14:57:03 +0000 (GMT) (envelope-from Hartmut.Brandt@dlr.de) Received: from smtp-3.dlr.de (smtp-3.dlr.de [195.37.61.187]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3057F43D5F; Tue, 14 Feb 2006 14:56:56 +0000 (GMT) (envelope-from Hartmut.Brandt@dlr.de) Received: from beagle.kn.op.dlr.de ([129.247.173.6]) by smtp-3.dlr.de over TLS secured channel with Microsoft SMTPSVC(6.0.3790.211); Tue, 14 Feb 2006 15:56:54 +0100 Date: Tue, 14 Feb 2006 15:56:55 +0100 (CET) From: Harti Brandt X-X-Sender: brandt_h@beagle.kn.op.dlr.de To: Anders Nordby In-Reply-To: <20060214105821.GA47035@totem.fix.no> Message-ID: <20060214154833.I5083@beagle.kn.op.dlr.de> References: <20060206092443.GA61116@totem.fix.no> <20060207141131.GU877@FreeBSD.org> <20060213173008.GA14643@totem.fix.no> <20060214090531.X5083@beagle.kn.op.dlr.de> <20060214083010.GB41864@totem.fix.no> <20060214093513.F5083@beagle.kn.op.dlr.de> <20060214084459.GL86448@cell.sick.ru> <20060214103723.GA45138@totem.fix.no> <20060214103901.GB68308@cell.sick.ru> <20060214105821.GA47035@totem.fix.no> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-OriginalArrivalTime: 14 Feb 2006 14:56:54.0614 (UTC) FILETIME=[E518AF60:01C63176] Cc: freebsd-net@FreeBSD.org, Gleb Smirnoff , kuriyama@FreeBSD.org, demon@FreeBSD.org Subject: Re: bsnmpd (was: 64-bit SNMP counters for FreeBSD && graphing bandwidth usage) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Harti Brandt List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Feb 2006 14:57:03 -0000 On Tue, 14 Feb 2006, Anders Nordby wrote: AN>On Tue, Feb 14, 2006 at 01:39:01PM +0300, Gleb Smirnoff wrote: AN>> A> I should make a list of "what bsnmpd needs" to be more usable, in case AN>> A> Harti is interested. ;-P AN>> Where is such list? AN> AN>Some things popping off my mind: AN> AN>- Ability to run as a different user. I suppose we should add a snmp AN>user to the base system. Running as root is not OK, when it is not AN>necessary (net-snmp snmpd can run as a different user, it has a related AN>-r option to not exit if it has privilege problems). AN> AN>- Ability to chroot itself (yes please, for security). I don't have enough rc-foo for this. Perhaps someone can jump in here? AN>- Ability to execute programs and return values on given OIDs, and also AN>cache their results so that the programs doesn't have to be run for AN>every time. It's necessary to cache values to avoid running resource AN>intensive scripts/programs more than necessary. Sounds interesting and is certainly doable. AN>I am using net-snmp snmpd mostly currently, but consider switching as I AN>now can get my 64-bit counters from bsnmpd. It seems net-snmp snmpd can AN>not give ifHCInOctets/ifHCOutOctets (Counter64) in FreeBSD yet. At least AN>the exec issue above must be resolved for me to switch to bsnmpd. AN> AN>Oh, and a couple of questions. If I only want read access enabled, is AN>commenting "write :=" and "trap :=" out all that is necessary? If not, AN>how do I do it? Normally, I only want to read from my SNMP agents. I AN>would prefer to have trap/write disabled completely. Two or three weeks ago I committed a patch that sets the default communities to NULL and comments out the corresponding lines in the config file. In this configuration the daemon ignores all incoming messages. If you then just set the read community, it gets read-only. You definitely need rev 1.1.1.11 or later of snmpd/main.c. The trap community is only for outgoing traps. AN>Another thing. The trap support in bsnmpd, it's only for forwarding AN>traps? Does bsnmpd have, or will it ever get an ability to generate AN>traps upon failures in FreeBSD? No, trap support is only for sending traps. There is a begemotTrapSinkTable where you configure all trap destinations. The distributed config file populates just one row of it. Each trap is then send to all destinations. Currently the only traps that are ever sent are: - authentication traps (if enabled) sent by the daemon itself - linkUp and linkDown traps from snmp_mibII harti