Date: Mon, 8 Apr 2013 15:05:58 +0300 From: Shteryana Shopova <syrinx@FreeBSD.org> To: lev@freebsd.org Cc: "freebsd-net@FreeBSD.org" <freebsd-net@freebsd.org>, Harti Brandt <hartmut.brandt@dlr.de>, Harti Brandt <harti@freebsd.org> Subject: Re: BSNMPD: several (cosmetic?) problems Message-ID: <CAExw9961whpk=b-y9nrK2eHDJGa=meny4VSO41JbV9dvmBT3ww@mail.gmail.com> In-Reply-To: <1192096458.20130408155124@serebryakov.spb.ru> References: <563362676.20130407121102@serebryakov.spb.ru> <alpine.BSF.2.00.1304081338160.34115@KNOP-BEAGLE.kn.op.dlr.de> <1192096458.20130408155124@serebryakov.spb.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] Hi, The patch in question can be found at http://people.freebsd.org/~syrinx/snmp/libbsnmp-20121029-01.diff , I am also attaching it to this e-mail. I didn't commit it yet, since I did not manage to get it properly reviewed or get confirmation from Harti that it solved his problem. Error responses worked fine when I last tested the patch, but it's always good to receive feedback from other testers. cheers, Shteryana On Mon, Apr 8, 2013 at 2:51 PM, Lev Serebryakov <lev@freebsd.org> wrote: > Hello, Harti. > You wrote 8 апреля 2013 г., 15:40:07: > > LS>>(1) I have a lot of "could not encode error response" in > LS>>/var/log/messages after change of hardware. It looks like, every > LS>>request from mrtg for "unexistent" interface leads to this message. > LS>>I'll reconfigure mrtg, of course, but it is annoying. > HB> I think this is a problem I have already got a patch for from Steryana, > HB> but did not manage yet to test. If it is that problem, then it is not > HB> entirely cosmetic, because the daemon fails to send error responses in > HB> many cases. > Could you send this patch to me for test? > > -- > // Black Lion AKA Lev Serebryakov <lev@FreeBSD.org> > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > [-- Attachment #2 --] Index: snmp.h =================================================================== --- snmp.h (revision 241685) +++ snmp.h (working copy) @@ -182,7 +182,7 @@ /* fixes for encoding */ size_t outer_len; - size_t scoped_len; + asn_len_t scoped_len; u_char *outer_ptr; u_char *digest_ptr; u_char *encrypted_ptr; Index: snmpagent.c =================================================================== --- snmpagent.c (revision 241685) +++ snmpagent.c (working copy) @@ -166,7 +166,7 @@ } static void -snmp_pdu_create_response(struct snmp_pdu *pdu, struct snmp_pdu *resp) +snmp_pdu_create_response(const struct snmp_pdu *pdu, struct snmp_pdu *resp) { memset(resp, 0, sizeof(*resp)); strcpy(resp->community, pdu->community); @@ -952,19 +952,58 @@ snmp_make_errresp(const struct snmp_pdu *pdu, struct asn_buf *pdu_b, struct asn_buf *resp_b) { + u_char type; asn_len_t len; struct snmp_pdu resp; enum asn_err err; enum snmp_code code; - memset(&resp, 0, sizeof(resp)); + snmp_pdu_create_response(pdu, &resp); + if ((code = snmp_pdu_decode_header(pdu_b, &resp)) != SNMP_CODE_OK) return (SNMP_RET_IGN); - if (pdu_b->asn_len < len) - return (SNMP_RET_IGN); - pdu_b->asn_len = len; + if (pdu->version == SNMP_V3) { + if (resp.user.priv_proto != SNMP_PRIV_NOPRIV && + (asn_get_header(pdu_b, &type, &resp.scoped_len) != ASN_ERR_OK + || type != ASN_TYPE_OCTETSTRING)) { + snmp_error("cannot decode encrypted pdu"); + return (SNMP_CODE_FAILED); + } + if (asn_get_sequence(pdu_b, &len) != ASN_ERR_OK) { + snmp_error("cannot decode scoped pdu header"); + return (SNMP_CODE_FAILED); + } + + len = SNMP_ENGINE_ID_SIZ; + if (asn_get_octetstring(pdu_b, (u_char *)resp.context_engine, + &len) != ASN_ERR_OK) { + snmp_error("cannot decode msg context engine"); + return (SNMP_CODE_FAILED); + } + resp.context_engine_len = len; + len = SNMP_CONTEXT_NAME_SIZ; + if (asn_get_octetstring(pdu_b, (u_char *)resp.context_name, + &len) != ASN_ERR_OK) { + snmp_error("cannot decode msg context name"); + return (SNMP_CODE_FAILED); + } + resp.context_name[len] = '\0'; + } + + + if (asn_get_header(pdu_b, &type, &len) != ASN_ERR_OK) { + snmp_error("cannot get pdu header"); + return (SNMP_CODE_FAILED); + } + + if ((type & ~ASN_TYPE_MASK) != + (ASN_TYPE_CONSTRUCTED | ASN_CLASS_CONTEXT)) { + snmp_error("bad pdu header tag"); + return (SNMP_CODE_FAILED); + } + err = snmp_parse_pdus_hdr(pdu_b, &resp, &len); if (ASN_ERR_STOPPED(err)) return (SNMP_RET_IGN);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAExw9961whpk=b-y9nrK2eHDJGa=meny4VSO41JbV9dvmBT3ww>