Quote snmp v2c community #2927

Merged
merged 1 commit into from Feb 5, 2016

Projects

None yet

3 participants

@adaniels21487
Contributor
  • Quote the SNMP v2c community, v3 is already quoted.
  • Change the snmpver to double quotes for consistency.

Fixes #2448

@adaniels21487 adaniels21487 - Quote the SNMP v2c community, v3 is already quoted.
- Change the snmpver to double quotes for consistency.
4ff9248
@laf laf merged commit 3f8ecc5 into librenms:master Feb 5, 2016

1 of 2 checks passed

Auto-Deploy Triggered
Details
Scrutinizer No new issues
Details
@snis
snis commented on 4ff9248 Feb 6, 2016

This commit made many of my Procurve switches to go down...

Log from switch.
00236 snmp: ST3-CMDR: Security access violation from [librenms] for the community name or user name : xxxxxxx (11 times in 60 seconds)

@adaniels21487
Contributor

Hi @snis,
When you say many, does that mean you have some Procurves that arent affected by this?

When I saw your message, I suspected that net-snmp may send the quotes and leave it to the device to strip them, so I did some packet captures and this does not appear to be the case.

When I run the following commands:
/usr/bin/snmpget -v2c -c public -OQnUs udp:192.168.174.3:161 .1.3.6.1.2.1.1.3.0 iso.3.6.1.2.1.1.3.0 = 3:5:44:07.80 /usr/bin/snmpget -v2c -c 'public' -OQnUs udp:192.168.174.3:161 .1.3.6.1.2.1.1.3.0 iso.3.6.1.2.1.1.3.0 = 3:5:44:14.47

I see the following tcpdump:
tcpdump -vv -A -T snmp host 192.168.174.3 06:39:37.492414 IP (tos 0x0, ttl 64, id 40401, offset 0, flags [DF], proto UDP (17), length 71) dev.laptop.43168 > 192.168.174.3.snmp: { SNMPv2c { GetRequest(28) R=1174375295 system.sysUpTime.0 } } E..G..@.@..k.............3..0).....public....E.........0.0...+......... 06:39:44.162178 IP (tos 0x0, ttl 64, id 42054, offset 0, flags [DF], proto UDP (17), length 71) dev.laptop.33442 > 192.168.174.3.snmp: { SNMPv2c { GetRequest(28) R=1972552625 system.sysUpTime.0 } } E..G.F@.@................3..0).....public....u.........0.0...+.........

These requests, quoted and unquoted, both look the same in wireshark.
quotedsnmp.zip

Are you able to perform a similar test to confirm if your net-snmp is changing what is sent on the wire for quoted and unquoted?

Thanks,
Aaron

@snis
snis commented Feb 7, 2016

@adaniels21487 as usual I acted fast and reverted this commit localy after having recieved more than 1600 alerts on devices down. The change only affected Procurve (HP 2920 and 5300), not other devices, ie Extreme, Aruba, Fortigate or HP Comware. I think i was all of the Procurve switches.

...oooh facepalm

Now when I was about to do some packet captures I went to LibreNMS to copy the SNMP community name, guess what I discovered: A space character in front of the community " xxxxx".

The flaws of copy / paste

@adaniels21487
Contributor

Awesome, glad its resolved.

@adaniels21487 adaniels21487 deleted the adaniels21487:issue-2448 branch Feb 8, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment