Spoof Source Address for SNMP Trap on 4.4.12

[amartiresST]

Hi, I have a script developed on a previous release of PySNMP and I need to use it on a server that has 4.4.12 installed. I tried it and it doesn't work.

I'm following this example. when i create sendRequesHandle, ntfOrg.sendVarbinds() is returning "None". So, nothing is sent...

Debug gives me this:

2019-11-04 16:15:52,720 pysnmp: sendVarBinds: notificationHandle 334601359, notifyTag all-my-managers yields: transportDomain 1.3.6.1.6.1.1, transportAddress ('192.168.50.20', 162), securityModel 1, securityName my-area, securityLevel noAuthNoPriv

2019-11-04 16:15:52,720 pysnmp: isAccessAllowed: securityModel 1, securityName my-area, securityLevel noAuthNoPriv, viewType notify, contextName  for variableName 1.3.6.1.2.1.1.1.0

2019-11-04 16:15:52,720 pysnmp: StatusInformation: {'errorIndication': NoSuchContext('SNMP context now found',)}

2019-11-04 16:15:52,721 pysnmp: sendVarBinds: ACL denied access for OID 1.3.6.1.2.1.1.1.0 securityName my-area, droppping notification

I would say that the problem is related with "ACL denied access for OID"

Can anyone give me a hint? Thanks!

PS: Sorry about all the edits... I'm trying to make this clearer and I'm also learning as I try out stuff.

[etingof]

I suspect you are missing some VACM configuration pieces like:

config.addContext(snmpEngine, '')
config.addVacmUser(snmpEngine, 1, 'my-area', 'noAuthNoPriv', (), (), (1, 3, 6))

Or have them configured for different user/OIDs/SNMP version etc...

If you could share a minimal version of your implementation that fails that way - that would be way easier to troubleshoot.

BTW, whatever sendVarBinds returns might not indicate a success or failure.

[JonathanHsuHH]

Hi, I met the same problem with amartiresST. SNMP v3 notification doesn't work after upgrade pysnmp to new version (release version 4.4.11).

After make small modification based on the next example, https://github.com/etingof/pysnmp/blob/b9a7b9c955df98b1e5eec250f418c3df3b7d0199/examples/v3arch/asyncore/agent/ntforg/v3-trap.py

I get the same debug info:

2019-12-04 11:35:59,737 pysnmp: running pysnmp version 4.4.11 2019-12-04 11:35:59,737 pysnmp: debug category 'acl' enabled 2019-12-04 11:35:59,737 pysnmp: debug category 'app' enabled 2019-12-04 11:35:59,782 pysnmp: SnmpEngine: using custom SNMP Engine ID: 0x8000000001020304 2019-12-04 11:35:59,782 pysnmp: SnmpEngine: using persistent directory: /tmp/pysnmp/0x8000000001020304 2019-12-04 11:35:59,783 pysnmp: SnmpEngine: could not stored SNMP Engine Boots: [Errno 13] Permission denied: '/tmp/pysnmp/0x8000000001020304/tmpwx07rjr8' 2019-12-04 11:35:59,860 pysnmp: sendVarBinds: notificationTarget my-notification, contextEngineId , contextName "", varBinds [((1, 3, 6, 1, 6, 1, 1, 1, 4, 0), <ObjectIdentifier value object, tagSet <TagSet object, tags 0:0:6>, payload [1.3.6.1.6.1.1.1.4.0]>), ((1, 3, 6, 1, 6, 1, 1, 1, 4, 0), <OctetString value object, tagSet <TagSet object, tags 0:0:4>, subtypeSpec <ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 0, 65535>>, encoding iso-8859-1, payload [Notificator Example]>)] 2019-12-04 11:35:59,860 pysnmp: sendVarBinds: notificationHandle 333758931, notifyTag all-my-managers, notifyType trap 2019-12-04 11:35:59,863 pysnmp: sendVarBinds: final varBinds [(<ObjectIdentifier value object, tagSet <TagSet object, tags 0:0:6>, payload [1.3.6.1.2.1.1.3.0]>, <SysUpTime value object, tagSet <TagSet object, tags 64:0:3>, subtypeSpec <ConstraintsIntersection object, consts <ValueRangeConstraint object, consts 0, 4294967295>>, payload [0]>), (<ObjectIdentifier value object, tagSet <TagSet object, tags 0:0:6>, payload [1.3.6.1.6.3.1.1.4.1.0]>, <ObjectIdentifier value object, tagSet <TagSet object, tags 0:0:6>, payload [1.3.6.1.6.3.1.1.5.1]>), (<ObjectIdentifier value object, tagSet <TagSet object, tags 0:0:6>, payload [1.3.6.1.6.1.1.1.4.0]>, <ObjectIdentifier value object, tagSet <TagSet object, tags 0:0:6>, payload [1.3.6.1.6.1.1.1.4.0]>), (<ObjectIdentifier value object, tagSet <TagSet object, tags 0:0:6>, payload [1.3.6.1.6.1.1.1.4.0]>, <OctetString value object, tagSet <TagSet object, tags 0:0:4>, subtypeSpec <ConstraintsIntersection object, consts <ValueSizeConstraint object, consts 0, 65535>>, encoding iso-8859-1, payload [Notificator Example]>)] 2019-12-04 11:35:59,863 pysnmp: sendVarBinds: notificationHandle 333758931, notifyTag all-my-managers yields: transportDomain 1.3.6.1.6.1.1, transportAddress ('10.245.2.50', 162), securityModel 3, securityName usr-md5-des, securityLevel authPriv 2019-12-04 11:35:59,864 pysnmp: isAccessAllowed: securityModel 3, securityName usr-md5-des, securityLevel authPriv, viewType notify, contextName for variableName 1.3.6.1.6.1.1.1.4.0 2019-12-04 11:35:59,864 pysnmp: StatusInformation: {'errorIndication': NoSuchContext('SNMP context now found')} 2019-12-04 11:35:59,864 pysnmp: sendVarBinds: ACL denied access for OID 1.3.6.1.6.1.1.1.4.0 securityName usr-md5-des, droppping notification Notification is scheduled to be sent

[JonathanHsuHH]

I found the proto\acmod\rfc3415.py was reworked in this commit https://github.com/etingof/pysnmp/commit/6c7b09ac88be195db176c37ca7a197265ca978d0 Is there a new available example to use snmp notification for this new version?

[amartiresST]

Here is a sample of my code.

from pysnmp import debug
from pysnmp.entity import engine, config
from pysnmp.carrier.asyncore.dgram import udp
from pysnmp.entity.rfc3413 import ntforg
from pysnmp.proto.api import v2c

src_host = "192.168.1.100" 
dst_host = "192.168.1.101"
dst_port = 162
syslog_msg = ("Dec 13 21:19:10 amt-srv-co7 This is a sylog test message")

snmp_engine = engine.SnmpEngine()
config.addV1System(snmp_engine, "my-area", "public", transportTag="all-my-managers")
config.addTargetParams(snmp_engine, "my-creds", "my-area", "noAuthNoPriv", 1)
config.addTransport(snmp_engine, udp.domainName, udp.UdpSocketTransport().openClientMode())
config.addTargetAddr(snmp_engine, "my-nms", udp.domainName, (dst_host, dst_port), "my-creds", tagList="all-my-managers", sourceAddress=(src_host, 0))
config.addNotificationTarget(snmp_engine, "my-notification", "my-filter", "all-my-managers", "trap")
config.addContext(snmp_engine, "")
config.addVacmUser(snmp_engine, 2, "my-area", "noAuthNoPriv", (), (), (1,3,6))
ntf_org = ntforg.NotificationOriginator()

ostr = v2c.OctetString(syslog_msg) 

varBinds = [((1, 3, 6, 1, 6, 3, 1, 1, 4, 1, 0), v2c.ObjectIdentifier((1, 3, 6, 1, 2, 1, 192, 0, 1))), ((1, 3, 6, 1, 2, 1, 192, 1, 2, 1, 11), ostr)]

send_request_handle = ntf_org.sendVarBinds(snmp_engine, "my-notification", None, "", varBinds, cb_fun)

snmp_engine.transportDispatcher.runDispatcher()

[JonathanHsuHH]

"isAccessAllowed" function return fail because the context name is not existed in "vacmContextEntry". In "addVacmUser" function, a context name was added in vacmContextEntry by "addContext", but the default context name is null. I've tried to add a contextName, and this works fine. config.addVacmUser(snmp_engine, 2, "my-area", "noAuthNoPriv", (), (), (1,3,6), 'aContextName') end_request_handle = ntf_org.sendVarBinds(snmp_engine, "my-notification", None, 'aContextName', varBinds, cb_fun) So is it mandatory to add a context name in the new version?