SNMPv3 Username is not handled in snmpget.py

[paulitoweb]

I have experienced an issue using SNMPv3, performing a snmpget:

$ snmpget.py -v3 -l authPriv -u snmptestuser -a SHA -A MyPassw0rd -x DES -X MyPassw0rd \ 192.168.0.185  .1.3.6.1.4.1.193.183.4.1.3.1.0

and running tcpdump:

$ sudo tcpdump -vv -nn -T snmp -i any udp port 161
tcpdump: listening on any, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes
10:29:23.041875 IP (tos 0x0, ttl 64, id 48591, offset 0, flags [DF], proto UDP (17), length 90)
    10.0.2.15.33652 > 192.168.0.185.161:  { SNMPv3 { F= } { USM B=0 T=0 U="" } { ScopedPDU E= C="" { GetRequest(13) R=3486371  } } } 
10:29:24.055095 IP (tos 0x0, ttl 64, id 48761, offset 0, flags [DF], proto UDP (17), length 90)
    10.0.2.15.33652 > 192.168.0.185.161:  { SNMPv3 { F= } { USM B=0 T=0 U="" } { ScopedPDU E= C="" { GetRequest(13) R=3486372  } } } 
10:29:25.058611 IP (tos 0x0, ttl 64, id 48972, offset 0, flags [DF], proto UDP (17), length 90)
    10.0.2.15.33652 > 192.168.0.185.161:  { SNMPv3 { F= } { USM B=0 T=0 U="" } { ScopedPDU E= C="" { GetRequest(13) R=3486373  } } } 
10:29:26.063067 IP (tos 0x0, ttl 64, id 49191, offset 0, flags [DF], proto UDP (17), length 90)
    10.0.2.15.33652 > 192.168.0.185.161:  { SNMPv3 { F= } { USM B=0 T=0 U="" } { ScopedPDU E= C="" { GetRequest(13) R=3486374  } } } 
10:29:27.067360 IP (tos 0x0, ttl 64, id 49271, offset 0, flags [DF], proto UDP (17), length 90)
    10.0.2.15.33652 > 192.168.0.185.161:  { SNMPv3 { F= } { USM B=0 T=0 U="" } { ScopedPDU E= C="" { GetRequest(13) R=3486375  } } }` 

I see the USM is not contaning the user ({ USM B=0 T=0 U="" }), the engineID is not discovered and the request goes in timeout with no response.

What I expect to see (using another snmp client) is something like this:
`15:43:34.323357 IP (tos 0x0, ttl 62, id 7797, offset 0, flags [DF], proto UDP (17), length 92)
    100.93.92.190.51762 > 10.247.246.211.35161:  { SNMPv3 { F=r } { USM B=0 T=0 U= } { ScopedPDU E=  C= { GetRequest(14) R=1584950095  } } } 
15:43:34.323967 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 149)
    10.247.246.211.35161 > 100.93.92.190.51762:  { SNMPv3 { F= } { USM B=0 T=0 U= } { ScopedPDU E= 0x800x000x130x700x040x450x4E0x4D0x2D0x4E0x420x2D0x490x6E0x740x650x720x660x610x630x65 C= { Report(29) R=0  .1.3.6.1.6.3.15.1.1.4.0=177 } } } 
15:43:34.388796 IP (tos 0x0, ttl 62, id 7798, offset 0, flags [DF], proto UDP (17), length 168)
    100.93.92.190.51762 > 10.247.246.211.35161:  { SNMPv3 { F=r } { USM B=0 T=0 U=snmptestuser } { ScopedPDU E= 0x800x000x130x700x040x450x4E0x4D0x2D0x4E0x420x2D0x490x6E0x740x650x720x660x610x630x65 C= { GetRequest(34) R=1584950094  .1.3.6.1.4.1.193.183.4.1.3.1.0 } } } 
15:43:34.389898 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 170)
    10.247.246.211.35161 > 100.93.92.190.51762:  { SNMPv3 { F= } { USM B=0 T=0 U=snmptestuser } { ScopedPDU E= 0x800x000x130x700x040x450x4E0x4D0x2D0x4E0x420x2D0x490x6E0x740x650x720x660x610x630x65 C= { GetResponse(36) R=1584950094  .1.3.6.1.4.1.193.183.4.1.3.1.0=193 } } } 

Where the USM is populated.

Regards, Paolo

[etingof]

The initial SNMP request seems valid to me. What's unclear is why the peer is not engaging in SNMP engine discovery exchange. Is it responsive at all?

If you add some debugging options to snmpget.py, that would shed some light on what's going out.

Also, make sure you are running the latest released snmpclitools alone with pysnmp.

[paulitoweb]

Hi Ilya, the peer actually is responsive, I double checked also using iReasoning Mib browser and tracing with tcpdump on peer vm (this time on port 35161): 16:13:28.847268 IP (tos 0x0, ttl 127, id 6803, offset 0, flags [none], proto UDP (17), length 99) 100.93.92.190.52202 > 10.247.246.211.35161: { SNMPv3 { F=r } { USM B=0 T=0 U=initial } { ScopedPDU E= C= { GetRequest(14) R=1272885250 } } } 16:13:28.847776 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 156) 10.247.246.211.35161 > 100.93.92.190.52202: { SNMPv3 { F= } { USM B=0 T=0 U=initial } { ScopedPDU E= 0x800x000x130x700x040x450x4E0x4D0x2D0x4E0x420x2D0x490x6E0x740x650x720x660x610x630x65 C= { Report(29) R=0 .1.3.6.1.6.3.15.1.1.4.0=262 } } } 16:13:28.948607 IP (tos 0x0, ttl 127, id 6804, offset 0, flags [none], proto UDP (17), length 160) 100.93.92.190.52202 > 10.247.246.211.35161: { SNMPv3 { F=ar } { USM B=0 T=0 U=snmptestuser3 } { ScopedPDU E= 0x800x000x130x700x040x450x4E0x4D0x2D0x4E0x420x2D0x490x6E0x740x650x720x660x610x630x65 C= { GetRequest(14) R=1272885252 } } } 16:13:28.949200 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 176) 10.247.246.211.35161 > 100.93.92.190.52202: { SNMPv3 { F=a } { USM B=3 T=199689 U=snmptestuser3 } { ScopedPDU E= 0x800x000x130x700x040x450x4E0x4D0x2D0x4E0x420x2D0x490x6E0x740x650x720x660x610x630x65 C= { Report(28) R=0 .1.3.6.1.6.3.15.1.1.2.0=2 } } } 16:13:29.067773 IP (tos 0x0, ttl 127, id 6805, offset 0, flags [none], proto UDP (17), length 193) 100.93.92.190.52202 > 10.247.246.211.35161: { SNMPv3 { F=apr } { USM B=3 T=199689 U=snmptestuser3 } { ScopedPDU [!scoped PDU]fc_ad_de_e8_88_08_47_7e_c7_6e_ab_68_5c_9b_66_cb_9f_49_6a_21_1f_d3_e8_91_21_af_ad_af_2e_73_5f_9a_42_cb_75_cb_64_c3_e2_e2_8d_a3_79_99_22_5e_1d_2f_f0_42_76_14_ac_db_78_4b_d4_e1_2a_23_7b_15_d9_fe} } 16:13:29.070703 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 201) 10.247.246.211.35161 > 100.93.92.190.52202: { SNMPv3 { F=ap } { USM B=3 T=199689 U=snmptestuser3 } { ScopedPDU [!scoped PDU]36_10_51_52_e9_e1_f2_a4_a3_d8_54_24_85_d0_8e_c1_80_e4_49_9e_ff_b1_85_76_b1_9d_ca_fc_f6_a4_4e_91_20_78_b1_66_8c_1a_0e_67_0e_f8_b8_58_dc_1e_a1_ec_d2_1a_bc_f9_0e_61_f7_f2_28_0b_13_58_83_fd_ee_1b_af_2d_b3_aa_4a_91_c0_d1} } Attached also the full log command. regards, Paolo snmpget.py.log.zip

[etingof]

Apparently, you've hit a bug in pysnmp! \o/

This commit hopefully fixes this. Please, upgrade to the latest released pysnmp and try again.