search

etingof / snmpfwd

SNMP Proxy Forwarder
http://snmplabs.com/snmpfwd/
BSD 2-Clause "Simplified" License
67 stars 18 forks source link

SNMP message timing parameters not in windows of trust #23

Open apsivam opened 6 years ago

apsivam commented 6 years ago

I'm trying to setup SNMP v3 to v2c trap forwarder and getting the error "SNMP message timing parameters not in windows of trust" during testing. I have attached my server & client configurations and debug logs from server & client.

I did some tracing and found the condition given here (in pysnmp) is failing is the root cause.

Please have a look at my configuration and help me understand if any of my configuration is causing the problem or there is a bug in pysnmp.

Environment details:

CentOS 7.5.1804

Python 2.7.5 (in virtualenv)

$ pip list
pip           18.0
ply           3.11
pyasn1        0.4.4
pycryptodomex 3.6.6
pysmi         0.3.1
pysnmp        4.4.5
setuptools    28.8.0
snmpfwd       0.3.3
wheel         0.29.0

Test traps are sent using following command snmptrap -v 3 -e 0x0102030405070809 -l authPriv -u test-user -a MD5 -A authkey1 -x DES -X privkey1 127.0.0.1:1162 12345 1.3.6.1.2.5 sysDescr s myagent

server_debug.log client_debug.log

client.cfg.txt server.cfg.txt

etingof commented 6 years ago

Thank you for raising this issue and providing quality context!

Please, try current master and make sure to configure snmp-security-engine-id in your snmpfwd server to match SNMP engine ID of your SNMPv3 TRAP sender.

Also see this example.

apsivam commented 6 years ago

Thanks for the fix. SNMP v3 with auth+priv is working as it should but this breaks v2c & v1 traps. Please look at the error given below.


2018-09-03 14:34:19,977 ERROR poll error: Traceback (most recent call last):
;  File "/usr/local/lib/python3.7/site-packages/pysnmp/carrier/asyncore/dispatch.py", line 46, in runDispatcher
    use_poll=True, map=self.__sockMap, count=1)
;  File "/usr/local/lib/python3.7/asyncore.py", line 207, in loop
    poll_fun(timeout, map)
;  File "/usr/local/lib/python3.7/asyncore.py", line 188, in poll2
    readwrite(obj, flags)
;  File "/usr/local/lib/python3.7/asyncore.py", line 123, in readwrite
    obj.handle_error()
;  File "/usr/local/lib/python3.7/asyncore.py", line 108, in readwrite
    obj.handle_read_event()
;  File "/usr/local/lib/python3.7/asyncore.py", line 422, in handle_read_event
    self.handle_read()
;  File "/usr/local/lib/python3.7/site-packages/pysnmp/carrier/asyncore/dgram/base.py", line 163, in handle_read
    self._cbFun(self, transportAddress, incomingMessage)
;  File "/usr/local/lib/python3.7/site-packages/pysnmp/carrier/base.py", line 70, in _cbFun
    self, transportDomain, transportAddress, incomingMessage
;  File "/usr/local/lib/python3.7/site-packages/pysnmp/entity/engine.py", line 152, in __receiveMessageCbFun
    self, transportDomain, transportAddress, wholeMsg
;  File "/usr/local/lib/python3.7/site-packages/pysnmp/proto/rfc3412.py", line 433, in receiveMessage
    PDU, maxSizeResponseScopedPDU, stateReference)
;  File "/usr/local/bin/snmpfwd-server.py", line 257, in processPdu
    msgId = trunkingManager.sendReq(trunkId, trunkReq, self.trunkCbFun, cbCtx)
;  File "/usr/local/lib/python3.7/site-packages/snmpfwd/trunking/manager.py", line 32, in sendReq
    return trunk.sendReq(req, cbFun, cbCtx)
;  File "/usr/local/lib/python3.7/site-packages/snmpfwd/trunking/client.py", line 48, in sendReq
    self.send(protocol.prepareRequestData(msgId, req, self.__secret))
;  File "/usr/local/lib/python3.7/site-packages/snmpfwd/trunking/protocol.py", line 112, in prepareRequestData
    r[k] = req[k]
;KeyError: 'snmp-security-engine-id'
caused by <class 'KeyError'>: 'snmp-security-engine-id'