SNMPv3 traps via device reboot doesn't update EngineBoot counter

net-snmp / net-snmp

A SNMP application library, tools and daemon

Other

290 stars 210 forks source link

SNMPv3 traps via device reboot doesn't update EngineBoot counter #827

Open iyyapa opened 2 weeks ago

iyyapa commented 2 weeks ago

I was testing the Snmpv3 traps and found that the USM time synchronization is failing.
Reload the switch, upon booting the SLX will send the traps to the ubuntu server and from the packet capture we can see the msgAuthoritativeEngineBoots is always 1.

According to RFC 3414 the value should be persist even after reboot. It should increment every reboot. Can you please help us to identify the root cause?

hardaker commented 2 weeks ago

This sounds like the persistent storage for the device is not working. IE, if the agent is an net-snmp agent it should be able to write to the persistent snmpd.conf file and if it fails to write that it can't remember where it left off across reboots.

iyyapa commented 2 weeks ago

Hi @hardaker Thank you for your feed back. Yes. It is an net-snmp agent also writing into persistent snmpd.conf file. It would be very helpful if you point any code where we need to check and all.

hardaker commented 2 weeks ago

Try running the agent with -Dread_config to see everything that the configuration system is doing, which should print out where it is trying to load/save information.

iyyapa commented 2 weeks ago

After checking the code, Looks like it's hardcode the value as 1. At this point, not sure any reason? We have EmanateLite to net-snmp and hardcode this as 1.

iyyapa commented 1 week ago

Hi @hardaker Instead of hardcode I tried to fetch the value from snmpv3_local_snmpEngineBoots() API. But it's always returns 1. why this snmpv3_local_snmpEngineBoots() API returns always 1. The snmpwalk works fine.

hardaker commented 1 week ago

engineboots is never less than 1, so the =1 case you point to above is for when an agent starts and has no value (and thus the value of the variable starts at 0), so the agent sets the very first value to 1 instead of 0.

snmpv3_local_snmpEngineBoots() will also always return 1 inside the agent if you fail to have the agent properly write to the persistant storage configuration file, as I mentioned above: this is likely the problem.

iyyapa commented 1 week ago

Thanks for clarification.

Can you please suggest/point the code where we need to check persistent storage config file. Are you referring the below code.

--- net-snmp-5.9.1/snmplib/snmpv3.c     2024-06-17 17:03:18.195804588 -0700
+++ net-snmp-5.9.1-Modified/snmplib/snmpv3.c    2024-06-17 17:06:29.866841528 -0700
@@ -994,8 +994,8 @@ init_snmpv3(const char *type)
                                     engineIDType_conf, NULL, "num");
     register_prenetsnmp_mib_handler(type, "engineIDNic", engineIDNic_conf,
                                     NULL, "string");
-    register_config_handler(type, "engineBoots", engineBoots_conf, NULL,
-                            NULL);
+    register_prenetsnmp_mib_handler(type, "engineBoots", engineBoots_conf, NULL,
+                                    NULL);

     /*
      * default store config entri