Open inphobia opened 2 months ago
There's also my Alien::SNMP dist which should bring in the latest net-snmp with all crypto enabled.
It could be an optional or default install.
I think the reason I've not done that so far is that it'll override the installed net-snmp and it's also a pig to uninstall.
There's also my Alien::SNMP dist which should bring in the latest net-snmp with all crypto enabled.
true dat, was pondering to mention this but decided to let it be for now since trying to document what we support already got way bigger as i estimated. i'll leave documenting how to get Alien::SNMP compiled, how to run netdisco with a different LD_LIBRARY path and keeping it to date to someone else :)
the need for using alien::snmp is also both ways, for newer and older algorithms. opensuse tumbleweed no longer has md5 & des support compiled in. not saying using those is a good idea, but most design choices in snmp::info have been made to support as many devices as possible. an bundled net-snmp might become a requirement and/or an update/security nightmare. perhaps one to put on the wishlist :)
todo
examples and references
current example seems to be based on net-snmp 5.7.2, not 5.9. https://github.com/netdisco/snmp-info/blob/b0144cccc0080ff5f3d24f262b11c5d402d79c7e/lib/SNMP/Info.pm#L74-L77 go through code & wiki to check.
try and find a portable way to figure out what's supported, or some other uniform way to check. net-snmp cli tools seem to contradict:
snmpcmd -H
seems to be a hardcoded reply. 5.9.4.pre2 says it does:man snmpcmd doesn't mention several aes versions
compile options rule out des & md5:
try and find a portable way to figure out what's supported, or some other uniform way to check.
since there is little mention of this (aes192c & aes256c)
https://github.com/net-snmp/net-snmp/blob/75f2aedd88ff0d42a99bd2e29aed749012334bad/snmplib/snmpusm.c#L198-L202
https://github.com/netdisco/netdisco/issues/962#issuecomment-1379001329
snmpget -V NET-SNMP version: 5.9.4.pre2
% grep -i pre2 versi % grep -i 5.9.4 versi
-> nada
snmpbulkwalk -v 3 -x AES -X SNMPV3priv -a MD5 -A SNMPV3auth -u rouser -l authPriv 1.1.1.1 Invalid authentication protocol specified after -3a flag: MD5
snmpwalk -v 3 -x AES -X SNMPV3priv -a SHA -A SNMPV3auth -u baduser -l authPriv 1.1.1.1 snmpwalk: Unknown user name
snmpwalk -v 3 -x AES -X SNMPV3priv -a SHA -A SNMPV3type -u rouser -l authPriv 1.1.1.1 snmpwalk: Authentication failure (incorrect password, community or key)