Open andvary opened 1 week ago
slayercat
commented
6 days ago Thank you for your attention. I've reviewed the SNMP protocol regarding bulk-get requests. While request messages can include a maximum return count limit (though I'm uncertain if I implemented this restriction), response messages, in my opinion, cannot be limited. However, responses exceeding the MTU size may fail to return properly.
andvary
commented
6 days ago Thanks for your response!
Maybe I'm misinterpreting the RFC, but to me it seems the response size (or rather, the amount of memory that can be used to construct one), can and should be limited:
If the size of the message encapsulating the Response-PDU containing the requested number of variable bindings would be greater than either a local constraint or the maximum message size of the originator, then the response is generated with a lesser number of variable bindings. This lesser number is the ordered set of variable bindings with some of the variable bindings at the end of the set removed, such that the size of the message encapsulating the Response-PDU is approximately equal to but no greater than either a local constraint or the maximum message size of the originator.
It also seems reasonable, because otherwise possibilities open for DDoS attacks: sending multiple small get-bulk requests with high max-repetitions count may deplete memory on an SNMP-enalbed host if no constraints are applied.
BTW, responses exceeding MTU size do not necessarily have to fail: with typical MTU ~ 1.5K and max UDP datagram size = 65K, large responses can be fragmented on IP level.
Large portions of data can be retrieved from an SNMP agent using bulk-get. Is there any way I can limit the size of a single get-response in GoSNMPServer?