346027 |
08-Apr-2019 |
ae |
MFC r345763: Correct a port number assignment.
PR: 236930 |
328771 |
02-Feb-2018 |
ae |
MFC r328160: Add to bsnmpd(1) ability to specify multiple community strings with different access rights.
By default there are two community strings with index 1 and 2, one for read-only access and second for read-write access:
begemotSnmpdCommunityString.0.1 = $(read) begemotSnmpdCommunityString.0.2 = $(write)
Now it is possible to define additional community strings using different indexes:
begemotSnmpdCommunityString.0.3 = "SomeString1" begemotSnmpdCommunityPermission.0.3 = 1 begemotSnmpdCommunityString.0.4 = "SomeString2" begemotSnmpdCommunityPermission.0.4 = 2 begemotSnmpdCommunityString.0.5 = "SomeString3" begemotSnmpdCommunityString.0.6 = "SomeString4"
New attribute begemotSnmpdCommunityPermission can be used to specify access rights: 1 means "read-only" access, 2 means "read-write" access. If attribute is not specified for some index this means "read-only" rights.
Community strings must be unique, i.e. must not be the same for different indexes.
Obtained from: Yandex LLC Sponsored by: Yandex LLC Differential Revision: https://reviews.freebsd.org/D13785
MFC r328171: Rename "index" variable to "idx" since gcc complains that it shadows index(3) function declaration. |
326766 |
11-Dec-2017 |
ae |
MFC r326510: Fix format string warning with enabled DEBUGGING. |
315611 |
20-Mar-2017 |
ngie |
MFC r315206:
bsnmpd: fix segfault when trans_insert_port(..) is called with multiple out of order addresses
Move `port->transport` initialization before the TAILQ_FOREACH(..) loop to ensure that the value is properly initialized before it's inserted into the TAILQ.
PR: 217760 |
312515 |
20-Jan-2017 |
ngie |
MFC r312331: r312331 (by glebius):
Fix regression from r310655, which broke operation of bsnmpd if it is bound to a non-wildcard address. As documented in ip(4), doing sendmsg(2) with IP_SENDSRCADDR on a socket that is bound to non-wildcard address is completely different to using this control message on a wildcard one.
A fix is to add a bool to mark whether we did setsockopt(IP_RECVDSTADDR) on the socket, and use IP_SENDSRCADDR control message only if we did.
While here, garbage collect absolutely useless udp_recv() function that establishes some structures on stack to never use them later. |
312267 |
16-Jan-2017 |
ngie |
MFC r310656,r311221:
r310656:
style(9): sort alignment in udp_recv(..)
r311221:
Initialize msg.msg_flags to 0
This mutes a valid coverity warning about it being uninitialized when passed in to sendmsg(2).
CID: 1368202 |
312264 |
16-Jan-2017 |
ngie |
MFC r310655:
Fix bsnmpd sending/receiving with multi-homed configurations or INADDR_ANY used as the listening address in snmpd_input(..)
Stash the IPv4 address of the receiver via the recv(..) callback and use it in the send(..) callback for the transport by specifying IP_SENDSRCADDR for the control message type.
Add sendmsg logic to the UDP transport's send(..) callback and use the respective send(..) callback for the transport instead of calling sendto in snmpd_input(..).
Obtained from: Isilon OneFS (^/onefs/branches/BR_8_0_0_DEV@r507595) |
312254 |
16-Jan-2017 |
ngie |
MFC r311759,r311760:
r311759:
Add a REVISION section to track changes for the FOKUS-MIB MIB file
There haven't been any changes to the MIB definition, so the REVISION remains static at the version it was imported at
r311760:
Add a REVISION section to track changes for the BEGEMOT-MIB MIB file
There haven't been any changes to the MIB definition, so the REVISION remains static at the version it was imported at |
312059 |
13-Jan-2017 |
ngie |
MFC r311381:
lsock_init_port: address issues with initializing sockaddr_un object
- Use strlcpy to ensure p->name doesn't overflow sa.sun_path [*]. - Use SUN_LEN(..) instead of spelling out calculation longhand (inspired by comment by jmallett).
Tested with: dgram and stream support with both bsnmpwalk and snmpwalk
CID: 1006825 |
312057 |
13-Jan-2017 |
ngie |
MFC r310586,r310587,r310588:
r310586:
Refactor transport sources a bit to facilitate changes coming down pipeline
Add recv callback to transport layer to better facilitate code reuse and readability and for symmetry with send callback. Move recv_dgram and recv_stream to udp_recv and lsock_recv, respectively, and make the beforementioned functions recv callbacks for the udp and lsock transports, respectively.
Consolidate the check_priv* functions in their relevant trans*.c source to limit scope/use.
Note: this code is roughly based content from the submitter, although this was modified to be more of a direct move from snmpd/main.c to the trans_*.c sources, and to reduce unnecessary static function declarations.
r310587:
Fix definition for recv_dgram(..); it should be "ssize_t", not "int"
I'm not sure why this wasn't flagged as an issue by the compiler, yet
r310588:
Fix return type for `ret` (recv callback) and sort variables by alignment
Again, for reasons I don't yet understand, this is not being flagged by the compiler. Unlike the issue addressed in r310587, this problem existed prior to r310586 |
312053 |
13-Jan-2017 |
ngie |
MFC r311378:
lm_load: fix string copying issues
- Ensure `section` doesn't overrun section by using strlcpy instead of strcpy [*]. - Use strdup instead of malloc + strcpy (this wasn't flagged by Coverity, but is an opportunistic change).
CID: 1006826 [*] |
311722 |
09-Jan-2017 |
ngie |
MFC r311382:
Use calloc instead of malloc + memset(.., 0, ..) |
311596 |
07-Jan-2017 |
ngie |
MFC r310957,r310958,r310960:
r310957:
Use strlcpy when copying `com` to pdu->community to avoid potential buffer overruns
CID: 1006823, 1006824
r310958:
Initialize ret to SNMPD_INPUT_OK at the top of snmp_input_start(..) to avoid returning an uninitialized value
There are some really complicated, snakey if-statements combined with switch statements that could result in an invalid value being returned as `ret`
CID: 1006551
r310960:
Similar to r310954, set .len to 0 on malloc failure and to `len` only on success |
310992 |
01-Jan-2017 |
ngie |
MFC r310763:
Use uint32_t instead of u_int32_t for or_last_change and services in "struct systemg"
This is being done to match "struct systemg" in snmpmod(3)
No functional change |
310990 |
01-Jan-2017 |
ngie |
MFC r310498,r310591:
r310498:
Allow SNMPv3 authNoPriv and noAuthNoPriv protocols to discover snmpEngineTime as discussed in RFC-5343
This fixes interoperability with net-snmp.
Tested with the following invocations of snmpwalk (from net-snmp):
- noAuthNoPriv:
% snmpwalk -v 3 -n '' -u public localhost snmpEngineTime
- authNoPriv:
% snmpwalk -v 3 -n '' -u bsnmp -A bsnmptest -l authNoPriv -a sha localhost \ localhost snmpEngineTime
- authPriv:
% snmpwalk -v 3 -n '' -u bsnmp -A bsnmptest -l authPriv -a sha -x des \ -X bsnmptest localhost snmpEngineTime
Obtained from: Isilon OneFS (5ec6d772cacbc, with minor tweaks)
r310591:
Update engine time using update_snmpd_engine_time(..) |
310904 |
31-Dec-2016 |
ngie |
MFC r310662,r310663:
r310662:
style(9): snmp_send_packet(..): fix whitespace
r310663:
style(9): ip_get(..): clean up whitespace |
310901 |
31-Dec-2016 |
ngie |
MFC r310648:
style(9): clean up trailing whitespace |
310877 |
31-Dec-2016 |
ngie |
MFC r310455:
Clarify failure in snmp_output(..) with call to snmp_pdu_decode
- Explicitly test snmp_pdu_encode against SNMP_CODE_OK instead of assuming any non-zero value is bad. - Print out the code before calling abort() to give the end-user something actionable to debug without having to recompile the binary, since the core might not have these details. |
310732 |
29-Dec-2016 |
ngie |
MFC r310574:
Fix style(9)
- Sort #includes - Delete trailing whitespace
No functional change |
310730 |
29-Dec-2016 |
ngie |
MFC r310592:
style(9): fix trailing whitespace |
310571 |
26-Dec-2016 |
ngie |
MFC r310459:
Sort #includes per style(9)
No functional change |
302408 |
08-Jul-2016 |
gjb |
Copy head@r302406 to stable/11 as part of the 11.0-RELEASE cycle. Prune svn:mergeinfo from the new branch, as nothing has been merged here.
Additional commits post-branch will follow.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation |
300167 |
18-May-2016 |
glebius |
Revert r299830, it has couple of fatal errors.
The CMSG_ family of macros take care of alignment, so we don't need r299830 at all, even if it was correct. Put NO_WCAST_ALIGN into Makefile.
Together with: peter
|
299834 |
15-May-2016 |
ngie |
Fix .Dd
Today is the 14th, not the 10th of May
Reported by: igor (derp) Sponsored by: EMC / Isilon Storage Division
|
299833 |
15-May-2016 |
ngie |
Fix fully canonicalized example for `myvariable.27...`
`6` doesn't occur in the OID; it was spurious
Bump .Dd for the change
MFC after: 2 weeks Sponsored by: EMC / Isilon Storage Division
|
299832 |
15-May-2016 |
ngie |
Remove trailing whitespace in license tort
MFC after: 1 week Reported by: igor Sponsored by: EMC / Isilon Storage Division
|
299830 |
15-May-2016 |
ngie |
Fix -Wcast-align warnings
Use memcpy instead of using direct assignment of void* pointers with CMSG_DATA(..), which changes alignment
MFC after: 3 weeks Reported by: clang Sponsored by: EMC / Isilon Storage Division
|
299817 |
15-May-2016 |
ngie |
Use SNMPD_INPUT_FAILED instead of SNMP_CODE_FAILED
SNMPD_INPUT_FAILED is `enum snmpd_input_err` type (which matches the return code from the function). SNMP_CODE_FAILED is `enum snmp_code` type.
MFC after: 1 week Sponsored by: EMC / Isilon Storage Division
|
299807 |
15-May-2016 |
ngie |
Replace QUADFMT with %ju and QUADXFMT with %jx and cast values with uintmax_t
This will cure some -Wformat warnings
MFC after: 1 week Reported by: clang, gcc Sponsored by: EMC / Isilon Storage Division
|
299466 |
11-May-2016 |
cem |
bsnmpd: Fix size of trapsink::comm to match other community arrays
This fixes a number of possible strcpy() buffer overruns between the various community strings in trap.c.
Reported by: Coverity CIDs: 1006820, 1006821, 1006822 Sponsored by: EMC / Isilon Storage Division
|
298464 |
22-Apr-2016 |
ngie |
Use `sizeof(*uuser)` instead of `sizeof(struct usm_user)` for consistency with the rest of the users in the file
No functional change
MFC after: 3 days Sponsored by: EMC / Isilon Storage Division
|
298448 |
22-Apr-2016 |
ngie |
Don't leak `string` in parse_define(..) when a macro has been found and the parser token != TOK_ASSIGN
MFC after: 1 week CID: 1007187, 1007188 Reported by: Coverity Obtained from: Isilon OneFS (part of r445479) Submitted by: Miles Ohlrich <miles.ohlrich@isilon.com> Sponsored by: EMC / Isilon Storage Division
|
292815 |
28-Dec-2015 |
ngie |
Staticize several variables that are used exclusively in bsnmpd/main.c and bsnmpd/trap.c
This fixes several -Wmissing-variable-declaration warnings noted by clang
Differential Revision: https://reviews.freebsd.org/D4718 MFC after: 1 week Reported by: Jenkins Reviewed by: araujo Sponsored by: EMC / Isilon Storage Division
|
292710 |
24-Dec-2015 |
ngie |
Remove unused function `act_getkernstring`
This fixes a clang -Wunused warning
Differential Revision: https://reviews.freebsd.org/D4697 MFC after: 1 week Reported by: Jenkins Reviewed by: araujo, bapt Sponsored by: EMC / Isilon Storage Division
|
240734 |
20-Sep-2012 |
glebius |
Re-do r240271: - Set IP_RECVDSTADDR sockopt on the socket only in case if it is INADDR_ANY bound. - Supply IP_SENDSRCADDR control message only if we did receive IP_RECVDSTADDR control message.
This fixes operation of snmpd bound to a specific local IP address.
PR: bin/171279
|
240271 |
09-Sep-2012 |
glebius |
For UDP transport set IP_RECVDSTADDR sockopt on the socket, and provide IP_SENDSRCADDR control with datagram message we reply with. This makes bsnmpd reply from exactly same address that request was sent to, thus successfully bypassing stateful firewalls or other kinds of strict checking.
PR: bin/171279
|
240234 |
08-Sep-2012 |
glebius |
The first part of check_priv() function, that attempts to obtain creds from the control message, actually never worked. This means check_priv() didn't work for local dgram sockets.
The SCM_CREDS control messages is received only in two cases:
1) If we did setsockopt(LOCAL_CREDS) on our socket, and in this case the message is struct sockcred. 2) If sender did supplied SCM_CREDS control message in his sendmsg() syscall. In this case the message is struct cmsgcred.
We can't rely on 2), so we will use 1) for dgram sockets. For stream sockets it is more reliable to obtain accept-time credentials, since SCM_CREDS control message is attached only on first read. Thus:
o Do setsockopt(LOCAL_CREDS) on local dgram sockets. o Split check_priv() into check_priv_stream() and check_priv_dgram(), and call them from recv_stream() and recv_dgram() respectively. o Don't provide space for SCM_CREDS control message in recv_stream(). o Provide space for SCM_CREDS control message in recv_dgram(), but there is no need to initialize anything in it. o In recv_dgram() do not blindly expect that first message is SCM_CREDS, instead use correct search cycle through control messages.
|
240191 |
07-Sep-2012 |
kevlo |
Fully initialize the stack-allocated "struct sockaddr_in sa" structure.
|
233128 |
18-Mar-2012 |
harti |
memset() wants the size of the structure to clear, not the size of the pointer to it.
Submitted by: Pawel Worach
|
228411 |
11-Dec-2011 |
trociny |
Include sys/queue.h: snmpmod.h uses TAILQ.
PR: bin/153153 MFC after: 2 weeks
|
220882 |
20-Apr-2011 |
ru |
Don't spam syslog with "inet_ntop(): Address family not supported by protocol family" when processing requests received from the UNIX domain socket.
MFC after: 3 days
|
216605 |
20-Dec-2010 |
syrinx |
Unbreak the build by temprorarily not using include directives in bsnmpd(1)' def files, until bsd.snmpmod.mk & Makefiles are fixed to pass proper include path flags to gensnmptree.
|
216594 |
20-Dec-2010 |
syrinx |
Bring in a SNMP module that allows configuration of SNMPv3 Notification targets.
Sponsored by: The FreeBSD Foundation Reviewed by: philip Approved by: philip
|
216294 |
08-Dec-2010 |
syrinx |
In bsnmpd(1) add support for SNMPv3 message processing model, including message authentication, packet encryption & view-based access control (RFC 3412, 3414, 3415).
Sponsored by: The FreeBSD Foundation Reviewed by: philip@ (mostly) Approved by: philip@
|
214237 |
23-Oct-2010 |
uqs |
Remove mention of non-existant -o flag for debugging options.
MFC after: 3 days
|
211404 |
16-Aug-2010 |
joel |
Fix two minor typos.
|
211402 |
16-Aug-2010 |
uqs |
Bump document date after content changes.
Pointy hat to: uqs
|
211401 |
16-Aug-2010 |
uqs |
Wordsmithing of bsnmpd.1
PR: docs/149157 Submitted by: Warren Block <wblock@wonkity.com> MFC after: 1 week
|
208483 |
24-May-2010 |
uqs |
mdoc: consistently spell our email addresses <foo@FreeBSD.org>
Reviewed by: ru Approved by: harti
|
205729 |
27-Mar-2010 |
antoine |
(S)LIST_HEAD_INITIALIZER takes a (S)LIST_HEAD as an argument. Fix some wrong usages. Note: this does not affect generated binaries as this argument is not used.
Approved by: harti@
|
205078 |
12-Mar-2010 |
uqs |
Fix typo in macro name and macro usage.
Found by: make manlint Reviewed by: ru Approved by: harti, philip (mentor)
|
176893 |
07-Mar-2008 |
syrinx |
This commit was generated by cvs2svn to compensate for changes in r176892, which included commits to RCS files with non-trunk default branches.
|
163821 |
31-Oct-2006 |
harti |
This commit was generated by cvs2svn to compensate for changes in r163820, which included commits to RCS files with non-trunk default branches.
|
156067 |
27-Feb-2006 |
harti |
This commit was generated by cvs2svn to compensate for changes in r156066, which included commits to RCS files with non-trunk default branches.
|
155430 |
07-Feb-2006 |
harti |
This commit was generated by cvs2svn to compensate for changes in r155429, which included commits to RCS files with non-trunk default branches.
|
155095 |
31-Jan-2006 |
harti |
This commit was generated by cvs2svn to compensate for changes in r155094, which included commits to RCS files with non-trunk default branches.
|
154181 |
10-Jan-2006 |
harti |
This commit was generated by cvs2svn to compensate for changes in r154180, which included commits to RCS files with non-trunk default branches.
|
154179 |
10-Jan-2006 |
harti |
This commit was generated by cvs2svn to compensate for changes in r154178, which included commits to RCS files with non-trunk default branches.
|
150975 |
05-Oct-2005 |
harti |
This commit was generated by cvs2svn to compensate for changes in r150974, which included commits to RCS files with non-trunk default branches.
|
150924 |
04-Oct-2005 |
harti |
These files are not needed and were imported by accident in the previous import.
|
150921 |
04-Oct-2005 |
harti |
This commit was generated by cvs2svn to compensate for changes in r150920, which included commits to RCS files with non-trunk default branches.
|
146526 |
23-May-2005 |
harti |
This commit was generated by cvs2svn to compensate for changes in r146525, which included commits to RCS files with non-trunk default branches.
|
145674 |
29-Apr-2005 |
harti |
This commit was generated by cvs2svn to compensate for changes in r145673, which included commits to RCS files with non-trunk default branches.
|
145558 |
26-Apr-2005 |
harti |
This commit was generated by cvs2svn to compensate for changes in r145557, which included commits to RCS files with non-trunk default branches.
|
142811 |
28-Feb-2005 |
harti |
This commit was generated by cvs2svn to compensate for changes in r142810, which included commits to RCS files with non-trunk default branches.
|
133595 |
12-Aug-2004 |
harti |
This commit was generated by cvs2svn to compensate for changes in r133594, which included commits to RCS files with non-trunk default branches.
|
133212 |
06-Aug-2004 |
harti |
This commit was generated by cvs2svn to compensate for changes in r133211, which included commits to RCS files with non-trunk default branches.
|
128238 |
14-Apr-2004 |
harti |
This commit was generated by cvs2svn to compensate for changes in r128237, which included commits to RCS files with non-trunk default branches.
|
124862 |
23-Jan-2004 |
harti |
This commit was generated by cvs2svn to compensate for changes in r124861, which included commits to RCS files with non-trunk default branches.
|
122395 |
10-Nov-2003 |
harti |
This commit was generated by cvs2svn to compensate for changes in r122394, which included commits to RCS files with non-trunk default branches.
|