#
8b959dd6 |
|
01-Oct-2021 |
Shteryana Shopova <syrinx@FreeBSD.org> |
Fix bsnmpd(1) crash with ill-formed Discovery message RFC 3414 Section 4. Discovery specifies that a discovery request message has a varBindList left empty. Nonetheless, bsnmpd(1) should not crash when receiving a non-zero var-bindings list in a Discovery Request message. PR: 255214 MFC after: 2 weeks
|
#
44d780e3 |
|
12-Dec-2019 |
Conrad Meyer <cem@FreeBSD.org> |
bsnmpd(1): Replace dubious srandomdev+random(3) with arc4random(3)
|
#
04d17814 |
|
01-Apr-2019 |
Andrey V. Elsukov <ae@FreeBSD.org> |
Add IPv6 transport for bsnmp. This patch adds a new table begemotSnmpdTransInetTable that uses the InetAddressType textual convention and can be used to create listening ports for IPv4, IPv6, zoned IPv6 and based on DNS names. It also supports future extension beyond UDP by adding a protocol identifier to the table index. In order to support this gensnmptree had to be modified. Submitted by: harti MFC after: 1 month Relnotes: yes Differential Revision: https://reviews.freebsd.org/D16654
|
#
8e9b3e70 |
|
03-Jul-2018 |
Hartmut Brandt <harti@FreeBSD.org> |
Update bsnmp to version 1.13. This does not bring user-visible changes. For developers gensnmptree can now generate functions for enums to convert between enums and strings and to check the validity of a value. The sources in FreeBSD are now in sync with the upstream which allows to bring in IPv6 modifications.
|
#
7e03e181 |
|
19-Jan-2018 |
Andrey V. Elsukov <ae@FreeBSD.org> |
Rename "index" variable to "idx" since gcc complains that it shadows index(3) function declaration. Reported by: lwhsu MFC after: 2 weeks
|
#
f3afd27f |
|
19-Jan-2018 |
Andrey V. Elsukov <ae@FreeBSD.org> |
Add to bsnmpd(1) ability to specify multiple community strings with different access rights. By default there are two community strings with index 1 and 2, one for read-only access and second for read-write access: begemotSnmpdCommunityString.0.1 = $(read) begemotSnmpdCommunityString.0.2 = $(write) Now it is possible to define additional community strings using different indexes: begemotSnmpdCommunityString.0.3 = "SomeString1" begemotSnmpdCommunityPermission.0.3 = 1 begemotSnmpdCommunityString.0.4 = "SomeString2" begemotSnmpdCommunityPermission.0.4 = 2 begemotSnmpdCommunityString.0.5 = "SomeString3" begemotSnmpdCommunityString.0.6 = "SomeString4" New attribute begemotSnmpdCommunityPermission can be used to specify access rights: 1 means "read-only" access, 2 means "read-write" access. If attribute is not specified for some index this means "read-only" rights. Community strings must be unique, i.e. must not be the same for different indexes. Obtained from: Yandex LLC MFC after: 2 weeks Sponsored by: Yandex LLC Differential Revision: https://reviews.freebsd.org/D13785
|
#
f321675a |
|
13-Mar-2017 |
Enji Cooper <ngie@FreeBSD.org> |
bsnmpd: fix segfault when trans_insert_port(..) is called with multiple out of order addresses Move `port->transport` initialization before the TAILQ_FOREACH(..) loop to ensure that the value is properly initialized before it's inserted into the TAILQ. MFC after: 1 week PR: 217760 Submitted by: eugen Sponsored by: Dell EMC Isilon
|
#
10a0306a |
|
05-Jan-2017 |
Enji Cooper <ngie@FreeBSD.org> |
lm_load: fix string copying issues - Ensure `section` doesn't overrun section by using strlcpy instead of strcpy [*]. - Use strdup instead of malloc + strcpy (this wasn't flagged by Coverity, but is an opportunistic change). MFC after: 1 week Reported by: Coverity CID: 1006826 [*]
|
#
39ebb4e1 |
|
30-Dec-2016 |
Enji Cooper <ngie@FreeBSD.org> |
Initialize ret to SNMPD_INPUT_OK at the top of snmp_input_start(..) to avoid returning an uninitialized value There are some really complicated, snakey if-statements combined with switch statements that could result in an invalid value being returned as `ret` MFC after: 1 week Reported by: Coverity CID: 1006551
|
#
8d7f605b |
|
27-Dec-2016 |
Enji Cooper <ngie@FreeBSD.org> |
Fix bsnmpd sending/receiving with multi-homed configurations or INADDR_ANY used as the listening address in snmpd_input(..) Stash the IPv4 address of the receiver via the recv(..) callback and use it in the send(..) callback for the transport by specifying IP_SENDSRCADDR for the control message type. Add sendmsg logic to the UDP transport's send(..) callback and use the respective send(..) callback for the transport instead of calling sendto in snmpd_input(..). MFC after: 3 weeks Obtained from: Isilon OneFS (^/onefs/branches/BR_8_0_0_DEV@r507595) Submitted by: Thor Steingrimsson <thor.steingrimsson@isilon.com> Sponsored by: Dell EMC Isilon
|
#
e1d581b2 |
|
27-Dec-2016 |
Enji Cooper <ngie@FreeBSD.org> |
style(9): clean up trailing whitespace MFC after: 3 weeks
|
#
0077de56 |
|
26-Dec-2016 |
Enji Cooper <ngie@FreeBSD.org> |
Fix return type for `ret` (recv callback) and sort variables by alignment Again, for reasons I don't yet understand, this is not being flagged by the compiler. Unlike the issue addressed in r310587, this problem existed prior to r310586 MFC after: 2 weeks X-MFC with: r310586, r310587
|
#
0ba351ef |
|
26-Dec-2016 |
Enji Cooper <ngie@FreeBSD.org> |
Refactor transport sources a bit to facilitate changes coming down pipeline Add recv callback to transport layer to better facilitate code reuse and readability and for symmetry with send callback. Move recv_dgram and recv_stream to udp_recv and lsock_recv, respectively, and make the beforementioned functions recv callbacks for the udp and lsock transports, respectively. Consolidate the check_priv* functions in their relevant trans*.c source to limit scope/use. Note: this code is roughly based content from the submitter, although this was modified to be more of a direct move from snmpd/main.c to the trans_*.c sources, and to reduce unnecessary static function declarations. MFC after: 2 weeks Submitted by: Thor Steingrimsson <thor.steingrimsson@isilon.com> Sponsored by: Dell EMC Isilon
|
#
88cdfafa |
|
24-Dec-2016 |
Enji Cooper <ngie@FreeBSD.org> |
Allow SNMPv3 authNoPriv and noAuthNoPriv protocols to discover snmpEngineTime as discussed in RFC-5343 This fixes interoperability with net-snmp. Tested with the following invocations of snmpwalk (from net-snmp): - noAuthNoPriv: % snmpwalk -v 3 -n '' -u public localhost snmpEngineTime - authNoPriv: % snmpwalk -v 3 -n '' -u bsnmp -A bsnmptest -l authNoPriv -a sha localhost \ localhost snmpEngineTime - authPriv: % snmpwalk -v 3 -n '' -u bsnmp -A bsnmptest -l authPriv -a sha -x des \ -X bsnmptest localhost snmpEngineTime MFC after: 1 week Obtained from: Isilon OneFS (5ec6d772cacbc, with minor tweaks) Submitted by: Austin Voecks <austin.voecks@isilon.com> Sponsored by: Dell EMC Isilon
|
#
f29369b7 |
|
22-Dec-2016 |
Enji Cooper <ngie@FreeBSD.org> |
Clarify failure in snmp_output(..) with call to snmp_pdu_decode - Explicitly test snmp_pdu_encode against SNMP_CODE_OK instead of assuming any non-zero value is bad. - Print out the code before calling abort() to give the end-user something actionable to debug without having to recompile the binary, since the core might not have these details. MFC after: 1 week
|
#
9aa87499 |
|
18-May-2016 |
Gleb Smirnoff <glebius@FreeBSD.org> |
Revert r299830, it has couple of fatal errors. The CMSG_ family of macros take care of alignment, so we don't need r299830 at all, even if it was correct. Put NO_WCAST_ALIGN into Makefile. Together with: peter
|
#
09ac27c3 |
|
14-May-2016 |
Enji Cooper <ngie@FreeBSD.org> |
Fix -Wcast-align warnings Use memcpy instead of using direct assignment of void* pointers with CMSG_DATA(..), which changes alignment MFC after: 3 weeks Reported by: clang Sponsored by: EMC / Isilon Storage Division
|
#
126b5bb6 |
|
14-May-2016 |
Enji Cooper <ngie@FreeBSD.org> |
Use SNMPD_INPUT_FAILED instead of SNMP_CODE_FAILED SNMPD_INPUT_FAILED is `enum snmpd_input_err` type (which matches the return code from the function). SNMP_CODE_FAILED is `enum snmp_code` type. MFC after: 1 week Sponsored by: EMC / Isilon Storage Division
|
#
8ad8cdc9 |
|
22-Apr-2016 |
Enji Cooper <ngie@FreeBSD.org> |
Use `sizeof(*uuser)` instead of `sizeof(struct usm_user)` for consistency with the rest of the users in the file No functional change MFC after: 3 days Sponsored by: EMC / Isilon Storage Division
|
#
8cd5a258 |
|
27-Dec-2015 |
Enji Cooper <ngie@FreeBSD.org> |
Staticize several variables that are used exclusively in bsnmpd/main.c and bsnmpd/trap.c This fixes several -Wmissing-variable-declaration warnings noted by clang Differential Revision: https://reviews.freebsd.org/D4718 MFC after: 1 week Reported by: Jenkins Reviewed by: araujo Sponsored by: EMC / Isilon Storage Division
|
#
23cea719 |
|
19-Sep-2012 |
Gleb Smirnoff <glebius@FreeBSD.org> |
Re-do r240271: - Set IP_RECVDSTADDR sockopt on the socket only in case if it is INADDR_ANY bound. - Supply IP_SENDSRCADDR control message only if we did receive IP_RECVDSTADDR control message. This fixes operation of snmpd bound to a specific local IP address. PR: bin/171279
|
#
f2ddd22e |
|
09-Sep-2012 |
Gleb Smirnoff <glebius@FreeBSD.org> |
For UDP transport set IP_RECVDSTADDR sockopt on the socket, and provide IP_SENDSRCADDR control with datagram message we reply with. This makes bsnmpd reply from exactly same address that request was sent to, thus successfully bypassing stateful firewalls or other kinds of strict checking. PR: bin/171279
|
#
0cf0d912 |
|
08-Sep-2012 |
Gleb Smirnoff <glebius@FreeBSD.org> |
The first part of check_priv() function, that attempts to obtain creds from the control message, actually never worked. This means check_priv() didn't work for local dgram sockets. The SCM_CREDS control messages is received only in two cases: 1) If we did setsockopt(LOCAL_CREDS) on our socket, and in this case the message is struct sockcred. 2) If sender did supplied SCM_CREDS control message in his sendmsg() syscall. In this case the message is struct cmsgcred. We can't rely on 2), so we will use 1) for dgram sockets. For stream sockets it is more reliable to obtain accept-time credentials, since SCM_CREDS control message is attached only on first read. Thus: o Do setsockopt(LOCAL_CREDS) on local dgram sockets. o Split check_priv() into check_priv_stream() and check_priv_dgram(), and call them from recv_stream() and recv_dgram() respectively. o Don't provide space for SCM_CREDS control message in recv_stream(). o Provide space for SCM_CREDS control message in recv_dgram(), but there is no need to initialize anything in it. o In recv_dgram() do not blindly expect that first message is SCM_CREDS, instead use correct search cycle through control messages.
|
#
9972acaa |
|
18-Mar-2012 |
Hartmut Brandt <harti@FreeBSD.org> |
memset() wants the size of the structure to clear, not the size of the pointer to it. Submitted by: Pawel Worach
|
#
81b587f3 |
|
20-Apr-2011 |
Ruslan Ermilov <ru@FreeBSD.org> |
Don't spam syslog with "inet_ntop(): Address family not supported by protocol family" when processing requests received from the UNIX domain socket. MFC after: 3 days
|
#
72cd7a52 |
|
20-Dec-2010 |
Shteryana Shopova <syrinx@FreeBSD.org> |
Bring in a SNMP module that allows configuration of SNMPv3 Notification targets. Sponsored by: The FreeBSD Foundation Reviewed by: philip Approved by: philip
|
#
135f7de5 |
|
08-Dec-2010 |
Shteryana Shopova <syrinx@FreeBSD.org> |
In bsnmpd(1) add support for SNMPv3 message processing model, including message authentication, packet encryption & view-based access control (RFC 3412, 3414, 3415). Sponsored by: The FreeBSD Foundation Reviewed by: philip@ (mostly) Approved by: philip@
|
#
a7d5f7eb |
|
19-Oct-2010 |
Jamie Gritton <jamie@FreeBSD.org> |
A new jail(8) with a configuration file, to replace the work currently done by /etc/rc.d/jail.
|
#
fe0506d7 |
|
09-Mar-2010 |
Marcel Moolenaar <marcel@FreeBSD.org> |
Create the altix project branch. The altix project will add support for the SGI Altix 350 to FreeBSD/ia64. The hardware used for porting is a two-module system, consisting of a base compute module and a CPU expansion module. SGI's NUMAFlex architecture can be an excellent platform to test CPU affinity and NUMA-aware features in FreeBSD.
|
#
d7f03759 |
|
19-Oct-2008 |
Ulf Lilleengen <lulf@FreeBSD.org> |
- Import the HEAD csup code which is the basis for the cvsmode work.
|
#
691f8568 |
|
07-Mar-2008 |
Shteryana Shopova <syrinx@FreeBSD.org> |
Vendor patch: Prevent bsnmpd from dumping core when a module's init hook returns an error. Approved by: bz (mentor), harti
|
#
748b5b1e |
|
27-Feb-2006 |
Hartmut Brandt <harti@FreeBSD.org> |
Virgin import of bsnmpd 1.12
|
#
51054003 |
|
31-Jan-2006 |
Hartmut Brandt <harti@FreeBSD.org> |
Vendor patch: prevent a core dump when the trace option is not followed by an option value. Submitted by: Shteryana Shopova <shteryana@yahoo.com>
|
#
d4199d75 |
|
10-Jan-2006 |
Hartmut Brandt <harti@FreeBSD.org> |
Vendor fix: make the default read and write communities NULL. This basically disables any access unless other strings are set in the config file. Note, that there is no way to set the communities back to NULL once they're set to something not NULL.
|
#
4c0a7af9 |
|
05-Oct-2005 |
Hartmut Brandt <harti@FreeBSD.org> |
Vendor fix for the build problem of snmp_pf. Move the fallback definitions for U?INT32_{MAX,MIN} from asn1.h into the .c files that actually require them (the .h file doesn't refer to these macros).
|
#
165c5d31 |
|
04-Oct-2005 |
Hartmut Brandt <harti@FreeBSD.org> |
Virgin import of bsnmpd 1.11
|
#
69292ced |
|
23-May-2005 |
Hartmut Brandt <harti@FreeBSD.org> |
Virgin import of bsnmpd 1.10
|
#
a9bfedb7 |
|
29-Apr-2005 |
Hartmut Brandt <harti@FreeBSD.org> |
Vendor patch: fix a bug that was introduced when moving from libisc to libbegemot: the rpoll_start_timer function needs the timeout value in milli-seconds, not the absolute time when the timer should tick.
|
#
d7eb6b47 |
|
26-Apr-2005 |
Hartmut Brandt <harti@FreeBSD.org> |
Virgin import of bsnmp 1.9
|
#
94caccb3 |
|
28-Feb-2005 |
Hartmut Brandt <harti@FreeBSD.org> |
Virgin import of bsnmpd 1.8
|
#
896052c1 |
|
06-Aug-2004 |
Hartmut Brandt <harti@FreeBSD.org> |
Virgin import of bsnmpd 1.7
|
#
8eecd77a |
|
14-Apr-2004 |
Hartmut Brandt <harti@FreeBSD.org> |
Import of bsnmpd 1.6
|
#
70af00a1 |
|
23-Jan-2004 |
Hartmut Brandt <harti@FreeBSD.org> |
Virgin import of bsnmpd 1.5a
|
#
f06ca4af |
|
10-Nov-2003 |
Hartmut Brandt <harti@FreeBSD.org> |
Virgin import of bsnmp 1.4
|