Commit Graph

107 Commits

Author SHA1 Message Date
Shteryana Shopova
ac89bc4f84 Fix a bug in decoding string indexes in snmp_target(3), thus causing
bsnmpd(1) to not send v3 notifications properly; while here add two
missing return statements which could lead to abort() in case of a
rollback
2014-10-10 00:26:28 +00:00
Hartmut Brandt
30b5118d51 Fix a problem with OBJECT IDENTIFIER encoding: need to check the
second subid to be less than 40, not the first when the first
subid is 0 or 1.
2014-01-21 16:49:54 +00:00
Xin LI
ecd241b619 Fix bsnmpd remote denial of service vulnerability.
Reported by:	dinoex
Submitted by:	harti
Security:	FreeBSD-SA-14:01.bsnmpd
Security:	CVE-2014-1452
2014-01-14 18:58:57 +00:00
Shteryana Shopova
546401ce54 Fix the -Wconversion warnings produced when compiling the SNMP agent. 2013-10-17 12:03:17 +00:00
Shteryana Shopova
0698344859 Fix SNMP Error response PDUs and properly encode them when using v3 auth/encryption.
Reported by:	harti@
2013-10-17 11:49:46 +00:00
Mikolaj Golub
b96e78e02c Register OID for HAST module.
MFC after:	2 weeks
2013-05-08 20:04:32 +00:00
Gleb Smirnoff
8cc5fb3d91 Restore the ipNetToMedia MIB, that was broken with new ARP commit
in the r186119.

Submitted by:	Konstantin Kukushkin <dark rambler-co.ru>
2013-04-25 16:23:22 +00:00
Pedro F. Giffuni
646a7fea0c Clean some 'svn:executable' properties in the tree.
Submitted by:	Christoph Mallon
MFC after:	3 days
2013-01-26 22:08:21 +00:00
Gleb Smirnoff
bc17db9558 Looks like support.h is really not needed here. 2012-10-18 13:46:26 +00:00
Maksim Yevmenkin
8651c115b8 put another bandaid on the build until i figure out bsnmp headers 2012-10-18 00:20:02 +00:00
Maksim Yevmenkin
aa21cf7851 fix build
MFC after:	1 week
2012-10-17 21:53:38 +00:00
Gleb Smirnoff
23cea7199b Re-do r240271:
- Set IP_RECVDSTADDR sockopt on the socket only in case if
  it is INADDR_ANY bound.
- Supply IP_SENDSRCADDR control message only if we did receive
  IP_RECVDSTADDR control message.

This fixes operation of snmpd bound to a specific local IP address.

PR:		bin/171279
2012-09-20 05:41:20 +00:00
Gleb Smirnoff
f2ddd22eac For UDP transport set IP_RECVDSTADDR sockopt on the socket, and provide
IP_SENDSRCADDR control with datagram message we reply with. This makes
bsnmpd reply from exactly same address that request was sent to, thus
successfully bypassing stateful firewalls or other kinds of strict checking.

PR:		bin/171279
2012-09-09 09:46:48 +00:00
Gleb Smirnoff
0cf0d912b7 The first part of check_priv() function, that attempts to obtain creds
from the control message, actually never worked. This means check_priv()
didn't work for local dgram sockets.

The SCM_CREDS control messages is received only in two cases:

1) If we did setsockopt(LOCAL_CREDS) on our socket, and in this case
   the message is struct sockcred.
2) If sender did supplied SCM_CREDS control message in his sendmsg()
   syscall. In this case the message is struct cmsgcred.

We can't rely on 2), so we will use 1) for dgram sockets. For stream
sockets it is more reliable to obtain accept-time credentials, since
SCM_CREDS control message is attached only on first read. Thus:

o Do setsockopt(LOCAL_CREDS) on local dgram sockets.
o Split check_priv() into check_priv_stream() and check_priv_dgram(),
  and call them from recv_stream() and recv_dgram() respectively.
o Don't provide space for SCM_CREDS control message in recv_stream().
o Provide space for SCM_CREDS control message in recv_dgram(), but there
  is no need to initialize anything in it.
o In recv_dgram() do not blindly expect that first message is SCM_CREDS,
  instead use correct search cycle through control messages.
2012-09-08 07:12:00 +00:00
Kevin Lo
31f7ba0295 Fully initialize the stack-allocated "struct sockaddr_in sa" structure. 2012-09-07 08:58:30 +00:00
Joel Dahl
bef04523e3 Remove end of line whitespace. 2012-06-17 11:36:28 +00:00
Joel Dahl
0aa9c2d892 Minor mdoc fixes. 2012-06-17 11:33:55 +00:00
Maksim Yevmenkin
6c9707c3b2 Count both IPv4 and IPv6 TCP connections in tcpCurrEstab
Timeout from:	current, syrinx
MFC after:	1 week
2012-06-06 18:00:38 +00:00
Glen Barber
a3fb6da9ba General mdoc(7) and typo fixes.
PR:		167734
Submitted by:	Nobuyuki Koganemaru (kogane!jp.freebsd.org)
MFC after:	3 days
2012-05-11 20:06:46 +00:00
Hartmut Brandt
9972acaa15 memset() wants the size of the structure to clear, not the size
of the pointer to it.

Submitted by:	Pawel Worach
2012-03-18 19:28:52 +00:00
Bjoern A. Zeeb
1e629ba90f Adter r228571 unbreak architectures with strict alignment rules
by copying rather than casting.
2011-12-17 11:06:22 +00:00
Mikolaj Golub
b2b91ddf9d Include sys/queue.h: snmpmod.h uses TAILQ.
PR:		bin/153153
MFC after:	2 weeks
2011-12-11 17:10:33 +00:00
Ulrich Spörlein
f0720ed5f8 Fix broken mdoc.
Found by:	manlint
Approved by:	re (kib)
2011-08-01 22:21:18 +00:00
Ruslan Ermilov
87a5818245 Properly detect interface's state in the LINK_STATE_UNKNOWN case.
MFC after:	1 week
2011-05-03 10:11:44 +00:00
Ruslan Ermilov
81b587f396 Don't spam syslog with "inet_ntop(): Address family not supported
by protocol family" when processing requests received from the
UNIX domain socket.

MFC after:	3 days
2011-04-20 08:38:25 +00:00
Hartmut Brandt
5a0bba9007 Bring the list of OIDs up-to-date to prevent conflicts. 2011-02-03 15:19:18 +00:00
Shteryana Shopova
cf90ea94a0 Unbreak the build by temprorarily not using include directives in
bsnmpd(1)' def files, until bsd.snmpmod.mk & Makefiles are fixed to
pass proper include path flags to gensnmptree.
2010-12-20 22:56:50 +00:00
Shteryana Shopova
72cd7a520d Bring in a SNMP module that allows configuration of SNMPv3 Notification targets.
Sponsored by:	The FreeBSD Foundation
Reviewed by:	philip
Approved by:	philip
2010-12-20 17:13:14 +00:00
Shteryana Shopova
2b8026620c Silence the compiler warnings in libbsnmp by removing several (now)
unsed parameters.

Sponsored by:	The FreeBSD Foundation
Reviewed by:	philip@
2010-12-16 11:20:37 +00:00
Shteryana Shopova
e9a4946830 Add a forgotten file from r216294 and unbreak the build.
Sponsored by:	The FreeBSD Foundation
Reviewed by:	philip@ (mostly)
Approved by:	philip@
2010-12-08 15:52:06 +00:00
Shteryana Shopova
135f7de5dd In bsnmpd(1) add support for SNMPv3 message processing model, including message authentication, packet encryption & view-based access control (RFC 3412, 3414, 3415).
Sponsored by:	The FreeBSD Foundation
Reviewed by:	philip@ (mostly)
Approved by:	philip@
2010-12-08 13:51:38 +00:00
Ulrich Spörlein
d9962dc588 Remove mention of non-existant -o flag for debugging options.
MFC after:	3 days
2010-10-23 12:27:39 +00:00
Ulrich Spörlein
7cc1fde083 mdoc: drop even more redundant .Pp calls
No change in rendered output, less mandoc lint warnings.

Tool provided by:	Nobuyuki Koganemaru n-kogane at syd.odn.ne.jp
2010-10-19 12:35:40 +00:00
Joel Dahl
54be88c948 Fix two minor typos. 2010-08-16 21:12:26 +00:00
Ulrich Spörlein
f239d44ec1 Bump document date after content changes.
Pointy hat to:	uqs
2010-08-16 19:05:10 +00:00
Ulrich Spörlein
e5cce4162a Wordsmithing of bsnmpd.1
PR:		docs/149157
Submitted by:	Warren Block <wblock@wonkity.com>
MFC after:	1 week
2010-08-16 18:47:35 +00:00
Pyun YongHyeon
869ae66dfc Fix a typo introduced in r210936 which broke build. 2010-08-06 18:44:07 +00:00
John Baldwin
d99d8e2e38 Ethernet vlan(4) interfaces have valid Ethernet link layer addresses but
use a different interface type (IFT_L2VLAN vs IFT_ETHER).  Treat IFT_L2VLAN
interfaces like IFT_ETHER interfaces when handling link layer addresses.

Reviewed by:	syrinx (bsnmpd)
MFC after:	1 week
2010-08-06 15:09:21 +00:00
Ulrich Spörlein
4f13bbb691 mdoc: consistently spell our email addresses <foo@FreeBSD.org>
Reviewed by:	ru
Approved by:	harti
2010-05-24 06:26:38 +00:00
Antoine Brodin
5a64472b2a (S)LIST_HEAD_INITIALIZER takes a (S)LIST_HEAD as an argument.
Fix some wrong usages.
Note: this does not affect generated binaries as this argument is not used.

Approved by:	harti@
2010-03-27 13:43:18 +00:00
Ulrich Spörlein
ddedd8277a Fix typo in macro name and macro usage.
Found by:	make manlint
Reviewed by:	ru
Approved by:	harti, philip (mentor)
2010-03-12 11:05:37 +00:00
Shteryana Shopova
bd96183d5e Fix a problem with high CPU consumption (up to 30%) by bsnmpd on a loaded system.
Instead of constantly calling the mibII_idle function when the server is not busy
call the function only once every 10 seconds to avoid bsnmpd constantly doing
gettimeofday syscalls. Make the idle polling interval confugurable via
begemotIfDataPoll.

Reported and tested by: misho (at) aitbg (dot) com
Oked by: harti
MFC after:	1 week
2009-12-03 16:08:00 +00:00
Warner Losh
26ea346865 Add an extra (void *) cast. The struct if_msghdr has an 8 byte
alignment requirement, while rt_msghdr has a 4 byte alignment
requirement.  The root cause is that if_msghdr has an struct if_data
which has an 8-byte alignment requirement due to a time_t that's
embedded in it.  On MIPS, time_t is a 64-bit number, so must be 64-bit
aligned.

Since we don't access ifm_data.ifi_epoch, a simple cast is all that's
necessary here.  It is likely the case that ifi_epoch should *NOT* be
a time_t because it is an uptime (time delta) an not an absolute time
since 1970.  u_long is likely sufficient there since that gives an
uptime of 136 years will suffice for the foreseeable future.
2009-02-18 19:59:27 +00:00
Qing Li
6e6b3f7cbc This main goals of this project are:
1. separating L2 tables (ARP, NDP) from the L3 routing tables
2. removing as much locking dependencies among these layers as
   possible to allow for some parallelism in the search operations
3. simplify the logic in the routing code,

The most notable end result is the obsolescent of the route
cloning (RTF_CLONING) concept, which translated into code reduction
in both IPv4 ARP and IPv6 NDP related modules, and size reduction in
struct rtentry{}. The change in design obsoletes the semantics of
RTF_CLONING, RTF_WASCLONE and RTF_LLINFO routing flags. The userland
applications such as "arp" and "ndp" have been modified to reflect
those changes. The output from "netstat -r" shows only the routing
entries.

Quite a few developers have contributed to this project in the
past: Glebius Smirnoff, Luigi Rizzo, Alessandro Cerri, and
Andre Oppermann. And most recently:

- Kip Macy revised the locking code completely, thus completing
  the last piece of the puzzle, Kip has also been conducting
  active functional testing
- Sam Leffler has helped me improving/refactoring the code, and
  provided valuable reviews
- Julian Elischer setup the perforce tree for me and has helped
  me maintaining that branch before the svn conversion
2008-12-15 06:10:57 +00:00
Shteryana Shopova
02f27f1cfa This commit was generated by cvs2svn to compensate for changes in r176892,
which included commits to RCS files with non-trunk default branches.
2008-03-07 09:33:29 +00:00
Shteryana Shopova
691f8568ea Vendor patch: Prevent bsnmpd from dumping core when a module's init hook
returns an error.

Approved by:	bz (mentor), harti
2008-03-07 09:33:29 +00:00
Hartmut Brandt
cab70e0247 Vendor patch: synthesize the initial value for sysObjectId from the value
of uname -r in FreeBSD. This value can be overwritten in the configuration
file.

Suggested by:	phk
2006-10-31 09:00:35 +00:00
Hartmut Brandt
f56ce4bd26 This commit was generated by cvs2svn to compensate for changes in r163820,
which included commits to RCS files with non-trunk default branches.
2006-10-31 09:00:35 +00:00
Hartmut Brandt
f929683df1 Vendor patch: improve readability by using the IF_Mbps macro.
Submitted by:	glebius
2006-10-30 16:56:38 +00:00
Hartmut Brandt
91c878a693 This commit was generated by cvs2svn to compensate for changes in r163799,
which included commits to RCS files with non-trunk default branches.
2006-10-30 16:56:38 +00:00