The function snmpd_sink_add() has a guard clause that tests the literal
string "section", not the variable value "$section".
The test `[ -n "section" ]` always evaluates to true because the string
literal "section" is non-empty, making the check useless.
This function is only called internally with hardcoded arguments, so the
bug has no actual impact currently. For the same reason, this change
should not break existing configurations. However, I think it should be
fixed so future callers do not have a false sense of security.
Signed-off-by: Eric McDonald <librick-openwrt@proton.me>
To support logging in net-snmp this commit introduces this feature. There is
a new uci config section 'logging'.
The following new parameters are used:
config logging
option log_file '/var/log/snmpd.log'
option log_file_priority 'i'
option log_syslog '0'
option log_syslog_facility 'd'
Signed-off-by: Christian Korber <ck@dev.tdt.de>
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
This commit adds function 'snmpd_snmpv3_add' to the init script
to support SNMPv3 config parsing.
The new uci config section has the following configuration parameters:
config v3
option username 'John'
option allow_write '0'
option auth_type 'SHA|MD5'
option auth_pass 'passphrase'
option privacy_type 'AES|DES'
option privacy_pass 'passphrase'
option RestrictOID 'yes|no'
option RestrictedOID '1.3.6.1.2.1.1.1'
This new section is only relevant if the snmp_version 'v1/v2c/v3' or 'v3'
is set in the uci section 'general'.
Signed-off-by: Christian Korber <ck@dev.tdt.de>
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
To use 'SNMPv3', the net-snmp package must be compiled with openssl support.
For this purpose, the current net-snmp is renamed into build 'nossl'.
This is a preparation commit to add the 'ssl' variant.
Signed-off-by: Christian Korber <ck@dev.tdt.de>
In a previous commit (0b12bee) hostname was added to
snmpd.init. To track changes in system, the init file
needs to add 'system' to the trigger.
Therefore it is added in this commit.
Fixes: 0b12bee66a ("net-snmp: set hostname as sysname")
Signed-off-by: Christian Korber <ck@dev.tdt.de>
This commit includes inttypes.h to prevent the following error:
```
mibgroup/ieee802dot11.c: In function 'displayWiExt':
mibgroup/ieee802dot11.c:4563:26: error: expected ')' before 'PRIdPTR'
4563 | printf ( "%s sens: %" PRIdPTR "\n", "SIOCGIWSENS", *(intptr_t *)&info.sens );
| ~ ^~~~~~~~
| )
mibgroup/ieee802dot11.c:31:1: note: 'PRIdPTR' is defined in header '<inttypes.h>'; did you forget to '#include <inttypes.h>'?
30 | #include "util_funcs/header_generic.h"
+++ |+#include <inttypes.h>
31 |
```
Signed-off-by: Wei-Ting Yang <williamatcg@gmail.com>
Use #elif defined instead of #elifdef as seen elsewhere throughout the patch
file. This avoids the following errors when compiling with GCC 11:
```
mibgroup/ucd-snmp/proc.c:45:2: error: invalid preprocessing directive #elifdef; did you mean #ifdef?
45 | #elifdef HAVE_PCRE_H
| ^~~~~~~
| ifdef
mibgroup/ucd-snmp/proc.c:243:2: error: invalid preprocessing directive #elifdef; did you mean #ifdef?
243 | #elifdef HAVE_PCRE_H
| ^~~~~~~
| ifdef
```
Signed-off-by: Wei-Ting Yang <williamatcg@gmail.com>
This commit writes the option hostname obtained via uci_get
system.@system[0].hostname to the snmpd.conf file if sysName
is not defined in /etc/config/snmpd.
Signed-off-by: Christian Korber <ckorber@tdt.de>
description: Since IPv6 is present in everyday use, we need to include
information about IPv6 addresses & routes in SNMP
example:
IP-MIB::ipAddressOrigin.ipv6
IP-MIB::ipAddressOrigin[ipv6]["00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:01"] = manual
IP-MIB::ipAddressOrigin[ipv6]["fd:00:00:09:02:55:00:00:00:00:00:00:00:00:01:01"] = manual
IP-MIB::ipAddressOrigin[ipv6]["fe:80:00:00:00:00:00:00:0c:00:09:ff:fe:06:01:01"] = linklayer
IP-MIB::ipAddressOrigin[ipv6]["fe:80:00:00:00:00:00:00:0c:02:09:ff:fe:00:01:01"] = linklayer
IP-MIB::ipAddressOrigin[ipv6]["fe:80:00:00:00:00:00:00:ae:84:c6:ff:fe:25:8c:ce"] = linklayer
tested:
23.05-snapshot
master snapshot
with LibreNMS, OpenWRT device IPv6 Addresses & Routes are properly recognized
Signed-off-by: Peca Nesovanovic <peca.nesovanovic@sattrakt.com>
This fixes it with musl support. Also fixed several -Wformat warnings.
Main problem was __fd_mask not existing on musl but fd_mask existing.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Refresh 900-musl-compat.patch, add missing headers & fixes incompatible pointer type is now an error.
Signed-off-by: Aditya Nugraha <vortexilation@gmail.com>
Refresh 900-musl-compat.patch, add missing headers & fixes incompatible pointer type is now an error.
Signed-off-by: Aditya Nugraha <vortexilation@gmail.com>
Adjust patches for current version changes
Module "disk" renamed to "disk_hw"
Internal type "unknown" changed to "u_int32_t"
Add patch with removing macro syntax checking for successful build
Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com>
Add upstream patch adding support for pcre2 and update dependency to
require libpcre2 instead of libpcre.
--with-pcre2-8 is now needed to exclude support for pcre and only
require pcre2 as net-snmp still use and try to use pcre by default.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Automatically compute and substitute current values for all
$(AUTORELEASE) instances as this feature is deprecated and shouldn't be
used.
The following temporary change was made to the core:
diff --git a/rules.mk b/rules.mk
index 57d7995d4fa8..f16367de87a8 100644
--- a/rules.mk
+++ b/rules.mk
@@ -429,7 +429,7 @@ endef
abi_version_str = $(subst -,,$(subst _,,$(subst .,,$(1))))
COMMITCOUNT = $(if $(DUMP),0,$(call commitcount))
-AUTORELEASE = $(if $(DUMP),0,$(call commitcount,1))
+AUTORELEASE = $(if $(DUMP),0,$(shell sed -i "s/\$$(AUTORELEASE)/$(call commitcount,1)/" $(CURDIR)/Makefile))
all:
FORCE: ;
And this command used to fix affected packages:
for i in $(cd feeds/packages; git grep -l PKG_RELEASE:=.*AUTORELEASE | \
sed 's^.*/\([^/]*\)/Makefile^\1^';);
do
make package/$i/download
done
Signed-off-by: Paul Fertser <fercerpav@gmail.com>
The commands in the function 'stop_service' do not stop the service.
Rather, they are commands that are to be executed when the service has
already been stopped. By renaming the function, the commands are now
executed after the service has been stopped.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Switch to AUTORELEASE for simplicity.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
[remove irrelevant part from commit message after splitting changes]
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Neither the configure option nor configure variable to disable linking
against PCRE seem to work anymore, so simply drop both and add a
dependency on libpcre. As net-snmp is unlikely to fit on devices with
small flash anyway, the extra size requirement shouldn't be a problem.
If it is, feel free to submit a patch to fix the broken upstream
behaviour.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
The crude loop I wrote to come up with this changeset:
find -L package/feeds/packages/ -name patches | \
sed 's/patches$/refresh/' | sort | xargs make
Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
If snmpd fails to open files, like /dev/kmem or /dev/mem, it exits.
Avoid this by adding the -r argument.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Firewall needs to be reloaded in the following cases:
- on service start when snmpd.general.enabled=1
- when snmpd daemon is stopped
Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
There's a build race condition with other packages which sometimes results in:
Package libnetsnmp is missing dependencies for the following libraries:
libpci.so.3
Using an external toolchain, it was discovered that net-snmp would
link with the Perl library (-lperl) from the host rather than from the
target.
Since we do not provide Perl as a dependency to net-snmp, the solution
is to disable support for it.
Fixes issue #8217.
Signed-off-by: Maxim Cournoyer <maxim.cournoyer@savoirfairelinux.com>
Disable PCRE process searching to avoid linking against libprce, which
would cause the build to fail due to a missing dependency. With the
--without-pcre switch, build fails due to an undefined reference, so do
it via CONFIGURE_VARS instead.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
[disable PCRE process searching]
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Commit 384c2a8cfd added support for symlinking
net-snmp-config into $(STAGING_DIR)/usr/bin but forgot to install first
$(STAGING_DIR)/usr/bin resulting into a compile issue if
$(STAGING_DIR)/usr/bin is not yet present.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
This enables the table `inetNetToMediaTable` from `ip-mib`, which implements
the `ipNetToPhysicalTable`. The former one is already enabled with the current
configuraiton, but it has been deprecatd by the IP version-neutral
`ipNetToMediaTable`, which also supports IPv6 entries [1]. It also disables all
other submodules from this MIB to keep the footprint small.
[1]: http://net-snmp.sourceforge.net/docs/mibs/IP-MIB.txt
Signed-off-by: Karol Babioch <karol@babioch.de>
Commit 384c2a8cfd added support for symlinking
net-snmp-config into $(STAGING_DIR)/usr/bin but forgot to install first
$(STAGING_DIR)/usr/bin resulting into a compile issue if
$(STAGING_DIR)/usr/bin is not yet present.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Commit ae5ee6ba6c added support for inbound
firewall rule support but some corner cases were not covered.
In case net-snmp is started and the network interface is already up
the procd firewall rule is created but not applied by fw3 as
service_started calling procd_set_config_changed firewall was missing.
When stopping net-snmp clean up the net-snmp inbound firewall rules in
iptables by calling procd_set_config_changed firewall in stop_service
which will trigger fw3 to remove the inbound firewall rules.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
It seems that UCI can't handle duplicate section names in a single
config file, even if they use different types. After the previous
commit, running `uci export` results in the following error:
uci: Parse error (section of different type overwrites prior section with same name) at line 17, byte 23
Append a 6 to the com2sec6 section names to solve this.
Fixes: 0e1c8b4ccc ("net-snmp: snmpd: listen on IPv6 by default")
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
