The function snmpd_sink_add() has a guard clause that tests the literal
string "section", not the variable value "$section".
The test `[ -n "section" ]` always evaluates to true because the string
literal "section" is non-empty, making the check useless.
This function is only called internally with hardcoded arguments, so the
bug has no actual impact currently. For the same reason, this change
should not break existing configurations. However, I think it should be
fixed so future callers do not have a false sense of security.
Signed-off-by: Eric McDonald <librick-openwrt@proton.me>
To support logging in net-snmp this commit introduces this feature. There is
a new uci config section 'logging'.
The following new parameters are used:
config logging
option log_file '/var/log/snmpd.log'
option log_file_priority 'i'
option log_syslog '0'
option log_syslog_facility 'd'
Signed-off-by: Christian Korber <ck@dev.tdt.de>
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
This commit adds function 'snmpd_snmpv3_add' to the init script
to support SNMPv3 config parsing.
The new uci config section has the following configuration parameters:
config v3
option username 'John'
option allow_write '0'
option auth_type 'SHA|MD5'
option auth_pass 'passphrase'
option privacy_type 'AES|DES'
option privacy_pass 'passphrase'
option RestrictOID 'yes|no'
option RestrictedOID '1.3.6.1.2.1.1.1'
This new section is only relevant if the snmp_version 'v1/v2c/v3' or 'v3'
is set in the uci section 'general'.
Signed-off-by: Christian Korber <ck@dev.tdt.de>
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
In a previous commit (0b12bee) hostname was added to
snmpd.init. To track changes in system, the init file
needs to add 'system' to the trigger.
Therefore it is added in this commit.
Fixes: 0b12bee66a ("net-snmp: set hostname as sysname")
Signed-off-by: Christian Korber <ck@dev.tdt.de>
This commit writes the option hostname obtained via uci_get
system.@system[0].hostname to the snmpd.conf file if sysName
is not defined in /etc/config/snmpd.
Signed-off-by: Christian Korber <ckorber@tdt.de>
The commands in the function 'stop_service' do not stop the service.
Rather, they are commands that are to be executed when the service has
already been stopped. By renaming the function, the commands are now
executed after the service has been stopped.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
If snmpd fails to open files, like /dev/kmem or /dev/mem, it exits.
Avoid this by adding the -r argument.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Firewall needs to be reloaded in the following cases:
- on service start when snmpd.general.enabled=1
- when snmpd daemon is stopped
Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
Commit ae5ee6ba6c added support for inbound
firewall rule support but some corner cases were not covered.
In case net-snmp is started and the network interface is already up
the procd firewall rule is created but not applied by fw3 as
service_started calling procd_set_config_changed firewall was missing.
When stopping net-snmp clean up the net-snmp inbound firewall rules in
iptables by calling procd_set_config_changed firewall in stop_service
which will trigger fw3 to remove the inbound firewall rules.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
It seems that UCI can't handle duplicate section names in a single
config file, even if they use different types. After the previous
commit, running `uci export` results in the following error:
uci: Parse error (section of different type overwrites prior section with same name) at line 17, byte 23
Append a 6 to the com2sec6 section names to solve this.
Fixes: 0e1c8b4ccc ("net-snmp: snmpd: listen on IPv6 by default")
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Add enabled config option in the global uci section; it allows to put into
place the snmpd config but not yet start the netsnmp daemon.
If config option is unset; netsnmp daemon will be started as before.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Add config support which allow snmpd to take a more active role by sending
traps.
Following config options are supported which map directly on snmpd directives:
-trapcommunity
-trapsink
-trap2sink
-informsink
-authtrapenable
-v1trapaddress
-trapsess
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Add UCI section general which holds the uci parameter network defining on
which interface(s) the snmp agent is reachable for inbound snmp requests
in case the firewall zone does not allow INPUT traffic by default.
For the different zones to which the different interfaces belong firewall
procd input rules are created making the snmp agent reachable on udp port
161.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
According to the snmpd.conf man page, the engineID of an snmp agent
should be consistent through time. However, it seems that the engineID
changes every reboot. Add options to configure how the engineID is
generated. The default setting generates it based on the MAC address of
the eth0 interface.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
When applying wireless configuration changes, the ifindex of the
wireless interface(s) change. While snmpd picks up the new interfaces
with the correct index, it does not remove the old ones:
IF-MIB::ifName.23 = STRING: wlan0
IF-MIB::ifName.24 = STRING: wlan1
IF-MIB::ifName.25 = STRING: wlan0
IF-MIB::ifName.26 = STRING: wlan1
This causes problems for monitoring tools that use ifName (or ifDesc) as
interface reference. Add a trigger that reloads snmpd on interface
up/down events so that it will no longer have the old interfaces.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
When an ifindex for an interface changes, some monitoring tools can no
longer find the interface and send alerts. Monitor all network
interfaces via the procd netdev parameter, so that
/etc/init.d/snmpd reload will restart snmpd if any ifindex changed.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
- Refactor RUN_C into CONFIGFILE, as used in dnsmasq and igmpproxy init
scripts.
- Add a newline after each function definition.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
add support for "disk <partition> <size>" option
example for /etc/config/snmpd
===========
config disk
option partition '/'
option size '500'
===========
