Can't send SNMPv3 Traps from C Program
da...@blueyonder.co.uk
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
Please help, I am trying to send a SNMPv3 trap from within a C program.
I am using the add_trap_session function to add my trap sink sessions and
then send_v2trap to send the trap.
The program works with the authentication turned off (securityLevel =
SNMP_SEC_LEVEL_NOAUTH) but I can not get it to work when I set the
securityLevel to use encryption (i.e. SNMP_SEC_LEVEL_AUTH).
I can successfully send traps using the snmptrap tool so I know the
trapsink is working.
A simplified version of my code is shown below (and is also contained in
the attached file)...
Thanks Darryl
int main() {
init();
send_trap();
}
void init() {
For each trap sink {
create_v3_trap_session(...);
}
}
void send_trap() {
netsnmp_variable_list *notification_vars;
Setup notification_vars...
send_v2trap(notification_vars);
}
int create_v3_trap_session(...) {
netsnmp_session session, *sesp;
memset(&session, 0, sizeof(netsnmp_session));
snmp_sess_init( &session ); // Set up defaults
session.version == SNMP_VERSION_3;
session.peername = strdup("192.168.144.214:162");
session.callback = snmp_inform_callback; // Function to
interpret incoming data
session.callback_magic = NULL; // Pointer to data for
callback
// SNMP v2
session.community = NULL;
session.community_len = 0;
// SNMP v3
session.securityName = strdup("usera"); // The user name
session.securityNameLen = strlen("usera"); // Length of securityName
session.securityAuthKeyLen = USM_AUTH_KU_LEN; //Length of Ku for
auth protocol
session.securityAuthProto =
snmp_duplicate_objid(usmHMACMD5AuthProtocol, USM_AUTH_PROTO_MD5_LEN);
session.securityAuthProtoLen = USM_AUTH_PROTO_MD5_LEN;
if (generate_Ku(session.securityAuthProto,
session.securityAuthProtoLen,
(u_char *) "mypassword", "mypassword",
session.securityAuthKey,
&session.securityAuthKeyLen) != SNMPERR_SUCCESS) {
return (-1);
}
session.securityPrivKeyLen = USM_PRIV_KU_LEN; // Length of Ku for
priv protocol
session.securityPrivProto = snmp_duplicate_objid(usmDESPrivProtocol,
USM_PRIV_PROTO_DES_LEN);
session.securityPrivProtoLen = USM_PRIV_PROTO_DES_LEN;
if (generate_Ku(session.securityAuthProto,
session.securityAuthProtoLen,
(u_char *) "mypassword", strlen("mypassword"),
session.securityPrivKey,
&session.securityPrivKeyLen) != SNMPERR_SUCCESS) {
return (-1);
}
session.securityModel = SNMP_DEFAULT_SECMODEL; // snmp security model,
v1, v2c, usm */
session.securityLevel = SNMP_SEC_LEVEL_AUTHNOPRIV;
// The following session variables were not set
//session.securityAuthLocalKey = //Kul for auth protocol
//session.securityAuthLocalKeyLen = // Length of Kul for auth
protocol XXX
//session.remote_port = // UDP port number of peer. (NO
LONGER USED - USE peername INSTEAD)
//session.local_port = // My UDP port number, 0 for
default, picked randomly
//session.isAuthoritative = // Are we the authoritative
engine? */
//session.contextName = // authoritative contextName
//session.contextNameLen = // Length of contextName
//session.securityEngineID = // Authoritative snmpEngineID
(See snmp_hex_to_binary)
//session.securityEngineIDLen = // Length of contextEngineID
//session.paramName = // target param name
//session.securityInfo = // security module specific
//session.localname =
//session.securityEngineIDLen =
//session.securityEngineID =
//session.engineBoots = // Initial engineBoots for remote
engine
//session.engineTime = // Initial engineTime for remote
engine
sesp = snmp_open(&session);
if (sesp) {
add_trap_session(sesp, SNMP_MSG_INFORM, TRUE, SNMP_VERSION_3);
}
}
------=_20070807101354_65853
Content-Type: text/plain; name="test_code.c"
Content-Transfer-Encoding: 8bit
Content-Disposition: attachment; filename="test_code.c"
int main() {
init();
send_trap();
}
void init() {
For each trap sink {
create_v3_trap_session(...);
}
}
void send_trap() {
netsnmp_variable_list *notification_vars;
Setup notification_vars...
send_v2trap(notification_vars);
}
int create_v3_trap_session(...) {
netsnmp_session session, *sesp;
memset(&session, 0, sizeof(netsnmp_session));
snmp_sess_init( &session ); // Set up defaults
session.version == SNMP_VERSION_3;
session.peername = strdup("192.168.144.214:162");
session.callback = snmp_inform_callback; // Function to interpret incoming data
session.callback_magic = NULL; // Pointer to data for callback
// SNMP v2
session.community = NULL;
session.community_len = 0;
// SNMP v3
session.securityName = strdup("usera"); // The user name
session.securityNameLen = strlen("usera"); // Length of securityName
session.securityAuthKeyLen = USM_AUTH_KU_LEN; //Length of Ku for auth protocol
session.securityAuthProto = snmp_duplicate_objid(usmHMACMD5AuthProtocol, USM_AUTH_PROTO_MD5_LEN);
session.securityAuthProtoLen = USM_AUTH_PROTO_MD5_LEN;
if (generate_Ku(session.securityAuthProto,
session.securityAuthProtoLen,
(u_char *) "mypassword", "mypassword",
session.securityAuthKey,
&session.securityAuthKeyLen) != SNMPERR_SUCCESS) {
return (-1);
}
session.securityPrivKeyLen = USM_PRIV_KU_LEN; // Length of Ku for priv protocol
session.securityPrivProto = snmp_duplicate_objid(usmDESPrivProtocol, USM_PRIV_PROTO_DES_LEN);
session.securityPrivProtoLen = USM_PRIV_PROTO_DES_LEN;
if (generate_Ku(session.securityAuthProto,
session.securityAuthProtoLen,
(u_char *) "mypassword", strlen("mypassword"),
session.securityPrivKey,
&session.securityPrivKeyLen) != SNMPERR_SUCCESS) {
return (-1);
}
session.securityModel = SNMP_DEFAULT_SECMODEL; // snmp security model, v1, v2c, usm */
session.securityLevel = SNMP_SEC_LEVEL_AUTHNOPRIV;
// The following session variables were not set
//session.securityAuthLocalKey = //Kul for auth protocol
//session.securityAuthLocalKeyLen = // Length of Kul for auth protocol XXX
//session.remote_port = // UDP port number of peer. (NO LONGER USED - USE peername INSTEAD)
//session.local_port = // My UDP port number, 0 for default, picked randomly
//session.isAuthoritative = // Are we the authoritative engine? */
//session.contextName = // authoritative contextName
//session.contextNameLen = // Length of contextName
//session.securityEngineID = // Authoritative snmpEngineID (See snmp_hex_to_binary)
//session.securityEngineIDLen = // Length of contextEngineID
//session.paramName = // target param name
//session.securityInfo = // security module specific
//session.localname =
//session.securityEngineIDLen =
//session.securityEngineID =
//session.engineBoots = // Initial engineBoots for remote engine
//session.engineTime = // Initial engineTime for remote engine
sesp = snmp_open(&session);
if (sesp) {
add_trap_session(sesp, SNMP_MSG_INFORM, TRUE, SNMP_VERSION_3);
}
}
------=_20070807101354_65853
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
------=_20070807101354_65853
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
Net-snmp-users mailing list
Net-snm...@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users
------=_20070807101354_65853--
Dave Shield
> Please help, I am trying to send a SNMPv3 trap from within a C program.
>
> I am using the add_trap_session function to add my trap sink sessions and
> then send_v2trap to send the trap.
'send_v2trap' is part of the Net-SNMP *agent* API.
It can only be used by code that will run within an agent (or subagent).
If this is a standalone application, then you'll need to send the trap
directly yourself, using 'snmp_send'.
See 'apps/snmptrap.c' for an example.
Dave
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
da...@blueyonder.co.uk
updating it to support SNMPv3. The code sample I posted was very much
simplified.
I wrote my own create_v3_trap_session function because the standard
create_trap_session does not support SNMPv3. However I am not sure that
the send_v2trap works with SNMPv3 either, in one of your posts in the
message archive you mentioned adding trapsess statements to the config
files, but I would like to avoid this if I can.
I am using net-snmp v 1.8.2
Darryl
Dave Shield
> However I am not sure that
> the send_v2trap works with SNMPv3 either,
No problem there - send_v2trap() should sent the specified notification to
all configured destinations, using the appropriate version (1, 2c or 3) and
admin settings for each one.
The version in these API calls refers to the format in which the trap
information is passed *in* - it has no relevance to the version(s) of
the notifications that are actually sent out.
da...@blueyonder.co.uk
Thank you for confirming that I have been using the correct library
function calls, your help is very much appreciated. Now that I know I am
using the correct functions I have managed to work out how to turn on some
of the debugging and located an area of code that is causing problems.
An error is being logged > =91snmpd: send_trap: USM unknown security name
(no such user exists)=92, this is raised because net-snmp calls a function
called usm_get_user and there are no users listed in the puserList =
variable used in snmpusm.c
Where should users be configured, I thought that when sending traps, =
users only need to be configured on the trap sink so why does the net-snmp
library try to look up the user in this list?
Darryl