Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.

Dismiss

snmpd.conf community strings with a space?

104 views

Skip to first unread message

Jared Smith (jarsmith)

unread,

Jul 22, 2009, 7:13:12 PM7/22/09

This is a multi-part message in MIME format.

--===============2334335406684620078==
Content-class: urn:content-classes:message
Content-Type: multipart/alternative;
boundary="----_=_NextPart_001_01CA0B21.145408FC"

This is a multi-part message in MIME format.

------_=_NextPart_001_01CA0B21.145408FC
Content-Type: text/plain;
charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable

Hi I'm testing out some code that is both sending and receiving traps
from net-snmp I have noticed that if you double quote the community
string in snmpd.conf like this:

=20

trap2sink 10.10.10.10 "public"

=20

It will actually send the trap with the quotes in the community string.
I verified this in wireshark. However when I use snmptrapd it will not
authenticate that community string when entered as either "public" or
public. Wasn't able to find a way to authenticate with the quotes as it
seems to interpret the configuration differently than snmpd.conf.

=20

I know that it works properly if I drop the quotes in snmpd.conf so
tempted to just head this route; but if we desired to be able to support
community strings that contain a space how can that be accomplished
without sending the trap with the quotes in the packet? Or are spaces
disallowed in community strings in snmp all together? I searched
through some of the RFCs and it looked like they just say it is an octet
string without a whole lot of qualification about the specific
characters allowed. I did some searches on various vendors and it
looked like some allow space and some do not so curious if net-snmp has
some way of handling them?

=20

Thanks for any advice in this matter,

=20

Jared

------_=_NextPart_001_01CA0B21.145408FC
Content-Type: text/html;
charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable

Hi I’m testing out some code that is both =
sending and
receiving traps from net-snmp I have noticed that if you double quote =
the
community string in snmpd.conf like this:<o:p></o:p>

<o:p> </o:p>

trap2sink 10.10.10.10 =
“public”<o:p></o:p>

<o:p> </o:p>

It will actually send the trap with the quotes in =
the
community string.  I verified this in wireshark.  However when =
I use
snmptrapd it will not authenticate that community string when entered as =
either
“public” or public.  Wasn’t able to find a way to
authenticate with the quotes as it seems to interpret the configuration
differently than snmpd.conf.<o:p></o:p>

<o:p> </o:p>

I know that it works properly if I drop the quotes =
in
snmpd.conf so tempted to just head this route; but if we desired to be =
able to
support community strings that contain a space how can that be =
accomplished without
sending the trap with the quotes in the packet?  Or are spaces =
disallowed
in community strings in snmp  all together?  I searched =
through some
of the RFCs and it looked like they just say it is an octet string =
without a
whole lot of qualification about the specific characters allowed.  =
I did
some searches on various vendors and it looked like some allow space and =
some
do not so curious if net-snmp has some way of handling =
them?<o:p></o:p>

<o:p> </o:p>

Thanks for any advice in this =
matter,<o:p></o:p>

<o:p> </o:p>

Jared<o:p></o:p>

</div>

</body>

</html>

------_=_NextPart_001_01CA0B21.145408FC--

--===============2334335406684620078==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

------------------------------------------------------------------------------

--===============2334335406684620078==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
Net-snmp-users mailing list
Net-snm...@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/listinfo/net-snmp-users

--===============2334335406684620078==--

Dave Shield

unread,

Jul 23, 2009, 3:52:03 AM7/23/09

2009/7/23 Jared Smith (jarsmith) <jars...@cisco.com>:

> I have noticed that if you double quote the community string in
> snmpd.conf like this:
>

> trap2sink 10.10.10.10 =93public=94

>
> It will actually send the trap with the quotes in the community string.

So it does.
That's definitely a bug.

> However when I use snmptrapd it will =
not
> authenticate that community string when entered as either =93public=94 or
> public.=A0 Wasn=92t able to find a way to authenticate with the quotes

Try quoting the quoted string:

authcommunity log,execute,net '"public"'

That should work.

> as it seems to interpret the configuration differently than snmpd.conf.

It's not a difference between snmpd.conf and snmptrapd.conf.
Instead, it's a difference between "trapsink" and the access control entrie=
s.
Most configuration directives will handle quotes sensibly - it's just traps=
ink
et al that don't.

> if we desired to be able to support co=
mmunity

> strings that contain a space how can that be accomplished

For handling normal SNMP requests (GET* and SET), just quote the community
string, and the agent will strip these quotes off, as you would
naturally expect.
It's just sending traps that is affected in this way.

In fact, it's only the three *sink directives that are broken. A line such=
as

trapsess -v 2c -c "one two three" 10.10.10.10

will send traps using the community string one{space}two{space}three
without the quotes.

Dave

---------------------------------------------------------------------------=
---

0 new messages