479619 – [TAHI]Get with FF value in variable-binding's name error failed.

Bug 479619 - [TAHI]Get with FF value in variable-binding's name error failed.

Summary: [TAHI]Get with FF value in variable-binding's name error failed.

Keywords:
Status:	CLOSED UPSTREAM
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	net-snmp
Sub Component:
Version:	rawhide
Hardware:	All
OS:	Linux
Priority:	low
Severity:	medium
Target Milestone:	---
Assignee:	Jan Safranek
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2009-01-12 06:01 UTC by Shirley Zhou
Modified:	2015-03-05 00:51 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2009-01-13 09:19:10 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Shirley Zhou 2009-01-12 06:01:31 UTC

Description of problem:
Get with FF value in variable-binding's name error failed.


Version-Release number of selected component (if applicable):
net-snmp-5.4.2.1-2.fc10.i386 
net-snmp-perl-5.4.2.1-2.fc10.i386
net-snmp-utils-5.4.2.1-2.fc10.i386
net-snmp-libs-5.4.2.1-2.fc10.i386


How reproducible:
every time

Steps to Reproduce:
1.
2.
3.

Actual results:
Get with FF value in variable-binding's name error tested failure

Expected results:
Get with FF value in variable-binding's name error tested pass

Additional info:

Test Procedure:

NAME

AG_RFC3416_GetVBNameOIDErr - Get with FF value in variable-binding's name error

Purpose
Verify that NUT playing the SNMPv2C agent can properly detect the SNMPv2C GetRequest with OID coding error in the received packet from the SNMPv2C manager and will discard the datagram and continue to respond to normal requests.


TARGET

        SNMPv2-Agent

SYNOPSIS

	AG_RFC3416_GetVBNameOIDErr.seq [-tooloption ...]: KOI tool option
	See also SNMPConfig.pm

INITIALIZATION

         # Network Topology

    Net-x   --+--------+-----------------+-------- 3ffe:501:ffff:100::/64 
              |                          |
              |                          |
            SNMP Agent1 (NUT)            SNMP Manager1 (TN)
            3ffe:501:ffff:100::XXXX      3ffe:501:ffff:100::20          
    	

  # Setup


    Set the SNMP Agent1's (NUT) address as above mentioned Network Topology.

TEST PROCEDURE

               This test sequence is following.

    SNMP Manager1 (TN)                       SNMP Agent1 (NUT)
        |                                      |
        |------------------------------------->|
        |   SNMPv2C Get with OID coding        |
        |   error (FF value in OID)            |
        |                                      |
        |   (wait for 30 seconds)              |
        |                                      |
     OP1|                                      |
        |------------------------------------->|
        |   SNMPv2C Get sysUpTime              |
        |                                      |
        |<-------------------------------------|
     OP2|   Receive SNMPv2C GetResponse        |
        |                                      |
        |                                      |
        |                                      |
        v                                      v

        1. TN sends SNMPv2C GetRequest with OID coding error to NUT.
        2. NUT discards the datagram and continue to respond to normal requests.
        3. TN sends SNMPv2C GetRequest sysUpTime to NUT for checking the SNMP agent is still alive.
        4. NUT returns the latest sysUpTime value.

JUDGMENT

       OP1 NUT will silently discard this malformed SNMPv2C GetRequest with OID coding error packet.
       OP2 TN received correct GetResponse with sysUpTime value.

TERMINATION

        None

REFERENCE

    RFC 3416, Protocol Operations for version 2 of the Simple Network Management Prototol, Sec4.2.1 and Sec4.2.2.



log info:

Test Sequence Execution Log
11:30:37	Start
11:30:37	SNMP Connect
  SrcAddr:3ffe:501:ffff:100::20  SrcPort:2000
  DstAddr:3ffe:501:ffff:100:0221:27ff:fe9f:23a7  DstPort:161
done
  SocketID:3

	Send 1st error-formed (0xFF in OID coding) message
11:30:37	SNMP try to send...
  SrcAddr:3ffe:501:ffff:100::20  SrcPort:2000
  DstAddr:3ffe:501:ffff:100:0221:27ff:fe9f:23a7  DstPort:161
done
  send to SocketID:3
send 1st SNMP packet
11:30:37	SNMP try to receive...
  SrcAddr:3ffe:501:ffff:100:0221:27ff:fe9f:23a7  SrcPort:161
  DstAddr:3ffe:501:ffff:100::20  DstPort:2000
done
received from SocketID:3
received 2nd SNMP packet

Received unexpected returned message!

	FAIL
11:30:37	End

Packet Reverse Log
Send 1st SNMP packet at 11:30:37

IP Packet
| IP Header
| | Version                    = 6
| | Source Address             = 3ffe:501:ffff:100::20
| | Destination Address        = 3ffe:501:ffff:100:221:27ff:fe9f:23a7
| UDP Header
| | Source Port                = 2000
| | Destination Port           = 161
| +SNMP ASN.1 Message     (40 bytes)
| |  type                      = 48 (0x30)
| |  length                    = 38 (0x26)
| | +version                (3 bytes)
| | |  type                    = 2 (0x02)
| | |  length                  = 1 (0x01)
| | |  value                   = 1 (0x01)
| | +community              (8 bytes)
| | |  type                    = 4 (0x04)
| | |  length                  = 6 (0x06)
| | |  value                   = public (0x7075626c6963)
| | +PDU                    (27 bytes)
| | |  type                    = 160 (0xa0)
| | |  length                  = 25 (0x19)
| | | +request-id             (3 bytes)
| | | |  type                  = 2 (0x02)
| | | |  length                = 1 (0x01)
| | | |  value                 = 12 (0x0c)
| | | +error-status           (3 bytes)
| | | |  type                  = 2 (0x02)
| | | |  length                = 1 (0x01)
| | | |  value                 = 0 (0x00)
| | | +error-index            (3 bytes)
| | | |  type                  = 2 (0x02)
| | | |  length                = 1 (0x01)
| | | |  value                 = 0 (0x00)
| | | +VarBindList            (16 bytes)
| | | |  type                  = 48 (0x30)
| | | |  length                = 14 (0x0e)
| | | | +VarBind[1]             (14 bytes)
| | | | |  type                = 48 (0x30)
| | | | |  length              = 12 (0x0c)
| | | | | +VarBind[1]{name}       (10 bytes)
| | | | | |  type              = 6 (0x06)
| | | | | |  length            = 8 (0x08)
| | | | | |  value             = 1.3.6.1.2.1.1.3.0 (0x2b060102010103ff)
| | | | | +VarBind[1]{value}      (2 bytes)
| | | | | |  type              = 5 (0x05)
| | | | | |  length            = 0 (0x00)

Recv 2nd SNMP packet at 11:30:37

IP Packet
| IP Header
| | Version                    = 6
| | Source Address             = 3ffe:501:ffff:100:221:27ff:fe9f:23a7
| | Destination Address        = 3ffe:501:ffff:100::20
| UDP Header
| | Source Port                = 161
| | Destination Port           = 2000
| +SNMP ASN.1 Message     (40 bytes)
| |  type                      = 48 (0x30)
| |  length                    = 38 (0x26)
| | +version                (3 bytes)
| | |  type                    = 2 (0x02)
| | |  length                  = 1 (0x01)
| | |  value                   = 1 (0x01)
| | +community              (8 bytes)
| | |  type                    = 4 (0x04)
| | |  length                  = 6 (0x06)
| | |  value                   = public (0x7075626c6963)
| | +PDU                    (27 bytes)
| | |  type                    = 162 (0xa2)
| | |  length                  = 25 (0x19)
| | | +request-id             (3 bytes)
| | | |  type                  = 2 (0x02)
| | | |  length                = 1 (0x01)
| | | |  value                 = 12 (0x0c)
| | | +error-status           (3 bytes)
| | | |  type                  = 2 (0x02)
| | | |  length                = 1 (0x01)
| | | |  value                 = 0 (0x00)
| | | +error-index            (3 bytes)
| | | |  type                  = 2 (0x02)
| | | |  length                = 1 (0x01)
| | | |  value                 = 0 (0x00)
| | | +VarBindList            (16 bytes)
| | | |  type                  = 48 (0x30)
| | | |  length                = 14 (0x0e)
| | | | +VarBind[1]             (14 bytes)
| | | | |  type                = 48 (0x30)
| | | | |  length              = 12 (0x0c)
| | | | | +VarBind[1]{name}       (10 bytes)
| | | | | |  type              = 6 (0x06)
| | | | | |  length            = 8 (0x08)
| | | | | |  value             = 1.3.6.1.2.1.1.3.127 (0x2b0601020101037f)
| | | | | +VarBind[1]{value}      (2 bytes)
| | | | | |  type              = 129 (0x81)
| | | | | |  length            = 0 (0x00)



tcpdump info:
tcpdump -r 38.html.Link0.dump 
reading from file 38.html.Link0.dump, link-type EN10MB (Ethernet)
19:30:37.488281 IP6 3ffe:501:ffff:100::20.sieve > 3ffe:501:ffff:100:221:27ff:fe9f:23a7.snmp:  GetRequest(25)  system.sysUpTime
19:30:37.489086 IP6 3ffe:501:ffff:100:221:27ff:fe9f:23a7.snmp > 3ffe:501:ffff:100::20.sieve:  GetResponse(25)  system.sysUpTime.127=[noSuchInstance]

snmpd.conf info

You may see info of snmpd.conf in the attached file"snmpd.conf".

Comment 1 Jan Safranek 2009-01-12 13:41:52 UTC

Surprisingly, older net-snmp (e.g. in net-snmp-5.4.1 in Fedora 9 and net-snmp-5.3.2.2 in RHEL 5) do not show this behaviour and properly ignore requests with 0xff in OID.

Comment 2 Jan Safranek 2009-01-13 09:19:10 UTC

I checked in a fix, which will appear in next release of Net-SNMP. See http://net-snmp.svn.sourceforge.net/viewvc/net-snmp?view=rev&revision=17358

Note You need to log in before you can comment on or make changes to this bug.