Description of problem: Get with FF value in variable-binding's name error failed. Version-Release number of selected component (if applicable): net-snmp-5.4.2.1-2.fc10.i386 net-snmp-perl-5.4.2.1-2.fc10.i386 net-snmp-utils-5.4.2.1-2.fc10.i386 net-snmp-libs-5.4.2.1-2.fc10.i386 How reproducible: every time Steps to Reproduce: 1. 2. 3. Actual results: Get with FF value in variable-binding's name error tested failure Expected results: Get with FF value in variable-binding's name error tested pass Additional info: Test Procedure: NAME AG_RFC3416_GetVBNameOIDErr - Get with FF value in variable-binding's name error Purpose Verify that NUT playing the SNMPv2C agent can properly detect the SNMPv2C GetRequest with OID coding error in the received packet from the SNMPv2C manager and will discard the datagram and continue to respond to normal requests. TARGET SNMPv2-Agent SYNOPSIS AG_RFC3416_GetVBNameOIDErr.seq [-tooloption ...]: KOI tool option See also SNMPConfig.pm INITIALIZATION # Network Topology Net-x --+--------+-----------------+-------- 3ffe:501:ffff:100::/64 | | | | SNMP Agent1 (NUT) SNMP Manager1 (TN) 3ffe:501:ffff:100::XXXX 3ffe:501:ffff:100::20 # Setup Set the SNMP Agent1's (NUT) address as above mentioned Network Topology. TEST PROCEDURE This test sequence is following. SNMP Manager1 (TN) SNMP Agent1 (NUT) | | |------------------------------------->| | SNMPv2C Get with OID coding | | error (FF value in OID) | | | | (wait for 30 seconds) | | | OP1| | |------------------------------------->| | SNMPv2C Get sysUpTime | | | |<-------------------------------------| OP2| Receive SNMPv2C GetResponse | | | | | | | v v 1. TN sends SNMPv2C GetRequest with OID coding error to NUT. 2. NUT discards the datagram and continue to respond to normal requests. 3. TN sends SNMPv2C GetRequest sysUpTime to NUT for checking the SNMP agent is still alive. 4. NUT returns the latest sysUpTime value. JUDGMENT OP1 NUT will silently discard this malformed SNMPv2C GetRequest with OID coding error packet. OP2 TN received correct GetResponse with sysUpTime value. TERMINATION None REFERENCE RFC 3416, Protocol Operations for version 2 of the Simple Network Management Prototol, Sec4.2.1 and Sec4.2.2. log info: Test Sequence Execution Log 11:30:37 Start 11:30:37 SNMP Connect SrcAddr:3ffe:501:ffff:100::20 SrcPort:2000 DstAddr:3ffe:501:ffff:100:0221:27ff:fe9f:23a7 DstPort:161 done SocketID:3 Send 1st error-formed (0xFF in OID coding) message 11:30:37 SNMP try to send... SrcAddr:3ffe:501:ffff:100::20 SrcPort:2000 DstAddr:3ffe:501:ffff:100:0221:27ff:fe9f:23a7 DstPort:161 done send to SocketID:3 send 1st SNMP packet 11:30:37 SNMP try to receive... SrcAddr:3ffe:501:ffff:100:0221:27ff:fe9f:23a7 SrcPort:161 DstAddr:3ffe:501:ffff:100::20 DstPort:2000 done received from SocketID:3 received 2nd SNMP packet Received unexpected returned message! FAIL 11:30:37 End Packet Reverse Log Send 1st SNMP packet at 11:30:37 IP Packet | IP Header | | Version = 6 | | Source Address = 3ffe:501:ffff:100::20 | | Destination Address = 3ffe:501:ffff:100:221:27ff:fe9f:23a7 | UDP Header | | Source Port = 2000 | | Destination Port = 161 | +SNMP ASN.1 Message (40 bytes) | | type = 48 (0x30) | | length = 38 (0x26) | | +version (3 bytes) | | | type = 2 (0x02) | | | length = 1 (0x01) | | | value = 1 (0x01) | | +community (8 bytes) | | | type = 4 (0x04) | | | length = 6 (0x06) | | | value = public (0x7075626c6963) | | +PDU (27 bytes) | | | type = 160 (0xa0) | | | length = 25 (0x19) | | | +request-id (3 bytes) | | | | type = 2 (0x02) | | | | length = 1 (0x01) | | | | value = 12 (0x0c) | | | +error-status (3 bytes) | | | | type = 2 (0x02) | | | | length = 1 (0x01) | | | | value = 0 (0x00) | | | +error-index (3 bytes) | | | | type = 2 (0x02) | | | | length = 1 (0x01) | | | | value = 0 (0x00) | | | +VarBindList (16 bytes) | | | | type = 48 (0x30) | | | | length = 14 (0x0e) | | | | +VarBind[1] (14 bytes) | | | | | type = 48 (0x30) | | | | | length = 12 (0x0c) | | | | | +VarBind[1]{name} (10 bytes) | | | | | | type = 6 (0x06) | | | | | | length = 8 (0x08) | | | | | | value = 1.3.6.1.2.1.1.3.0 (0x2b060102010103ff) | | | | | +VarBind[1]{value} (2 bytes) | | | | | | type = 5 (0x05) | | | | | | length = 0 (0x00) Recv 2nd SNMP packet at 11:30:37 IP Packet | IP Header | | Version = 6 | | Source Address = 3ffe:501:ffff:100:221:27ff:fe9f:23a7 | | Destination Address = 3ffe:501:ffff:100::20 | UDP Header | | Source Port = 161 | | Destination Port = 2000 | +SNMP ASN.1 Message (40 bytes) | | type = 48 (0x30) | | length = 38 (0x26) | | +version (3 bytes) | | | type = 2 (0x02) | | | length = 1 (0x01) | | | value = 1 (0x01) | | +community (8 bytes) | | | type = 4 (0x04) | | | length = 6 (0x06) | | | value = public (0x7075626c6963) | | +PDU (27 bytes) | | | type = 162 (0xa2) | | | length = 25 (0x19) | | | +request-id (3 bytes) | | | | type = 2 (0x02) | | | | length = 1 (0x01) | | | | value = 12 (0x0c) | | | +error-status (3 bytes) | | | | type = 2 (0x02) | | | | length = 1 (0x01) | | | | value = 0 (0x00) | | | +error-index (3 bytes) | | | | type = 2 (0x02) | | | | length = 1 (0x01) | | | | value = 0 (0x00) | | | +VarBindList (16 bytes) | | | | type = 48 (0x30) | | | | length = 14 (0x0e) | | | | +VarBind[1] (14 bytes) | | | | | type = 48 (0x30) | | | | | length = 12 (0x0c) | | | | | +VarBind[1]{name} (10 bytes) | | | | | | type = 6 (0x06) | | | | | | length = 8 (0x08) | | | | | | value = 1.3.6.1.2.1.1.3.127 (0x2b0601020101037f) | | | | | +VarBind[1]{value} (2 bytes) | | | | | | type = 129 (0x81) | | | | | | length = 0 (0x00) tcpdump info: tcpdump -r 38.html.Link0.dump reading from file 38.html.Link0.dump, link-type EN10MB (Ethernet) 19:30:37.488281 IP6 3ffe:501:ffff:100::20.sieve > 3ffe:501:ffff:100:221:27ff:fe9f:23a7.snmp: GetRequest(25) system.sysUpTime 19:30:37.489086 IP6 3ffe:501:ffff:100:221:27ff:fe9f:23a7.snmp > 3ffe:501:ffff:100::20.sieve: GetResponse(25) system.sysUpTime.127=[noSuchInstance] snmpd.conf info You may see info of snmpd.conf in the attached file"snmpd.conf".
Surprisingly, older net-snmp (e.g. in net-snmp-5.4.1 in Fedora 9 and net-snmp-5.3.2.2 in RHEL 5) do not show this behaviour and properly ignore requests with 0xff in OID.
I checked in a fix, which will appear in next release of Net-SNMP. See http://net-snmp.svn.sourceforge.net/viewvc/net-snmp?view=rev&revision=17358