Description of problem: snmpd proxies OIDs unspecified in proxy statement in snmpd.conf. For example, assuming that the following proxy statement is in snmpd.conf. proxy -v 1 -c public remotehost .1.3.6.1.4.1.211.1.1.1.3.3.2.2.1 .1.3.6.1.4.1.231.2.49.1.3.4.0 1) snmpwalk -v 1 -c public localhost .1.3.6.1.4.1.211.1.1.1.3.3.2.2.1.0 It sends a snmp request with .1.3.6.1.4.1.231.2.49.1.3.4.0.0 to remotehost. This is ok. 2) snmpwalk -v 1 -c public localhost .1.3.6.1.4.1.211.1.1.1.3.3.2.2 It sends a snmp request with .1.3.6.1.4.1.231.2.49.1.3.4 to remotehost. This is something wrong. 3) snmpwalk -v 1 -c public localhost .1.3.6.1.4.1.211 It sends a snmp request with .1.3.6.1.4 to remotehost. This is wrong, too. Version-Release number of selected component (if applicable): Red Hat Enterprise Linux 5.5 net-snmp-5.3.2.2-9.el5_5.1 How reproducible: Always Steps to Reproduce: 1. Configure snmpd in localhost and remotehost 2. Add the following proxy statement in snmpd.conf proxy -v 1 -c public remotehost .1.3.6.1.4.1.211.1.1.1.3.3.2.2.1 .1.3.6.1.4.1.231.2.49.1.3.4.0 3. Run "snmpwalk -v 1 -c public localhost .1.3.6.1.4.1.211" on localhost Actual results: snmpd proxies the request to remotehost Expected results: snmpd doesn't proxy the request to remotehost Additional info: netsnmp_subtree * netsnmp_subtree_find(oid *name, size_t len, netsnmp_subtree *subtree, const char *context_name) { netsnmp_subtree *myptr; myptr = netsnmp_subtree_find_prev(name, len, subtree, context_name); if (myptr && myptr->end_a && snmp_oid_compare(name, len, myptr->end_a, myptr->end_len)<0) { return myptr; } return NULL; } When name[] is .1.3.6.1.4.1.211.1.1.1.3.3.2.2 and myptr->end_a[] is .1.3.6.1.4.1.211, snmp_oid_compare returns -1, and netsnmmp_subtree_find() returns the subtree. But, .1.3.6.1.4.1.211 is not a subtree of .1.3.6.1.4.1.211.1.1.1.3.3.2.2.
It's lot more complicated. I've created a patch and posted it upstream for review, with detailed description what is going on (and why I am scared to check it in): https://sourceforge.net/tracker/?func=detail&aid=3140833&group_id=12694&atid=312694 It would help if someone would test the patch just to confirm it works also somewhere else than on my PC.
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2011-1076.html
Technical note added. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: Previously, the snmpd daemon did wrongly evaluate 'proxy' configuration option with GETNEXT requests and some GETNEXT requests were not proxied to remote SNMP agents when they should be. In this update, proxy code is fixed and GETNEXT requests are sent to remote SNMP agents as expected.
Technical note updated. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. Diffed Contents: @@ -1 +1 @@ -Previously, the snmpd daemon did wrongly evaluate 'proxy' configuration option with GETNEXT requests and some GETNEXT requests were not proxied to remote SNMP agents when they should be. In this update, proxy code is fixed and GETNEXT requests are sent to remote SNMP agents as expected.+When an object identifier (OID) was out of the subtree registered by the proxy statement in the /etc/snmp/snmpd.conf configuration file, the previous version of the snmpd daemon failed to use a correct OID of proxied GETNEXT requests. With this update, snmpd now adjusts the OIDs of proxied GETNEXT requests correctly and sends correct requests to the remote agent as expected.