Bug 78391 - Default installed snmpd.conf file contains invalid view definition
Default installed snmpd.conf file contains invalid view definition
Status: CLOSED ERRATA
Product: Red Hat Linux
Classification: Retired
Component: net-snmp (Show other bugs)
8.0
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Phil Knirsch
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2002-11-22 00:11 EST by ccain
Modified: 2015-03-04 20:11 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-02-03 09:50:36 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description ccain 2002-11-22 00:11:45 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i586; en-US; rv:1.1) Gecko/20020827

Description of problem:
The default snmpd.conf file installed by the net-snmp RPM contains the following
(and only) view definition:

view  systemview  included  system

As is, this will cause the following error on attempted startup of the snmpd daemon:

/etc/snmp/snmpd.conf: line 54: Error: bad SUBTREE object id

The daemon will still load, but any snmp requests will fail. The requesting
agent will simply see a timeout on the request.

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1. Install the net-snmp RPM
2. /etc/rc.d/init.d/snmpd start
3. snmpwalk -c public -v 1 localhost system

Actual Results:  After step 2, the following error will appear in /var/log/messages:

/etc/snmp/snmpd.conf: line 54: Error: bad SUBTREE object id

Step 3 will simply result in a timeout.

Expected Results:  Step 3 should have walked the system MIB and reported the
results.

Additional info:

The fourth field in the view definition is expecting the OID itself (ASN
format), not a variable name. The word "system" should be replaced with the
corresponding OID. (I think the system OID is .1.3.6.1.2.1.1, but don't quote me
on that :) 

There may be another way to get there, but specifying the OID itself definitely
works. I tested with the following definition (instead of the default one) and
got proper results:

view  all  included  .1

Changing the view name to "all" requires changing the "access" definition line
to match, of course ... although anyone looking for a temporary workaround
should DEFINITELY NOT give unprivileged user groups access to the example rule
above unless you are REALLY, REALLY sure you understand the security implications.
Comment 1 Robert Lomitola 2003-06-08 00:43:50 EDT
snmpd %CPU goes to 100% (MAX) until /etc/init.d/snmpd stop command.
Comment 2 Phil Knirsch 2003-07-09 11:00:15 EDT
Fixed in current release.

Read ya, Phil
Comment 3 Michael Brock 2003-11-15 23:56:55 EST
Not fixed in net-snmp-5.0.6-8.80.2 (latest Net-SNMP eratta for 8.0)

Same error.
Comment 4 Phil Knirsch 2003-11-18 09:14:27 EST
There is a new errata pending for RH 8.0 which fixes that problem
(among some others).

Setting to modified until errata is released.

Read ya, Phil
Comment 5 Phil Knirsch 2004-02-03 09:50:36 EST
Unfortunately there is hardly anthing i can do about the 100% CPU
utilization. It's a basic problem of ucd-snmp and net-snmp if the view
tree is restricted that it then goes through the whole tree to find
all proper views which then hits the rpmdb stuff at some point which
really takes ages. And there is no easy fix that can be done to speed
it up.

If you wait for a couple of minutes snmpd will go down back to 0% and
new requests can be made.

The only real "solution" is to set the view to .1, i've experimented
with lots of view restrictions but none would render snmpd to be
responsive for a snmpwalk localhost public .1

Read ya, Phil

PS: The original bug of the wrong view param in the config file is
fixed in the latest errata, so i'm closing this bug as errata.

Note You need to log in before you can comment on or make changes to this bug.