#
1.43 |
|
08-Feb-2024 |
martijn |
RFC2578 section 7.1 specifies the ranges and in the case of opaque the format to which the values need to adhere. Implement checks, so that we don't send illegal values to the client.
OK tb@
|
#
1.42 |
|
06-Feb-2024 |
martijn |
Replace most smi_oid2string() calls with the new mib_oid2string(). smi_oid2string() is still called from trap handle context to not break any existing scripts.
OK tb@
|
#
1.41 |
|
21-Dec-2023 |
martijn |
Clean up snmpd's header situation.
With the help of tb@ and include-what-you-use.
OK tb@
|
#
1.40 |
|
16-Nov-2023 |
martijn |
In appl_processpdu() no need to set avi_next, and only set av_next up to varbindlen, since its only use is to print the varbindlist via appl_pdu_log() and both are further properly initialized in appl_request_upstream_resolve().
This fixes a cosmetic off by one for getbulk requests.
OK tb@
|
#
1.39 |
|
16-Nov-2023 |
martijn |
avi_origid must also be set when transitioning out of the APPL_VBSTATE_MUSTFILL state, else snmpd won't like use once we reach EOMV of our view of the world.
OK tb@
|
#
1.38 |
|
15-Nov-2023 |
martijn |
Make sure we allocate the correct size for an appl_agentcap.
OK claudio@ miod@
|
#
1.37 |
|
13-Nov-2023 |
martijn |
struct appl_varbind_internal's avi_index is used to give the index to the original varbindlist's index. In the case of a GetBulkRequest this must never be larger than the length of the original varbindlist.
OK tb@
|
#
1.36 |
|
12-Nov-2023 |
martijn |
Now that the last consumer of mps.c is gone, remove it and its application_legacy.c companion.
OK tb@
|
#
1.35 |
|
08-Nov-2023 |
martijn |
Let usm_make_report() utilize appl_report(). usm_make_report utilized mps_getstr(), which after moving the SNMPv2-SMI::snmpV2 into application_internal returned a noSuchObject. This doesn't seem to have broken any tools that I'm aware of, but this returns the correct result.
OK tb@
|
#
1.34 |
|
08-Nov-2023 |
martijn |
Let appl_report() collect its own metrics. This simplifies the interface and gives us a free report-pdu log line in debug mode.
OK tb@
|
#
1.33 |
|
08-Nov-2023 |
martijn |
Don't rely on aru_pdu to rebuild the original varbindlist on error. Now that we have avi_origid it's not needed anymore and aru_pdu needs to go.
OK tb@
|
#
1.32 |
|
08-Nov-2023 |
martijn |
Don't use aru_pdu for determining the requesttype. It's owned by snmp_message and getting rid of it is also needed for appl_report() to gather its own information.
OK tb@
|
#
1.31 |
|
08-Nov-2023 |
martijn |
export SNMP-TARGET-MIB::{snmpUnavailableContexts,snmpUnknownContexts} via application_internal.
OK tb@
|
#
1.30 |
|
06-Nov-2023 |
martijn |
Readd the sysORTable based on the new struct appl_agentcap.
OK tb@
|
#
1.29 |
|
06-Nov-2023 |
martijn |
Allow agent capabilities to be stored on a per appl_context basis. This is needed for AgentX's {add,remove}agentcaps, and the sysORTable.
OK tb@
|
#
1.28 |
|
04-Nov-2023 |
martijn |
Introduce application_internal.c. This backend is meant to replace application_legacy.c, mps.c, and mib.c. This commit just introduces the backend. The existing MIBs inside mib.c will be copied over in subsequent commits.
OK tb@
|
#
1.27 |
|
29-Oct-2023 |
martijn |
When doing a get{next,bulk} below an instance we must move the OID to the next sibling. Not simply copying over the value of the next to use region, since that might be the parent and we would walk backwards in the tree.
OK tb@
|
#
1.26 |
|
29-Oct-2023 |
martijn |
searchrange.end is non-inclusive. Adjust the tests for that.
OK tb@
|
#
1.25 |
|
27-Oct-2023 |
martijn |
If an invalid varbindlist was returned by a backend we would call appl_request_upstream_resolve() twice where the first call would already return a reply and free the upstream request, leading to a use after free. Make appl_request_downstream_free() call appl_request_upstream_resolve() unconditionally and remove the call from appl_response().
OK tb@
|
#
1.24 |
|
24-Oct-2023 |
martijn |
FC3416 section 4.2.1 (and others) tells us that if an error occurs the varbindlist in the response must be identical to the original request.
OK tb@
|
#
1.23 |
|
24-Oct-2023 |
martijn |
Certain error codes are only intended for certain request-types. Add an appl_error_valid() function to test for this.
OK tb@
|
#
1.22 |
|
24-Oct-2023 |
martijn |
If a backend registers as an instance it must never return OIDs below their registration. Add a test for this in appl_varbind_valid().
OK and minor nit tb@
|
#
1.21 |
|
24-Oct-2023 |
martijn |
When returning an endOfMibView we must always set it on the requested OID.
OK tb@
|
#
1.20 |
|
24-Oct-2023 |
martijn |
Fix appl_unregister() when called with range_subid set to !0.
OK tb@
|
#
1.19 |
|
24-Oct-2023 |
martijn |
Fix appl_register() when called with range_subid set to !0.
OK tb@
|
#
1.18 |
|
24-Oct-2023 |
martijn |
Always check if the context is available inside appl_agentx_recv(). Not every PDU goes through application.c.
OK tb@
|
Revision tags: OPENBSD_7_3_BASE OPENBSD_7_4_BASE
|
#
1.17 |
|
20-Dec-2022 |
martijn |
Make ar[du]_{nonrepeaters,maxrepetitions} uint16_t instead of int16_t. snmp uses signed 32 bits integers and agentx uses unsigned 16 bits integers. I somehow ended up somewhere in between.
OK sthen@, kn@
|
Revision tags: OPENBSD_7_2_BASE
|
#
1.16 |
|
13-Sep-2022 |
martijn |
varbind was designed to allow both a ber NULL and a NULL pointer for value. The ber NULL case is there for when it was received via a PDU. The NULL pointer case can happen if application.c runs into a timeout or when a backend runs into problems.
The NULL pointer case however was overlooked in appl_varbind_valid and results in an "missing value" error, (needlessly) terminating the connection to the backend.
Found the hard way by Mischa Peters while stress testing agentx support for vmd.
OK tb@, sthen@
|
#
1.15 |
|
31-Aug-2022 |
martijn |
Rewrite the searchrange end calculation routine. The old one had a bug which allowed it to move backwards on overlapping regions and also didn't always returned the optimal end position.
OK tb@
|
#
1.14 |
|
30-Aug-2022 |
martijn |
Remove now unused search variable. Missed in previous.
OK tb@
|
#
1.13 |
|
30-Aug-2022 |
martijn |
Remove the downwards check for overlapping regions when the subtree flag is set.
There's a bit of inverted logic in there and this feature will probably get in the way of the blocklist feature (and maybe others)
OK tb@
|
#
1.12 |
|
29-Aug-2022 |
martijn |
Allow overlapping regions (if subtree claim flag is set) when the backends are identical.
OK tb@
|
#
1.11 |
|
29-Aug-2022 |
martijn |
Make sure oidbuf is initialized when we hit the overlap case.
OK tb@
|
#
1.10 |
|
29-Aug-2022 |
martijn |
When there are two overlapping regions handled by the same backend we might traverse back in the tree; Make sure this doesn't happen.
OK tb@
|
#
1.9 |
|
29-Aug-2022 |
martijn |
When a backend disappears while handling a request, make sure that the outstanding requests are handled by the next backend, instead of leaking memory.
OK tb@
|
#
1.8 |
|
29-Aug-2022 |
martijn |
Let snmpd check a response package against the requested searchrange end.
If the returned OID is beyond the searchrange end we have two cases: - If the backend supports searchranges (agentx) we generate a GENERR and close the connection. - If the backend doesn't support searchranges (legacy and maybe a future snmp proxy) we simply fix-up the result.
OK tb@
|
#
1.7 |
|
23-Aug-2022 |
martijn |
(Re)add support for agentx in snmpd Current omissions in protocol support are notifications, index (de)allocation, and agent capabilities.
Help testing sthen@ Feedback/tweaks/OK jmatthew@
|
#
1.6 |
|
30-Jun-2022 |
martijn |
Introduce a blocklist backend and keyword.
This allows the admin to specify a full region of the OID tree to be blocked and simply returns NOSUCHOBJECT/ENDOFMIBVIEW.
This deprecates filter-pf-addresses in favour of: blocklist pfTblAddrTable
OK tb@
|
#
1.5 |
|
27-Jun-2022 |
martijn |
Mostly rewrite appl_request_upstream_reply. The old code had a potential off by one underflow, which is unlikely to be hit with the current builtin backend, and didn't show the returned varbindlist correct.
OK sthen@
|
#
1.4 |
|
27-Jun-2022 |
martijn |
Initialize oidbuf and regionbuf when registering a region in appl_region. This prevents us from spewing garbage on error.
regionbuf case pointed out by tb@
OK deraadt@ tb@
|
Revision tags: OPENBSD_7_1_BASE
|
#
1.3 |
|
22-Feb-2022 |
martijn |
requestid is a 32 bit integer, make sure that we request that with ober_scanf_elements.
Found the hard way on octeon and patch tested by sebastian <at> rostwald <dot> de OK tb
|
#
1.2 |
|
30-Jan-2022 |
martijn |
Add missing NULL check.
OK benno@
|
#
1.1 |
|
19-Jan-2022 |
martijn |
Add the new application layer. Changes include: - Asynchronous design, which should allow us to cleanly implement agentx support. - Cluster requests when sending them to backends - Return a better error code in a lot of cases. - Allow bulkget to return row by row instead of column by column (as per RFC3416) - Better SNMPv1 mapping as per RFC3584 - Allow registration of overlapping regions. - Stricter OID comparison. - We loose write support. Previous write support didn't guarantee atomicity, wasn't persistent across restarts and didn't implement anything useful. This can be added later if it's missed. - This is quite a bit slower, but this should clear up once the current mps.c and mib.c code gets pushed out. Other tricks could help speed things up, but I don't want to resort to extra tricks if it's not needed. - More detailed debugging output.
This commit is stand-alone and gets hooked in with the following commit.
"Looks good at first glance" benno@ minor issues pointed out by and OK jmatthew@ Performance loss aceptable to sthen@ tested as part of larger diff by sthen@ and Joel Carnat
|
#
1.42 |
|
06-Feb-2024 |
martijn |
Replace most smi_oid2string() calls with the new mib_oid2string(). smi_oid2string() is still called from trap handle context to not break any existing scripts.
OK tb@
|
#
1.41 |
|
21-Dec-2023 |
martijn |
Clean up snmpd's header situation.
With the help of tb@ and include-what-you-use.
OK tb@
|
#
1.40 |
|
16-Nov-2023 |
martijn |
In appl_processpdu() no need to set avi_next, and only set av_next up to varbindlen, since its only use is to print the varbindlist via appl_pdu_log() and both are further properly initialized in appl_request_upstream_resolve().
This fixes a cosmetic off by one for getbulk requests.
OK tb@
|
#
1.39 |
|
16-Nov-2023 |
martijn |
avi_origid must also be set when transitioning out of the APPL_VBSTATE_MUSTFILL state, else snmpd won't like use once we reach EOMV of our view of the world.
OK tb@
|
#
1.38 |
|
15-Nov-2023 |
martijn |
Make sure we allocate the correct size for an appl_agentcap.
OK claudio@ miod@
|
#
1.37 |
|
13-Nov-2023 |
martijn |
struct appl_varbind_internal's avi_index is used to give the index to the original varbindlist's index. In the case of a GetBulkRequest this must never be larger than the length of the original varbindlist.
OK tb@
|
#
1.36 |
|
12-Nov-2023 |
martijn |
Now that the last consumer of mps.c is gone, remove it and its application_legacy.c companion.
OK tb@
|
#
1.35 |
|
08-Nov-2023 |
martijn |
Let usm_make_report() utilize appl_report(). usm_make_report utilized mps_getstr(), which after moving the SNMPv2-SMI::snmpV2 into application_internal returned a noSuchObject. This doesn't seem to have broken any tools that I'm aware of, but this returns the correct result.
OK tb@
|
#
1.34 |
|
08-Nov-2023 |
martijn |
Let appl_report() collect its own metrics. This simplifies the interface and gives us a free report-pdu log line in debug mode.
OK tb@
|
#
1.33 |
|
08-Nov-2023 |
martijn |
Don't rely on aru_pdu to rebuild the original varbindlist on error. Now that we have avi_origid it's not needed anymore and aru_pdu needs to go.
OK tb@
|
#
1.32 |
|
08-Nov-2023 |
martijn |
Don't use aru_pdu for determining the requesttype. It's owned by snmp_message and getting rid of it is also needed for appl_report() to gather its own information.
OK tb@
|
#
1.31 |
|
08-Nov-2023 |
martijn |
export SNMP-TARGET-MIB::{snmpUnavailableContexts,snmpUnknownContexts} via application_internal.
OK tb@
|
#
1.30 |
|
06-Nov-2023 |
martijn |
Readd the sysORTable based on the new struct appl_agentcap.
OK tb@
|
#
1.29 |
|
06-Nov-2023 |
martijn |
Allow agent capabilities to be stored on a per appl_context basis. This is needed for AgentX's {add,remove}agentcaps, and the sysORTable.
OK tb@
|
#
1.28 |
|
04-Nov-2023 |
martijn |
Introduce application_internal.c. This backend is meant to replace application_legacy.c, mps.c, and mib.c. This commit just introduces the backend. The existing MIBs inside mib.c will be copied over in subsequent commits.
OK tb@
|
#
1.27 |
|
29-Oct-2023 |
martijn |
When doing a get{next,bulk} below an instance we must move the OID to the next sibling. Not simply copying over the value of the next to use region, since that might be the parent and we would walk backwards in the tree.
OK tb@
|
#
1.26 |
|
29-Oct-2023 |
martijn |
searchrange.end is non-inclusive. Adjust the tests for that.
OK tb@
|
#
1.25 |
|
27-Oct-2023 |
martijn |
If an invalid varbindlist was returned by a backend we would call appl_request_upstream_resolve() twice where the first call would already return a reply and free the upstream request, leading to a use after free. Make appl_request_downstream_free() call appl_request_upstream_resolve() unconditionally and remove the call from appl_response().
OK tb@
|
#
1.24 |
|
24-Oct-2023 |
martijn |
FC3416 section 4.2.1 (and others) tells us that if an error occurs the varbindlist in the response must be identical to the original request.
OK tb@
|
#
1.23 |
|
24-Oct-2023 |
martijn |
Certain error codes are only intended for certain request-types. Add an appl_error_valid() function to test for this.
OK tb@
|
#
1.22 |
|
24-Oct-2023 |
martijn |
If a backend registers as an instance it must never return OIDs below their registration. Add a test for this in appl_varbind_valid().
OK and minor nit tb@
|
#
1.21 |
|
24-Oct-2023 |
martijn |
When returning an endOfMibView we must always set it on the requested OID.
OK tb@
|
#
1.20 |
|
24-Oct-2023 |
martijn |
Fix appl_unregister() when called with range_subid set to !0.
OK tb@
|
#
1.19 |
|
24-Oct-2023 |
martijn |
Fix appl_register() when called with range_subid set to !0.
OK tb@
|
#
1.18 |
|
24-Oct-2023 |
martijn |
Always check if the context is available inside appl_agentx_recv(). Not every PDU goes through application.c.
OK tb@
|
Revision tags: OPENBSD_7_3_BASE OPENBSD_7_4_BASE
|
#
1.17 |
|
20-Dec-2022 |
martijn |
Make ar[du]_{nonrepeaters,maxrepetitions} uint16_t instead of int16_t. snmp uses signed 32 bits integers and agentx uses unsigned 16 bits integers. I somehow ended up somewhere in between.
OK sthen@, kn@
|
Revision tags: OPENBSD_7_2_BASE
|
#
1.16 |
|
13-Sep-2022 |
martijn |
varbind was designed to allow both a ber NULL and a NULL pointer for value. The ber NULL case is there for when it was received via a PDU. The NULL pointer case can happen if application.c runs into a timeout or when a backend runs into problems.
The NULL pointer case however was overlooked in appl_varbind_valid and results in an "missing value" error, (needlessly) terminating the connection to the backend.
Found the hard way by Mischa Peters while stress testing agentx support for vmd.
OK tb@, sthen@
|
#
1.15 |
|
31-Aug-2022 |
martijn |
Rewrite the searchrange end calculation routine. The old one had a bug which allowed it to move backwards on overlapping regions and also didn't always returned the optimal end position.
OK tb@
|
#
1.14 |
|
30-Aug-2022 |
martijn |
Remove now unused search variable. Missed in previous.
OK tb@
|
#
1.13 |
|
30-Aug-2022 |
martijn |
Remove the downwards check for overlapping regions when the subtree flag is set.
There's a bit of inverted logic in there and this feature will probably get in the way of the blocklist feature (and maybe others)
OK tb@
|
#
1.12 |
|
29-Aug-2022 |
martijn |
Allow overlapping regions (if subtree claim flag is set) when the backends are identical.
OK tb@
|
#
1.11 |
|
29-Aug-2022 |
martijn |
Make sure oidbuf is initialized when we hit the overlap case.
OK tb@
|
#
1.10 |
|
29-Aug-2022 |
martijn |
When there are two overlapping regions handled by the same backend we might traverse back in the tree; Make sure this doesn't happen.
OK tb@
|
#
1.9 |
|
29-Aug-2022 |
martijn |
When a backend disappears while handling a request, make sure that the outstanding requests are handled by the next backend, instead of leaking memory.
OK tb@
|
#
1.8 |
|
29-Aug-2022 |
martijn |
Let snmpd check a response package against the requested searchrange end.
If the returned OID is beyond the searchrange end we have two cases: - If the backend supports searchranges (agentx) we generate a GENERR and close the connection. - If the backend doesn't support searchranges (legacy and maybe a future snmp proxy) we simply fix-up the result.
OK tb@
|
#
1.7 |
|
23-Aug-2022 |
martijn |
(Re)add support for agentx in snmpd Current omissions in protocol support are notifications, index (de)allocation, and agent capabilities.
Help testing sthen@ Feedback/tweaks/OK jmatthew@
|
#
1.6 |
|
30-Jun-2022 |
martijn |
Introduce a blocklist backend and keyword.
This allows the admin to specify a full region of the OID tree to be blocked and simply returns NOSUCHOBJECT/ENDOFMIBVIEW.
This deprecates filter-pf-addresses in favour of: blocklist pfTblAddrTable
OK tb@
|
#
1.5 |
|
27-Jun-2022 |
martijn |
Mostly rewrite appl_request_upstream_reply. The old code had a potential off by one underflow, which is unlikely to be hit with the current builtin backend, and didn't show the returned varbindlist correct.
OK sthen@
|
#
1.4 |
|
27-Jun-2022 |
martijn |
Initialize oidbuf and regionbuf when registering a region in appl_region. This prevents us from spewing garbage on error.
regionbuf case pointed out by tb@
OK deraadt@ tb@
|
Revision tags: OPENBSD_7_1_BASE
|
#
1.3 |
|
22-Feb-2022 |
martijn |
requestid is a 32 bit integer, make sure that we request that with ober_scanf_elements.
Found the hard way on octeon and patch tested by sebastian <at> rostwald <dot> de OK tb
|
#
1.2 |
|
30-Jan-2022 |
martijn |
Add missing NULL check.
OK benno@
|
#
1.1 |
|
19-Jan-2022 |
martijn |
Add the new application layer. Changes include: - Asynchronous design, which should allow us to cleanly implement agentx support. - Cluster requests when sending them to backends - Return a better error code in a lot of cases. - Allow bulkget to return row by row instead of column by column (as per RFC3416) - Better SNMPv1 mapping as per RFC3584 - Allow registration of overlapping regions. - Stricter OID comparison. - We loose write support. Previous write support didn't guarantee atomicity, wasn't persistent across restarts and didn't implement anything useful. This can be added later if it's missed. - This is quite a bit slower, but this should clear up once the current mps.c and mib.c code gets pushed out. Other tricks could help speed things up, but I don't want to resort to extra tricks if it's not needed. - More detailed debugging output.
This commit is stand-alone and gets hooked in with the following commit.
"Looks good at first glance" benno@ minor issues pointed out by and OK jmatthew@ Performance loss aceptable to sthen@ tested as part of larger diff by sthen@ and Joel Carnat
|
#
1.41 |
|
21-Dec-2023 |
martijn |
Clean up snmpd's header situation.
With the help of tb@ and include-what-you-use.
OK tb@
|
#
1.40 |
|
16-Nov-2023 |
martijn |
In appl_processpdu() no need to set avi_next, and only set av_next up to varbindlen, since its only use is to print the varbindlist via appl_pdu_log() and both are further properly initialized in appl_request_upstream_resolve().
This fixes a cosmetic off by one for getbulk requests.
OK tb@
|
#
1.39 |
|
16-Nov-2023 |
martijn |
avi_origid must also be set when transitioning out of the APPL_VBSTATE_MUSTFILL state, else snmpd won't like use once we reach EOMV of our view of the world.
OK tb@
|
#
1.38 |
|
15-Nov-2023 |
martijn |
Make sure we allocate the correct size for an appl_agentcap.
OK claudio@ miod@
|
#
1.37 |
|
13-Nov-2023 |
martijn |
struct appl_varbind_internal's avi_index is used to give the index to the original varbindlist's index. In the case of a GetBulkRequest this must never be larger than the length of the original varbindlist.
OK tb@
|
#
1.36 |
|
12-Nov-2023 |
martijn |
Now that the last consumer of mps.c is gone, remove it and its application_legacy.c companion.
OK tb@
|
#
1.35 |
|
08-Nov-2023 |
martijn |
Let usm_make_report() utilize appl_report(). usm_make_report utilized mps_getstr(), which after moving the SNMPv2-SMI::snmpV2 into application_internal returned a noSuchObject. This doesn't seem to have broken any tools that I'm aware of, but this returns the correct result.
OK tb@
|
#
1.34 |
|
08-Nov-2023 |
martijn |
Let appl_report() collect its own metrics. This simplifies the interface and gives us a free report-pdu log line in debug mode.
OK tb@
|
#
1.33 |
|
08-Nov-2023 |
martijn |
Don't rely on aru_pdu to rebuild the original varbindlist on error. Now that we have avi_origid it's not needed anymore and aru_pdu needs to go.
OK tb@
|
#
1.32 |
|
08-Nov-2023 |
martijn |
Don't use aru_pdu for determining the requesttype. It's owned by snmp_message and getting rid of it is also needed for appl_report() to gather its own information.
OK tb@
|
#
1.31 |
|
08-Nov-2023 |
martijn |
export SNMP-TARGET-MIB::{snmpUnavailableContexts,snmpUnknownContexts} via application_internal.
OK tb@
|
#
1.30 |
|
06-Nov-2023 |
martijn |
Readd the sysORTable based on the new struct appl_agentcap.
OK tb@
|
#
1.29 |
|
06-Nov-2023 |
martijn |
Allow agent capabilities to be stored on a per appl_context basis. This is needed for AgentX's {add,remove}agentcaps, and the sysORTable.
OK tb@
|
#
1.28 |
|
04-Nov-2023 |
martijn |
Introduce application_internal.c. This backend is meant to replace application_legacy.c, mps.c, and mib.c. This commit just introduces the backend. The existing MIBs inside mib.c will be copied over in subsequent commits.
OK tb@
|
#
1.27 |
|
29-Oct-2023 |
martijn |
When doing a get{next,bulk} below an instance we must move the OID to the next sibling. Not simply copying over the value of the next to use region, since that might be the parent and we would walk backwards in the tree.
OK tb@
|
#
1.26 |
|
29-Oct-2023 |
martijn |
searchrange.end is non-inclusive. Adjust the tests for that.
OK tb@
|
#
1.25 |
|
27-Oct-2023 |
martijn |
If an invalid varbindlist was returned by a backend we would call appl_request_upstream_resolve() twice where the first call would already return a reply and free the upstream request, leading to a use after free. Make appl_request_downstream_free() call appl_request_upstream_resolve() unconditionally and remove the call from appl_response().
OK tb@
|
#
1.24 |
|
24-Oct-2023 |
martijn |
FC3416 section 4.2.1 (and others) tells us that if an error occurs the varbindlist in the response must be identical to the original request.
OK tb@
|
#
1.23 |
|
24-Oct-2023 |
martijn |
Certain error codes are only intended for certain request-types. Add an appl_error_valid() function to test for this.
OK tb@
|
#
1.22 |
|
24-Oct-2023 |
martijn |
If a backend registers as an instance it must never return OIDs below their registration. Add a test for this in appl_varbind_valid().
OK and minor nit tb@
|
#
1.21 |
|
24-Oct-2023 |
martijn |
When returning an endOfMibView we must always set it on the requested OID.
OK tb@
|
#
1.20 |
|
24-Oct-2023 |
martijn |
Fix appl_unregister() when called with range_subid set to !0.
OK tb@
|
#
1.19 |
|
24-Oct-2023 |
martijn |
Fix appl_register() when called with range_subid set to !0.
OK tb@
|
#
1.18 |
|
24-Oct-2023 |
martijn |
Always check if the context is available inside appl_agentx_recv(). Not every PDU goes through application.c.
OK tb@
|
Revision tags: OPENBSD_7_3_BASE OPENBSD_7_4_BASE
|
#
1.17 |
|
20-Dec-2022 |
martijn |
Make ar[du]_{nonrepeaters,maxrepetitions} uint16_t instead of int16_t. snmp uses signed 32 bits integers and agentx uses unsigned 16 bits integers. I somehow ended up somewhere in between.
OK sthen@, kn@
|
Revision tags: OPENBSD_7_2_BASE
|
#
1.16 |
|
13-Sep-2022 |
martijn |
varbind was designed to allow both a ber NULL and a NULL pointer for value. The ber NULL case is there for when it was received via a PDU. The NULL pointer case can happen if application.c runs into a timeout or when a backend runs into problems.
The NULL pointer case however was overlooked in appl_varbind_valid and results in an "missing value" error, (needlessly) terminating the connection to the backend.
Found the hard way by Mischa Peters while stress testing agentx support for vmd.
OK tb@, sthen@
|
#
1.15 |
|
31-Aug-2022 |
martijn |
Rewrite the searchrange end calculation routine. The old one had a bug which allowed it to move backwards on overlapping regions and also didn't always returned the optimal end position.
OK tb@
|
#
1.14 |
|
30-Aug-2022 |
martijn |
Remove now unused search variable. Missed in previous.
OK tb@
|
#
1.13 |
|
30-Aug-2022 |
martijn |
Remove the downwards check for overlapping regions when the subtree flag is set.
There's a bit of inverted logic in there and this feature will probably get in the way of the blocklist feature (and maybe others)
OK tb@
|
#
1.12 |
|
29-Aug-2022 |
martijn |
Allow overlapping regions (if subtree claim flag is set) when the backends are identical.
OK tb@
|
#
1.11 |
|
29-Aug-2022 |
martijn |
Make sure oidbuf is initialized when we hit the overlap case.
OK tb@
|
#
1.10 |
|
29-Aug-2022 |
martijn |
When there are two overlapping regions handled by the same backend we might traverse back in the tree; Make sure this doesn't happen.
OK tb@
|
#
1.9 |
|
29-Aug-2022 |
martijn |
When a backend disappears while handling a request, make sure that the outstanding requests are handled by the next backend, instead of leaking memory.
OK tb@
|
#
1.8 |
|
29-Aug-2022 |
martijn |
Let snmpd check a response package against the requested searchrange end.
If the returned OID is beyond the searchrange end we have two cases: - If the backend supports searchranges (agentx) we generate a GENERR and close the connection. - If the backend doesn't support searchranges (legacy and maybe a future snmp proxy) we simply fix-up the result.
OK tb@
|
#
1.7 |
|
23-Aug-2022 |
martijn |
(Re)add support for agentx in snmpd Current omissions in protocol support are notifications, index (de)allocation, and agent capabilities.
Help testing sthen@ Feedback/tweaks/OK jmatthew@
|
#
1.6 |
|
30-Jun-2022 |
martijn |
Introduce a blocklist backend and keyword.
This allows the admin to specify a full region of the OID tree to be blocked and simply returns NOSUCHOBJECT/ENDOFMIBVIEW.
This deprecates filter-pf-addresses in favour of: blocklist pfTblAddrTable
OK tb@
|
#
1.5 |
|
27-Jun-2022 |
martijn |
Mostly rewrite appl_request_upstream_reply. The old code had a potential off by one underflow, which is unlikely to be hit with the current builtin backend, and didn't show the returned varbindlist correct.
OK sthen@
|
#
1.4 |
|
27-Jun-2022 |
martijn |
Initialize oidbuf and regionbuf when registering a region in appl_region. This prevents us from spewing garbage on error.
regionbuf case pointed out by tb@
OK deraadt@ tb@
|
Revision tags: OPENBSD_7_1_BASE
|
#
1.3 |
|
22-Feb-2022 |
martijn |
requestid is a 32 bit integer, make sure that we request that with ober_scanf_elements.
Found the hard way on octeon and patch tested by sebastian <at> rostwald <dot> de OK tb
|
#
1.2 |
|
30-Jan-2022 |
martijn |
Add missing NULL check.
OK benno@
|
#
1.1 |
|
19-Jan-2022 |
martijn |
Add the new application layer. Changes include: - Asynchronous design, which should allow us to cleanly implement agentx support. - Cluster requests when sending them to backends - Return a better error code in a lot of cases. - Allow bulkget to return row by row instead of column by column (as per RFC3416) - Better SNMPv1 mapping as per RFC3584 - Allow registration of overlapping regions. - Stricter OID comparison. - We loose write support. Previous write support didn't guarantee atomicity, wasn't persistent across restarts and didn't implement anything useful. This can be added later if it's missed. - This is quite a bit slower, but this should clear up once the current mps.c and mib.c code gets pushed out. Other tricks could help speed things up, but I don't want to resort to extra tricks if it's not needed. - More detailed debugging output.
This commit is stand-alone and gets hooked in with the following commit.
"Looks good at first glance" benno@ minor issues pointed out by and OK jmatthew@ Performance loss aceptable to sthen@ tested as part of larger diff by sthen@ and Joel Carnat
|
#
1.40 |
|
16-Nov-2023 |
martijn |
In appl_processpdu() no need to set avi_next, and only set av_next up to varbindlen, since its only use is to print the varbindlist via appl_pdu_log() and both are further properly initialized in appl_request_upstream_resolve().
This fixes a cosmetic off by one for getbulk requests.
OK tb@
|
#
1.39 |
|
16-Nov-2023 |
martijn |
avi_origid must also be set when transitioning out of the APPL_VBSTATE_MUSTFILL state, else snmpd won't like use once we reach EOMV of our view of the world.
OK tb@
|
#
1.38 |
|
15-Nov-2023 |
martijn |
Make sure we allocate the correct size for an appl_agentcap.
OK claudio@ miod@
|
#
1.37 |
|
13-Nov-2023 |
martijn |
struct appl_varbind_internal's avi_index is used to give the index to the original varbindlist's index. In the case of a GetBulkRequest this must never be larger than the length of the original varbindlist.
OK tb@
|
#
1.36 |
|
12-Nov-2023 |
martijn |
Now that the last consumer of mps.c is gone, remove it and its application_legacy.c companion.
OK tb@
|
#
1.35 |
|
08-Nov-2023 |
martijn |
Let usm_make_report() utilize appl_report(). usm_make_report utilized mps_getstr(), which after moving the SNMPv2-SMI::snmpV2 into application_internal returned a noSuchObject. This doesn't seem to have broken any tools that I'm aware of, but this returns the correct result.
OK tb@
|
#
1.34 |
|
08-Nov-2023 |
martijn |
Let appl_report() collect its own metrics. This simplifies the interface and gives us a free report-pdu log line in debug mode.
OK tb@
|
#
1.33 |
|
08-Nov-2023 |
martijn |
Don't rely on aru_pdu to rebuild the original varbindlist on error. Now that we have avi_origid it's not needed anymore and aru_pdu needs to go.
OK tb@
|
#
1.32 |
|
08-Nov-2023 |
martijn |
Don't use aru_pdu for determining the requesttype. It's owned by snmp_message and getting rid of it is also needed for appl_report() to gather its own information.
OK tb@
|
#
1.31 |
|
08-Nov-2023 |
martijn |
export SNMP-TARGET-MIB::{snmpUnavailableContexts,snmpUnknownContexts} via application_internal.
OK tb@
|
#
1.30 |
|
06-Nov-2023 |
martijn |
Readd the sysORTable based on the new struct appl_agentcap.
OK tb@
|
#
1.29 |
|
06-Nov-2023 |
martijn |
Allow agent capabilities to be stored on a per appl_context basis. This is needed for AgentX's {add,remove}agentcaps, and the sysORTable.
OK tb@
|
#
1.28 |
|
04-Nov-2023 |
martijn |
Introduce application_internal.c. This backend is meant to replace application_legacy.c, mps.c, and mib.c. This commit just introduces the backend. The existing MIBs inside mib.c will be copied over in subsequent commits.
OK tb@
|
#
1.27 |
|
29-Oct-2023 |
martijn |
When doing a get{next,bulk} below an instance we must move the OID to the next sibling. Not simply copying over the value of the next to use region, since that might be the parent and we would walk backwards in the tree.
OK tb@
|
#
1.26 |
|
29-Oct-2023 |
martijn |
searchrange.end is non-inclusive. Adjust the tests for that.
OK tb@
|
#
1.25 |
|
27-Oct-2023 |
martijn |
If an invalid varbindlist was returned by a backend we would call appl_request_upstream_resolve() twice where the first call would already return a reply and free the upstream request, leading to a use after free. Make appl_request_downstream_free() call appl_request_upstream_resolve() unconditionally and remove the call from appl_response().
OK tb@
|
#
1.24 |
|
24-Oct-2023 |
martijn |
FC3416 section 4.2.1 (and others) tells us that if an error occurs the varbindlist in the response must be identical to the original request.
OK tb@
|
#
1.23 |
|
24-Oct-2023 |
martijn |
Certain error codes are only intended for certain request-types. Add an appl_error_valid() function to test for this.
OK tb@
|
#
1.22 |
|
24-Oct-2023 |
martijn |
If a backend registers as an instance it must never return OIDs below their registration. Add a test for this in appl_varbind_valid().
OK and minor nit tb@
|
#
1.21 |
|
24-Oct-2023 |
martijn |
When returning an endOfMibView we must always set it on the requested OID.
OK tb@
|
#
1.20 |
|
24-Oct-2023 |
martijn |
Fix appl_unregister() when called with range_subid set to !0.
OK tb@
|
#
1.19 |
|
24-Oct-2023 |
martijn |
Fix appl_register() when called with range_subid set to !0.
OK tb@
|
#
1.18 |
|
24-Oct-2023 |
martijn |
Always check if the context is available inside appl_agentx_recv(). Not every PDU goes through application.c.
OK tb@
|
Revision tags: OPENBSD_7_3_BASE OPENBSD_7_4_BASE
|
#
1.17 |
|
20-Dec-2022 |
martijn |
Make ar[du]_{nonrepeaters,maxrepetitions} uint16_t instead of int16_t. snmp uses signed 32 bits integers and agentx uses unsigned 16 bits integers. I somehow ended up somewhere in between.
OK sthen@, kn@
|
Revision tags: OPENBSD_7_2_BASE
|
#
1.16 |
|
13-Sep-2022 |
martijn |
varbind was designed to allow both a ber NULL and a NULL pointer for value. The ber NULL case is there for when it was received via a PDU. The NULL pointer case can happen if application.c runs into a timeout or when a backend runs into problems.
The NULL pointer case however was overlooked in appl_varbind_valid and results in an "missing value" error, (needlessly) terminating the connection to the backend.
Found the hard way by Mischa Peters while stress testing agentx support for vmd.
OK tb@, sthen@
|
#
1.15 |
|
31-Aug-2022 |
martijn |
Rewrite the searchrange end calculation routine. The old one had a bug which allowed it to move backwards on overlapping regions and also didn't always returned the optimal end position.
OK tb@
|
#
1.14 |
|
30-Aug-2022 |
martijn |
Remove now unused search variable. Missed in previous.
OK tb@
|
#
1.13 |
|
30-Aug-2022 |
martijn |
Remove the downwards check for overlapping regions when the subtree flag is set.
There's a bit of inverted logic in there and this feature will probably get in the way of the blocklist feature (and maybe others)
OK tb@
|
#
1.12 |
|
29-Aug-2022 |
martijn |
Allow overlapping regions (if subtree claim flag is set) when the backends are identical.
OK tb@
|
#
1.11 |
|
29-Aug-2022 |
martijn |
Make sure oidbuf is initialized when we hit the overlap case.
OK tb@
|
#
1.10 |
|
29-Aug-2022 |
martijn |
When there are two overlapping regions handled by the same backend we might traverse back in the tree; Make sure this doesn't happen.
OK tb@
|
#
1.9 |
|
29-Aug-2022 |
martijn |
When a backend disappears while handling a request, make sure that the outstanding requests are handled by the next backend, instead of leaking memory.
OK tb@
|
#
1.8 |
|
29-Aug-2022 |
martijn |
Let snmpd check a response package against the requested searchrange end.
If the returned OID is beyond the searchrange end we have two cases: - If the backend supports searchranges (agentx) we generate a GENERR and close the connection. - If the backend doesn't support searchranges (legacy and maybe a future snmp proxy) we simply fix-up the result.
OK tb@
|
#
1.7 |
|
23-Aug-2022 |
martijn |
(Re)add support for agentx in snmpd Current omissions in protocol support are notifications, index (de)allocation, and agent capabilities.
Help testing sthen@ Feedback/tweaks/OK jmatthew@
|
#
1.6 |
|
30-Jun-2022 |
martijn |
Introduce a blocklist backend and keyword.
This allows the admin to specify a full region of the OID tree to be blocked and simply returns NOSUCHOBJECT/ENDOFMIBVIEW.
This deprecates filter-pf-addresses in favour of: blocklist pfTblAddrTable
OK tb@
|
#
1.5 |
|
27-Jun-2022 |
martijn |
Mostly rewrite appl_request_upstream_reply. The old code had a potential off by one underflow, which is unlikely to be hit with the current builtin backend, and didn't show the returned varbindlist correct.
OK sthen@
|
#
1.4 |
|
27-Jun-2022 |
martijn |
Initialize oidbuf and regionbuf when registering a region in appl_region. This prevents us from spewing garbage on error.
regionbuf case pointed out by tb@
OK deraadt@ tb@
|
Revision tags: OPENBSD_7_1_BASE
|
#
1.3 |
|
22-Feb-2022 |
martijn |
requestid is a 32 bit integer, make sure that we request that with ober_scanf_elements.
Found the hard way on octeon and patch tested by sebastian <at> rostwald <dot> de OK tb
|
#
1.2 |
|
30-Jan-2022 |
martijn |
Add missing NULL check.
OK benno@
|
#
1.1 |
|
19-Jan-2022 |
martijn |
Add the new application layer. Changes include: - Asynchronous design, which should allow us to cleanly implement agentx support. - Cluster requests when sending them to backends - Return a better error code in a lot of cases. - Allow bulkget to return row by row instead of column by column (as per RFC3416) - Better SNMPv1 mapping as per RFC3584 - Allow registration of overlapping regions. - Stricter OID comparison. - We loose write support. Previous write support didn't guarantee atomicity, wasn't persistent across restarts and didn't implement anything useful. This can be added later if it's missed. - This is quite a bit slower, but this should clear up once the current mps.c and mib.c code gets pushed out. Other tricks could help speed things up, but I don't want to resort to extra tricks if it's not needed. - More detailed debugging output.
This commit is stand-alone and gets hooked in with the following commit.
"Looks good at first glance" benno@ minor issues pointed out by and OK jmatthew@ Performance loss aceptable to sthen@ tested as part of larger diff by sthen@ and Joel Carnat
|
#
1.38 |
|
15-Nov-2023 |
martijn |
Make sure we allocate the correct size for an appl_agentcap.
OK claudio@ miod@
|
#
1.37 |
|
13-Nov-2023 |
martijn |
struct appl_varbind_internal's avi_index is used to give the index to the original varbindlist's index. In the case of a GetBulkRequest this must never be larger than the length of the original varbindlist.
OK tb@
|
#
1.36 |
|
12-Nov-2023 |
martijn |
Now that the last consumer of mps.c is gone, remove it and its application_legacy.c companion.
OK tb@
|
#
1.35 |
|
08-Nov-2023 |
martijn |
Let usm_make_report() utilize appl_report(). usm_make_report utilized mps_getstr(), which after moving the SNMPv2-SMI::snmpV2 into application_internal returned a noSuchObject. This doesn't seem to have broken any tools that I'm aware of, but this returns the correct result.
OK tb@
|
#
1.34 |
|
08-Nov-2023 |
martijn |
Let appl_report() collect its own metrics. This simplifies the interface and gives us a free report-pdu log line in debug mode.
OK tb@
|
#
1.33 |
|
08-Nov-2023 |
martijn |
Don't rely on aru_pdu to rebuild the original varbindlist on error. Now that we have avi_origid it's not needed anymore and aru_pdu needs to go.
OK tb@
|
#
1.32 |
|
08-Nov-2023 |
martijn |
Don't use aru_pdu for determining the requesttype. It's owned by snmp_message and getting rid of it is also needed for appl_report() to gather its own information.
OK tb@
|
#
1.31 |
|
08-Nov-2023 |
martijn |
export SNMP-TARGET-MIB::{snmpUnavailableContexts,snmpUnknownContexts} via application_internal.
OK tb@
|
#
1.30 |
|
06-Nov-2023 |
martijn |
Readd the sysORTable based on the new struct appl_agentcap.
OK tb@
|
#
1.29 |
|
06-Nov-2023 |
martijn |
Allow agent capabilities to be stored on a per appl_context basis. This is needed for AgentX's {add,remove}agentcaps, and the sysORTable.
OK tb@
|
#
1.28 |
|
04-Nov-2023 |
martijn |
Introduce application_internal.c. This backend is meant to replace application_legacy.c, mps.c, and mib.c. This commit just introduces the backend. The existing MIBs inside mib.c will be copied over in subsequent commits.
OK tb@
|
#
1.27 |
|
29-Oct-2023 |
martijn |
When doing a get{next,bulk} below an instance we must move the OID to the next sibling. Not simply copying over the value of the next to use region, since that might be the parent and we would walk backwards in the tree.
OK tb@
|
#
1.26 |
|
29-Oct-2023 |
martijn |
searchrange.end is non-inclusive. Adjust the tests for that.
OK tb@
|
#
1.25 |
|
27-Oct-2023 |
martijn |
If an invalid varbindlist was returned by a backend we would call appl_request_upstream_resolve() twice where the first call would already return a reply and free the upstream request, leading to a use after free. Make appl_request_downstream_free() call appl_request_upstream_resolve() unconditionally and remove the call from appl_response().
OK tb@
|
#
1.24 |
|
24-Oct-2023 |
martijn |
FC3416 section 4.2.1 (and others) tells us that if an error occurs the varbindlist in the response must be identical to the original request.
OK tb@
|
#
1.23 |
|
24-Oct-2023 |
martijn |
Certain error codes are only intended for certain request-types. Add an appl_error_valid() function to test for this.
OK tb@
|
#
1.22 |
|
24-Oct-2023 |
martijn |
If a backend registers as an instance it must never return OIDs below their registration. Add a test for this in appl_varbind_valid().
OK and minor nit tb@
|
#
1.21 |
|
24-Oct-2023 |
martijn |
When returning an endOfMibView we must always set it on the requested OID.
OK tb@
|
#
1.20 |
|
24-Oct-2023 |
martijn |
Fix appl_unregister() when called with range_subid set to !0.
OK tb@
|
#
1.19 |
|
24-Oct-2023 |
martijn |
Fix appl_register() when called with range_subid set to !0.
OK tb@
|
#
1.18 |
|
24-Oct-2023 |
martijn |
Always check if the context is available inside appl_agentx_recv(). Not every PDU goes through application.c.
OK tb@
|
Revision tags: OPENBSD_7_3_BASE OPENBSD_7_4_BASE
|
#
1.17 |
|
20-Dec-2022 |
martijn |
Make ar[du]_{nonrepeaters,maxrepetitions} uint16_t instead of int16_t. snmp uses signed 32 bits integers and agentx uses unsigned 16 bits integers. I somehow ended up somewhere in between.
OK sthen@, kn@
|
Revision tags: OPENBSD_7_2_BASE
|
#
1.16 |
|
13-Sep-2022 |
martijn |
varbind was designed to allow both a ber NULL and a NULL pointer for value. The ber NULL case is there for when it was received via a PDU. The NULL pointer case can happen if application.c runs into a timeout or when a backend runs into problems.
The NULL pointer case however was overlooked in appl_varbind_valid and results in an "missing value" error, (needlessly) terminating the connection to the backend.
Found the hard way by Mischa Peters while stress testing agentx support for vmd.
OK tb@, sthen@
|
#
1.15 |
|
31-Aug-2022 |
martijn |
Rewrite the searchrange end calculation routine. The old one had a bug which allowed it to move backwards on overlapping regions and also didn't always returned the optimal end position.
OK tb@
|
#
1.14 |
|
30-Aug-2022 |
martijn |
Remove now unused search variable. Missed in previous.
OK tb@
|
#
1.13 |
|
30-Aug-2022 |
martijn |
Remove the downwards check for overlapping regions when the subtree flag is set.
There's a bit of inverted logic in there and this feature will probably get in the way of the blocklist feature (and maybe others)
OK tb@
|
#
1.12 |
|
29-Aug-2022 |
martijn |
Allow overlapping regions (if subtree claim flag is set) when the backends are identical.
OK tb@
|
#
1.11 |
|
29-Aug-2022 |
martijn |
Make sure oidbuf is initialized when we hit the overlap case.
OK tb@
|
#
1.10 |
|
29-Aug-2022 |
martijn |
When there are two overlapping regions handled by the same backend we might traverse back in the tree; Make sure this doesn't happen.
OK tb@
|
#
1.9 |
|
29-Aug-2022 |
martijn |
When a backend disappears while handling a request, make sure that the outstanding requests are handled by the next backend, instead of leaking memory.
OK tb@
|
#
1.8 |
|
29-Aug-2022 |
martijn |
Let snmpd check a response package against the requested searchrange end.
If the returned OID is beyond the searchrange end we have two cases: - If the backend supports searchranges (agentx) we generate a GENERR and close the connection. - If the backend doesn't support searchranges (legacy and maybe a future snmp proxy) we simply fix-up the result.
OK tb@
|
#
1.7 |
|
23-Aug-2022 |
martijn |
(Re)add support for agentx in snmpd Current omissions in protocol support are notifications, index (de)allocation, and agent capabilities.
Help testing sthen@ Feedback/tweaks/OK jmatthew@
|
#
1.6 |
|
30-Jun-2022 |
martijn |
Introduce a blocklist backend and keyword.
This allows the admin to specify a full region of the OID tree to be blocked and simply returns NOSUCHOBJECT/ENDOFMIBVIEW.
This deprecates filter-pf-addresses in favour of: blocklist pfTblAddrTable
OK tb@
|
#
1.5 |
|
27-Jun-2022 |
martijn |
Mostly rewrite appl_request_upstream_reply. The old code had a potential off by one underflow, which is unlikely to be hit with the current builtin backend, and didn't show the returned varbindlist correct.
OK sthen@
|
#
1.4 |
|
27-Jun-2022 |
martijn |
Initialize oidbuf and regionbuf when registering a region in appl_region. This prevents us from spewing garbage on error.
regionbuf case pointed out by tb@
OK deraadt@ tb@
|
Revision tags: OPENBSD_7_1_BASE
|
#
1.3 |
|
22-Feb-2022 |
martijn |
requestid is a 32 bit integer, make sure that we request that with ober_scanf_elements.
Found the hard way on octeon and patch tested by sebastian <at> rostwald <dot> de OK tb
|
#
1.2 |
|
30-Jan-2022 |
martijn |
Add missing NULL check.
OK benno@
|
#
1.1 |
|
19-Jan-2022 |
martijn |
Add the new application layer. Changes include: - Asynchronous design, which should allow us to cleanly implement agentx support. - Cluster requests when sending them to backends - Return a better error code in a lot of cases. - Allow bulkget to return row by row instead of column by column (as per RFC3416) - Better SNMPv1 mapping as per RFC3584 - Allow registration of overlapping regions. - Stricter OID comparison. - We loose write support. Previous write support didn't guarantee atomicity, wasn't persistent across restarts and didn't implement anything useful. This can be added later if it's missed. - This is quite a bit slower, but this should clear up once the current mps.c and mib.c code gets pushed out. Other tricks could help speed things up, but I don't want to resort to extra tricks if it's not needed. - More detailed debugging output.
This commit is stand-alone and gets hooked in with the following commit.
"Looks good at first glance" benno@ minor issues pointed out by and OK jmatthew@ Performance loss aceptable to sthen@ tested as part of larger diff by sthen@ and Joel Carnat
|
#
1.37 |
|
13-Nov-2023 |
martijn |
struct appl_varbind_internal's avi_index is used to give the index to the original varbindlist's index. In the case of a GetBulkRequest this must never be larger than the length of the original varbindlist.
OK tb@
|
#
1.36 |
|
12-Nov-2023 |
martijn |
Now that the last consumer of mps.c is gone, remove it and its application_legacy.c companion.
OK tb@
|
#
1.35 |
|
08-Nov-2023 |
martijn |
Let usm_make_report() utilize appl_report(). usm_make_report utilized mps_getstr(), which after moving the SNMPv2-SMI::snmpV2 into application_internal returned a noSuchObject. This doesn't seem to have broken any tools that I'm aware of, but this returns the correct result.
OK tb@
|
#
1.34 |
|
08-Nov-2023 |
martijn |
Let appl_report() collect its own metrics. This simplifies the interface and gives us a free report-pdu log line in debug mode.
OK tb@
|
#
1.33 |
|
08-Nov-2023 |
martijn |
Don't rely on aru_pdu to rebuild the original varbindlist on error. Now that we have avi_origid it's not needed anymore and aru_pdu needs to go.
OK tb@
|
#
1.32 |
|
08-Nov-2023 |
martijn |
Don't use aru_pdu for determining the requesttype. It's owned by snmp_message and getting rid of it is also needed for appl_report() to gather its own information.
OK tb@
|
#
1.31 |
|
08-Nov-2023 |
martijn |
export SNMP-TARGET-MIB::{snmpUnavailableContexts,snmpUnknownContexts} via application_internal.
OK tb@
|
#
1.30 |
|
06-Nov-2023 |
martijn |
Readd the sysORTable based on the new struct appl_agentcap.
OK tb@
|
#
1.29 |
|
06-Nov-2023 |
martijn |
Allow agent capabilities to be stored on a per appl_context basis. This is needed for AgentX's {add,remove}agentcaps, and the sysORTable.
OK tb@
|
#
1.28 |
|
04-Nov-2023 |
martijn |
Introduce application_internal.c. This backend is meant to replace application_legacy.c, mps.c, and mib.c. This commit just introduces the backend. The existing MIBs inside mib.c will be copied over in subsequent commits.
OK tb@
|
#
1.27 |
|
29-Oct-2023 |
martijn |
When doing a get{next,bulk} below an instance we must move the OID to the next sibling. Not simply copying over the value of the next to use region, since that might be the parent and we would walk backwards in the tree.
OK tb@
|
#
1.26 |
|
29-Oct-2023 |
martijn |
searchrange.end is non-inclusive. Adjust the tests for that.
OK tb@
|
#
1.25 |
|
27-Oct-2023 |
martijn |
If an invalid varbindlist was returned by a backend we would call appl_request_upstream_resolve() twice where the first call would already return a reply and free the upstream request, leading to a use after free. Make appl_request_downstream_free() call appl_request_upstream_resolve() unconditionally and remove the call from appl_response().
OK tb@
|
#
1.24 |
|
24-Oct-2023 |
martijn |
FC3416 section 4.2.1 (and others) tells us that if an error occurs the varbindlist in the response must be identical to the original request.
OK tb@
|
#
1.23 |
|
24-Oct-2023 |
martijn |
Certain error codes are only intended for certain request-types. Add an appl_error_valid() function to test for this.
OK tb@
|
#
1.22 |
|
24-Oct-2023 |
martijn |
If a backend registers as an instance it must never return OIDs below their registration. Add a test for this in appl_varbind_valid().
OK and minor nit tb@
|
#
1.21 |
|
24-Oct-2023 |
martijn |
When returning an endOfMibView we must always set it on the requested OID.
OK tb@
|
#
1.20 |
|
24-Oct-2023 |
martijn |
Fix appl_unregister() when called with range_subid set to !0.
OK tb@
|
#
1.19 |
|
24-Oct-2023 |
martijn |
Fix appl_register() when called with range_subid set to !0.
OK tb@
|
#
1.18 |
|
24-Oct-2023 |
martijn |
Always check if the context is available inside appl_agentx_recv(). Not every PDU goes through application.c.
OK tb@
|
Revision tags: OPENBSD_7_3_BASE OPENBSD_7_4_BASE
|
#
1.17 |
|
20-Dec-2022 |
martijn |
Make ar[du]_{nonrepeaters,maxrepetitions} uint16_t instead of int16_t. snmp uses signed 32 bits integers and agentx uses unsigned 16 bits integers. I somehow ended up somewhere in between.
OK sthen@, kn@
|
Revision tags: OPENBSD_7_2_BASE
|
#
1.16 |
|
13-Sep-2022 |
martijn |
varbind was designed to allow both a ber NULL and a NULL pointer for value. The ber NULL case is there for when it was received via a PDU. The NULL pointer case can happen if application.c runs into a timeout or when a backend runs into problems.
The NULL pointer case however was overlooked in appl_varbind_valid and results in an "missing value" error, (needlessly) terminating the connection to the backend.
Found the hard way by Mischa Peters while stress testing agentx support for vmd.
OK tb@, sthen@
|
#
1.15 |
|
31-Aug-2022 |
martijn |
Rewrite the searchrange end calculation routine. The old one had a bug which allowed it to move backwards on overlapping regions and also didn't always returned the optimal end position.
OK tb@
|
#
1.14 |
|
30-Aug-2022 |
martijn |
Remove now unused search variable. Missed in previous.
OK tb@
|
#
1.13 |
|
30-Aug-2022 |
martijn |
Remove the downwards check for overlapping regions when the subtree flag is set.
There's a bit of inverted logic in there and this feature will probably get in the way of the blocklist feature (and maybe others)
OK tb@
|
#
1.12 |
|
29-Aug-2022 |
martijn |
Allow overlapping regions (if subtree claim flag is set) when the backends are identical.
OK tb@
|
#
1.11 |
|
29-Aug-2022 |
martijn |
Make sure oidbuf is initialized when we hit the overlap case.
OK tb@
|
#
1.10 |
|
29-Aug-2022 |
martijn |
When there are two overlapping regions handled by the same backend we might traverse back in the tree; Make sure this doesn't happen.
OK tb@
|
#
1.9 |
|
29-Aug-2022 |
martijn |
When a backend disappears while handling a request, make sure that the outstanding requests are handled by the next backend, instead of leaking memory.
OK tb@
|
#
1.8 |
|
29-Aug-2022 |
martijn |
Let snmpd check a response package against the requested searchrange end.
If the returned OID is beyond the searchrange end we have two cases: - If the backend supports searchranges (agentx) we generate a GENERR and close the connection. - If the backend doesn't support searchranges (legacy and maybe a future snmp proxy) we simply fix-up the result.
OK tb@
|
#
1.7 |
|
23-Aug-2022 |
martijn |
(Re)add support for agentx in snmpd Current omissions in protocol support are notifications, index (de)allocation, and agent capabilities.
Help testing sthen@ Feedback/tweaks/OK jmatthew@
|
#
1.6 |
|
30-Jun-2022 |
martijn |
Introduce a blocklist backend and keyword.
This allows the admin to specify a full region of the OID tree to be blocked and simply returns NOSUCHOBJECT/ENDOFMIBVIEW.
This deprecates filter-pf-addresses in favour of: blocklist pfTblAddrTable
OK tb@
|
#
1.5 |
|
27-Jun-2022 |
martijn |
Mostly rewrite appl_request_upstream_reply. The old code had a potential off by one underflow, which is unlikely to be hit with the current builtin backend, and didn't show the returned varbindlist correct.
OK sthen@
|
#
1.4 |
|
27-Jun-2022 |
martijn |
Initialize oidbuf and regionbuf when registering a region in appl_region. This prevents us from spewing garbage on error.
regionbuf case pointed out by tb@
OK deraadt@ tb@
|
Revision tags: OPENBSD_7_1_BASE
|
#
1.3 |
|
22-Feb-2022 |
martijn |
requestid is a 32 bit integer, make sure that we request that with ober_scanf_elements.
Found the hard way on octeon and patch tested by sebastian <at> rostwald <dot> de OK tb
|
#
1.2 |
|
30-Jan-2022 |
martijn |
Add missing NULL check.
OK benno@
|
#
1.1 |
|
19-Jan-2022 |
martijn |
Add the new application layer. Changes include: - Asynchronous design, which should allow us to cleanly implement agentx support. - Cluster requests when sending them to backends - Return a better error code in a lot of cases. - Allow bulkget to return row by row instead of column by column (as per RFC3416) - Better SNMPv1 mapping as per RFC3584 - Allow registration of overlapping regions. - Stricter OID comparison. - We loose write support. Previous write support didn't guarantee atomicity, wasn't persistent across restarts and didn't implement anything useful. This can be added later if it's missed. - This is quite a bit slower, but this should clear up once the current mps.c and mib.c code gets pushed out. Other tricks could help speed things up, but I don't want to resort to extra tricks if it's not needed. - More detailed debugging output.
This commit is stand-alone and gets hooked in with the following commit.
"Looks good at first glance" benno@ minor issues pointed out by and OK jmatthew@ Performance loss aceptable to sthen@ tested as part of larger diff by sthen@ and Joel Carnat
|
#
1.35 |
|
08-Nov-2023 |
martijn |
Let usm_make_report() utilize appl_report(). usm_make_report utilized mps_getstr(), which after moving the SNMPv2-SMI::snmpV2 into application_internal returned a noSuchObject. This doesn't seem to have broken any tools that I'm aware of, but this returns the correct result.
OK tb@
|
#
1.34 |
|
08-Nov-2023 |
martijn |
Let appl_report() collect its own metrics. This simplifies the interface and gives us a free report-pdu log line in debug mode.
OK tb@
|
#
1.33 |
|
08-Nov-2023 |
martijn |
Don't rely on aru_pdu to rebuild the original varbindlist on error. Now that we have avi_origid it's not needed anymore and aru_pdu needs to go.
OK tb@
|
#
1.32 |
|
08-Nov-2023 |
martijn |
Don't use aru_pdu for determining the requesttype. It's owned by snmp_message and getting rid of it is also needed for appl_report() to gather its own information.
OK tb@
|
#
1.31 |
|
08-Nov-2023 |
martijn |
export SNMP-TARGET-MIB::{snmpUnavailableContexts,snmpUnknownContexts} via application_internal.
OK tb@
|
#
1.30 |
|
06-Nov-2023 |
martijn |
Readd the sysORTable based on the new struct appl_agentcap.
OK tb@
|
#
1.29 |
|
06-Nov-2023 |
martijn |
Allow agent capabilities to be stored on a per appl_context basis. This is needed for AgentX's {add,remove}agentcaps, and the sysORTable.
OK tb@
|
#
1.28 |
|
04-Nov-2023 |
martijn |
Introduce application_internal.c. This backend is meant to replace application_legacy.c, mps.c, and mib.c. This commit just introduces the backend. The existing MIBs inside mib.c will be copied over in subsequent commits.
OK tb@
|
#
1.27 |
|
29-Oct-2023 |
martijn |
When doing a get{next,bulk} below an instance we must move the OID to the next sibling. Not simply copying over the value of the next to use region, since that might be the parent and we would walk backwards in the tree.
OK tb@
|
#
1.26 |
|
29-Oct-2023 |
martijn |
searchrange.end is non-inclusive. Adjust the tests for that.
OK tb@
|
#
1.25 |
|
27-Oct-2023 |
martijn |
If an invalid varbindlist was returned by a backend we would call appl_request_upstream_resolve() twice where the first call would already return a reply and free the upstream request, leading to a use after free. Make appl_request_downstream_free() call appl_request_upstream_resolve() unconditionally and remove the call from appl_response().
OK tb@
|
#
1.24 |
|
24-Oct-2023 |
martijn |
FC3416 section 4.2.1 (and others) tells us that if an error occurs the varbindlist in the response must be identical to the original request.
OK tb@
|
#
1.23 |
|
24-Oct-2023 |
martijn |
Certain error codes are only intended for certain request-types. Add an appl_error_valid() function to test for this.
OK tb@
|
#
1.22 |
|
24-Oct-2023 |
martijn |
If a backend registers as an instance it must never return OIDs below their registration. Add a test for this in appl_varbind_valid().
OK and minor nit tb@
|
#
1.21 |
|
24-Oct-2023 |
martijn |
When returning an endOfMibView we must always set it on the requested OID.
OK tb@
|
#
1.20 |
|
24-Oct-2023 |
martijn |
Fix appl_unregister() when called with range_subid set to !0.
OK tb@
|
#
1.19 |
|
24-Oct-2023 |
martijn |
Fix appl_register() when called with range_subid set to !0.
OK tb@
|
#
1.18 |
|
24-Oct-2023 |
martijn |
Always check if the context is available inside appl_agentx_recv(). Not every PDU goes through application.c.
OK tb@
|
Revision tags: OPENBSD_7_3_BASE OPENBSD_7_4_BASE
|
#
1.17 |
|
20-Dec-2022 |
martijn |
Make ar[du]_{nonrepeaters,maxrepetitions} uint16_t instead of int16_t. snmp uses signed 32 bits integers and agentx uses unsigned 16 bits integers. I somehow ended up somewhere in between.
OK sthen@, kn@
|
Revision tags: OPENBSD_7_2_BASE
|
#
1.16 |
|
13-Sep-2022 |
martijn |
varbind was designed to allow both a ber NULL and a NULL pointer for value. The ber NULL case is there for when it was received via a PDU. The NULL pointer case can happen if application.c runs into a timeout or when a backend runs into problems.
The NULL pointer case however was overlooked in appl_varbind_valid and results in an "missing value" error, (needlessly) terminating the connection to the backend.
Found the hard way by Mischa Peters while stress testing agentx support for vmd.
OK tb@, sthen@
|
#
1.15 |
|
31-Aug-2022 |
martijn |
Rewrite the searchrange end calculation routine. The old one had a bug which allowed it to move backwards on overlapping regions and also didn't always returned the optimal end position.
OK tb@
|
#
1.14 |
|
30-Aug-2022 |
martijn |
Remove now unused search variable. Missed in previous.
OK tb@
|
#
1.13 |
|
30-Aug-2022 |
martijn |
Remove the downwards check for overlapping regions when the subtree flag is set.
There's a bit of inverted logic in there and this feature will probably get in the way of the blocklist feature (and maybe others)
OK tb@
|
#
1.12 |
|
29-Aug-2022 |
martijn |
Allow overlapping regions (if subtree claim flag is set) when the backends are identical.
OK tb@
|
#
1.11 |
|
29-Aug-2022 |
martijn |
Make sure oidbuf is initialized when we hit the overlap case.
OK tb@
|
#
1.10 |
|
29-Aug-2022 |
martijn |
When there are two overlapping regions handled by the same backend we might traverse back in the tree; Make sure this doesn't happen.
OK tb@
|
#
1.9 |
|
29-Aug-2022 |
martijn |
When a backend disappears while handling a request, make sure that the outstanding requests are handled by the next backend, instead of leaking memory.
OK tb@
|
#
1.8 |
|
29-Aug-2022 |
martijn |
Let snmpd check a response package against the requested searchrange end.
If the returned OID is beyond the searchrange end we have two cases: - If the backend supports searchranges (agentx) we generate a GENERR and close the connection. - If the backend doesn't support searchranges (legacy and maybe a future snmp proxy) we simply fix-up the result.
OK tb@
|
#
1.7 |
|
23-Aug-2022 |
martijn |
(Re)add support for agentx in snmpd Current omissions in protocol support are notifications, index (de)allocation, and agent capabilities.
Help testing sthen@ Feedback/tweaks/OK jmatthew@
|
#
1.6 |
|
30-Jun-2022 |
martijn |
Introduce a blocklist backend and keyword.
This allows the admin to specify a full region of the OID tree to be blocked and simply returns NOSUCHOBJECT/ENDOFMIBVIEW.
This deprecates filter-pf-addresses in favour of: blocklist pfTblAddrTable
OK tb@
|
#
1.5 |
|
27-Jun-2022 |
martijn |
Mostly rewrite appl_request_upstream_reply. The old code had a potential off by one underflow, which is unlikely to be hit with the current builtin backend, and didn't show the returned varbindlist correct.
OK sthen@
|
#
1.4 |
|
27-Jun-2022 |
martijn |
Initialize oidbuf and regionbuf when registering a region in appl_region. This prevents us from spewing garbage on error.
regionbuf case pointed out by tb@
OK deraadt@ tb@
|
Revision tags: OPENBSD_7_1_BASE
|
#
1.3 |
|
22-Feb-2022 |
martijn |
requestid is a 32 bit integer, make sure that we request that with ober_scanf_elements.
Found the hard way on octeon and patch tested by sebastian <at> rostwald <dot> de OK tb
|
#
1.2 |
|
30-Jan-2022 |
martijn |
Add missing NULL check.
OK benno@
|
#
1.1 |
|
19-Jan-2022 |
martijn |
Add the new application layer. Changes include: - Asynchronous design, which should allow us to cleanly implement agentx support. - Cluster requests when sending them to backends - Return a better error code in a lot of cases. - Allow bulkget to return row by row instead of column by column (as per RFC3416) - Better SNMPv1 mapping as per RFC3584 - Allow registration of overlapping regions. - Stricter OID comparison. - We loose write support. Previous write support didn't guarantee atomicity, wasn't persistent across restarts and didn't implement anything useful. This can be added later if it's missed. - This is quite a bit slower, but this should clear up once the current mps.c and mib.c code gets pushed out. Other tricks could help speed things up, but I don't want to resort to extra tricks if it's not needed. - More detailed debugging output.
This commit is stand-alone and gets hooked in with the following commit.
"Looks good at first glance" benno@ minor issues pointed out by and OK jmatthew@ Performance loss aceptable to sthen@ tested as part of larger diff by sthen@ and Joel Carnat
|
#
1.30 |
|
06-Nov-2023 |
martijn |
Readd the sysORTable based on the new struct appl_agentcap.
OK tb@
|
#
1.29 |
|
06-Nov-2023 |
martijn |
Allow agent capabilities to be stored on a per appl_context basis. This is needed for AgentX's {add,remove}agentcaps, and the sysORTable.
OK tb@
|
#
1.28 |
|
04-Nov-2023 |
martijn |
Introduce application_internal.c. This backend is meant to replace application_legacy.c, mps.c, and mib.c. This commit just introduces the backend. The existing MIBs inside mib.c will be copied over in subsequent commits.
OK tb@
|
#
1.27 |
|
29-Oct-2023 |
martijn |
When doing a get{next,bulk} below an instance we must move the OID to the next sibling. Not simply copying over the value of the next to use region, since that might be the parent and we would walk backwards in the tree.
OK tb@
|
#
1.26 |
|
29-Oct-2023 |
martijn |
searchrange.end is non-inclusive. Adjust the tests for that.
OK tb@
|
#
1.25 |
|
27-Oct-2023 |
martijn |
If an invalid varbindlist was returned by a backend we would call appl_request_upstream_resolve() twice where the first call would already return a reply and free the upstream request, leading to a use after free. Make appl_request_downstream_free() call appl_request_upstream_resolve() unconditionally and remove the call from appl_response().
OK tb@
|
#
1.24 |
|
24-Oct-2023 |
martijn |
FC3416 section 4.2.1 (and others) tells us that if an error occurs the varbindlist in the response must be identical to the original request.
OK tb@
|
#
1.23 |
|
24-Oct-2023 |
martijn |
Certain error codes are only intended for certain request-types. Add an appl_error_valid() function to test for this.
OK tb@
|
#
1.22 |
|
24-Oct-2023 |
martijn |
If a backend registers as an instance it must never return OIDs below their registration. Add a test for this in appl_varbind_valid().
OK and minor nit tb@
|
#
1.21 |
|
24-Oct-2023 |
martijn |
When returning an endOfMibView we must always set it on the requested OID.
OK tb@
|
#
1.20 |
|
24-Oct-2023 |
martijn |
Fix appl_unregister() when called with range_subid set to !0.
OK tb@
|
#
1.19 |
|
24-Oct-2023 |
martijn |
Fix appl_register() when called with range_subid set to !0.
OK tb@
|
#
1.18 |
|
24-Oct-2023 |
martijn |
Always check if the context is available inside appl_agentx_recv(). Not every PDU goes through application.c.
OK tb@
|
Revision tags: OPENBSD_7_3_BASE OPENBSD_7_4_BASE
|
#
1.17 |
|
20-Dec-2022 |
martijn |
Make ar[du]_{nonrepeaters,maxrepetitions} uint16_t instead of int16_t. snmp uses signed 32 bits integers and agentx uses unsigned 16 bits integers. I somehow ended up somewhere in between.
OK sthen@, kn@
|
Revision tags: OPENBSD_7_2_BASE
|
#
1.16 |
|
13-Sep-2022 |
martijn |
varbind was designed to allow both a ber NULL and a NULL pointer for value. The ber NULL case is there for when it was received via a PDU. The NULL pointer case can happen if application.c runs into a timeout or when a backend runs into problems.
The NULL pointer case however was overlooked in appl_varbind_valid and results in an "missing value" error, (needlessly) terminating the connection to the backend.
Found the hard way by Mischa Peters while stress testing agentx support for vmd.
OK tb@, sthen@
|
#
1.15 |
|
31-Aug-2022 |
martijn |
Rewrite the searchrange end calculation routine. The old one had a bug which allowed it to move backwards on overlapping regions and also didn't always returned the optimal end position.
OK tb@
|
#
1.14 |
|
30-Aug-2022 |
martijn |
Remove now unused search variable. Missed in previous.
OK tb@
|
#
1.13 |
|
30-Aug-2022 |
martijn |
Remove the downwards check for overlapping regions when the subtree flag is set.
There's a bit of inverted logic in there and this feature will probably get in the way of the blocklist feature (and maybe others)
OK tb@
|
#
1.12 |
|
29-Aug-2022 |
martijn |
Allow overlapping regions (if subtree claim flag is set) when the backends are identical.
OK tb@
|
#
1.11 |
|
29-Aug-2022 |
martijn |
Make sure oidbuf is initialized when we hit the overlap case.
OK tb@
|
#
1.10 |
|
29-Aug-2022 |
martijn |
When there are two overlapping regions handled by the same backend we might traverse back in the tree; Make sure this doesn't happen.
OK tb@
|
#
1.9 |
|
29-Aug-2022 |
martijn |
When a backend disappears while handling a request, make sure that the outstanding requests are handled by the next backend, instead of leaking memory.
OK tb@
|
#
1.8 |
|
29-Aug-2022 |
martijn |
Let snmpd check a response package against the requested searchrange end.
If the returned OID is beyond the searchrange end we have two cases: - If the backend supports searchranges (agentx) we generate a GENERR and close the connection. - If the backend doesn't support searchranges (legacy and maybe a future snmp proxy) we simply fix-up the result.
OK tb@
|
#
1.7 |
|
23-Aug-2022 |
martijn |
(Re)add support for agentx in snmpd Current omissions in protocol support are notifications, index (de)allocation, and agent capabilities.
Help testing sthen@ Feedback/tweaks/OK jmatthew@
|
#
1.6 |
|
30-Jun-2022 |
martijn |
Introduce a blocklist backend and keyword.
This allows the admin to specify a full region of the OID tree to be blocked and simply returns NOSUCHOBJECT/ENDOFMIBVIEW.
This deprecates filter-pf-addresses in favour of: blocklist pfTblAddrTable
OK tb@
|
#
1.5 |
|
27-Jun-2022 |
martijn |
Mostly rewrite appl_request_upstream_reply. The old code had a potential off by one underflow, which is unlikely to be hit with the current builtin backend, and didn't show the returned varbindlist correct.
OK sthen@
|
#
1.4 |
|
27-Jun-2022 |
martijn |
Initialize oidbuf and regionbuf when registering a region in appl_region. This prevents us from spewing garbage on error.
regionbuf case pointed out by tb@
OK deraadt@ tb@
|
Revision tags: OPENBSD_7_1_BASE
|
#
1.3 |
|
22-Feb-2022 |
martijn |
requestid is a 32 bit integer, make sure that we request that with ober_scanf_elements.
Found the hard way on octeon and patch tested by sebastian <at> rostwald <dot> de OK tb
|
#
1.2 |
|
30-Jan-2022 |
martijn |
Add missing NULL check.
OK benno@
|
#
1.1 |
|
19-Jan-2022 |
martijn |
Add the new application layer. Changes include: - Asynchronous design, which should allow us to cleanly implement agentx support. - Cluster requests when sending them to backends - Return a better error code in a lot of cases. - Allow bulkget to return row by row instead of column by column (as per RFC3416) - Better SNMPv1 mapping as per RFC3584 - Allow registration of overlapping regions. - Stricter OID comparison. - We loose write support. Previous write support didn't guarantee atomicity, wasn't persistent across restarts and didn't implement anything useful. This can be added later if it's missed. - This is quite a bit slower, but this should clear up once the current mps.c and mib.c code gets pushed out. Other tricks could help speed things up, but I don't want to resort to extra tricks if it's not needed. - More detailed debugging output.
This commit is stand-alone and gets hooked in with the following commit.
"Looks good at first glance" benno@ minor issues pointed out by and OK jmatthew@ Performance loss aceptable to sthen@ tested as part of larger diff by sthen@ and Joel Carnat
|
#
1.28 |
|
04-Nov-2023 |
martijn |
Introduce application_internal.c. This backend is meant to replace application_legacy.c, mps.c, and mib.c. This commit just introduces the backend. The existing MIBs inside mib.c will be copied over in subsequent commits.
OK tb@
|
#
1.27 |
|
29-Oct-2023 |
martijn |
When doing a get{next,bulk} below an instance we must move the OID to the next sibling. Not simply copying over the value of the next to use region, since that might be the parent and we would walk backwards in the tree.
OK tb@
|
#
1.26 |
|
29-Oct-2023 |
martijn |
searchrange.end is non-inclusive. Adjust the tests for that.
OK tb@
|
#
1.25 |
|
27-Oct-2023 |
martijn |
If an invalid varbindlist was returned by a backend we would call appl_request_upstream_resolve() twice where the first call would already return a reply and free the upstream request, leading to a use after free. Make appl_request_downstream_free() call appl_request_upstream_resolve() unconditionally and remove the call from appl_response().
OK tb@
|
#
1.24 |
|
24-Oct-2023 |
martijn |
FC3416 section 4.2.1 (and others) tells us that if an error occurs the varbindlist in the response must be identical to the original request.
OK tb@
|
#
1.23 |
|
24-Oct-2023 |
martijn |
Certain error codes are only intended for certain request-types. Add an appl_error_valid() function to test for this.
OK tb@
|
#
1.22 |
|
24-Oct-2023 |
martijn |
If a backend registers as an instance it must never return OIDs below their registration. Add a test for this in appl_varbind_valid().
OK and minor nit tb@
|
#
1.21 |
|
24-Oct-2023 |
martijn |
When returning an endOfMibView we must always set it on the requested OID.
OK tb@
|
#
1.20 |
|
24-Oct-2023 |
martijn |
Fix appl_unregister() when called with range_subid set to !0.
OK tb@
|
#
1.19 |
|
24-Oct-2023 |
martijn |
Fix appl_register() when called with range_subid set to !0.
OK tb@
|
#
1.18 |
|
24-Oct-2023 |
martijn |
Always check if the context is available inside appl_agentx_recv(). Not every PDU goes through application.c.
OK tb@
|
Revision tags: OPENBSD_7_3_BASE OPENBSD_7_4_BASE
|
#
1.17 |
|
20-Dec-2022 |
martijn |
Make ar[du]_{nonrepeaters,maxrepetitions} uint16_t instead of int16_t. snmp uses signed 32 bits integers and agentx uses unsigned 16 bits integers. I somehow ended up somewhere in between.
OK sthen@, kn@
|
Revision tags: OPENBSD_7_2_BASE
|
#
1.16 |
|
13-Sep-2022 |
martijn |
varbind was designed to allow both a ber NULL and a NULL pointer for value. The ber NULL case is there for when it was received via a PDU. The NULL pointer case can happen if application.c runs into a timeout or when a backend runs into problems.
The NULL pointer case however was overlooked in appl_varbind_valid and results in an "missing value" error, (needlessly) terminating the connection to the backend.
Found the hard way by Mischa Peters while stress testing agentx support for vmd.
OK tb@, sthen@
|
#
1.15 |
|
31-Aug-2022 |
martijn |
Rewrite the searchrange end calculation routine. The old one had a bug which allowed it to move backwards on overlapping regions and also didn't always returned the optimal end position.
OK tb@
|
#
1.14 |
|
30-Aug-2022 |
martijn |
Remove now unused search variable. Missed in previous.
OK tb@
|
#
1.13 |
|
30-Aug-2022 |
martijn |
Remove the downwards check for overlapping regions when the subtree flag is set.
There's a bit of inverted logic in there and this feature will probably get in the way of the blocklist feature (and maybe others)
OK tb@
|
#
1.12 |
|
29-Aug-2022 |
martijn |
Allow overlapping regions (if subtree claim flag is set) when the backends are identical.
OK tb@
|
#
1.11 |
|
29-Aug-2022 |
martijn |
Make sure oidbuf is initialized when we hit the overlap case.
OK tb@
|
#
1.10 |
|
29-Aug-2022 |
martijn |
When there are two overlapping regions handled by the same backend we might traverse back in the tree; Make sure this doesn't happen.
OK tb@
|
#
1.9 |
|
29-Aug-2022 |
martijn |
When a backend disappears while handling a request, make sure that the outstanding requests are handled by the next backend, instead of leaking memory.
OK tb@
|
#
1.8 |
|
29-Aug-2022 |
martijn |
Let snmpd check a response package against the requested searchrange end.
If the returned OID is beyond the searchrange end we have two cases: - If the backend supports searchranges (agentx) we generate a GENERR and close the connection. - If the backend doesn't support searchranges (legacy and maybe a future snmp proxy) we simply fix-up the result.
OK tb@
|
#
1.7 |
|
23-Aug-2022 |
martijn |
(Re)add support for agentx in snmpd Current omissions in protocol support are notifications, index (de)allocation, and agent capabilities.
Help testing sthen@ Feedback/tweaks/OK jmatthew@
|
#
1.6 |
|
30-Jun-2022 |
martijn |
Introduce a blocklist backend and keyword.
This allows the admin to specify a full region of the OID tree to be blocked and simply returns NOSUCHOBJECT/ENDOFMIBVIEW.
This deprecates filter-pf-addresses in favour of: blocklist pfTblAddrTable
OK tb@
|
#
1.5 |
|
27-Jun-2022 |
martijn |
Mostly rewrite appl_request_upstream_reply. The old code had a potential off by one underflow, which is unlikely to be hit with the current builtin backend, and didn't show the returned varbindlist correct.
OK sthen@
|
#
1.4 |
|
27-Jun-2022 |
martijn |
Initialize oidbuf and regionbuf when registering a region in appl_region. This prevents us from spewing garbage on error.
regionbuf case pointed out by tb@
OK deraadt@ tb@
|
Revision tags: OPENBSD_7_1_BASE
|
#
1.3 |
|
22-Feb-2022 |
martijn |
requestid is a 32 bit integer, make sure that we request that with ober_scanf_elements.
Found the hard way on octeon and patch tested by sebastian <at> rostwald <dot> de OK tb
|
#
1.2 |
|
30-Jan-2022 |
martijn |
Add missing NULL check.
OK benno@
|
#
1.1 |
|
19-Jan-2022 |
martijn |
Add the new application layer. Changes include: - Asynchronous design, which should allow us to cleanly implement agentx support. - Cluster requests when sending them to backends - Return a better error code in a lot of cases. - Allow bulkget to return row by row instead of column by column (as per RFC3416) - Better SNMPv1 mapping as per RFC3584 - Allow registration of overlapping regions. - Stricter OID comparison. - We loose write support. Previous write support didn't guarantee atomicity, wasn't persistent across restarts and didn't implement anything useful. This can be added later if it's missed. - This is quite a bit slower, but this should clear up once the current mps.c and mib.c code gets pushed out. Other tricks could help speed things up, but I don't want to resort to extra tricks if it's not needed. - More detailed debugging output.
This commit is stand-alone and gets hooked in with the following commit.
"Looks good at first glance" benno@ minor issues pointed out by and OK jmatthew@ Performance loss aceptable to sthen@ tested as part of larger diff by sthen@ and Joel Carnat
|
#
1.27 |
|
29-Oct-2023 |
martijn |
When doing a get{next,bulk} below an instance we must move the OID to the next sibling. Not simply copying over the value of the next to use region, since that might be the parent and we would walk backwards in the tree.
OK tb@
|
#
1.26 |
|
29-Oct-2023 |
martijn |
searchrange.end is non-inclusive. Adjust the tests for that.
OK tb@
|
#
1.25 |
|
27-Oct-2023 |
martijn |
If an invalid varbindlist was returned by a backend we would call appl_request_upstream_resolve() twice where the first call would already return a reply and free the upstream request, leading to a use after free. Make appl_request_downstream_free() call appl_request_upstream_resolve() unconditionally and remove the call from appl_response().
OK tb@
|
#
1.24 |
|
24-Oct-2023 |
martijn |
FC3416 section 4.2.1 (and others) tells us that if an error occurs the varbindlist in the response must be identical to the original request.
OK tb@
|
#
1.23 |
|
24-Oct-2023 |
martijn |
Certain error codes are only intended for certain request-types. Add an appl_error_valid() function to test for this.
OK tb@
|
#
1.22 |
|
24-Oct-2023 |
martijn |
If a backend registers as an instance it must never return OIDs below their registration. Add a test for this in appl_varbind_valid().
OK and minor nit tb@
|
#
1.21 |
|
24-Oct-2023 |
martijn |
When returning an endOfMibView we must always set it on the requested OID.
OK tb@
|
#
1.20 |
|
24-Oct-2023 |
martijn |
Fix appl_unregister() when called with range_subid set to !0.
OK tb@
|
#
1.19 |
|
24-Oct-2023 |
martijn |
Fix appl_register() when called with range_subid set to !0.
OK tb@
|
#
1.18 |
|
24-Oct-2023 |
martijn |
Always check if the context is available inside appl_agentx_recv(). Not every PDU goes through application.c.
OK tb@
|
Revision tags: OPENBSD_7_3_BASE OPENBSD_7_4_BASE
|
#
1.17 |
|
20-Dec-2022 |
martijn |
Make ar[du]_{nonrepeaters,maxrepetitions} uint16_t instead of int16_t. snmp uses signed 32 bits integers and agentx uses unsigned 16 bits integers. I somehow ended up somewhere in between.
OK sthen@, kn@
|
Revision tags: OPENBSD_7_2_BASE
|
#
1.16 |
|
13-Sep-2022 |
martijn |
varbind was designed to allow both a ber NULL and a NULL pointer for value. The ber NULL case is there for when it was received via a PDU. The NULL pointer case can happen if application.c runs into a timeout or when a backend runs into problems.
The NULL pointer case however was overlooked in appl_varbind_valid and results in an "missing value" error, (needlessly) terminating the connection to the backend.
Found the hard way by Mischa Peters while stress testing agentx support for vmd.
OK tb@, sthen@
|
#
1.15 |
|
31-Aug-2022 |
martijn |
Rewrite the searchrange end calculation routine. The old one had a bug which allowed it to move backwards on overlapping regions and also didn't always returned the optimal end position.
OK tb@
|
#
1.14 |
|
30-Aug-2022 |
martijn |
Remove now unused search variable. Missed in previous.
OK tb@
|
#
1.13 |
|
30-Aug-2022 |
martijn |
Remove the downwards check for overlapping regions when the subtree flag is set.
There's a bit of inverted logic in there and this feature will probably get in the way of the blocklist feature (and maybe others)
OK tb@
|
#
1.12 |
|
29-Aug-2022 |
martijn |
Allow overlapping regions (if subtree claim flag is set) when the backends are identical.
OK tb@
|
#
1.11 |
|
29-Aug-2022 |
martijn |
Make sure oidbuf is initialized when we hit the overlap case.
OK tb@
|
#
1.10 |
|
29-Aug-2022 |
martijn |
When there are two overlapping regions handled by the same backend we might traverse back in the tree; Make sure this doesn't happen.
OK tb@
|
#
1.9 |
|
29-Aug-2022 |
martijn |
When a backend disappears while handling a request, make sure that the outstanding requests are handled by the next backend, instead of leaking memory.
OK tb@
|
#
1.8 |
|
29-Aug-2022 |
martijn |
Let snmpd check a response package against the requested searchrange end.
If the returned OID is beyond the searchrange end we have two cases: - If the backend supports searchranges (agentx) we generate a GENERR and close the connection. - If the backend doesn't support searchranges (legacy and maybe a future snmp proxy) we simply fix-up the result.
OK tb@
|
#
1.7 |
|
23-Aug-2022 |
martijn |
(Re)add support for agentx in snmpd Current omissions in protocol support are notifications, index (de)allocation, and agent capabilities.
Help testing sthen@ Feedback/tweaks/OK jmatthew@
|
#
1.6 |
|
30-Jun-2022 |
martijn |
Introduce a blocklist backend and keyword.
This allows the admin to specify a full region of the OID tree to be blocked and simply returns NOSUCHOBJECT/ENDOFMIBVIEW.
This deprecates filter-pf-addresses in favour of: blocklist pfTblAddrTable
OK tb@
|
#
1.5 |
|
27-Jun-2022 |
martijn |
Mostly rewrite appl_request_upstream_reply. The old code had a potential off by one underflow, which is unlikely to be hit with the current builtin backend, and didn't show the returned varbindlist correct.
OK sthen@
|
#
1.4 |
|
27-Jun-2022 |
martijn |
Initialize oidbuf and regionbuf when registering a region in appl_region. This prevents us from spewing garbage on error.
regionbuf case pointed out by tb@
OK deraadt@ tb@
|
Revision tags: OPENBSD_7_1_BASE
|
#
1.3 |
|
22-Feb-2022 |
martijn |
requestid is a 32 bit integer, make sure that we request that with ober_scanf_elements.
Found the hard way on octeon and patch tested by sebastian <at> rostwald <dot> de OK tb
|
#
1.2 |
|
30-Jan-2022 |
martijn |
Add missing NULL check.
OK benno@
|
#
1.1 |
|
19-Jan-2022 |
martijn |
Add the new application layer. Changes include: - Asynchronous design, which should allow us to cleanly implement agentx support. - Cluster requests when sending them to backends - Return a better error code in a lot of cases. - Allow bulkget to return row by row instead of column by column (as per RFC3416) - Better SNMPv1 mapping as per RFC3584 - Allow registration of overlapping regions. - Stricter OID comparison. - We loose write support. Previous write support didn't guarantee atomicity, wasn't persistent across restarts and didn't implement anything useful. This can be added later if it's missed. - This is quite a bit slower, but this should clear up once the current mps.c and mib.c code gets pushed out. Other tricks could help speed things up, but I don't want to resort to extra tricks if it's not needed. - More detailed debugging output.
This commit is stand-alone and gets hooked in with the following commit.
"Looks good at first glance" benno@ minor issues pointed out by and OK jmatthew@ Performance loss aceptable to sthen@ tested as part of larger diff by sthen@ and Joel Carnat
|
#
1.25 |
|
27-Oct-2023 |
martijn |
If an invalid varbindlist was returned by a backend we would call appl_request_upstream_resolve() twice where the first call would already return a reply and free the upstream request, leading to a use after free. Make appl_request_downstream_free() call appl_request_upstream_resolve() unconditionally and remove the call from appl_response().
OK tb@
|
#
1.24 |
|
24-Oct-2023 |
martijn |
FC3416 section 4.2.1 (and others) tells us that if an error occurs the varbindlist in the response must be identical to the original request.
OK tb@
|
#
1.23 |
|
24-Oct-2023 |
martijn |
Certain error codes are only intended for certain request-types. Add an appl_error_valid() function to test for this.
OK tb@
|
#
1.22 |
|
24-Oct-2023 |
martijn |
If a backend registers as an instance it must never return OIDs below their registration. Add a test for this in appl_varbind_valid().
OK and minor nit tb@
|
#
1.21 |
|
24-Oct-2023 |
martijn |
When returning an endOfMibView we must always set it on the requested OID.
OK tb@
|
#
1.20 |
|
24-Oct-2023 |
martijn |
Fix appl_unregister() when called with range_subid set to !0.
OK tb@
|
#
1.19 |
|
24-Oct-2023 |
martijn |
Fix appl_register() when called with range_subid set to !0.
OK tb@
|
#
1.18 |
|
24-Oct-2023 |
martijn |
Always check if the context is available inside appl_agentx_recv(). Not every PDU goes through application.c.
OK tb@
|
Revision tags: OPENBSD_7_3_BASE OPENBSD_7_4_BASE
|
#
1.17 |
|
20-Dec-2022 |
martijn |
Make ar[du]_{nonrepeaters,maxrepetitions} uint16_t instead of int16_t. snmp uses signed 32 bits integers and agentx uses unsigned 16 bits integers. I somehow ended up somewhere in between.
OK sthen@, kn@
|
Revision tags: OPENBSD_7_2_BASE
|
#
1.16 |
|
13-Sep-2022 |
martijn |
varbind was designed to allow both a ber NULL and a NULL pointer for value. The ber NULL case is there for when it was received via a PDU. The NULL pointer case can happen if application.c runs into a timeout or when a backend runs into problems.
The NULL pointer case however was overlooked in appl_varbind_valid and results in an "missing value" error, (needlessly) terminating the connection to the backend.
Found the hard way by Mischa Peters while stress testing agentx support for vmd.
OK tb@, sthen@
|
#
1.15 |
|
31-Aug-2022 |
martijn |
Rewrite the searchrange end calculation routine. The old one had a bug which allowed it to move backwards on overlapping regions and also didn't always returned the optimal end position.
OK tb@
|
#
1.14 |
|
30-Aug-2022 |
martijn |
Remove now unused search variable. Missed in previous.
OK tb@
|
#
1.13 |
|
30-Aug-2022 |
martijn |
Remove the downwards check for overlapping regions when the subtree flag is set.
There's a bit of inverted logic in there and this feature will probably get in the way of the blocklist feature (and maybe others)
OK tb@
|
#
1.12 |
|
29-Aug-2022 |
martijn |
Allow overlapping regions (if subtree claim flag is set) when the backends are identical.
OK tb@
|
#
1.11 |
|
29-Aug-2022 |
martijn |
Make sure oidbuf is initialized when we hit the overlap case.
OK tb@
|
#
1.10 |
|
29-Aug-2022 |
martijn |
When there are two overlapping regions handled by the same backend we might traverse back in the tree; Make sure this doesn't happen.
OK tb@
|
#
1.9 |
|
29-Aug-2022 |
martijn |
When a backend disappears while handling a request, make sure that the outstanding requests are handled by the next backend, instead of leaking memory.
OK tb@
|
#
1.8 |
|
29-Aug-2022 |
martijn |
Let snmpd check a response package against the requested searchrange end.
If the returned OID is beyond the searchrange end we have two cases: - If the backend supports searchranges (agentx) we generate a GENERR and close the connection. - If the backend doesn't support searchranges (legacy and maybe a future snmp proxy) we simply fix-up the result.
OK tb@
|
#
1.7 |
|
23-Aug-2022 |
martijn |
(Re)add support for agentx in snmpd Current omissions in protocol support are notifications, index (de)allocation, and agent capabilities.
Help testing sthen@ Feedback/tweaks/OK jmatthew@
|
#
1.6 |
|
30-Jun-2022 |
martijn |
Introduce a blocklist backend and keyword.
This allows the admin to specify a full region of the OID tree to be blocked and simply returns NOSUCHOBJECT/ENDOFMIBVIEW.
This deprecates filter-pf-addresses in favour of: blocklist pfTblAddrTable
OK tb@
|
#
1.5 |
|
27-Jun-2022 |
martijn |
Mostly rewrite appl_request_upstream_reply. The old code had a potential off by one underflow, which is unlikely to be hit with the current builtin backend, and didn't show the returned varbindlist correct.
OK sthen@
|
#
1.4 |
|
27-Jun-2022 |
martijn |
Initialize oidbuf and regionbuf when registering a region in appl_region. This prevents us from spewing garbage on error.
regionbuf case pointed out by tb@
OK deraadt@ tb@
|
Revision tags: OPENBSD_7_1_BASE
|
#
1.3 |
|
22-Feb-2022 |
martijn |
requestid is a 32 bit integer, make sure that we request that with ober_scanf_elements.
Found the hard way on octeon and patch tested by sebastian <at> rostwald <dot> de OK tb
|
#
1.2 |
|
30-Jan-2022 |
martijn |
Add missing NULL check.
OK benno@
|
#
1.1 |
|
19-Jan-2022 |
martijn |
Add the new application layer. Changes include: - Asynchronous design, which should allow us to cleanly implement agentx support. - Cluster requests when sending them to backends - Return a better error code in a lot of cases. - Allow bulkget to return row by row instead of column by column (as per RFC3416) - Better SNMPv1 mapping as per RFC3584 - Allow registration of overlapping regions. - Stricter OID comparison. - We loose write support. Previous write support didn't guarantee atomicity, wasn't persistent across restarts and didn't implement anything useful. This can be added later if it's missed. - This is quite a bit slower, but this should clear up once the current mps.c and mib.c code gets pushed out. Other tricks could help speed things up, but I don't want to resort to extra tricks if it's not needed. - More detailed debugging output.
This commit is stand-alone and gets hooked in with the following commit.
"Looks good at first glance" benno@ minor issues pointed out by and OK jmatthew@ Performance loss aceptable to sthen@ tested as part of larger diff by sthen@ and Joel Carnat
|
#
1.24 |
|
24-Oct-2023 |
martijn |
FC3416 section 4.2.1 (and others) tells us that if an error occurs the varbindlist in the response must be identical to the original request.
OK tb@
|
#
1.23 |
|
24-Oct-2023 |
martijn |
Certain error codes are only intended for certain request-types. Add an appl_error_valid() function to test for this.
OK tb@
|
#
1.22 |
|
24-Oct-2023 |
martijn |
If a backend registers as an instance it must never return OIDs below their registration. Add a test for this in appl_varbind_valid().
OK and minor nit tb@
|
#
1.21 |
|
24-Oct-2023 |
martijn |
When returning an endOfMibView we must always set it on the requested OID.
OK tb@
|
#
1.20 |
|
24-Oct-2023 |
martijn |
Fix appl_unregister() when called with range_subid set to !0.
OK tb@
|
#
1.19 |
|
24-Oct-2023 |
martijn |
Fix appl_register() when called with range_subid set to !0.
OK tb@
|
#
1.18 |
|
24-Oct-2023 |
martijn |
Always check if the context is available inside appl_agentx_recv(). Not every PDU goes through application.c.
OK tb@
|
Revision tags: OPENBSD_7_3_BASE OPENBSD_7_4_BASE
|
#
1.17 |
|
20-Dec-2022 |
martijn |
Make ar[du]_{nonrepeaters,maxrepetitions} uint16_t instead of int16_t. snmp uses signed 32 bits integers and agentx uses unsigned 16 bits integers. I somehow ended up somewhere in between.
OK sthen@, kn@
|
Revision tags: OPENBSD_7_2_BASE
|
#
1.16 |
|
13-Sep-2022 |
martijn |
varbind was designed to allow both a ber NULL and a NULL pointer for value. The ber NULL case is there for when it was received via a PDU. The NULL pointer case can happen if application.c runs into a timeout or when a backend runs into problems.
The NULL pointer case however was overlooked in appl_varbind_valid and results in an "missing value" error, (needlessly) terminating the connection to the backend.
Found the hard way by Mischa Peters while stress testing agentx support for vmd.
OK tb@, sthen@
|
#
1.15 |
|
31-Aug-2022 |
martijn |
Rewrite the searchrange end calculation routine. The old one had a bug which allowed it to move backwards on overlapping regions and also didn't always returned the optimal end position.
OK tb@
|
#
1.14 |
|
30-Aug-2022 |
martijn |
Remove now unused search variable. Missed in previous.
OK tb@
|
#
1.13 |
|
30-Aug-2022 |
martijn |
Remove the downwards check for overlapping regions when the subtree flag is set.
There's a bit of inverted logic in there and this feature will probably get in the way of the blocklist feature (and maybe others)
OK tb@
|
#
1.12 |
|
29-Aug-2022 |
martijn |
Allow overlapping regions (if subtree claim flag is set) when the backends are identical.
OK tb@
|
#
1.11 |
|
29-Aug-2022 |
martijn |
Make sure oidbuf is initialized when we hit the overlap case.
OK tb@
|
#
1.10 |
|
29-Aug-2022 |
martijn |
When there are two overlapping regions handled by the same backend we might traverse back in the tree; Make sure this doesn't happen.
OK tb@
|
#
1.9 |
|
29-Aug-2022 |
martijn |
When a backend disappears while handling a request, make sure that the outstanding requests are handled by the next backend, instead of leaking memory.
OK tb@
|
#
1.8 |
|
29-Aug-2022 |
martijn |
Let snmpd check a response package against the requested searchrange end.
If the returned OID is beyond the searchrange end we have two cases: - If the backend supports searchranges (agentx) we generate a GENERR and close the connection. - If the backend doesn't support searchranges (legacy and maybe a future snmp proxy) we simply fix-up the result.
OK tb@
|
#
1.7 |
|
23-Aug-2022 |
martijn |
(Re)add support for agentx in snmpd Current omissions in protocol support are notifications, index (de)allocation, and agent capabilities.
Help testing sthen@ Feedback/tweaks/OK jmatthew@
|
#
1.6 |
|
30-Jun-2022 |
martijn |
Introduce a blocklist backend and keyword.
This allows the admin to specify a full region of the OID tree to be blocked and simply returns NOSUCHOBJECT/ENDOFMIBVIEW.
This deprecates filter-pf-addresses in favour of: blocklist pfTblAddrTable
OK tb@
|
#
1.5 |
|
27-Jun-2022 |
martijn |
Mostly rewrite appl_request_upstream_reply. The old code had a potential off by one underflow, which is unlikely to be hit with the current builtin backend, and didn't show the returned varbindlist correct.
OK sthen@
|
#
1.4 |
|
27-Jun-2022 |
martijn |
Initialize oidbuf and regionbuf when registering a region in appl_region. This prevents us from spewing garbage on error.
regionbuf case pointed out by tb@
OK deraadt@ tb@
|
Revision tags: OPENBSD_7_1_BASE
|
#
1.3 |
|
22-Feb-2022 |
martijn |
requestid is a 32 bit integer, make sure that we request that with ober_scanf_elements.
Found the hard way on octeon and patch tested by sebastian <at> rostwald <dot> de OK tb
|
#
1.2 |
|
30-Jan-2022 |
martijn |
Add missing NULL check.
OK benno@
|
#
1.1 |
|
19-Jan-2022 |
martijn |
Add the new application layer. Changes include: - Asynchronous design, which should allow us to cleanly implement agentx support. - Cluster requests when sending them to backends - Return a better error code in a lot of cases. - Allow bulkget to return row by row instead of column by column (as per RFC3416) - Better SNMPv1 mapping as per RFC3584 - Allow registration of overlapping regions. - Stricter OID comparison. - We loose write support. Previous write support didn't guarantee atomicity, wasn't persistent across restarts and didn't implement anything useful. This can be added later if it's missed. - This is quite a bit slower, but this should clear up once the current mps.c and mib.c code gets pushed out. Other tricks could help speed things up, but I don't want to resort to extra tricks if it's not needed. - More detailed debugging output.
This commit is stand-alone and gets hooked in with the following commit.
"Looks good at first glance" benno@ minor issues pointed out by and OK jmatthew@ Performance loss aceptable to sthen@ tested as part of larger diff by sthen@ and Joel Carnat
|
#
1.17 |
|
20-Dec-2022 |
martijn |
Make ar[du]_{nonrepeaters,maxrepetitions} uint16_t instead of int16_t. snmp uses signed 32 bits integers and agentx uses unsigned 16 bits integers. I somehow ended up somewhere in between.
OK sthen@, kn@
|
Revision tags: OPENBSD_7_2_BASE
|
#
1.16 |
|
13-Sep-2022 |
martijn |
varbind was designed to allow both a ber NULL and a NULL pointer for value. The ber NULL case is there for when it was received via a PDU. The NULL pointer case can happen if application.c runs into a timeout or when a backend runs into problems.
The NULL pointer case however was overlooked in appl_varbind_valid and results in an "missing value" error, (needlessly) terminating the connection to the backend.
Found the hard way by Mischa Peters while stress testing agentx support for vmd.
OK tb@, sthen@
|
#
1.15 |
|
31-Aug-2022 |
martijn |
Rewrite the searchrange end calculation routine. The old one had a bug which allowed it to move backwards on overlapping regions and also didn't always returned the optimal end position.
OK tb@
|
#
1.14 |
|
30-Aug-2022 |
martijn |
Remove now unused search variable. Missed in previous.
OK tb@
|
#
1.13 |
|
30-Aug-2022 |
martijn |
Remove the downwards check for overlapping regions when the subtree flag is set.
There's a bit of inverted logic in there and this feature will probably get in the way of the blocklist feature (and maybe others)
OK tb@
|
#
1.12 |
|
29-Aug-2022 |
martijn |
Allow overlapping regions (if subtree claim flag is set) when the backends are identical.
OK tb@
|
#
1.11 |
|
29-Aug-2022 |
martijn |
Make sure oidbuf is initialized when we hit the overlap case.
OK tb@
|
#
1.10 |
|
29-Aug-2022 |
martijn |
When there are two overlapping regions handled by the same backend we might traverse back in the tree; Make sure this doesn't happen.
OK tb@
|
#
1.9 |
|
29-Aug-2022 |
martijn |
When a backend disappears while handling a request, make sure that the outstanding requests are handled by the next backend, instead of leaking memory.
OK tb@
|
#
1.8 |
|
29-Aug-2022 |
martijn |
Let snmpd check a response package against the requested searchrange end.
If the returned OID is beyond the searchrange end we have two cases: - If the backend supports searchranges (agentx) we generate a GENERR and close the connection. - If the backend doesn't support searchranges (legacy and maybe a future snmp proxy) we simply fix-up the result.
OK tb@
|
#
1.7 |
|
23-Aug-2022 |
martijn |
(Re)add support for agentx in snmpd Current omissions in protocol support are notifications, index (de)allocation, and agent capabilities.
Help testing sthen@ Feedback/tweaks/OK jmatthew@
|
#
1.6 |
|
30-Jun-2022 |
martijn |
Introduce a blocklist backend and keyword.
This allows the admin to specify a full region of the OID tree to be blocked and simply returns NOSUCHOBJECT/ENDOFMIBVIEW.
This deprecates filter-pf-addresses in favour of: blocklist pfTblAddrTable
OK tb@
|
#
1.5 |
|
27-Jun-2022 |
martijn |
Mostly rewrite appl_request_upstream_reply. The old code had a potential off by one underflow, which is unlikely to be hit with the current builtin backend, and didn't show the returned varbindlist correct.
OK sthen@
|
#
1.4 |
|
27-Jun-2022 |
martijn |
Initialize oidbuf and regionbuf when registering a region in appl_region. This prevents us from spewing garbage on error.
regionbuf case pointed out by tb@
OK deraadt@ tb@
|
Revision tags: OPENBSD_7_1_BASE
|
#
1.3 |
|
22-Feb-2022 |
martijn |
requestid is a 32 bit integer, make sure that we request that with ober_scanf_elements.
Found the hard way on octeon and patch tested by sebastian <at> rostwald <dot> de OK tb
|
#
1.2 |
|
30-Jan-2022 |
martijn |
Add missing NULL check.
OK benno@
|
#
1.1 |
|
19-Jan-2022 |
martijn |
Add the new application layer. Changes include: - Asynchronous design, which should allow us to cleanly implement agentx support. - Cluster requests when sending them to backends - Return a better error code in a lot of cases. - Allow bulkget to return row by row instead of column by column (as per RFC3416) - Better SNMPv1 mapping as per RFC3584 - Allow registration of overlapping regions. - Stricter OID comparison. - We loose write support. Previous write support didn't guarantee atomicity, wasn't persistent across restarts and didn't implement anything useful. This can be added later if it's missed. - This is quite a bit slower, but this should clear up once the current mps.c and mib.c code gets pushed out. Other tricks could help speed things up, but I don't want to resort to extra tricks if it's not needed. - More detailed debugging output.
This commit is stand-alone and gets hooked in with the following commit.
"Looks good at first glance" benno@ minor issues pointed out by and OK jmatthew@ Performance loss aceptable to sthen@ tested as part of larger diff by sthen@ and Joel Carnat
|
#
1.16 |
|
13-Sep-2022 |
martijn |
varbind was designed to allow both a ber NULL and a NULL pointer for value. The ber NULL case is there for when it was received via a PDU. The NULL pointer case can happen if application.c runs into a timeout or when a backend runs into problems.
The NULL pointer case however was overlooked in appl_varbind_valid and results in an "missing value" error, (needlessly) terminating the connection to the backend.
Found the hard way by Mischa Peters while stress testing agentx support for vmd.
OK tb@, sthen@
|
#
1.15 |
|
31-Aug-2022 |
martijn |
Rewrite the searchrange end calculation routine. The old one had a bug which allowed it to move backwards on overlapping regions and also didn't always returned the optimal end position.
OK tb@
|
#
1.14 |
|
30-Aug-2022 |
martijn |
Remove now unused search variable. Missed in previous.
OK tb@
|
#
1.13 |
|
30-Aug-2022 |
martijn |
Remove the downwards check for overlapping regions when the subtree flag is set.
There's a bit of inverted logic in there and this feature will probably get in the way of the blocklist feature (and maybe others)
OK tb@
|
#
1.12 |
|
29-Aug-2022 |
martijn |
Allow overlapping regions (if subtree claim flag is set) when the backends are identical.
OK tb@
|
#
1.11 |
|
29-Aug-2022 |
martijn |
Make sure oidbuf is initialized when we hit the overlap case.
OK tb@
|
#
1.10 |
|
29-Aug-2022 |
martijn |
When there are two overlapping regions handled by the same backend we might traverse back in the tree; Make sure this doesn't happen.
OK tb@
|
#
1.9 |
|
29-Aug-2022 |
martijn |
When a backend disappears while handling a request, make sure that the outstanding requests are handled by the next backend, instead of leaking memory.
OK tb@
|
#
1.8 |
|
29-Aug-2022 |
martijn |
Let snmpd check a response package against the requested searchrange end.
If the returned OID is beyond the searchrange end we have two cases: - If the backend supports searchranges (agentx) we generate a GENERR and close the connection. - If the backend doesn't support searchranges (legacy and maybe a future snmp proxy) we simply fix-up the result.
OK tb@
|
#
1.7 |
|
23-Aug-2022 |
martijn |
(Re)add support for agentx in snmpd Current omissions in protocol support are notifications, index (de)allocation, and agent capabilities.
Help testing sthen@ Feedback/tweaks/OK jmatthew@
|
#
1.6 |
|
30-Jun-2022 |
martijn |
Introduce a blocklist backend and keyword.
This allows the admin to specify a full region of the OID tree to be blocked and simply returns NOSUCHOBJECT/ENDOFMIBVIEW.
This deprecates filter-pf-addresses in favour of: blocklist pfTblAddrTable
OK tb@
|
#
1.5 |
|
27-Jun-2022 |
martijn |
Mostly rewrite appl_request_upstream_reply. The old code had a potential off by one underflow, which is unlikely to be hit with the current builtin backend, and didn't show the returned varbindlist correct.
OK sthen@
|
#
1.4 |
|
27-Jun-2022 |
martijn |
Initialize oidbuf and regionbuf when registering a region in appl_region. This prevents us from spewing garbage on error.
regionbuf case pointed out by tb@
OK deraadt@ tb@
|
Revision tags: OPENBSD_7_1_BASE
|
#
1.3 |
|
22-Feb-2022 |
martijn |
requestid is a 32 bit integer, make sure that we request that with ober_scanf_elements.
Found the hard way on octeon and patch tested by sebastian <at> rostwald <dot> de OK tb
|
#
1.2 |
|
30-Jan-2022 |
martijn |
Add missing NULL check.
OK benno@
|
#
1.1 |
|
19-Jan-2022 |
martijn |
Add the new application layer. Changes include: - Asynchronous design, which should allow us to cleanly implement agentx support. - Cluster requests when sending them to backends - Return a better error code in a lot of cases. - Allow bulkget to return row by row instead of column by column (as per RFC3416) - Better SNMPv1 mapping as per RFC3584 - Allow registration of overlapping regions. - Stricter OID comparison. - We loose write support. Previous write support didn't guarantee atomicity, wasn't persistent across restarts and didn't implement anything useful. This can be added later if it's missed. - This is quite a bit slower, but this should clear up once the current mps.c and mib.c code gets pushed out. Other tricks could help speed things up, but I don't want to resort to extra tricks if it's not needed. - More detailed debugging output.
This commit is stand-alone and gets hooked in with the following commit.
"Looks good at first glance" benno@ minor issues pointed out by and OK jmatthew@ Performance loss aceptable to sthen@ tested as part of larger diff by sthen@ and Joel Carnat
|
#
1.15 |
|
31-Aug-2022 |
martijn |
Rewrite the searchrange end calculation routine. The old one had a bug which allowed it to move backwards on overlapping regions and also didn't always returned the optimal end position.
OK tb@
|
#
1.14 |
|
30-Aug-2022 |
martijn |
Remove now unused search variable. Missed in previous.
OK tb@
|
#
1.13 |
|
30-Aug-2022 |
martijn |
Remove the downwards check for overlapping regions when the subtree flag is set.
There's a bit of inverted logic in there and this feature will probably get in the way of the blocklist feature (and maybe others)
OK tb@
|
#
1.12 |
|
29-Aug-2022 |
martijn |
Allow overlapping regions (if subtree claim flag is set) when the backends are identical.
OK tb@
|
#
1.11 |
|
29-Aug-2022 |
martijn |
Make sure oidbuf is initialized when we hit the overlap case.
OK tb@
|
#
1.10 |
|
29-Aug-2022 |
martijn |
When there are two overlapping regions handled by the same backend we might traverse back in the tree; Make sure this doesn't happen.
OK tb@
|
#
1.9 |
|
29-Aug-2022 |
martijn |
When a backend disappears while handling a request, make sure that the outstanding requests are handled by the next backend, instead of leaking memory.
OK tb@
|
#
1.8 |
|
29-Aug-2022 |
martijn |
Let snmpd check a response package against the requested searchrange end.
If the returned OID is beyond the searchrange end we have two cases: - If the backend supports searchranges (agentx) we generate a GENERR and close the connection. - If the backend doesn't support searchranges (legacy and maybe a future snmp proxy) we simply fix-up the result.
OK tb@
|
#
1.7 |
|
23-Aug-2022 |
martijn |
(Re)add support for agentx in snmpd Current omissions in protocol support are notifications, index (de)allocation, and agent capabilities.
Help testing sthen@ Feedback/tweaks/OK jmatthew@
|
#
1.6 |
|
30-Jun-2022 |
martijn |
Introduce a blocklist backend and keyword.
This allows the admin to specify a full region of the OID tree to be blocked and simply returns NOSUCHOBJECT/ENDOFMIBVIEW.
This deprecates filter-pf-addresses in favour of: blocklist pfTblAddrTable
OK tb@
|
#
1.5 |
|
27-Jun-2022 |
martijn |
Mostly rewrite appl_request_upstream_reply. The old code had a potential off by one underflow, which is unlikely to be hit with the current builtin backend, and didn't show the returned varbindlist correct.
OK sthen@
|
#
1.4 |
|
27-Jun-2022 |
martijn |
Initialize oidbuf and regionbuf when registering a region in appl_region. This prevents us from spewing garbage on error.
regionbuf case pointed out by tb@
OK deraadt@ tb@
|
Revision tags: OPENBSD_7_1_BASE
|
#
1.3 |
|
22-Feb-2022 |
martijn |
requestid is a 32 bit integer, make sure that we request that with ober_scanf_elements.
Found the hard way on octeon and patch tested by sebastian <at> rostwald <dot> de OK tb
|
#
1.2 |
|
30-Jan-2022 |
martijn |
Add missing NULL check.
OK benno@
|
#
1.1 |
|
19-Jan-2022 |
martijn |
Add the new application layer. Changes include: - Asynchronous design, which should allow us to cleanly implement agentx support. - Cluster requests when sending them to backends - Return a better error code in a lot of cases. - Allow bulkget to return row by row instead of column by column (as per RFC3416) - Better SNMPv1 mapping as per RFC3584 - Allow registration of overlapping regions. - Stricter OID comparison. - We loose write support. Previous write support didn't guarantee atomicity, wasn't persistent across restarts and didn't implement anything useful. This can be added later if it's missed. - This is quite a bit slower, but this should clear up once the current mps.c and mib.c code gets pushed out. Other tricks could help speed things up, but I don't want to resort to extra tricks if it's not needed. - More detailed debugging output.
This commit is stand-alone and gets hooked in with the following commit.
"Looks good at first glance" benno@ minor issues pointed out by and OK jmatthew@ Performance loss aceptable to sthen@ tested as part of larger diff by sthen@ and Joel Carnat
|
#
1.12 |
|
29-Aug-2022 |
martijn |
Allow overlapping regions (if subtree claim flag is set) when the backends are identical.
OK tb@
|
#
1.11 |
|
29-Aug-2022 |
martijn |
Make sure oidbuf is initialized when we hit the overlap case.
OK tb@
|
#
1.10 |
|
29-Aug-2022 |
martijn |
When there are two overlapping regions handled by the same backend we might traverse back in the tree; Make sure this doesn't happen.
OK tb@
|
#
1.9 |
|
29-Aug-2022 |
martijn |
When a backend disappears while handling a request, make sure that the outstanding requests are handled by the next backend, instead of leaking memory.
OK tb@
|
#
1.8 |
|
29-Aug-2022 |
martijn |
Let snmpd check a response package against the requested searchrange end.
If the returned OID is beyond the searchrange end we have two cases: - If the backend supports searchranges (agentx) we generate a GENERR and close the connection. - If the backend doesn't support searchranges (legacy and maybe a future snmp proxy) we simply fix-up the result.
OK tb@
|
#
1.7 |
|
23-Aug-2022 |
martijn |
(Re)add support for agentx in snmpd Current omissions in protocol support are notifications, index (de)allocation, and agent capabilities.
Help testing sthen@ Feedback/tweaks/OK jmatthew@
|
#
1.6 |
|
30-Jun-2022 |
martijn |
Introduce a blocklist backend and keyword.
This allows the admin to specify a full region of the OID tree to be blocked and simply returns NOSUCHOBJECT/ENDOFMIBVIEW.
This deprecates filter-pf-addresses in favour of: blocklist pfTblAddrTable
OK tb@
|
#
1.5 |
|
27-Jun-2022 |
martijn |
Mostly rewrite appl_request_upstream_reply. The old code had a potential off by one underflow, which is unlikely to be hit with the current builtin backend, and didn't show the returned varbindlist correct.
OK sthen@
|
#
1.4 |
|
27-Jun-2022 |
martijn |
Initialize oidbuf and regionbuf when registering a region in appl_region. This prevents us from spewing garbage on error.
regionbuf case pointed out by tb@
OK deraadt@ tb@
|
Revision tags: OPENBSD_7_1_BASE
|
#
1.3 |
|
22-Feb-2022 |
martijn |
requestid is a 32 bit integer, make sure that we request that with ober_scanf_elements.
Found the hard way on octeon and patch tested by sebastian <at> rostwald <dot> de OK tb
|
#
1.2 |
|
30-Jan-2022 |
martijn |
Add missing NULL check.
OK benno@
|
#
1.1 |
|
19-Jan-2022 |
martijn |
Add the new application layer. Changes include: - Asynchronous design, which should allow us to cleanly implement agentx support. - Cluster requests when sending them to backends - Return a better error code in a lot of cases. - Allow bulkget to return row by row instead of column by column (as per RFC3416) - Better SNMPv1 mapping as per RFC3584 - Allow registration of overlapping regions. - Stricter OID comparison. - We loose write support. Previous write support didn't guarantee atomicity, wasn't persistent across restarts and didn't implement anything useful. This can be added later if it's missed. - This is quite a bit slower, but this should clear up once the current mps.c and mib.c code gets pushed out. Other tricks could help speed things up, but I don't want to resort to extra tricks if it's not needed. - More detailed debugging output.
This commit is stand-alone and gets hooked in with the following commit.
"Looks good at first glance" benno@ minor issues pointed out by and OK jmatthew@ Performance loss aceptable to sthen@ tested as part of larger diff by sthen@ and Joel Carnat
|
#
1.7 |
|
23-Aug-2022 |
martijn |
(Re)add support for agentx in snmpd Current omissions in protocol support are notifications, index (de)allocation, and agent capabilities.
Help testing sthen@ Feedback/tweaks/OK jmatthew@
|
#
1.6 |
|
30-Jun-2022 |
martijn |
Introduce a blocklist backend and keyword.
This allows the admin to specify a full region of the OID tree to be blocked and simply returns NOSUCHOBJECT/ENDOFMIBVIEW.
This deprecates filter-pf-addresses in favour of: blocklist pfTblAddrTable
OK tb@
|
#
1.5 |
|
27-Jun-2022 |
martijn |
Mostly rewrite appl_request_upstream_reply. The old code had a potential off by one underflow, which is unlikely to be hit with the current builtin backend, and didn't show the returned varbindlist correct.
OK sthen@
|
#
1.4 |
|
27-Jun-2022 |
martijn |
Initialize oidbuf and regionbuf when registering a region in appl_region. This prevents us from spewing garbage on error.
regionbuf case pointed out by tb@
OK deraadt@ tb@
|
Revision tags: OPENBSD_7_1_BASE
|
#
1.3 |
|
22-Feb-2022 |
martijn |
requestid is a 32 bit integer, make sure that we request that with ober_scanf_elements.
Found the hard way on octeon and patch tested by sebastian <at> rostwald <dot> de OK tb
|
#
1.2 |
|
30-Jan-2022 |
martijn |
Add missing NULL check.
OK benno@
|
#
1.1 |
|
19-Jan-2022 |
martijn |
Add the new application layer. Changes include: - Asynchronous design, which should allow us to cleanly implement agentx support. - Cluster requests when sending them to backends - Return a better error code in a lot of cases. - Allow bulkget to return row by row instead of column by column (as per RFC3416) - Better SNMPv1 mapping as per RFC3584 - Allow registration of overlapping regions. - Stricter OID comparison. - We loose write support. Previous write support didn't guarantee atomicity, wasn't persistent across restarts and didn't implement anything useful. This can be added later if it's missed. - This is quite a bit slower, but this should clear up once the current mps.c and mib.c code gets pushed out. Other tricks could help speed things up, but I don't want to resort to extra tricks if it's not needed. - More detailed debugging output.
This commit is stand-alone and gets hooked in with the following commit.
"Looks good at first glance" benno@ minor issues pointed out by and OK jmatthew@ Performance loss aceptable to sthen@ tested as part of larger diff by sthen@ and Joel Carnat
|
#
1.6 |
|
30-Jun-2022 |
martijn |
Introduce a blocklist backend and keyword.
This allows the admin to specify a full region of the OID tree to be blocked and simply returns NOSUCHOBJECT/ENDOFMIBVIEW.
This deprecates filter-pf-addresses in favour of: blocklist pfTblAddrTable
OK tb@
|
#
1.5 |
|
27-Jun-2022 |
martijn |
Mostly rewrite appl_request_upstream_reply. The old code had a potential off by one underflow, which is unlikely to be hit with the current builtin backend, and didn't show the returned varbindlist correct.
OK sthen@
|
#
1.4 |
|
27-Jun-2022 |
martijn |
Initialize oidbuf and regionbuf when registering a region in appl_region. This prevents us from spewing garbage on error.
regionbuf case pointed out by tb@
OK deraadt@ tb@
|
Revision tags: OPENBSD_7_1_BASE
|
#
1.3 |
|
22-Feb-2022 |
martijn |
requestid is a 32 bit integer, make sure that we request that with ober_scanf_elements.
Found the hard way on octeon and patch tested by sebastian <at> rostwald <dot> de OK tb
|
#
1.2 |
|
30-Jan-2022 |
martijn |
Add missing NULL check.
OK benno@
|
#
1.1 |
|
19-Jan-2022 |
martijn |
Add the new application layer. Changes include: - Asynchronous design, which should allow us to cleanly implement agentx support. - Cluster requests when sending them to backends - Return a better error code in a lot of cases. - Allow bulkget to return row by row instead of column by column (as per RFC3416) - Better SNMPv1 mapping as per RFC3584 - Allow registration of overlapping regions. - Stricter OID comparison. - We loose write support. Previous write support didn't guarantee atomicity, wasn't persistent across restarts and didn't implement anything useful. This can be added later if it's missed. - This is quite a bit slower, but this should clear up once the current mps.c and mib.c code gets pushed out. Other tricks could help speed things up, but I don't want to resort to extra tricks if it's not needed. - More detailed debugging output.
This commit is stand-alone and gets hooked in with the following commit.
"Looks good at first glance" benno@ minor issues pointed out by and OK jmatthew@ Performance loss aceptable to sthen@ tested as part of larger diff by sthen@ and Joel Carnat
|
#
1.5 |
|
27-Jun-2022 |
martijn |
Mostly rewrite appl_request_upstream_reply. The old code had a potential off by one underflow, which is unlikely to be hit with the current builtin backend, and didn't show the returned varbindlist correct.
OK sthen@
|
#
1.4 |
|
27-Jun-2022 |
martijn |
Initialize oidbuf and regionbuf when registering a region in appl_region. This prevents us from spewing garbage on error.
regionbuf case pointed out by tb@
OK deraadt@ tb@
|
Revision tags: OPENBSD_7_1_BASE
|
#
1.3 |
|
22-Feb-2022 |
martijn |
requestid is a 32 bit integer, make sure that we request that with ober_scanf_elements.
Found the hard way on octeon and patch tested by sebastian <at> rostwald <dot> de OK tb
|
#
1.2 |
|
30-Jan-2022 |
martijn |
Add missing NULL check.
OK benno@
|
#
1.1 |
|
19-Jan-2022 |
martijn |
Add the new application layer. Changes include: - Asynchronous design, which should allow us to cleanly implement agentx support. - Cluster requests when sending them to backends - Return a better error code in a lot of cases. - Allow bulkget to return row by row instead of column by column (as per RFC3416) - Better SNMPv1 mapping as per RFC3584 - Allow registration of overlapping regions. - Stricter OID comparison. - We loose write support. Previous write support didn't guarantee atomicity, wasn't persistent across restarts and didn't implement anything useful. This can be added later if it's missed. - This is quite a bit slower, but this should clear up once the current mps.c and mib.c code gets pushed out. Other tricks could help speed things up, but I don't want to resort to extra tricks if it's not needed. - More detailed debugging output.
This commit is stand-alone and gets hooked in with the following commit.
"Looks good at first glance" benno@ minor issues pointed out by and OK jmatthew@ Performance loss aceptable to sthen@ tested as part of larger diff by sthen@ and Joel Carnat
|
#
1.3 |
|
22-Feb-2022 |
martijn |
requestid is a 32 bit integer, make sure that we request that with ober_scanf_elements.
Found the hard way on octeon and patch tested by sebastian <at> rostwald <dot> de OK tb
|
#
1.2 |
|
30-Jan-2022 |
martijn |
Add missing NULL check.
OK benno@
|
#
1.1 |
|
19-Jan-2022 |
martijn |
Add the new application layer. Changes include: - Asynchronous design, which should allow us to cleanly implement agentx support. - Cluster requests when sending them to backends - Return a better error code in a lot of cases. - Allow bulkget to return row by row instead of column by column (as per RFC3416) - Better SNMPv1 mapping as per RFC3584 - Allow registration of overlapping regions. - Stricter OID comparison. - We loose write support. Previous write support didn't guarantee atomicity, wasn't persistent across restarts and didn't implement anything useful. This can be added later if it's missed. - This is quite a bit slower, but this should clear up once the current mps.c and mib.c code gets pushed out. Other tricks could help speed things up, but I don't want to resort to extra tricks if it's not needed. - More detailed debugging output.
This commit is stand-alone and gets hooked in with the following commit.
"Looks good at first glance" benno@ minor issues pointed out by and OK jmatthew@ Performance loss aceptable to sthen@ tested as part of larger diff by sthen@ and Joel Carnat
|
#
1.2 |
|
30-Jan-2022 |
martijn |
Add missing NULL check.
OK benno@
|
#
1.1 |
|
19-Jan-2022 |
martijn |
Add the new application layer. Changes include: - Asynchronous design, which should allow us to cleanly implement agentx support. - Cluster requests when sending them to backends - Return a better error code in a lot of cases. - Allow bulkget to return row by row instead of column by column (as per RFC3416) - Better SNMPv1 mapping as per RFC3584 - Allow registration of overlapping regions. - Stricter OID comparison. - We loose write support. Previous write support didn't guarantee atomicity, wasn't persistent across restarts and didn't implement anything useful. This can be added later if it's missed. - This is quite a bit slower, but this should clear up once the current mps.c and mib.c code gets pushed out. Other tricks could help speed things up, but I don't want to resort to extra tricks if it's not needed. - More detailed debugging output.
This commit is stand-alone and gets hooked in with the following commit.
"Looks good at first glance" benno@ minor issues pointed out by and OK jmatthew@ Performance loss aceptable to sthen@ tested as part of larger diff by sthen@ and Joel Carnat
|