1 files changed, 17 insertions, 59 deletions

diff --git a/src/conf_mode/snmp.py b/src/conf_mode/snmp.py
index 5cd24db32..7882f8510 100755
--- a/src/conf_mode/snmp.py
+++ b/src/conf_mode/snmp.py
@@ -26,12 +26,11 @@ from vyos.snmpv3_hashgen import plaintext_to_md5
 from vyos.snmpv3_hashgen import plaintext_to_sha1
 from vyos.snmpv3_hashgen import random
 from vyos.template import render
-from vyos.util import call
-from vyos.util import chmod_755
-from vyos.util import dict_search
-from vyos.validate import is_addr_assigned
+from vyos.utils.process import call
+from vyos.utils.permission import chmod_755
+from vyos.utils.dict import dict_search
+from vyos.utils.network import is_addr_assigned
 from vyos.version import get_version_data
-from vyos.xml import defaults
 from vyos import ConfigError
 from vyos import airbag
 airbag.enable()
@@ -40,7 +39,7 @@ config_file_client  = r'/etc/snmp/snmp.conf'
 config_file_daemon  = r'/etc/snmp/snmpd.conf'
 config_file_access  = r'/usr/share/snmp/snmpd.conf'
 config_file_user    = r'/var/lib/snmp/snmpd.conf'
-systemd_override    = r'/etc/systemd/system/snmpd.service.d/override.conf'
+systemd_override    = r'/run/systemd/system/snmpd.service.d/override.conf'
 systemd_service     = 'snmpd.service'
 
 def get_config(config=None):
@@ -70,29 +69,12 @@ def get_config(config=None):
 
     # We have gathered the dict representation of the CLI, but there are default
     # options which we need to update into the dictionary retrived.
-    default_values = defaults(base)
-
-    # We can not merge defaults for tagNodes - those need to be blended in
-    # per tagNode instance
-    if 'listen_address' in default_values:
-        del default_values['listen_address']
-    if 'community' in default_values:
-        del default_values['community']
-    if 'trap_target' in default_values:
-        del default_values['trap_target']
-    if 'v3' in default_values:
-        del default_values['v3']
-    snmp = dict_merge(default_values, snmp)
+    snmp = conf.merge_defaults(snmp, recursive=True)
 
     if 'listen_address' in snmp:
-        default_values = defaults(base + ['listen-address'])
-        for address in snmp['listen_address']:
-            snmp['listen_address'][address] = dict_merge(
-                default_values, snmp['listen_address'][address])
-
         # Always listen on localhost if an explicit address has been configured
         # This is a safety measure to not end up with invalid listen addresses
-        # that are not configured on this system. See https://phabricator.vyos.net/T850
+        # that are not configured on this system. See https://vyos.dev/T850
         if '127.0.0.1' not in snmp['listen_address']:
             tmp = {'127.0.0.1': {'port': '161'}}
             snmp['listen_address'] = dict_merge(tmp, snmp['listen_address'])
@@ -101,38 +83,6 @@ def get_config(config=None):
             tmp = {'::1': {'port': '161'}}
             snmp['listen_address'] = dict_merge(tmp, snmp['listen_address'])
 
-    if 'community' in snmp:
-        default_values = defaults(base + ['community'])
-        for community in snmp['community']:
-            snmp['community'][community] = dict_merge(
-                default_values, snmp['community'][community])
-
-    if 'trap_target' in snmp:
-        default_values = defaults(base + ['trap-target'])
-        for trap in snmp['trap_target']:
-            snmp['trap_target'][trap] = dict_merge(
-                default_values, snmp['trap_target'][trap])
-
-    if 'v3' in snmp:
-        default_values = defaults(base + ['v3'])
-        # tagNodes need to be merged in individually later on
-        for tmp in ['user', 'group', 'trap_target']:
-            del default_values[tmp]
-        snmp['v3'] = dict_merge(default_values, snmp['v3'])
-
-        for user_group in ['user', 'group']:
-            if user_group in snmp['v3']:
-                default_values = defaults(base + ['v3', user_group])
-                for tmp in snmp['v3'][user_group]:
-                    snmp['v3'][user_group][tmp] = dict_merge(
-                        default_values, snmp['v3'][user_group][tmp])
-
-            if 'trap_target' in snmp['v3']:
-                default_values = defaults(base + ['v3', 'trap-target'])
-                for trap in snmp['v3']['trap_target']:
-                    snmp['v3']['trap_target'][trap] = dict_merge(
-                        default_values, snmp['v3']['trap_target'][trap])
-
     return snmp
 
 def verify(snmp):
@@ -158,14 +108,22 @@ def verify(snmp):
         for address in snmp['listen_address']:
             # We only wan't to configure addresses that exist on the system.
             # Hint the user if they don't exist
-            if not is_addr_assigned(address):
-                Warning(f'SNMP listen address "{address}" not configured!')
+            if 'vrf' in snmp:
+                vrf_name = snmp['vrf']
+                if not is_addr_assigned(address, vrf_name) and address not in ['::1','127.0.0.1']:
+                    raise ConfigError(f'SNMP listen address "{address}" not configured in vrf "{vrf_name}"!')
+            elif not is_addr_assigned(address):
+                raise ConfigError(f'SNMP listen address "{address}" not configured in default vrf!')
 
     if 'trap_target' in snmp:
         for trap, trap_config in snmp['trap_target'].items():
             if 'community' not in trap_config:
                 raise ConfigError(f'Trap target "{trap}" requires a community to be set!')
 
+    if 'oid_enable' in snmp:
+        Warning(f'Custom OIDs are enabled and may lead to system instability and high resource consumption')
+
+
     verify_vrf(snmp)
 
     # bail out early if SNMP v3 is not configured