summaryrefslogtreecommitdiff
path: root/src/conf_mode/snmp.py
AgeCommit message (Collapse)Author
2022-01-02Revert "snmp: T4093: add missing verify() step for required group per snmp ↵Christian Poessinger
v3 user" This reverts commit 522c9d916e390f797290c8b4c9af36cf9639cbbc.
2021-12-27snmp: T4093: add missing verify() step for required group per snmp v3 userChristian Poessinger
(cherry picked from commit a70a4001fe0b3a91a7d86191ff32dcc7205d2eae)
2019-11-28[T1299] - SNMP extension with custom scriptshagbard
(cherry picked from commit 334677572aef752b0bf2c893bd14bdf6f801bb4b)
2019-11-12snmpd: T1705 - High CPU usage by bgpd when snmp is activehagbard
* typo fixed
2019-10-28snmp: fix verify() bail out early orderChristian Poessinger
(cherry picked from commit ed642ff5e958c6ef43dee5ef684fb5ccf85ad8cf)
2019-10-27snmp: T1738: cleanup import statementsChristian Poessinger
(cherry picked from commit b86f1d702e3b67774d3a2eec1f9fa83108711798)
2019-10-27snmp: T1769: remove TSM (Transport Security Mode) supportChristian Poessinger
The SNMPv3 TSM is very complex and I know 0 users of it. Also this is untested and I know no way how it could be tested. Instead of carrying on dead and unused code we should favour a drop of it using a proper config migration script. (cherry picked from commit 556b528ef9cc1eca9d142ebe1f8f88cd02d536da)
2019-10-27snmp: T818: T1738: remove per user/trap engine idChristian Poessinger
As of the SNMP specification an SNMP engine ID should be unique per device. To not make it more complicated for users - only use the global SNMP engine ID. (cherry picked from commit d523111279b3a9a5266b442db5f04049a31685f7)
2019-01-30T1160: fix (ro|rw)community ACLChristian Poessinger
WHen building up the SNMP v2 community ro/rw access all hosts from a INET version could access even when the community was locked to one INET family. Example #1: set service snmp community bar network 172.16.0.0/12 Allowed access only to IPv4 network 172.16.0.0/12 but it allowed acces from IPv6 ::/0. Example #2: set service snmp community baz network 2001:db8::/64 Limited IPv6 access to 2001:db8::/64 but IPv4 was open to 0.0.0.0/0 (cherry picked from commit cc07c4727bdffb4c220ce28ab9f697b01fe4afb7)
2019-01-03T1147: Fix SNMP config file generation on newly installed systemsChristian Poessinger
(cherry picked from commit 59471ed0c249771fa6c46cf0b020222b7caeee42)
2018-11-05T950: make sure agentx is enabled in FRR only when SNMP is setup, and ↵Daniil Baturin
supress duplicate error messages.
2018-10-28T923: enable AgentX in FRR after SNMP is configured.Daniil Baturin
2018-10-20SNMP: update comments in Python generatorChristian Poessinger
2018-10-20T923: support SNMP integration with FRR routing daemonChristian Poessinger
2018-09-29T855: fix SNMP python verify() to allow non group assignmentChristian Poessinger
VyOS 1.1.8 support SNMPv3 without a group beeing assigned to a user. This was yet not supported in VyOS 1.2.0. Use for testing: ================ set service snmp v3 user testsnmpv3 auth plain 'authkey12345' set service snmp v3 user testsnmpv3 auth type sha set service snmp v3 user testsnmpv3 mode ro set service snmp v3 user testsnmpv3 privacy plain 'privkey12345' set service snmp v3 user testsnmpv3 privacy type aes
2018-09-16T850: SNMP: improve non existing listen-address assignmentsChristian Poessinger
2018-09-16snmp: fix python script indentionChristian Poessinger
2018-09-10snmp.py: proper creation of non network bound SNMP communitiesChristian Poessinger
2018-09-10snmp.py: improve JINJA2 template robustnessChristian Poessinger
2018-09-01snmp.py: improve daemon startupChristian Poessinger
The previous implementation used a hardcoded 2 seconds sleep until the daemon configuration was rendered by snmpd (user/password stuff). Waiting 2 seconds is error prone and was replaced by reading the configuration file until it shows a marker indicating that the file was properly processed by snmpd.
2018-09-01snmp.py: beautify generated snmp.conf #2Christian Poessinger
2018-09-01snmp.py: bugfix - CLI client community node was not processedChristian Poessinger
2018-09-01snmp.py: bugfix writing rocommunity string in configChristian Poessinger
2018-09-01snmp.py: beautify generated snmp.confChristian Poessinger
2018-09-01T771: snmp.px: reduce syslog noiseChristian Poessinger
2018-08-29snmp.py: only write 'oldEngineID' to config if v3 is enabledChristian Poessinger
2018-08-29T733: snmp.py: switch to new IP address validatorsChristian Poessinger
Commit a30dac7c2 ("vyos package: add IP address validators") added system wide Python validators for IP addresses. Remove duplicated code and switch to single source.
2018-08-07T733: snmp.py: set IPv6 community stringJules Taplin
Also fixed it to correctly set an IPv6 community string, even if you don't specify the network it's working on.
2018-07-05T733: snmp.py: set IPv6 community stringjules-vyos
* Fixed snmp.py to correctly supply 'community6' community strings, so that ipv6 will work.
2018-07-02T652: SNMP: bugfix initial specification of v3 engine id missingChristian Poessinger
2018-07-02T713: bugfix incorrect parsing of seclevelChristian Poessinger
... there was a coding error in the if clause.
2018-07-02T652: SNMP: bugfix for default auth and priv typeChristian Poessinger
If no auth or no priv type was specified for a v3 user this resulted in a commit error, but CLI said there would be ssane defaults. * auth type defaults to 'md5' * priv type defaults to 'des'
2018-06-30T714: SNMP: make user auth type mandatoryChristian Poessinger
... if seclevel for group is auth or priv where the user belongs to
2018-06-30T713: bugfix incorrect parsing of seclevelChristian Poessinger
SNMP v3 group seclevel was not taken into account when validating existance of user auth or priv keys.
2018-06-30T652: SNMP: bugfix preserving users engineidChristian Poessinger
In VyOS 1.1.x every user was forced to the systems engine ID when using SNMPv3, even when a user wanted to have a custom engineID, thus the node 'service snmp v3 user foo engineid' itself is useless.
2018-06-08T652: import SNMP keys from volatile into nonvolatile locationChristian Poessinger
2018-06-08T652: user encrypted-key not possible without engineidChristian Poessinger
2018-06-07T652: snmp.py: support SNMPv3 write groupsChristian Poessinger
2018-06-06T652: snmp.py: bugfix writing encrypted keys to configChristian Poessinger
... in the past an encrypted key was encrypted again b/c we only used createUser in /var/lib/snmp/snmpd.conf nad not usmUser in addition.
2018-06-06snmp.py: pipe shell output to /dev/null as it was back in the Perl daysChristian Poessinger
2018-06-06T652: snmp.py: listen on all addresses if listen-address is not specifiedChristian Poessinger
2018-06-05T652: snmp.py: convert plaintext-keys into encrypted-keysChristian Poessinger
2018-06-04T652: Add SNMPv3 TSM handling and commit verificationChristian Poessinger
2018-06-04T652: read SNMPv3 config into python dictionaryChristian Poessinger
2018-06-04snmp.py: refactor listen-address config generationChristian Poessinger
2018-06-04T654: Support IPv6 configuration for SNMP listen addressChristian Poessinger
2018-06-04T652: first SNMP version using XML interface definitionChristian Poessinger