Age | Commit message (Collapse) | Author | |
---|---|---|---|
2022-01-02 | Revert "snmp: T4093: add missing verify() step for required group per snmp ↵ | Christian Poessinger | |
v3 user" This reverts commit 522c9d916e390f797290c8b4c9af36cf9639cbbc. | |||
2021-12-27 | snmp: T4093: add missing verify() step for required group per snmp v3 user | Christian Poessinger | |
(cherry picked from commit a70a4001fe0b3a91a7d86191ff32dcc7205d2eae) | |||
2019-11-28 | [T1299] - SNMP extension with custom scripts | hagbard | |
(cherry picked from commit 334677572aef752b0bf2c893bd14bdf6f801bb4b) | |||
2019-11-12 | snmpd: T1705 - High CPU usage by bgpd when snmp is active | hagbard | |
* typo fixed | |||
2019-10-28 | snmp: fix verify() bail out early order | Christian Poessinger | |
(cherry picked from commit ed642ff5e958c6ef43dee5ef684fb5ccf85ad8cf) | |||
2019-10-27 | snmp: T1738: cleanup import statements | Christian Poessinger | |
(cherry picked from commit b86f1d702e3b67774d3a2eec1f9fa83108711798) | |||
2019-10-27 | snmp: T1769: remove TSM (Transport Security Mode) support | Christian Poessinger | |
The SNMPv3 TSM is very complex and I know 0 users of it. Also this is untested and I know no way how it could be tested. Instead of carrying on dead and unused code we should favour a drop of it using a proper config migration script. (cherry picked from commit 556b528ef9cc1eca9d142ebe1f8f88cd02d536da) | |||
2019-10-27 | snmp: T818: T1738: remove per user/trap engine id | Christian Poessinger | |
As of the SNMP specification an SNMP engine ID should be unique per device. To not make it more complicated for users - only use the global SNMP engine ID. (cherry picked from commit d523111279b3a9a5266b442db5f04049a31685f7) | |||
2019-01-30 | T1160: fix (ro|rw)community ACL | Christian Poessinger | |
WHen building up the SNMP v2 community ro/rw access all hosts from a INET version could access even when the community was locked to one INET family. Example #1: set service snmp community bar network 172.16.0.0/12 Allowed access only to IPv4 network 172.16.0.0/12 but it allowed acces from IPv6 ::/0. Example #2: set service snmp community baz network 2001:db8::/64 Limited IPv6 access to 2001:db8::/64 but IPv4 was open to 0.0.0.0/0 (cherry picked from commit cc07c4727bdffb4c220ce28ab9f697b01fe4afb7) | |||
2019-01-03 | T1147: Fix SNMP config file generation on newly installed systems | Christian Poessinger | |
(cherry picked from commit 59471ed0c249771fa6c46cf0b020222b7caeee42) | |||
2018-11-05 | T950: make sure agentx is enabled in FRR only when SNMP is setup, and ↵ | Daniil Baturin | |
supress duplicate error messages. | |||
2018-10-28 | T923: enable AgentX in FRR after SNMP is configured. | Daniil Baturin | |
2018-10-20 | SNMP: update comments in Python generator | Christian Poessinger | |
2018-10-20 | T923: support SNMP integration with FRR routing daemon | Christian Poessinger | |
2018-09-29 | T855: fix SNMP python verify() to allow non group assignment | Christian Poessinger | |
VyOS 1.1.8 support SNMPv3 without a group beeing assigned to a user. This was yet not supported in VyOS 1.2.0. Use for testing: ================ set service snmp v3 user testsnmpv3 auth plain 'authkey12345' set service snmp v3 user testsnmpv3 auth type sha set service snmp v3 user testsnmpv3 mode ro set service snmp v3 user testsnmpv3 privacy plain 'privkey12345' set service snmp v3 user testsnmpv3 privacy type aes | |||
2018-09-16 | T850: SNMP: improve non existing listen-address assignments | Christian Poessinger | |
2018-09-16 | snmp: fix python script indention | Christian Poessinger | |
2018-09-10 | snmp.py: proper creation of non network bound SNMP communities | Christian Poessinger | |
2018-09-10 | snmp.py: improve JINJA2 template robustness | Christian Poessinger | |
2018-09-01 | snmp.py: improve daemon startup | Christian Poessinger | |
The previous implementation used a hardcoded 2 seconds sleep until the daemon configuration was rendered by snmpd (user/password stuff). Waiting 2 seconds is error prone and was replaced by reading the configuration file until it shows a marker indicating that the file was properly processed by snmpd. | |||
2018-09-01 | snmp.py: beautify generated snmp.conf #2 | Christian Poessinger | |
2018-09-01 | snmp.py: bugfix - CLI client community node was not processed | Christian Poessinger | |
2018-09-01 | snmp.py: bugfix writing rocommunity string in config | Christian Poessinger | |
2018-09-01 | snmp.py: beautify generated snmp.conf | Christian Poessinger | |
2018-09-01 | T771: snmp.px: reduce syslog noise | Christian Poessinger | |
2018-08-29 | snmp.py: only write 'oldEngineID' to config if v3 is enabled | Christian Poessinger | |
2018-08-29 | T733: snmp.py: switch to new IP address validators | Christian Poessinger | |
Commit a30dac7c2 ("vyos package: add IP address validators") added system wide Python validators for IP addresses. Remove duplicated code and switch to single source. | |||
2018-08-07 | T733: snmp.py: set IPv6 community string | Jules Taplin | |
Also fixed it to correctly set an IPv6 community string, even if you don't specify the network it's working on. | |||
2018-07-05 | T733: snmp.py: set IPv6 community string | jules-vyos | |
* Fixed snmp.py to correctly supply 'community6' community strings, so that ipv6 will work. | |||
2018-07-02 | T652: SNMP: bugfix initial specification of v3 engine id missing | Christian Poessinger | |
2018-07-02 | T713: bugfix incorrect parsing of seclevel | Christian Poessinger | |
... there was a coding error in the if clause. | |||
2018-07-02 | T652: SNMP: bugfix for default auth and priv type | Christian Poessinger | |
If no auth or no priv type was specified for a v3 user this resulted in a commit error, but CLI said there would be ssane defaults. * auth type defaults to 'md5' * priv type defaults to 'des' | |||
2018-06-30 | T714: SNMP: make user auth type mandatory | Christian Poessinger | |
... if seclevel for group is auth or priv where the user belongs to | |||
2018-06-30 | T713: bugfix incorrect parsing of seclevel | Christian Poessinger | |
SNMP v3 group seclevel was not taken into account when validating existance of user auth or priv keys. | |||
2018-06-30 | T652: SNMP: bugfix preserving users engineid | Christian Poessinger | |
In VyOS 1.1.x every user was forced to the systems engine ID when using SNMPv3, even when a user wanted to have a custom engineID, thus the node 'service snmp v3 user foo engineid' itself is useless. | |||
2018-06-08 | T652: import SNMP keys from volatile into nonvolatile location | Christian Poessinger | |
2018-06-08 | T652: user encrypted-key not possible without engineid | Christian Poessinger | |
2018-06-07 | T652: snmp.py: support SNMPv3 write groups | Christian Poessinger | |
2018-06-06 | T652: snmp.py: bugfix writing encrypted keys to config | Christian Poessinger | |
... in the past an encrypted key was encrypted again b/c we only used createUser in /var/lib/snmp/snmpd.conf nad not usmUser in addition. | |||
2018-06-06 | snmp.py: pipe shell output to /dev/null as it was back in the Perl days | Christian Poessinger | |
2018-06-06 | T652: snmp.py: listen on all addresses if listen-address is not specified | Christian Poessinger | |
2018-06-05 | T652: snmp.py: convert plaintext-keys into encrypted-keys | Christian Poessinger | |
2018-06-04 | T652: Add SNMPv3 TSM handling and commit verification | Christian Poessinger | |
2018-06-04 | T652: read SNMPv3 config into python dictionary | Christian Poessinger | |
2018-06-04 | snmp.py: refactor listen-address config generation | Christian Poessinger | |
2018-06-04 | T654: Support IPv6 configuration for SNMP listen address | Christian Poessinger | |
2018-06-04 | T652: first SNMP version using XML interface definition | Christian Poessinger | |