From a31f6d45f72dbe556bd3f3d7d62935251888eca5 Mon Sep 17 00:00:00 2001 From: Nicolas Fort Date: Wed, 8 Feb 2023 13:18:15 +0000 Subject: T4857: Fix error when not defining client|network under community --- data/templates/snmp/etc.snmpd.conf.j2 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/data/templates/snmp/etc.snmpd.conf.j2 b/data/templates/snmp/etc.snmpd.conf.j2 index 793facc3f..66cf7629a 100644 --- a/data/templates/snmp/etc.snmpd.conf.j2 +++ b/data/templates/snmp/etc.snmpd.conf.j2 @@ -78,8 +78,8 @@ agentaddress unix:/run/snmpd.socket{{ ',' ~ options | join(',') if options is vy {% endfor %} {% endif %} {% if comm_config.client is not vyos_defined and comm_config.network is not vyos_defined %} -{{ comm_config.authorization }}community {{ comm }} -V RESTRICTED -{{ comm_config.authorization }}community6 {{ comm }} -V RESTRICTED +{{ comm_config.authorization }}community {{ comm }} 0.0.0.0/0 -V RESTRICTED +{{ comm_config.authorization }}community6 {{ comm }} ::/0 -V RESTRICTED {% endif %} {% endfor %} {% endif %} -- cgit v1.2.3 From 011e6a2cdea8fca73f7c433de5e2d6bc22bd9c19 Mon Sep 17 00:00:00 2001 From: Christian Breunig Date: Fri, 10 Feb 2023 19:42:44 +0100 Subject: snmp: T4857: explicitly define default community networks 0.0.0.0/0 and ::/0 After the RESTRICTED view was introduced snmpd requires a network to be specified. Before adding the RESTRICTED view snmpd always assumed the default network 0.0.0.0/0. This commit re-adds the build in default networks for IPv4 and IPv6 and exposes it as a proper default to the CLI so the user is informed about it: vyos@vyos# set service snmp community foooo Possible completions: authorization Authorization type (default: ro) + client IP address of SNMP client allowed to contact system + network Subnet of SNMP client(s) allowed to contact system (default: 0.0.0.0/0, ::/0) --- data/templates/snmp/etc.snmpd.conf.j2 | 4 ---- interface-definitions/snmp.xml.in | 5 +++-- src/conf_mode/snmp.py | 3 +++ 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/data/templates/snmp/etc.snmpd.conf.j2 b/data/templates/snmp/etc.snmpd.conf.j2 index 66cf7629a..9d78d479a 100644 --- a/data/templates/snmp/etc.snmpd.conf.j2 +++ b/data/templates/snmp/etc.snmpd.conf.j2 @@ -77,10 +77,6 @@ agentaddress unix:/run/snmpd.socket{{ ',' ~ options | join(',') if options is vy {% endif %} {% endfor %} {% endif %} -{% if comm_config.client is not vyos_defined and comm_config.network is not vyos_defined %} -{{ comm_config.authorization }}community {{ comm }} 0.0.0.0/0 -V RESTRICTED -{{ comm_config.authorization }}community6 {{ comm }} ::/0 -V RESTRICTED -{% endif %} {% endfor %} {% endif %} diff --git a/interface-definitions/snmp.xml.in b/interface-definitions/snmp.xml.in index 10dd828a5..592db7f4e 100644 --- a/interface-definitions/snmp.xml.in +++ b/interface-definitions/snmp.xml.in @@ -13,9 +13,9 @@ Community name - [a-zA-Z0-9\-_!@*#]{1,100} + [[:alnum:]-_!@*#]{1,100} - Community string is limited to alphanumerical characters, !, @, * and # with a total lenght of 100 + Community string is limited to alphanumerical characters, -, _, !, @, *, and # with a total lenght of 100 @@ -65,6 +65,7 @@ + 0.0.0.0/0 ::/0 diff --git a/src/conf_mode/snmp.py b/src/conf_mode/snmp.py index ab2ccf99e..1a8434783 100755 --- a/src/conf_mode/snmp.py +++ b/src/conf_mode/snmp.py @@ -103,6 +103,9 @@ def get_config(config=None): if 'community' in snmp: default_values = defaults(base + ['community']) + if 'network' in default_values: + # convert multiple default networks to list + default_values['network'] = default_values['network'].split() for community in snmp['community']: snmp['community'][community] = dict_merge( default_values, snmp['community'][community]) -- cgit v1.2.3