summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStephen Hemminger <stephen.hemminger@vyatta.com>2010-05-12 20:02:10 -0700
committerStephen Hemminger <stephen.hemminger@vyatta.com>2010-05-12 20:23:42 -0700
commit496c5f68ebdeb33ca75fac65f0c6f0ae29b781bb (patch)
treed33962e25e43c079ffcf472fcb7d95dee63a0189
parentab587ce0c92b5aeeb26eb678946a7e1faa6f9db1 (diff)
downloadvyatta-cfg-quagga-496c5f68ebdeb33ca75fac65f0c6f0ae29b781bb.tar.gz
vyatta-cfg-quagga-496c5f68ebdeb33ca75fac65f0c6f0ae29b781bb.zip
Allow configuring/restricting SNMP listen address
Add: service snmp listen-address AAAA [port NNN]
-rw-r--r--scripts/snmp/vyatta-snmp.pl50
-rw-r--r--templates/service/snmp/listen-address/node.def3
-rw-r--r--templates/service/snmp/listen-address/node.tag/port/node.def3
3 files changed, 53 insertions, 3 deletions
diff --git a/scripts/snmp/vyatta-snmp.pl b/scripts/snmp/vyatta-snmp.pl
index e3aa3fc1..f80a68fd 100644
--- a/scripts/snmp/vyatta-snmp.pl
+++ b/scripts/snmp/vyatta-snmp.pl
@@ -26,6 +26,7 @@
use lib "/opt/vyatta/share/perl5/";
use Vyatta::Config;
use Vyatta::Misc;
+use NetAddr::IP;
use Getopt::Long;
use File::Copy;
@@ -40,6 +41,7 @@ my $snmp_tmp = "/tmp/snmpd.conf.$$";
my $snmp_snmpv3_user_conf = '/usr/share/snmp/snmpd.conf';
my $snmp_snmpv3_createuser_conf = '/var/lib/snmp/snmpd.conf';
my $versionfile = '/opt/vyatta/etc/version';
+my $local_agent = 'unix:/var/run/snmpd.socket';
my $snmp_level = 'service snmp';
@@ -60,7 +62,7 @@ sub snmp_start {
snmp_get_values();
close $fh;
select STDOUT;
-
+
snmp_client_config();
move($snmp_tmp, $snmp_conf)
@@ -85,15 +87,57 @@ sub get_version {
return $version;
}
+# convert address to snmpd transport syntac
+sub transport_syntax {
+ my ($addr, $port) = @_;
+ my $ip = new NetAddr::IP $addr;
+
+ return "udp:$addr:$port" if ($ip->version == 4);
+ return "udp6:[$addr]:$port" if ($ip->version == 6);
+ die "$addr: unknown protocol address";
+}
+
+sub ipv6_disabled {
+ my $config = new Vyatta::Config;
+ return $config->exists("system ipv6 disable");
+}
+
+# Find SNMP agent listening addresses
+sub get_listen_address {
+ my $config = new Vyatta::Config;
+ my @listen;
+
+ $config->setLevel('service snmp listen-address');
+ my @address = $config->listNodes();
+
+ if(@address) {
+ foreach my $addr (@address) {
+ my $port = $config->returnValue("$addr port");
+ push @listen, transport_syntax($addr, $port);
+ }
+ } else {
+ # default if no address specified
+ @listen = ( 'udp:' );
+ push @listen, 'udp6:' unless ipv6_disabled();
+ return @listen;
+ }
+
+ return @listen;
+}
+
sub snmp_get_constants {
my $version = get_version();
my $now = localtime;
+ my @addr = get_listen_address();
+
+ # add local unix domain target for use by operational commands
+ unshift @addr, $local_agent;
print "# autogenerated by vyatta-snmp.pl on $now\n";
print "sysDescr Vyatta $version\n";
print "sysObjectID 1.3.6.1.4.1.30803\n";
print "sysServices 14\n";
- print "agentaddress unix:/var/run/snmpd.socket,udp:161,udp6:161\n";
+ print "agentaddress ", join(',',@addr), "\n";
print "smuxpeer .1.3.6.1.4.1.3317.1.2.2\n"; # ospfd
print "smuxpeer .1.3.6.1.4.1.3317.1.2.5\n"; # bgpd
@@ -119,7 +163,7 @@ sub print_community {
my @address = $config->returnValues('client');
push @address, $config->returnValues('network');
-
+
if (@address) {
foreach my $addr (@address) {
print "$auth $community $addr\n";
diff --git a/templates/service/snmp/listen-address/node.def b/templates/service/snmp/listen-address/node.def
new file mode 100644
index 00000000..f234edc8
--- /dev/null
+++ b/templates/service/snmp/listen-address/node.def
@@ -0,0 +1,3 @@
+tag:
+type: ipv4,ipv6
+help: Set IP address to listen for incoming SNMP requests
diff --git a/templates/service/snmp/listen-address/node.tag/port/node.def b/templates/service/snmp/listen-address/node.tag/port/node.def
new file mode 100644
index 00000000..5a21b1d8
--- /dev/null
+++ b/templates/service/snmp/listen-address/node.tag/port/node.def
@@ -0,0 +1,3 @@
+type: u32
+default: 161
+help: Set port for SNMP service