Better version of SNMP IPv6 support

Need to use different syntax for community values on IPv6
versus IPv4

8 files changed, 54 insertions, 38 deletions

diff --git a/scripts/snmp/vyatta-snmp.pl b/scripts/snmp/vyatta-snmp.pl
index 3adb37b7..e3aa3fc1 100644
--- a/scripts/snmp/vyatta-snmp.pl
+++ b/scripts/snmp/vyatta-snmp.pl
@@ -93,6 +93,8 @@ sub snmp_get_constants {
     print "sysDescr Vyatta $version\n";
     print "sysObjectID 1.3.6.1.4.1.30803\n";
     print "sysServices 14\n";
+    print "agentaddress unix:/var/run/snmpd.socket,udp:161,udp6:161\n";
+
     print "smuxpeer .1.3.6.1.4.1.3317.1.2.2\n";		# ospfd
     print "smuxpeer .1.3.6.1.4.1.3317.1.2.5\n";		# bgpd
     print "smuxpeer .1.3.6.1.4.1.3317.1.2.3\n";		# ripd
@@ -106,44 +108,38 @@ sub randhex {
     return join "", map { unpack "H*", chr(rand(256)) } 1..($length/2);
 }
 
+# output snmpd.conf file syntax for community
+sub print_community {
+    my ($config, $community, $type) = @_;
+    $config->setLevel("service snmp $type $community");
+
+    my $auth = $config->returnValue('authorization');
+    $auth = 'ro' unless $auth;
+    $auth .= $type;		# rocommunity
+
+    my @address = $config->returnValues('client');
+    push @address, $config->returnValues('network');
+    
+    if (@address) {
+	foreach my $addr (@address) {
+	    print "$auth $community $addr\n";
+	}
+    } else {
+	print "$auth $community\n";
+    }
+}
+
 sub snmp_get_values {
     my $config = new Vyatta::Config;
 
-    $config->setLevel("service snmp community");
-    my @communities = $config->listNodes();
-   
+    my @communities = $config->listNodes("service snmp community");
+    foreach my $community (@communities) {
+	print_community($config, $community, 'community');
+    }
+
+    @communities = $config->listNodes("service snmp community6");
     foreach my $community (@communities) {
-        my $authorization = $config->returnValue("$community authorization");
-        my @clients = $config->returnValues("$community client");
-        my @networks = $config->returnValues("$community network");
-
-        if (scalar(@clients) == 0 and scalar(@networks) == 0){
-           if (defined $authorization and $authorization eq "rw") {
-               print "rwcommunity $community\n";
-           } else {
-                  print "rocommunity $community\n";
-           }
-        } else {
-                if (scalar(@clients) != 0) {
-                   foreach my $client (@clients){
-                        if (defined $authorization and $authorization eq "rw") {
-                            print "rwcommunity $community $client\n";
-                        } else {
-                                print "rocommunity $community $client\n";
-                        }
-                   }
-                }
-                if (scalar(@networks) != 0){
-                   foreach my $network (@networks){
-                        if (defined $authorization and $authorization eq "rw") {
-                            print "rwcommunity $community $network\n";
-                        } else {
-                                print "rocommunity $community $network\n";
-                        }
-
-                   }
-                }
-        }
+	print_community($config, $community, 'community6');
     }
 
     $config->setLevel($snmp_level);
diff --git a/templates/service/snmp/community6/node.def b/templates/service/snmp/community6/node.def
new file mode 100644
index 00000000..32eb4800
--- /dev/null
+++ b/templates/service/snmp/community6/node.def
@@ -0,0 +1,5 @@
+tag:
+type: txt
+help: Set community name [REQUIRED]
+syntax:expression: pattern $VAR(@) "^[^%]+$" ; \
+		   "Community string may not contain %"
diff --git a/templates/service/snmp/community6/node.tag/authorization/node.def b/templates/service/snmp/community6/node.tag/authorization/node.def
new file mode 100644
index 00000000..c8918d43
--- /dev/null
+++ b/templates/service/snmp/community6/node.tag/authorization/node.def
@@ -0,0 +1,7 @@
+type: txt
+default: "ro"
+help: Set authorization type (rw or ro) (default: ro)
+syntax:expression: $VAR(@) in "ro", "rw"; "Authorization type must be either rw or ro"
+
+
+
diff --git a/templates/service/snmp/community6/node.tag/client/node.def b/templates/service/snmp/community6/node.tag/client/node.def
new file mode 100644
index 00000000..fddbcb91
--- /dev/null
+++ b/templates/service/snmp/community6/node.tag/client/node.def
@@ -0,0 +1,3 @@
+multi:
+type: ipv6
+help: Set IPv6 address of SNMP client allowed to contact system
diff --git a/templates/service/snmp/community6/node.tag/network/node.def b/templates/service/snmp/community6/node.tag/network/node.def
new file mode 100644
index 00000000..266a1bce
--- /dev/null
+++ b/templates/service/snmp/community6/node.tag/network/node.def
@@ -0,0 +1,4 @@
+multi:
+type: ipv6net
+help: Set subnet of SNMP client(s) allowed to contact system
+syntax:expression: exec "/opt/vyatta/sbin/vyatta_quagga_utils.pl --check-prefix-boundry $VAR(@)"
diff --git a/templates/service/snmp/node.def b/templates/service/snmp/node.def
index 13b39fa7..2952eb34 100644
--- a/templates/service/snmp/node.def
+++ b/templates/service/snmp/node.def
@@ -1,6 +1,7 @@
 priority: 980
 help: Configure Simple Network Management Protocol (SNMP)
-commit:expression: $VAR(community/) != ""; "must configure a community"
+commit:expression: $VAR(community/) != "" || $VAR(community6/) != "" \
+		   ; "must configure a community or community6"
 
 delete: touch /tmp/snmp.$PPID
 end:if [ -f "/tmp/snmp.$PPID" ]
diff --git a/templates/service/snmp/trap-source/node.def b/templates/service/snmp/trap-source/node.def
index d8add72c..61a8cd6a 100644
--- a/templates/service/snmp/trap-source/node.def
+++ b/templates/service/snmp/trap-source/node.def
@@ -1,2 +1,2 @@
-type: ipv4
+type: ipv4,ipv6
 help: Set SNMP trap source address
diff --git a/templates/service/snmp/trap-target/node.def b/templates/service/snmp/trap-target/node.def
index 493484b7..561bc1ac 100644
--- a/templates/service/snmp/trap-target/node.def
+++ b/templates/service/snmp/trap-target/node.def
@@ -1,3 +1,3 @@
 tag:
-type: ipv4
-help: Set IP address of trap target
+type: ipv4,ipv6
+help: Set address of trap target