diff options
| author | Stephen Hemminger <stephen.hemminger@vyatta.com> | 2010-05-14 10:39:13 -0700 |
|---|---|---|
| committer | Stephen Hemminger <stephen.hemminger@vyatta.com> | 2010-05-14 10:57:39 -0700 |
| commit | ebc6b3916c76ff66f46f708d15194cb28829d066 (patch) | |
| tree | 00cdc4515ac46da8fd926cb38e7653ee739cae0d | |
| parent | 6ca482900c0be69068968fc033ad27fd0ab24c18 (diff) | |
| download | vyatta-cfg-quagga-ebc6b3916c76ff66f46f708d15194cb28829d066.tar.gz vyatta-cfg-quagga-ebc6b3916c76ff66f46f708d15194cb28829d066.zip | |
Change SNMP community handling
Allow combination of IPv4 and IPv6 address in community setting.
Use script to generate necessary community values in snmpd.conf
7 files changed, 33 insertions, 45 deletions
diff --git a/scripts/snmp/vyatta-snmp.pl b/scripts/snmp/vyatta-snmp.pl index f80a68fd..1c86321b 100644 --- a/scripts/snmp/vyatta-snmp.pl +++ b/scripts/snmp/vyatta-snmp.pl @@ -87,14 +87,16 @@ sub get_version { return $version; } -# convert address to snmpd transport syntac +# convert address to snmpd transport syntax sub transport_syntax { my ($addr, $port) = @_; my $ip = new NetAddr::IP $addr; + die "$addr: not a valid IP address" unless $ip; - return "udp:$addr:$port" if ($ip->version == 4); - return "udp6:[$addr]:$port" if ($ip->version == 6); - die "$addr: unknown protocol address"; + my $version = $ip->version(); + return "udp:$addr:$port" if ($version == 4); + return "udp6:[$addr]:$port" if ($version == 6); + die "$addr: unknown IP version $version"; } sub ipv6_disabled { @@ -154,22 +156,31 @@ sub randhex { # output snmpd.conf file syntax for community sub print_community { - my ($config, $community, $type) = @_; - $config->setLevel("service snmp $type $community"); - - my $auth = $config->returnValue('authorization'); - $auth = 'ro' unless $auth; - $auth .= $type; # rocommunity - - my @address = $config->returnValues('client'); - push @address, $config->returnValues('network'); + my ($config, $community) = @_; + my $ro = $config->returnValue('authorization'); + $ro = 'ro' unless $ro; + + my @clients = $config->returnValues('client'); + my @networks = $config->returnValues('network'); + + my @restriction = (@clients, @networks); + if (!@restriction) { + print $ro . "community $community\n"; + print $ro . "community6 $community\n" unless ipv6_disabled(); + return; + } - if (@address) { - foreach my $addr (@address) { - print "$auth $community $addr\n"; + foreach my $addr (@restriction) { + my $ip = new NetAddr::IP $addr; + die "$addr: Not a valid IP address" unless $ip; + + if ($ip->version() == 4) { + print $ro . "community $community $addr\n"; + } elsif ($ip->version() == 6) { + print $ro . "community6 $community $addr\n"; + } else { + die "$addr: bad IP version ", $ip->version(); } - } else { - print "$auth $community\n"; } } @@ -178,12 +189,8 @@ sub snmp_get_values { my @communities = $config->listNodes("service snmp community"); foreach my $community (@communities) { - print_community($config, $community, 'community'); - } - - @communities = $config->listNodes("service snmp community6"); - foreach my $community (@communities) { - print_community($config, $community, 'community6'); + $config->setLevel("service snmp community $community"); + print_community($config, $community); } $config->setLevel($snmp_level); diff --git a/templates/service/snmp/community/node.tag/client/node.def b/templates/service/snmp/community/node.tag/client/node.def index 828faa97..427a9939 100644 --- a/templates/service/snmp/community/node.tag/client/node.def +++ b/templates/service/snmp/community/node.tag/client/node.def @@ -1,3 +1,3 @@ multi: -type: ipv4 +type: ipv4,ipv6 help: Set IP address of SNMP client allowed to contact system diff --git a/templates/service/snmp/community/node.tag/network/node.def b/templates/service/snmp/community/node.tag/network/node.def index 00a77d4b..4b80a51b 100644 --- a/templates/service/snmp/community/node.tag/network/node.def +++ b/templates/service/snmp/community/node.tag/network/node.def @@ -1,4 +1,4 @@ multi: -type: ipv4net +type: ipv4net,ipv6net help: Set subnet of SNMP client(s) allowed to contact system syntax:expression: exec "/opt/vyatta/sbin/vyatta_quagga_utils.pl --check-prefix-boundry $VAR(@)" diff --git a/templates/service/snmp/community6/node.def b/templates/service/snmp/community6/node.def deleted file mode 100644 index 32eb4800..00000000 --- a/templates/service/snmp/community6/node.def +++ /dev/null @@ -1,5 +0,0 @@ -tag: -type: txt -help: Set community name [REQUIRED] -syntax:expression: pattern $VAR(@) "^[^%]+$" ; \ - "Community string may not contain %" diff --git a/templates/service/snmp/community6/node.tag/authorization/node.def b/templates/service/snmp/community6/node.tag/authorization/node.def deleted file mode 100644 index c8918d43..00000000 --- a/templates/service/snmp/community6/node.tag/authorization/node.def +++ /dev/null @@ -1,7 +0,0 @@ -type: txt -default: "ro" -help: Set authorization type (rw or ro) (default: ro) -syntax:expression: $VAR(@) in "ro", "rw"; "Authorization type must be either rw or ro" - - - diff --git a/templates/service/snmp/community6/node.tag/client/node.def b/templates/service/snmp/community6/node.tag/client/node.def deleted file mode 100644 index fddbcb91..00000000 --- a/templates/service/snmp/community6/node.tag/client/node.def +++ /dev/null @@ -1,3 +0,0 @@ -multi: -type: ipv6 -help: Set IPv6 address of SNMP client allowed to contact system diff --git a/templates/service/snmp/community6/node.tag/network/node.def b/templates/service/snmp/community6/node.tag/network/node.def deleted file mode 100644 index 266a1bce..00000000 --- a/templates/service/snmp/community6/node.tag/network/node.def +++ /dev/null @@ -1,4 +0,0 @@ -multi: -type: ipv6net -help: Set subnet of SNMP client(s) allowed to contact system -syntax:expression: exec "/opt/vyatta/sbin/vyatta_quagga_utils.pl --check-prefix-boundry $VAR(@)" |