diff options
author | Stephen Hemminger <stephen.hemminger@vyatta.com> | 2010-05-12 20:02:10 -0700 |
---|---|---|
committer | Stephen Hemminger <stephen.hemminger@vyatta.com> | 2010-05-12 20:23:42 -0700 |
commit | 496c5f68ebdeb33ca75fac65f0c6f0ae29b781bb (patch) | |
tree | d33962e25e43c079ffcf472fcb7d95dee63a0189 | |
parent | ab587ce0c92b5aeeb26eb678946a7e1faa6f9db1 (diff) | |
download | vyatta-cfg-system-496c5f68ebdeb33ca75fac65f0c6f0ae29b781bb.tar.gz vyatta-cfg-system-496c5f68ebdeb33ca75fac65f0c6f0ae29b781bb.zip |
Allow configuring/restricting SNMP listen address
Add:
service snmp listen-address AAAA [port NNN]
-rw-r--r-- | scripts/snmp/vyatta-snmp.pl | 50 | ||||
-rw-r--r-- | templates/service/snmp/listen-address/node.def | 3 | ||||
-rw-r--r-- | templates/service/snmp/listen-address/node.tag/port/node.def | 3 |
3 files changed, 53 insertions, 3 deletions
diff --git a/scripts/snmp/vyatta-snmp.pl b/scripts/snmp/vyatta-snmp.pl index e3aa3fc1..f80a68fd 100644 --- a/scripts/snmp/vyatta-snmp.pl +++ b/scripts/snmp/vyatta-snmp.pl @@ -26,6 +26,7 @@ use lib "/opt/vyatta/share/perl5/"; use Vyatta::Config; use Vyatta::Misc; +use NetAddr::IP; use Getopt::Long; use File::Copy; @@ -40,6 +41,7 @@ my $snmp_tmp = "/tmp/snmpd.conf.$$"; my $snmp_snmpv3_user_conf = '/usr/share/snmp/snmpd.conf'; my $snmp_snmpv3_createuser_conf = '/var/lib/snmp/snmpd.conf'; my $versionfile = '/opt/vyatta/etc/version'; +my $local_agent = 'unix:/var/run/snmpd.socket'; my $snmp_level = 'service snmp'; @@ -60,7 +62,7 @@ sub snmp_start { snmp_get_values(); close $fh; select STDOUT; - + snmp_client_config(); move($snmp_tmp, $snmp_conf) @@ -85,15 +87,57 @@ sub get_version { return $version; } +# convert address to snmpd transport syntac +sub transport_syntax { + my ($addr, $port) = @_; + my $ip = new NetAddr::IP $addr; + + return "udp:$addr:$port" if ($ip->version == 4); + return "udp6:[$addr]:$port" if ($ip->version == 6); + die "$addr: unknown protocol address"; +} + +sub ipv6_disabled { + my $config = new Vyatta::Config; + return $config->exists("system ipv6 disable"); +} + +# Find SNMP agent listening addresses +sub get_listen_address { + my $config = new Vyatta::Config; + my @listen; + + $config->setLevel('service snmp listen-address'); + my @address = $config->listNodes(); + + if(@address) { + foreach my $addr (@address) { + my $port = $config->returnValue("$addr port"); + push @listen, transport_syntax($addr, $port); + } + } else { + # default if no address specified + @listen = ( 'udp:' ); + push @listen, 'udp6:' unless ipv6_disabled(); + return @listen; + } + + return @listen; +} + sub snmp_get_constants { my $version = get_version(); my $now = localtime; + my @addr = get_listen_address(); + + # add local unix domain target for use by operational commands + unshift @addr, $local_agent; print "# autogenerated by vyatta-snmp.pl on $now\n"; print "sysDescr Vyatta $version\n"; print "sysObjectID 1.3.6.1.4.1.30803\n"; print "sysServices 14\n"; - print "agentaddress unix:/var/run/snmpd.socket,udp:161,udp6:161\n"; + print "agentaddress ", join(',',@addr), "\n"; print "smuxpeer .1.3.6.1.4.1.3317.1.2.2\n"; # ospfd print "smuxpeer .1.3.6.1.4.1.3317.1.2.5\n"; # bgpd @@ -119,7 +163,7 @@ sub print_community { my @address = $config->returnValues('client'); push @address, $config->returnValues('network'); - + if (@address) { foreach my $addr (@address) { print "$auth $community $addr\n"; diff --git a/templates/service/snmp/listen-address/node.def b/templates/service/snmp/listen-address/node.def new file mode 100644 index 00000000..f234edc8 --- /dev/null +++ b/templates/service/snmp/listen-address/node.def @@ -0,0 +1,3 @@ +tag: +type: ipv4,ipv6 +help: Set IP address to listen for incoming SNMP requests diff --git a/templates/service/snmp/listen-address/node.tag/port/node.def b/templates/service/snmp/listen-address/node.tag/port/node.def new file mode 100644 index 00000000..5a21b1d8 --- /dev/null +++ b/templates/service/snmp/listen-address/node.tag/port/node.def @@ -0,0 +1,3 @@ +type: u32 +default: 161 +help: Set port for SNMP service |