diff options
author | Stephen Hemminger <stephen.hemminger@vyatta.com> | 2010-05-14 10:39:13 -0700 |
---|---|---|
committer | Stephen Hemminger <stephen.hemminger@vyatta.com> | 2010-05-14 10:57:39 -0700 |
commit | ebc6b3916c76ff66f46f708d15194cb28829d066 (patch) | |
tree | 00cdc4515ac46da8fd926cb38e7653ee739cae0d /scripts/snmp | |
parent | 6ca482900c0be69068968fc033ad27fd0ab24c18 (diff) | |
download | vyatta-cfg-system-ebc6b3916c76ff66f46f708d15194cb28829d066.tar.gz vyatta-cfg-system-ebc6b3916c76ff66f46f708d15194cb28829d066.zip |
Change SNMP community handling
Allow combination of IPv4 and IPv6 address in community setting.
Use script to generate necessary community values in snmpd.conf
Diffstat (limited to 'scripts/snmp')
-rw-r--r-- | scripts/snmp/vyatta-snmp.pl | 55 |
1 files changed, 31 insertions, 24 deletions
diff --git a/scripts/snmp/vyatta-snmp.pl b/scripts/snmp/vyatta-snmp.pl index f80a68fd..1c86321b 100644 --- a/scripts/snmp/vyatta-snmp.pl +++ b/scripts/snmp/vyatta-snmp.pl @@ -87,14 +87,16 @@ sub get_version { return $version; } -# convert address to snmpd transport syntac +# convert address to snmpd transport syntax sub transport_syntax { my ($addr, $port) = @_; my $ip = new NetAddr::IP $addr; + die "$addr: not a valid IP address" unless $ip; - return "udp:$addr:$port" if ($ip->version == 4); - return "udp6:[$addr]:$port" if ($ip->version == 6); - die "$addr: unknown protocol address"; + my $version = $ip->version(); + return "udp:$addr:$port" if ($version == 4); + return "udp6:[$addr]:$port" if ($version == 6); + die "$addr: unknown IP version $version"; } sub ipv6_disabled { @@ -154,22 +156,31 @@ sub randhex { # output snmpd.conf file syntax for community sub print_community { - my ($config, $community, $type) = @_; - $config->setLevel("service snmp $type $community"); - - my $auth = $config->returnValue('authorization'); - $auth = 'ro' unless $auth; - $auth .= $type; # rocommunity - - my @address = $config->returnValues('client'); - push @address, $config->returnValues('network'); + my ($config, $community) = @_; + my $ro = $config->returnValue('authorization'); + $ro = 'ro' unless $ro; + + my @clients = $config->returnValues('client'); + my @networks = $config->returnValues('network'); + + my @restriction = (@clients, @networks); + if (!@restriction) { + print $ro . "community $community\n"; + print $ro . "community6 $community\n" unless ipv6_disabled(); + return; + } - if (@address) { - foreach my $addr (@address) { - print "$auth $community $addr\n"; + foreach my $addr (@restriction) { + my $ip = new NetAddr::IP $addr; + die "$addr: Not a valid IP address" unless $ip; + + if ($ip->version() == 4) { + print $ro . "community $community $addr\n"; + } elsif ($ip->version() == 6) { + print $ro . "community6 $community $addr\n"; + } else { + die "$addr: bad IP version ", $ip->version(); } - } else { - print "$auth $community\n"; } } @@ -178,12 +189,8 @@ sub snmp_get_values { my @communities = $config->listNodes("service snmp community"); foreach my $community (@communities) { - print_community($config, $community, 'community'); - } - - @communities = $config->listNodes("service snmp community6"); - foreach my $community (@communities) { - print_community($config, $community, 'community6'); + $config->setLevel("service snmp community $community"); + print_community($config, $community); } $config->setLevel($snmp_level); |