summaryrefslogtreecommitdiff
path: root/scripts/snmp
diff options
context:
space:
mode:
authorStephen Hemminger <stephen.hemminger@vyatta.com>2010-05-14 10:39:13 -0700
committerStephen Hemminger <stephen.hemminger@vyatta.com>2010-05-14 10:57:39 -0700
commitebc6b3916c76ff66f46f708d15194cb28829d066 (patch)
tree00cdc4515ac46da8fd926cb38e7653ee739cae0d /scripts/snmp
parent6ca482900c0be69068968fc033ad27fd0ab24c18 (diff)
downloadvyatta-cfg-system-ebc6b3916c76ff66f46f708d15194cb28829d066.tar.gz
vyatta-cfg-system-ebc6b3916c76ff66f46f708d15194cb28829d066.zip
Change SNMP community handling
Allow combination of IPv4 and IPv6 address in community setting. Use script to generate necessary community values in snmpd.conf
Diffstat (limited to 'scripts/snmp')
-rw-r--r--scripts/snmp/vyatta-snmp.pl55
1 files changed, 31 insertions, 24 deletions
diff --git a/scripts/snmp/vyatta-snmp.pl b/scripts/snmp/vyatta-snmp.pl
index f80a68fd..1c86321b 100644
--- a/scripts/snmp/vyatta-snmp.pl
+++ b/scripts/snmp/vyatta-snmp.pl
@@ -87,14 +87,16 @@ sub get_version {
return $version;
}
-# convert address to snmpd transport syntac
+# convert address to snmpd transport syntax
sub transport_syntax {
my ($addr, $port) = @_;
my $ip = new NetAddr::IP $addr;
+ die "$addr: not a valid IP address" unless $ip;
- return "udp:$addr:$port" if ($ip->version == 4);
- return "udp6:[$addr]:$port" if ($ip->version == 6);
- die "$addr: unknown protocol address";
+ my $version = $ip->version();
+ return "udp:$addr:$port" if ($version == 4);
+ return "udp6:[$addr]:$port" if ($version == 6);
+ die "$addr: unknown IP version $version";
}
sub ipv6_disabled {
@@ -154,22 +156,31 @@ sub randhex {
# output snmpd.conf file syntax for community
sub print_community {
- my ($config, $community, $type) = @_;
- $config->setLevel("service snmp $type $community");
-
- my $auth = $config->returnValue('authorization');
- $auth = 'ro' unless $auth;
- $auth .= $type; # rocommunity
-
- my @address = $config->returnValues('client');
- push @address, $config->returnValues('network');
+ my ($config, $community) = @_;
+ my $ro = $config->returnValue('authorization');
+ $ro = 'ro' unless $ro;
+
+ my @clients = $config->returnValues('client');
+ my @networks = $config->returnValues('network');
+
+ my @restriction = (@clients, @networks);
+ if (!@restriction) {
+ print $ro . "community $community\n";
+ print $ro . "community6 $community\n" unless ipv6_disabled();
+ return;
+ }
- if (@address) {
- foreach my $addr (@address) {
- print "$auth $community $addr\n";
+ foreach my $addr (@restriction) {
+ my $ip = new NetAddr::IP $addr;
+ die "$addr: Not a valid IP address" unless $ip;
+
+ if ($ip->version() == 4) {
+ print $ro . "community $community $addr\n";
+ } elsif ($ip->version() == 6) {
+ print $ro . "community6 $community $addr\n";
+ } else {
+ die "$addr: bad IP version ", $ip->version();
}
- } else {
- print "$auth $community\n";
}
}
@@ -178,12 +189,8 @@ sub snmp_get_values {
my @communities = $config->listNodes("service snmp community");
foreach my $community (@communities) {
- print_community($config, $community, 'community');
- }
-
- @communities = $config->listNodes("service snmp community6");
- foreach my $community (@communities) {
- print_community($config, $community, 'community6');
+ $config->setLevel("service snmp community $community");
+ print_community($config, $community);
}
$config->setLevel($snmp_level);