1 files changed, 82 insertions, 35 deletions

diff --git a/scripts/snmp/vyatta-snmp.pl b/scripts/snmp/vyatta-snmp.pl
index 3adb37b7..a3be64ad 100644
--- a/scripts/snmp/vyatta-snmp.pl
+++ b/scripts/snmp/vyatta-snmp.pl
@@ -26,6 +26,7 @@
 use lib "/opt/vyatta/share/perl5/";
 use Vyatta::Config;
 use Vyatta::Misc;
+use NetAddr::IP;
 use Getopt::Long;
 use File::Copy;
 
@@ -40,6 +41,7 @@ my $snmp_tmp  = "/tmp/snmpd.conf.$$";
 my $snmp_snmpv3_user_conf = '/usr/share/snmp/snmpd.conf';
 my $snmp_snmpv3_createuser_conf = '/var/lib/snmp/snmpd.conf';
 my $versionfile = '/opt/vyatta/etc/version';
+my $local_agent = 'unix:/var/run/snmpd.socket';
 
 my $snmp_level = 'service snmp';
 
@@ -60,7 +62,7 @@ sub snmp_start {
     snmp_get_values();
     close $fh;
     select STDOUT;
-   
+
     snmp_client_config();
 
     move($snmp_tmp, $snmp_conf)
@@ -85,14 +87,60 @@ sub get_version {
     return $version;
 }
 
+# convert address to snmpd transport syntax
+sub transport_syntax {
+    my ($addr, $port) = @_;
+    my $ip = new NetAddr::IP $addr;
+    die "$addr: not a valid IP address" unless $ip;
+
+    my $version = $ip->version();
+    return "udp:$addr:$port"    if ($version == 4);
+    return "udp6:[$addr]:$port" if ($version == 6);
+    die "$addr: unknown IP version $version";
+}
+
+sub ipv6_disabled {
+    my $config = new Vyatta::Config;
+    return $config->exists("system ipv6 disable");
+}
+
+# Find SNMP agent listening addresses
+sub get_listen_address {
+    my $config = new Vyatta::Config;
+    my @listen;
+
+    $config->setLevel('service snmp listen-address');
+    my @address = $config->listNodes();
+
+    if(@address) {
+	foreach my $addr (@address) {
+	    my $port = $config->returnValue("$addr port");
+	    push @listen, transport_syntax($addr, $port);
+	}
+    } else {
+	# default if no address specified
+	@listen = ( 'udp:161' );
+	push @listen, 'udp6:161' unless ipv6_disabled();
+	return @listen;
+    }
+
+    return @listen;
+}
+
 sub snmp_get_constants {
     my $version = get_version();
     my $now = localtime;
+    my @addr = get_listen_address();
+
+    # add local unix domain target for use by operational commands
+    unshift @addr, $local_agent;
 
     print "# autogenerated by vyatta-snmp.pl on $now\n";
     print "sysDescr Vyatta $version\n";
     print "sysObjectID 1.3.6.1.4.1.30803\n";
     print "sysServices 14\n";
+    print "agentaddress ", join(',',@addr), "\n";
+
     print "smuxpeer .1.3.6.1.4.1.3317.1.2.2\n";		# ospfd
     print "smuxpeer .1.3.6.1.4.1.3317.1.2.5\n";		# bgpd
     print "smuxpeer .1.3.6.1.4.1.3317.1.2.3\n";		# ripd
@@ -106,44 +154,43 @@ sub randhex {
     return join "", map { unpack "H*", chr(rand(256)) } 1..($length/2);
 }
 
+# output snmpd.conf file syntax for community
+sub print_community {
+    my ($config, $community) = @_;
+    my $ro = $config->returnValue('authorization');
+    $ro = 'ro' unless $ro;
+
+    my @clients = $config->returnValues('client');
+    my @networks = $config->returnValues('network');
+
+    my @restriction = (@clients, @networks);
+    if (!@restriction) {
+	print $ro . "community $community\n";
+	print $ro . "community6 $community\n" unless ipv6_disabled();
+	return;
+    }
+
+    foreach my $addr (@restriction) {
+	my $ip = new NetAddr::IP $addr;
+	die "$addr: Not a valid IP address" unless $ip;
+	
+	if ($ip->version() == 4) {
+	    print $ro . "community $community $addr\n";
+	} elsif ($ip->version() == 6) {
+	    print $ro . "community6 $community $addr\n";
+	} else {
+	    die "$addr: bad IP version ", $ip->version();
+	}
+    }
+}
+
 sub snmp_get_values {
     my $config = new Vyatta::Config;
 
-    $config->setLevel("service snmp community");
-    my @communities = $config->listNodes();
-   
+    my @communities = $config->listNodes("service snmp community");
     foreach my $community (@communities) {
-        my $authorization = $config->returnValue("$community authorization");
-        my @clients = $config->returnValues("$community client");
-        my @networks = $config->returnValues("$community network");
-
-        if (scalar(@clients) == 0 and scalar(@networks) == 0){
-           if (defined $authorization and $authorization eq "rw") {
-               print "rwcommunity $community\n";
-           } else {
-                  print "rocommunity $community\n";
-           }
-        } else {
-                if (scalar(@clients) != 0) {
-                   foreach my $client (@clients){
-                        if (defined $authorization and $authorization eq "rw") {
-                            print "rwcommunity $community $client\n";
-                        } else {
-                                print "rocommunity $community $client\n";
-                        }
-                   }
-                }
-                if (scalar(@networks) != 0){
-                   foreach my $network (@networks){
-                        if (defined $authorization and $authorization eq "rw") {
-                            print "rwcommunity $community $network\n";
-                        } else {
-                                print "rocommunity $community $network\n";
-                        }
-
-                   }
-                }
-        }
+	$config->setLevel("service snmp community $community");
+	print_community($config, $community);
     }
 
     $config->setLevel($snmp_level);