summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2021-11-17 21:42:26 +0100
committerChristian Poessinger <christian@poessinger.com>2021-11-17 21:42:26 +0100
commitd13b91462487e090b32c0d1ecf9139a2271b4837 (patch)
treea827717326c9acc854f89db0a07c41de0f918b5f
parent77eca49bffede005f546b7d9d3660bf2e32c7e8e (diff)
downloadvyos-1x-d13b91462487e090b32c0d1ecf9139a2271b4837.tar.gz
vyos-1x-d13b91462487e090b32c0d1ecf9139a2271b4837.zip
snmp: T3996: fix invalid IPv6 localhost handling when using listen-address
We need to use a temporary variable when validating the tuple if address is used. If not the else branch will always add the tuple to the list of addresses used for listen-address.
-rwxr-xr-xsmoketest/scripts/cli/test_service_snmp.py33
-rwxr-xr-xsrc/conf_mode/snmp.py19
2 files changed, 36 insertions, 16 deletions
diff --git a/smoketest/scripts/cli/test_service_snmp.py b/smoketest/scripts/cli/test_service_snmp.py
index 008271102..e15d186bc 100755
--- a/smoketest/scripts/cli/test_service_snmp.py
+++ b/smoketest/scripts/cli/test_service_snmp.py
@@ -22,6 +22,7 @@ from base_vyostest_shim import VyOSUnitTestSHIM
from vyos.configsession import ConfigSession
from vyos.configsession import ConfigSessionError
from vyos.template import is_ipv4
+from vyos.template import address_from_cidr
from vyos.util import read_file
from vyos.util import process_named_running
@@ -36,16 +37,29 @@ def get_config_value(key):
return tmp[0]
class TestSNMPService(VyOSUnitTestSHIM.TestCase):
- def setUp(self):
+ @classmethod
+ def setUpClass(cls):
+ super(cls, cls).setUpClass()
+
# ensure we can also run this test on a live system - so lets clean
# out the current configuration :)
+ cls.cli_delete(cls, base_path)
+
+ def tearDown(self):
+ # delete testing SNMP config
self.cli_delete(base_path)
+ self.cli_commit()
def test_snmp_basic(self):
+ dummy_if = 'dum7312'
+ dummy_addr = '100.64.0.1/32'
+ self.cli_set(['interfaces', 'dummy', dummy_if, 'address', dummy_addr])
+
# Check if SNMP can be configured and service runs
clients = ['192.0.2.1', '2001:db8::1']
networks = ['192.0.2.128/25', '2001:db8:babe::/48']
- listen = ['127.0.0.1', '::1']
+ listen = ['127.0.0.1', '::1', address_from_cidr(dummy_addr)]
+ port = '5000'
for auth in ['ro', 'rw']:
community = 'VyOS' + auth
@@ -56,7 +70,7 @@ class TestSNMPService(VyOSUnitTestSHIM.TestCase):
self.cli_set(base_path + ['community', community, 'network', network])
for addr in listen:
- self.cli_set(base_path + ['listen-address', addr])
+ self.cli_set(base_path + ['listen-address', addr, 'port', port])
self.cli_set(base_path + ['contact', 'maintainers@vyos.io'])
self.cli_set(base_path + ['location', 'qemu'])
@@ -68,16 +82,18 @@ class TestSNMPService(VyOSUnitTestSHIM.TestCase):
# thus we need to transfor this into a proper list
config = get_config_value('agentaddress')
expected = 'unix:/run/snmpd.socket'
+ self.assertIn(expected, config)
+
for addr in listen:
if is_ipv4(addr):
- expected += ',udp:{}:161'.format(addr)
+ expected = f'udp:{addr}:{port}'
else:
- expected += ',udp6:[{}]:161'.format(addr)
-
- self.assertTrue(expected in config)
+ expected = f'udp6:[{addr}]:{port}'
+ self.assertIn(expected, config)
# Check for running process
self.assertTrue(process_named_running(PROCESS_NAME))
+ self.cli_delete(['interfaces', 'dummy', dummy_if])
def test_snmpv3_sha(self):
@@ -86,7 +102,7 @@ class TestSNMPService(VyOSUnitTestSHIM.TestCase):
self.cli_set(base_path + ['v3', 'engineid', '000000000000000000000002'])
self.cli_set(base_path + ['v3', 'group', 'default', 'mode', 'ro'])
- # check validate() - a view must be created before this can be comitted
+ # check validate() - a view must be created before this can be committed
with self.assertRaises(ConfigSessionError):
self.cli_commit()
@@ -152,4 +168,3 @@ class TestSNMPService(VyOSUnitTestSHIM.TestCase):
if __name__ == '__main__':
unittest.main(verbosity=2)
-
diff --git a/src/conf_mode/snmp.py b/src/conf_mode/snmp.py
index 2a420b193..e1852f2ce 100755
--- a/src/conf_mode/snmp.py
+++ b/src/conf_mode/snmp.py
@@ -20,13 +20,17 @@ from sys import exit
from vyos.config import Config
from vyos.configverify import verify_vrf
-from vyos.snmpv3_hashgen import plaintext_to_md5, plaintext_to_sha1, random
+from vyos.snmpv3_hashgen import plaintext_to_md5
+from vyos.snmpv3_hashgen import plaintext_to_sha1
+from vyos.snmpv3_hashgen import random
from vyos.template import render
from vyos.template import is_ipv4
-from vyos.util import call, chmod_755
+from vyos.util import call
+from vyos.util import chmod_755
from vyos.validate import is_addr_assigned
from vyos.version import get_version_data
-from vyos import ConfigError, airbag
+from vyos import ConfigError
+from vyos import airbag
airbag.enable()
config_file_client = r'/etc/snmp/snmp.conf'
@@ -410,19 +414,20 @@ def verify(snmp):
port = listen[1]
protocol = snmp['protocol']
+ tmp = None
if is_ipv4(addr):
# example: udp:127.0.0.1:161
- listen = f'{protocol}:{addr}:{port}'
+ tmp = f'{protocol}:{addr}:{port}'
elif snmp['ipv6_enabled']:
# example: udp6:[::1]:161
- listen = f'{protocol}6:[{addr}]:{port}'
+ tmp = f'{protocol}6:[{addr}]:{port}'
# We only wan't to configure addresses that exist on the system.
# Hint the user if they don't exist
if is_addr_assigned(addr):
- snmp['listen_on'].append(listen)
+ if tmp: snmp['listen_on'].append(tmp)
else:
- print('WARNING: SNMP listen address {0} not configured!'.format(addr))
+ print(f'WARNING: SNMP listen address {addr} not configured!')
verify_vrf(snmp)