diff options
author | Christian Poessinger <christian@poessinger.com> | 2018-09-16 21:23:35 +0200 |
---|---|---|
committer | Christian Poessinger <christian@poessinger.com> | 2018-09-16 21:23:35 +0200 |
commit | 0ac5a4f94a8a4e84ed73c2288bcb9a4c77b9b695 (patch) | |
tree | 16c0ccf123f6da7e89f6693d354cb421f1b9aa3a /src/conf_mode | |
parent | 82a5ae32684b2368be2447a2eea4522f686f0d74 (diff) | |
download | vyos-1x-0ac5a4f94a8a4e84ed73c2288bcb9a4c77b9b695.tar.gz vyos-1x-0ac5a4f94a8a4e84ed73c2288bcb9a4c77b9b695.zip |
T850: SNMP: improve non existing listen-address assignments
Diffstat (limited to 'src/conf_mode')
-rwxr-xr-x | src/conf_mode/snmp.py | 36 |
1 files changed, 28 insertions, 8 deletions
diff --git a/src/conf_mode/snmp.py b/src/conf_mode/snmp.py index fe655f43e..69952e5e2 100755 --- a/src/conf_mode/snmp.py +++ b/src/conf_mode/snmp.py @@ -222,6 +222,7 @@ SNMPDOPTS='-LSed -u snmp -g snmp -p /run/snmpd.pid' default_config_data = { 'listen_on': [], + 'listen_address': [], 'communities': [], 'smux_peers': [], 'location' : '', @@ -300,19 +301,20 @@ def get_config(): if conf.exists('listen-address'): for addr in conf.list_nodes('listen-address'): - listen = '' port = '161' if conf.exists('listen-address {0} port'.format(addr)): port = conf.return_value('listen-address {0} port'.format(addr)) - if vyos.validate.is_ipv4(addr): - # udp:127.0.0.1:161 - listen = 'udp:' + addr + ':' + port - else: - # udp6:[::1]:161 - listen = 'udp6:' + '[' + addr + ']' + ':' + port + snmp['listen_address'].append((addr, port)) - snmp['listen_on'].append(listen) + # Always listen on localhost if an explicit address has been configured + # This is a safety measure to not end up with invalid listen addresses + # that are not configured on this system. See https://phabricator.vyos.net/T850 + if not '127.0.0.1' in conf.list_nodes('listen-address'): + snmp['listen_address'].append(('127.0.0.1', '161')) + + if not '::1' in conf.list_nodes('listen-address'): + snmp['listen_address'].append(('::1', '161')) if conf.exists('location'): snmp['location'] = conf.return_value('location') @@ -587,6 +589,24 @@ def verify(snmp): if not os.path.isfile('/config/snmp/tls/certs/' + snmp['v3_tsm_key']): raise ConfigError('TSM key must be fingerprint or filename in "/config/snmp/tls/certs/" folder') + for listen in snmp['listen_address']: + addr = listen[0] + port = listen[1] + + if vyos.validate.is_ipv4(addr): + # example: udp:127.0.0.1:161 + listen = 'udp:' + addr + ':' + port + else: + # example: udp6:[::1]:161 + listen = 'udp6:' + '[' + addr + ']' + ':' + port + + # We only wan't to configure addresses that exist on the system. + # Hint the user if they don't exist + if vyos.validate.is_addr_assigned(addr): + snmp['listen_on'].append(listen) + else: + print('WARNING: SNMP listen address {0} not configured!'.format(addr)) + if 'v3_groups' in snmp.keys(): for group in snmp['v3_groups']: # |