summaryrefslogtreecommitdiff
path: root/src/conf_mode/snmp.py
AgeCommit message (Collapse)Author
2019-10-27snmp: make script extension code more readableChristian Poessinger
2019-10-27snmp: use proper stat literals on chmod()Christian Poessinger
2019-10-27snmp: fix verify() indent on script extensionsChristian Poessinger
2019-10-27snmp: fix verify() bail out early orderChristian Poessinger
2019-10-27snmp: T1738: cleanup import statementsChristian Poessinger
2019-10-27snmp: T1769: remove TSM (Transport Security Mode) supportChristian Poessinger
The SNMPv3 TSM is very complex and I know 0 users of it. Also this is untested and I know no way how it could be tested. Instead of carrying on dead and unused code we should favour a drop of it using a proper config migration script.
2019-10-27snmp: T818: T1738: remove per user/trap engine idChristian Poessinger
As of the SNMP specification an SNMP engine ID should be unique per device. To not make it more complicated for users - only use the global SNMP engine ID.
2019-10-15snmpd: T1705 - High CPU usage by bgpd when snmp is activehagbard
* typo fixed
2019-10-13Revert "snmpd: T1705 - High CPU usage by bgpd when snmp is active"Christian Poessinger
Systems not runing BGP won't boot anymore. Syslog shows: snmpd[5404]: getaddrinfo: inetCidrRouteTable Name or service not known snmpd[5404]: getaddrinfo("inetCidrRouteTable", NULL, ...): Name or service not known snmpd[5404]: Error opening specified endpoint "inetCidrRouteTable" snmpd[5404]: Server Exiting with code 1 snmpd[5401]: Starting SNMP services:: systemd[1]: snmpd.service: control process exited, code=exited status=1 systemd[1]: Failed to start LSB: SNMP agents. systemd[1]: Unit snmpd.service entered failed state. This reverts commit e45648cdd5a52569be7f3ac30473b0c7474a7894.
2019-10-10snmpd: T1705 - High CPU usage by bgpd when snmp is activehagbard
2019-07-15[T1299] - SNMP extension with custom scriptshagbard
2019-01-30T1160: fix (ro|rw)community ACLChristian Poessinger
WHen building up the SNMP v2 community ro/rw access all hosts from a INET version could access even when the community was locked to one INET family. Example #1: set service snmp community bar network 172.16.0.0/12 Allowed access only to IPv4 network 172.16.0.0/12 but it allowed acces from IPv6 ::/0. Example #2: set service snmp community baz network 2001:db8::/64 Limited IPv6 access to 2001:db8::/64 but IPv4 was open to 0.0.0.0/0
2019-01-03T1147: Fix SNMP config file generation on newly installed systemsChristian Poessinger
2018-11-05T950: make sure agentx is enabled in FRR only when SNMP is setup, and ↵Daniil Baturin
supress duplicate error messages.
2018-10-28T923: enable AgentX in FRR after SNMP is configured.Daniil Baturin
2018-10-20SNMP: update comments in Python generatorChristian Poessinger
2018-10-20T923: support SNMP integration with FRR routing daemonChristian Poessinger
2018-09-29T855: fix SNMP python verify() to allow non group assignmentChristian Poessinger
VyOS 1.1.8 support SNMPv3 without a group beeing assigned to a user. This was yet not supported in VyOS 1.2.0. Use for testing: ================ set service snmp v3 user testsnmpv3 auth plain 'authkey12345' set service snmp v3 user testsnmpv3 auth type sha set service snmp v3 user testsnmpv3 mode ro set service snmp v3 user testsnmpv3 privacy plain 'privkey12345' set service snmp v3 user testsnmpv3 privacy type aes
2018-09-16T850: SNMP: improve non existing listen-address assignmentsChristian Poessinger
2018-09-16snmp: fix python script indentionChristian Poessinger
2018-09-10snmp.py: proper creation of non network bound SNMP communitiesChristian Poessinger
2018-09-10snmp.py: improve JINJA2 template robustnessChristian Poessinger
2018-09-01snmp.py: improve daemon startupChristian Poessinger
The previous implementation used a hardcoded 2 seconds sleep until the daemon configuration was rendered by snmpd (user/password stuff). Waiting 2 seconds is error prone and was replaced by reading the configuration file until it shows a marker indicating that the file was properly processed by snmpd.
2018-09-01snmp.py: beautify generated snmp.conf #2Christian Poessinger
2018-09-01snmp.py: bugfix - CLI client community node was not processedChristian Poessinger
2018-09-01snmp.py: bugfix writing rocommunity string in configChristian Poessinger
2018-09-01snmp.py: beautify generated snmp.confChristian Poessinger
2018-09-01T771: snmp.px: reduce syslog noiseChristian Poessinger
2018-08-29snmp.py: only write 'oldEngineID' to config if v3 is enabledChristian Poessinger
2018-08-29T733: snmp.py: switch to new IP address validatorsChristian Poessinger
Commit a30dac7c2 ("vyos package: add IP address validators") added system wide Python validators for IP addresses. Remove duplicated code and switch to single source.
2018-08-07T733: snmp.py: set IPv6 community stringJules Taplin
Also fixed it to correctly set an IPv6 community string, even if you don't specify the network it's working on.
2018-07-05T733: snmp.py: set IPv6 community stringjules-vyos
* Fixed snmp.py to correctly supply 'community6' community strings, so that ipv6 will work.
2018-07-02T652: SNMP: bugfix initial specification of v3 engine id missingChristian Poessinger
2018-07-02T713: bugfix incorrect parsing of seclevelChristian Poessinger
... there was a coding error in the if clause.
2018-07-02T652: SNMP: bugfix for default auth and priv typeChristian Poessinger
If no auth or no priv type was specified for a v3 user this resulted in a commit error, but CLI said there would be ssane defaults. * auth type defaults to 'md5' * priv type defaults to 'des'
2018-06-30T714: SNMP: make user auth type mandatoryChristian Poessinger
... if seclevel for group is auth or priv where the user belongs to
2018-06-30T713: bugfix incorrect parsing of seclevelChristian Poessinger
SNMP v3 group seclevel was not taken into account when validating existance of user auth or priv keys.
2018-06-30T652: SNMP: bugfix preserving users engineidChristian Poessinger
In VyOS 1.1.x every user was forced to the systems engine ID when using SNMPv3, even when a user wanted to have a custom engineID, thus the node 'service snmp v3 user foo engineid' itself is useless.
2018-06-08T652: import SNMP keys from volatile into nonvolatile locationChristian Poessinger
2018-06-08T652: user encrypted-key not possible without engineidChristian Poessinger
2018-06-07T652: snmp.py: support SNMPv3 write groupsChristian Poessinger
2018-06-06T652: snmp.py: bugfix writing encrypted keys to configChristian Poessinger
... in the past an encrypted key was encrypted again b/c we only used createUser in /var/lib/snmp/snmpd.conf nad not usmUser in addition.
2018-06-06snmp.py: pipe shell output to /dev/null as it was back in the Perl daysChristian Poessinger
2018-06-06T652: snmp.py: listen on all addresses if listen-address is not specifiedChristian Poessinger
2018-06-05T652: snmp.py: convert plaintext-keys into encrypted-keysChristian Poessinger
2018-06-04T652: Add SNMPv3 TSM handling and commit verificationChristian Poessinger
2018-06-04T652: read SNMPv3 config into python dictionaryChristian Poessinger
2018-06-04snmp.py: refactor listen-address config generationChristian Poessinger
2018-06-04T654: Support IPv6 configuration for SNMP listen addressChristian Poessinger
2018-06-04T652: first SNMP version using XML interface definitionChristian Poessinger
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-01 00:56:09 +0000