snmpfwd
snmpfwd copied to clipboard
etingof
SNMP message timing parameters not in windows of trust
I'm trying to setup SNMP v3 to v2c trap forwarder and getting the error "SNMP message timing parameters not in windows of trust" during testing. I have attached my server & client configurations and debug logs from server & client.
I did some tracing and found the condition given here (in pysnmp) is failing is the root cause.
Please have a look at my configuration and help me understand if any of my configuration is causing the problem or there is a bug in pysnmp.
Environment details:
CentOS 7.5.1804
Python 2.7.5 (in virtualenv)
$ pip list
pip 18.0
ply 3.11
pyasn1 0.4.4
pycryptodomex 3.6.6
pysmi 0.3.1
pysnmp 4.4.5
setuptools 28.8.0
snmpfwd 0.3.3
wheel 0.29.0
Test traps are sent using following command
snmptrap -v 3 -e 0x0102030405070809 -l authPriv -u test-user -a MD5 -A authkey1 -x DES -X privkey1 127.0.0.1:1162 12345 1.3.6.1.2.5 sysDescr s myagent
server_debug.log client_debug.log
Thank you for raising this issue and providing quality context!
Please, try current master and make sure to configure snmp-security-engine-id in your snmpfwd server to match SNMP engine ID of your SNMPv3 TRAP sender.
Also see this example.
Thanks for the fix. SNMP v3 with auth+priv is working as it should but this breaks v2c & v1 traps. Please look at the error given below.
2018-09-03 14:34:19,977 ERROR poll error: Traceback (most recent call last):
; File "/usr/local/lib/python3.7/site-packages/pysnmp/carrier/asyncore/dispatch.py", line 46, in runDispatcher
use_poll=True, map=self.__sockMap, count=1)
; File "/usr/local/lib/python3.7/asyncore.py", line 207, in loop
poll_fun(timeout, map)
; File "/usr/local/lib/python3.7/asyncore.py", line 188, in poll2
readwrite(obj, flags)
; File "/usr/local/lib/python3.7/asyncore.py", line 123, in readwrite
obj.handle_error()
; File "/usr/local/lib/python3.7/asyncore.py", line 108, in readwrite
obj.handle_read_event()
; File "/usr/local/lib/python3.7/asyncore.py", line 422, in handle_read_event
self.handle_read()
; File "/usr/local/lib/python3.7/site-packages/pysnmp/carrier/asyncore/dgram/base.py", line 163, in handle_read
self._cbFun(self, transportAddress, incomingMessage)
; File "/usr/local/lib/python3.7/site-packages/pysnmp/carrier/base.py", line 70, in _cbFun
self, transportDomain, transportAddress, incomingMessage
; File "/usr/local/lib/python3.7/site-packages/pysnmp/entity/engine.py", line 152, in __receiveMessageCbFun
self, transportDomain, transportAddress, wholeMsg
; File "/usr/local/lib/python3.7/site-packages/pysnmp/proto/rfc3412.py", line 433, in receiveMessage
PDU, maxSizeResponseScopedPDU, stateReference)
; File "/usr/local/bin/snmpfwd-server.py", line 257, in processPdu
msgId = trunkingManager.sendReq(trunkId, trunkReq, self.trunkCbFun, cbCtx)
; File "/usr/local/lib/python3.7/site-packages/snmpfwd/trunking/manager.py", line 32, in sendReq
return trunk.sendReq(req, cbFun, cbCtx)
; File "/usr/local/lib/python3.7/site-packages/snmpfwd/trunking/client.py", line 48, in sendReq
self.send(protocol.prepareRequestData(msgId, req, self.__secret))
; File "/usr/local/lib/python3.7/site-packages/snmpfwd/trunking/protocol.py", line 112, in prepareRequestData
r[k] = req[k]
;KeyError: 'snmp-security-engine-id'
caused by <class 'KeyError'>: 'snmp-security-engine-id'