SnmpSharpNet icon indicating copy to clipboard operation
SnmpSharpNet copied to clipboard

Published 20 hours ago verified publisher icon rqx110

Does not support SNMPv2 per RFC

Open Inferno-83 opened this issue 2 years ago • 2 comments
trafficstars

The original RFC 1157 (SNMP v1) has a restriction in section 4.1 that states a sender shall expect any reply message to come from the same address and port as the original packet was sent to (refer to page 17 and 18).

4.1. Elements of Procedure This section describes the actions of a protocol entity implementing the SNMP. Note, however, that it is not intended to constrain the internal architecture of any conformant implementation. In the text that follows, the term transport address is used. In the case of the UDP, a transport address consists of an IP address along with a UDP port. Other transport services may be used to support the SNMP. In these cases, the definition of a transport address should be made accordingly. ... (4) The protocol entity then performs a rudimentary parse on the ASN.1 object returned from the authentication service to build an ASN.1 object corresponding to an ASN.1 PDUs object. If the parse fails, it discards the datagram and performs no further actions. Otherwise, using the named SNMP community, the appropriate profile is selected, and the PDU is processed accordingly. If, as a result of this processing, a message is returned then the source transport address that the response message is sent from shall be identical to the destination transport address that the original request message was sent to.

Currently SnmpSharpNet enforces this in the UdpTrasnport class. https://github.com/rqx110/SnmpSharpNet/blob/69720bd6de950849b0b951ac1a1ee83fe13ddc07/UdpTransport.cs#L181-L191

However RFC 1901 changed this for SNMP v2 (top of page 5).

(3) The requirement in the Elements of Procedure in Section 4.1 of [9] that the "the source transport address that a response message is sent from shall be identical to the destination transport address that the original request message was sent to" is deleted, i.e., the source transport address of a response message can be any transport address belonging to the agent.

Essentially the current library does not conform to SNMP v2 to allow packets to be returned on a different port. However it would still be useful to restrict this if so desired.

Suggestions:

  • Split the DisableReplySourceCheck on AgentParameters to two properties or an enum as you could check None, IP Only, or IP and Port.
  • Expose a property on SimpleSnmp that allows control on checking source address, pass through to the AgentParemeters. Or consider adding a factory for AgentParameter creation, or virtual protected method on SimpleSnmp for creating AgentParameters that can be derived from.
  • UdpTarget to set the required flags back onto UdpTransport
  • UdpTransport to perform the correct checks per the enum.

Inferno-83 avatar Mar 22 '23 02:03 Inferno-83

RFC 1901 is Experimental, which means the vendors have their freedom to implement it or not.

lextm avatar Mar 22 '23 02:03 lextm

@lextm - fair point, although it would be useful if the library could be optionally tolerant of it.

Inferno-83 avatar Mar 23 '23 02:03 Inferno-83