diff options
author | syrinx <syrinx@FreeBSD.org> | 2010-12-20 17:13:14 +0000 |
---|---|---|
committer | syrinx <syrinx@FreeBSD.org> | 2010-12-20 17:13:14 +0000 |
commit | cdf73327e5ede68524c23f9fb281bbbd7c771b07 (patch) | |
tree | 5b7dd1db00389b1d0504f34a299b48339c9b9aac /contrib/bsnmp/snmpd/snmpmod.3 | |
parent | 0f810ef0a25b4d64ffe05b47b5dfd30d73167b71 (diff) | |
download | FreeBSD-src-cdf73327e5ede68524c23f9fb281bbbd7c771b07.zip FreeBSD-src-cdf73327e5ede68524c23f9fb281bbbd7c771b07.tar.gz |
Bring in a SNMP module that allows configuration of SNMPv3 Notification targets.
Sponsored by: The FreeBSD Foundation
Reviewed by: philip
Approved by: philip
Diffstat (limited to 'contrib/bsnmp/snmpd/snmpmod.3')
-rw-r--r-- | contrib/bsnmp/snmpd/snmpmod.3 | 163 |
1 files changed, 161 insertions, 2 deletions
diff --git a/contrib/bsnmp/snmpd/snmpmod.3 b/contrib/bsnmp/snmpd/snmpmod.3 index a142069..38b3cf1 100644 --- a/contrib/bsnmp/snmpd/snmpmod.3 +++ b/contrib/bsnmp/snmpd/snmpmod.3 @@ -31,7 +31,7 @@ .\" .\" $Begemot: bsnmp/snmpd/snmpmod.3,v 1.14 2005/10/04 13:30:35 brandt_h Exp $ .\" -.Dd September 9, 2010 +.Dd December 19, 2010 .Dt SNMPMOD 3 .Os .Sh NAME @@ -83,6 +83,7 @@ .Nm snmp_output , .Nm snmp_send_port , .Nm snmp_send_trap , +.Nm snmp_pdu_auth_access .Nm string_save , .Nm string_commit , .Nm string_rollback , @@ -102,6 +103,7 @@ .Nm index_compare_off , .Nm index_append , .Nm index_append_off, +.Nm snmpd_usmstats, .Nm bsnmpd_get_usm_stats, .Nm bsnmpd_reset_usm_stats, .Nm usm_first_user, @@ -111,6 +113,25 @@ .Nm usm_delete_user, .Nm usm_flush_users, .Nm usm_user +.Nm snmpd_target_stat +.Nm bsnmpd_get_target_stats +.Nm target_first_address +.Nm target_next_address +.Nm target_new_address +.Nm target_activate_address +.Nm target_delete_address +.Nm target_first_param +.Nm target_next_param +.Nm target_new_param +.Nm target_delete_param +.Nm target_first_notify +.Nm target_next_notify +.Nm target_new_notify +.Nm target_delete_notify +.Nm target_flush_all +.Nm target_address +.Nm target_param +.Nm target_notify .Nd "SNMP daemon loadable module interface" .Sh LIBRARY Begemot SNMP library @@ -201,6 +222,8 @@ Begemot SNMP library .Fc .Ft void .Fn snmp_send_trap "const struct asn_oid *oid" "..." +.Ft enum snmp_code +.Fn snmp_pdu_auth_access "struct snmp_pdu *pdu" "int32_t *ip" .Ft int .Fn string_save "struct snmp_value *val" "struct snmp_context *ctx" "ssize_t req_size" "u_char **strp" .Ft void @@ -239,6 +262,7 @@ Begemot SNMP library .Fn index_append "struct asn_oid *dst" "u_int sub" "const struct asn_oid *src" .Ft void .Fn index_append_off "struct asn_oid *dst" "u_int sub" "const struct asn_oid *src" "u_int off" +.Vt extern struct snmpd_usmstat snmpd_usmstats ; .Ft struct snmpd_usmstat * .Fn bsnmpd_get_usm_stats "void" .Ft void @@ -256,6 +280,36 @@ Begemot SNMP library .Ft void .Fn usm_flush_users "void" .Vt extern struct usm_user *usm_user; +.Ft struct snmpd_target_stats * +.Fn bsnmpd_get_target_stats "void" +.Ft struct target_address * +.Fn target_first_address "void" +.Ft struct target_address * +.Fn target_next_address "struct target_address *" +.Ft struct target_address * +.Fn target_new_address "char *" +.Ft int +.Fn target_activate_address "struct target_address *" +.Ft int +.Fn target_delete_address "struct target_address *" +.Ft struct target_param * +.Fn target_first_param "void" +.Ft struct target_param * +.Fn target_next_param "struct target_param *" +.Ft struct target_param * +.Fn target_new_param "char *" +.Ft int +.Fn target_delete_param "struct target_param *" +.Ft struct target_notify * +.Fn target_first_notify "void" +.Ft struct target_notify * +.Fn target_next_notify "struct target_notify *" +.Ft struct target_notify * +.Fn target_new_notify "char *" +.Ft int +.Fn target_delete_notify "struct target_notify *" +.Ft void +.Fn target_flush_all "void" .Vt extern const struct asn_oid oid_usmUnknownEngineIDs; .Vt extern const struct asn_oid oid_usmNotInTimeWindows; .Sh DESCRIPTION @@ -603,7 +657,7 @@ struct usm_user { struct snmp_user suser; uint8_t user_engine_id[SNMP_ENGINE_ID_SIZ]; uint32_t user_engine_len; - char user_public[SNMP_USM_NAME_SIZ]; + char user_public[SNMP_ADM_STR32_SIZ]; uint32_t user_public_len; int32_t status; int32_t type; @@ -640,6 +694,103 @@ and or .Li NULL if an user with the specified name and engine id is not present in the list. +.Ss THE MANAGEMENT TARGET GROUP +The Management Target group holds target address information used when sending +SNMPv3 notifications. +.Pp +The scalar statistics of the Management Target group are held in the global +variable +.Va snmpd_target_stats : +.Bd -literal -offset indent +struct snmpd_target_stats { + uint32_t unavail_contexts; + uint32_t unknown_contexts; +}; +.Ed +.Fn bsnmpd_get_target_stats +returns a pointer to the global structure containing the statistics. +.Pp +Three global lists of configured management target addresses, parameters and +notifications respectively are maintained by the daemon. +.Bd -literal -offset indent +struct target_address { + char name[SNMP_ADM_STR32_SIZ]; + uint8_t address[SNMP_UDP_ADDR_SIZ]; + int32_t timeout; + int32_t retry; + char taglist[SNMP_TAG_SIZ]; + char paramname[SNMP_ADM_STR32_SIZ]; + int32_t type; + int32_t socket; + int32_t status; + SLIST_ENTRY(target_address) ta; +}; +.Ed +This structure represents a SNMPv3 Management Target address. Each time a SNMP +TRAP is send the daemon will send the Trap to all active Management Target +addresses in its global list. +.Bd -literal -offset indent +struct target_param { + char name[SNMP_ADM_STR32_SIZ]; + int32_t mpmodel; + int32_t sec_model; + char secname[SNMP_ADM_STR32_SIZ]; + enum snmp_usm_level sec_level; + int32_t type; + int32_t status; + SLIST_ENTRY(target_param) tp; +}; +.Ed +This structure represents the information used to generate SNMP messages to the +associated SNMPv3 Management Target addresses. +.Bd -literal -offset indent +struct target_notify { + char name[SNMP_ADM_STR32_SIZ]; + char taglist[SNMP_TAG_SIZ]; + int32_t notify_type; + int32_t type; + int32_t status; + SLIST_ENTRY(target_notify) tn; +}; +.Ed +This structure represents Notification Tag entries - SNMP notifications are sent +to the Target address for each entry in the Management Target Address list that +has a tag matching the specified tag in this structure. +.Pp +The daemon does not create or remove entries in the Management Target group +lists, it gives an interface to external loadable module(s) to manage the lists. +.Fn target_new_address +adds a target address entry, and +.Fn target_delete_address +deletes an existing entry from the target address list. +.Fn target_activate_address +creates a socket associated with the target address entry so that SNMP +notifications may actually be send to that target address. +.Fn target_first_address +will return a pointer to the first target address entry in the list, while +.Fn target_next_address +will return a pointer to the next target address of a given entry if one exists. +.Fn target_new_param +adds a target parameters' entry, and +.Fn target_delete_param +deletes an existing entry from the target parameters list. +.Fn target_first_param +will return a pointer to the first target parameters' entry in the list, while +.Fn target_next_param +will return a pointer to the next target parameters of a given entry if one +exists. +.Fn target_new_notify +adds a notification target entry, and +.Fn target_delete_notify +deletes an existing entry from the notification target list. +.Fn target_first_notify +will return a pointer to the first notification target entry in the list, while +.Fn target_next_notify +will return a pointer to the next notification target of a given entry if one +exists. +.Fn target_flush_all +is used to remove all configured data from the three global Management Target +Group lists. .Ss WELL KNOWN OIDS The global variable .Va oid_zeroDotZero @@ -840,6 +991,14 @@ The arguments are the identifying the trap and a NULL-terminated list of .Vt struct snmp_value pointers that are to be inserted into the trap binding list. +.Fn snmp_pdu_auth_access +verifies whether access to the object IDs contained in the +.Fa pdu + should be granted or denied, according to the configured View-Based Access +rules. +.Fa ip +contains the index of the first varbinding to which access was denied, or 0 if +access to all varbindings in the PDU is granted. .Ss SIMPLE ACTION SUPPORT For simple scalar variables that need no dependencies a number of support functions is available to handle the set, commit, rollback and get. |