camel-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ricardo Zanini <ricardozan...@gmail.com>
Subject Re: Bug in component camel-snmp?
Date Tue, 09 Jan 2018 12:25:08 GMT
Hi Thomas!

You're right. My intention was just to point out that duo to v3, other
aspects of the SNMP camel component interaction may change. I couldn't find
any tests with v3 [1], though. Maybe there's room for improvement or a bug
in the code.

Many thanks for your snippet, I'm going to run some tests myself with it
and report my finds to the list.

[1] -
https://github.com/apache/camel/tree/master/components/camel-snmp/src/test/java/org/apache/camel/component/snmp

Best Regards,

Zanini

On Tue, Jan 9, 2018 at 7:52 AM, Schuster, Thomas <ts.schuster@siemens.com>
wrote:

> Hi Ricardi,
>
> thanks for your answer
>
> > SNMP v3 has some differences regarding the message model [1]. Maybe
> you'll
> > need to adjust your route / processing to it, take a look into this
> answer
> > [2].
> >
> > [1] - http://www.snmp.com/products/techinfo/secmodels.shtml
> > [2] -
> > https://stackoverflow.com/questions/47764846/camel-snmp-cant-resive-
> > snmpversion-3-info/47799223#47799223
>
> First: our communication counterpart implements USM only, so I don't have
> to consider TSM.
> Second: we wanted to simply use the snmp endpoint (which should hide the
> handling of security), so we concentrated on the camel component only. Your
> second reference deals with snmp4j directly, which will be our next
> approach (and not use the camel snmp component).
>
> In my first mail I just wanted to point out that the camel-snmp component
> (especially the class org.apache.camel.component.snmp.SnmpOIDPoller) has
> at least a bug in the security handling (when snmp version3 and multiple
> sets of credentials are involved).
>
> The handling in the SnmpOIDPoller.doStart() should be similar to (NOT
> dropin compatible :-)
>
>     Address targetAddress = GenericAddress.parse(address);
>     SecurityProtocols.getInstance().addDefaultProtocols();
>
>     // add user to the USM
>     USM usm = new USM(SecurityProtocols.getInstance(), new
> OctetString(MPv3.createLocalEngineID()), 0);
>     usm.addUser(new OctetString(userName), new UsmUser(new
> OctetString(userName), AuthMD5.ID,
>         new OctetString(authPw), PrivDES.ID, new OctetString(privPw)));
>
>     MessageDispatcherImpl dispatcher = new MessageDispatcherImpl();
>
> //    dispatcher.addMessageProcessingModel(new MPv1());
> //    dispatcher.addMessageProcessingModel(new MPv2c());
>     dispatcher.addMessageProcessingModel(new MPv3(usm));
>
>     TransportMapping<?> transport = new DefaultUdpTransportMapping();
>     Snmp snmp = new Snmp(dispatcher, transport);
>
>     // create the target
>     UserTarget target = new UserTarget();
>     target.setAddress(targetAddress);
>     target.setRetries(1);
>     target.setTimeout(5000);
>     target.setVersion(SnmpConstants.version3);
>     target.setSecurityLevel(SecurityLevel.AUTH_PRIV);
>     target.setSecurityName(new OctetString(userName));
>
>     // create the PDU
>     PDU pdu = new ScopedPDU();
>     pdu.add(new VariableBinding(new OID("1.3.6")));
>     pdu.setType(PDU.GETNEXT);
>
>     // send the PDU
>     ResponseEvent response = snmp.send(pdu, target);
>
> Note the use of an individual dispatcher per Snmp object.
> This doesn't change the (singleton) USM (like in the original
> implementation) but assigns a specific USM with individual credentials to
> the snmp message processing.
>
>
> With best regards,
> Thomas Schuster
>
> >
> > Cheers!
> >
> > Zanini
> >
> > On Mon, Jan 8, 2018 at 10:20 AM, Schuster, Thomas
> > <ts.schuster@siemens.com>
> > wrote:
> >
> > > Hello,
> > >
> > > we want to use camel with multiple polling endpoints of type SNMP. The
> > > restrictions we have are:
> > > - snmp version 3 with authentication and privacy
> > > - each endpoint might have different credentials und securityName
> > (user).
> > >
> > > When we configure two endpoint with the URIs
> > >
> > > snmp:192.168.56.101:161?snmpVersion=3&type=POLL&oids=
> 1.3.6.1.2.1.7.5.1&
> > > authenticationPassphrase=11111111&authenticationProtocol=SHA1
> > > &privacyPassphrase=11111111&privacyProtocol=PrivAES128&
> > > securityName=secname111&securityLevel=3
> > >
> > > and
> > >
> > > snmp:192.168.56.102:1612?snmpVersion=3&type=POLL&oids=
> 1.3.6.1.2.1.7.5.1&
> > > authenticationPassphrase=22222222&authenticationProtocol=SHA1
> > > &privacyPassphrase=22222222&privacyProtocol=PrivAES128&
> > > securityName=secname222&securityLevel=3
> > >
> > > We get exceptions when polling the first endpoint
> > >
> > > 2018-01-08 13:05:12.124  WARN 3076 --- [.168.56.101:161]
> > > o.a.c.c.s.SnmpOIDPoller                  : Consumer Consumer[snmp://
> > >
> > 192.168.56.101:161?authenticationPassphrase=
> xxxxxx&authenticationProtocol=
> > > SHA1&oids=1.3.6.1.2.1.7.5.1&privacyPassphrase=xxxxxx&
> > > privacyProtocol=AES128&securityLevel=3&securityName=
> > > secname111&snmpVersion=3&type=POLL] failed polling endpoint:
> snmp://udp:
> > > 192.168.56.101/161. Will try again at next poll. Caused by:
> > > [org.snmp4j.MessageException - Message processing model 3 returned
> > error:
> > > Unknown security name]
> > >
> > > org.snmp4j.MessageException: Message processing model 3 returned error:
> > > Unknown security name
> > >         at org.snmp4j.MessageDispatcherImpl.sendPdu(
> > > MessageDispatcherImpl.java:520) ~[snmp4j-2.5.0.jar:?]
> > >         at org.snmp4j.Snmp.sendMessage(Snmp.java:1059)
> > > ~[snmp4j-2.5.0.jar:?]
> > >         at org.snmp4j.Snmp.send(Snmp.java:1029) ~[snmp4j-2.5.0.jar:?]
> > >         at org.snmp4j.Snmp.send(Snmp.java:1013) ~[snmp4j-2.5.0.jar:?]
> > >         at
> > org.apache.camel.component.snmp.SnmpOIDPoller.poll(
> SnmpOIDPoller.java:176)
> > > ~[camel-snmp-2.19.4.jar:2.19.4]
> > >         at org.apache.camel.impl.ScheduledPollConsumer.doRun(
> > > ScheduledPollConsumer.java:174) [camel-core-2.19.4.jar:2.19.4]
> > >         at org.apache.camel.impl.ScheduledPollConsumer.run(
> > > ScheduledPollConsumer.java:101) [camel-core-2.19.4.jar:2.19.4]
> > >         at java.util.concurrent.Executors$RunnableAdapter.call(Unknown
> > > Source) [?:1.8.0_112]
> > >         at java.util.concurrent.FutureTask.runAndReset(Unknown Source)
> > > [?:1.8.0_112]
> > >         at java.util.concurrent.ScheduledThreadPoolExecutor$
> > > ScheduledFutureTask.access$301(Unknown Source) [?:1.8.0_112]
> > >         at java.util.concurrent.ScheduledThreadPoolExecutor$
> > > ScheduledFutureTask.run(Unknown Source) [?:1.8.0_112]
> > >         at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown
> > > Source) [?:1.8.0_112]
> > >         at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown
> > > Source) [?:1.8.0_112]
> > >         at java.lang.Thread.run(Unknown Source) [?:1.8.0_112]
> > >
> > > It seems that after configuration of the second endpoint the security
> > > information of the first endpoint is not found/used anymore.
> > >
> > > Remark: in the moment I am testing without a real, running snmp server,
> > so
> > > I will not get an answer, but the exception is thrown before sending
> the
> > > request.
> > >
> > > With best regards,
> > > Thomas Schuster
> > >
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message