当我使用SNMP4J模拟snmpv3的GET PDU时,我发现虽然我向变量绑定列表添加了一个不存在的OID,但我仍然得到一个有效的响应。
但是当协议版本是v1时,我得到错误代码2,意思是'no such name'。
当协议版本为v2c时,我没有GET ERROR,并且返回vb列表大小为1,并且列表(0)变量绑定的语法是exception,表示"没有这样的对象"。
因此,当使用v1或v2c时,我可以弄清楚它是否存在,但当它是v3时,我得到以下响应:
SNMP-USER-BASED-SM-MIB::usmStatsUnknownEngineIDs.0 = Counter32: xx
**xx是一个数字
代码是:
import org.snmp4j.*;
import org.snmp4j.event.ResponseEvent;
import org.snmp4j.mp.SnmpConstants;
import org.snmp4j.security.*;
import org.snmp4j.smi.*;
import org.snmp4j.transport.DefaultUdpTransportMapping;
import static org.snmp4j.mp.MPv3.createLocalEngineID;
/**
*
* Following syntax may helpfull: SMIConstants
* public static final int EXCEPTION_NO_SUCH_OBJECT = BER.NOSUCHOBJECT;
* public static final int EXCEPTION_NO_SUCH_INSTANCE = BER.NOSUCHINSTANCE;
* public static final int EXCEPTION_END_OF_MIB_VIEW = BER.ENDOFMIBVIEW;
*
* give a string and test whether it exists or not
*
* Conclusions:
* (1)When the op is GET,
* V1:
* errorcode at pdu, AND IS 2, MEANS "no such name"
* V2C:
* NOT GET ERROR, and returned vb list size is 1, and the list(0) Null.isExceptionSyntax(vb.getSyntax()) == true // means "no such object"
* V3:
* NOT GET ERROR, like this : SNMP-USER-BASED-SM-MIB::usmStatsUnknownEngineIDs.0 = Counter32: 23
* returned varbingds : 1.3.6.1.6.3.15.1.1.3.0 = xxx
* (2)When the op is GETNEXT:
* V1:
* errorcode at pdu, AND IS 2, MEANS "no such name"
* V2C:
* NOT GET ERROR, and returned vb list size is 1, and the list(0) Null.isExceptionSyntax(vb.getSyntax()) == true // means "endOfMibView"
* V3:
* NOT GET ERROR, like this : SNMP-USER-BASED-SM-MIB::usmStatsUnknownEngineIDs.0 = Counter32: 23
* (3)When the op is GETBULK:
*
* Created by edward.gao on 8/9/16.
*/
public class TestOidExists {
private static final String _V1_OR_V2_COMMUNITYNAME= "public";
private static final String _V3_USERNAME = "edward";
/**
* authentication protocol MD5 or SHA
*/
private static final String _V3_AUTHENTICATION_PASSPHRASE = "auth12345678";
/**
* privacy protocol DES OR AES
*/
private static final String _V3_PRIVACY_PASSPHRASE = "encry12345678";
public static void main(String[] args) throws Exception{
final String addrString= "udp:192.168.170.150/161";
byte [] localEngineID = createLocalEngineID();
//version3 need usm
USM usm = new USM(SecurityProtocols.getInstance(),new OctetString(localEngineID), 0);
SecurityModels.getInstance().addSecurityModel(usm);
Snmp snmp = new Snmp(new DefaultUdpTransportMapping());
snmp.listen();
String [] oids = new String[] {/*".1.3.6.1.2.1.1.5.0", ".1.3.6.1.2.1.25.6.3.1.2", ".1.3.6.1.2.1.1.5",*/ ".1.3.999"};
String [] types = new String[]{ "get","getnext", "getbulk"};
for (String oid : oids)
{
for (String type : types) {
System.out.println(String.format("VERSION IS 3, oid:%s result: %d", oid, typeOfOID(oid, snmp, SnmpConstants.version3, type)));
System.out.println(String.format("VERSION IS 2, oid:%s result: %d", oid, typeOfOID(oid, snmp, SnmpConstants.version2c, type)));
System.out.println(String.format("VERSION IS 1, oid:%s result: %d", oid, typeOfOID(oid, snmp, SnmpConstants.version1, type)));
}
}
}
/**
* get the type of matched oid string
* @param oid
* @param snmp
* @return -1 : not exist , 0, leaf, 1, tree
*/
public static int typeOfOID(String oid , Snmp snmp, int version, String typeString) throws Exception
{
boolean isv3 = version == SnmpConstants.version3;
//build a client
Address addr = GenericAddress.parse("192.168.170.150/161");
Target target = null;
if (isv3) {
UsmUser usmUser = new UsmUser(new OctetString(_V3_USERNAME),
AuthMD5.ID,
new OctetString(_V3_AUTHENTICATION_PASSPHRASE),
PrivDES.ID,
new OctetString(_V3_PRIVACY_PASSPHRASE)
);
snmp.getUSM().addUser(usmUser);
target = new UserTarget();
}
else
{
target = new CommunityTarget();
//the default version is 3
if (version == SnmpConstants.version2c)
{
target.setVersion(SnmpConstants.version2c);
}
else
{
target.setVersion(SnmpConstants.version1);
}
((CommunityTarget)target).setCommunity(new OctetString("public"));
}
target.setAddress(addr);
target.setRetries(2);
target.setTimeout(30000);
int type = typeString.equalsIgnoreCase("get") ? PDU.GET : (typeString.equalsIgnoreCase("getnext") ? PDU.GETNEXT : PDU.GETBULK);
System.out.println("Using version " + (version == SnmpConstants.version1 ? "v1" :(version == SnmpConstants.version2c ? "v2c " : "v3 ")) + " type:" + typeString);
PDU pdu = version == SnmpConstants.version3 ? new ScopedPDU() : new PDU();
pdu.setType(type);
pdu.add(new VariableBinding(new OID(oid)));
pdu.setRequestID(new Integer32(0));
ResponseEvent responseEvent = snmp.send(pdu, target);
if (responseEvent.getError() == null)
{
PDU responsePdu = responseEvent.getResponse();
if (responsePdu.getErrorStatus() == 0)
{
responsePdu.getVariableBindings().forEach(vb ->System.out.print(vb + " " + Null.isExceptionSyntax(vb.getSyntax())));
System.out.println();
//leaf get only one, other get more than one
return responsePdu.getVariableBindings().size() == 1 ? 0 : 1;
}
else
{
System.out.println("error code at pdu," + responsePdu.getErrorStatus() + " text:" + responsePdu.getErrorStatusText() + " index:" + responsePdu.getErrorIndex());
}
}
else
{
System.out.println("error happend,");
responseEvent.getError().printStackTrace();
}
return -1;
}
}
我的问题是:
(1) v3的这种行为是否正确实现?为什么没有出现错误?
(2)如何使用SNMP4J测试OID是否存在?
您正在接收所谓的SNMP REPORT PDU。agent从管理器接收到请求PDU,确定engine_id、engine_boots、engine_time等重要的安全属性缺失,并发回REPORT通知管理器。管理器应该完全按照https://www.rfc-editor.org/rfc/rfc5343中详细描述的所谓的SNMP引擎发现过程来处理REPORT PDU。
对于问题1,当我设置securityName &userTarget的安全级别,它工作正常。
userTarget.setSecurityName(new OctetString(_V3_USERNAME));
userTarget.setSecurityLevel(SecurityLevel.AUTH_PRIV);
所以对于问题2,和版本1一样&现在2 c。
参考文献:rfc3414:3)如果msgauthorativeengineid字段的值securityParameters未知:a)执行发现的非权威SNMP引擎可选地在其本地配置中创建一个新条目数据存储(LCD)和继续处理;或b) usmStatsUnknownEngineIDs计数器增加,并增加一个错误指示(unknownEngineID)以及OID和递增计数器的值返回给调用模块。