MIB Smithy SDK 4.6.1 Released
MIB Smithy SDK 4.6.1 is now available for download. This release fixes two issues introduced in the earlier 4.6 release.
The first was a bug introduced in the report handling whereby a synchronous SNMPv3 request returned prematurely when a report (e.g. usmStatsUnknownEngineIDs
) was returned by the agent and request reissued–the API returned and left things in an inconsistent state with the SDK still waiting for a response to the second request.
The second corrects an oversight in the new support for specifying unlocalized or localized SNMPv3 keys rather than passwords. A little background:
A handy trick for creating a new SNMP session with the same (or slightly different) configuration as an existing session is automatic expansion of a single argument to the $session configure
command, with or without an intermediate array. For example, a new session with the same settings but different timeout/retries as another can be created thus:
% array set options [$session1 configure]
% set options(-timeout) 1000
% set options(-retries) 5
% $session2 configure [array get options]
As previously implemented, arguments were processed purely in the order specified, which was fine before because there were no potential conflicts between arguments.. but the new options for [un]localized keys and existing options for passwords interact with each other (set the -authkey
property and the -authpass
property is cleared because the password is not recoverable from the key), and the result order for [array get options]
is undefined (in reality, it depends on the order of hash values for the array keys). [$session1 configure]
returns the options in the proper order, but after going through the intermediate array, they could be reordered and give the empty string precedence, and configuration would not match the source configuration.
So, the fix was to implement hard precedence rules for the order that auth/priv protocols, Engine IDs, passwords, and keys are processed from the arguments, ignoring any that aren’t a change from the existing configuration, and applied such that this design pattern works properly again (i.e., independent of the order the arguments are specified, except that if the same option is specified more than once then the last value given for that option is used).
MIB Smithy SDK 4.6 Released
MIB Smithy SDK 4.6 is now available for download. It’s been an unusually long time since the last round of releases, for which I apologize. I’d been putting a lot of time and focus into internal code refactoring and cleanup in preparation for (and part of) some new features and products in the works–changes that were extensive, but largely invisible from the Tcl API. I wanted to get things to a stable point and that took longer than I’d hoped. But now it’s a much more maintainable and reusable code base. New versions of MIB Smithy and MIB Views based on this release of the SDK will follow soon.
In addition to those internal changes, and many minor clarifications and rewording of MIB parser/validator messages that were done (but didn’t warrant a specific case), the following changes are in this release:
309: Clarify “bad option -asn1type” error
Performing an SNMP Set Request without specifying the syntax to use no longer reports an unhelpful “bad option -asn1type” error if the required MIB definition isn’t found in the database. This error came from attempting the query as if done from Tcl on the closest matching known OID (which wouldn’t support the option). Instead, the lookup is done directly and a more specific error about the actual nature problem is given.
2121: Add support for pre-localized and unlocalized keys
SNMPv3 sessions can now be configured directly with unlocalized or localized auth/priv keys, rather than requiring passwords and letting the session manage conversion to keys and key localization.
5801: Add options to CLI tools to specify keys rather than passwords
The bundled CLI tools/sample scripts now have options for specifying SNMPv3 auth/priv keys directly (localized or unlocalized), rather than only allowing passwords to be specified.
5807: Option to generate new Local Engine ID
An SNMP session’s -localengid property can now be set to an empty string to trigger a new Engine ID to be generated and assigned. Previously this required either a new session (since new sessions are given a generated default) or manually generating a value of appropriate length to be assigned.
2277: Give validator messages unique IDs
All parser and validator messages have been moved to a message table with unique IDs, which are provided in messages printed to the configured log channel and in arguments to the configured log command. The actual IDs are still subject to change with reorganization, but this allows one to (for example) implement filters to effectively disable messages that aren’t desired.
1839: ASN.1 Type Assignment with type BITS
An error is now generated at parse time when attempting to use ASN.1 Type Assignment notation (Name ::= Type) with the “BITS” construct (which is not allowed in this form), rather than just quietly correcting it.
5397: XML-SMI XSD: use xsd:token type where appropriate
The XML-SMI Schema was changed to use “xsd:token” rather than “xsd:string” for some types where appropriate. Semantically the schema is unchanged by this as “xsd:token” is a subset of “xsd:string”, but “xsd:token” more closely matches the (existing) value restrictions.
1870: Add support for MODULE-CONFORMANCE (RFC-1303)
Support was added for parsing and validating the MODULE-CONFORMANCE construct from RFC 1303 (the SMIv1 predecessor to SMIv2’s AGENT-CAPABILITIES). The XML-SMI Schema was also updated to add support.
5551: Orphans tree should not be shared
The orphans tree (where MIB definitions are indexed that have unresolved parent OID dependencies) was erroneously implemented as shared between MIB databases, which would result in index corruption when multiple databases are in use. Each MIB database now has its own orphans tree to prevent definitions from one database moving to another as loaded MIBs are changed and indexing updated.
5398: Return Unsigned32 rather than Gauge32 in response varbinds
The reported syntax in varbinds of received SNMPv2c or v3 messages for tag [APPLICATION 2] was changed from “Gauge32” to “Unsigned32”. These types are indistinguishable on the wire, but Gauge32 has specific semantics that are not applicable to every object with that tag.
5103: Configured message delay should be consistently applied
In some cases, such as in handling of SNMPv3 reports requiring a message resend, the session’s configured delay would be ignored before sending a message. The delay (if non-zero) should now be consistently applied.
5104: Retries should be treated as per-request
An SNMPv3 request could be timed out prematurely if the -retries setting was too low and the first resend after Engine ID Discovery and Time Synchronization timed out. The retry counter is now treated as number of consecutive retries with no response, rather than total messages sent (which previously counted resending due to these reports).
5505: Invoke snmpwalk callback on timeout/cancel
When using the $session walk command in asynchronous mode, the callback will now be invoked if the walk is canceled or times out. Previously there was no way to distinguish these exit modes from an async walk terminating normally.
5050: Async Tnm walk command should not return result
Using the Tnm SNMP walk command in asynchronous mode could leave an extraneous result in the interpreter from an internal function call, which would be returned as the result for the command. Interpreter state is now saved/restored so this doesn’t happen.
MIB Smithy SDK 4.5 Released
MIB Smithy SDK 4.5 is now available for download. This release brings a number of new features, improvements to the Scotty/TNM compatibility wrapper, and bug fixes. The following changes are in this release:
372: Add support for decoding KeyChange values
The [$session usm authKeyChange] and [$session usm privKeyChange] commands now accept a -direction encode|decode argument allowing KeyChange values to be decoded. If unspecified, the default is encode, which was the previous behavior.
273: oidcmp should allow record search specs
The [$db oidcmp] function no longer requires strict OIDs for comparison, but can instead take a normal record search specification, such as SNMPv2-MIB!sysDescr (where previously only sysDescr would be allowed).
5008: Return proper key/value pair on SNMP timeout/cancel
When issuing an SNMP request without a callback, a timeout or cancel would result in “timeout” or “cancelled” being returned as the result, rather than a proper key/value pair like a normal result, which required a check before using the result as a dictionary or list for [array set]. It will now return “-status timeout” or “-status cancelled” as it would with a callback.
5006: Add format for TimeTicks values
The [$db format] command now has a default format for TimeTicks values to render them as “Nd HH:MM:SS.ss” (days, hours, minutes, seconds, deciseconds) rather than leaving them as an integer value. This can be disabled with the -ticksformat option specified either to the format command or configured globally for the database.
5007: Add support for session config aliases
Support for session config aliases has been added both for Scotty/TNM compatibility and natively. Aliases allow defining a named set of options (through the [$session alias] command) that can be assigned to a session by specifying the alias (e.g. [$session configure -alias $aliasname]). Additionally, the native version allows using aliases for overriding session configuration for individual SNMP requests (e.g. [$session next -alias $aliasname 0.0]).
5057: Allow single subid with oidcmp
The [$db oidcmp] function no longer requires a minimum of two subidentifiers in each OID to be compared. Allowing a single subidentifier makes it possible, for example, to check if a given OID is a subtree if iso(1).
5056: Suppress unnecessary lookups with oidcmp
The [$db oidcmp] function will no longer perform a database lookup for a given OID if it is not necessary because all subidentifiers are provided. This allows OIDs to be compared (without error) even if they are unknown or ambiguous due to multiple MIB definitions being loaded for the OID.
5010: Support for send/recv bind events
The [$session bind] command can now take a -send or -recv option to specify a callback to be invoked for all messages sent or received, respectively, including any reports and retries that are otherwise handled transparently at the Tcl level. A -dir key (value “send” or “recv”) is added to the callback arguments to indicate which, in case both are bound to call the same function. Support for the similar feature was added to the Scotty/TNM compatibility wrapper.
5046: More reliable methods to get Host IDs on Unix
Another/new method is used to determine Host IDs on FreeBSD, Linux and Mac OS X. This method should be able to see interfaces that are disconnected or unconfigured. In some cases, these were previously not seen, which could be a hassle for multi-homing or laptop use with no active network connection.
4767: Add environment variable for default MIB search path
The SMITHY_MIB_PATH environment variable can now be set to specify one or more directories that the [$db import] command should search when given a relative path for a MIB file to be imported that can not be found from the current directory (e.g. [$db import -filename “IF-MIB.mib”] would now work from anywhere provided the mibs/IETF directory is in SMITHY_MIB_PATH). Similarly, the $tnm(library)/site and $tnm(library)/mibs directories are now searched by the Scotty/TNM compatibility wrapper’s [mib load] command.
5009: Exceptions reversed in scotty-compat varbinds
The format for SNMPv2/v3 exceptions in varbinds returned by Scotty/TNM compatibility wrapper was using the native format, which uses NULL for the syntax and the exception for the value (e.g. {{2.0 NULL endOfMibView}}), whereas the proper Scotty/TNM format has the exception for syntax and 0 or empty string for value (e.g. {{2.0 endOfMibView 0}}). The wrapper now uses the proper format for proper compatibility. However, since many users may have adapted their code to use the SDK’s exception format but not yet native APIs, the global tnm(tnmexcept) variable can be set to false to continue using the SDK’s exception format and preserve compatibility with their code.
5061: smilib find command should not error with no matches
The [$db find] command will now return an empty list rather than generate an error if no matches are found for the given search specification.
5080: Disallow session binding trap port that’s already in use
The SO_REUSEADDR option will no longer be set on the a session’s trap receiver socket. The intent of adding it (in SDK 4.0) was to allow multiple sessions or processes to each receive traps on the same port, but it doesn’t work that way and behavior was inconsistent between platforms (typically the result was the first one to bind would quietly stop receiving traps when the second binding was made). As with pre-4.0 it will now generate an error if trying to bind to a port that’s already in use.
4806: Warning for tables with only accessible-for-notify columns
It is now a warning rather than an error if at least one column of a table is accessible-for-notify and all others not-accessible, rather than an error as it is for all columns to be not-accessible. There is one IETF standard MIB (RAQMON-RDS-MIB) where this is used, so accessible-for-notify should be sufficient to satisfy RFC2578 section 7.7 requirement that at least one column be accessible.
MIB Smithy SDK 4.4.3 Released
MIB Smithy SDK 4.4.3 is now available for Download. Changes in this release:
4804: Update bundled MIBs
Bundled IETF MIBs have been updated or added from RFCs 4004 through 6672, and IANA MIBs as of 07/23/2012.
4805: parse error in hyphenated enumeration comments
In a rare corner case (one out of all the MIBs bundled), a multiply-hyphenated word in a comment following the comma after an enumeration value could cause a parse error.
4802: Wrong contextEngineID in responses to SNMPv3 informs
The Response PDU returned to an SNMPv3 Inform Request sender was including the local Engine ID for contextEngineID, as with msgAuthoritativeEngineID, instead of the Inform sender’s. The contextName and contextEngineID in the response are now taken from the Inform Request.
4803: rfc2mib.tcl may generate wrong filename
When using the -s option to generate separate module files with rfc2mib tool (for extracting MIB/PIB modules from RFC documents), it could sometimes get confused by comments prior to the module header and use a word from the comment rather than the actual module name for the generated file name.
MIB Smithy SDK 4.4.2 Released
4.4.1 is a minor update to correct an issue that was introduced in the earlier 4.4 release. Some of the rework that was done to add support for receiving SNMPv3 auth/priv Inform Requests to allow specifying the contextName and contextEngineID in SNMPv3 messages caused the snmp walk command to not properly re-encode messages after the first successful get-next, resulting the same PDU being sent (and responded to), but a different request-id expected. The result of this was that the snmp walk command would time out and only return one result. The patch corrects the issue so the walk command works properly again.
4.4.2 corrected another issue in which some code cleanup/refactoring introduced the possibility of an infinite loop in some of the Tnm/Scotty compatibility functions when using doing MIB database look-ups by name.