def setup_snmp():
"""Configure SNMP server listener"""
transport_dispatcher = AsynsockDispatcher()
transport_dispatcher.registerRecvCbFun(snmp_trap_receiver)
# UDP/IPv4
transport_dispatcher.registerTransport(
udp.domainName,
udp.UdpSocketTransport().openServerMode(('0.0.0.0', 162)))
# UDP/IPv6
transport_dispatcher.registerTransport(
udp6.domainName,
udp6.Udp6SocketTransport().openServerMode(('::1', 162)))
transport_dispatcher.jobStarted(1)
try:
# Dispatcher will never finish as job#1 never reaches zero
transport_dispatcher.runDispatcher()
except:
transport_dispatcher.closeDispatcher()
raise
def testtrapv2(self):
'''testtrapv2'''
# Traps have quite different semantics among proto versions
if verID == api.protoVersion2c:
var = []
oid = (1, 3, 6, 1, 4, 1, 2011, 2, 235, 1, 1, 4, 1, 0)
# 1.3.6.1.4.1.2011.2.235.1.1.15.50.1.5(cpuClockRate).0
# 1.3.6.1.4.1.2011.2.235.1.1.4.1.0 trapEnable
val = pMod.Integer(1)
var.append((oid, val))
pMod.apiTrapPDU.setVarBinds(trapPDU, var)
# Build message
trapMsg = pMod.Message()
pMod.apiMessage.setDefaults(trapMsg)
pMod.apiMessage.setCommunity(trapMsg, community)
pMod.apiMessage.setPDU(trapMsg, trapPDU)
transportDispatcher = AsynsockDispatcher()
transportDispatcher.registerTransport(
udp.domainName,
udp.UdpSocketTransport().openClientMode())
# 本机测试使用localhost,应为对应trap server 的IP地址。
transportDispatcher.sendMessage(encoder.encode(trapMsg),
udp.domainName, (trapdip, 162))
transportDispatcher.runDispatcher()
transportDispatcher.closeDispatcher()
self.assertTrue(True)
def define_request(source, ip, community, snmp_version, fileconfname, pathfile,
protocol, srvprovision, enableconfstart, urlfirmware,
enablereboot):
if snmp_version == '2c':
communityData = CommunityData(community, mpModel=1)
if snmp_version == '1':
communityData = CommunityData(community, mpModel=0)
if source:
assd = AsynsockDispatcher()
sock_transport = udp.UdpSocketTransport()
sock_transport.socket.setsockopt(socket.SOL_SOCKET, 25, source + '\0')
snmp_engine = engine.SnmpEngine()
assd.registerTransport(udp.domainName, sock_transport)
snmp_engine.registerTransportDispatcher(assd)
else:
snmp_engine = engine.SnmpEngine()
varBind = []
result = []
for errorIndication, errorStatus, errorIndex, varBinds in setCmd(
snmp_engine, communityData, UdpTransportTarget((ip, 161)),
ContextData(),
ObjectType(
ObjectIdentity(
'1.3.6.1.4.1.4935.1000.100.200.100.800.1.100.100.0'),
OctetString(fileconfname)),
ObjectType(
ObjectIdentity(
'.1.3.6.1.4.1.4935.1000.100.200.100.800.1.100.300.0'),
OctetString(pathfile)),
ObjectType(
ObjectIdentity(
'.1.3.6.1.4.1.4935.1000.100.200.100.800.1.100.400.100.0'),
Integer32(protocol)),
ObjectType(
ObjectIdentity(
'.1.3.6.1.4.1.4935.1000.100.200.100.800.1.100.400.400.0'),
OctetString(srvprovision)),
ObjectType(
ObjectIdentity(
'.1.3.6.1.4.1.4935.1000.100.200.100.800.1.100.500.100.0'),
Integer32(enableconfstart)),
ObjectType(
ObjectIdentity(
'.1.3.6.1.4.1.4935.1000.100.200.100.1300.1.450.0'),
OctetString(urlfirmware)),
ObjectType(
ObjectIdentity(
'.1.3.6.1.4.1.4935.1000.100.200.100.1300.1.500.0'),
Integer32(enablereboot))):
varBind.append(varBinds)
for i in varBinds:
i = str(i)
i = i.split('=')[1]
result.append(i)
# result.append(str(i))
# varBind = varBind.split('=')[1]
# result.append(varBind)
return result
def main(options, args):
logname = 'summit_ups'
logger = ssdlog.make_logger(logname, options)
power_off = 'obcpPoff'
power_off = os.path.join(options.dir, power_off)
try:
os.remove(power_off)
except Exception as e:
logger.warn('warn: is %s there?? %s' % (power_off, e))
snmp = SnmpTrap(power_off, logger)
try:
transportDispatcher = AsynsockDispatcher()
transportDispatcher.registerTransport(
udp.domainName,
udp.UdpSocketTransport().openServerMode(
('%s' % options.mgrhost, 162)))
transportDispatcher.registerRecvCbFun(snmp.trap_cb)
transportDispatcher.jobStarted(1) # this job would never finish
transportDispatcher.runDispatcher()
except KeyboardInterrupt:
logger.info('keyboard interrupting...')
snmp.ev_quit.set()
except Exception as e:
logger.error('error: %s' % e)
snmp.ev_quit.set()
logger.error('error: snmp trap terminated..')
def send(self, host, community, oid, value):
self.pMod.apiPDU.setDefaults(self.reqPDU)
self.pMod.apiPDU.setVarBinds(
self.reqPDU,
((oid, self.pMod.OctetString(value)),
)
)
# Build message
reqMsg = self.pMod.Message()
self.pMod.apiMessage.setDefaults(reqMsg)
self.pMod.apiMessage.setCommunity(reqMsg, community)
self.pMod.apiMessage.setPDU(reqMsg, self.reqPDU)
transportDispatcher = AsynsockDispatcher()
transportDispatcher.registerRecvCbFun(self.cbRecvFun)
transportDispatcher.registerTimerCbFun(self.cbTimerFun)
# UDP/IPv4
transportDispatcher.registerTransport(
udp.domainName, udp.UdpSocketTransport().openClientMode()
)
# Pass message to dispatcher
transportDispatcher.sendMessage(
encoder.encode(reqMsg), udp.domainName, (host, 161)
)
transportDispatcher.jobStarted(1)
# Dispatcher will finish as job#1 counter reaches zero
transportDispatcher.runDispatcher()
transportDispatcher.closeDispatcher()
def receive_trap(self):
transportDispatcher = AsynsockDispatcher()
transportDispatcher.registerRecvCbFun(cbFun)
# UDP/IPv4
transportDispatcher.registerTransport(
udp.domainName, udp.UdpSocketTransport().openServerMode(('192.168.115.187', 162))
)
# UDP/IPv6
transportDispatcher.registerTransport(
udp6.domainName, udp6.Udp6SocketTransport().openServerMode(('::1', 162))
)
transportDispatcher.jobStarted(1)
try:
# Dispatcher will never finish as job#1 never reaches zero
print('run dispatcher')
transportDispatcher.runDispatcher()
except:
transportDispatcher.closeDispatcher()
raise
def runDispatcherFunction():
transportDispatcher = AsynsockDispatcher()
transportDispatcher.registerRecvCbFun(cbFun)
# UDP/IPv4
transportDispatcher.registerTransport(
udp.domainName,
udp.UdpSocketTransport().openServerMode(('', 162))
# if test.py is running inside a container named "ra", the traps messages will be for exampleL:
#snmptrap -v2c -c public ra:162 '' SNMPv2-MIB::coldStart.0 SNMPv2-MIB::sysContact.0 s 'trap testing number #7'
)
# UDP/IPv6
#transportDispatcher.registerTransport(
# udp6.domainName, udp6.Udp6SocketTransport().openServerMode(('::1', 162))
#)
transportDispatcher.jobStarted(1)
try:
# Dispatcher will never finish as job#1 never reaches zero
print('run dispatcher')
transportDispatcher.runDispatcher()
except:
transportDispatcher.closeDispatcher()
raise
def query(self, oidCountersDict):
resultsDict = dict()
# SNMP protocol version to use
pMod = api.protoModules[api.protoVersion1]
# Build PDU
reqPDU = pMod.GetRequestPDU()
pMod.apiPDU.setDefaults(reqPDU)
# Create a tuple of OIDs tuples
oidList = list()
for oid in oidCountersDict.values():
oidList.append((oid, pMod.Null()))
OIDs = tuple(oidList)
pMod.apiPDU.setVarBinds(reqPDU, (OIDs))
# Build message
reqMsg = pMod.Message()
pMod.apiMessage.setDefaults(reqMsg)
pMod.apiMessage.setCommunity(reqMsg, 'public')
pMod.apiMessage.setPDU(reqMsg, reqPDU)
def cbTimerFun(timeNow, startedAt=time()):
if timeNow - startedAt > self.snmpTimeout:
transportDispatcher.jobFinished(1)
raise SNMPTimeOutError("The host %s has not responded in the specified timeout of %ss!" % (self.host, self.snmpTimeout))
def cbRecvFun(transportDispatcher, transportDomain, transportAddress, wholeMsg, reqPDU=reqPDU):
while wholeMsg:
rspMsg, wholeMsg = decoder.decode(wholeMsg, asn1Spec=pMod.Message())
rspPDU = pMod.apiMessage.getPDU(rspMsg)
# Match response to request
if pMod.apiPDU.getRequestID(reqPDU)==pMod.apiPDU.getRequestID(rspPDU):
# Check for SNMP errors reported
errorStatus = pMod.apiPDU.getErrorStatus(rspPDU)
if errorStatus:
print errorStatus.prettyPrint()
raise SNMPoIDNotSupported("%s: An requested OID is not supported by this device!" % errorStatus.prettyPrint())
else:
for oid, val in pMod.apiPDU.getVarBinds(rspPDU):
#print '%s = %s' % (oid.prettyPrint(), val)
resultsDict[str(oid)] = str(val)
transportDispatcher.jobFinished(1)
return wholeMsg
transportDispatcher = AsynsockDispatcher()
transportDispatcher.registerTransport(udp.domainName, udp.UdpSocketTransport().openClientMode())
transportDispatcher.registerRecvCbFun(cbRecvFun)
transportDispatcher.registerTimerCbFun(cbTimerFun)
transportDispatcher.sendMessage(encoder.encode(reqMsg), udp.domainName, (self.host, int(self.port)))
transportDispatcher.jobStarted(1)
transportDispatcher.runDispatcher()
transportDispatcher.closeDispatcher()
return resultsDict
def _init_dispatcher(self):
self.log("init snmp_session object")
self.__disp = AsynsockDispatcher()
self.__disp.registerTransport(
udp.domainName,
udp.UdpSocketTransport().openClientMode())
self.__disp.registerRecvCbFun(self._recv_func)
self.__disp.registerTimerCbFun(self._timer_func)
self.v1_decoder = api.protoModules[api.protoVersion1]
self.v2c_decoder = api.protoModules[api.protoVersion2c]
def __init__(self, zmq_core, logger):
self.zmq_core = zmq_core
self.logger = logger
self.scheduler = SNMPScheduler(logger=logger)
self.transport_dispatcher = AsynsockDispatcher()
self.transport_dispatcher.setSocketMap(zmq_core.socket_map)
snmp_engine = engine.SnmpEngine()
snmp_engine.registerTransportDispatcher(self.transport_dispatcher)
self.cmd_gen = cmdgen.AsynCommandGenerator(snmpEngine=snmp_engine)
def Send_GetSystemPDUName(reqMsg, hostname, port=161):
transportDispatcher = AsynsockDispatcher()
transportDispatcher.registerTransport(
udp.domainName,
udp.UdpSocketTransport().openClientMode())
transportDispatcher.registerRecvCbFun(cbRecvFun)
transportDispatcher.registerTimerCbFun(cbTimerFun)
transportDispatcher.sendMessage(encoder.encode(reqMsg), udp.domainName,
(hostname, 161))
transportDispatcher.jobStarted(1)
transportDispatcher.runDispatcher()
transportDispatcher.closeDispatcher()
def run(self):
"""Run the sensor on its own thread"""
# Check for debug mode being activated/deactivated
self._read_my_msgQ_noWait()
try:
self._log_debug("Start processing")
# Create MIB loader to lookup oids sent in traps
self._mib_builder()
# Create an asynchronous dispatcher and register a callback method to handle incoming traps
transportDispatcher = AsynsockDispatcher()
transportDispatcher.registerRecvCbFun(self._trap_catcher)
# UDP/IPv4
transportDispatcher.registerTransport(
udp.domainName,
udp.UdpSocketTransport().openServerMode(
(self._bind_ip, self._bind_port)))
# UDP/IPv6
transportDispatcher.registerTransport(
udp6.domainName,
udp6.Udp6SocketTransport().openServerMode(
('::1', self._bind_port)))
transportDispatcher.jobStarted(1)
try:
# Dispatcher will never finish as job #1 never reaches zero
transportDispatcher.runDispatcher()
except Exception as ae:
self._log_debug("Exception: %r" % ae)
transportDispatcher.closeDispatcher()
self._log_debug("Finished processing, restarting SNMP listener")
# Reset debug mode if persistence is not enabled
self._disable_debug_if_persist_false()
# Schedule the next time to run thread
self._scheduler.enter(10, self._priority, self.run, ())
# Could not bind to IP:port, log it and exit out module
except Exception as ae:
self._log_debug(
"Unable to process SNMP traps from this node, closing module.")
self._log_debug(
f"SNMP Traps sensor attempted to bind to {self._bind_ip}:{self._bind_port}"
)
def run(self):
transport_dispatcher = AsynsockDispatcher()
transport_dispatcher.registerRecvCbFun(self._callback)
transport_dispatcher.registerTransport(
udp.domainName,
udp.UdpSocketTransport().openServerMode((self.address, self.port)))
transport_dispatcher.jobStarted(1)
try:
transport_dispatcher.runDispatcher()
except Exception as exc:
transport_dispatcher.closeDispatcher()
raise exc
def snmp_trap_receiver(ifname, port=162):
if_ip = get_ip_address(ifname)
transportDispatcher = AsynsockDispatcher()
transportDispatcher.registerRecvCbFun(cbFun)
transportDispatcher.registerTransport(
udp.domainName,
udp.UdpSocketTransport().openServerMode((if_ip, port)))
transportDispatcher.jobStarted(1)
print('SNMP Trap Receiver Started!!!')
try:
transportDispatcher.runDispatcher()
except:
transportDispatcher.closeDispatcher()
raise
def sent_snmp_trap(product, level, regionId, instanceName, name):
# Protocol version to use
verID = api.protoVersion2c
pMod = api.protoModules[verID]
# Build PDU
trapPDU = pMod.TrapPDU()
pMod.apiTrapPDU.setDefaults(trapPDU)
# Traps have quite different semantics among proto versions
if verID == api.protoVersion2c:
var = []
oid = (1, 3, 6, 1, 4, 1, 12149, 1)
val = pMod.OctetString('product:%s' % product)
var.append((oid, val))
oid = (1, 3, 6, 1, 4, 1, 12149, 2)
val = pMod.OctetString('level:%s' % level)
var.append((oid, val))
oid = (1, 3, 6, 1, 4, 1, 12149, 3)
val = pMod.OctetString('regionId:%s' % regionId)
var.append((oid, val))
oid = (1, 3, 6, 1, 4, 1, 12149, 4)
val = pMod.OctetString('instanceName:%s' % instanceName)
var.append((oid, val))
oid = (1, 3, 6, 1, 4, 1, 12149, 5)
val = pMod.OctetString('name:%s' % name)
var.append((oid, val))
pMod.apiTrapPDU.setVarBinds(trapPDU, var)
print(var)
save_log(str(var))
# Build message
trapMsg = pMod.Message()
pMod.apiMessage.setDefaults(trapMsg)
pMod.apiMessage.setCommunity(trapMsg, 'public')
pMod.apiMessage.setPDU(trapMsg, trapPDU)
transportDispatcher = AsynsockDispatcher()
transportDispatcher.registerTransport(
udp.domainName,
udp.UdpSocketTransport().openClientMode())
transportDispatcher.sendMessage(encoder.encode(trapMsg), udp.domainName,
('localhost', 162))
transportDispatcher.runDispatcher()
transportDispatcher.closeDispatcher()
def __init__(self):
self.log.info("started (org)")
# Use the default thread transaction manager.
try:
self.transaction_manager = transaction.manager
self.interaction = ParanoidSecurityPolicy(SystemSnmpdParticipation())
self.transportDispatcher = AsynsockDispatcher()
self.transportDispatcher.registerTransport(
# udp.domainName, udp.UdpSocketTransport().openServerMode(('localhost', 162))
udp.domainName, udp.UdpSocketTransport().openServerMode(('', 11162))
)
self.transportDispatcher.registerRecvCbFun(self.cbFun)
self.transportDispatcher.jobStarted(1) # this job would never finish
except:
# TODO: don't do this
pass
threading.Thread.__init__(self)
def main():
'main program function'
if os.path.isfile(CONFIG_FILE):
filename = CONFIG_FILE
elif os.path.isfile('/config/{0}'.format(CONFIG_FILE)):
filename = '/config/{0}'.format(CONFIG_FILE)
else:
print 'Error: cannot find configuration file', CONFIG_FILE
return
processConfig(filename)
transportDispatcher = AsynsockDispatcher()
transportDispatcher.registerRecvCbFun(cbFun)
# UDP/IPv4
if gArgs.virtual_router:
lookupVR(gArgs.virtual_router)
# During startup, the IP address may not be ready yet. So we try a few times
for retry in range(30):
try:
transportDispatcher.registerTransport(
udp.domainName,
udp.UdpSocketTransport().openServerMode(
(gArgs.ip_address, 162)))
break
except Exception:
time.sleep(5)
# UDP/IPv6
transportDispatcher.registerTransport(
udp6.domainName,
udp6.Udp6SocketTransport().openServerMode(('::1', 162)))
transportDispatcher.jobStarted(1)
try:
# Dispatcher will never finish as job#1 never reaches zero
transportDispatcher.runDispatcher()
except Exception:
transportDispatcher.closeDispatcher()
raise
def notif_Receiver():
def cbFun(transportDispatcher, transportDomain, transportAddress,
wholeMsg):
transportDispatcher.jobFinished(1)
return
transportDispatcher = AsynsockDispatcher()
transportDispatcher.registerRecvCbFun(cbFun)
transportDispatcher.registerTransport(
udp.domainName,
udp.UdpSocketTransport().openServerMode((raspberry_ip, 1162)))
transportDispatcher.jobStarted(1)
try:
transportDispatcher.runDispatcher()
except:
transportDispatcher.closeDispatcher()
raise
return
def snmp_trap_receiver(ifname, port=162):
if_ip = get_ip_address(ifname)
transportDispatcher = AsynsockDispatcher() # 创建实例
transportDispatcher.registerRecvCbFun(cbFun) # 调用处理Trap信息的函数
# UDP/IPv4
transportDispatcher.registerTransport(
udp.domainName, udp.UdpSocketTransport().openServerMode((if_ip, port)) # 绑定到本地地址与UDP/162号端口
)
transportDispatcher.jobStarted(1) # 开始工作
print("SNMP Trap Receiver Started!!!")
try:
# Dispatcher will never finish as job#1 never reaches zero
transportDispatcher.runDispatcher() # 运行
except:
transportDispatcher.closeDispatcher()
raise
def _trap_receiver(trap_filter, host, port, timeout):
started = time.time()
def _trap_timer_cb(now):
if now - started > timeout:
raise AssertionError('No matching trap received in %s.' %
robot.utils.secs_to_timestr(timeout))
def _trap_receiver_cb(transport, domain, sock, msg):
if decodeMessageVersion(msg) != protoVersion2c:
raise RuntimeError('Only SNMP v2c traps are supported.')
req, msg = decoder.decode(msg, asn1Spec=v2c.Message())
pdu = v2c.apiMessage.getPDU(req)
# ignore any non trap PDUs
if not pdu.isSameTypeWith(v2c.TrapPDU()):
return
if trap_filter(domain, sock, pdu):
raise StopListener()
# Stop the receiver if the trap we are looking for was received.
if False:
raise StopListener()
dispatcher = AsynsockDispatcher()
dispatcher.registerRecvCbFun(_trap_receiver_cb)
dispatcher.registerTimerCbFun(_trap_timer_cb)
transport = udp.UdpSocketTransport().openServerMode((host, port))
dispatcher.registerTransport(udp.domainName, transport)
# we'll never finish, except through an exception
dispatcher.jobStarted(1)
try:
dispatcher.runDispatcher()
except StopListener:
pass
finally:
dispatcher.closeDispatcher()
def run(self):
transportDispatcher = AsynsockDispatcher()
transportDispatcher.registerRecvCbFun(trapCallback)
if self.ipv6:
transport = udp.Udp6SocketTransport()
domainName = udp6.domainName
else:
transport = udp.UdpSocketTransport()
domainName = udp.domainName
try:
transportDispatcher.registerTransport(domainName, transport.openServerMode((self.host, self.port)))
transportDispatcher.jobStarted(1)
# Dispatcher will never finish as job#1 never reaches zero
transportDispatcher.runDispatcher()
except: # catch *all* exceptions
e = sys.exc_info()[1]
transportDispatcher.closeDispatcher()
logging.error("Failed to register transport and run dispatcher: %s" % str(e))
sys.exit(1)
def start(self):
transportDispatcher = AsynsockDispatcher()
transportDispatcher.registerRecvCbFun(self._event_handle)
if self.ipv4_addr:
transportDispatcher.registerTransport(
udp.domainName,
udp.UdpSocketTransport().openServerMode(
(str(self.ipv4_addr), self.port)))
if self.ipv6_addr:
transportDispatcher.registerTransport(
udp6.domainName,
udp6.Udp6SocketTransport().openServerMode(
(str(self.ipv6_addr), self.port)))
transportDispatcher.jobStarted(1)
try:
# Dispatcher will never finish as job#1 never reaches zero
transportDispatcher.runDispatcher()
except:
transportDispatcher.closeDispatcher()
raise
def snmp_msg_send():
try:
verID = api.protoVersion2c
pMod = api.protoModules[verID]
trapPDU = pMod.TrapPDU()
pMod.apiTrapPDU.setDefaults(trapPDU)
now_time = datetime.now().strftime('%Y-%m-%d %H:%M:%S')
# Traps have quite different semantics among proto versions
if verID == api.protoVersion2c:
var = []
oid = (1, 3, 6, 1, 4, 1, 3902, 2, 2, 4)
val = pMod.OctetString("2001")
var.append((oid, val))
oid = (1, 3, 6, 1, 4, 1, 3902, 2, 2, 5)
val = pMod.OctetString("60")
var.append((oid, val))
oid = (1, 3, 6, 1, 4, 1, 3902, 2, 2, 6)
val = pMod.OctetString(now_time)
var.append((oid, val))
pMod.apiTrapPDU.setVarBinds(trapPDU, var)
trapMsg = pMod.Message()
pMod.apiMessage.setDefaults(trapMsg)
pMod.apiMessage.setCommunity(trapMsg, 'Beijing JiaoTong University')
pMod.apiMessage.setPDU(trapMsg, trapPDU)
transportDispatcher = AsynsockDispatcher()
transportDispatcher.registerTransport(
udp.domainName,
udp.UdpSocketTransport().openClientMode())
transportDispatcher.sendMessage(encoder.encode(trapMsg),
udp.domainName,
(ntp_ip2, 162)) # 为对应trapserver的IP地址。
transportDispatcher.runDispatcher()
transportDispatcher.closeDispatcher()
except:
logging.debug('snmp send fail!')
print('snmp send fail')
def main():
signal.signal(signal.SIGINT, signal_handler)
signal.signal(signal.SIGTERM, signal_handler)
# global
global myamqp, transportDispatcher
# Connect to amqp bus
logger.debug("Start AMQP ...")
myamqp = camqp()
logger.info("Load all MIBs ...")
for oid in snmp2amqp_conf.mibs.keys():
mibs[oid] = mib(snmp2amqp_conf.mibs[oid])
logger.info("Init SNMP listenner ...")
transportDispatcher = AsynsockDispatcher()
transportDispatcher.registerTransport(
udp.domainName,
udp.UdpSocketTransport().openServerMode(
(snmp2amqp_conf.interface, snmp2amqp_conf.port)))
transportDispatcher.registerRecvCbFun(cbFun)
transportDispatcher.jobStarted(1) # this job would never finish
## set euid of process
os.setuid(getpwnam('canopsis')[2])
myamqp.start()
logger.info("Wait SNMP traps ...")
try:
transportDispatcher.runDispatcher()
except Exception, err:
## Impossible to stop transportDispatcher properly ...
logger.error(err)
pass
def threadFunction(self):
self.transportDispatcher = AsynsockDispatcher()
self.transportDispatcher.registerRecvCbFun(onTrap)
# UDP/IPv4
self.transportDispatcher.registerTransport(
udp.domainName,
udp.UdpSocketTransport().openServerMode((self.target, self.port)))
self.transportDispatcher.jobStarted(1)
try:
# Dispatcher will never finish as job#1 never reaches zero
self.transportDispatcher.runDispatcher()
except Exception as exc:
logger.error("Encounted error '%s' on trap receiver %s:%d" %
(exc, self.target, self.port))
self.transportDispatcher.closeDispatcher()
raise TrapDaemonError(
"Trap receiver %s:%d" % (self.target, self.port), exc)
else:
self.transportDispatcher.closeDispatcher()
while wholeMsg:
rspMsg, wholeMsg = decoder.decode(wholeMsg, asn1Spec=pMod.Message())
rspPDU = pMod.apiMessage.getPDU(rspMsg)
# Match response to request
if pMod.apiPDU.getRequestID(reqPDU)==pMod.apiPDU.getRequestID(rspPDU):
# Check for SNMP errors reported
errorStatus = pMod.apiPDU.getErrorStatus(rspPDU)
if errorStatus:
print(errorStatus.prettyPrint())
else:
for oid, val in pMod.apiPDU.getVarBinds(rspPDU):
print('%s = %s' % (oid.prettyPrint(), val.prettyPrint()))
transportDispatcher.jobFinished(1)
return wholeMsg
transportDispatcher = AsynsockDispatcher()
transportDispatcher.registerRecvCbFun(cbRecvFun)
transportDispatcher.registerTimerCbFun(cbTimerFun)
# UDP/IPv4
transportDispatcher.registerTransport(
udp.domainName, udp.UdpSocketTransport().openClientMode()
)
# Pass message to dispatcher
transportDispatcher.sendMessage(
encoder.encode(reqMsg), udp.domainName, ('192.168.22.241', 161)
)
transportDispatcher.jobStarted(1)
def start_trap(self, pattern_end_trap, time_end_trap,
timeout, port, queue):
"""
:param pattern_end_trap
**OPTION** the pattern you are looking for in the trap to
stop trap. If not defined, trap will be stopped after
timeout value
:param time_end_trap
**OPTION** the time for running trap. Default: 30
:param timeout
**OPTION** the timeout for snmp trap. Default: 300.
:param port
**OPTION** the port of snmp trap.
:return:
"""
t.log("DEBUG", "Entering 'start_trap'\n"+__file__)
import warnings
warnings.simplefilter("ignore", ResourceWarning)
startedat = time.time()
#global results
global RESPONSE
RESPONSE = ''
def cbfun(transportdispatcher, transportdomain, transportaddress,
wholemsg):
t.log("DEBUG", "Entering 'cbfun'\n"+__file__)
#global results
global RESPONSE
while wholemsg:
msgver = int(api.decodeMessageVersion(wholemsg))
if msgver in api.protoModules:
pmod = api.protoModules[msgver]
else:
RESPONSE += 'Unsupported SNMP version %s' % msgver
return
reqmsg, wholemsg = decoder.decode(
wholemsg, asn1Spec=pmod.Message(),
)
RESPONSE += 'Notification message from %s:%s: \n' % (
transportdomain, transportaddress
)
reqpdu = pmod.apiMessage.getPDU(reqmsg)
if msgver == api.protoVersion1:
varbinds = pmod.apiTrapPDU.getVarBindList(reqpdu)
RESPONSE += 'Var-binds: \n'
for oid, val in varbinds:
RESPONSE += '%s = %s \n' % (oid.prettyPrint(),
val.prettyPrint())
if pattern_end_trap and re.search(pattern_end_trap,
RESPONSE, re.I):
transportdispatcher.jobFinished(1)
RESPONSE += "Stopped trap \n"
RESPONSE += 'Enterprise: %s \n' % (
pmod.apiTrapPDU.getEnterprise(reqpdu).prettyPrint()
)
RESPONSE += 'Agent Address: %s \n' % (
pmod.apiTrapPDU.getAgentAddr(reqpdu).prettyPrint()
)
RESPONSE += 'Generic Trap: %s \n' % (
pmod.apiTrapPDU.getGenericTrap(
reqpdu).prettyPrint())
RESPONSE += 'Specific Trap: %s \n' % (
pmod.apiTrapPDU.getSpecificTrap(
reqpdu).prettyPrint()
)
RESPONSE += 'Uptime: %s \n' % (
pmod.apiTrapPDU.getTimeStamp(
reqpdu).prettyPrint()
)
else:
varbinds = pmod.apiPDU.getVarBindList(reqpdu)
def cbtimerfun(timenow):
t.log("DEBUG", "Entering 'cbtimerfun'\n"+__file__)
#global results
global RESPONSE
if time_end_trap is not None:
if timenow - startedat >= time_end_trap:
transportdispatcher.jobFinished(1)
RESPONSE += "Stopped trap \n"
if timenow - startedat >= timeout:
t.log(level="DEBUG", message="Request timed out \n")
raise Exception("Request timed out \n")
transportdispatcher = AsynsockDispatcher()
transportdispatcher.registerRecvCbFun(cbfun)
transportdispatcher.registerTimerCbFun(cbtimerfun)
# UDP/IPv4
transportdispatcher.registerTransport(
udp.domainName, udp.UdpSocketTransport().openServerMode(
(self.trap_server_v4, port))
)
# UDP/IPv6
transportdispatcher.registerTransport(
udp6.domainName, udp6.Udp6SocketTransport().openServerMode(
(self.trap_server_v6, port))
)
transportdispatcher.jobStarted(1)
try:
# Dispatcher will never finish as job#1 never reaches zero
transportdispatcher.runDispatcher()
except:
transportdispatcher.closeDispatcher()
queue.put(RESPONSE)
t.log(level="DEBUG", message="Exiting 'start_trap' with return value/code :\n")
return
def __init__(self, address):
threading.Thread.__init__(self)
self._address = address
self._transportDispatcher = AsynsockDispatcher()
self._transportDispatcher.registerRecvCbFun(self.onSnmpMessage)
'''
Created on 2012-9-9
@author: zongzong
'''
# Notification Originator Application (TRAP)
from pysnmp.carrier.asynsock.dispatch import AsynsockDispatcher
from pysnmp.carrier.asynsock.dgram import udp
from pyasn1.codec.ber import encoder
from pysnmp.proto import api
# Protocol version to use
verID = api.protoVersion1
pMod = api.protoModules[verID]
# Build PDU
trapPDU = pMod.TrapPDU()
pMod.apiTrapPDU.setDefaults(trapPDU)
# Traps have quite different semantics among proto versions
if verID == api.protoVersion1:
pMod.apiTrapPDU.setEnterprise(trapPDU, (1, 3, 6, 1, 6, 3, 1, 1, 5, 1))
pMod.apiTrapPDU.setGenericTrap(trapPDU, 'coldStart')
# Build message
trapMsg = pMod.Message()
pMod.apiMessage.setDefaults(trapMsg)
pMod.apiMessage.setCommunity(trapMsg, 'public')
pMod.apiMessage.setPDU(trapMsg, trapPDU)
transportDispatcher = AsynsockDispatcher()
transportDispatcher.registerTransport(
udp.domainName,
udp.UdpSocketTransport().openClientMode())
transportDispatcher.sendMessage(encoder.encode(trapMsg), udp.domainName,
('10.8.80.108', 162))
def main():
class CommandResponder(cmdrsp.CommandResponderBase):
pduTypes = (rfc1905.SetRequestPDU.tagSet, rfc1905.GetRequestPDU.tagSet,
rfc1905.GetNextRequestPDU.tagSet,
rfc1905.GetBulkRequestPDU.tagSet)
def handleMgmtOperation(self, snmpEngine, stateReference, contextName,
pdu, acInfo):
trunkReq = gCurrentRequestContext.copy()
trunkReq['snmp-pdu'] = pdu
pluginIdList = trunkReq['plugins-list']
logCtx = LogString(trunkReq)
reqCtx = {}
for pluginNum, pluginId in enumerate(pluginIdList):
st, pdu = pluginManager.processCommandRequest(
pluginId, snmpEngine, pdu, trunkReq, reqCtx)
if st == status.BREAK:
log.debug('plugin %s inhibits other plugins' % pluginId,
ctx=logCtx)
pluginIdList = pluginIdList[:pluginNum]
break
elif st == status.DROP:
log.debug(
'received SNMP message, plugin %s muted request' %
pluginId,
ctx=logCtx)
self.releaseStateInformation(stateReference)
return
elif st == status.RESPOND:
log.debug(
'received SNMP message, plugin %s forced immediate response'
% pluginId,
ctx=logCtx)
try:
self.sendPdu(snmpEngine, stateReference, pdu)
except PySnmpError:
log.error('failure sending SNMP response', ctx=logCtx)
else:
self.releaseStateInformation(stateReference)
return
# pass query to trunk
trunkIdList = trunkReq['trunk-id-list']
if trunkIdList is None:
log.error('no route configured', ctx=logCtx)
self.releaseStateInformation(stateReference)
return
for trunkId in trunkIdList:
cbCtx = pluginIdList, trunkId, trunkReq, snmpEngine, stateReference, reqCtx
try:
msgId = trunkingManager.sendReq(trunkId, trunkReq,
self.trunkCbFun, cbCtx)
except SnmpfwdError:
log.error(
'received SNMP message, message not sent to trunk "%s"'
% sys.exc_info()[1],
ctx=logCtx)
return
log.debug(
'received SNMP message, forwarded as trunk message #%s' %
msgId,
ctx=logCtx)
def trunkCbFun(self, msgId, trunkRsp, cbCtx):
pluginIdList, trunkId, trunkReq, snmpEngine, stateReference, reqCtx = cbCtx
for key in tuple(trunkRsp):
if key != 'callflow-id':
trunkRsp['client-' + key] = trunkRsp[key]
del trunkRsp[key]
trunkRsp['callflow-id'] = trunkReq['callflow-id']
logCtx = LogString(trunkRsp)
if trunkRsp['client-error-indication']:
log.info(
'received trunk message #%s, remote end reported error-indication "%s", NOT responding'
% (msgId, trunkRsp['client-error-indication']),
ctx=logCtx)
elif 'client-snmp-pdu' not in trunkRsp:
log.info(
'received trunk message #%s, remote end does not send SNMP PDU, NOT responding'
% msgId,
ctx=logCtx)
else:
pdu = trunkRsp['client-snmp-pdu']
for pluginId in pluginIdList:
st, pdu = pluginManager.processCommandResponse(
pluginId, snmpEngine, pdu, trunkReq, reqCtx)
if st == status.BREAK:
log.debug('plugin %s inhibits other plugins' %
pluginId,
ctx=logCtx)
break
elif st == status.DROP:
log.debug('plugin %s muted response' % pluginId,
ctx=logCtx)
self.releaseStateInformation(stateReference)
return
try:
self.sendPdu(snmpEngine, stateReference, pdu)
except PySnmpError:
log.error('failure sending SNMP response', ctx=logCtx)
else:
log.debug(
'received trunk message #%s, forwarded as SNMP message'
% msgId,
ctx=logCtx)
self.releaseStateInformation(stateReference)
#
# SNMPv3 NotificationReceiver implementation
#
class NotificationReceiver(ntfrcv.NotificationReceiver):
pduTypes = (rfc1157.TrapPDU.tagSet, rfc1905.SNMPv2TrapPDU.tagSet)
def processPdu(self, snmpEngine, messageProcessingModel, securityModel,
securityName, securityLevel, contextEngineId,
contextName, pduVersion, pdu, maxSizeResponseScopedPDU,
stateReference):
trunkReq = gCurrentRequestContext.copy()
if messageProcessingModel == 0:
pdu = rfc2576.v1ToV2(pdu)
# TODO: why this is not automatic?
v2c.apiTrapPDU.setDefaults(pdu)
trunkReq['snmp-pdu'] = pdu
pluginIdList = trunkReq['plugins-list']
logCtx = LogString(trunkReq)
reqCtx = {}
for pluginNum, pluginId in enumerate(pluginIdList):
st, pdu = pluginManager.processNotificationRequest(
pluginId, snmpEngine, pdu, trunkReq, reqCtx)
if st == status.BREAK:
log.debug('plugin %s inhibits other plugins' % pluginId,
ctx=logCtx)
pluginIdList = pluginIdList[:pluginNum]
break
elif st == status.DROP:
log.debug('plugin %s muted request' % pluginId, ctx=logCtx)
return
elif st == status.RESPOND:
log.debug('plugin %s NOT forced immediate response' %
pluginId,
ctx=logCtx)
# TODO: implement immediate response for confirmed-class PDU
return
# pass query to trunk
trunkIdList = trunkReq['trunk-id-list']
if trunkIdList is None:
log.error('no route configured', ctx=logCtx)
return
for trunkId in trunkIdList:
# TODO: pass messageProcessingModel to respond
cbCtx = pluginIdList, trunkId, trunkReq, snmpEngine, stateReference, reqCtx
try:
msgId = trunkingManager.sendReq(trunkId, trunkReq,
self.trunkCbFun, cbCtx)
except SnmpfwdError:
log.error(
'received SNMP message, message not sent to trunk "%s" %s'
% (trunkId, sys.exc_info()[1]),
ctx=logCtx)
return
log.debug(
'received SNMP message, forwarded as trunk message #%s' %
msgId,
ctx=logCtx)
def trunkCbFun(self, msgId, trunkRsp, cbCtx):
pluginIdList, trunkId, trunkReq, snmpEngine, stateReference, reqCtx = cbCtx
for key in tuple(trunkRsp):
if key != 'callflow-id':
trunkRsp['client-' + key] = trunkRsp[key]
del trunkRsp[key]
trunkRsp['callflow-id'] = trunkReq['callflow-id']
logCtx = LazyLogString(trunkReq, trunkRsp)
if trunkRsp['client-error-indication']:
log.info(
'received trunk message #%s, remote end reported error-indication "%s", NOT responding'
% (msgId, trunkRsp['client-error-indication']),
ctx=logCtx)
else:
if 'client-snmp-pdu' not in trunkRsp:
log.debug(
'received trunk message #%s -- unconfirmed SNMP message'
% msgId,
ctx=logCtx)
return
pdu = trunkRsp['client-snmp-pdu']
for pluginId in pluginIdList:
st, pdu = pluginManager.processNotificationResponse(
pluginId, snmpEngine, pdu, trunkReq, reqCtx)
if st == status.BREAK:
log.debug('plugin %s inhibits other plugins' %
pluginId,
ctx=logCtx)
break
elif st == status.DROP:
log.debug(
'received trunk message #%s, plugin %s muted response'
% (msgId, pluginId),
ctx=logCtx)
return
log.debug(
'received trunk message #%s, forwarded as SNMP message' %
msgId,
ctx=logCtx)
# TODO: implement response part
# # Agent-side API complies with SMIv2
# if messageProcessingModel == 0:
# PDU = rfc2576.v2ToV1(PDU, origPdu)
#
# statusInformation = {}
#
# # 3.4.3
# try:
# snmpEngine.msgAndPduDsp.returnResponsePdu(
# snmpEngine, messageProcessingModel, securityModel,
# securityName, securityLevel, contextEngineId,
# contextName, pduVersion, rspPDU, maxSizeResponseScopedPDU,
# stateReference, statusInformation)
#
# except error.StatusInformation:
# log.error('processPdu: stateReference %s, statusInformation %s' % (stateReference, sys.exc_info()[1]))
class LogString(LazyLogString):
GROUPINGS = [
['callflow-id'],
[
'snmp-engine-id', 'snmp-transport-domain', 'snmp-bind-address',
'snmp-bind-port', 'snmp-security-model', 'snmp-security-level',
'snmp-security-name', 'snmp-credentials-id'
],
['snmp-context-engine-id', 'snmp-context-name', 'snmp-context-id'],
['snmp-pdu', 'snmp-content-id'],
['snmp-peer-address', 'snmp-peer-port', 'snmp-peer-id'],
['trunk-id'],
['client-snmp-pdu'],
]
FORMATTERS = {
'client-snmp-pdu': LazyLogString.prettyVarBinds,
'snmp-pdu': LazyLogString.prettyVarBinds,
}
def securityAuditObserver(snmpEngine, execpoint, variables, cbCtx):
securityModel = variables.get('securityModel', 0)
logMsg = 'SNMPv%s auth failure' % securityModel
logMsg += ' at %s:%s' % variables['transportAddress'].getLocalAddress()
logMsg += ' from %s:%s' % variables['transportAddress']
statusInformation = variables.get('statusInformation', {})
if securityModel in (1, 2):
logMsg += ' using snmp-community-name "%s"' % statusInformation.get(
'communityName', '?')
elif securityModel == 3:
logMsg += ' using snmp-usm-user "%s"' % statusInformation.get(
'msgUserName', '?')
try:
logMsg += ': %s' % statusInformation['errorIndication']
except KeyError:
pass
log.error(logMsg)
def requestObserver(snmpEngine, execpoint, variables, cbCtx):
trunkReq = {
'callflow-id': '%10.10x' % random.randint(0, 0xffffffffff),
'snmp-engine-id': snmpEngine.snmpEngineID,
'snmp-transport-domain': variables['transportDomain'],
'snmp-peer-address': variables['transportAddress'][0],
'snmp-peer-port': variables['transportAddress'][1],
'snmp-bind-address':
variables['transportAddress'].getLocalAddress()[0],
'snmp-bind-port':
variables['transportAddress'].getLocalAddress()[1],
'snmp-security-model': variables['securityModel'],
'snmp-security-level': variables['securityLevel'],
'snmp-security-name': variables['securityName'],
'snmp-context-engine-id': variables['contextEngineId'],
'snmp-context-name': variables['contextName'],
}
trunkReq['snmp-credentials-id'] = macro.expandMacro(
credIdMap.get(
(str(snmpEngine.snmpEngineID), variables['transportDomain'],
variables['securityModel'], variables['securityLevel'],
str(variables['securityName']))), trunkReq)
k = '#'.join([
str(x)
for x in (variables['contextEngineId'], variables['contextName'])
])
for x, y in contextIdList:
if y.match(k):
trunkReq['snmp-context-id'] = macro.expandMacro(x, trunkReq)
break
else:
trunkReq['snmp-context-id'] = None
addr = '%s:%s#%s:%s' % (
variables['transportAddress'][0], variables['transportAddress'][1],
variables['transportAddress'].getLocalAddress()[0],
variables['transportAddress'].getLocalAddress()[1])
for pat, peerId in peerIdMap.get(str(variables['transportDomain']),
()):
if pat.match(addr):
trunkReq['snmp-peer-id'] = macro.expandMacro(peerId, trunkReq)
break
else:
trunkReq['snmp-peer-id'] = None
pdu = variables['pdu']
if pdu.tagSet == v1.TrapPDU.tagSet:
pdu = rfc2576.v1ToV2(pdu)
v2c.apiTrapPDU.setDefaults(pdu)
k = '#'.join([
snmpPduTypesMap.get(variables['pdu'].tagSet, '?'),
'|'.join([str(x[0]) for x in v2c.apiTrapPDU.getVarBinds(pdu)])
])
for x, y in contentIdList:
if y.match(k):
trunkReq['snmp-content-id'] = macro.expandMacro(x, trunkReq)
break
else:
trunkReq['snmp-content-id'] = None
trunkReq['plugins-list'] = pluginIdMap.get(
(trunkReq['snmp-credentials-id'], trunkReq['snmp-context-id'],
trunkReq['snmp-peer-id'], trunkReq['snmp-content-id']), [])
trunkReq['trunk-id-list'] = trunkIdMap.get(
(trunkReq['snmp-credentials-id'], trunkReq['snmp-context-id'],
trunkReq['snmp-peer-id'], trunkReq['snmp-content-id']))
cbCtx.clear()
cbCtx.update(trunkReq)
#
# main script starts here
#
helpMessage = """\
Usage: %s [--help]
[--version ]
[--debug-snmp=<%s>]
[--debug-asn1=<%s>]
[--daemonize]
[--process-user=<uname>] [--process-group=<gname>]
[--pid-file=<file>]
[--logging-method=<%s[:args>]>]
[--log-level=<%s>]
[--config-file=<file>]""" % (sys.argv[0], '|'.join([
x for x in pysnmp_debug.flagMap.keys() if x != 'mibview'
]), '|'.join([x for x in pyasn1_debug.flagMap.keys()]), '|'.join(
log.methodsMap.keys()), '|'.join(log.levelsMap))
try:
opts, params = getopt.getopt(sys.argv[1:], 'hv', [
'help', 'version', 'debug=', 'debug-snmp=', 'debug-asn1=',
'daemonize', 'process-user='******'process-group=', 'pid-file=',
'logging-method=', 'log-level=', 'config-file='
])
except Exception:
sys.stderr.write('ERROR: %s\r\n%s\r\n' %
(sys.exc_info()[1], helpMessage))
return
if params:
sys.stderr.write('ERROR: extra arguments supplied %s\r\n%s\r\n' %
(params, helpMessage))
return
pidFile = ''
cfgFile = CONFIG_FILE
foregroundFlag = True
procUser = procGroup = None
loggingMethod = ['stderr']
loggingLevel = None
for opt in opts:
if opt[0] == '-h' or opt[0] == '--help':
sys.stderr.write("""\
Synopsis:
SNMP Proxy Forwarder: server part. Receives SNMP requests at one or many
built-in SNMP Agents and routes them to encrypted trunks established with
Forwarder's Manager part(s) running elsewhere.
Can implement complex routing logic through analyzing parts of SNMP messages
and matching them against proxying rules.
Documentation:
http://snmpfwd.sourceforge.io/
%s
""" % helpMessage)
return
if opt[0] == '-v' or opt[0] == '--version':
import snmpfwd
import pysnmp
import pyasn1
sys.stderr.write("""\
SNMP Proxy Forwarder version %s, written by Ilya Etingof <*****@*****.**>
Using foundation libraries: pysnmp %s, pyasn1 %s.
Python interpreter: %s
Software documentation and support at https://github.com/etingof/snmpfwd
%s
""" % (snmpfwd.__version__, hasattr(pysnmp, '__version__')
and pysnmp.__version__ or 'unknown',
hasattr(pyasn1, '__version__') and pyasn1.__version__
or 'unknown', sys.version, helpMessage))
return
elif opt[0] == '--debug-snmp':
pysnmp_debug.setLogger(
pysnmp_debug.Debug(*opt[1].split(','),
**dict(loggerName=PROGRAM_NAME +
'.pysnmp')))
elif opt[0] == '--debug-asn1':
pyasn1_debug.setLogger(
pyasn1_debug.Debug(*opt[1].split(','),
**dict(loggerName=PROGRAM_NAME +
'.pyasn1')))
elif opt[0] == '--daemonize':
foregroundFlag = False
elif opt[0] == '--process-user':
procUser = opt[1]
elif opt[0] == '--process-group':
procGroup = opt[1]
elif opt[0] == '--pid-file':
pidFile = opt[1]
elif opt[0] == '--logging-method':
loggingMethod = opt[1].split(':')
elif opt[0] == '--log-level':
loggingLevel = opt[1]
elif opt[0] == '--config-file':
cfgFile = opt[1]
try:
log.setLogger(PROGRAM_NAME, *loggingMethod, **dict(force=True))
if loggingLevel:
log.setLevel(loggingLevel)
except SnmpfwdError:
sys.stderr.write('%s\r\n%s\r\n' % (sys.exc_info()[1], helpMessage))
return
try:
cfgTree = cparser.Config().load(cfgFile)
except SnmpfwdError:
log.error('configuration parsing error: %s' % sys.exc_info()[1])
return
if cfgTree.getAttrValue('program-name', '', default=None) != PROGRAM_NAME:
log.error('config file %s does not match program name %s' %
(cfgFile, PROGRAM_NAME))
return
if cfgTree.getAttrValue('config-version', '',
default=None) != CONFIG_VERSION:
log.error(
'config file %s version is not compatible with program version %s'
% (cfgFile, CONFIG_VERSION))
return
random.seed()
gCurrentRequestContext = {}
credIdMap = {}
peerIdMap = {}
contextIdList = []
contentIdList = []
pluginIdMap = {}
trunkIdMap = {}
engineIdMap = {}
transportDispatcher = AsynsockDispatcher()
transportDispatcher.registerRoutingCbFun(lambda td, t, d: td)
transportDispatcher.setSocketMap() # use global asyncore socket map
#
# Initialize plugin modules
#
pluginManager = PluginManager(macro.expandMacros(
cfgTree.getAttrValue('plugin-modules-path-list',
'',
default=[],
vector=True),
{'config-dir': os.path.dirname(cfgFile)}),
progId=PROGRAM_NAME,
apiVer=PLUGIN_API_VERSION)
for pluginCfgPath in cfgTree.getPathsToAttr('plugin-id'):
pluginId = cfgTree.getAttrValue('plugin-id', *pluginCfgPath)
pluginMod = cfgTree.getAttrValue('plugin-module', *pluginCfgPath)
pluginOptions = macro.expandMacros(
cfgTree.getAttrValue('plugin-options', *pluginCfgPath,
**dict(default=[], vector=True)),
{'config-dir': os.path.dirname(cfgFile)})
log.info(
'configuring plugin ID %s (at %s) from module %s with options %s...'
% (pluginId, '.'.join(pluginCfgPath), pluginMod,
', '.join(pluginOptions) or '<none>'))
try:
pluginManager.loadPlugin(pluginId, pluginMod, pluginOptions)
except SnmpfwdError:
log.error('plugin %s not loaded: %s' %
(pluginId, sys.exc_info()[1]))
return
for configEntryPath in cfgTree.getPathsToAttr('snmp-credentials-id'):
credId = cfgTree.getAttrValue('snmp-credentials-id', *configEntryPath)
configKey = []
log.info('configuring snmp-credentials %s (at %s)...' %
(credId, '.'.join(configEntryPath)))
engineId = cfgTree.getAttrValue('snmp-engine-id', *configEntryPath)
if engineId in engineIdMap:
snmpEngine, snmpContext, snmpEngineMap = engineIdMap[engineId]
log.info('using engine-id %s' %
snmpEngine.snmpEngineID.prettyPrint())
else:
snmpEngine = engine.SnmpEngine(snmpEngineID=engineId)
snmpContext = context.SnmpContext(snmpEngine)
snmpEngineMap = {'transportDomain': {}, 'securityName': {}}
snmpEngine.observer.registerObserver(
securityAuditObserver,
'rfc2576.prepareDataElements:sm-failure',
'rfc3412.prepareDataElements:sm-failure',
cbCtx=gCurrentRequestContext)
snmpEngine.observer.registerObserver(
requestObserver,
'rfc3412.receiveMessage:request',
cbCtx=gCurrentRequestContext)
CommandResponder(snmpEngine, snmpContext)
NotificationReceiver(snmpEngine, None)
engineIdMap[engineId] = snmpEngine, snmpContext, snmpEngineMap
log.info('new engine-id %s' %
snmpEngine.snmpEngineID.prettyPrint())
configKey.append(str(snmpEngine.snmpEngineID))
transportDomain = cfgTree.getAttrValue('snmp-transport-domain',
*configEntryPath)
transportDomain = rfc1902.ObjectName(transportDomain)
if transportDomain in snmpEngineMap['transportDomain']:
h, p, transportDomain = snmpEngineMap['transportDomain'][
transportDomain]
log.info('using transport endpoint %s:%s, transport ID %s' %
(h, p, transportDomain))
else:
if transportDomain[:len(udp.domainName)] == udp.domainName:
transport = udp.UdpTransport()
elif transportDomain[:len(udp6.domainName)] == udp6.domainName:
transport = udp6.Udp6Transport()
else:
log.error('unknown transport domain %s' % (transportDomain, ))
return
h, p = cfgTree.getAttrValue('snmp-bind-address',
*configEntryPath).split(':', 1)
snmpEngine.registerTransportDispatcher(transportDispatcher,
transportDomain)
transportOptions = cfgTree.getAttrValue(
'snmp-transport-options', *configEntryPath,
**dict(default=[], vector=True))
t = transport.openServerMode((h, int(p)))
if 'transparent-proxy' in transportOptions:
t.enablePktInfo()
t.enableTransparent()
elif 'virtual-interface' in transportOptions:
t.enablePktInfo()
config.addSocketTransport(snmpEngine, transportDomain, t)
snmpEngineMap['transportDomain'][
transportDomain] = h, p, transportDomain
log.info(
'new transport endpoint %s:%s, options %s, transport ID %s' %
(h, p, transportOptions and '/'.join(transportOptions)
or '<none>', transportDomain))
configKey.append(transportDomain)
securityModel = cfgTree.getAttrValue('snmp-security-model',
*configEntryPath)
securityModel = rfc1902.Integer(securityModel)
securityLevel = cfgTree.getAttrValue('snmp-security-level',
*configEntryPath)
securityLevel = rfc1902.Integer(securityLevel)
securityName = cfgTree.getAttrValue('snmp-security-name',
*configEntryPath)
if securityModel in (1, 2):
if securityName in snmpEngineMap['securityName']:
if snmpEngineMap['securityName'][
securityModel] == securityModel:
log.info('using security-name %s' % securityName)
else:
raise SnmpfwdError(
'snmp-security-name %s already in use at snmp-security-model %s'
% (securityName, securityModel))
else:
communityName = cfgTree.getAttrValue('snmp-community-name',
*configEntryPath)
config.addV1System(snmpEngine,
securityName,
communityName,
securityName=securityName)
log.info(
'new community-name %s, security-model %s, security-name %s, security-level %s'
% (communityName, securityModel, securityName,
securityLevel))
snmpEngineMap['securityName'][securityName] = securityModel
configKey.append(securityModel)
configKey.append(securityLevel)
configKey.append(securityName)
elif securityModel == 3:
if securityName in snmpEngineMap['securityName']:
log.info('using USM security-name: %s' % securityName)
else:
usmUser = cfgTree.getAttrValue('snmp-usm-user',
*configEntryPath)
log.info(
'new USM user %s, security-model %s, security-level %s, security-name %s'
% (usmUser, securityModel, securityLevel, securityName))
if securityLevel in (2, 3):
usmAuthProto = cfgTree.getAttrValue(
'snmp-usm-auth-protocol', *configEntryPath,
**dict(default=config.usmHMACMD5AuthProtocol))
usmAuthProto = rfc1902.ObjectName(usmAuthProto)
usmAuthKey = cfgTree.getAttrValue('snmp-usm-auth-key',
*configEntryPath)
log.info(
'new USM authentication key: %s, authentication protocol: %s'
% (usmAuthKey, usmAuthProto))
if securityLevel == 3:
usmPrivProto = cfgTree.getAttrValue(
'snmp-usm-priv-protocol', *configEntryPath,
**dict(default=config.usmDESPrivProtocol))
usmPrivProto = rfc1902.ObjectName(usmPrivProto)
usmPrivKey = cfgTree.getAttrValue(
'snmp-usm-priv-key', *configEntryPath,
**dict(default=None))
log.info(
'new USM encryption key: %s, encryption protocol: %s'
% (usmPrivKey, usmPrivProto))
config.addV3User(snmpEngine, usmUser, usmAuthProto,
usmAuthKey, usmPrivProto, usmPrivKey)
else:
config.addV3User(snmpEngine, usmUser, usmAuthProto,
usmAuthKey)
else:
config.addV3User(snmpEngine, usmUser)
snmpEngineMap['securityName'][securityName] = securityModel
configKey.append(securityModel)
configKey.append(securityLevel)
configKey.append(securityName)
else:
raise SnmpfwdError('unknown snmp-security-model: %s' %
securityModel)
configKey = tuple(configKey)
if configKey in credIdMap:
log.error(
'ambiguous configuration for key snmp-credentials-id=%s at %s'
% (credId, '.'.join(configEntryPath)))
return
credIdMap[configKey] = credId
duplicates = {}
for peerCfgPath in cfgTree.getPathsToAttr('snmp-peer-id'):
peerId = cfgTree.getAttrValue('snmp-peer-id', *peerCfgPath)
if peerId in duplicates:
log.error(
'duplicate snmp-peer-id=%s at %s and %s' %
(peerId, '.'.join(peerCfgPath), '.'.join(duplicates[peerId])))
return
duplicates[peerId] = peerCfgPath
log.info('configuring peer ID %s (at %s)...' %
(peerId, '.'.join(peerCfgPath)))
transportDomain = cfgTree.getAttrValue('snmp-transport-domain',
*peerCfgPath)
if transportDomain not in peerIdMap:
peerIdMap[transportDomain] = []
for peerAddress in cfgTree.getAttrValue(
'snmp-peer-address-pattern-list', *peerCfgPath,
**dict(vector=True)):
for bindAddress in cfgTree.getAttrValue(
'snmp-bind-address-pattern-list', *peerCfgPath,
**dict(vector=True)):
peerIdMap[transportDomain].append(
(re.compile(peerAddress + '#' + bindAddress), peerId))
duplicates = {}
for contextCfgPath in cfgTree.getPathsToAttr('snmp-context-id'):
contextId = cfgTree.getAttrValue('snmp-context-id', *contextCfgPath)
if contextId in duplicates:
log.error('duplicate snmp-context-id=%s at %s and %s' %
(contextId, '.'.join(contextCfgPath), '.'.join(
duplicates[contextId])))
return
duplicates[contextId] = contextCfgPath
k = '#'.join((cfgTree.getAttrValue('snmp-context-engine-id-pattern',
*contextCfgPath),
cfgTree.getAttrValue('snmp-context-name-pattern',
*contextCfgPath)))
log.info('configuring context ID %s (at %s), composite key: %s' %
(contextId, '.'.join(contextCfgPath), k))
contextIdList.append((contextId, re.compile(k)))
duplicates = {}
for contentCfgPath in cfgTree.getPathsToAttr('snmp-content-id'):
contentId = cfgTree.getAttrValue('snmp-content-id', *contentCfgPath)
if contentId in duplicates:
log.error('duplicate snmp-content-id=%s at %s and %s' %
(contentId, '.'.join(contentCfgPath), '.'.join(
duplicates[contentId])))
return
duplicates[contentId] = contentCfgPath
for x in cfgTree.getAttrValue('snmp-pdu-oid-prefix-pattern-list',
*contentCfgPath, **dict(vector=True)):
k = '#'.join([
cfgTree.getAttrValue('snmp-pdu-type-pattern', *contentCfgPath),
x
])
log.info('configuring content ID %s (at %s), composite key: %s' %
(contentId, '.'.join(contentCfgPath), k))
contentIdList.append((contentId, re.compile(k)))
del duplicates
for pluginCfgPath in cfgTree.getPathsToAttr('using-plugin-id-list'):
pluginIdList = cfgTree.getAttrValue('using-plugin-id-list',
*pluginCfgPath,
**dict(vector=True))
log.info('configuring plugin ID(s) %s (at %s)...' %
(','.join(pluginIdList), '.'.join(pluginCfgPath)))
for credId in cfgTree.getAttrValue('matching-snmp-credentials-id-list',
*pluginCfgPath,
**dict(vector=True)):
for peerId in cfgTree.getAttrValue('matching-snmp-peer-id-list',
*pluginCfgPath,
**dict(vector=True)):
for contextId in cfgTree.getAttrValue(
'matching-snmp-context-id-list', *pluginCfgPath,
**dict(vector=True)):
for contentId in cfgTree.getAttrValue(
'matching-snmp-content-id-list', *pluginCfgPath,
**dict(vector=True)):
k = credId, contextId, peerId, contentId
if k in pluginIdMap:
log.error(
'duplicate snmp-credentials-id %s, snmp-context-id %s, snmp-peer-id %s, snmp-content-id %s at plugin-id(s) %s'
% (credId, contextId, peerId, contentId,
','.join(pluginIdList)))
return
else:
log.info(
'configuring plugin(s) %s (at %s), composite key: %s'
% (','.join(pluginIdList),
'.'.join(pluginCfgPath), '/'.join(k)))
for pluginId in pluginIdList:
if not pluginManager.hasPlugin(pluginId):
log.error(
'undefined plugin ID %s referenced at %s'
% (pluginId, '.'.join(pluginCfgPath)))
return
pluginIdMap[k] = pluginIdList
for routeCfgPath in cfgTree.getPathsToAttr('using-trunk-id-list'):
trunkIdList = cfgTree.getAttrValue('using-trunk-id-list',
*routeCfgPath, **dict(vector=True))
log.info('configuring destination trunk ID(s) %s (at %s)...' %
(','.join(trunkIdList), '.'.join(routeCfgPath)))
for credId in cfgTree.getAttrValue('matching-snmp-credentials-id-list',
*routeCfgPath, **dict(vector=True)):
for peerId in cfgTree.getAttrValue('matching-snmp-peer-id-list',
*routeCfgPath,
**dict(vector=True)):
for contextId in cfgTree.getAttrValue(
'matching-snmp-context-id-list', *routeCfgPath,
**dict(vector=True)):
for contentId in cfgTree.getAttrValue(
'matching-snmp-content-id-list', *routeCfgPath,
**dict(vector=True)):
k = credId, contextId, peerId, contentId
if k in trunkIdMap:
log.error(
'duplicate snmp-credentials-id %s, snmp-context-id %s, snmp-peer-id %s, snmp-content-id %s at trunk-id(s) %s'
% (credId, contextId, peerId, contentId,
','.join(trunkIdList)))
return
else:
trunkIdMap[k] = trunkIdList
log.info(
'configuring trunk routing to %s (at %s), composite key: %s'
% (','.join(trunkIdList), '.'.join(routeCfgPath),
'/'.join(k)))
def dataCbFun(trunkId, msgId, msg):
log.debug('message ID %s received from trunk %s' % (msgId, trunkId))
trunkingManager = TrunkingManager(dataCbFun)
def getTrunkAddr(a, port=0):
f = lambda h, p=port: (h, int(p))
try:
return f(*a.split(':'))
except Exception:
raise SnmpfwdError('improper IPv4 endpoint %s' % a)
for trunkCfgPath in cfgTree.getPathsToAttr('trunk-id'):
trunkId = cfgTree.getAttrValue('trunk-id', *trunkCfgPath)
secret = cfgTree.getAttrValue('trunk-crypto-key', *trunkCfgPath,
**dict(default=''))
secret = secret and (secret * ((16 // len(secret)) + 1))[:16]
log.info('configuring trunk ID %s (at %s)...' %
(trunkId, '.'.join(trunkCfgPath)))
connectionMode = cfgTree.getAttrValue('trunk-connection-mode',
*trunkCfgPath)
if connectionMode == 'client':
trunkingManager.addClient(
trunkId,
getTrunkAddr(
cfgTree.getAttrValue('trunk-bind-address', *trunkCfgPath)),
getTrunkAddr(
cfgTree.getAttrValue('trunk-peer-address', *trunkCfgPath),
30201),
cfgTree.getAttrValue('trunk-ping-period',
*trunkCfgPath,
default=0,
expect=int), secret)
log.info(
'new trunking client from %s to %s' %
(cfgTree.getAttrValue('trunk-bind-address', *trunkCfgPath),
cfgTree.getAttrValue('trunk-peer-address', *trunkCfgPath)))
if connectionMode == 'server':
trunkingManager.addServer(
getTrunkAddr(
cfgTree.getAttrValue('trunk-bind-address', *trunkCfgPath),
30201),
cfgTree.getAttrValue('trunk-ping-period',
*trunkCfgPath,
default=0,
expect=int), secret)
log.info(
'new trunking server at %s' %
(cfgTree.getAttrValue('trunk-bind-address', *trunkCfgPath)))
transportDispatcher.registerTimerCbFun(trunkingManager.setupTrunks,
random.randrange(1, 5))
transportDispatcher.registerTimerCbFun(trunkingManager.monitorTrunks,
random.randrange(1, 5))
try:
daemon.dropPrivileges(procUser, procGroup)
except Exception:
log.error('can not drop privileges: %s' % sys.exc_info()[1])
return
if not foregroundFlag:
try:
daemon.daemonize(pidFile)
except Exception:
log.error('can not daemonize process: %s' % sys.exc_info()[1])
return
# Run mainloop
log.info('starting I/O engine...')
transportDispatcher.jobStarted(1) # server job would never finish
# Python 2.4 does not support the "finally" clause
while True:
try:
transportDispatcher.runDispatcher()
except (PySnmpError, SnmpfwdError, socket.error):
log.error(str(sys.exc_info()[1]))
continue
except Exception:
transportDispatcher.closeDispatcher()
raise
