[Pkg-net-snmp-devel] Bug#966544: Switching from extend to pass for custom endpoints

Ian Campbell ijc at debian.org
Mon Aug 3 17:19:51 BST 2020 

Hi all,

I switched from pass to extend for my custom endpoint since the latter
was not disabled with the security update. It's a bit more faff but not
intractable (just lots of boilerplate really) so maybe it's useful to
post here as a sort of recipe while things get sorted out some other
way in the packaging.

I went from snmpd.conf with (nb: /var/run/qcontrol.temp simply contains
a single integer value, nothing fancy, it's updated elsewhere):

   extend     .1.3.6.1.4.1.65535.1 - /bin/cat /var/run/qcontrol.temp

To one with:

   pass .1.3.6.1.4.1.65535.1 /bin/bash /etc/snmp/qcontrol-mib

Where /etc/snmp/qcontrol-mib is:

   #!/bin/bash

   # https://sourceforge.net/p/net-snmp/code/ci/master/tree/local/passtest

PLACE=".1.3.6.1.4.1.65535.1"
OP="$1"
REQ="$2"

case "$OP" in
"-s") # SET
        OP="SET"
        logger -p daemon.debug "qcontrol-mib: $OP $REQ: ignored"
        exit 0
        ;;
"-n") # GETNEXT
        OP="GETNEXT"
        case "$REQ" in
        $PLACE|$PLACE.0|$PLACE.0.*|$PLACE.1) RET="$PLACE.1.0" ;;
        *) exit 0 ;; # Nothing after this
        esac
        ;;
"-g") # GET
        OP="GET"
        case "$REQ" in
        $PLACE.1.0) RET="$REQ" ;;
        *)
                logger -p daemon.warn "qcontrol-mib: $OP $REQ: unknown"
                exit 0
                ;;
        esac
        ;;
esac

# GET and GETNEXT
logger -p daemon.debug "qcontrol-mib: $OP $REQ: OK"
echo "$RET"
case "$RET" in
$PLACE.1.0) echo "integer" ; printf "%d\n" $(cat /var/run/qcontrol.temp);;
esac

These were moderately useful resources:

   http://www.net-snmp.org/docs/man/snmpd.conf.html (see: MIB-Specific Extension Commands)
   http://net-snmp.sourceforge.net/wiki/index.php/Tut:Extending_snmpd_using_shell_scripts
https://sourceforge.net/p/net-snmp/code/ci/master/tree/local/passtest

For people who want persistent_pass instead this looked like a good
resource but I didn't follow it myself since my needs were so trivial:
   https://vincent.bernat.ch/en/blog/2012-extending-netsnmp

That has links to Perl and Python helper libraries which I think you'd
likely want to use if you wanted multiple values since plumbing the
GETNEXT stuff together manually in the simple shell script case as
above would be fairly tedious.

HTH someone,
Ian.

More information about the Pkg-net-snmp-devel mailing list