diff --git a/net-snmp-5.7.3-iterator-fix.patch b/net-snmp-5.7.3-iterator-fix.patch new file mode 100644 index 0000000000000000000000000000000000000000..fb34caff7b82248d75c5962e25ea509b6f0b8fc1 --- /dev/null +++ b/net-snmp-5.7.3-iterator-fix.patch @@ -0,0 +1,14 @@ +diff -urNp old/agent/mibgroup/host/data_access/swrun.c new/agent/mibgroup/host/data_access/swrun.c +--- old/agent/mibgroup/host/data_access/swrun.c 2017-07-18 09:44:00.626109526 +0200 ++++ new/agent/mibgroup/host/data_access/swrun.c 2017-07-19 15:27:50.452255836 +0200 +@@ -102,6 +102,10 @@ swrun_count_processes_by_name( char *nam + return 0; /* or -1 */ + + it = CONTAINER_ITERATOR( swrun_container ); ++ if((entry = (netsnmp_swrun_entry*)ITERATOR_FIRST( it )) != NULL) { ++ if (0 == strcmp( entry->hrSWRunName, name )) ++ i++; ++ } + while ((entry = (netsnmp_swrun_entry*)ITERATOR_NEXT( it )) != NULL) { + if (0 == strcmp( entry->hrSWRunName, name )) + i++; diff --git a/net-snmp-5.8-ipAddress-faster-load.patch b/net-snmp-5.8-ipAddress-faster-load.patch new file mode 100644 index 0000000000000000000000000000000000000000..db95998f0b342e5d68559613c87680d936556fe4 --- /dev/null +++ b/net-snmp-5.8-ipAddress-faster-load.patch @@ -0,0 +1,82 @@ +diff -urNp a/agent/mibgroup/mibII/ipAddr.c b/agent/mibgroup/mibII/ipAddr.c +--- a/agent/mibgroup/mibII/ipAddr.c 2020-06-10 14:14:30.113696471 +0200 ++++ b/agent/mibgroup/mibII/ipAddr.c 2020-06-10 14:27:15.345354018 +0200 +@@ -495,14 +495,16 @@ Address_Scan_Next(Index, Retin_ifaddr) + } + + #elif defined(linux) ++#include + static struct ifreq *ifr; + static int ifr_counter; + + static void + Address_Scan_Init(void) + { +- int num_interfaces = 0; ++ int i; + int fd; ++ int lastlen = 0; + + /* get info about all interfaces */ + +@@ -510,28 +512,45 @@ Address_Scan_Init(void) + SNMP_FREE(ifc.ifc_buf); + ifr_counter = 0; + +- do +- { + if ((fd = socket(AF_INET, SOCK_DGRAM, 0)) < 0) + { + DEBUGMSGTL(("snmpd", "socket open failure in Address_Scan_Init\n")); + return; + } +- num_interfaces += 16; + +- ifc.ifc_len = sizeof(struct ifreq) * num_interfaces; +- ifc.ifc_buf = (char*) realloc(ifc.ifc_buf, ifc.ifc_len); +- +- if (ioctl(fd, SIOCGIFCONF, &ifc) < 0) +- { +- ifr=NULL; +- close(fd); +- return; +- } +- close(fd); ++ /* ++ * Cope with lots of interfaces and brokenness of ioctl SIOCGIFCONF ++ * on some platforms; see W. R. Stevens, ``Unix Network Programming ++ * Volume I'', p.435... ++ */ ++ ++ for (i = 8;; i *= 2) { ++ ifc.ifc_len = sizeof(struct ifreq) * i; ++ ifc.ifc_req = calloc(i, sizeof(struct ifreq)); ++ ++ if (ioctl(fd, SIOCGIFCONF, &ifc) < 0) { ++ if (errno != EINVAL || lastlen != 0) { ++ /* ++ * Something has gone genuinely wrong... ++ */ ++ snmp_log(LOG_ERR, "bad rc from ioctl, errno %d", errno); ++ SNMP_FREE(ifc.ifc_buf); ++ close(fd); ++ return; ++ } ++ } else { ++ if (ifc.ifc_len == lastlen) { ++ /* ++ * The length is the same as the last time; we're done... ++ */ ++ break; ++ } ++ lastlen = ifc.ifc_len; ++ } ++ free(ifc.ifc_buf); /* no SNMP_FREE, getting ready to reassign */ + } +- while (ifc.ifc_len >= (sizeof(struct ifreq) * num_interfaces)); +- ++ ++ close(fd); + ifr = ifc.ifc_req; + } + diff --git a/net-snmp-5.8-rpm-memory-leak.patch b/net-snmp-5.8-rpm-memory-leak.patch new file mode 100644 index 0000000000000000000000000000000000000000..d3370085e20206dd1403b83b34d941877a07cd23 --- /dev/null +++ b/net-snmp-5.8-rpm-memory-leak.patch @@ -0,0 +1,28 @@ +diff --git a/agent/mibgroup/host/data_access/swinst_rpm.c b/agent/mibgroup/host/data_access/swinst_rpm.c +index 695c469..dd0e487 100644 +--- a/agent/mibgroup/host/data_access/swinst_rpm.c ++++ b/agent/mibgroup/host/data_access/swinst_rpm.c +@@ -75,6 +75,9 @@ netsnmp_swinst_arch_init(void) + snprintf( pkg_directory, SNMP_MAXPATH, "%s/Packages", dbpath ); + SNMP_FREE(rpmdbpath); + dbpath = NULL; ++#ifdef HAVE_RPMGETPATH ++ rpmFreeRpmrc(); ++#endif + if (-1 == stat( pkg_directory, &stat_buf )) { + snmp_log(LOG_ERR, "Can't find directory of RPM packages\n"); + pkg_directory[0] = '\0'; +diff --git a/agent/mibgroup/host/hr_swinst.c b/agent/mibgroup/host/hr_swinst.c +index 1f52733..ccf1cab 100644 +--- a/agent/mibgroup/host/hr_swinst.c ++++ b/agent/mibgroup/host/hr_swinst.c +@@ -231,6 +231,9 @@ init_hr_swinst(void) + snprintf(path, sizeof(path), "%s/packages.rpm", swi->swi_dbpath); + path[ sizeof(path)-1 ] = 0; + swi->swi_directory = strdup(path); ++#ifdef HAVE_RPMGETPATH ++ rpmFreeRpmrc(); ++#endif + } + #else + # ifdef _PATH_HRSW_directory diff --git a/net-snmp-5.9-coverity.patch b/net-snmp-5.9-coverity.patch new file mode 100644 index 0000000000000000000000000000000000000000..fa3e0430d5a245c8c55a44e9786ee1e99eddf6c7 --- /dev/null +++ b/net-snmp-5.9-coverity.patch @@ -0,0 +1,22 @@ +diff --git a/agent/mibgroup/disman/event/mteTrigger.c b/agent/mibgroup/disman/event/mteTrigger.c +index e9a8831..5a1d8e7 100644 +--- a/agent/mibgroup/disman/event/mteTrigger.c ++++ b/agent/mibgroup/disman/event/mteTrigger.c +@@ -1012,7 +1012,7 @@ mteTrigger_run( unsigned int reg, void *clientarg) + * Similarly, if no fallEvent is configured, + * there's no point in trying to fire it either. + */ +- if (entry->mteTThRiseEvent[0] != '\0' ) { ++ if (entry->mteTThFallEvent[0] != '\0' ) { + entry->mteTriggerXOwner = entry->mteTThObjOwner; + entry->mteTriggerXObjects = entry->mteTThObjects; + entry->mteTriggerFired = vp1; +@@ -1105,7 +1105,7 @@ mteTrigger_run( unsigned int reg, void *clientarg) + * Similarly, if no fallEvent is configured, + * there's no point in trying to fire it either. + */ +- if (entry->mteTThDRiseEvent[0] != '\0' ) { ++ if (entry->mteTThDFallEvent[0] != '\0' ) { + entry->mteTriggerXOwner = entry->mteTThObjOwner; + entry->mteTriggerXObjects = entry->mteTThObjects; + entry->mteTriggerFired = vp1; diff --git a/net-snmp-5.9.4-kernel-6.7.patch b/net-snmp-5.9.4-kernel-6.7.patch new file mode 100644 index 0000000000000000000000000000000000000000..089f23b532ffb7f3903dd9f423a2361e292cc975 --- /dev/null +++ b/net-snmp-5.9.4-kernel-6.7.patch @@ -0,0 +1,120 @@ +From f5ae6baf0018abda9dedc368fe6d52c0d7a8ab8f Mon Sep 17 00:00:00 2001 +From: Philippe Troin +Date: Sat, 3 Feb 2024 10:30:30 -0800 +Subject: [PATCH] Add Linux 6.7 compatibility parsing /proc/net/snmp + +Linux 6.7 adds a new OutTransmits field to Ip in /proc/net/snmp. +This breaks the hard-coded assumptions about the Ip line length. +Add compatibility to parse Linux 6.7 Ip header while keep support +for previous versions. +--- + .../ip-mib/data_access/systemstats_linux.c | 46 +++++++++++++++---- + 1 file changed, 37 insertions(+), 9 deletions(-) + +diff --git a/agent/mibgroup/ip-mib/data_access/systemstats_linux.c b/agent/mibgroup/ip-mib/data_access/systemstats_linux.c +index 49e0a34d5c..f04e828a94 100644 +--- a/agent/mibgroup/ip-mib/data_access/systemstats_linux.c ++++ b/agent/mibgroup/ip-mib/data_access/systemstats_linux.c +@@ -36,7 +36,7 @@ netsnmp_access_systemstats_arch_init(void) + } + + /* +- /proc/net/snmp ++ /proc/net/snmp - Linux 6.6 and lower + + Ip: Forwarding DefaultTTL InReceives InHdrErrors InAddrErrors ForwDatagrams InUnknownProtos InDiscards InDelivers OutRequests OutDiscards OutNoRoutes ReasmTimeout ReasmReqds ReasmOKs ReasmFails FragOKs FragFails FragCreates + Ip: 2 64 7083534 0 0 0 0 0 6860233 6548963 0 0 1 286623 63322 1 259920 0 0 +@@ -49,6 +49,26 @@ netsnmp_access_systemstats_arch_init(void) + + Udp: InDatagrams NoPorts InErrors OutDatagrams + Udp: 1491094 122 0 1466178 ++* ++ /proc/net/snmp - Linux 6.7 and higher ++ ++ Ip: Forwarding DefaultTTL InReceives InHdrErrors InAddrErrors ForwDatagrams InUnknownProtos InDiscards InDelivers OutRequests OutDiscards OutNoRoutes ReasmTimeout ReasmReqds ReasmOKs ReasmFails FragOKs FragFails FragCreates OutTransmits ++ Ip: 1 64 50859058 496 0 37470604 0 0 20472980 7515791 1756 0 0 7264 3632 0 3548 0 7096 44961424 ++ ++ Icmp: InMsgs InErrors InCsumErrors InDestUnreachs InTimeExcds InParmProbs InSrcQuenchs InRedirects InEchos InEchoReps InTimestamps InTimestampReps InAddrMasks InAddrMaskReps OutMsgs OutErrors OutRateLimitGlobal OutRateLimitHost OutDestUnreachs OutTimeExcds OutParmProbs OutSrcQuenchs OutRedirects OutEchos OutEchoReps OutTimestamps OutTimestampReps OutAddrMasks OutAddrMaskReps ++ Icmp: 114447 2655 0 17589 0 0 0 0 66905 29953 0 0 0 0 143956 0 0 572 16610 484 0 0 0 59957 66905 0 0 0 0 ++ ++ IcmpMsg: InType0 InType3 InType8 OutType0 OutType3 OutType8 OutType11 ++ IcmpMsg: 29953 17589 66905 66905 16610 59957 484 ++ ++ Tcp: RtoAlgorithm RtoMin RtoMax MaxConn ActiveOpens PassiveOpens AttemptFails EstabResets CurrEstab InSegs OutSegs RetransSegs InErrs OutRsts InCsumErrors ++ Tcp: 1 200 120000 -1 17744 13525 307 3783 6 18093137 9277788 3499 8 7442 0 ++ ++ Udp: InDatagrams NoPorts InErrors OutDatagrams RcvbufErrors SndbufErrors InCsumErrors IgnoredMulti MemErrors ++ Udp: 2257832 1422 0 2252835 0 0 0 84 0 ++ ++ UdpLite: InDatagrams NoPorts InErrors OutDatagrams RcvbufErrors SndbufErrors InCsumErrors IgnoredMulti MemErrors ++ UdpLite: 0 0 0 0 0 0 0 0 0 + */ + + +@@ -101,10 +121,10 @@ _systemstats_v4(netsnmp_container* container, u_int load_flags) + FILE *devin; + char line[1024]; + netsnmp_systemstats_entry *entry = NULL; +- int scan_count; ++ int scan_count, expected_scan_count; + char *stats, *start = line; + int len; +- unsigned long long scan_vals[19]; ++ unsigned long long scan_vals[20]; + + DEBUGMSGTL(("access:systemstats:container:arch", "load v4 (flags %x)\n", + load_flags)); +@@ -126,10 +146,17 @@ _systemstats_v4(netsnmp_container* container, u_int load_flags) + */ + NETSNMP_IGNORE_RESULT(fgets(line, sizeof(line), devin)); + len = strlen(line); +- if (224 != len) { ++ switch (len) { ++ case 224: ++ expected_scan_count = 19; ++ break; ++ case 237: ++ expected_scan_count = 20; ++ break; ++ default: + fclose(devin); + snmp_log(LOG_ERR, "systemstats_linux: unexpected header length in /proc/net/snmp." +- " %d != 224\n", len); ++ " %d not in { 224, 237 } \n", len); + return -4; + } + +@@ -178,20 +205,20 @@ _systemstats_v4(netsnmp_container* container, u_int load_flags) + memset(scan_vals, 0x0, sizeof(scan_vals)); + scan_count = sscanf(stats, + "%llu %llu %llu %llu %llu %llu %llu %llu %llu %llu" +- "%llu %llu %llu %llu %llu %llu %llu %llu %llu", ++ "%llu %llu %llu %llu %llu %llu %llu %llu %llu %llu", + &scan_vals[0],&scan_vals[1],&scan_vals[2], + &scan_vals[3],&scan_vals[4],&scan_vals[5], + &scan_vals[6],&scan_vals[7],&scan_vals[8], + &scan_vals[9],&scan_vals[10],&scan_vals[11], + &scan_vals[12],&scan_vals[13],&scan_vals[14], + &scan_vals[15],&scan_vals[16],&scan_vals[17], +- &scan_vals[18]); ++ &scan_vals[18],&scan_vals[19]); + DEBUGMSGTL(("access:systemstats", " read %d values\n", scan_count)); + +- if(scan_count != 19) { ++ if(scan_count != expected_scan_count) { + snmp_log(LOG_ERR, + "error scanning systemstats data (expected %d, got %d)\n", +- 19, scan_count); ++ expected_scan_count, scan_count); + netsnmp_access_systemstats_entry_free(entry); + return -4; + } +@@ -223,6 +250,7 @@ _systemstats_v4(netsnmp_container* container, u_int load_flags) + entry->stats.HCOutFragFails.high = scan_vals[17] >> 32; + entry->stats.HCOutFragCreates.low = scan_vals[18] & 0xffffffff; + entry->stats.HCOutFragCreates.high = scan_vals[18] >> 32; ++ /* entry->stats. = scan_vals[19]; / * OutTransmits */ + + entry->stats.columnAvail[IPSYSTEMSTATSTABLE_HCINRECEIVES] = 1; + entry->stats.columnAvail[IPSYSTEMSTATSTABLE_INHDRERRORS] = 1; + diff --git a/net-snmp-5.9.4-test-fix.patch b/net-snmp-5.9.4-test-fix.patch new file mode 100644 index 0000000000000000000000000000000000000000..43fa8ccaece227a25d6edb95d55facfc6d7f8031 --- /dev/null +++ b/net-snmp-5.9.4-test-fix.patch @@ -0,0 +1,29 @@ +diff -ruNp a/testing/fulltests/support/simple_eval_tools.sh b/testing/fulltests/support/simple_eval_tools.sh +--- a/testing/fulltests/support/simple_eval_tools.sh 2024-02-26 14:36:03.641432345 +0100 ++++ b/testing/fulltests/support/simple_eval_tools.sh 2024-02-26 14:38:15.946855878 +0100 +@@ -525,7 +525,6 @@ STARTPROG() { + if test -f $CFG_FILE; then + COMMAND="$COMMAND -C -c $CFG_FILE" + fi +- COMMAND="$COMMAND -f" + if [ "x$PORT_SPEC" != "x" ]; then + COMMAND="$COMMAND $PORT_SPEC" + fi +@@ -537,10 +536,13 @@ STARTPROG() { + OUTPUTENVVARS $LOG_FILE.command + echo $COMMAND >> $LOG_FILE.command + fi +- { +- { $COMMAND; } >$LOG_FILE.stdout 2>&1 +- echo $? >$LOG_FILE.exitcode +- } & ++ if [ "x$OSTYPE" = "xmsys" ]; then ++ $COMMAND > $LOG_FILE.stdout 2>&1 & ++ ## COMMAND="cmd.exe //c start //min $COMMAND" ++ ## start $COMMAND > $LOG_FILE.stdout 2>&1 ++ else ++ $COMMAND > $LOG_FILE.stdout 2>&1 ++ fi + } + + #------------------------------------ -o- diff --git a/net-snmp-5.9.4.tar.gz b/net-snmp-5.9.4.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..7b35f2174053347dd389e768df79fdb4be18f649 Binary files /dev/null and b/net-snmp-5.9.4.tar.gz differ diff --git a/net-snmp-config b/net-snmp-config new file mode 100755 index 0000000000000000000000000000000000000000..a001eefd323b16e18cac6bc1bf9c0cffdc8bcbee --- /dev/null +++ b/net-snmp-config @@ -0,0 +1,62 @@ +#!/bin/sh +# +# net-snmp-config +# +# this shell script is designed to merely dump the configuration +# information about how the net-snmp package was compiled. The +# information is particularily useful for applications that need to +# link against the net-snmp libraries and hence must know about any +# other libraries that must be linked in as well. + +# this particular shell script calls arch specific script to avoid +# multilib conflicts + +# Supported arches ix86 ia64 ppc ppc64 s390 s390x x86_64 alpha sparc sparc64 + +arch=`arch` +echo $arch | grep -q i.86 +if [ $? -eq 0 ] ; then + net-snmp-config-i386 "$@" + exit 0 +fi +if [ "$arch" = "ia64" ] ; then + net-snmp-config-ia64 "$@" + exit 0 +fi +if [ "$arch" = "ppc" ] ; then + net-snmp-config-ppc "$@" + exit 0 +fi +if [ "$arch" = "ppc64" ] ; then + net-snmp-config-ppc64 "$@" + exit 0 +fi +if [ "$arch" = "s390" ] ; then + net-snmp-config-s390 "$@" + exit 0 +fi +if [ "$arch" = "s390x" ] ; then + net-snmp-config-s390x "$@" + exit 0 +fi +if [ "$arch" = "x86_64" ] ; then + net-snmp-config-x86_64 "$@" + exit 0 +fi +if [ "$arch" = "alpha" ] ; then + net-snmp-config-alpha "$@" + exit 0 +fi +if [ "$arch" = "sparc" ] ; then + net-snmp-config-sparc "$@" + exit 0 +fi +if [ "$arch" = "sparc64" ] ; then + net-snmp-config-sparc64 "$@" + exit 0 +fi +if [ "$arch" = "aarch64" ] ; then + net-snmp-config-aarch64 "$@" + exit 0 +fi +echo "Cannot determine architecture" diff --git a/net-snmp-config.h b/net-snmp-config.h new file mode 100644 index 0000000000000000000000000000000000000000..b8f44d570c31fc39690408316e7a1498013a8d1e --- /dev/null +++ b/net-snmp-config.h @@ -0,0 +1,38 @@ +/* This file is here to prevent a file conflict on multiarch systems. A + * conflict will frequently occur because arch-specific build-time + * configuration options are stored (and used, so they can't just be stripped + * out) in net-snmp-config.h. The original net-snmp-config.h has been renamed. + * DO NOT INCLUDE THE NEW FILE DIRECTLY -- ALWAYS INCLUDE THIS ONE INSTEAD. */ + +#ifdef net_snmp_config_multilib_redirection_h +#error "Do not define net_snmp_config_multilib_redirection_h!" +#endif +#define net_snmp_config_multilib_redirection_h + +#if defined(__i386__) +#include "net-snmp-config-i386.h" +#elif defined(__ia64__) +#include "net-snmp-config-ia64.h" +#elif defined(__powerpc64__) +#include "net-snmp-config-ppc64.h" +#elif defined(__powerpc__) +#include "net-snmp-config-ppc.h" +#elif defined(__s390x__) +#include "net-snmp-config-s390x.h" +#elif defined(__s390__) +#include "net-snmp-config-s390.h" +#elif defined(__x86_64__) +#include "net-snmp-config-x86_64.h" +#elif defined(__alpha__) +#include "net-snmp-config-alpha.h" +#elif defined(__sparc__) && defined (__arch64__) +#include "net-snmp-config-sparc64.h" +#elif defined(__sparc__) +#include "net-snmp-config-sparc.h" +#elif defined(__aarch64__) +#include "net-snmp-config-aarch64.h" +#else +#error "net-snmp-devel package does not work on your architecture" +#endif + +#undef net_snmp_config_multilib_redirection_h diff --git a/net-snmp-trapd.redhat.conf b/net-snmp-trapd.redhat.conf new file mode 100644 index 0000000000000000000000000000000000000000..72ce1ccca4f2ccda322efc65d7ab2a7955ea870a --- /dev/null +++ b/net-snmp-trapd.redhat.conf @@ -0,0 +1,6 @@ +# Example configuration file for snmptrapd +# +# No traps are handled by default, you must edit this file! +# +# authCommunity log,execute,net public +# traphandle SNMPv2-MIB::coldStart /usr/bin/bin/my_great_script cold diff --git a/net-snmp.redhat.conf b/net-snmp.redhat.conf new file mode 100644 index 0000000000000000000000000000000000000000..ee19ab8873fa98320338d5f5dec29fbef96d95eb --- /dev/null +++ b/net-snmp.redhat.conf @@ -0,0 +1,462 @@ +############################################################################### +# +# snmpd.conf: +# An example configuration file for configuring the ucd-snmp snmpd agent. +# +############################################################################### +# +# This file is intended to only be as a starting point. Many more +# configuration directives exist than are mentioned in this file. For +# full details, see the snmpd.conf(5) manual page. +# +# All lines beginning with a '#' are comments and are intended for you +# to read. All other lines are configuration commands for the agent. + +############################################################################### +# Access Control +############################################################################### + +# As shipped, the snmpd demon will only respond to queries on the +# system mib group until this file is replaced or modified for +# security purposes. Examples are shown below about how to increase the +# level of access. + +# By far, the most common question I get about the agent is "why won't +# it work?", when really it should be "how do I configure the agent to +# allow me to access it?" +# +# By default, the agent responds to the "public" community for read +# only access, if run out of the box without any configuration file in +# place. The following examples show you other ways of configuring +# the agent so that you can change the community names, and give +# yourself write access to the mib tree as well. +# +# For more information, read the FAQ as well as the snmpd.conf(5) +# manual page. + +#### +# First, map the community name "public" into a "security name" + +# sec.name source community +com2sec notConfigUser default public + +#### +# Second, map the security name into a group name: + +# groupName securityModel securityName +group notConfigGroup v1 notConfigUser +group notConfigGroup v2c notConfigUser + +#### +# Third, create a view for us to let the group have rights to: + +# Make at least snmpwalk -v 1 localhost -c public system fast again. +# name incl/excl subtree mask(optional) +view systemview included .1.3.6.1.2.1.1 +view systemview included .1.3.6.1.2.1.25.1.1 + +#### +# Finally, grant the group read-only access to the systemview view. + +# group context sec.model sec.level prefix read write notif +access notConfigGroup "" any noauth exact systemview none none + +# ----------------------------------------------------------------------------- + +# Here is a commented out example configuration that allows less +# restrictive access. + +# YOU SHOULD CHANGE THE "COMMUNITY" TOKEN BELOW TO A NEW KEYWORD ONLY +# KNOWN AT YOUR SITE. YOU *MUST* CHANGE THE NETWORK TOKEN BELOW TO +# SOMETHING REFLECTING YOUR LOCAL NETWORK ADDRESS SPACE. + +## sec.name source community +#com2sec local localhost COMMUNITY +#com2sec mynetwork NETWORK/24 COMMUNITY + +## group.name sec.model sec.name +#group MyRWGroup any local +#group MyROGroup any mynetwork +# +#group MyRWGroup any otherv3user +#... + +## incl/excl subtree mask +#view all included .1 80 + +## -or just the mib2 tree- + +#view mib2 included .iso.org.dod.internet.mgmt.mib-2 fc + + +## context sec.model sec.level prefix read write notif +#access MyROGroup "" any noauth 0 all none none +#access MyRWGroup "" any noauth 0 all all all + + +############################################################################### +# Sample configuration to make net-snmpd RFC 1213. +# Unfortunately v1 and v2c don't allow any user based authentification, so +# opening up the default config is not an option from a security point. +# +# WARNING: If you uncomment the following lines you allow write access to your +# snmpd daemon from any source! To avoid this use different names for your +# community or split out the write access to a different community and +# restrict it to your local network. +# Also remember to comment the syslocation and syscontact parameters later as +# otherwise they are still read only (see FAQ for net-snmp). +# + +# First, map the community name "public" into a "security name" +# sec.name source community +#com2sec notConfigUser default public + +# Second, map the security name into a group name: +# groupName securityModel securityName +#group notConfigGroup v1 notConfigUser +#group notConfigGroup v2c notConfigUser + +# Third, create a view for us to let the group have rights to: +# Open up the whole tree for ro, make the RFC 1213 required ones rw. +# name incl/excl subtree mask(optional) +#view roview included .1 +#view rwview included system.sysContact +#view rwview included system.sysName +#view rwview included system.sysLocation +#view rwview included interfaces.ifTable.ifEntry.ifAdminStatus +#view rwview included at.atTable.atEntry.atPhysAddress +#view rwview included at.atTable.atEntry.atNetAddress +#view rwview included ip.ipForwarding +#view rwview included ip.ipDefaultTTL +#view rwview included ip.ipRouteTable.ipRouteEntry.ipRouteDest +#view rwview included ip.ipRouteTable.ipRouteEntry.ipRouteIfIndex +#view rwview included ip.ipRouteTable.ipRouteEntry.ipRouteMetric1 +#view rwview included ip.ipRouteTable.ipRouteEntry.ipRouteMetric2 +#view rwview included ip.ipRouteTable.ipRouteEntry.ipRouteMetric3 +#view rwview included ip.ipRouteTable.ipRouteEntry.ipRouteMetric4 +#view rwview included ip.ipRouteTable.ipRouteEntry.ipRouteType +#view rwview included ip.ipRouteTable.ipRouteEntry.ipRouteAge +#view rwview included ip.ipRouteTable.ipRouteEntry.ipRouteMask +#view rwview included ip.ipRouteTable.ipRouteEntry.ipRouteMetric5 +#view rwview included ip.ipNetToMediaTable.ipNetToMediaEntry.ipNetToMediaIfIndex +#view rwview included ip.ipNetToMediaTable.ipNetToMediaEntry.ipNetToMediaPhysAddress +#view rwview included ip.ipNetToMediaTable.ipNetToMediaEntry.ipNetToMediaNetAddress +#view rwview included ip.ipNetToMediaTable.ipNetToMediaEntry.ipNetToMediaType +#view rwview included tcp.tcpConnTable.tcpConnEntry.tcpConnState +#view rwview included egp.egpNeighTable.egpNeighEntry.egpNeighEventTrigger +#view rwview included snmp.snmpEnableAuthenTraps + +# Finally, grant the group read-only access to the systemview view. +# group context sec.model sec.level prefix read write notif +#access notConfigGroup "" any noauth exact roview rwview none + + + +############################################################################### +# System contact information +# + +# It is also possible to set the sysContact and sysLocation system +# variables through the snmpd.conf file: + +syslocation Unknown (edit /etc/snmp/snmpd.conf) +syscontact Root (configure /etc/snmp/snmp.local.conf) + +# Example output of snmpwalk: +# % snmpwalk -v 1 localhost -c public system +# system.sysDescr.0 = "SunOS name sun4c" +# system.sysObjectID.0 = OID: enterprises.ucdavis.ucdSnmpAgent.sunos4 +# system.sysUpTime.0 = Timeticks: (595637548) 68 days, 22:32:55 +# system.sysContact.0 = "Me " +# system.sysName.0 = "name" +# system.sysLocation.0 = "Right here, right now." +# system.sysServices.0 = 72 + + +############################################################################### +# Logging +# + +# We do not want annoying "Connection from UDP: " messages in syslog. +# If the following option is commented out, snmpd will print each incoming +# connection, which can be useful for debugging. + +dontLogTCPWrappersConnects yes + +# ----------------------------------------------------------------------------- + + +############################################################################### +# Process checks. +# +# The following are examples of how to use the agent to check for +# processes running on the host. The syntax looks something like: +# +# proc NAME [MAX=0] [MIN=0] +# +# NAME: the name of the process to check for. It must match +# exactly (ie, http will not find httpd processes). +# MAX: the maximum number allowed to be running. Defaults to 0. +# MIN: the minimum number to be running. Defaults to 0. + +# +# Examples (commented out by default): +# + +# Make sure mountd is running +#proc mountd + +# Make sure there are no more than 4 ntalkds running, but 0 is ok too. +#proc ntalkd 4 + +# Make sure at least one sendmail, but less than or equal to 10 are running. +#proc sendmail 10 1 + +# A snmpwalk of the process mib tree would look something like this: +# +# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.2 +# enterprises.ucdavis.procTable.prEntry.prIndex.1 = 1 +# enterprises.ucdavis.procTable.prEntry.prIndex.2 = 2 +# enterprises.ucdavis.procTable.prEntry.prIndex.3 = 3 +# enterprises.ucdavis.procTable.prEntry.prNames.1 = "mountd" +# enterprises.ucdavis.procTable.prEntry.prNames.2 = "ntalkd" +# enterprises.ucdavis.procTable.prEntry.prNames.3 = "sendmail" +# enterprises.ucdavis.procTable.prEntry.prMin.1 = 0 +# enterprises.ucdavis.procTable.prEntry.prMin.2 = 0 +# enterprises.ucdavis.procTable.prEntry.prMin.3 = 1 +# enterprises.ucdavis.procTable.prEntry.prMax.1 = 0 +# enterprises.ucdavis.procTable.prEntry.prMax.2 = 4 +# enterprises.ucdavis.procTable.prEntry.prMax.3 = 10 +# enterprises.ucdavis.procTable.prEntry.prCount.1 = 0 +# enterprises.ucdavis.procTable.prEntry.prCount.2 = 0 +# enterprises.ucdavis.procTable.prEntry.prCount.3 = 1 +# enterprises.ucdavis.procTable.prEntry.prErrorFlag.1 = 1 +# enterprises.ucdavis.procTable.prEntry.prErrorFlag.2 = 0 +# enterprises.ucdavis.procTable.prEntry.prErrorFlag.3 = 0 +# enterprises.ucdavis.procTable.prEntry.prErrMessage.1 = "No mountd process running." +# enterprises.ucdavis.procTable.prEntry.prErrMessage.2 = "" +# enterprises.ucdavis.procTable.prEntry.prErrMessage.3 = "" +# enterprises.ucdavis.procTable.prEntry.prErrFix.1 = 0 +# enterprises.ucdavis.procTable.prEntry.prErrFix.2 = 0 +# enterprises.ucdavis.procTable.prEntry.prErrFix.3 = 0 +# +# Note that the errorFlag for mountd is set to 1 because one is not +# running (in this case an rpc.mountd is, but thats not good enough), +# and the ErrMessage tells you what's wrong. The configuration +# imposed in the snmpd.conf file is also shown. +# +# Special Case: When the min and max numbers are both 0, it assumes +# you want a max of infinity and a min of 1. +# + + +# ----------------------------------------------------------------------------- + + +############################################################################### +# Executables/scripts +# + +# +# You can also have programs run by the agent that return a single +# line of output and an exit code. Here are two examples. +# +# exec NAME PROGRAM [ARGS ...] +# +# NAME: A generic name. The name must be unique for each exec statement. +# PROGRAM: The program to run. Include the path! +# ARGS: optional arguments to be passed to the program + +# a simple hello world + +#exec echotest /bin/echo hello world + +# Run a shell script containing: +# +# #!/bin/sh +# echo hello world +# echo hi there +# exit 35 +# +# Note: this has been specifically commented out to prevent +# accidental security holes due to someone else on your system writing +# a /tmp/shtest before you do. Uncomment to use it. +# +#exec shelltest /bin/sh /tmp/shtest + +# Then, +# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.8 +# enterprises.ucdavis.extTable.extEntry.extIndex.1 = 1 +# enterprises.ucdavis.extTable.extEntry.extIndex.2 = 2 +# enterprises.ucdavis.extTable.extEntry.extNames.1 = "echotest" +# enterprises.ucdavis.extTable.extEntry.extNames.2 = "shelltest" +# enterprises.ucdavis.extTable.extEntry.extCommand.1 = "/bin/echo hello world" +# enterprises.ucdavis.extTable.extEntry.extCommand.2 = "/bin/sh /tmp/shtest" +# enterprises.ucdavis.extTable.extEntry.extResult.1 = 0 +# enterprises.ucdavis.extTable.extEntry.extResult.2 = 35 +# enterprises.ucdavis.extTable.extEntry.extOutput.1 = "hello world." +# enterprises.ucdavis.extTable.extEntry.extOutput.2 = "hello world." +# enterprises.ucdavis.extTable.extEntry.extErrFix.1 = 0 +# enterprises.ucdavis.extTable.extEntry.extErrFix.2 = 0 + +# Note that the second line of the /tmp/shtest shell script is cut +# off. Also note that the exit status of 35 was returned. + +# ----------------------------------------------------------------------------- + + +############################################################################### +# disk checks +# + +# The agent can check the amount of available disk space, and make +# sure it is above a set limit. + +# disk PATH [MIN=100000] +# +# PATH: mount path to the disk in question. +# MIN: Disks with space below this value will have the Mib's errorFlag set. +# Default value = 100000. + +# Check the / partition and make sure it contains at least 10 megs. + +#disk / 10000 + +# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.9 +# enterprises.ucdavis.diskTable.dskEntry.diskIndex.1 = 0 +# enterprises.ucdavis.diskTable.dskEntry.diskPath.1 = "/" Hex: 2F +# enterprises.ucdavis.diskTable.dskEntry.diskDevice.1 = "/dev/dsk/c201d6s0" +# enterprises.ucdavis.diskTable.dskEntry.diskMinimum.1 = 10000 +# enterprises.ucdavis.diskTable.dskEntry.diskTotal.1 = 837130 +# enterprises.ucdavis.diskTable.dskEntry.diskAvail.1 = 316325 +# enterprises.ucdavis.diskTable.dskEntry.diskUsed.1 = 437092 +# enterprises.ucdavis.diskTable.dskEntry.diskPercent.1 = 58 +# enterprises.ucdavis.diskTable.dskEntry.diskErrorFlag.1 = 0 +# enterprises.ucdavis.diskTable.dskEntry.diskErrorMsg.1 = "" + +# ----------------------------------------------------------------------------- + + +############################################################################### +# load average checks +# + +# load [1MAX=12.0] [5MAX=12.0] [15MAX=12.0] +# +# 1MAX: If the 1 minute load average is above this limit at query +# time, the errorFlag will be set. +# 5MAX: Similar, but for 5 min average. +# 15MAX: Similar, but for 15 min average. + +# Check for loads: +#load 12 14 14 + +# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.10 +# enterprises.ucdavis.loadTable.laEntry.loadaveIndex.1 = 1 +# enterprises.ucdavis.loadTable.laEntry.loadaveIndex.2 = 2 +# enterprises.ucdavis.loadTable.laEntry.loadaveIndex.3 = 3 +# enterprises.ucdavis.loadTable.laEntry.loadaveNames.1 = "Load-1" +# enterprises.ucdavis.loadTable.laEntry.loadaveNames.2 = "Load-5" +# enterprises.ucdavis.loadTable.laEntry.loadaveNames.3 = "Load-15" +# enterprises.ucdavis.loadTable.laEntry.loadaveLoad.1 = "0.49" Hex: 30 2E 34 39 +# enterprises.ucdavis.loadTable.laEntry.loadaveLoad.2 = "0.31" Hex: 30 2E 33 31 +# enterprises.ucdavis.loadTable.laEntry.loadaveLoad.3 = "0.26" Hex: 30 2E 32 36 +# enterprises.ucdavis.loadTable.laEntry.loadaveConfig.1 = "12.00" +# enterprises.ucdavis.loadTable.laEntry.loadaveConfig.2 = "14.00" +# enterprises.ucdavis.loadTable.laEntry.loadaveConfig.3 = "14.00" +# enterprises.ucdavis.loadTable.laEntry.loadaveErrorFlag.1 = 0 +# enterprises.ucdavis.loadTable.laEntry.loadaveErrorFlag.2 = 0 +# enterprises.ucdavis.loadTable.laEntry.loadaveErrorFlag.3 = 0 +# enterprises.ucdavis.loadTable.laEntry.loadaveErrMessage.1 = "" +# enterprises.ucdavis.loadTable.laEntry.loadaveErrMessage.2 = "" +# enterprises.ucdavis.loadTable.laEntry.loadaveErrMessage.3 = "" + +# ----------------------------------------------------------------------------- + + +############################################################################### +# Extensible sections. +# + +# This alleviates the multiple line output problem found in the +# previous executable mib by placing each mib in its own mib table: + +# Run a shell script containing: +# +# #!/bin/sh +# echo hello world +# echo hi there +# exit 35 +# +# Note: this has been specifically commented out to prevent +# accidental security holes due to someone else on your system writing +# a /tmp/shtest before you do. Uncomment to use it. +# +# exec .1.3.6.1.4.1.2021.50 shelltest /bin/sh /tmp/shtest + +# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.50 +# enterprises.ucdavis.50.1.1 = 1 +# enterprises.ucdavis.50.2.1 = "shelltest" +# enterprises.ucdavis.50.3.1 = "/bin/sh /tmp/shtest" +# enterprises.ucdavis.50.100.1 = 35 +# enterprises.ucdavis.50.101.1 = "hello world." +# enterprises.ucdavis.50.101.2 = "hi there." +# enterprises.ucdavis.50.102.1 = 0 + +# Now the Output has grown to two lines, and we can see the 'hi +# there.' output as the second line from our shell script. +# +# Note that you must alter the mib.txt file to be correct if you want +# the .50.* outputs above to change to reasonable text descriptions. + +# Other ideas: +# +# exec .1.3.6.1.4.1.2021.51 ps /bin/ps +# exec .1.3.6.1.4.1.2021.52 top /usr/local/bin/top +# exec .1.3.6.1.4.1.2021.53 mailq /usr/bin/mailq + +# ----------------------------------------------------------------------------- + + +############################################################################### +# Pass through control. +# + +# Usage: +# pass MIBOID EXEC-COMMAND +# +# This will pass total control of the mib underneath the MIBOID +# portion of the mib to the EXEC-COMMAND. +# +# Note: You'll have to change the path of the passtest script to your +# source directory or install it in the given location. +# +# Example: (see the script for details) +# (commented out here since it requires that you place the +# script in the right location. (its not installed by default)) + +# pass .1.3.6.1.4.1.2021.255 /bin/sh /usr/local/local/passtest + +# % snmpwalk -v 1 localhost -c public .1.3.6.1.4.1.2021.255 +# enterprises.ucdavis.255.1 = "life the universe and everything" +# enterprises.ucdavis.255.2.1 = 42 +# enterprises.ucdavis.255.2.2 = OID: 42.42.42 +# enterprises.ucdavis.255.3 = Timeticks: (363136200) 42 days, 0:42:42 +# enterprises.ucdavis.255.4 = IpAddress: 127.0.0.1 +# enterprises.ucdavis.255.5 = 42 +# enterprises.ucdavis.255.6 = Gauge: 42 +# +# % snmpget -v 1 localhost public .1.3.6.1.4.1.2021.255.5 +# enterprises.ucdavis.255.5 = 42 +# +# % snmpset -v 1 localhost public .1.3.6.1.4.1.2021.255.1 s "New string" +# enterprises.ucdavis.255.1 = "New string" +# + +# For specific usage information, see the man/snmpd.conf.5 manual page +# as well as the local/passtest script used in the above example. + +############################################################################### +# Further Information +# +# See the snmpd.conf manual page, and the output of "snmpd -H". diff --git a/net-snmp.spec b/net-snmp.spec index 0c9035651e8cfe2c621a3ef5614080adfd90c34e..da64c7c49f9f30f817bc70d763127451bebd73af 100644 --- a/net-snmp.spec +++ b/net-snmp.spec @@ -1,4 +1,4 @@ -%define anolis_release 1 +%define anolis_release 2 # use nestnmp_check 0 to speed up packaging by disabling 'make test' %{!?netsnmp_check: %global netsnmp_check 1} @@ -7,7 +7,7 @@ Summary: A collection of SNMP protocol tools and libraries Name: net-snmp -Version: 5.9.4 +Version: 5.9.4 Release: %{anolis_release}%{?dist} Epoch: 1 @@ -22,6 +22,11 @@ Source7: net-snmp-tmpfs.conf Source8: snmpd.service Source9: snmptrapd.service Source10: IETF-MIB-LICENSE.txt +Source11: net-snmp.redhat.conf +Source12: net-snmp-config.h +Source13: https://downloads.sourceforge.net/project/net-snmp/net-snmp/5.9.4/net-snmp-5.9.4.tar.gz +Source14: net-snmp-trapd.redhat.conf +Source15: net-snmp-config Patch1: 0001-net-snmp-5.9-pie.patch Patch2: 0002-net-snmp-5.9-dir-fix.patch @@ -48,6 +53,12 @@ Patch21: 0021-net-snmp-libs-misunderstanding.patch Patch101: 0101-net-snmp-5.8-modern-rpm-api.patch #disable this patch due compatibility issues Patch102: 0102-net-snmp-5.9-python3.patch +Patch103: net-snmp-5.8-rpm-memory-leak.patch +Patch104: net-snmp-5.9.4-kernel-6.7.patch +Patch105: net-snmp-5.9.4-test-fix.patch +Patch106: net-snmp-5.8-ipAddress-faster-load.patch +Patch107: net-snmp-5.7.3-iterator-fix.patch +Patch108: net-snmp-5.9-coverity.patch Requires: %{name}-libs = %{epoch}:%{version}-%{release} @@ -434,6 +445,9 @@ LD_LIBRARY_PATH=%{buildroot}/%{_libdir} make test %{abidir}/libnetsnmptrapd*.dump %changelog +* Fri Aug 15 2025 wenyuzifang - 1:5.9.4-2 +- Apply this patch to ensure accurate process counting and reliable SNMP monitoring. +- Ensures correct triggering of SNMP fall events, improving monitoring reliability. * Wed Mar 26 2025 Hong Wei Qin - 5.9.4-1 - Update to 5.9.4-1 from 5.9.3-5 - Remove patches because bugs are not exist in new version.