hi,

i'm using net-snmp-5.3.0.1 under opensuse 10.1

typically, when i acquire a new device, i walk its entire MIB and poke
thru the results, to see what the device can do

guru% snmpbulkwak -c public foo .iso > foo.walk

i've found that snmpbulkwalk becomes unhappy when doing this against
some devices -- thus far, all Cisco switches

i see multiple symptoms. namely:

-the walk proceeds normally for a few seconds .. almost a megabyte of
output, in the case i'm analyzing currently

-then, snmpbulkwalk reaches some portion of the MIB (close to the same
location from trial to trial, but not exactly in the same place) and
does not finish writing all the output from the current get-response to
the file

e.g.

[...]
CISCO-FLASH-MIB::ciscoFlashPartitionChecksumAlgorithm.1.1 =
INTEGER:simpleCRC(3)
CISCO-FLASH-MIB::ciscoFlashPartitionChecksumAlgorithm.2.1 =
INTEGER:simpleCRC(3)
CISCO-FLASH-MIB

-a packet trace shows, in this example, 3072 packets, in the typical
SNMP command-response format (getBulkRequest from the manager,
get-response from the client) ... the last packet comes from the agent
.... and then nothing. (packet trace visible at
https://vishnu.fhcrc.org/net-snmp/adsr-b-esx.cap)

-as far as i can see, the last packet is well-formed (ten varbinds)

-"top" shows snmpbulkwalk continuing to occupy the top slot in terms of
CPU utilization and continuing to allocate memory ... on my machine,
snmpbulkwalk ends up with >2Gb of RAM ... and then drops out of the
process table. perhaps it terminates itself, perhaps the OS kills it

-under some versions of net-snmp, the file foo.walk continues to grow,
padded, as it were, with spaces or 0s ... until it reaches a file
system limit (2Gb on my old machine, 8Gb on my current machine). but
my current version doesn't do this -- it just quits writing to the file
in mid-thought

-i see the same results when i start the walk from "enterprises" rather
than ".iso"

[...]
CISCO-FLASH-MIB::ciscoFlashPartitionFreeSpace.1.1 = Gauge32: 35321196
bytes
CISCO-FLASH-MIB::ciscoFlashPartitionFreeSpace.2.1 = Gauge32: 523604
bytes
CISCO-FLASH-MIB::ciscoFlashP


-i see the same results when i use 'snmpwalk' instead of 'snmpbulkwalk'

[...]
CISCO-FLASH-MIB::ciscoFlashDeviceChipCount.1 = INTEGER: 1
CISCO-FLASH-MIB::ciscoFlashDeviceChipCount.2 = INTEGER: 1
CISCO-FLASH-MIB::ciscoFlashDeviceName.1 = STRING: bootflash
CISCO-FLASH-MIB::ciscoFlashDeviceName.2 = STRING: cat4000_flash
CISCO-FLASH-MIB::ciscoFlashDeviceDescr.1 = STRING: Boot Flash
CISCO-FLASH-MIB::ciscoFlashDeviceDescr.2 = STRING: Cat4000 Private
Flash Area (Not available for general use)
CISCO-FL

-however, when i start the walk from "mib-2", the walk completes
normally


am i looking at a bug in net-snmp? or am i looking at a bug in Cisco's
SNMP agent?

--sk

stuart kendrick
fhcrc