Version: net-snmp 5.4.2

We have the requirement that we need to send informs from a specific
ipv4 address, as we use the source address to do a lot of the routing on
our device. The device can have multiple ipv4 addresses, and in that
situation there is typically a separate address intended for management
traffic. We can get snmpd to bind to that address on port 161 for the
usual GET, SET, etc. processing via the agentaddress token. Where we
are having trouble is getting v3 informs sent off that same interface.
In our setup we use trapsess to configure the targets, and all informs
are going through snmpd (either snmpd is sending its own informs, or
informs are originating from AgentX subagents).

My apologies in advance if any of the example output or config files
wrap badly.

A sample configuration file (mildly obfuscated) looks like:

rwuser userblah
agentaddress localhost:161,192.168.222.5:161
clientaddr 192.168.222.5

trapsess -v 3 -u userblah -l authNoPriv -A somepassword -a MD5 -Ci
10.11.10.92

trapsess -v 3 -u userblah -l authNoPriv -A somepassword -a MD5 -Ci
192.168.223.10

From 'tcpdump -i any port 162' I get:


-3:-52:-11.248169 IP 10.116.0.210.32785 > 10.11.10.92.snmptrap: F=r [|snmp]
-3:-52:-10.248665 IP 10.116.0.210.32786 > 192.168.223.10.snmptrap: F=r
[|snmp]


Obviously at this point I was expecting to see 192.168.222.5 as the
source address, not 10.116.0.210 which is the first ipv4 address
configured for the box.

And to be complete 'lsof -p -P' gives me:


snmpd 6732 root 7u IPv4 482968 UDP *:32785
snmpd 6732 root 8u IPv4 482969 UDP *:32786
snmpd 6732 root 9u IPv4 482972 UDP
localhost.localdomain:161
snmpd 6732 root 10u IPv4 482973 UDP 192.168.222.5:161


Again, I was expecting the sockets to be bound to 192.168.222.5 rather
than INADDR_ANY.

Grubbing through the various mailing list archives and patches, I
thought this had been resolved in 5.4.2 with patch 1775124.
Specifically, I thought that the clientaddr configuration token would
correctly set the source address of the outgoing UDP packet to the
configured address. Instead, we see that its still binding to
INADDR_ANY and the inform is coming from the first available ip address.
To be thorough, I thought that perhaps it mattered which configuration
file the clientaddr directive was used; it doesn't. I tried it in both
snmp.conf and snmpd.conf and there was no discernible result.

Am I barking up the wrong tree with clientaddr? Is there something
we've missed in our use of the trapsess token? I checked all the
options available to trapsess in 'man snmpcmd' and there is nothing to
specify the source address.

Thanks,
--
Glenn McAllister +1 416 348 1594
SOMA Networks, Inc. http://www.somanetworks.com/ +1 416 977 1414

-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.p...r_id=100&url=/
_______________________________________________
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/...net-snmp-users