1 (edited by Scotty2541 2023-01-05 10:06:13)

Topic: SNMPv3

Hello,
The following page
https://www.wolfssl.com/wolfssl-support-added-net-snmp/
announces that SNMP support is now avaialble.

Except the "follow the instructions " link  is to a repository page with a couple of diff files.  No instructions at all.

And we don't use patch/diff tools.

I am looking into adding a SNMPv3 agent to our embedded product.  While I have deciphered enough to the protocol to "be dangerous", I am looking for support writing and integrating an agent into the device running an RTOS, which already uses WolfSSL extensively.

(Off topic...  I've never seen such a kludge and poorly documented protocol in my 30+ years of network coding... requires 15+ RFCs and a PhD in some custom MIB files and how to BER them... and still no details about the protocol on the wire)

-Scott
<Code shown is not to scale>

Share

Re: SNMPv3

Hello Scott,

We provide SNMP support via a net-SNMP patch: https://github.com/wolfSSL/osp/blob/mas … .9.1.patch
You will find instructions on how to use the patch at the top of the patch file, in the comment block.
You will need a utility like "patch" or "git apply" to apply the patch file.

Thanks,
Kareem

Share

Re: SNMPv3

Kareem,
Is there any support under our contract for how to implement SNMPv3?

It's bad enough that I can't find any useful documentation for the PDU packet in earlier versions.

My wireshark trace of an SNMPv3 message has a bunch of additional fields in it which I cannot find anything documenting that either.  They all appear to be cipher related.

-Scott
<Code shown is not to scale>

Share

Re: SNMPv3

Scotty,

I can assist you with bringing up net-SNMP with wolfSSL, but I'm afraid SNMP itself is outside of our support, as we do not directly support this protocol.  wolfSSL is only providing cryptography to net-SNMP.

Thanks,
Kareem

Share

Re: SNMPv3

noblekeon:

Don't expect any assistance from WolfSSL on this.  I didn't get any (as you can see by the thread dying).

And the RFC's are written in a very obfuscated and confusing manner (IMO).

There is a statement that it "now supports SNMPv3" but I find nothing that explains that.  Because all that it needed is to compute some hashes and do DES en/decryption.  So I just implemented the packet authentication and ciphers using regular functions that have been around for years.

I implemented SNMPv3 in our device (although the project was abandoned), so I figured out a lot of it.

I started with this, as it's the best description I found.  And it explains version 1
https://www.ranecommercial.com/legacy/note161.html

I then reverse engineered a lot of code from a project net-snmp-5.9.1. The first thing I did was create a project that responds to SNMPv1 messages (low level Ethernet protocol).

I also picked up the book "SNMP, SNMPv2, SNMPv3 and RMON1 and 2" - William Stallings Pearson books.
Specifically, part 5, chapter 14-16 let me take my development code testing from V1 to V3 with the authentication requirements.

I spun up a Linux box, and used the SNMP package to send SNMP OID requests to my test app, in order to verify correct operation.  Using the command line tools in Linux as the requester, I could send in requests for specific OIDs, blocks of them, or even lists.

A fun little web page that lets you examine OIDs is http://oid-info.com/

Hope this helps.

-Scott

-Scott
<Code shown is not to scale>

Share