FAQ:Coding 25

From Net-SNMP Wiki
Revision as of 17:17, 23 November 2006 by Dts12 (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

How can I register a MIB module in a different (SNMPv3) context?

Contexts are a mechanism within SNMPv3 (and AgentX) whereby an agent can support parallel versions of the same MIB objects, referring to different underlying data sets. By default, a MIB module registrations will use the default empty context of "". But it's also possible to provide MIB information using a different (non-default) context.


There are three aspects involved in doing this. Firsly, it's necessary to register the MIB module in this non-default context. With the v4 API, this uses the call 'register_mib_context()' rather than the REGISTER_MIB macro. This is significantly more detailed, but most of the additional parameters can take fixed values, if all that's needed is to change the registration context.

Instead of the macro call:

       REGISTER_MIB("my_token", my_variables, variable1, my_variables_oid);

use the function call:

       register_mib_context( "my_token",
                              my_variables, sizeof(variable1),
                              sizeof(my_variables)/sizeof(variable1),
                              my_variables_oid,
                              sizeof(my_variables_oid)/sizeof(oid),
                              DEFAULT_MIB_PRIORITY, 0, 0, NULL,
                              "my_context", -1, 0);

Things are much easier with the v5 helper-based API. Having created the registration structure, this just requires setting the 'contextName' field before actually registering the MIB module:

       netsnmp_handler_registration *reg;
       reg = netsnmp_create_handler_registration(.....);
       reg->contextName = strdup("my_context");
       netsnmp_register_handler(reg);


Secondly, it is necessary to configure the access control settings to allow access to information in the new context. This is handled automatically when using the simple "rouser" or "rwuser" directives. But if access control is configured using the fuller com2sec/group/view/access mechanism, then the "access" line must specify the appropriate context(s), either explicitly:

       access {group} "my_context" any noauth exact  ......

or using a single entry to cover all possible contexts:

       access {group} ""           any noauth prefix ......

Finally, the SNMP request used to retrieve (or update) the information must also specify the required context. With SNMPv3 requests, the context is part of the protocol, so this can be done using a command-line option:

     snmpwalk -v 3 -n my_context .....

With community-based requests (SNMPv1 and SNMPv2c), things aren't so simple. Although the "rocommunity" and "rwcommunity" settings also configure access for all possible contexts, there's no way to specify a non-default context as part of the request.

The only way to handle non-default contexts with community-based SNMP requests is to set up a mapping from the community string to the desired context. This uses the "com2sec" directive, with an additional "-Cn" parameter. Note that this also means that the access control must be configured using the full com2sec/group/view/access mechanism. The short-form access control directives do not handle the mapping of community strings to non-default contexts.

   FAQ:Coding
   
  1. How do I write C code to integrate with the agent?
  2. How does the agent fetch the value of a MIB variable from the system?
  3. Mib2c complains about a missing "mib reference" - what does this mean?
  4. Mib2c complains about not having a "valid OID" - what does this mean?
  5. Why doesn't mib2c like the MIB file I'm giving it?
  6. Mib2c ignores my MIB and generates a pair of 'mib-2' code files. Why?
  7. What's the difference between the various mib2c configuration files?
  8. Which mib2c configuration file should I use?
  9. How can I have mib2c generate code for both scalars and tables?
  10. Are there any examples, or documentation for generating MIB modules?
  11. Where should I put the files produced by 'mib2c'?
  12. Why doesn't my new MIB module report anything?
  13. Why does the iterator call my get_{first,next} routines so often?
  14. How can I get the agent to generate a trap (or inform)?
  15. How can I get an AgentX sub-agent to generate a trap (or inform)?
  16. How can I get the agent to send an SNMPv1 (or SNMPv2c) trap?
  17. How can I get the agent to include varbinds with an SNMPv1 trap?
  18. How can I get the agent to send an SNMPv1 enterprise-specific trap?
  19. How can I get the agent to send an SNMPv3 trap (or inform)?
  20. Why does calling 'send_v2trap' generate an SNMPv1 trap (or vice versa)?
  21. How can I register a MIB module in a different (SNMPv3) context?