diff options
Diffstat (limited to 'examples/v3arch/asyncore/agent/cmdrsp/listening-on-virtual-network-interface.py')
| -rw-r--r-- | examples/v3arch/asyncore/agent/cmdrsp/listening-on-virtual-network-interface.py | 66 |
1 files changed, 34 insertions, 32 deletions
diff --git a/examples/v3arch/asyncore/agent/cmdrsp/listening-on-virtual-network-interface.py b/examples/v3arch/asyncore/agent/cmdrsp/listening-on-virtual-network-interface.py index 55e282f4..1e862706 100644 --- a/examples/v3arch/asyncore/agent/cmdrsp/listening-on-virtual-network-interface.py +++ b/examples/v3arch/asyncore/agent/cmdrsp/listening-on-virtual-network-interface.py @@ -1,35 +1,37 @@ -# -# Command Responder -# -# Listen on all local IPv4 interfaces respond to SNMP GET/SET/GETNEXT/GETBULK -# queries with the following options: -# -# * SNMPv3 -# * with USM user 'usr-md5-des', auth: MD5, priv DES -# * allow access to SNMPv2-MIB objects (1.3.6.1.2.1) -# * over IPv4/UDP, listening at 0.0.0.0:161 -# * preserve local IP address when responding (Python 3.3+ required) -# -# The following Net-SNMP's command will walk this Agent: -# -# $ snmpwalk -v3 -u usr-md5-des -l authPriv -A authkey1 -X privkey1 localhost .1.3.6 -# -# In the situation when UDP responder receives a datagram targeted to -# a secondary (AKA virtial) IP interface or a non-local IP interface -# (e.g. routed through policy routing or iptables TPROXY facility), -# OS stack will by default put primary local IP interface address into -# the IP source field of the response IP packet. Such datagram may not -# reach the sender as either the sender itself or a stateful firewall -# somewhere in between would not be able to match response to original -# request. -# -# The following script solves this problem by preserving original request -# destination IP address and put it back into response IP packet's source -# address field. -# -# To respond from a non-local (e.g. spoofed) IP address, uncomment the -# .enableTransparent() method call and run this script as root. -# +""" +Running at secondary network interface +++++++++++++++++++++++++++++++++++++++ + +Listen on all local IPv4 interfaces respond to SNMP GET/SET/GETNEXT/GETBULK +queries with the following options: + +* SNMPv3 +* with USM user 'usr-md5-des', auth: MD5, priv DES +* allow access to SNMPv2-MIB objects (1.3.6.1.2.1) +* over IPv4/UDP, listening at 0.0.0.0:161 +* preserve local IP address when responding (Python 3.3+ required) + +The following Net-SNMP command will walk this Agent: + +| $ snmpwalk -v3 -u usr-md5-des -l authPriv -A authkey1 -X privkey1 localhost .1.3.6 + +In the situation when UDP responder receives a datagram targeted to +a secondary (AKA virtial) IP interface or a non-local IP interface +(e.g. routed through policy routing or iptables TPROXY facility), +OS stack will by default put primary local IP interface address into +the IP source field of the response IP packet. Such datagram may not +reach the sender as either the sender itself or a stateful firewall +somewhere in between would not be able to match response to original +request. + +The following script solves this problem by preserving original request +destination IP address and put it back into response IP packet's source +address field. + +To respond from a non-local (e.g. spoofed) IP address, uncomment the +.enableTransparent() method call and run this script as root. + +"""# from pysnmp.entity import engine, config from pysnmp.entity.rfc3413 import cmdrsp, context from pysnmp.carrier.asyncore.dgram import udp |