diff options
Diffstat (limited to 'examples/v3arch/asyncore/agent/cmdrsp')
12 files changed, 981 insertions, 0 deletions
diff --git a/examples/v3arch/asyncore/agent/cmdrsp/v1-read-and-write-communities.py b/examples/v3arch/asyncore/agent/cmdrsp/v1-read-and-write-communities.py new file mode 100644 index 0000000..5780025 --- /dev/null +++ b/examples/v3arch/asyncore/agent/cmdrsp/v1-read-and-write-communities.py @@ -0,0 +1,65 @@ +""" +Multiple SNMP communities ++++++++++++++++++++++++++ + +Respond to SNMP GET/SET/GETNEXT queries with the following options: + +* SNMPv1 +* with SNMP community "public" (read access) or "private" (write access) +* allow access to SNMPv2-MIB objects (1.3.6.1.2.1) +* over IPv4/UDP, listening at 127.0.0.1:161 + +Allow read/write access to all objects in the same MIB subtree. + +The following Net-SNMP's commands will GET/SET a value at this Agent: + +| $ snmpget -v1 -c public 127.0.0.1 SNMPv2-MIB::sysLocation.0 +| $ snmpset -v1 -c private 127.0.0.1 SNMPv2-MIB::sysLocation.0 s "far away" + +"""# +from pysnmp.entity import engine, config +from pysnmp.entity.rfc3413 import cmdrsp, context +from pysnmp.carrier.asyncore.dgram import udp + +# Create SNMP engine with autogenernated engineID and pre-bound +# to socket transport dispatcher +snmpEngine = engine.SnmpEngine() + +# Transport setup + +# UDP over IPv4 +config.addTransport( + snmpEngine, + udp.domainName, + udp.UdpTransport().openServerMode(('127.0.0.1', 161)) +) + +# SNMPv1 setup + +# SecurityName <-> CommunityName mapping. +# Here we configure two distinct CommunityName's to control read and write +# operations. +config.addV1System(snmpEngine, 'my-read-area', 'public') +config.addV1System(snmpEngine, 'my-write-area', 'private') + +# Allow full MIB access for this user / securityModels at VACM +config.addVacmUser(snmpEngine, 1, 'my-read-area', 'noAuthNoPriv', (1,3,6,1,2,1)) +config.addVacmUser(snmpEngine, 1, 'my-write-area', 'noAuthNoPriv', (1,3,6,1,2,1), (1,3,6,1,2,1)) + +# Get default SNMP context this SNMP engine serves +snmpContext = context.SnmpContext(snmpEngine) + +# Register SNMP Applications at the SNMP engine for particular SNMP context +cmdrsp.GetCommandResponder(snmpEngine, snmpContext) +cmdrsp.SetCommandResponder(snmpEngine, snmpContext) +cmdrsp.NextCommandResponder(snmpEngine, snmpContext) + +# Register an imaginary never-ending job to keep I/O dispatcher running forever +snmpEngine.transportDispatcher.jobStarted(1) + +# Run I/O dispatcher which would receive queries and send responses +try: + snmpEngine.transportDispatcher.runDispatcher() +except: + snmpEngine.transportDispatcher.closeDispatcher() + raise diff --git a/examples/v3arch/asyncore/agent/cmdrsp/v2c-custom-scalar-mib-objects.py b/examples/v3arch/asyncore/agent/cmdrsp/v2c-custom-scalar-mib-objects.py new file mode 100644 index 0000000..196ee9c --- /dev/null +++ b/examples/v3arch/asyncore/agent/cmdrsp/v2c-custom-scalar-mib-objects.py @@ -0,0 +1,82 @@ +""" +Implementing scalar MIB objects ++++++++++++++++++++++++++++++++ + +Listen and respond to SNMP GET/SET/GETNEXT/GETBULK queries with +the following options: + +* SNMPv2c +* with SNMP community "public" +* serving custom Managed Object Instance defined within this script +* allow read access only to the subtree where the custom MIB object resides +* over IPv4/UDP, listening at 127.0.0.1:161 + +The following Net-SNMP commands will walk this Agent: + +| $ snmpwalk -v2c -c public 127.0.0.1 .1.3.6 + +"""# +import sys +from pysnmp.entity import engine, config +from pysnmp.entity.rfc3413 import cmdrsp, context +from pysnmp.carrier.asyncore.dgram import udp +from pysnmp.proto.api import v2c + +# Create SNMP engine +snmpEngine = engine.SnmpEngine() + +# Transport setup + +# UDP over IPv4 +config.addTransport( + snmpEngine, + udp.domainName, + udp.UdpTransport().openServerMode(('127.0.0.1', 161)) +) + +# SNMPv2c setup + +# SecurityName <-> CommunityName mapping. +config.addV1System(snmpEngine, 'my-area', 'public') + +# Allow read MIB access for this user / securityModels at VACM +config.addVacmUser(snmpEngine, 2, 'my-area', 'noAuthNoPriv', (1,3,6,5)) + +# Create an SNMP context +snmpContext = context.SnmpContext(snmpEngine) + +# --- create custom Managed Object Instance --- + +mibBuilder = snmpContext.getMibInstrum().getMibBuilder() + +MibScalar, MibScalarInstance = mibBuilder.importSymbols( + 'SNMPv2-SMI', 'MibScalar', 'MibScalarInstance' +) + +class MyStaticMibScalarInstance(MibScalarInstance): + def getValue(self, name, idx): + return self.getSyntax().clone( + 'Python %s running on a %s platform' % (sys.version, sys.platform) + ) + +mibBuilder.exportSymbols( + '__MY_MIB', MibScalar((1,3,6,5,1), v2c.OctetString()), + MyStaticMibScalarInstance((1,3,6,5,1), (0,), v2c.OctetString()) +) + +# --- end of Managed Object Instance initialization ---- + +# Register SNMP Applications at the SNMP engine for particular SNMP context +cmdrsp.GetCommandResponder(snmpEngine, snmpContext) +cmdrsp.NextCommandResponder(snmpEngine, snmpContext) +cmdrsp.BulkCommandResponder(snmpEngine, snmpContext) + +# Register an imaginary never-ending job to keep I/O dispatcher running forever +snmpEngine.transportDispatcher.jobStarted(1) + +# Run I/O dispatcher which would receive queries and send responses +try: + snmpEngine.transportDispatcher.runDispatcher() +except: + snmpEngine.transportDispatcher.closeDispatcher() + raise diff --git a/examples/v3arch/asyncore/agent/cmdrsp/v2c-custom-tabular-mib-objects.py b/examples/v3arch/asyncore/agent/cmdrsp/v2c-custom-tabular-mib-objects.py new file mode 100644 index 0000000..bf6d042 --- /dev/null +++ b/examples/v3arch/asyncore/agent/cmdrsp/v2c-custom-tabular-mib-objects.py @@ -0,0 +1,126 @@ +""" +Implementing conceptual table ++++++++++++++++++++++++++++++ + +Listen and respond to SNMP GET/SET/GETNEXT/GETBULK queries with +the following options: + +* SNMPv2c +* with SNMP community "public" +* define a simple SNMP Table within a newly created EXAMPLE-MIB +* pre-populate SNMP Table with a single row of values +* allow read access only to the subtree where example SNMP Table resides +* over IPv4/UDP, listening at 127.0.0.1:161 + +The following Net-SNMP commands will populate and walk a table: + +| $ snmpset -v2c -c public 127.0.0.1 1.3.6.6.1.5.2.97.98.99 s 'my value' +| $ snmpset -v2c -c public 127.0.0.1 1.3.6.6.1.5.4.97.98.99 i 4 +| $ snmpwalk -v2c -c public 127.0.0.1 1.3.6 + +...while the following command will destroy the same row + +| $ snmpset -v2c -c public 127.0.0.1 1.3.6.6.1.5.4.97.98.99 i 6 +| $ snmpwalk -v2c -c public 127.0.0.1 1.3.6 + +"""# +from pysnmp.entity import engine, config +from pysnmp.entity.rfc3413 import cmdrsp, context +from pysnmp.carrier.asyncore.dgram import udp +from pysnmp.proto.api import v2c + +# Create SNMP engine +snmpEngine = engine.SnmpEngine() + +# Transport setup + +# UDP over IPv4 +config.addTransport( + snmpEngine, + udp.domainName, + udp.UdpTransport().openServerMode(('127.0.0.1', 161)) +) + +# SNMPv2c setup + +# SecurityName <-> CommunityName mapping. +config.addV1System(snmpEngine, 'my-area', 'public') + +# Allow read MIB access for this user / securityModels at VACM +config.addVacmUser(snmpEngine, 2, 'my-area', 'noAuthNoPriv', (1,3,6,6), (1,3,6,6)) + +# Create an SNMP context +snmpContext = context.SnmpContext(snmpEngine) + +# --- define custom SNMP Table within a newly defined EXAMPLE-MIB --- + +mibBuilder = snmpContext.getMibInstrum().getMibBuilder() + +( MibTable, + MibTableRow, + MibTableColumn, + MibScalarInstance ) = mibBuilder.importSymbols( + 'SNMPv2-SMI', + 'MibTable', + 'MibTableRow', + 'MibTableColumn', + 'MibScalarInstance' + ) + +RowStatus, = mibBuilder.importSymbols('SNMPv2-TC', 'RowStatus') + +mibBuilder.exportSymbols( + '__EXAMPLE-MIB', + # table object + exampleTable=MibTable((1,3,6,6,1)).setMaxAccess('readcreate'), + # table row object, also carries references to table indices + exampleTableEntry=MibTableRow((1,3,6,6,1,5)).setMaxAccess('readcreate').setIndexNames((0, '__EXAMPLE-MIB', 'exampleTableColumn1')), + # table column: string index + exampleTableColumn1=MibTableColumn((1,3,6,6,1,5,1), v2c.OctetString()).setMaxAccess('readcreate'), + # table column: string value + exampleTableColumn2=MibTableColumn((1,3,6,6,1,5,2), v2c.OctetString()).setMaxAccess('readcreate'), + # table column: integer value with default + exampleTableColumn3=MibTableColumn((1,3,6,6,1,5,3), v2c.Integer32(123)).setMaxAccess('readcreate'), + # table column: row status + exampleTableStatus=MibTableColumn((1,3,6,6,1,5,4), RowStatus('notExists')).setMaxAccess('readcreate') +) + +# --- end of custom SNMP table definition, empty table now exists --- + +# --- populate custom SNMP table with one row --- + +( exampleTableEntry, + exampleTableColumn2, + exampleTableColumn3, + exampleTableStatus ) = mibBuilder.importSymbols( + '__EXAMPLE-MIB', + 'exampleTableEntry', + 'exampleTableColumn2', + 'exampleTableColumn3', + 'exampleTableStatus' +) +rowInstanceId = exampleTableEntry.getInstIdFromIndices('example record one') +mibInstrumentation = snmpContext.getMibInstrum() +mibInstrumentation.writeVars( + ( (exampleTableColumn2.name+rowInstanceId, 'my string value'), + (exampleTableColumn3.name+rowInstanceId, 123456), + (exampleTableStatus.name+rowInstanceId, 'createAndGo') ) +) + +# --- end of SNMP table population --- + +# Register SNMP Applications at the SNMP engine for particular SNMP context +cmdrsp.GetCommandResponder(snmpEngine, snmpContext) +cmdrsp.SetCommandResponder(snmpEngine, snmpContext) +cmdrsp.NextCommandResponder(snmpEngine, snmpContext) +cmdrsp.BulkCommandResponder(snmpEngine, snmpContext) + +# Register an imaginary never-ending job to keep I/O dispatcher running forever +snmpEngine.transportDispatcher.jobStarted(1) + +# Run I/O dispatcher which would receive queries and send responses +try: + snmpEngine.transportDispatcher.runDispatcher() +except: + snmpEngine.transportDispatcher.closeDispatcher() + raise diff --git a/examples/v3arch/asyncore/agent/cmdrsp/v2c-multiple-interfaces.py b/examples/v3arch/asyncore/agent/cmdrsp/v2c-multiple-interfaces.py new file mode 100644 index 0000000..25beef3 --- /dev/null +++ b/examples/v3arch/asyncore/agent/cmdrsp/v2c-multiple-interfaces.py @@ -0,0 +1,67 @@ +""" +Listen on multiple network interfaces ++++++++++++++++++++++++++++++++++++++ + +Listen and respond to SNMP GET/SET/GETNEXT/GETBULK queries with +the following options: + +* SNMPv2c +* with SNMP community "public" +* allow access to SNMPv2-MIB objects (1.3.6.1.2.1) +* over IPv4/UDP, listening at 127.0.0.1:161 and 127.0.0.2:161 interfaces + +Either of the following Net-SNMP commands will walk this Agent: + +| $ snmpwalk -v2c -c public 127.0.0.1 .1.3.6 +| $ snmpwalk -v2c -c public 127.0.0.2 .1.3.6 + +"""# +from pysnmp.entity import engine, config +from pysnmp.entity.rfc3413 import cmdrsp, context +from pysnmp.carrier.asyncore.dgram import udp + +# Create SNMP engine with autogenernated engineID and pre-bound +# to socket transport dispatcher +snmpEngine = engine.SnmpEngine() + +# Transport setup + +# UDP over IPv4 at 127.0.0.1:161 +config.addTransport( + snmpEngine, + udp.domainName + (1,), + udp.UdpTransport().openServerMode(('127.0.0.1', 161)) +) +# UDP over IPv4 at 127.0.0.2:161 +config.addTransport( + snmpEngine, + udp.domainName + (2,), + udp.UdpTransport().openServerMode(('127.0.0.2', 161)) +) + +# SNMPv2c setup + +# SecurityName <-> CommunityName mapping. +config.addV1System(snmpEngine, 'my-area', 'public') + +# Allow full MIB access for this user / securityModels at VACM +config.addVacmUser(snmpEngine, 2, 'my-area', 'noAuthNoPriv', (1,3,6,1,2,1), (1,3,6,1,2,1)) + +# Get default SNMP context this SNMP engine serves +snmpContext = context.SnmpContext(snmpEngine) + +# Register SNMP Applications at the SNMP engine for particular SNMP context +cmdrsp.GetCommandResponder(snmpEngine, snmpContext) +cmdrsp.SetCommandResponder(snmpEngine, snmpContext) +cmdrsp.NextCommandResponder(snmpEngine, snmpContext) +cmdrsp.BulkCommandResponder(snmpEngine, snmpContext) + +# Register an imaginary never-ending job to keep I/O dispatcher running forever +snmpEngine.transportDispatcher.jobStarted(1) + +# Run I/O dispatcher which would receive queries and send responses +try: + snmpEngine.transportDispatcher.runDispatcher() +except: + snmpEngine.transportDispatcher.closeDispatcher() + raise diff --git a/examples/v3arch/asyncore/agent/cmdrsp/v2c-multiple-transports.py b/examples/v3arch/asyncore/agent/cmdrsp/v2c-multiple-transports.py new file mode 100644 index 0000000..24de061 --- /dev/null +++ b/examples/v3arch/asyncore/agent/cmdrsp/v2c-multiple-transports.py @@ -0,0 +1,68 @@ +""" +Serve multiple network transports ++++++++++++++++++++++++++++++++++ + +Listen and respond to SNMP GET/SET/GETNEXT/GETBULK queries with +the following options: + +* SNMPv2c +* with SNMP community "public" +* allow access to SNMPv2-MIB objects (1.3.6.1.2.1) +* over IPv4/UDP, listening at 127.0.0.1:161 and + over IPv6/UDP, listening at [::1]:161 + +Either of the following Net-SNMP commands will walk this Agent: + +| $ snmpwalk -v2c -c public 127.0.0.1 .1.3.6 +| $ snmpwalk -v2c -c public udp6:[::1] .1.3.6 + +"""# +from pysnmp.entity import engine, config +from pysnmp.entity.rfc3413 import cmdrsp, context +from pysnmp.carrier.asyncore.dgram import udp, udp6 + +# Create SNMP engine with autogenernated engineID and pre-bound +# to socket transport dispatcher +snmpEngine = engine.SnmpEngine() + +# Transport setup + +# UDP over IPv4 at 127.0.0.1:161 +config.addTransport( + snmpEngine, + udp.domainName, + udp.UdpTransport().openServerMode(('127.0.0.1', 161)) +) +# UDP over IPv6 at [::1]:161 +config.addTransport( + snmpEngine, + udp6.domainName, + udp6.Udp6Transport().openServerMode(('::1', 161)) +) + +# SNMPv2c setup + +# SecurityName <-> CommunityName mapping. +config.addV1System(snmpEngine, 'my-area', 'public') + +# Allow full MIB access for this user / securityModels at VACM +config.addVacmUser(snmpEngine, 2, 'my-area', 'noAuthNoPriv', (1,3,6,1,2,1), (1,3,6,1,2,1)) + +# Get default SNMP context this SNMP engine serves +snmpContext = context.SnmpContext(snmpEngine) + +# Register SNMP Applications at the SNMP engine for particular SNMP context +cmdrsp.GetCommandResponder(snmpEngine, snmpContext) +cmdrsp.SetCommandResponder(snmpEngine, snmpContext) +cmdrsp.NextCommandResponder(snmpEngine, snmpContext) +cmdrsp.BulkCommandResponder(snmpEngine, snmpContext) + +# Register an imaginary never-ending job to keep I/O dispatcher running forever +snmpEngine.transportDispatcher.jobStarted(1) + +# Run I/O dispatcher which would receive queries and send responses +try: + snmpEngine.transportDispatcher.runDispatcher() +except: + snmpEngine.transportDispatcher.closeDispatcher() + raise diff --git a/examples/v3arch/asyncore/agent/cmdrsp/v3-alternative-mib-controller.py b/examples/v3arch/asyncore/agent/cmdrsp/v3-alternative-mib-controller.py new file mode 100644 index 0000000..1711133 --- /dev/null +++ b/examples/v3arch/asyncore/agent/cmdrsp/v3-alternative-mib-controller.py @@ -0,0 +1,77 @@ +""" +Custom MIB Controller ++++++++++++++++++++++ + +Listen and respond to SNMP GET/SET/GETNEXT/GETBULK queries with +the following options: + +* SNMPv3 +* with USM username usr-none-none +* using alternative set of Managed Objects addressed by + contextName: my-context +* allow access to SNMPv2-MIB objects (1.3.6.1.2.1) +* over IPv4/UDP, listening at 127.0.0.1:161 + +The following Net-SNMP command will send GET request to this Agent: + +| $ snmpget -v3 -u usr-none-none -l noAuthNoPriv -n my-context -Ir 127.0.0.1 sysDescr.0 + +"""# +from pysnmp.entity import engine, config +from pysnmp.entity.rfc3413 import cmdrsp, context +from pysnmp.carrier.asyncore.dgram import udp +from pysnmp.smi import instrum +from pysnmp.proto.api import v2c + +# Create SNMP engine +snmpEngine = engine.SnmpEngine() + +# Transport setup + +# UDP over IPv4 +config.addTransport( + snmpEngine, + udp.domainName, + udp.UdpTransport().openServerMode(('127.0.0.1', 161)) +) + +# SNMPv3/USM setup + +# user: usr-none-none, auth: NONE, priv NONE +config.addV3User( + snmpEngine, 'usr-none-none' +) + +# Allow full MIB access for each user at VACM +config.addVacmUser(snmpEngine, 3, 'usr-none-none', 'noAuthNoPriv', (1,3,6,1,2,1), (1,3,6,1,2,1)) + +# Create an SNMP context +snmpContext = context.SnmpContext(snmpEngine) + +# Very basic Management Instrumentation Controller without +# any Managed Objects attached. It supports only GET's and +# always echos request var-binds in response. +class EchoMibInstrumController(instrum.AbstractMibInstrumController): + def readVars(self, vars, acInfo=(None, None)): + return [ (ov[0], v2c.OctetString('You queried OID %s' % ov[0])) for ov in vars] + +# Create a custom Management Instrumentation Controller and register at +# SNMP Context under ContextName 'my-context' +snmpContext.registerContextName( + v2c.OctetString('my-context'), # Context Name + EchoMibInstrumController() # Management Instrumentation +) + +# Register GET&SET Applications at the SNMP engine for a custom SNMP context +cmdrsp.GetCommandResponder(snmpEngine, snmpContext) +cmdrsp.SetCommandResponder(snmpEngine, snmpContext) + +# Register an imaginary never-ending job to keep I/O dispatcher running forever +snmpEngine.transportDispatcher.jobStarted(1) + +# Run I/O dispatcher which would receive queries and send responses +try: + snmpEngine.transportDispatcher.runDispatcher() +except: + snmpEngine.transportDispatcher.closeDispatcher() + raise diff --git a/examples/v3arch/asyncore/agent/cmdrsp/v3-alternative-mib.py b/examples/v3arch/asyncore/agent/cmdrsp/v3-alternative-mib.py new file mode 100644 index 0000000..fa3bc6b --- /dev/null +++ b/examples/v3arch/asyncore/agent/cmdrsp/v3-alternative-mib.py @@ -0,0 +1,77 @@ +""" +Serve non-default MIB tree +++++++++++++++++++++++++++ + +Listen and respond to SNMP GET/SET/GETNEXT/GETBULK queries with +the following options: + +* SNMPv3 +* with USM username usr-md5-none +* using alternative set of Managed Objects addressed by + contextEngineId: 8000000001020304, contextName: my-context +* allow access to SNMPv2-MIB objects (1.3.6.1.2.1) +* over IPv4/UDP, listening at 127.0.0.1:161 + +Either of the following Net-SNMP commands will walk this Agent: + +| $ snmpwalk -v3 -u usr-md5-none -l authNoPriv -A authkey1 -E 8000000001020304 -n my-context 127.0.0.1 .1.3.6 +| $ snmpwalk -v3 -u usr-md5-none -l authNoPriv -A authkey1 -E 8000000001020304 127.0.0.1 .1.3.6 + +"""# +from pysnmp.entity import engine, config +from pysnmp.entity.rfc3413 import cmdrsp, context +from pysnmp.carrier.asyncore.dgram import udp +from pysnmp.smi import instrum, builder +from pysnmp.proto.api import v2c + +# Create SNMP engine +snmpEngine = engine.SnmpEngine() + +# Transport setup + +# UDP over IPv4 +config.addTransport( + snmpEngine, + udp.domainName, + udp.UdpTransport().openServerMode(('127.0.0.1', 161)) +) + +# SNMPv3/USM setup + +# user: usr-md5-none, auth: MD5, priv NONE +config.addV3User( + snmpEngine, 'usr-md5-none', + config.usmHMACMD5AuthProtocol, 'authkey1' +) + +# Allow full MIB access for each user at VACM +config.addVacmUser(snmpEngine, 3, 'usr-md5-none', 'authNoPriv', (1,3,6,1,2,1), (1,3,6,1,2,1)) + +# Create an SNMP context with ContextEngineId = 8000000001020304 +snmpContext = context.SnmpContext( + snmpEngine, contextEngineId=v2c.OctetString(hexValue='8000000001020304') +) + +# Create an [empty] set of Managed Objects (MibBuilder), pass it to +# Management Instrumentation Controller and register at SNMP Context +# under ContextName 'my-context' +snmpContext.registerContextName( + v2c.OctetString('my-context'), # Context Name + instrum.MibInstrumController(builder.MibBuilder()) # Managed Objects +) + +# Register SNMP Applications at the SNMP engine for particular SNMP context +cmdrsp.GetCommandResponder(snmpEngine, snmpContext) +cmdrsp.SetCommandResponder(snmpEngine, snmpContext) +cmdrsp.NextCommandResponder(snmpEngine, snmpContext) +cmdrsp.BulkCommandResponder(snmpEngine, snmpContext) + +# Register an imaginary never-ending job to keep I/O dispatcher running forever +snmpEngine.transportDispatcher.jobStarted(1) + +# Run I/O dispatcher which would receive queries and send responses +try: + snmpEngine.transportDispatcher.runDispatcher() +except: + snmpEngine.transportDispatcher.closeDispatcher() + raise diff --git a/examples/v3arch/asyncore/agent/cmdrsp/v3-custom-engine-id.py b/examples/v3arch/asyncore/agent/cmdrsp/v3-custom-engine-id.py new file mode 100644 index 0000000..e2452ca --- /dev/null +++ b/examples/v3arch/asyncore/agent/cmdrsp/v3-custom-engine-id.py @@ -0,0 +1,65 @@ +""" +Specific SNMP Engine ID ++++++++++++++++++++++++ + +Listen and respond to SNMP GET/SET/GETNEXT/GETBULK queries with +the following options: + +* SNMPv3 +* with SNMP EngineID: 8000000004030201 +* with USM user 'usr-md5-des', auth: MD5, priv DES +* allow access to SNMPv2-MIB objects (1.3.6.1.2.1) +* over IPv4/UDP, listening at 127.0.0.1:161 + +The following Net-SNMP command will walk this Agent: + +| $ snmpwalk -v3 -u usr-md5-des -l authPriv -A authkey1 -X privkey1 -e 8000000004030201 localhost .1.3.6 + +"""# +from pysnmp.entity import engine, config +from pysnmp.entity.rfc3413 import cmdrsp, context +from pysnmp.carrier.asyncore.dgram import udp +from pysnmp.proto import rfc1902 + +# Create SNMP engine +snmpEngine = engine.SnmpEngine(rfc1902.OctetString(hexValue='8000000004030201')) + +# Transport setup + +# UDP over IPv4 +config.addTransport( + snmpEngine, + udp.domainName, + udp.UdpTransport().openServerMode(('127.0.0.1', 161)) +) + +# SNMPv3/USM setup + +# user: usr-md5-des, auth: MD5, priv DES +config.addV3User( + snmpEngine, 'usr-md5-des', + config.usmHMACMD5AuthProtocol, 'authkey1', + config.usmDESPrivProtocol, 'privkey1' +) + +# Allow full MIB access for each user at VACM +config.addVacmUser(snmpEngine, 3, 'usr-md5-des', 'authPriv', (1,3,6,1,2,1), (1,3,6,1,2,1)) + +# Get default SNMP context this SNMP engine serves +snmpContext = context.SnmpContext(snmpEngine) + +# Register SNMP Applications at the SNMP engine for particular SNMP context +cmdrsp.GetCommandResponder(snmpEngine, snmpContext) +cmdrsp.SetCommandResponder(snmpEngine, snmpContext) +cmdrsp.NextCommandResponder(snmpEngine, snmpContext) +cmdrsp.BulkCommandResponder(snmpEngine, snmpContext) + +# Register an imaginary never-ending job to keep I/O dispatcher running forever +snmpEngine.transportDispatcher.jobStarted(1) + +# Run I/O dispatcher which would receive queries and send responses +try: + snmpEngine.transportDispatcher.runDispatcher() +except: + snmpEngine.transportDispatcher.closeDispatcher() + raise diff --git a/examples/v3arch/asyncore/agent/cmdrsp/v3-multiple-snmp-engines.py b/examples/v3arch/asyncore/agent/cmdrsp/v3-multiple-snmp-engines.py new file mode 100644 index 0000000..0a7b3a2 --- /dev/null +++ b/examples/v3arch/asyncore/agent/cmdrsp/v3-multiple-snmp-engines.py @@ -0,0 +1,93 @@ +""" +Multiple SNMP Engines ++++++++++++++++++++++ + +Run multiple SNMP Engines each with a complete Command Responder. +Bind each SNMP Engine to a dedicated network transport endpoint: + +* IPv4/UDP, listening at 127.0.0.1:161 +* IPv4/UDP, listening at 127.0.0.2:161 + +Each Command Responder will respond to SNMP GET/SET/GETNEXT/GETBULK +queries with the following options: + +* SNMPv3 +* with USM user 'usr-md5-des', auth: MD5, priv DES +* allow read access to SNMPv2-MIB objects (1.3.6) +* allow write access to SNMPv2-MIB objects (1.3.6.1.2.1) + +The following Net-SNMP commands will walk the first and the second +Agent respectively: + +| $ snmpwalk -Ob -v3 -u usr-md5-des -l authPriv -A authkey1 -X privkey1 127.0.0.1 usmUserEntry +| $ snmpwalk -Ob -v3 -u usr-md5-des -l authPriv -A authkey1 -X privkey1 127.0.0.2 usmUserEntry + +Notice differently configured snmpEngineId's in usmUserEntry columns. + +"""# +from pysnmp.entity import engine, config +from pysnmp.entity.rfc3413 import cmdrsp, context +from pysnmp.proto import rfc1902 +from pysnmp.carrier.asyncore.dispatch import AsyncoreDispatcher +from pysnmp.carrier.asyncore.dgram import udp + +# Configuration parameters for each of SNMP Engines +snmpEngineInfo = ( + ( '0102030405060708', udp.domainName + (0,), ('127.0.0.1', 161) ), + ( '0807060504030201', udp.domainName + (1,), ('127.0.0.2', 161) ) +) + +# Instantiate the single transport dispatcher object +transportDispatcher = AsyncoreDispatcher() + +# Setup a custom data routing function to select snmpEngine by transportDomain +transportDispatcher.registerRoutingCbFun(lambda td,t,d: td) + +# Instantiate and configure SNMP Engines +for snmpEngineId, transportDomain, transportAddress in snmpEngineInfo: + # Create SNMP engine with specific engineID + snmpEngine = engine.SnmpEngine(rfc1902.OctetString(hexValue=snmpEngineId)) + + # Register SNMP Engine object with transport dispatcher. Request incoming + # data from specific transport endpoint to be funneled to this SNMP Engine. + snmpEngine.registerTransportDispatcher(transportDispatcher, transportDomain) + + # Transport setup + + # UDP over IPv4 + config.addTransport( + snmpEngine, + transportDomain, + udp.UdpTransport().openServerMode(transportAddress) + ) + + # SNMPv3/USM setup + + # user: usr-md5-des, auth: MD5, priv DES + config.addV3User( + snmpEngine, 'usr-md5-des', + config.usmHMACMD5AuthProtocol, 'authkey1', + config.usmDESPrivProtocol, 'privkey1' + ) + + # Allow full MIB access for this user / securityModels at VACM + config.addVacmUser(snmpEngine, 3, 'usr-md5-des', 'authPriv', (1,3,6), (1,3,6,1,2,1)) + + # Get default SNMP context this SNMP engine serves + snmpContext = context.SnmpContext(snmpEngine) + + # Register SNMP Applications at the SNMP engine for particular SNMP context + cmdrsp.GetCommandResponder(snmpEngine, snmpContext) + cmdrsp.SetCommandResponder(snmpEngine, snmpContext) + cmdrsp.NextCommandResponder(snmpEngine, snmpContext) + cmdrsp.BulkCommandResponder(snmpEngine, snmpContext) + +# Register an imaginary never-ending job to keep I/O dispatcher running forever +transportDispatcher.jobStarted(1) + +# Run I/O dispatcher which would receive queries and send responses +try: + transportDispatcher.runDispatcher() +except: + transportDispatcher.closeDispatcher() + raise diff --git a/examples/v3arch/asyncore/agent/cmdrsp/v3-multiple-users.py b/examples/v3arch/asyncore/agent/cmdrsp/v3-multiple-users.py new file mode 100644 index 0000000..150a0f4 --- /dev/null +++ b/examples/v3arch/asyncore/agent/cmdrsp/v3-multiple-users.py @@ -0,0 +1,80 @@ +""" +Multiple SNMP USM users ++++++++++++++++++++++++ + +Listen and respond to SNMP GET/SET/GETNEXT/GETBULK queries with +the following options: + +* SNMPv3 +* with USM user 'usr-md5-des', auth: MD5, priv DES or + with USM user 'usr-sha-none', auth: SHA, no privacy + with USM user 'usr-sha-aes128', auth: SHA, priv AES +* allow access to SNMPv2-MIB objects (1.3.6.1.2.1) +* over IPv4/UDP, listening at 127.0.0.1:161 + +Either of the following Net-SNMP commands will walk this Agent: + +| $ snmpwalk -v3 -u usr-md5-des -l authPriv -A authkey1 -X privkey1 localhost .1.3.6 +| $ snmpwalk -v3 -u usr-sha-none -l authNoPriv -a SHA -A authkey1 localhost .1.3.6 +| $ snmpwalk -v3 -u usr-sha-aes128 -l authPriv -a SHA -A authkey1 -x AES -X privkey1 localhost .1.3.6 + +"""# +from pysnmp.entity import engine, config +from pysnmp.entity.rfc3413 import cmdrsp, context +from pysnmp.carrier.asyncore.dgram import udp + +# Create SNMP engine +snmpEngine = engine.SnmpEngine() + +# Transport setup + +# UDP over IPv4 +config.addTransport( + snmpEngine, + udp.domainName, + udp.UdpTransport().openServerMode(('127.0.0.1', 161)) +) + +# SNMPv3/USM setup + +# user: usr-md5-des, auth: MD5, priv DES +config.addV3User( + snmpEngine, 'usr-md5-des', + config.usmHMACMD5AuthProtocol, 'authkey1', + config.usmDESPrivProtocol, 'privkey1' +) +# user: usr-sha-none, auth: SHA, priv NONE +config.addV3User( + snmpEngine, 'usr-sha-none', + config.usmHMACSHAAuthProtocol, 'authkey1' +) +# user: usr-sha-none, auth: SHA, priv AES +config.addV3User( + snmpEngine, 'usr-sha-aes128', + config.usmHMACSHAAuthProtocol, 'authkey1', + config.usmAesCfb128Protocol, 'privkey1' +) + +# Allow full MIB access for each user at VACM +config.addVacmUser(snmpEngine, 3, 'usr-md5-des', 'authPriv', (1,3,6,1,2,1), (1,3,6,1,2,1)) +config.addVacmUser(snmpEngine, 3, 'usr-sha-none', 'authNoPriv', (1,3,6,1,2,1), (1,3,6,1,2,1)) +config.addVacmUser(snmpEngine, 3, 'usr-sha-aes128', 'authPriv', (1,3,6,1,2,1), (1,3,6,1,2,1)) + +# Get default SNMP context this SNMP engine serves +snmpContext = context.SnmpContext(snmpEngine) + +# Register SNMP Applications at the SNMP engine for particular SNMP context +cmdrsp.GetCommandResponder(snmpEngine, snmpContext) +cmdrsp.SetCommandResponder(snmpEngine, snmpContext) +cmdrsp.NextCommandResponder(snmpEngine, snmpContext) +cmdrsp.BulkCommandResponder(snmpEngine, snmpContext) + +# Register an imaginary never-ending job to keep I/O dispatcher running forever +snmpEngine.transportDispatcher.jobStarted(1) + +# Run I/O dispatcher which would receive queries and send responses +try: + snmpEngine.transportDispatcher.runDispatcher() +except: + snmpEngine.transportDispatcher.closeDispatcher() + raise diff --git a/examples/v3arch/asyncore/agent/cmdrsp/v3-observe-request-processing.py b/examples/v3arch/asyncore/agent/cmdrsp/v3-observe-request-processing.py new file mode 100644 index 0000000..d03c52c --- /dev/null +++ b/examples/v3arch/asyncore/agent/cmdrsp/v3-observe-request-processing.py @@ -0,0 +1,90 @@ +""" +Observe SNMP engine operations +++++++++++++++++++++++++++++++ + +Listen and respond to SNMP GET/SET/GETNEXT/GETBULK queries with +the following options: + +* SNMPv3 +* with USM user 'usr-md5-des', auth: MD5, priv DES or +* allow access to SNMPv2-MIB objects (1.3.6.1.2.1) +* over IPv4/UDP, listening at 127.0.0.1:161 +* registers its own execution observer to snmpEngine + +The following Net-SNMP command will walk this Agent: + +| $ snmpwalk -v3 -u usr-md5-des -l authPriv -A authkey1 -X privkey1 localhost .1.3.6 + +This script will report some details on request processing as seen +by rfc3412.receiveMessage() and rfc3412.returnResponsePdu() +abstract interfaces. + +"""# +from pysnmp.entity import engine, config +from pysnmp.entity.rfc3413 import cmdrsp, context +from pysnmp.carrier.asyncore.dgram import udp + +# Create SNMP engine +snmpEngine = engine.SnmpEngine() + +# Execution point observer setup + +# Register a callback to be invoked at specified execution point of +# SNMP Engine and passed local variables at code point's local scope +def requestObserver(snmpEngine, execpoint, variables, cbCtx): + print('Execution point: %s' % execpoint) + print('* transportDomain: %s' % '.'.join([str(x) for x in variables['transportDomain']])) + print('* transportAddress: %s (local %s)' % ('@'.join([str(x) for x in variables['transportAddress']]), '@'.join([str(x) for x in variables['transportAddress'].getLocalAddress()]))) + print('* securityModel: %s' % variables['securityModel']) + print('* securityName: %s' % variables['securityName']) + print('* securityLevel: %s' % variables['securityLevel']) + print('* contextEngineId: %s' % variables['contextEngineId'].prettyPrint()) + print('* contextName: %s' % variables['contextName'].prettyPrint()) + print('* PDU: %s' % variables['pdu'].prettyPrint()) + +snmpEngine.observer.registerObserver( + requestObserver, + 'rfc3412.receiveMessage:request', + 'rfc3412.returnResponsePdu' +) + +# Transport setup + +# UDP over IPv4 +config.addTransport( + snmpEngine, + udp.domainName, + udp.UdpTransport().openServerMode(('127.0.0.1', 161)) +) + +# SNMPv3/USM setup + +# user: usr-md5-des, auth: MD5, priv DES +config.addV3User( + snmpEngine, 'usr-md5-des', + config.usmHMACMD5AuthProtocol, 'authkey1', + config.usmDESPrivProtocol, 'privkey1' +) + +# Allow full MIB access for each user at VACM +config.addVacmUser(snmpEngine, 3, 'usr-md5-des', 'authPriv', (1,3,6,1,2,1), (1,3,6,1,2,1)) + +# Get default SNMP context this SNMP engine serves +snmpContext = context.SnmpContext(snmpEngine) + +# Register SNMP Applications at the SNMP engine for particular SNMP context +cmdrsp.GetCommandResponder(snmpEngine, snmpContext) +cmdrsp.SetCommandResponder(snmpEngine, snmpContext) +cmdrsp.NextCommandResponder(snmpEngine, snmpContext) +cmdrsp.BulkCommandResponder(snmpEngine, snmpContext) + +# Register an imaginary never-ending job to keep I/O dispatcher running forever +snmpEngine.transportDispatcher.jobStarted(1) + +# Run I/O dispatcher which would receive queries and send responses +try: + snmpEngine.transportDispatcher.runDispatcher() +except: + snmpEngine.observer.unregisterObserver() + snmpEngine.transportDispatcher.closeDispatcher() + raise diff --git a/examples/v3arch/asyncore/agent/cmdrsp/v3-preserve-original-destination-address.py b/examples/v3arch/asyncore/agent/cmdrsp/v3-preserve-original-destination-address.py new file mode 100644 index 0000000..1e86270 --- /dev/null +++ b/examples/v3arch/asyncore/agent/cmdrsp/v3-preserve-original-destination-address.py @@ -0,0 +1,91 @@ +""" +Running at secondary network interface +++++++++++++++++++++++++++++++++++++++ + +Listen on all local IPv4 interfaces respond to SNMP GET/SET/GETNEXT/GETBULK +queries with the following options: + +* SNMPv3 +* with USM user 'usr-md5-des', auth: MD5, priv DES +* allow access to SNMPv2-MIB objects (1.3.6.1.2.1) +* over IPv4/UDP, listening at 0.0.0.0:161 +* preserve local IP address when responding (Python 3.3+ required) + +The following Net-SNMP command will walk this Agent: + +| $ snmpwalk -v3 -u usr-md5-des -l authPriv -A authkey1 -X privkey1 localhost .1.3.6 + +In the situation when UDP responder receives a datagram targeted to +a secondary (AKA virtial) IP interface or a non-local IP interface +(e.g. routed through policy routing or iptables TPROXY facility), +OS stack will by default put primary local IP interface address into +the IP source field of the response IP packet. Such datagram may not +reach the sender as either the sender itself or a stateful firewall +somewhere in between would not be able to match response to original +request. + +The following script solves this problem by preserving original request +destination IP address and put it back into response IP packet's source +address field. + +To respond from a non-local (e.g. spoofed) IP address, uncomment the +.enableTransparent() method call and run this script as root. + +"""# +from pysnmp.entity import engine, config +from pysnmp.entity.rfc3413 import cmdrsp, context +from pysnmp.carrier.asyncore.dgram import udp + +# Create SNMP engine +snmpEngine = engine.SnmpEngine() + +# Transport setup + +# Initialize asyncore-based UDP/IPv4 transport +udpSocketTransport = udp.UdpSocketTransport().openServerMode(('0.0.0.0', 161)) + +# Use sendmsg()/recvmsg() for socket communication (used for preserving +# original destination IP address when responding) +udpSocketTransport.enablePktInfo() + +# Enable IP source spoofing (requires root privileges) +# udpSocketTransport.enableTransparent() + +# Register this transport at SNMP Engine +config.addTransport( + snmpEngine, + udp.domainName, + udpSocketTransport +) + +# SNMPv3/USM setup + +# user: usr-md5-des, auth: MD5, priv DES +config.addV3User( + snmpEngine, 'usr-md5-des', + config.usmHMACMD5AuthProtocol, 'authkey1', + config.usmDESPrivProtocol, 'privkey1' +) + +# Allow full MIB access for each user at VACM +config.addVacmUser(snmpEngine, 3, 'usr-md5-des', 'authPriv', (1,3,6,1,2,1), (1,3,6,1,2,1)) + +# Get default SNMP context this SNMP engine serves +snmpContext = context.SnmpContext(snmpEngine) + +# Register SNMP Applications at the SNMP engine for particular SNMP context +cmdrsp.GetCommandResponder(snmpEngine, snmpContext) +cmdrsp.SetCommandResponder(snmpEngine, snmpContext) +cmdrsp.NextCommandResponder(snmpEngine, snmpContext) +cmdrsp.BulkCommandResponder(snmpEngine, snmpContext) + +# Register an imaginary never-ending job to keep I/O dispatcher running forever +snmpEngine.transportDispatcher.jobStarted(1) + +# Run I/O dispatcher which would receive queries and send responses +try: + snmpEngine.transportDispatcher.runDispatcher() +except: + snmpEngine.observer.unregisterObserver() + snmpEngine.transportDispatcher.closeDispatcher() + raise |