0

Here is the script that launches the snmpd server in a FreeBSD system

rc_start() {
        echo "Starting net-snmpd..."
# Ensure no other copies of the daemons are running or it breaks.
/usr/bin/killall -9 snmpd 2>/dev/null
/bin/sleep 1

mkdir -p /persist/etc/net-snmp && /usr/local/sbin/snmpd -LS 0-6 d -p /var/run/net_snmpd.pid -M /usr/share/snmp/mibs/:/usr/local/share/snmp/mibs -C -c /var/etc/netsnmpd.conf,/persist/etc/net-snmp/snmpd.conf udp6:161


SOCKET_PATH=/var/agentx/master
ELAPSED_TIME=0


Wait maximum 3 seconds for snmp agent socket creation


while [ ! -S "$SOCKET_PATH" ] && [ $ELAPSED_TIME -lt 30 ]; do
    /bin/sleep 0.1
    ELAPSED_TIME=$((ELAPSED_TIME+1))
done


if [ ! -S "$SOCKET_PATH" ]; then
        /usr/bin/logger -s -p user.error -t net-snmp "error waiting for master socket creation"
fi


/usr/sbin/chown -R snmp_subagent:snmp_subagent $(dirname "$SOCKET_PATH")
/usr/bin/killall -9 sgtw-snmp-subagent 2>/dev/null
/usr/bin/su -m snmp_subagent -c "/usr/local/sbin/sgtw-snmp-subagent"
}


rc_stop() {
        echo "Stopping net-snmpd..."
if [ -e /var/run/net_snmpd.pid ]; then
        /bin/kill -9 "$(/bin/cat /var/run/net_snmpd.pid)"
        /bin/pkill -9 sgtw-snmp-subagent
        /bin/rm -f /var/run/net_snmpd.pid
fi
}


case $1 in
        start)
                rc_start
                ;;
        stop)
                rc_stop
                ;;
        restart)
                rc_stop
                rc_start
                ;;
esac

As you can see, the script listens on an ipv6 socket.

Here is the conf file located at /var/etc/netsnmpd.conf.

agentaddress udp:
engineID 00:c0:3a:d7:00:ef
[snmp] tsmUseTransportPrefix no
maxGetbulkRepeats 10000
sysLocation Alstom_Villeurbanne_ADM_N&T
sysContact FR_SGTW@alstomgroup.com
sysName GateOS.localdomain
sysServices 79
sysDescr DTR0000436720:190075-29:000000000000138:202019:GateOSV4.2.0_SNAP_20250407:SNMP_Custom
sysObjectID .1.3.6.1.4.1.13933
interface_replace_old no
ignoreDisk /dev
ignoreDisk /var/dhcpd/dev
includeAllDisks 20%
rouser -s usm "resources_monitoring" priv
rouser -s usm "abc" priv
rouser -s usm "abcdéàç" priv
rouser -s usm "user_SHA" priv
rouser -s usm "user_SHA-256" priv
rouser -s usm "user_SHA-384" priv
rouser -s usm "user_SHA-512" priv
master agentx

The other conf file located at /persist/etc/net-snmp/snmpd.conf is not editable.

The FreeBSD system is connected to an ubuntu machine. On this ubuntu, I launch the following cmd :

snmpwalk -v3 -u "abc" -a SHA -A "azertyuiop" -x AES -X "azertyuiop" -l authPriv 192.168.71.1.

And I have a bunch of MIBs as a result.

However, when I run the exact same command with an ipv6 address I have a timeout error.

I can effectively netcat the snmpd process with nc -zv -u db1::1 161 so I don't believe it is a network issue.

What I tried

  1. Look for logs. Had a lot of trouble finding docs with cmd options that render the snmp server more verbose. Visited this FreeBSD snmpd and manpage of snmpd (updated on 2005 so not that reliable). Whenever I add an option cited on these sources to get more logs, I am faced with the following msg Warning: Failed to connect to the agentx master agent ([NIL])
  2. Use wireshark. Surprisingly, the logs show a single packet answer from the snmpd server labeled report 1.3.6.1.6.3.15.1.1.4.0. But nothing else wheras the request using an ipv4 address results in much more traffic of MIBs exchange. I would love to show you the pcap file but I don't know how to do that properly on StackExchange.
  3. Adding agentaddress udp6:[db1::1]:161 or agentaddress udp6 but keep getting Warning: Failed to connect to the agentx master agent ([NIL]). And the snmpwalk request still does not work
abens
  • 1

0 Answers0