logIt » perl

Running Raddle (2): snmpd & Replay Custom Private Enterprise MIB

Arif — Thu, 18 Aug 2011 03:13:44 +0000

Net-SNMP wiki gives tutorial on extending snmpd using Perl. In basic run of Raddle (previous post) this involves r1.pl called by r1.conf fed to snmpd. Private enterprise MIB i.e. Microchip’s in this example can be replayed without really ever captured the real device’s SNMP data. This is necessary when the actual device is yet existed; normal situation when developing. There are two simple ways of replaying this artificial SNMP data over which either way requires correct OID.

First put the Microchip.TXT (the MIB file) under /usr/share/snmp/mibs to easily exchange OID canonical form and name vice versa while making dummy. In this case I’ve modify the MIB to have some additional object i.e. name:
$ snmptranslate -m +Microchip -On Microchip::name .1.3.6.1.4.1.17095.1.1
so we can then use this correct OID for our dummy.

How?

use SetMIBValue() in r1.pl

$agent->SetMIBValue( '.1.3.6.1.4.1.17095.1.1', ASN_OCTET_STR, "Microchip");
$agent->SetMIBValue( '.1.3.6.1.4.1.17095.3.13', ASN_INTEGER, 82);

Feed r1.snmp for playing as in

$agent->ParseDataFile( '/usr/local/etc/snmp-emulator/r1.snmp', 0 )

with the content of

.1.3.6.1.4.1.17095.1.1 = STRING: Microchip
.1.3.6.1.4.1.17095.3.13 = INTEGER: 82

In all above two examples we can only GET for Raddle to return an answer for each OID. GETNEXT as in bulk snmpwalk won’t give output because they are not sequenced.

A sample of sequenced data inside a real snmpwalk dump is:

$ snmpwalk -v 1 -c public -On localhost
 
.1.3.6.1.2.1.1.1.0 = STRING: Linux xp-racy 2.6.38-10-generic #46~lucid1-Ubuntu SMP Wed Jul 6 18:40:11 UTC 2011 i686
.1.3.6.1.2.1.1.2.0 = OID: .1.3.6.1.4.1.8072.3.2.10
.1.3.6.1.2.1.1.3.0 = Timeticks: (496371) 1:22:43.71
.1.3.6.1.2.1.1.4.0 = STRING: Root  (configure /etc/snmp/snmpd.local.conf)
.1.3.6.1.2.1.1.5.0 = STRING:
.1.3.6.1.2.1.1.6.0 = STRING: Unknown (configure /etc/snmp/snmpd.local.conf)
.1.3.6.1.2.1.1.8.0 = Timeticks: (0) 0:00:00.00
.1.3.6.1.2.1.1.9.1.2.1 = OID: .1.3.6.1.6.3.10.3.1.1
.1.3.6.1.2.1.1.9.1.2.2 = OID: .1.3.6.1.6.3.11.3.1.1

thus, we can only

$ snmpget -m +Microchip -v 1 -c public localhost Microchip::control.13
Microchip::control.13 = INTEGER: 82

or from other system with no Microchip MIB use

$ snmpget -v 1 -c public 192.168.40.105 .1.3.6.1.4.1.17095.3.13
SNMPv2-SMI::enterprises.17095.3.13 = INTEGER: 82

The tree below may visually explains sequenced data for GETNEXT where our Microchip is branched at private.enterprises.microchip :

$ snmptranslate -m +Microchip -Tp
 
+--iso(1)
   |
   +--org(3)
      |
      +--dod(6)
         |
         +--internet(1)
            |
            +--directory(1)
            |
            +--mgmt(2)
            |  |
            |  +--mib-2(1)
            |     |
            |     +--system(1)
            |     |  |
...
            +--private(4)
            |  |
...
            |  +--enterprises(1)
            |     |
...
            |     +--microchip(17095)
            |        |
            |        +--product(1)
            |        |  |

How GET and GETNEXT appeared in SNMP can be viewed by running snmpd in debug mode with this options:

$ snmpd -m +Microchip -f -L -V -C -I vacm_vars -c /usr/local/etc/snmp-emulator/r1.conf
NET-SNMP version 5.3.1
Connection from UDP: [127.0.0.1]:32770
Received SNMP packet(s) from UDP: [127.0.0.1]:32770
  GET message
    -- control.13

Running Raddle in RHEL

Arif — Mon, 15 Aug 2011 07:43:05 +0000

Raddle is a great SNMP player written in Perl. I say player to this emulator application, meaning that I can append or dump snmpwalk output from a device and then replay that from Raddle. Installing it can be both simple and tedious tasks. I used Red Hat Enterprise Linux 5.2 inside a virtual machine (VirtualBox) to make it compact without interfering my own host snmpd setting.

net-SNMP packages are required for Raddle to work on top of primarily snmpd.

yum install net-snmp net-snmp-utils

Prior to installation some rpm packages must be downloaded separately as my local repo (created from original RHEL CD images) may not contain them. They are installed as follow:

rpm -i perl-Carp-Clan-6.00-1.el4.rf.noarch.rpm
rpm -i perl-Bit-Vector-6.4-2.el5.rf.i386.rpm
rpm -i perl-Crypt-DES-2.05-3.2.el5.rf.i386.rpm
rpm -i perl-Digest-SHA1-2.11-1.el5.rf.i386.rpm
rpm -i perl-Digest-HMAC-1.01-2.2.el5.rf.noarch.rpm
rpm -i perl-Socket6-0.20-1.el5.rf.i386.rpm
rpm -i perl-Net-SNMP-5.2.0-1.2.el5.rf.noarch.rpm
rpm -i perl-Date-Pcalc-1.2-1.2.el5.rf.noarch.rpm
rpm -i perl-Date-Calc-5.4-1.el5.rf.i386.rpm

continued by installing net-snmp-perl from original repo

yum install net-snmp-perl

Uncompressing Raddle and successful make test will mean installation is good and can be finished by make install

cd Net-Raddle-0.08
perl Makefile.PL
make test
make install

Replaying SNMP Packets

The idea is to run snmpd which replays a specific prepared-SNMP-packets instead of our own real time system SNMP data (in this case the condition of RHEL 5.2 host). There are three files to do that, let’s name them r1.*:

r1.snmp
A capture from i.e.
snmpwalk -v 1 -c -OneU > r1.snmp
r1.conf
snmpd will run this instead of the original OS default:
snmpd -C -I vacm_vars -c /usr/local/etc/snmp-emulator/r1.conf
r1.pl
the perl script where the most basic is to just replay the above r1.snmp

An official documentation to replay SNMP can be found here. I got hold back when trying to listen from other host, it turns out that I must remove the localhost section in r1.conf which will make it to use standard port 161 as well

# Listen on port 9501
#agentaddress    udp:localhost:9501,tcp:localhost:9501

It is also wise to always cut the r1.snmp first to see if the perl works (test with perl -w /usr/local/etc/snmp-emulator/r1.pl) either with warning or clean, meaning no problem with just some of the OIDs found inside the file.