1

I'm building a SNMP agent and now working on the trap message. Before I begin to write the code of the trap message, I have question:
In SNMPv1 what is the specific trap code ? Everywhere I searched I get just superficial definition and I want to get a deep definition with the possibilities of what it can contain.

Jolta
  • 2,620
  • 1
  • 29
  • 42
dor_torge
  • 69
  • 2
  • 8

1 Answers1

5

An SNMPv1 trap PDU contains the following items:

  1. Object Type generating the trap (this is an OID of type NOTIFICATION-TYPE)
  2. Address of generating object (an IP address)
  3. Generic Trap Data - one of the enumerations listed (0==coldStart, 1==warmStart ... 6==Enterprise)
  4. Enterprise Trap Data - 0 or the specified enterprise trap data
  5. Timestamp - timestamp trap was generated
  6. Variable Bindings.

The generic trap data items 0-5 are defined explicitly in the spec as to what they mean, once you hit 6 (enterprise), then it is completely up to the definition supplied in the enterprise MIB. Unless you're actually loading and interpreting the content of the MIB that defines what the value means you can't actually understand what it means. If we look at the UCD-SNMP-MIB, it defines two trap types:

ucdTraps OBJECT IDENTIFIER ::= { ucdavis 251 }

ucdStart NOTIFICATION-TYPE
    STATUS  current
    DESCRIPTION
    "This trap could in principle be sent when the agent start"
    ::= { ucdTraps 1 }
    
ucdShutdown NOTIFICATION-TYPE
    STATUS current
    DESCRIPTION
    "This trap is sent when the agent terminates"
    ::= { ucdTraps 2 }

These correspond to OIDs .1.3.6.1.4.1.2021.251.1 and .1.3.6.1.4.1.2021.251.2 respectively.

The OID is interpreted as .1.3.6.1.4.1 == enterprises base, 2021 == UC Davis, 251 == ucdTraps and the trailing 1 or 2 is for usdStartup and usdShutdown respectively.

These traps would set the trap data type to 6 and, as they don't specify any content of the enterprise data field, it would not be interpretable.

Finally for variable data, it's a sequence of OID, value pairs, and needs to be unwrapped as specified ASN.1 data.

The coldStart OID is .1.3.6.1.6.3.1.1.5.1 - the base definitions are in the SNMPv2 MIB file for coldStart, warmStart and authenticationFailure, the definitions of linkDown and linkUp can be found in RFC2863.

to be honest, I wouldn't bother trying to interpret the data unless I was armed with the spec for the trap as without it you would have no way of understanding what it means.

Community
  • 1
  • 1
Anya Shenanigans
  • 91,618
  • 3
  • 107
  • 122
  • It seems to me that you avoided specifically answering the OPs question: What value is correct value for what the OP calls `specific trap code`, what the [RFC](http://tools.ietf.org/html/rfc1157#section-4.1.6) calls `specific-trap` and what you call `Enterprise Trap Data`? (And why do you use a completely different name for that field than the RFC?) The integer is mandatory. In the case of e.g. `ucdStart`, is the correct value for `specific-trap` 0 (for "unspecified") or 1 (for the last integer of the OID for `ucdStart`)? – Peter V. Mørch Feb 05 '20 at 12:45