4

I'm using snmp4j 3.4.2 inside my java application (full code below)

I'm trying to execute a snmpget with snmpv3, security DES and auth MD5 and custom OID (python script, which is executed by snmp's extend funtionality). To create better understanding I used SnmpConstants.sysUpTime in the example below.

The SNMP resource has this user configured:

defSecurityName demo
defSecurityLevel authPriv
defAuthType MD5
defPrivType DES
defAuthPassphrase pass
defPrivPassphrase pass

I'm already using this user and resource to successfully perform the snmpget with python (pysnmp) and bash (snmpget), so I can definitely tell that my setup works and the java code is the problem.

I have two java classes (Listener.java and ServerStatusHelper.java)

Listener.java contains main and calls the snmpGet inside ServerStatusHelper.java, other code of Listener is excluded as its not neccessary.

import org.snmp4j.PDU;
import org.snmp4j.ScopedPDU;
import org.snmp4j.Snmp;
import org.snmp4j.Target;
import org.snmp4j.event.ResponseEvent;
import org.snmp4j.mp.SnmpConstants;
import org.snmp4j.security.AuthMD5;
import org.snmp4j.security.AuthSHA;
import org.snmp4j.security.PrivAES128;
import org.snmp4j.security.PrivDES;
import org.snmp4j.smi.OID;
import org.snmp4j.smi.VariableBinding;

public class Listener {

    public static void main(String[] args) {

        ServerStatusHelper agent = new ServerStatusHelper("host.tld", "udp", 161, "demo", "demo",
                "pass", "pass", new AuthMD5(), new PrivDES(), true);

        try {
            agent.startAgent();
            ResponseEvent response = agent.snmpGetOperation(SnmpConstants.sysUpTime);
            if (response != null) {
                System.out.println(
                        "response null - error: "+ response.getError() +
                        "peerAddress: " + response.getPeerAddress() +
                        "source: " + response.getSource().toString() +
                        "request: " + response.getRequest());
            }

        } catch (

        IOException e) {
            e.printStackTrace();

        }
    }

}

ServerStatusHelper.java

import java.io.IOException;

import org.snmp4j.CommunityTarget;
import org.snmp4j.PDU;
import org.snmp4j.ScopedPDU;
import org.snmp4j.Snmp;
import org.snmp4j.TransportMapping;
import org.snmp4j.UserTarget;
import org.snmp4j.event.ResponseEvent;
import org.snmp4j.mp.MPv3;
import org.snmp4j.mp.SnmpConstants;
import org.snmp4j.security.AuthGeneric;
import org.snmp4j.security.AuthMD5;
import org.snmp4j.security.PrivDES;
import org.snmp4j.security.PrivacyGeneric;
import org.snmp4j.security.SecurityLevel;
import org.snmp4j.security.SecurityModels;
import org.snmp4j.security.SecurityProtocols;
import org.snmp4j.security.USM;
import org.snmp4j.security.UsmUser;
import org.snmp4j.smi.Address;
import org.snmp4j.smi.GenericAddress;
import org.snmp4j.smi.OID;
import org.snmp4j.smi.OctetString;
import org.snmp4j.smi.TransportIpAddress;
import org.snmp4j.smi.VariableBinding;
import org.snmp4j.transport.DefaultTcpTransportMapping;
import org.snmp4j.transport.DefaultUdpTransportMapping;

public class ServerStatusHelper {

    private Address nmsIP;
    private String user;
    private String securityName;
    private String privacyPassword;
    private String authorizationPassword;
    private AuthGeneric authProtocol;
    private PrivacyGeneric privacyProtocol;
    private String protocol;
    private boolean encryption;

    private long timeOut = 1000;
    private int noOfRetries = 10;

    private Snmp snmp;
    private UserTarget target;
    private CommunityTarget v1target;
    
    ServerStatusHelper(String ip, String protocol, int snmpPort, String username, String securityName,
            String privacyPassword, String authPassowrd, AuthGeneric authProtocol, PrivacyGeneric privacyProtocol,
            boolean encryption) {

        nmsIP = GenericAddress.parse(protocol + ":" + ip + "/" + snmpPort);
        System.out.println("NMS IP set : " + nmsIP.toString());

        this.protocol = protocol;
        this.user = username;
        this.securityName = securityName;
        this.privacyPassword = privacyPassword;
        this.authorizationPassword = authPassowrd;
        this.authProtocol = authProtocol;
        this.privacyProtocol = privacyProtocol;
        this.encryption = encryption;
        
        SecurityProtocols.getInstance().addAuthenticationProtocol(new AuthMD5());
        SecurityProtocols.getInstance().addPrivacyProtocol(new PrivDES());

    }

    public void startAgent() throws IOException {
        if (snmp == null) {

            TransportMapping<? extends TransportIpAddress> transport = null;

            if (protocol.equalsIgnoreCase("udp")) {
                System.out.println("UDP Protocol selected.");
                transport = new DefaultUdpTransportMapping();
            } else {
                System.out.println("TCP Protocol selected.");
                transport = new DefaultTcpTransportMapping();
            }

            snmp = new Snmp(transport);

            USM usm = new USM(SecurityProtocols.getInstance(), new OctetString(MPv3.createLocalEngineID()), 0);
            SecurityModels.getInstance().addSecurityModel(usm);

            transport.listen();

            snmp.getUSM().addUser(new OctetString(user),
                    new UsmUser(new OctetString(securityName), authProtocol.getID(),
                            new OctetString(authorizationPassword), privacyProtocol.getID(),
                            new OctetString(privacyPassword)));

            if (encryption)
                target = createUserTarget();
            else
                v1target = createUserTargetWithoutEncryption();
        }

    }

    public ResponseEvent snmpSetOperation(VariableBinding[] vars) throws IOException {
        PDU setPdu = new ScopedPDU();
        for (VariableBinding variableBinding : vars) {
            setPdu.add(variableBinding);
        }
        return snmp.send(setPdu, target);
    }

    public ResponseEvent snmpGetOperation(OID oid) throws IOException {

        if (encryption) {
            PDU getPdu = new ScopedPDU();
            getPdu.add(new VariableBinding(oid));
            getPdu.setType(ScopedPDU.GET);
            return snmp.get(getPdu, target);

        } else {
            PDU getPdu = new PDU();
            getPdu.add(new VariableBinding(oid));
            getPdu.setType(PDU.GET);
            return snmp.get(getPdu, v1target);

        }

    }

    private UserTarget createUserTarget() {
        UserTarget target = new UserTarget();
        target.setAddress(nmsIP);
        target.setRetries(noOfRetries);
        target.setTimeout(timeOut);
        target.setVersion(SnmpConstants.version3);
        target.setSecurityLevel(SecurityLevel.AUTH_PRIV);
        target.setSecurityName(new OctetString(securityName));
        return target;
    }

    private CommunityTarget createUserTargetWithoutEncryption() {
        CommunityTarget target = new CommunityTarget();
        target.setCommunity(new OctetString("public"));
        target.setAddress(nmsIP);
        target.setRetries(noOfRetries);
        target.setTimeout(timeOut);
        target.setVersion(SnmpConstants.version1);
        return target;
    }

    public long getTimeOut() {
        return timeOut;
    }

    public void setTimeOut(long timeOut) {
        this.timeOut = timeOut;
    }

    public int getNoOfRetries() {
        return noOfRetries;
    }

    public void setNoOfRetries(int noOfRetries) {
        this.noOfRetries = noOfRetries;
    }
}

The execution of the program exits with


NMS IP set : **IPREMOVED**/161
UDP Protocol selected.
response null - error: nullpeerAddress: **IPREMOVED**/161source: org.snmp4j.Snmp@e580929 request: GET[{contextEngineID=80:00:1f:88:80:5e:2e:49:07:2f:68:44:57:00:00:00:00, contextName=}, requestID=588252045, errorStatus=0, errorIndex=0, VBS[1.3.6.1.2.1.1.3.0 = Null]]

Anyone has an idea what I'm doing wrong?

Edit:

From the servers syslog I can see, that the request arrives at the resource:

Jul 31 11:52:46 loadbalancer snmpd[1219]: Connection from UDP: [IP REMOVED]:54734->[IP REMOVED]:161
Jul 31 11:52:46 loadbalancer snmpd[1219]: Connection from UDP: [IP REMOVED]:54734->[IP REMOVED]:161
I. Shm
  • 173
  • 13

1 Answers1

3

@i-shm I think you are doing everything ok.

The only problem in your code could be just the line in which you evaluate the response variable. Your are indicating response != null when it should be actually response == null. I mean:

import org.snmp4j.PDU;
import org.snmp4j.ScopedPDU;
import org.snmp4j.Snmp;
import org.snmp4j.Target;
import org.snmp4j.event.ResponseEvent;
import org.snmp4j.mp.SnmpConstants;
import org.snmp4j.security.AuthMD5;
import org.snmp4j.security.AuthSHA;
import org.snmp4j.security.PrivAES128;
import org.snmp4j.security.PrivDES;
import org.snmp4j.smi.OID;
import org.snmp4j.smi.VariableBinding;

public class Listener {

    public static void main(String[] args) {

        ServerStatusHelper agent = new ServerStatusHelper("host.tld", "udp", 161, "demo", "demo",
                "pass", "pass", new AuthMD5(), new PrivDES(), true);

        try {
            agent.startAgent();
            ResponseEvent event = agent.snmpGetOperation(SnmpConstants.sysUpTime);
            final PDU response = event.getResponse();
            if (response == null) {
                System.out.println(
                        "response null - error: "+ event.getError() +
                        "peerAddress: " + event.getPeerAddress() +
                        "source: " + event.getSource().toString() +
                        "request: " + event.getRequest());
            } else {
              System.out.println("Response PDU:" + response.toString());
              // Process the response as you need, maybe something like this:
              long sysUpTime = response.get(0).getVariable().toLong();
              // You can find relevant information in the javadocs of the library:
              // https://agentpp.com/doc/snmp4j/index.html?org/snmp4j/package-summary.html
            }

        } catch (IOException e) {
            e.printStackTrace();

        }
    }

}

This is why you do not receive errors in the java code and your syslog indicates that the requests were actually sent.

jccampanero
  • 50,989
  • 3
  • 20
  • 49
  • this does unfortulately not resolve the issue. The response object does not contain an error nor an actual snmp response. – I. Shm Aug 12 '20 at 06:46
  • But @I.Shm, what is the program output? Any exception arise? – jccampanero Aug 12 '20 at 12:45
  • as stated in the original question the program output is the following NMS IP set : **IPREMOVED**/161 UDP Protocol selected. response null - error: nullpeer Address: **IPREMOVED**/161source: org.snmp4j.Snmp@e580929 request: GET[{contextEngineID=80:00:1f:88:80:5e:2e:49:07:2f:68:44:57:00:00:00:00, contextName=}, requestID=588252045, errorStatus=0, errorIndex=0, VBS[1.3.6.1.2.1.1.3.0 = Null]] – I. Shm Aug 12 '20 at 17:45