Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade to gosnmp mainline with our bespoke changes #2

Open
wants to merge 234 commits into
base: master
Choose a base branch
from
Open

Upgrade to gosnmp mainline with our bespoke changes #2

wants to merge 234 commits into from

Conversation

sacredbanana
Copy link

@sacredbanana sacredbanana commented Aug 22, 2022
edited
Loading

This is taking the latest mainline gosnmp then porting our bespoke changes on top. It's a lot of incoming changes. You can see my specific changes by looking at the latest commits.

https://app.clickup.com/t/1t208he

hdm and others added 30 commits July 26, 2018 17:57
@hdm @soniah
Expose SnmpEncodePacket/SnmpDecodePacket (gosnmp#157)
b788382 
* Add SnmpEncodePacket & SnmpDecodePacket

* Cleanup

* Return errors to caller vs log

* Relocate functions and add comments

* Time for more ☕, fix the comment to match the function
@IvanRadakovic @soniah
Add mock for Handler interface
6d59348
@soniah
Merge 'gosnmp#158 Add mock for Handler interface'
2b34397
@hdm @soniah
Support SNMPv3 Encode/Decode (gosnmp#160)
3651b0e 
* Store MsgMaxSize, support SNMPv3 SnmpDecodePacket
* Export MsgMaxSize
* Add SetMsgID/SetRequestID, validate Encode/Decode
@soniah
go 1.11 - travis
35d70ef
@yaocw2020
decrypt packet error handling
c0ed509 
Error handling is required. Otherwise, a nil trap will be passed into function unmarshalPayload, which triggers a panic.
@soniah
marshalInt32()
28507a5
@ebauman @soniah
Removed bit-lopping (gosnmp#169)
f45ace4 
* Removed bit-lopping
* revamped to adhere to BER
@mehdipourfar @soniah
exponential timeout + doco; goimports
cd9a07a
@vma @soniah
fix incorrect logPrint & logPrintf usage (gosnmp#174)
0aea62d
@krkini16 @soniah
Rerunning of mockgen off of interface.go (gosnmp#175)
74bb830
@krkini16 @soniah
Remove self-import introduced from previous Mockgen PR (gosnmp#177)
922fbec 
* Rerunning of mockgen off of interface.go

* Remove self-import
@jonnary @soniah
Revise the bug for func parseObjectIdentifier
14015a2
@soniah
revise 'bug for func parseObjectIdentifier'; gofmt
b77a017
@soniah
update mocks to new gomock version
843be2d 
mockgen -source=interface.go -package gosnmp > gosnmp_mock.go
@soniah
go mod
15d2ec2
@soniah
changelog
68e8bea
@nikandfor @soniah
travis config housekeeping
96c5485
@nikandfor @soniah
Asn1BER - types on constants; stringer
ac5c52d
@nikandfor @soniah
SNMPError - stringer
ee3a357
@nikandfor @soniah
handle uninitialized v3 SecurityParameters in SnmpDecodePacket()
b0ab007
@soniah
changelog
027c4b0
@soniah
fix IPAddress marshalling in Set()
b91861a 
MrSpock's fix - issue 179
@soniah
use packetSecParams not sp secretKey in v3 isAuthentic()
28249c3 
Issue 183
@soniah
goimports
36de603
@soniah
SNMPv1 trap IDs should be marshalInt32() not single byte
a89cf94 
Issue 182
@soniah
CHANGELOG
f16c818
@soniah
issue132 don't check returned OIDs are increasing
ea8c875
@merinjo @soniah
PR187 allow input of auth, priv keys
686d663
@skyfmmf @soniah
Add support for Walk and Get over TCP
53f9e78 
RFC 3430 specifies the transport of SNMP over TCP. It can be used to
support more efficient bulk transfers. This is supported in net-snmp and
the snmpd from OpenBSD for example.

This commit adds the field Transport to the GoSNMP struct that allows
the selection of UDP or TCP as transport layer. Connect() uses the
specified method to query the server. The interface of the library
remains the same.

As the connection can be closed at any time by the server, we need to
handle an EOF from the connection gracefully. This change also adds an
example to walk using TCP. It was tested against the snmpd from OpenBSD.
@sacredbanana
Copy link
Author

@initialed85 I have now updated the PR so that we don't have to do any resets. I did a clean merge involving reverting some of our commits

sacredbanana
sacredbanana commented Aug 23, 2022
View reviewed changes
go.mod Outdated Show resolved Hide resolved
sacredbanana
sacredbanana commented Aug 23, 2022
View reviewed changes
Dockerfile Outdated Show resolved Hide resolved
sacredbanana
sacredbanana commented Aug 23, 2022
View reviewed changes
Dockerfile Outdated Show resolved Hide resolved
sacredbanana
sacredbanana commented Aug 23, 2022
View reviewed changes
gosnmp_api_test.go Outdated Show resolved Hide resolved
sacredbanana
sacredbanana commented Aug 23, 2022
View reviewed changes
examples/logger/main.go Outdated Show resolved Hide resolved
@initialed85
Copy link

initialed85 commented Aug 23, 2022
edited
Loading

I've been having a bit of a look in more detail at the commits we've made in our fork- here's a starting point for a catalogue:

  • Improvements to support for devices behind NAT aka handling an SNMP response from an unexpected IP
  • Don't bother retrying during DNS failure
  • Fix module name for go.mod
  • Support for devices behind NAT aka handling an SNMP response from an unexpected IP
  • Support for SNMPSET of type IPAddress
  • Increase buffer size for large packets
  • Support multiple params for SNMP traps
  • Hack around SNMPv3 auth issues for Huawei devices

From a brief squiz most of those have had an alternative implemented in upstream (and so for better or worse, I guess we should use that)- however for sure the "Support multiple params for SNMP traps" functionality doesn't have a counterpart.

This one is useful and I suspect not well tested in CI, it speaks to having more than one community string (or a mixture of SNMPv2 and SNMPv3) configured for an SNMP trap listener- so if we get rid of that behaviour we risk finding out the hard way that we needed it (in prod).

And as this isn't Python, it's not as easy as just slamming some code into a running environment to fix it (we'd need to copy built libraries deep into a Virtualenv inside the backend container).

So it might give the perception of lost velocity, but I think we need to take an approach here of the following:

  • double check my cataloguing above, make sure I've identified the theme of the changes
  • extend our automated tests to be able to prove each new piece of functionality
  • go through our "sync w/ upstream" process
  • see if our tests still pass

It's really the only way we can have any confidence I think.

Stream of consciousness:

  • [Improvements to] Support for devices behind NAT aka handling an SNMP response from an unexpected IP
  • Don't bother retrying during DNS failure
    • Hopefully we can test by settings timeouts and retries and having a test that tries to hit an unresolvable name
  • Fix module name for go.mod
    • Unimportant
  • Support for SNMPSET of type IPAddress
    • Not sure if snmpsimd (the Python one we use) supports SNMPSETs; might have to put together an snmpd Docker container- totally doable though I think
  • Increase buffer size for large packets
    • Just fake up a really big SNMP packet to be returned from an SNMP simulator and make sure it can be received
  • Support multiple params for SNMP traps
    • We just need a couple of SNMP trap "simulators" (such as the gosnmp-traps-python uses, it's just invocations of the SNMP trap shell command) to exercise some different security combos (e.g. different community strings, SNMPv3, etc)
  • Hack around SNMPv3 auth issues for Huawei devices
    • This is the hardest one to test, because I could never make head nor tail of the actual issue, I was just able to track it down to that part of the code and skip the logic
    • I have noticed there are changes to that part of the code- maybe it's fixed now?
    • At any rate, I think we'll struggle to test this in an automated way- we might have to rely on manual validation and hope that South32 Worsley are still running Huawei AR503s (perhaps Shane Stuart can confirm)

EDIT: I think https://github.com/ftpsolutions/ims-mono/pull/2237 will cover us for test cases (except for the manual AR503 one)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@initialed85 initialed85 initialed85 requested changes

@kithix kithix Awaiting requested review from kithix

@lowaa lowaa Awaiting requested review from lowaa

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.