Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

net-snmp: introduce new ssl variant for net-snmp and enable SNMP V3 #26216

Open
wants to merge 4 commits into
base: master
Choose a base branch
from

Conversation

Chris1189
Copy link

Maintainer: @stintel
Compile tested: x86_64, Openwrt 24.10
Run tested: x86_64, Openwrt 24.10

Description:
Openssl is needed to implement encryption and authentification for SNMPv3.
As discussed in PR #25178 and also PR #25444 I added a variant for net-snmp that compiles libnetsnmp
with libopenssl (for SNMPv3). The default compilation is with the former variant.

The features for SNMPv3 are added to snmpd.init file and the possibility
to log messages to syslog or a log file..

Copy link
Member

@stintel stintel left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The logging support in the init script and example config are not related to the snmpv3 changes, so they should go in a separate commit.

You're also adding a meta package that selects all snmp packages, but it's not described in the commit message. While you add that, explain why it's needed.

Finally, the changes cause a recursive dependency that must be fixed:

tmp/.config-package.in:56442:error: recursive dependency detected!
tmp/.config-package.in:56442:   symbol PACKAGE_libnetsnmp-ssl depends on PACKAGE_libnetsnmp
tmp/.config-package.in:56425:   symbol PACKAGE_libnetsnmp is selected by PACKAGE_libnetsnmp-ssl

@Chris1189
Copy link
Author

I separated these changes to make a clear separation. You're right!

I think you mean net-snmp-ssl with the meta package? I added some context to the commit message.
It is needed to make a dependency on the SNMPv3 variant (net-snmp-ssl) in luci-app-snmpd for a future commit.

I fixed the recursive dependency. It was a forgotten /Default in the call in libnetsnmp-ssl.

Thank you for your review and I look forward to the re-review.

@stintel
Copy link
Member

stintel commented Mar 26, 2025

The example config for logging should go in the commit that adds logging support in the init script. Similarly, the example config for SNMPv3 should go in the commit that adds SNMPv3 support in the init script.

@Chris1189
Copy link
Author

I see! Now it is updated. I placed them in the mentioned commits.

Copy link
Member

@stintel stintel left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Somehow I was able to end up with this in my .config:

CONFIG_PACKAGE_libnetsnmp=y
CONFIG_PACKAGE_libnetsnmp-ssl=y

This results in the following error during build:

 * check_conflicts_for: The following packages conflict with libnetsnmp-ssl:
 * check_conflicts_for:         libnetsnmp *
 * opkg_install_cmd: Cannot install package libnetsnmp-ssl.
 * check_conflicts_for: The following packages conflict with libnetsnmp-ssl:
 * check_conflicts_for:         libnetsnmp *
 * opkg_install_cmd: Cannot install package snmpd-ssl.
 * check_conflicts_for: The following packages conflict with libnetsnmp-ssl:
 * check_conflicts_for:         libnetsnmp *
 * opkg_install_cmd: Cannot install package libnetsnmp-ssl.

It should not be possible to select both variants.

Christian Korber added 4 commits March 31, 2025 13:59
Following commits will introduce a new variant ssl that
provides ssl encryption possibility needed by SNMP V3.
So this commit tags the basic variant nossl and encapsulates
needed packages in the same logic.

Signed-off-by: Christian Korber <[email protected]>
This commit introduces the new ssl variant of net-snmp
(net-snmp-ssl). This meta package is needed to clearly
distinquish between support for SNMPv3 (with encryption)
and the default variant (net-snmp) without encryption.
It also integrates a differentiation between the now two
variants and compiles them conditionally.

Signed-off-by: Christian Korber <[email protected]>
This commit adds function `snmpd_snmpv3_add` to the init script
to support SNMPv3.

Signed-off-by: Christian Korber <[email protected]>
To support logging in net-snmp this commit
introduces this feature.

Signed-off-by: Christian Korber <[email protected]>
@Chris1189
Copy link
Author

I resolved the conflicts now. It shouldn't be possible to create such conflicts.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants