On Mon, 2021-08-16 at 22:45 +1000, Jonathan Matthew wrote: > On Tue, Aug 10, 2021 at 12:58:05PM +0200, Martijn van Duren wrote: > > On Mon, 2021-08-09 at 21:44 +0200, Martijn van Duren wrote: > > > On Tue, 2021-07-27 at 21:28 +0200, Martijn van Duren wrote: > > > > This diff allows sending traps in SNMPv3 messages. > > > > It defaults to the global seclevel, but it can be specified on a per > > > > rule basis. > > > > > > > > Diff requires both previous setting engineid and ober_dup diff. > > > > > > > > Tested with netsnmp's snmptrapd and my WIP diff. > > > > > > > > The other 2 outstanding diffs are for receiving SNMPv3 traps. > > > > > > > > OK? > > > > > > > > martijn@ > > > > > > > Resending now that the engineid diff is in. > > > > > > Still awaiting the commit of ober_dup diff[0]. > > > > > > OK once that one goes in? > > > > > > Also, rereading the diff, splitting the trap receiver in two might be a > > > bit clutch. Once again invoking the manpage gurus. > > > > > > martijn@ > > > > > > [0] https://marc.info/?l=openbsd-tech&m=162698527126249&w=2 > > > > > The listen on diff committed this morning broke this patch. > > Updated version > > I think my only concern with this is that the config syntax changes > incompatibly, since you now have to specify 'snmpv2c' for v2c trap > receivers. I can think of a few alternatives, but none of them are > great. What you've done here seems to be the cleanest option both in > terms of what the config looks like and the code for processing it, > so if we're prepared to change the config syntax, I'm happy with it. > To make v3 the default is the logical conclusion of the reason moves away from SNMPv2c in general for our SNMP stack. We've disabled SNMPv2c for listen on in snmpd(8), including trap handle. We've removed default communities (including "trap community"), so enabling snmpv2c on a notify listener will not even make the receiver work without explicitly setting that community. And similar for "trap receiver", without setting either the global "trap community" or the "trap receiver" local community it will not work. It would be easy enough to enable keep snmpv2c the default for trap receiver, but considering the general direction it just seems pointless.
In other words, this change is intentional and I assumed that people interested in OKing this diff were aware enough of the recent changes to understand this context of changing defaults. Sorry that that wasn't clear. If noone else objects I'll commit as soon as I get the green light for the libutil bump. Thanks for checking.
