1.101. net-snmp

When running on a machine with an aliased network interface, a small memory leak may have occurred and the snmpd daemon may have incorrectly spammed syslog with the following message:

error on subcontainer '' insert (-1)

Although the message itself is completely harmless, it may have filled the system log. This update adapts the underlying source code to make sure the snmpd no longer leaks memory or produces the aforementioned message when processing aliased interfaces.

When running on a big-endian machine, the snmpd daemon incorrectly mixed pointers to integers of a different size, and reported wrong indexes of the UDP-MIB::udpTable table. With this update, this error no longer occurs, and snmpd now reports correct indexes.

When loading a list of installed RPM packages for the HOST-RESOURCE::hrSWInstalledTable table, a rare race condition may have occurred if an RPM package was being updated, installed, or removed at the same time, causing the snmpd daemon to terminate unexpectedly with a segmentation fault. With this update, snmpd has been adapted to recover from such a situation, and no longer crashes in this scenario.

When retrieving data for the Remote Network Monitoring Management Information Base (RMON-MIB), the snmpd daemon may have leaked file descriptors. As a result, the file descriptors available to the snmpd process may have been exhausted, rendering the daemon unable to respond to SNMP requests. With this update, all unnecessary file descriptors are appropriately closed, and snmpd now works as expected.

When a network interface was not active and the snmpd service was unable to obtain its real speed from the kernel, it incorrectly reported an erroneous value of the IF-MIB::ifSpeed object. This update corrects the snmpd daemon to report the correct speed if the kernel provides it, and not to report the speed of a disabled network at all if it cannot be obtained.

Prior to this update, the snmpd daemon did not initialize the structures for the IP-MIB::ipSystemStatsTable and IP-MIB::ipIfStatsTable tables properly. Consequent to this, when a counter in these tables exceeded 32 bits, the following error message may have been written to the system log:

looks like a 64bit wrap, but prev!=new

This update corrects the initialization of the aforementioned tables, resolving this issue.

Prior to this update, when a user provided a passphrase that was too short, various SNMP utilities such as snmpget or snmpwalk incorrectly returned exit code 0. This error no longer occurs, and the SNMP utilities now return a non-zero exit code in this scenario.

Previously, the logrotate configuration file shipped with the net-snmp packages restarted the snmpd daemon whenever the /var/log/snmpd.log file was rotated. However, this led to an unnecessary interruption of the SNMP service, and may have negatively affected several SNMP counters. With this update, the aforementioned configuration file has been adapted to only notify the running snmpd daemon that the log file should be reopened, and no longer interrupts the SNMP service.

The upstream test suite that was previously shipped as part of the source RPM package did not work with the TCP and UDP protocols for IPv6, and reported false errors. This update adapts the test suite to work with IPv6 as expected.

When responding to an SNMP GET request of an unknown row in the IF-MIB::ifTable table, the Net-SNMP daemon incorrectly returned a noCreation error. This update applies a patch that resolves this issue, and the snmpd daemon now correctly returns a noSuchInstance error as specified by the SNMP standards.

During recompilation of the net-snmp source package, the configure script reported an error. Although this error was completely harmless and did not affect the resulting build in any way, it unnecessarily polluted the output of the rpmbuild command. To prevent this, the error in the header ordering has been fixed so that the package can be rebuilt with no error messages.

Prior to this update, index values of the HOST-RESOURCES-MIB::hrFSTable and HOST-RESOURCES-MIB::hrStorageTable tables were not persistent across device remounts (that is, a particular index may have been different before and after a device was unmounted and mounted again). With this update, the snmpd daemon has been updated to keep track of mounted and unmounted devices in order to retain the same indexes across remounts.

Previously, the snmpd daemon was updated to send SNMP responses to broadcast requests from the same interface on which the SNMP was received. However, this update also introduced an error which prevented it from sending responses to unicast request on multihomed machines (that is, on machines with multiple network interfaces, each facing a different network). This update corrects this error so that the snmpd daemon is now able to both answer unicast requests on multihomed machines and send responses to broadcast requests from the same interface on which the request was received.

Due to a possible race condition, the snmpd daemon may have failed to count some processes when populating the UCD-SNMP-MIB::prTable table. With this update, the underlying source code has been adapted to prevent such a race condition so that all processes are now counted as expected.

Due to a possible overflow of a 32-bit signed integer, the snmptranslate tool may have reported wrong ranges of objects with the Unsigned32 syntax. This update adapts snmptranslate to use 64-bit values for integer ranges, so that the utility no longer produces incorrect Unsigned32 ranges.

Previously, the snmpd service returned an incorrect value of the IP-MIB::ipv6InterfaceForwarding object: for forwarding it reported 0 instead of 1, and for notForwarding it reported 1 instead of 2. With this update, this error no longer occurs, and snmpd now reports the value of IP-MIB::ipv6InterfaceForwarding in accordance with RFC 4293.

Previously, the snmpd daemon strictly implemented RFC 2780. However, this specification no longer scales well with modern big storage devices with small allocation units, and consequently, snmpd reported a wrong value of the HOST-RESOURCES-MIB::hrStorageSize object when working with a large file system (larger than 16TB), because the accurate value would not fit into Integer32 as specified in the RFC. To address this issue, this update adds a new option to the /etc/snmp/snmpd.conf configuration file, realStorageUnits. By changing the value of this option to 0, users can now enable recalculating all values in hrStorageTable to ensure that the multiplication of hrStorageSize and hrStorageAllocationUnits always produces an accurate device size. On the other hand, the values of hrStorageAllocationUnits are artificial and do not represent the real size of the allocation unit on the storage device.

When running on a big-endian machine, the snmpd daemon reported wrong values of storage sizes in the HOST-RESOURCES-MIB::hrStorageTable table. This was caused by incorrect use of pointers to integers of a different size. With this update, the snmpd daemon has been adapted to use pointers to integer values in the HOST-RESOURCES-MIB::hrStorageTable implementation. As a result, the sizes in the aforementioned table are now reported correctly.

When an object identifier (OID) was out of the subtree registered by the proxy statement in the /etc/snmp/snmpd.conf configuration file, the previous version of the snmpd daemon failed to use a correct OID of proxied GETNEXT requests. With this update, snmpd now adjusts the OIDs of proxied GETNEXT requests correctly and sends correct requests to the remote agent as expected.

After processing the SIGUP signal, the snmpd daemon may have stopped to report a correct value in the HOST-RESOURCES-MIB::hrStorageTable table. This update corrects this error so that when the SIGHUP signal is processed, the snmpd daemon now provides correct values in HOST-RESOURCES-MIB::hrStorageTable.

The previous version of snmptrapd, the Net-SNMP daemon for processing traps, leaked memory when processing incoming SNMP traps in embedded Perl. This caused the amount of consumed memory to grow over time, making the memory consumption was even larger if the daemon was processing SNMPv1 traps. With this update, the underlying source code has been adapted to prevent such memory leaks, and processing incoming SNMP traps in embedded Perl no longer increases the memory consumption.

The previous version of the snmpd daemon failed to detect newly added or activated interfaces, and did not show them in the IPV6-MIB::ipv6IfTable table. With this update, a patch has been applied to address this issue, and the snmpd daemon now properly refreshes the table whenever a new interface appears.

Prior to this update, the snmpd daemon did not detect errors when accessing the /proc file system. Consequent to this, an attempt to read information about an exited process while gathering information for a HOST-RESOURCES-MIB::hrSWRunTable table caused the daemon to terminate unexpectedly with a segmentation fault. This update adapts the underlying source code to make sure that such errors are now properly detected, and snmpd no longer crashes when populating HOST-RESOURCES-MIB::hrSWRunTable.

The previous version of the snmpd daemon incorrectly processed requests with malformed Basic Encoding Rules (BER), namely with the wrong type field of Community, RequestID, Error-status, and Error-index attributes. The updated snmpd daemon properly checks encoding of incoming packets and silently drops malformed requests as required by SNMP RFCs.

Previously, the SYNOPSIS section of the snmpnetstat(1) manual page incorrectly listed the -CP option instead of -Cp. This error has been fixed so that the aforementioned manual page no longer contains misleading information.

In the description of the linkUpDownNotifications directive, the snmpd.conf(5) manual page treats the linkUp and linkDown notifications as containing the ifIndex, ifAdminStatus, and ifOperStatus objects. Previously, the snmpd daemon did not include these objects in outgoing notifications. With this update, the snmpd daemon has been adapted to add these objects to the outgoing notifications as described in the manual page.

Prior to this update, the help messages of various SNMP-related tools and their corresponding manual pages (such as the snmptrapd(8) page) incorrectly suggested -D token as a valid syntax of the -D command line option. This update corrects this error, and both manual pages and help messages of the affected tools now strictly use the -Dtoken syntax as expected.

With this update, the UCD-SNMP-MIB::dskTable table has been enhanced to report 64-bit statistics of available, used, and free disk space. As a result, the table now provides the following new columns: dskTotalLow, dskTotalHigh, dskAvailLow, dskAvailHigh, dskUsedLow, and dskUsedHigh.