1.101. net-snmp

1.101.1. RHBA-2011:1076: net-snmp bug fix and enhancement update

Updated net-snmp packages that fix several bugs and add one enhancement are now available for Red Hat Enterprise Linux 5.

Important

This update was released as errata RHBA-2011:1076 — net-snmp bug fix and enhancement update.
The net-snmp packages provide various libraries and tools for the Simple Network Management Protocol (SNMP), including an SNMP library, an extensible agent, tools for requesting or setting information from SNMP agents, tools for generating and handling SNMP traps, a version of the netstat command which uses SNMP, and a Tk/Perl management information base (MIB) browser.

Bug Fixes:

BZ#554956
When running on a machine with an aliased network interface, a small memory leak may have occurred and the snmpd daemon may have incorrectly spammed syslog with the following message:
error on subcontainer '' insert (-1)
Although the message itself is completely harmless, it may have filled the system log. This update adapts the underlying source code to make sure the snmpd no longer leaks memory or produces the aforementioned message when processing aliased interfaces.
BZ#556824
When running on a big-endian machine, the snmpd daemon incorrectly mixed pointers to integers of a different size, and reported wrong indexes of the UDP-MIB::udpTable table. With this update, this error no longer occurs, and snmpd now reports correct indexes.
BZ#557758
When loading a list of installed RPM packages for the HOST-RESOURCE::hrSWInstalledTable table, a rare race condition may have occurred if an RPM package was being updated, installed, or removed at the same time, causing the snmpd daemon to terminate unexpectedly with a segmentation fault. With this update, snmpd has been adapted to recover from such a situation, and no longer crashes in this scenario.
BZ#561875
When retrieving data for the Remote Network Monitoring Management Information Base (RMON-MIB), the snmpd daemon may have leaked file descriptors. As a result, the file descriptors available to the snmpd process may have been exhausted, rendering the daemon unable to respond to SNMP requests. With this update, all unnecessary file descriptors are appropriately closed, and snmpd now works as expected.
BZ#561882
When a network interface was not active and the snmpd service was unable to obtain its real speed from the kernel, it incorrectly reported an erroneous value of the IF-MIB::ifSpeed object. This update corrects the snmpd daemon to report the correct speed if the kernel provides it, and not to report the speed of a disabled network at all if it cannot be obtained.
BZ#562376, BZ#653780
Prior to this update, the snmpd daemon did not initialize the structures for the IP-MIB::ipSystemStatsTable and IP-MIB::ipIfStatsTable tables properly. Consequent to this, when a counter in these tables exceeded 32 bits, the following error message may have been written to the system log:
looks like a 64bit wrap, but prev!=new
This update corrects the initialization of the aforementioned tables, resolving this issue.
BZ#574035
Prior to this update, when a user provided a passphrase that was too short, various SNMP utilities such as snmpget or snmpwalk incorrectly returned exit code 0. This error no longer occurs, and the SNMP utilities now return a non-zero exit code in this scenario.
BZ#584769
Previously, the logrotate configuration file shipped with the net-snmp packages restarted the snmpd daemon whenever the /var/log/snmpd.log file was rotated. However, this led to an unnecessary interruption of the SNMP service, and may have negatively affected several SNMP counters. With this update, the aforementioned configuration file has been adapted to only notify the running snmpd daemon that the log file should be reopened, and no longer interrupts the SNMP service.

Note

By default, the snmpd daemon writes messages to the system log (that is, the /var/log/messages file). Since logging to the /var/log/snmpd.log file is optional and must be enabled manually, most users were not affected by this bug.
BZ#587617
The upstream test suite that was previously shipped as part of the source RPM package did not work with the TCP and UDP protocols for IPv6, and reported false errors. This update adapts the test suite to work with IPv6 as expected.
BZ#587785
When responding to an SNMP GET request of an unknown row in the IF-MIB::ifTable table, the Net-SNMP daemon incorrectly returned a noCreation error. This update applies a patch that resolves this issue, and the snmpd daemon now correctly returns a noSuchInstance error as specified by the SNMP standards.
BZ#591416
During recompilation of the net-snmp source package, the configure script reported an error. Although this error was completely harmless and did not affect the resulting build in any way, it unnecessarily polluted the output of the rpmbuild command. To prevent this, the error in the header ordering has been fixed so that the package can be rebuilt with no error messages.
BZ#595322
Prior to this update, index values of the HOST-RESOURCES-MIB::hrFSTable and HOST-RESOURCES-MIB::hrStorageTable tables were not persistent across device remounts (that is, a particular index may have been different before and after a device was unmounted and mounted again). With this update, the snmpd daemon has been updated to keep track of mounted and unmounted devices in order to retain the same indexes across remounts.
BZ#600319
Previously, the snmpd daemon was updated to send SNMP responses to broadcast requests from the same interface on which the SNMP was received. However, this update also introduced an error which prevented it from sending responses to unicast request on multihomed machines (that is, on machines with multiple network interfaces, each facing a different network). This update corrects this error so that the snmpd daemon is now able to both answer unicast requests on multihomed machines and send responses to broadcast requests from the same interface on which the request was received.
BZ#630905
Due to a possible race condition, the snmpd daemon may have failed to count some processes when populating the UCD-SNMP-MIB::prTable table. With this update, the underlying source code has been adapted to prevent such a race condition so that all processes are now counted as expected.
BZ#645303
Due to a possible overflow of a 32-bit signed integer, the snmptranslate tool may have reported wrong ranges of objects with the Unsigned32 syntax. This update adapts snmptranslate to use 64-bit values for integer ranges, so that the utility no longer produces incorrect Unsigned32 ranges.
BZ#645317
Previously, the snmpd service returned an incorrect value of the IP-MIB::ipv6InterfaceForwarding object: for forwarding it reported 0 instead of 1, and for notForwarding it reported 1 instead of 2. With this update, this error no longer occurs, and snmpd now reports the value of IP-MIB::ipv6InterfaceForwarding in accordance with RFC 4293.
BZ#654384
Previously, the snmpd daemon strictly implemented RFC 2780. However, this specification no longer scales well with modern big storage devices with small allocation units, and consequently, snmpd reported a wrong value of the HOST-RESOURCES-MIB::hrStorageSize object when working with a large file system (larger than 16TB), because the accurate value would not fit into Integer32 as specified in the RFC. To address this issue, this update adds a new option to the /etc/snmp/snmpd.conf configuration file, realStorageUnits. By changing the value of this option to 0, users can now enable recalculating all values in hrStorageTable to ensure that the multiplication of hrStorageSize and hrStorageAllocationUnits always produces an accurate device size. On the other hand, the values of hrStorageAllocationUnits are artificial and do not represent the real size of the allocation unit on the storage device.
BZ#659354
When running on a big-endian machine, the snmpd daemon reported wrong values of storage sizes in the HOST-RESOURCES-MIB::hrStorageTable table. This was caused by incorrect use of pointers to integers of a different size. With this update, the snmpd daemon has been adapted to use pointers to integer values in the HOST-RESOURCES-MIB::hrStorageTable implementation. As a result, the sizes in the aforementioned table are now reported correctly.
BZ#663863
When an object identifier (OID) was out of the subtree registered by the proxy statement in the /etc/snmp/snmpd.conf configuration file, the previous version of the snmpd daemon failed to use a correct OID of proxied GETNEXT requests. With this update, snmpd now adjusts the OIDs of proxied GETNEXT requests correctly and sends correct requests to the remote agent as expected.
BZ#676669
After processing the SIGUP signal, the snmpd daemon may have stopped to report a correct value in the HOST-RESOURCES-MIB::hrStorageTable table. This update corrects this error so that when the SIGHUP signal is processed, the snmpd daemon now provides correct values in HOST-RESOURCES-MIB::hrStorageTable.
BZ#676955
The previous version of snmptrapd, the Net-SNMP daemon for processing traps, leaked memory when processing incoming SNMP traps in embedded Perl. This caused the amount of consumed memory to grow over time, making the memory consumption was even larger if the daemon was processing SNMPv1 traps. With this update, the underlying source code has been adapted to prevent such memory leaks, and processing incoming SNMP traps in embedded Perl no longer increases the memory consumption.
BZ#680347
The previous version of the snmpd daemon failed to detect newly added or activated interfaces, and did not show them in the IPV6-MIB::ipv6IfTable table. With this update, a patch has been applied to address this issue, and the snmpd daemon now properly refreshes the table whenever a new interface appears.
BZ#683142
Prior to this update, the snmpd daemon did not detect errors when accessing the /proc file system. Consequent to this, an attempt to read information about an exited process while gathering information for a HOST-RESOURCES-MIB::hrSWRunTable table caused the daemon to terminate unexpectedly with a segmentation fault. This update adapts the underlying source code to make sure that such errors are now properly detected, and snmpd no longer crashes when populating HOST-RESOURCES-MIB::hrSWRunTable.
BZ#704443
The previous version of the snmpd daemon incorrectly processed requests with malformed Basic Encoding Rules (BER), namely with the wrong type field of Community, RequestID, Error-status, and Error-index attributes. The updated snmpd daemon properly checks encoding of incoming packets and silently drops malformed requests as required by SNMP RFCs.
BZ#556842
Previously, the SYNOPSIS section of the snmpnetstat(1) manual page incorrectly listed the -CP option instead of -Cp. This error has been fixed so that the aforementioned manual page no longer contains misleading information.
BZ#583807
In the description of the linkUpDownNotifications directive, the snmpd.conf(5) manual page treats the linkUp and linkDown notifications as containing the ifIndex, ifAdminStatus, and ifOperStatus objects. Previously, the snmpd daemon did not include these objects in outgoing notifications. With this update, the snmpd daemon has been adapted to add these objects to the outgoing notifications as described in the manual page.
BZ#613584
Prior to this update, the help messages of various SNMP-related tools and their corresponding manual pages (such as the snmptrapd(8) page) incorrectly suggested -D token as a valid syntax of the -D command line option. This update corrects this error, and both manual pages and help messages of the affected tools now strictly use the -Dtoken syntax as expected.

Enhancements:

BZ#664523
With this update, the UCD-SNMP-MIB::dskTable table has been enhanced to report 64-bit statistics of available, used, and free disk space. As a result, the table now provides the following new columns: dskTotalLow, dskTotalHigh, dskAvailLow, dskAvailHigh, dskUsedLow, and dskUsedHigh.
All users of net-snmp are advised to upgrade to these updated packages, which fix these bugs and add this enhancement.