1.101. net-snmp
1.101.1. RHBA-2011:1076: net-snmp bug fix and enhancement update
Updated net-snmp packages that fix several bugs and add one enhancement are now available for Red Hat Enterprise Linux 5.
Important
This update was released as errata RHBA-2011:1076 — net-snmp bug fix and enhancement update.
The net-snmp packages provide various libraries and tools for the Simple Network Management Protocol (SNMP), including an SNMP library, an extensible agent, tools for requesting or setting information from SNMP agents, tools for generating and handling SNMP traps, a version of the
netstat
command which uses SNMP, and a Tk/Perl management information base (MIB) browser.
Bug Fixes:
- BZ#554956
- When running on a machine with an aliased network interface, a small memory leak may have occurred and the
snmpd
daemon may have incorrectly spammed syslog with the following message:error on subcontainer '' insert (-1)
Although the message itself is completely harmless, it may have filled the system log. This update adapts the underlying source code to make sure thesnmpd
no longer leaks memory or produces the aforementioned message when processing aliased interfaces. - BZ#556824
- When running on a big-endian machine, the
snmpd
daemon incorrectly mixed pointers to integers of a different size, and reported wrong indexes of theUDP-MIB::udpTable
table. With this update, this error no longer occurs, andsnmpd
now reports correct indexes. - BZ#557758
- When loading a list of installed RPM packages for the
HOST-RESOURCE::hrSWInstalledTable
table, a rare race condition may have occurred if an RPM package was being updated, installed, or removed at the same time, causing thesnmpd
daemon to terminate unexpectedly with a segmentation fault. With this update,snmpd
has been adapted to recover from such a situation, and no longer crashes in this scenario. - BZ#561875
- When retrieving data for the Remote Network Monitoring Management Information Base (RMON-MIB), the
snmpd
daemon may have leaked file descriptors. As a result, the file descriptors available to thesnmpd
process may have been exhausted, rendering the daemon unable to respond to SNMP requests. With this update, all unnecessary file descriptors are appropriately closed, andsnmpd
now works as expected. - BZ#561882
- When a network interface was not active and the
snmpd
service was unable to obtain its real speed from the kernel, it incorrectly reported an erroneous value of theIF-MIB::ifSpeed
object. This update corrects thesnmpd
daemon to report the correct speed if the kernel provides it, and not to report the speed of a disabled network at all if it cannot be obtained. - BZ#562376, BZ#653780
- Prior to this update, the
snmpd
daemon did not initialize the structures for theIP-MIB::ipSystemStatsTable
andIP-MIB::ipIfStatsTable
tables properly. Consequent to this, when a counter in these tables exceeded 32 bits, the following error message may have been written to the system log:looks like a 64bit wrap, but prev!=new
This update corrects the initialization of the aforementioned tables, resolving this issue. - BZ#574035
- Prior to this update, when a user provided a passphrase that was too short, various SNMP utilities such as
snmpget
orsnmpwalk
incorrectly returned exit code 0. This error no longer occurs, and the SNMP utilities now return a non-zero exit code in this scenario. - BZ#584769
- Previously, the
logrotate
configuration file shipped with the net-snmp packages restarted thesnmpd
daemon whenever the/var/log/snmpd.log
file was rotated. However, this led to an unnecessary interruption of the SNMP service, and may have negatively affected several SNMP counters. With this update, the aforementioned configuration file has been adapted to only notify the runningsnmpd
daemon that the log file should be reopened, and no longer interrupts the SNMP service.Note
By default, thesnmpd
daemon writes messages to the system log (that is, the/var/log/messages
file). Since logging to the/var/log/snmpd.log
file is optional and must be enabled manually, most users were not affected by this bug. - BZ#587617
- The upstream test suite that was previously shipped as part of the source RPM package did not work with the TCP and UDP protocols for IPv6, and reported false errors. This update adapts the test suite to work with IPv6 as expected.
- BZ#587785
- When responding to an SNMP
GET
request of an unknown row in theIF-MIB::ifTable
table, the Net-SNMP daemon incorrectly returned anoCreation
error. This update applies a patch that resolves this issue, and thesnmpd
daemon now correctly returns anoSuchInstance
error as specified by the SNMP standards. - BZ#591416
- During recompilation of the net-snmp source package, the
configure
script reported an error. Although this error was completely harmless and did not affect the resulting build in any way, it unnecessarily polluted the output of therpmbuild
command. To prevent this, the error in the header ordering has been fixed so that the package can be rebuilt with no error messages. - BZ#595322
- Prior to this update, index values of the
HOST-RESOURCES-MIB::hrFSTable
andHOST-RESOURCES-MIB::hrStorageTable
tables were not persistent across device remounts (that is, a particular index may have been different before and after a device was unmounted and mounted again). With this update, thesnmpd
daemon has been updated to keep track of mounted and unmounted devices in order to retain the same indexes across remounts. - BZ#600319
- Previously, the
snmpd
daemon was updated to send SNMP responses to broadcast requests from the same interface on which the SNMP was received. However, this update also introduced an error which prevented it from sending responses to unicast request on multihomed machines (that is, on machines with multiple network interfaces, each facing a different network). This update corrects this error so that thesnmpd
daemon is now able to both answer unicast requests on multihomed machines and send responses to broadcast requests from the same interface on which the request was received. - BZ#630905
- Due to a possible race condition, the
snmpd
daemon may have failed to count some processes when populating theUCD-SNMP-MIB::prTable
table. With this update, the underlying source code has been adapted to prevent such a race condition so that all processes are now counted as expected. - BZ#645303
- Due to a possible overflow of a 32-bit signed integer, the
snmptranslate
tool may have reported wrong ranges of objects with the Unsigned32 syntax. This update adaptssnmptranslate
to use 64-bit values for integer ranges, so that the utility no longer produces incorrect Unsigned32 ranges. - BZ#645317
- Previously, the
snmpd
service returned an incorrect value of theIP-MIB::ipv6InterfaceForwarding
object: forforwarding
it reported0
instead of1
, and fornotForwarding
it reported1
instead of2
. With this update, this error no longer occurs, andsnmpd
now reports the value ofIP-MIB::ipv6InterfaceForwarding
in accordance with RFC 4293. - BZ#654384
- Previously, the
snmpd
daemon strictly implemented RFC 2780. However, this specification no longer scales well with modern big storage devices with small allocation units, and consequently,snmpd
reported a wrong value of theHOST-RESOURCES-MIB::hrStorageSize
object when working with a large file system (larger than 16TB), because the accurate value would not fit into Integer32 as specified in the RFC. To address this issue, this update adds a new option to the/etc/snmp/snmpd.conf
configuration file,realStorageUnits
. By changing the value of this option to0
, users can now enable recalculating all values inhrStorageTable
to ensure that the multiplication ofhrStorageSize
andhrStorageAllocationUnits
always produces an accurate device size. On the other hand, the values ofhrStorageAllocationUnits
are artificial and do not represent the real size of the allocation unit on the storage device. - BZ#659354
- When running on a big-endian machine, the
snmpd
daemon reported wrong values of storage sizes in theHOST-RESOURCES-MIB::hrStorageTable
table. This was caused by incorrect use of pointers to integers of a different size. With this update, thesnmpd
daemon has been adapted to use pointers to integer values in theHOST-RESOURCES-MIB::hrStorageTable
implementation. As a result, the sizes in the aforementioned table are now reported correctly. - BZ#663863
- When an object identifier (OID) was out of the subtree registered by the
proxy
statement in the/etc/snmp/snmpd.conf
configuration file, the previous version of thesnmpd
daemon failed to use a correct OID of proxiedGETNEXT
requests. With this update,snmpd
now adjusts the OIDs of proxiedGETNEXT
requests correctly and sends correct requests to the remote agent as expected. - BZ#676669
- After processing the
SIGUP
signal, thesnmpd
daemon may have stopped to report a correct value in theHOST-RESOURCES-MIB::hrStorageTable
table. This update corrects this error so that when theSIGHUP
signal is processed, thesnmpd
daemon now provides correct values inHOST-RESOURCES-MIB::hrStorageTable
. - BZ#676955
- The previous version of
snmptrapd
, the Net-SNMP daemon for processing traps, leaked memory when processing incoming SNMP traps in embedded Perl. This caused the amount of consumed memory to grow over time, making the memory consumption was even larger if the daemon was processing SNMPv1 traps. With this update, the underlying source code has been adapted to prevent such memory leaks, and processing incoming SNMP traps in embedded Perl no longer increases the memory consumption. - BZ#680347
- The previous version of the
snmpd
daemon failed to detect newly added or activated interfaces, and did not show them in theIPV6-MIB::ipv6IfTable
table. With this update, a patch has been applied to address this issue, and thesnmpd
daemon now properly refreshes the table whenever a new interface appears. - BZ#683142
- Prior to this update, the
snmpd
daemon did not detect errors when accessing the/proc
file system. Consequent to this, an attempt to read information about an exited process while gathering information for aHOST-RESOURCES-MIB::hrSWRunTable
table caused the daemon to terminate unexpectedly with a segmentation fault. This update adapts the underlying source code to make sure that such errors are now properly detected, andsnmpd
no longer crashes when populatingHOST-RESOURCES-MIB::hrSWRunTable
. - BZ#704443
- The previous version of the
snmpd
daemon incorrectly processed requests with malformed Basic Encoding Rules (BER), namely with the wrongtype
field ofCommunity
,RequestID
,Error-status
, andError-index
attributes. The updatedsnmpd
daemon properly checks encoding of incoming packets and silently drops malformed requests as required by SNMP RFCs. - BZ#556842
- Previously, the SYNOPSIS section of the
snmpnetstat
(1) manual page incorrectly listed the-CP
option instead of-Cp
. This error has been fixed so that the aforementioned manual page no longer contains misleading information. - BZ#583807
- In the description of the
linkUpDownNotifications
directive, thesnmpd.conf
(5) manual page treats thelinkUp
andlinkDown
notifications as containing theifIndex
,ifAdminStatus
, andifOperStatus
objects. Previously, thesnmpd
daemon did not include these objects in outgoing notifications. With this update, thesnmpd
daemon has been adapted to add these objects to the outgoing notifications as described in the manual page. - BZ#613584
- Prior to this update, the help messages of various SNMP-related tools and their corresponding manual pages (such as the
snmptrapd
(8) page) incorrectly suggested-D
token as a valid syntax of the-D
command line option. This update corrects this error, and both manual pages and help messages of the affected tools now strictly use the-D
token syntax as expected.
Enhancements:
- BZ#664523
- With this update, the
UCD-SNMP-MIB::dskTable
table has been enhanced to report 64-bit statistics of available, used, and free disk space. As a result, the table now provides the following new columns:dskTotalLow
,dskTotalHigh
,dskAvailLow
,dskAvailHigh
,dskUsedLow
, anddskUsedHigh
.
All users of net-snmp are advised to upgrade to these updated packages, which fix these bugs and add this enhancement.