Unable to send snmp v3 trap with Auth and Priv

Question

I'm struggling from past few days to send SNMPV3 trap using Auth and priv phrase. Here is my code.

Trap Receiver

private void init() throws UnknownHostException, IOException {
        threadPool = ThreadPool.create("Trap", 10);
        dispatcher = new MultiThreadedMessageDispatcher(threadPool,
                new MessageDispatcherImpl());
        listenAddress = GenericAddress.parse(System.getProperty(
                "snmp4j.listenAddress", "udp:0.0.0.0/165"));
        TransportMapping<?> transport;
        if (listenAddress instanceof UdpAddress) {
            transport = new DefaultUdpTransportMapping(
                    (UdpAddress) listenAddress);
        } else {
            transport = new DefaultTcpTransportMapping(
                    (TcpAddress) listenAddress);
        }
        USM usm = new USM(SecurityProtocols.getInstance(), new OctetString(
                MPv3.createLocalEngineID()), 0);
        usm.setEngineDiscoveryEnabled(true);

        snmp = new Snmp(dispatcher, transport);
        snmp.getMessageDispatcher().addMessageProcessingModel(new MPv1());
        snmp.getMessageDispatcher().addMessageProcessingModel(new MPv2c());
        snmp.getMessageDispatcher().addMessageProcessingModel(new MPv3(usm));
        SecurityModels.getInstance().addSecurityModel(usm);
        snmp.getUSM().addUser(  new OctetString("MD5DES"),
                new UsmUser(new OctetString("karthikprasad"), AuthMD5.ID,
                        new OctetString("UserName"), PrivDES.ID,
                        new OctetString("PasswordUser")));
        snmp.getUSM().addUser(new OctetString("MD5DES"),
                new UsmUser(new OctetString("MD5DES"), null, null, null, null));

        snmp.listen();
}

Trap Sender

private static void sendSnmpV3Trap() {
        try {
            long start = System.currentTimeMillis();
            Address targetAddress = GenericAddress.parse("udp:" + ipAddress
                    + "/" + port);

            // Create Transport Mapping
            TransportMapping<?> transport = new DefaultUdpTransportMapping();
            Snmp snmp = new Snmp(transport);
            USM usm = new USM(SecurityProtocols.getInstance(), new OctetString(
                    MPv3.createLocalEngineID()), 0);
            SecurityModels.getInstance().addSecurityModel(usm);
            transport.listen();

            snmp.getUSM().addUser(  new OctetString("MD5DES"),
                    new UsmUser(new OctetString("karthikprasad"), AuthMD5.ID,
                            new OctetString("UserName"), PrivDES.ID,
                            new OctetString("PasswordUser")));

            // Create Target
            UserTarget target = new UserTarget();
            target.setAddress(targetAddress);
            target.setRetries(1);

            // set timeout
            target.setTimeout(11500);
            target.setVersion(SnmpConstants.version3);
            target.setSecurityLevel(SecurityLevel.AUTH_PRIV);
            target.setSecurityName(new OctetString("karthikprasad"));
            target.setSecurityModel(SecurityModel.SECURITY_MODEL_USM);

            // Create PDU for V3
            ScopedPDU pdu = new ScopedPDU();
            pdu.setType(ScopedPDU.NOTIFICATION);

            // need to specify the system up time
            long sysUpTime = (System.currentTimeMillis() - start) / 10;
            pdu.add(new VariableBinding(SnmpConstants.sysUpTime, new TimeTicks(
                    sysUpTime)));
            pdu.add(new VariableBinding(SnmpConstants.snmpTrapOID,
                    SnmpConstants.linkDown));
            pdu.add(new VariableBinding(new OID("1.3.6.1.2.1.2.2.1.1.1"),
                    new Integer32(1)));

            // Send the PDU
            System.out.println("Sending V3 Trap to " + ipAddress + " on Port "
                    + port);
            snmp.send(pdu, target);
            snmp.addCommandResponder(new CommandResponder() {
                @Override
                public void processPdu(CommandResponderEvent arg0) {
                    System.out.println(arg0);
                }
            });
            snmp.close();
        } catch (Exception e) {
            System.err.println("Error in Sending V2 Trap to " + ipAddress
                    + " on Port " + port);
            System.err.println("Exception Message = " + e.getMessage());
        }
    }

When I set noauthand nopriv it works fine. But when I set to authpriv I'm not getting the trap message. And even not getting any error in sender when I enabled debug. I tried to copy the file to another machine and run the receiver and send the trap and monitored network using wireshark and I was able to find the message coming to destination server but its not getting passed on to the receiver. I believe some problem is happening while decryption. Can somebody help me out? Btw I'm using jdk 6 update 32.

Answer 1

working Example for snmp v3 trap receiver

private synchronized void startTrapReceiver() throws UnknownHostException,
            IOException {
    ThreadPool threadPool = ThreadPool.create("DispatcherPool", 10);

    Address listenAddress = new UdpAddress("localhost/162");
    TransportMapping transport;
    if (listenAddress instanceof UdpAddress) {
        transport = new DefaultUdpTransportMapping(
                (UdpAddress) listenAddress);
    } else {
        transport = new DefaultTcpTransportMapping(
                (TcpAddress) listenAddress);
    }
    USM usm = new USM(SecurityProtocols.getInstance(), new OctetString(
            MPv3.createLocalEngineID()), 0);
    usm.setEngineDiscoveryEnabled(true);

    MessageDispatcher mDispathcher = new MultiThreadedMessageDispatcher(
            threadPool, new MessageDispatcherImpl());

    // add message processing models
    mDispathcher.addMessageProcessingModel(new MPv1());
    mDispathcher.addMessageProcessingModel(new MPv2c());
    mDispathcher.addMessageProcessingModel(new MPv3(usm));
    // add all security protocols
    SecurityProtocols.getInstance().addDefaultProtocols();
    SecurityProtocols.getInstance().addPrivacyProtocol(new Priv3DES());

    SecurityModels.getInstance().addSecurityModel(usm);

    CommunityTarget target = new CommunityTarget();

    target.setCommunity(new OctetString("public"));

    Snmp snmp = new Snmp(mDispathcher, transport);

    snmp.getUSM().addUser(
            new OctetString("MD5DES"),
            new UsmUser(new OctetString("saikrishna"), AuthMD5.ID,
                    new OctetString("saikrishnapassword"), PrivDES.ID,
                    new OctetString("PasswordUser")));
    snmp.addCommandResponder(this);

    transport.listen();
    System.out.println("listening");
    try {
        this.wait();
    } catch (InterruptedException ex) {
        Thread.currentThread().interrupt();
    }
}

public synchronized void processPdu(CommandResponderEvent cmdRespEvent) {
    System.out.println("Received PDU...");
    PDU pdu = cmdRespEvent.getPDU();
    if (pdu != null) {
        System.out.println("Trap Type = " + pdu.getType());
        System.out.println("Variables = " + pdu.getVariableBindings());
    }
}

Answer 2

Using a wrapped API like friendly snmp makes thinks not easier but harder to understand and debug. The problem here is most likely, that sender and reveiver have the same engine ID which is not allowed by SNMPv3.

Because this was a common error of many users, the MPv3.createLocalEngineID method uses a random component within the created engine ID in the latest SNMP4J releases (since 2.2.4) to avoid this error in the future.

Answer 3

SNMPv3 is tricky to setup. Try using http://friendlysnmp.org on top of SNMP4j. FriendlySNMP supports all SNMP versions, including v2c and v3.