Creating SNMPD Agent - Writeable objects and more

Question

Apologize for the long post, majority of it are config files that need to be shown.

I've been creating my own SNMP agent. For creating my MIB and snmpd.conf file I've just searched the web for answers. For actually implementing the handlers I've used the example.c/.h found at http://www.net-snmp.org/dev/agent/example_8c_source.html

I'm using another PC (all Linux) to test my implementation and so far I've only been able to get snmpwalk/snmpget commands to work.

I've setup the WriteMethod function inside my source file for my setable objects. Problem is, I do not think this code is getting executed when trying to set the object.

Below is an example of trying to set the object:

root@jt:/usr/share/snmp/mibs# snmpset -v 2c -c communityNameHere -m MIB-NAME-HERE.txt 10.20.30.40 1.3.6.1.4.1.12345.1 s "0"
MIB search path: /root/.snmp/mibs:/usr/share/snmp/mibs:/usr/share/snmp/mibs/iana:/usr/share/snmp/mibs/ietf:/usr/share/mibs/site:/usr/share/snmp/mibs:/usr/share/mibs/iana:/usr/share/mibs/ietf:/usr/share/mibs/netsnmp
Cannot find module (MIB-NAME-HERE.txt): At line 0 in (none)
Error in packet.
Reason: notWritable (That object does not support modification)
Failed object: iso.3.6.1.4.1.12345.1

I've also tried to use snmpset without the -m option. I've tried using -m +MIB-NAME-HERE.txt as well.

Question - I have snmp.conf commented out. How can it not find the module when the MIB I specify is in /usr/share/snmp/mibs ?

Below is my MIB :

MIB-NAME-HERE DEFINITIONS ::= BEGIN

IMPORTS
    MODULE-IDENTITY, OBJECT-TYPE, Integer32, enterprises,
    NOTIFICATION-TYPE                       FROM SNMPv2-SMI
    OBJECT-GROUP, NOTIFICATION-GROUP        FROM SNMPv2-CONF
;

testSnmp MODULE-IDENTITY
    LAST-UPDATED "201505200000Z"
    ORGANIZATION "www.example.com"
    CONTACT-INFO
         "email: support@example.com"
    DESCRIPTION
        "MIB Example."
    REVISION     "201505200000Z"
    DESCRIPTION
        "version 1.0"
    ::= { enterprises 12345 }

--
-- top level structure
--
   testSnmpValues       OBJECT IDENTIFIER ::= { testSnmp 1 }

testSnmpValuesGroup OBJECT-GROUP
    OBJECTS { testObject
            }

    STATUS current
    DESCRIPTION
           "Group of all test variables."

    ::= { testSnmp 4 }

--
-- Values
--

testObject OBJECT-TYPE
    SYNTAX      OCTET STRING (SIZE(1..4096))
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "Test Example"
    ::= { testSnmpValues 1 }

Question - What is the purpose of :

   testSnmpValues       OBJECT IDENTIFIER ::= { testSnmp 1 }

testSnmpValuesGroup OBJECT-GROUP
    OBJECTS { testObject
            }

    STATUS current
    DESCRIPTION
           "Group of all test variables."

    ::= { testSnmp 4 }

Now for my snmpd.conf file :

###############################################################################
#
# snmpd.conf:
#   Test snmpd configuration file.  (See EXAMPLE.conf as a reference)
#
###############################################################################
# By default snmp looks here:
# /etc/snmp/snmpd.conf.
# Use '-C -c <configfile>' to override.
#

###############################################################################
# Access Control
###############################################################################

#       sec.name  source          community
com2sec testall    default         communityNameHere
#---- Community 'communityNameHere' uses security name 'testall'. 'source' selects which IPs can connect.


####
# Second, map the security names into group names:
#               sec.model  sec.name
group TestGroup  v1         testall
group TestGroup  v2c        testall
group TestGroup  usm        testall

####
# Third, create a view for us to let the groups have rights to:
#           incl/excl subtree                          mask
#view all    included  .1                               80
view testview included .1.3.6.1.4.1.12345
#---- testview - A view which only allows access to Test OIDs.

####
# Finally, grant the groups access to the 1 view with different
# write permissions:
#                context sec.model sec.level match  read    write   notif
#---- Grant read access to TEST group for all security models.
access  TestGroup ""      any       noauth    exact  testview testview testview

# -----------------------------------------------------------------------------

# load the testsnmp module
dlmod testsnmp /usr/local/testsnmp.so

Question - Is there something I am missing to make an object writeable? I've seen other snmpd.conf files with different formats but I assume that shouldn't matter?

Answer 1

Your MIB file missing "END" at the end, you can validate it here: simpleweb mib validation I named my community "public" and had to add this in /etc/snmp/snmpd.conf

com2sec ConfigUser default public com2sec AllUser default public group ConfigGroup v1 ConfigUser group AllGroup v2c AllUser

Now you shall be able to do your tests with v1. I had to do export MIBS="MY-MIB", whereas MY-MIB.txt is my MIB file, which I put info /usr/local/share/snmp/mibs/. I don't remember exactly whether it was required for mib2c tool or if you can skip defining MIBS variable.

Then you could start snmpd with -d switch to see debug output, start your agent and can do testing. I had to enable ports used by snmpd in my firewall, which were blocked by default. I can test read/write on my dummy value with:

snmpget -v1 -c public localhost:10161 MY-MIB::test2.0
MY-MIB::test2.0 = INTEGER: 43 tests
snmpset -v1 -c public localhost:10161 MY-MIB::test2.0 = 123
MY-MIB::test2.0 = INTEGER: 123 tests

As long as you have a working agent, this shall work, you can use also mib2c to create simple sub-agent for your test-MIB and test it with it, just to make sure your config+agent is all right.

Answer 2

You generally don't need a MIB for net-snmp to work. It is enough when you have the OID specified in the .c file.

Are you trying the snmpset/get/walk on a remote PC or on the same one. I had to specifie in my snmpd.conf the -> agentAddress udp:161 Without it i didn't had access.