blob: daecb73c9a66f67de713c697cbf90b467099daf5 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
|
#!/bin/sh /etc/rc.common
# Copyright (C) 2008 OpenWrt.org
START=99
USE_PROCD=1
PROG="/usr/sbin/snmpd"
CONFIGFILE="/var/run/snmpd.conf"
snmpd_agent_add() {
local cfg="$1"
config_get agentaddress "$cfg" agentaddress
[ -n "$agentaddress" ] || return 0
echo "agentaddress $agentaddress" >> $CONFIGFILE
}
snmpd_agentx_add() {
local cfg="$1"
echo "master agentx" >> $CONFIGFILE
config_get agentxsocket "$cfg" agentxsocket
[ -n "$agentxsocket" ] && echo "agentXSocket $agentxsocket" >> $CONFIGFILE
}
snmpd_system_add() {
local cfg="$1"
config_get syslocation "$cfg" sysLocation
[ -n "$syslocation" ] && echo "sysLocation $syslocation" >> $CONFIGFILE
config_get syscontact "$cfg" sysContact
[ -n "$syscontact" ] && echo "sysContact $syscontact" >> $CONFIGFILE
config_get sysname "$cfg" sysName
[ -n "$sysname" ] && echo "sysName $sysname" >> $CONFIGFILE
config_get sysservice "$cfg" sysService
[ -n "$sysservice" ] && echo "sysService $sysservice" >> $CONFIGFILE
config_get sysdescr "$cfg" sysDescr
[ -n "$sysdescr" ] && echo "sysDescr $sysdescr" >> $CONFIGFILE
config_get sysobjectid "$cfg" sysObjectID
[ -n "$sysobjectid" ] && echo "sysObjectID $sysobjectid" >> $CONFIGFILE
}
snmpd_com2sec_add() {
local cfg="$1"
config_get secname "$cfg" secname
[ -n "$secname" ] || return 0
config_get source "$cfg" source
[ -n "$source" ] || return 0
config_get community "$cfg" community
[ -n "$community" ] || return 0
echo "com2sec $secname $source $community" >> $CONFIGFILE
}
snmpd_com2sec6_add() {
local cfg="$1"
config_get secname "$cfg" secname
[ -n "$secname" ] || return 0
config_get source "$cfg" source
[ -n "$source" ] || return 0
config_get community "$cfg" community
[ -n "$community" ] || return 0
echo "com2sec6 $secname $source $community" >> $CONFIGFILE
}
snmpd_group_add() {
local cfg="$1"
config_get group "$cfg" group
[ -n "$group" ] || return 0
config_get version "$cfg" version
[ -n "$version" ] || return 0
config_get secname "$cfg" secname
[ -n "$secname" ] || return 0
echo "group $group $version $secname" >> $CONFIGFILE
}
snmpd_view_add() {
local cfg="$1"
config_get viewname "$cfg" viewname
[ -n "$viewname" ] || return 0
config_get type "$cfg" type
[ -n "$type" ] || return 0
config_get oid "$cfg" oid
[ -n "$oid" ] || return 0
# optional mask
config_get mask "$cfg" mask
echo "view $viewname $type $oid $mask" >> $CONFIGFILE
}
snmpd_access_add() {
local cfg="$1"
config_get group "$cfg" group
[ -n "$group" ] || return 0
config_get context "$cfg" context
[ -n $context ] || return 0
[ "$context" == "none" ] && context='""'
config_get version "$cfg" version
[ -n "$version" ] || return 0
config_get level "$cfg" level
[ -n "$level" ] || return 0
config_get prefix "$cfg" prefix
[ -n "$prefix" ] || return 0
config_get read "$cfg" read
[ -n "$read" ] || return 0
config_get write "$cfg" write
[ -n "$write" ] || return 0
config_get notify "$cfg" notify
[ -n "$notify" ] || return 0
echo "access $group $context $version $level $prefix $read $write $notify" >> $CONFIGFILE
}
snmpd_trap_hostname_add() {
local cfg="$1"
config_get hostname "$cfg" HostName
config_get port "$cfg" Port
config_get community "$cfg" Community
config_get type "$cfg" Type
echo "$type $hostname $community $port" >> $CONFIGFILE
}
snmpd_trap_ip_add() {
local cfg="$1"
config_get host_ip "$cfg" HostIP
config_get port "$cfg" Port
config_get community "$cfg" Community
config_get type "$cfg" Type
echo "$type $host_ip $community $port" >> $CONFIGFILE
}
snmpd_access_default_add() {
local cfg="$1"
config_get mode "$cfg" Mode
config_get community "$cfg" CommunityName
config_get oidrestrict "$cfg" RestrictOID
config_get oid "$cfg" RestrictedOID
echo -n "$mode $community default" >> $CONFIGFILE
[ "$oidrestrict" == "yes" ] && echo " $oid" >> $CONFIGFILE
[ "$oidrestrict" == "no" ] && echo "" >> $CONFIGFILE
}
snmpd_access_HostName_add() {
local cfg="$1"
config_get hostname "$cfg" HostName
config_get mode "$cfg" Mode
config_get community "$cfg" CommunityName
config_get oidrestrict "$cfg" RestrictOID
config_get oid "$cfg" RestrictedOID
echo -n "$mode $community $hostname" >> $CONFIGFILE
[ "$oidrestrict" == "yes" ] && echo " $oid" >> $CONFIGFILE
[ "$oidrestrict" == "no" ] && echo "" >> $CONFIGFILE
}
snmpd_access_HostIP_add() {
local cfg="$1"
config_get host_ip "$cfg" HostIP
config_get ip_mask "$cfg" IPMask
config_get mode "$cfg" Mode
config_get community "$cfg" CommunityName
config_get oidrestrict "$cfg" RestrictOID
config_get oid "$cfg" RestrictedOID
echo -n "$mode $community $host_ip/$ip_mask" >> $CONFIGFILE
[ "$oidrestrict" == "yes" ] && echo " $oid" >> $CONFIGFILE
[ "$oidrestrict" == "no" ] && echo "" >> $CONFIGFILE
}
snmpd_pass_add() {
local cfg="$1"
local pass='pass'
config_get miboid "$cfg" miboid
[ -n "$miboid" ] || return 0
config_get prog "$cfg" prog
[ -n "$prog" ] || return 0
config_get_bool persist "$cfg" persist 0
[ $persist -ne 0 ] && pass='pass_persist'
config_get priority "$cfg" priority
priority=${priority:+-p $priority}
echo "$pass $priority $miboid $prog" >> $CONFIGFILE
}
snmpd_exec_add() {
local cfg="$1"
config_get name "$cfg" name
[ -n "$name" ] || return 0
config_get prog "$cfg" prog
[ -n "$prog" ] || return 0
config_get args "$cfg" args
config_get miboid "$cfg" miboid
echo "exec $miboid $name $prog $args" >> $CONFIGFILE
}
snmpd_extend_add() {
local cfg="$1"
config_get name "$cfg" name
[ -n "$name" ] || return 0
config_get prog "$cfg" prog
[ -n "$prog" ] || return 0
config_get args "$cfg" args
config_get miboid "$cfg" miboid
echo "extend $miboid $name $prog $args" >> $CONFIGFILE
}
snmpd_disk_add() {
local cfg="$1"
local disk='disk'
config_get partition "$cfg" partition
[ -n "$partition" ] || return 0
config_get size "$cfg" size
[ -n "$size" ] || return 0
echo "$disk $partition $size" >> $CONFIGFILE
}
snmpd_engineid_add() {
local cfg="$1"
config_get engineid "$cfg" engineid
[ -n "$engineid" ] && echo "engineID $engineid" >> $CONFIGFILE
config_get engineidtype "$cfg" engineidtype
[ "$engineidtype" -ge 1 -a "$engineidtype" -le 3 ] && \
echo "engineIDType $engineidtype" >> $CONFIGFILE
config_get engineidnic "$cfg" engineidnic
[ -n "$engineidnic" ] && echo "engineIDNic $engineidnic" >> $CONFIGFILE
}
snmpd_sink_add() {
local cfg="$1"
local section="$2"
local community
local port
local host
config_get host "$cfg" host
[ -n "section" -a -n "$host" ] || return 0
# optional community
config_get community "$cfg" community
# optional port
config_get port "$cfg" port
port=${port:+:$port}
echo "$section $host$port $community" >> $CONFIGFILE
}
append_parm() {
local section="$1"
local option="$2"
local switch="$3"
local _loctmp
config_get _loctmp "$section" "$option"
[ -z "$_loctmp" ] && return 0
echo "$switch $_loctmp" >> $CONFIGFILE
}
append_authtrapenable() {
local section="$1"
local option="$2"
local switch="$3"
local _loctmp
config_get_bool _loctmp "$section" "$option"
[ -z "$_loctmp" ] && return 0
[ "$_loctmp" -gt 0 ] && echo "$switch $_loctmp" >> $CONFIGFILE
}
snmpd_setup_fw_rules() {
local net="$1"
local zone
zone=$(fw3 -q network "$net" 2>/dev/null)
local handled_zone
for handled_zone in $HANDLED_SNMP_ZONES; do
[ "$handled_zone" = "$zone" ] && return
done
json_add_object ""
json_add_string type rule
json_add_string src "$zone"
json_add_string proto udp
json_add_string dest_port 161
json_add_string target ACCEPT
json_close_object
HANDLED_SNMP_ZONES="$HANDLED_SNMP_ZONES $zone"
}
start_service() {
[ -f "$CONFIGFILE" ] && rm -f "$CONFIGFILE"
config_load snmpd
config_get_bool snmp_enabled general enabled 1
[ "$snmp_enabled" -eq 0 ] && return
procd_open_instance
config_foreach snmpd_agent_add agent
config_foreach snmpd_agentx_add agentx
config_foreach snmpd_system_add system
config_foreach snmpd_com2sec_add com2sec
config_foreach snmpd_com2sec6_add com2sec6
config_foreach snmpd_group_add group
config_foreach snmpd_view_add view
config_foreach snmpd_access_add access
config_foreach snmpd_trap_hostname_add trap_HostName
config_foreach snmpd_trap_ip_add trap_HostIP
config_foreach snmpd_access_default_add access_default
config_foreach snmpd_access_HostName_add access_HostName
config_foreach snmpd_access_HostIP_add access_HostIP
config_foreach snmpd_pass_add pass
config_foreach snmpd_exec_add exec
config_foreach snmpd_extend_add extend
config_foreach snmpd_disk_add disk
config_foreach snmpd_engineid_add engineid
append_parm trapcommunity community trapcommunity
config_foreach snmpd_sink_add trapsink trapsink
config_foreach snmpd_sink_add trap2sink trap2sink
config_foreach snmpd_sink_add informsink informsink
append_authtrapenable authtrapenable enable authtrapenable
append_parm v1trapaddress host v1trapaddress
append_parm trapsess trapsess trapsess
procd_set_param command $PROG -Lf /dev/null -f -r
procd_set_param file $CONFIGFILE
procd_set_param respawn
for iface in $(ls /sys/class/net 2>/dev/null); do
procd_append_param netdev "$iface"
done
procd_open_data
json_add_array firewall
config_list_foreach general network snmpd_setup_fw_rules
json_close_array
procd_close_data
procd_close_instance
}
service_stopped() {
[ -f "$CONFIGFILE" ] || return
rm -f "$CONFIGFILE"
procd_set_config_changed firewall
}
service_triggers(){
local script=$(readlink "$initscript")
local name=$(basename ${script:-$initscript})
procd_open_trigger
procd_add_raw_trigger "interface.*" 2000 /etc/init.d/$name reload
procd_close_trigger
procd_add_reload_trigger 'snmpd'
}
service_started() {
[ "$snmp_enabled" -eq 0 ] && return
procd_set_config_changed firewall
}
|