NAME
SNMP_Session - SNMPv1/v2 Protocol Handling
SYNOPSIS
use SNMP_Session;
$session = SNMP_Session->open ($host, $community, $port)
or die "couldn't open SNMP session to $host";
if ($session->get_request_response ($oid1, $oid2, ...)) {
($bindings) = $session->decode_get_response ($session->{pdu_buffer});
while ($bindings ne '') {
($binding,$bindings) = decode_sequence ($bindings);
($oid,$value) = decode_by_template ($binding, "%O%@");
print pretty_print ($oid)," => ", pretty_print ($value), "\n";
}
} else {
die "No response from agent on $host";
}
VARIABLES
The default_...
variables all specify default values that are used for SNMP_Session
objects when no other value is specified. These values can be overridden on a per-session basis, for example by passing additional arguments to the constructor.
$default_max_repetitions - default value for maxRepetitions
.
This specifies how many table rows are requested in getBulk
requests. Used when walking tables using getBulk
(only available in SNMPv2(c) and later). If this is too small, then a table walk will need unnecessarily many request/response exchanges. If it is too big, the agent may compute many variables after the end of the table. It is recommended to set this explicitly for each table walk by using map_table_4()
.
$default_avoid_negative_request_ids - default value for avoid_negative_request_ids
.
Set this to non-zero if you have agents that have trouble with negative request IDs, and don't forget to complain to your agent vendor. According to the spec (RFC 1905), the request-id is an Integer32
, i.e. its range is from -(2^31) to (2^31)-1. However, some agents erroneously encode the response ID as an unsigned, which prevents this code from matching such responses to requests.
$default_use_16bit_request_ids - default value for use_16bit_request_ids
.
Set this to non-zero if you have agents that use 16bit request IDs, and don't forget to complain to your agent vendor.
$errmsg - error message from last failed operation.
When they encounter errors, the routines in this module will generally return undef
) and leave an informative error message in $errmsg
).
$suppress_warnings - whether warnings should be suppressed.
If this variable is zero, as is the default, this code will output informative error messages whenever it encounters an error. Set this to a non-zero value if you want to suppress these messages. In any case, the last error message can be found in $errmsg
.
METHODS in package SNMP_Session
The abstract class SNMP_Session
defines objects that can be used to communicate with SNMP entities. It has methods to send requests to and receive responses from an agent.
Two instantiable subclasses are defined: SNMPv1_Session
implements SNMPv1 (RFC 1157) functionality SNMPv2c_Session
implements community-based SNMPv2 (RFC 3410-3417).
open() - create an SNMP session object
$session = SNMP_Session->open
($host, $community, $port,
$max_pdu_len, $local_port, $max_repetitions,
$local_host, $ipv4only);
The calling and return conventions are identical to SNMPv1_Session::open()
.
timeout() - return timeout value.
Initial timeout, in seconds, to wait for a response PDU after a request is sent. Note that when a request is retried, the timeout is increased by backoff (see below). The standard value is 2.0 (seconds).
retries() - number of attempts to get a reply.
Maximum number of attempts to get a reply for an SNMP request. If no response is received after timeout seconds, the request is resent and a new response awaited with a longer timeout, see the documentation on backoff below. The retries value should be at least 1, because the first attempt counts, too (the name "retries" is confusing, sorry for that).
backoff() - backoff factor.for timeout on successive retries.
Default backoff factor for SNMP_Session
objects. This factor is used to increase the TIMEOUT every time an SNMP request is retried. The standard value is 1.0, which means the same timeout is used for all attempts.
set_timeout() - set initial timeout for session
set_retries() - set maximum number of attempts for session
set_backoff() - set backoff factor for session
Example usage:
$session->set_backoff (1.5);
..._request_response() - Send some request and receive response.
Encodes a specific SNMP request, sends it to the destination address of the session, and waits for a matching response. If such a response is received, this function will return the size of the response, which is necessarily greater than zero.
An undefined value is returned if some error happens during encoding or sending, or if no matching response is received after the wait/retry schedule is exhausted. See the documentation on the timeout()
, retries()
, and backoff()
methods on how the wait/retry logic works.
get_request_response() - Send get
request and receive response.
getnext_request_response() - Send get-next
request and receive response.
$result = $session->get_request_response (@encoded_oids);
$result = $session->getnext_request_response (@encoded_oids);
set_request_response() - Send set
request and receive response.
$result = $session->set_request_response (@encoded_pair_list);
This method takes its arguments in a different form; they are a list of pairs - references to two-element arrays - which respresent the variables to be set and the intended values, e.g.
([$encoded_oid_0, $encoded_value_0],
[$encoded_oid_1, $encoded_value_1],
[$encoded_oid_2, $encoded_value_2], ...)
trap_request_send() - send SNMPv1 Trap.
$result = $session->trap_request_send ($ent, $gent, $gen, $spec, $dt, @pairs);
v2_trap_request_send() - send SNMPv2 Trap.
$result = $session->v2_trap_request_send ($trap_oid, $dt, @pairs);
map_table() - traverse an SNMP table.
$result = $session->map_table ([$col0, $col1, ...], $mapfn);
This will call the provided function (&$mapfn
) once for each row of the table defined by the column OIDs $col0
, $col1
... If the session can handle SNMPv2 operations, get-bulk
will be used to traverse the table. Otherwise, get-next
will be used.
If the first argument is a list of n columns, the mapping function will be called with n+1 arguments. The first argument will be the row index, i.e. the list of sub-IDs that was appended to the provided column OIDs for this row. Note that the row index will be represented as a string, using dot-separated numerical OID notation.
The remaining arguments to the mapping function will be the values of each column at the current index. It is possible that the table has "holes", i.e. that for a given row index, not all columns have a value. For columns with no value at the current row index, undef
will be passed to the mapping function.
If an error is encountered at any point during the table traversal, this method will return undef and leave an error message in $errmsg
(which is also written out unless $suppress_warnings
is non-zero).
Otherwise, the function will return the number of rows traversed, i.e. the number of times that the mapping function has been called.
map_table_4() - traverse an SNMP table with more control.
map_table_start_end() - traverse an SNMP table with lower/upper index limits.
$result = $session->map_table_start_end ($columns, $mapfn,
$start, $end, $max_repetition);
Similar to map_table_4()
, except that the start and end index can be specified.
receive_trap_1() - receive message on trap socket.
This method waits until a message is received on the trap socket. If successful, it returns two values: the message that was received, and the address of the sender as a sockaddr
structure. This address can be passed to getnameinfo()
to convert it to readable output.
This method doesn't check whether the message actually encodes a trap or anything else - the caller should use decode_trap_request()
to find out.
receive_trap() - receive message on trap socket (deprecated version).
This function is identical to receive_trap_1()
, except that it returns the sender address as three (formerly two) separate values: The host IP address, the port, and (since version 1.14) the address family. If you use this, please consider moving to receive_trap_1()
, because it is easier to process the sender address in sockaddr format, in particular in a world where IPv4 and IPv6 coexist.
decode_trap_request()
($community, $ent, $agent, $gen, $spec, $dt, $bindings)
= $session->decode_trap_request ($trap);
Given a message such as one returned as the first return value from receive_trap_1()
or receive_trap()
, try to decode it as some notification PDU. The code can handle SNMPv1 and SNMPv2 traps as well as SNMPv2 INFORMs, although it fails to distinguish traps from informs, which makes it hard to handle informs correctly (they should be acknowledged).
The $ent
, $agent
, $gen
, $spec
, and $dt
values will only be defined for SNMPv1 traps. For SNMPv2 traps and informs, some of this information will be encoded as bindings.
METHODS in package SNMPv1_Session
open() - create an SNMPv1 session object
$session = SNMPv1_Session->open
($host, $community, $port,
$max_pdu_len, $local_port, $max_repetitions,
$local_host, $ipv4only);
Note that all arguments except for $host
are optional. The $host
can be specified either as a hostname or as a numeric address. Numeric IPv6 addresses must be enclosed in square brackets []
$community
defaults to public
.
$port
defaults to 161, the standard UDP port to send SNMP requests to.
$max_pdu_len
defaults to 8000.
$local_port
can be specified if a specific local port is desired, for example because of firewall rules for the response packets. If none is specified, the operating system will choose a random port.
$max_repetitions
is the maximum number of repetitions requested in get-bulk
requests. It is only relevant in SNMPv2(c) and later.
$local_host
can be used to specify a specific address/interface. It is useful on hosts that have multiple addresses if a specific address should be used, for example because of firewall rules.
If $ipv4only
is either not present or non-zero, then an IPv4-only socket will be used. This is also the case if the system only supports IPv4. Otherwise, an IPv6 socket is created. IPv6 sockets support both IPv6 and IPv4 requests and responses.
open_trap_session() - create a session for receiving SNMP traps.
$session = open_trap_session ($port, $ipv4only);
$port
defaults to 162, the standard UDP port that SNMP notifications are sent to.
If $ipv4only
is either not present or non-zero, then an IPv4-only socket will be used. This is also the case if the system only supports IPv4. Otherwise, an IPv6 socket is created. IPv6 sockets can receive messages over both IPv6 and IPv4.
METHODS in package SNMPv2c_Session
open() - create an SNMPv2(c) session object
$session = SNMPv2c_Session->open
($host, $community, $port,
$max_pdu_len, $local_port, $max_repetitions,
$local_host, $ipv4only);
The calling and return conventions are identical to SNMPv1_Session::open()
, except that this returns a session object that supports SNMPv2 operations.
EXAMPLES
The basic usage of these routines works like this:
use BER;
use SNMP_Session;
# Set $host to the name of the host whose SNMP agent you want
# to talk to. Set $community to the community name under
# which you want to talk to the agent. Set port to the UDP
# port on which the agent listens (usually 161).
$session = SNMP_Session->open ($host, $community, $port)
or die "couldn't open SNMP session to $host";
# Set $oid1, $oid2... to the BER-encoded OIDs of the MIB
# variables you want to get.
if ($session->get_request_response ($oid1, $oid2, ...)) {
($bindings) = $session->decode_get_response ($session->{pdu_buffer});
while ($bindings ne '') {
($binding,$bindings) = decode_sequence ($bindings);
($oid,$value) = decode_by_template ($binding, "%O%@");
print pretty_print ($oid)," => ", pretty_print ($value), "\n";
}
} else {
die "No response from agent on $host";
}
Encoding OIDs
In order to BER-encode OIDs, you can use the function BER::encode_oid. It takes (a vector of) numeric subids as an argument. For example,
use BER;
encode_oid (1, 3, 6, 1, 2, 1, 1, 1, 0)
will return the BER-encoded OID for the sysDescr.0 (1.3.6.1.2.1.1.1.0) instance of MIB-2.
Decoding the results
When get_request_response()
returns success, you must decode the response PDU from the remote agent. The function decode_get_response()
can be used to do this. It takes a get-response
PDU, checks its syntax and returns the bindings part of the PDU. This is where the remote agent actually returns the values of the variables in your query.
You should iterate over the individual bindings in this bindings part and extract the value for each variable. In the example above, the returned bindings are simply printed using the BER::pretty_print()
function.
For better readability of the OIDs, you can also use the following idiom, where the %pretty_oids
hash maps BER-encoded numerical OIDs to symbolic OIDs. Note that this simple-minded mapping only works for response OIDs that exactly match known OIDs, so it's unsuitable for table walking (where the response OIDs include an additional row index).
%ugly_oids = qw(sysDescr.0 1.3.6.1.2.1.1.1.0
sysContact.0 1.3.6.1.2.1.1.4.0);
foreach (keys %ugly_oids) {
$ugly_oids{$_} = encode_oid (split (/\./, $ugly_oids{$_}));
$pretty_oids{$ugly_oids{$_}} = $_;
}
...
if ($session->get_request_response ($ugly_oids{'sysDescr.0'},
$ugly_oids{'sysContact.0'})) {
($bindings) = $session->decode_get_response ($session->{pdu_buffer});
while ($bindings ne '') {
($binding,$bindings) = decode_sequence ($bindings);
($oid,$value) = decode_by_template ($binding, "%O%@");
print $pretty_oids{$oid}," => ",
pretty_print ($value), "\n";
}
} ...
Set Requests
Set requests are generated much like get
or getNext
requests are, with the exception that you have to specify not just OIDs, but also the values the variables should be set to. Every binding is passed as a reference to a two-element array, the first element being the encoded OID and the second one the encoded value. See the test/set-test.pl
script for an example, in particular the subroutine snmpset
.
Walking Tables
Beginning with version 0.57 of SNMP_Session.pm
, there is API support for walking tables. The map_table()
method can be used for this as follows:
sub walk_function ($$$) {
my ($index, $val1, $val3) = @_;
...
}
...
$columns = [$base_oid1, $base_oid3];
$n_rows = $session->map_table ($columns, \&walk_function);
The columns argument must be a reference to a list of OIDs for table columns sharing the same index. The method will traverse the table and call the walk_function for each row. The arguments for these calls will be:
- 1. the row index as a partial OID in dotted notation, e.g.
1.3
, or10.0.1.34
. - 2. the values of the requested table columns in that row, in BER-encoded form. If you want to use the standard
pretty_print()
subroutine to decode the values, you can use the following idiom: -
grep (defined $_ && ($_=pretty_print $_), ($val1, $val3));
Walking Tables With get-bulk
Since version 0.67, SNMP_Session
uses a different get_table
implementation for SNMPv2c_Session
s. This version uses the ``powerful get-bulk
operator'' to retrieve many table rows with each request. In general, this will make table walking much faster under SNMPv2c, especially when round-trip times to the agent are long.
There is one difficulty, however: With get-bulk
, a management application can specify the maximum number of rows to return in a single response. SNMP_Session.pm
provides a new function, map_table_4
, in which this maxRepetitions
value can be specified explicitly.
For maximum efficiency, it should be set to a value that is one greater than the number of rows in the table. If it is smaller, then map_table()
will use more request/response cycles than necessary; if it is bigger, the agent will have to compute variable bindings beyond the end of the table (which map_table()
will throw away).
Of course it is usually impossible to know the size of the table in advance. If you don't specify maxRepetitions
when walking a table, then map_table()
will use a per-session default ($session->default_max_repetitions
). The default value for this default is 12.
If you walk a table multiple times, and the size of the table is relatively stable, you should use the return value of map_table()
(which is the number of rows it has encountered) to compute the next value of maxRepetitions
. Remember to add one so that map_table()
notices when the table is finished!
Note that for really big tables, this doesn't make a big difference, since the table won't fit in a single response packet anyway.
Sending Traps
To send a trap, you have to open an SNMP session to the trap receiver. Usually this is a process listening to UDP port 162 on a network management station. Then you can use the trap_request_send()
method to encode and send SNMPv1 traps. There is no way to find out whether the trap was actually received at the management station - SNMP traps are fundamentally unreliable.
When constructing an SNMPv1 trap, you must provide
the "enterprise" Object Identifier for the entity that generates the trap
your IP address
the generic trap type
the specific trap type
the
sysUpTime
at the time of trap generationa sequence (may be empty) of variable bindings further describing the trap.
For SNMPv2 traps, you need:
the trap's OID
the
sysUpTime
at the time of trap generationthe bindings list as above
For SNMPv2 traps, the uptime and trap OID are encoded as bindings which are added to the front of the other bindings you provide.
Here is a short example:
my $trap_receiver = "netman.noc";
my $trap_community = "SNMP_Traps";
my $trap_session = $version eq '1'
? SNMP_Session->open ($trap_receiver, $trap_community, 162)
: SNMPv2c_Session->open ($trap_receiver, $trap_community, 162);
my $myIpAddress = ...;
my $start_time = time;
...
sub link_down_trap ($$) {
my ($if_index, $version) = @_;
my $genericTrap = 2; # linkDown
my $specificTrap = 0;
my @ifIndexOID = ( 1,3,6,1,2,1,2,2,1,1 );
my $upTime = int ((time - $start_time) * 100.0);
my @myOID = ( 1,3,6,1,4,1,2946,0,8,15 );
warn "Sending trap failed"
unless ($version eq '1')
? $trap_session->trap_request_send (encode_oid (@myOID),
encode_ip_address ($myIpAddress),
encode_int ($genericTrap),
encode_int ($specificTrap),
encode_timeticks ($upTime),
[encode_oid (@ifIndex_OID,$if_index),
encode_int ($if_index)],
[encode_oid (@ifDescr_OID,$if_index),
encode_string ("foo")])
: $trap_session->v2_trap_request_send (\@linkDown_OID, $upTime,
[encode_oid (@ifIndex_OID,$if_index),
encode_int ($if_index)],
[encode_oid (@ifDescr_OID,$if_index),
encode_string ("foo")]);
}
Receiving Traps
Since version 0.60, SNMP_Session.pm
supports the receipt and decoding of SNMPv1 trap requests. Since version 0.75, SNMPv2 Trap PDUs are also recognized.
To receive traps, you have to create a special SNMP session that passively listens on the SNMP trap transport address, usually on UDP port 162. Then you can receive traps - actually, SNMPv1 traps, SNMPv2 traps, and SNMPv2 informs, using the receive_trap_1()
method and decode them using decode_trap_request()
. The enterprise, agent, generic, specific and sysUptime return values are only defined for SNMPv1 traps. In SNMPv2 traps and informs, the equivalent information is contained in the bindings.
my $trap_session = SNMPv1_Session->open_trap_session (162, 0)
or die "cannot open trap session";
my ($trap, $sender_sockaddr) = $trap_session->receive_trap_1 ()
or die "cannot receive trap";
my ($community, $enterprise, $agent,
$generic, $specific, $sysUptime, $bindings)
= $trap_session->decode_trap_request ($trap)
or die "cannot decode trap received"
...
my ($binding, $oid, $value);
while ($bindings ne '') {
($binding,$bindings) = decode_sequence ($bindings);
($oid, $value) = decode_by_template ($binding, "%O%@");
print BER::pretty_oid ($oid)," => ",pretty_print ($value),"\n";
}
AUTHORS
Created by: Simon Leinen <simon.leinen@switch.ch>
Contributions and fixes by:
- Matthew Trunnell <matter@media.mit.edu>
- Tobias Oetiker <tobi@oetiker.ch>
- Heine Peters <peters@dkrz.de>
- Daniel L. Needles <dan_needles@INS.COM>
- Mike Mitchell <mcm@unx.sas.com>
- Clinton Wong <clintdw@netcom.com>
- Alan Nichols <Alan.Nichols@Ebay.Sun.COM>
- Mike McCauley <mikem@open.com.au>
- Andrew W. Elble <elble@icculus.nsg.nwu.edu>
- Brett T Warden <wardenb@eluminant.com>: pretty
UInteger32
- Michael Deegan <michael@cnspc18.murdoch.edu.au>
- Sergio Macedo <macedo@tmp.com.br>
- Jakob Ilves (/IlvJa) <jakob.ilves@oracle.com>: PDU capture
- Valerio Bontempi <v.bontempi@inwind.it>: IPv6 support
- Lorenzo Colitti <lorenzo@colitti.com>: IPv6 support
- Philippe Simonet <Philippe.Simonet@swisscom.com>: Export
avoid...
- Luc Pauwels <Luc.Pauwels@xalasys.com>:
use_16bit_request_ids
- Andrew Cornford-Matheson <andrew.matheson@corenetworks.com>: inform
- Gerry Dalton <gerry.dalton@consolidated.com>:
strict subs
bug - Mike Fischer <mlf2@tampabay.rr.com>: pass MSG_DONTWAIT to
recv()
COPYRIGHT
Copyright (c) 1995-2009, Simon Leinen.
This program is free software; you can redistribute it under the "Artistic License 2.0" included in this distribution (file "Artistic").