The Simple Network Management Protocol (SNMP) daemon processes SNMP requests from manager applications. Read Simple Network Management Protocol (SNMP), How a Manager Functions, and How an Agent Functions in AIX 5L Version 5.2 Communications Programming Concepts for more detailed information on agent and manager functions.
All requests, traps, and responses are transmitted in the form of ASN.1-encoded messages. A message, as defined by RFC 1157, has the following structure:
Version Community PDU
where Version is the SNMP version (currently version 1), Community is the community name, and PDU is the protocol data unit that contains the SNMP request, response, or trap data. A PDU is also encoded according to ASN.1 rules.
The SNMP daemon receives and transmits all SNMP protocol messages through the Transmission Control Protocol/Internet Protocol (TCP/IP) User Datagram Protocol (UDP). Requests are accepted on well-known port 161. Traps are transmitted to the hosts listed in the trap entries in the /etc/snmpd.conf file that are listening on well-known port 162.
When a request is received, the source IP address and the community name are checked against a list containing the IP addresses, community names, permissions, and views as specified in the community and view entries in the /etc/snmpd.conf file. The snmpd agent reads this file at startup and on a refresh command or a kill -1 signal. If no matching entry is found, the request is ignored. If a matching entry is found, access is allowed according to the permissions specified in the community and view entries for that IP address, community, and view name association in the /etc/snmpd.conf file. Both the message and the PDU must be encoded according to the ASN.1 rules.
This authentication scheme is not intended to provide full security. If the SNMP daemon is used only for get and get-next requests, security might not be a problem. If set requests are allowed, the set privilege can be restricted.
See the /etc/snmpd.conf file for further information. See Management Information Base (MIB) for further information.
There are three types of request PDUs that can be received by the SNMP daemon. The request types are defined in RFC 1157, and the PDUs all have the following format:
request-ID | error-status | error-index | variable-bindings |
---|---|---|---|
GET | 0 | 0 | VarBindList |
GET-NEXT | 0 | 0 | VarBindList |
SET | 0 | 0 | VarBindList |
The request-ID field identifies the nature of the request; the error-status field and error-index field are unused and must be set to 0 (zero); and the variable-bindings field contains a variable-length list of numeric-format instance IDs whose values are being requested. If the value of the request-ID field is SET, the variable-bindings field is a list of pairs of instance IDs and values.
Read Using the Management Information Base (MIB) Database for a discussion of the three request types.
Response PDUs have nearly the same format as request PDUs:
request-ID | error-status | error-index | variable-bindings |
---|---|---|---|
GET-RESPONSE | ErrorStatus | ErrorIndex | VarBindList |
If the request was successfully processed, the value for both the error-status and error-index field is 0 (zero), and the variable-bindings field contains a complete list of pairs of instance IDs and values.
If any instance ID in the variable-bindings field of the request PDU was not successfully processed, the SNMP agent stops processing, writes the index of the failing instance ID into the error-index field, records an error code in the error-status field, and copies the partially completed result list into the variable-bindings field.
RFC 1157 defines the following values for the error-status field:
Value | Value | Explanation |
---|---|---|
noError | 0 | Processing successfully completed (error-index is 0). |
tooBig | 1 | The size of the response PDU would exceed an implementation-defined limit (error-index is 0). |
noSuchName | 2 | An instance ID does not exist in the relevant MIB view for GET and SET request types or has no successor in the MIB tree in the relevant MIB view for GET-NEXT requests (nonzero error-index). |
badValue | 3 | For SET requests only, a specified value is syntactically incompatible with the type attribute of the corresponding instance ID (nonzero error-index). |
readOnly | 4 | Not defined. |
genErr | 5 | An implementation-defined error occurred (nonzero error- index); for example, an attempt to assign a value that exceeds implementation limits. |
Trap PDUs are defined by RFC 1157 to have the following format:
enterprise | agent-address | generic-trap | specific-trap | time-stamp | variable-bindings |
---|---|---|---|---|---|
Object ID | Integer | Integer | Integer | TimeTicks | VarBindList |
The fields are used as follows:
The following generic-trap values indicate that certain system events have been detected:
coldStart | The agent is reinitializing. Configuration data or MIB variable values, or both, might have changed. Restart the measurement epochs. |
warmStart | The agent is reinitializing but configuration data or MIB variable values have not changed. In this implementation of the SNMP agent, a warmStart trap is generated when the /etc/snmpd.conf file is reread. The configuration information in the /etc/snmpd.conf file is for agent configuration that has no side effects on SNMP manager databases. Measurement epochs should not be restarted. |
linkDown | The agent has detected that a known communications interface has been disabled. |
linkUp | The agent has detected that a known communications interface has been enabled. |
authenticationFailure | A message was received that could not be authenticated. |
egpNeighborLoss | An Exterior Gateway Protocol (EGP) neighbor was lost. This value is only generated when the agent is running on a host that runs the gated daemon using EGP. |
enterpriseSpecific | Not implemented; reserved for future use. |
The linkDown and linkUp traps contain a single instance ID/value pair in the variable-bindings list. The instance ID identifies the ifIndex of the adapter that was disabled or enabled, and the value is the ifIndex value. The trap for egpNeighborLoss also contains a binding consisting of the instance ID and value of egpNeighAddr for the lost neighbor.