From ea4feb1a07edfea3243cc328f1994f63852e9f96 Mon Sep 17 00:00:00 2001 From: David Pryor Date: Wed, 23 Dec 2020 11:19:53 -0500 Subject: [PATCH] fixed formatting (+1 squashed commit) (#8541) Squashed commits: [c4e2bee2] Closes #8530: Extended the internal snmp wrapper to support AES192, AES192C, AES256, and AES256C. Updated the example configuration with the new privProtocols. Added the warning that those protocols are only supported if you have the appropriate tooling on your system. Added test to ensure all 4 new privProtocols could be selected and properly encrypt the priv password. --- internal/snmp/wrapper.go | 8 +++ plugins/inputs/snmp/README.md | 4 +- plugins/inputs/snmp/snmp_test.go | 119 +++++++++++++++++++++++++++++++ 3 files changed, 130 insertions(+), 1 deletion(-) diff --git a/internal/snmp/wrapper.go b/internal/snmp/wrapper.go index 23a15594e..db0f225c9 100644 --- a/internal/snmp/wrapper.go +++ b/internal/snmp/wrapper.go @@ -125,6 +125,14 @@ func NewWrapper(s ClientConfig) (GosnmpWrapper, error) { sp.PrivacyProtocol = gosnmp.DES case "aes": sp.PrivacyProtocol = gosnmp.AES + case "aes192": + sp.PrivacyProtocol = gosnmp.AES192 + case "aes192c": + sp.PrivacyProtocol = gosnmp.AES192C + case "aes256": + sp.PrivacyProtocol = gosnmp.AES256 + case "aes256c": + sp.PrivacyProtocol = gosnmp.AES256C case "": sp.PrivacyProtocol = gosnmp.NoPriv default: diff --git a/plugins/inputs/snmp/README.md b/plugins/inputs/snmp/README.md index 0eb0ac31a..c4aa3367f 100644 --- a/plugins/inputs/snmp/README.md +++ b/plugins/inputs/snmp/README.md @@ -56,7 +56,9 @@ information. # sec_level = "authNoPriv" ## Context Name. # context_name = "" - ## Privacy protocol used for encrypted messages; one of "DES", "AES" or "". + ## Privacy protocol used for encrypted messages; one of "DES", "AES", "AES192", "AES192C", "AES256", "AES256C", or "". + ### Protocols "AES192", "AES192", "AES256", and "AES256C" require the underlying net-snmp tools + ### to be compiled with --enable-blumenthal-aes (http://www.net-snmp.org/docs/INSTALL.html) # priv_protocol = "" ## Privacy password used for encrypted messages. # priv_password = "" diff --git a/plugins/inputs/snmp/snmp_test.go b/plugins/inputs/snmp/snmp_test.go index 199fbe83c..a5cda3d4c 100644 --- a/plugins/inputs/snmp/snmp_test.go +++ b/plugins/inputs/snmp/snmp_test.go @@ -345,6 +345,125 @@ func TestGetSNMPConnection_v3(t *testing.T) { assert.EqualValues(t, 2, sp.AuthoritativeEngineTime) } +func TestGetSNMPConnection_v3_blumenthal(t *testing.T) { + testCases := []struct { + Name string + Algorithm gosnmp.SnmpV3PrivProtocol + Config *Snmp + }{ + { + Name: "AES192", + Algorithm: gosnmp.AES192, + Config: &Snmp{ + Agents: []string{"1.2.3.4"}, + ClientConfig: config.ClientConfig{ + Version: 3, + MaxRepetitions: 20, + ContextName: "mycontext", + SecLevel: "authPriv", + SecName: "myuser", + AuthProtocol: "md5", + AuthPassword: "password123", + PrivProtocol: "AES192", + PrivPassword: "password123", + EngineID: "myengineid", + EngineBoots: 1, + EngineTime: 2, + }, + }, + }, + { + Name: "AES192C", + Algorithm: gosnmp.AES192C, + Config: &Snmp{ + Agents: []string{"1.2.3.4"}, + ClientConfig: config.ClientConfig{ + Version: 3, + MaxRepetitions: 20, + ContextName: "mycontext", + SecLevel: "authPriv", + SecName: "myuser", + AuthProtocol: "md5", + AuthPassword: "password123", + PrivProtocol: "AES192C", + PrivPassword: "password123", + EngineID: "myengineid", + EngineBoots: 1, + EngineTime: 2, + }, + }, + }, + { + Name: "AES256", + Algorithm: gosnmp.AES256, + Config: &Snmp{ + Agents: []string{"1.2.3.4"}, + ClientConfig: config.ClientConfig{ + Version: 3, + MaxRepetitions: 20, + ContextName: "mycontext", + SecLevel: "authPriv", + SecName: "myuser", + AuthProtocol: "md5", + AuthPassword: "password123", + PrivProtocol: "AES256", + PrivPassword: "password123", + EngineID: "myengineid", + EngineBoots: 1, + EngineTime: 2, + }, + }, + }, + { + Name: "AES256C", + Algorithm: gosnmp.AES256C, + Config: &Snmp{ + Agents: []string{"1.2.3.4"}, + ClientConfig: config.ClientConfig{ + Version: 3, + MaxRepetitions: 20, + ContextName: "mycontext", + SecLevel: "authPriv", + SecName: "myuser", + AuthProtocol: "md5", + AuthPassword: "password123", + PrivProtocol: "AES256C", + PrivPassword: "password123", + EngineID: "myengineid", + EngineBoots: 1, + EngineTime: 2, + }, + }, + }, + } + + for _, tc := range testCases { + t.Run(tc.Name, func(t *testing.T) { + s := tc.Config + err := s.init() + require.NoError(t, err) + + gsc, err := s.getConnection(0) + require.NoError(t, err) + gs := gsc.(snmp.GosnmpWrapper) + assert.Equal(t, gs.Version, gosnmp.Version3) + sp := gs.SecurityParameters.(*gosnmp.UsmSecurityParameters) + assert.Equal(t, "1.2.3.4", gsc.Host()) + assert.EqualValues(t, 20, gs.MaxRepetitions) + assert.Equal(t, "mycontext", gs.ContextName) + assert.Equal(t, gosnmp.AuthPriv, gs.MsgFlags&gosnmp.AuthPriv) + assert.Equal(t, "myuser", sp.UserName) + assert.Equal(t, gosnmp.MD5, sp.AuthenticationProtocol) + assert.Equal(t, "password123", sp.AuthenticationPassphrase) + assert.Equal(t, tc.Algorithm, sp.PrivacyProtocol) + assert.Equal(t, "password123", sp.PrivacyPassphrase) + assert.Equal(t, "myengineid", sp.AuthoritativeEngineID) + assert.EqualValues(t, 1, sp.AuthoritativeEngineBoots) + assert.EqualValues(t, 2, sp.AuthoritativeEngineTime) + }) + } +} + func TestGetSNMPConnection_caching(t *testing.T) { s := &Snmp{ Agents: []string{"1.2.3.4", "1.2.3.5", "1.2.3.5"},