From mboxrd@z Thu Jan 1 00:00:00 1970 Return-path: Received: from mail.kamstrup.com ([93.167.225.188]) by metis.ext.pengutronix.de with esmtp (Exim 4.72) (envelope-from ) id 1WGn0a-0003Jk-NV for ptxdist@pengutronix.de; Fri, 21 Feb 2014 11:07:05 +0100 From: Bruno Thomsen Date: Fri, 21 Feb 2014 11:06:55 +0100 Message-ID: <1392977215-14447-1-git-send-email-bth@kamstrup.dk> MIME-Version: 1.0 Subject: [ptxdist] [PATCH] net-snmp: Improved SNMPv3 authentication and privacy support. Reply-To: ptxdist@pengutronix.de List-Id: PTXdist Development Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ptxdist-bounces@pengutronix.de Errors-To: ptxdist-bounces@pengutronix.de To: ptxdist@pengutronix.de Cc: Bruno Thomsen Enabled SHA authentication and AES privacy (encryption) using OpenSSL. Upgraded from libnl1 to libnl3 dependency. Tested SNMPv3 with USM (User-based Security Model) SHA auth + AES priv, minimal agent option disabled. Signed-off-by: Bruno Thomsen --- rules/net-snmp.in | 12 +++++++++++- rules/net-snmp.make | 14 ++++++++++++-- 2 files changed, 23 insertions(+), 3 deletions(-) diff --git a/rules/net-snmp.in b/rules/net-snmp.in index 9821328..10bbbd9 100644 --- a/rules/net-snmp.in +++ b/rules/net-snmp.in @@ -5,8 +5,10 @@ menuconfig NET_SNMP select LIBC_M select GCCLIBS_GCC_S if NET_SNMP_AGENT select LIBC_DL if NET_SNMP_AGENT || NET_SNMP_APPLICATIONS - select LIBNL if NET_SNMP_AGENT || NET_SNMP_APPLICATIONS + select LIBNL3 if NET_SNMP_AGENT || NET_SNMP_APPLICATIONS select LM_SENSORS if NET_SNMP_MIB_MODULES_LM_SENSORS + select OPENSSL if NET_SNMP_SHA_AES + select NET_SNMP_PRIVACY if NET_SNMP_SHA_AES || NET_SNMP_DES if NET_SNMP @@ -200,6 +202,10 @@ config NET_SNMP_SNMPV2C bool prompt "support for SNMPv2c" +config NET_SNMP_PRIVACY + bool + prompt "support for privacy (encryption)" + config NET_SNMP_DES bool prompt "DES encryption" @@ -208,6 +214,10 @@ config NET_SNMP_MD5 bool prompt "MD5 authentication" +config NET_SNMP_SHA_AES + bool + prompt "SHA authentication and AES encryption" + config NET_SNMP_DOM_SOCK_ONLY bool "Disable UDP/TCP transports for agentx" if NET_SNMP_AGENT default y diff --git a/rules/net-snmp.make b/rules/net-snmp.make index 6bdecd8..1397c2c 100644 --- a/rules/net-snmp.make +++ b/rules/net-snmp.make @@ -47,7 +47,6 @@ NET_SNMP_AUTOCONF := \ $(GLOBAL_IPV6_OPTION) \ --with-defaults \ --disable-manuals \ - --without-openssl \ --with-mib-modules="$(NET_SNMP_MIB_MODULES-y)" \ --with-out-mib-modules="$(NET_SNMP_MIB_MODULES-)" \ --with-mibs=$(PTXCONF_NET_SNMP_DEFAULT_MIBS) \ @@ -58,7 +57,6 @@ NET_SNMP_AUTOCONF := \ --disable-embedded-perl \ --without-perl-modules \ --disable-static \ - --disable-privacy \ --disable-internal-md5 \ --$(call ptx/endis, PTXCONF_NET_SNMP_DOM_SOCK_ONLY)-agentx-dom-sock-only \ --enable-mib-config-checking \ @@ -121,6 +119,12 @@ else NET_SNMP_AUTOCONF += --disable-snmpv2c endif +ifdef PTXCONF_NET_SNMP_PRIVACY +NET_SNMP_AUTOCONF += --enable-privacy +else +NET_SNMP_AUTOCONF += --disable-privacy +endif + ifdef PTXCONF_NET_SNMP_DES NET_SNMP_AUTOCONF += --enable-des else @@ -133,6 +137,12 @@ else NET_SNMP_AUTOCONF += --disable-md5 endif +ifdef PTXCONF_NET_SNMP_SHA_AES +NET_SNMP_AUTOCONF += --with-openssl +else +NET_SNMP_AUTOCONF += --without-openssl +endif + ifdef PTXCONF_NET_SNMP_SNMPTRAPD NET_SNMP_AUTOCONF += --enable-snmptrapd-subagent else -- 1.7.9.5 -- ptxdist mailing list ptxdist@pengutronix.de