From mboxrd@z Thu Jan  1 00:00:00 1970
Return-path: <ptxdist-bounces@pengutronix.de>
Received: from mail.kamstrup.com ([93.167.225.188])
	by metis.ext.pengutronix.de with esmtp (Exim 4.72)
	(envelope-from <bth@kamstrup.dk>) id 1WHutx-0002uf-Qv
	for ptxdist@pengutronix.de; Mon, 24 Feb 2014 13:44:54 +0100
From: Bruno Thomsen <bth@kamstrup.dk>
Date: Mon, 24 Feb 2014 13:44:24 +0100
Message-ID: <1393245864-27769-1-git-send-email-bth@kamstrup.dk>
In-Reply-To: <Re: [ptxdist] [PATCH] net-snmp: Improved SNMPv3 authentication
	and privacy support.>
References: <Re: [ptxdist] [PATCH] net-snmp: Improved SNMPv3 authentication
	and privacy support.>
MIME-Version: 1.0
Subject: [ptxdist] [PATCH v2] net-snmp: Improved SNMPv3 authentication and
	privacy support.
Reply-To: ptxdist@pengutronix.de
List-Id: PTXdist Development Mailing List <ptxdist.pengutronix.de>
List-Unsubscribe: <http://metis.pengutronix.de/cgi-bin/mailman/options/ptxdist>, 
	<mailto:ptxdist-request@pengutronix.de?subject=unsubscribe>
List-Archive: <http://metis.pengutronix.de/pipermail/ptxdist>
List-Post: <mailto:ptxdist@pengutronix.de>
List-Help: <mailto:ptxdist-request@pengutronix.de?subject=help>
List-Subscribe: <http://metis.pengutronix.de/cgi-bin/mailman/listinfo/ptxdist>, 
	<mailto:ptxdist-request@pengutronix.de?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: ptxdist-bounces@pengutronix.de
Errors-To: ptxdist-bounces@pengutronix.de
To: ptxdist@pengutronix.de
Cc: Bruno Thomsen <bth@kamstrup.dk>

Enabled SHA authentication and AES privacy (encryption) using OpenSSL.
Upgraded from libnl1 to libnl3 dependency.
Disable minimal agent when privacy is enabled.

Tested SNMPv3 with USM (User-based Security Model) SHA auth + AES priv, minimal agent option disabled.

Signed-off-by: Bruno Thomsen <bth@kamstrup.dk>
---
 rules/net-snmp.in   |   13 ++++++++++++-
 rules/net-snmp.make |    4 ++--
 2 files changed, 14 insertions(+), 3 deletions(-)

diff --git a/rules/net-snmp.in b/rules/net-snmp.in
index 9821328..052e59e 100644
--- a/rules/net-snmp.in
+++ b/rules/net-snmp.in
@@ -5,8 +5,10 @@ menuconfig NET_SNMP
 	select LIBC_M
 	select GCCLIBS_GCC_S	if NET_SNMP_AGENT
 	select LIBC_DL		if NET_SNMP_AGENT || NET_SNMP_APPLICATIONS
-	select LIBNL		if NET_SNMP_AGENT || NET_SNMP_APPLICATIONS
+	select LIBNL3		if NET_SNMP_AGENT || NET_SNMP_APPLICATIONS
 	select LM_SENSORS	if NET_SNMP_MIB_MODULES_LM_SENSORS
+	select OPENSSL		if NET_SNMP_SHA_AES
+	select NET_SNMP_PRIVACY	if NET_SNMP_SHA_AES || NET_SNMP_DES
 
 if NET_SNMP
 
@@ -174,6 +176,7 @@ endchoice
 config NET_SNMP_MINI_AGENT
 	bool
 	default y
+	depends on ! NET_SNMP_PRIVACY
 	prompt "minimal agent"
 
 config NET_SNMP_AGENT
@@ -200,6 +203,10 @@ config NET_SNMP_SNMPV2C
 	bool
 	prompt "support for SNMPv2c"
 
+config NET_SNMP_PRIVACY
+	bool
+	prompt "support for privacy (encryption)"
+
 config NET_SNMP_DES
 	bool
 	prompt "DES encryption"
@@ -208,6 +215,10 @@ config NET_SNMP_MD5
 	bool
 	prompt "MD5 authentication"
 
+config NET_SNMP_SHA_AES
+	bool
+	prompt "SHA authentication and AES encryption"
+
 config NET_SNMP_DOM_SOCK_ONLY
 	bool "Disable UDP/TCP transports for agentx" if NET_SNMP_AGENT
 	default y
diff --git a/rules/net-snmp.make b/rules/net-snmp.make
index 6bdecd8..6ddb954 100644
--- a/rules/net-snmp.make
+++ b/rules/net-snmp.make
@@ -47,7 +47,7 @@ NET_SNMP_AUTOCONF := \
 	$(GLOBAL_IPV6_OPTION) \
 	--with-defaults \
 	--disable-manuals \
-	--without-openssl \
+	--$(call ptx/wwo, PTXCONF_NET_SNMP_SHA_AES)-openssl \
 	--with-mib-modules="$(NET_SNMP_MIB_MODULES-y)" \
 	--with-out-mib-modules="$(NET_SNMP_MIB_MODULES-)" \
 	--with-mibs=$(PTXCONF_NET_SNMP_DEFAULT_MIBS) \
@@ -58,7 +58,7 @@ NET_SNMP_AUTOCONF := \
 	--disable-embedded-perl \
 	--without-perl-modules \
 	--disable-static \
-	--disable-privacy \
+	--$(call ptx/endis, PTXCONF_NET_SNMP_PRIVACY)-privacy \
 	--disable-internal-md5 \
 	--$(call ptx/endis, PTXCONF_NET_SNMP_DOM_SOCK_ONLY)-agentx-dom-sock-only \
 	--enable-mib-config-checking \
-- 
1.7.9.5


-- 
ptxdist mailing list
ptxdist@pengutronix.de