From mboxrd@z Thu Jan 1 00:00:00 1970 Return-path: Received: from ptx.hi.pengutronix.de ([2001:6f8:1178:2:5054:ff:fec0:8e10] ident=Debian-exim) by metis.ext.pengutronix.de with esmtp (Exim 4.72) (envelope-from ) id 1WLc6y-0004Ln-V5 for ptxdist@pengutronix.de; Thu, 06 Mar 2014 18:29:36 +0100 Received: from mol by ptx.hi.pengutronix.de with local (Exim 4.80) (envelope-from ) id 1WLc6y-00029n-TL for ptxdist@pengutronix.de; Thu, 06 Mar 2014 18:29:36 +0100 Date: Thu, 6 Mar 2014 18:29:36 +0100 From: Michael Olbrich Message-ID: <20140306172936.GJ32080@pengutronix.de> References: <1392977215-14447-1-git-send-email-bth@kamstrup.dk> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <1392977215-14447-1-git-send-email-bth@kamstrup.dk> Subject: Re: [ptxdist] [PATCH] net-snmp: Improved SNMPv3 authentication and privacy support. Reply-To: ptxdist@pengutronix.de List-Id: PTXdist Development Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ptxdist-bounces@pengutronix.de Errors-To: ptxdist-bounces@pengutronix.de To: ptxdist@pengutronix.de On Fri, Feb 21, 2014 at 11:06:55AM +0100, Bruno Thomsen wrote: > Enabled SHA authentication and AES privacy (encryption) using OpenSSL. > Upgraded from libnl1 to libnl3 dependency. > > Tested SNMPv3 with USM (User-based Security Model) SHA auth + AES priv, minimal agent option disabled. > > Signed-off-by: Bruno Thomsen > --- > rules/net-snmp.in | 12 +++++++++++- > rules/net-snmp.make | 14 ++++++++++++-- > 2 files changed, 23 insertions(+), 3 deletions(-) > > diff --git a/rules/net-snmp.in b/rules/net-snmp.in > index 9821328..10bbbd9 100644 > --- a/rules/net-snmp.in > +++ b/rules/net-snmp.in > @@ -5,8 +5,10 @@ menuconfig NET_SNMP > select LIBC_M > select GCCLIBS_GCC_S if NET_SNMP_AGENT > select LIBC_DL if NET_SNMP_AGENT || NET_SNMP_APPLICATIONS > - select LIBNL if NET_SNMP_AGENT || NET_SNMP_APPLICATIONS > + select LIBNL3 if NET_SNMP_AGENT || NET_SNMP_APPLICATIONS Are you sure about this? libnl3 requieres -$SYSROOT/libnl3 and I don't see how this is added. The rest looks ok, although the whole file could really use come cleanup. But that's unrelated to this patch. Michael > select LM_SENSORS if NET_SNMP_MIB_MODULES_LM_SENSORS > + select OPENSSL if NET_SNMP_SHA_AES > + select NET_SNMP_PRIVACY if NET_SNMP_SHA_AES || NET_SNMP_DES > > if NET_SNMP > > @@ -200,6 +202,10 @@ config NET_SNMP_SNMPV2C > bool > prompt "support for SNMPv2c" > > +config NET_SNMP_PRIVACY > + bool > + prompt "support for privacy (encryption)" > + > config NET_SNMP_DES > bool > prompt "DES encryption" > @@ -208,6 +214,10 @@ config NET_SNMP_MD5 > bool > prompt "MD5 authentication" > > +config NET_SNMP_SHA_AES > + bool > + prompt "SHA authentication and AES encryption" > + > config NET_SNMP_DOM_SOCK_ONLY > bool "Disable UDP/TCP transports for agentx" if NET_SNMP_AGENT > default y > diff --git a/rules/net-snmp.make b/rules/net-snmp.make > index 6bdecd8..1397c2c 100644 > --- a/rules/net-snmp.make > +++ b/rules/net-snmp.make > @@ -47,7 +47,6 @@ NET_SNMP_AUTOCONF := \ > $(GLOBAL_IPV6_OPTION) \ > --with-defaults \ > --disable-manuals \ > - --without-openssl \ > --with-mib-modules="$(NET_SNMP_MIB_MODULES-y)" \ > --with-out-mib-modules="$(NET_SNMP_MIB_MODULES-)" \ > --with-mibs=$(PTXCONF_NET_SNMP_DEFAULT_MIBS) \ > @@ -58,7 +57,6 @@ NET_SNMP_AUTOCONF := \ > --disable-embedded-perl \ > --without-perl-modules \ > --disable-static \ > - --disable-privacy \ > --disable-internal-md5 \ > --$(call ptx/endis, PTXCONF_NET_SNMP_DOM_SOCK_ONLY)-agentx-dom-sock-only \ > --enable-mib-config-checking \ > @@ -121,6 +119,12 @@ else > NET_SNMP_AUTOCONF += --disable-snmpv2c > endif > > +ifdef PTXCONF_NET_SNMP_PRIVACY > +NET_SNMP_AUTOCONF += --enable-privacy > +else > +NET_SNMP_AUTOCONF += --disable-privacy > +endif > + > ifdef PTXCONF_NET_SNMP_DES > NET_SNMP_AUTOCONF += --enable-des > else > @@ -133,6 +137,12 @@ else > NET_SNMP_AUTOCONF += --disable-md5 > endif > > +ifdef PTXCONF_NET_SNMP_SHA_AES > +NET_SNMP_AUTOCONF += --with-openssl > +else > +NET_SNMP_AUTOCONF += --without-openssl > +endif > + > ifdef PTXCONF_NET_SNMP_SNMPTRAPD > NET_SNMP_AUTOCONF += --enable-snmptrapd-subagent > else > -- > 1.7.9.5 > > > -- > ptxdist mailing list > ptxdist@pengutronix.de > -- Pengutronix e.K. | | Industrial Linux Solutions | http://www.pengutronix.de/ | Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 | -- ptxdist mailing list ptxdist@pengutronix.de