From mboxrd@z Thu Jan 1 00:00:00 1970 Return-path: Received: from ptx.hi.pengutronix.de ([2001:6f8:1178:2:5054:ff:fec0:8e10] ident=Debian-exim) by metis.ext.pengutronix.de with esmtp (Exim 4.72) (envelope-from ) id 1WO6lt-0000yG-6E for ptxdist@pengutronix.de; Thu, 13 Mar 2014 15:38:09 +0100 Received: from mol by ptx.hi.pengutronix.de with local (Exim 4.80) (envelope-from ) id 1WO6lt-0004Jp-4r for ptxdist@pengutronix.de; Thu, 13 Mar 2014 15:38:09 +0100 Date: Thu, 13 Mar 2014 15:38:09 +0100 From: Michael Olbrich Message-ID: <20140313143809.GG20431@pengutronix.de> References: <1394720426-15470-1-git-send-email-bth@kamstrup.dk> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <1394720426-15470-1-git-send-email-bth@kamstrup.dk> Subject: Re: [ptxdist] [PATCHv3] net-snmp: Improved SNMPv3 authentication and privacy support. Reply-To: ptxdist@pengutronix.de List-Id: PTXdist Development Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ptxdist-bounces@pengutronix.de Errors-To: ptxdist-bounces@pengutronix.de To: ptxdist@pengutronix.de On Thu, Mar 13, 2014 at 03:20:26PM +0100, Bruno Thomsen wrote: > Enabled SHA authentication and AES privacy (encryption) using OpenSSL. > Upgraded from libnl1 to libnl3 dependency, and explicitly request libnl3. > Disable minimal agent when privacy is enabled. > > Tested SNMPv3 with USM (User-based Security Model) SHA auth + AES priv, minimal agent option disabled. This still doesn't work with nl3: ptxdist -f clean && ptxdist prepare net-snmp [...] checking for library containing nl_connect... no [...] I've applied this without the nl1 -> nl3 change. Michael > > Signed-off-by: Bruno Thomsen > --- > rules/net-snmp.in | 13 ++++++++++++- > rules/net-snmp.make | 5 +++-- > 2 files changed, 15 insertions(+), 3 deletions(-) > > diff --git a/rules/net-snmp.in b/rules/net-snmp.in > index 9821328..052e59e 100644 > --- a/rules/net-snmp.in > +++ b/rules/net-snmp.in > @@ -5,8 +5,10 @@ menuconfig NET_SNMP > select LIBC_M > select GCCLIBS_GCC_S if NET_SNMP_AGENT > select LIBC_DL if NET_SNMP_AGENT || NET_SNMP_APPLICATIONS > - select LIBNL if NET_SNMP_AGENT || NET_SNMP_APPLICATIONS > + select LIBNL3 if NET_SNMP_AGENT || NET_SNMP_APPLICATIONS > select LM_SENSORS if NET_SNMP_MIB_MODULES_LM_SENSORS > + select OPENSSL if NET_SNMP_SHA_AES > + select NET_SNMP_PRIVACY if NET_SNMP_SHA_AES || NET_SNMP_DES > > if NET_SNMP > > @@ -174,6 +176,7 @@ endchoice > config NET_SNMP_MINI_AGENT > bool > default y > + depends on ! NET_SNMP_PRIVACY > prompt "minimal agent" > > config NET_SNMP_AGENT > @@ -200,6 +203,10 @@ config NET_SNMP_SNMPV2C > bool > prompt "support for SNMPv2c" > > +config NET_SNMP_PRIVACY > + bool > + prompt "support for privacy (encryption)" > + > config NET_SNMP_DES > bool > prompt "DES encryption" > @@ -208,6 +215,10 @@ config NET_SNMP_MD5 > bool > prompt "MD5 authentication" > > +config NET_SNMP_SHA_AES > + bool > + prompt "SHA authentication and AES encryption" > + > config NET_SNMP_DOM_SOCK_ONLY > bool "Disable UDP/TCP transports for agentx" if NET_SNMP_AGENT > default y > diff --git a/rules/net-snmp.make b/rules/net-snmp.make > index 6bdecd8..fd97886 100644 > --- a/rules/net-snmp.make > +++ b/rules/net-snmp.make > @@ -47,18 +47,19 @@ NET_SNMP_AUTOCONF := \ > $(GLOBAL_IPV6_OPTION) \ > --with-defaults \ > --disable-manuals \ > - --without-openssl \ > + --$(call ptx/wwo, PTXCONF_NET_SNMP_SHA_AES)-openssl \ > --with-mib-modules="$(NET_SNMP_MIB_MODULES-y)" \ > --with-out-mib-modules="$(NET_SNMP_MIB_MODULES-)" \ > --with-mibs=$(PTXCONF_NET_SNMP_DEFAULT_MIBS) \ > --with-logfile=$(call remove_quotes,$(PTXCONF_NET_SNMP_LOGFILE)) \ > --with-persistent-directory=$(call remove_quotes,$(PTXCONF_NET_SNMP_PERSISTENT_DIR)) \ > --with-default-snmp-version=$(call remove_quotes,$(PTXCONF_NET_SNMP_DEFAULT_VERSION)) \ > + --$(call ptx/wwo, PTXCONF_LIBNL3)-nl$(call ptx/ifdef, PTXCONF_LIBNL3, =$(SYSROOT)/usr/include/libnl3, ) \ > --enable-shared \ > --disable-embedded-perl \ > --without-perl-modules \ > --disable-static \ > - --disable-privacy \ > + --$(call ptx/endis, PTXCONF_NET_SNMP_PRIVACY)-privacy \ > --disable-internal-md5 \ > --$(call ptx/endis, PTXCONF_NET_SNMP_DOM_SOCK_ONLY)-agentx-dom-sock-only \ > --enable-mib-config-checking \ > -- > 1.7.9.5 > > > -- > ptxdist mailing list > ptxdist@pengutronix.de > -- Pengutronix e.K. | | Industrial Linux Solutions | http://www.pengutronix.de/ | Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 | -- ptxdist mailing list ptxdist@pengutronix.de