From mboxrd@z Thu Jan  1 00:00:00 1970
Return-path: <ptxdist-bounces@pengutronix.de>
Received: from ptx.hi.pengutronix.de ([2001:6f8:1178:2:5054:ff:fec0:8e10]
	ident=Debian-exim) by metis.ext.pengutronix.de with esmtp (Exim 4.72)
	(envelope-from <mol@pengutronix.de>) id 1WO6lt-0000yG-6E
	for ptxdist@pengutronix.de; Thu, 13 Mar 2014 15:38:09 +0100
Received: from mol by ptx.hi.pengutronix.de with local (Exim 4.80)
	(envelope-from <mol@pengutronix.de>) id 1WO6lt-0004Jp-4r
	for ptxdist@pengutronix.de; Thu, 13 Mar 2014 15:38:09 +0100
Date: Thu, 13 Mar 2014 15:38:09 +0100
From: Michael Olbrich <m.olbrich@pengutronix.de>
Message-ID: <20140313143809.GG20431@pengutronix.de>
References: <1394720426-15470-1-git-send-email-bth@kamstrup.dk>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <1394720426-15470-1-git-send-email-bth@kamstrup.dk>
Subject: Re: [ptxdist] [PATCHv3] net-snmp: Improved SNMPv3 authentication
 and privacy support.
Reply-To: ptxdist@pengutronix.de
List-Id: PTXdist Development Mailing List <ptxdist.pengutronix.de>
List-Unsubscribe: <http://metis.pengutronix.de/cgi-bin/mailman/options/ptxdist>, 
	<mailto:ptxdist-request@pengutronix.de?subject=unsubscribe>
List-Archive: <http://metis.pengutronix.de/pipermail/ptxdist>
List-Post: <mailto:ptxdist@pengutronix.de>
List-Help: <mailto:ptxdist-request@pengutronix.de?subject=help>
List-Subscribe: <http://metis.pengutronix.de/cgi-bin/mailman/listinfo/ptxdist>, 
	<mailto:ptxdist-request@pengutronix.de?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: ptxdist-bounces@pengutronix.de
Errors-To: ptxdist-bounces@pengutronix.de
To: ptxdist@pengutronix.de

On Thu, Mar 13, 2014 at 03:20:26PM +0100, Bruno Thomsen wrote:
> Enabled SHA authentication and AES privacy (encryption) using OpenSSL.
> Upgraded from libnl1 to libnl3 dependency, and explicitly request libnl3.
> Disable minimal agent when privacy is enabled.
> 
> Tested SNMPv3 with USM (User-based Security Model) SHA auth + AES priv, minimal agent option disabled.

This still doesn't work with nl3:

ptxdist -f clean && ptxdist prepare net-snmp

[...]
checking for library containing nl_connect... no
[...]

I've applied this without the nl1 -> nl3 change.

Michael

> 
> Signed-off-by: Bruno Thomsen <bth@kamstrup.dk>
> ---
>  rules/net-snmp.in   |   13 ++++++++++++-
>  rules/net-snmp.make |    5 +++--
>  2 files changed, 15 insertions(+), 3 deletions(-)
> 
> diff --git a/rules/net-snmp.in b/rules/net-snmp.in
> index 9821328..052e59e 100644
> --- a/rules/net-snmp.in
> +++ b/rules/net-snmp.in
> @@ -5,8 +5,10 @@ menuconfig NET_SNMP
>  	select LIBC_M
>  	select GCCLIBS_GCC_S	if NET_SNMP_AGENT
>  	select LIBC_DL		if NET_SNMP_AGENT || NET_SNMP_APPLICATIONS
> -	select LIBNL		if NET_SNMP_AGENT || NET_SNMP_APPLICATIONS
> +	select LIBNL3		if NET_SNMP_AGENT || NET_SNMP_APPLICATIONS
>  	select LM_SENSORS	if NET_SNMP_MIB_MODULES_LM_SENSORS
> +	select OPENSSL		if NET_SNMP_SHA_AES
> +	select NET_SNMP_PRIVACY	if NET_SNMP_SHA_AES || NET_SNMP_DES
>  
>  if NET_SNMP
>  
> @@ -174,6 +176,7 @@ endchoice
>  config NET_SNMP_MINI_AGENT
>  	bool
>  	default y
> +	depends on ! NET_SNMP_PRIVACY
>  	prompt "minimal agent"
>  
>  config NET_SNMP_AGENT
> @@ -200,6 +203,10 @@ config NET_SNMP_SNMPV2C
>  	bool
>  	prompt "support for SNMPv2c"
>  
> +config NET_SNMP_PRIVACY
> +	bool
> +	prompt "support for privacy (encryption)"
> +
>  config NET_SNMP_DES
>  	bool
>  	prompt "DES encryption"
> @@ -208,6 +215,10 @@ config NET_SNMP_MD5
>  	bool
>  	prompt "MD5 authentication"
>  
> +config NET_SNMP_SHA_AES
> +	bool
> +	prompt "SHA authentication and AES encryption"
> +
>  config NET_SNMP_DOM_SOCK_ONLY
>  	bool "Disable UDP/TCP transports for agentx" if NET_SNMP_AGENT
>  	default y
> diff --git a/rules/net-snmp.make b/rules/net-snmp.make
> index 6bdecd8..fd97886 100644
> --- a/rules/net-snmp.make
> +++ b/rules/net-snmp.make
> @@ -47,18 +47,19 @@ NET_SNMP_AUTOCONF := \
>  	$(GLOBAL_IPV6_OPTION) \
>  	--with-defaults \
>  	--disable-manuals \
> -	--without-openssl \
> +	--$(call ptx/wwo, PTXCONF_NET_SNMP_SHA_AES)-openssl \
>  	--with-mib-modules="$(NET_SNMP_MIB_MODULES-y)" \
>  	--with-out-mib-modules="$(NET_SNMP_MIB_MODULES-)" \
>  	--with-mibs=$(PTXCONF_NET_SNMP_DEFAULT_MIBS) \
>  	--with-logfile=$(call remove_quotes,$(PTXCONF_NET_SNMP_LOGFILE)) \
>  	--with-persistent-directory=$(call remove_quotes,$(PTXCONF_NET_SNMP_PERSISTENT_DIR)) \
>  	--with-default-snmp-version=$(call remove_quotes,$(PTXCONF_NET_SNMP_DEFAULT_VERSION)) \
> +	--$(call ptx/wwo, PTXCONF_LIBNL3)-nl$(call ptx/ifdef, PTXCONF_LIBNL3, =$(SYSROOT)/usr/include/libnl3, ) \
>  	--enable-shared \
>  	--disable-embedded-perl \
>  	--without-perl-modules \
>  	--disable-static \
> -	--disable-privacy \
> +	--$(call ptx/endis, PTXCONF_NET_SNMP_PRIVACY)-privacy \
>  	--disable-internal-md5 \
>  	--$(call ptx/endis, PTXCONF_NET_SNMP_DOM_SOCK_ONLY)-agentx-dom-sock-only \
>  	--enable-mib-config-checking \
> -- 
> 1.7.9.5
> 
> 
> -- 
> ptxdist mailing list
> ptxdist@pengutronix.de
> 

-- 
Pengutronix e.K.                           |                             |
Industrial Linux Solutions                 | http://www.pengutronix.de/  |
Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |

-- 
ptxdist mailing list
ptxdist@pengutronix.de