I can reliably crash net-snmp with an snmpset. $ uname -a FreeBSD freebsdtest 12.0-RELEASE-p10 FreeBSD 12.0-RELEASE-p10 GENERIC amd64 $ pkg info net-snmp net-snmp-5.7.3_20,1 Name : net-snmp Version : 5.7.3_20,1 Installed on : Wed Oct 9 15:22:24 2019 EDT ... Detail: $ sysctl net.inet.ip.forwarding net.inet.ip.forwarding: 0 $ snmpget freebsd IP-MIB::ipForwarding.0 IP-MIB::ipForwarding.0 = INTEGER: notForwarding(2) $ snmpset freebsd IP-MIB::ipForwarding.0 i 1 Timeout: No Response from freebsd Yep, the agent is dead: $ pgrep snmpd $ The sysctl change took place, however: $ sysctl net.inet.ip.forwarding net.inet.ip.forwarding: 1 I can restart the agent and reverse the change, but snmpd crashes again. Debug on core file: ... Reading symbols from /usr/local/sbin/snmpd... (gdb) core /snmpd.core [New LWP 100412] Core was generated by `/usr/local/sbin/snmpd -p /var/run/net_snmpd.pid'. Program terminated with signal SIGSEGV, Segmentation fault. #0 0x0000000800413426 in netsnmp_arch_ip_scalars_sysctl ( access_module=0x8002d8801 "access:ipForwarding", mib=0x80043dec0 <ipForwarding_mib>, mib_len=4, old_value=0x0, new_value=0x7fffffffd9c0) at ip-mib/data_access/scalars_sysctl.c:45 45 *old_value = oldint; (gdb) quit
This should probably go to the net-snmp developers: http://www.net-snmp.org/support/bugreports.html
Can you share your configuration for snmpd? With default example config, I cannot even do snmpget for ipForwarding: # snmpget -v1 -c public localhost IP-MIB::ipForwarding.0 Did not find 'InetPortNumber' in module INET-ADDRESS-MIB (/usr/local/share/snmp/mibs/TCP-MIB.txt) Did not find 'InetPortNumber' in module INET-ADDRESS-MIB (/usr/local/share/snmp/mibs/UDP-MIB.txt) Did not find 'InetPortNumber' in module INET-ADDRESS-MIB (/usr/local/share/snmp/mibs/SCTP-MIB.txt) Did not find 'InetAddressPrefixLength' in module INET-ADDRESS-MIB (/usr/local/share/snmp/mibs/IP-FORWARD-MIB.txt) Did not find 'InetAutonomousSystemNumber' in module INET-ADDRESS-MIB (/usr/local/share/snmp/mibs/IP-FORWARD-MIB.txt) Error in packet Reason: (noSuchName) There is no such variable name in this MIB. Failed object: IP-MIB::ipForwarding.0
agentaddress tcp::161 agentaddress tcp6::161 agentaddress udp::161 agentaddress udp6::161 proc cron 1 1 proc php-fpm 10 1 proc sendmail 10 disk zroot 1048576 disk /tmp/ 1048576 disk /var/log/ 1048576 disk /usr/home/ 1048576 load 10 8 5 file /var/log/messages 1g file /var/log/all.log 5g rwuser secureRW priv rouser secureRO priv rocommunity insecureRO 203.0.113.0/24 .1.3.6.1.4.1 rocommunity insecureRO 127.0.0.1 rwcommunity insecureRW 203.0.113.0/24 rwcommunity insecureRW 127.0.0.1 syslocation "MWL global datacenter" syscontact mwl@mwl.io sysservices 76
(In reply to Ryan Steinmetz from comment #1) Ryan, there is some problem with configure stage of net-snmp-5.7.3_20,1. The file net-mgmt/net-snmp/Makefile has a line: NET_SNMP_WITHOUT_MIB_MODULE_LIST+= mibII/ipv6 And it builds the daemon without mibII at all: # make configure >log 2>&1 # egrep -i 'mibII|ipv6' log | head -8 NET_SNMP_WITH_MIB_MODULE_LIST="host disman/event-mib mibII/mta_sendmail mibII/tcpTable ucd-snmp/diskio sctp-mib if-mib smux" NET_SNMP_WITHOUT_MIB_MODULE_LIST="mibII/ipv6 host ucd-snmp/memory" checking ipv6 stack type... "kame, yes, using libc" checking for and configuring transport modules to use... Callback Unix Alias TCP UDP TCPIPv6 UDPIPv6 IPv4Base SocketBase TCPBase UDPIPv4Base UDPBase IPv6Base. default_modules disman/event-mib if-mib mibII/mta_sendmail mibII/tcpTable sctp-mib smux ucd-snmp/diskio. default_modules disman/event-mib if-mib mibII/mta_sendmail mibII/tcpTable sctp-mib smux ucd-snmp/diskio snmpv3mibsconfigure: WARNING: mib module error configure: WARNING: mib module 'mibII' requires module 'mibII/ipv6' but someone told me to compile without it mibIIconfigure: WARNING: mib module error
This MIB issue is probably unrelated. Instead you can try $ snmpget freebsd .1.3.6.1.2.1.4.1
(In reply to Marcin Cieślak from comment #5) er, sorry, that does not help
(In reply to Marcin Cieślak from comment #5) It is definitely related as IP-MIB defined as sub-tree of mib-2: ip OBJECT IDENTIFIER ::= { mib-2 4 } $ snmpget -On -v1 -c public localhost .1.3.6.1.2.1.4.1.0 Error in packet Reason: (noSuchName) There is no such variable name in this MIB. Failed object: .1.3.6.1.2.1.4.1.0 $ snmpget -On -v1 -c public localhost .1.3.6.1.2.1.4.1 Error in packet Reason: (noSuchName) There is no such variable name in this MIB. Failed object: .1.3.6.1.2.1.4.1 Comparing with another system running stock bsnmpd: $ snmpget -On -v1 -c XXX syslog .1.3.6.1.2.1.4.1.0 .1.3.6.1.2.1.4.1.0 = INTEGER: notForwarding(2)
I could reproduce this building net-snmp with the following make variables set NET_SNMP_WITHOUT_MIB_MODULE_LIST= mibII mibII/ip mibII/ipv6 mibII/tcpTable NET_SNMP_WITH_MIB_MODULE_LIST= ip-mib
Created attachment 209306 [details] fix crash when setting scalar variables in the ip-mib module This was broken at least since 2012 and probably longer... The patch attached fixes might fix this: radziecki> sudo sysctl net.inet.ip.forwarding=0 net.inet.ip.forwarding: 1 -> 0 radziecki> snmpget -v1 -c public localhost .1.3.6.1.2.1.4.1.0 IP-MIB::ipForwarding.0 = INTEGER: notForwarding(2) radziecki> sudo sysctl net.inet.ip.forwarding=1 net.inet.ip.forwarding: 0 -> 1 radziecki> snmpget -v1 -c public localhost .1.3.6.1.2.1.4.1.0 IP-MIB::ipForwarding.0 = INTEGER: forwarding(1) radziecki> snmpset -v1 -c public localhost .1.3.6.1.2.1.4.1.0 i 1 IP-MIB::ipForwarding.0 = INTEGER: forwarding(1) radziecki> sudo sysctl net.inet.ip.forwarding net.inet.ip.forwarding: 1 radziecki> snmpset -v1 -c public localhost .1.3.6.1.2.1.4.1.0 i 2 IP-MIB::ipForwarding.0 = INTEGER: notForwarding(2) radziecki> sudo sysctl net.inet.ip.forwarding net.inet.ip.forwarding: 0 radziecki> sudo sysctl net.inet.ip.forwarding=1 net.inet.ip.forwarding: 0 -> 1 radziecki> snmpget -v1 -c public localhost .1.3.6.1.2.1.4.1.0 IP-MIB::ipForwarding.0 = INTEGER: forwarding(1)
Port updated to 5.9. Hopefully this fix is included from upstream.