Hello, I am trying to pull data of a APC Smart UPS X with the AP9631 network card.

Here you go: <div class="snippet-clipboard-content notranslate position-relative o

snmpget supports <a href="https://net-snmp.sourceforge.io/wiki/index.php/Debugging_ou

SNMPv3 not working with APC UPS about ruby-netsnmp HOT 11 CLOSED

swisscom commented on September 20, 2024

SNMPv3 not working with APC UPS

from ruby-netsnmp.

Comments (11)

HoneyryderChuck commented on September 20, 2024

Thx for the report. Can you run your example again in debug mode, as per the instructions in the realmente, and post the output here?

from ruby-netsnmp.

mschaf commented on September 20, 2024

Here you go:

irb(main):006:0> NETSNMP::Client.new(host: "10.2.0.60", username: "apc", auth_password: "123456789", auth_protocol: :md5, priv_password: "123456789", priv_protocol: :aes, security_level: :auth_priv, debug_level: 2, debug: $stderr).get("1.3.6.1.2.1.33.1.4.4.1.2.1")

sending probe...

pdu: 3014
	engine_id: 0400 ("")
	context: 0400 ("")
	request: a00e
		request_id: 0204 4579 cce5 ("1165610213")
		error: 0201 ("0")
		error_index: 0201 ("0")
		varbinds: 3000

encoding PDU in V3 message...

security_params: 301d
	engine_id: 0400 ("")
	engine_boots: 0201 ("0")
	engine_time: 0201 ("0")
	username: 0403 6170 ("apc")
	auth_mask: 040c 0000 0000 0000 0000 0000 0000 ("\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000")
	OctetString: 0400 ("")

v3_message: 304d
	message_version: 0201 ("3")
	headers: 3011
		message_id: 0204 4ebe c578 ("1321125240")
		max_message_size: 0203 00ff ("65507")
		message_flags: 0401 ("\x04")
		security_model: 0201 ("3")
	security_params: 041f 301d 0400 0201 0002 0100 0403 6170 6304 0c00 0000 0000 0000 0000 0000 0004 ("0\x1D\x04\x00\x02\x01\x00\x02\x01\x00\x04\x03apc\x04\f\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\x00")
	pdu: 3014
		engine_id: 0400 ("")
		context: 0400 ("")
		request: a00e
			request_id: 0204 4579 cce5 ("1165610213")
			error: 0201 ("0")
			error_index: 0201 ("0")
			varbinds: 3000

304d 0201 0330 1102 044e bec5 7802 0300
ffe3 0401 0402 0103 041f 301d 0400 0201
0002 0100 0403 6170 6304 0c00 0000 0000
0000 0000 0000 0004 0030 1404 0004 00a0
0e02 0445 79cc e502 0100 0201 0030
Traceback (most recent call last):
	31: from /home/martin/.rbenv/versions/2.7.5/bin/irb:23:in `<main>'
	30: from /home/martin/.rbenv/versions/2.7.5/bin/irb:23:in `load'
	29: from /home/martin/.rbenv/versions/2.7.5/lib/ruby/gems/2.7.0/gems/irb-1.4.1/exe/irb:11:in `<top (required)>'
	12: from (irb):6:in `<main>'
	11: from /home/martin/.rbenv/versions/2.7.5/lib/ruby/gems/2.7.0/gems/netsnmp-0.6.3/lib/netsnmp/client.rb:56:in `get'
	10: from /home/martin/.rbenv/versions/2.7.5/lib/ruby/gems/2.7.0/gems/netsnmp-0.6.3/lib/netsnmp/v3_session.rb:18:in `build_pdu'
	 9: from /home/martin/.rbenv/versions/2.7.5/lib/ruby/gems/2.7.0/gems/netsnmp-0.6.3/lib/netsnmp/v3_session.rb:55:in `security_parameters'
	 8: from /home/martin/.rbenv/versions/2.7.5/lib/ruby/gems/2.7.0/gems/netsnmp-0.6.3/lib/netsnmp/v3_session.rb:68:in `probe_for_engine'
	 7: from /home/martin/.rbenv/versions/2.7.5/lib/ruby/gems/2.7.0/gems/netsnmp-0.6.3/lib/netsnmp/session.rb:89:in `send'
	 6: from /home/martin/.rbenv/versions/2.7.5/lib/ruby/gems/2.7.0/gems/netsnmp-0.6.3/lib/netsnmp/session.rb:99:in `recv'
	 5: from /home/martin/.rbenv/versions/2.7.5/lib/ruby/gems/2.7.0/gems/netsnmp-0.6.3/lib/netsnmp/session.rb:108:in `perform_io'
	 4: from /home/martin/.rbenv/versions/2.7.5/lib/ruby/gems/2.7.0/gems/netsnmp-0.6.3/lib/netsnmp/session.rb:108:in `loop'
	 3: from /home/martin/.rbenv/versions/2.7.5/lib/ruby/gems/2.7.0/gems/netsnmp-0.6.3/lib/netsnmp/session.rb:110:in `block in perform_io'
	 2: from /home/martin/.rbenv/versions/2.7.5/lib/ruby/gems/2.7.0/gems/netsnmp-0.6.3/lib/netsnmp/session.rb:100:in `block in recv'
	 1: from /home/martin/.rbenv/versions/2.7.5/lib/ruby/2.7.0/socket.rb:444:in `recvmsg_nonblock'
/home/martin/.rbenv/versions/2.7.5/lib/ruby/2.7.0/socket.rb:444:in `__recvmsg_nonblock': Resource temporarily unavailable - recvmsg(2) would block (IO::EAGAINWaitReadable)
	30: from /home/martin/.rbenv/versions/2.7.5/bin/irb:23:in `<main>'
	29: from /home/martin/.rbenv/versions/2.7.5/bin/irb:23:in `load'
	28: from /home/martin/.rbenv/versions/2.7.5/lib/ruby/gems/2.7.0/gems/irb-1.4.1/exe/irb:11:in `<top (required)>'
	11: from (irb):6:in `<main>'
	10: from /home/martin/.rbenv/versions/2.7.5/lib/ruby/gems/2.7.0/gems/netsnmp-0.6.3/lib/netsnmp/client.rb:56:in `get'
	 9: from /home/martin/.rbenv/versions/2.7.5/lib/ruby/gems/2.7.0/gems/netsnmp-0.6.3/lib/netsnmp/v3_session.rb:18:in `build_pdu'
	 8: from /home/martin/.rbenv/versions/2.7.5/lib/ruby/gems/2.7.0/gems/netsnmp-0.6.3/lib/netsnmp/v3_session.rb:55:in `security_parameters'
	 7: from /home/martin/.rbenv/versions/2.7.5/lib/ruby/gems/2.7.0/gems/netsnmp-0.6.3/lib/netsnmp/v3_session.rb:68:in `probe_for_engine'
	 6: from /home/martin/.rbenv/versions/2.7.5/lib/ruby/gems/2.7.0/gems/netsnmp-0.6.3/lib/netsnmp/session.rb:89:in `send'
	 5: from /home/martin/.rbenv/versions/2.7.5/lib/ruby/gems/2.7.0/gems/netsnmp-0.6.3/lib/netsnmp/session.rb:99:in `recv'
	 4: from /home/martin/.rbenv/versions/2.7.5/lib/ruby/gems/2.7.0/gems/netsnmp-0.6.3/lib/netsnmp/session.rb:108:in `perform_io'
	 3: from /home/martin/.rbenv/versions/2.7.5/lib/ruby/gems/2.7.0/gems/netsnmp-0.6.3/lib/netsnmp/session.rb:108:in `loop'
	 2: from /home/martin/.rbenv/versions/2.7.5/lib/ruby/gems/2.7.0/gems/netsnmp-0.6.3/lib/netsnmp/session.rb:109:in `block in perform_io'
	 1: from /home/martin/.rbenv/versions/2.7.5/lib/ruby/gems/2.7.0/gems/netsnmp-0.6.3/lib/netsnmp/session.rb:112:in `rescue in block in perform_io'
/home/martin/.rbenv/versions/2.7.5/lib/ruby/gems/2.7.0/gems/netsnmp-0.6.3/lib/netsnmp/session.rb:122:in `wait': Timeout after 2 seconds (Timeout::Error)

from ruby-netsnmp.

HoneyryderChuck commented on September 20, 2024

The parameter difference does not seem to be the problem, at least from what I'm looking (although netsnmp could omit username from the probe request). The probe response not arriving on time seems to be the problem. Did you try increasing the :timeout, let's say, to 10, and see whether it's sent back?

from ruby-netsnmp.

mschaf commented on September 20, 2024

Increasing the timeout did not help. With snmpget the ups responds very fast.
I found that the ups is logging unauthorized snmp access attempts, but nothing there is nothing when using netsnmp.
It just returns nothing, I looked at the network at the switch via port mirroring.
However I can access other equipment on the same network with netsnmp just fine.

from ruby-netsnmp.

HoneyryderChuck commented on September 20, 2024

in v3, the client needs to send a "probe request" (a report PDU) and get a response as part of the initial encryption negotiation, before sending the actual GET request.

with netsnmp, the probe is being sent, but no probe response comes back (hence the timeout).

Your wireshark log is not complete, because it does include this initial probe request . Or at least this is my impression by looking at your wireshark log. Can you show the logs for all relevant PDUs? (report request, report response, get request, get response, don't forget to obfuscate actual data I should not be looking at).

from ruby-netsnmp.

mschaf commented on September 20, 2024

This is everthing I captured, just that single packet, I assume this is the probe request.
I will do some digging into the RFCs on the weekend. I guess my best bet is comparing it to the snmpget one and try and get them to be equal until it works.

from ruby-netsnmp.

HoneyryderChuck commented on September 20, 2024

Equality will be possible, due to the randomness involved in encrypting. Maybe what you can do is try with v2, if you can enable it in the box for testing, and see if it works. If it doesn't, there's Smth to do at the network layer. Just hard to figure out next steps without testing it myself.

from ruby-netsnmp.

mschaf commented on September 20, 2024

The ups only has v1 and v3, v1 works just fine.
I will give me the weekend to read into the protocol and debug this.
After that I think I will go down another path, I have not found a good alternative, so far. I am currently leaning towards parsing snmpget 🙈

from ruby-netsnmp.

HoneyryderChuck commented on September 20, 2024

snmpget supports verbose debug output, if that helps you with the troubleshooting further

from ruby-netsnmp.

mschaf commented on September 20, 2024

I figured it out, the ups does not like the msgAuthenticationParameters of the probe request to be 12 zeros but wants it empty. I think this complies with the RFCs, but I am not 100% sure, those are quite hard to read. snmpget does also not include the 12 zeros. I created a pull request with a fix, if you want to include this change.

from ruby-netsnmp.

HoneyryderChuck commented on September 20, 2024

@mschaf just released v0.6.4 with the patch. Sorry for the slow turnaround time, been a busy couple of days.

from ruby-netsnmp.

SNMPv3 not working with APC UPS about ruby-netsnmp HOT 11 CLOSED

Comments (11)

Related Issues (20)

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent