From 73f6022eb3bb8134a3c7d38e719c85794b4a0067 Mon Sep 17 00:00:00 2001 From: martijn Date: Tue, 10 Aug 2021 06:49:33 +0000 Subject: [PATCH] Allow "any" to be used as a listen on address. This is a convenient shorthand for listen on 0.0.0.0 listen on :: and was already the default behaviour if no listen on statement is present. This way it's easier to add additional listeners to the default (like trap receivers). Manpage feedback sthen@ schwarze@ Manpage OK jmc@ OK sthen@ --- usr.sbin/snmpd/parse.y | 97 +++++++++++++++---------------------- usr.sbin/snmpd/snmpd.conf.5 | 22 ++++++--- 2 files changed, 54 insertions(+), 65 deletions(-) diff --git a/usr.sbin/snmpd/parse.y b/usr.sbin/snmpd/parse.y index de88a26c70e..7cf7f383ea4 100644 --- a/usr.sbin/snmpd/parse.y +++ b/usr.sbin/snmpd/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.65 2021/08/09 18:14:53 martijn Exp $ */ +/* $OpenBSD: parse.y,v 1.66 2021/08/10 06:49:33 martijn Exp $ */ /* * Copyright (c) 2007, 2008, 2012 Reyk Floeter @@ -135,8 +135,9 @@ typedef struct { %token STRING %token NUMBER %type hostcmn +%type listenproto listenflag listenflags %type srcaddr port -%type optwrite yesno seclevel listenopt listenopts +%type optwrite yesno seclevel %type objtype cmd %type oid hostoid trapoid %type auth @@ -202,7 +203,7 @@ yesno : STRING { } ; -main : LISTEN ON listenproto +main : LISTEN ON listen_udptcp | engineid_local { if (conf->sc_engineid_len != 0) { yyerror("Redefinition of engineid"); @@ -288,15 +289,16 @@ main : LISTEN ON listenproto } ; -listenproto : UDP listen_udp - | TCP listen_tcp - | listen_udp +listenproto : /* empty */ { $$ = SOCK_DGRAM; } + | UDP { $$ = SOCK_DGRAM; } + | TCP listen_tcp { $$ = SOCK_STREAM; } + ; -listenopts : /* empty */ { $$ = 0; } - | listenopts listenopt { $$ |= $2; } +listenflags : /* empty */ { $$ = 0; } + | listenflags listenflag { $$ |= $2; } ; -listenopt : READ { $$ = ADDRESS_FLAG_READ; } +listenflag : READ { $$ = ADDRESS_FLAG_READ; } | WRITE { $$ = ADDRESS_FLAG_WRITE; } | NOTIFY { $$ = ADDRESS_FLAG_NOTIFY; } | SNMPV1 { $$ = ADDRESS_FLAG_SNMPV1; } @@ -304,71 +306,50 @@ listenopt : READ { $$ = ADDRESS_FLAG_READ; } | SNMPV3 { $$ = ADDRESS_FLAG_SNMPV3; } ; -listen_udp : STRING port listenopts { +listen_udptcp : listenproto STRING port listenflags { struct sockaddr_storage ss[16]; - int nhosts, i; - char *port = $2; + int nhosts, j; + char *address[2], *port = $3; + size_t addresslen = 1, i; if (port == NULL) { - if (($3 & ADDRESS_FLAG_PERM) == + if (($4 & ADDRESS_FLAG_PERM) == ADDRESS_FLAG_NOTIFY) port = SNMPTRAP_PORT; else port = SNMP_PORT; } - nhosts = host($1, port, SOCK_DGRAM, ss, nitems(ss)); - if (nhosts < 1) { - yyerror("invalid address: %s", $1); - free($1); - free($2); - YYERROR; + if (strcmp($2, "any") == 0) { + addresslen = 2; + address[0] = "0.0.0.0"; + address[1] = "::"; + } else { + addresslen = 1; + address[0] = $2; } - if (nhosts > (int)nitems(ss)) - log_warn("%s:%s resolves to more than %zu hosts", - $1, port, nitems(ss)); - free($1); - free($2); - for (i = 0; i < nhosts; i++) { - if (listen_add(&(ss[i]), SOCK_DGRAM, $3) == -1) { - yyerror("calloc"); + for (i = 0; i < addresslen; i++) { + nhosts = host(address[i], port, $1, ss, nitems(ss)); + if (nhosts < 1) { + yyerror("invalid address: %s", $2); + free($2); + free($3); YYERROR; } - } - } - -listen_tcp : STRING port listenopts { - struct sockaddr_storage ss[16]; - int nhosts, i; - char *port = $2; - - if (port == NULL) { - if (($3 & ADDRESS_FLAG_PERM) == - ADDRESS_FLAG_NOTIFY) - port = SNMPTRAP_PORT; - else - port = SNMP_PORT; - } - nhosts = host($1, port, SOCK_STREAM, ss, nitems(ss)); - if (nhosts < 1) { - yyerror("invalid address: %s", $1); - free($1); - free($2); - YYERROR; - } - if (nhosts > (int)nitems(ss)) - log_warn("%s:%s resolves to more than %zu hosts", - $1, port, nitems(ss)); + if (nhosts > (int)nitems(ss)) + log_warn("%s:%s resolves to more than " + "%zu hosts", $2, port, nitems(ss)); - free($1); - free($2); - for (i = 0; i < nhosts; i++) { - if (listen_add(&(ss[i]), SOCK_STREAM, $3) == -1) { - yyerror("calloc"); - YYERROR; + for (j = 0; j < nhosts; j++) { + if (listen_add(&(ss[j]), $1, $4) == -1) { + yyerror("calloc"); + YYERROR; + } } } + free($2); + free($3); } port : /* empty */ { diff --git a/usr.sbin/snmpd/snmpd.conf.5 b/usr.sbin/snmpd/snmpd.conf.5 index 40cf64698b2..745df940d78 100644 --- a/usr.sbin/snmpd/snmpd.conf.5 +++ b/usr.sbin/snmpd/snmpd.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: snmpd.conf.5,v 1.54 2021/08/09 19:13:08 martijn Exp $ +.\" $OpenBSD: snmpd.conf.5,v 1.55 2021/08/10 06:49:33 martijn Exp $ .\" .\" Copyright (c) 2007, 2008, 2012 Reyk Floeter .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: August 9 2021 $ +.Dd $Mdocdate: August 10 2021 $ .Dt SNMPD.CONF 5 .Os .Sh NAME @@ -96,9 +96,20 @@ reduced during bulk updates. The default is .Ic no . .It Ic listen on Oo Ic tcp | udp Oc Ar address Oo Ic port Ar port Oc Op Ar flags -Specify the local address +Specify the local +.Ar address .Xr snmpd 8 -should listen on for incoming SNMP messages. +should listen on for incoming SNMP messages, +or +.Cm any +to listen on all local IPv4 and IPv6 addresses. +Multiple +.Ic listen on +statements are supported. +If no +.Ic listen on +statement is present, the default is +.Ic listen on Cm any . .Pp The .Ar flags @@ -119,9 +130,6 @@ Enables SNMPv2c subsystem on the listen address. Enables SNMPv3 subsystem on the listen address. .El .Pp -Multiple -.Ic listen on -statements are supported. The default protocol is .Ic udp . The default -- 2.20.1