summaryrefslogtreecommitdiff
path: root/AGENT.txt
diff options
context:
space:
mode:
Diffstat (limited to 'AGENT.txt')
-rw-r--r--AGENT.txt1171
1 files changed, 1171 insertions, 0 deletions
diff --git a/AGENT.txt b/AGENT.txt
new file mode 100644
index 0000000..37eb279
--- /dev/null
+++ b/AGENT.txt
@@ -0,0 +1,1171 @@
+Note, this is based on the text from a web page, which can be found in
+the documentation section of the http://www.net-snmp.org web page.
+
+Extending the UCD-SNMP agent
+============================
+
+This document describes the procedure for writing code to extend
+the functionality of the v4 UCD-SNMP network management agent.
+Modules written using this procedure should also work with the v5
+Net-SNMP agent, though such modules would not take advantage of the
+new handler-based helper mechanism. See the on-line documentation
+for more information and examples of the newer approach.
+We would be very interested in comment and feedback about how useful
+(or otherwise) you find this description, and ways in which it could
+be improved.
+
+The information is designed to be read in order - the structure being:
+
+ 1. Overview & Introduction
+ 2. MIB files, and how they relate to the agent implementation
+ 3. Header files
+ 4. The basic structure of module implementation code
+ 5. The details of non-table based implementations
+ 6. The details of simple table based implementations
+ 7. The details of more general table based implementations
+ 8. How to implement SET-able variables
+
+While the document is intended to be generally self-contained,
+it does occasionally refer to code files shipped with the main UCD
+distribution (in particular the example module), and it may prove
+useful to have these files available for reference.
+
+1. How to write a Mib module
+============================
+
+Introduction
+------------
+
+The design of the UCD SNMP agent has always been shaped by the desire to be
+able to extend its functionality by adding new modules. One of the earliest
+developments from the underlying CMU code base was the ability to call
+external scripts, and this is probably the simplest method of extending the
+agent.
+However, there are circumstances where such an approach is felt to be
+inappropriate - perhaps from considerations of speed, access to the
+necessary data, reliability or elegance. In such cases, the obvious solution
+is to provide C code that can be compiled into the agent itself to implement
+the desired module. Many of the more recent developments in the code
+structure have been intended to ease this process. In particular, one of the
+more recent additions to the suite is the tool mib2c. This is designed to
+take a portion of the MIB tree (as defined by a MIB file) and generate the
+code skeleton necessary to implement this. This document will cover the use
+mib2c, as well as describing the requirements and functionality of the code
+in more detail.
+
+In order to implement a new MIB module, three files are necessary, and these
+will be considered in turn. Note that, by the very nature of the task, this
+document cannot cover the details of precisely how to obtain the necessary
+information from the operating system or application. Instead, it describes
+the code framework that is needed, freeing the implementer from needing to
+understand the detailed internals of the agent, and allowing them to
+concentrate on the particular problem in hand.
+
+It may prove useful to examine some of the existing module implementations
+and examples in the light of this description, and suitable examples will be
+referred to at the appropriate points. However, it should be remembered that
+the UCD agent seeks to support a wide variety of systems, often with
+dramatically differing implementations and interfaces, and this is reflected
+in the complexity of the code. Also, the agent has developed gradually over
+the years, and there is often some measure of duplication or redundancy as a
+result.
+As the FAQ states, the official slogan of the UCD-SNMP developers is
+
+ The current implementation is non-obvious and may need to be
+ improved.
+
+This document describes the ideal, straightforward cases - real life is
+rarely so simple, and the example modules may prove easier to follow at a
+first reading.
+It is also advisable to have a compiled and installed implementation
+available before starting to extend the agent. This will make debugging and
+testing the agent much easier.
+
+A note regarding terminology - the word "module" is widely used throughout
+this document, with a number of different meanings.
+
+ * support for a new MIB,
+ i.e. the whole of the functionality that is required. This is usually
+ termed a MIB module;
+ * a self-contained subset of this, implemented as a single unit.
+ This is usually termed an implementation module (or simply "a module");
+ * the combination of such subsets, usually termed a module group.
+
+Note that the first and third of these are often synonymous - the
+difference being that a MIB module refers to the view from outside the
+agent, regarding this as a seamless whole and hiding the internal
+implementation. A "module group" is used where the internal structure is of
+more relevance, and recognises the fact that the functionality may be
+provided by a number of co-operating implementation modules.
+
+Anyway, enough waffle - on with the details: The three files needed are
+
+ * a MIB definition file;
+ * a C header file;
+ * a C implementation file.
+
+The next part looks at the MIB definition file, and how this impacts on the
+agent implementation.
+
+2. The MIB File
+===============
+
+The first file needed is the MIB file that defines the MIB module to be
+implemented.
+Strictly speaking, this is not absolutely necessary, as the agent itself
+does not make any direct use of the MIB definitions. However, it is
+advisable to start with this for three reasons:
+
+ * It provides an initial specification for what is to be implemented.
+ Code development is always easier if you know what you are meant to be
+ writing!
+ * If the new MIB file is read in with the other MIB files,
+ this lets the applications provided with the suite be used to test the
+ new agent, and report (hopefully meaningful) symbolic OIDs and values,
+ rather than the bare numeric forms.
+ (N.B: Remember to tell the application to load the new MIB. See the
+ relevant question in the FAQ)
+ * The tool mib2c uses this description to produce the two code files.
+ This is by far the easiest way to develop a new module.
+ (Note that the v5 version of mib2c is generally similar, but does
+ not correspond exactly to the v4 version described here)
+
+If the intention is to implement a 'standard' MIB module, or a
+vendor-specific one, then the construction of this file will have already
+been done for you. If the intention is to provide a totally new, private
+module, then you will need to write this yourself, in addition to the agent
+code files.
+A description of MIB file format and syntax is beyond the scope of this
+document, and most books on SNMP management should provide some information
+on this subject. One book which concentrates on this is
+
+ Understanding SNMP MIBS
+ (Perkins & McGinnis, Prentice Hall, ISBN 0-13-437708-7).
+
+This blatant plug is wholly unrelated to the fact that David Perkins is an
+active member of the development group, and is regarded as our resident
+"protocol guru and policeman". (In fact, this book concentrates on MIB
+files in rather more detail than is appropriate in more general SNMP works).
+Information on other books covering SNMP and Network Management more generally
+is available on the SimpleWeb site (among other places).
+See the FAQ for more details.
+
+Assigned OID numbers
+--------------------
+
+One word of advice - even if you are developing a totally private MIB
+module, you will still need to position this somewhere within the overall
+MIB tree. Please do NOT simply choose a location "at random". Any such is
+likely to have either been assigned to some other organisation, or may be so
+assigned some time in the future. However much you may regard your project
+as a totally internal affair, such projects have a tendency to exceed their
+expected scope, both in terms of lifetime and distribution (not to mention
+the potential OID clash if you subsequently need to use elements from the
+legitimate owner's tree).
+It is simple and cheap (i.e. free!) to obtain your own official segment of
+the MIB tree (see http://www.iana.org for an application form), and having
+done so, you then have complete global authority over it. If you have
+problems with this, it's worth contacting the development team (email:
+net-snmp-coders@lists.sourceforge.net) for advice. Please do think to the
+future, and be a good Net citizen by using a legitimately assigned OID as
+the root of your new MIB.
+
+MIB division
+------------
+
+The next point to consider, whether writing by hand or using mib2c,
+implementing an existing MIB, or writing a new one, is whether and how to
+divide up the MIB tree. This is a purely internal implementation decision,
+and will not be visible to management applications querying the agent. A
+sensible choice of partitioning will result in a simpler, clearer
+implementation, which should ease both the initial development and
+subsequent maintenance of the module.
+Unfortunately, this choice is one of the module-specific decisions, so must
+be made on a case-by-case basis. For a simple, self-contained module, it may
+well be reasonable to implement the module as a single block (examples
+include the SNMP statistics subtree RFC 1907 or the TCP subtree RFC 2011).
+More complex and diverse modules (such as the Host Resources MIB - RFC 1514)
+are more naturally considered as a number of individual sub-modules.
+Some guidelines to bear in mind when deciding on this division:
+
+ * A MIB sub-tree consisting purely of scalar objects with a common
+ OID prefix would normally be handled in a single implementation module;
+ * Separate scalar subtrees would normally be in different implementation
+ modules;
+ * A table can either be handled within the same implementation module
+ as related scalar objects in the same subtree, or in a separate
+ implementation module;
+ * Variables that rely on the same underlying data structure to retrieve
+ their values, should probably be in the same implementation module (and
+ conversely, (though less so) those that don't, shouldn't).
+
+As an initial rule of thumb, a good initial division is likely to be
+obtained by treating each table and each scalar sub-tree separately. This
+can be seen in the current agent, where most of the MIB-II modules (RFC
+1213) are implemented in separate files (see the files under mibgroup/mibII).
+Note that many of these combine scalar and table handling in the same file,
+though they are implemented using separate routines.
+ This is also the approach used by mib2c, which constructs a single pair of
+code files, but uses a separate routine for each table (and another for all
+the scalar variables).
+ Ultimately, the final consideration (concerning the underlying data) is
+the most important, and should guide the basic division. For example, the
+Host Resources Running Software and Running Software Performance modules,
+while separate in the MIB tree, use the same underlying kernel data and so
+are implemented together.
+
+MIB name
+--------
+
+The final requirement at this stage is to choose a name for each
+implementation module. This should be reasonably short, meaningful, unique
+and unlikely to clash with other (existing or future) modules. Mib2c uses
+the label of the root node of the MIB sub-tree as this name, and this is a
+reasonable choice in most cases.
+Recent changes to the agent code organisation have introduced the idea of
+module groups of related implementation modules. This is used, for example,
+to identify the constituent modules of a 'split' MIB (such as the Host
+Resources MIB), or those relating to a particular organisation (such as
+UCD).
+As with the division, this naming and grouping is a purely internal matter,
+and is really only visible when configuring and compiling the agent.
+
+So much for the MIB file. The next part considers the C header file.
+
+3. The C code header file
+=========================
+
+If the MIB file is the definition of the module for external network
+management applications (where applications includes network management
+personnel!), then the header file has traditionally served effectively the
+same purpose for the agent itself.
+Recent changes to the recommended code structure has resulted in the header
+file becoming increasingly simpler. It now simply contains definitions of the
+publically visible routines, and can be generated completely by mib2c.
+
+Function prototypes
+-------------------
+
+For those interested in the details of this file (for example, if coding a
+module by hand), then the details of these definitions are as follows. Every
+header file will have the following two function prototype definitions
+
+ extern void init_example (void);
+ extern FindVarMethod var_example;
+
+If the module includes any tables, or other collections of variables that
+are implemented in separate routines, then this second definition will be
+repeated for each of these.
+In addition, if any of the variables can be SET (and it is intended to
+implement them as such), there will be a function prototype definitions for
+each of these, of the form:
+
+ extern WriteMethod write_varName;
+
+These prototypes are in fact typedef'ed in <agent/snmp_vars.h>.
+
+Module dependencies
+-------------------
+
+This header file is also used to inform the compilation system of any
+dependancies between this module and any others. There is one utility module
+which is required by almost every module, and this is included using the
+directive
+
+ config_require( util_funcs )
+
+(which is produced automatically by mib2c). This same syntax can be used to
+trigger the inclusion of other related modules. An example of this can be
+seen in mibII/route_write.h which relies on the mibII/ip module, thus:
+
+ config_require( mibII/ip )
+
+One use of this directive is to define a module group, by supplying a header
+file consisting exclusively of such config_require directives. It can then
+be included or excluded from the agent very simply. Examples of this can be
+seen in mibgroup/mibII.h or mibgroup/host.h, which list the consituent
+sub-modules of the MIB-II and Host Resources MIBs respectively.
+
+MIB file information
+--------------------
+
+Most of the information in this file is (understandably) aimed at the network
+management agent itself. However, there is one common header file directive
+that is actually intended to affect the utility commands that are included
+within the full distribution:
+
+ config_add_mib( HOST-RESOURCES-MIB )
+
+ This is used to add the MIB file being implemented to the default list of
+MIBs loaded by such commands. This means that querying the agent will return
+informative names and values, rather than the raw numeric forms that SNMP
+actually works with. Of course, it is always possible for the utilities
+to specify that this MIB should be loaded anyway. But specifying this file
+within the module header file is a useful hint that a particular MIB should
+be loaded, without needing to ask for it explicitly.
+ Note that this will only affect the binaries compiled as part of the same
+configuration run. It will have no effect on pre-installed binaries, or
+those compiled following a different configuration specification.
+
+Magic Numbers
+-------------
+
+The other common element within the header file defines a set of "magic
+numbers" - one for each object within the implementation module. In fact,
+this can equally well appear within the main code file, as part of the
+variable structure (which will be described in the next part).
+ This is the technique used by mib2c, but most handcrafted modules have
+tended to define these as part of the header file, probably for clarity.
+
+ The only necessity is that the names and values are distinct (or more
+precisely, the values are distinct within a single variable handling routine).
+In practise, they tend to be defined using integers incrementing from 1,
+or as the same as the final sub-identifier of the corresponding MIB object
+(or indeed both, as these are frequently themselves successive integers).
+ This is not mandatory, and a counter-example can be seen in the
+example module, where two of the object form a sub-tree, and the corresponding
+magic numbers are based on the final *two* sub-identifiers (to ensure that
+the values are unique). But this construction is definitely unusual, and
+the majority of modules simply use successive integers.
+
+Header file protection
+----------------------
+
+Normally, the only other contents of the header file will be the
+#ifndef/#define/#endif statements surrounding the whole file. This is used
+to ensure that the header file is only included once by any source code file
+(or more accurately, that there is no effect if it is inadvertantly included
+a second time).
+Again, as with the rest of the header file, this is generated automatically
+by mib2c.
+
+Having finished all the preparatory work (or let mib2c deal with it), the
+next part starts to look at the code file that actually implements the
+module.
+
+4. Core structure of the implementation code
+============================================
+
+The core work of implementing the module is done in the C code file. As
+indicated earlier, much of the detail of this will be dependent on the
+particular module being implemented, and this can only be described by the
+individual programmer concerned.
+However, there is a fairly clearly defined framework that the implementation
+will need to follow, though this varies slightly depending on the style of
+the module being implemented (in particular whether it forms a table or a
+series of individual values). The differences will be covered in the
+following pages, but we first need to consider the overall shape of the
+framework, and the elements that are common to all styles. These are
+essentially the compulsory routines, the common header definitions, and
+assorted initialisation code.
+As with the header file, most of this will be generated automatically by
+mib2c.
+
+Standard includes
+-----------------
+
+Certain header files are either compulsory, or required so frequently that
+they should be included as a matter of course. These are as follows:
+
+ #include <config.h> // local SNMP configuration details
+ #include "mib_module_config.h" // list of which modules are supported
+ #if HAVE_STDLIB_H
+ #include <stdlib.h>
+ #endif
+ #if HAVE_STRING_H
+ #include <string.h>
+ #else
+ #include <strings.h>
+ #endif
+
+ #include <sys/types.h>
+
+All of these will usually be the first files to be included.
+
+ #include "mibincl.h" // Standard set of SNMP includes
+ #include "util_funcs.h" // utility function declarations
+ #include "read_config.h" // if the module uses run-time
+ // configuration controls
+ #include "auto_nlist.h" // structures for a BSD-based
+ // kernel using nlist
+ #include "system.h"
+
+ #include "name.h" // the module-specific header
+
+These conventionally come at the end of the list of includes. In between
+will come all the standard system-provided header files required for the
+library functions used in the file.
+
+Module definition
+-----------------
+
+Much of the code defining the contents of the MIB has traditionally been
+held in the header file. However, much of this has slowly migrated to the
+code file, and this is now the recommended location for it (as typified by
+the output of mib2c).
+ The main element of this is a variable structure specifying the details of
+the objects implemented. This takes the form of an unconstrained array of
+type struct variableN (where N is the length of the longest suffix in the
+table). Thus
+
+ struct variable2 example_variables[] = {
+ <individual entries go here>
+ };
+
+Each entry corresponds to one object in the MIB tree (or one column in the
+case of table entries), and these should be listed in increasing OID order.
+A single entry consists of six fields:
+
+ * a magic number (the #defined integer constant described above)
+ * a type indicator (from the values listed in <snmplib/snmp_impl.h>)
+ * an access indicator (essentially NETSNMP_OLDAPI_RWRITE or
+ NETSNMP_OLDAPI_RONLY)
+ * the name of the routine used to handle this entry
+ * the length of the OID suffix used, and
+ * an array of integers specifying this suffix (more on this in a moment)
+
+Thus a typical variable entry would look like:
+
+ { EXAMPLESTRING, ASN_OCTET_STR, NETSNMP_OLDAPI_RONLY,
+ var_example, 1, {1}}
+
+If the magic numbers have not been defined in the header file, then they
+should be defined here, usually comming immediately before the corresponding
+variable entry. This is the technique used by mib2c.
+
+Note that in practise, only certain sizes of the structure variableN
+are defined (listed in <agent/var_struct.h>), being sufficient to meet the
+common requirements. If your particular module needs a non-supported value,
+the easiest thing is simply to use the next largest value that is supported.
+
+The module also needs to declare the location within the MIB tree where
+it should be registered. This is done using a declaration of the form
+
+ oid example_variables_oid[] = { 1,3,6,1,4,1,2021,254 }
+
+where the contents of the array give the object identifier of the root of
+the module.
+
+Module initialisation
+---------------------
+
+Many modules require some form of initialisation before they can start
+providing the necessary information. This is done by providing a routine
+called init_{name} (where {name} is the name of the module).
+This routine is theoretically optional, but in practise is required to
+register this module with the main agent at the very least. This specifies
+the list of variables being implemented (from the variableN structure)
+and declare where these fit into the overall MIB tree.
+
+This is done by using the REGISTER_MIB macro, as follows:
+
+ REGISTER_MIB( "example", example_variables, variable2,
+ example_variables_oid );
+
+where "example" is used for identification purposed (and is usually the name
+being used for the module), example_variables is the structure defining the
+variables being implemented, variable2 is the type used for this structure,
+and example_variables_oid is the location of the root.
+
+In fact, this macro is simply a wrapper round the routine register_mib(),
+but the details of this can safely be ignored, unless more control over the
+registration is required.
+
+One common requirement, particularly on older operating systems or for the
+more obscure areas of the system, is to be able to read data directly from
+kernel memory. The preparation for this is typically done here by one or
+more statements of the form
+
+ #ifdef {NAME}_SYMBOL
+ auto_nlist( {NAME}_SYMBOL, 0, 0);
+ #endif
+
+where {NAME}_SYMBOL is defined as part of the system-specific configuration,
+to be the name of the appropriate kernel variable or data structure. (The
+two 0 values are because the kernel information is simply being primed at
+this point - this call will be reused later when the actual values are
+required). Note that this is probably the first thing described so far which
+isn't provided by mib2c!
+
+Other possibilities for initialisation may include registering config file
+directive handlers (which are documented in the read_config(5) man page), and
+registering the MIB module (either in whole or in part) in the sysOR table.
+The first of these is covered in the example module, and the second in many
+of the other modules within the main UCD distribution.
+
+Variable handling
+-----------------
+
+The other obligatory routine is that which actually handles a request for a
+particular variable instance. This is the routine that appeared in the
+variableN structure, so while the name is not fixed, it should be the same
+as was used there.
+This routine has six parameters, which will be described in turn.
+
+Four of these parameters are used for passing in information about the
+request, these being:
+
+ struct variable *vp;
+ // The entry in the variableN array from the
+ // header file, for the object under consideration.
+ // Note that the name field of this structure has been
+ // completed into a fully qualified OID, by prepending
+ // the prefix common to the whole array.
+ oid *name; // The OID from the request
+ int *length; // The length of this OID
+ int exact; // A flag to indicate whether this is an exact
+ // request (GET/SET) or an 'inexact' one (GETNEXT)
+
+Four of the parameters are used to return information about the answer.
+The function also returns a pointer to the actual data for the variable
+requested (or NULL if this data is not available for any reason).
+The other result parameters are:
+
+ oid *name; // The OID being returned
+ int *length; // The length of this OID
+ int *var_len; // The length of the answer being returned
+ WriteMethod **write_method;
+ // A pointer to the SET function for this variable
+
+Note that two of the parameters (name and length) serve a dual purpose,
+being used for both input and output.
+
+The first thing that this routine needs to do is to validate the request, to
+ensure that it does indeed lie in the range implemented by this particular
+module. This is done in slightly different ways, depending on the style of
+the module, so this will be discussed in more detail later.
+ At the same time, it is common to retrieve some of the information needed
+for answering the query.
+
+Then the routine uses the Magic Number field from the vp parameter to determine
+which of the possible variables being implemented is being requested. This is
+done using a switch statement, which should have as many cases as there are
+entries in the variableN array (or more precisely, as many as specify this
+routine as their handler), plus an additional default case to handle an
+erroneous call.
+Each branch of the switch statement needs to ensure that the return
+parameters are filled in correctly, set up a (static) return variable with
+the correct data, and then return a pointer to this value. These can be done
+separately for each branch, or once at the start, being overridden in
+particular branches if necessary.
+
+In fact, the default validation routines make the assumption that the
+variable is both read-only, and of integer type (which includes the COUNTER
+and GAUGE types among others), and set the return paramaters write_method and
+var_len appropriately. These settings can then be corrected for those cases
+when either or both of these assumptions are wrong. Examples of this can be
+seen in the example module.
+EXAMPLEINTEGER is writeable, so this branch sets the write_method parameter,
+and EXAMPLEOBJECTID is not an integer, so this branch sets the var_len
+parameter. In the case of EXAMPLESTRING, both assumptions are wrong, so this
+branch needs to set both these parameters explicitly.
+
+Note that because the routine returns a pointer to a static result, a
+suitable variable must be declared somewhere for this. Two global variables
+are provided for this purpose - long_return (for integer results) and
+return_buf (for other types). This latter is a generic array (of type
+u_char) that can contain up to 256 bytes of data. Alternatively, static
+variables can be declared, either within the code file, or local to this
+particular variable routine. This last is the approach adopted by mib2c,
+which defines four such local variables, (long_ret, string, objid and c64).
+
+Mib2c requirements
+------------------
+
+Most of the code described here is generated by mib2c. The main exceptions
+(which therefore need to be provided by the programmer) are
+
+ * Any initialisation, other than the basic registration
+ (including kernel data initialisation, config file handling, or sysOR
+ registration).
+ * Retrieving the necessary data, and setting the appropriate return
+ value correctly.
+ * The var_len (and possibly write_method) return parameters for variable
+ types that are not recognised by mib2c
+ * The contents of any write routines (see later).
+
+Everything else should be useable as generated.
+
+This concludes the preliminary walk-through of the general structure of the
+C implementation. To fill in the details, we will need to consider the
+various styles of module separately. The next part will look at scalar (i.e.
+non-table based) modules.
+
+5. Non-table-based modules
+==========================
+
+Having looked at the general structure of a module implementation, it's now
+time to look at this in more detail. We'll start with the simplest style of
+module - a collection of independent variables. This could easily be
+implemented as a series of completely separate modules - the main reason for
+combining them is to avoid the proliferation of multiple versions of very
+similar code.
+
+Recall that the variable handling routine needs to cover two distinct
+purposes - validation of the request, and provision of the answer. In this
+style of module, these are handled separately. Once again, mib2c does much
+of the donkey work, generating the whole of the request validation code (so
+the description of this section can be skipped if desired), and even
+providing a skeleton for returning the data. This latter still requires some
+input from the programmer, to actually return the correct results (rather
+than dummy values).
+
+Request Validation
+------------------
+
+This is done using a standard utility function header_generic. The
+parameters for this are exactly the same as for the main routine, and are
+simply passed through directly. It returns an integer result, as a flag to
+indicate whether the validation succeeded or not.
+If the validation fails, then the main routine should return immediately,
+leaving the parameters untouched, and indicate the failure by returning a
+NULL value. Thus the initial code fragment of a scalar-variable style
+implementation will typically look like:
+
+ u_char *
+ var_system(vp, name, length, exact, var_len, write_method)
+ {
+ if (header_generic(vp, name, length, exact, var_len, write_method)
+ == MATCH_FAILED )
+ return NULL;
+
+ [ etc, etc, etc ]
+ }
+
+Although the utility function can be used as a "black box", it's worth
+looking more closely at exactly what it does (since the table-handling
+modules will need to do something fairly similar). It has two (or possibly
+three) separate functions:
+
+ * checking that the request is valid,
+ * setting up the OID for the result,
+ * and (optionally) setting up default values for the other return
+ parameters.
+
+In order to actually validate the request, the header routine first needs to
+construct the OID under consideration, in order to compare it with that
+originally asked for. The driving code has already combined the OID prefix
+(constant throughout the module) with the entry-specific suffix, before
+calling the main variable handler. This is available via the name field of
+the parameter vp. For a scalar variable, completing the OID is therefore
+simply a matter of appending the instance identifier 0 to this. The full OID
+is built up in a local oid array newname defined for this purpose.
+This gives the following code fragment:
+
+ int
+ header_generic(vp, name, length, exact, var_len, write_method)
+ {
+ oid newname[MAX_OID_LEN];
+
+ memcpy((char *)newname, (char *)vp->name,
+ (int)vp->namelen * sizeof(oid));
+ newname[ vp->namelen ] = 0;
+
+ :
+ }
+
+Having formed the OID, this can then be compared against the variable
+specified in the original request, which is available as the name parameter.
+This comparison is done using the snmp_oid_compare function, which takes the
+two OIDs (together with their respective lengths), and returns -1, 0 or 1
+depending on whether the first OID precedes, matches or follows the second.
+
+In the case of an 'exact' match (i.e. a GET/SET/etc), then the request is
+only valid if the two OIDs are identical (snmp_oid_compare returns 0). In
+the case of a GETNEXT (or GETBULK) request, it's valid if the OID being
+considered comes after that of the original request (snmp_oid_compare
+returns -1).
+
+This gives the code fragment
+
+ result = snmp_oid_compare(name, *length, newname, (int)vp->namelen + 1);
+ // +1 because of the extra instance sub-identifier
+ if ((exact && (result != 0)) // GET match fails
+ || (!exact && (result >= 0))) // GETNEXT match fails
+ return(MATCH_FAILED);
+
+Note that in this case, we're only interested in the single variable
+indicated by the vp parameter. The fact that this module may well implement
+other variables as well is ignored. The 'lexically next' requirement of the
+GETNEXT request is handled by working through the variable entries in order
+until one matches. And yes, this is not the most efficient implementation
+possible!
+Note that in releases prior to 3.6, the snmp_oid_compare function was called
+simply compare.
+
+Finally, having determined that the request is valid, this routine must
+update the name and length parameters to return the OID being processed. It
+also sets default values for the other two return parameters.
+
+ memcpy( (char *)name,(char *)newname,
+ ((int)vp->namelen + 1) * sizeof(oid));
+ *length = vp->namelen + 1;
+ *write_method = 0; // Non-writeable
+ *var_len = sizeof(long); // default to integer results
+ return(MATCH_SUCCEEDED);
+
+These three code fragments combine to form the full header_generic code
+which can be seen in the file util_funcs.c
+
+Note: This validation used to be done using a separate function for each
+module (conventionally called header_{name}), and many modules may still be
+coded in this style. The code for these are to all intents and purposes
+identical to the header_generic routine described above.
+
+Data Retrieval
+--------------
+
+The other main job of the request handling routine is to retrieve any
+necessary data, and return the appropriate answer to the original request.
+This must be done even if mib2c is being used to generate the framework of
+the implementation. As has been indicated earlier, the different cases are
+handled using a switch statement, with the Magic Number field of the vp
+parameter being used to distinguish between them.
+The data necessary for answering the request can be retrieved for each
+variable individually in the relevant case statement (as is the case with
+the system group), or using a common block of data before processing the
+switch (as is done for the ICMP group, among others).
+
+With many of the modules implemented so far, this data is read from a kernel
+structure. This can be done using the auto_nlist routine already mentioned,
+providing a variable in which to store the results and an indication of its
+size (see the !HAVE_SYS_TCPIPSTATS_H case of the ICMP group for an example).
+Alternatively, there may be ioctl calls on suitable devices, specific system
+calls, or special files that can be read to provide the necessary
+information.
+
+If the available data provides the requested value immediately, then the
+individual branch becomes a simple assignment to the appropriate static
+return variable - either one of the global static variables (e.g. long_return)
+or the local equivalents (such as generated by mib2c).
+Otherwise, the requested value may need to be calculated by combining two or
+more items of data (e.g. IPINHDRERRORS in mibII/ip.c) or by applying a
+mapping or other calculation involving available information (e.g.
+IPFORWARDING from the same group).
+
+In each of these cases, the routine should return a pointer to the result
+value, casting this to the pseudo-generic (u_char *)
+
+So much for the scalar case. The next part looks at how to handle simple
+tables.
+
+6. Simple tables
+================
+
+Having considered the simplest style of module implementation, we now turn
+our attention to the next style - a simple table. The tabular nature of
+these is immediately apparent from the MIB definition file, but the
+qualifier "simple" deserves a word of explanation.
+A simple table, in this context, has four characteristics:
+
+ 1. It is indexed by a single integer value;
+ 2. Such indices run from 1 to a determinable maximum;
+ 3. All indices within this range are valid;
+ 4. The data for a particular index can be retrieved directly
+ (e.g. by indexing into an underlying data structure).
+
+If any of the conditions are not met, then the table is not a pure simple
+one, and the techniques described here are not applicable. The next section
+of this guide will cover the more general case. (In fact, it may be possible
+to use the bulk of the techniques covered here, though special handling will
+be needed to cope with the invalid assumption or assumptions). Note that
+mib2c assumes that all tables are simple.
+
+As with the scalar case, the variable routine needs to provide two basic
+functions - request validation and data retrieval.
+
+Validation
+----------
+
+This is provided by the shared utility routine header_simple_table. As with
+the scalar header routine, this takes the same parameters as the main
+variable routine, with one addition - the maximum valid index. Mib2c
+generates a dummy token for this, which must be replaced by the appropriate
+value.
+As with the header routine, it also returns an indication of whether the
+request was valid, as well as setting up the return parameters with the
+matching OID information, and defaults for var_len and write_method.
+Note that in releases prior to 3.6, this job was performed by the routine
+checkmib. However, the return values of this were the reverse of those for
+generic_header and header_simple_table. A version of checkmib is still
+available for compatability purposes, but you are encouraged to use
+header_simple_table instead.
+
+The basic code fragment (see ucd-snmp/disk.c) is therefore of the form:
+
+ unsigned char *
+ var_extensible_disk(vp, name, length, exact, var_len, write_method)
+ {
+ if (header_simple_table(vp,name,length,exact,var_len,write_method,numdisks)
+ == MATCH_FAILED)
+ return(NULL);
+
+ [ etc, etc, etc ]
+
+ }
+
+Note that the maximum index value parameter does not have to be a
+permanently fixed constant. It specifies the maximum valid index at the time
+the request is processed, and a subsequent request may have a different
+maximum.
+An example of this can be seen in mibII/sysORTable.c where the table is held
+purely internally to the agent code, including its size (and hence the
+maximum valid index). This maximum could also be retrieved via a system
+call, or via a kernel data variable.
+
+Data Retrieval
+--------------
+
+As with the scalar case, the other required function is to retrieve the data
+requested. However, given the definition of a simple table this is simply a
+matter of using the single, integer index sub-identifier to index into an
+existing data structure. This index will always be the last index of the OID
+returned by header_simple_table, so can be obtained as name[*length-1].
+A good example of this type of table can be seen in ucd-snmp/disk.c
+
+With some modules, this underlying table may be relatively large, or only
+accessible via a slow or cumbersome interface. The implementation described
+so far may prove unacceptably slow, particularly when walking a MIB tree
+requires the table to be loaded afresh for each variable requested.
+
+In these circumstances, a useful technique is to cache the table when it is
+first read in, and use that cache for subsequent requests. This can be done
+by having a separate routine to read in the table. This uses two static
+variables, one a structure or array for the data itself, and the other an
+additional timestamp to indicate when the table was last loaded. When a call
+is made to this routine to "read" the table, it can first check whether the
+cached table is "new enough". If so, it can return immediately, and the
+system will use the cached data.
+Only if the cached version is sufficiently old that it's probably out of
+date, is it necessary to retrieve the current data, updating the cached
+version and the timestamp value.
+This is particularly useful if the data itself is relatively static, such as
+a list of mounted filesystems. There is an example of this technique in the
+Host Resources implementation.
+
+As with the scalar case, mib2c simply provides placeholder dummy return
+values. It's up to the programmer to fill in the details.
+
+The next part concludes the examination of the detailed implementation by
+looking at more general tables.
+
+7. General Tables
+=================
+
+Some table structures are not suitable for the simple table approach, due to
+the failure of one or more of the assumptions listed earlier. Perhaps they
+are indexed by something other than a single integer (such as a 4-octet IP
+address), or the maximum index is not easily determinable (such as the
+interfaces table), or not all indices are valid (running software), or the
+necessary data is not directly accessible (interfaces again).
+In such circumstances, a more general approach is needed. In contrast with
+the two styles already covered, this style of module will commonly combine
+the two functions of request validation and data retrieval. Note that mib2c
+will assume the simple table case, and this will need to be corrected.
+
+General table algorithm
+-----------------------
+
+The basic algorithm is as follows:
+
+ Perform any necessary initialization, then walk through the
+ underlying instances, retrieving the data for each one, until the
+ desired instance is found. If no valid entry is found, return
+ failure.
+
+For an exact match (GET and similar), identifying the desired instance is
+trivial - construct the OID (from the 'vp' variable parameter and the index
+value or values), and see whether it matches the requested OID.
+For GETNEXT, the situation is not quite so simple. Depending on the
+underlying representation of the data, the entries may be returned in the
+same order as they should appear in the table (i.e. lexically increasing by
+index). However, this is not guaranteed, and the natural way of retrieving
+the data may be in some "random" order. In this case, then the whole table
+needs to be traversed for each request. in order to determine the
+appropriate successor.
+This random order is the worst case, and dictates the structure of the code
+used in most currently implemented tables. The ordered case can be regarded
+as a simplification of this more general one.
+
+The algorithm outlined above can now be expanded into the following
+pseudo-code:
+
+ Init_{Name}_Entry(); // Perform any necessary initialisation
+
+ while (( index = Get_Next_{Name}_Entry() ) != EndMarker ) {
+ // This steps through the underlying table,
+ // returning the current index,
+ // or some suitable end-marker when all
+ // the entries have been examined.
+ // Note that this routine should also return the
+ // data for this entry, either via a parameter
+ // or using some external location.
+
+ construct OID from vp->name and index
+ compare new OID and request
+ if valid {
+ save current data
+ if finished // exact match, or ordered table
+ break; // so don't look at any more entries
+
+ }
+
+ // Otherwise, we need to loop round, and examine
+ // the next entry in the table. Either because
+ // the entry wasn't valid for this request,
+ // or the entry was a possible "next" candidate,
+ // but we don't know that there isn't there's a
+ // better one later in the table.
+ }
+
+ if no saved data // Nothing matched
+ return failure
+
+ // Otherwise, go on to the switch handling
+ // we've already covered in the earlier styles.
+
+This is now very close to the actual code used in many current
+implementations (such as the the routine header_ifEntry in
+mibII/interfaces.c). Notice that the pseudo-code fragment if valid expands
+in practise to
+
+ if ((exact && (result == 0)) ||
+ // GET request, and identical OIDs
+ (!exact && (result < 0)) )
+ // GETNEXT, and candidate OID is later
+ // than requested OID.
+
+This is a very common expression, that can be seen in most of the table
+implementations.
+
+Notice also that the interfaces table returns immediately the first valid
+entry is found, even for GETNEXT requests. This is because entries are
+returned in lexical order, so the first succeeding entry will be the one
+that's required.
+(As an aside, this also means that the underlying data can be saved
+implicitly within the 'next entry' routine - not very clean, but it saves
+some unnecessary copying).
+
+The more general case can be seen in the TCP and UDP tables (see mibII/tcp.c
+and mibII/udp.c). Here, the if valid fragment expands to:
+
+ if ( exact && (result == 0)) {
+ // save results
+ break;
+ }
+ else if (!exact && (result < 0)) {
+ if ( .... ) { // no saved OID, or this OID
+ // precedes the saved OID
+ // save this OID into 'lowest'
+ // save the results into Lowinpcb
+ // don't break, since we still need to look
+ // at the rest of the table
+ }
+ }
+
+The GET match handling is just as we've already seen - is this the requested
+OID or not. If so, save the results and move on to the switch statement.
+ The GETNEXT case is more complicated. As well as considering whether this
+is a possible match (using the same test we've already seen), we also have to
+check whether this is a better match than anything we've already seen. This
+is done by comparing the current candidate (newname) with the best match found
+so far (lowest).
+ Only if this extra comparison shows that the new OID is earlier than the
+saved one, do we need to save both the new OID, and any associated data
+(such as the inpcb block, and state flag). But having found one better
+match, we don't know that there isn't an even better one later on. So we
+can't break out of the enclosing loop - we need to keep going and examine
+all the remaining entries of the table.
+
+These two cases (the TCP and UDP tables) also show a more general style of
+indexing. Rather than simply appending a single index value to the OID
+prefix, these routines have to add the local four-octet IP address plus port
+(and the same for the remote end in the case of the TCP table). This is the
+purpose of the op and cp section of code that precedes the comparison.
+
+These two are probably among the most complex cases you are likely to
+encounter. If you can follow the code here, then you've probably cracked the
+problem of understanding how the agent works.
+
+Finally, the next part discusses how to implement a writable (or SETable)
+object in a MIB module.
+
+8. How to implement a SETable object
+====================================
+
+Finally, the only remaining area to cover is that of setting data - the
+handling of SNMPSET. Particular care should be taken here for two reasons.
+
+Firstly, any errors in the earlier sections can have limited effect. The
+worst that is likely to happen is that the agent will either return invalid
+information, or possibly crash. Either way, this is unlikely to affect the
+operation of the workstation as a whole. If there are problems in the
+writing routine, the results could be catastrophic (particularly if writing
+data directly into kernel memory).
+
+Secondly, this is the least well understood area of the agent, at least by
+the author. There are relatively few variables that are defined as READ-WRITE
+in the relevant MIBs, and even fewer that have actually been implemented as
+such. I'm therefore describing this from a combination of my understanding
+of how SETs ought to work, personal experience of very simple SET handling
+and what's actually been done by others (which do not necessarily coincide).
+
+There are also subtle differences between the setting of simple scalar
+variables (or individual entries within a table), and the creation of a new
+row within a table. This will therefore be considered separately.
+
+With these caveats, and a healthy dose of caution, let us proceed. Note that
+the UCD-SNMP development team can accept no responsibility for any damage or
+loss resulting from either following or ignoring the information presented
+here. You coded it - you fix it!
+
+Write routine
+-------------
+
+The heart of SET handling is the write_method parameter from the variable
+handling routine. This is a pointer to the relevant routine for setting the
+variable in question. Mib2c will generate one such routine for each setable
+variable. This routine should be declared using the template
+
+ int
+ write_variable(
+ int action,
+ u_char *var_val,
+ u_char var_val_type,
+ int var_val_len,
+ u_char *statP,
+ oid *name,
+ int name_len );
+
+Most of these parameters are fairly self explanatory:
+The last two hold the OID to be set, just as was passed to the main variable
+routine.
+
+The second, third and fourth parameters provide information about the new
+desired value, both the type, value and length. This is very similar to the
+way that results are returned from the main variable routine.
+
+The return value of the routine is simply an indication of whether the
+current stage of the SET was successful or not. We'll come back to this in a
+minute. Note that it is the responsibility of this routine to check that the
+OID and value provided are appropriate for the variable being implemented.
+This includes (but is not limited to) checking:
+
+ * the OID is recognised as one this routine can handle
+ (this should be true if the routine only handles the one variable, and
+ there are no errors in the main variable routine or driving code, but
+ it does no harm to check).
+ * the value requested is the correct type expected for this OID
+ * the value requested is appropriate for this OID
+ (within particular ranges, suitable length, etc, etc)
+
+There are two parameters remaining to be considered.
+
+The fifth parameter, statP, is the value that would be returned from a GET
+request on this particular variable. It could be used to check that the
+requested new value is consistent with the current state, but its main use
+is to denote that a new table row is being created.
+In most cases (particularly when dealing with scalar values or single elements
+of tables), you can normally simply ignore this parameter.
+
+Actions
+-------
+
+The final parameter to consider is the first one - action. To understand
+this, it's necessary to know a bit about how SETs are implemented.
+The design of SNMP calls for all variables in a SET request to be done "as
+if simultaneously" - i.e. they should all succeed or all fail. However, in
+practise, the variables are handled in succession. Thus, if one fails, it
+must be possible to "undo" any changes made to the other variables in the
+request.
+This is a well understood requirement in the database world, and is usually
+implemented using a "multi-stage commit". This is certainly the mechanism
+expected within the SNMP community (and has been made explicit in the work
+of the AgentX extensibility group). In other words, the routine to handle
+setting a variable will be called more than once, and the routine must be
+able to perform the appropriate actions depending on how far through the
+process we currently are. This is determined by the value of the action
+parameter.
+
+This is implemented using three basic phases:
+
+RESERVE is used to check the syntax of all the variables provided, that the
+values being set are sensible and consistent, and to allocate any resources
+required for performing the SET. After this stage, the expectation is that
+the set ought to succeed, though this is not guaranteed.
+(In fact, with the UCD agent, this is done in two passes - RESERVE1, and
+RESERVE2, to allow for dependancies between variables).
+
+If any of these calls fail (in either pass) the write routines are called
+again with the FREE action, to release any resources that have been
+allocated. The agent will then return a failure response to the requesting
+application.
+
+Assuming that the RESERVE phase was successful, the next stage is indicated
+by the action value ACTION. This is used to actually implement the set
+operation. However, this must either be done into temporary (persistent)
+storage, or the previous value stored similarly, in case any of the
+subsequent ACTION calls fail.
+ This can be seen in the example module, where both write routines have
+static 'old' variables, to hold the previous value of the relevant object.
+
+If the ACTION phase does fail (for example due to an apparently valid, but
+unacceptable value, or an unforeseen problem), then the list of write
+routines are called again, with the UNDO action. This requires the routine
+to reset the value that was changed to its previous value (assuming it was
+actually changed), and then to release any resources that had been
+allocated. As with the FREE phase, the agent will then return an indication
+of the error to the requesting application.
+
+Only once the ACTION phase has completed successfully, can the final COMMIT
+phase be run. This is used to complete any writes that were done into
+temporary storage, and then release any allocated resources. Note that all
+the code in this phase should be "safe" code that cannot possibly fail (cue
+hysterical laughter). The whole intent of the ACTION/COMMIT division is that
+all of the fallible code should be done in the ACTION phase, so that it can
+be backed out if necessary.
+
+Table row creation
+------------------
+
+What about creating new rows in a table, I hear you ask. Good Question.
+This case can often be detected by the fact that a GET request would have
+failed, and hence the fifth parameter, statP, will be null. This contrasts
+with changing the values of an element of an existing row, when the statP
+parameter would hold the previous value.
+
+The details of precisely how to create a new row will clearly depend on the
+underlying format of the table. However, one implementation strategy would
+be as follows:
+
+ * The first column object to be SET would return a null value from the
+ var_name routine. This null statP parameter would be the signal
+ to create a new temporary instance of the underlying data structure,
+ filled with dummy values.
+ * Subsequent column objects would return pointers to the appropriate
+ field of this new data structure from the var_name routine,
+ which would then be filled in by the write routine.
+ * Once all the necessary fields had been SET, the completed temporary
+ instance could be moved into the "standard" structure (or copied,
+ or otherwise used to set things up appropriately).
+
+However, this is purely a theoretical strategy, and has not been tried
+by the author. No guarantees are given as to whether this would actually
+work. There are also questions regarding how to handle incomplete
+or overlapping SET requests.
+Anyone who has experience of doing this, please get in touch!
+
+ ------------------------------------------------------------------------
+And that's it. Congratulations for getting this far. If you understand
+everything that's been said, then you now know as much as the rest of us
+about the inner workings of the UCD-SNMP agent. (Well, very nearly).
+All that remains is to try putting this into practise. Good luck!
+
+And if you've found this helpful, gifts of money, chocolate, alcohol, and
+above all feedback, would be most appreciated :-)
+
+ ------------------------------------------------------------------------
+Copyright 1999, 2000 - D.T.Shield.
+This file may be distributed as part of a source or binary packaging
+of the Net-SNMP software suite. It may not be distributed independently
+without the explicit permission of the author.
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-29 11:17:29 +0000