g2k22 Hackathon Report: Martijn van Duren on snmpd(8) improvements
We are delighted to have received a report onthe recently-concludedg2k22 hackathon.Martijn van Duren (martijn@) writes:
Coming toBad Liebenzellfor the 3rd year in a row I knew what toexpect, but the scenery still continues to amaze me. Driving through theblack forest was a nice little escape before plunging back into the SNMPworld.
One of the biggest misconceptions I've seen floating around and one ofmy biggest irks with snmpd(8) was its privilege separation situation.While true that snmpd(8) always had multiple processes it was never usedto any meaningful degree. The engine process (snmpe) handled everythingsnmp related: Handling packets/connections, de-/encoding the BER,handling authentication, finding the correct object and retrieving thedata from the proper source (usually the kernel). Because some metricsfell outside the scope ofpledgeit also ran without the pledgeseat belt. The engine however does run inside a /var/empty chroot, thisis where the other (parent) process comes into play. When a trap(notification) is received and covered by "trap handle" it's forwardedto the parent process, which then executes the "command".