SNMP Trap Handler

Posted on
Sun May 22, 2016 11:41 am
anyone offline
Posts: 30
Joined: Apr 03, 2011
Location: Norfolk, VA

SNMP Trap Handler

Does anyone have a suggestion on how I would implement an SNMP Trap Handler using port 162 within an Indigo Plugin?

The below code uses the PYSNMP module and works when using port 1062 with IP 127.0.0.1. The only way I can get that same code to work outside of Indigo using port 162 with IP 0.0.0.0 (to catch all traffic) is by calling it as a privilege user (aka using the sudo command).

When not executed as a privileged user or within Indigo with port 162 and IP 0.0.0.0, I receive the following error; "bind() for ('0.0.0.0', 162) failed: [Errno 13] Permission denied".

I do understand that this error, is telling me that I can not bind to port numbers lower than 1024 as a unprivileged user.

What I'm looking for is a work around which would allow me to use this code within Indigo. Or even, how to get Indigo to call it as a privilege user.

The workaround I used in my plugin APCPDU was to call the 'smptrapd' using sudo. That really seems hack-ish, so I'm trying to implement the Trap Handler in the Indigo Plugin.

One thing I have tried is using pfctl Port Forwarding, forwarding all port 162 traffic to port 1062. Upon testing that solution I had some reliability problems, not to mention that you ultimately have to set that up as a privileged user.

Are there any thoughts on a solution?

Code: Select all
def runConcurrentThread(self):
        try:
            # Create SNMP engine with autogenernated engineID and pre-bound
            # to socket transport dispatcher
            snmpEngine = engine.SnmpEngine()
           
            # Transport setup
           
            # UDP over IPv4, first listening interface/port
            config.addTransport(
                snmpEngine,
                udp.domainName + (1,),
                udp.UdpTransport().openServerMode(('0.0.0.0', 162))
            )
           
            # SNMPv1/2c setup
           
            # SecurityName <-> CommunityName mapping
            config.addV1System(snmpEngine, 'my-area', 'public')
           
            # Callback function for receiving notifications
            # noinspection PyUnusedLocal,PyUnusedLocal,PyUnusedLocal
            def cbFun(snmpEngine, stateReference, contextEngineId, contextName,
                      varBinds, cbCtx):
                         
                for name, val in varBinds:
                    indigo.server.log('%s = %s' % (name, val))
                   
            # Register SNMP Application at the SNMP engine
            ntfrcv.NotificationReceiver(snmpEngine, cbFun)

            snmpEngine.transportDispatcher.jobStarted(1)  # this job would never finish
           
            snmpEngine.transportDispatcher.runDispatcher()
           
                           
        except self.StopThread:
            #pass    # Optionally catch the StopThread exception and do any needed cleanup.
            snmpEngine.transportDispatcher.closeDispatcher()

Posted on
Mon May 23, 2016 11:08 am
jay (support) offline
Site Admin
User avatar
Posts: 15519
Joined: Mar 19, 2008
Location: Austin, Texas

Re: SNMP Trap Handler

Unfortunately, that's a "security feature" of Mac OS X.

Jay (Indigo Support)
Twitter | Facebook | LinkedIn

Posted on
Tue Jul 09, 2019 1:09 am
berkinet offline
User avatar
Posts: 3290
Joined: Nov 18, 2008
Location: Berkeley, CA, USA & Mougins, France

Re: SNMP Trap Handler

anyone wrote:
Does anyone have a suggestion on how I would implement an SNMP Trap Handler using port 162 within an Indigo Plugin?...

I know, this is an old post. However, I am working with a piece of network gear (a Denkovi 5 relay network switch) and needed to use snmp traps to maintain a virtual device's state in Indigo. What I have found is that if you cannot change the trap receiver port on your network device and must, therefore run on the default, privileged port of 162 - the problem @anyone reported - there is a good work-around.

The solution is snmptrapd which is included in MacOS. snmptrapd has two features that can resolve the privileged port issue:
  1. The forward directive: forward OID|default DESTINATION
    This allows you to forward any received traps to another receiver - which could be an Indigo plugin running on a non-privilidged port
  2. The traphandle directive: traphandle OID|default PROGRAM [ARGS ...]
    This allows you to forward received traps to an arbitrary program. The program could then use the Indigo RESTful API, or other means to interact with Indigo.
Both of these directives can be set in the snmptrapd.conf file (/etc/snmp/snmptradp.conf).

If you decide to use snmptrapd you would have to set it up in launchd. But, after that, everything would work as requested in the first post in this thread. I can provide more detail if there is interest.

Page 1 of 1

Who is online

Users browsing this forum: No registered users and 1 guest