changing UDP source-port during Walk #125
Description
Today I had to troubleshoot timeout issues with puresnmp and discovered two imho serious issues with the multiwalk Method an how it contructs SNMP Packets:
-
1.) within a single SNMP Walk, every GetNextRequest packet is sent from a different UDP source port instead of all being sent from the same one (like e.g net-snmp and other implementations)
- this may have significant impact if any stateful Firewall is in between Manager and Agent (to the Firewalls itself that might need to needless track thousands of "connections" and to the stability of the SNMP-Communication that might be blocked/dropped due to any limits)
- seems to originate from the fact that every
._sendcreates a newsocketObject instead of reusing one socket throughout the walk
-
2.) the request_id generated by
get_request_id()is generated from current time with 1 second precision and not incremented during the walk with every GetNextRequest- this basically causes the request_id to miss it's purpose if every request within a (1s long) walk contains the same request_id
- I assume this currently only works because of problem 1.) ... and would break if multiple requests are sent through the same src/dst port pair (socket)
- ideally the request_id would be pseudo-randomly generated for the first packet and then incremented for every further packet