如何給SNMP Trap通道加上同步機制
SNMP協議是在伺服器以及硬體管理中通常都會用到的管理協議,其好處在於使用起來簡單,然後又是標準化的,幾乎所有的硬體裝置都支援此協議。不過近期網路安全問題大家都比較關注,SNMP也飽受爭議。
今天我們要討論是是如何使用SNMP Trap傳送同步訊息。
SNMP TRAP是SNMP協議裡面通常使用的通道(其他還有GET,SET),TRAP通常是使用UDP,且協議層沒有訊息確認機制的,所以如果你使用SNMP TRAP給伺服器上報訊息,那麼你是不知道訊息是否傳送成功以否的。
最簡答的SNMP例子可以參考《http://www.iteye.com/topic/308836》,這個是使用Java語言基於SNMP4J的例子。
你執行這個例子之後,你會發現,下面這個if,總是為false,也就是返回的respond總是null。
// 向Agent傳送PDU,並接收Response
ResponseEvent respEvnt = snmp.send(pdu, target);
// 解析Response
if (respEvnt != null && respEvnt.getResponse() != null) {
這個就是剛才說到的SNMP TRAP的特性:無確認機制。
那麼對於一些重要的資訊,希望得到這些訊息是否傳送成功了,該怎麼辦?
我的建議是,如果是新開發的,那麼建議這種場景不要使用SNMP,如果對端協議已經是SNMP了,那麼建議將SNMP TRAP改為SNMP INFORM,這個改動是很小的。
只需要在行面的例子中,在TRAP接受端,增加如下程式碼即可:(不過INFORM的特性,需要SNMP協議的 V2 以及之後的版本才支援,SNMP V1是不支援的)。
//send respond only if the pdu type is INFORM
PDU src_pdu = respEvnt.getPDU();
if (src_pdu.getType() == PDU.INFORM
PDU responsePDU = new PDU(src_pdu);
responsePDU.setErrorIndex(0);
responsePDU.setErrorStatus(0);
responsePDU.setType(PDU.RESPONSE);
StatusInformation statusInfo = new StatusInformation();
StateReference stateRef = respEvnt.getStateReference();
try {
respEvnt.getMessageDispatcher().returnResponsePdu(
respEvnt.getMessageProcessingModel(),
respEvnt.getSecurityModel(),
respEvnt.getSecurityName(),
respEvnt.getSecurityLevel(),
responsePDU,
respEvnt.getMaxSizeResponsePDU(),
stateRef,
statusInfo);
} catch (MessageException msgEx) {
msgEx.printStackTrace();
}
}
你更改了協議之後,還會遇到向前相容的問題,假設傳送端為S,接收端為R,那麼S使用TRAP傳送,不論R是否傳送respond,S端都收不到respond;如果S使用INFORM傳送,那麼如果R傳送respond,S能夠收到,如果R不傳送respond,那麼S收不到。
完整的程式碼如下:
MultiThreadedTrapReceiver
import java.io.IOException;
import java.net.UnknownHostException;
import java.util.Vector;
import org.snmp4j.CommandResponder;
import org.snmp4j.CommandResponderEvent;
import org.snmp4j.MessageDispatcherImpl;
import org.snmp4j.MessageException;
import org.snmp4j.PDU;
import org.snmp4j.Snmp;
import org.snmp4j.TransportMapping;
import org.snmp4j.mp.MPv1;
import org.snmp4j.mp.MPv2c;
import org.snmp4j.mp.MPv3;
import org.snmp4j.mp.StateReference;
import org.snmp4j.mp.StatusInformation;
import org.snmp4j.security.SecurityModels;
import org.snmp4j.security.SecurityProtocols;
import org.snmp4j.security.USM;
import org.snmp4j.smi.Address;
import org.snmp4j.smi.GenericAddress;
import org.snmp4j.smi.OctetString;
import org.snmp4j.smi.TcpAddress;
import org.snmp4j.smi.UdpAddress;
import org.snmp4j.smi.VariableBinding;
import org.snmp4j.transport.DefaultTcpTransportMapping;
import org.snmp4j.transport.DefaultUdpTransportMapping;
import org.snmp4j.util.MultiThreadedMessageDispatcher;
import org.snmp4j.util.ThreadPool;
/**
* 本類用於監聽代理程序的Trap資訊
*
* @author zhanjia
*
*/
public class MultiThreadedTrapReceiver implements CommandResponder {
private MultiThreadedMessageDispatcher dispatcher;
private Snmp snmp = null;
private Address listenAddress;
private ThreadPool threadPool;
public MultiThreadedTrapReceiver() {
// BasicConfigurator.configure();
}
private void init() throws UnknownHostException, IOException {
threadPool = ThreadPool.create(“Trap”, 2);
dispatcher = new MultiThreadedMessageDispatcher(threadPool,
new MessageDispatcherImpl());
listenAddress = GenericAddress.parse(System.getProperty(
“snmp4j.listenAddress”, “udp:127.0.0.1/9999”)); // 本地IP與監聽埠
TransportMapping transport;
// 對TCP與UDP協議進行處理
if (listenAddress instanceof UdpAddress) {
transport = new DefaultUdpTransportMapping(
(UdpAddress) listenAddress);
} else {
transport = new DefaultTcpTransportMapping(
(TcpAddress) listenAddress);
}
snmp = new Snmp(dispatcher, transport);
snmp.getMessageDispatcher().addMessageProcessingModel(new MPv1());
snmp.getMessageDispatcher().addMessageProcessingModel(new MPv2c());
snmp.getMessageDispatcher().addMessageProcessingModel(new MPv3());
USM usm = new USM(SecurityProtocols.getInstance(), new OctetString(MPv3
.createLocalEngineID()), 0);
SecurityModels.getInstance().addSecurityModel(usm);
snmp.listen();
}
public void run() {
try {
init();
snmp.addCommandResponder(this);
System.out.println(“開始監聽Trap資訊!”);
} catch (Exception ex) {
ex.printStackTrace();
}
}
/**
* 實現CommandResponder的processPdu方法, 用於處理傳入的請求、PDU等資訊
* 當接收到trap時,會自動進入這個方法
*
* @param respEvnt
*/
public void processPdu(CommandResponderEvent respEvnt) {
//send respond pdu
if (respEvnt != null && respEvnt.getPDU() != null) {
//send respond only if the pdu type is INFORM
PDU src_pdu = respEvnt.getPDU();
if (src_pdu.getType() == PDU.INFORM){
PDU responsePDU = new PDU(src_pdu);
responsePDU.setErrorIndex(0);
responsePDU.setErrorStatus(0);
responsePDU.setType(PDU.RESPONSE);
StatusInformation statusInfo = new StatusInformation();
StateReference stateRef = respEvnt.getStateReference();
try {
respEvnt.getMessageDispatcher().returnResponsePdu(
respEvnt.getMessageProcessingModel(),
respEvnt.getSecurityModel(),
respEvnt.getSecurityName(),
respEvnt.getSecurityLevel(),
responsePDU,
respEvnt.getMaxSizeResponsePDU(),
stateRef,
statusInfo);
} catch (MessageException msgEx) {
msgEx.printStackTrace();
}
}
//retrive the pdu
Vector<VariableBinding> recVBs = respEvnt.getPDU().getVariableBindings();
for (int i = 0; i < recVBs.size(); i++) {
VariableBinding recVB = recVBs.elementAt(i);
System.out.println(recVB.getOid() + ” : “ + recVB.getVariable());
}
}
}
public static void main(String[] args) {
MultiThreadedTrapReceiver multithreadedtrapreceiver = new MultiThreadedTrapReceiver();
multithreadedtrapreceiver.run();
}
}
SnmpUtilSendTrap
import java.io.IOException;
import java.util.Vector;
import org.snmp4j.CommunityTarget;
import org.snmp4j.PDU;
import org.snmp4j.Snmp;
import org.snmp4j.TransportMapping;
import org.snmp4j.event.ResponseEvent;
import org.snmp4j.mp.SnmpConstants;
import org.snmp4j.smi.Address;
import org.snmp4j.smi.GenericAddress;
import org.snmp4j.smi.OID;
import org.snmp4j.smi.OctetString;
import org.snmp4j.smi.VariableBinding;
import org.snmp4j.transport.DefaultUdpTransportMapping;
/**
* 本類用於向管理程序傳送Trap資訊
*
* @author zhanjia
*
*/
public class SnmpUtilSendTrap {
private Snmp snmp = null;
private Address targetAddress = null;
public void initComm() throws IOException {
// 設定管理程序的IP和埠
targetAddress = GenericAddress.parse(“udp:127.0.0.1/9999”);
TransportMapping transport = new DefaultUdpTransportMapping();
snmp = new Snmp(transport);
transport.listen();
}
/**
* 向管理程序傳送Trap報文
*
* @throws IOException
*/
public void sendPDU() throws IOException {
// 設定 target
CommunityTarget target = new CommunityTarget();
target.setAddress(targetAddress);
// 通訊不成功時的重試次數
target.setRetries(2);
// 超時時間
target.setTimeout(1500);
// snmp版本
target.setVersion(SnmpConstants.version2c);
// 建立 PDU
PDU pdu = new PDU();
pdu.add(new VariableBinding(new OID(“.1.3.6.1.2.3377.10.1.1.1.1”),
new OctetString(“SnmpTrap”)));
pdu.add(new VariableBinding(new OID(“.1.3.6.1.2.3377.10.1.1.1.2”),
new OctetString(“JavaEE”)));
pdu.setType(PDU.INFORM);
// 向Agent傳送PDU,並接收Response
ResponseEvent respEvnt = snmp.send(pdu, target);
// 解析Response
if (respEvnt != null && respEvnt.getResponse() != null) {
Vector<VariableBinding> recVBs = respEvnt.getResponse()
.getVariableBindings();
for (int i = 0; i < recVBs.size(); i++) {
VariableBinding recVB = recVBs.elementAt(i);
System.out.println(“received respond pdu from server. “ + recVB.getOid() + ” : “ + recVB.getVariable());
}
}
}
public static void main(String[] args) {
try {
SnmpUtilSendTrap util = new SnmpUtilSendTrap();
util.initComm();
util.sendPDU();
} catch (IOException e) {
e.printStackTrace();
}
}
}