[Pkg-net-snmp-devel] Bug#609226: snmpd: wrong speed-values for network interfaces

Fri Jan 7 17:24:25 UTC 2011

On Fri, 07 Jan 2011 15:11:34 +0100
Moritz Duge <md at artfiles.de> wrote:

> Package: snmpd
> Version: 5.4.1
> 
> I experienced this bug on a Debian 5.0.6 x86_64 system, having at
> 
> For this I used the standard configuration of smnpd, except 2 things:
> First: In /etc/snmp/snmpd.conf change lines 60 to 63 to look like this:
>      #       sec.name  source          community
>      #com2sec paranoid  default         my_community
>      com2sec readonly  0.0.0.0/0       my_community
>      #com2sec readwrite default         my_community
> 
> Second: In /etc/default/snmpd replace 127.0.0.1 with the ip of the 
> public interface.
> 
> 
> Now start snmpd (e.g. "/etc/init.d/snmpd start") and run (from any host 
> having ip access to the machine):
> snmpwalk -c public -v1 HOSTNAME_OR_IP 1.3.6.1.2.1.2.2.1
> If you do this immediately (maybe 5 to 15 seconds) after starting or 
> restarting snmpd it will show you the correct speed for the gigabit 
> Ethernet interface (should be IF-MIB::ifSpeed.2 = Gauge32: 1000000000 
> which is 1000Mb/s).
> But about a short time later, the speed will show up as 10000000 which 
> is 10Mb/s.
> 
> I also looked up the speed using "ethtool eth0". It shows 1000Mb/s all 
> the time!
> 
> 
> An Debian 5.0.5 system in a Qemu version 0.12.3 showed the same 
> behaviour for an rtl8139 network card.
> 
> The snmpd version 5.4.2.1 package in Ubuntu 10.04.1 (x86) shows the same 
> behaviour, but I DIDN'T changed snmpd.conf from "default" to "0.0.0.0/0" 
> and /etc/default/snmpd from "127.0.0.1" to the public ip.
> 
> The net-snmp package (version 5.5-9.1) in openSUSE 11.3 (x86) doesn't 
> not show this behaviour.

This sounds familiar.

The problem is that snmpd on Debian is unable to do the ethtool ioctl's
because it runs as user snmp (not root). To solve this on Vyatta, I
changed the kernel to allow all ethtool query operations (ETHTOOL_GSET).
This patch is in 2.6.36 kernel as well.

commit 0fdc100bdc4b7ab61ed632962c76dfe539047296
Author: stephen hemminger <shemminger at vyatta.com>
Date:   Mon Aug 23 10:24:18 2010 +0000

    ethtool: allow non-netadmin to query settings
    
    The SNMP daemon uses ethtool to determine the speed of
    network interfaces. This fails on Debian (and probably elsewhere)
    because for security SNMP daemon runs as non-root user (snmp).
    
    Note: A similar patch was rejected previously because of a concern about
    the possibility that on some hardware querying the ethtool settings
    requires access to the PHY and could slow the machine down.  But the
    security risk of requiring SNMP daemon (and related services)
    to run as root far out weighs the risk of denial-of-service.
    
    Signed-off-by: Stephen Hemminger <shemminger at vyatta.com>
    Signed-off-by: David S. Miller <davem at davemloft.net>

diff --git a/net/core/ethtool.c b/net/core/ethtool.c
index d2c4da5..970eb98 100644
--- a/net/core/ethtool.c
+++ b/net/core/ethtool.c
@@ -1423,6 +1423,7 @@ int dev_ethtool(struct net *net, struct ifreq *ifr)
 
 	/* Allow some commands to be done by anyone */
 	switch (ethcmd) {
+	case ETHTOOL_GSET:
 	case ETHTOOL_GDRVINFO:
 	case ETHTOOL_GMSGLVL:
 	case ETHTOOL_GCOALESCE:






-- 



