Author:
Source
We are delighted to have received a report on
the recently-concluded
g2k22 hackathon.
Martijn van Duren (martijn@
) writes:
Coming to
Bad Liebenzell
for the 3rd year in a row I knew what to
expect, but the scenery still continues to amaze me. Driving through the
black forest was a nice little escape before plunging back into the SNMP
world.One of the biggest misconceptions I’ve seen floating around and one of
my biggest irks withsnmpd(8)
was its privilege separation situation.
While true thatsnmpd(8)
always had multiple processes it was never used
to any meaningful degree. The engine process (snmpe
) handled everything
snmp related: Handling packets/connections, de-/encoding the BER,
handling authentication, finding the correct object and retrieving the
data from the proper source (usually the kernel). Because some metrics
fell outside the scope of
pledge
it also ran without thepledge
seat belt. The engine however does run inside a/var/empty
chroot
, this
is where the other (parent) process comes into play. When a trap
(notification) is received and covered by “trap handle” it’s forwarded
to the parent process, which then executes the “command”.