Bug#339315: snmpd: problem with large number of interfaces

Paul Slootman Tue, 15 Nov 2005 05:18:13 -0800

Package: snmpd
Version: 5.2.1.2
Severity: normal

On our firewall, with many VLAN interfaces, we started getting the
following messages:


Nov 15 12:52:05 tom modprobe: modprobe: Can't locate module  0    0    0   
Nov 15 12:52:05 tom modprobe: modprobe: Can't locate module 2968489 3539744
Nov 15 12:52:05 tom modprobe: modprobe: Can't locate module 0    0    0    
Nov 15 12:52:05 tom modprobe: modprobe: Can't locate module    0lan3055
Nov 15 12:52:05 tom last message repeated 2 times
Nov 15 12:52:05 tom net-snmp[27994]: /proc/net/dev data format error, line ==|  
     0|

Usually, after this, snmpd "went away" (without any further messages).
(Note that this particular firewall was still running an older
version... however I don't think the problem itself has been fixed in a
later version.)

The problem is that /proc/net/dev is read via stdio, and that uses a
buffer of 10k by default here. The contents of that file here is now
more than 10k (85 interfaces). On at least 2.4 kernels there's no
locking or such of the /proc files, so it's entirely possible that the
contents change between read(2) invocations... about 1.2TB of data
passes through this machine per 24 hours...

I've patched it so it uses a buffer size of 50k, which should be enough
for the time being :-)  It's running now, no error messages yet.
Please consider adding this patch.


Paul Slootman

diff -ru net-snmp-5.2.1.2/agent/mibgroup/mibII/ifTable.c 
net-snmp-5.2.1.2.fix/agent/mibgroup/mibII/ifTable.c
--- net-snmp-5.2.1.2/agent/mibgroup/mibII/ifTable.c     2004-07-07 
19:41:15.000000000 +0200
+++ net-snmp-5.2.1.2.fix/agent/mibgroup/mibII/ifTable.c 2005-11-15 
13:16:16.000000000 +0100
@@ -738,6 +738,7 @@
 ifTable_load(netsnmp_cache * cache, void *vmagic)
 {
     FILE           *devin;
+    char           proc_net_dev_buf[51200];
     char            line[256];
     const char     *scan_line_2_2 =
         "%llu %llu %llu %llu %*llu %*llu %*llu %*llu %llu %llu %llu %llu %*llu 
%llu";
@@ -768,6 +769,11 @@
         snmp_log(LOG_ERR, "snmpd: cannot open /proc/net/dev ...\n");
         return -1;
     }
+    /*
+     * default stdio buffer of 10k is not enough with > 85 interfaces,
+     * the contents change between reads and this causes data format errors.
+     */
+    setvbuf(devin, proc_net_dev_buf, _IOFBF, sizeof(proc_net_dev_buf));
 
     /*
      * Read the first two lines of the file, containing the header
@@ -821,7 +827,8 @@
         }
         if ((scan_line_to_use == scan_line_2_2) && ((stats - line) < 6)) {
             snmp_log(LOG_ERR,
-                     "/proc/net/dev data format error, line ==|%s|", line);
+                     "/proc/net/dev data format error; line ==|%s|", line);
+           continue;
         }
         *stats = 0;
         entry = ifTable_ifentry_get_by_name(cache, ifstart, 1);
diff -ru net-snmp-5.2.1.2/agent/mibgroup/mibII/interfaces.c 
net-snmp-5.2.1.2.fix/agent/mibgroup/mibII/interfaces.c
--- net-snmp-5.2.1.2/agent/mibgroup/mibII/interfaces.c  2005-01-03 
16:51:32.000000000 +0100
+++ net-snmp-5.2.1.2.fix/agent/mibgroup/mibII/interfaces.c      2005-11-15 
13:42:43.000000000 +0100
@@ -1383,6 +1383,7 @@
 Interface_Scan_Init(void)
 {
 #ifdef linux
+    char           proc_net_dev_buf[51200];
     char            line[256], ifname_buf[64], *ifname, *ptr;
     struct ifreq    ifrq;
     struct ifnet  **ifnetaddr_ptr;
@@ -1468,6 +1469,11 @@
         snmp_log(LOG_ERR, "cannot open /proc/net/dev - continuing...\n");
         return; /** exit (1); **/
     }
+    /*
+     * default stdio buffer of 10k is not enough with > 85 interfaces,
+     * the contents change between reads and this causes data format errors.
+     */
+    setvbuf(devin, proc_net_dev_buf, _IOFBF, sizeof(proc_net_dev_buf));
 
     i = 0;
 
@@ -1507,7 +1513,8 @@
         }
         if ((scan_line_to_use == scan_line_2_2) && ((stats - line) < 6)) {
             snmp_log(LOG_ERR,
-                     "/proc/net/dev data format error, line ==|%s|", line);
+                     "/proc/net/dev data format error; line ==|%s|", line);
+           continue;
         }
 
         *stats   = 0;
diff -ru net-snmp-5.2.1.2/debian/changelog net-snmp-5.2.1.2.fix/debian/changelog
--- net-snmp-5.2.1.2/debian/changelog   2005-11-15 13:40:41.000000000 +0100
+++ net-snmp-5.2.1.2.fix/debian/changelog       2005-11-15 13:17:43.000000000 
+0100
@@ -1,3 +1,11 @@
+net-snmp (5.2.1.2-4.fix) unstable; urgency=low
+
+  * use large buffer for /proc/net/dev, to prevent data format errors when the
+    data is more than 10k and changes between reads (>85 interfaces, 2.4
+    kernel)
+
+ -- Paul Slootman <[EMAIL PROTECTED]>  Tue, 15 Nov 2005 13:16:31 +0100
+
 net-snmp (5.2.1.2-4) unstable; urgency=low
 
   * Version builddep on libssl-dev and rebuild, for openssl transition


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#339315: snmpd: problem with large number of interfaces

Reply via email to