Hi,
Please find the following RFC for discussion on improving the SNMP
extension:
https://wiki.php.net/rfc/snmp_improvements_2026
I have included 3 proposals in the RFC:
1. Increase the number of SNMPv3 security protocols supported
2. Allow the SNMP MIB to be reset
3. Implement more SNMP library controls for MIB parsing and output
formatting
I would like to see the above implements in the next stable release
after voting if accepted because all 3 items add new functionality.
Having said this the MIB reset function is waiting on an upstream
release of lib-snmp to fix a memory leak of about 5k per reset, so there
may need to be some discussion around automatic MIB resets between FPM
requests.
The first item is to allow PHP-SNMP to support AES192, AES192C, AES256,
and AES256C as security protocols if the underlying SNMP library has
been compiled with support. I think this should be straightforward
since it's just adding new options, and the extension already has
conditional support for DES encryption, so the list of supported
protocols is already variable depending on the compile time environment.
The second item is to add a new function to reset the SNMP MIB tree.
This is needed because some MIBs re-define the same OID number using
different names, and the in-memory MIB tree is global to each PHP
process, so once a MIB is loaded it is not currently possible to change
the definition of an OID from within the process.
I also found that there is currently no way to control the MIB directory
search from within PHP, so I have added the MIB directory search as an
optional parameter to the MIB reset function.
I also discovered that the because the MIB tree is global, it currently
survives across PHP-FPM requests, so I have included code to reset the
MIB tree as part of the request shutdown. This will create a memory
leak due to a bug in the net-snmp library until lib-snmp is updated with
a yet to be released patch (PR has been accepted into the development head).
The third item is to implement more MIB parsing and value output
controls. This has been done by creating new functions to set mib,
string output, and value output options, using enumerated values to
ensure only valid options are chosen. This matches the way that the oid
output format is currently controlled. It does make some functions like
snmp_set_quick_print() and snmp_set_enum_print() redundant, but the 2
methods can be used interchangeably. All of the newly supported output
options have also been added as read-write properties to the SNMP class,
while the MIB reading options can only be controlled by the functions
because they are global to the SNMP library.
I also discovered that the net-snmp library options are also global to
each process, and changes to these options survive across FPM requests
in the existing PHP codebase (e.g. calling snmp_set_enum_print(true) in
one requests will change the setting for all future requests in that FPM
process until a request explicitly runs snmp_set_enum_print(false)). I
have added code to save the state of the net-snmp library options at the
start of a request, and then restore them at the end. This save/restore
is needed because the net-snmp library initialisation reads in options
from config files, so the initial state can be altered system-wide or
per-user config files, and this is probably the best way to ensure that
anything that the net-snmp library is reverted back to the initial state
at the start of each request.
This is my first RFC so please let me know if I've missed anything,
otherwise I'm interested to hear feedback on the above proposals.
regards
Steve
