Snmp Agent V3 throws an exception on a wrong security name

Hallo Frank,

in my company we are using Snmp4J(-Agent) 2.6.3 for our integration tests. Everything is working fine with a Snmp V2 agent, but we have a particular case in V3 we would like to test and where getting something unexpected. In short after a while we change on the fly the access credentials to a Snmp V3 agent to test the behavior of our manager. In this case we are expecting to receive a PDU response type with an SNMP authentication error, but the agent throws an exception instead:

1164 [main] DEBUG org.snmp4j.security.USM - USM.getUser - User 'snmptest_SHA_AES256' unknown org.snmp4j.MessageException: Message processing model 3 returned error: Unknown security name 1164 [main] DEBUG org.snmp4j.security.USM - Security name not found for engineID=70:75:62:6c:69:63, securityName=73:6e:6d:70:74:65:73:74:5f:53:48:41:5f:41:45:53:32:35:36
The trick to change the credentials consists in 4 steps: unregister all the managed objects, close the server, register the managed objects again and restart:
With Snmp V2 this works fine, but Snmp V3 has this problem.
What should I check?
Thanks for your great product!
Alessandro

Hi Allessandro,

Unregistering and registering managed objects is not necessary nor helpful when changing authentication.

Independent from that, I guess the error is changing the engine ID too. That is why the engine ID and security name pair cannot be found. Otherwise, there is some other error in the code changing the credentials.

I can assure, that changing the keys of a SNMPv3 user works without problems at runtime.

Best regards,
Frank

Thanks Frank, but now I suspect that the problem is unrelated to the agent restart because I’ve meanwhile implemented an unit test in which the exception is thrown when the manager uses a wrong security name
755 [DefaultUDPTransportMapping_0.0.0.0/54443] DEBUG org.snmp4j.transport.DefaultUdpTransportMapping - UDP receive buffer size for socket 0.0.0.0/54443 is set to: 65536
768 [main] DEBUG org.snmp4j.security.UsmUserTable - Adding user xxx = UsmUser[secName=xxx,authProtocol=1.3.6.1.6.3.10.1.1.3,authPassphrase=12345678,privProtocol=1.3.6.1.4.1.4976.2.2.1.1.2,privPassphrase=12345678,localizationEngineID=null]
768 [DefaultUDPTransportMapping_0.0.0.0/0] DEBUG org.snmp4j.transport.DefaultUdpTransportMapping - UDP receive buffer size for socket 0.0.0.0/0 is set to: 65536
781 [main] DEBUG org.snmp4j.security.USM - Security name not found for engineID=, securityName=73:6e:6d:70:74:65:73:74:5f:53:48:41:5f:41:45:53:32:35:36
org.snmp4j.MessageException: Message processing model 3 returned error: Unknown security name
at org.snmp4j.MessageDispatcherImpl.sendPdu(MessageDispatcherImpl.java:524)
at org.snmp4j.Snmp.sendMessage(Snmp.java:1087)
at org.snmp4j.Snmp.send(Snmp.java:981)
at org.snmp4j.Snmp.send(Snmp.java:961)
at org.snmp4j.Snmp.send(Snmp.java:926)

What exactly is the problem with the fact that the agent returns an error when the security name is unknown?

BTW, I suspect that the stack trace is not a command responder (agent) stack trace. That would look different. Could it be the case, that you are trying to send a RESPONSE PDU without using the required MPv3.prepareResponseMessage?