Understanding causes for snmpInASNParseErrs in confd snmp agent

mghosh · July 13, 2021, 9:34am

Hi,
While using SNMP with confd, I sometime see snmpv2 requests fail with following error log line

<ERR> 7-Jul-2021::11:33:32.345 CRAT-100 confd[996]: devel-snmpa packet discarded for reason: snmpInASNParseErrs

tcpdump can successfully decode the snmp request

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
11:33:21.840804 IP 192.168.135.41.39616 > 192.168.111.130.snmp:  GetRequest(81)  system.sysDescr.0 system.sysObjectID.0 system.sysContact.0 system.sysName.0 system.sysLocation.0
11:33:21.847441 IP 192.168.111.130.snmp > 192.168.135.41.39616:  GetResponse(228)  system.sysDescr.0="CRAT-100 CROS-1.8.20-s00 Build#2947 Tue Dec 22 23:41:56 IST 2020 (e3768f2-2e87c92-83fa65b-184be0b-aa8573d)" system.sysObjectID.0=E:5380.1.14.1.1.1 system.sysContact.0="Test" system.sysName.0="Test0_3" system.sysLocation.0="LadoSarai;DL_LADO"
11:33:21.849665 IP 192.168.135.41.39616 > 192.168.111.130.snmp:  GetNextRequest(56)  ip.ipAddrTable.ipAddrEntry.ipAdEntAddr ip.ipAddrTable.ipAddrEntry.ipAdEntIfIndex ip.ipAddrTable.ipAddrEntry.ipAdEntNetMask
11:33:22.175728 IP 192.168.111.130.snmp > 192.168.135.41.39616:  GetResponse(59)  ip.24.6.0=16 ip.24.6.0=16 ip.24.6.0=16
11:33:22.176654 IP 192.168.135.41.39616 > 192.168.111.130.snmp:  GetNextRequest(56)  ip.ipAddrTable.ipAddrEntry.ipAdEntAddr ip.ipAddrTable.ipAddrEntry.ipAdEntIfIndex ip.ipAddrTable.ipAddrEntry.ipAdEntNetMask
11:33:22.479570 IP 192.168.111.130.snmp > 192.168.135.41.39616:  GetResponse(59)  ip.24.6.0=16 ip.24.6.0=16 ip.24.6.0=16
11:33:22.480229 IP 192.168.135.41.39616 > 192.168.111.130.snmp:  GetNextRequest(56)  ip.ipAddrTable.ipAddrEntry.ipAdEntAddr ip.ipAddrTable.ipAddrEntry.ipAdEntIfIndex ip.ipAddrTable.ipAddrEntry.ipAdEntNetMask
11:33:22.774014 IP 192.168.111.130.snmp > 192.168.135.41.39616:  GetResponse(59)  ip.24.6.0=16 ip.24.6.0=16 ip.24.6.0=16
11:33:22.774609 IP 192.168.135.41.39616 > 192.168.111.130.snmp:  GetNextRequest(56)  ip.ipAddrTable.ipAddrEntry.ipAdEntAddr ip.ipAddrTable.ipAddrEntry.ipAdEntIfIndex ip.ipAddrTable.ipAddrEntry.ipAdEntNetMask
11:33:23.075427 IP 192.168.111.130.snmp > 192.168.135.41.39616:  GetResponse(59)  ip.24.6.0=16 ip.24.6.0=16 ip.24.6.0=16
11:33:23.082523 IP 192.168.135.41.39616 > 192.168.111.130.snmp:  GetRequest(25)  system.sysObjectID.0

The failure is intermittent and since tcpdump can decipher the packet, I am assuming the packet body is sane.

I would want to know what causes confd to discard the packet.

(Can it be related to confd’s internal user session management for snmp requests? Since ip, port tuples are fixed, may be confd is mapping these requests to a single user session and some stricter checks are activated due to this?)

Regards,

cohult · July 18, 2021, 11:49pm

Hi,
Does the developer or audit log contain any log entries on access issues?
Regards