Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Attempted "__hash__" operation on ASN.1 schema object #444

Open
madhudn24 opened this issue Jun 1, 2023 · 13 comments
Open

Attempted "__hash__" operation on ASN.1 schema object #444

madhudn24 opened this issue Jun 1, 2023 · 13 comments

Comments

@madhudn24
Copy link

I'm getting the following error when running the below mentioned code snippet. Can you suggest what could be wrong ?

2023-06-01 13:42:14,941 pysnmp: resolved ('1.3.6.1.2.1.2.2.1.2',) into prefix <ObjectName value object, tagSet <TagSet object, tags 0:0:6>, payload [1.3.6.1.2.1]> and suffix <ObjectName value object, tagSet <TagSet object, tags 0:0:6>, payload [2.2.1.2]>
2023-06-01 13:42:14,941 pysnmp: getNodeNameByOid: resolved :1.3.6.1.2.1 -> ('iso', 'org', 'dod', 'internet', 'mgmt', 'mib-2').()
2023-06-01 13:42:14,941 pysnmp: resolved prefix <ObjectName value object, tagSet <TagSet object, tags 0:0:6>, payload [1.3.6.1.2.1]> into MIB node MibIdentifier((1, 3, 6, 1, 2, 1))
2023-06-01 13:42:14,941 pysnmp: resolved indices are (<ObjectName value object, tagSet <TagSet object, tags 0:0:6>, payload [2.2.1.2]>,)
Attempted "__hash__" operation on ASN.1 schema object
import pysnmp
from pysnmp.hlapi import *
from pysnmp.carrier.asyncore.dgram import udp
from pysnmp import debug

OID = '1.3.6.1.2.1.2.2.1.2'
host = '192.170.1.2'

data = UsmUserData(userName='vyos',
                   authKey='authkey1', privKey='privkey1',
                   authProtocol=usmHMACSHAAuthProtocol,
                   privProtocol=usmAesCfb128Protocol,
                   securityEngineId=OctetString(strValue='ff42'))

result = {}
transportAddress = udp.UdpTransportAddress((host, 161))
transportTarget = UdpTransportTarget(transportAddress, timeout=2.0)

try:
    for (errorIndication, errorStatus, errorIndex, varBinds) in nextCmd(SnmpEngine(),
                                                                          data,
                                                                          transportTarget,
                                                                          ContextData(),
                                                                          ObjectType(ObjectIdentity(OID)),
                                                                          lexicographicMode=False, lookupMib=False):
        if errorIndication:
            print (errorIndication)
        elif errorStatus:
           print (errorStatus.prettyPrint())
        else:
            for varBind in varBinds:
                result[varBind[0].prettyPrint()] = str(varBind[1].prettyPrint())
            print (result)
except Exception as e:
    print(e)
@lextm
Copy link

lextm commented Jun 1, 2023

You will need to use pip list to print out the PySNMP packages (pysnmp, pyasn1, and many other related) you are using.

@madhudn24
Copy link
Author

Below is the output of the same.

ubuntu@ubuntu-1:~$ pip3 list
asn1crypto (0.24.0)
attrs (17.4.0)
Automat (0.6.0)
blinker (1.4)
certifi (2018.1.18)
chardet (3.0.4)
click (6.7)
cloud-init (23.1.2)
colorama (0.3.7)
command-not-found (0.3)
configobj (5.0.6)
constantly (15.1.0)
cryptography (2.1.4)
distro-info (0.18ubuntu0.18.04.1)
httplib2 (0.9.2)
hyperlink (17.3.1)
idna (2.6)
incremental (16.10.1)
Jinja2 (2.10)
jsonpatch (1.16)
jsonpointer (1.10)
jsonschema (2.6.0)
keyring (10.6.0)
keyrings.alt (3.0)
language-selector (0.1)
MarkupSafe (1.0)
netifaces (0.10.4)
oauthlib (2.0.6)
PAM (0.4.2)
pexpect (4.2.1)
pip (9.0.1)
ply (3.11)
pyasn1 (0.4.8)
pyasn1-modules (0.2.1)
pycrypto (2.6.1)
pycryptodomex (3.18.0)
pygobject (3.26.1)
PyJWT (1.5.3)
pyOpenSSL (17.5.0)
pyserial (3.4)
pysmi (0.3.4)
pysnmp (4.4.12)
python-apt (1.6.5+ubuntu0.7)
python-debian (0.1.32)
pyxdg (0.25)
PyYAML (3.12)
requests (2.18.4)
requests-unixsocket (0.1.5)
SecretStorage (2.3.1)
service-identity (16.0.0)
setuptools (39.0.1)
six (1.11.0)
sos (4.3)
ssh-import-id (5.7)
systemd-python (234)
Twisted (17.9.0)
ubuntu-advantage-tools (27.2)
ufw (0.36)
unattended-upgrades (0.1)
urllib3 (1.22)
wheel (0.30.0)
zope.interface (4.3.2)

@madhudn24
Copy link
Author

madhudn24 commented Jun 2, 2023

I removed securityEngineId parameter in the usmUserData and this error goes away , however the server seems to report an error saying UnknownEngine ID and this may be because the Username field is empty as per the tcpdump output below.

06:46:06.849054 IP 10.64.3.176.50914 > 192.170.1.2.snmp:  F=r U="" E= C="" GetNextRequest(13)
06:46:06.849177 IP 10.64.3.176.50914 > 192.170.1.2.snmp:  F=r U="" E= C="" GetNextRequest(13)
06:46:06.849931 IP 192.170.1.2.snmp > 10.64.3.176.50914:  F= U="" E=_ff_42 C="" Report(31)  S:snmpUsmMIB.usmMIBObjects.usmStats.usmStatsUnknownEngineIDs.0=172
06:46:06.849934 IP 192.170.1.2.snmp > 10.64.3.176.50914:  F= U="" E=_ff_42 C="" Report(31)  S:snmpUsmMIB.usmMIBObjects.usmStats.usmStatsUnknownEngineIDs.0=172

The SNMP server configuration seems to be fine because the snmpwalk to the same works fine
snmpwalk -v 3 -u vyos -a SHA -A authkey1 -x AES -X privkey1 -l authPriv 192.170.1.2 1.3.6.1.2.1.2.2.1.2

iso.3.6.1.2.1.2.2.1.2.1 = STRING: "lo"
iso.3.6.1.2.1.2.2.1.2.2 = STRING: "Advanced Micro Devices, Inc. [AMD] 79c970 [PCnet32 LANCE]"
iso.3.6.1.2.1.2.2.1.2.3 = STRING: "Advanced Micro Devices, Inc. [AMD] 79c970 [PCnet32 LANCE]"
iso.3.6.1.2.1.2.2.1.2.4 = STRING: "Advanced Micro Devices, Inc. [AMD] 79c970 [PCnet32 LANCE]"
iso.3.6.1.2.1.2.2.1.2.5 = STRING: "Advanced Micro Devices, Inc. [AMD] 79c970 [PCnet32 LANCE]"
iso.3.6.1.2.1.2.2.1.2.6 = STRING: "Advanced Micro Devices, Inc. [AMD] 79c970 [PCnet32 LANCE]"
iso.3.6.1.2.1.2.2.1.2.7 = STRING: "pimreg"

Am i missing anything here ?

@madhudn24
Copy link
Author

@lextm any inputs on this ?

@madhudn24
Copy link
Author

Ok i figured its trying to do a snmpEngineID discovery but after getting the engineID in the Report message it isn't re-sending the request with the EngineID and the username, is this a bug ?

@lextm
Copy link

lextm commented Jun 7, 2023

A few SNMP v3 bugs were only fixed in pysnmp-lextudio.

Read #429 to learn more.

@madhudn24
Copy link
Author

Let me try it out and see.

@madhudn24
Copy link
Author

madhudn24 commented Jun 9, 2023

I upgraded to pysnmp-lextudio but still the same problem with that too

Package            Version
------------------ --------
asn1crypto         0.24.0
certifi            2023.5.7
charset-normalizer 3.1.0
cryptography       2.1.4
idna               2.6
keyring            10.6.0
keyrings.alt       3.0
pip                23.1.2
ply                3.11
pyasn1             0.4.8
pycrypto           2.6.1
PyGObject          3.26.1
pysmi-lextudio     1.1.13
pysnmp-lextudio    5.0.28
pysnmpcrypto       0.0.4
pyxdg              0.25
requests           2.31.0
SecretStorage      2.3.1
setuptools         39.0.1
six                1.11.0
urllib3            2.0.3
wheel              0.30.0

The issue i'm seeing closely resembles to what was fixed in below commit. However the version i am using both pysnmp and pysnmp-lextudio has this fix but still i see the issue

c5cefab

@lextm
Copy link

lextm commented Jun 10, 2023

The commit you referred to is irrelevant here. There are far too many SNMP v3 agent implementations out there, so PySNMP at this moment is only known to be compatible to a few of them.

What exactly is the device you are trying to manage (at IP 192.170.1.2)?

@madhudn24
Copy link
Author

madhudn24 commented Jun 12, 2023

Its a Vyos router

vyos@vyos:~$ show version

Version:          VyOS 1.4-rolling-202104241757
Release Train:    sagitta

Built by:         [email protected]
Built on:         Sun 25 Apr 2021 01:17 UTC
Build UUID:       70d2ebdf-fcee-4933-a6ec-96f6bbb3bdc6
Build Commit ID:  5fb7304cfba259

Architecture:     x86_64
Boot via:         installed image
System type:      VMware guest

Hardware vendor:  VMware, Inc.
Hardware model:   VMware Virtual Platform
Hardware S/N:     VMware-42 3e d2 67 63 6c 91 43-a5 67 bf e3 8e 50 8b e8
Hardware UUID:    67d23e42-6c63-4391-a567-bfe38e508be8

Copyright:        VyOS maintainers and contributors

@madhudn24
Copy link
Author

I tried with a Cisco router with which i'm getting the message Ciphering services not available
I verified with both pycrypto as well as pycrpyptodome packages see the same result.

@madhudn24
Copy link
Author

madhudn24 commented Jun 12, 2023

I enabled logging and checked the usmUserPrivProtocol "1.3.6.1.6.3.10.1.2.4 is valid only still not sure why its throwing this exception here.

2023-06-12 07:07:30,525 pysnmp: __generateRequestOrResponseMsg: cloned USM user entry usmUserName "RO_USER" usmUserSecurityName "RO_USER" usmUserAuthProtocol "1.3.6.1.6.3.10.1.1.3" usmUserAuthKeyLocalized "0x35412b0ea25d2475cb77e1ffd1097b01d4531177" usmUserPrivProtocol "1.3.6.1.6.3.10.1.2.4" usmUserPrivKeyLocalized "0x35412b0ea25d2475cb77e1ffd1097b01" for securityEngineID "0x800000090300c014fe91d7b0" and  securityName "RO_USER"
2023-06-12 07:07:30,525 pysnmp: __generateRequestOrResponseMsg: no timeline for securityEngineID <OctetString value object, tagSet <TagSet object, tags 0:0:4>, encoding iso-8859-1, payload [0x800000090300c014fe91d7b0]>
2023-06-12 07:07:30,525 pysnmp: __generateRequestOrResponseMsg: use snmpEngineBoots 0 snmpEngineTime 0 for securityEngineID <OctetString value object, tagSet <TagSet object, tags 0:0:4>, encoding iso-8859-1, payload [0x800000090300c014fe91d7b0]>
2023-06-12 07:07:30,525 pysnmp: __generateRequestOrResponseMsg: scopedPDU ScopedPDU:
 contextEngineId=0x800000090300c014fe91d7b0
 contextName=
 data=PDUs:
  get-next-request=GetNextRequestPDU:
   request-id=3451467
   error-status=noError
   error-index=0
   variable-bindings=VarBindList:
    VarBind:
     name=1.3.6.1.2.1.2.2.1.2
     =_BindValue:
      unSpecified=





2023-06-12 07:07:30,526 pysnmp: __generateRequestOrResponseMsg: scopedPDU encoded into
00000: 30 2E 04 0C 80 00 00 09 03 00 C0 14 FE 91 D7 B0
00016: 04 00 A1 1C 02 03 34 AA 4B 02 01 00 02 01 00 30
00032: 0F 30 0D 06 09 2B 06 01 02 01 02 02 01 02 05 00
2023-06-12 07:07:30,526 pysnmp: StatusInformation: {'errorIndication': EncryptionError('Ciphering services not available')}
2023-06-12 07:07:30,526 pysnmp: processResponsePdu: origSendRequestHandle 2623644, _sendPdu() failed with StatusInformation("caused by <class 'pysnmp.proto.error.StatusInformation'>: {'errorIndication': UnknownEngineID('Unknown SNMP engine ID encountered'), 'oid': <ObjectName value object, tagSet <TagSet object, tags 0:0:6>, payload [1.3.6.1.6.3.15.1.1.4.0]>, 'val': <Counter32 value object, tagSet <TagSet object, tags 64:0:1>, subtypeSpec <ConstraintsIntersection object, consts <ValueRangeConstraint object, consts 0, 4294967295>>, payload [24]>, 'sendPduHandle': 2623644}")
Ciphering services not available

@madhudn24
Copy link
Author

ok the issue with cisco router is resolved after including pycrytodomex instead of pycryptodome package

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants