From 810eced7ec99966a9517c90a44fa5f4b11fa23ce Mon Sep 17 00:00:00 2001
From: Christian Korber <ckorber@tdt.de>
Date: Tue, 5 Nov 2024 14:42:33 +0100
Subject: [PATCH 1/3] net-snmp: make Openssl optional

This commit integrates the option
to add openssl to net-snmp.
This way SNMP V3 can be modified

Signed-off-by: Christian Korber <ckorber@tdt.de>
---
 net/net-snmp/Makefile | 147 ++++++++++++++++++++++++++++++++++++++----
 1 file changed, 136 insertions(+), 11 deletions(-)

diff --git a/net/net-snmp/Makefile b/net/net-snmp/Makefile
index 6d4a55ed36a1b..92e029b0d10f0 100644
--- a/net/net-snmp/Makefile
+++ b/net/net-snmp/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=net-snmp
 PKG_VERSION:=5.9.4
-PKG_RELEASE:=3
+PKG_RELEASE:=4
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=@SF/net-snmp
@@ -18,6 +18,7 @@ PKG_MAINTAINER:=Stijn Tintel <stijn@linux-ipv6.be>
 PKG_LICENSE:=MIT BSD-3-Clause-Clear
 PKG_CPE_ID:=cpe:/a:net-snmp:net-snmp
 
+
 PKG_FIXUP:=autoreconf
 
 include $(INCLUDE_DIR)/package.mk
@@ -37,20 +38,61 @@ define Package/net-snmp/Default/description
 endef
 
 
+define Package/net-snmp-ssl
+$(call Package/net-snmp/Default)
+  TITLE:= Open source SNMP package - with Openssl
+  DEPENDS:= \
+  	    +libnetsnmp-ssl \
+  	    +snmp-mibs \
+  	    +snmp-utils-ssl \
+  	    +snmptrapd-ssl \
+  	    +snmpd-ssl
+  VARIANT:ssl
+endef
+
+
+define Package/net-snmp-nossl
+$(call Package/net-snmp/Default)
+  TITLE:= Open source SNMP package - without Openssl
+  DEPENDS:= \
+  	    +libnetsnmp \
+  	    +snmp-mibs \
+  	    +snmp-utils \
+  	    +snmptrapd \
+  	    +snmpd
+  VARIANT:=nossl
+endef
+
 define Package/libnetsnmp
 $(call Package/net-snmp/Default)
   SECTION:=libs
   CATEGORY:=Libraries
   DEPENDS:=+libnl-tiny +libpci +libpcre2
   TITLE:=Open source SNMP implementation (libraries)
+  PROVIDES:libnetsnmp
+  VARIANT:=nossl
 endef
 
+define Package/libnetsnmp-ssl
+$(call Package/libnetsnmp)
+  DEPENDS+=+libopenssl
+  TITLE+= - with openssl
+  PROVIDES:=libnetsnmp
+  VARIANT:=ssl
+endef
+
+
 define Package/libnetsnmp/description
 $(call Package/net-snmp/Default/description)
  .
  This package contains shared libraries, needed by other programs.
 endef
 
+define Package/libnetsnmp-ssl/description
+$(call Package/libnetsnmp/description)
+ This package is built with SSL support.
+endef
+
 
 define Package/snmp-mibs
 $(call Package/net-snmp/Default)
@@ -64,13 +106,29 @@ $(call Package/net-snmp/Default/description)
 endef
 
 
-define Package/snmp-utils
+define Package/snmp-utils/Default
 $(call Package/net-snmp/Default)
-  DEPENDS:=+libnetsnmp
   TITLE:=Open source SNMP implementation (utilities)
 endef
 
-define Package/snmp-utils/description
+
+define Package/snmp-utils-ssl
+$(call Package/snmp-utils/Default)
+  DEPENDS:=+libnetsnmp-ssl
+  VARIANT:=ssl
+  TITLE+= - with Openssl
+endef
+
+
+define Package/snmp-utils
+$(call Package/snmp-utils/Default)
+  DEPENDS:=+libnetsnmp
+  VARIANT:=nossl
+  TITLE+= - without Openssl
+endef
+
+
+define Package/snmp-utils/description/Default
 $(call Package/net-snmp/Default/description)
  .
  This package contains SNMP client utilities:
@@ -82,10 +140,14 @@ $(call Package/net-snmp/Default/description)
    - snmpwalk
 endef
 
+Package/snmp-utils-ssl/description = $(Package/snmp-utils/descripition/Default)
+Package/snmp-utils/description = $(Package/snmp-utils/descripition/Default)
+
 
 define Package/snmpd
 $(call Package/net-snmp/Default)
   DEPENDS:=+libnetsnmp
+  VARIANT:=nossl
   TITLE:=Open source SNMP implementation (daemon)
 endef
 
@@ -96,27 +158,55 @@ $(call Package/net-snmp/Default/description)
 endef
 
 
+define Package/snmpd-ssl
+$(call Package/net-snmp/Default)
+  DEPENDS:=+libnetsnmp-ssl
+  VARIANT:=ssl
+  TITLE:=Open source SNMP implementation (daemon) with Openssl encryption
+endef
+
+
+Package/snmpd-ssl/description = $(Package/snmpd/description)
+
+
 define Package/snmpd-static
 $(call Package/net-snmp/Default)
-  DEPENDS:=+snmpd
   TITLE:=Open source SNMP implementation (daemon)
   BUILDONLY:=1
 endef
 
 
-define Package/snmptrapd
+define Package/snmptrapd/Default
 $(call Package/net-snmp/Default)
-  DEPENDS:=+libnetsnmp
   TITLE:=Open source SNMP implementation (notification receiver)
 endef
 
-define Package/snmptrapd/description
+define Package/snmptrapd-ssl
+$(call Package/snmptrapd/Default)
+  DEPENDS:=+libnetsnmp-ssl
+  VARIANT:=ssl
+  TITLE+= - with Openssl
+endef
+
+define Package/snmptrapd
+$(call Package/snmptrapd/Default)
+  DEPENDS:=+libnetsnmp
+  VARIANT:=nossl
+  TITLE+= - without Openssl
+endef
+
+
+define Package/snmptrapd/description/Default
 $(call Package/net-snmp/Default/description)
  .
  This package contains the SNMP notification receiver.
 endef
 
 
+Package/snmptrapd-ssl/description = $(Package/snmpdtrapd/description/Default)
+Package/snmptrapd/description = $(Package/snmpdtrapd/description/Default)
+
+
 SNMP_MIB_MODULES_INCLUDED = \
 	agent/extend \
 	agentx \
@@ -206,7 +296,6 @@ CONFIGURE_ARGS += \
 	--with-mib-modules="$(SNMP_MIB_MODULES_INCLUDED)" \
 	--with-out-transports="$(SNMP_TRANSPORTS_EXCLUDED)" \
 	--with-transports="$(SNMP_TRANSPORTS_INCLUDED)" \
-	--without-openssl \
 	--without-libwrap \
 	--without-mysql \
 	--without-rpm \
@@ -216,7 +305,7 @@ CONFIGURE_ARGS += \
 	 $(call autoconf_bool,CONFIG_IPV6,ipv6) \
 	--disable-perl-cc-checks \
 	--disable-embedded-perl \
-	--without-perl-modules
+	--without-perl-modules \
 
 CONFIGURE_VARS += \
 	ac_cv_header_netlink_netlink_h=yes \
@@ -226,6 +315,12 @@ ifeq ($(CONFIG_IPV6),y)
 SNMP_TRANSPORTS_INCLUDED+= UDPIPv6
 endif
 
+ifeq ($(BUILD_VARIANT),ssl)
+ CONFIGURE_ARGS+= --with-openssl="$(STAGING_DIR)/usr"
+else
+ CONFIGURE_ARGS+= --without-openssl
+endif
+
 define Build/Compile
 	$(MAKE) -C $(PKG_BUILD_DIR) \
 		INSTALL_PREFIX="$(PKG_INSTALL_DIR)" \
@@ -251,6 +346,11 @@ define Package/libnetsnmp/install
 	$(CP) $(PKG_INSTALL_DIR)/usr/lib/libnetsnmp{,agent,helpers,mibs}.so.* $(1)/usr/lib/
 endef
 
+
+define Package/libnetsnmp-ssl/install
+$(call Package/libnetsnmp/install,$(1))
+endef
+
 define Package/snmp-mibs/install
 	$(INSTALL_DIR) $(1)/usr/share/snmp/mibs
 	$(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/share/snmp/mibs/* $(1)/usr/share/snmp/mibs/
@@ -261,10 +361,18 @@ define Package/snmp-utils/install
 	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/snmp{get,set,status,test,trap,walk} $(1)/usr/bin/
 endef
 
-define Package/snmpd/conffiles
+
+define Package/snmp-utils-ssl/install
+$(call Package/snmp-utils/install,$(1))
+endef
+
+define Package/snmpd/conffiles/Default
 /etc/config/snmpd
 endef
 
+Package/snmpd-ssl/conffiles = $(Package/snmpd/conffiles/Default)
+Package/snmpd/conffiles = $(Package/snmpd/conffiles/Default)
+
 define Package/snmpd/install
 	$(INSTALL_DIR) $(1)/etc/config
 	$(INSTALL_DATA) ./files/snmpd.conf $(1)/etc/config/snmpd
@@ -276,6 +384,11 @@ define Package/snmpd/install
 	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/snmpd $(1)/usr/sbin/snmpd
 endef
 
+
+define Package/snmpd-ssl/install
+$(call Package/snmpd/install,$(1))
+endef
+
 define Package/snmptrapd/install
 	$(INSTALL_DIR) $(1)/etc/init.d
 	$(INSTALL_BIN) ./files/snmptrapd.init $(1)/etc/init.d/snmptrapd
@@ -285,9 +398,21 @@ define Package/snmptrapd/install
 	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/snmptrapd $(1)/usr/sbin/
 endef
 
+
+define Package/snmptrapd-ssl/install
+$(call Package/snmptrapd/install,$(1))
+endef
+
+
+$(eval $(call BuildPackage,libnetsnmp-ssl))
 $(eval $(call BuildPackage,libnetsnmp))
 $(eval $(call BuildPackage,snmp-mibs))
+$(eval $(call BuildPackage,snmp-utils-ssl))
 $(eval $(call BuildPackage,snmp-utils))
+$(eval $(call BuildPackage,snmpd-ssl))
 $(eval $(call BuildPackage,snmpd))
 $(eval $(call BuildPackage,snmpd-static))
+$(eval $(call BuildPackage,snmptrapd-ssl))
 $(eval $(call BuildPackage,snmptrapd))
+$(eval $(call BuildPackage,net-snmp-ssl))
+$(eval $(call BuildPackage,net-snmp-nossl))

From 4ca5840ce59c772b1e3ecb046e19a047426c76c6 Mon Sep 17 00:00:00 2001
From: Christian Korber <ckorber@tdt.de>
Date: Fri, 12 Jul 2024 12:51:47 +0200
Subject: [PATCH 2/3] net-snmp: add SNMPv3 options

This commit implements SNMPv3 functionality
to snmpd.init.
In particular it adds function snmpd_snmpdv3_add,
which sets the needed options in /var/run/snmpd.conf.
Additionally a possibility to download mib file
is also added.

Signed-off-by: Christian Korber <ckorber@tdt.de>
---
 net/net-snmp/files/snmpd.init | 61 +++++++++++++++++++++++++++++++++++
 1 file changed, 61 insertions(+)

diff --git a/net/net-snmp/files/snmpd.init b/net/net-snmp/files/snmpd.init
index 0fbf575aa803e..f910124e26e12 100644
--- a/net/net-snmp/files/snmpd.init
+++ b/net/net-snmp/files/snmpd.init
@@ -242,6 +242,66 @@ snmpd_sink_add() {
 	echo "$section $host$port $community" >> $CONFIGFILE
 }
 
+snmpd_snmpv3_add() {
+	local cfg="$1"
+	local cfg2="$2"
+
+	local version
+	local username
+	local auth_type
+	local auth_pass
+	local privacy_type
+	local privacy_pass
+	local allow_write
+	local oid
+
+	config_get version "$cfg2" snmp_version
+	if [ "$version" != "v1/v2c/v3" ] && [ "$version" != "v3" ]; then
+		return 0
+	fi
+
+	config_get username "$cfg" username
+	[ -n "$username" ] || return 0
+
+	config_get auth_type "$cfg" auth_type
+	[ -n "$auth_type" ] || return 0
+
+	config_get auth_pass "$cfg" auth_pass
+	config_get privacy_type "$cfg" privacy_type
+	config_get privacy_pass "$cfg" privacy_pass
+	config_get oid "$cfg" RestrictedOID
+
+	config_get_bool allow_write "$cfg" allow_write
+	local useraccess="Rouser"
+	[ $allow_write -eq 1 ] && useraccess="Rwuser"
+
+	if [ -n "$privacy_type" ] && [ -n "$auth_pass" ] && [ -n "$privacy_pass" ]; then
+		echo "createUser $username $auth_type \"$auth_pass\" $privacy_type \"$privacy_pass\"" >> $CONFIGFILE
+		if [ -n "$oid" ]; then
+			echo "$useraccess $username priv $oid" >> $CONFIGFILE
+		else
+			echo "$useraccess $username priv" >> $CONFIGFILE
+		fi
+		return
+	fi
+
+	if [ -n "$auth_type" ]; then
+		echo "createUser $username $auth_type \"$auth_pass\"" >> $CONFIGFILE
+		if [ -n "$oid" ]; then
+			echo "$useraccess $username auth $oid" >> $CONFIGFILE
+		else
+			echo "$useraccess $username auth" >> $CONFIGFILE
+		fi
+	else
+		echo "createUser $username" >> $CONFIGFILE
+		if [ -n "$oid" ]; then
+			echo "$useraccess $username noauth $oid" >> $CONFIGFILE
+		else
+			echo "$useraccess $username noauth" >> $CONFIGFILE
+		fi
+	fi
+}
+
 append_parm() {
 	local section="$1"
 	local option="$2"
@@ -319,6 +379,7 @@ start_service() {
 	append_authtrapenable authtrapenable enable authtrapenable
 	append_parm v1trapaddress host v1trapaddress
 	append_parm trapsess trapsess trapsess
+	config_foreach snmpd_snmpv3_add v3 general
 
 	procd_set_param command $PROG -Lf /dev/null -f -r
 	procd_set_param file $CONFIGFILE

From abd5697a2a9b09f8d06a01bc54129efc35d2afe8 Mon Sep 17 00:00:00 2001
From: Christian Korber <ckorber@tdt.de>
Date: Mon, 5 Aug 2024 11:45:14 +0200
Subject: [PATCH 3/3] net-snmp: add logging

This commit adds logging to syslog and to a logfile.

Signed-off-by: Christian Korber <ckorber@tdt.de>
---
 net/net-snmp/files/snmpd.init | 63 +++++++++++++++++++++++++++++++++--
 1 file changed, 61 insertions(+), 2 deletions(-)

diff --git a/net/net-snmp/files/snmpd.init b/net/net-snmp/files/snmpd.init
index f910124e26e12..0e2b373bbaaa2 100644
--- a/net/net-snmp/files/snmpd.init
+++ b/net/net-snmp/files/snmpd.init
@@ -344,6 +344,64 @@ snmpd_setup_fw_rules() {
 	HANDLED_SNMP_ZONES="$HANDLED_SNMP_ZONES $zone"
 }
 
+snmpd_configure_logging() {
+	local cfg="$1"
+	local log_syslog
+	local log_syslog_facility
+	local log_syslog_priority
+	local log_file
+	local log_file_path
+	local log_file_priority
+
+	config_get_bool log_syslog "$cfg" log_syslog 0
+
+	# d - LOG_DAEMON,
+	# u - LOG_USER,
+	# 0-7 - LOG_LOCAL0 through LOG_LOCAL7.
+
+	# 0 or ! - LOG_EMERG
+	# 1 or a - LOG_ALERT
+	# 2 or c - LOG_CRIT
+	# 3 or e - LOG_ERR
+	# 4 or w - LOG_WARN
+	# 5 or n - LOG_NOTICE
+	# 6 or i - LOG_INFO
+	# 7 or d - LOG_DEBUG
+
+	if [ "$log_syslog" -eq 1 ]; then
+		config_get log_syslog_facility "$cfg" log_syslog_facility "daemon"
+		config_get log_syslog_priority "$cfg" log_syslog_priority "info"
+
+		if [ "$log_syslog_facility" = "daemon" ] ||
+			[ "$log_syslog_facility" = "user" ]; then
+				log_syslog_facility=$(echo "$log_syslog_facility" |
+				cut -c 1)
+		else
+			log_syslog_facility=$(echo "$log_syslog_facility" |
+				cut -c 6)
+		fi
+
+		[ "$log_syslog_priority" = "emerg" ] && log_syslog_priority="!"
+		log_syslog_priority=$(echo "$log_syslog_priority" |
+			cut -c 1)
+
+		procd_append_param command "-LS ${log_syslog_priority} ${log_syslog_facility}"
+	fi
+
+	config_get_bool log_file "$cfg" log_file 0
+
+	if [ "$log_file" -eq 1 ]; then
+		config_get log_file_path "$cfg" log_file_path "/var/log/snmpd.log"
+		config_get log_file_priority "$cfg" log_file_priority "info"
+
+		[ "$log_file_priority" = "emerg" ] && log_file_priority="!"
+		log_file_priority=$(echo "$log_file_priority" | cut -c 1)
+
+		mkdir -p "$(dirname "${log_file_path}")"
+		procd_append_param command "-LF ${log_file_priority} ${log_file_path}"
+	fi
+}
+
 start_service() {
 	[ -f "$CONFIGFILE" ] && rm -f "$CONFIGFILE"
 
@@ -381,8 +439,9 @@ start_service() {
 	append_parm trapsess trapsess trapsess
 	config_foreach snmpd_snmpv3_add v3 general
 
-	procd_set_param command $PROG -Lf /dev/null -f -r
-	procd_set_param file $CONFIGFILE
+	procd_set_param command $PROG -f -r -p "$pid_file"
+	config_foreach snmpd_configure_logging log
+	procd_append_param command -C -c $CONFIGFILE
 	procd_set_param respawn
 
 	for iface in $(ls /sys/class/net 2>/dev/null); do