OpenBSD Journal

k2k20 hackathon report: Martijn van Duren on snmp, agentx, and other progress

Contributed by rueda on from the furthering agency dept.

The k2k20 hackathon concluded recently, and we are please to have received a report from Martijn van Duren (martijn@):

I came to k2k20 on my motorcycle with my mask, a small backpack and a stack of projects burning on my laptop to get pushed. After a long ride ending on the lovely winding roads of the black forest I arrived at Burg Liebenzell slightly past noon, where I was greeted by a collection of other OpenBSD developers who just came back from lunch. After checking in and a quick lunch of my own I joined the rest in the hackroom where everything was set up in a wide circle giving every table plenty of room for privilege separation^W^Wsocial distancing.

The first thing I did was inform people on the syntax change of snmpd(8), which at the same time introduces the option to specify the port it should listen on. This is especially useful for people who think snmp should've been allocated on port 666 instead of 161.

After that I tried to trick claudio@ into looking at a new agentx library I've been working on for the past year. This library tries to abstract away both the underlying protocol and the entire state machine plus object selection, which are the hardest parts of working with snmp/ agentx. Having succeeded at this, the wheels of my biggest priority were set into motion, and I spent the rest of the time catching up with the rest of the people there and aimlessly wandering around my src tree.

By the end of the afternoon, jasper@ arrived bringing the rest of my luggage. He also happened to be the person I needed for the second big ticket I wanted to get done, but that could wait until the next day.

The next day I handed over a new tarball for filter-dkimsign and an update to the port to jasper@. This update allows people to specify multiple domains in accordance with the DMARC specifications, which state that a domain should be signed based on the domain-component of the from-header. Being a port this was an easier push than my other work, but my first genuine commit of the hackathon was a fact.

The last big thing on my list was login_ldap, which I already got a tentative OK for from bluhm@ during u2k20, but I still needed the go ahead of someone more familiar with the authentication framework. After a quick talk with deraadt@ I managed to commit login_ldap that same afternoon [reported earlier - Ed.], resulting quickly in a couple of "thank you"s and a diff or two, which I also promptly committed.

I ended up my second day with a commit that lets snmp(1) use the new DISPLAY-HINT code on the df subcommand, which should give people a little more protection when using it against an untrusted server. Not a bad score for my second day.

After an uneventful sunday, I managed to catch a bugreport on monday where smtpctl spf walk would give no output if the record would consist solely out of macro's, but no ip-addresses. Throwing a warning during the walk was an easy fix and got committed promptly. In the meantime I've been talking off and on with claudio@ and others about my agentx code and some of the design choices I made and that afternoon it was finally time, I was able to commit my code into relayd, replacing the old agentx code, fixing a couple of issues in the process.

Now that the code was in and I was working in some other other places where agentx could prove useful, I started to get frustrated by having to convert object names into ids manually, which resulted in a quick diff expanding snmp mibtree's functionality to limit the output to a given list of objects, which I committed moments later.

I ended up the last two days of the hackathon by turning my agentx code into a proper library at the request of deraadt@, and polishing up my agentx diff for two other daemons I have laying around, which will hopefully get committed at the time we link libagentx to the build.

Finally, I ended my wednesday by pushing a small bugfix into syslogd and adding the admd keyword to smtpd while most of the other developers had already left. The admd keyword will be useful for my filter-admdscrub which I hope to release soon and other filters that make use of the Authentication-Results header.

Thursday morning I enjoyed my final breakfast looking at the castle and gazing over the valley, starting to miss my time there already.

I would like to thank:

  • Genua, the people of Burg Liebenzell and Sir Jan Klemkow for organizing a great hackathon.
  • My previous employer ITisit for allowing me to work on login_ldap and libagentx.
  • My current employer CloudVPS for giving me the chance to attend.

Many thanks, Martijn, for both the work and the report!

(Comments are closed)


Latest Articles

Credits

Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]