Improved Error Reporting and Thread-Safe Use of the SNMP Library

There is a need in some environments to support multiple threads

in a single application.  The SNMP Library provides the Single Session

functions which support thread-safe operation when certain precautions

are taken.  This document describes the operation of the SNMP Library

with a focus on its session management functions.  The Traditional API

and the Single API functions are compared and contrasted.

A working understanding of the CMU or UCD SNMP Library

API is recommended to fully appreciate the concepts discussed.

The document ends with a list of restrictions for using the Single API

in a multi-threaded application.

Unfortunately, the SNMPv3 support was added about the same time as

the thread support and since they occurred in parallel the SNMPv3

support was never checked for multi-threading correctness.  It is

most likely that it is not thread-safe at this time.

  ***** IMPORTANT ANNOUNCEMENT *****

  To the point, no resource locks are applied within the SNMP Library.

  The APDU encoding and some session management functions can be used

  in thread-safe manners. The MIB file parsing is not thread-safe.

  The Single Session API was made available in November 1998.

  Existing applications use the Traditional API, which is not thread-safe.

  The thread-safe considerations are discussed throughout this document.

The research and development of the Single Session API that I've completed

was wholly funded by my employer, Internet Security Systems, Inc.

and is distributed freely to the Internet community.

-Mike Slifcak, 23 April 1999

09 July 1999 Removed references to snmp_synch_setup and snmp_synch_reset

Availability

The Single Session API is integrated into the currently available

versions of the CMU SNMP library and the UC-Davis SNMP package.

 ftp://ftp.net.cmu.edu/pub/snmp/cmu-snmp-V1.13.tar.gz and later

  Read : snmp_sess_api.3, Changes.SingleSession

 ftp://ucd-snmp.ucdavis.edu/ucd-snmp-3.6.tar.gz and later

  Read : snmp_sess_api.3, README.thread (after version 3.6.1)

Both libraries work equally well in Windows NT and various

UNIX platforms.  Please read this document and refer to

the snmp_sess_api section 3 manual page.

Glossary of Terms

APDU    Application Protocol Data Unit

API     Application Programming Interface

CMU     Carnegie-Mellon University, Pittsburgh, PA.

Library The SNMP library; Both CMU and UCD versions are applicable.

Session Concept embodying the management of transacting SNMP APDUS.

SNMP    Simple Network Management Protocol

UCD     University of California at Davis, CA.

Introduction

The Library extends the UNIX file concept (open, close, read, write) to a Session.

Opening a Session binds a local socket to a well-known port and creates internal

structures to help with controlling the transaction of SNMP APDUs.  Closing a

Session releases the memory and system resources used for these purposes.

Since the mid-1980s, many SNMP applications have used the Traditional Session

API to transact SNMP APDUs between the local host and SNMP-enabled devices.

  The Traditional Session API does not support multi-threaded applications:

  1)  There are no resource locks to prevent exposing the Library's

      global data resources to corruption in a multi-threaded application;

  2)  The Traditional API functions that receive SNMP APDUs

      do not provide an interface for one of many sessions;

  3)  Errors discovered by the Library are communicated through global

      data structures and are not associated with the session

      in which the error occurred.

  The Single Session API provides these capabilities:

  1)  Manage a single SNMP session safely, in multi-threaded or

      non-threaded applications, by avoiding access to data structures

      that the Traditional Session API may share between Sessions;

  2)  Associate errors with the session context for threaded

      and non-threaded applications.

Contrasting and Comparing Traditional API and Single API

The Traditional API uses the struct snmp_session pointer returned

from snmp_open() to identify one SNMP session.  The Single API uses

the opaque pointer returned from snmp_sess_open() to identify one

SNMP session.

   Helpful Hint : The Library copies the contents of the

   structure which is input to snmp_open() and snmp_sess_open().

   Once copied, changing that input structure's data

   has no effect on the opened SNMP Session.

The Traditional API uses the snmp_error() function to identify any

library and system errors that occurred during the processing for

one SNMP session.   The Single API uses snmp_sess_error() for the

same purpose.

The Traditional API manages the private Sessions list structure;

adding to the list during snmp_open(), removing during snmp_close.

With few exceptions, the Traditional API calls the Single API

for each session that appears on the Sessions list.

The Traditional API reads from all Sessions on the Sessions list;

The Single API does not use the Sessions list.

The Single API can read from only one Session.

   Helpful Hint :

   This is the basis for thread-safe-ness of the Library.

   There are no resource locks applied.

Using the Single API

A multi-threaded application that deploys the SNMP Library should

should complete all MIB file parsing before additional threads

are activated.  Drawing from the parsed contents of the MIB does

not incur any data corruption exposure once the internal MIB structures

are initialised.

The application may create threads such that a single thread may manage

a single SNMP session.  The thread should call snmp_sess_init()

to prepare a struct snmp_session structure.  The thread can adjust

session parameters such as the remote UDP port or the local UDP port,

which must be set prior to invoking snmp_sess_open().

The first call to snmp_sess_init() initialises the SNMP Library,

including the MIB parse trees, before any SNMP sessions are created.

Applications that call snmp_sess_init() do not need to read MIBs

nor setup environment variables to utilize the Library.

After the struct snmp_session is setup, the thread must call

snmp_sess_open() to create an SNMP session.  If at any time

the thread must change the Session configuration,

snmp_sess_session() returns the pointer to the internal configuration

structure (a struct snmp_session, copied from snmp_sess_open).

The thread can adjust parameters such as the session timeout

or the community string with this returned struct snmp_session pointer.

Changes to the remote or local port values have no effect on an opened Session.

The thread can build PDUs and bind variables to PDUs, as it performs its duties.

The thread then calls snmp_sess_send() or snmp_sess_async_send() to build and send

an SNMP APDU to the remote device. If a Get-Response-PDU is expected, the thread

should call snmp_sess_synch_response() instead.

When the thread is finished using the session, it must free the resources

that the Library used to manage the session.

Finally, the thread must call snmp_sess_close() to end the Session.

Snmp_sess_init(), snmp_open(), and snmp_sess_open()

must use the same calling parameter for a given Session.

Other methods should use only the returned parameter from

snmp_open() and snmp_sess_open() to access the opened SNMP Session.

Error Processing

Two calls were added : snmp_error() and snmp_sess_error() return the

"errno" and "snmp_errno" values from the per session data, and a string

that describes the errors that they represent.  The string must be freed

by the caller.

Use snmp_error() to process failures after Traditional API calls,

or snmp_sess_error() to process failure after Single API calls.

In the case where an SNMP session could not be opened,

call snmp_error() using the struct snmp_session supplied to either snmp_open()

or snmp_sess_open().

The following variables and functions are obsolete and may create problems

in a multi-threaded application :

  int    snmp_errno

  char * snmp_detail

  snmp_set_detail()

  snmp_api_errstring()

Function Summary

The functions in the following table are functionally equivalent,

with the exception of these behaviors:

- The Traditional API manages many sessions

- The Traditional API passes a struct snmp_session pointer,

       and touches the Sessions list

- The Single API manages only one session

- The Single API passes an opaque pointer, and does not use Sessions list

  Traditional        Single                    Comment

  ===========        ==============            =======

  snmp_sess_init     snmp_sess_init            Call before either open

  snmp_open          snmp_sess_open            Single not on Sessions list

                     snmp_sess_session         Exposes snmp_session pointer

  snmp_send          snmp_sess_send            Send one APDU

  snmp_async_send    snmp_sess_async_send      Send one APDU with callback

  snmp_select_info   snmp_sess_select_info     Which session(s) have input

  snmp_read          snmp_sess_read            Read APDUs

  snmp_timeout       snmp_sess_timeout         Check for timeout

  snmp_close         snmp_sess_close           Single not on Sessions list

 snmp_synch_response snmp_sess_synch_response  Send/receive one APDU

  snmp_error         snmp_sess_error           Get library,system errno

Example 1 : Traditional API use.

    #include "snmp_api.h"

      ...

      int liberr, syserr;

      char *errstr;

      struct snmp_session Session, *sptr;

      ...

      snmp_sess_init(&Session);

      Session.peername = "foo.bar.net";

      sptr = snmp_open(&Session);

      if (sptr == NULL) {

          /* Error codes found in open calling argument */

          snmp_error(&Session, &liberr, &syserr, &errstr);

          printf("SNMP create error %s.\n", errstr);

          free(errstr);

          return 0;

      }

      /* Pass sptr to snmp_error from here forward */

      ...

      /* Change the community name */

      free(sptr->community);

      sptr->community = strdup("public");

      sptr->community_len = strlen("public");

      ...

      if (0 == snmp_send(sptr, pdu)) {

          snmp_error(sptr, &liberr, &syserr, &errstr);

          printf("SNMP write error %s.\n", errstr);

          free(errstr);

          return 0;

      }

      snmp_close(sptr);

Example 2 : Single API use.

    #include "snmp_api.h"

      ...

      int liberr, syserr;

      char *errstr;

      void *sessp;  /* <-- an opaque pointer, not a struct pointer */

      struct snmp_session Session, *sptr;

      ...

      snmp_sess_init(&Session);

      Session.peername = "foo.bar.net";

      sessp = snmp_sess_open(&Session);

      if (sessp == NULL) {

          /* Error codes found in open calling argument */

          snmp_error(&Session, &liberr, &syserr, &errstr);

          printf("SNMP create error %s.\n", errstr);

          free(errstr);

          return 0;

      }

      sptr = snmp_sess_session(sessp); /* <-- get the snmp_session pointer */

      /* Pass sptr to snmp_sess_error from here forward */

      ...

      /* Change the community name */

      free(sptr->community);

      sptr->community = strdup("public");

      sptr->community_len = strlen("public");

      ...

      if (0 == snmp_sess_send(sessp, pdu)) {

          snmp_sess_error(sessp, &liberr, &syserr, &errstr);

          printf("SNMP write error %s.\n", errstr);

          free(errstr);

          return 0;

      }

      snmp_sess_close(sessp);

Example 3. Differences Between Traditional API and Single API Usage

5a6

>       void *sessp;  /* <-- an opaque pointer, not a struct pointer */

11,13c12,14

<       sptr = snmp_open(&Session);

<       if (sptr == NULL) {

---

>       sessp = snmp_sess_open(&Session);

>       if (sessp == NULL) {

19c20,22

<       /* Pass sptr to snmp_error from here forward */

---

>       sptr = snmp_sess_session(sessp); /* <-- get the snmp_session pointer */

> 

>       /* Pass sptr to snmp_sess_error from here forward */

26,27c29,30

<       if (0 == snmp_send(sptr, pdu)) {

<           snmp_error(sptr, &liberr, &syserr, &errstr);

---

>       if (0 == snmp_sess_send(sessp, pdu)) {

>           snmp_sess_error(sessp, &liberr, &syserr, &errstr);

33c36

<       snmp_close(sptr);

---

>       snmp_sess_close(sessp);

Restrictions on Multi-threaded Use of the SNMP Library

  1. Invoke SOCK_STARTUP or SOCK_CLEANUP from the main thread only.

  2. The MIB parsing functions use global shared data and are not

     multi-thread safe when the MIB tree is under construction.

     Once the tree is built, the data can be safely referenced from

     any thread.  There is no provision for freeing the MIB tree.

     Suggestion: Read the MIB files before an SNMP session is created.

     This can be accomplished by invoking snmp_sess_init from the main

     thread and discarding the buffer which is initialised.

  3. Invoke the SNMPv2p initialisation before an SNMP session is created,

     for reasons similar to reading the MIB file.

     The SNMPv2p structures should be available to all SNMP sessions.

     CAUTION: These structures have not been tested in a multi-threaded

     application.

  4. Sessions created using the Single API do not interact with other

     SNMP sessions.  If you choose to use Traditional API calls, call

     them from a single thread.  The Library cannot reference an SNMP

     session using both Traditional and Single API calls.

  5. Using the callback mechanism for asynchronous response PDUs

     requires additional caution in a multi-threaded application.

     This means a callback function probably should probably not use

     Single API calls to further process the session.

  6. Each call to snmp_sess_open() creates an IDS.  Only a call to

     snmp_sess_close() releases the resources used by the IDS.