Re: snmp decoding ...ubuntu smi issue ?... different then on windows XP ...?

[Jaap Keuter <jaap.keuter () xs4all nl>]

Hi, 

Some history: 

libsmi doesn't provide MIBs any more, due to
Debian bug 498476 [7] 

MIB installation was spun out into an
independent package snmp-mibs-downloader [8] 

This package downloads
the MIBs directly from their source [9], so these are not cleaned up for
libsmi. 

libsmi integration is not trivial from an application point of
view; it's easier to have it crash than work for you.
It took several
iterations for Wireshark to get this right. You'll have to look in the
Wireshark bug database [10] and code repository [11] to see what was
solved in which release. 
All I know is that in the 1.4 release branch
things are much better (a.k.a. working). 

i.s.o. trying to compile
everything yourself it might be a good idea to install the newer
Wireshark packages from the Ubuntu repositories of a newer release.


Thanks,
Jaap 

On Thu, 20 Jan 2011 07:41:38 -0600, Sandor, Todd (Todd)
wrote: 

> Thanks for the response Andrew ..
>
> I did a find on my
entire system, didn't find any "extra" MIB files anywhere, not sure
where RFC1213-MIB is found? 
> Anyway ...Did a purge on
snmp-mibs-downloader and got error
> dpkg: warning: while removing
snmp-mibs-downloader, directory '/var/lib/mibs' not empty so not
removed.
> Manually removed /var/lib/mibs then installed
snmp-mibs-downloader and the /var/lib/mibs was re-populated...
> Thus,
one possibility is SMI 0.4.8 on Ubuntu doesn't seem like these MIBs..
>

> Looked up the package contents on:
http://packages.ubuntu.com/search?searchon=names&keywords=XXX [1] for 
>
libsmi2-common 
> libsmi2-dev 
> libsmi2ldbl
>
> None of them list
anything about MIB files ...(these all contain libraries). Are you sure
the MIBs that "Frank/Juergen" are part of SMILIB? If so, which one?
>
Can you tell me how I checkout/build smilib from subversion? I googled
and round the command below, but got error on the checkout ...
> svn
checkout http://libsmi.googlecode.com/svn/trunk/ [2] libsmi-read-only
>
svn: OPTIONS of 'http://libsmi.googlecode.com/svn/trunk [3]': could not
connect to server (http://libsmi.googlecode.com [4])
> Yes - this is
a 64bit system...
> Cheers...
>
> -----Original Message-----
> From:
wireshark-dev-bounces () wireshark org [5]
[mailto:wireshark-dev-bounces () wireshark org [6]] On Behalf Of Andrew
Hood
> Sent: Wednesday, January 19, 2011 5:54 AM
> To: Developer support
list for Wireshark
> Subject: Re: [Wireshark-dev] snmp decoding
...ubuntu smi issue ?... different then on windows XP ...?
> Before
we get any deeper I don't run Ubuntu. Slackware rules.
> Sandor, Todd
(Todd) wrote:
> > What version of libsmi does Ubuntu have? The current
one is 0.4.8, but I
> > tend to use the one in Subversion.
> >
> > Todd>
According to "About Wireshark", it using SMI 0.4.8 ...
> Good
start.
> > Are your MIBs ones that come with Ubuntu, some other
package, or the
> > ones from libsmi? libsmi's parser is extremely strict
and many other
> > sources have less than perfect (to be polite) syntax
and semantics.
> > Frank and Juergen fix the MIBs they include in libsmi
so they are correct.
> > Todd> Not sure exactly, possibly with
Ubuntu, how do I determine this? 
> > Todd> Notes:
> > * there are some
mibs in directories /var/lib/mibs/iana and /var/lib/mibs/ietf File
/etc/smi.conf "path" points to /usr/share/mibs/ which have symbolic
links to the ones in /var/lib/mibs ...
> > * I did purge of the smi
library(s), but these mibs were left in place " sudo apt-get purge
libsmi2-common libsmi2-dev libsmi2ldbl", so ... (technically they should
be removed if they were part of this install, no?), so this might be
part of Ubuntu or ?
> * I then moved /var/lib/mibs/ietf/RFC1213-MIB
somewhere else, then started wireshark again and got the same
RFC1212-MIB, thus Wireshark must not be using this directory
(/etc/smi.conf path points to them via sym-links in
/usr/share/mibs/...
> > Todd> If Frank/Juergen fixed the mibs, where
are the put when you install the libsmi?
> > Left to it's own
devices, the libsmi build puts them in
> > /usr/local/share/mibs/
tf,site,tubs} but where Ubuntu choose
> to put them is their business.
If Wireshark is still finding those two
> MIB files, then there must be
other copies somewhere. Does Ubuntu's
> Wireshark have any MIBs
included?
> If you want to include other MIBs you really have to make
sure you have
> all the IM
>
> > be better.
> >
> > Todd> If can get base
to work, I look into using private mibs and work through smilint, etc.,
I'm a newbie and part of my issue are finger issues right now...
> >
Andrew

 

Links:
------
[1]
http://packages.ubuntu.com/search?searchon=names|+|amp|+|keywords=XXX
[2]
http://libsmi.googlecode.com/svn/trunk/
[3]
http://libsmi.googlecode.com/svn/trunk
[4]
http://libsmi.googlecode.com
[5]
mailto:wireshark-dev-bounces () wireshark org
[6]
mailto:wireshark-dev-bounces () wireshark org
[7]
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=498476
[8]
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559039
[9]
http://git.debian.org/?p=collab-maint/snmp-mibs-downloader.git;a=tree;h=6e6dbcedadf001f53382ad68dcd21dd2e274f8a9;hb=6e6dbcedadf001f53382ad68dcd21dd2e274f8a9
[10]
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3315
[11]
http://anonsvn.wireshark.org/viewvc/trunk/

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe