Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(inputs.snmp_trap): Enable SHA ciphers #14665

Merged
merged 2 commits into from
Feb 2, 2024
Merged

fix(inputs.snmp_trap): Enable SHA ciphers #14665

merged 2 commits into from
Feb 2, 2024

Conversation

JuhaKS
Copy link
Contributor

@JuhaKS JuhaKS commented Feb 1, 2024

Summary

SHA224, SHA256, SHA384 and SHA512 ciphers had been commented out when SNMPv3 support was implemented because they were not at that time yet sufficiently supported by gosnmp. Gosnmp has advanced and the ciphers are now fully working, so they can be added to the list of valid options for the snmp_trap plugin

Checklist

  • No AI generated code was used in this PR

Related issues

resolves #14664

@telegraf-tiger telegraf-tiger bot added fix pr to fix corresponding bug plugin/input 1. Request for new input plugins 2. Issues/PRs that are related to input plugins labels Feb 1, 2024
@powersj
Copy link
Contributor

powersj commented Feb 1, 2024

Hi,

Thanks for the issue and PR. Can you pleaes:

  1. verify that this PR resolves the issue?
  2. Run make docs in your check out so the docs are updated?

Thanks!

@powersj powersj added the waiting for response waiting for response from contributor label Feb 1, 2024
@JuhaKS
Copy link
Contributor Author

JuhaKS commented Feb 1, 2024
edited
Loading

Hi,

Thanks for the issue and PR. Can you pleaes:

  1. verify that this PR resolves the issue?
  2. Run make docs in your check out so the docs are updated?

Thanks!

Updated sample.conf and ran make docs to update the README.md to match

I verified the PR using our SNMP4J-based traffic generator to send events through Telegraf and verified the content of the events using Wireshark, output from Telegraf contained the original data unchanged. I manually tested the following combinations with AES256: SHA224, SHA256, SHA384 and SHA512. The code already had unit tests to cover the SHA ciphers so I just needed to take them into use

@telegraf-tiger telegraf-tiger bot removed the waiting for response waiting for response from contributor label Feb 1, 2024
powersj
powersj approved these changes Feb 1, 2024
View reviewed changes
Copy link
Contributor

@powersj powersj left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you!

@powersj powersj added the ready for final review This pull request has been reviewed and/or tested by multiple users and is ready for a final review. label Feb 1, 2024
@telegraf-tiger
Copy link
Contributor

telegraf-tiger bot commented Feb 1, 2024

Download PR build artifacts for linux_amd64.tar.gz, darwin_arm64.tar.gz, and windows_amd64.zip.
Downloads for additional architectures and packages are available below.

⚠️ This pull request increases the Telegraf binary size by 1.44 % for linux amd64 (new size: 224.7 MB, nightly size 221.5 MB)

📦 Click here to get additional PR build artifacts

Artifact URLs

DEB RPM TAR GZ ZIP
amd64.deb aarch64.rpm darwin_amd64.tar.gz windows_amd64.zip
arm64.deb armel.rpm darwin_arm64.tar.gz windows_arm64.zip
armel.deb armv6hl.rpm freebsd_amd64.tar.gz windows_i386.zip
armhf.deb i386.rpm freebsd_armv7.tar.gz
i386.deb ppc64le.rpm freebsd_i386.tar.gz
mips.deb riscv64.rpm linux_amd64.tar.gz
mipsel.deb s390x.rpm linux_arm64.tar.gz
ppc64el.deb x86_64.rpm linux_armel.tar.gz
riscv64.deb linux_armhf.tar.gz
s390x.deb linux_i386.tar.gz
linux_mips.tar.gz
linux_mipsel.tar.gz
linux_ppc64le.tar.gz
linux_riscv64.tar.gz
linux_s390x.tar.gz

srebhan
srebhan approved these changes Feb 2, 2024
View reviewed changes
Copy link
Member

@srebhan srebhan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you very much @JuhaKS!

@srebhan srebhan changed the title fix(inputs.snmp_trap): enable all SHA ciphers supported by gosnmp fix(inputs.snmp_trap): Enable SHA ciphers Feb 2, 2024
@srebhan srebhan merged commit f9f2adf into influxdata:master Feb 2, 2024
27 checks passed
@github-actions github-actions bot added this to the v1.29.5 milestone Feb 2, 2024
@JuhaKS JuhaKS deleted the enableSHAciphers branch February 2, 2024 10:31
powersj pushed a commit that referenced this pull request Feb 20, 2024
@JuhaKS @powersj
fix(inputs.snmp_trap): Enable SHA ciphers (#14665)
ac3cb60 
(cherry picked from commit f9f2adf)
@Porkepix Porkepix mentioned this pull request Feb 20, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@srebhan srebhan srebhan approved these changes

@powersj powersj powersj approved these changes

Assignees

@srebhan srebhan

Labels
area/snmp fix pr to fix corresponding bug plugin/input 1. Request for new input plugins 2. Issues/PRs that are related to input plugins ready for final review This pull request has been reviewed and/or tested by multiple users and is ready for a final review.
Projects
None yet
Milestone
v1.29.5
Development

Successfully merging this pull request may close these issues.

SHA224, SHA256, SHA384 and SHA512 could be enabled in the snmp_trap plugin code now that gosnmp supports them
3 participants
@JuhaKS @powersj @srebhan