Improved Error Reporting and Thread-Safe Use of the SNMP Library There is a need in some environments to support multiple threads in a single application. The SNMP Library provides the Single Session functions which support thread-safe operation when certain precautions are taken. This document describes the operation of the SNMP Library with a focus on its session management functions. The Traditional API and the Single API functions are compared and contrasted. A working understanding of the CMU or UCD SNMP Library API is recommended to fully appreciate the concepts discussed. The document ends with a list of restrictions for using the Single API in a multi-threaded application. ***** IMPORTANT ANNOUNCEMENT ***** To the point, no resource locks are applied within the SNMP Library. The APDU encoding and some session management functions can be used in thread-safe manners. The MIB file parsing is not thread-safe. The Single Session API was made available in November 1998. Existing applications use the Traditional API, which is not thread-safe. The thread-safe considerations are discussed throughout this document. The research and development of the Single Session API that I've completed was wholly funded by my employer, Internet Security Systems, Inc. and is distributed freely to the Internet community. -Mike Slifcak, 23 April 1999 09 July 1999 Removed references to snmp_synch_setup and snmp_synch_reset Availability The Single Session API is integrated into the currently available versions of the CMU SNMP library and the UC-Davis SNMP package. ftp://ftp.net.cmu.edu/pub/snmp/cmu-snmp-V1.13.tar.gz and later Read : snmp_sess_api.3, Changes.SingleSession ftp://ucd-snmp.ucdavis.edu/ucd-snmp-3.6.tar.gz and later Read : snmp_sess_api.3, README.thread (after version 3.6.1) Both libraries work equally well in Windows NT and various UNIX platforms. Please read this document and refer to the snmp_sess_api section 3 manual page. Glossary of Terms APDU Application Protocol Data Unit API Application Programming Interface CMU Carnegie-Mellon University, Pittsburgh, PA. Library The SNMP library; Both CMU and UCD versions are applicable. Session Concept embodying the management of transacting SNMP APDUS. SNMP Simple Network Management Protocol UCD University of California at Davis, CA. Introduction The Library extends the UNIX file concept (open, close, read, write) to a Session. Opening a Session binds a local socket to a well-known port and creates internal structures to help with controlling the transaction of SNMP APDUs. Closing a Session releases the memory and system resources used for these purposes. Since the mid-1980s, many SNMP applications have used the Traditional Session API to transact SNMP APDUs between the local host and SNMP-enabled devices. The Traditional Session API does not support multi-threaded applications: 1) There are no resource locks to prevent exposing the Library's global data resources to corruption in a multi-threaded application; 2) The Traditional API functions that receive SNMP APDUs do not provide an interface for one of many sessions; 3) Errors discovered by the Library are communicated through global data structures and are not associated with the session in which the error occurred. The Single Session API provides these capabilities: 1) Manage a single SNMP session safely, in multi-threaded or non-threaded applications, by avoiding access to data structures that the Traditional Session API may share between Sessions; 2) Associate errors with the session context for threaded and non-threaded applications. Contrasting and Comparing Traditional API and Single API The Traditional API uses the struct snmp_session pointer returned from snmp_open() to identify one SNMP session. The Single API uses the opaque pointer returned from snmp_sess_open() to identify one SNMP session. Helpful Hint : The Library copies the contents of the structure which is input to snmp_open() and snmp_sess_open(). Once copied, changing that input structure's data has no effect on the opened SNMP Session. The Traditional API uses the snmp_error() function to identify any library and system errors that occurred during the processing for one SNMP session. The Single API uses snmp_sess_error() for the same purpose. The Traditional API manages the private Sessions list structure; adding to the list during snmp_open(), removing during snmp_close. With few exceptions, the Traditional API calls the Single API for each session that appears on the Sessions list. The Traditional API reads from all Sessions on the Sessions list; The Single API does not use the Sessions list. The Single API can read from only one Session. Helpful Hint : This is the basis for thread-safe-ness of the Library. There are no resource locks applied. Using the Single API A multi-threaded application that deploys the SNMP Library should should complete all MIB file parsing before additional threads are activated. Drawing from the parsed contents of the MIB does not incur any data corruption exposure once the internal MIB structures are initialised. The application may create threads such that a single thread may manage a single SNMP session. The thread should call snmp_sess_init() to prepare a struct snmp_session structure. The thread can adjust session parameters such as the remote UDP port or the local UDP port, which must be set prior to invoking snmp_sess_open(). The first call to snmp_sess_init() initialises the SNMP Library, including the MIB parse trees, before any SNMP sessions are created. Applications that call snmp_sess_init() do not need to read MIBs nor setup environment variables to utilize the Library. After the struct snmp_session is setup, the thread must call snmp_sess_open() to create an SNMP session. If at any time the thread must change the Session configuration, snmp_sess_session() returns the pointer to the internal configuration structure (a struct snmp_session, copied from snmp_sess_open). The thread can adjust parameters such as the session timeout or the community string with this returned struct snmp_session pointer. Changes to the remote or local port values have no effect on an opened Session. The thread can build PDUs and bind variables to PDUs, as it performs its duties. The thread then calls snmp_sess_send() or snmp_sess_async_send() to build and send an SNMP APDU to the remote device. If a Get-Response-PDU is expected, the thread should call snmp_sess_synch_response() instead. When the thread is finished using the session, it must free the resources that the Library used to manage the session. Finally, the thread must call snmp_sess_close() to end the Session. Snmp_sess_init(), snmp_open(), and snmp_sess_open() must use the same calling parameter for a given Session. Other methods should use only the returned parameter from snmp_open() and snmp_sess_open() to access the opened SNMP Session. Error Processing Two calls were added : snmp_error() and snmp_sess_error() return the "errno" and "snmp_errno" values from the per session data, and a string that describes the errors that they represent. The string must be freed by the caller. Use snmp_error() to process failures after Traditional API calls, or snmp_sess_error() to process failure after Single API calls. In the case where an SNMP session could not be opened, call snmp_error() using the struct snmp_session supplied to either snmp_open() or snmp_sess_open(). The following variables and functions are obsolete and may create problems in a multi-threaded application : int snmp_errno char * snmp_detail snmp_set_detail() snmp_api_errstring() Function Summary The functions in the following table are functionally equivalent, with the exception of these behaviors: - The Traditional API manages many sessions - The Traditional API passes a struct snmp_session pointer, and touches the Sessions list - The Single API manages only one session - The Single API passes an opaque pointer, and does not use Sessions list Traditional Single Comment =========== ============== ======= snmp_sess_init snmp_sess_init Call before either open snmp_open snmp_sess_open Single not on Sessions list snmp_sess_session Exposes snmp_session pointer snmp_send snmp_sess_send Send one APDU snmp_async_send snmp_sess_async_send Send one APDU with callback snmp_select_info snmp_sess_select_info Which session(s) have input snmp_read snmp_sess_read Read APDUs snmp_timeout snmp_sess_timeout Check for timeout snmp_close snmp_sess_close Single not on Sessions list snmp_synch_response snmp_sess_synch_response Send/receive one APDU snmp_error snmp_sess_error Get library,system errno Example 1 : Traditional API use. #include "snmp_api.h" ... int liberr, syserr; char *errstr; struct snmp_session Session, *sptr; ... snmp_sess_init(&Session); Session.peername = "foo.bar.net"; sptr = snmp_open(&Session); if (sptr == NULL) { /* Error codes found in open calling argument */ snmp_error(&Session, &liberr, &syserr, &errstr); printf("SNMP create error %s.\n", errstr); free(errstr); return 0; } /* Pass sptr to snmp_error from here forward */ ... /* Change the community name */ free(sptr->community); sptr->community = strdup("public"); sptr->community_len = strlen("public"); ... if (0 == snmp_send(sptr, pdu)) { snmp_error(sptr, &liberr, &syserr, &errstr); printf("SNMP write error %s.\n", errstr); free(errstr); return 0; } snmp_close(sptr); Example 2 : Single API use. #include "snmp_api.h" ... int liberr, syserr; char *errstr; void *sessp; /* <-- an opaque pointer, not a struct pointer */ struct snmp_session Session, *sptr; ... snmp_sess_init(&Session); Session.peername = "foo.bar.net"; sessp = snmp_sess_open(&Session); if (sessp == NULL) { /* Error codes found in open calling argument */ snmp_error(&Session, &liberr, &syserr, &errstr); printf("SNMP create error %s.\n", errstr); free(errstr); return 0; } sptr = snmp_sess_session(sessp); /* <-- get the snmp_session pointer */ /* Pass sptr to snmp_sess_error from here forward */ ... /* Change the community name */ free(sptr->community); sptr->community = strdup("public"); sptr->community_len = strlen("public"); ... if (0 == snmp_sess_send(sessp, pdu)) { snmp_sess_error(sessp, &liberr, &syserr, &errstr); printf("SNMP write error %s.\n", errstr); free(errstr); return 0; } snmp_sess_close(sessp); Example 3. Differences Between Traditional API and Single API Usage 5a6 > void *sessp; /* <-- an opaque pointer, not a struct pointer */ 11,13c12,14 < sptr = snmp_open(&Session); < if (sptr == NULL) { --- > sessp = snmp_sess_open(&Session); > if (sessp == NULL) { 19c20,22 < /* Pass sptr to snmp_error from here forward */ --- > sptr = snmp_sess_session(sessp); /* <-- get the snmp_session pointer */ > > /* Pass sptr to snmp_sess_error from here forward */ 26,27c29,30 < if (0 == snmp_send(sptr, pdu)) { < snmp_error(sptr, &liberr, &syserr, &errstr); --- > if (0 == snmp_sess_send(sessp, pdu)) { > snmp_sess_error(sessp, &liberr, &syserr, &errstr); 33c36 < snmp_close(sptr); --- > snmp_sess_close(sessp); Restrictions on Multi-threaded Use of the SNMP Library 1. Invoke SOCK_STARTUP or SOCK_CLEANUP from the main thread only. 2. The MIB parsing functions use global shared data and are not multi-thread safe when the MIB tree is under construction. Once the tree is built, the data can be safely referenced from any thread. There is no provision for freeing the MIB tree. Suggestion: Read the MIB files before an SNMP session is created. This can be accomplished by invoking snmp_sess_init from the main thread and discarding the buffer which is initialised. 3. Invoke the SNMPv2p initialisation before an SNMP session is created, for reasons similar to reading the MIB file. The SNMPv2p structures should be available to all SNMP sessions. CAUTION: These structures have not been tested in a multi-threaded application. 4. Sessions created using the Single API do not interact with other SNMP sessions. If you choose to use Traditional API calls, call them from a single thread. The Library cannot reference an SNMP session using both Traditional and Single API calls. 5. Using the callback mechanism for asynchronous response PDUs requires additional caution in a multi-threaded application. This means a callback function probably should probably not use Single API calls to further process the session. 6. Each call to snmp_sess_open() creates an IDS. Only a call to snmp_sess_close() releases the resources used by the IDS.