Compiling Net-SNMP for PowerPC running Embedded Linux
I was recently requested to get SNMPv3 up and running on a PPC board running Linux. It needed to support hardcoded views, creation/deletion of V3 USM users in runtime and allow for three security profiles: none, MD5 authentication and MD5 authentication with DES encryption. The obvious choice is to base this on Net-SNMP, but I first tried to use the version precompiled and included in the ELDK. By simply loading the appropriate binaries on to the target, I quickly got an SNMP agent functioning. There were two issues:
- The version was compiled in a certain way that took up a lot of flash space (openssl was required as an external shared library)
- The version was pretty old – based on the 5.4.x branch
For fun, I downloaded the ELDK source RPMs, unpackaged, tailored the RPM spec, rebuilt and installed it on to my ELDK library. Sure enough, I got a much smaller agent but decided I want to use the latest and greatest Net-SNMP, 5.6.1 at the time of writing. The build process below assumes you have ELDK 4.2 installed on Ubuntu. You can check out a recent post of mine for detailed installation instructions.
Start by downloading the latest source packages from the Net-SNMP site. Extract it to a directory and open it in a terminal. We then start by setting CROSS_COMPILE, required for running ppc-linux-gcc (in my case, ppc_8xx).
CROSS_COMPILE=ppc_8xx export CROSS_COMPILE
Now we can simply go ahead and configure Net-SNMP for our needs:
./configure --host=ppc-linux --build=i386-pc-linux-gnu --target=ppc-denx-linux --program-prefix= --prefix=/usr --exec-prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin --sysconfdir=/etc --datadir=/usr/share --includedir=/usr/include/net-snmp --libdir=/usr/lib --libexecdir=/usr/libexec --localstatedir=/var --sharedstatedir=/usr/com --mandir=/usr/share/man --infodir=/usr/share/info --with-endianness=big --enable-privacy --enable-des --enable-internal-md5 --disable-snmpv1 --without-rpm --with-openssl=internal --enable-mini-agent --with-out-transports="TCP Callback Unix Alias" --with-default-snmp-version="3" --enable-shared --with-cflags="-O2 -fsigned-char" --with-ldflags= --with-sys-location=Unknown --with-logfile=/var/log/snmpd.log --with-persistent-directory=/var/net-snmp --with-out-mib-modules=examples/ucdDemoPublic --sysconfdir=/etc --with-libwrap --with-pic --disable-embedded-perl --with-perl-modules=no --with-sys-contact=root@localhost --disable-manuals --disable-scripts --disable-mibs --disable-mib-loading --disable-deprecated
There are a few important options here:
- host, target, build: To be honest, I’m not exactly sure why these are the required settings for these variables, but I went through a lot of trial and error and this is what generated a working output
- enable-privacy, enable-des, enable-internal-md5: For authentication and encryption we need this. I am using “internal” MD5, hoping it will save a bit of space
- with-openssl=internal: Here’s the big one. If you need to support authentication and encryption, you will need the 1.3MB OpenSSL shared object (by setting with-openssl to yes or with no value). By setting this to “internal” you compile the required functionality into the agent and do not need to have the OpenSSL shared object present on your target
- enable-mini-agent: This seems to build less MIB support into the agent. Perhaps it does more things, but I’m not sure
You can see the help for the rest of the options by running ./configure –help. After we configured the agent we simply need to build it:
And then install it to a temporary location
make install INSTALL_PREFIX=/tmp/net-snmp-5.6.1
We then copy the following files to the target
- /tmp/net-snmp-5.6.1/usr/lib/libnetsnmp.so.25 to /usr/libs
- /tmp/net-snmp-5.6.1/usr/lib/libnetsnmpagent.so.25 to /usr/libs
- /tmp/net-snmp-5.6.1/usr/lib/libnetsnmphelpers.so.25 to /usr/libs
- /tmp/net-snmp-5.6.1/usr/lib/libnetsnmpmibs.so.25 to /usr/libs
- /tmp/net-snmp-5.6.1/usr/sbin/snmpd to /usr/sbin (and chmod +x it)
On the target, we create /usr/etc/snmp and upload an snmpd.conf file. This configuration file allows you to specify V2 communities, views, V3 users and much more. See this custom snmpd.conf i made for a simple V2/V3 example.
Now we’re ready to run the SNMP agent on the target:
All in all, this requires ~1 MB of flash. Be aware that the apps directory holds all the Net-SNMP applications (snmpget, snmpset, snmptrap, etc) – they are very small and useful (~30k).