Macro substitution

Many configuration options may refer to macros that get expanded in the context of running request. That let you make your configuration more compact and dynamic.

The syntax of a macro reference resembles bash variable syntax: dollar sign followed by macro name in braces e.g. ${name}.

System macros

config-dir

Gets expanded to the directory component of snmpresponderd process configuration file.

Example:

example-plugin {
  plugin-module: rewrite
  plugin-options: config=${config-dir}/plugins/example.conf

  plugin-id: example
}

SNMP macros

These macros get expanded into a value coming from SNMP message being processed.

snmp-engine-id

SNMP Engine ID value from incoming SNMP request. Should match the snmp-engine-id configured to the SNMP engine instance serving this request.

snmp-transport-domain

Object Identifier matching the snmp-transport-domain value through which current SNMP request was received.

snmp-peer-address

Network address (IPv4/IPv6) from which SNMP message has been received.

snmp-peer-port

Network port number (UDP) from which SNMP message has been received.

snmp-bind-address

Network address (IPv4/IPv6) at which SNMP message has been received. Matches snmp-bind-address configured to the SNMP engine instance serving this request.

snmp-bind-port

Network port number (UDP) at which SNMP message has been received. Matches snmp-bind-address configured to the SNMP engine instance serving this request.

snmp-security-model

SNMP Security Model value from incoming SNMP request. Should match the snmp-security-model configured to the SNMP engine instance serving this request.

snmp-security-level

SNMP Security Level value from incoming SNMP request. Should match the snmp-security-level configured to the SNMP engine instance serving this request.

snmp-security-name

SNMP Security Name value from incoming SNMP request. Should match the snmp-security-name configured to the SNMP engine instance serving this request.

snmp-security-engine-id

SNMP Security Engine ID value from incoming SNMP request.

snmp-context-engine-id

SNMP Context Engine ID value from incoming SNMP request. Should match the snmp-context-id configured to the SNMP engine instance serving this request.

snmp-context-name

SNMP Context Name value from incoming SNMP request. Should match the snmp-context-name configured to the SNMP engine instance serving this request.

Examples

Transparent SNMP proxy configuration implies sending packets spoofing original network addresses. The spoofing part can be captured by configuring a macro:

snmp-credentials {
    # send from source address of original SNMP request
    snmp-bind-address: ${snmp-peer-address}
    snmp-peer-address: 104.236.166.95:161

    snmp-peer-id: snmplabs-v3-original-source

    ... the rest of SNMP options
}

Warning

For spoofing to succeed snmp-transport-domain types should belong to the same address family e.g. UDP/IPv4 or UDP/IPv6.