Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:130495
X-Original-To: internals@lists.php.net
Delivered-To: internals@lists.php.net
Received: from php-smtp4.php.net (php-smtp4.php.net [45.112.84.5])
	by lists.php.net (Postfix) with ESMTPS id 9A2A01A00BC
	for <internals@lists.php.net>; Mon, 30 Mar 2026 13:32:53 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=php.net; s=mail;
	t=1774877578; bh=DTkI6mvfb/tnShgtbuLIdpjsAi2DslYcjj3YtOGz5hQ=;
	h=Date:To:From:Subject:From;
	b=dMjUi+gLqm2d9dQxIrahK7LVVhMd16ICCb2rHUqNBz/74F3Me+hCaB6lAKpurQVLo
	 jMxlPvsMoeA1F30HnyrG5GIJKylo7V3hP1vE/9GIvMhDwG8FUr6tcYhWavLgv84jbc
	 SqgJoPBDBo8ZxZdMP3mCFnXOBCRrAPbsMCnSl3Mlexkn3q/cbnIZ/D+Lhitg2L318+
	 lruLmbvyKmC2CQsfbhzQHC+0A9SoLWR1ibWK6RMxJpP8U/s0iyP81qwuKTpDNqWRW5
	 nm9EasES0G2gSuGzS6FZ1F7IdXWw/Q8Xfb4U5Y/3iMPVZG16OnLnloKmtTcTR7GDqg
	 OU+/2Df82Kavg==
Received: from php-smtp4.php.net (localhost [127.0.0.1])
	by php-smtp4.php.net (Postfix) with ESMTP id EE777180042
	for <internals@lists.php.net>; Mon, 30 Mar 2026 13:32:55 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-25) on php-smtp4.php.net
X-Spam-Level: 
X-Spam-Status: No, score=0.6 required=5.0 tests=BAYES_50,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,DMARC_PASS,HTML_MESSAGE,
	SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=4.0.1
X-Spam-Virus: No
X-Envelope-From: <swilton@fluentit.au>
Received: from mail.fluentit.au (mail.fluentit.au [103.249.239.231])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
	(No client certificate requested)
	by php-smtp4.php.net (Postfix) with ESMTPS
	for <internals@lists.php.net>; Mon, 30 Mar 2026 13:32:55 +0000 (UTC)
Received: from [IPV6:2402:1b40:8001:10:cd0a:6343:ac18:b79a] (unknown [IPv6:2402:1b40:8001:10:cd0a:6343:ac18:b79a])
	(Authenticated sender: swilton@fluentit.au)
	by mail.fluentit.au (Postfix) with ESMTPSA id B3D3FCFDB1
	for <internals@lists.php.net>; Mon, 30 Mar 2026 21:32:45 +0800 (AWST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fluentit.au; s=default;
	t=1774877566;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type;
	bh=a4Toe26ALF5QYGRrfU1f/YHl/x0/cyNY+3tNdL1IeOQ=;
	b=NxE5Fl9b7ekdVCJmj1d7EOuynoRoXvUNcmvGr+W80goE/TAqUjeNE5B2qvjl4TzRR/h0KS
	hMYnT3WA2evKLWnpEYgcH4OyvCIKjWWNUXEXskTYbzy5nuEScjG9Lc0OC8fKM/0kdq6z23
	4AYtDWrDMmfflLvW0tLO0B9JFUO1G8U=
Authentication-Results: ORIGINATING;
	auth=pass smtp.auth=swilton@fluentit.au smtp.mailfrom=swilton@fluentit.au
Content-Type: multipart/alternative;
 boundary="------------E0t7yVYNu60Un0optjRjL2Pd"
Message-ID: <a6651586-87cc-49ff-a7a2-5a0ad257c6ac@fluentit.au>
Date: Mon, 30 Mar 2026 21:32:45 +0800
Precedence: list
list-help: <mailto:internals+help@lists.php.net>
list-unsubscribe: <mailto:internals+unsubscribe@lists.php.net>
list-post: <mailto:internals@lists.php.net>
List-Id: <internals.lists.php.net>
x-ms-reactions: disallow
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
To: php internals <internals@lists.php.net>
Content-Language: en-US
Subject: [PHP-DEV] [RFC] SNMP extension improvements
From: swilton@fluentit.au (Steven Wilton)

This is a multi-part message in MIME format.
--------------E0t7yVYNu60Un0optjRjL2Pd
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit

Hi,

Please find the following RFC for discussion on improving the SNMP 
extension:

https://wiki.php.net/rfc/snmp_improvements_2026

I have included 3 proposals in the RFC:

  1.  Increase the number of SNMPv3 security protocols supported
  2.  Allow the SNMP MIB to be reset
  3.  Implement more SNMP library controls for MIB parsing and output
    formatting

I would like to see the above implements in the next stable release 
after voting if accepted because all 3 items add new functionality.  
Having said this the MIB reset function is waiting on an upstream 
release of lib-snmp to fix a memory leak of about 5k per reset, so there 
may need to be some discussion around automatic MIB resets between FPM 
requests.


The first item is to allow PHP-SNMP to support AES192, AES192C, AES256, 
and AES256C as security protocols if the underlying SNMP library has 
been compiled with support.  I think this should be straightforward 
since it's just adding new options, and the extension already has 
conditional support for DES encryption, so the list of supported 
protocols is already variable depending on the compile time environment.


The second item is to add a new function to reset the SNMP MIB tree.  
This is needed because some MIBs re-define the same OID number using 
different names, and the in-memory MIB tree is global to each PHP 
process, so once a MIB is loaded it is not currently possible to change 
the definition of an OID from within the process.

I also found that there is currently no way to control the MIB directory 
search from within PHP, so I have added the MIB directory search as an 
optional parameter to the MIB reset function.

I also discovered that the because the MIB tree is global, it currently 
survives across PHP-FPM requests, so I have included code to reset the 
MIB tree as part of the request shutdown.  This will create a memory 
leak due to a bug in the net-snmp library until lib-snmp is updated with 
a yet to be released patch (PR has been accepted into the development head).


The third item is to implement more MIB parsing and value output 
controls.  This has been done by creating new functions to set mib, 
string output, and value output options, using enumerated values to 
ensure only valid options are chosen.  This matches the way that the oid 
output format is currently controlled.  It does make some functions like 
snmp_set_quick_print() and snmp_set_enum_print() redundant, but the 2 
methods can be used interchangeably.  All of the newly supported output 
options have also been added as read-write properties to the SNMP class, 
while the MIB reading options can only be controlled by the functions 
because they are global to the SNMP library.

I also discovered that the net-snmp library options are also global to 
each process, and changes to these options survive across FPM requests 
in the existing PHP codebase (e.g. calling snmp_set_enum_print(true) in 
one requests will change the setting for all future requests in that FPM 
process until a request explicitly runs snmp_set_enum_print(false)).  I 
have added code to save the state of the net-snmp library options at the 
start of a request, and then restore them at the end.  This save/restore 
is needed because the net-snmp library initialisation reads in options 
from config files, so the initial state can be altered system-wide or 
per-user config files, and this is probably the best way to ensure that 
anything that the net-snmp library is reverted back to the initial state 
at the start of each request.


This is my first RFC so please let me know if I've missed anything, 
otherwise I'm interested to hear feedback on the above proposals.

regards

Steve

--------------E0t7yVYNu60Un0optjRjL2Pd
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: 8bit

<!DOCTYPE html>
<html>
  <head>

    <meta http-equiv="content-type" content="text/html; charset=UTF-8">
  </head>
  <body>
    <p>Hi,<br>
      <br>
      Please find the following RFC for discussion on improving the SNMP
      extension:<br>
      <br>
      <a class="moz-txt-link-freetext" href="https://wiki.php.net/rfc/snmp_improvements_2026">https://wiki.php.net/rfc/snmp_improvements_2026</a><br>
    </p>
    <p>I have included 3 proposals in the RFC:<br>
    </p>
    <ol>
      <li> Increase the number of SNMPv3 security protocols supported</li>
      <li> Allow the SNMP MIB to be reset</li>
      <li> Implement more SNMP library controls for MIB parsing and
        output formatting</li>
    </ol>
    <p>I would like to see the above implements in the next stable
      release after voting if accepted because all 3 items add new
      functionality.  Having said this the MIB reset function is waiting
      on an upstream release of lib-snmp to fix a memory leak of about
      5k per reset, so there may need to be some discussion around
      automatic MIB resets between FPM requests.</p>
    <p></p>
    <p><br>
    </p>
    <p>The first item is to allow PHP-SNMP to support AES192, AES192C,
      AES256, and AES256C as security protocols if the underlying SNMP
      library has been compiled with support.  I think this should be
      straightforward since it's just adding new options, and the
      extension already has conditional support for DES encryption, so
      the list of supported protocols is already variable depending on
      the compile time environment.</p>
    <p><br>
    </p>
    <p>The second item is to add a new function to reset the SNMP MIB
      tree.  This is needed because some MIBs re-define the same OID
      number using different names, and the in-memory MIB tree is global
      to each PHP process, so once a MIB is loaded it is not currently
      possible to change the definition of an OID from within the
      process.</p>
    <p>I also found that there is currently no way to control the MIB
      directory search from within PHP, so I have added the MIB
      directory search as an optional parameter to the MIB reset
      function.</p>
    <p>I also discovered that the because the MIB tree is global, it
      currently survives across PHP-FPM requests, so I have included
      code to reset the MIB tree as part of the request shutdown.  This
      will create a memory leak due to a bug in the net-snmp library
      until lib-snmp is updated with a yet to be released patch (PR has
      been accepted into the development head).</p>
    <p><br>
    </p>
    <p>The third item is to implement more MIB parsing and value output
      controls.  This has been done by creating new functions to set
      mib, string output, and value output options, using enumerated
      values to ensure only valid options are chosen.  This matches the
      way that the oid output format is currently controlled.  It does
      make some functions like snmp_set_quick_print() and
      snmp_set_enum_print() redundant, but the 2 methods can be used
      interchangeably.  All of the newly supported output options have
      also been added as read-write properties to the SNMP class, while
      the MIB reading options can only be controlled by the functions
      because they are global to the SNMP library.</p>
    <p>I also discovered that the net-snmp library options are also
      global to each process, and changes to these options survive
      across FPM requests in the existing PHP codebase (e.g. calling
      snmp_set_enum_print(true) in one requests will change the setting
      for all future requests in that FPM process until a request
      explicitly runs snmp_set_enum_print(false)).  I have added code to
      save the state of the net-snmp library options at the start of a
      request, and then restore them at the end.  This save/restore is
      needed because the net-snmp library initialisation reads in
      options from config files, so the initial state can be altered
      system-wide or per-user config files, and this is probably the
      best way to ensure that anything that the net-snmp library is
      reverted back to the initial state at the start of each request.</p>
    <p><br>
    </p>
    <p>This is my first RFC so please let me know if I've missed
      anything, otherwise I'm interested to hear feedback on the above
      proposals.</p>
    <p>regards</p>
    <p>Steve</p>
  </body>
</html>

--------------E0t7yVYNu60Un0optjRjL2Pd--