netsnmp 0.0.2 → 0.1.0

data/lib/netsnmp/pdu.rb

@@ -1,50 +1,87 @@
+# frozen_string_literal: true
 require 'forwardable'
 module NETSNMP
   # Abstracts the PDU base structure into a ruby object. It gives access to its varbinds.
   #
   class PDU
-    extend Forwardable 
-
-    Error = Class.new(Error)
+    MAXREQUESTID=2147483647
     class << self
+
+      def decode(der)
+        asn_tree = case der
+        when String
+          OpenSSL::ASN1.decode(der)
+        when OpenSSL::ASN1::ASN1Data
+          der
+        else
+          raise "#{der}: unexpected data"
+        end
+
+        *headers, request = asn_tree.value
+
+        version, community = headers.map(&:value)
+
+        type = request.tag
+
+        *request_headers, varbinds = request.value
+
+        request_id, error_status, error_index  = request_headers.map(&:value).map(&:to_i)
+
+        varbs = varbinds.value.map do |varbind|
+          oid_asn, val_asn  = varbind.value
+          oid = oid_asn.value
+          { oid: oid, value: val_asn }
+        end
+
+        new(type: type, headers: [version, community],
+                        error_status: error_status,
+                        error_index: error_index,
+                        request_id: request_id, 
+                        varbinds: varbs)
+      end
+
       # factory method that abstracts initialization of the pdu types that the library supports.
       # 
       # @param [Symbol] type the type of pdu structure to build
-      # @return [RequestPDU] a fully-formed request pdu
       # 
-      def build(type, *args)
-        case type
-          when :get       then RequestPDU.new(Core::Constants::SNMP_MSG_GET, *args)
-          when :getnext   then RequestPDU.new(Core::Constants::SNMP_MSG_GETNEXT, *args)
-          when :getbulk   then RequestPDU.new(Core::Constants::SNMP_MSG_GETBULK, *args)
-          when :set       then RequestPDU.new(Core::Constants::SNMP_MSG_SET, *args)
-          when :response  then ResponsePDU.new(Core::Constants::SNMP_MSG_RESPONSE, *args)
+      def build(type, **args)
+        typ = case type
+          when :get       then 0
+          when :getnext   then 1
+#          when :getbulk   then 5
+          when :set       then 3
+          when :response  then 2
           else raise Error, "#{type} is not supported as type"
         end
+        new(args.merge(type: typ))
       end
     end
 
-    attr_reader :struct, :varbinds
+    attr_reader :varbinds, :type
 
-    def_delegators :@struct, :[], :[]=, :pointer
+    attr_reader :version, :community, :request_id
 
-    # @param [FFI::Pointer] the pointer to the initialized structure
-    #
-    def initialize(pointer)
-      @struct = Core::Structures::PDU.new(pointer)
+    def initialize(type: , headers: , 
+                           request_id: nil, 
+                           error_status: 0,
+                           error_index: 0,
+                           varbinds: [])
+      @version, @community = headers
+      @version = @version.to_i
+      @error_status = error_status
+      @error_index  = error_index
+      @type = type
       @varbinds = []
+      varbinds.each do |varbind|
+        add_varbind(varbind)
+      end
+      @request_id = request_id || SecureRandom.random_number(MAXREQUESTID)
+      check_error_status(@error_status)
     end
 
 
-  end
-
-  # Abstracts the request PDU
-  # Main characteristic is that it has a write-only API, in that you can add varbinds to it.
-  #
-  class RequestPDU < PDU
-    def initialize(type)
-      pointer = Core::LibSNMP.snmp_pdu_create(type)
-      super(pointer)
+    def to_der
+      to_asn.to_der
     end
 
     # Adds a request varbind to the pdu
@@ -52,54 +89,59 @@ module NETSNMP
     # @param [OID] oid a valid oid
     # @param [Hash] options additional request varbind options
     # @option options [Object] :value the value for the oid
-    def add_varbind(oid, **options)
-      @varbinds << RequestVarbind.new(self, oid, options[:value], options)
+    def add_varbind(oid: , **options)
+      @varbinds << Varbind.new(oid, **options)
     end
     alias_method :<<, :add_varbind
-  end
 
-  # Abstracts the response PDU
-  # Main characteristic is: it reads the values on initialization (because the response structure
-  # is at some point free'd). It is therefore a read-only entity
-  #
-  class ResponsePDU < PDU
 
-    # @param [FFI::Pointer] the pointer to the response pdu structure
-    #
-    # @note it loads the variable as well.
-    # 
-    def initialize(pointer)
-      super
-      load_variables
-    end
+    def to_asn
+      request_id_asn = OpenSSL::ASN1::Integer.new( @request_id )
+      error_asn = OpenSSL::ASN1::Integer.new( @error_status )
+      error_index_asn = OpenSSL::ASN1::Integer.new( @error_index )
 
-    # @return [String] the concatenation of the varbind values (usually, it's only one)
-    # 
-    def value
-      case @varbinds.size
-        when 0 then nil
-        when 1 then @varbinds.first.value
-        else 
-          # assume that they're all strings
-          @varbinds.map(&:value).join(' ')
-      end  
+      varbind_asns = OpenSSL::ASN1::Sequence.new( @varbinds.map(&:to_asn) )
+
+      request_asn = OpenSSL::ASN1::ASN1Data.new( [request_id_asn,
+                                                  error_asn, error_index_asn,
+                                                  varbind_asns], @type,
+                                                  :CONTEXT_SPECIFIC )
+
+      OpenSSL::ASN1::Sequence.new( [ *encode_headers_asn, request_asn ] )
     end
 
     private
 
-    # loads the C-level structure variables into ruby ResponseVarbind objects, 
-    # and store them as state in {{@varbinds}} 
-    def load_variables
-      variable = @struct[:variables]
-      unless variable.null?
-        @varbinds << ResponseVarbind.new(variable)
-        variable = Core::Structures::VariableList.new(variable)
-        while( !(variable = variable[:next_variable]).null? )
-          variable = Core::Structures::VariableList.new(variable)
-          @varbinds << ResponseVarbind.new(variable.pointer)
-        end
-      end
+    def encode_headers_asn
+      [ OpenSSL::ASN1::Integer.new( @version ),
+        OpenSSL::ASN1::OctetString.new( @community ) ]
     end
 
+
+    # http://www.tcpipguide.com/free/t_SNMPVersion2SNMPv2MessageFormats-5.htm#Table_219
+    def check_error_status(status)
+      return if status == 0
+      message = case status
+        when 1 then "Response-PDU too big"
+        when 2 then "No such name"
+        when 3 then "Bad value"
+        when 4 then "Read Only"
+        when 5 then "General Error"
+        when 6 then "Access denied"
+        when 7 then "Wrong type"
+        when 8 then "Wrong length"
+        when 9 then "Wrong encoding"
+        when 10 then "Wrong value"
+        when 11 then "No creation"
+        when 12 then "Inconsistent value"
+        when 13 then "Resource unavailable"
+        when 14 then "Commit failed"
+        when 15 then "Undo Failed"
+        when 16 then "Authorization Error"
+        when 17 then "Not Writable"
+        when 18 then "Inconsistent Name"
+      end
+      raise Error, message
+    end
   end
 end

data/lib/netsnmp/scoped_pdu.rb

@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+module NETSNMP
+  class ScopedPDU < PDU
+
+
+    attr_reader :engine_id
+
+    def initialize(type: , headers:,
+                           request_id: nil,
+                           error_status: 0,
+                           error_index: 0,
+                           varbinds: [])
+      @engine_id, @context = headers
+      super(type: type, headers: [3, nil], request_id: request_id, varbinds: varbinds)
+    end
+
+    def encode_headers_asn
+      [ OpenSSL::ASN1::OctetString.new(@engine_id || ""),
+        OpenSSL::ASN1::OctetString.new(@context   || "") ] 
+    end 
+
+  end
+end

data/lib/netsnmp/security_parameters.rb

@@ -0,0 +1,198 @@
+# frozen_string_literal: true
+module NETSNMP
+  # This module encapsulates the public API for encrypting/decrypting and signing/verifying.
+  # 
+  # It doesn't interact with other layers from the library, rather it is used and passed all 
+  # the arguments (consisting mostly of primitive types).
+  # It also provides validation of the security options passed with a client is initialized in v3 mode.
+  class SecurityParameters
+    using StringExtensions
+
+    IPAD = "\x36" * 64
+    OPAD = "\x5c" * 64
+
+    attr_reader :security_level, :username
+    attr_accessor :engine_id
+
+    # @param [String] username the snmp v3 username
+    # @param [String] engine_id the device engine id (initialized to '' for report)
+    # @param [Symbol, integer] security_level allowed snmp v3 security level (:auth_priv, :auh_no_priv, etc)
+    # @param [Symbol, nil] auth_protocol a supported authentication protocol (currently supported: :md5, :sha)
+    # @param [Symbol, nil] priv_protocol a supported privacy protocol (currently supported: :des, :aes)
+    # @param [String, nil] auth_password the authentication password
+    # @param [String, nil] priv_password the privacy password
+    #
+    # @note if security level is set to :no_auth_no_priv, all other parameters are optional; if
+    #   :auth_no_priv, :auth_protocol will be coerced to :md5 (if not explicitly set), and :auth_password is
+    #   mandatory; if :auth_priv, the sentence before applies, and :priv_protocol will be coerced to :des (if
+    #   not explicitly set), and :priv_password becomes mandatory.
+    #
+    def initialize(
+                   username: , 
+                   engine_id: "",
+                   security_level: nil, 
+                   auth_protocol: nil, 
+                   auth_password: nil, 
+                   priv_protocol: nil, 
+                   priv_password: nil)
+      @security_level = security_level
+      @username = username
+      @engine_id = engine_id
+      @auth_protocol = auth_protocol.to_sym unless auth_protocol.nil?
+      @priv_protocol = priv_protocol.to_sym unless priv_protocol.nil?
+      @auth_password = auth_password
+      @priv_password = priv_password
+      check_parameters
+      @auth_pass_key = passkey(@auth_password) unless @auth_password.nil?
+      @priv_pass_key = passkey(@priv_password) unless @priv_password.nil?
+    end
+
+
+    # @param [#to_asn, #to_der] pdu the pdu to encode (must quack like a asn1 type)
+    # @param [String] salt the salt to use
+    # @param [Integer] engine_time the reported engine time
+    # @param [Integer] engine_boots the reported boots time
+    # 
+    # @return [Array] a pair, where the first argument in the asn structure with the encoded pdu, 
+    #    and the second is the calculated salt (if it has been encrypted)
+    def encode(pdu, salt: , engine_time: , engine_boots: )
+      if encryption
+        encrypted_pdu, salt = encryption.encrypt(pdu.to_der, engine_boots: engine_boots, 
+                                                             engine_time: engine_time)
+        [OpenSSL::ASN1::OctetString.new(encrypted_pdu), OpenSSL::ASN1::OctetString.new(salt) ]
+      else
+        [ pdu.to_asn, salt ]
+      end
+    end
+
+    # @param [String] der the encoded der to be decoded
+    # @param [String] salt the salt from the incoming der
+    # @param [Integer] engine_time the reported engine time
+    # @param [Integer] engine_boots the reported engine boots
+    def decode(der, salt: , engine_time: , engine_boots: )
+      asn = OpenSSL::ASN1.decode(der)
+      if encryption
+        encrypted_pdu = asn.value
+        pdu_der = encryption.decrypt(encrypted_pdu, salt: salt, engine_time: engine_time, engine_boots: engine_boots)
+        OpenSSL::ASN1.decode(pdu_der)      
+      else
+        asn
+      end
+    end
+
+    # @param [String] message the already encoded snmp v3 message
+    # @return [String] the digest signature of the message payload
+    #
+    # @note this method is used in the process of authenticating a message
+    def sign(message)
+      # don't sign unless you have to
+      return nil if not @auth_protocol
+
+      key = auth_key.dup
+
+      key << "\x00" * (@auth_protocol == :md5 ? 48 : 44)
+      k1 = key.xor(IPAD)
+      k2 = key.xor(OPAD)
+
+      digest.reset
+      digest << ( k1 + message )
+      d1 = digest.digest
+
+      digest.reset
+      digest << ( k2 + d1 )
+      digest.digest[0,12]
+    end
+
+    # @param [String] stream the encoded incoming payload
+    # @param [String] salt the incoming payload''s salt
+    #
+    # @raise [NETSMP::Error] if the message's integration has been violated 
+    def verify(stream, salt)
+      return if @security_level < 1
+      verisalt = sign(stream)
+      raise Error, "invalid message authentication salt" unless verisalt == salt
+    end
+
+    private
+
+    def auth_key
+      @auth_key ||= localize_key(@auth_pass_key)
+    end
+
+    def priv_key
+      @priv_key ||= localize_key(@priv_pass_key)
+    end
+
+    def check_parameters
+      @security_level = case @security_level
+        when Integer then @security_level
+        when /no_?auth/         then 0
+        when /auth_?no_?priv/   then 1
+        when /auth_?priv/, nil  then 3
+        else
+          raise Error, "security level not supported: #{@security_level}"
+      end
+
+      if @security_level > 0
+        @auth_protocol ||= :md5 # this is the default
+        raise "security level requires an auth password" if @auth_password.nil?
+        raise "auth password must have between 8 to 32 characters" if not (8..32).include?(@auth_password.length)
+      end
+      if @security_level > 1
+        @priv_protocol ||= :des
+        raise "security level requires a priv password" if @priv_password.nil?
+        raise "priv password must have between 8 to 32 characters" if not (8..32).include?(@priv_password.length)
+      end
+    end
+
+    def localize_key(key)
+
+      digest.reset
+      digest << key
+      digest << @engine_id 
+      digest << key
+
+      digest.digest
+    end
+
+    def passkey(password)
+
+      digest.reset
+      password_index = 0
+
+      buffer = String.new
+      password_length = password.length
+      while password_index < 1048576
+        initial = password_index % password_length
+        rotated = password[initial..-1] + password[0,initial]
+        buffer = rotated * (64 / rotated.length) + rotated[0, 64 % rotated.length]
+        password_index += 64
+        digest << buffer
+        buffer.clear
+      end
+
+      dig = digest.digest
+      dig = dig[0,16] if @auth_protocol == :md5
+      dig
+    end
+
+    def digest 
+      @digest ||= case @auth_protocol
+      when :md5 then OpenSSL::Digest::MD5.new
+      when :sha then OpenSSL::Digest::SHA1.new
+      else 
+        raise Error, "unsupported auth protocol: #{@auth_protocol}"
+      end
+    end
+
+    def encryption
+      @encryption ||= case @priv_protocol
+      when :des
+        Encryption::DES.new(priv_key)
+      when :aes
+        Encryption::AES.new(priv_key)
+      end
+    end
+
+  end
+end

data/lib/netsnmp/session.rb

@@ -1,317 +1,126 @@
+# frozen_string_literal: true
 module NETSNMP
-  # The Entity abstracts the C net-snmp session, and the lifecycle steps.
+  # Let's just remind that there is no session in snmp, this is just an abstraction. 
   # 
-  # For example, a session must be initialized (memory allocated) and opened 
-  # (authentication, encryption, signature)
-  #
-  # The session uses the signature to send and receive PDUs. They are built somewhere else.
-  # 
-  # After the session is established, a socket handle is read from the structure. This will
-  # be later used for non-blocking behaviour. It's important to notice, there is no
-  # usage of the C net-snmp sync API, we always do async send/response, even if the 
-  # ruby API "feels" blocking. This was done so that the GIL can be released between
-  # sends and receives, and the load can be shared through different threads possibly. 
-  # As we use the session abstraction, this means we ONLY use the thread-safe API. 
-  #
   class Session
+    TIMEOUT = 2
 
-    attr_reader :host, :signature
-
-    # @param [String] host the host IP/hostname
     # @param [Hash] opts the options set 
-    # 
-    def initialize(host, opts)
-      @host = host
-      # this is because other evented clients might discover IP first, but hostnames
-      # give you better trackability of errors. Give the opportunity to the users to
-      # pass it, by setting the hostname explicitly. If not, fallback to the host. 
-      @hostname = opts.fetch(:hostname, @host)
-      @options = opts
-      @logged_at = nil
-      @request = nil
-      # For now, let's eager load the signature
-      @signature = build_signature(@options)
-      if @signature.null?
-        raise ConnectionFailed, "could not build signature for #@hostname"
-      end
-      @requests ||= {}
-    end
-
-    # TODO: do we need this?
-    def reachable?
-      !!transport
+    def initialize(version: 1, community: "public", **options)
+      @version   = 1
+      @community = community
+      validate(options)
     end
 
     # Closes the session
     def close
-      return unless @signature
-      if @transport
-        transport.close rescue nil
-      end
-      if Core::LibSNMP.snmp_sess_close(@signature) == 0
-        raise Error, "#@hostname: Couldn't clean up session properly"
-      end
-    end
-
-    # sends a request PDU and waits for the response
-    # 
-    # @param [RequestPDU] pdu a request pdu
-    # @param [Hash] opts additional options
-    # @option opts [true, false] :async if true, it doesn't wait for response (defaults to false)
-    def send(pdu, **opts)
-      write(pdu)
-      read
-    end
-
-    private
-
-    LoggedInTimeout = Class.new(Timeout::Error)
-    def try_login
-      return yield unless @logged_at.nil?
-
-      begin
-        # problem for snmp is, there is no login process.
-        # signature is sent on first packet. As we are not using the synch interface, this will not
-        # be handled by the core library. Which sucks. But even core library would just retry and timeout
-        # at some point.
-        # we do something similar: before any PDU succeeds, after first PDU is async-sent, we wait for reads, but we can't block. If 
-        # the socket hasn't anything to read, we can assume it was the wrong USERNAME (?).
-        # TODO: research if this is true. 
-        Timeout.timeout(@timeout, LoggedInTimeout) do
-          yield
-        end
-      rescue LoggedInTimeout
-        raise ConnectionFailed, "failed to login to #@hostname"
-      end
+      # if the transport came as an argument,
+      # then let the outer realm care for its lifecycle
+      @transport.close unless @proxy
     end
 
-    def transport
-      @transport ||= fetch_transport
+    # @param [Symbol] type the type of PDU (:get, :set, :getnext)
+    # @param [Array<Hashes>] vars collection of options to generate varbinds (see {NETSMP::Varbind.new} for all the possible options)
+    #
+    # @return [NETSNMP::PDU] a pdu
+    #
+    def build_pdu(type, *vars)
+      PDU.build(type, headers: [ @version, @community ], varbinds: vars)
     end
 
-    def write(pdu)
-      wait_writable
-      async_send(pdu)
+    # send a pdu, receives a pdu
+    #
+    # @param [NETSNMP::PDU, #to_der] an encodable request pdu
+    #
+    # @return [NETSNMP::PDU] the response pdu
+    #
+    def send(pdu)
+      encoded_request = encode(pdu) 
+      encoded_response = @transport.send(encoded_request)
+      decode(encoded_response)
     end
 
-    def async_send(pdu)
-      if ( @reqid = Core::LibSNMP.snmp_sess_async_send(@signature, pdu.pointer, session_callback, nil) ) == 0
-        # it's interesting, pdu's are only fred if the async send is successful... netsnmp 1 - me 0
-        Core::LibSNMP.snmp_free_pdu(pdu.pointer)
-        # if it's the first time we're passing here and send fails, we can (?) assume that
-        # AUTH_PASSWORD is wrong
-        if @logged_at.nil?
-          raise ConnectionFailed, "failed to login to #@hostname"
-        else
-          raise SendError, "#@hostname: Failed to send pdu"
-        end
-      end
-    end
-
-    def read
-      receive # trigger callback ahead of time and wait for it
-      # Sounds a bit unreasonable, but only after we arrived here we know for sure that the credentials are proper.
-      # So we can set this variable, so further errors can be safely ignored.
-      @logged_at ||= Time.now
-      handle_response
-    end
-
-    def handle_response
-      operation, response_pdu = @requests.delete(@reqid)
-      case operation
-        when :success
-          response_pdu
-        when :send_failed
-          raise ReceiveError, "#@hostname: Failed to receive pdu"
-        when :timeout
-          raise Timeout::Error, "#@hostname: timed out while waiting for pdu response"
-        else
-          raise Error, "#@hostname: unrecognized operation for request #{@reqid}: #{operation} for #{response_pdu}"
-      end
-    end
+    private
 
-    def receive
-      readers, _ = try_login { wait_readable }
-      case readers.size
-        when 1..Float::INFINITY
-          # triggers callback
-          async_read
-        when 0
-          Core::LibSNMP.snmp_sess_timeout(@signature)
-        else
-          raise ReceiveError, "#@hostname: error receiving data"
+    def validate(**options)
+      proxy = options[:proxy]
+      if proxy
+        @proxy = true
+        @transport = proxy 
+      else
+        host, port = options.values_at(:host, :port)
+        raise "you must provide an hostname/ip under :host" unless host
+        port ||= 161 # default snmp port
+        @transport = Transport.new(host, port.to_i, timeout: options.fetch(:timeout, TIMEOUT))
       end
-    end
-    
-    def async_read
-      if Core::LibSNMP.snmp_sess_read(@signature, get_selectable_sockets.pointer) != 0
-        # if it's the first time we're passing here and send fails, we can (?) assume that
-        # PRIV_PASSWORD is wrong
-        if @logged_at.nil?
-          raise ConnectionFailed, "failed to login to #@hostname"
+      @version = case @version
+        when Integer then @version # assume the use know what he's doing
+        when /v?1/ then 0 
+        when /v?2c?/ then 1 
+        when /v?3/ then 3
         else
-          raise ReceiveError, "#@hostname: Failed to receive pdu response"
-        end
+          raise "unsupported snmp version (#{@version})"
       end
     end
 
-    def timeout
-      Core::LibSNMP.snmp_sess_timeout(@signature)
-    end
-
-    def wait_writable
-      IO.select([],[transport])
-    end
 
-    def wait_readable
-      IO.select([transport])
+    def encode(pdu)
+      pdu.to_der
     end
 
-    def get_selectable_sockets
-      fdset = Core::C::FDSet.new
-      fdset.clear
-      num_fds = FFI::MemoryPointer.new(:int)
-      tv_sec = 0
-      tv_usec = 0
-      tval = Core::C::Timeval.new
-      tval[:tv_sec] = tv_sec
-      tval[:tv_usec] = tv_usec
-      block = FFI::MemoryPointer.new(:int)
-      block.write_int(0)
-      Core::LibSNMP.snmp_sess_select_info(@signature, num_fds, fdset.pointer, tval.pointer, block )
-      fdset
+    def decode(stream)
+      PDU.decode(stream)
     end
 
+    class Transport
+      MAXPDUSIZE = 0xffff + 1
 
-    # @param [Core::Structures::Session] session the snmp session structure
-    # @param [Hash] options session options with authorization parameters
-    # @option options [String] :version the snmp protocol version (if < 3, forget the rest)
-    # @option options [Integer, nil] :security_level the SNMP security level (defaults to authPriv)
-    # @option options [Symbol, nil] :auth_protocol the authorization protocol (ex: :md5, :sha1)
-    # @option options [Symbol, nil] :priv_protocol the privacy protocol (ex: :aes, :des)
-    # @option options [String, nil] :context the authoritative context 
-    # @option options [String] :version the snmp protocol version (defaults to 3, if not 3, you actually don't need the rest)
-    # @option options [String] :username the username to login with
-    # @option options [String] :auth_password the authorization password
-    # @option options [String] :priv_password the privacy password
-    def session_authorization(session, options)
-      # we support version 3 by default      
-      session[:version] = case options[:version]
-        when /v?1/ then  Core::Constants::SNMP_VERSION_1
-        when /v?2c?/ then  Core::Constants::SNMP_VERSION_2c
-        when /v?3/, nil then Core::Constants::SNMP_VERSION_3
+      def initialize(host, port, timeout: )
+        @socket = UDPSocket.new
+        @socket.connect( host, port )
+        @timeout = timeout
       end
-      return unless session[:version] == Core::Constants::SNMP_VERSION_3 
 
-
-      session[:securityAuthProtoLen] = 10
-      session[:securityAuthKeyLen] = Core::Constants::USM_AUTH_KU_LEN
-      session[:securityPrivProtoLen] = 10
-      session[:securityPrivKeyLen] = Core::Constants::USM_PRIV_KU_LEN
-
-      # Security Authorization
-      session[:securityLevel] =  case options[:security_level] 
-        when /noauth/         then Core::Constants::SNMP_SEC_LEVEL_NOAUTH
-        when /auth_?no_?priv/ then Core::Constants::SNMP_SEC_LEVEL_AUTHNOPRIV
-        when /auth_?priv/     then Core::Constants::SNMP_SEC_LEVEL_AUTHPRIV 
-        when Integer
-          options[:security_level]
-        else Core::Constants::SNMP_SEC_LEVEL_AUTHPRIV
-      end
-
-      auth_protocol_oid = case options[:auth_protocol]
-        when :md5   then MD5OID.new
-        when :sha1  then SHA1OID.new
-        when nil    then NoAuthOID.new
-        else raise Error, "#@hostname: #{options[:auth_protocol]} is an unsupported authorization protocol"
+      def close 
+        @socket.close
       end
 
-       # Priv Protocol
-      priv_protocol_oid = case options[:priv_protocol]
-        when :aes then AESOID.new 
-        when :des then DESOID.new
-        when nil  then NoPrivOID.new
-        else raise Error, "#@hostname: #{options[:priv_protocol]} is an unsupported privacy protocol"
+      def send(payload)
+        write(payload)
+        recv
       end
-   
-      user, auth_pass, priv_pass = options.values_at(:username, :auth_password, :priv_password)
-      auth_protocol_oid.generate_key(session, user, auth_pass)
-      priv_protocol_oid.generate_key(session, user, priv_pass )
 
-      if options[:context]
-        session[:contextName] = FFI::MemoryPointer.from_string(options[:context])
-        session[:contextNameLen] = options[:context].length
+      def write(payload)
+        perform_io do
+          @socket.send(payload, 0)
+        end
       end
 
-
-    end
-
-
-    # @param [Hash] options options to open the net-snmp session
-    # @option options [String] :community the snmp community string (defaults to public)
-    # @option options [Integer] :timeout number of sec until first timeout
-    # @option options [Integer] :retries number of retries before timeout
-    # @return [FFI::Pointer] a pointer to the validated session signature, which will therefore be used in all _sess_ methods from libnetsnmp
-    def build_signature(options)
-      # allocate new session
-      session = Core::Structures::Session.new(nil)
-      Core::LibSNMP.snmp_sess_init(session.pointer)
-
-      # initialize session
-      if options[:community]
-        community = options[:community]
-        session[:community] = FFI::MemoryPointer.from_string(community)
-        session[:community_len] = community.length
+      def recv(bytesize=MAXPDUSIZE)
+        perform_io do
+          datagram, _ = @socket.recvfrom_nonblock(bytesize)
+          datagram
+        end
       end
-      
-      peername = host
-      unless peername[':']
-        port = options[:port] || '161'.freeze
-        peername = "#{peername}:#{port}"
-      end 
-      
-      session[:peername] = FFI::MemoryPointer.from_string(peername)
-
-      @timeout = options[:timeout] || 10
-      session[:timeout] = @timeout * 1000000
-      session[:retries] = options[:retries] || 5
-      session_authorization(session, options)
-      Core::LibSNMP.snmp_sess_open(session.pointer)
-    end
 
-    def fetch_transport
-      return unless @signature
-      list = Core::Structures::SessionList.new @signature
-      return if not list or list.pointer.null?
-      t = Core::Structures::Transport.new list[:transport]
-      IO.new(t[:sock]) 
-    end
-
-    # @param [Core::Structures::Session] session the snmp session structure
-    def session_callback
-      @callback ||= FFI::Function.new(:int, [:int, :pointer, :int, :pointer, :pointer]) do |operation, session, reqid, pdu_ptr, magic|
-        op = case operation
-          when Core::Constants::NETSNMP_CALLBACK_OP_RECEIVED_MESSAGE then :success
-          when Core::Constants::NETSNMP_CALLBACK_OP_TIMED_OUT then :timeout
-          when Core::Constants::NETSNMP_CALLBACK_OP_SEND_FAILED then :send_failed
-          when Core::Constants::NETSNMP_CALLBACK_OP_CONNECT then :connect
-          when Core::Constants::NETSNMP_CALLBACK_OP_DISCONNECT then :disconnect
-          else :unrecognized_operation 
+      private
+
+      def perform_io
+        loop do
+          begin
+            return yield
+          rescue IO::WaitReadable
+            wait(:wait_readable)
+          rescue IO::WaitWritable
+            wait(:wait_writable)
+          end
         end
+      end
 
-
-        # TODO: pass exception in case of failure
-
-        response_pdu = ResponsePDU.new(pdu_ptr)
-        @requests[@reqid] = [op, response_pdu]
-        if reqid == @reqid
-          # probably pass the result as a yield from a fiber
-          op.eql?(:unrecognized_operation) ? 0 : 1
-        else  
-          # this is happening when user is unknown(????)
-          #puts "wow, unexpected #{op}.... #{reqid} different than #{@reqid}"
-          0
-        end
+      def wait(mode)
+        unless @socket.__send__(mode, @timeout)
+          raise Timeout::Error, "Timeout after #{@timeout} seconds"
+        end   
       end
 
     end