Hi,
Please review SNMP bits for the new 'no-route' pf state insertion
failure counter. Any improvements to the MIB description? Here's
what I mean by "no target addresses were available": for instance,
with such ruleset:
table <empty> persist
pass in on vmx0 inet proto tcp to port 80 route-to <empty>
there's no target that pf can select for route-to since '<empty>'
doesn't contain any entries and therefore can't complete state
creation/insertion.
OKs?
diff --git share/snmp/OPENBSD-PF-MIB.txt share/snmp/OPENBSD-PF-MIB.txt
index ae96829..3bc2eb9 100644
--- share/snmp/OPENBSD-PF-MIB.txt
+++ share/snmp/OPENBSD-PF-MIB.txt
@@ -249,10 +249,18 @@ pfCntTranslate OBJECT-TYPE
DESCRIPTION
"The number of packets that were dropped because network address
translation was requested and no unused port was available."
::= { pfCounters 16 }
+pfCntNoRoute OBJECT-TYPE
+ SYNTAX Counter64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The number of packets that were dropped because policy based routing
+ was requested but no target addresses were available."
+ ::= { pfCounters 17 }
-- pfStateTable
pfStateCount OBJECT-TYPE
SYNTAX Unsigned32
diff --git usr.sbin/snmpd/mib.c usr.sbin/snmpd/mib.c
index 8e4d98f..c8a8fa0 100644
--- usr.sbin/snmpd/mib.c
+++ usr.sbin/snmpd/mib.c
@@ -1449,10 +1449,11 @@ static struct oid openbsd_mib[] = {
{ MIB(pfCntStateInsert), OID_RD, mib_pfcounters },
{ MIB(pfCntStateLimit), OID_RD, mib_pfcounters },
{ MIB(pfCntSrcLimit), OID_RD, mib_pfcounters },
{ MIB(pfCntSynproxy), OID_RD, mib_pfcounters },
{ MIB(pfCntTranslate), OID_RD, mib_pfcounters },
+ { MIB(pfCntNoRoute), OID_RD, mib_pfcounters },
{ MIB(pfStateCount), OID_RD, mib_pfscounters },
{ MIB(pfStateSearches), OID_RD, mib_pfscounters },
{ MIB(pfStateInserts), OID_RD, mib_pfscounters },
{ MIB(pfStateRemovals), OID_RD, mib_pfscounters },
{ MIB(pfLogIfName), OID_RD, mib_pflogif },
@@ -1705,11 +1706,12 @@ mib_pfcounters(struct oid *oid, struct ber_oid *o,
struct ber_element **elm)
{ 11, &s.counters[PFRES_BADSTATE] },
{ 12, &s.counters[PFRES_STATEINS] },
{ 13, &s.counters[PFRES_MAXSTATES] },
{ 14, &s.counters[PFRES_SRCLIMIT] },
{ 15, &s.counters[PFRES_SYNPROXY] },
- { 16, &s.counters[PFRES_TRANSLATE] }
+ { 16, &s.counters[PFRES_TRANSLATE] },
+ { 17, &s.counters[PFRES_NOROUTE] }
};
if (pf_get_stats(&s))
return (-1);
diff --git usr.sbin/snmpd/mib.h usr.sbin/snmpd/mib.h
index 4fff5ec..5e87e4d 100644
--- usr.sbin/snmpd/mib.h
+++ usr.sbin/snmpd/mib.h
@@ -488,10 +488,11 @@
#define MIB_pfCntStateInsert MIB_pfCounters, 12
#define MIB_pfCntStateLimit MIB_pfCounters, 13
#define MIB_pfCntSrcLimit MIB_pfCounters, 14
#define MIB_pfCntSynproxy MIB_pfCounters, 15
#define MIB_pfCntTranslate MIB_pfCounters, 16
+#define MIB_pfCntNoRoute MIB_pfCounters, 17
#define MIB_pfStateTable MIB_pfMIBObjects, 3
#define MIB_pfStateCount MIB_pfStateTable, 1
#define MIB_pfStateSearches MIB_pfStateTable, 2
#define MIB_pfStateInserts MIB_pfStateTable, 3
#define MIB_pfStateRemovals MIB_pfStateTable, 4
@@ -1055,10 +1056,11 @@
{ MIBDECL(pfCntStateInsert) }, \
{ MIBDECL(pfCntStateLimit) }, \
{ MIBDECL(pfCntSrcLimit) }, \
{ MIBDECL(pfCntSynproxy) }, \
{ MIBDECL(pfCntTranslate) }, \
+ { MIBDECL(pfCntNoRoute) }, \
{ MIBDECL(pfStateTable) }, \
{ MIBDECL(pfStateCount) }, \
{ MIBDECL(pfStateSearches) }, \
{ MIBDECL(pfStateInserts) }, \
{ MIBDECL(pfStateRemovals) }, \
