Re: SNMP: support new no-route pf counter

Mike Belopuhov Tue, 09 Jun 2015 10:41:43 -0700

On Tue, Jun 09, 2015 at 17:52 +0200, Mike Belopuhov wrote:
> Hi,
> 
> Please review SNMP bits for the new 'no-route' pf state insertion
> failure counter.  Any improvements to the MIB description?  Here's
> what I mean by "no target addresses were available": for instance,
> with such ruleset:
> 
>   table <empty> persist
>   pass in on vmx0 inet proto tcp to port 80 route-to <empty>
> 
> there's no target that pf can select for route-to since '<empty>'
> doesn't contain any entries and therefore can't complete state
> creation/insertion.
> 
> OKs?
>


sthen@ has pointed out that I've forgotten to change the timestamp
and add a description of changes.  Now with those bits in place.
He has also requested to run smilint and I'm happy to report that
it passes successfully.

diff --git share/snmp/OPENBSD-PF-MIB.txt share/snmp/OPENBSD-PF-MIB.txt
index ae96829..04b56c9 100644
--- share/snmp/OPENBSD-PF-MIB.txt
+++ share/snmp/OPENBSD-PF-MIB.txt
@@ -31,20 +31,22 @@ IMPORTS
        
        MODULE-COMPLIANCE, OBJECT-GROUP
                FROM SNMPv2-CONF;
 
 pfMIBObjects MODULE-IDENTITY
-    LAST-UPDATED "201308310446Z"
+    LAST-UPDATED "201506091728Z"
     ORGANIZATION "OpenBSD"
     CONTACT-INFO "
                   Author:     Joel Knight
                   email:      knight.j...@gmail.com
                   www:        http://www.packetmischief.ca/openbsd-snmp-mibs/
                  "
     DESCRIPTION "The MIB module for gathering information from
                OpenBSD's packet filter.
                 "
+    REVISION "201506091728Z"
+    DESCRIPTION "Add separate counter for failed 'route-to' applications"
     REVISION "201308310446Z"
     DESCRIPTION "Add pf(4) table byte/packet counters for 'match' rules"
     REVISION "201302242033Z"
     DESCRIPTION "Add separate counter for failed translations"
     REVISION "201201260000Z"
@@ -249,10 +251,18 @@ pfCntTranslate OBJECT-TYPE
     DESCRIPTION
        "The number of packets that were dropped because network address
         translation was requested and no unused port was available."
     ::= { pfCounters 16 }
 
+pfCntNoRoute OBJECT-TYPE
+    SYNTAX      Counter64
+    MAX-ACCESS  read-only
+    STATUS      current
+    DESCRIPTION
+       "The number of packets that were dropped because policy based routing
+        was requested but no target addresses were available."
+    ::= { pfCounters 17 }
 
 -- pfStateTable
 
 pfStateCount OBJECT-TYPE
     SYNTAX      Unsigned32
> diff --git usr.sbin/snmpd/mib.c usr.sbin/snmpd/mib.c
> index 8e4d98f..c8a8fa0 100644
> --- usr.sbin/snmpd/mib.c
> +++ usr.sbin/snmpd/mib.c
> @@ -1449,10 +1449,11 @@ static struct oid openbsd_mib[] = {
>       { MIB(pfCntStateInsert),        OID_RD, mib_pfcounters },
>       { MIB(pfCntStateLimit),         OID_RD, mib_pfcounters },
>       { MIB(pfCntSrcLimit),           OID_RD, mib_pfcounters },
>       { MIB(pfCntSynproxy),           OID_RD, mib_pfcounters },
>       { MIB(pfCntTranslate),          OID_RD, mib_pfcounters },
> +     { MIB(pfCntNoRoute),            OID_RD, mib_pfcounters },
>       { MIB(pfStateCount),            OID_RD, mib_pfscounters },
>       { MIB(pfStateSearches),         OID_RD, mib_pfscounters },
>       { MIB(pfStateInserts),          OID_RD, mib_pfscounters },
>       { MIB(pfStateRemovals),         OID_RD, mib_pfscounters },
>       { MIB(pfLogIfName),             OID_RD, mib_pflogif },
> @@ -1705,11 +1706,12 @@ mib_pfcounters(struct oid *oid, struct ber_oid *o, 
> struct ber_element **elm)
>               { 11, &s.counters[PFRES_BADSTATE] },
>               { 12, &s.counters[PFRES_STATEINS] },
>               { 13, &s.counters[PFRES_MAXSTATES] },
>               { 14, &s.counters[PFRES_SRCLIMIT] },
>               { 15, &s.counters[PFRES_SYNPROXY] },
> -             { 16, &s.counters[PFRES_TRANSLATE] }
> +             { 16, &s.counters[PFRES_TRANSLATE] },
> +             { 17, &s.counters[PFRES_NOROUTE] }
>       };
>  
>       if (pf_get_stats(&s))
>               return (-1);
>  
> diff --git usr.sbin/snmpd/mib.h usr.sbin/snmpd/mib.h
> index 4fff5ec..5e87e4d 100644
> --- usr.sbin/snmpd/mib.h
> +++ usr.sbin/snmpd/mib.h
> @@ -488,10 +488,11 @@
>  #define MIB_pfCntStateInsert         MIB_pfCounters, 12
>  #define MIB_pfCntStateLimit          MIB_pfCounters, 13
>  #define MIB_pfCntSrcLimit            MIB_pfCounters, 14
>  #define MIB_pfCntSynproxy            MIB_pfCounters, 15
>  #define MIB_pfCntTranslate           MIB_pfCounters, 16
> +#define MIB_pfCntNoRoute             MIB_pfCounters, 17
>  #define MIB_pfStateTable             MIB_pfMIBObjects, 3
>  #define MIB_pfStateCount             MIB_pfStateTable, 1
>  #define MIB_pfStateSearches          MIB_pfStateTable, 2
>  #define MIB_pfStateInserts           MIB_pfStateTable, 3
>  #define MIB_pfStateRemovals          MIB_pfStateTable, 4
> @@ -1055,10 +1056,11 @@
>       { MIBDECL(pfCntStateInsert) },                  \
>       { MIBDECL(pfCntStateLimit) },                   \
>       { MIBDECL(pfCntSrcLimit) },                     \
>       { MIBDECL(pfCntSynproxy) },                     \
>       { MIBDECL(pfCntTranslate) },                    \
> +     { MIBDECL(pfCntNoRoute) },                      \
>       { MIBDECL(pfStateTable) },                      \
>       { MIBDECL(pfStateCount) },                      \
>       { MIBDECL(pfStateSearches) },                   \
>       { MIBDECL(pfStateInserts) },                    \
>       { MIBDECL(pfStateRemovals) },                   \

Re: SNMP: support new no-route pf counter

Reply via email to