Just before lock mbuhl pointed out a new limit placed in pf, not
exported yet over snmp. Here's a diff to add support for
PF_LIMIT_ANCHORS.
the OPENBSD-PF-MIB.txt DESCRIPTION is adapted from pfLimitMaxTables.
The snmp{,d} parts are there just for pretty printing.
OK?
martijn@
Index: share/snmp/OPENBSD-PF-MIB.txt
===================================================================
RCS file: /cvs/src/share/snmp/OPENBSD-PF-MIB.txt,v
retrieving revision 1.7
diff -u -p -r1.7 OPENBSD-PF-MIB.txt
--- share/snmp/OPENBSD-PF-MIB.txt 23 Mar 2021 19:37:51 -0000 1.7
+++ share/snmp/OPENBSD-PF-MIB.txt 6 Oct 2022 16:14:32 -0000
@@ -493,6 +493,14 @@ pfLimitMaxTableEntries OBJECT-TYPE
tables."
::= { pfLimits 5 }
+pfLimitAnchors OBJECT-TYPE
+ SYNTAX Unsigned32
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "The maximum number of anchors that can be created as part of the
+ active ruleset."
+ ::= { pfLimits 6 }
-- pfTimeouts
Index: usr.bin/snmp/mib.h
===================================================================
RCS file: /cvs/src/usr.bin/snmp/mib.h,v
retrieving revision 1.10
diff -u -p -r1.10 mib.h
--- usr.bin/snmp/mib.h 23 Mar 2021 22:05:21 -0000 1.10
+++ usr.bin/snmp/mib.h 6 Oct 2022 16:14:32 -0000
@@ -580,6 +580,7 @@
#define MIB_pfLimitFragments MIB_pfLimits, 3
#define MIB_pfLimitMaxTables MIB_pfLimits, 4
#define MIB_pfLimitMaxTableEntries MIB_pfLimits, 5
+#define MIB_pfLimitAnchors MIB_pfLimits, 6
#define MIB_pfTimeouts MIB_pfMIBObjects, 7
#define MIB_pfTimeoutTcpFirst MIB_pfTimeouts, 1
#define MIB_pfTimeoutTcpOpening MIB_pfTimeouts, 2
@@ -1217,6 +1218,7 @@
{ MIBDECL(pfLimitFragments) }, \
{ MIBDECL(pfLimitMaxTables) }, \
{ MIBDECL(pfLimitMaxTableEntries) }, \
+ { MIBDECL(pfLimitAnchors) }, \
{ MIBDECL(pfTimeouts) }, \
{ MIBDECL(pfTimeoutTcpFirst) }, \
{ MIBDECL(pfTimeoutTcpOpening) }, \
Index: usr.sbin/snmpd/mib.h
===================================================================
RCS file: /cvs/src/usr.sbin/snmpd/mib.h,v
retrieving revision 1.41
diff -u -p -r1.41 mib.h
--- usr.sbin/snmpd/mib.h 19 Jan 2022 10:26:37 -0000 1.41
+++ usr.sbin/snmpd/mib.h 6 Oct 2022 16:14:32 -0000
@@ -550,6 +550,7 @@
#define MIB_pfLimitFragments MIB_pfLimits, 3
#define MIB_pfLimitMaxTables MIB_pfLimits, 4
#define MIB_pfLimitMaxTableEntries MIB_pfLimits, 5
+#define MIB_pfLimitAnchors MIB_pfLimits, 6
#define MIB_pfTimeouts MIB_pfMIBObjects, 7
#define MIB_pfTimeoutTcpFirst MIB_pfTimeouts, 1
#define MIB_pfTimeoutTcpOpening MIB_pfTimeouts, 2
@@ -1126,6 +1127,7 @@
{ MIBDECL(pfLimitFragments) }, \
{ MIBDECL(pfLimitMaxTables) }, \
{ MIBDECL(pfLimitMaxTableEntries) }, \
+ { MIBDECL(pfLimitAnchors) }, \
{ MIBDECL(pfTimeouts) }, \
{ MIBDECL(pfTimeoutTcpFirst) }, \
{ MIBDECL(pfTimeoutTcpOpening) }, \
Index: libexec/snmpd/snmpd_metrics/mib.c
===================================================================
RCS file: /cvs/src/libexec/snmpd/snmpd_metrics/mib.c,v
retrieving revision 1.1.1.1
diff -u -p -r1.1.1.1 mib.c
--- libexec/snmpd/snmpd_metrics/mib.c 1 Sep 2022 14:20:34 -0000 1.1.1.1
+++ libexec/snmpd/snmpd_metrics/mib.c 6 Oct 2022 16:14:32 -0000
@@ -146,6 +146,7 @@ struct agentx_object *pfSrcTrackCount, *
struct agentx_object *pfSrcTrackRemovals;
struct agentx_object *pfLimitStates, *pfLimitSourceNodes, *pfLimitFragments;
struct agentx_object *pfLimitMaxTables, *pfLimitMaxTableEntries;
+struct agentx_object *pfLimitAnchors;
struct agentx_object *pfTimeoutTcpFirst, *pfTimeoutTcpOpening;
struct agentx_object *pfTimeoutTcpEstablished, *pfTimeoutTcpClosing;
struct agentx_object *pfTimeoutTcpFinWait, *pfTimeoutTcpClosed;
@@ -1404,6 +1405,8 @@ mib_pflimits(struct agentx_varbind *vb)
pl.index = PF_LIMIT_TABLES;
else if (obj == pfLimitMaxTableEntries)
pl.index = PF_LIMIT_TABLE_ENTRIES;
+ else if (obj == pfLimitAnchors)
+ pl.index = PF_LIMIT_ANCHORS;
else
fatal("%s: Unexpected object", __func__);
@@ -3614,6 +3617,9 @@ main(int argc, char *argv[])
AGENTX_OID(PFLIMITMAXTABLES), NULL, 0, 0, mib_pflimits)) == NULL ||
(pfLimitMaxTableEntries = agentx_object(pfMIBObjects,
AGENTX_OID(PFLIMITMAXTABLEENTRIES), NULL, 0, 0,
+ mib_pflimits)) == NULL ||
+ (pfLimitAnchors = agentx_object(pfMIBObjects,
+ AGENTX_OID(PFLIMITANCHORS), NULL, 0, 0,
mib_pflimits)) == NULL)
fatal("agentx_object");
Index: libexec/snmpd/snmpd_metrics/mib.h
===================================================================
RCS file: /cvs/src/libexec/snmpd/snmpd_metrics/mib.h,v
retrieving revision 1.1.1.1
diff -u -p -r1.1.1.1 mib.h
--- libexec/snmpd/snmpd_metrics/mib.h 1 Sep 2022 14:20:34 -0000 1.1.1.1
+++ libexec/snmpd/snmpd_metrics/mib.h 6 Oct 2022 16:14:32 -0000
@@ -300,6 +300,7 @@
#define PFLIMITFRAGMENTS PFLIMITS, 3
#define PFLIMITMAXTABLES PFLIMITS, 4
#define PFLIMITMAXTABLEENTRIES PFLIMITS, 5
+#define PFLIMITANCHORS PFLIMITS, 6
#define PFTIMEOUTTCPFIRST PFTIMEOUTS, 1
#define PFTIMEOUTTCPOPENING PFTIMEOUTS, 2
#define PFTIMEOUTTCPESTABLISHED PFTIMEOUTS, 3
