Just before lock mbuhl pointed out a new limit placed in pf, not exported yet over snmp. Here's a diff to add support for PF_LIMIT_ANCHORS.
the OPENBSD-PF-MIB.txt DESCRIPTION is adapted from pfLimitMaxTables. The snmp{,d} parts are there just for pretty printing. OK? martijn@ Index: share/snmp/OPENBSD-PF-MIB.txt =================================================================== RCS file: /cvs/src/share/snmp/OPENBSD-PF-MIB.txt,v retrieving revision 1.7 diff -u -p -r1.7 OPENBSD-PF-MIB.txt --- share/snmp/OPENBSD-PF-MIB.txt 23 Mar 2021 19:37:51 -0000 1.7 +++ share/snmp/OPENBSD-PF-MIB.txt 6 Oct 2022 16:14:32 -0000 @@ -493,6 +493,14 @@ pfLimitMaxTableEntries OBJECT-TYPE tables." ::= { pfLimits 5 } +pfLimitAnchors OBJECT-TYPE + SYNTAX Unsigned32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The maximum number of anchors that can be created as part of the + active ruleset." + ::= { pfLimits 6 } -- pfTimeouts Index: usr.bin/snmp/mib.h =================================================================== RCS file: /cvs/src/usr.bin/snmp/mib.h,v retrieving revision 1.10 diff -u -p -r1.10 mib.h --- usr.bin/snmp/mib.h 23 Mar 2021 22:05:21 -0000 1.10 +++ usr.bin/snmp/mib.h 6 Oct 2022 16:14:32 -0000 @@ -580,6 +580,7 @@ #define MIB_pfLimitFragments MIB_pfLimits, 3 #define MIB_pfLimitMaxTables MIB_pfLimits, 4 #define MIB_pfLimitMaxTableEntries MIB_pfLimits, 5 +#define MIB_pfLimitAnchors MIB_pfLimits, 6 #define MIB_pfTimeouts MIB_pfMIBObjects, 7 #define MIB_pfTimeoutTcpFirst MIB_pfTimeouts, 1 #define MIB_pfTimeoutTcpOpening MIB_pfTimeouts, 2 @@ -1217,6 +1218,7 @@ { MIBDECL(pfLimitFragments) }, \ { MIBDECL(pfLimitMaxTables) }, \ { MIBDECL(pfLimitMaxTableEntries) }, \ + { MIBDECL(pfLimitAnchors) }, \ { MIBDECL(pfTimeouts) }, \ { MIBDECL(pfTimeoutTcpFirst) }, \ { MIBDECL(pfTimeoutTcpOpening) }, \ Index: usr.sbin/snmpd/mib.h =================================================================== RCS file: /cvs/src/usr.sbin/snmpd/mib.h,v retrieving revision 1.41 diff -u -p -r1.41 mib.h --- usr.sbin/snmpd/mib.h 19 Jan 2022 10:26:37 -0000 1.41 +++ usr.sbin/snmpd/mib.h 6 Oct 2022 16:14:32 -0000 @@ -550,6 +550,7 @@ #define MIB_pfLimitFragments MIB_pfLimits, 3 #define MIB_pfLimitMaxTables MIB_pfLimits, 4 #define MIB_pfLimitMaxTableEntries MIB_pfLimits, 5 +#define MIB_pfLimitAnchors MIB_pfLimits, 6 #define MIB_pfTimeouts MIB_pfMIBObjects, 7 #define MIB_pfTimeoutTcpFirst MIB_pfTimeouts, 1 #define MIB_pfTimeoutTcpOpening MIB_pfTimeouts, 2 @@ -1126,6 +1127,7 @@ { MIBDECL(pfLimitFragments) }, \ { MIBDECL(pfLimitMaxTables) }, \ { MIBDECL(pfLimitMaxTableEntries) }, \ + { MIBDECL(pfLimitAnchors) }, \ { MIBDECL(pfTimeouts) }, \ { MIBDECL(pfTimeoutTcpFirst) }, \ { MIBDECL(pfTimeoutTcpOpening) }, \ Index: libexec/snmpd/snmpd_metrics/mib.c =================================================================== RCS file: /cvs/src/libexec/snmpd/snmpd_metrics/mib.c,v retrieving revision 1.1.1.1 diff -u -p -r1.1.1.1 mib.c --- libexec/snmpd/snmpd_metrics/mib.c 1 Sep 2022 14:20:34 -0000 1.1.1.1 +++ libexec/snmpd/snmpd_metrics/mib.c 6 Oct 2022 16:14:32 -0000 @@ -146,6 +146,7 @@ struct agentx_object *pfSrcTrackCount, * struct agentx_object *pfSrcTrackRemovals; struct agentx_object *pfLimitStates, *pfLimitSourceNodes, *pfLimitFragments; struct agentx_object *pfLimitMaxTables, *pfLimitMaxTableEntries; +struct agentx_object *pfLimitAnchors; struct agentx_object *pfTimeoutTcpFirst, *pfTimeoutTcpOpening; struct agentx_object *pfTimeoutTcpEstablished, *pfTimeoutTcpClosing; struct agentx_object *pfTimeoutTcpFinWait, *pfTimeoutTcpClosed; @@ -1404,6 +1405,8 @@ mib_pflimits(struct agentx_varbind *vb) pl.index = PF_LIMIT_TABLES; else if (obj == pfLimitMaxTableEntries) pl.index = PF_LIMIT_TABLE_ENTRIES; + else if (obj == pfLimitAnchors) + pl.index = PF_LIMIT_ANCHORS; else fatal("%s: Unexpected object", __func__); @@ -3614,6 +3617,9 @@ main(int argc, char *argv[]) AGENTX_OID(PFLIMITMAXTABLES), NULL, 0, 0, mib_pflimits)) == NULL || (pfLimitMaxTableEntries = agentx_object(pfMIBObjects, AGENTX_OID(PFLIMITMAXTABLEENTRIES), NULL, 0, 0, + mib_pflimits)) == NULL || + (pfLimitAnchors = agentx_object(pfMIBObjects, + AGENTX_OID(PFLIMITANCHORS), NULL, 0, 0, mib_pflimits)) == NULL) fatal("agentx_object"); Index: libexec/snmpd/snmpd_metrics/mib.h =================================================================== RCS file: /cvs/src/libexec/snmpd/snmpd_metrics/mib.h,v retrieving revision 1.1.1.1 diff -u -p -r1.1.1.1 mib.h --- libexec/snmpd/snmpd_metrics/mib.h 1 Sep 2022 14:20:34 -0000 1.1.1.1 +++ libexec/snmpd/snmpd_metrics/mib.h 6 Oct 2022 16:14:32 -0000 @@ -300,6 +300,7 @@ #define PFLIMITFRAGMENTS PFLIMITS, 3 #define PFLIMITMAXTABLES PFLIMITS, 4 #define PFLIMITMAXTABLEENTRIES PFLIMITS, 5 +#define PFLIMITANCHORS PFLIMITS, 6 #define PFTIMEOUTTCPFIRST PFTIMEOUTS, 1 #define PFTIMEOUTTCPOPENING PFTIMEOUTS, 2 #define PFTIMEOUTTCPESTABLISHED PFTIMEOUTS, 3