On 2022/10/06 18:20, Martijn van Duren wrote:
> Just before lock mbuhl pointed out a new limit placed in pf, not
> exported yet over snmp. Here's a diff to add support for
> PF_LIMIT_ANCHORS.
>
> the OPENBSD-PF-MIB.txt DESCRIPTION is adapted from pfLimitMaxTables.
> The snmp{,d} parts are there just for pretty printing.
>
> OK?
>
> martijn@
>
> Index: share/snmp/OPENBSD-PF-MIB.txt
> ===================================================================
> RCS file: /cvs/src/share/snmp/OPENBSD-PF-MIB.txt,v
> retrieving revision 1.7
> diff -u -p -r1.7 OPENBSD-PF-MIB.txt
> --- share/snmp/OPENBSD-PF-MIB.txt 23 Mar 2021 19:37:51 -0000 1.7
> +++ share/snmp/OPENBSD-PF-MIB.txt 6 Oct 2022 16:14:32 -0000
> @@ -493,6 +493,14 @@ pfLimitMaxTableEntries OBJECT-TYPE
> tables."
> ::= { pfLimits 5 }
>
> +pfLimitAnchors OBJECT-TYPE
> + SYNTAX Unsigned32
> + MAX-ACCESS read-only
> + STATUS current
> + DESCRIPTION
> + "The maximum number of anchors that can be created as part of the
> + active ruleset."
> + ::= { pfLimits 6 }
>
> -- pfTimeouts
Needs something like this on top; otherwise OK (and smilint is happy)
Index: OPENBSD-PF-MIB.txt
===================================================================
RCS file: /cvs/src/share/snmp/OPENBSD-PF-MIB.txt,v
retrieving revision 1.7
diff -u -p -r1.7 OPENBSD-PF-MIB.txt
--- OPENBSD-PF-MIB.txt 23 Mar 2021 19:37:51 -0000 1.7
+++ OPENBSD-PF-MIB.txt 6 Oct 2022 19:37:41 -0000
@@ -36,7 +36,7 @@ IMPORTS
FROM SNMPv2-CONF;
pfMIBObjects MODULE-IDENTITY
- LAST-UPDATED "202103231933Z"
+ LAST-UPDATED "202210061936Z"
ORGANIZATION "OpenBSD"
CONTACT-INFO "
Author: Joel Knight
@@ -46,6 +46,8 @@ pfMIBObjects MODULE-IDENTITY
DESCRIPTION "The MIB module for gathering information from
OpenBSD's packet filter.
"
+ REVISION "202210061936Z"
+ DESCRIPTION "Add counter exporting the maximum number of anchors that can
be created"
REVISION "202103231933Z"
DESCRIPTION "Use DisplayString/SnmpAdminString not OCTET STRING where
appropriate"
REVISION "201506091728Z"
>
> Index: usr.bin/snmp/mib.h
> ===================================================================
> RCS file: /cvs/src/usr.bin/snmp/mib.h,v
> retrieving revision 1.10
> diff -u -p -r1.10 mib.h
> --- usr.bin/snmp/mib.h 23 Mar 2021 22:05:21 -0000 1.10
> +++ usr.bin/snmp/mib.h 6 Oct 2022 16:14:32 -0000
> @@ -580,6 +580,7 @@
> #define MIB_pfLimitFragments MIB_pfLimits, 3
> #define MIB_pfLimitMaxTables MIB_pfLimits, 4
> #define MIB_pfLimitMaxTableEntries MIB_pfLimits, 5
> +#define MIB_pfLimitAnchors MIB_pfLimits, 6
> #define MIB_pfTimeouts MIB_pfMIBObjects, 7
> #define MIB_pfTimeoutTcpFirst MIB_pfTimeouts, 1
> #define MIB_pfTimeoutTcpOpening MIB_pfTimeouts, 2
> @@ -1217,6 +1218,7 @@
> { MIBDECL(pfLimitFragments) }, \
> { MIBDECL(pfLimitMaxTables) }, \
> { MIBDECL(pfLimitMaxTableEntries) }, \
> + { MIBDECL(pfLimitAnchors) }, \
> { MIBDECL(pfTimeouts) }, \
> { MIBDECL(pfTimeoutTcpFirst) }, \
> { MIBDECL(pfTimeoutTcpOpening) }, \
> Index: usr.sbin/snmpd/mib.h
> ===================================================================
> RCS file: /cvs/src/usr.sbin/snmpd/mib.h,v
> retrieving revision 1.41
> diff -u -p -r1.41 mib.h
> --- usr.sbin/snmpd/mib.h 19 Jan 2022 10:26:37 -0000 1.41
> +++ usr.sbin/snmpd/mib.h 6 Oct 2022 16:14:32 -0000
> @@ -550,6 +550,7 @@
> #define MIB_pfLimitFragments MIB_pfLimits, 3
> #define MIB_pfLimitMaxTables MIB_pfLimits, 4
> #define MIB_pfLimitMaxTableEntries MIB_pfLimits, 5
> +#define MIB_pfLimitAnchors MIB_pfLimits, 6
> #define MIB_pfTimeouts MIB_pfMIBObjects, 7
> #define MIB_pfTimeoutTcpFirst MIB_pfTimeouts, 1
> #define MIB_pfTimeoutTcpOpening MIB_pfTimeouts, 2
> @@ -1126,6 +1127,7 @@
> { MIBDECL(pfLimitFragments) }, \
> { MIBDECL(pfLimitMaxTables) }, \
> { MIBDECL(pfLimitMaxTableEntries) }, \
> + { MIBDECL(pfLimitAnchors) }, \
> { MIBDECL(pfTimeouts) }, \
> { MIBDECL(pfTimeoutTcpFirst) }, \
> { MIBDECL(pfTimeoutTcpOpening) }, \
> Index: libexec/snmpd/snmpd_metrics/mib.c
> ===================================================================
> RCS file: /cvs/src/libexec/snmpd/snmpd_metrics/mib.c,v
> retrieving revision 1.1.1.1
> diff -u -p -r1.1.1.1 mib.c
> --- libexec/snmpd/snmpd_metrics/mib.c 1 Sep 2022 14:20:34 -0000 1.1.1.1
> +++ libexec/snmpd/snmpd_metrics/mib.c 6 Oct 2022 16:14:32 -0000
> @@ -146,6 +146,7 @@ struct agentx_object *pfSrcTrackCount, *
> struct agentx_object *pfSrcTrackRemovals;
> struct agentx_object *pfLimitStates, *pfLimitSourceNodes, *pfLimitFragments;
> struct agentx_object *pfLimitMaxTables, *pfLimitMaxTableEntries;
> +struct agentx_object *pfLimitAnchors;
> struct agentx_object *pfTimeoutTcpFirst, *pfTimeoutTcpOpening;
> struct agentx_object *pfTimeoutTcpEstablished, *pfTimeoutTcpClosing;
> struct agentx_object *pfTimeoutTcpFinWait, *pfTimeoutTcpClosed;
> @@ -1404,6 +1405,8 @@ mib_pflimits(struct agentx_varbind *vb)
> pl.index = PF_LIMIT_TABLES;
> else if (obj == pfLimitMaxTableEntries)
> pl.index = PF_LIMIT_TABLE_ENTRIES;
> + else if (obj == pfLimitAnchors)
> + pl.index = PF_LIMIT_ANCHORS;
> else
> fatal("%s: Unexpected object", __func__);
>
> @@ -3614,6 +3617,9 @@ main(int argc, char *argv[])
> AGENTX_OID(PFLIMITMAXTABLES), NULL, 0, 0, mib_pflimits)) == NULL ||
> (pfLimitMaxTableEntries = agentx_object(pfMIBObjects,
> AGENTX_OID(PFLIMITMAXTABLEENTRIES), NULL, 0, 0,
> + mib_pflimits)) == NULL ||
> + (pfLimitAnchors = agentx_object(pfMIBObjects,
> + AGENTX_OID(PFLIMITANCHORS), NULL, 0, 0,
> mib_pflimits)) == NULL)
> fatal("agentx_object");
>
> Index: libexec/snmpd/snmpd_metrics/mib.h
> ===================================================================
> RCS file: /cvs/src/libexec/snmpd/snmpd_metrics/mib.h,v
> retrieving revision 1.1.1.1
> diff -u -p -r1.1.1.1 mib.h
> --- libexec/snmpd/snmpd_metrics/mib.h 1 Sep 2022 14:20:34 -0000 1.1.1.1
> +++ libexec/snmpd/snmpd_metrics/mib.h 6 Oct 2022 16:14:32 -0000
> @@ -300,6 +300,7 @@
> #define PFLIMITFRAGMENTS PFLIMITS, 3
> #define PFLIMITMAXTABLES PFLIMITS, 4
> #define PFLIMITMAXTABLEENTRIES PFLIMITS, 5
> +#define PFLIMITANCHORS PFLIMITS, 6
> #define PFTIMEOUTTCPFIRST PFTIMEOUTS, 1
> #define PFTIMEOUTTCPOPENING PFTIMEOUTS, 2
> #define PFTIMEOUTTCPESTABLISHED PFTIMEOUTS, 3
>
