On Wed, 2022-10-19 at 05:50 +0000, Alec wrote: > Hi, > I wanted to ask about two things related to MIBs.
Please read http://www.openbsd.org/mail.html The long lines are really hard to grok. > 1) I noticed that in OPENBSD-PF-MIB.txt we have entries like pfTblAddrTblIndex > pfTblAddrTblIndex OBJECT-TYPE SYNTAX Integer32 > (1..2147483647) MAX-ACCESS read-only STATUS > current DESCRIPTION "The index value which uniquely identifies > the table which contains this pfTblAddrNet/pfTblAddrMask pair." > ::= { pfTblAddrEntry 1 } > Which translates to OID 1.3.6.1.4.1.30155.1.9.129.1.1 (if I am not mistaken). > If I do snmp walk of the whole 1.3 I can see that after > 1.3.6.1.4.1.30155.1.9.128 the next OID is 1.3.6.1.4.1.30155.1.10.1.0, so > 1.3.6.1.4.1.30155.1.9.129 is skipped.Is there something that needs to be > enabled in order to get this OID? I have several tables setup in my pf.conf. Are the tables also used or did you add the persist keyword to them? If not the optimiser will remove them and empty snmp tables will return the noSuchObject exception. You can run `pfctl -s Tables` to verify. $ doas pfctl -s Tables testtable $ snmp walk -v2c -cpublic 127.0.0.1 1.3.6.1.4.1.30155.1.9.128 pfTblIndex.1 = INTEGER: 1 pfTblName.1 = STRING: testtable pfTblAddresses.1 = INTEGER: 1 pfTblAnchorRefs.1 = INTEGER: 0 pfTblRuleRefs.1 = INTEGER: 0 pfTblEvalsMatch.1 = Counter64: 0 pfTblEvalsNoMatch.1 = Counter64: 0 pfTblInPassPkts.1 = Counter64: 0 pfTblInPassBytes.1 = Counter64: 0 pfTblInBlockPkts.1 = Counter64: 0 pfTblInBlockBytes.1 = Counter64: 0 pfTblInXPassPkts.1 = Counter64: 0 pfTblInXPassBytes.1 = Counter64: 0 pfTblOutPassPkts.1 = Counter64: 0 pfTblOutPassBytes.1 = Counter64: 0 pfTblOutBlockPkts.1 = Counter64: 0 pfTblOutBlockBytes.1 = Counter64: 0 pfTblOutXPassPkts.1 = Counter64: 0 pfTblOutXPassBytes.1 = Counter64: 0 pfTblStatsCleared.1 = Timeticks: (400) 0:00:04.00 pfTblInMatchPkts.1 = Counter64: 0 pfTblInMatchBytes.1 = Counter64: 0 pfTblOutMatchPkts.1 = Counter64: 0 pfTblOutMatchBytes.1 = Counter64: 0 $ snmp walk -v2c -cpublic 127.0.0.1 1.3.6.1.4.1.30155.1.9.129 pfTblAddrTblIndex.1.10.0.0.0.8 = INTEGER: 1 pfTblAddrNet.1.10.0.0.0.8 = IpAddress: 10.0.0.0 pfTblAddrMask.1.10.0.0.0.8 = INTEGER: 8 pfTblAddrCleared.1.10.0.0.0.8 = Timeticks: (600) 0:00:06.00 pfTblAddrInBlockPkts.1.10.0.0.0.8 = Counter64: 0 pfTblAddrInBlockBytes.1.10.0.0.0.8 = Counter64: 0 pfTblAddrInPassPkts.1.10.0.0.0.8 = Counter64: 0 pfTblAddrInPassBytes.1.10.0.0.0.8 = Counter64: 0 pfTblAddrOutBlockPkts.1.10.0.0.0.8 = Counter64: 0 pfTblAddrOutBlockBytes.1.10.0.0.0.8 = Counter64: 0 pfTblAddrOutPassPkts.1.10.0.0.0.8 = Counter64: 0 pfTblAddrOutPassBytes.1.10.0.0.0.8 = Counter64: 0 pfTblAddrInMatchPkts.1.10.0.0.0.8 = Counter64: 0 pfTblAddrInMatchBytes.1.10.0.0.0.8 = Counter64: 0 pfTblAddrOutMatchPkts.1.10.0.0.0.8 = Counter64: 0 pfTblAddrOutMatchBytes.1.10.0.0.0.8 = Counter64: 0 $ doas pfctl -t testtable -T kill 1 table deleted. $ snmp walk -v2c -cpublic 127.0.0.1 1.3.6.1.4.1.30155.1.9.128 pfTblTable = No Such Object available on this agent at this OID $ snmp walk -v2c -cpublic 127.0.0.1 1.3.6.1.4.1.30155.1.9.129 pfTblAddrTable = No Such Object available on this agent at this OID > 2) I wanted to see some stats for Pkts and Bytes on one of the interfaces but > was a bit confused by the description difference between In and Out. > For "In" we have: > pfIfIn4PassBytes OBJECT-TYPE SYNTAX Counter64 > MAX-ACCESS read-only STATUS current DESCRIPTION > "The number of IPv4 bytes passed in." ::= { pfIfEntry 7 } > pfIfIn4BlockPkts OBJECT-TYPE SYNTAX Counter64 > MAX-ACCESS read-only STATUS current DESCRIPTION > "The number of incoming IPv4 packets blocked." ::= { pfIfEntry 8 } > However, for "Out" we have: > pfIfOut4PassPkts OBJECT-TYPE SYNTAX Counter64 > MAX-ACCESS read-only STATUS current DESCRIPTION > "The number of IPv4 bytes passed out." <---- ? ::= { pfIfEntry 10 > } > pfIfOut4PassBytes OBJECT-TYPE SYNTAX Counter64 > MAX-ACCESS read-only STATUS current DESCRIPTION > "The number of IPv4 bytes passed out." ::= { pfIfEntry 11 } > The same can be seen for In6 and Out6 > Do we only count bytes for "Out"? Or perhaps description is wrong? > That looks like a (copy-paste) bug in the description. The code actually retrieves the number of packets; from libexec/snmpd/snmpd_metrics/mib.c: else if (obj == pfIfOut4PassPkts) agentx_varbind_counter64(vb, pif.pfik_packets[IPV4][OUT][PASS]); There's another OPENBSD-PF-MIB diff pending, I can see if I can add this one to the revision bump. martijn@
