Sorry about that.Was trying to keep all lines short.
>Are the tables also used or did you add the persist keyword to them?
>If not the optimiser will remove them and empty snmp tables will return
>the noSuchObject exception.
Hmm, I have about 15 tables, some are empty some have 20,000 IP addresses, all
have "persist".I do get No Such Object available on this agent at this OID. Are
all tables should be populated?
On Wednesday, October 19, 2022 at 03:17:29 p.m. GMT+9, Martijn van Duren
<[email protected]> wrote:
On Wed, 2022-10-19 at 05:50 +0000, All wrote:
> Hi,
> I wanted to ask about two things related to MIBs.
Please read http://www.openbsd.org/mail.html
The long lines are really hard to grok.
> 1) I noticed that in OPENBSD-PF-MIB.txt we have entries like pfTblAddrTblIndex
> pfTblAddrTblIndex OBJECT-TYPE SYNTAX Integer32
> (1..2147483647) MAX-ACCESS read-only STATUS
> current DESCRIPTION "The index value which uniquely identifies
> the table which contains this pfTblAddrNet/pfTblAddrMask pair."
> ::= { pfTblAddrEntry 1 }
> Which translates to OID 1.3.6.1.4.1.30155.1.9.129.1.1 (if I am not mistaken).
> If I do snmp walk of the whole 1.3 I can see that after
> 1.3.6.1.4.1.30155.1.9.128 the next OID is 1.3.6.1.4.1.30155.1.10.1.0, so
> 1.3.6.1.4.1.30155.1.9.129 is skipped.Is there something that needs to be
> enabled in order to get this OID? I have several tables setup in my pf.conf.
Are the tables also used or did you add the persist keyword to them?
If not the optimiser will remove them and empty snmp tables will return
the noSuchObject exception.
You can run `pfctl -s Tables` to verify.
$ doas pfctl -s Tables
testtable
$ snmp walk -v2c -cpublic 127.0.0.1 1.3.6.1.4.1.30155.1.9.128
pfTblIndex.1 = INTEGER: 1
pfTblName.1 = STRING: testtable
pfTblAddresses.1 = INTEGER: 1
pfTblAnchorRefs.1 = INTEGER: 0
pfTblRuleRefs.1 = INTEGER: 0
pfTblEvalsMatch.1 = Counter64: 0
pfTblEvalsNoMatch.1 = Counter64: 0
pfTblInPassPkts.1 = Counter64: 0
pfTblInPassBytes.1 = Counter64: 0
pfTblInBlockPkts.1 = Counter64: 0
pfTblInBlockBytes.1 = Counter64: 0
pfTblInXPassPkts.1 = Counter64: 0
pfTblInXPassBytes.1 = Counter64: 0
pfTblOutPassPkts.1 = Counter64: 0
pfTblOutPassBytes.1 = Counter64: 0
pfTblOutBlockPkts.1 = Counter64: 0
pfTblOutBlockBytes.1 = Counter64: 0
pfTblOutXPassPkts.1 = Counter64: 0
pfTblOutXPassBytes.1 = Counter64: 0
pfTblStatsCleared.1 = Timeticks: (400) 0:00:04.00
pfTblInMatchPkts.1 = Counter64: 0
pfTblInMatchBytes.1 = Counter64: 0
pfTblOutMatchPkts.1 = Counter64: 0
pfTblOutMatchBytes.1 = Counter64: 0
$ snmp walk -v2c -cpublic 127.0.0.1 1.3.6.1.4.1.30155.1.9.129
pfTblAddrTblIndex.1.10.0.0.0.8 = INTEGER: 1
pfTblAddrNet.1.10.0.0.0.8 = IpAddress: 10.0.0.0
pfTblAddrMask.1.10.0.0.0.8 = INTEGER: 8
pfTblAddrCleared.1.10.0.0.0.8 = Timeticks: (600) 0:00:06.00
pfTblAddrInBlockPkts.1.10.0.0.0.8 = Counter64: 0
pfTblAddrInBlockBytes.1.10.0.0.0.8 = Counter64: 0
pfTblAddrInPassPkts.1.10.0.0.0.8 = Counter64: 0
pfTblAddrInPassBytes.1.10.0.0.0.8 = Counter64: 0
pfTblAddrOutBlockPkts.1.10.0.0.0.8 = Counter64: 0
pfTblAddrOutBlockBytes.1.10.0.0.0.8 = Counter64: 0
pfTblAddrOutPassPkts.1.10.0.0.0.8 = Counter64: 0
pfTblAddrOutPassBytes.1.10.0.0.0.8 = Counter64: 0
pfTblAddrInMatchPkts.1.10.0.0.0.8 = Counter64: 0
pfTblAddrInMatchBytes.1.10.0.0.0.8 = Counter64: 0
pfTblAddrOutMatchPkts.1.10.0.0.0.8 = Counter64: 0
pfTblAddrOutMatchBytes.1.10.0.0.0.8 = Counter64: 0
$ doas pfctl -t testtable -T kill
1 table deleted.
$ snmp walk -v2c -cpublic 127.0.0.1 1.3.6.1.4.1.30155.1.9.128
pfTblTable = No Such Object available on this agent at this OID
$ snmp walk -v2c -cpublic 127.0.0.1 1.3.6.1.4.1.30155.1.9.129
pfTblAddrTable = No Such Object available on this agent at this OID
> 2) I wanted to see some stats for Pkts and Bytes on one of the interfaces but
> was a bit confused by the description difference between In and Out.
> For "In" we have:
> pfIfIn4PassBytes OBJECT-TYPE SYNTAX Counter64
> MAX-ACCESS read-only STATUS current DESCRIPTION
> "The number of IPv4 bytes passed in." ::= { pfIfEntry 7 }
> pfIfIn4BlockPkts OBJECT-TYPE SYNTAX Counter64
> MAX-ACCESS read-only STATUS current DESCRIPTION
> "The number of incoming IPv4 packets blocked." ::= { pfIfEntry 8 }
> However, for "Out" we have:
> pfIfOut4PassPkts OBJECT-TYPE SYNTAX Counter64
> MAX-ACCESS read-only STATUS current DESCRIPTION
> "The number of IPv4 bytes passed out." <---- ? ::= { pfIfEntry 10
> }
> pfIfOut4PassBytes OBJECT-TYPE SYNTAX Counter64
> MAX-ACCESS read-only STATUS current DESCRIPTION
> "The number of IPv4 bytes passed out." ::= { pfIfEntry 11 }
> The same can be seen for In6 and Out6
> Do we only count bytes for "Out"? Or perhaps description is wrong?
>
That looks like a (copy-paste) bug in the description. The code actually
retrieves the number of packets; from libexec/snmpd/snmpd_metrics/mib.c:
else if (obj == pfIfOut4PassPkts)
agentx_varbind_counter64(vb, pif.pfik_packets[IPV4][OUT][PASS]);
There's another OPENBSD-PF-MIB diff pending, I can see if I can add
this one to the revision bump.
martijn@
