Index | Thread | Search

From:
Martijn van Duren <openbsd+tech@list.imperialat.at>
Subject:
Re: Missing vlan interfaces in OPENBSD-PF-MIB::pfIfTable
To:
Marc Boisis <marc.boisis@univ-lr.fr>, tech@openbsd.org
Cc:
sashan@openbsd.org, kn@openbsd.org
Date:
Tue, 11 Jun 2024 17:41:32 +0200

Download raw body.

Thread

  • Martijn van Duren:

    Missing vlan interfaces in OPENBSD-PF-MIB::pfIfTable

moving to tech@

On Tue, 2024-06-11 at 15:38 +0200, Marc Boisis wrote:
> Like Kapetanakis I have the 64 interface desc empty:
> > snmpget -v2c -c public 127.0.0.1 OPENBSD-PF-MIB::pfIfDescr.64
> OPENBSD-PF-MIB::pfIfDescr.64 = STRING:
> 
> So can we imagine a limit of 64 interfaces in the snmp (snmpd_metrics) code ?

Ah, you're limited to 64 interfaces in total. From your mail I thought
64 physical plus a handful of carp and that the problem was limited to
vlan specifically.

You're right that it's an snmpd_metrics bug, which was fixed by sashan@
in pfctl's pfctl_table.c r1.85 back in 2022. Important parts of
that diff adjusted for snmpd_metrics below.

martijn@
> 
> 
> > On 11 Jun 2024, at 14:34, Martijn van Duren <openbsd+misc@list.imperialat.at> wrote:
> > 
> > On Tue, 2024-06-11 at 14:56 +0300, Kapetanakis Giannis wrote:
> > > On 10/06/2024 18:43, Marc Boisis wrote:
> > > > Hello,
> > > > 
> > > > I've a 7.5 openBSD router, when I'm asking OPENBSD-PF-MIB I have only 64  physicals and carp interfaces but not my 45 vlan interfaces.
> > > > 
> > > > My /etc/snmpd.conf
> > > > ROOT:amdrg2:/root > cat /etc/snmpd.conf
> > > > listen on 127.0.0.1 snmpv2c
> > > > read-only community public
> > > > 
> > > > 
> > > > "pfctl -sI" list all interfaces (carp and vlan).
> > > > 
> > > > Is there a setting or a limit to configure to see vlan interfaces in  OPENBSD-PF-MIB and especialy in OPENBSD-PF-MIB::pfIfTable ?
> > > > 
> > > > Ps: In openbsd 6.5, OPENBSD-PF-MIB::pfIfTable contain all interfaces
> > > > 
> > > > Regards
> > > > 
> > > > Marc
> > > > 
> > > Indeed.
> > > 
> > > snmpwalk -v2c -c xxxxxx localhost OPENBSD-PF-MIB::pfIfDescr | wc -l
> > > 64
> > > 
> > > pfctl -sI | wc -l
> > > 99 (groups included)
> > > 
> > > ifconfig | grep flags | wc -l
> > > 85
> > > 
> > > that is on 7.5 release.
> > > 
> > > snmpwalk is showing only "vlan" and not the vlan interfaces. That is probably the group vlan.
> > > 
> > > There is also an empty one at the end.
> > > 
> > > OPENBSD-PF-MIB::pfIfDescr.63 = STRING: vlan
> > > OPENBSD-PF-MIB::pfIfDescr.64 = STRING: 
> > > 
> > > G
> > 
> > $ snmp walk -v2c -cpublic 127.0.0.1 pfIfDescr | wc -l  
> >      15
> > $ doas pfctl -sI | wc -l                             
> >      15
> > 
> > pfIfDescr.13 = STRING: vlan
> > pfIfDescr.14 = STRING: vlan6
> > 
> > 
> > I'm not seeing it. I'm willing to dig into this, but without giving me a
> > way to reproduce saying "me too" isn't going to help.
> > 
> > martijn@
> > 
> 
diff 1731179d99a5114f9b9915e3a010e72b1f0fbc81 9b5c5bd8d05986f0a92077f6229f4f197aaf9b92
commit - 1731179d99a5114f9b9915e3a010e72b1f0fbc81
commit + 9b5c5bd8d05986f0a92077f6229f4f197aaf9b92
blob - a4b60962e324d5e8e0fd48353241656a72b448fa
blob + 8dfe88a217e8bd505edf6e3611ec55ecb414d494
--- libexec/snmpd/snmpd_metrics/pf.c
+++ libexec/snmpd/snmpd_metrics/pf.c
@@ -210,11 +210,11 @@ pfi_get(struct pfr_buffer *b, const char *filter)
 	bzero(b, sizeof(struct pfr_buffer));
 	b->pfrb_type = PFRB_IFACES;
 	for (;;) {
-		pfr_buf_grow(b, b->pfrb_size);
+		pfr_buf_grow(b, 0);
 		b->pfrb_size = b->pfrb_msize;
 		if (pfi_get_ifaces(filter, b->pfrb_caddr, &(b->pfrb_size)))
 			return (1);
-		if (b->pfrb_size <= b->pfrb_msize)
+		if (b->pfrb_size < b->pfrb_msize)
 			break;
 	}