From: Martijn van Duren Subject: Re: Missing vlan interfaces in OPENBSD-PF-MIB::pfIfTable To: Marc Boisis , tech@openbsd.org Cc: sashan@openbsd.org, kn@openbsd.org Date: Tue, 11 Jun 2024 17:41:32 +0200 moving to tech@ On Tue, 2024-06-11 at 15:38 +0200, Marc Boisis wrote: > Like Kapetanakis I have the 64 interface desc empty: > > snmpget -v2c -c public 127.0.0.1 OPENBSD-PF-MIB::pfIfDescr.64 > OPENBSD-PF-MIB::pfIfDescr.64 = STRING: > > So can we imagine a limit of 64 interfaces in the snmp (snmpd_metrics) code ? Ah, you're limited to 64 interfaces in total. From your mail I thought 64 physical plus a handful of carp and that the problem was limited to vlan specifically. You're right that it's an snmpd_metrics bug, which was fixed by sashan@ in pfctl's pfctl_table.c r1.85 back in 2022. Important parts of that diff adjusted for snmpd_metrics below. martijn@ > > > > On 11 Jun 2024, at 14:34, Martijn van Duren wrote: > > > > On Tue, 2024-06-11 at 14:56 +0300, Kapetanakis Giannis wrote: > > > On 10/06/2024 18:43, Marc Boisis wrote: > > > > Hello, > > > > > > > > I've a 7.5 openBSD router, when I'm asking OPENBSD-PF-MIB I have only 64 physicals and carp interfaces but not my 45 vlan interfaces. > > > > > > > > My /etc/snmpd.conf > > > > ROOT:amdrg2:/root > cat /etc/snmpd.conf > > > > listen on 127.0.0.1 snmpv2c > > > > read-only community public > > > > > > > > > > > > "pfctl -sI" list all interfaces (carp and vlan). > > > > > > > > Is there a setting or a limit to configure to see vlan interfaces in OPENBSD-PF-MIB and especialy in OPENBSD-PF-MIB::pfIfTable ? > > > > > > > > Ps: In openbsd 6.5, OPENBSD-PF-MIB::pfIfTable contain all interfaces > > > > > > > > Regards > > > > > > > > Marc > > > > > > > Indeed. > > > > > > snmpwalk -v2c -c xxxxxx localhost OPENBSD-PF-MIB::pfIfDescr | wc -l > > > 64 > > > > > > pfctl -sI | wc -l > > > 99 (groups included) > > > > > > ifconfig | grep flags | wc -l > > > 85 > > > > > > that is on 7.5 release. > > > > > > snmpwalk is showing only "vlan" and not the vlan interfaces. That is probably the group vlan. > > > > > > There is also an empty one at the end. > > > > > > OPENBSD-PF-MIB::pfIfDescr.63 = STRING: vlan > > > OPENBSD-PF-MIB::pfIfDescr.64 = STRING: > > > > > > G > > > > $ snmp walk -v2c -cpublic 127.0.0.1 pfIfDescr | wc -l > > 15 > > $ doas pfctl -sI | wc -l > > 15 > > > > pfIfDescr.13 = STRING: vlan > > pfIfDescr.14 = STRING: vlan6 > > > > > > I'm not seeing it. I'm willing to dig into this, but without giving me a > > way to reproduce saying "me too" isn't going to help. > > > > martijn@ > > > diff 1731179d99a5114f9b9915e3a010e72b1f0fbc81 9b5c5bd8d05986f0a92077f6229f4f197aaf9b92 commit - 1731179d99a5114f9b9915e3a010e72b1f0fbc81 commit + 9b5c5bd8d05986f0a92077f6229f4f197aaf9b92 blob - a4b60962e324d5e8e0fd48353241656a72b448fa blob + 8dfe88a217e8bd505edf6e3611ec55ecb414d494 --- libexec/snmpd/snmpd_metrics/pf.c +++ libexec/snmpd/snmpd_metrics/pf.c @@ -210,11 +210,11 @@ pfi_get(struct pfr_buffer *b, const char *filter) bzero(b, sizeof(struct pfr_buffer)); b->pfrb_type = PFRB_IFACES; for (;;) { - pfr_buf_grow(b, b->pfrb_size); + pfr_buf_grow(b, 0); b->pfrb_size = b->pfrb_msize; if (pfi_get_ifaces(filter, b->pfrb_caddr, &(b->pfrb_size))) return (1); - if (b->pfrb_size <= b->pfrb_msize) + if (b->pfrb_size < b->pfrb_msize) break; }