From: Martijn van Duren Subject: Re: snmpd_metrics To: Steve Shockley , tech@openbsd.org Date: Wed, 20 May 2026 08:44:45 +0200 Moving to tech@ On 5/19/26 21:07, Steve Shockley wrote: > Hi, I'm using OpenBSD 7.8 and -current, and for a variety of reasons I'm using Net-SNMPD instead of the built-in one. My work on snmpd has slowed down quite a bit the last couple of years, but could you share what is keeping you from using base snmpd? >  Previously I was forwarding from net_snmpd using proxy to snmpd listening on localhost. I recently discovered snmpd_metrics, which seems to do something similar without worrying about which oids to forward. Indeed. snmpd_metrics is used as the default (only) backend for not snmp-related (the protocol internals) OIDs, which is spawned by snmpd itself and uses a socketpair, instead of letting snmpd_metrics connect to snmpd itself. Via AgentX the subagent itself determines what OIDs it wants to export. > > If I add agentx to the net_snmpd config and run snmpd_metrics -d -v, it works great and I can see all the queries.  The documentation is a little sparse, but I discovered in the initial commit message (end of https://cvsweb.openbsd.org/log/src/libexec/snmpd/snmpd_metrics/mib.c,v) that it needs to be run as a daemon. I've added a daemon functionality exactly for your usecase, but I don't use the functionality, is only lightly tested, and got victim of bitrot. > > Is a template available for rc.d?  I can write one myself, but what user should it run as? There's no template rc.d, because the base system doesn't need it and could cause confusion in the other direction. The daemon functionality for snmpd_metrics is there for inquisitive people such as yourself. snmpd_metrics must be spawned as root, and it will drop its privileges to _snmpd:_agentx (keep this in mind when setting the permissions on your agentx socket). > > I noticed if snmpd_metrics is running and net_snmpd restarts, it prints > [fd:4]: lost connection: Connection reset by peer > Failed to connect to snmpd: Permission denied > Failed to connect to snmpd: Permission denied This is part of the bitrot, and related to changed behaviour in unveil when it comes to unix sockets since I wrote snmpd_metrics. > > and never recovers.  Is there a way to make snmpd_metrics "depend" on net_snmpd so if net_ restarts it also restarts _metrics?  (Or should it be able to recover from that?) With the diff below it should just recover from it. Please test it and let me know if this works as you'd expect. > > Thanks. > martijn@ diff /usr/src path + /usr/src commit - d39f547900e2171e14b179e6cff6421f29f5667c blob - 7d9c34e2a23c7ae3b3de1ebad6c5bb6e45238f72 file + libexec/snmpd/snmpd_metrics/mib.c --- libexec/snmpd/snmpd_metrics/mib.c +++ libexec/snmpd/snmpd_metrics/mib.c @@ -3324,6 +3324,11 @@ main(int argc, char *argv[]) if (agentxfd == -1 && agentxsocket == NULL) agentxsocket = AGENTX_MASTER_PATH; + if (daemonize) { + log_init(0, LOG_DAEMON); + daemon(0, 0); + } + log_setverbose(verbose); event_init(); if ((sa = agentx(snmp_connect, NULL)) == NULL) @@ -3345,7 +3350,7 @@ main(int argc, char *argv[]) errno = ENAMETOOLONG; fatal("-s"); } - if (unveil(dirname(agentxsocketdir), "r") == -1) + if (unveil(dirname(agentxsocketdir), "w") == -1) fatal("unveil"); } @@ -4375,12 +4380,6 @@ main(int argc, char *argv[]) 1, 0, mib_dot1dtable)) == NULL) fatal("agentx_object"); - if (daemonize) { - log_init(0, LOG_DAEMON); - daemon(0, 0); - } - log_setverbose(verbose); - event_dispatch(); }