Re: Missing vlan interfaces in OPENBSD-PF-MIB::pfIfTable

Thu, 16 Jan 2025 04:31:36 -0800 

Just installed a fresh OpenBSD 7.6 machine and created >64 interfaces
with:
i=0; while [ $i -le 80 ]; do doas ifconfig trunk$i create; i=$((i+1)); done

Doing a full run gives me the following:
openbsd76$ snmp walk -v2c -cpublic 127.0.0.1 pfifdescr | wc -l                  
      
      92

So the fix seems to be working for me with the testcase presented to
me prior. Without a proper testcase I can't debug this issue
unfortunately. Some things you could look at:
- Do you have a faulty snmpd_metrics installed (try to recompile and
  install it)
- Do all interfaces still show up in pfctl?
- Do interfaces of another type (e.g. trunk as my test above) show
  up above the 64 entry limit?
- Does the bug also show up on another machine?

martijn@

On Wed, 2025-01-15 at 09:58 +0100, Marc Boisis wrote:
> Hello,
> 
> Yesterday updated my router to 7.6 and the 64 interfaces limit reappeared.
> I downloaded the 7.6 sources , and the  patch on 
> libexec/snmpd/snmpd_metrics/pf.c is applied correctly.
> 
> So the bug has moved elsewhere.. but where ?
> 
> Marc
> 
> 
> > On 11 Jun 2024, at 17:41, Martijn van Duren 
> > <openbsd+t...@list.imperialat.at> wrote:
> > 
> > moving to tech@
> > 
> > On Tue, 2024-06-11 at 15:38 +0200, Marc Boisis wrote:
> > > Like Kapetanakis I have the 64 interface desc empty:
> > > > snmpget -v2c -c public 127.0.0.1 OPENBSD-PF-MIB::pfIfDescr.64
> > > OPENBSD-PF-MIB::pfIfDescr.64 = STRING:
> > > 
> > > So can we imagine a limit of 64 interfaces in the snmp (snmpd_metrics) 
> > > code ?
> > 
> > Ah, you're limited to 64 interfaces in total. From your mail I thought
> > 64 physical plus a handful of carp and that the problem was limited to
> > vlan specifically.
> > 
> > You're right that it's an snmpd_metrics bug, which was fixed by sashan@
> > in pfctl's pfctl_table.c r1.85 back in 2022. Important parts of
> > that diff adjusted for snmpd_metrics below.
> > 
> > martijn@
> > > 
> > > 
> > > > On 11 Jun 2024, at 14:34, Martijn van Duren 
> > > > <openbsd+m...@list.imperialat.at> wrote:
> > > > 
> > > > On Tue, 2024-06-11 at 14:56 +0300, Kapetanakis Giannis wrote:
> > > > > On 10/06/2024 18:43, Marc Boisis wrote:
> > > > > > Hello,
> > > > > > 
> > > > > > I've a 7.5 openBSD router, when I'm asking OPENBSD-PF-MIB I have 
> > > > > > only 64  physicals and carp interfaces but not my 45 vlan 
> > > > > > interfaces.
> > > > > > 
> > > > > > My /etc/snmpd.conf
> > > > > > ROOT:amdrg2:/root > cat /etc/snmpd.conf
> > > > > > listen on 127.0.0.1 snmpv2c
> > > > > > read-only community public
> > > > > > 
> > > > > > 
> > > > > > "pfctl -sI" list all interfaces (carp and vlan).
> > > > > > 
> > > > > > Is there a setting or a limit to configure to see vlan interfaces 
> > > > > > in  OPENBSD-PF-MIB and especialy in OPENBSD-PF-MIB::pfIfTable ?
> > > > > > 
> > > > > > Ps: In openbsd 6.5, OPENBSD-PF-MIB::pfIfTable contain all interfaces
> > > > > > 
> > > > > > Regards
> > > > > > 
> > > > > > Marc
> > > > > > 
> > > > > Indeed.
> > > > > 
> > > > > snmpwalk -v2c -c xxxxxx localhost OPENBSD-PF-MIB::pfIfDescr | wc -l
> > > > > 64
> > > > > 
> > > > > pfctl -sI | wc -l
> > > > > 99 (groups included)
> > > > > 
> > > > > ifconfig | grep flags | wc -l
> > > > > 85
> > > > > 
> > > > > that is on 7.5 release.
> > > > > 
> > > > > snmpwalk is showing only "vlan" and not the vlan interfaces. That is 
> > > > > probably the group vlan.
> > > > > 
> > > > > There is also an empty one at the end.
> > > > > 
> > > > > OPENBSD-PF-MIB::pfIfDescr.63 = STRING: vlan
> > > > > OPENBSD-PF-MIB::pfIfDescr.64 = STRING: 
> > > > > 
> > > > > G
> > > > 
> > > > $ snmp walk -v2c -cpublic 127.0.0.1 pfIfDescr | wc -l  
> > > >     15
> > > > $ doas pfctl -sI | wc -l                             
> > > >     15
> > > > 
> > > > pfIfDescr.13 = STRING: vlan
> > > > pfIfDescr.14 = STRING: vlan6
> > > > 
> > > > 
> > > > I'm not seeing it. I'm willing to dig into this, but without giving me a
> > > > way to reproduce saying "me too" isn't going to help.
> > > > 
> > > > martijn@
> > > > 
> > > 
> > diff 1731179d99a5114f9b9915e3a010e72b1f0fbc81 
> > 9b5c5bd8d05986f0a92077f6229f4f197aaf9b92
> > commit - 1731179d99a5114f9b9915e3a010e72b1f0fbc81
> > commit + 9b5c5bd8d05986f0a92077f6229f4f197aaf9b92
> > blob - a4b60962e324d5e8e0fd48353241656a72b448fa
> > blob + 8dfe88a217e8bd505edf6e3611ec55ecb414d494
> > --- libexec/snmpd/snmpd_metrics/pf.c
> > +++ libexec/snmpd/snmpd_metrics/pf.c
> > @@ -210,11 +210,11 @@ pfi_get(struct pfr_buffer *b, const char *filter)
> >     bzero(b, sizeof(struct pfr_buffer));
> >     b->pfrb_type = PFRB_IFACES;
> >     for (;;) {
> > -           pfr_buf_grow(b, b->pfrb_size);
> > +           pfr_buf_grow(b, 0);
> >             b->pfrb_size = b->pfrb_msize;
> >             if (pfi_get_ifaces(filter, b->pfrb_caddr, &(b->pfrb_size)))
> >                     return (1);
> > -           if (b->pfrb_size <= b->pfrb_msize)
> > +           if (b->pfrb_size < b->pfrb_msize)
> >                     break;
> >     }
> > 
> > 
>

Reply via email to