On 2020-11-09, Winfred Harrelson <wharr...@kettering.edu> wrote: > On Sat, Nov 07, 2020 at 01:53:00PM -0000, Stuart Henderson wrote: >> On 2020-11-06, Winfred Harrelson <wharr...@kettering.edu> wrote: >> > I am running OpenBSD 6.7 and am having a strange issue with snmpd(8). >> > >> > The issue is that it doesn't have all the arp entries but this was >> > working before. I don't know exactly when this started happening >> > but I just noticed today. >> > >> > Here is the machine in question and what I get: >> > >> > wharrels@styx1:/home/wharrels$ uname -a >> > OpenBSD styx1 6.7 GENERIC.MP#3 amd64 >> > >> > wharrels@styx1:/home/wharrels$ arp -a | wc -l >> > 985 >> > >> > Box is acting as a firewall so that is normal. Actually normal to >> > have many more than that. But if I do a query from another machine >> > via snmpwalk I get a completely different number of machines in >> > the arp table: >> > >> > [wharrels@newtron ~]$ snmpwalk -v2c -c public styx1 >> > ip.ipNetToMediaTable.ipNetToMediaEntry.ipNetToMediaPhysAddress | wc -l >> > 456 >> > >> > Not even close to the same number of machines. The above OID translates to >> > 1.3.6.1.2.1.4.22.1.2 if you want to try this and see what you get. >> > >> > Should I be using a different OID to get the arp table or is there >> > another way to do this? It might be that this was not working quite >> > right before but I don't remember it being off like this. >> > >> > Any help would be appreciated, thanks. >> > >> > Winfred >> > >> > >> >> If you have set "filter-routes yes" then this is expected as it will >> stop snmpd from seeing route updates and thus new additions to the >> ARP table. > > I do not have that in my config file. Man page says the default is "no" > so this should not be it correct? I will try adding the line with a > "no" just to see if that changes anything though.
Correct. >> If you have not then I'd say this is a bug and best reported to >> bugs@ rather than misc@. > > I am running 6.7 on this box so I may wait until I can get it updated > to 6.8 before reporting to bugs@. Worth doing though I think 6.8 is unlikely to help. Does restarting snmpd result in picking up the full arp table again? >> BTW you can see this table in a nicer output format: >> >> $ snmptable -v2c -c pulic host ip.ipNetToMediaTable > > I did not know that, thanks for the info. Doesn't look to be much > different though. Yes, it's just nicer formatting and pulls details from the various oids that make up the snmp table in one place, it works for various other tables too. > >
