Hi, This diff adds the table packet/byte counters for "match" rules to PF-MIB.
In case gmail mucks up the formatting, the diff is here too: http://www.packetmischief.ca/files/openbsd/patches/snmpd.match.diff ok? .joel Index: OPENBSD-PF-MIB.txt =================================================================== RCS file: /cvs/src/share/snmp/OPENBSD-PF-MIB.txt,v retrieving revision 1.2 diff -p -u -r1.2 OPENBSD-PF-MIB.txt --- OPENBSD-PF-MIB.txt 11 Mar 2013 19:49:37 -0000 1.2 +++ OPENBSD-PF-MIB.txt 2 Sep 2013 22:28:49 -0000 @@ -1,6 +1,6 @@ -- $OpenBSD: OPENBSD-PF-MIB.txt,v 1.2 2013/03/11 19:49:37 sthen Exp $ -- --- Copyright (c) 2004-2012 Joel Knight <knight.j...@gmail.com> +-- Copyright (c) 2004-2013 Joel Knight <knight.j...@gmail.com> -- -- Permission to use, copy, modify, and distribute this document for any -- purpose with or without fee is hereby granted, provided that the above @@ -43,6 +43,8 @@ pfMIBObjects MODULE-IDENTITY DESCRIPTION "The MIB module for gathering information from OpenBSD's packet filter. " + REVISION "201308310446Z" + DESCRIPTION "Add pf(4) table byte/packet counters for 'match' rules" REVISION "201302242033Z" DESCRIPTION "Add separate counter for failed translations" REVISION "201201260000Z" @@ -919,7 +921,11 @@ TblEntry ::= pfTblOutBlockBytes Counter64, pfTblOutXPassPkts Counter64, pfTblOutXPassBytes Counter64, - pfTblStatsCleared TimeTicks + pfTblStatsCleared TimeTicks, + pfTblInMatchPkts Counter64, + pfTblInMatchBytes Counter64, + pfTblOutMatchPkts Counter64, + pfTblOutMatchBytes Counter64 } pfTblIndex OBJECT-TYPE @@ -1092,6 +1098,44 @@ pfTblStatsCleared OBJECT-TYPE for this pf table were zeroed." ::= { pfTblEntry 20 } +pfTblInMatchPkts OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of inbound packets that hit a 'match' rule where this + particular table was referenced by the rule." + ::= { pfTblEntry 21 } + +pfTblInMatchBytes OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total size in bytes of all inbound packets that hit a + 'match' rule where this particular table was referenced by + the rule." + ::= { pfTblEntry 22 } + +pfTblOutMatchPkts OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of outbound packets that hit a 'match' rule where this + particular table was referenced by the rule." + ::= { pfTblEntry 23 } + +pfTblOutMatchBytes OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total size in bytes of all outbound packets that hit a + 'match' rule where this particular table was referenced by + the rule." + ::= { pfTblEntry 24 } + pfTblAddrTable OBJECT-TYPE SYNTAX SEQUENCE OF TblAddrEntry MAX-ACCESS not-accessible @@ -1124,7 +1168,11 @@ TblAddrEntry ::= pfTblAddrOutBlockPkts Counter64, pfTblAddrOutBlockBytes Counter64, pfTblAddrOutPassPkts Counter64, - pfTblAddrOutPassBytes Counter64 + pfTblAddrOutPassBytes Counter64, + pfTblAddrInMatchPkts Counter64, + pfTblAddrInMatchBytes Counter64, + pfTblAddrOutMatchPkts Counter64, + pfTblAddrOutMatchBytes Counter64 } pfTblAddrTblIndex OBJECT-TYPE @@ -1235,6 +1283,42 @@ pfTblAddrOutPassBytes OBJECT-TYPE "The number of outbound bytes passed as a result of matchg this table entry." ::= { pfTblAddrEntry 12 } + +pfTblAddrInMatchPkts OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of inbound packets that hit a 'match' rule where + this table entry was referenced." + ::= { pfTblAddrEntry 13 } + +pfTblAddrInMatchBytes OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total size in bytes of all inbound packets that hit + a 'match' rule where this table entry was referenced." + ::= { pfTblAddrEntry 14 } + +pfTblAddrOutMatchPkts OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of outbound packets that hit a 'match' rule where + this table entry was referenced." + ::= { pfTblAddrEntry 15 } + +pfTblAddrOutMatchBytes OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The total size in bytes of all outbound packets that hit + a 'match' rule where this table entry was referenced." + ::= { pfTblAddrEntry 16 } -- pfLabels Index: mib.c =================================================================== RCS file: /cvs/src/usr.sbin/snmpd/mib.c,v retrieving revision 1.64 diff -p -u -r1.64 mib.c --- mib.c 11 Mar 2013 19:49:37 -0000 1.64 +++ mib.c 2 Sep 2013 22:29:54 -0000 @@ -1548,6 +1548,10 @@ static struct oid openbsd_mib[] = { { MIB(pfTblOutXPassPkts), OID_TRD, mib_pftables }, { MIB(pfTblOutXPassBytes), OID_TRD, mib_pftables }, { MIB(pfTblStatsCleared), OID_TRD, mib_pftables }, + { MIB(pfTblInMatchPkts), OID_TRD, mib_pftables }, + { MIB(pfTblInMatchBytes), OID_TRD, mib_pftables }, + { MIB(pfTblOutMatchPkts), OID_TRD, mib_pftables }, + { MIB(pfTblOutMatchBytes), OID_TRD, mib_pftables }, { MIB(pfTblAddrTblIndex), OID_TRD, mib_pftableaddrs, NULL, mib_pftableaddrstable }, { MIB(pfTblAddrNet), OID_TRD, mib_pftableaddrs, @@ -1572,6 +1576,14 @@ static struct oid openbsd_mib[] = { NULL, mib_pftableaddrstable }, { MIB(pfTblAddrOutPassBytes), OID_TRD, mib_pftableaddrs, NULL, mib_pftableaddrstable }, + { MIB(pfTblAddrInMatchPkts), OID_TRD, mib_pftableaddrs, + NULL, mib_pftableaddrstable }, + { MIB(pfTblAddrInMatchBytes), OID_TRD, mib_pftableaddrs, + NULL, mib_pftableaddrstable }, + { MIB(pfTblAddrOutMatchPkts), OID_TRD, mib_pftableaddrs, + NULL, mib_pftableaddrstable }, + { MIB(pfTblAddrOutMatchBytes), OID_TRD, mib_pftableaddrs, + NULL, mib_pftableaddrstable }, { MIB(pfLabelNumber), OID_RD, mib_pflabelnum }, { MIB(pfLabelIndex), OID_TRD, mib_pflabels }, { MIB(pfLabelName), OID_TRD, mib_pflabels }, @@ -2166,6 +2178,22 @@ mib_pftables(struct oid *oid, struct ber ber = ber_add_integer(ber, tzero); ber_set_header(ber, BER_CLASS_APPLICATION, SNMP_T_TIMETICKS); break; + case 21: + ber = ber_add_integer(ber, ts.pfrts_packets[IN][PFR_OP_MATCH]); + ber_set_header(ber, BER_CLASS_APPLICATION, SNMP_T_COUNTER64); + break; + case 22: + ber = ber_add_integer(ber, ts.pfrts_bytes[IN][PFR_OP_MATCH]); + ber_set_header(ber, BER_CLASS_APPLICATION, SNMP_T_COUNTER64); + break; + case 23: + ber = ber_add_integer(ber, ts.pfrts_packets[OUT][PFR_OP_MATCH]); + ber_set_header(ber, BER_CLASS_APPLICATION, SNMP_T_COUNTER64); + break; + case 24: + ber = ber_add_integer(ber, ts.pfrts_bytes[OUT][PFR_OP_MATCH]); + ber_set_header(ber, BER_CLASS_APPLICATION, SNMP_T_COUNTER64); + break; default: return (1); } @@ -2236,6 +2264,22 @@ mib_pftableaddrs(struct oid *oid, struct break; case 12: ber = ber_add_integer(ber, as.pfras_bytes[OUT][PFR_OP_PASS]); + ber_set_header(ber, BER_CLASS_APPLICATION, SNMP_T_COUNTER64); + break; + case 13: + ber = ber_add_integer(ber, as.pfras_packets[IN][PFR_OP_MATCH]); + ber_set_header(ber, BER_CLASS_APPLICATION, SNMP_T_COUNTER64); + break; + case 14: + ber = ber_add_integer(ber, as.pfras_bytes[IN][PFR_OP_MATCH]); + ber_set_header(ber, BER_CLASS_APPLICATION, SNMP_T_COUNTER64); + break; + case 15: + ber = ber_add_integer(ber, as.pfras_packets[OUT][PFR_OP_MATCH]); + ber_set_header(ber, BER_CLASS_APPLICATION, SNMP_T_COUNTER64); + break; + case 16: + ber = ber_add_integer(ber, as.pfras_bytes[OUT][PFR_OP_MATCH]); ber_set_header(ber, BER_CLASS_APPLICATION, SNMP_T_COUNTER64); break; default: Index: mib.h =================================================================== RCS file: /cvs/src/usr.sbin/snmpd/mib.h,v retrieving revision 1.30 diff -p -u -r1.30 mib.h --- mib.h 11 Mar 2013 19:49:37 -0000 1.30 +++ mib.h 2 Sep 2013 22:29:54 -0000 @@ -587,6 +587,10 @@ #define MIB_pfTblOutXPassPkts MIB_pfTblEntry, 18 #define MIB_pfTblOutXPassBytes MIB_pfTblEntry, 19 #define MIB_pfTblStatsCleared MIB_pfTblEntry, 20 +#define MIB_pfTblInMatchPkts MIB_pfTblEntry, 21 +#define MIB_pfTblInMatchBytes MIB_pfTblEntry, 22 +#define MIB_pfTblOutMatchPkts MIB_pfTblEntry, 23 +#define MIB_pfTblOutMatchBytes MIB_pfTblEntry, 24 #define MIB_pfTblAddrTable MIB_pfTables, 129 #define MIB_pfTblAddrEntry MIB_pfTblAddrTable, 1 #define OIDIDX_pfTblAddr 11 @@ -602,6 +606,10 @@ #define MIB_pfTblAddrOutBlockBytes MIB_pfTblAddrEntry, 10 #define MIB_pfTblAddrOutPassPkts MIB_pfTblAddrEntry, 11 #define MIB_pfTblAddrOutPassBytes MIB_pfTblAddrEntry, 12 +#define MIB_pfTblAddrInMatchPkts MIB_pfTblAddrEntry, 13 +#define MIB_pfTblAddrInMatchBytes MIB_pfTblAddrEntry, 14 +#define MIB_pfTblAddrOutMatchPkts MIB_pfTblAddrEntry, 15 +#define MIB_pfTblAddrOutMatchBytes MIB_pfTblAddrEntry, 16 #define MIB_pfLabels MIB_pfMIBObjects, 10 #define MIB_pfLabelNumber MIB_pfLabels, 1 #define MIB_pfLabelTable MIB_pfLabels, 128 @@ -1108,6 +1116,10 @@ { MIBDECL(pfTblOutXPassPkts) }, \ { MIBDECL(pfTblOutXPassBytes) }, \ { MIBDECL(pfTblStatsCleared) }, \ + { MIBDECL(pfTblInMatchPkts) }, \ + { MIBDECL(pfTblInMatchBytes) }, \ + { MIBDECL(pfTblOutMatchPkts) }, \ + { MIBDECL(pfTblOutMatchBytes) }, \ { MIBDECL(pfTblAddrTable) }, \ { MIBDECL(pfTblAddrEntry) }, \ { MIBDECL(pfTblAddrTblIndex) }, \ @@ -1122,6 +1134,10 @@ { MIBDECL(pfTblAddrOutBlockBytes) }, \ { MIBDECL(pfTblAddrOutPassPkts) }, \ { MIBDECL(pfTblAddrOutPassBytes) }, \ + { MIBDECL(pfTblAddrInMatchPkts) }, \ + { MIBDECL(pfTblAddrInMatchBytes) }, \ + { MIBDECL(pfTblAddrOutMatchPkts) }, \ + { MIBDECL(pfTblAddrOutMatchBytes) }, \ { MIBDECL(pfLabels) }, \ { MIBDECL(pfLabelNumber) }, \ { MIBDECL(pfLabelTable) }, \