Bug 151264 - bsnmpd(1): pf counters aren't updated on some SNMP queries
Summary: bsnmpd(1): pf counters aren't updated on some SNMP queries
Status: Closed Feedback Timeout
Alias: None
Product: Base System
Classification: Unclassified
Component: bin (show other bugs)
Version: 8.1-STABLE
Hardware: Any Any
: Normal Affects Only Me
Assignee: freebsd-bugs (Nobody)
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2010-10-06 15:30 UTC by Jeremy Chadwick
Modified: 2018-11-06 14:20 UTC (History)
2 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Jeremy Chadwick 2010-10-06 15:30:01 UTC 
	This is an interesting problem and one I've chatted with philip@ about
	in the past on IRC.  Basically, bsnmpd(1), when requested for some OIDs
	"in bulk", will return cached data -- meaning, what the OIDs return
	doesn't match what "pfctl -s info" shows.

	If a manual SNMP GET (ex. snmpget) is executed for a single OID that
	would get handled by snmp_pf.ko, the counters/stats for all OIDs within
	that module (snmp_pf.so) are updated and returned.  But all subsequent
	"bulk" requests continue to return the data that the last GET showed.

	I do have tcpdumps available that confirm this problem, and can also
	provide user-level access to production machines if a developer wants
	to do some analysis.  I can provide SNMP community names and so on
	privately.  I've only tested/confirmed this using SNMP protocol 2c due
	to the need for 64-bit counters; I cannot test version 1.

	Because of the nature of this problem, I've marked it serious/medium
	given how important SNMP monitoring is on production *IX machines.

Fix: 

None known.
How-To-Repeat: 	1. Run bsnmpd(1), making sure that pf is in use, and snmp_pf.so is
	loaded as defined by snmpd.config.

	2. Install something like net-mgmt/rrdbot and set up SNMP monitoring
	of OIDs such as the following, polled at a 30 second intervals:

pfCounterMatch                = begemot.200.1.2.1.0
pfCounterBadOffset            = begemot.200.1.2.2.0
pfCounterFragment             = begemot.200.1.2.3.0
pfCounterShort                = begemot.200.1.2.4.0
pfCounterNormalize            = begemot.200.1.2.5.0
pfCounterMemDrop              = begemot.200.1.2.6.0
pfStateTableCount             = begemot.200.1.3.1.0
pfStateTableSearches          = begemot.200.1.3.2.0
pfStateTableInserts           = begemot.200.1.3.3.0
pfStateTableRemovals          = begemot.200.1.3.4.0

	Note: "begemot" OID name/label expands to 1.3.6.1.4.1.12325.1

	3. Launch a tcpdump that will capture the SNMP data between the
	machine running bsnmpd and the machine running rrdbotd.  They
	can be the same host (in which case, packet capture from lo0).

	4. Run rrdbotd and watch the SNMP results which are returned.
	They'll repetitively be the same value.

	5. Execute rrdbot-get against one of the above OIDs.

	6. Watch for the next SNMP query/response in tcpdump; you'll
	see that the values returned are all up-to-date.

	7. Watch for the next SNMP query/response; you'll see that the
	values returned continue to be those from step #6.
Comment 1 Shteryana Shopova freebsd_committer freebsd_triage 2010-10-06 15:42:22 UTC 
Responsible Changed
From-To: freebsd-bugs->syrinx

Take over.
Comment 2 Mark Linimon freebsd_committer freebsd_triage 2013-07-03 01:50:32 UTC 
State Changed
From-To: open->open

commit bit has been taken in for safekeeping.
Comment 3 Mark Linimon freebsd_committer freebsd_triage 2013-07-03 01:50:32 UTC 
Responsible Changed
From-To: syrinx->freebsd-bugs
Comment 4 Eugene Grosbein freebsd_committer freebsd_triage 2017-06-11 14:02:00 UTC 
(In reply to freebsd from comment #0)

Is this problem still relevant?
Comment 5 Eitan Adler freebsd_committer freebsd_triage 2018-05-20 23:52:05 UTC 
For bugs matching the following conditions:
- Status == In Progress
- Assignee == "bugs@FreeBSD.org"
- Last Modified Year <= 2017

Do
- Set Status to "Open"