diff ports/net/ucd-snmp.orig/Makefile ports/net/ucd-snmp/Makefile --- ports/net/ucd-snmp.orig/Makefile Tue Apr 22 09:15:57 2003 +++ ports/net/ucd-snmp/Makefile Fri Dec 10 19:08:16 2004 @@ -22,7 +22,8 @@ --with-persistent-directory='/var/ucd-snmp' \ --with-libwrap='/usr' --with-openssl --with-zlib \ --with-sys-contact='default@' \ - --with-sys-location='Default Location' + --with-sys-location='Default Location' \ + --with-mib-modules="pfMIBObjects" CONFIGURE_ENV= VERSION_INFO='42:6:0' NO_REGRESS= Yes diff ports/net/ucd-snmp.orig/pkg/PLIST ports/net/ucd-snmp/pkg/PLIST --- ports/net/ucd-snmp.orig/pkg/PLIST Fri Jul 18 18:46:48 2003 +++ ports/net/ucd-snmp/pkg/PLIST Fri Dec 10 19:08:16 2004 @@ -167,6 +167,8 @@ share/snmp/mibs/IPV6-TC.txt share/snmp/mibs/IPV6-TCP-MIB.txt share/snmp/mibs/IPV6-UDP-MIB.txt +share/snmp/mibs/OPENBSD-BASE-MIB.txt +share/snmp/mibs/OPENBSD-PF-MIB.txt share/snmp/mibs/RFC-1215.txt share/snmp/mibs/RFC1155-SMI.txt share/snmp/mibs/RFC1213-MIB.txt diff ports/net/ucd-snmp.orig/w-ucd-snmp-4.2.6/ucd-snmp-4.2.6/agent/mibgroup/pfMIBObjects.c ports/net/ucd-snmp/w-ucd-snmp-4.2.6/ucd-snmp-4.2.6/agent/mibgroup/pfMIBObjects.c --- ports/net/ucd-snmp.orig/w-ucd-snmp-4.2.6/ucd-snmp-4.2.6/agent/mibgroup/pfMIBObjects.c Wed Dec 31 17:00:00 1969 +++ ports/net/ucd-snmp/w-ucd-snmp-4.2.6/ucd-snmp-4.2.6/agent/mibgroup/pfMIBObjects.c Fri Dec 10 19:08:17 2004 @@ -0,0 +1,1305 @@ +/* + * $jwk: pfMIBObjects.c,v 1.39 2004/12/06 05:24:40 jwk Exp $ + * + * + * Copyright (c) 2004 Joel Knight + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + + +#include + +#include +#include +#include +#include +#include +#include +#include + +#include +#include +#include +#include + +#include "mibincl.h" +#include "util_funcs.h" +#include "pfMIBObjects.h" + + +#define PFRB_FOREACH(var, buf) \ + for ((var) = pfr_buf_next((buf), NULL); \ + (var) != NULL; \ + (var) = pfr_buf_next((buf), (var))) + +int dev = -1; +char *pfi_table[255][IFNAMSIZ]; +unsigned int pfi_count; +unsigned int pft_count; +time_t pfi_table_age; + +size_t buf_esize[PFRB_MAX] = { 0, + sizeof(struct pfr_tstats), + sizeof(struct pfr_astats), + sizeof(struct pfi_if) +}; + +oid pfMIBObjects_variables_oid[] = { 1,3,6,1,4,1,64512,1 }; + +struct variable4 pfMIBObjects_variables[] = { +/* magic number , variable type , ro/rw , callback fn , L, oidsuffix */ + { RUNNING , ASN_INTEGER , RONLY , var_pfMIBObjects, 2, { 1,1 } }, + { RUNTIME , ASN_TIMETICKS , RONLY , var_pfMIBObjects, 2, { 1,2 } }, + { DEBUG , ASN_INTEGER , RONLY , var_pfMIBObjects, 2, { 1,3 } }, + { HOSTID , ASN_OCTET_STR , RONLY , var_pfMIBObjects, 2, { 1,4 } }, + { MATCH , ASN_COUNTER64 , RONLY , var_pfMIBObjects, 2, { 2,1 } }, + { BADOFFSET , ASN_COUNTER64 , RONLY , var_pfMIBObjects, 2, { 2,2 } }, + { FRAGMENT , ASN_COUNTER64 , RONLY , var_pfMIBObjects, 2, { 2,3 } }, + { SHORT , ASN_COUNTER64 , RONLY , var_pfMIBObjects, 2, { 2,4 } }, + { NORMALIZE , ASN_COUNTER64 , RONLY , var_pfMIBObjects, 2, { 2,5 } }, + { MEMORY , ASN_COUNTER64 , RONLY , var_pfMIBObjects, 2, { 2,6 } }, + { STATES_COUNT , ASN_UNSIGNED , RONLY , var_pfMIBObjects, 2, { 3,1 } }, + { STATES_SEARCHES , ASN_COUNTER64 , RONLY , var_pfMIBObjects, 2, { 3,2 } }, + { STATES_INSERTS , ASN_COUNTER64 , RONLY , var_pfMIBObjects, 2, { 3,3 } }, + { STATES_REMOVALS , ASN_COUNTER64 , RONLY , var_pfMIBObjects, 2, { 3,4 } }, + { PF_LOGIF_NAME , ASN_OCTET_STR , RONLY , var_pfMIBObjects, 2, { 4,1 } }, + { IPBYTESIN , ASN_COUNTER64 , RONLY , var_pfMIBObjects, 2, { 4,2 } }, + { IPBYTESOUT , ASN_COUNTER64 , RONLY , var_pfMIBObjects, 2, { 4,3 } }, + { IPPKTSINPASS , ASN_COUNTER64 , RONLY , var_pfMIBObjects, 2, { 4,4 } }, + { IPPKTSINDROP , ASN_COUNTER64 , RONLY , var_pfMIBObjects, 2, { 4,5 } }, + { IPPKTSOUTPASS , ASN_COUNTER64 , RONLY , var_pfMIBObjects, 2, { 4,6 } }, + { IPPKTSOUTDROP , ASN_COUNTER64 , RONLY , var_pfMIBObjects, 2, { 4,7 } }, + { IP6BYTESIN , ASN_COUNTER64 , RONLY , var_pfMIBObjects, 2, { 4,8 } }, + { IP6BYTESOUT , ASN_COUNTER64 , RONLY , var_pfMIBObjects, 2, { 4,9 } }, + { IP6PKTSINPASS , ASN_COUNTER64 , RONLY , var_pfMIBObjects, 2, { 4,10 } }, + { IP6PKTSINDROP , ASN_COUNTER64 , RONLY , var_pfMIBObjects, 2, { 4,11 } }, + { IP6PKTSOUTPASS , ASN_COUNTER64 , RONLY , var_pfMIBObjects, 2, { 4,12 } }, + { IP6PKTSOUTDROP , ASN_COUNTER64 , RONLY , var_pfMIBObjects, 2, { 4,13 } }, + { SRCTRACK_COUNT , ASN_UNSIGNED , RONLY , var_pfMIBObjects, 2, { 5,1 } }, + { SRCTRACK_SEARCHES , ASN_COUNTER64 , RONLY , var_pfMIBObjects, 2, { 5,2 } }, + { SRCTRACK_INSERTS , ASN_COUNTER64 , RONLY , var_pfMIBObjects, 2, { 5,3 } }, + { SRCTRACK_REMOVALS , ASN_COUNTER64 , RONLY , var_pfMIBObjects, 2, { 5,4 } }, + { LIMIT_STATES , ASN_UNSIGNED , RONLY , var_limits, 2, { 6,1 } }, + { LIMIT_SRC_NODES , ASN_UNSIGNED , RONLY , var_limits, 2, { 6,2 } }, + { LIMIT_FRAGS , ASN_UNSIGNED , RONLY , var_limits, 2, { 6,3 } }, + { TM_TCP_FIRST , ASN_INTEGER , RONLY , var_timeouts, 2, { 7,1 } }, + { TM_TCP_OPENING , ASN_INTEGER , RONLY , var_timeouts, 2, { 7,2 } }, + { TM_TCP_ESTAB , ASN_INTEGER , RONLY , var_timeouts, 2, { 7,3 } }, + { TM_TCP_CLOSING , ASN_INTEGER , RONLY , var_timeouts, 2, { 7,4 } }, + { TM_TCP_FINWAIT , ASN_INTEGER , RONLY , var_timeouts, 2, { 7,5 } }, + { TM_TCP_CLOSED , ASN_INTEGER , RONLY , var_timeouts, 2, { 7,6 } }, + { TM_UDP_FIRST , ASN_INTEGER , RONLY , var_timeouts, 2, { 7,7 } }, + { TM_UDP_SINGLE , ASN_INTEGER , RONLY , var_timeouts, 2, { 7,8 } }, + { TM_UDP_MULTIPLE , ASN_INTEGER , RONLY , var_timeouts, 2, { 7,9 } }, + { TM_ICMP_FIRST , ASN_INTEGER , RONLY , var_timeouts, 2, { 7,10 } }, + { TM_ICMP_ERROR , ASN_INTEGER , RONLY , var_timeouts, 2, { 7,11 } }, + { TM_OTHER_FIRST , ASN_INTEGER , RONLY , var_timeouts, 2, { 7,12 } }, + { TM_OTHER_SINGLE , ASN_INTEGER , RONLY , var_timeouts, 2, { 7,13 } }, + { TM_OTHER_MULTIPLE , ASN_INTEGER , RONLY , var_timeouts, 2, { 7,14 } }, + { TM_FRAGMENT , ASN_INTEGER , RONLY , var_timeouts, 2, { 7,15 } }, + { TM_INTERVAL , ASN_INTEGER , RONLY , var_timeouts, 2, { 7,16 } }, + { TM_ADAPT_START , ASN_INTEGER , RONLY , var_timeouts, 2, { 7,17 } }, + { TM_ADAPT_END , ASN_INTEGER , RONLY , var_timeouts, 2, { 7,18 } }, + { TM_SRC_TRACK , ASN_INTEGER , RONLY , var_timeouts, 2, { 7,19 } }, + { PF_IFNUMBER , ASN_INTEGER , RONLY , var_table_number, 2, { 8,1 } }, + { PF_IFINDEX , ASN_INTEGER , RONLY , var_if_table, 4, { 8,128,1,1 } }, + { PF_IFNAME , ASN_OCTET_STR , RONLY , var_if_table, 4, { 8,128,1,2 } }, + { PF_IFTYPE , ASN_INTEGER , RONLY , var_if_table, 4, { 8,128,1,3 } }, + { PF_IFREF , ASN_UNSIGNED , RONLY , var_if_table, 4, { 8,128,1,4 } }, + { PF_IFRULES , ASN_UNSIGNED , RONLY , var_if_table, 4, { 8,128,1,5 } }, + { PF_IFIN4PASSPKTS , ASN_COUNTER64 , RONLY , var_if_table, 4, { 8,128,1,6 } }, + { PF_IFIN4PASSBYTES , ASN_COUNTER64 , RONLY , var_if_table, 4, { 8,128,1,7 } }, + { PF_IFIN4BLOCKPKTS , ASN_COUNTER64 , RONLY , var_if_table, 4, { 8,128,1,8 } }, + { PF_IFIN4BLOCKBYTES , ASN_COUNTER64 , RONLY , var_if_table, 4, { 8,128,1,9 } }, + { PF_IFOUT4PASSPKTS , ASN_COUNTER64 , RONLY , var_if_table, 4, { 8,128,1,10 } }, + { PF_IFOUT4PASSBYTES , ASN_COUNTER64 , RONLY , var_if_table, 4, { 8,128,1,11 } }, + { PF_IFOUT4BLOCKPKTS , ASN_COUNTER64 , RONLY , var_if_table, 4, { 8,128,1,12 } }, + { PF_IFOUT4BLOCKBYTES , ASN_COUNTER64 , RONLY , var_if_table, 4, { 8,128,1,13 } }, + { PF_IFIN6PASSPKTS , ASN_COUNTER64 , RONLY , var_if_table, 4, { 8,128,1,14 } }, + { PF_IFIN6PASSBYTES , ASN_COUNTER64 , RONLY , var_if_table, 4, { 8,128,1,15 } }, + { PF_IFIN6BLOCKPKTS , ASN_COUNTER64 , RONLY , var_if_table, 4, { 8,128,1,16 } }, + { PF_IFIN6BLOCKBYTES , ASN_COUNTER64 , RONLY , var_if_table, 4, { 8,128,1,17 } }, + { PF_IFOUT6PASSPKTS , ASN_COUNTER64 , RONLY , var_if_table, 4, { 8,128,1,18 } }, + { PF_IFOUT6PASSBYTES , ASN_COUNTER64 , RONLY , var_if_table, 4, { 8,128,1,19 } }, + { PF_IFOUT6BLOCKPKTS , ASN_COUNTER64 , RONLY , var_if_table, 4, { 8,128,1,20 } }, + { PF_IFOUT6BLOCKBYTES , ASN_COUNTER64 , RONLY , var_if_table, 4, { 8,128,1,21 } }, + { PF_TANUMBER , ASN_INTEGER , RONLY , var_table_number, 2, { 9,1 } }, + { PF_TAINDEX , ASN_INTEGER , RONLY , var_tables_table, 4, { 9,128,1,1 } }, + { PF_TANAME , ASN_OCTET_STR , RONLY , var_tables_table, 4, { 9,128,1,2 } }, + { PF_TAADDRESSES , ASN_INTEGER , RONLY , var_tables_table, 4, { 9,128,1,3 } }, + { PF_TAANCHORREFS , ASN_INTEGER , RONLY , var_tables_table, 4, { 9,128,1,4 } }, + { PF_TARULEREFS , ASN_INTEGER , RONLY , var_tables_table, 4, { 9,128,1,5 } }, + { PF_TAEVALSMATCH , ASN_COUNTER64 , RONLY , var_tables_table, 4, { 9,128,1,6 } }, + { PF_TAEVALSNOMATCH , ASN_COUNTER64 , RONLY , var_tables_table, 4, { 9,128,1,7 } }, + { PF_TAINPASSPKTS , ASN_COUNTER64 , RONLY , var_tables_table, 4, { 9,128,1,8 } }, + { PF_TAINPASSBYTES , ASN_COUNTER64 , RONLY , var_tables_table, 4, { 9,128,1,9 } }, + { PF_TAINBLOCKPKTS , ASN_COUNTER64 , RONLY , var_tables_table, 4, { 9,128,1,10 } }, + { PF_TAINBLOCKBYTES , ASN_COUNTER64 , RONLY , var_tables_table, 4, { 9,128,1,11 } }, + { PF_TAINXPASSPKTS , ASN_COUNTER64 , RONLY , var_tables_table, 4, { 9,128,1,12 } }, + { PF_TAINXPASSBYTES , ASN_COUNTER64 , RONLY , var_tables_table, 4, { 9,128,1,13 } }, + { PF_TAOUTPASSPKTS , ASN_COUNTER64 , RONLY , var_tables_table, 4, { 9,128,1,14 } }, + { PF_TAOUTPASSBYTES , ASN_COUNTER64 , RONLY , var_tables_table, 4, { 9,128,1,15 } }, + { PF_TAOUTBLOCKPKTS , ASN_COUNTER64 , RONLY , var_tables_table, 4, { 9,128,1,16 } }, + { PF_TAOUTBLOCKBYTES , ASN_COUNTER64 , RONLY , var_tables_table, 4, { 9,128,1,17 } }, + { PF_TAOUTXPASSPKTS , ASN_COUNTER64 , RONLY , var_tables_table, 4, { 9,128,1,18 } }, + { PF_TAOUTXPASSBYTES , ASN_COUNTER64 , RONLY , var_tables_table, 4, { 9,128,1,19 } }, + { PF_TADDRTABLEINDEX , ASN_INTEGER , RONLY , var_tbl_addr_table, 4, { 9,129,1,1 } }, + { PF_TADDRNET , ASN_IPADDRESS , RONLY , var_tbl_addr_table, 4, { 9,129,1,2 } }, + { PF_TADDRMASK , ASN_INTEGER , RONLY , var_tbl_addr_table, 4, { 9,129,1,3 } }, + { PF_TADDRCLEARED , ASN_TIMETICKS , RONLY , var_tbl_addr_table, 4, { 9,129,1,4 } }, + { PF_TADDRINBLOCKPKTS , ASN_COUNTER64 , RONLY , var_tbl_addr_table, 4, { 9,129,1,5 } }, + { PF_TADDRINBLOCKBYTES, ASN_COUNTER64 , RONLY , var_tbl_addr_table, 4, { 9,129,1,6 } }, + { PF_TADDRINPASSPKTS , ASN_COUNTER64 , RONLY , var_tbl_addr_table, 4, { 9,129,1,7 } }, + { PF_TADDRINPASSBYTES , ASN_COUNTER64 , RONLY , var_tbl_addr_table, 4, { 9,129,1,8 } }, + { PF_TADDROUTBLOCKPKTS, ASN_COUNTER64 , RONLY , var_tbl_addr_table, 4, { 9,129,1,9 } }, + { PF_TADDROUTBLOCKBYTES,ASN_COUNTER64 , RONLY , var_tbl_addr_table, 4, { 9,129,1,10 } }, + { PF_TADDROUTPASSPKTS , ASN_COUNTER64 , RONLY , var_tbl_addr_table, 4, { 9,129,1,11 } }, + { PF_TADDROUTPASSBYTES, ASN_COUNTER64 , RONLY , var_tbl_addr_table, 4, { 9,129,1,12 } }, +}; + + +void init_pfMIBObjects(void) { + REGISTER_MIB("pfMIBObjects", pfMIBObjects_variables, variable4, + pfMIBObjects_variables_oid); + + if ((dev = open("/dev/pf", O_RDONLY)) == -1) { + snmp_log(LOG_CRIT, "unable to open /dev/pf: %s\n", strerror(errno)); + return; + } + + bzero(&pfi_table, sizeof(pfi_table)); + pfi_count = 0; + pfi_refresh(); + pft_refresh(); +} + +unsigned char * +var_limits(struct variable *vp, oid *name, size_t *length, int exact, + size_t *var_len, WriteMethod **write_method) +{ + struct pfioc_limit pl; + + static u_long ulong_ret; + + if (header_generic(vp, name, length, exact, var_len, write_method) + == MATCH_FAILED) + return NULL; + + if (dev == -1) + return NULL; + + memset(&pl, 0, sizeof(pl)); + + switch(vp->magic) { + + case LIMIT_STATES: + pl.index = PF_LIMIT_STATES; + break; + + case LIMIT_SRC_NODES: + pl.index = PF_LIMIT_SRC_NODES; + break; + + case LIMIT_FRAGS: + pl.index = PF_LIMIT_FRAGS; + break; + + default: + ERROR_MSG(""); + return NULL; + } + + if (ioctl(dev, DIOCGETLIMIT, &pl)) { + ERROR_MSG("ioctl error doing DIOCGETLIMIT"); + return NULL; + } + ulong_ret = pl.limit; + return (unsigned char *) &ulong_ret; +} + +unsigned char * +var_pfMIBObjects(struct variable *vp, oid *name, size_t *length, int exact, + size_t *var_len, WriteMethod **write_method) +{ + struct pf_status s; + time_t runtime; + + static long long_ret; + static u_long ulong_ret; + static unsigned char string[SPRINT_MAX_LEN]; + static struct counter64 c64; + + if (header_generic(vp, name, length, exact, var_len, write_method) + == MATCH_FAILED ) + return NULL; + + if (dev == -1) + return NULL; + + memset(&s, 0, sizeof(s)); + if (ioctl(dev, DIOCGETSTATUS, &s)) { + ERROR_MSG("ioctl error doing DIOCGETSTATUS"); + return NULL; + } + + switch(vp->magic) { + + case RUNNING: + long_ret = (long) s.running; + return (unsigned char *) &long_ret; + + case RUNTIME: + if (s.since > 0) + runtime = time(NULL) - s.since; + else + runtime = 0; + long_ret = (long) runtime * 100; + return (unsigned char *) &long_ret; + + case DEBUG: + long_ret = (long) s.debug; + return (unsigned char *) &long_ret; + + case HOSTID: + sprintf(string, "0x%08x", ntohl(s.hostid)); + *var_len = strlen(string); + return (unsigned char *) string; + + case MATCH: + c64.high = s.counters[PFRES_MATCH] >> 32; + c64.low = s.counters[PFRES_MATCH] & 0xffffffff; + *var_len = sizeof(c64); + return (unsigned char *) &c64; + + case BADOFFSET: + c64.high = s.counters[PFRES_BADOFF] >> 32; + c64.low = s.counters[PFRES_BADOFF] & 0xffffffff; + *var_len = sizeof(c64); + return (unsigned char *) &c64; + + case FRAGMENT: + c64.high = s.counters[PFRES_FRAG] >> 32; + c64.low = s.counters[PFRES_FRAG] & 0xffffffff; + *var_len = sizeof(c64); + return (unsigned char *) &c64; + + case SHORT: + c64.high = s.counters[PFRES_SHORT] >> 32; + c64.low = s.counters[PFRES_SHORT] & 0xffffffff; + *var_len = sizeof(c64); + return (unsigned char *) &c64; + + case NORMALIZE: + c64.high = s.counters[PFRES_NORM] >> 32; + c64.low = s.counters[PFRES_NORM] & 0xffffffff; + *var_len = sizeof(c64); + return (unsigned char *) &c64; + + case MEMORY: + c64.high = s.counters[PFRES_MEMORY] >> 32; + c64.low = s.counters[PFRES_MEMORY] & 0xffffffff; + *var_len = sizeof(c64); + return (unsigned char *) &c64; + + case STATES_COUNT: + ulong_ret = (long) s.states; + return (unsigned char *) &ulong_ret; + + case STATES_SEARCHES: + c64.high = s.fcounters[FCNT_STATE_SEARCH] >> 32; + c64.low = s.fcounters[FCNT_STATE_SEARCH] & 0xffffffff; + *var_len = sizeof(c64); + return (unsigned char *) &c64; + + case STATES_INSERTS: + c64.high = s.fcounters[FCNT_STATE_INSERT] >> 32; + c64.low = s.fcounters[FCNT_STATE_INSERT] & 0xffffffff; + *var_len = sizeof(c64); + return (unsigned char *) &c64; + + case STATES_REMOVALS: + c64.high = s.fcounters[FCNT_STATE_REMOVALS] >> 32; + c64.low = s.fcounters[FCNT_STATE_REMOVALS] & 0xffffffff; + *var_len = sizeof(c64); + return (unsigned char *) &c64; + + case PF_LOGIF_NAME: + strlcpy(string, s.ifname, sizeof(string)); + *var_len = strlen(string); + return (unsigned char *) string; + + case IPBYTESIN: + c64.high = s.bcounters[IPV4][IN] >> 32; + c64.low = s.bcounters[IPV4][IN] & 0xffffffff; + *var_len = sizeof(c64); + return (unsigned char *) &c64; + + case IPBYTESOUT: + c64.high = s.bcounters[IPV4][OUT] >> 32; + c64.low = s.bcounters[IPV4][OUT] & 0xffffffff; + *var_len = sizeof(c64); + return (unsigned char *) &c64; + + case IPPKTSINPASS: + c64.high = s.pcounters[IPV4][IN][PF_PASS] >> 32; + c64.low = s.pcounters[IPV4][IN][PF_PASS] & 0xffffffff; + *var_len = sizeof(c64); + return (unsigned char *) &c64; + + case IPPKTSINDROP: + c64.high = s.pcounters[IPV4][IN][PF_DROP] >> 32; + c64.low = s.pcounters[IPV4][IN][PF_DROP] & 0xffffffff; + *var_len = sizeof(c64); + return (unsigned char *) &c64; + + case IPPKTSOUTPASS: + c64.high = s.pcounters[IPV4][OUT][PF_PASS] >> 32; + c64.low = s.pcounters[IPV4][OUT][PF_PASS] & 0xffffffff; + *var_len = sizeof(c64); + return (unsigned char *) &c64; + + case IPPKTSOUTDROP: + c64.high = s.pcounters[IPV4][OUT][PF_DROP] >> 32; + c64.low = s.pcounters[IPV4][OUT][PF_DROP] & 0xffffffff; + *var_len = sizeof(c64); + return (unsigned char *) &c64; + + case IP6BYTESIN: + c64.high = s.bcounters[IPV6][IN] >> 32; + c64.low = s.bcounters[IPV6][IN] & 0xffffffff; + *var_len = sizeof(c64); + return (unsigned char *) &c64; + + case IP6BYTESOUT: + c64.high = s.bcounters[IPV6][OUT] >> 32; + c64.low = s.bcounters[IPV6][OUT] & 0xffffffff; + *var_len = sizeof(c64); + return (unsigned char *) &c64; + + case IP6PKTSINPASS: + c64.high = s.pcounters[IPV6][IN][PF_PASS] >> 32; + c64.low = s.pcounters[IPV6][IN][PF_PASS] & 0xffffffff; + *var_len = sizeof(c64); + return (unsigned char *) &c64; + + case IP6PKTSINDROP: + c64.high = s.pcounters[IPV6][IN][PF_DROP] >> 32; + c64.low = s.pcounters[IPV6][IN][PF_DROP] & 0xffffffff; + *var_len = sizeof(c64); + return (unsigned char *) &c64; + + case IP6PKTSOUTPASS: + c64.high = s.pcounters[IPV6][OUT][PF_PASS] >> 32; + c64.low = s.pcounters[IPV6][OUT][PF_PASS] & 0xffffffff; + *var_len = sizeof(c64); + return (unsigned char *) &c64; + + case IP6PKTSOUTDROP: + c64.high = s.pcounters[IPV6][OUT][PF_DROP] >> 32; + c64.low = s.pcounters[IPV6][OUT][PF_DROP] & 0xffffffff; + *var_len = sizeof(c64); + return (unsigned char *) &c64; + + case SRCTRACK_COUNT: + ulong_ret = (long) s.src_nodes; + return (unsigned char *) &ulong_ret; + + case SRCTRACK_SEARCHES: + c64.high = s.scounters[SCNT_SRC_NODE_SEARCH] >> 32; + c64.low = s.scounters[SCNT_SRC_NODE_SEARCH] & 0xffffffff; + *var_len = sizeof(c64); + return (unsigned char *) &c64; + + case SRCTRACK_INSERTS: + c64.high = s.scounters[SCNT_SRC_NODE_INSERT] >> 32; + c64.low = s.scounters[SCNT_SRC_NODE_INSERT] & 0xffffffff; + *var_len = sizeof(c64); + return (unsigned char *) &c64; + + case SRCTRACK_REMOVALS: + c64.high = s.scounters[SCNT_SRC_NODE_REMOVALS] >> 32; + c64.low = s.scounters[SCNT_SRC_NODE_REMOVALS] & 0xffffffff; + *var_len = sizeof(c64); + return (unsigned char *) &c64; + + default: + ERROR_MSG(""); + } + + return NULL; +} + +unsigned char * +var_timeouts(struct variable *vp, oid *name, size_t *length, int exact, + size_t *var_len, WriteMethod **write_method) +{ + struct pfioc_tm pt; + + static long long_ret; + + if (header_generic(vp, name, length, exact, var_len, write_method) + == MATCH_FAILED) + return NULL; + + if (dev == -1) + return NULL; + + memset(&pt, 0, sizeof(pt)); + switch(vp->magic) { + + case TM_TCP_FIRST: + pt.timeout = PFTM_TCP_FIRST_PACKET; + break; + + case TM_TCP_OPENING: + pt.timeout = PFTM_TCP_OPENING; + break; + + case TM_TCP_ESTAB: + pt.timeout = PFTM_TCP_ESTABLISHED; + break; + + case TM_TCP_CLOSING: + pt.timeout = PFTM_TCP_CLOSING; + break; + + case TM_TCP_FINWAIT: + pt.timeout = PFTM_TCP_FIN_WAIT; + break; + + case TM_TCP_CLOSED: + pt.timeout = PFTM_TCP_CLOSED; + break; + + case TM_UDP_FIRST: + pt.timeout = PFTM_UDP_FIRST_PACKET; + break; + + case TM_UDP_SINGLE: + pt.timeout = PFTM_UDP_SINGLE; + break; + + case TM_UDP_MULTIPLE: + pt.timeout = PFTM_UDP_MULTIPLE; + break; + + case TM_ICMP_FIRST: + pt.timeout = PFTM_ICMP_FIRST_PACKET; + break; + + case TM_ICMP_ERROR: + pt.timeout = PFTM_ICMP_ERROR_REPLY; + break; + + case TM_OTHER_FIRST: + pt.timeout = PFTM_OTHER_FIRST_PACKET; + break; + + case TM_OTHER_SINGLE: + pt.timeout = PFTM_OTHER_SINGLE; + break; + + case TM_OTHER_MULTIPLE: + pt.timeout = PFTM_OTHER_MULTIPLE; + break; + + case TM_FRAGMENT: + pt.timeout = PFTM_FRAG; + break; + + case TM_INTERVAL: + pt.timeout = PFTM_INTERVAL; + break; + + case TM_ADAPT_START: + pt.timeout = PFTM_ADAPTIVE_START; + break; + + case TM_ADAPT_END: + pt.timeout = PFTM_ADAPTIVE_END; + break; + + case TM_SRC_TRACK: + pt.timeout = PFTM_SRC_NODE; + break; + + default: + ERROR_MSG(""); + return NULL; + } + + if (ioctl(dev, DIOCGETTIMEOUT, &pt)) { + ERROR_MSG("ioctl error doing DIOCGETTIMEOUT"); + return NULL; + } + long_ret = pt.seconds; + return (unsigned char *) &long_ret; +} + +unsigned char * +var_table_number(struct variable *vp, oid *name, size_t *length, int exact, + size_t *var_len, WriteMethod **write_method) +{ + static u_long ulong_ret; + + if (header_generic(vp, name, length, exact, var_len, write_method) + == MATCH_FAILED) + return (NULL); + + if (dev == -1) + return NULL; + + if ((time(NULL) - pfi_table_age) > PFI_TABLE_MAXAGE) + pfi_refresh(); + + switch (vp->magic) { + case PF_IFNUMBER: + ulong_ret = pfi_count; + return (unsigned char *) &ulong_ret; + + case PF_TANUMBER: + pft_refresh(); + ulong_ret = pft_count; + return (unsigned char *) &ulong_ret; + + default: + ERROR_MSG(""); + return (NULL); + } +} + + +unsigned char * +var_if_table(struct variable *vp, oid *name, size_t *length, int exact, + size_t *var_len, WriteMethod **write_method) +{ + struct pfr_buffer b; + struct pfi_if *p; + int index; + static struct counter64 c64; + static u_long ulong_ret; + + if (header_simple_table(vp, name, length, exact, var_len, write_method, pfi_count) + == MATCH_FAILED) + return (NULL); + + if (dev == -1) + return (NULL); + + if ((time(NULL) - pfi_table_age) > PFI_TABLE_MAXAGE) + pfi_refresh(); + + index = name[*length-1]-1; + if (!pfi_table[index]) + return (NULL); + + if (pfi_get(&b, (const char *)&pfi_table[index], PFI_FLAG_INSTANCE) + || b.pfrb_size == 0) { + free(b.pfrb_caddr); + switch (vp->magic) { + case PF_IFINDEX: + ulong_ret = index + 1; + return (unsigned char *) &ulong_ret; + + case PF_IFNAME: + *var_len = strlen(&pfi_table[index]); + return (unsigned char *) pfi_table[index]; + + case PF_IFTYPE: + ulong_ret = PFI_IFTYPE_DETACH; + return (unsigned char *) &ulong_ret; + + case PF_IFREF: + case PF_IFRULES: + ulong_ret = 0; + return (unsigned char *) &ulong_ret; + + default: + c64.high = 0; + c64.low = 0; + *var_len = sizeof(c64); + return (unsigned char *) &c64; + } + } + /* we only ask for 1 interface from pfi_get() */ + p = b.pfrb_caddr; + + switch (vp->magic) { + case PF_IFINDEX: + ulong_ret = index + 1; + free(b.pfrb_caddr); + return (unsigned char *) &ulong_ret; + + case PF_IFNAME: + *var_len = strlen(&pfi_table[index]); + free(b.pfrb_caddr); + return (unsigned char *) pfi_table[index]; + + case PF_IFTYPE: + ulong_ret = PFI_IFTYPE_INSTANCE; + free(b.pfrb_caddr); + return (unsigned char *) &ulong_ret; + + case PF_IFREF: + ulong_ret = p->pfif_states; + free(b.pfrb_caddr); + return (unsigned char *) &ulong_ret; + + case PF_IFRULES: + ulong_ret = p->pfif_rules; + free(b.pfrb_caddr); + return (unsigned char *) &ulong_ret; + + case PF_IFIN4PASSPKTS: + c64.high = p->pfif_packets[IPV4][IN][PASS] >> 32; + c64.low = p->pfif_packets[IPV4][IN][PASS] & 0xffffffff; + break; + + case PF_IFIN4PASSBYTES: + c64.high = p->pfif_bytes[IPV4][IN][PASS] >> 32; + c64.low = p->pfif_bytes[IPV4][IN][PASS] & 0xffffffff; + break; + + case PF_IFIN4BLOCKPKTS: + c64.high = p->pfif_packets[IPV4][IN][BLOCK] >> 32; + c64.low = p->pfif_packets[IPV4][IN][BLOCK] & 0xffffffff; + break; + + case PF_IFIN4BLOCKBYTES: + c64.high = p->pfif_bytes[IPV4][IN][BLOCK] >> 32; + c64.low = p->pfif_bytes[IPV4][IN][BLOCK] & 0xffffffff; + break; + + case PF_IFOUT4PASSPKTS: + c64.high = p->pfif_packets[IPV4][OUT][PASS] >> 32; + c64.low = p->pfif_packets[IPV4][OUT][PASS] & 0xffffffff; + break; + + case PF_IFOUT4PASSBYTES: + c64.high = p->pfif_bytes[IPV4][OUT][PASS] >> 32; + c64.low = p->pfif_bytes[IPV4][OUT][PASS] & 0xffffffff; + break; + + case PF_IFOUT4BLOCKPKTS: + c64.high = p->pfif_packets[IPV4][OUT][BLOCK] >> 32; + c64.low = p->pfif_packets[IPV4][OUT][BLOCK] & 0xffffffff; + break; + + case PF_IFOUT4BLOCKBYTES: + c64.high = p->pfif_bytes[IPV4][OUT][BLOCK] >> 32; + c64.low = p->pfif_bytes[IPV4][OUT][BLOCK] & 0xffffffff; + break; + + case PF_IFIN6PASSPKTS: + c64.high = p->pfif_packets[IPV6][IN][PASS] >> 32; + c64.low = p->pfif_packets[IPV6][IN][PASS] & 0xffffffff; + break; + + case PF_IFIN6PASSBYTES: + c64.high = p->pfif_bytes[IPV6][IN][PASS] >> 32; + c64.low = p->pfif_bytes[IPV6][IN][PASS] & 0xffffffff; + break; + + case PF_IFIN6BLOCKPKTS: + c64.high = p->pfif_packets[IPV6][IN][BLOCK] >> 32; + c64.low = p->pfif_packets[IPV6][IN][BLOCK] & 0xffffffff; + break; + + case PF_IFIN6BLOCKBYTES: + c64.high = p->pfif_bytes[IPV6][IN][BLOCK] >> 32; + c64.low = p->pfif_bytes[IPV6][IN][BLOCK] & 0xffffffff; + break; + + case PF_IFOUT6PASSPKTS: + c64.high = p->pfif_packets[IPV6][OUT][PASS] >> 32; + c64.low = p->pfif_packets[IPV6][OUT][PASS] & 0xffffffff; + break; + + case PF_IFOUT6PASSBYTES: + c64.high = p->pfif_bytes[IPV6][OUT][PASS] >> 32; + c64.low = p->pfif_bytes[IPV6][OUT][PASS] & 0xffffffff; + break; + + case PF_IFOUT6BLOCKPKTS: + c64.high = p->pfif_packets[IPV6][OUT][BLOCK] >> 32; + c64.low = p->pfif_packets[IPV6][OUT][BLOCK] & 0xffffffff; + break; + + case PF_IFOUT6BLOCKBYTES: + c64.high = p->pfif_bytes[IPV6][OUT][BLOCK] >> 32; + c64.low = p->pfif_bytes[IPV6][OUT][BLOCK] & 0xffffffff; + break; + + default: + free(b.pfrb_caddr); + return (NULL); + } + + free(b.pfrb_caddr); + *var_len = sizeof(c64); + return (unsigned char *) &c64; +} + +unsigned char * +var_tables_table(struct variable *vp, oid *name, size_t *length, int exact, + size_t *var_len, WriteMethod **write_method) +{ + struct pfr_buffer b; + struct pfr_tstats *ts = NULL; + static struct counter64 c64; + static u_long ulong_ret; + static char tname[PF_TABLE_NAME_SIZE]; + int index, i = 0; + + if (dev == -1) + return (NULL); + + if (pft_get(&b) || b.pfrb_size == 0) { + ERROR_MSG("error getting table list: pft_get() failed"); + return (NULL); + } + + pft_refresh(); + if (header_simple_table(vp, name, length, exact, var_len, write_method, pft_count) + == MATCH_FAILED) { + free(b.pfrb_caddr); + return (NULL); + } + + index = name[*length-1]; + + PFRB_FOREACH(ts, &b) { + if (!(ts->pfrts_flags & PFR_TFLAG_ACTIVE)) + continue; + if (++i == index) + break; + } + + if (ts == NULL) { + free(b.pfrb_caddr); + return (NULL); + } + + switch (vp->magic) { + case PF_TAINDEX: + ulong_ret = index; + free(b.pfrb_caddr); + return (unsigned char *) &ulong_ret; + + case PF_TANAME: + *var_len = strlen(ts->pfrts_name); + strlcpy(tname, ts->pfrts_name, sizeof(tname)); + free(b.pfrb_caddr); + return (unsigned char *) tname; + + case PF_TAADDRESSES: + ulong_ret = ts->pfrts_cnt; + free(b.pfrb_caddr); + return (unsigned char *) &ulong_ret; + + case PF_TAANCHORREFS: + ulong_ret = ts->pfrts_refcnt[PFR_REFCNT_ANCHOR]; + free(b.pfrb_caddr); + return (unsigned char *) &ulong_ret; + + case PF_TARULEREFS: + ulong_ret = ts->pfrts_refcnt[PFR_REFCNT_RULE]; + free(b.pfrb_caddr); + return (unsigned char *) &ulong_ret; + + case PF_TAEVALSMATCH: + c64.high = ts->pfrts_match >> 32; + c64.low = ts->pfrts_match & 0xffffffff; + break; + + case PF_TAEVALSNOMATCH: + c64.high = ts->pfrts_nomatch >> 32; + c64.low = ts->pfrts_nomatch & 0xffffffff; + break; + + case PF_TAINPASSPKTS: + c64.high = ts->pfrts_packets[IN][PFR_OP_PASS] >> 32; + c64.low = ts->pfrts_packets[IN][PFR_OP_PASS] & 0xffffffff; + break; + + case PF_TAINPASSBYTES: + c64.high = ts->pfrts_bytes[IN][PFR_OP_PASS] >> 32; + c64.low = ts->pfrts_bytes[IN][PFR_OP_PASS] & 0xffffffff; + break; + + case PF_TAINBLOCKPKTS: + c64.high = ts->pfrts_packets[IN][PFR_OP_BLOCK] >> 32; + c64.low = ts->pfrts_packets[IN][PFR_OP_BLOCK] & 0xffffffff; + break; + + case PF_TAINBLOCKBYTES: + c64.high = ts->pfrts_bytes[IN][PFR_OP_BLOCK] >> 32; + c64.low = ts->pfrts_bytes[IN][PFR_OP_BLOCK] & 0xffffffff; + break; + + case PF_TAINXPASSPKTS: + c64.high = ts->pfrts_packets[IN][PFR_OP_XPASS] >> 32; + c64.low = ts->pfrts_packets[IN][PFR_OP_XPASS] & 0xffffffff; + break; + + case PF_TAINXPASSBYTES: + c64.high = ts->pfrts_bytes[IN][PFR_OP_XPASS] >> 32; + c64.low = ts->pfrts_bytes[IN][PFR_OP_XPASS] & 0xffffffff; + break; + + case PF_TAOUTPASSPKTS: + c64.high = ts->pfrts_packets[OUT][PFR_OP_PASS] >> 32; + c64.low = ts->pfrts_packets[OUT][PFR_OP_PASS] & 0xffffffff; + break; + + case PF_TAOUTPASSBYTES: + c64.high = ts->pfrts_bytes[OUT][PFR_OP_PASS] >> 32; + c64.low = ts->pfrts_bytes[OUT][PFR_OP_PASS] & 0xffffffff; + break; + + case PF_TAOUTBLOCKPKTS: + c64.high = ts->pfrts_packets[OUT][PFR_OP_BLOCK] >> 32; + c64.low = ts->pfrts_packets[OUT][PFR_OP_BLOCK] & 0xffffffff; + break; + + case PF_TAOUTBLOCKBYTES: + c64.high = ts->pfrts_bytes[OUT][PFR_OP_BLOCK] >> 32; + c64.low = ts->pfrts_bytes[OUT][PFR_OP_BLOCK] & 0xffffffff; + break; + + case PF_TAOUTXPASSPKTS: + c64.high = ts->pfrts_packets[OUT][PFR_OP_XPASS] >> 32; + c64.low = ts->pfrts_packets[OUT][PFR_OP_XPASS] & 0xffffffff; + break; + + case PF_TAOUTXPASSBYTES: + c64.high = ts->pfrts_bytes[OUT][PFR_OP_XPASS] >> 32; + c64.low = ts->pfrts_bytes[OUT][PFR_OP_XPASS] & 0xffffffff; + break; + + default: + free(b.pfrb_caddr); + return (NULL); + } + + free(b.pfrb_caddr); + *var_len = sizeof(c64); + return (unsigned char *) &c64; +} + +/* this function returns OIDs of the form + * 1.3.6.1.4.1.64512.1.9.129.1.X.A.B.B.B.B.C + * where + * X = oid from the request + * A = tableIndex + * B.B.B.B. = the network/host IP address + * C = the bitmask + * The tableIndex starts at offset 12 in the OID array + */ +unsigned char * +var_tbl_addr_table(struct variable *vp, oid *name, size_t *length, int exact, + size_t *var_len, WriteMethod **write_method) +{ + struct pfr_buffer bt, ba; + struct pfr_tstats *ts; + struct pfr_table filter; + struct pfr_astats *as; + int table_index = 1, result, break_flag = 0; + static oid cur_oid[MAX_OID_LEN]; + oid *op; + u_char *cp; + static struct counter64 c64; + static u_long ulong_ret; + + if (dev == -1) + return (NULL); + + if (pft_get(&bt) || bt.pfrb_size == 0) { + ERROR_MSG("error getting table list: pft_get() failed"); + return (NULL); + } + + memcpy((char *)cur_oid, (char *)vp->name, (int)(vp->namelen) * sizeof(oid)); + + PFRB_FOREACH(ts, &bt) { + if (!(ts->pfrts_flags & PFR_TFLAG_ACTIVE)) + continue; + bzero(&filter, sizeof(struct pfr_table)); + if (strlcpy(filter.pfrt_name, ts->pfrts_t.pfrt_name, + sizeof(filter.pfrt_name)) + >= sizeof(filter.pfrt_name)) { + free(bt.pfrb_caddr); + free(ba.pfrb_caddr); + return (NULL); + } + if (pftable_addr_get(&ba, &filter) || ba.pfrb_size == 0) { + ERROR_MSG("error getting address list: pftable_addr_get() failed"); + continue; + } + PFRB_FOREACH(as, &ba) { + if (as->pfras_a.pfra_af != AF_INET) + continue; + /* construct new oid */ + op = cur_oid + 12; + *op++ = table_index; + cp = (u_char *)&(as->pfras_a.pfra_u); + *op++ = *cp++; + *op++ = *cp++; + *op++ = *cp++; + *op++ = *cp++; + *op++ = (u_char *)as->pfras_a.pfra_net; + result = snmp_oid_compare(name, *length, cur_oid, 18); + if ((exact && (result == 0)) || (!exact && (result < 0))) { + *length = 18; + for (result = 0; result < *length; result++) + name[result] = cur_oid[result]; + break_flag++; + break; + } + } + if (break_flag) + break; + free(ba.pfrb_caddr); + table_index++; + } + free(bt.pfrb_caddr); + + /* no match found */ + if (break_flag == 0) + return (NULL); + + *var_len = sizeof(ulong_ret); + + switch (vp->magic) { + case PF_TADDRTABLEINDEX: + ulong_ret = table_index; + free(ba.pfrb_caddr); + return (unsigned char *) &ulong_ret; + + case PF_TADDRNET: + cp = (u_char *)&as->pfras_a.pfra_u; + memcpy((char *)&ulong_ret, cp, 4); + free(ba.pfrb_caddr); + return (unsigned char *) &ulong_ret; + + case PF_TADDRMASK: + ulong_ret = as->pfras_a.pfra_net; + free(ba.pfrb_caddr); + return (unsigned char *) &ulong_ret; + + case PF_TADDRCLEARED: + ulong_ret = (long) (time(NULL) - as->pfras_tzero) * 100; + free(ba.pfrb_caddr); + return (unsigned char *) &ulong_ret; + + case PF_TADDRINBLOCKPKTS: + c64.high = as->pfras_packets[IN][PFR_OP_BLOCK] >> 32; + c64.low = as->pfras_packets[IN][PFR_OP_BLOCK] & 0xffffffff; + *var_len = sizeof(c64); + free(ba.pfrb_caddr); + return (unsigned char *) &c64; + + case PF_TADDRINBLOCKBYTES: + c64.high = as->pfras_bytes[IN][PFR_OP_BLOCK] >> 32; + c64.low = as->pfras_bytes[IN][PFR_OP_BLOCK] & 0xffffffff; + *var_len = sizeof(c64); + free(ba.pfrb_caddr); + return (unsigned char *) &c64; + + case PF_TADDRINPASSPKTS: + c64.high = as->pfras_packets[IN][PFR_OP_PASS] >> 32; + c64.low = as->pfras_packets[IN][PFR_OP_PASS] & 0xffffffff; + *var_len = sizeof(c64); + free(ba.pfrb_caddr); + return (unsigned char *) &c64; + + case PF_TADDRINPASSBYTES: + c64.high = as->pfras_bytes[IN][PFR_OP_PASS] >> 32; + c64.low = as->pfras_bytes[IN][PFR_OP_PASS] & 0xffffffff; + *var_len = sizeof(c64); + free(ba.pfrb_caddr); + return (unsigned char *) &c64; + + case PF_TADDROUTBLOCKPKTS: + c64.high = as->pfras_packets[OUT][PFR_OP_BLOCK] >> 32; + c64.low = as->pfras_packets[OUT][PFR_OP_BLOCK] & 0xffffffff; + *var_len = sizeof(c64); + free(ba.pfrb_caddr); + return (unsigned char *) &c64; + + case PF_TADDROUTBLOCKBYTES: + c64.high = as->pfras_bytes[OUT][PFR_OP_BLOCK] >> 32; + c64.low = as->pfras_bytes[OUT][PFR_OP_BLOCK] & 0xffffffff; + *var_len = sizeof(c64); + free(ba.pfrb_caddr); + return (unsigned char *) &c64; + + case PF_TADDROUTPASSPKTS: + c64.high = as->pfras_packets[OUT][PFR_OP_PASS] >> 32; + c64.low = as->pfras_packets[OUT][PFR_OP_PASS] & 0xffffffff; + *var_len = sizeof(c64); + free(ba.pfrb_caddr); + return (unsigned char *) &c64; + + case PF_TADDROUTPASSBYTES: + c64.high = as->pfras_bytes[OUT][PFR_OP_PASS] >> 32; + c64.low = as->pfras_bytes[OUT][PFR_OP_PASS] & 0xffffffff; + *var_len = sizeof(c64); + free(ba.pfrb_caddr); + return (unsigned char *) &c64; + + default: + free(ba.pfrb_caddr); + return (NULL); + } +} + +int +pfi_get(struct pfr_buffer *b, const char *filter, int flags) +{ + bzero(b, sizeof(struct pfr_buffer)); + b->pfrb_type = PFRB_IFACES; + for (;;) { + pfr_buf_grow(b, b->pfrb_size); + b->pfrb_size = b->pfrb_msize; + if (pfi_get_ifaces(filter, b->pfrb_caddr, &(b->pfrb_size), flags)) { + ERROR_MSG("pfi_get_ifaces() failed"); + return (1); + } + if (b->pfrb_size <= b->pfrb_msize) + break; + } + + return (0); +} + +int +pft_get(struct pfr_buffer *b) +{ + struct pfr_table filter; + + bzero(b, sizeof(struct pfr_buffer)); + bzero(&filter, sizeof(filter)); + b->pfrb_type = PFRB_TSTATS; + + for (;;) { + pfr_buf_grow(b, b->pfrb_size); + b->pfrb_size = b->pfrb_msize; + if (pfr_get_tstats(&filter, b->pfrb_caddr, &(b->pfrb_size), 0)) { + ERROR_MSG("pft_get_tstats() failed"); + return (1); + } + if (b->pfrb_size <= b->pfrb_msize) + break; + } + + return (0); +} + + +int +pftable_addr_get(struct pfr_buffer *b, struct pfr_table *filter) +{ + bzero(b, sizeof(struct pfr_buffer)); + b->pfrb_type = PFRB_ASTATS; + + for (;;) { + pfr_buf_grow(b, b->pfrb_size); + b->pfrb_size = b->pfrb_msize; + if (pfr_get_astats(filter, b->pfrb_caddr, &(b->pfrb_size), 0)) { + return (1); + } + if (b->pfrb_size <= b->pfrb_msize) + break; + } + + return (0); +} + +int +pfi_refresh(void) +{ + struct pfr_buffer b; + struct pfi_if *p; + int i, match=0; + + if (pfi_get(&b, NULL, PFI_FLAG_INSTANCE)) { + ERROR_MSG("Could not get list of interfaces"); + return (1); + } + + for (p = pfr_buf_next(&b, NULL); p != NULL; + p = pfr_buf_next(&b, p), match = 0) { + for (i = 0; i < pfi_count && !match; i++) { + if (strncmp(p->pfif_name, &pfi_table[i], IFNAMSIZ) == 0) + match = 1; + } + if (!match) { + snprintf(pfi_table[pfi_count], IFNAMSIZ, p->pfif_name); + pfi_count++; + } + } + + pfi_table_age = time(NULL); + free(b.pfrb_caddr); + + return (0); +} + + +int +pft_refresh(void) +{ + struct pfr_buffer b; + struct pfr_tstats *ts = NULL; + + if (pft_get(&b)) { + ERROR_MSG("Could not get list of tables"); + return (1); + } + + pft_count = 0; + PFRB_FOREACH(ts, &b) { + if (!(ts->pfrts_flags & PFR_TFLAG_ACTIVE)) + continue; + pft_count++; + } + + free(b.pfrb_caddr); + + return (0); +} + +/* the following code taken from pfctl(8) in OpenBSD 3.5-release */ + +int +pfi_get_ifaces(const char *filter, struct pfi_if *buf, int *size, int flags) +{ + struct pfioc_iface io; + + bzero(&io, sizeof(io)); + io.pfiio_flags = flags; + if (filter != NULL) { + if (strlcpy(io.pfiio_name, filter, sizeof(io.pfiio_name)) >= + sizeof(io.pfiio_name)) { + ERROR_MSG("strlcpy(): source buffer too large"); + return (-1); + } + } + io.pfiio_buffer = buf; + io.pfiio_esize = sizeof(*buf); + io.pfiio_size = *size; + if (ioctl(dev, DIOCIGETIFACES, &io)) { + ERROR_MSG("ioct failed"); + return (-1); + } + *size = io.pfiio_size; + + return (0); +} + +int +pfr_get_astats(struct pfr_table *tbl, struct pfr_astats *addr, int *size, + int flags) +{ + struct pfioc_table io; + + if (tbl == NULL || size == NULL || *size < 0 || + (*size && addr == NULL)) + return (-1); + + bzero(&io, sizeof io); + io.pfrio_flags = flags; + io.pfrio_table = *tbl; + io.pfrio_buffer = addr; + io.pfrio_esize = sizeof(*addr); + io.pfrio_size = *size; + if (ioctl(dev, DIOCRGETASTATS, &io)) + return (-1); + *size = io.pfrio_size; + return (0); +} + +int +pfr_get_tstats(struct pfr_table *filter, struct pfr_tstats *tbl, int *size, + int flags) +{ + struct pfioc_table io; + + if (size == NULL || *size < 0 || (*size && tbl == NULL)) + return (-1); + bzero(&io, sizeof io); + io.pfrio_flags = flags; + if (filter != NULL) + io.pfrio_table = *filter; + io.pfrio_buffer = tbl; + io.pfrio_esize = sizeof(*tbl); + io.pfrio_size = *size; + if (ioctl(dev, DIOCRGETTSTATS, &io)) + return (-1); + *size = io.pfrio_size; + return (0); +} + +int +pfr_buf_grow(struct pfr_buffer *b, int minsize) +{ + caddr_t p; + size_t bs; + + if (minsize != 0 && minsize <= b->pfrb_msize) + return (0); + bs = buf_esize[b->pfrb_type]; + if (!b->pfrb_msize) { + if (minsize < 64) + minsize = 64; + b->pfrb_caddr = calloc(bs, minsize); + if (b->pfrb_caddr == NULL) + return (-1); + b->pfrb_msize = minsize; + } else { + if (minsize == 0) + minsize = b->pfrb_msize * 2; + if (minsize < 0 || minsize >= SIZE_T_MAX / bs) { + /* msize overflow */ + return (-1); + } + p = realloc(b->pfrb_caddr, minsize * bs); + if (p == NULL) + return (-1); + bzero(p + b->pfrb_msize * bs, (minsize - b->pfrb_msize) * bs); + b->pfrb_caddr = p; + b->pfrb_msize = minsize; + } + return (0); +} + +void * +pfr_buf_next(struct pfr_buffer *b, const void *prev) +{ + size_t bs; + + if (b == NULL) + return (NULL); + if (b->pfrb_size == 0) + return (NULL); + if (prev == NULL) + return (b->pfrb_caddr); + bs = buf_esize[b->pfrb_type]; + if ((((caddr_t)prev)-((caddr_t)b->pfrb_caddr)) / bs >= b->pfrb_size-1) + return (NULL); + + return (((caddr_t)prev) + bs); +} + diff ports/net/ucd-snmp.orig/w-ucd-snmp-4.2.6/ucd-snmp-4.2.6/agent/mibgroup/pfMIBObjects.c.orig ports/net/ucd-snmp/w-ucd-snmp-4.2.6/ucd-snmp-4.2.6/agent/mibgroup/pfMIBObjects.c.orig diff ports/net/ucd-snmp.orig/w-ucd-snmp-4.2.6/ucd-snmp-4.2.6/agent/mibgroup/pfMIBObjects.h ports/net/ucd-snmp/w-ucd-snmp-4.2.6/ucd-snmp-4.2.6/agent/mibgroup/pfMIBObjects.h --- ports/net/ucd-snmp.orig/w-ucd-snmp-4.2.6/ucd-snmp-4.2.6/agent/mibgroup/pfMIBObjects.h Wed Dec 31 17:00:00 1969 +++ ports/net/ucd-snmp/w-ucd-snmp-4.2.6/ucd-snmp-4.2.6/agent/mibgroup/pfMIBObjects.h Fri Dec 10 19:08:17 2004 @@ -0,0 +1,194 @@ +/* + * $jwk: pfMIBObjects.h,v 1.18 2004/10/17 16:24:26 jwk Exp $ + * + * + * Copyright (c) 2004 Joel Knight + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + + +#ifndef _MIBGROUP_PFMIBOBJECTS_H +#define _MIBGROUP_PFMIBOBJECTS_H + +#include + +#include +#include +#include + + +#define RUNNING 1 +#define RUNTIME 2 +#define DEBUG 3 +#define HOSTID 4 +#define MATCH 5 +#define BADOFFSET 6 +#define FRAGMENT 7 +#define SHORT 8 +#define NORMALIZE 9 +#define MEMORY 10 +#define STATES_COUNT 11 +#define STATES_SEARCHES 12 +#define STATES_INSERTS 13 +#define STATES_REMOVALS 14 +#define PF_LOGIF_NAME 15 +#define IPBYTESIN 16 +#define IPBYTESOUT 17 +#define IPPKTSINPASS 18 +#define IPPKTSINDROP 19 +#define IPPKTSOUTPASS 20 +#define IPPKTSOUTDROP 21 +#define IP6BYTESIN 22 +#define IP6BYTESOUT 23 +#define IP6PKTSINPASS 24 +#define IP6PKTSINDROP 25 +#define IP6PKTSOUTPASS 26 +#define IP6PKTSOUTDROP 27 +#define SRCTRACK_COUNT 28 +#define SRCTRACK_SEARCHES 29 +#define SRCTRACK_INSERTS 30 +#define SRCTRACK_REMOVALS 31 +#define LIMIT_STATES 32 +#define LIMIT_SRC_NODES 33 +#define LIMIT_FRAGS 34 +#define TM_TCP_FIRST 35 +#define TM_TCP_OPENING 36 +#define TM_TCP_ESTAB 37 +#define TM_TCP_CLOSING 38 +#define TM_TCP_FINWAIT 39 +#define TM_TCP_CLOSED 40 +#define TM_UDP_FIRST 41 +#define TM_UDP_SINGLE 42 +#define TM_UDP_MULTIPLE 43 +#define TM_ICMP_FIRST 44 +#define TM_ICMP_ERROR 45 +#define TM_OTHER_FIRST 46 +#define TM_OTHER_SINGLE 47 +#define TM_OTHER_MULTIPLE 48 +#define TM_FRAGMENT 49 +#define TM_INTERVAL 50 +#define TM_ADAPT_START 51 +#define TM_ADAPT_END 52 +#define TM_SRC_TRACK 53 +#define PF_IFNUMBER 128 +#define PF_IFINDEX 129 +#define PF_IFNAME 130 +#define PF_IFTYPE 131 +#define PF_IFREF 132 +#define PF_IFRULES 133 +#define PF_IFIN4PASSPKTS 134 +#define PF_IFIN4PASSBYTES 135 +#define PF_IFIN4BLOCKPKTS 136 +#define PF_IFIN4BLOCKBYTES 137 +#define PF_IFOUT4PASSPKTS 138 +#define PF_IFOUT4PASSBYTES 139 +#define PF_IFOUT4BLOCKPKTS 140 +#define PF_IFOUT4BLOCKBYTES 141 +#define PF_IFIN6PASSPKTS 142 +#define PF_IFIN6PASSBYTES 143 +#define PF_IFIN6BLOCKPKTS 144 +#define PF_IFIN6BLOCKBYTES 145 +#define PF_IFOUT6PASSPKTS 146 +#define PF_IFOUT6PASSBYTES 147 +#define PF_IFOUT6BLOCKPKTS 148 +#define PF_IFOUT6BLOCKBYTES 149 +#define PF_TANUMBER 150 +#define PF_TAINDEX 151 +#define PF_TANAME 152 +#define PF_TAADDRESSES 153 +#define PF_TAANCHORREFS 154 +#define PF_TARULEREFS 155 +#define PF_TAEVALSMATCH 156 +#define PF_TAEVALSNOMATCH 157 +#define PF_TAINPASSPKTS 158 +#define PF_TAINPASSBYTES 159 +#define PF_TAINBLOCKPKTS 160 +#define PF_TAINBLOCKBYTES 161 +#define PF_TAINXPASSPKTS 162 +#define PF_TAINXPASSBYTES 163 +#define PF_TAOUTPASSPKTS 164 +#define PF_TAOUTPASSBYTES 165 +#define PF_TAOUTBLOCKPKTS 166 +#define PF_TAOUTBLOCKBYTES 167 +#define PF_TAOUTXPASSPKTS 168 +#define PF_TAOUTXPASSBYTES 169 +#define PF_TASTATSCLEARED 170 +#define PF_TADDRTABLEINDEX 171 +#define PF_TADDRNET 172 +#define PF_TADDRMASK 173 +#define PF_TADDRCLEARED 174 +#define PF_TADDRINBLOCKPKTS 175 +#define PF_TADDRINBLOCKBYTES 176 +#define PF_TADDRINPASSPKTS 177 +#define PF_TADDRINPASSBYTES 178 +#define PF_TADDROUTBLOCKPKTS 179 +#define PF_TADDROUTBLOCKBYTES 180 +#define PF_TADDROUTPASSPKTS 181 +#define PF_TADDROUTPASSBYTES 182 + + +#define PFI_IFTYPE_GROUP 0 +#define PFI_IFTYPE_INSTANCE 1 +#define PFI_IFTYPE_DETACH 2 +#define PFI_TABLE_MAXAGE 5 + +enum { IN, OUT }; +enum { IPV4, IPV6 }; +enum { PASS, BLOCK }; + +enum { PFRB_TSTATS = 1, PFRB_ASTATS, PFRB_IFACES, PFRB_MAX }; + +config_require(util_funcs) + +FindVarMethod var_if_number; +FindVarMethod var_if_table; +FindVarMethod var_limits; +FindVarMethod var_pfMIBObjects; +FindVarMethod var_tables_table; +FindVarMethod var_tbl_addr_table; +FindVarMethod var_timeouts; + +/* from pfctl */ +struct pfr_buffer { + int pfrb_type; /* type of content, see enum above */ + int pfrb_size; /* number of objects in buffer */ + int pfrb_msize; /* maximum number of objects in buffer */ + void *pfrb_caddr; /* malloc'ated memory area */ +}; + + +void init_pfMIBObjects(void); +void *pfr_buf_next(struct pfr_buffer *, const void *); +int pfi_get(struct pfr_buffer *, const char *, int); +int pfi_get_ifaces(const char *, struct pfi_if *, int *, int); +int pfi_refresh(void); +int pfr_buf_grow(struct pfr_buffer *, int); +void *pfr_buf_next(struct pfr_buffer *, const void *); +unsigned char *var_if_table(struct variable *, oid *, size_t *, int, + size_t *, WriteMethod **); +unsigned char *var_pfMIBObjects(struct variable *, oid *, size_t *, int, + size_t *, WriteMethod **); +unsigned char *var_limits(struct variable *, oid *, size_t *, int, + size_t *, WriteMethod **); +unsigned char *var_table_number(struct variable *, oid *, size_t *, int, + size_t *, WriteMethod **); +unsigned char *var_tables_table(struct variable *, oid *, size_t *, int, + size_t *, WriteMethod **); +unsigned char *var_tbl_addr_table(struct variable *, oid *, size_t *, int, + size_t *, WriteMethod **); +unsigned char *var_timeouts(struct variable *, oid *, size_t *, int, + size_t *, WriteMethod **); + + +#endif /* _MIBGROUP_PFMIBOBJECTS_H */ diff ports/net/ucd-snmp.orig/w-ucd-snmp-4.2.6/ucd-snmp-4.2.6/agent/mibgroup/pfMIBObjects.h.orig ports/net/ucd-snmp/w-ucd-snmp-4.2.6/ucd-snmp-4.2.6/agent/mibgroup/pfMIBObjects.h.orig diff ports/net/ucd-snmp.orig/w-ucd-snmp-4.2.6/ucd-snmp-4.2.6/mibs/Makefile.in ports/net/ucd-snmp/w-ucd-snmp-4.2.6/ucd-snmp-4.2.6/mibs/Makefile.in --- ports/net/ucd-snmp.orig/w-ucd-snmp-4.2.6/ucd-snmp-4.2.6/mibs/Makefile.in Fri Sep 22 06:55:19 2000 +++ ports/net/ucd-snmp/w-ucd-snmp-4.2.6/ucd-snmp-4.2.6/mibs/Makefile.in Fri Dec 10 19:08:17 2004 @@ -32,9 +32,11 @@ UCDMIBS = UCD-SNMP-MIB.txt UCD-DEMO-MIB.txt UCD-IPFWACC-MIB.txt \ UCD-DLMOD-MIB.txt UCD-DISKIO-MIB.txt @default_mibs_install@ +OBSDMIBS = OPENBSD-BASE-MIB.txt OPENBSD-PF-MIB.txt + MIBS = $(V1MIBS) $(V2MIBS) $(V3MIBS) $(RFCMIBS) \ $(AGENTMIBS) $(IANAMIBS) \ - $(UCDMIBS) + $(UCDMIBS) $(OBSDMIBS) all: diff ports/net/ucd-snmp.orig/w-ucd-snmp-4.2.6/ucd-snmp-4.2.6/mibs/OPENBSD-BASE-MIB.txt ports/net/ucd-snmp/w-ucd-snmp-4.2.6/ucd-snmp-4.2.6/mibs/OPENBSD-BASE-MIB.txt --- ports/net/ucd-snmp.orig/w-ucd-snmp-4.2.6/ucd-snmp-4.2.6/mibs/OPENBSD-BASE-MIB.txt Wed Dec 31 17:00:00 1969 +++ ports/net/ucd-snmp/w-ucd-snmp-4.2.6/ucd-snmp-4.2.6/mibs/OPENBSD-BASE-MIB.txt Fri Dec 10 19:08:46 2004 @@ -0,0 +1,50 @@ +-- +-- $jwk: OPENBSD-BASE-MIB.txt,v 1.4 2004/06/22 03:07:16 jwk Exp $ +-- +-- +-- Copyright (c) 2004 Joel Knight +-- +-- Permission to use, copy, modify, and distribute this document for any +-- purpose with or without fee is hereby granted, provided that the above +-- copyright notice and this permission notice appear in all copies. +-- +-- THE DOCUMENT IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +-- WITH REGARD TO THIS DOCUMENT INCLUDING ALL IMPLIED WARRANTIES OF +-- MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +-- ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +-- WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +-- ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +-- OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS DOCUMENT. + + +OPENBSD-BASE-MIB DEFINITIONS ::= BEGIN + +IMPORTS + MODULE-IDENTITY, NOTIFICATION-TYPE, OBJECT-TYPE, enterprises + FROM SNMPv2-SMI + + MODULE-COMPLIANCE, OBJECT-GROUP + FROM SNMPv2-CONF; + +openBSD MODULE-IDENTITY + LAST-UPDATED "0403270000Z" + ORGANIZATION "OpenBSD" + CONTACT-INFO " + Author: Joel Knight + email: enabled@myrealbox.com + " + DESCRIPTION "The base MIB module for the OpenBSD project." +-- FIXME: http://www.iana.org/assignments/smi-numbers + ::= { enterprises 64512 } + + +-- define MIB objects + +-- OPENBSD-PF-MIB: +-- pfMIBObjects OBJECT IDENTIFIER ::= { openBSD 1 } + + + +-- END: Don't forget this! +END + diff ports/net/ucd-snmp.orig/w-ucd-snmp-4.2.6/ucd-snmp-4.2.6/mibs/OPENBSD-PF-MIB.txt ports/net/ucd-snmp/w-ucd-snmp-4.2.6/ucd-snmp-4.2.6/mibs/OPENBSD-PF-MIB.txt --- ports/net/ucd-snmp.orig/w-ucd-snmp-4.2.6/ucd-snmp-4.2.6/mibs/OPENBSD-PF-MIB.txt Wed Dec 31 17:00:00 1969 +++ ports/net/ucd-snmp/w-ucd-snmp-4.2.6/ucd-snmp-4.2.6/mibs/OPENBSD-PF-MIB.txt Fri Dec 10 19:08:46 2004 @@ -0,0 +1,1104 @@ +-- +-- $jwk: OPENBSD-PF-MIB.txt,v 1.21 2004/10/18 02:56:52 jwk Exp $ +-- +-- +-- Copyright (c) 2004 Joel Knight +-- +-- Permission to use, copy, modify, and distribute this document for any +-- purpose with or without fee is hereby granted, provided that the above +-- copyright notice and this permission notice appear in all copies. +-- +-- THE DOCUMENT IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +-- WITH REGARD TO THIS DOCUMENT INCLUDING ALL IMPLIED WARRANTIES OF +-- MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +-- ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +-- WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +-- ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +-- OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS DOCUMENT. + + +OPENBSD-PF-MIB DEFINITIONS ::= BEGIN + +IMPORTS + MODULE-IDENTITY, NOTIFICATION-TYPE, OBJECT-TYPE, + Counter32, Counter64, Unsigned32, IpAddress, enterprises + FROM SNMPv2-SMI + + TruthValue + FROM SNMPv2-TC + + openBSD + FROM OPENBSD-BASE-MIB + + MODULE-COMPLIANCE, OBJECT-GROUP + FROM SNMPv2-CONF; + +pfMIBObjects MODULE-IDENTITY + LAST-UPDATED "0410170000Z" + ORGANIZATION "OpenBSD" + CONTACT-INFO " + Author: Joel Knight + email: enabled@myrealbox.com + " + DESCRIPTION "The MIB module for gathering information from + OpenBSD's packet filter. + " + ::= { openBSD 1 } + + +-- define the sections of the MIB + +info OBJECT IDENTIFIER ::= { pfMIBObjects 1 } +counters OBJECT IDENTIFIER ::= { pfMIBObjects 2 } +stateTable OBJECT IDENTIFIER ::= { pfMIBObjects 3 } +loginterface OBJECT IDENTIFIER ::= { pfMIBObjects 4 } +sourceTracking OBJECT IDENTIFIER ::= { pfMIBObjects 5 } +limits OBJECT IDENTIFIER ::= { pfMIBObjects 6 } +timeouts OBJECT IDENTIFIER ::= { pfMIBObjects 7 } +interfaces OBJECT IDENTIFIER ::= { pfMIBObjects 8 } +tables OBJECT IDENTIFIER ::= { pfMIBObjects 9 } + +-- info + +running OBJECT-TYPE + SYNTAX TruthValue + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Indicates whether pf is enabled or not." + ::= { info 1 } + +runtime OBJECT-TYPE + SYNTAX TimeTicks + UNITS "1/100th of a Second" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Indicates how long pf has been enabled. If pf is not + enabled, indicates how long pf has been disabled. If pf has not + been explicitly enabled or disabled since the system was booted, + the value will be 0." + ::= { info 2 } + +debug OBJECT-TYPE + SYNTAX INTEGER { none(0), urgent(1), misc(2), noisey(3) } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Indicates the debug level that pf is running at." + ::= { info 3 } + +hostid OBJECT-TYPE + SYNTAX OCTET STRING + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The (unique) host id of the machine running pf." + ::= { info 4 } + + +-- counters + +match OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of packets that have matched a filter rule." + ::= { counters 1 } + +badOffset OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of packets that have had a bad offset value." + ::= { counters 2 } + +fragment OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of packet fragments." + ::= { counters 3 } + +short OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of packets that were too short to contain a valid header." + ::= { counters 4 } + +normalize OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of packets that were normalized using the packet scrubber." + ::= { counters 5 } + +memory OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of packets that were dropped due to memory limitations." + ::= { counters 6 } + + +-- stateTable + +count OBJECT-TYPE + SYNTAX Unsigned32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of entries in the state table." + ::= { stateTable 1 } + +searches OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of searches against the state table." + ::= { stateTable 2 } + +inserts OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of inserts into the state table." + ::= { stateTable 3 } + +removals OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of removals from the state table." + ::= { stateTable 4 } + + +-- loginterface + +name OBJECT-TYPE + SYNTAX OCTET STRING + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The name of the interface configured using 'set loginterface'. + If no interface has been configured, the object will be empty." + ::= { loginterface 1 } + +ipBytesIn OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of IPv4 bytes passed in on the loginterface." + ::= { loginterface 2 } + +ipBytesOut OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of IPv4 bytes passed out on the loginterface." + ::= { loginterface 3 } + +ipPktsInPass OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of IPv4 packets passed in on the loginterface." + ::= { loginterface 4 } + +ipPktsInDrop OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of dropped IPv4 packets coming in on the loginterface." + ::= { loginterface 5 } + +ipPktsOutPass OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of IPv4 packets passed out on the loginterface." + ::= { loginterface 6 } + +ipPktsOutDrop OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of dropped IPv4 packets going out on the loginterface." + ::= { loginterface 7 } + +ip6BytesIn OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of IPv6 bytes passed in on the loginterface." + ::= { loginterface 8 } + +ip6BytesOut OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of IPv6 bytes passed out on the loginterface." + ::= { loginterface 9 } + +ip6PktsInPass OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of IPv6 packets passed in on the loginterface." + ::= { loginterface 10 } + +ip6PktsInDrop OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of dropped IPv6 packets coming in on the loginterface." + ::= { loginterface 11 } + +ip6PktsOutPass OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of IPv6 packets passed out on the loginterface." + ::= { loginterface 12 } + +ip6PktsOutDrop OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of dropped IPv6 packets going out on the loginterface." + ::= { loginterface 13 } + + +-- sourceTracking + +count OBJECT-TYPE + SYNTAX Unsigned32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of entries in the source tracking table." + ::= { sourceTracking 1 } + +searches OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of searches against the source tracking table." + ::= { sourceTracking 2 } + +inserts OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of inserts into the source tracking table." + ::= { sourceTracking 3 } + +removals OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of removals from the source tracking table." + ::= { sourceTracking 4 } + + +-- limits + +states OBJECT-TYPE + SYNTAX Unsigned32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The maximum number of entries in the memory pool used by state + table entries (filter rules that specify 'keep state')." + ::= { limits 1 } + +sourceNodes OBJECT-TYPE + SYNTAX Unsigned32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The maximum number of entries in the memory pool used for tracking + source IP addresses (filter rules that specify 'sticky-address' or + 'source-track' options)." + ::= { limits 2 } + +fragments OBJECT-TYPE + SYNTAX Unsigned32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The maximum number of entries in the memory pool used for packet + reassembly (scrub rules)." + ::= { limits 3 } + + +-- timeouts + +tcpFirst OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "State after receiving the first TCP packet in a new connection." + ::= { timeouts 1 } + +tcpOpening OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "State before the destination host ever sends a packet in response + to a new connection from this host." + ::= { timeouts 2 } + +tcpEstablished OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "State when a TCP connection is fully established." + ::= { timeouts 3 } + +tcpClosing OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "State after the first FIN has been sent." + ::= { timeouts 4 } + +tcpFinWait OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "State after both FINs are sent and the connection is closed." + ::= { timeouts 5 } + +tcpClosed OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "State after the first RST has been sent." + ::= { timeouts 6 } + +udpFirst OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "State after receiving the first UDP packet." + ::= { timeouts 7 } + +udpSingle OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "State if the source sends more than 1 packet but the destination + has never sent a packet back." + ::= { timeouts 8 } + +udpMultiple OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "State when both hosts have sent packets." + ::= { timeouts 9 } + +icmpFirst OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "State after receiving the first ICMP packet." + ::= { timeouts 10 } + +icmpError OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "State when an ICMP error comes back in response to an ICMP + packet." + ::= { timeouts 11 } + +otherFirst OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "State after receiving the first packet." + ::= { timeouts 12 } + +otherSingle OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "State if the source sends more than 1 packet but the destination + has never sent a packet back." + ::= { timeouts 13 } + +otherMultiple OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "State when both hosts have sent packets." + ::= { timeouts 14 } + +fragment OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "How long before an unassembled fragment is expired." + ::= { timeouts 15 } + +interval OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Interval before purging expired states and fragments." + ::= { timeouts 16 } + +adaptiveStart OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "When the number of state entries exceeds this value, adaptive + scaling begins." + ::= { timeouts 17 } + +adaptiveEnd OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "When reaching this number of state entries, all timeout values + become zero, effectively purging all state entries immediately." + ::= { timeouts 18 } + +sourceTrack OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Time that a source tracking entry will stay around after the + last state expires." + ::= { timeouts 19 } + + +-- interfaces + +ifNumber OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of network interfaces present on this system." + ::= { interfaces 1 } + +ifTable OBJECT-TYPE + SYNTAX SEQUENCE OF ifEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A list of individual interfaces. The number of entries is + given by the value of ifNumber." + ::= { interfaces 128 } + +ifEntry OBJECT-TYPE + SYNTAX IfEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry containing management information applicable to a + particular interface." + INDEX { ifIndex } + ::= { ifTable 1 } + +IfEntry ::= + SEQUENCE { + ifIndex Integer32, + ifDescr OCTET STRING, + ifType INTEGER, + ifRefs Unsigned32, + ifRules Unsigned32, + ifIn4PassPkts Counter64, + ifIn4PassBytes Counter64, + ifIn4BlockPkts Counter64, + ifIn4BlockBytes Counter64, + ifOut4PassPkts Counter64, + ifOut4PassBytes Counter64, + ifOut4BlockPkts Counter64, + ifOut4BlockBytes Counter64, + } + +ifIndex OBJECT-TYPE + SYNTAX Integer32 (1..2147483647) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "A unique value, greater than zero, for each interface. It + is recommended that values are assigned contiguously + starting from 1. The value for each interface sub-layer + must remain constant at least from one re-initialization of + the entity's network management system to the next re- + initialization." + ::= { ifEntry 1 } + +ifDescr OBJECT-TYPE + SYNTAX OCTET STRING + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The name of the interface." + ::= { ifEntry 2 } + +ifType OBJECT-TYPE + SYNTAX INTEGER { group(0), instance(1), detached(2) } + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Denotes whether the interface is a group interface, an interface + instance, or whether it's been removed or destroyed." + ::= { ifEntry 3 } + +ifRefs OBJECT-TYPE + SYNTAX Unsigned32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of state and/or source track entries which reference + the interface." + ::= { ifEntry 4 } + +ifRules OBJECT-TYPE + SYNTAX Unsigned32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of rules which reference the interface." + ::= { ifEntry 5 } + +ifIn4PassPkts OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of IPv4 packets passed in." + ::= { ifEntry 6 } + +ifIn4PassBytes OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of IPv4 bytes passed in." + ::= { ifEntry 7 } + +ifIn4BlockPkts OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of incoming IPv4 packets blocked." + ::= { ifEntry 8 } + +ifIn4BlockBytes OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of incoming IPv4 bytes blocked." + ::= { ifEntry 9 } + +ifOut4PassPkts OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of IPv4 bytes passed out." + ::= { ifEntry 10 } + +ifOut4PassBytes OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of IPv4 bytes passed out." + ::= { ifEntry 11 } + +ifOut4BlockPkts OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of outgoing IPv4 bytes blocked." + ::= { ifEntry 12 } + +ifOut4BlockBytes OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of outgoing IPv4 bytes blocked." + ::= { ifEntry 13 } + +ifIn6PassPkts OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of IPv6 packets passed in." + ::= { ifEntry 14 } + +ifIn6PassBytes OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of IPv6 bytes passed in." + ::= { ifEntry 15 } + +ifIn6BlockPkts OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of incoming IPv6 packets blocked." + ::= { ifEntry 16 } + +ifIn6BlockBytes OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of incoming IPv6 bytes blocked." + ::= { ifEntry 17 } + +ifOut6PassPkts OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of IPv6 bytes passed out." + ::= { ifEntry 18 } + +ifOut6PassBytes OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of IPv6 bytes passed out." + ::= { ifEntry 19 } + +ifOut6BlockPkts OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of outgoing IPv6 bytes blocked." + ::= { ifEntry 20 } + +ifOut6BlockBytes OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of outgoing IPv6 bytes blocked." + ::= { ifEntry 21 } + + +-- tables +tblNumber OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of tables present on this system." + ::= { tables 1 } + +tblTable OBJECT-TYPE + SYNTAX SEQUENCE OF tblEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A list of individual tables. The number of entries is + given by the value of tableNumber." + ::= { tables 128 } + +tblEntry OBJECT-TYPE + SYNTAX TblEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry containing management information applicable to a + particular table." + INDEX { tblIndex } + ::= { tblTable 1 } + +TblEntry ::= + SEQUENCE { + tblIndex Integer32, + tblName OCTET STRING, + tblAddresses Integer32, + tblAnchorRefs Integer32, + tblRuleRefs Integer32, + tblEvalsMatch Counter64, + tblEvalsNoMatch Counter64, + tblInPassPkts Counter64, + tblInPassBytes Counter64, + tblInBlockPkts Counter64, + tblInBlockBytes Counter64, + tblInXPassPkts Counter64, + tblInXPassBytes Counter64, + tblOutPassPkts Counter64, + tblOutPassBytes Counter64, + tblOutBlockPkts Counter64, + tblOutBlockBytes Counter64, + tblOutXPassPkts Counter64, + tblOutXPassBytes Counter64, + tblStatsCleared Unsigned32, + } + +tblIndex OBJECT-TYPE + SYNTAX Integer32 (1..2147483647) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "A unique value, greater than zero, for each table." + ::= { tblEntry 1 } + +tblName OBJECT-TYPE + SYNTAX OCTET STRING + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The name of the table." + ::= { tblEntry 2 } + +tblAddresses OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of addresses currently stored in the table." + ::= { tblEntry 3 } + +tblAnchorRefs OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of anchors which reference the table." + ::= { tblEntry 4 } + +tblRuleRefs OBJECT-TYPE + SYNTAX Integer32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of rules which reference the table." + ::= { tblEntry 5 } + +tblEvalsMatch OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of table evaluations that produced a match." + ::= { tblEntry 6 } + +tblEvalsNoMatch OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of table evaluations that didn't match." + ::= { tblEntry 7 } + +tblInPassPkts OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of packets passed in that matched the table." + ::= { tblEntry 8 } + +tblInPassBytes OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of bytes passed in that matched the table." + ::= { tblEntry 9 } + +tblInBlockPkts OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of incoming packets blocked that matched the table." + ::= { tblEntry 10 } + +tblInBlockBytes OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number incoming bytes blocked that matched the table." + ::= { tblEntry 11 } + +tblInXPassPkts OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of packets statefully passed in where the state + entry refers to the table, but the table no longer contains + the address in question." + ::= { tblEntry 12 } + +tblInXPassBytes OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of bytes statefully passed in where the state + entry refers to the table, but the table no longer contains + the address in question." + ::= { tblEntry 13 } + +tblOutPassPkts OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of packets passed out that matched the table." + ::= { tblEntry 14 } + +tblOutPassBytes OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of bytes passed out that matched the table." + ::= { tblEntry 15 } + +tblOutBlockPkts OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of outgoing packets blocked that matched the table." + ::= { tblEntry 16 } + +tblOutBlockBytes OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number outgoing bytes blocked that matched the table." + ::= { tblEntry 17 } + +tblOutXPassPkts OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of packets statefully passed out where the state + entry refers to the table, but the table no longer contains + the address in question." + ::= { tblEntry 18 } + +tblOutXPassBytes OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of bytes statefully passed out where the state + entry refers to the table, but the table no longer contains + the address in question." + ::= { tblEntry 19 } + +tblAddrTable OBJECT-TYPE + SYNTAX SEQUENCE OF tblAddrEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "A table containing the addresses/CIDR network blocks from + every table on the system." + ::= { tables 129 } + +tblAddrEntry OBJECT-TYPE + SYNTAX TblAddrEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry containing management information applicable to a + particular table." + INDEX { tblAddrTblIndex, tblAddrNet, tblAddrMask } + ::= { tblAddrTable 1 } + +TblAddrEntry ::= + SEQUENCE { + tblAddrTblIndex Integer32, + tblAddrNet IpAddress, + tblAddrMask Integer32, + tblAddrCleared TimeTicks, + tblAddrInBlockPkts Counter64, + tblAddrInBlockBytes Counter64, + tblAddrInPassPkts Counter64, + tblAddrInPassBytes Counter64, + tblAddrOutBlockPkts Counter64, + tblAddrOutBlockBytes Counter64, + tblAddrOutPassPkts Counter64, + tblAddrOutPassBytes Counter64, + } + +tblAddrTblIndex OBJECT-TYPE + SYNTAX Integer32 (1..2147483647) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The index value which uniquely identifies the table which + contains this tblAddrNet/tblAddrMask pair." + ::= { tblAddrEntry 1 } + +tblAddrNet OBJECT-TYPE + SYNTAX IpAddress + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The IP address portion of the CIDR network for this + particular table entry." + ::= { tblAddrEntry 2 } + +tblAddrMask OBJECT-TYPE + SYNTAX Integer32 (0..32) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The CIDR bitmask for this particular table entry." + ::= { tblAddrEntry 3 } + +tblAddrCleared OBJECT-TYPE + SYNTAX TimeTicks + UNITS "1/100th of a Second" + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The time that's passed since the statistics where last cleared, or + since the tblAddrNet/tblAddrMask pair was loaded into the table, + whichever is sooner." + ::= { tblAddrEntry 4 } + +tblAddrInBlockPkts OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of inbound packets blocked as a result of matching + this table entry." + ::= { tblAddrEntry 5 } + +tblAddrInBlockBytes OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of inbound bytes blocked as a result of matching + this table entry." + ::= { tblAddrEntry 6 } + +tblAddrInPassPkts OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of inbound packets passed as a result of matching + this table entry." + ::= { tblAddrEntry 7 } + +tblAddrInPassBytes OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of inbound bytes passed as a result of matching + this table entry." + ::= { tblAddrEntry 8 } + +tblAddrOutBlockPkts OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of outbound packets blocked as a result of matching + this table entry." + ::= { tblAddrEntry 9 } + +tblAddrOutBlockBytes OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of outbound bytes blocked as a result of matching + this table entry." + ::= { tblAddrEntry 10 } + +tblAddrOutPassPkts OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of outbound packets passed as a result of matchin + this table entry." + ::= { tblAddrEntry 11 } + +tblAddrOutPassBytes OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The number of outbound bytes passed as a result of matchg + this table entry." + ::= { tblAddrEntry 12 } + + + +-- END: Don't forget this! +END +