git: f6aa57c86b62 - main - snmp_pf: use the libpfctl wrapper to retrieve astats

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Kristof Provost <kp_at_FreeBSD.org>
Date: Fri, 05 Dec 2025 13:09:41 UTC
The branch main has been updated by kp:

URL: https://cgit.FreeBSD.org/src/commit/?id=f6aa57c86b6239e1f8c8ff50f28c9d0ed1af2ce3

commit f6aa57c86b6239e1f8c8ff50f28c9d0ed1af2ce3
Author:     Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2025-12-05 10:23:45 +0000
Commit:     Kristof Provost <kp@FreeBSD.org>
CommitDate: 2025-12-05 12:24:52 +0000

    snmp_pf: use the libpfctl wrapper to retrieve astats
    
    Extend the test case to verify this works as expected.
    
    Sponsored by:   Rubicon Communications, LLC ("Netgate")
---
 tests/sys/netpfil/pf/snmp.sh              |  6 ++++++
 usr.sbin/bsnmpd/modules/snmp_pf/pf_snmp.c | 21 ++++++++-------------
 2 files changed, 14 insertions(+), 13 deletions(-)

diff --git a/tests/sys/netpfil/pf/snmp.sh b/tests/sys/netpfil/pf/snmp.sh
index 37cc4b75cf92..ad80fd457bb1 100644
--- a/tests/sys/netpfil/pf/snmp.sh
+++ b/tests/sys/netpfil/pf/snmp.sh
@@ -109,6 +109,12 @@ table_body()
 	    bsnmpwalk -s public@192.0.2.1 -i pf_tree.def pfTables
 	atf_check -s exit:0 -o match:'pfTablesAddrPrefix.* = 24' \
 	    bsnmpwalk -s public@192.0.2.1 -i pf_tree.def pfTables
+
+	# Give bsnmp time to refresh the table
+	sleep 6
+	# Expect non-zero packet count
+	atf_check -s exit:0 -o match:'pfTablesAddrPktsInPass.* = [1-9][0-9]*' \
+	    bsnmpwalk -s public@192.0.2.1 -i pf_tree.def pfTables
 }
 
 table_cleanup()
diff --git a/usr.sbin/bsnmpd/modules/snmp_pf/pf_snmp.c b/usr.sbin/bsnmpd/modules/snmp_pf/pf_snmp.c
index f0f9e0f0e149..91194516614f 100644
--- a/usr.sbin/bsnmpd/modules/snmp_pf/pf_snmp.c
+++ b/usr.sbin/bsnmpd/modules/snmp_pf/pf_snmp.c
@@ -1356,17 +1356,16 @@ err1:
 static int
 pfa_table_addrs(u_int sidx, struct pfr_table *pt)
 {
-	struct pfioc_table io;
+	struct pfr_table tbl = { 0 };
 	struct pfr_astats *t = NULL;
 	struct pfa_entry *e;
-	int i, numaddrs = 1;
+	int i, numaddrs = 1, outnum;
 
 	if (pt == NULL)
 		return (-1);
 
-	memset(&io, 0, sizeof(io));
-	strlcpy(io.pfrio_table.pfrt_name, pt->pfrt_name,
-	    sizeof(io.pfrio_table.pfrt_name));
+	strlcpy(tbl.pfrt_name, pt->pfrt_name,
+	    sizeof(tbl.pfrt_name));
 
 	for (;;) {
 		t = reallocf(t, numaddrs * sizeof(struct pfr_astats));
@@ -1377,22 +1376,18 @@ pfa_table_addrs(u_int sidx, struct pfr_table *pt)
 			goto error;
 		}
 
-		memset(t, 0, sizeof(*t));
-		io.pfrio_size = numaddrs;
-		io.pfrio_buffer = t;
-		io.pfrio_esize = sizeof(struct pfr_astats);
-
-		if (ioctl(pfctl_fd(pfh), DIOCRGETASTATS, &io)) {
+		outnum = numaddrs;
+		if (pfctl_get_astats(pfh, &tbl, t, &outnum, 0) != 0) {
 			syslog(LOG_ERR, "pfa_table_addrs(): ioctl() on %s: %s",
 			    pt->pfrt_name, strerror(errno));
 			numaddrs = -1;
 			break;
 		}
 
-		if (numaddrs >= io.pfrio_size)
+		if (numaddrs >= outnum)
 			break;
 
-		numaddrs = io.pfrio_size;
+		numaddrs = outnum;
 	}
 
 	for (i = 0; i < numaddrs; i++) {