diff options
| author | Florian Obser <florian@cvs.openbsd.org> | 2020-01-02 10:55:54 +0000 |
|---|---|---|
| committer | Florian Obser <florian@cvs.openbsd.org> | 2020-01-02 10:55:54 +0000 |
| commit | f3d4989cf170b3630bb0aac95d5976be32b00db9 (patch) | |
| tree | 435cc2a4b73653ea71d7ddb8fa6e882529ccde5b /usr.sbin/snmpd/parse.y | |
| parent | d119e7d0ab16aaf7fbb869603fc3157786c85333 (diff) | |
When many prefixes are stored in pf tables it is not sensible
to export them via snmp.
Introduce option filter-pf-addresses similar to filter-routes which
prevents exporting below the OPENBSD-PF-MIB::pfTblAddrTable oid.
Other pf table statistics are uneffected by this and still available.
With this I can do a bulkwalk starting at pfMIBObjects without hitting
timeouts and without spinning the cpu at 100% for days to export 300k
prefixes.
man page input kn
OK claudio, sthen. martijn is also fine with it going in.
Diffstat (limited to 'usr.sbin/snmpd/parse.y')
| -rw-r--r-- | usr.sbin/snmpd/parse.y | 76 |
1 files changed, 40 insertions, 36 deletions
diff --git a/usr.sbin/snmpd/parse.y b/usr.sbin/snmpd/parse.y index 1a9547d85b2..e63a7bc121c 100644 --- a/usr.sbin/snmpd/parse.y +++ b/usr.sbin/snmpd/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.56 2019/10/24 12:39:27 tb Exp $ */ +/* $OpenBSD: parse.y,v 1.57 2020/01/02 10:55:53 florian Exp $ */ /* * Copyright (c) 2007, 2008, 2012 Reyk Floeter <reyk@openbsd.org> @@ -133,7 +133,7 @@ typedef struct { %token SYSTEM CONTACT DESCR LOCATION NAME OBJECTID SERVICES RTFILTER %token READONLY READWRITE OCTETSTRING INTEGER COMMUNITY TRAP RECEIVER %token SECLEVEL NONE AUTH ENC USER AUTHKEY ENCKEY ERROR DISABLED -%token SOCKET RESTRICTED AGENTX HANDLE DEFAULT SRCADDR TCP UDP +%token SOCKET RESTRICTED AGENTX HANDLE DEFAULT SRCADDR TCP UDP PFADDRFILTER %token <v.string> STRING %token <v.number> NUMBER %type <v.string> hostcmn @@ -273,6 +273,9 @@ main : LISTEN ON STRING proto { else conf->sc_rtfilter = 0; } + | PFADDRFILTER yesno { + conf->sc_pfaddrfilter = $2; + } | SECLEVEL seclevel { conf->sc_min_seclevel = $2; } @@ -628,40 +631,41 @@ lookup(char *s) { /* this has to be sorted always */ static const struct keywords keywords[] = { - { "agentx", AGENTX }, - { "auth", AUTH }, - { "authkey", AUTHKEY }, - { "community", COMMUNITY }, - { "contact", CONTACT }, - { "default", DEFAULT }, - { "description", DESCR }, - { "disabled", DISABLED}, - { "enc", ENC }, - { "enckey", ENCKEY }, - { "filter-routes", RTFILTER }, - { "handle", HANDLE }, - { "include", INCLUDE }, - { "integer", INTEGER }, - { "listen", LISTEN }, - { "location", LOCATION }, - { "name", NAME }, - { "none", NONE }, - { "oid", OBJECTID }, - { "on", ON }, - { "read-only", READONLY }, - { "read-write", READWRITE }, - { "receiver", RECEIVER }, - { "restricted", RESTRICTED }, - { "seclevel", SECLEVEL }, - { "services", SERVICES }, - { "socket", SOCKET }, - { "source-address", SRCADDR }, - { "string", OCTETSTRING }, - { "system", SYSTEM }, - { "tcp", TCP }, - { "trap", TRAP }, - { "udp", UDP }, - { "user", USER } + { "agentx", AGENTX }, + { "auth", AUTH }, + { "authkey", AUTHKEY }, + { "community", COMMUNITY }, + { "contact", CONTACT }, + { "default", DEFAULT }, + { "description", DESCR }, + { "disabled", DISABLED}, + { "enc", ENC }, + { "enckey", ENCKEY }, + { "filter-pf-addresses", PFADDRFILTER }, + { "filter-routes", RTFILTER }, + { "handle", HANDLE }, + { "include", INCLUDE }, + { "integer", INTEGER }, + { "listen", LISTEN }, + { "location", LOCATION }, + { "name", NAME }, + { "none", NONE }, + { "oid", OBJECTID }, + { "on", ON }, + { "read-only", READONLY }, + { "read-write", READWRITE }, + { "receiver", RECEIVER }, + { "restricted", RESTRICTED }, + { "seclevel", SECLEVEL }, + { "services", SERVICES }, + { "socket", SOCKET }, + { "source-address", SRCADDR }, + { "string", OCTETSTRING }, + { "system", SYSTEM }, + { "tcp", TCP }, + { "trap", TRAP }, + { "udp", UDP }, + { "user", USER } }; const struct keywords *p; |