indexing. When a device has gone it is not removed from device_map
table but just its entry_p field is set to NULL.
So when traversing device_map in disk_OS_get_ATA_disks() and
disk_OS_get_MD_disks() check for entry_p being NULL, otherwise the
bsnmpd crash is possible when a removed map entry is dereferenced.
Before the fix, for disk_OS_get_ATA_disks() the crash could be easily
reproduced running:
atacontrol detach ata1
The crash was not observed in disk_OS_get_MD_disks() because currently
snmp_hostres does no see md(4) disks: to get the device list it uses
devinfo(3), which does not return md devices.
Reported by: Miroslav Lachman 000.fbsd quip.cz
MFC after: 1 week
The reasoning behind this, is that if we are consistent in our
documentation about the uint*_t stuff, people will be less tempted to
write new code that uses the non-standard types.
I am not going to bump the man page dates, as these changes can be
considered style nits. The meaning of the man pages is unaffected.
MFC after: 1 month
It's too late to change this in 9.0 -- so we have a release with the
misspelling in the wild and should not break users that depend on it.
Deprecating/replacing it because of a one-char typo seems excessive.
last byte of the buffer.
Since we call refresh_device_tbl() for any devctl event types - no need
to check the first byte of buffer. Remove these checks.
Also remove logging for the case of unknown devd message. It incorrectly
triggers when all devctl events are not fit into one buffer and part of
unread data will be read in the next pass.
When length of data readed from devctl is equal to sizeof(buf), then try
to read from socket again, to read full data.
MFC after: 2 weeks
- Sample CPU usage data from kern.cp_times, this makes for a far more
accurate and scheduler independent algorithm.
- Rip out the process list scraping that is no longer required.
- Don't update CPU usage sampling on every request, but every 15s
instead. This makes it impossible for an attacker to hide the CPU load
by triggering 4 samplings in short succession when the system is idle.
- After reaching the steady-state, the system will always report the
average CPU load of the last 60 sampled seconds.
- Untangling of call graph.
PR: kern/130222
Tested by: Julian Dunn <jdunn@aquezada.com>
Gustau Pérez <gperez@entel.upc.edu>
Jürgen Weiß <weiss@uni-mainz.de>
MFC after: 2 weeks
I'm unsure if some MIB standard states this must be the load average
for, eg. 300s, it looks like net-snmp isn't even bothering to implement
the CPU load reporting at all.
and modify the BEGEMOT-PF-MIB to add support for IPV6 address' statistics in the PF
tables via pfTablesAddrNetType and pfTablesAddrNet. While here, upgrade the
pf_tree.def file to the new format that includes enumerated values. Also make sure
to return SNMP_ERR_NOSUCHNAME for ALTQ objects, if ALTQ is disabled, so that the agent
will know to skip the pfAltq subtree when servicing GETNEXT requests from SNMP clients
(otherwise snmpwalk on begemotPf would stop at the pfAltq subtree with bsnmpd returning
SNMP_ERR_GENERR).
then find a specific entry, and get the requested value. So far, it found
the specific entry, refreshed the entry list if necessary, and got the
requested value from the found entry. The problem is that refreshing nukes
all old entries and replaces them with new ones and the obtained entry
pointer was no longer valid after the refresh.
Reviewed by: bz, philip
MFC after: 1 week
preparation for 8.0-RELEASE. Add the previous version of those
libraries to ObsoleteFiles.inc and bump __FreeBSD_Version.
Reviewed by: kib
Approved by: re (rwatson)
filling the table of ALTQ queues retrieved from the kernel.
It is possible for the kernel to return the queues not by pa.altq.qid order.
When this happens, pf_snmp would only partially fill its table.
PR: bin/120974
Submitted by: Mykola Dzham <i -at- levsha.org.ua>
MFC after: 3 days
object to control the value of the new 'PRIVATE' bridge members' flag.
While here, remove stale '__unused' compiler directives.
Reviewed by: bz
Approved by: re (bmah), bz (mentor)
* Change the API of bridge_get_basemac to take a maximum buffer length.
bridge_if.c
* Adopt to new API.
* In bridge_attach_newif() remove an additional pointer to the buffer
by shuffling the code a bit. Also makes the code more readable.
bridge_sys.c
* bridge_get_basemac():
- Adopt to the new API.
- Change check for error code of getifaddrs().
- First check for sa_family != AF_LINK.
- Copy sockaddr_dl * to get around alignment constraints on some
platforms.
- Use strcmp instead of strncmp so that "foo11" != "foo1".
* other functions:
- Allocate n times of the struct we need instead of arbitrary len,
cast to the type we want it to be and pass around struct *s instead
of char *s. This gets us around alignment restrictions on some
platforms and in addition it is more clear what data is passed around.
- Name variables for same types consistently.
Reviewed by: syrinx
SNMP option argument. That way the compiler will give a warning in
case of a missing or an extra but unknown 'case:'.
Do the same for SNMP LEAF objects to be prepared once gensnmptree will
auto-generate enums for those too.
Add an abort() after the switch() instead of the 'default:' to catch
any errors. The nice side effect is that the compiler will correctly
track supposed to be 'uninitialized' variables with that.
When trying to set a value sanity check it before calling the OS
dependent API of snmp_bridge to tell whether it is an attempt to
set a bad value or a general error.
Suggested by: harti (first part)
Approved by: bz (mentor)
add a default case to handle the situation when the variables are not
initialized.
Furthermore, abort() if the snmp agent passes an invalid option to the
bridge module. As the option (SET, GET, GETNEXT, COMMIT, ROLLBACK) is
determined by the snmp agent based on the operation requested by user,
this behaviour is unlikely to be abused as a source for a DoS, but if
ever hit will likely reveal a problem in the snmp agent or bridge
module.
Approved by: bz (mentor)
via bsnmpd(1). The module implements IETF BRIDGE-MIB as defined in
RFC4188 and a private BEGEMOT-BRIDGE-MIB.
Sponsored by: Google Summer of Code 2006
Reviewed by: bz
Approved by: bz (mentor)
instead of maximum sized arrays embedded in the table structures and (2)
using pointers to constant oids instead of copying the oid into each
table structure. This also fixes indexing in the case when a string used
for indexing is longer than the maximum size allowed in the MIB.
Submitted by: Victor Cruceru <soc-victor@>
into the contrib directory are still necessary for some of the Makefiles,
because the C-sources there use non-canonical includes ("" includes) to get
at the header files.
Currently implemented are most things related to states and interfaces, todo
are address tables and altq. I've tried to keep this roughly in sync with a
project implementing this for net-snmpd.
Reviewed by: harti, dhartmei
MFC after: 1 month