- Sample CPU usage data from kern.cp_times, this makes for a far more
accurate and scheduler independent algorithm.
- Rip out the process list scraping that is no longer required.
- Don't update CPU usage sampling on every request, but every 15s
instead. This makes it impossible for an attacker to hide the CPU load
by triggering 4 samplings in short succession when the system is idle.
- After reaching the steady-state, the system will always report the
average CPU load of the last 60 sampled seconds.
- Untangling of call graph.
PR: kern/130222
Tested by: Julian Dunn <jdunn@aquezada.com>
Gustau Pérez <gperez@entel.upc.edu>
Jürgen Weiß <weiss@uni-mainz.de>
MFC after: 2 weeks
I'm unsure if some MIB standard states this must be the load average
for, eg. 300s, it looks like net-snmp isn't even bothering to implement
the CPU load reporting at all.
and modify the BEGEMOT-PF-MIB to add support for IPV6 address' statistics in the PF
tables via pfTablesAddrNetType and pfTablesAddrNet. While here, upgrade the
pf_tree.def file to the new format that includes enumerated values. Also make sure
to return SNMP_ERR_NOSUCHNAME for ALTQ objects, if ALTQ is disabled, so that the agent
will know to skip the pfAltq subtree when servicing GETNEXT requests from SNMP clients
(otherwise snmpwalk on begemotPf would stop at the pfAltq subtree with bsnmpd returning
SNMP_ERR_GENERR).
then find a specific entry, and get the requested value. So far, it found
the specific entry, refreshed the entry list if necessary, and got the
requested value from the found entry. The problem is that refreshing nukes
all old entries and replaces them with new ones and the obtained entry
pointer was no longer valid after the refresh.
Reviewed by: bz, philip
MFC after: 1 week
preparation for 8.0-RELEASE. Add the previous version of those
libraries to ObsoleteFiles.inc and bump __FreeBSD_Version.
Reviewed by: kib
Approved by: re (rwatson)
filling the table of ALTQ queues retrieved from the kernel.
It is possible for the kernel to return the queues not by pa.altq.qid order.
When this happens, pf_snmp would only partially fill its table.
PR: bin/120974
Submitted by: Mykola Dzham <i -at- levsha.org.ua>
MFC after: 3 days
object to control the value of the new 'PRIVATE' bridge members' flag.
While here, remove stale '__unused' compiler directives.
Reviewed by: bz
Approved by: re (bmah), bz (mentor)
* Change the API of bridge_get_basemac to take a maximum buffer length.
bridge_if.c
* Adopt to new API.
* In bridge_attach_newif() remove an additional pointer to the buffer
by shuffling the code a bit. Also makes the code more readable.
bridge_sys.c
* bridge_get_basemac():
- Adopt to the new API.
- Change check for error code of getifaddrs().
- First check for sa_family != AF_LINK.
- Copy sockaddr_dl * to get around alignment constraints on some
platforms.
- Use strcmp instead of strncmp so that "foo11" != "foo1".
* other functions:
- Allocate n times of the struct we need instead of arbitrary len,
cast to the type we want it to be and pass around struct *s instead
of char *s. This gets us around alignment restrictions on some
platforms and in addition it is more clear what data is passed around.
- Name variables for same types consistently.
Reviewed by: syrinx
SNMP option argument. That way the compiler will give a warning in
case of a missing or an extra but unknown 'case:'.
Do the same for SNMP LEAF objects to be prepared once gensnmptree will
auto-generate enums for those too.
Add an abort() after the switch() instead of the 'default:' to catch
any errors. The nice side effect is that the compiler will correctly
track supposed to be 'uninitialized' variables with that.
When trying to set a value sanity check it before calling the OS
dependent API of snmp_bridge to tell whether it is an attempt to
set a bad value or a general error.
Suggested by: harti (first part)
Approved by: bz (mentor)
add a default case to handle the situation when the variables are not
initialized.
Furthermore, abort() if the snmp agent passes an invalid option to the
bridge module. As the option (SET, GET, GETNEXT, COMMIT, ROLLBACK) is
determined by the snmp agent based on the operation requested by user,
this behaviour is unlikely to be abused as a source for a DoS, but if
ever hit will likely reveal a problem in the snmp agent or bridge
module.
Approved by: bz (mentor)
via bsnmpd(1). The module implements IETF BRIDGE-MIB as defined in
RFC4188 and a private BEGEMOT-BRIDGE-MIB.
Sponsored by: Google Summer of Code 2006
Reviewed by: bz
Approved by: bz (mentor)
instead of maximum sized arrays embedded in the table structures and (2)
using pointers to constant oids instead of copying the oid into each
table structure. This also fixes indexing in the case when a string used
for indexing is longer than the maximum size allowed in the MIB.
Submitted by: Victor Cruceru <soc-victor@>