xref: /openbsd/share/snmp/OPENBSD-PF-MIB.txt (revision cca36db2) 
1-- $OpenBSD: OPENBSD-PF-MIB.txt,v 1.1 2012/02/23 03:54:38 joel Exp $
2--
3-- Copyright (c) 2004-2012 Joel Knight <knight.joel@gmail.com>
4--
5-- Permission to use, copy, modify, and distribute this document for any
6-- purpose with or without fee is hereby granted, provided that the above
7-- copyright notice and this permission notice appear in all copies.
8--
9-- THE DOCUMENT IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10-- WITH REGARD TO THIS DOCUMENT INCLUDING ALL IMPLIED WARRANTIES OF
11-- MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12-- ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13-- WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14-- ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15-- OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS DOCUMENT.
16
17
18OPENBSD-PF-MIB DEFINITIONS ::= BEGIN
19
20IMPORTS
21	MODULE-IDENTITY, NOTIFICATION-TYPE, OBJECT-TYPE,
22	Counter32, Counter64, Unsigned32, Integer32, IpAddress,
23	TimeTicks, enterprises
24		FROM SNMPv2-SMI
25
26	TruthValue
27		FROM SNMPv2-TC
28
29	openBSD
30		FROM OPENBSD-BASE-MIB
31
32	MODULE-COMPLIANCE, OBJECT-GROUP
33		FROM SNMPv2-CONF;
34
35pfMIBObjects MODULE-IDENTITY
36    LAST-UPDATED "201201260000Z"
37    ORGANIZATION "OpenBSD"
38    CONTACT-INFO "
39                  Author:     Joel Knight
40                  email:      knight.joel@gmail.com
41                  www:        http://www.packetmischief.ca/openbsd-snmp-mibs/
42                 "
43    DESCRIPTION "The MIB module for gathering information from
44		OpenBSD's packet filter.
45                "
46    REVISION "201201260000Z"
47    DESCRIPTION "Add OPENBSD-PF-MIB to OpenBSD's snmpd"
48    ::= { openBSD 1 }
49
50
51-- define the sections of the MIB
52
53pfInfo				OBJECT IDENTIFIER ::= { pfMIBObjects 1 }
54pfCounters			OBJECT IDENTIFIER ::= { pfMIBObjects 2 }
55pfStateTable			OBJECT IDENTIFIER ::= { pfMIBObjects 3 }
56pfLogInterface			OBJECT IDENTIFIER ::= { pfMIBObjects 4 }
57pfSrcTracking			OBJECT IDENTIFIER ::= { pfMIBObjects 5 }
58pfLimits			OBJECT IDENTIFIER ::= { pfMIBObjects 6 }
59pfTimeouts			OBJECT IDENTIFIER ::= { pfMIBObjects 7 }
60pfInterfaces			OBJECT IDENTIFIER ::= { pfMIBObjects 8 }
61pfTables			OBJECT IDENTIFIER ::= { pfMIBObjects 9 }
62pfLabels			OBJECT IDENTIFIER ::= { pfMIBObjects 10 }
63pfsyncStats			OBJECT IDENTIFIER ::= { pfMIBObjects 11 }
64
65
66-- pfInfo
67
68pfRunning OBJECT-TYPE
69    SYNTAX      TruthValue
70    MAX-ACCESS  read-only
71    STATUS      current
72    DESCRIPTION
73	"Indicates whether pf is enabled or not."
74    ::= { pfInfo 1 }
75
76pfRuntime OBJECT-TYPE
77    SYNTAX      TimeTicks
78    UNITS      "1/100th of a Second"
79    MAX-ACCESS  read-only
80    STATUS      current
81    DESCRIPTION
82	"Indicates how long pf has been enabled. If pf is not
83	enabled, indicates how long pf has been disabled. If pf has not
84	been explicitly enabled or disabled since the system was booted,
85	the value will be 0."
86    ::= { pfInfo 2 }
87
88pfDebug OBJECT-TYPE
89    SYNTAX      INTEGER {
90	emerg(0),
91	alert(1),
92	crit(2),
93	err(3),
94	warning(4),
95	notice(5),
96	info(6),
97	debug(7)
98    }
99    MAX-ACCESS  read-only
100    STATUS      current
101    DESCRIPTION
102	"Indicates the debug level that pf is running at."
103    ::= { pfInfo 3 }
104
105pfHostid OBJECT-TYPE
106    SYNTAX      OCTET STRING
107    MAX-ACCESS  read-only
108    STATUS      current
109    DESCRIPTION
110	"The (unique) host id of the machine running pf."
111    ::= { pfInfo 4 }
112
113
114-- pfCounters
115
116pfCntMatch OBJECT-TYPE
117    SYNTAX      Counter64
118    MAX-ACCESS  read-only
119    STATUS      current
120    DESCRIPTION
121	"The number of packets that have matched a filter rule."
122    ::= { pfCounters 1 }
123
124pfCntBadOffset OBJECT-TYPE
125    SYNTAX      Counter64
126    MAX-ACCESS  read-only
127    STATUS      current
128    DESCRIPTION
129	"The number of packets that have had a bad offset value."
130    ::= { pfCounters 2 }
131
132pfCntFragment OBJECT-TYPE
133    SYNTAX      Counter64
134    MAX-ACCESS  read-only
135    STATUS      current
136    DESCRIPTION
137	"The number of packet fragments."
138    ::= { pfCounters 3 }
139
140pfCntShort OBJECT-TYPE
141    SYNTAX      Counter64
142    MAX-ACCESS  read-only
143    STATUS      current
144    DESCRIPTION
145	"The number of packets that were too short to contain a valid header."
146    ::= { pfCounters 4 }
147
148pfCntNormalize OBJECT-TYPE
149    SYNTAX      Counter64
150    MAX-ACCESS  read-only
151    STATUS      current
152    DESCRIPTION
153	"The number of packets that were normalized using the packet scrubber."
154    ::= { pfCounters 5 }
155
156pfCntMemory OBJECT-TYPE
157    SYNTAX      Counter64
158    MAX-ACCESS  read-only
159    STATUS      current
160    DESCRIPTION
161	"The number of packets that were dropped due to memory limitations."
162    ::= { pfCounters 6 }
163
164pfCntTimestamp OBJECT-TYPE
165    SYNTAX      Counter64
166    MAX-ACCESS  read-only
167    STATUS      current
168    DESCRIPTION
169	"The number of packets that were dropped due to improper RFC1323 timestamp."
170    ::= { pfCounters 7 }
171
172pfCntCongestion OBJECT-TYPE
173    SYNTAX      Counter64
174    MAX-ACCESS  read-only
175    STATUS      current
176    DESCRIPTION
177	"The number of packets that were dropped due to congestion on the interface."
178    ::= { pfCounters 8 }
179
180pfCntIpOption OBJECT-TYPE
181    SYNTAX      Counter64
182    MAX-ACCESS  read-only
183    STATUS      current
184    DESCRIPTION
185	"The number of packets that were dropped due to having options set in
186    the IP header."
187    ::= { pfCounters 9 }
188
189pfCntProtoCksum OBJECT-TYPE
190    SYNTAX      Counter64
191    MAX-ACCESS  read-only
192    STATUS      current
193    DESCRIPTION
194	"The number of packets that were dropped due to memory limitations."
195    ::= { pfCounters 10 }
196
197pfCntStateMismatch OBJECT-TYPE
198    SYNTAX      Counter64
199    MAX-ACCESS  read-only
200    STATUS      current
201    DESCRIPTION
202	"The number of packets that were dropped due to a state table mismatch."
203    ::= { pfCounters 11 }
204
205pfCntStateInsert OBJECT-TYPE
206    SYNTAX      Counter64
207    MAX-ACCESS  read-only
208    STATUS      current
209    DESCRIPTION
210	"The number of packets that were dropped due to errors creating a
211	state table entry."
212    ::= { pfCounters 12 }
213
214pfCntStateLimit OBJECT-TYPE
215    SYNTAX      Counter64
216    MAX-ACCESS  read-only
217    STATUS      current
218    DESCRIPTION
219	"The number of packets that were dropped due to the per-rule max
220	state limit being reached."
221    ::= { pfCounters 13 }
222
223pfCntSrcLimit OBJECT-TYPE
224    SYNTAX      Counter64
225    MAX-ACCESS  read-only
226    STATUS      current
227    DESCRIPTION
228	"The number of packets that were dropped due to stateful connection
229	tracking. A packet could be dropped due to resource limits (memory)
230	or due to a tracking limit being reached."
231    ::= { pfCounters 14 }
232
233pfCntSynproxy OBJECT-TYPE
234    SYNTAX      Counter64
235    MAX-ACCESS  read-only
236    STATUS      current
237    DESCRIPTION
238	"The number of packets that were dropped during the TCP synproxy process."
239    ::= { pfCounters 15 }
240
241
242-- pfStateTable
243
244pfStateCount OBJECT-TYPE
245    SYNTAX      Unsigned32
246    MAX-ACCESS  read-only
247    STATUS      current
248    DESCRIPTION
249	"The number of entries in the state table."
250    ::= { pfStateTable 1 }
251
252pfStateSearches OBJECT-TYPE
253    SYNTAX      Counter64
254    MAX-ACCESS  read-only
255    STATUS      current
256    DESCRIPTION
257	"The number of searches against the state table."
258    ::= { pfStateTable 2 }
259
260pfStateInserts OBJECT-TYPE
261    SYNTAX      Counter64
262    MAX-ACCESS  read-only
263    STATUS      current
264    DESCRIPTION
265	"The number of inserts into the state table."
266    ::= { pfStateTable 3 }
267
268pfStateRemovals OBJECT-TYPE
269    SYNTAX      Counter64
270    MAX-ACCESS  read-only
271    STATUS      current
272    DESCRIPTION
273	"The number of removals from the state table."
274    ::= { pfStateTable 4 }
275
276
277-- pfLogInterface
278
279pfLogIfName OBJECT-TYPE
280    SYNTAX      OCTET STRING
281    MAX-ACCESS  read-only
282    STATUS      current
283    DESCRIPTION
284	"The name of the interface configured using 'set loginterface'.
285	If no interface has been configured, the object will be empty."
286    ::= { pfLogInterface 1 }
287
288pfLogIfIpBytesIn OBJECT-TYPE
289    SYNTAX      Counter64
290    MAX-ACCESS  read-only
291    STATUS      current
292    DESCRIPTION
293	"The number of IPv4 bytes passed in on the loginterface."
294    ::= { pfLogInterface 2 }
295
296pfLogIfIpBytesOut OBJECT-TYPE
297    SYNTAX      Counter64
298    MAX-ACCESS  read-only
299    STATUS      current
300    DESCRIPTION
301	"The number of IPv4 bytes passed out on the loginterface."
302    ::= { pfLogInterface 3 }
303
304pfLogIfIpPktsInPass OBJECT-TYPE
305    SYNTAX      Counter64
306    MAX-ACCESS  read-only
307    STATUS      current
308    DESCRIPTION
309	"The number of IPv4 packets passed in on the loginterface."
310    ::= { pfLogInterface 4 }
311
312pfLogIfIpPktsInDrop OBJECT-TYPE
313    SYNTAX      Counter64
314    MAX-ACCESS  read-only
315    STATUS      current
316    DESCRIPTION
317	"The number of dropped IPv4 packets coming in on the loginterface."
318    ::= { pfLogInterface 5 }
319
320pfLogIfIpPktsOutPass OBJECT-TYPE
321    SYNTAX      Counter64
322    MAX-ACCESS  read-only
323    STATUS      current
324    DESCRIPTION
325	"The number of IPv4 packets passed out on the loginterface."
326    ::= { pfLogInterface 6 }
327
328pfLogIfIpPktsOutDrop OBJECT-TYPE
329    SYNTAX      Counter64
330    MAX-ACCESS  read-only
331    STATUS      current
332    DESCRIPTION
333	"The number of dropped IPv4 packets going out on the loginterface."
334    ::= { pfLogInterface 7 }
335
336pfLogIfIp6BytesIn OBJECT-TYPE
337    SYNTAX      Counter64
338    MAX-ACCESS  read-only
339    STATUS      current
340    DESCRIPTION
341	"The number of IPv6 bytes passed in on the loginterface."
342    ::= { pfLogInterface 8 }
343
344pfLogIfIp6BytesOut OBJECT-TYPE
345    SYNTAX      Counter64
346    MAX-ACCESS  read-only
347    STATUS      current
348    DESCRIPTION
349	"The number of IPv6 bytes passed out on the loginterface."
350    ::= { pfLogInterface 9 }
351
352pfLogIfIp6PktsInPass OBJECT-TYPE
353    SYNTAX      Counter64
354    MAX-ACCESS  read-only
355    STATUS      current
356    DESCRIPTION
357	"The number of IPv6 packets passed in on the loginterface."
358    ::= { pfLogInterface 10 }
359
360pfLogIfIp6PktsInDrop OBJECT-TYPE
361    SYNTAX      Counter64
362    MAX-ACCESS  read-only
363    STATUS      current
364    DESCRIPTION
365	"The number of dropped IPv6 packets coming in on the loginterface."
366    ::= { pfLogInterface 11 }
367
368pfLogIfIp6PktsOutPass OBJECT-TYPE
369    SYNTAX      Counter64
370    MAX-ACCESS  read-only
371    STATUS      current
372    DESCRIPTION
373	"The number of IPv6 packets passed out on the loginterface."
374    ::= { pfLogInterface 12 }
375
376pfLogIfIp6PktsOutDrop OBJECT-TYPE
377    SYNTAX      Counter64
378    MAX-ACCESS  read-only
379    STATUS      current
380    DESCRIPTION
381	"The number of dropped IPv6 packets going out on the loginterface."
382    ::= { pfLogInterface 13 }
383
384
385-- pfSrcTracking
386
387pfSrcTrackCount OBJECT-TYPE
388    SYNTAX      Unsigned32
389    MAX-ACCESS  read-only
390    STATUS      current
391    DESCRIPTION
392	"The number of entries in the source tracking table."
393    ::= { pfSrcTracking 1 }
394
395pfSrcTrackSearches OBJECT-TYPE
396    SYNTAX      Counter64
397    MAX-ACCESS  read-only
398    STATUS      current
399    DESCRIPTION
400	"The number of searches against the source tracking table."
401    ::= { pfSrcTracking 2 }
402
403pfSrcTrackInserts OBJECT-TYPE
404    SYNTAX      Counter64
405    MAX-ACCESS  read-only
406    STATUS      current
407    DESCRIPTION
408	"The number of inserts into the source tracking table."
409    ::= { pfSrcTracking 3 }
410
411pfSrcTrackRemovals OBJECT-TYPE
412    SYNTAX      Counter64
413    MAX-ACCESS  read-only
414    STATUS      current
415    DESCRIPTION
416	"The number of removals from the source tracking table."
417    ::= { pfSrcTracking 4 }
418
419
420-- pfLimits
421
422pfLimitStates OBJECT-TYPE
423	SYNTAX		Unsigned32
424	MAX-ACCESS	read-only
425	STATUS		current
426	DESCRIPTION
427	"The maximum number of entries in the memory pool used by state
428	table entries (filter rules that specify 'keep state')."
429	::= { pfLimits 1 }
430
431pfLimitSourceNodes OBJECT-TYPE
432	SYNTAX		Unsigned32
433	MAX-ACCESS	read-only
434	STATUS		current
435	DESCRIPTION
436	"The maximum number of entries in the memory pool used for tracking
437	source IP addresses (filter rules that specify 'sticky-address' or
438	'source-track' options)."
439	::= { pfLimits 2 }
440
441pfLimitFragments OBJECT-TYPE
442	SYNTAX		Unsigned32
443	MAX-ACCESS	read-only
444	STATUS		current
445	DESCRIPTION
446	"The maximum number of entries in the memory pool used for packet
447	reassembly (scrub rules)."
448	::= { pfLimits 3 }
449
450pfLimitMaxTables OBJECT-TYPE
451	SYNTAX		Unsigned32
452	MAX-ACCESS	read-only
453	STATUS		current
454	DESCRIPTION
455	"The maximum number of tables that can be created as part of the
456	active ruleset."
457	::= { pfLimits 4 }
458
459pfLimitMaxTableEntries OBJECT-TYPE
460	SYNTAX		Unsigned32
461	MAX-ACCESS	read-only
462	STATUS		current
463	DESCRIPTION
464	"The overall maximum number of addresses that can be stored in
465	tables."
466	::= { pfLimits 5 }
467
468
469-- pfTimeouts
470
471pfTimeoutTcpFirst OBJECT-TYPE
472	SYNTAX		Integer32
473	MAX-ACCESS	read-only
474	STATUS		current
475	DESCRIPTION
476	"State after receiving the first TCP packet in a new connection."
477	::= { pfTimeouts 1 }
478
479pfTimeoutTcpOpening OBJECT-TYPE
480	SYNTAX		Integer32
481	MAX-ACCESS	read-only
482	STATUS		current
483	DESCRIPTION
484	"State before the destination host ever sends a packet in response
485	to a new connection from this host."
486	::= { pfTimeouts 2 }
487
488pfTimeoutTcpEstablished OBJECT-TYPE
489	SYNTAX		Integer32
490	MAX-ACCESS	read-only
491	STATUS		current
492	DESCRIPTION
493	"State when a TCP connection is fully established."
494	::= { pfTimeouts 3 }
495
496pfTimeoutTcpClosing OBJECT-TYPE
497	SYNTAX		Integer32
498	MAX-ACCESS	read-only
499	STATUS		current
500	DESCRIPTION
501	"State after the first FIN has been sent."
502	::= { pfTimeouts 4 }
503
504pfTimeoutTcpFinWait OBJECT-TYPE
505	SYNTAX		Integer32
506	MAX-ACCESS	read-only
507	STATUS		current
508	DESCRIPTION
509	"State after both FINs are sent and the connection is closed."
510	::= { pfTimeouts 5 }
511
512pfTimeoutTcpClosed OBJECT-TYPE
513	SYNTAX		Integer32
514	MAX-ACCESS	read-only
515	STATUS		current
516	DESCRIPTION
517	"State after the first RST has been sent."
518	::= { pfTimeouts 6 }
519
520pfTimeoutUdpFirst OBJECT-TYPE
521	SYNTAX		Integer32
522	MAX-ACCESS	read-only
523	STATUS		current
524	DESCRIPTION
525	"State after receiving the first UDP packet."
526	::= { pfTimeouts 7 }
527
528pfTimeoutUdpSingle OBJECT-TYPE
529	SYNTAX		Integer32
530	MAX-ACCESS	read-only
531	STATUS		current
532	DESCRIPTION
533	"State if the source sends more than 1 packet but the destination
534	has never sent a packet back."
535	::= { pfTimeouts 8 }
536
537pfTimeoutUdpMultiple OBJECT-TYPE
538	SYNTAX		Integer32
539	MAX-ACCESS	read-only
540	STATUS		current
541	DESCRIPTION
542	"State when both hosts have sent packets."
543	::= { pfTimeouts 9 }
544
545pfTimeoutIcmpFirst OBJECT-TYPE
546	SYNTAX		Integer32
547	MAX-ACCESS	read-only
548	STATUS		current
549	DESCRIPTION
550	"State after receiving the first ICMP packet."
551	::= { pfTimeouts 10 }
552
553pfTimeoutIcmpError OBJECT-TYPE
554	SYNTAX		Integer32
555	MAX-ACCESS	read-only
556	STATUS		current
557	DESCRIPTION
558	"State when an ICMP error comes back in response to an ICMP
559	packet."
560	::= { pfTimeouts 11 }
561
562pfTimeoutOtherFirst OBJECT-TYPE
563	SYNTAX		Integer32
564	MAX-ACCESS	read-only
565	STATUS		current
566	DESCRIPTION
567	"State after receiving the first packet."
568	::= { pfTimeouts 12 }
569
570pfTimeoutOtherSingle OBJECT-TYPE
571	SYNTAX		Integer32
572	MAX-ACCESS	read-only
573	STATUS		current
574	DESCRIPTION
575	"State if the source sends more than 1 packet but the destination
576	has never sent a packet back."
577	::= { pfTimeouts 13 }
578
579pfTimeoutOtherMultiple OBJECT-TYPE
580	SYNTAX		Integer32
581	MAX-ACCESS	read-only
582	STATUS		current
583	DESCRIPTION
584	"State when both hosts have sent packets."
585	::= { pfTimeouts 14 }
586
587pfTimeoutFragment OBJECT-TYPE
588	SYNTAX		Integer32
589	MAX-ACCESS	read-only
590	STATUS		current
591	DESCRIPTION
592	"How long before an unassembled fragment is expired."
593	::= { pfTimeouts 15 }
594
595pfTimeoutInterval OBJECT-TYPE
596	SYNTAX		Integer32
597	MAX-ACCESS	read-only
598	STATUS		current
599	DESCRIPTION
600	"Interval before purging expired states and fragments."
601	::= { pfTimeouts 16 }
602
603pfTimeoutAdaptiveStart OBJECT-TYPE
604	SYNTAX		Integer32
605	MAX-ACCESS	read-only
606	STATUS		current
607	DESCRIPTION
608	"When the number of state entries exceeds this value, adaptive
609	scaling begins."
610	::= { pfTimeouts 17 }
611
612pfTimeoutAdaptiveEnd OBJECT-TYPE
613	SYNTAX		Integer32
614	MAX-ACCESS	read-only
615	STATUS		current
616	DESCRIPTION
617	"When reaching this number of state entries, all timeout values
618	become zero, effectively purging all state entries immediately."
619	::= { pfTimeouts 18 }
620
621pfTimeoutSrcTrack OBJECT-TYPE
622	SYNTAX		Integer32
623	MAX-ACCESS	read-only
624	STATUS		current
625	DESCRIPTION
626	"Time that a source tracking entry will stay around after the
627	last state expires."
628	::= { pfTimeouts 19 }
629
630
631-- pfInterfaces
632
633pfIfNumber  OBJECT-TYPE
634	SYNTAX      Integer32
635	MAX-ACCESS  read-only
636	STATUS      current
637	DESCRIPTION
638	"The number of network interfaces present on this system."
639	::= { pfInterfaces 1 }
640
641pfIfTable OBJECT-TYPE
642	SYNTAX		SEQUENCE OF PfIfEntry
643	MAX-ACCESS	not-accessible
644	STATUS		current
645	DESCRIPTION
646	"A list of individual interfaces. The number of entries is
647	given by the value of pfIfNumber."
648	::= { pfInterfaces 128 }
649
650pfIfEntry OBJECT-TYPE
651	SYNTAX      PfIfEntry
652	MAX-ACCESS  not-accessible
653	STATUS      current
654	DESCRIPTION
655	"An entry containing management information applicable to a
656	particular interface."
657	INDEX   { pfIfIndex }
658	::= { pfIfTable 1 }
659
660PfIfEntry ::=
661	SEQUENCE {
662		pfIfIndex		Integer32,
663		pfIfDescr		OCTET STRING,
664		pfIfType		INTEGER,
665		pfIfRefs		Unsigned32,
666		pfIfRules		Unsigned32,
667		pfIfIn4PassPkts		Counter64,
668		pfIfIn4PassBytes	Counter64,
669		pfIfIn4BlockPkts	Counter64,
670		pfIfIn4BlockBytes	Counter64,
671		pfIfOut4PassPkts	Counter64,
672		pfIfOut4PassBytes	Counter64,
673		pfIfOut4BlockPkts	Counter64,
674		pfIfOut4BlockBytes	Counter64,
675		pfIfIn6PassPkts		Counter64,
676		pfIfIn6PassBytes	Counter64,
677		pfIfIn6BlockPkts	Counter64,
678		pfIfIn6BlockBytes	Counter64,
679		pfIfOut6PassPkts	Counter64,
680		pfIfOut6PassBytes	Counter64,
681		pfIfOut6BlockPkts	Counter64,
682		pfIfOut6BlockBytes	Counter64
683	}
684
685pfIfIndex OBJECT-TYPE
686	SYNTAX		Integer32 (1..2147483647)
687	MAX-ACCESS	read-only
688	STATUS		current
689	DESCRIPTION
690	"A unique value, greater than zero, for each interface.  It
691	is recommended that values are assigned contiguously
692	starting from 1.  The value for each interface sub-layer
693	must remain constant at least from one re-initialization of
694	the entity's network management system to the next re-
695	initialization."
696	::= { pfIfEntry 1 }
697
698pfIfDescr OBJECT-TYPE
699	SYNTAX		OCTET STRING
700	MAX-ACCESS	read-only
701	STATUS		current
702	DESCRIPTION
703	"The name of the interface."
704	::= { pfIfEntry 2 }
705
706pfIfType OBJECT-TYPE
707	SYNTAX 		INTEGER { group(0), instance(1), detached(2) }
708	MAX-ACCESS	read-only
709	STATUS		current
710	DESCRIPTION
711	"Denotes whether the interface is a group interface, an interface
712	instance, or whether it's been removed or destroyed."
713	::= { pfIfEntry 3 }
714
715pfIfRefs OBJECT-TYPE
716	SYNTAX		Unsigned32
717	MAX-ACCESS	read-only
718	STATUS		current
719	DESCRIPTION
720	"The number of state and/or source track entries which reference
721	the interface."
722	::= { pfIfEntry 4 }
723
724pfIfRules OBJECT-TYPE
725	SYNTAX		Unsigned32
726	MAX-ACCESS	read-only
727	STATUS		current
728	DESCRIPTION
729	"The number of rules which reference the interface."
730	::= { pfIfEntry 5 }
731
732pfIfIn4PassPkts OBJECT-TYPE
733	SYNTAX		Counter64
734	MAX-ACCESS	read-only
735	STATUS		current
736	DESCRIPTION
737	"The number of IPv4 packets passed in."
738	::= { pfIfEntry 6 }
739
740pfIfIn4PassBytes OBJECT-TYPE
741	SYNTAX		Counter64
742	MAX-ACCESS	read-only
743	STATUS		current
744	DESCRIPTION
745	"The number of IPv4 bytes passed in."
746	::= { pfIfEntry 7 }
747
748pfIfIn4BlockPkts OBJECT-TYPE
749	SYNTAX		Counter64
750	MAX-ACCESS	read-only
751	STATUS		current
752	DESCRIPTION
753	"The number of incoming IPv4 packets blocked."
754	::= { pfIfEntry 8 }
755
756pfIfIn4BlockBytes OBJECT-TYPE
757	SYNTAX		Counter64
758	MAX-ACCESS	read-only
759	STATUS		current
760	DESCRIPTION
761	"The number of incoming IPv4 bytes blocked."
762	::= { pfIfEntry 9 }
763
764pfIfOut4PassPkts OBJECT-TYPE
765	SYNTAX		Counter64
766	MAX-ACCESS	read-only
767	STATUS		current
768	DESCRIPTION
769	"The number of IPv4 bytes passed out."
770	::= { pfIfEntry 10 }
771
772pfIfOut4PassBytes OBJECT-TYPE
773	SYNTAX		Counter64
774	MAX-ACCESS	read-only
775	STATUS		current
776	DESCRIPTION
777	"The number of IPv4 bytes passed out."
778	::= { pfIfEntry 11 }
779
780pfIfOut4BlockPkts OBJECT-TYPE
781	SYNTAX		Counter64
782	MAX-ACCESS	read-only
783	STATUS		current
784	DESCRIPTION
785	"The number of outgoing IPv4 bytes blocked."
786	::= { pfIfEntry 12 }
787
788pfIfOut4BlockBytes OBJECT-TYPE
789	SYNTAX		Counter64
790	MAX-ACCESS	read-only
791	STATUS		current
792	DESCRIPTION
793	"The number of outgoing IPv4 bytes blocked."
794	::= { pfIfEntry 13 }
795
796pfIfIn6PassPkts OBJECT-TYPE
797	SYNTAX		Counter64
798	MAX-ACCESS	read-only
799	STATUS		current
800	DESCRIPTION
801	"The number of IPv6 packets passed in."
802	::= { pfIfEntry 14 }
803
804pfIfIn6PassBytes OBJECT-TYPE
805	SYNTAX		Counter64
806	MAX-ACCESS	read-only
807	STATUS		current
808	DESCRIPTION
809	"The number of IPv6 bytes passed in."
810	::= { pfIfEntry 15 }
811
812pfIfIn6BlockPkts OBJECT-TYPE
813	SYNTAX		Counter64
814	MAX-ACCESS	read-only
815	STATUS		current
816	DESCRIPTION
817	"The number of incoming IPv6 packets blocked."
818	::= { pfIfEntry 16 }
819
820pfIfIn6BlockBytes OBJECT-TYPE
821	SYNTAX		Counter64
822	MAX-ACCESS	read-only
823	STATUS		current
824	DESCRIPTION
825	"The number of incoming IPv6 bytes blocked."
826	::= { pfIfEntry 17 }
827
828pfIfOut6PassPkts OBJECT-TYPE
829	SYNTAX		Counter64
830	MAX-ACCESS	read-only
831	STATUS		current
832	DESCRIPTION
833	"The number of IPv6 bytes passed out."
834	::= { pfIfEntry 18 }
835
836pfIfOut6PassBytes OBJECT-TYPE
837	SYNTAX		Counter64
838	MAX-ACCESS	read-only
839	STATUS		current
840	DESCRIPTION
841	"The number of IPv6 bytes passed out."
842	::= { pfIfEntry 19 }
843
844pfIfOut6BlockPkts OBJECT-TYPE
845	SYNTAX		Counter64
846	MAX-ACCESS	read-only
847	STATUS		current
848	DESCRIPTION
849	"The number of outgoing IPv6 bytes blocked."
850	::= { pfIfEntry 20 }
851
852pfIfOut6BlockBytes OBJECT-TYPE
853	SYNTAX		Counter64
854	MAX-ACCESS	read-only
855	STATUS		current
856	DESCRIPTION
857	"The number of outgoing IPv6 bytes blocked."
858	::= { pfIfEntry 21 }
859
860
861-- pfTables
862
863pfTblNumber  OBJECT-TYPE
864	SYNTAX      Integer32
865	MAX-ACCESS  read-only
866	STATUS      current
867	DESCRIPTION
868	"The number of tables present on this system."
869	::= { pfTables 1 }
870
871pfTblTable OBJECT-TYPE
872	SYNTAX		SEQUENCE OF TblEntry
873	MAX-ACCESS	not-accessible
874	STATUS		current
875	DESCRIPTION
876	"A list of individual tables. The number of entries is
877	given by the value of tblNumber."
878	::= { pfTables 128 }
879
880pfTblEntry OBJECT-TYPE
881	SYNTAX      TblEntry
882	MAX-ACCESS  not-accessible
883	STATUS      current
884	DESCRIPTION
885	"An entry containing management information applicable to a
886	particular table."
887	INDEX   { pfTblIndex }
888	::= { pfTblTable 1 }
889
890TblEntry ::=
891	SEQUENCE {
892		pfTblIndex		Integer32,
893		pfTblName			OCTET STRING,
894		pfTblAddresses		Integer32,
895		pfTblAnchorRefs		Integer32,
896		pfTblRuleRefs		Integer32,
897		pfTblEvalsMatch		Counter64,
898		pfTblEvalsNoMatch		Counter64,
899		pfTblInPassPkts		Counter64,
900		pfTblInPassBytes		Counter64,
901		pfTblInBlockPkts		Counter64,
902		pfTblInBlockBytes		Counter64,
903		pfTblInXPassPkts		Counter64,
904		pfTblInXPassBytes		Counter64,
905		pfTblOutPassPkts		Counter64,
906		pfTblOutPassBytes		Counter64,
907		pfTblOutBlockPkts		Counter64,
908		pfTblOutBlockBytes	Counter64,
909		pfTblOutXPassPkts		Counter64,
910		pfTblOutXPassBytes	Counter64,
911		pfTblStatsCleared		TimeTicks
912	}
913
914pfTblIndex OBJECT-TYPE
915	SYNTAX		Integer32 (1..2147483647)
916	MAX-ACCESS	read-only
917	STATUS		current
918	DESCRIPTION
919	"A unique value, greater than zero, for each table."
920	::= { pfTblEntry 1 }
921
922pfTblName OBJECT-TYPE
923	SYNTAX		OCTET STRING
924	MAX-ACCESS	read-only
925	STATUS		current
926	DESCRIPTION
927	"The name of the table."
928	::= { pfTblEntry 2 }
929
930pfTblAddresses OBJECT-TYPE
931	SYNTAX		Integer32
932	MAX-ACCESS	read-only
933	STATUS		current
934	DESCRIPTION
935	"The number of addresses currently stored in the table."
936	::= { pfTblEntry 3 }
937
938pfTblAnchorRefs OBJECT-TYPE
939	SYNTAX		Integer32
940	MAX-ACCESS	read-only
941	STATUS		current
942	DESCRIPTION
943	"The number of anchors which reference the table."
944	::= { pfTblEntry 4 }
945
946pfTblRuleRefs OBJECT-TYPE
947	SYNTAX		Integer32
948	MAX-ACCESS	read-only
949	STATUS		current
950	DESCRIPTION
951	"The number of rules which reference the table."
952	::= { pfTblEntry 5 }
953
954pfTblEvalsMatch OBJECT-TYPE
955	SYNTAX		Counter64
956	MAX-ACCESS	read-only
957	STATUS		current
958	DESCRIPTION
959	"The number of table evaluations that produced a match."
960	::= { pfTblEntry 6 }
961
962pfTblEvalsNoMatch OBJECT-TYPE
963	SYNTAX		Counter64
964	MAX-ACCESS	read-only
965	STATUS		current
966	DESCRIPTION
967	"The number of table evaluations that didn't match."
968	::= { pfTblEntry 7 }
969
970pfTblInPassPkts OBJECT-TYPE
971	SYNTAX		Counter64
972	MAX-ACCESS	read-only
973	STATUS		current
974	DESCRIPTION
975	"The number of packets passed in that matched the table."
976	::= { pfTblEntry 8 }
977
978pfTblInPassBytes OBJECT-TYPE
979	SYNTAX		Counter64
980	MAX-ACCESS	read-only
981	STATUS		current
982	DESCRIPTION
983	"The number of bytes passed in that matched the table."
984	::= { pfTblEntry 9 }
985
986pfTblInBlockPkts OBJECT-TYPE
987	SYNTAX		Counter64
988	MAX-ACCESS	read-only
989	STATUS		current
990	DESCRIPTION
991	"The number of incoming packets blocked that matched the table."
992	::= { pfTblEntry 10 }
993
994pfTblInBlockBytes OBJECT-TYPE
995	SYNTAX		Counter64
996	MAX-ACCESS	read-only
997	STATUS		current
998	DESCRIPTION
999	"The number incoming bytes blocked that matched the table."
1000	::= { pfTblEntry 11 }
1001
1002pfTblInXPassPkts OBJECT-TYPE
1003	SYNTAX		Counter64
1004	MAX-ACCESS	read-only
1005	STATUS		current
1006	DESCRIPTION
1007	"The number of packets statefully passed in where the state
1008	entry refers to the table, but the table no longer contains
1009	the address in question."
1010	::= { pfTblEntry 12 }
1011
1012pfTblInXPassBytes OBJECT-TYPE
1013	SYNTAX		Counter64
1014	MAX-ACCESS	read-only
1015	STATUS		current
1016	DESCRIPTION
1017	"The number of bytes statefully passed in where the state
1018	entry refers to the table, but the table no longer contains
1019	the address in question."
1020	::= { pfTblEntry 13 }
1021
1022pfTblOutPassPkts OBJECT-TYPE
1023	SYNTAX		Counter64
1024	MAX-ACCESS	read-only
1025	STATUS		current
1026	DESCRIPTION
1027	"The number of packets passed out that matched the table."
1028	::= { pfTblEntry 14 }
1029
1030pfTblOutPassBytes OBJECT-TYPE
1031	SYNTAX		Counter64
1032	MAX-ACCESS	read-only
1033	STATUS		current
1034	DESCRIPTION
1035	"The number of bytes passed out that matched the table."
1036	::= { pfTblEntry 15 }
1037
1038pfTblOutBlockPkts OBJECT-TYPE
1039	SYNTAX		Counter64
1040	MAX-ACCESS	read-only
1041	STATUS		current
1042	DESCRIPTION
1043	"The number of outgoing packets blocked that matched the table."
1044	::= { pfTblEntry 16 }
1045
1046pfTblOutBlockBytes OBJECT-TYPE
1047	SYNTAX		Counter64
1048	MAX-ACCESS	read-only
1049	STATUS		current
1050	DESCRIPTION
1051	"The number outgoing bytes blocked that matched the table."
1052	::= { pfTblEntry 17 }
1053
1054pfTblOutXPassPkts OBJECT-TYPE
1055	SYNTAX		Counter64
1056	MAX-ACCESS	read-only
1057	STATUS		current
1058	DESCRIPTION
1059	"The number of packets statefully passed out where the state
1060	entry refers to the table, but the table no longer contains
1061	the address in question."
1062	::= { pfTblEntry 18 }
1063
1064pfTblOutXPassBytes OBJECT-TYPE
1065	SYNTAX		Counter64
1066	MAX-ACCESS	read-only
1067	STATUS		current
1068	DESCRIPTION
1069	"The number of bytes statefully passed out where the state
1070	entry refers to the table, but the table no longer contains
1071	the address in question."
1072	::= { pfTblEntry 19 }
1073
1074pfTblStatsCleared OBJECT-TYPE
1075	SYNTAX		TimeTicks
1076	UNITS		"1/100th of a Second"
1077	MAX-ACCESS	read-only
1078	STATUS		current
1079	DESCRIPTION
1080	"The number of seconds that have passed since the statistics
1081	for this pf table were zeroed."
1082	::= { pfTblEntry 20 }
1083
1084pfTblAddrTable OBJECT-TYPE
1085	SYNTAX		SEQUENCE OF TblAddrEntry
1086	MAX-ACCESS	not-accessible
1087	STATUS		current
1088	DESCRIPTION
1089	"A table containing the addresses/CIDR network blocks from
1090	every table on the system."
1091	::= { pfTables 129 }
1092
1093pfTblAddrEntry OBJECT-TYPE
1094	SYNTAX		TblAddrEntry
1095	MAX-ACCESS	not-accessible
1096	STATUS		current
1097	DESCRIPTION
1098	"An entry containing management information applicable to a
1099	particular table."
1100	INDEX		{ pfTblAddrTblIndex, pfTblAddrNet, pfTblAddrMask }
1101	::= { pfTblAddrTable 1 }
1102
1103TblAddrEntry ::=
1104	SEQUENCE {
1105		pfTblAddrTblIndex		Integer32,
1106		pfTblAddrNet		IpAddress,
1107		pfTblAddrMask		Integer32,
1108		pfTblAddrCleared		TimeTicks,
1109		pfTblAddrInBlockPkts	Counter64,
1110		pfTblAddrInBlockBytes	Counter64,
1111		pfTblAddrInPassPkts	Counter64,
1112		pfTblAddrInPassBytes	Counter64,
1113		pfTblAddrOutBlockPkts	Counter64,
1114		pfTblAddrOutBlockBytes	Counter64,
1115		pfTblAddrOutPassPkts	Counter64,
1116		pfTblAddrOutPassBytes	Counter64
1117	}
1118
1119pfTblAddrTblIndex OBJECT-TYPE
1120	SYNTAX		Integer32 (1..2147483647)
1121	MAX-ACCESS	read-only
1122	STATUS		current
1123	DESCRIPTION
1124	"The index value which uniquely identifies the table which
1125	contains this pfTblAddrNet/pfTblAddrMask pair."
1126	::= { pfTblAddrEntry 1 }
1127
1128pfTblAddrNet OBJECT-TYPE
1129	SYNTAX		IpAddress
1130	MAX-ACCESS	read-only
1131	STATUS		current
1132	DESCRIPTION
1133	"The IP address portion of the CIDR network for this
1134	particular table entry."
1135	::= { pfTblAddrEntry 2 }
1136
1137pfTblAddrMask OBJECT-TYPE
1138	SYNTAX		Integer32 (0..32)
1139	MAX-ACCESS	read-only
1140	STATUS		current
1141	DESCRIPTION
1142	"The CIDR bitmask for this particular table entry."
1143	::= { pfTblAddrEntry 3 }
1144
1145pfTblAddrCleared OBJECT-TYPE
1146	SYNTAX		TimeTicks
1147	UNITS      	"1/100th of a Second"
1148	MAX-ACCESS	read-only
1149	STATUS		current
1150	DESCRIPTION
1151	"The time that's passed since the statistics where last cleared, or
1152	since the pfTblAddrNet/pfTblAddrMask pair was loaded into the table,
1153	whichever is sooner."
1154	::= { pfTblAddrEntry 4 }
1155
1156pfTblAddrInBlockPkts OBJECT-TYPE
1157	SYNTAX		Counter64
1158	MAX-ACCESS	read-only
1159	STATUS		current
1160	DESCRIPTION
1161	"The number of inbound packets blocked as a result of matching
1162	this table entry."
1163	::= { pfTblAddrEntry 5 }
1164
1165pfTblAddrInBlockBytes OBJECT-TYPE
1166	SYNTAX		Counter64
1167	MAX-ACCESS	read-only
1168	STATUS		current
1169	DESCRIPTION
1170	"The number of inbound bytes blocked as a result of matching
1171	this table entry."
1172	::= { pfTblAddrEntry 6 }
1173
1174pfTblAddrInPassPkts OBJECT-TYPE
1175	SYNTAX		Counter64
1176	MAX-ACCESS	read-only
1177	STATUS		current
1178	DESCRIPTION
1179	"The number of inbound packets passed as a result of matching
1180	this table entry."
1181	::= { pfTblAddrEntry 7 }
1182
1183pfTblAddrInPassBytes OBJECT-TYPE
1184	SYNTAX		Counter64
1185	MAX-ACCESS	read-only
1186	STATUS		current
1187	DESCRIPTION
1188	"The number of inbound bytes passed as a result of matching
1189	this table entry."
1190	::= { pfTblAddrEntry 8 }
1191
1192pfTblAddrOutBlockPkts OBJECT-TYPE
1193	SYNTAX		Counter64
1194	MAX-ACCESS	read-only
1195	STATUS		current
1196	DESCRIPTION
1197	"The number of outbound packets blocked as a result of matching
1198	this table entry."
1199	::= { pfTblAddrEntry 9 }
1200
1201pfTblAddrOutBlockBytes OBJECT-TYPE
1202	SYNTAX		Counter64
1203	MAX-ACCESS	read-only
1204	STATUS		current
1205	DESCRIPTION
1206	"The number of outbound bytes blocked as a result of matching
1207	this table entry."
1208	::= { pfTblAddrEntry 10 }
1209
1210pfTblAddrOutPassPkts OBJECT-TYPE
1211	SYNTAX		Counter64
1212	MAX-ACCESS	read-only
1213	STATUS		current
1214	DESCRIPTION
1215	"The number of outbound packets passed as a result of matchin
1216	this table entry."
1217	::= { pfTblAddrEntry 11 }
1218
1219pfTblAddrOutPassBytes OBJECT-TYPE
1220	SYNTAX		Counter64
1221	MAX-ACCESS	read-only
1222	STATUS		current
1223	DESCRIPTION
1224	"The number of outbound bytes passed as a result of matchg
1225	this table entry."
1226	::= { pfTblAddrEntry 12 }
1227
1228
1229-- pfLabels
1230
1231pfLabelNumber  OBJECT-TYPE
1232	SYNTAX      Integer32
1233	MAX-ACCESS  read-only
1234	STATUS      current
1235	DESCRIPTION
1236	"The number of labels in the active pf ruleset."
1237	::= { pfLabels 1 }
1238
1239pfLabelTable OBJECT-TYPE
1240	SYNTAX		SEQUENCE OF PfLabelEntry
1241	MAX-ACCESS	not-accessible
1242	STATUS		current
1243	DESCRIPTION
1244	"A list of individual labels. The number of entries is
1245	given by the value of pfLabelNumber."
1246	::= { pfLabels 128 }
1247
1248pfLabelEntry OBJECT-TYPE
1249	SYNTAX      PfLabelEntry
1250	MAX-ACCESS  not-accessible
1251	STATUS      current
1252	DESCRIPTION
1253	"An entry containing management information applicable to a
1254	particular label."
1255	INDEX   { pfLabelIndex }
1256	::= { pfLabelTable 1 }
1257
1258PfLabelEntry ::=
1259	SEQUENCE {
1260		pfLabelIndex		Integer32,
1261		pfLabelName		OCTET STRING,
1262		pfLabelEvals		Counter64,
1263		pfLabelPkts		Counter64,
1264		pfLabelBytes		Counter64,
1265		pfLabelInPkts		Counter64,
1266		pfLabelInBytes		Counter64,
1267		pfLabelOutPkts		Counter64,
1268		pfLabelOutBytes		Counter64,
1269		pfLabelTotalStates	Counter32
1270	}
1271
1272pfLabelIndex OBJECT-TYPE
1273	SYNTAX		Integer32 (1..2147483647)
1274	MAX-ACCESS	read-only
1275	STATUS		current
1276	DESCRIPTION
1277	"A unique value, greater than zero, for each label."
1278	::= { pfLabelEntry 1 }
1279
1280pfLabelName OBJECT-TYPE
1281	SYNTAX		OCTET STRING
1282	MAX-ACCESS	read-only
1283	STATUS		current
1284	DESCRIPTION
1285	"The name of the label."
1286	::= { pfLabelEntry 2 }
1287
1288pfLabelEvals OBJECT-TYPE
1289	SYNTAX		Counter64
1290	MAX-ACCESS	read-only
1291	STATUS		current
1292	DESCRIPTION
1293	"The number of rule evaluations."
1294	::= { pfLabelEntry 3 }
1295
1296pfLabelPkts OBJECT-TYPE
1297	SYNTAX		Counter64
1298	MAX-ACCESS	read-only
1299	STATUS		current
1300	DESCRIPTION
1301	"The total number of packets matched by the rule."
1302	::= { pfLabelEntry 4 }
1303
1304pfLabelBytes OBJECT-TYPE
1305	SYNTAX		Counter64
1306	MAX-ACCESS	read-only
1307	STATUS		current
1308	DESCRIPTION
1309	"The total number of bytes matched by the rule."
1310	::= { pfLabelEntry 5 }
1311
1312pfLabelInPkts OBJECT-TYPE
1313	SYNTAX		Counter64
1314	MAX-ACCESS	read-only
1315	STATUS		current
1316	DESCRIPTION
1317	"The number of incoming packets matched by the rule."
1318	::= { pfLabelEntry 6 }
1319
1320pfLabelInBytes OBJECT-TYPE
1321	SYNTAX		Counter64
1322	MAX-ACCESS	read-only
1323	STATUS		current
1324	DESCRIPTION
1325	"The number of incoming bytes matched by the rule."
1326	::= { pfLabelEntry 7 }
1327
1328pfLabelOutPkts OBJECT-TYPE
1329	SYNTAX		Counter64
1330	MAX-ACCESS	read-only
1331	STATUS		current
1332	DESCRIPTION
1333	"The number of outgoing packets matched by the rule."
1334	::= { pfLabelEntry 8 }
1335
1336pfLabelOutBytes OBJECT-TYPE
1337	SYNTAX		Counter64
1338	MAX-ACCESS	read-only
1339	STATUS		current
1340	DESCRIPTION
1341	"The number of outgoing bytes matched by the rule."
1342	::= { pfLabelEntry 9 }
1343
1344pfLabelTotalStates OBJECT-TYPE
1345	SYNTAX		Counter32
1346	MAX-ACCESS	read-only
1347	STATUS		current
1348	DESCRIPTION
1349	"The total number of state table entries created by this rule
1350	since the ruleset was loaded."
1351	::= { pfLabelEntry 10 }
1352
1353
1354-- pfsyncStats
1355
1356pfsyncIpPktsRecv OBJECT-TYPE
1357	SYNTAX		Counter64
1358	MAX-ACCESS	read-only
1359	STATUS		current
1360	DESCRIPTION
1361	"Number of IPv4 pfsync packets received on all interfaces."
1362	::= { pfsyncStats 1 }
1363
1364pfsyncIp6PktsRecv OBJECT-TYPE
1365	SYNTAX		Counter64
1366	MAX-ACCESS	read-only
1367	STATUS		current
1368	DESCRIPTION
1369	"Number of IPv6 pfsync packets received on all interfaces."
1370	::= { pfsyncStats 2 }
1371
1372pfsyncPktDiscardsForBadInterface OBJECT-TYPE
1373	SYNTAX		Counter64
1374	MAX-ACCESS	read-only
1375	STATUS		current
1376	DESCRIPTION
1377	"Number of pfsync packets discarded because it was received
1378	on an interface that is not running pfsync."
1379	::= { pfsyncStats 3 }
1380
1381pfsyncPktDiscardsForBadTtl OBJECT-TYPE
1382	SYNTAX		Counter64
1383	MAX-ACCESS	read-only
1384	STATUS		current
1385	DESCRIPTION
1386	"Number of pfsync packets discarded due to having a TTL less
1387	than 255."
1388	::= { pfsyncStats 4 }
1389
1390pfsyncPktShorterThanHeader OBJECT-TYPE
1391	SYNTAX		Counter64
1392	MAX-ACCESS	read-only
1393	STATUS		current
1394	DESCRIPTION
1395	"Number of pfsync packets received that had a length shorter
1396	than the pfsync packet header."
1397	::= { pfsyncStats 5 }
1398
1399pfsyncPktDiscardsForBadVersion OBJECT-TYPE
1400	SYNTAX		Counter64
1401	MAX-ACCESS	read-only
1402	STATUS		current
1403	DESCRIPTION
1404	"Number of pfsync packets discarded due to incorrect protocol
1405	version."
1406	::= { pfsyncStats 6 }
1407
1408pfsyncPktDiscardsForBadAction OBJECT-TYPE
1409	SYNTAX		Counter64
1410	MAX-ACCESS	read-only
1411	STATUS		current
1412	DESCRIPTION
1413	"Number of pfsync packets discarded due to an invalid pfsync
1414	action in the header."
1415	::= { pfsyncStats 7 }
1416
1417pfsyncPktDiscardsForBadLength OBJECT-TYPE
1418	SYNTAX		Counter64
1419	MAX-ACCESS	read-only
1420	STATUS		current
1421	DESCRIPTION
1422	"Number of pfsync packets discarded due to incorrect size."
1423	::= { pfsyncStats 8 }
1424
1425pfsyncPktDiscardsForBadAuth OBJECT-TYPE
1426	SYNTAX		Counter64
1427	MAX-ACCESS	read-only
1428	STATUS		current
1429	DESCRIPTION
1430	"Number of pfsync packets discarded due to authentication failure."
1431	::= { pfsyncStats 9 }
1432
1433pfsyncPktDiscardsForStaleState OBJECT-TYPE
1434	SYNTAX		Counter64
1435	MAX-ACCESS	read-only
1436	STATUS		current
1437	DESCRIPTION
1438	"Number of pfsync packets discarded because they tried to update
1439	a stale state entry."
1440	::= { pfsyncStats 10 }
1441
1442pfsyncPktDiscardsForBadValues OBJECT-TYPE
1443	SYNTAX		Counter64
1444	MAX-ACCESS	read-only
1445	STATUS		current
1446	DESCRIPTION
1447	"Number of pfsync packets discarded due to containing bad values."
1448	::= { pfsyncStats 11 }
1449
1450pfsyncPktDiscardsForBadState OBJECT-TYPE
1451	SYNTAX		Counter64
1452	MAX-ACCESS	read-only
1453	STATUS		current
1454	DESCRIPTION
1455	"Number of pfsync packets discarded due to state insert/lookup
1456	failure."
1457	::= { pfsyncStats 12 }
1458
1459pfsyncIpPktsSent OBJECT-TYPE
1460	SYNTAX		Counter64
1461	MAX-ACCESS	read-only
1462	STATUS		current
1463	DESCRIPTION
1464	"Number of IPv4 pfsync packets sent on all interfaces."
1465	::= { pfsyncStats 13 }
1466
1467pfsyncIp6PktsSent OBJECT-TYPE
1468	SYNTAX		Counter64
1469	MAX-ACCESS	read-only
1470	STATUS		current
1471	DESCRIPTION
1472	"Number of IPv6 pfsync packets sent on all interfaces."
1473	::= { pfsyncStats 14 }
1474
1475pfsyncNoMemory OBJECT-TYPE
1476	SYNTAX		Counter64
1477	MAX-ACCESS	read-only
1478	STATUS		current
1479	DESCRIPTION
1480	"Number of pfsync packets which could not be sent due to
1481	insufficient memory."
1482	::= { pfsyncStats 15 }
1483
1484pfsyncOutputErrors OBJECT-TYPE
1485	SYNTAX		Counter64
1486	MAX-ACCESS	read-only
1487	STATUS		current
1488	DESCRIPTION
1489	"Number of pfsync packets which could not be sent."
1490	::= { pfsyncStats 16 }
1491
1492END
1493
1494