SNMP process table missing in 24.1.7

[geotekberlin]

Describe the bug

In 24.1.7 it is no longer possible to query running processes, because hrSWRunTable (OID .1.3.6.1.2.1.25.4.2) is empty. This table was always correctly populated in versions up to and including 24.1.6.

Monitoring running processes is important because it allows to deal with processes that tend to die often, such as suricata.

To Reproduce

Enable Net-SNMP plugin and set a SNMP Community string Browse to SNMP OID .1.3.6.1.2.1.25.4.2 (hrSWRunTable) with snmpwalk or any external MIB Browser using SNMP V.2 The query returns only one process name: snmpd itself, all other services are missing.

Expected behavior

The returned table should be populated with the names of all running tasks.

Describe alternatives you considered

I added the "Add AbentX Support" and "Layer 3 Visibility" checkboxes and restarted the snmp daemon, but to no avail. Updated another Firewall from 24.1.6 to 24.1.7 and the hrSWRunTable dissapeared there as well.

Screenshots

not applicable

Relevant log files

not applicable, net-snmp service starts without errors

Additional context

not applicable

Environment

OPNsense 24.1.7-amd64 QEMU Virtual CPU version 2.5+ and Intel(R) Xeon(R) D-2123IT CPU @ 2.20GHz (4 cores, 8 threads)

[OPNsense-bot]

Thank you for creating an issue. Since the ticket doesn't seem to be using one of our templates, we're marking this issue as low priority until further notice.

For more information about the policies for this repository, please read https://github.com/opnsense/core/blob/master/CONTRIBUTING.md for further details.

The easiest option to gain traction is to close this ticket and open a new one using one of our templates.

[AdSchellevis]

looks like an upstream issue, should be fixed in the next build if I'm reading it correctly https://github.com/freebsd/freebsd-ports/commit/52fe0689eac79f0287cd884f526d33d44237869a , the snmpd process is just not allowed to see the other processes anymore.

Local test:

snmpwalk -Os -c public -v 1 localhost hrSWRunTable

(as user root):

killall snmpd
snmpd

and repeat the snmpwalk.

Easiest action for now is to revert the old package and wait for the next update.

opnsense-revert -r 24.1.6 net-snmp

[geotekberlin]

Thanks AdSchellevis, reverting to the previous net-smd recovers the lost snmp functionality.

[geotekberlin]

The 24.1.7_1 patch had solved the issue, but with the 24.1.7_4-amd64 release, the problem has returned.

[fichtner]

what's a 24.1.7_1 patch? oO anytime you apply an update local modifications are removed / replaced with newer code. Also for net-snmp plugin so you should lock the package from the firmware GUI to prevent that...