Switching from Net-SNMP to snmpd for CARP, PF and Sensor Monitoring

Update: For help running both snmpds at the same time, see Net-SNMP and snmpd Coexistence on OpenBSD.

Now that OPENBSD-CARP-MIB and OPENBSD-PF-MIB have been added to the base snmpd in OpenBSD (CARP-MIB will be in 5.1-release, PF-MIB in 5.2, and the SENSOR MIB has been there since 4.5), I wanted to document the differences between these MIBs and the corresponding implementation of the MIBs that I wrote for Net-SNMP.

Both implementations provide the same set of OIDs and allow the same data to be retrieved. Whatever you were querying via Net-SNMP is available via snmpd.

What has changed is the base OID where the CARP and PF MIBs are rooted at as well as the name of certain OIDs.

Difference #1 – New base OpenBSD OID

The Net-SNMP implementation used a private/reserved enterprise OID of 64512 (ie, .1.3.6.1.4.1.64512) as the base OID for all the OPENBSD-* MIBs. In the snmpd implementation, the OpenBSD enterprise number 30155 is used as the root for OPENBSD-* MIBs.

Fix: Change all occurrences of 64512 to 30155 in all query strings

NOTE: All the OIDs after the enterprise OID should remain unchanged. Eg, a query string of .1.3.6.1.4.1.64512.a.b.c.d should be modified to .1.3.6.1.4.1.30155.a.b.c.d with a.b.c.d remaining unchanged.

Difference #2 – New CARP OID

The only exception to the rule that the a.b.c.d in .1.3.6.1.4.1.64512.a.b.c.d should remain unchanged is with the CARP MIB. Due to an overlap in OID assignments, the CARP MIB had its base OID changed from 3 to 6 in the snmpd implementation. When fixing query strings that refer to the CARP MIB, .1.3.6.1.4.1.64512.3.b.c.d should be changed to .1.3.6.1.4.1.30155.6.b.c.d

Fix: If your query string uses the OID name, no changes are necessary. Just ensure your NMS and SNMP tools are loading the MIB definition (OPENBSD-CARP-MIB.txt) from /usr/share/snmp/mibs/. If your query string uses numeric OIDs, change .1.3.6.1.4.1.64512.3.X to .1.3.6.1.4.1.30155.6.X

Difference #3 – New OID names in PF-MIB

In order to avoid naming conflicts between OIDs (not just within the OPENBSD-* MIBs, but with 3rd-party MIBs as well) some of the OID names in the PF-MIB were modified in the snmpd implementation to make them more unique and to identify them as belonging to PF-MIB. For example, “running” has been renamed to “pfRunning”, “memory” to “pfCntMemory”, and “tcpFirst” to “pfTimeoutTcpFirst”.

Fix: If you use OID names in your query strings, replace any Net-SNMP names in the table below with the corresponding snmpd name.

This table shows the old Net-SNMP name and the corresponding new snmpd name. Note that some of the old names are duplicates (such as “fragment”, “removal”, “count”, etc) so be careful if you’re doing a search & replace.

Net-SNMP name

snmpd name

info
pfInfo
running
pfRunning
runtime
pfRuntime
debug
pfDebug
hostid
pfHostid
counters
pfCounters
match
pfCntMatch
badOffset
pfCntBadOffset
fragment
pfCntFragment
short
pfCntShort
normalize
pfCntNormalize
memory
pfCntMemory
timestamp
pfCntTimestamp
congestion
pfCntCongestion
ip-option
pfCntIpOption
proto-cksum
pfCntProtoCksum
stateTable
pfStateTable
state-mismatch
pfCntStateMismatch
state-insert
pfCntStateInsert
state-limit
pfCntStateLimit
src-limit
pfCntSrcLimit
synproxy
pfCntSynproxy
count
pfStateCount
searches
pfStateSearches
inserts
pfStateInserts
removals
pfStateRemovals
loginterface
pfLogInterface
name
pfLogIfName
ipBytesIn
pfLogIfIpBytesIn
ipBytesOut
pfLogIfIpBytesOut
ipPktsInPass
pfLogIfIpPktsInPass
ipPktsInDrop
pfLogIfIpPktsInDrop
ipPktsOutPass
pfLogIfIpPktsOutPass
ipPktsOutDrop
pfLogIfIpPktsOutDrop
ip6BytesIn
pfLogIfIp6BytesIn
ip6BytesOut
pfLogIfIp6BytesOut
ip6PktsInPass
pfLogIfIp6PktsInPass
ip6PktsInDrop
pfLogIfIp6PktsInDrop
ip6PktsOutPass
pfLogIfIp6PktsOutPass
ip6PktsOutDrop
pfLogIfIp6PktsOutDrop
sourceTracking
pfSrcTracking
count
pfSrcTrackCount
searches
pfSrcTrackSearches
inserts
pfSrcTrackInserts
removals
pfSrcTrackRemovals
limits
pfLimits
states
pfLimitStates
sourceNodes
pfLimitSourceNodes
fragments
pfLimitFragments
timeouts
pfTimeouts
tcpFirst
pfTimeoutTcpFirst
tcpOpening
pfTimeoutTcpOpening
tcpEstablished
pfTimeoutTcpEstablished
tcpClosing
pfTimeoutTcpClosing
tcpFinWait
pfTimeoutTcpFinWait
tcpClosed
pfTimeoutTcpClosed
udpFirst
pfTimeoutUdpFirst
udpSingle
pfTimeoutUdpSingle
udpMultiple
pfTimeoutUdpMultiple
icmpFirst
pfTimeoutIcmpFirst
icmpError
pfTimeoutIcmpError
otherFirst
pfTimeoutOtherFirst
otherSingle
pfTimeoutOtherSingle
otherMultiple
pfTimeoutOtherMultiple
fragment
pfTimeoutFragment
interval
pfTimeoutInterval
adaptiveStart
pfTimeoutAdaptiveStart
adaptiveEnd
pfTimeoutAdaptiveEnd
sourceTrack
pfTimeoutSrcTrack
interfaces
pfInterfaces
ifTable
pfIfTable
ifEntry
pfIfEntry
ifIndex
pfIfIndex
ifDescr
pfIfDescr
ifType
pfIfType
ifRefs
pfIfRefs
ifRules
pfIfRules
ifIn4PassPkts
pfIfIn4PassPkts
ifIn4PassBytes
pfIfIn4PassBytes
ifIn4BlockPkts
pfIfIn4BlockPkts
ifIn4BlockBytes
pfIfIn4BlockBytes
ifOut4PassPkts
pfIfOut4PassPkts
ifOut4PassBytes
pfIfOut4PassBytes
ifOut4BlockPkts
pfIfOut4BlockPkts
ifOut4BlockBytes
pfIfOut4BlockBytes
ifIn6PassPkts
pfIfIn6PassPkts
ifIn6PassBytes
pfIfIn6PassBytes
ifIn6BlockPkts
pfIfIn6BlockPkts
ifIn6BlockBytes
pfIfIn6BlockBytes
ifOut6PassPkts
pfIfOut6PassPkts
ifOut6PassBytes
pfIfOut6PassBytes
ifOut6BlockPkts
pfIfOut6BlockPkts
ifOut6BlockBytes
pfIfOut6BlockBytes
tables
pfTables
tblTable
pfTblTable
tblEntry
pfTblEntry
tblIndex
pfTblIndex
tblName
pfTblName
tblAddresses
pfTblAddresses
tblAnchorRefs
pfTblAnchorRefs
tblRuleRefs
pfTblRuleRefs
tblEvalsMatch
pfTblEvalsMatch
tblEvalsNoMatch
pfTblEvalsNoMatch
tblInPassPkts
pfTblInPassPkts
tblInPassBytes
pfTblInPassBytes
tblInBlockPkts
pfTblInBlockPkts
tblInBlockBytes
pfTblInBlockBytes
tblInXPassPkts
pfTblInXPassPkts
tblInXPassBytes
pfTblInXPassBytes
tblOutPassPkts
pfTblOutPassPkts
tblOutPassBytes
pfTblOutPassBytes
tblOutBlockPkts
pfTblOutBlockPkts
tblOutBlockBytes
pfTblOutBlockBytes
tblOutXPassPkts
pfTblOutXPassPkts
tblOutXPassBytes
pfTblOutXPassBytes
tblStatsCleared
pfTblStatsCleared
tblAddrTable
pfTblAddrTable
tblAddrEntry
pfTblAddrEntry
tblAddrTblIndex
pfTblAddrTblIndex
tblAddrNet
pfTblAddrNet
tblAddrMask
pfTblAddrMask
tblAddrCleared
pfTblAddrCleared
tblAddrInBlockPkts
pfTblAddrInBlockPkts
tblAddrInBlockBytes
pfTblAddrInBlockBytes
tblAddrInPassPkts
pfTblAddrInPassPkts
tblAddrInPassBytes
pfTblAddrInPassBytes
tblAddrOutBlockPkts
pfTblAddrOutBlockPkts
tblAddrOutBlockBytes
pfTblAddrOutBlockBytes
tblAddrOutPassPkts
pfTblAddrOutPassPkts
tblAddrOutPassBytes
pfTblAddrOutPassBytes
labels
pfLabels
lblTable
pfLabelTable
lblEntry
pfLabelEntry
lblIndex
pfLabelIndex
lblName
pfLabelName
lblEvals
pfLabelEvals
lblPkts
pfLabelPkts
lblBytes
pfLabelBytes
lblInPkts
pfLabelInPkts
lblInBytes
pfLabelInBytes
lblOutPkts
pfLabelOutPkts
lblOutBytes
pfLabelOutBytes

9 thoughts on “Switching from Net-SNMP to snmpd for CARP, PF and Sensor Monitoring”

    1. Hey James,

      I’m actually writing another post right now that provides one way of solving that issue. It should be posted soon.

Leave a Reply

Your email address will not be published. Required fields are marked *

Would you like to subscribe to email notification of new comments? You can also subscribe without commenting.