Switching from Net-SNMP to snmpd for CARP, PF and Sensor Monitoring
Update: For help running both snmpds at the same time, see Net-SNMP and snmpd Coexistence on OpenBSD
Now that OPENBSD-CARP-MIB and OPENBSD-PF-MIB have been added to the base snmpd in OpenBSD (CARP-MIB will be in 5.1-release, PF-MIB in 5.2, and the SENSOR MIB has been there since 4.5), I wanted to document the differences between these MIBs and the corresponding implementation of the MIBs that I wrote for Net-SNMP.
Both implementations provide the same set of OIDs and allow the same data to be retrieved. Whatever you were querying via Net-SNMP is available via snmpd.
What has changed is the base OID where the CARP and PF MIBs are rooted at as well as the name of certain OIDs.
Difference #1 - New base OpenBSD OID⌗
The Net-SNMP implementation used a private/reserved enterprise OID of 64512
(ie, .1.3.6.1.4.1.64512
) as the base OID for all the OPENBSD-* MIBs. In the snmpd implementation, the OpenBSD enterprise number 30155
is used as the root for OPENBSD-* MIBs.
Fix: Change all occurrences of 64512
to 30155
in all query strings
NOTE: All the OIDs after the enterprise OID should remain unchanged. Eg, a query string of .1.3.6.1.4.1.64512.a.b.c.d
should be modified to .1.3.6.1.4.1.30155.a.b.c.d
with a.b.c.d
remaining unchanged.
Difference #2 - New CARP OID⌗
The only exception to the rule that the a.b.c.d
in .1.3.6.1.4.1.64512.a.b.c.d
should remain unchanged is with the CARP MIB. Due to an overlap in OID assignments, the CARP MIB had its base OID changed from 3
to 6
in the snmpd implementation. When fixing query strings that refer to the CARP MIB, .1.3.6.1.4.1.64512.3.b.c.d
should be changed to .1.3.6.1.4.1.30155.6.b.c.d
Fix: If your query string uses the OID name, no changes are necessary. Just ensure your NMS and SNMP tools are loading the MIB definition (OPENBSD-CARP-MIB.txt) from /usr/share/snmp/mibs/
. If your query string uses numeric OIDs, change .1.3.6.1.4.1.64512.3.X
to .1.3.6.1.4.1.30155.6.X
Difference #3 - New OID names in PF-MIB⌗
In order to avoid naming conflicts between OIDs (not just within the OPENBSD-* MIBs, but with 3rd-party MIBs as well) some of the OID names in the PF-MIB were modified in the snmpd implementation to make them more unique and to identify them as belonging to PF-MIB. For example, running
has been renamed to pfRunning
, memory
to pfCntMemory
, and tcpFirst
to pfTimeoutTcpFirst
.
Fix: If you use OID names in your query strings, replace any Net-SNMP names in the table below with the corresponding snmpd name.
This table shows the old Net-SNMP name and the corresponding new snmpd name. Note that some of the old names are duplicates (such as fragment
, removal
, count
, etc) so be careful if you're doing a search & replace.
**Net-SNMP name** | **snmpd name** |
info | pfInfo |
running | pfRunning |
runtime | pfRuntime |
debug | pfDebug |
hostid | pfHostid |
counters | pfCounters |
match | pfCntMatch |
badOffset | pfCntBadOffset |
fragment | pfCntFragment |
short | pfCntShort |
normalize | pfCntNormalize |
memory | pfCntMemory |
timestamp | pfCntTimestamp |
congestion | pfCntCongestion |
ip-option | pfCntIpOption |
proto-cksum | pfCntProtoCksum |
stateTable | pfStateTable |
state-mismatch | pfCntStateMismatch |
state-insert | pfCntStateInsert |
state-limit | pfCntStateLimit |
src-limit | pfCntSrcLimit |
synproxy | pfCntSynproxy |
count | pfStateCount |
searches | pfStateSearches |
inserts | pfStateInserts |
removals | pfStateRemovals |
loginterface | pfLogInterface |
name | pfLogIfName |
ipBytesIn | pfLogIfIpBytesIn |
ipBytesOut | pfLogIfIpBytesOut |
ipPktsInPass | pfLogIfIpPktsInPass |
ipPktsInDrop | pfLogIfIpPktsInDrop |
ipPktsOutPass | pfLogIfIpPktsOutPass |
ipPktsOutDrop | pfLogIfIpPktsOutDrop |
ip6BytesIn | pfLogIfIp6BytesIn |
ip6BytesOut | pfLogIfIp6BytesOut |
ip6PktsInPass | pfLogIfIp6PktsInPass |
ip6PktsInDrop | pfLogIfIp6PktsInDrop |
ip6PktsOutPass | pfLogIfIp6PktsOutPass |
ip6PktsOutDrop | pfLogIfIp6PktsOutDrop |
sourceTracking | pfSrcTracking |
count | pfSrcTrackCount |
searches | pfSrcTrackSearches |
inserts | pfSrcTrackInserts |
removals | pfSrcTrackRemovals |
limits | pfLimits |
states | pfLimitStates |
sourceNodes | pfLimitSourceNodes |
fragments | pfLimitFragments |
timeouts | pfTimeouts |
tcpFirst | pfTimeoutTcpFirst |
tcpOpening | pfTimeoutTcpOpening |
tcpEstablished | pfTimeoutTcpEstablished |
tcpClosing | pfTimeoutTcpClosing |
tcpFinWait | pfTimeoutTcpFinWait |
tcpClosed | pfTimeoutTcpClosed |
udpFirst | pfTimeoutUdpFirst |
udpSingle | pfTimeoutUdpSingle |
udpMultiple | pfTimeoutUdpMultiple |
icmpFirst | pfTimeoutIcmpFirst |
icmpError | pfTimeoutIcmpError |
otherFirst | pfTimeoutOtherFirst |
otherSingle | pfTimeoutOtherSingle |
otherMultiple | pfTimeoutOtherMultiple |
fragment | pfTimeoutFragment |
interval | pfTimeoutInterval |
adaptiveStart | pfTimeoutAdaptiveStart |
adaptiveEnd | pfTimeoutAdaptiveEnd |
sourceTrack | pfTimeoutSrcTrack |
interfaces | pfInterfaces |
ifTable | pfIfTable |
ifEntry | pfIfEntry |
ifIndex | pfIfIndex |
ifDescr | pfIfDescr |
ifType | pfIfType |
ifRefs | pfIfRefs |
ifRules | pfIfRules |
ifIn4PassPkts | pfIfIn4PassPkts |
ifIn4PassBytes | pfIfIn4PassBytes |
ifIn4BlockPkts | pfIfIn4BlockPkts |
ifIn4BlockBytes | pfIfIn4BlockBytes |
ifOut4PassPkts | pfIfOut4PassPkts |
ifOut4PassBytes | pfIfOut4PassBytes |
ifOut4BlockPkts | pfIfOut4BlockPkts |
ifOut4BlockBytes | pfIfOut4BlockBytes |
ifIn6PassPkts | pfIfIn6PassPkts |
ifIn6PassBytes | pfIfIn6PassBytes |
ifIn6BlockPkts | pfIfIn6BlockPkts |
ifIn6BlockBytes | pfIfIn6BlockBytes |
ifOut6PassPkts | pfIfOut6PassPkts |
ifOut6PassBytes | pfIfOut6PassBytes |
ifOut6BlockPkts | pfIfOut6BlockPkts |
ifOut6BlockBytes | pfIfOut6BlockBytes |
tables | pfTables |
tblTable | pfTblTable |
tblEntry | pfTblEntry |
tblIndex | pfTblIndex |
tblName | pfTblName |
tblAddresses | pfTblAddresses |
tblAnchorRefs | pfTblAnchorRefs |
tblRuleRefs | pfTblRuleRefs |
tblEvalsMatch | pfTblEvalsMatch |
tblEvalsNoMatch | pfTblEvalsNoMatch |
tblInPassPkts | pfTblInPassPkts |
tblInPassBytes | pfTblInPassBytes |
tblInBlockPkts | pfTblInBlockPkts |
tblInBlockBytes | pfTblInBlockBytes |
tblInXPassPkts | pfTblInXPassPkts |
tblInXPassBytes | pfTblInXPassBytes |
tblOutPassPkts | pfTblOutPassPkts |
tblOutPassBytes | pfTblOutPassBytes |
tblOutBlockPkts | pfTblOutBlockPkts |
tblOutBlockBytes | pfTblOutBlockBytes |
tblOutXPassPkts | pfTblOutXPassPkts |
tblOutXPassBytes | pfTblOutXPassBytes |
tblStatsCleared | pfTblStatsCleared |
tblAddrTable | pfTblAddrTable |
tblAddrEntry | pfTblAddrEntry |
tblAddrTblIndex | pfTblAddrTblIndex |
tblAddrNet | pfTblAddrNet |
tblAddrMask | pfTblAddrMask |
tblAddrCleared | pfTblAddrCleared |
tblAddrInBlockPkts | pfTblAddrInBlockPkts |
tblAddrInBlockBytes | pfTblAddrInBlockBytes |
tblAddrInPassPkts | pfTblAddrInPassPkts |
tblAddrInPassBytes | pfTblAddrInPassBytes |
tblAddrOutBlockPkts | pfTblAddrOutBlockPkts |
tblAddrOutBlockBytes | pfTblAddrOutBlockBytes |
tblAddrOutPassPkts | pfTblAddrOutPassPkts |
tblAddrOutPassBytes | pfTblAddrOutPassBytes |
labels | pfLabels |
lblTable | pfLabelTable |
lblEntry | pfLabelEntry |
lblIndex | pfLabelIndex |
lblName | pfLabelName |
lblEvals | pfLabelEvals |
lblPkts | pfLabelPkts |
lblBytes | pfLabelBytes |
lblInPkts | pfLabelInPkts |
lblInBytes | pfLabelInBytes |
lblOutPkts | pfLabelOutPkts |
lblOutBytes | pfLabelOutBytes |