The OpenBSD SNMP MIBs are now updated to compile under OpenBSD 5.0. Full details of how to install and use the MIBs are on the SNMP MIBs page.
There is no functional change in this release.
Download: obsd-mibs50.tar
As usual, if you find OpenBSD valuable, please make a donation to the project as they are dependent upon donations to cover many of their costs.
The OpenBSD routing table can be carved into multiple virtual routing tables allowing complete logical separation of attached networks. This article gives a brief overview of rtables and explains how to successfully leak traffic between virtual routing domains.
I just upgraded a couple of machines to OpenBSD 4.9 and noticed the hrSystemProcesses OID was not being returned by Net-SNMP 5.6.1 (from the 4.9 ports/packages collection) .
joel@theta:~% snmpwalk -v2c -c public theta .1.3.6.1.2.1.25.1.6.0
SNMPv2-SMI::mib-2.25.1.6.0 = No Such Instance currently exists
at this OID
I know for sure this worked on OpenBSD 4.8/Net-SNMP 5.4.2.1.
Turns out there is a bug in Net-SNMP 5.6.1 (bug 3166568) that's causing this. It's been fixed in their SVN tree. If you download this patch, place it into your ports/net/net-snmp/patches/ directory and recompile the port, you'll be good to go.
I've updated my SNMP MIBs to support OpenBSD 4.9.
I used to have a machine sitting around that I would power up whenever I needed to build a new OpenBSD kernel or rebuild the source tree due to a patch or a new version of the OS being released. Eventually I moved that machine into a VirtualBox virtual machine running on my desktop. Recently I moved that VM into VMWare's free ESXi hypervisor running on some pretty decent hardware. It got me wondering how much I could lower compile times by adjusting how many vCPUs were allocated to the VM.
I recently had an issue with an OpenBSD firewall where the number of state table entries was hitting the default limit of 10,000. When this limit is reached, no new state entries can be created. If you're using "keep state", "modulate state" or "synproxy state" on your rules or if you're running OpenBSD 4.1 or newer (where "keep state" is the default on all rules) this could mean that:
So.... if you hit the state table limit it's kinda bad, mmmkay?
CARP is the Common Address Redundancy Protocol. It's a secure, free alternative to the Virtual Router Redundancy Protocol and the Hot Standby Router Protocol. CARP was created and is maintained by the OpenBSD project.
The notes here apply to OpenBSD 5.0 and higher.
00-00-5e-00-01-XX where the last octet is filled in by the CARP vhid.112 (0x70).224.0.0.18 or FF02::12 multicast groups when using IPv4 and IPv6, respectively.255 so that CARP packets that have crossed a subnet boundary (i.e., have been passed on by a router) can be recognized and dropped.The host that advertises the most frequently will become the leader for the CARP group. The timer values configured on each host are sent as part of the CARP advertisements so that all hosts can make an accurate decision as to which host should be the leader.