11 December 2013
10 December 2013
So you might ask yourself, "Why do I need a LiveCD/LiveUSB when I can just install OpenBSD normally to a flash stick?"
It's a great question. In most situations you really are better off installing OpenBSD normally to a flash device and keeping your own system updated with everything installed and configure just the way you want it. Additionally, the OpenBSD install media itself is essentially a very limited "LiveCD" of sorts with a shell and many of the tools you might need.
Nonetheless, there are rare occasions when having a fully patched and updated (STABLE Branch) LiveCD/LiveUSB of our favorite operating system can be extremely useful. If you're doing something like a simple one-off router, then having a fully patched LiveCD/LiveUSB image available can be really handy. It can also be useful for testing hardware support on new systems at stores to see what works. Of course, just having access to working and patched LiveCD/LiveUSB when you're in a hurry or in a bind (pun intended) can often save you a ton of effort.Read more...
04 December 2013
OpenBSD developer Damien Miller (djm@) wrote a great post titled "ChaCha20 and Poly1305 in OpenSSH" and below is a small excerpt:
Recently, I committed support for a new authenticated encryption cipher for OpenSSH, email@example.com. This cipher combines two primitives from Daniel J. Bernstein: the ChaCha20 cipher and the Poly1305 MAC (Message Authentication Code) and was inspired by Adam Langley's similar proposal for TLS.
Why another cipher and MAC? A few reasons... First, we would like a high-performance cipher to replace RC4 since it is pretty close to broken now, we'd also like an authenticated encryption mode to complement AES-GCM - which is great if your hardware supports it, but takes significant voodoo to make run in constant time and, finally, having an authenticated encryption mode that is based on a stream cipher allows us to encrypt the packet lengths again.
Wait, what do you mean by "encrypt the packet lengths again"? (last rhetorical question, I promise) Well, it's a long story that requires a little background...
03 December 2013
In BSDNow "Episode 013: Bridging the Gap" they bring us their usual round of general BSD news and an interview with one of the FreeBSD developers and co-founders, Jordan Hubbard, along with improvements and continuations on their "OpenBSD Router" tutorial.
The BSDNow show is recorded live on Wednesdays at 2pm Eastern Standard Time and then the live recording is edited into the video and audio files released the following Friday afternoon. Due to time constraints and live recordings, it's always best to check their website show notes and tutorial pages for updated information. As TJ said, "It's a community-driven project," so if you want to help out, you can send questions, comments, show ideas/topics, or stories you want mentioned on the show to firstname.lastname@example.org
02 December 2013
OpenBSD developer Ted Unangst (tedu@) recently wrote a blog post titled, "Is Your Stack Protector Working?" and with permission it's reposted below:
Veracode has a new blog post "A Tale of Two Compilers" about differing behavior when two compilers are faced with a subtle buffer overflow. It's somewhat tangential to the main point, but I noticed that even though the compilers Veracode tested had stack overflow protection enabled, neither detected the bug or prevented the exploit. Detection and prevention of precisely this bug was a headline feature of the original ProPolice implementation. The version of gcc(1) used in OpenBSD has changed several times since then, so I tested it to make sure it still works.
28 November 2013
OpenBSD developer Ted Unangst (tedu@) recently wrote a blog post on Shared Named Semaphores and with permission it's reposted below:
Support for shared named semaphores, ala sem_open(3), recently arrived in OpenBSD. OpenBSD already supported single process thread shared semaphores, ala sem_init(3), and the old school SysV semaphores, ala semget(2). There are still a few tweaks being made, but the internal design hasn't changed in 24 hours so I figure it's safe to discuss the implementation.
For those who have joined OpenBSD during the last decade, you've missed out on someone special, Chuck Yerkes. Chuck contributed a lot to sendmail(8) and the various OpenBSD mailing lists. He was always willing to help others and took the time to provide useful and accurate advice. Chuck also had a vivid sense of humor ("Shirt, Shoes, Sober... --Pick Two").
LOPSA (League Of Professional System Administrators) recently announced the winner of the 2013 Chuck Yerkes Award:
For those of you who never got to know him, Chuck Yerkes was known for always being willing to help and mentor others both in person and on sysadmin mailing lists in the 1990's and early 2000's. Countless sysadmins over the years have learned from his postings. Chuck's intelligence, knowledge, and dedication to doing things right is something that is missing all too frequently in the on-line community. Unfortunately Chuck passed away in late 2004 after being involved in an accident on his way home from work.
In 2005 an award was created in his memory to annually honor a sysadmin who most embodies Chuck's spirit in assisting and mentoring other sysadmins. Each year the LOPSA awards committee sifts through sysadmin blogs, the LOPSA IRC channels, mailing lists, web forums and other sysadmin on-line resources in search of someone who is leading in contributions to the sysadmin community as Chuck did.
26 November 2013
In "Episode 012: Collecting SSHells" the media magicians of BSDNow bring us the BSD news of the week along with their weekly tutorial, "A guide to SSH and tmux". OpenBSD is the reference and development platform for both OpenSSH and tmux, so all of the newest features show up here first. Since they're both written to be portable and have an unrestrictive, freely reusable license, everyone can use them and many operating systems and/or distributions include them.
25 November 2013
Philipp Buehler ("double-p" or formerly pb@) wrote in to tell us about how he handles the problem of tearing down a stalled ipsec(4) connection when running tons of busy and important tunnels.
Since the early days of ipsec.conf(5) it's rather easy to add IPsec connections throughout the networks, so ipsec.conf(5) keeps getting longer and longer. The isakmpd(8) daemon is playing nice with it's (new) peers and the sun is shining - until it isn't. Think of five, ten or 25 tunnels humming critical traffic, and this new peer is just not accepting proposals or doing wrong in so many other ways. One ends up with half-up Phase 1 or Phase 2 connections, where either peer is trying hard to get its proposals through and one can only watch it.
Restart the whole thing? Eventually it will end with a working configuration for weirdo-peer, but it also gains angry customers losing their tunnels until it was figured out. Additionally, the mighty defaults of lifetimes will likely end in CPU spiking while calculating new keys all at the same time.
What to do about it? Obviously, it's per-tunnel configuration and especially bring-up and tear-down of individual working or not-so-working tunnels.
22 November 2013
FOSDEM 2014 will take place on 1-2 February, 2014, in Brussels, Belgium. Just like in the last years, there will be both a BSD booth and a developer's room (on Saturday).
The topics of the devroom include all BSD operating systems. Every talk is welcome, from internal hacker discussion to real-world examples and presentations about new and shiny features. The default duration for talks will be 45 minutes including discussion. Feel free to ask if you want to have a longer or a shorter slot.
If you already submitted a talk last time, please note that the procedure is slightly different.
OpenBSD developer Brian Callahan (bcallah@) wrote in to say:
The date of NYCBSDCon 2014 has been pushed back one week to Feb 8, 2014. This was due to flights and hotels being simply too expensive (the Super Bowl is being held in NY/NJ on Feb 2).
In case you missed it, earlier this week undeadly posted the announcement for the NYCBSDCon 2014 Call For Papers And Exposés
Some of the OpenBSD related talks are:
- Henning Brauer (henning@): the surprising complexity of checksums in TCP/IP (P7B, AsiaBSDCon 2013)
- Reyk Floeter (reyk@): OpenBSD relayd (P6B, AsiaBSDCon 2013)
- Reyk Floeter (reyk@): OpenIKED (P1B, AsiaBSDCon 2013)
- Eric Faurot (eric@): OpenSMTPD: We deliver! (P4B, AsiaBSDCon 2013)
- Takuya ASADA (syuu@): Implements BIOS emulation support for BHyVe: A BSD Hypervisor (P5A, AsiaBSDCon 2013)
- Peter Hessler (phessler@): Using BGP for Realtime import and export of OpenBSD SPAMD entries (P5B)
21 November 2013
At the end of October, very first Verisign vBSDCon was held near Washington D.C. at the Hyatt hotel in Dulles, Virginia. Reyk Floeter (reyk@) and Henning Brauer (henning@) were asked to give a joint presentation titled, "Inspecting Packets with OpenBSD and pf". Henning wrote in to tell us about his experience and give us the previous link to the presentation slides.
At BSDcan 2013 in Ottawa earlier this year, Michael Dexter got Reyk and myself together with Vincent Miller of Verisign, who was in the process of organizing vBSDcon. He asked us wether we could give a pf run-through presentation at vBSDcon. We quickly agreed on a way that makes it comfortable for Reyk and me. We flew over to IAD, the Washington D.C. international airport in Dulles, VA, where the conference was held. We found an amazingly well organized conference. Even though this was the first vBSDcon, it was obvious the team had experience in organizing events like that. Our talk [link to slides] was very well received, the audience was great, and I had a lot of fun on stage giving it with Reyk.
19 November 2013
OpenBSD developer Brian Callahan (bcallah@) wrote in to announce the NYCBSDCon 2014 Call For Papers (CFP) and Call For Exposés (CFE). The NYCBSDCon 2014 conference will be a day-long event held on February 1, 2014 at Suspenders Restaurant located at 111 Broadway just above Wall Street in downtown Manhattan, New York City. There are still some opportunities available to sponsor NYCBSDCon.
This year in addition to our usual CFP, we're also having something we've named a Call For Exposes (CFE). The NYCBSDCon Exposés will be demonstrations of BSD-based projects from developers and implementers.
As of now, I can tell you that I'm the one in charge of organizing the exposés and I'll be doing one. I'll be bringing Yeeloong and Octeon machines so attendees can get a first-hand look at the different OpenBSD/MIPS platforms and a chance to play with the hardware.
Please subscribe to the NYCBSDCon mailing list as it will have the most up-to-date information.
18 November 2013
Allan, Kris, and TJ of BSDNow have release Episode 011 of their show with a whole bunch of OpenBSD and OpenSSH related content. In the show and on their site, they've created an "Ultimate OpenBSD Router" tutorial. The interview this week is with Jamie Hyneman of the Mythbusters, but in the form of his far more famous and better known secret identity as Justin Sherrill (justin@DragonFlyBSD). The interview covers a number of topics including the release of DragonFlyBSD 3.6, some history of the project, and his efforts on the DragonFly Digest.
15 November 2013
Michael W. Lucas is the author of one of the suggested books about OpenBSD titled, "Absolute OpenBSD: UNIX for the Practical Paranoid". On November 13th, 2013 Michael gave a talk about OpenBSD to the Michigan User Group (mug.org). Videos of the talk are now available (links below), and the description from his blog reads:
Among other things, I compare OpenBSD to Richard Stallman and physically assault an audience member. (Brian was a very good sport, and learned an important lesson about volunteering, i.e. don't.) We also talk long long time, memory randomization, PF, BSD license versus GPL, Microsoft, and other OpenBSD stuff.
And, of course, the importance of the VAX.
Vagrant is a ruby-based open source programmatic management interface on top of virtualization (currently works with virtualbox, with planned support for kvm and others in future versions). Vagrant integrates with automated provisioning tools like puppet and chef to help you bring up the VM consistently every time (same package versions, same config files). If you mess up your OpenBSD VM beyond repair, then just destroy the instance and bring the VM back up again. It's great for learning, and allows you to make mistakes without having to reinstall OpenBSD.
14 November 2013
While attending vBSDcon 2013, Will Backman (bitgeist<at>yahoo<dot>com) of BSDTalk (also on BSDTalk blog and BSDTalk iTunes) interviewed Henning Brauer (henning@) about his work on OpenBSD. The (audio) interview is about thirty minutes long and covers topics like Henning's work on pf(4) and the new priority queuing system.
Thanks to Will Backman for all of the great BSD interviews he's done over the years.
13 November 2013
Theo de Raadt, founder of the OpenBSD project, will be giving an informal talk about... well, whatever he's comfortable talking about. We expect to hear something about OpenBSD, but the details will be a surprise for everyone (possibly even Theo)!
Food will be provided, courtesy of MUUG. All interested people are welcome. (There is no charge for this event.)
12 November 2013
On i386 and amd64 boot(8) support has been added for keydisk-based softraid crypto volumes. Undeadly editor Sean Cody (sean<at>tinfoilhat<dot>ca) did some testing and wrote in to tell us how to use this feature.
Read more...CVSROOT: /cvs Module name: src Changes by: email@example.com 2013/10/20 07:25:21 Modified files: sys/arch/amd64/stand/boot: conf.c sys/arch/amd64/stand/libsa: softraid.c sys/arch/i386/stand/boot: conf.c sys/arch/i386/stand/cdboot: conf.c sys/arch/i386/stand/libsa: softraid.c sys/arch/i386/stand/pxeboot: conf.c Log message: Add i386/amd64 boot(8) support for keydisk-based softraid crypto volumes.
09 November 2013
An OpenSSH Security Advisory (partially quoted below) was released a few hours ago. Markus Friedl (markus@) found and fixed the issue in this commit. The change has also been back-ported to OpenBSD 5.4, and OpenBSD 5.3 has been upgraded to OpenSSH 6.4 to fix this issue. Errata for OpenBSD 5.4 and OpenBSD 5.3 have been updated, and patches are available.
A memory corruption vulnerability exists in the post- authentication sshd process when an AES-GCM cipher (firstname.lastname@example.org or email@example.com) is selected during kex exchange. If exploited, this vulnerability might permit code execution with the privileges of the authenticated user and may therefore allow bypassing restricted shell/command configurations.
Please read the entire OpenSSH Security Advisory since it contains more information and may be updated.Read more...
08 November 2013
With a tiny commit log message, Sylvestre Gallon (syl@) makes a wonderfully huge change. Of course, there were tons of other commit log messages leading up to enabling fuse(4) support in OpenBSD, but this one turned on the lights so to speak. We tracked down Sylvestre to get more information on his efforts...
Read more...CVSROOT: /cvs Module name: src Changes by: syl@ 2013/11/01 07:54:45 Modified files: sys/conf : GENERIC lib : Makefile Log message: enable fuse. ok deraadt@
07 November 2013
Eric Faurot (eric@) has just committed an improved parser and format for the OpenSMTPD configuration file smtpd.conf(5). Since this is a change to both syntax and behaviour, you must check your configuration prior to upgrading. There are examples for configuration conversion on faq/current.html.
CVSROOT: /cvs Module name: src Changes by: firstname.lastname@example.org 2013/11/06 03:01:29 Modified files: usr.sbin/smtpd : bounce.c envelope.c lka.c lka_session.c mta.c mta_session.c parse.y ruleset.c smtp.c smtp_session.c smtpd.c smtpd.conf.5 smtpd.h ssl.c ssl.h to.c Log message: Much much improved config parser and related changes. Simplify code and do not impose an order on conditions and rule options.
06 November 2013
With the following commit, Jeremy Evans (jeremy@) has added OpenBSD XBox360 controller support as a uhid(4) device. As always when faced with an interesting commit message, the correct thing for any self-respecting undeadly editor to do is, well, start begging the developer for an interview...
Read more...CVSROOT: /cvs Module name: src Changes by: jeremy@ 2013/10/24 21:09:59 Modified files: sys/dev/usb : uhidev.c Added files: sys/dev/usb : uhid_rdesc.h Removed files: sys/dev/usb : ugraphire_rdesc.h Log message: Add support for Microsoft XBox 360 controller as a uhid. It doesn't use the standard interface class and doesn't have a report descriptor, so use a manually created one.
05 November 2013
Berlin was a really convenient hackathon location for me, since getting there from Hamburg feels like a little longer S-Bahn ride. The fast ICE train makes it only a 90 minute trip. I arrived half a day later than intended due to work interfering, but I quickly got going.
While looking for a solution for OSPF over IPsec, I found a lot of articles about how to do this over gre(4). The other possibility is to use gif(4) instead. I've tested both and was not quite happy with results. The gre(4) approach had some generic issues and the gif(4) approach had problems with multicast at times. Yet, I need to have "OSPF over IPsec" up and running.
Luckily, I remembered Theos' presentation about vether(4). While Theos' presentation was mostly written from developer perspective and not from administrators point of view, he left some clues about how this can be done.
The info below is how I do "OSPF over IPsec", or should I say "OSPF on top on vether on top of gif on top of IPsec".
02 November 2013
Allan, Kris, and TJ, the masterminds behind BSDNow, have released Episode 009 containing their interview of Henning Brauer (henning@) at EuroBSDCon 2013 in Malta. They also mention the recent work of Stefan Sperling (stsp@) on boot(8) support for keydisk-based softraid crypto volumes (undeadly will provide more in-depth coverage soon), the addition of XBox360 controller support by Jeremy Evans (jeremy@), and the previously covered addition of Unattended Installation support added by Uwe Stühler (uwe@).Read more...
01 November 2013
Comme tous les 6 mois, je me livre à l’exercice parmi les plus inutiles et complètement délirant, qui est plus un concept de faisabilité qu’une solution clé en mains : faire d’OpenBSD une base pour une utilisation bureautique.
Avec la sortie d’OpenBSD 5.4, on apprend qu’on peut trouver entre autres Gnome 3.8.3, LibreOffice 4.0.4, Xfce 4.10, Mozilla Firefox 3.6.28 et 22.0, Chromium 28, un début du support du KMS pour les circuits Intel, et plein de petites choses plus ou moins branchées sécurité comme OpenSSH 6.3
J’ai donc récupéré l’énorme ISO (220 Mo environ) d’OpenBSD 5.4 en 64bits.
[fred@fredo-arch ISO à tester]$ wget -c http://ftp.fr.openbsd.org/pub/OpenBSD/5.4/amd64/install54.iso
–2013-11-01 13:27:32– http://ftp.fr.openbsd.org/pub/OpenBSD/5.4/amd64/install54.iso
Résolution de ftp.fr.openbsd.org (ftp.fr.openbsd.org)… 188.8.131.52
Connexion vers ftp.fr.openbsd.org (ftp.fr.openbsd.org)|184.108.40.206|:80…connecté.
requête HTTP transmise, en attente de la réponse…200 OK
Longueur: 243050496 (232M) [application/octet-stream]
Sauvegarde en : «install54.iso»
100%[======================================>] 243 050 496 3,48MB/s ds 72s
2013-11-01 13:28:44 (3,21 MB/s) – «install54.iso» sauvegardé [243050496/243050496]
Pour OpenBSD 5.3, j’avais utilisé Xfce. Pour cette fois, je vais essayer avec Gnome 3.8.3, car apparemment, le Gnome-Shell serait fonctionnel sous OpenBSD…
OpenBSD 5.4 plantant au démarrage dans VirtualBox, je me suis replié sur Qemu
[fred@fredo-arch ISO à tester]$ qemu-img create -f qed disk.img 128G
Formatting 'disk.img', fmt=qed size=137438953472 cluster_size=65536 table_size=0
[fred@fredo-arch ISO à tester]$ kvm64 -hda disk.img -cdrom install54.iso -no-frame -boot order=cd &
J’utiliserais les bases jadis employées pour OpenBSD 5.2. Et si ça plante, je me replierais vers Xfce. On verra bien
L’installateur est toujours le même : le répulsif parfait pour grands débutants. Il est vrai qu’OpenBSD est un OS pour personnes, typiquement des grands débutants, qui veulent découvrir autre chose que Microsoft Windows ou Apple MacOS-X, c’est bien connu
C’est un outil en mode texte, qui pose quelques questions, et qui fonctionne. C’est ce qu’on lui demande, non ?!
J’ai utilisé les options par défaut pour tout. Cela m’a éviter de me poser des questions inutiles. J’apprécie que le compte utilisateur soit créé dès le départ.
Une fois l’installation terminée en me connectant en root – je sais, c’est pas bien – j’ai rentré ceci dans le fichier .profile :
J’ai rajouté quelques outils basiques, acceptant le choix par défaut s’il est proposé.
pkg_add -v zip unzip p7zip mc nano vim
L’ajout de Gnome ?
pkg_add -v gnome gnome-extra
J’ai rajouté dbus_daemon à la ligne pkg_script dans /etc/rc.conf, dixit le wiki d’openBSD France. Par malchance, quand j’ai lancé gdm, j’ai eu droit à l’écran de la mort de Gnome.
Je me suis donc replié sur Xfce. Dommage. Sûrement une manipulation manquante. Pas grave, on verra avec OpenBSD 5.5 en mai prochain. J’ai donc enlevé gnome et installé xfce à la place, en me basant sur l’article sur OpenBSD 5.3.
J’ai repris les mêmes outils à savoir Midori, Claws Mail, Exaile, LibreOffice. Pour pouvoir utiliser slim comme gestionnaire de connexion, j’ai rajouter le fichier ~/.xinitrc suivant :
Pour avoir un système qui reconnait le français dès le départ, j’ai modifié le fichier ~/.profile :
export LANG MM_CHARSET LC_ALL LC_COLLATE
J’ai fait une rapide vidéo. Le fond sonore ? Un extrait du deuxième album du groupe « The Black Atlantic », « Darkling I Listen ».
Comme pour l’article précédent, il est dommage que Xfce soit encore en franglais, mais il est très utilisable. Mise à part que quelques logiciels sont légèrement moins frais que pour une distribution GNU/Linux, l’idée un peu folle de pouvoir utiliser OpenBSD pour se faire une station bureautique devient de plus en plus une réalité
Par Frederic Bezies
November 1st 2013, Calgary, Alberta and elsewhere:
The OpenBSD project has announced the release of OpenBSD 5.4, the project's 35th release on a steady six month release cycle.
You can order a CDROM set to help support the project.
Notable advancements include new or extended platforms like octeon and beagle, moving VAX to ELF format, improved hardware support including Kernel Mode Setting (KMS), overhauled inteldrm(4), experimental support for fuse(4), reworked checksum handling for network protocols, OpenSMTPD 5.3.3, OpenSSH 6.3, over 7,800 ports, and many other improvements and additions.
29 October 2013
Petit en vrac’ pour me consacrer à un billet plus long qui vaudra son pesant d’arachide
- La distribution GNU/Linux que « l’on doit tester car elle a un fond d’écran marrant » : je demande la Makulu Linux, un Debian GNU/Linux testing anglophone, en 32 bits avec Xfce et un fond d’écran délirant. Gerinald de Terre-des-tux en parle mieux que moi.
- On respire un peu mieux : les dérivées d’Ubuntu n’attendaient que la sortie de la nouvelle version pour se renouveller. Joie ! L’exemple avec l’excellente Voyager 13.10. Je sens que Distrowatch et QuebecOS ne vont pas tarder à crouler sous les annonces !
- Fan de BSD libre ? En attendant OpenBSD 5.4 pour le vendredi 1er novembre, FreeBSD 10.0 beta2 est disponible pour les grands curieux.
- Pour les fans du panda roux, Mozilla Firefox 25 sort aujourd’hui. Les webzines vont-ils en parler ? Question existentielle s’il en est une
- Pour finir, parlons musique. Le groupe de rock progressif français In-Limbo annonce la sortie de son nouvel album pour le 6 novembre prochain. J’avoue que j’attends avec impatience ce nouvel opus. Leur premier album est toujours disponible si vous voulez découvrir leurs oeuvres, le torrent pour la version FLAC étant toujours vivant !
Bon mardi !
Par Frederic Bezies
28 October 2013
23 October 2013
I was intending to spend b2k13 working on the glass console subsystem, wsdisplay(4), and especially two areas: UTF-8 support on console, and loadable font support for raster displays (i.e. every display but text-mode vga).Read more...
17 October 2013
With a series of commits on October 12th, 2013, starting with this one, Henning Brauer (henning@) added the new queueing system to OpenBSD-current.
The altq(4) subsystem will stay in for a transition period, but if you don't want to transition just yet, you still have to make one tiny adjustment to your pf.conf. The Following -current FAQ has some pointers, while the updated pf.conf man page has all the details.
15 October 2013
The interview with Theo de Raadt:
- 8:10 Beginning of Interview
- 11:30 Introduction of Pro Police
- 12:10 Description of OpenBSD community
- 15:10 Kernel Mode Setting (KMS) Code
- 18:50 Theo's EuroBSDCon Keynote Address
- 23:50 Upcoming OpenBSD Projects
- 25:30 End of Interview
Also in this episode:
- 35:50 M:Tier Offers Long Term Ports Support for OpenBSD
- 37:30 Theo's efforts to start an Internet Exchange In Calgary
08 October 2013
This is intended as a stable production release, the code contained herein has been thoroughly tested in OpenBSD-current for a long time and is very close to what will be released with OpenBSD 5.4 on November 1, 2013.
04 October 2013
A while ago, the BSD Now guys published episode 3 of their podcast. This time, they talk about M:Tier's openup tool for downloading and installing security updates (@ 5:30) and there's an interview with Gilles Chehade (gilles@) and Eric Faurot (eric@) about OpenSMTPD (@ 9:00).
02 October 2013
Reyk Floeter has committed support for SNMP queries for snmpctl(8)
Hi, I just committed a simple SNMP client implementation to snmpctl/snmpd. You can use it as an in-tree alternative to net-snmp's snmpwalk/snmpget. Examples: $ snmpctl walk 127.0.0.1 $ snmpctl walk printer.my.domain version 1 oid printerWorkingGroup $ snmpctl -n walk 203.0.113.240 oid ifMIB community "blah" Limitations: - no SNMPv3/USM support yet - no bulk support yet (bulkwalk) - not so many fancy options. snmpd does not support loading of external MIB files, so you have to use net-snmp if you want to load additional MIBs for the symbolic name parsing. snmpctl only shows symbolic names there are found in snmpd's mib.h. Testing welcome, especially with non-snmpd(8) agents. Reyk
Since the initial commit, several subsequent commits have been made, notably implementing the snmp bulk walk command. As always, testing is essential to assure the quality of the coming release.
11 September 2013
The release song, "Our favorite hacks", is also available for download.
The release page's What's New section is still filling out, but reading the detailed change log leads to the inevitable conclusion: What's not to like? Whip out your credit card and order, now! Pre-orders will be processed on a first come basis.
A new BSD resource by the name of BSD Now has started up, and our very own Peter Hessler(phessler@) is interviewed in their inaugural podcast about his Using BGP for Realtime import and export of OpenBSD SPAMD entries paper.
You can download the presentation [ video | HD video | mp3 audio | ogg audio ] or watch the embedded version in your browser. Peter's segment begins at approximately 49:00 in the episode, and lasts for around 45 minutes.
06 September 2013
Lawrence Teo recently posted a guide on how to run MPLS:
A few months ago, I wrote a diff to simplify the calculation of ICMP extension header checksums in the OpenBSD kernel. It so happened that the code is only used by the OpenBSD MPLS subsystem. I didn’t have access to an OpenBSD-based MPLS network at the time, nor was I familiar with MPLS in general; so in the spirit of the OpenBSD hacker mantra “shut up and hack,” I set out to build a small MPLS test network to test my diff. :)
Link to the complete article here.
28 August 2013
Reader David Hill wrote in with an article explaining how to set up 6rd tunneling in OpenBSD:
There are many websites claiming OpenBSD doesn't support 6rd. There are also user-space 6rd implementations that do not work on OpenBSD.
Well, 6rd works just fine with OpenBSD if you do it manually.
21 August 2013
The BSDTalk podcast interviews Chris Cappuccio, developer of nsh and flashrd for OpenBSD. NSH is a CLI intended for OpenBSD-based network appliances, and flashrd creates OpenBSD images tailored for embedded hardware devices and for executing from a virtualized environment.
Editor's Note: our apologies to Mr. Backman for not publishing this in a more timely manner.