Re: Role of the package system when following -current
jared r r spiegel [EMAIL PROTECTED] writes: i also ought to mention that in my scenario i've switched entirely to using -current snapshots for the OS (eg reboot and then upg with bsd.rd) and not building base from source at all. (no 'cd /usr/src; make build') my life is WAY BETTER since doing that I can absolutely second that. Snapshots is the way to go for tracking -current, unless of course you're actively involved in developing some part of the system yourself and for that reason *need* to recompile parts to see if it all fits. Going via the occasional snapshot probably doesn't hurt then either, but others are better placed to supply the details of that. My general procedure is - 1) fetch installNN.iso and MD5 2) check that the md5 sums match if match burn CD else goto 1 ;; rarely happens, if it does, wait a little while 3) update source tree 4) run sysmerge 5) boot off cd, upgrade 6) go on doing whatever I was doing before 1) Depending on random factors I've done the pkg_add -vu with a sensible PKG_PATH either before or after the base system upgrade (and sometimes during step 3, as a matter of fact). In the rare event that the package upgrades do not all succeed, you get useful messages about why, and as Jared points out upthread, the thing to do in those cases us usually to wait until the packages have caught up. - P -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ Remember to set the evil bit on all malicious network traffic delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
pkill -HUP httpd won't fork new children
Dear List, I'm in the process of setting up httpd with ssl. When I want to reload the config with pkill -HUP httpd the parent process wouldn't fork the new children, so i have to kill it with level 9 and start httpd again. The other question is that what does kern.seminfo.semmni mean and what does it do? After i few httpd restart i had to increase this value, otherwise SSL won't work. Thank You!
Re: maybe OT 4 year anniversay of Chuck Yerkes death
Hi all, Not that OT i think I don't think it's off topic but others might. I'm writing this post to remember Chuck Yerkes, a long time contributor to the [EMAIL PROTECTED] list. http://www.sage.org/about/yerkes.html Chuck died 4 years ago today while riding his motorcycle. http://web.archive.org/web/20041012235249/http://www.contracostatimes.com/mld/cctimes/news/9511974.htm http://marc.theaimsgroup.com/?l=openbsd-miscm=109385676632581w=2 Just wanted to remember you Chuck, take it easy wherever you are. That s something we won't forget , many lessons have been posted by him and some of those where often funny and that way sort of life lesson .
Re: How much RAM is needed for cvs(1)?
Karl Sjodahl - dunceor [EMAIL PROTECTED] wrote: On Thu, Aug 28, 2008 at 7:23 AM, Tomas Bodzar [EMAIL PROTECTED] wrote: Hi all, I tried # cd /usr # export [EMAIL PROTECTED]:/cvs # cvs -d$CVSROOT checkout -P xenocara and after few minutes get Out of memory.I have 256MB RAM.That was running on tty0, on tty1 was only lynx with OBSD page.Before that I made checkout of src and every- thing OK. Is this problem with low memory or anything else? Thx This is a known limitation in cvs. If you use OpenCVS to check out Xenocara it succedes. Check http://marc.info/?l=openbsd-miscm=120765433708331w=2 and numerous other post about this on misc. Using opencvs on the server side also helps: [EMAIL PROTECTED]:/cvs m
Re: pkill -HUP httpd won't fork new children
On Thu, Aug 28, 2008 at 08:58:36AM +0200, G??bri M??t?? wrote: Dear List, I'm in the process of setting up httpd with ssl. When I want to reload the config with pkill -HUP httpd the parent process wouldn't fork the new children, so i have to kill it with level 9 and start httpd again. Restart won;t work because of chroot. See http://www.openbsd.org/faq/faq10.html#httpdchroot for some more details. The other question is that what does kern.seminfo.semmni mean and what does it do? After i few httpd restart i had to increase this value, otherwise SSL won't work. Thank You! If you kill http with kill -9 it will never cleanup. Use apachectl stop and then apachectl start for proper restarting. After an apachectl stop you can check with ipcs -s if there are still semaphores allocated to www (it happens once in a while they are not cleaned up up by apache). If so, remove them with ipcrm -s. If yo do that , you won't have to increase semmni. -Otto
Re: OpenBGPd: don't announce a specified prefix to a peer
On Wed, Aug 27, 2008 at 08:35:38PM -0401, jared r r spiegel wrote: On Wed, Aug 27, 2008 at 04:18:07PM +, Stuart Henderson wrote: On 2008-08-27, smartTERRA NOC [EMAIL PROTECTED] wrote: Hi, is there a way to dynamically deny prefixes learned via iBGP / IGP or have I to specify all the prefixes manually? Regards, Falk Communities. would: deny from peer i learn these prefixes in question from to peer i don't want to know about them also fly? No. That's an invalid syntax. -- :wq Claudio
Re: ospfd: redistribute statement per area
On Wed, Aug 27, 2008 at 11:39:27PM +0200, smartTERRA NOC wrote: Hi, AFAIK I can only set the redistribute statement for the whole configuration, but not for a single area. Is there any gentle way to provide two areas, one redistributing all connected network, and another area only redistributing a default route? redistribute adds AS-external LSA which are cross area so having per area redistribute options does not make sense. On the other hand stub areas are what you are looking for (a simple area without all the additional cross area LSAs). The problem is that stub area support in ospfd is not finished yet. -- :wq Claudio
Re: Role of the package system when following -current
Hi, I do check the ftp server regularly and look what date the current snapshot and the respective packages are of. If the packages snapshots have been updated since my last upgrade and the snapshots date and packages date are quite near together, I do update my system. For doing so I use the OpenBSD-binary-upgrade script [1], then I update my packages. Until now that worked quite well for 99% of the time. cheers Earin [1] http://www.xs4all.nl/~hanb/software/OpenBSD-binary-upgrade/
Re: pkill -HUP httpd won't fork new children
Thank You! 2008/8/28 Otto Moerbeek [EMAIL PROTECTED] On Thu, Aug 28, 2008 at 08:58:36AM +0200, G??bri M??t?? wrote: Dear List, I'm in the process of setting up httpd with ssl. When I want to reload the config with pkill -HUP httpd the parent process wouldn't fork the new children, so i have to kill it with level 9 and start httpd again. Restart won;t work because of chroot. See http://www.openbsd.org/faq/faq10.html#httpdchroot for some more details. The other question is that what does kern.seminfo.semmni mean and what does it do? After i few httpd restart i had to increase this value, otherwise SSL won't work. Thank You! If you kill http with kill -9 it will never cleanup. Use apachectl stop and then apachectl start for proper restarting. After an apachectl stop you can check with ipcs -s if there are still semaphores allocated to www (it happens once in a while they are not cleaned up up by apache). If so, remove them with ipcrm -s. If yo do that , you won't have to increase semmni. -Otto -- Gabri Mate [EMAIL PROTECTED] DuoSol Bt. http://www.duosol.hu [EMAIL PROTECTED]
Re: dd performance question
On Mon, Aug 25, 2008 at 06:58:30PM -0700, Neko wrote: Hi all, having a 250 GB drive on a PATA strip using lowest PIO mode (without dma if possible), drive specs show a 8 MB buffer , .. i had ran mine at 4mb block space thinking ill use the 16mb bus transfer divided at most in 4, per second, but i achieved that in a minute instead. this is really poor performance, 3 days for 250gb transfer at 4mb bs what do you expect ? PIO0 ist max. 3mbyte/sec, in reality more like 1-2mbyte/sec. that's 125000sec=34hours if you are lucky, 3days if you are unlucky. switch to UDMA4/5/6 and you will get 30mbyte/sec but no, I wan't no DMA and lowest PIO. some days one is really wondering... -sm
High interrupt count on OpenBSD 4.3/amd64 with driver azalia
Hi, I use a desktop system powered by OpenBSD 4.3-stable with GENERIC.MP kernel (amd64, up to date as of now). I listen music with mplayer while I work, and sometime my system feel very slow. A top show that CPU0 is spending 80% time in interrupts, and leaving mplayer calm the system down. Is there anything I can do to avoid that, or any information I can provide to help fix it ? Output of vmstat during the storm : $ vmstat -i ; date interrupt total rate irq0/clock 52831315 199 irq0/ipi 4333511 irq21/em0 20864337 irq22/ehci0 4190 irq16/azalia041947453 158 irq17/uhci31878320 irq18/uhci49042303 irq23/ehci1 3120 irq18/ahci0 2643142 10 irq1/pckbc0 88380 Total 101043325 382 Thu Aug 28 10:23:07 CEST 2008 $ vmstat -i ; date interrupt total rate irq0/clock 52832177 199 irq0/ipi 4333521 irq21/em0 20864547 irq22/ehci0 4190 irq16/azalia042571537 161 irq17/uhci31878330 irq18/uhci49042793 irq23/ehci1 3120 irq18/ahci0 2643151 10 irq1/pckbc0 88380 Total 101668352 384 Thu Aug 28 10:23:11 CEST 2008 This is 624084 interrupts for azalia0 in less than five seconds (wow). Normal rate is less than 100 interrupts for the same period of time. pcidump : 0:0:0: Intel 82Q35 Host 0:1:0: Intel 82Q35 PCIE 0:3:0: Intel 82Q35 HECI 0:3:2: Intel 82Q35 PT IDER 0:3:3: Intel 82Q35 KT 0:25:0: Intel ICH9 IGP AMT 0:26:0: Intel 82801I USB 0:26:1: Intel 82801I USB 0:26:7: Intel 82801I USB 0:27:0: Intel 82801I HD Audio 0:28:0: Intel 82801I PCIE 0:29:0: Intel 82801I USB 0:29:1: Intel 82801I USB 0:29:2: Intel 82801I USB 0:29:7: Intel 82801I USB 0:30:0: Intel 82801BA Hub-to-PCI 0:31:0: Intel 82801IO LPC 0:31:2: Intel 82801I AHCI 0:31:3: Intel 82801I SMBus 1:0:0: ATI Radeon HD 2400 XT dmesg : OpenBSD 4.3-stable (bsd) #2: Fri Jul 25 14:34:38 CEST 2008 [EMAIL PROTECTED]:/root/bsd real mem = 2111426560 (2013MB) avail mem = 2038558720 (1944MB) RTC BIOS diagnostic error 11memory_size mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.5 @ 0xf0450 (80 entries) bios0: vendor Dell Inc. version A09 date 03/11/2008 bios0: Dell Inc. OptiPlex 755 acpi0 at bios0: rev 2 acpi0: tables DSDT FACP SSDT APIC BOOT ASF! MCFG HPET TCPA SLIC SSDT SSDT SSDT acpi0: wakeup devices VBTN(S4) PCI0(S5) PCI4(S5) PCI2(S5) PCI3(S5) PCI1(S5) PCI5(S5) PCI6(S5) MOU_(S3) USB0(S3) USB1(S3) USB2(S3) USB3(S3) USB4(S3) USB5(S3) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Core(TM)2 Duo CPU E8200 @ 2.66GHz, 2660.38 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,CX16,xTPR,NXE,LONG cpu0: 6MB 64b/line 16-way L2 cache cpu0: apic clock running at 332MHz cpu1 at mainbus0: apid 1 (application processor) cpu1: Intel(R) Core(TM)2 Duo CPU E8200 @ 2.66GHz, 2659.99 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,CX16,xTPR,NXE,LONG cpu1: 6MB 64b/line 16-way L2 cache ioapic0 at mainbus0 apid 8 pa 0xfec0, version 20, 24 pins ioapic0: misconfigured as apic 0, remapped to apid 8 acpihpet0 at acpi0: 14318179 Hz acpiprt0 at acpi0: bus 3 (PCI4) acpiprt1 at acpi0: bus 2 (PCI2) acpiprt2 at acpi0: bus -1 (PCI3) acpiprt3 at acpi0: bus 1 (PCI1) acpiprt4 at acpi0: bus -1 (PCI5) acpiprt5 at acpi0: bus -1 (PCI6) acpiprt6 at acpi0: bus 0 (PCI0) acpicpu0 at acpi0: FVS, 2667, 2333, 2000 MHz acpicpu1 at acpi0: FVS, 2667, 2333, 2000 MHz acpibtn0 at acpi0: VBTN pci0 at mainbus0 bus 0: configuration mode 1 pchb0 at pci0 dev 0 function 0 Intel 82Q35 Host rev 0x02 ppb0 at pci0 dev 1 function 0 Intel 82Q35 PCIE rev 0x02: apic 8 int 16 (irq 11) pci1 at ppb0 bus 1 vga1 at pci1 dev 0 function 0 ATI Radeon HD 2400 XT rev 0x00 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) Intel 82Q35 HECI rev 0x02 at pci0 dev 3 function 0 not configured pciide0 at pci0 dev 3 function 2 Intel 82Q35 PT IDER rev 0x02: DMA (unsupported), channel 0 wired to native-PCI, channel 1 wired to native-PCI pciide0: using apic 8 int 18 (irq 9) for native-PCI interrupt pciide0: channel 0 ignored (not responding; disabled or no drives?) pciide0: channel 1 ignored (not responding; disabled or no drives?) Intel 82Q35 KT rev
Re: maybe OT 4 year anniversay of Chuck Yerkes death
I sorely miss his clever and funny comments. This list isn't the same without him. Rest in peace, Chuck. Or should I say hack in peace? :) On Wed, Aug 27, 2008 at 7:32 PM, Diana Eichert [EMAIL PROTECTED] wrote: I don't think it's off topic but others might. I'm writing this post to remember Chuck Yerkes, a long time contributor to the [EMAIL PROTECTED] list. http://www.sage.org/about/yerkes.html Chuck died 4 years ago today while riding his motorcycle. http://web.archive.org/web/20041012235249/http://www.contracostatimes.com/mld/cctimes/news/9511974.htm http://marc.theaimsgroup.com/?l=openbsd-miscm=109385676632581w=2 Just wanted to remember you Chuck, take it easy wherever you are. diana
4.2-stable Postgres
Hi, I am hoping someone here has run into this before, I didn't see anything worth while (or that I understood) via a google search. I guess specs first. I have running OpenBSD 4.2-stable with postgres 8.2.4. The database itself runs fine, but when I go to run a 'full vaccum' to reclaim space I get the following error, which appears to require me to rebuild the kernel. I am looking for some input on this before I break something. Thanks, here's the error from the logs below. WARNING: relation pg_toast.pg_toast_17723 contains more than max_fsm_pages pages with useful free space HINT: Consider compacting this relation or increasing the configuration parameter max_fsm_pages. INFO: free space map contains 181258 pages in 12 relations DETAIL: A total of 179200 page slots are in use (including overhead). 5618000 page slots are required to track all free space. Current limits are: 179200 page slots, 1000 relations, using 1115 kB. NOTICE: number of page slots needed (5618000) exceeds max_fsm_pages (179200) HINT: Consider increasing the configuration parameter max_fsm_pages to a value over 5618000. Aug 12 20:46:26 logdb savecore: no core dump Aug 12 20:46:29 logdb postgres[30182]: [1-1] FATAL: could not create shared memory segment: Invalid argument Aug 12 20:46:29 logdb postgres[30182]: [1-2] DETAIL: Failed system call was shmget(key=4225001, size=74702848, 03600). Aug 12 20:46:29 logdb postgres[30182]: [1-3] HINT: This error usually means that PostgreSQL's request for a shared memory segment exceeded your kernel's SHMMAX parameter. Aug 12 20:46:29 logdb postgres[30182]: [1-4] You can either reduce the request size or reconfigure the kernel with larger SHMMAX. To reduce the request size (currently Aug 12 20:46:29 logdb postgres[30182]: [1-5] 74702848 bytes), reduce PostgreSQL's shared_buffers parameter (currently 4096) and/or its max_connections parameter (currently Aug 12 20:46:29 logdb postgres[30182]: [1-6] 200). Aug 12 20:46:29 logdb postgres[30182]: [1-7]If the request size is already small, it's possible that it is less than your kernel's SHMMIN parameter, in which case raising Aug 12 20:46:29 logdb postgres[30182]: [1-8] the request size or reconfiguring SHMMIN is called for. Aug 12 20:46:29 logdb postgres[30182]: [1-9]The PostgreSQL documentation contains more information about shared memory configuration.
Re: ospfctl reload does not add virtual interfaces
On Wed, Aug 27, 2008 at 12:50 PM, Stuart Henderson [EMAIL PROTECTED] wrote: On 2008-08-27, Marco Matarazzo [EMAIL PROTECTED] wrote: # ospfctl reload # tail /var/log/messages Aug 27 11:36:39 sfw2 ospfd[12857]: configuration reload failed Adding a vlan and reloading works here on -current. [...] Perhaps running ospfd -dv and examining the output when you attempt to reload would give more clues. I think I found the culprit. It looks like adding virtual interfaces that were already configured at ospfd boot time make ospfd happy. It'll take the new configuration and begin announcing the new interface. Instead, if ospfd is already running, I then create a new interface, configure it, add it to ospfd.conf and reload, it'll tell me configuration reload failed. The message I see while running in verbose mode is: # ospfctl reload /etc/ospfd.conf:62: unnumbered interface carp400 if_del: interface carp334 if_del: interface carp333 if_del: interface carp332 if_del: interface carp331 if_del: interface carp330 if_del: interface carp329 if_del: interface carp328 if_del: interface carp327 if_del: interface carp326 if_del: interface carp325 if_del: interface carp324 if_del: interface carp323 if_del: interface carp322 if_del: interface carp320 if_del: interface carp321 if_del: interface carp318 if_del: interface carp317 if_del: interface carp316 if_del: interface carp315 if_del: interface carp314 if_del: interface carp223 if_del: interface carp217 if_del: interface carp212 if_del: interface carp208 if_del: interface carp206 if_del: interface carp205 if_del: interface carp204 if_del: interface carp203 if_del: interface carp194 if_del: interface carp192 if_del: interface carp161 if_del: interface carp15 if_del: interface carp14 if_del: interface carp13 if_del: interface carp12 if_del: interface carp11 if_del: interface carp10 if_del: interface carp9 if_del: interface carp8 if_del: interface carp7 if_del: interface carp6 if_del: interface carp4 if_del: interface carp3 if_del: interface em0 if_del: interface em1 if_del: interface em3 configuration reload failed carp400 is the interface that I created while ospf was running. Of course, the interface has correct addressing: # ifconfig vlan400 vlan400: flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST mtu 1500 lladdr 00:1b:21:0a:af:a8 vlan: 400 priority: 0 parent interface: em0 groups: vlan inet x.y.z.3 netmask 0xfff0 broadcast 213.171.191.15 # ifconfig carp400 carp400: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:00:5e:00:01:1e carp: MASTER carpdev vlan400 vhid 30 advbase 5 advskew 100 groups: carp inet x.y.z.1 netmask 0xfff0 broadcast 213.171.191.15 and if I kill and restart the daemon the config works just fine! Didn'try with a vlan yet, but may be this could be a problem related to all runtime created interfaces? Cheers, -- I'm Winston Wolf, I solve problems.
Re: pkill -HUP httpd won't fork new children
Gabri Mati escreveu: Thank You! 2008/8/28 Otto Moerbeek [EMAIL PROTECTED] On Thu, Aug 28, 2008 at 08:58:36AM +0200, G??bri M??t?? wrote: Dear List, I'm in the process of setting up httpd with ssl. When I want to reload the config with pkill -HUP httpd the parent process wouldn't fork the new children, so i have to kill it with level 9 and start httpd again. Restart won;t work because of chroot. See http://www.openbsd.org/faq/faq10.html#httpdchroot for some more details. The other question is that what does kern.seminfo.semmni mean and what does it do? After i few httpd restart i had to increase this value, otherwise SSL won't work. Thank You! If you kill http with kill -9 it will never cleanup. Use apachectl stop and then apachectl start for proper restarting. After an apachectl stop you can check with ipcs -s if there are still semaphores allocated to www (it happens once in a while they are not cleaned up up by apache). If so, remove them with ipcrm -s. If yo do that , you won't have to increase semmni. -Otto Worth mentioning that if you are using SSL, the commando to start apache with it is: apachectl startssl. My 2 cents, -- Giancarlo Razzolini http://lock.razzolini.adm.br Linux User 172199 Red Hat Certified Engineer no:804006389722501 Verify:https://www.redhat.com/certification/rhce/current/ Moleque Sem Conteudo Numero #002 OpenBSD Stable Ubuntu 8.04 Hardy Heron 4386 2A6F FFD4 4D5F 5842 6EA0 7ABE BBAB 9C0E 6B85
Re: 4.2-stable Postgres
On 2008-08-28, Morris, Roy [EMAIL PROTECTED] wrote: Hi, I am hoping someone here has run into this before, I didn't see anything worth while (or that I understood) via a google search. I guess specs first. I have running OpenBSD 4.2-stable with postgres 8.2.4. speaking from experience: don't forget to dumpall before you upgrade this machine. I like to add reminders about things like that to /etc/motd in case I have a spare half-hour in the future and think it might be a good idea to upgrade the machine, at which point I've usually forgotten about these things... Aug 12 20:46:29 logdb postgres[30182]: [1-1] FATAL: could not create shared memory segment: Invalid argument Aug 12 20:46:29 logdb postgres[30182]: [1-2] DETAIL: Failed system call was shmget(key=4225001, size=74702848, 03600). the 72MB requested here doesn't fit in the 32MB you get by default. /usr/local/share/doc/postgresql/README.OpenBSD tells you a bit about the kern.shminfo.shmmax sysctl...
Re: 4.2-stable Postgres
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Stuart Henderson Sent: Thursday, August 28, 2008 10:58 AM To: misc@openbsd.org Subject: Re: 4.2-stable Postgres On 2008-08-28, Morris, Roy [EMAIL PROTECTED] wrote: Hi, I am hoping someone here has run into this before, I didn't see anything worth while (or that I understood) via a google search. I guess specs first. I have running OpenBSD 4.2-stable with postgres 8.2.4. speaking from experience: don't forget to dumpall before you upgrade this machine. I like to add reminders about things like that to /etc/motd in case I have a spare half-hour in the future and think it might be a good idea to upgrade the machine, at which point I've usually forgotten about these things... Thanks, good idea for sure! Aug 12 20:46:29 logdb postgres[30182]: [1-1] FATAL: could not create shared memory segment: Invalid argument Aug 12 20:46:29 logdb postgres[30182]: [1-2] DETAIL: Failed system call was shmget(key=4225001, size=74702848, 03600). the 72MB requested here doesn't fit in the 32MB you get by default. /usr/local/share/doc/postgresql/README.OpenBSD tells you a bit about the kern.shminfo.shmmax sysctl... Yep, just read this again and I will try changing the value (now 50) to kern.shminfo.shmmax=83886080 and see how that goes. Thanks again.
Howto connect to several wireless network ?
Hi folks frequently i have the necessity to connect to several networks (my home, office and another public network ) How can perform it task ? NetBSD has a ifwatchd daemon which can help in this situations detected the up/down and monitor dynamic interfaces. Any help on it, can be really appreciated. Best regards ficovh
pf visualization
I am curious what tools people here use to visualize pf-generated logs and/or live traffic. What i'm basically looking for is a tool, that provides various stats about a pf firewall usage in a graphical way, but not only 'bytes in/bytes out' (i have that using snmp/cacti) but more detailed stuff like protocol and port distribution, IP based stats and whatnot. Thanks for any ideas beyond pftop, tcpdump, hatched, darkstat and ntop ;) Stephan
Re: pf visualization
On Thu, Aug 28, 2008 at 03:24:37PM +, Stephan A. Rickauer wrote: I am curious what tools people here use to visualize pf-generated logs and/or live traffic. What i'm basically looking for is a tool, that provides various stats about a pf firewall usage in a graphical way, but not only 'bytes in/bytes out' (i have that using snmp/cacti) but more detailed stuff like protocol and port distribution, IP based stats and whatnot. Thanks for any ideas beyond pftop, tcpdump, hatched, darkstat and ntop ;) If I ever get off my lazy ass and finish/package it up, maybe this? http://www.netflowdashboard.com/demo/ P.S. I just noticed it's actually somewhat useful in lynx as well. Go figure. :) -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net/
Re: 4.2 on alphaserver trying to compile inspircd
On Thu, Aug 28, 2008 at 12:19 AM, Philip Guenther [EMAIL PROTECTED]wrote: gcc only started permitting function attributes on function definitions (as opposed to function declarations) in very recent versions, newer than the versions included with OpenBSD. To be portable to earlier versions, move the CUSTOM_PRINTF macro usage to the function declaration If it's already there, then simply delete the one on the definition. If the function doesn't have a declaration, then add one, etc. Philip Guenther Adding a declaration solved the problem. Thank you!
Re: pf visualization
On 2008-08-28, Stephan A. Rickauer [EMAIL PROTECTED] wrote: I am curious what tools people here use to visualize pf-generated logs and/or live traffic. What i'm basically looking for is a tool, that provides various stats about a pf firewall usage in a graphical way, but not only 'bytes in/bytes out' (i have that using snmp/cacti) but more detailed stuff like protocol and port distribution, IP based stats and whatnot. Thanks for any ideas beyond pftop, tcpdump, hatched, darkstat and ntop ;) argus (in ports/net - http://qosient.com/argus/, as opposed to the other argus which is a server monitoring program) is a good collector/recorder, it has programs that can do some analysis on the data but you need to generate graphs yourself some way or other. the nfdump/nfprofile tools (also in ports) are interesting too, there's a web interface NfSen which is yet to be ported but can be manually installed without huge trouble. they need to work with a collector; our low-overhead one (pfflowd) needs mending to work with the changes to PF (hmm, now where did I put canacar's diff for that...) but there is also pcap-based softflowd which should be ok (I haven't tried it on the pflog interface, but if it works, that's probably the best way to use it, and if it doesn't work like that, it's relatively easy to add).
Re: Howto connect to several wireless network ?
On Thu, Aug 28, 2008 at 10:20 AM, Francisco Valladolid Hdez.
[EMAIL PROTECTED] wrote:
Hi folks
frequently i have the necessity to connect to several
networks (my home, office and another public network )
How can perform it task ?
NetBSD has a ifwatchd daemon which can help in this
situations detected the up/down and monitor dynamic
interfaces.
Any help on it, can be really appreciated.
Best regards
ficovh
As far as I know OpenBSD has no standard way to deal with this, but
what I do is make an /etc/wifi directory, in which I place a bunch of
scripts in hostname.if(5) format (call them e.g. /etc/wifi/home,
/etc/wifi/office) and then when I need to switch networks I use
something like this script:
#!/bin/sh
#net.sh #change name as desired
IF=ath0
ln -sf /etc/wifi/$1 /etc/hostname.${IF}
sudo sh /etc/netstart
and call it as
$net home
-Nick
Re: pf visualization
On Thu, Aug 28, 2008 at 9:52 AM, Jason Dixon [EMAIL PROTECTED] wrote: If I ever get off my lazy ass and finish/package it up, maybe this? http://www.netflowdashboard.com/demo/ VERY nice and simple Jason--which, unfortunately, is such a rarity. Here's to you getting your second wind ;) .
Re: pf visualization
perhaps pfsysinfo and pfstat. Some of the stuff you'll have to make your own graphs. -Parvinder Bhasin On Aug 28, 2008, at 8:24 AM, Stephan A. Rickauer wrote: I am curious what tools people here use to visualize pf-generated logs and/or live traffic. What i'm basically looking for is a tool, that provides various stats about a pf firewall usage in a graphical way, but not only 'bytes in/bytes out' (i have that using snmp/cacti) but more detailed stuff like protocol and port distribution, IP based stats and whatnot. Thanks for any ideas beyond pftop, tcpdump, hatched, darkstat and ntop ;) Stephan
Does anyone run OpenBSD on the Vortex86
I wanna buy a Vortex86 platform machine. The official website is:http://www.vortex86.com/index2.html Does anyone bought it before,and is this one can runs OpenBSD4.3 completely? I search the information about is CPU online found it don't have FPU,but not sure. Can you give me some idea.Thanks. Regards =)
Re: pf visualization
On Thu, Aug 28, 2008 at 12:25 PM, Daniel Melameth [EMAIL PROTECTED]wrote: On Thu, Aug 28, 2008 at 9:52 AM, Jason Dixon [EMAIL PROTECTED] wrote: If I ever get off my lazy ass and finish/package it up, maybe this? http://www.netflowdashboard.com/demo/ VERY nice and simple Jason--which, unfortunately, is such a rarity. Here's to you getting your second wind ;) . This would be a great asset to me.
Re: pf visualization
On 8/28/08 10:22 AM, Parvinder Bhasin wrote: perhaps pfsysinfo and pfstat. Some of the stuff you'll have to make your own graphs. -Parvinder Bhasin On Aug 28, 2008, at 8:24 AM, Stephan A. Rickauer wrote: I am curious what tools people here use to visualize pf-generated logs and/or live traffic. What i'm basically looking for is a tool, that provides various stats about a pf firewall usage in a graphical way, but not only 'bytes in/bytes out' (i have that using snmp/cacti) but more detailed stuff like protocol and port distribution, IP based stats and whatnot. Thanks for any ideas beyond pftop, tcpdump, hatched, darkstat and ntop ;) Gave up on pfstat because of a need to watch multiple interfaces. Currently using packetmischief's pf MIB with cacti: http://www.packetmischief.ca/openbsd/snmp/#pfmib It's working OK. dn
Re: Howto connect to several wireless network ?
28 August 2008 c. 18:20:48 Francisco Valladolid Hdez. wrote: Hi folks frequently i have the necessity to connect to several networks (my home, office and another public network ) How can perform it task ? NetBSD has a ifwatchd daemon which can help in this situations detected the up/down and monitor dynamic interfaces. Any help on it, can be really appreciated. Best regards ficovh ifstated(8) + ifconfig(8) (see -M option of ifconfig)? -- Best wishes, Vadim Zhukov
authpf shell is not terminating
Hello all, I have some strange difficulties with authpf shell on my OpenBSD 4.2 stable server. Everything works as expected but after the client tries to terminate session by CTRL+C, there is still an active process on the server related to this user. In fact it's not possible to close the session correctly by client. Could you please give me some clue what am I doing wrong? before CTRL+C -+= 21897 root sshd: user1[priv] (sshd) | \-+- 29963 user1sshd: [EMAIL PROTECTED] (sshd) | \--= 28195 user1 -authpf: [EMAIL PROTECTED] (authpf) - After CTRL+C -+= 21897 root sshd: user1 [priv] (sshd) | | \--- 29963 user1 sshd: [EMAIL PROTECTED] (sshd) authpf is not there anymore but ssh session is still active Thank you MK
Re: Howto connect to several wireless network ?
On Aug 28, 2008, at 12:48 PM, Vadim Zhukov wrote: ifstated(8) + ifconfig(8) (see -M option of ifconfig)? Interestingly, I had a script that would use ifconfig -M to figure out which AP it should use, sorted by rank (first match) and avoiding using generic or brand names. No match, and it would go to the strongest signal (default wifi behavior). I kind of wonder if that script is still around now.
Re: make update stores twice the packages
On Aug 28, 2008, at 1:36 PM, Stuart Henderson wrote: I don't think they are links, they are real copies. I am checking this with konqueror as su and it show clearly when the file is a link or a real file. That's not a good way to check. Try ls(1). It's likely that he doesn't know the difference between a soft and hard link. mac - you need a basic unix book. for now, read man ln
Re: pkill -HUP httpd won't fork new children
Giancarlo Razzolini wrote: Worth mentioning that if you are using SSL, the commando to start apache with it is: apachectl startssl. My 2 cents, From my experience, this is not necessary if you have httpd_flags=-DSSL in rc.conf.local. apachectl start will still start the secure server. Tom
Re: Howto connect to several wireless network ?
On Thu, Aug 28, 2008 at 4:05 PM, johan beisser [EMAIL PROTECTED] wrote: On Aug 28, 2008, at 12:48 PM, Vadim Zhukov wrote: ifstated(8) + ifconfig(8) (see -M option of ifconfig)? Interestingly, I had a script that would use ifconfig -M to figure out which AP it should use, sorted by rank (first match) and avoiding using generic or brand names. No match, and it would go to the strongest signal (default wifi behavior). I kind of wonder if that script is still around now. The trouble with that is that these days you rarely want to just connect to the first open wifi you see (and most wifi isn't open anyway). -Nick
Re: Howto connect to several wireless network ?
On Aug 28, 2008, at 4:06 PM, Nick Guenther wrote: The trouble with that is that these days you rarely want to just connect to the first open wifi you see (and most wifi isn't open anyway). Well, admittedly, it'd have to be rewritten and revised anyway. Ifstated(8) didn't exist the last time I ran OpenBSD exclusively on a laptop, and around the same time most wifi networks were pretty open and non-hostile.
packet corruption: bad cksum b565! differs by feff
I have a strange problem (at least to me). I have a small test network setup as follows: OBSD43 laptop =LAN= OBSD43 firewall =DMZ= OBSD43 server Almost with regularity, the first connection attempt (after some as yet undetermined amount of time) between the laptop and the server will hang and often time out depending on the application. I attached tcpdump to all interfaces involved and it would seem that the packets captured by tcpdump on the DMZ interface of the firewall are different than those actually sent out by the server (as per the capture on the server). The difference is only in a bad cksum: Aug 28 20:51:00.732550 00:02:fd:20:2c:51 00:30:68:01:00:10 0800 60: 192.168.1.81.995 192.168.2.92.1032: S [tcp sum ok] 1764937020:1764937020(0) ack 3182877356 win 16384 mss 1460 (DF) (ttl 64, id 57258, len 44, bad cksum b565! differs by feff) Indeed, the cksum on the packet as captured on the server was b465 not b565. Also, the difference, every time is always feff. So, the reason why the first connection (whether SSH, HTTP, HTTPS, IMAPS, etc.) hangs and sometimes times out is because of some bad cksum causing delays in the communication as the packet has to be retransmitted multiple times. This only appears to happen during the SYN/SYN+ACK/ACK sequence in establishing a connection. After that first connection, however, all the rest of the connections, even one to the same port, succeed without errors (for some period of time). Any ideas as to what could be causing this? And why would the difference in the cksum always be feff? Could it be a bad cable, bad switch, bad network card on the firewall/server? If any, why does it only seem to be the first connection attempt? On the server I have: rl0 at pci2 dev 10 function 0 Realtek 8139 rev 0x10: irq 9, address 00:30:bd:05:24:c2 rlphy0 at rl0 phy 0: RTL internal PHY On the firewall: rl0 at pci0 dev 16 function 0 Realtek 8139 rev 0x10: irq 9, address 00:30:68:01:00:10 rlphy0 at rl0 phy 0: RTL internal PHY On the laptop: wi0 at pcmcia0 function 0 Intel, PRO/Wireless 2011 LAN PC Card, 1.00 port 0xa000/64 wi0: Symbol PRISM2 HFA3841(EVB2) (0x8000), Firmware 2.1.2 (primary), 2.51.4 (station), address 00:03:47:b4:88:17 The switch on the DMZ is a Linksys 5 port. Although at this point I doubt it has anything to do with the laptop. Thanks, Ludwig
TUG BOAT URGENTLY NEEDED (OIL GAS) - MALAYSIA
Dear Sir, We are Oil Gas company in Malaysia looking for Anchor Handler Tug Supply (AHTS) vessel ( 5000 bhp and above ) for rent / purchase / hire as soon as possible. Should you have any further inquiries for specs and details, please do not hesitate to contact us by phone / sms ( short messaging system ) at : mobile +6012 - 2207 642 Thank You and best regards. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Indian Software Jobs group. To post to this group, send email to indiansoftwarejobs@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/indiansoftwarejobs -~--~~~~--~~--~--~---
