Re: apache 1.3.29 + PHP 5.2.6 on OpenBSD 4.4

[Johan Beisser]

Did you turn off chroot?

Also, why is Starting Pure-FTPd in the log?


On 11/16/08, Andrei Pirvan [EMAIL PROTECTED] wrote:
 Hello

 The problem I have is that default apache can't load PHP module. PHP
 was installed from packages (php5-core-5.2.6.tgz), so here is nothing
 custom made. The only error I have is when I try to start apache is
 when I make a configtest.

 # apachectl configtest
 Starting Pure-FTPd
 Processing config directory: /var/www/conf/modules/*.conf
  Processing config file: /var/www/conf/modules/php5.conf
 Syntax error on line 1 of /var/www/conf/modules/php5.conf:
 Cannot load /usr/local/lib/php/libphp5.so into server: Cannot load
 specified object

 Both httpd and php works well separately , and
 /usr/local/lib/php/libphp5.so exists.



-- 
Sent from my mobile device

Re: apache 1.3.29 + PHP 5.2.6 on OpenBSD 4.4

[Richard Toohey]

On 17/11/2008, at 7:37 PM, Andrei Pirvan wrote:


1. Why does it say Starting Pure-FTPd? Have no ideea. Anyway,
Pure-FTPd is already installed on the system, but don't know why it
shows here.


[snip]

Let's go back to the Pure-FTPd - is your apachectl shell script broken?

/usr/sbin/apachectl

 27 # the path to your httpd binary, including options if necessary
 28 HTTPD=/usr/sbin/httpd

That line 28 is correct on your system?

What happens if you do without apachectl? e.g.

# /usr/sbin/httpd -t
Processing config directory: /var/www/conf/modules/*.conf
 Processing config file: /var/www/conf/modules/php5.conf
Syntax OK

Re: apache 1.3.29 + PHP 5.2.6 on OpenBSD 4.4

[Girish Venkatachalam]

On 02:01:19 Nov 17, Daniel Ouellet wrote:


 This doesn't apply here because the library is pre-loaded before the  
 httpd is chrooted.

 More details:

 Pre-loading Shared Libraries

 To extend the functionality of the webserver it can dynamically load  
 shared libraries, e.g. a database access library. Shared libraries for a  
 binary program are normally loaded by the runtime linker when the  
 program is invoked (and thus before it can call the chroot system call).  
 Thus shared libraries like the mod_php PHP4 module, which is linked as a  
 shared library to the httpd program when it is started, impose no  
 problem. PHP4 will be available whether your httpd is started chrooted  
 or not because the shared library is loaded before the chroot() system  
 call is invoked. PHP4 itself, however, does dynamically load additional  
 functionality at runtime and as needed. If you try to access a  
 PostgreSQL function in PHP4 e.g. then it will fail in a chrooted httpd  
 because only the PHP4 module is dynamically linked to httpd but not the  
 PostgreSQL client library. The latter is loaded (mapped) to the running  
 httpd executable by PHP4.

 This was for php4 but also apply to php5 as the modules are loaded  
 before the chrooted take place.

 Hope this help this a little and to avoid users to run httpd with -u.

Thanks. ;)

I did not know this.

-Girish

Re: apache 1.3.29 + PHP 5.2.6 on OpenBSD 4.4

[Andrei Pirvan]

Thanks to all of you for ideas. Trying to figure out what was different
from a fresh install, I remembered that I mounted /var partition in
memory, so I checked the flags and found it it was mounted with noexec,
and disabling that fixed my problem. Thanks again for your time.

Re: Trouble setting up wireless

[Alexander Hall]

Dan wrote:

I am trying to set up an encrypted wireless network using at least WEP
or, if possible WPA-PSK. I know WPA-PSK is a very new functionality,


I wouldn't call it _very_ new... It's been around for some time now.


and wonder if anyone is using it successfuly. I have tried WEP and
WPA-PSK as per the manual page for 'ral', but to no avail. Clients
either can't connect or connect and can't communicate in either WEP or
PSK modes. Unencrypted connections to the ral host AP work perfectly. I
should mention that the Edimax card I am using has great signal - highly
recommend it.


First of all, your dmesg is missing. Make sure to include it in the
message text and not as an attachment since they are stripped.

Anyway, I assume you're talking about running the ral in hostap mode. I
cannot recall ever having any OS-related issues specifically related to
neither WEP nor WPA.

My current config that works just as well (or bad, if you prefer) as
non-encrypted stuff:

 $ sudo cat /etc/hostname.ral0  
 description Wireless (local interface)

 group wireless
 inet 192.168.19.254 255.255.255.0 NONE
 media autoselect mode auto mediaopt hostap chan 6 nwid *nwid* wpa wpapsk 
*wka-psk-generated key*
 up

[ That last 'up' is likely a leftover from earlier fiddling and probably
not needed. ]

Make sure you create the wpapsk key using ``/sbin/wpa-psk ssid
passphrase''. On windows machines, it's the passphrase that
should be entered.

/Alexander

Re: Fresh install question

[Alexander Hall]

Denny White wrote:

I've always tried to do a fresh install any time possible,
and then copy all my backed up /home and /data stuff back
to the new installed system. I'm just trying to figure out
if there's a way to keep those 2 slices intact while wiping
out and recreating everything else, i.e., /usr, /var,  /tmp.
I rebooted on the new 4.4 install cd and tried to see if there
was a different way to go about things but couldn't figure it
out there. I read up on disklabel  fdisk  googled around for
a couple of days before asking the list. So, if someone knows
where I can find some info on it, I'd really appreciate it. 


Something like replying no to Do you want to use the entire disk for 
openbsd could be a good start. I believe that would keep the existing 
partitions, and you could map them to their respective mount mounts 
again. I think, however, that you need to _not_ specify mount points for 
the file systems you want to preserve to prevent them from being newfs'd.


Since I seldom, if ever, do that kind of fresh reinstalls, you'd 
better compare the above with install.sh et al. In any way i think it 
should be possible, but pretty please do make those backups before 
anyway. :-)


/Alexander

Issues with FTP and PF

[Юрий Дмитришин]

Hi.

I have ftp server on vsftpd on ip 192.168.0.2 and a router 192.168.0.1. All 
ftp connections to 192.168.0.2 are fine but connections to my ext. ip (e.g. 
78.78.78.78) are refused.

Here's part of my pf.conf:

# WAN
vpn_if=tun0
# LAN
int_if=vr1
# External Address
ext_addr=78.78.78.78
# Server IP's
Srv=192.168.0.2

# NAT / Redirection
nat on $vpn_if from $int_if:network to any - ($vpn_if)

# FTP
nat-anchor ftp-proxy/*
rdr-anchor ftp-proxy/*
rdr on $vpn_if proto tcp from any to any port 21 - $Srv
rdr on $vpn_if proto tcp from any to any port 3:30099 - $Srv

# Actions with FTP
pass in on $vpn_if inet proto tcp to $ext_addr port 21 \
 flags S/SA keep state
 pass out on $int_if inet proto tcp to $Srv port 21 \
 user proxy flags S/SA keep state
anchor ftp-proxy/*

Here's my rc.conf.local:

ftpproxy_flags=-R 192.168.0.2 -p 21 -b 78.78.78.78

Thanks for your help.

-- 
Best, Yuriy A. Dmitrishin.

Issues with FTP and PF

[Yuriy A. Dmitrishin]

Hi.

I have ftp server on vsftpd on ip 192.168.0.2 and a router 192.168.0.1. All
ftp connections to 192.168.0.2 are fine but connections to my ext. ip (e.g.
78.78.78.78) are refused.

Here's part of my pf.conf:

# WAN
vpn_if=tun0
# LAN
int_if=vr1
# External Address
ext_addr=78.78.78.78
# Server IP's
Srv=192.168.0.2

# NAT / Redirection
nat on $vpn_if from $int_if:network to any - ($vpn_if)

# FTP
nat-anchor ftp-proxy/*
rdr-anchor ftp-proxy/*
rdr on $vpn_if proto tcp from any to any port 21 - $Srv
rdr on $vpn_if proto tcp from any to any port 3:30099 - $Srv

# Actions with FTP
pass in on $vpn_if inet proto tcp to $ext_addr port 21 \
 flags S/SA keep state
 pass out on $int_if inet proto tcp to $Srv port 21 \
 user proxy flags S/SA keep state
anchor ftp-proxy/*

Here's my rc.conf.local:

ftpproxy_flags=-R 192.168.0.2 -p 21 -b 78.78.78.78

Thanks for your help.

--
Best, Yuriy A. Dmitrishin.
--
P! QP2P0P6P5P=P8P5P, P.QP8P9 PPP8QQP8QP8P=.

Mount USB disk

[Christophe Rioux]

I try to mount an USB disk using FAQ14
(http://www.openbsd.org/faq/faq14.html)

dmesg:
umass0 at uhub0 port 4 configuration 1 interface 0 Cypress Semiconductor
USB2.0 Storage Device rev 2.00/0.01 addr 2
umass0: using SCSI over Bulk-Only
scsibus1 at umass0: 2 targets
sd0 at scsibus1 targ 1 lun 0: HTS72101, 0G9AT00,  SCSI0 0/direct fixed
sd0: 95396MB, 12161 cyl, 255 head, 63 sec, 512 bytes/sec, 195371568 sec
total

Disklabel sd0
disklabel: warning, DOS partition table with no valid OpenBSD partition
# /dev/rsd0c:
type: SCSI
disk: SCSI disk
label: 0G9AT00 
flags:
bytes/sector: 512
sectors/track: 63
tracks/cylinder: 255
sectors/cylinder: 16065
cylinders: 12161
total sectors: 195371568
rpm: 3600
interleave: 1
trackskew: 0
cylinderskew: 0
headswitch: 0   # microseconds
track-to-track seek: 0  # microseconds
drivedata: 0 

16 partitions:
#size   offset  fstype [fsize bsize  cpg]
  c:1953715680  unused  0 0  
  i:195366402   63NTFS   

mount /dev/sd0i /mnt
mount_ntfs: /dev/sd0i on /mnt: Operation not supported

What is wrong ?

Re: Mount USB disk

[Douglas A. Tutty]

On Mon, Nov 17, 2008 at 12:45:47PM +0100, Christophe Rioux wrote:
 I try to mount an USB disk using FAQ14
 (http://www.openbsd.org/faq/faq14.html)
 
 dmesg:
 umass0 at uhub0 port 4 configuration 1 interface 0 Cypress Semiconductor
 USB2.0 Storage Device rev 2.00/0.01 addr 2
 umass0: using SCSI over Bulk-Only
 scsibus1 at umass0: 2 targets
 sd0 at scsibus1 targ 1 lun 0: HTS72101, 0G9AT00,  SCSI0 0/direct fixed
 sd0: 95396MB, 12161 cyl, 255 head, 63 sec, 512 bytes/sec, 195371568 sec
 total
 
 Disklabel sd0
 disklabel: warning, DOS partition table with no valid OpenBSD partition

I think I remember reading in the 4.4 FAQ that this is no longer
supported.  Use fdisk to create a single bsd partition that takes up the
whole drive, then disklabel that partition.
 
 mount /dev/sd0i /mnt
 mount_ntfs: /dev/sd0i on /mnt: Operation not supported
 
 What is wrong ?
 

doug.

Re: Fresh install question

[Nick Holland]

Denny White wrote:
 I've always tried to do a fresh install any time possible,
 and then copy all my backed up /home and /data stuff back
 to the new installed system. I'm just trying to figure out
 if there's a way to keep those 2 slices intact while wiping
 out and recreating everything else, i.e., /usr, /var,  /tmp.
 I rebooted on the new 4.4 install cd and tried to see if there
 was a different way to go about things but couldn't figure it
 out there. I read up on disklabel  fdisk  googled around for
 a couple of days before asking the list. So, if someone knows
 where I can find some info on it, I'd really appreciate it. 

Just don't define mount points for the partitions you wish to
keep, and they won't be newfs'd (i.e., existing data will be
preserved).

AFTER the install, you will go in and edit /etc/fstab and add
your saved partitions.  Ta-da! your data is back.

Have a backup anyway, of course.  Sucks to fat-finger something
in the process...

Nick.

Re: Mount USB disk

[Nick Holland]

Christophe Rioux wrote:
 I try to mount an USB disk using FAQ14
 (http://www.openbsd.org/faq/faq14.html)
 
 dmesg:
 umass0 at uhub0 port 4 configuration 1 interface 0 Cypress Semiconductor
 USB2.0 Storage Device rev 2.00/0.01 addr 2
 umass0: using SCSI over Bulk-Only
 scsibus1 at umass0: 2 targets
 sd0 at scsibus1 targ 1 lun 0: HTS72101, 0G9AT00,  SCSI0 0/direct fixed
 sd0: 95396MB, 12161 cyl, 255 head, 63 sec, 512 bytes/sec, 195371568 sec
 total
 
 Disklabel sd0
 disklabel: warning, DOS partition table with no valid OpenBSD partition
 # /dev/rsd0c:
...
 
 16 partitions:
 #size   offset  fstype [fsize bsize  cpg]
   c:1953715680  unused  0 0  
   i:195366402   63NTFS   
   ==
 mount /dev/sd0i /mnt
 mount_ntfs: /dev/sd0i on /mnt: Operation not supported
=
 What is wrong ?

NTFS support isn't compiled into the kernel by default.

It is mentioned here:
http://www.openbsd.org/faq/faq14.html#foreignfs

Nick.

Re: Mount USB disk

[Otto Moerbeek]

On Mon, Nov 17, 2008 at 07:03:35AM -0500, Douglas A. Tutty wrote:

 On Mon, Nov 17, 2008 at 12:45:47PM +0100, Christophe Rioux wrote:
  I try to mount an USB disk using FAQ14
  (http://www.openbsd.org/faq/faq14.html)
  
  dmesg:
  umass0 at uhub0 port 4 configuration 1 interface 0 Cypress Semiconductor
  USB2.0 Storage Device rev 2.00/0.01 addr 2
  umass0: using SCSI over Bulk-Only
  scsibus1 at umass0: 2 targets
  sd0 at scsibus1 targ 1 lun 0: HTS72101, 0G9AT00,  SCSI0 0/direct fixed
  sd0: 95396MB, 12161 cyl, 255 head, 63 sec, 512 bytes/sec, 195371568 sec
  total
  
  Disklabel sd0
  disklabel: warning, DOS partition table with no valid OpenBSD partition
 
 I think I remember reading in the 4.4 FAQ that this is no longer
 supported.  Use fdisk to create a single bsd partition that takes up the
 whole drive, then disklabel that partition.

No, this is wrong. The problem just is that ntfs is not supported by
the GENERIC kernel.

-Otto

  
  mount /dev/sd0i /mnt
  mount_ntfs: /dev/sd0i on /mnt: Operation not supported
  
  What is wrong ?
  
 
 doug.

Re: apache 1.3.29 + PHP 5.2.6 on OpenBSD 4.4

[L. V. Lammert]

On Mon, 17 Nov 2008, Andrei Pirvan wrote:

 Hello

 # apachectl configtest
 Starting Pure-FTPd
 Processing config directory: /var/www/conf/modules/*.conf
  Processing config file: /var/www/conf/modules/php5.conf
 Syntax error on line 1 of /var/www/conf/modules/php5.conf:
 Cannot load /usr/local/lib/php/libphp5.so into server: Cannot load
 specified object


In 4.3, is not the default apache module location:

/usr/lib/apache/modules/libphp5.so

[That's where it lives on our servers, ..]

Lee

==
 Leland V. Lammert[EMAIL PROTECTED]
  Chief ScientistOmnitec Corporation
 Network/Internet Consultants www.omnitec.net
==

MP3 $105 MP4 $150 MicroSD $45 Samsung 8MP $620 PlayStation2 $750 GPS Garmin $850 OFERTAS!!

[Blaster PC - Informatica Tech]

Estimado,


Pasamos a informar las ofertas del mes de Noviembre:


Reproductores MP3:

Reproduce MP3 - Trae Radio FM - Grabador de Voz - Funciona tambien como Pendrive

MP3 1 GIGA - $ 105

MP3 2 GIGA - $ 125

MP3 4 GIGA - $ 190


Reproductores MP4:

Reproduce MP4, MP3 - Trae Radio FM - Grabador de Voz - Funciona tambien como 
Pendrive

MP4 1 GIGA - $ 150

MP4 2 GIGA - $ 180

MP4 4 GIGA - $ 230


Reproductores MP5-MP4-MP3 con Camara de Fotos Filma 1.3 MegaPixel:

Reproduce MP4, MP3 - Trae Radio FM - Grabador de Voz - Funciona tambien como 
Pendrive - 
Camara

MP5 2 GIGA - $ 250

MP5 4 GIGA - $ 300

MP5 8 GIGA - $ 370

 

Reproductor MP6/PMP:

   Memoria de 2 Giga, ampliable a 4 - LCD deslizable de 2.8 - Juegos 
32 BIT
   Reprodruce MP4/MP3 - Camara de Fotos/Filma 3 MP - Salida a TV
   $ 300

   Video del reproductor MP6

 

GPS GARMIN NUVI 200 - $ 850

Cobertura nacional. Pantalla tactil LCD 3.5. Navegacion por voz. No requiere 
instalacion.

 

Camaras Digitales:

   KODAK C713 - 7 MP - Zoom Optico 3X - 1250 ISO - $ 470

   KODAK C813 - 8,2 MP - Zoom Optico 3X - 1250 ISO - $ 530

   KODAK V1073 - 10 MP - Zoom Optico 3X - 8000 ISO - Pantalla 
TouchScreen - $ 1200

   SAMSUNG S860 - 8,1 MP - Zoom Optico 3X - 1000 ISO - $ 620

   CANON A470 - 7,1 MP - Zoom Optico 3,4X - 1600 ISO - $ 600

   CANON A590IS - 8 MP - Zoom Optico 4X - 1600 ISO - $ 800

   NIKON L14 - 7,1 MP - Zoom Optico 3X - 1000 ISO - $ 630

   NIKON L18 - 8 MP - Zoom Optico 3X - 1600 ISO - Pantalla LCD 3 Pulg. 
- $ 750

   NIKON S52 - 9 MP - Zoom Optico 3X - 3200 ISO - Pantalla LCD 3 Pulg. 
- $ 1150

   SONY DSC-S730 7,2 MP - Zoom Optico 3X - 1250 ISO - $ 600

   SONY DSC-T20 - 8 MP - Zoom Optico 3X - 3200 ISO - $ 990

   PANASONIC LZ8 - 8,1 MP - Zoom Optico 5X - 1600 ISO - $ 850

 

Celular Clon IPHONE - Pantalla TouchScreen + BlueTooth + ShakeControl + Dual 
Chip - $ 1150

Pantalla LCD 3.5 Pulgadas sensible al tacto - ShakeControl - Camara Fotos/Filma 
2 MegaPixel 
- Reproduce MP3/MP4 - Bluetooth - Memoria 1 Giga, Expandible a 8- Posibilidad 
de usarlo con 
2 Chips a la vez - Invierte la imagen/video al girarlo - Liberado

Video del celular SciPhone i68+

 

Celular Simil IPHONE - Pantalla TouchScreen + BlueTooth + Dual Chip - $ 1000

Pantalla LCD 3.5 Pulgadas sensible al tacto - Camara Fotos/Filma 2 MegaPixel - 
Reproduce 
MP3/MP4 - Bluetooth - Posibilidad de usarlo con 2 Chips a la vez - Liberado

 

Memorias para Celulares y Camaras Digitales:

M2 1 GB - $ 80
M2 2 GB - $ 110
M2 4 GB - $ 190


SD / MICRO SD 1 GB - $ 45
SD /  MICRO SD 2 GB - $ 65
SD / MICRO SD 4 GB - $ 120

 

PLAY STATION 2:


PLAY STATION 2 COMBO - CHIPEADA LEE TODOS LOS JUEGOS$ 850!! 

   + 2 JOYSTICKS + 5 JUEGOS + MEMORY CARD
LEE TODOS LOS DVD!!
  

PLAY STATION 2 - CHIPEADA + 5 JUEGOS$ 750!!

LEE TODOS LOS DVD!! + 5 JUEGOS

BASE VERTICAL PARA PLAY STATION 2 - $ 50

JOYSTICK SONY DUALSHOCK2 SPCH-10010 - $ 80

MEMORY CARD SONY 8 MEGA - $ 50

 

Stereos para vehiculos - MP3 + Control Remoto:

   SONY CDX-GT270 - $ 600

   PIONEER DEH-2050MP - $ 600

   PIONEER DEH-3000IB - $ 700

   PIONEER DEH-4000UB - Con entrada USB - $ 900

Informatica:

  

  Router WiFi Linksys WRT54G2 - 4 Puertos para PC c/cable - $ 250

 

  Webcam Genius - $ 50


  Grabadora DVD SAMSUNG/LG 20X - $ 105


  Monitor SAMSUNG  17  794V BLACK - $ 400

 

Monitores LCD Samsung/LG:

  SAMSUNG 632NW / LG W1642S-PF 16  - $ 630

  SAMSUNG 740NW 17  - $ 720

  SAMSUNG 943NWX / LG W1942S-PF 19  - $ 810

  SAMSUNG 2043NWX / LG W2042S-PF 20  - $ 860

  SAMSUNG 2253NW / LG W2252S-PF 22  - $ 1.150   


Discos Rigidos SATA2:


  WESTERN DIGITAL 160 GB - $ 190

  WESTERN DIGITAL 250 GB - $ 230

  WESTERN DIGITAL 320 GB - $ 260

  SAMSUNG 400 GB - $ 310


Pendrive USB KINGSTON/SANDISK:


  1 GB - $ 40

  2 GB - $ 60

  4 GB - $ 80

  8 GB - $ 140


Memorias DDR2:


 1 GIGA - $ 80

 2 GIGA - $ 150

 

Memorias DDR:

   512 MEGA - $ 80

   1 GB - $ 150

 

Cargadores de Pilas - Pilas AA - AAA:

 Cargador Rapido Noga - $ 50

 Pilas Noga AAA 1100 mAh - $ 13 C/U

 

Consultanos por otros articulos de hardware/electronica. Notebooks, 
Proyectores, TV LCD, 
PCs a medida, Procesadores, Motherboards, Placas de Video, Home Theathers, etc.


Podes contactarnos via:

MSN: [EMAIL PROTECTED]

Cel.: (0341) 153 - 41 28 96

Re: Fresh install question

[Jorge Valbuena]

One simple thing that i will try is:

If is already installed OpenBSD 4.2 and  wants to install 4.3 or 4.4 , first 
take a look at the /etc/fstab file and write down the name of the /home 
partition

/dev/wd0h /home ffs rw,nodev,nosuid 1 2


When installing the new version leave untouched that partition,  and after 
first boot put the line manually in your new /etc/fstab

I hope this can help !

Jorge




 Original-Nachricht 
 Datum: Mon, 17 Nov 2008 01:14:46 -0600
 Von: Denny White [EMAIL PROTECTED]
 An: OpenBSD Questions misc@openbsd.org
 Betreff: Fresh install question

 I've always tried to do a fresh install any time possible,
 and then copy all my backed up /home and /data stuff back
 to the new installed system. I'm just trying to figure out
 if there's a way to keep those 2 slices intact while wiping
 out and recreating everything else, i.e., /usr, /var,  /tmp.
 I rebooted on the new 4.4 install cd and tried to see if there
 was a different way to go about things but couldn't figure it
 out there. I read up on disklabel  fdisk  googled around for
 a couple of days before asking the list. So, if someone knows
 where I can find some info on it, I'd really appreciate it. 
 
 
 -- 
 
 Denny White
 
 ===
 GnuPG key  : 0x1644E79A  |  http://wwwkeys.nl.pgp.net
 Fingerprint: D0A9 AD44 1F10 E09E 0E67  EC25 CB44 F2E5 1644 E79A
 ===

-- 
Ist Ihr Browser Vista-kompatibel? Jetzt die neuesten 
Browser-Versionen downloaden: http://www.gmx.net/de/go/browser

soekris net4501 and openbsd 4.4 constant reboot problem

[andrew stack]

To all:

I've noticed that my soekris net4501 box constantly reboots with  
openbsd 4.4 patchlevel 005.  It's just a pf/nat router on a  
residential broadband cable modem.  My guess is perhaps there is  
something wrong with the
actual sis0 interface?.?.?  Anybody else having these problems?  Fwiw,  
the net4501 has three interfaces, eth0, eth1 eth2.  eth0 is the  
internet side of the box, gets a dynamic ip address from the cable  
company, and eth1 (sis1) is a static 192.168.20/24 that serves dhcp to  
all of it's 5 clients.  Eth2 is not being used yet.


Initially this box was an IPSEC endpoint - that used a gre tunnel to  
another openbsd box - it rebooted - every 4 hours, and now that I took  
down the IPSEC tunnel, the box will reboot every  48 hours.  weird.


below is output from dmesg.  Any help would be appreciated.  I had 4.2  
running on this boxand it seemed real stable.  I'll probably go  
back to 4.2 and test or i'll try to use eth1 and eth2 instead.


regards,

-andrew-

Nov 16 14:52:43  hostname.com.com/bsd: uvm_fault(0xd083df80,  
0x9980, 0, 3) - e

Nov 16 14:52:43 hostname.com.com /bsd: kernel: page fault trap, code=0
Nov 16 14:52:43 hostname.com.com/bsd: Stopped atsis_rxeof+0xcf:  
movl%edi,
Nov 16 14:52:43hostname.com.com /bsd: OpenBSD 4.4 (GENERIC) #1: Sun  
Nov  9 02:47:08 EST 2008










OpenBSD 4.4 (GENERIC) #1: Sun Nov  9 02:47:08 EST 2008
:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: AMD Am486DX4 W/B or Am5x86 W/B 150 (AuthenticAMD 486-class)
cpu0: FPU
real mem  = 66678784 (63MB)
avail mem = 55017472 (52MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 20/80/03, BIOS32 rev. 0 @  
0xf7840

pcibios0 at bios0: rev 2.0 @ 0xf/0x1
pcibios0: pcibios_get_intr_routing - function not supported
pcibios0: PCI IRQ Routing information unavailable.
pcibios0: PCI bus #0 is the last bus
bios0: ROM list: 0xc8000/0x9000
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
elansc0 at pci0 dev 0 function 0 AMD ElanSC520 PCI rev 0x00:  
product 0 stepping 1.1, CPU clock 133MHz, reset 0

gpio0 at elansc0: 32 pins
sis0 at pci0 dev 18 function 0 NS DP83815 10/100 rev 0x00,  
DP83816A: irq 10, address 00:00:24:ca:cb:68

nsphyter0 at sis0 phy 0: DP83815 10/100 PHY, rev. 1
sis1 at pci0 dev 19 function 0 NS DP83815 10/100 rev 0x00,  
DP83816A: irq 11, address 00:00:24:ca:cb:69

nsphyter1 at sis1 phy 0: DP83815 10/100 PHY, rev. 1
sis2 at pci0 dev 20 function 0 NS DP83815 10/100 rev 0x00,  
DP83816A: irq 5, address 00:00:24:ca:cb:6a

nsphyter2 at sis2 phy 0: DP83815 10/100 PHY, rev. 1
isa0 at mainbus0
isadma0 at isa0
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
com0: console
com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard
wdc0 at isa0 port 0x1f0/8 irq 14
wd0 at wdc0 channel 0 drive 0: SanDisk SDCFH-2048
wd0: 4-sector PIO, LBA, 1953MB, 4001760 sectors
wd0(wdc0:0:0): using BIOS timings
pcppi0 at isa0 port 0x61
midi0 at pcppi0: PC speaker
spkr0 at pcppi0
npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
biomask f3c5 netmask ffe5 ttymask 
softraid0 at root
root on wd0a swap on wd0b dump on wd0b

Logging interface state changes

[(private) HKS]

My apologies if this has already been addressed, but I couldn't find
it in the man pages or mailing list archives.

Is there a way to enable logging of network interface state changes on
OpenBSD 4.3 or 4.4? This is mostly for forensic purposes - obviously
I'll know if my firewall loses its ethernet connection, but if
something starts flapping I'd like to be able to see it in my logs
rather than trying to catch it in the act.

My hosts are using mostly vic and vr drivers, and neither seems to
care whether the debug option is enabled.

Thanks for the help. dmesg for one of my Soekris (vr) boxes below.

-HKS



OpenBSD 4.3 (GENERIC) #698: Wed Mar 12 11:07:05 MDT 2008
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Geode(TM) Integrated Processor by AMD PCS (AuthenticAMD
586-class) 500 MHz
cpu0: FPU,DE,PSE,TSC,MSR,CX8,SEP,PGE,CMOV,CFLUSH,MMX
real mem  = 536440832 (511MB)
avail mem = 510664704 (487MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 20/70/03, BIOS32 rev. 0 @ 0xfac40
pcibios0 at bios0: rev 2.0 @ 0xf/0x1
pcibios0: pcibios_get_intr_routing - function not supported
pcibios0: PCI IRQ Routing information unavailable.
pcibios0: PCI bus #0 is the last bus
bios0: ROM list: 0xc8000/0xa800
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 1 function 0 AMD Geode LX rev 0x31
glxsb0 at pci0 dev 1 function 2 AMD Geode LX Crypto rev 0x00: RNG AES
vr0 at pci0 dev 6 function 0 VIA VT6105M RhineIII rev 0x96: irq 11,
address 00:00:24:ca:3f:58
ukphy0 at vr0 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI
0x004063, model 0x0034
vr1 at pci0 dev 7 function 0 VIA VT6105M RhineIII rev 0x96: irq 5,
address 00:00:24:ca:3f:59
ukphy1 at vr1 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI
0x004063, model 0x0034
vr2 at pci0 dev 8 function 0 VIA VT6105M RhineIII rev 0x96: irq 9,
address 00:00:24:ca:3f:5a
ukphy2 at vr2 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI
0x004063, model 0x0034
vr3 at pci0 dev 9 function 0 VIA VT6105M RhineIII rev 0x96: irq 12,
address 00:00:24:ca:3f:5b
ukphy3 at vr3 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI
0x004063, model 0x0034
glxpcib0 at pci0 dev 20 function 0 AMD CS5536 ISA rev 0x03: rev 0,
32-bit 3579545Hz timer, watchdog, gpio
gpio0 at glxpcib0: 32 pins
pciide0 at pci0 dev 20 function 2 AMD CS5536 IDE rev 0x01: DMA,
channel 0 wired to compatibility, channel 1 wired to compatibility
wd0 at pciide0 channel 0 drive 0: SanDisk SDCFH-2048
wd0: 4-sector PIO, LBA, 1953MB, 4001760 sectors
wd0(pciide0:0:0): using PIO mode 4, DMA mode 2
pciide0: channel 1 ignored (disabled)
ohci0 at pci0 dev 21 function 0 AMD CS5536 USB rev 0x02: irq 15,
version 1.0, legacy support
ehci0 at pci0 dev 21 function 1 AMD CS5536 USB rev 0x02: irq 15
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 AMD EHCI root hub rev 2.00/1.00 addr 1
isa0 at glxpcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard
pcppi0 at isa0 port 0x61
midi0 at pcppi0: PC speaker
spkr0 at pcppi0
nsclpcsio0 at isa0 port 0x2e/2: NSC PC87366 rev 9: GPIO VLM TMS
gpio1 at nsclpcsio0: 29 pins
npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
pccom0: console
pccom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
usb1 at ohci0: USB revision 1.0
uhub1 at usb1 AMD OHCI root hub rev 1.00/1.00 addr 1
biomask e5c5 netmask ffe5 ttymask ffe7
mtrr: K6-family MTRR support (2 registers)
softraid0 at root
root on wd0a swap on wd0b dump on wd0b

Re: Logging interface state changes

[Daniel Melameth]

On Mon, Nov 17, 2008 at 10:35 AM, (private) HKS [EMAIL PROTECTED] wrote:
 My apologies if this has already been addressed, but I couldn't find
 it in the man pages or mailing list archives.

 Is there a way to enable logging of network interface state changes on
 OpenBSD 4.3 or 4.4? This is mostly for forensic purposes - obviously
 I'll know if my firewall loses its ethernet connection, but if
 something starts flapping I'd like to be able to see it in my logs
 rather than trying to catch it in the act.

man ifstated

Re: Issues with FTP and PF

[Dan]

Yuriy A. Dmitrishin([EMAIL PROTECTED])@2008.11.17 12:47:51 +0200:
 Hi.
 
 I have ftp server on vsftpd on ip 192.168.0.2 and a router 192.168.0.1. All
 ftp connections to 192.168.0.2 are fine but connections to my ext. ip (e.g.
 78.78.78.78) are refused.
 

I think you are missing pass out tcp on ext and vpn. I had a similar
problem as well. My rdr did not work until I set pass out tcp on the
ext_if.

Re: Issues with FTP and PF

[James Records]

Try this:

replace this line:
pass in on $vpn_if inet proto tcp to $ext_addr port 21 \
flags S/SA keep state
with this:
pass in on $vpn_if inet proto tcp to $Srv port 21 \
flags S/SA keep state

Remember rdr's happen before filtering, so when pf see's this packet it will
have already been translated to the server address.

If that doesn't fix it, see what is getting logged.

J


On Mon, Nov 17, 2008 at 2:43 AM, `RIJ dMITRI[IN [EMAIL PROTECTED] wrote:

 Hi.

 I have ftp server on vsftpd on ip 192.168.0.2 and a router 192.168.0.1.
 All
 ftp connections to 192.168.0.2 are fine but connections to my ext. ip
 (e.g.
 78.78.78.78) are refused.

 Here's part of my pf.conf:

 # WAN
 vpn_if=tun0
 # LAN
 int_if=vr1
 # External Address
 ext_addr=78.78.78.78
 # Server IP's
 Srv=192.168.0.2

 # NAT / Redirection
 nat on $vpn_if from $int_if:network to any - ($vpn_if)

 # FTP
 nat-anchor ftp-proxy/*
 rdr-anchor ftp-proxy/*
 rdr on $vpn_if proto tcp from any to any port 21 - $Srv
 rdr on $vpn_if proto tcp from any to any port 3:30099 - $Srv

 # Actions with FTP
 pass in on $vpn_if inet proto tcp to $ext_addr port 21 \
 flags S/SA keep state
  pass out on $int_if inet proto tcp to $Srv port 21 \
 user proxy flags S/SA keep state
 anchor ftp-proxy/*

 Here's my rc.conf.local:

 ftpproxy_flags=-R 192.168.0.2 -p 21 -b 78.78.78.78

 Thanks for your help.

 --
 Best, Yuriy A. Dmitrishin.

Re: Logging interface state changes

[(private) HKS]

On Mon, Nov 17, 2008 at 12:49 PM, Daniel Melameth [EMAIL PROTECTED] wrote:
 On Mon, Nov 17, 2008 at 10:35 AM, (private) HKS [EMAIL PROTECTED] wrote:
 My apologies if this has already been addressed, but I couldn't find
 it in the man pages or mailing list archives.

 Is there a way to enable logging of network interface state changes on
 OpenBSD 4.3 or 4.4? This is mostly for forensic purposes - obviously
 I'll know if my firewall loses its ethernet connection, but if
 something starts flapping I'd like to be able to see it in my logs
 rather than trying to catch it in the act.

 man ifstated



Thanks for the reference, that is definitely capable of doing what I
want. Is there any way that I'm missing to enable logging with a
generic statement, rather than configuring each interface
individually? That will work, of course, but it's much less
maintainable.

-HKS

vpn with an iphone

[jul]

Hello

has someone setup a vpn tunnel between openbsd and an iphone ?

it seems ipsec part is strictly limited to cisco ipsec with a user
account/password so not good for us.
Else there is pptp and l2tp but i'm not sure there is anything in base
to do this.
Ports seems to only have pptp as a client and i'm looking for server.

any informations ?

thanks a lot
Cheers

Re: vpn with an iphone

[Johan Beisser]

PoPToP is in ports.



On 11/17/08, jul [EMAIL PROTECTED] wrote:
 Hello

 has someone setup a vpn tunnel between openbsd and an iphone ?

 it seems ipsec part is strictly limited to cisco ipsec with a user
 account/password so not good for us.
 Else there is pptp and l2tp but i'm not sure there is anything in base
 to do this.
 Ports seems to only have pptp as a client and i'm looking for server.

 any informations ?

 thanks a lot
 Cheers



-- 
Sent from my mobile device

ami and bioctl questions

[Jeff Ross]

Hi all,

At work I've got a server with an LSI MegaRAID (dmesg below) that 
suddenly seems to be killing hard drives.  Last Thursday I had one drive 
fail, and the system didn't begin rebuilding onto the hot spare until I 
rebooted.


Today I lost another drive in the same safte0.  I pulled another 
replacement drive off the shelf, swapped out the dead one, did a bioctl 
-H 0:9 sd0 to mark it as a hot spare but no rebuild has started yet. 
Note that 1:0 in safte1 was already marked as a hot spare, but this is a 
separate safte enclosure and I've never been sure if the hot spare would 
work across enclosures.  I've always had a hot spare in each safte 
enclosure until this happened.


Here's the latest bioctl -i ami0

 [EMAIL PROTECTED]:/home/jross $ sudo bioctl -v -i ami0
Volume  Status   Size Device
 ami0 0 Degraded  72999763968 sd0 RAID1
  0 Failed73403465728 0:13.0  safte0 HITACHI 
HUS151473VL3800 S3C0

 'J5VHVNPB'
  1 Online73403465728 0:10.0  safte0 HITACHI 
HUS103073FL3800 SA1B

 'V3W09L5A0050B499004B'
 ami0 1 Online72999763968 sd1 RAID1
  0 Online73403465728 0:11.0  safte0 HITACHI 
HUS103073FL3800 SA1B

 'V3W06MNA0050B4AD01D3'
  1 Online73403465728 0:12.0  safte0 HITACHI 
HUS103073FL3800 SA1B

 'V3W0A6VA0050B4A80C0C'
 ami0 2 Online72999763968 sd2 RAID1
  0 Online73403465728 1:4.0   safte1 HITACHI 
HUS103073FL3800 SA1B

 'V3VZV2JA0050B4AX04C2'
  1 Online73403465728 1:1.0   safte1 HITACHI 
HUS103073FL3800 SA1B

 'V3W0726A0050B49W01CB'
 ami0 3 Hot spare 73403465728 0:9.0   safte0 HITACHI 
HUS103073FL3800 SA1B

 'V3W093EA0050B44V0578'
 ami0 4 Hot spare 73403465728 1:0.0   safte1 HITACHI 
HUS103073FL3800 SA1B

 'V3W07PSA0050B4710207'


Also interesting is that safte0 will not blink any of the drives, while 
safte 1 will.


[EMAIL PROTECTED]:/home/jross $ sudo bioctl -b 0:9 ami0
bioctl: BIOCBLINK: Operation not supported by device


Questions, then:  these drives are all Hitachi Ultrastars 10K300 from 
2005.  Has any one had any bad experiences with them?  They are all 
still under warranty, and I don't suppose it's out of the question that 
2 drives out of 8 would fail within 72 hours of each other, especially 
if the lot was bad.


So far as I know, the SAFTE enclosures are identical.  Why will one 
support blinking the drives and the other not?


Should the ami be rebuilding the sd0 now that I've set a hot spare 
without any other action on my part, or do I need to kick off the 
rebuild with bioctl -R 0:9 sd0.


So far I haven't stumbled on the magic combination to make bioctl -q work:
[EMAIL PROTECTED]:/home/jross $sudo bioctl -q 1:4
bioctl: Can't locate 1:4 device via /dev/bio
[EMAIL PROTECTED]:/home/jross $ sudo bioctl -q ami0
bioctl: DIOCINQ: No such file or directory
[EMAIL PROTECTED]:/home/jross $ sudo bioctl -q sd0
bioctl: DIOCINQ: Invalid argument

Hitachi's drive testing tool seems to be windows only, so are there any 
drive checking utilities that can check an individual drive when it's a 
part of a RAID1?  Or is it safe to assume that if the drive fails in the 
RAID it is really dead.  I'm trying to make sure I'm not seeing some 
kind of problem with the enclosure or the megaraid card before I start 
shipping drives back to Hitachi.


Thanks!

Jeff

OpenBSD 4.4-current (GENERIC.MP) #860: Mon Sep  1 13:55:06 MDT 2008
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC.MP
cpu0: Intel(R) Xeon(TM) CPU 2.66GHz (GenuineIntel 686-class) 2.67 GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,CNXT-ID,xTPR

real mem  = 2146988032 (2047MB)
avail mem = 2067562496 (1971MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 02/09/05, BIOS32 rev. 0 @ 0xf0010, 
SMBIOS rev. 2.3 @ 0xf82a0 (48 entries)

bios0: vendor American Megatrends Inc. version 080008 date 02/09/2005
acpi0 at bios0: rev 0
acpi0: tables DSDT FACP APIC OEMB
acpi0: wakeup devices PS2K(S1) PS2M(S1) SMBS(S1) AUDI(S1) MODM(S1) 
USB0(S1) USB1(S1) USB2(S1) P0P1(S1)

acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: apic clock running at 133MHz
cpu1 at mainbus0: apid 6 (application processor)
cpu1: Intel(R) Xeon(TM) CPU 2.66GHz (GenuineIntel 686-class) 2.67 GHz
cpu1: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,CNXT-ID,xTPR

cpu2 at mainbus0: apid 1 (application processor)
cpu2: Intel(R) 

'PAYLOAD MALFORMED' ipsec tunnel to openswan

[Christoph Leser]

Trying to establish an ipsec tunnel to a debian linux box with openswan,
using this entry in ipsec.conf:


ike active esp from 192.168.1.0/24 to 192.168.2.0/24 peer a.b.c.d srcid
[EMAIL PROTECTED] dstid [EMAIL PROTECTED] psk xxx

I get 'PAYLOAD MALFORMED' in the middle of the phase 1 negotiation:

After the transforms are agreed upon and the nonces are exchanged, the
message containing the ID payload is rejected by openBSD, either with a
notification 'PAYLOAD MALFORMED' or with notification 'INVALID PAYLOAD
TYPE'

Here is a snippet of isakmpd.pcap:

21:38:55.438591 a.b.c.d.500  u.v.w.x.500: [udp sum ok] isakmp v1.0
exchange ID_PROT
cookie: 251068307c823c51-5086ce0f33dfbb37 msgid:  len:
92
payload: ID len: 9336 [|isakmp] [ttl 0] (id 1, len 120)
21:38:55.439228 u.v.w.x.500  a.b.c.d.500: [udp sum ok] isakmp v1.0
exchange INFO
cookie: 88fba1fcd13186bd- msgid:  len:
40
payload: NOTIFICATION len: 12
notification: INVALID PAYLOAD TYPE [ttl 0] (id 1, len 68)

where a.b.c.d is openswan, and u.v.w.x is openbsd.

The IDs are of type USER_FQDN ( or should be, at least ).

The len field in the received packet seems queer. Maybe this causes the
problem.

This error only occurs, when the phase-1 exchange is initiated by
openswan. If openbsd starts the phase-1 exchange, all seems ok.

I would think this is an openswan problem, but how can I prove this? I
have no access to the openswan box. Can I get more information about the
offending packet, like a decrypted hexdump or else?

Any hints are welcome.

Regards
Christoph

Re: VLAN interface responding to packets with other destination..?

[Johan Ström]

On Nov 11, 2008, at 3:10 PM, Johan Strvm wrote:


Hi list,

okay, I'm doing my tricky VLAN setups now again ;) This time I got a
OpenBSD 4.4 box, running inside a VMWare ESXi machine. It got two
interfaces, em0 and em1. em0 is external network, and em1 is host
interface for a bunch of VLAN interfaces on the internal side. on
top of the VLAN interfaces (and the external one) I'm running carp,
and this box got a corresponding backup machine on a small LEX
machine (this is my main VPN/admin gateway, with the LEX being
backup if I need to bring the VMWare host down). Yes, i've had to
enable allow promisc etc in vmware for my All network interface in
order to get carp working.

Anyway, this have been working all fine, and yesterday I added
another vlan interface, without a carp ontop. This is where the
strange stuff starts.. In a nutshell, the above box (box C) responds
for packets which are not related to it in any way..

Lets take a look at the setup:

Box A, 192.168.131.1, another VMWare guest running FreeBSD
vlan63: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST metric 0
mtu 1500
   options=3RXCSUM,TXCSUM
   ether 00:0c:29:51:8d:31
   inet 192.168.131.1 netmask 0xff00 broadcast 192.168.131.255
   media: Ethernet autoselect (1000baseTX full-duplex)
   status: active
   vlan: 63 parent interface: em1

Box B, 192.168.131.11, a standalone OpenBSD box
vlan63: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
   lladdr 00:21:5a:ff:5e:b0
   description: backup-net
   vlan: 63 priority: 0 parent interface: bge0
   groups: vlan
   inet6 fe80::221:5aff:feff:5eb0%vlan63 prefixlen 64 scopeid 0x10
   inet 192.168.131.11 netmask 0xff00 broadcast
192.168.131.255

Box C, 192.168.131.8, the VMWare OpenBSD guest described above.
vlan63: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
   lladdr 00:0c:29:18:fc:08
   description: backup-net
   vlan: 63 priority: 0 parent interface: em1
   groups: vlan
   inet6 fe80::20c:29ff:fe18:fc08%vlan63 prefixlen 64 scopeid 0xa
   inet 192.168.131.8 netmask 0xff00 broadcast 192.168.131.255

The other interface on Box C have other 192.168.XX nets, but non
with a netmask wider than /24.. And the 192.168.131.0 net is only on
vlan63. And no odd route either.. have been rebooted twice..
There are not interface on Box C which have similar MAC addresses
either..

Okay, lets look at the problem:

When i SSH from Box A to Box B, that is from 131.1 to 131.11, I
expect to get a connection. Instead my connectino is reset
immediatly.. Lets follow the packet dumps.

The tcpdumps from below are from em1 on box C (tcpdump -vne -i em1
vlan 63, I'll describe later why they are not from -i vlan63)

On first connect, I  get this:
13:42:43.951719 00:0c:29:51:8d:31 00:21:5a:ff:5e:b0 8100 78: 802.1Q
vid 63 pri 0 192.168.131.1.56401  192.168.131.11.22: S [tcp sum ok]
876330421:876330421(0) win 65535 mss 1460,nop,wscale
3,sackOK,timestamp 93169894 0 (DF) [tos 0x10] (ttl 64, id 37948,
len 60)

Looks ok, 8d:31 (box A) sends to 5e:b0 (Box B). All fine!
Next packet I see is this:

13:42:43.951799 00:0c:29:18:fc:08 00:0c:29:51:8d:31 8100 58: 802.1Q
vid 63 pri 0 192.168.131.11.22  192.168.131.1.56401: R [tcp sum ok]
0:0(0) ack 876330422 win 0 (DF) [tos 0x10] (ttl 254, id 32048, len 40)

This is fc:08 (box C), responding with Reset to 8d:31 (box A) ???
Wtf..


13:42:43.951817 00:21:5a:ff:5e:b0 00:0c:29:51:8d:31 8100 82: 802.1Q
vid 63 pri 0 192.168.131.11.22  192.168.131.1.56401: S [tcp sum ok]
2864936215:2864936215(0) ack 876330422 win 16384 mss
1460,nop,nop,sackOK,nop,wscale 0,nop,nop,timestamp 3196573386
93169894 (DF) (ttl 254, id 62284, len 64)

And here 5e:b0 (Box B) responding with ACK to 8d:31 (Box A), as
expected..

And the following is Box C telling Box C that it resets the
conncetion too (as a response to the above?) or something.. and then
the conncetion is killed and dies off

13:42:43.951848 00:0c:29:18:fc:08 00:21:5a:ff:5e:b0 8100 58: 802.1Q
vid 63 pri 0 192.168.131.1.56401  192.168.131.11.22: R [tcp sum ok]
1:1(0) ack 1 win 0 (DF) [tos 0x10] (ttl 254, id 31057, len 40)
13:42:43.952036 00:0c:29:51:8d:31 00:21:5a:ff:5e:b0 8100 70: 802.1Q
vid 63 pri 0 192.168.131.1.56401  192.168.131.11.22: . [tcp sum ok]
ack 1 win 8326 nop,nop,timestamp 93169894 3196573386 (DF) [tos
0x10] (ttl 64, id 37950, len 52)
13:42:43.952082 00:0c:29:18:fc:08 00:0c:29:51:8d:31 8100 58: 802.1Q
vid 63 pri 0 192.168.131.11.22  192.168.131.1.56401: R [tcp sum ok]
1:1(0) ack 1 win 0 (DF) [tos 0x10] (ttl 254, id 24397, len 40)
13:42:43.952119 00:21:5a:ff:5e:b0 00:0c:29:51:8d:31 8100 60: 802.1Q
vid 63 pri 0 192.168.131.11.22  192.168.131.1.56401: R [tcp sum ok]
2864936216:2864936216(0) win 0 (DF) (ttl 254, id 41778, len 40)
13:42:43.952158 00:0c:29:18:fc:08 00:21:5a:ff:5e:b0 8100 74: 802.1Q
vid 63 pri 0 192.168.131.8  192.168.131.11: icmp: 192.168.131.1 tcp
port 56401 unreachable (ttl 255, id 62992, len 56)


Okay.. So.. what the heck is 

Re: azalia patches in -current

[Alexey Suslikov]

Jacob Meuser wrote:

  I saw the suggestion to read tech@ in another thread but saw no (recent)
  diffs there that I believe apply to this machine.

 one thing I'm trying to do is get rid of the static mixer definitions
 in azalia_codec.c.  this exposes all the controls instead of a limited
 subset and should give the user the ability to fix these types of
 issues (we'll try our best to make things work by default, but we might
 need test results and it's a lot easier to have users try mixerctl
 settings than apply kernel patches).  your problem is probably an
 inconvenient default connection, like the speakers-connected-to-
 surround-by-default issue described above.

Jacob,

Please get rid of the static mixer from STAC9221 since it
contains no mic at all:

outputs.master=124,124
outputs.master.mute=off  [ off on ]
outputs.headphones=124,124
outputs.headphones.mute=off  [ off on ]
outputs.speaker=124,124
outputs.speaker.mute=off  [ off on ]
outputs.line=124,124
outputs.line.mute=off  [ off on ]
outputs.line2=124,124
outputs.line2.mute=off  [ off on ]

But here is output from MacBookPro1,2 without static mixer:

inputs.dac.mute=off  [ off on ]
inputs.dac=254,254
inputs.dac2.mute=off  [ off on ]
inputs.dac2=126,126
inputs.dac3.mute=off  [ off on ]
inputs.dac3=126,126
inputs.dac4.mute=off  [ off on ]
inputs.dac4=126,126
outputs.line.dir=output  [ input output ]
outputs.line.boost=off  [ off on ]
outputs.mic.dir=input  [ input output ]
outputs.speaker.dir=output  [ input output ]
outputs.line3.dir=input  [ input output ]
outputs.SPDIF-out.sourc=dac5  [ dac5 sel3 vendor ]
outputs.SPDIF-in.eapd=on  [ off on ]
inputs.sel.source=mic  [ line3 mic speaker line ]
outputs.sel=126,126
inputs.sel2.source=  [ line3 mic speaker line ]
outputs.sel2=126,126
inputs.beep=85
outputs.volume=254
inputs.sel3.sel.mute=off  [ off on ]
inputs.sel3.sel=126,126
inputs.sel4.sel2.mute=off  [ off on ]
inputs.sel4.sel2=126,126
record.usingadc=0607  [ 0607 09 ]
outputs.master=254,254
inputs.dac=254,254

There is mic and it's (finally!) usable with inputs.sel.source
set to mic (according to laptop's owner).

Alexey

Re: Logging interface state changes

[Pereresus ne Vlezaet Buggy]

On 17 November 2008 c. 20:35:33 (private) HKS wrote:
 My apologies if this has already been addressed, but I couldn't find
 it in the man pages or mailing list archives.

 Is there a way to enable logging of network interface state changes on
 OpenBSD 4.3 or 4.4? This is mostly for forensic purposes - obviously
 I'll know if my firewall loses its ethernet connection, but if
 something starts flapping I'd like to be able to see it in my logs
 rather than trying to catch it in the act.

 My hosts are using mostly vic and vr drivers, and neither seems to
 care whether the debug option is enabled.

 Thanks for the help. dmesg for one of my Soekris (vr) boxes below.

 -HKS



 OpenBSD 4.3 (GENERIC) #698: Wed Mar 12 11:07:05 MDT 2008
 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
 cpu0: Geode(TM) Integrated Processor by AMD PCS (AuthenticAMD
 586-class) 500 MHz
 cpu0: FPU,DE,PSE,TSC,MSR,CX8,SEP,PGE,CMOV,CFLUSH,MMX
 real mem  = 536440832 (511MB)
 avail mem = 510664704 (487MB)
 mainbus0 at root
 bios0 at mainbus0: AT/286+ BIOS, date 20/70/03, BIOS32 rev. 0 @
 0xfac40 pcibios0 at bios0: rev 2.0 @ 0xf/0x1
 pcibios0: pcibios_get_intr_routing - function not supported
 pcibios0: PCI IRQ Routing information unavailable.
 pcibios0: PCI bus #0 is the last bus
 bios0: ROM list: 0xc8000/0xa800
 cpu0 at mainbus0
 pci0 at mainbus0 bus 0: configuration mode 1 (bios)
 pchb0 at pci0 dev 1 function 0 AMD Geode LX rev 0x31
 glxsb0 at pci0 dev 1 function 2 AMD Geode LX Crypto rev 0x00: RNG
 AES vr0 at pci0 dev 6 function 0 VIA VT6105M RhineIII rev 0x96: irq
 11, address 00:00:24:ca:3f:58
 ukphy0 at vr0 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI
 0x004063, model 0x0034
 vr1 at pci0 dev 7 function 0 VIA VT6105M RhineIII rev 0x96: irq 5,
 address 00:00:24:ca:3f:59
 ukphy1 at vr1 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI
 0x004063, model 0x0034
 vr2 at pci0 dev 8 function 0 VIA VT6105M RhineIII rev 0x96: irq 9,
 address 00:00:24:ca:3f:5a
 ukphy2 at vr2 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI
 0x004063, model 0x0034
 vr3 at pci0 dev 9 function 0 VIA VT6105M RhineIII rev 0x96: irq 12,
 address 00:00:24:ca:3f:5b
 ukphy3 at vr3 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI
 0x004063, model 0x0034
 glxpcib0 at pci0 dev 20 function 0 AMD CS5536 ISA rev 0x03: rev 0,
 32-bit 3579545Hz timer, watchdog, gpio
 gpio0 at glxpcib0: 32 pins
 pciide0 at pci0 dev 20 function 2 AMD CS5536 IDE rev 0x01: DMA,
 channel 0 wired to compatibility, channel 1 wired to compatibility
 wd0 at pciide0 channel 0 drive 0: SanDisk SDCFH-2048
 wd0: 4-sector PIO, LBA, 1953MB, 4001760 sectors
 wd0(pciide0:0:0): using PIO mode 4, DMA mode 2
 pciide0: channel 1 ignored (disabled)
 ohci0 at pci0 dev 21 function 0 AMD CS5536 USB rev 0x02: irq 15,
 version 1.0, legacy support
 ehci0 at pci0 dev 21 function 1 AMD CS5536 USB rev 0x02: irq 15
 usb0 at ehci0: USB revision 2.0
 uhub0 at usb0 AMD EHCI root hub rev 2.00/1.00 addr 1
 isa0 at glxpcib0
 isadma0 at isa0
 pckbc0 at isa0 port 0x60/5
 pckbd0 at pckbc0 (kbd slot)
 pckbc0: using irq 1 for kbd slot
 wskbd0 at pckbd0: console keyboard
 pcppi0 at isa0 port 0x61
 midi0 at pcppi0: PC speaker
 spkr0 at pcppi0
 nsclpcsio0 at isa0 port 0x2e/2: NSC PC87366 rev 9: GPIO VLM TMS
 gpio1 at nsclpcsio0: 29 pins
 npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
 pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
 pccom0: console
 pccom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
 usb1 at ohci0: USB revision 1.0
 uhub1 at usb1 AMD OHCI root hub rev 1.00/1.00 addr 1
 biomask e5c5 netmask ffe5 ttymask ffe7
 mtrr: K6-family MTRR support (2 registers)
 softraid0 at root
 root on wd0a swap on wd0b dump on wd0b

route monitor ?

--
  WBR,
Pereresus ne Vlezaet Buggy

Re: azalia patches in -current

[Jacob Meuser]

On Mon, Nov 17, 2008 at 11:34:01PM +0200, Alexey Suslikov wrote:
 Jacob Meuser wrote:
 
   I saw the suggestion to read tech@ in another thread but saw no (recent)
   diffs there that I believe apply to this machine.
 
  one thing I'm trying to do is get rid of the static mixer definitions
  in azalia_codec.c.  this exposes all the controls instead of a limited
  subset and should give the user the ability to fix these types of
  issues (we'll try our best to make things work by default, but we might
  need test results and it's a lot easier to have users try mixerctl
  settings than apply kernel patches).  your problem is probably an
  inconvenient default connection, like the speakers-connected-to-
  surround-by-default issue described above.
 
 Jacob,
 
 Please get rid of the static mixer from STAC9221 since it
 contains no mic at all:
 
 outputs.master=124,124
 outputs.master.mute=off  [ off on ]
 outputs.headphones=124,124
 outputs.headphones.mute=off  [ off on ]
 outputs.speaker=124,124
 outputs.speaker.mute=off  [ off on ]
 outputs.line=124,124
 outputs.line.mute=off  [ off on ]
 outputs.line2=124,124
 outputs.line2.mute=off  [ off on ]
 
 But here is output from MacBookPro1,2 without static mixer:
 
 inputs.dac.mute=off  [ off on ]
 inputs.dac=254,254
 inputs.dac2.mute=off  [ off on ]
 inputs.dac2=126,126
 inputs.dac3.mute=off  [ off on ]
 inputs.dac3=126,126
 inputs.dac4.mute=off  [ off on ]
 inputs.dac4=126,126
 outputs.line.dir=output  [ input output ]
 outputs.line.boost=off  [ off on ]
 outputs.mic.dir=input  [ input output ]
 outputs.speaker.dir=output  [ input output ]
 outputs.line3.dir=input  [ input output ]
 outputs.SPDIF-out.sourc=dac5  [ dac5 sel3 vendor ]
 outputs.SPDIF-in.eapd=on  [ off on ]
 inputs.sel.source=mic  [ line3 mic speaker line ]
 outputs.sel=126,126
 inputs.sel2.source=  [ line3 mic speaker line ]
 outputs.sel2=126,126
 inputs.beep=85
 outputs.volume=254
 inputs.sel3.sel.mute=off  [ off on ]
 inputs.sel3.sel=126,126
 inputs.sel4.sel2.mute=off  [ off on ]
 inputs.sel4.sel2=126,126
 record.usingadc=0607  [ 0607 09 ]
 outputs.master=254,254
 inputs.dac=254,254
 
 There is mic and it's (finally!) usable with inputs.sel.source
 set to mic (according to laptop's owner).

nice!

-- 
[EMAIL PROTECTED]
SDF Public Access UNIX System - http://sdf.lonestar.org

Re: apache 1.3.29 + PHP 5.2.6 on OpenBSD 4.4

[Daniel Ouellet]

Girish Venkatachalam wrote:

On 02:01:19 Nov 17, Daniel Ouellet wrote:


This doesn't apply here because the library is pre-loaded before the  
httpd is chrooted.


More details:

Pre-loading Shared Libraries

To extend the functionality of the webserver it can dynamically load  
shared libraries, e.g. a database access library. Shared libraries for a  
binary program are normally loaded by the runtime linker when the  
program is invoked (and thus before it can call the chroot system call).  
Thus shared libraries like the mod_php PHP4 module, which is linked as a  
shared library to the httpd program when it is started, impose no  
problem. PHP4 will be available whether your httpd is started chrooted  
or not because the shared library is loaded before the chroot() system  
call is invoked. PHP4 itself, however, does dynamically load additional  
functionality at runtime and as needed. If you try to access a  
PostgreSQL function in PHP4 e.g. then it will fail in a chrooted httpd  
because only the PHP4 module is dynamically linked to httpd but not the  
PostgreSQL client library. The latter is loaded (mapped) to the running  
httpd executable by PHP4.


This was for php4 but also apply to php5 as the modules are loaded  
before the chrooted take place.


Hope this help this a little and to avoid users to run httpd with -u.


Thanks. ;)

I did not know this.

-Girish



Well,

Glad it helped you and clear this up for many others too. I wish I could 
take credit for this explication, but I can't. I knew about it, but 
never been really totally clear to me. I guess it's one of these things 
you know, witho9ut really knowing it fully, but just know it worked.


The first time it actually was put clear in my mind is from Jason Dixon 
article on his changes with PERL modules in httpd.


It's been publish here on undeadly:

http://www.undeadly.org/cgi?action=articlesid=20080805194342

This cleared stuff for me that I knew, but really couldn't explain, so 
one would say, in that case, not really knowing it. (;


You may want to read the article. Not very long, and pretty good and 
there is more to it then what hit the eyes there if you sit back and 
think about it.


This made me think about it in a different way and actually clear that 
totally for me then.


There is a lots of good articles on undeadly time to time that really 
are worth more then the time it takes to read them.


You never know when they will apply in the future. (;

So, the credit really goes to Jason Dixon for opening my eyes on the 
issue with his article.


Best,

Daniel

relayd on one interface/network

[Edd Barrett]

Hi,
I am trying to set up a redirect (on a local lan) using relayd (using
external websites for now as a test):

The relay is on a soekris running 4.4-release. Only one interface is
up on the soekris (sis0).

Relayd.conf:
---8---
table sites {bmth.ac.uk, xe.com}

#relay fun-sites {
#listen on 192.168.99.11 port 
#forward to sites port http check tcp mode roundrobin
#}

redirect s1 {
sticky-address
listen on 192.168.99.11 port 
forward to sites port http check tcp mode roundrobin
}
---8---

pf.conf:
---8---
rdr-anchor relayd/*
anchor relayd/*

pass in
pass out
---8---

The (now commented) relay works, but is unpredictable due to the need
for sticky-address, which is why i switched to layer 3, but alas the
redirect does not succeed.

---8---
Failed to Connect

Firefox can't establish a connection to the server at 192.168.99.11:.

Though the site seems valid, the browser was unable to establish a connection.
---8---

PF is ofcourse enabled and rules are loaded.

Using tcpdump i see the client http request go in sis0 but never
anywhere from there.

I'm assuming you don't *need* to have 2 interfaces on a nat to use a
redirect in this way?

Thanks for reading.

-- 

Best Regards

Edd

http://students.dec.bournemouth.ac.uk/ebarrett

Re: 'PAYLOAD MALFORMED' ipsec tunnel to openswan

[Stuart Henderson]

On 2008-11-17, Christoph Leser [EMAIL PROTECTED] wrote:
 21:38:55.438591 a.b.c.d.500  u.v.w.x.500: [udp sum ok] isakmp v1.0
 exchange ID_PROT
 cookie: 251068307c823c51-5086ce0f33dfbb37 msgid:  len:
 92
 payload: ID len: 9336 [|isakmp] [ttl 0] (id 1, len 120)


 The len field in the received packet seems queer.

Certainly does; the [|isakmp] indicates a truncated packet i.e.
received data is shorter than the length it should be (commonly you
see this with a too-short -s value in a tcpdump capture, but that
won't be the case here), followed up by the actual length, in this
case 120 bytes.

 I would think this is an openswan problem, but how can I prove this? I
 have no access to the openswan box. Can I get more information about the
 offending packet, like a decrypted hexdump or else?

tcpdump -X gives a hex dump.

Re: Can't SSH into CARP'd system from the outside

[Vivek Ayer]

So any resolution on the apache redirection? When I go to the website,
I get the Connection Interrupted error. This only occurs when both
routers are on. Oddly enough, when I ssh into the virtual IP, ssh
traffic doesn't get jumbled up because of the ip balancing. I suspect
I may have to up the advskew values to allow for the length of the
polling rate to increase. May be apache traffic needs every part of a
page to come from the same source IP. Should I try changing the
advskew value on the routers? I can only get to the website, when one
router is one, which really defeats the purpose of high availability
and redundancy.

Thanks,
Vivek

On Thu, Nov 13, 2008 at 6:39 PM, Vivek Ayer [EMAIL PROTECTED] wrote:
 Confirmed. If I have both routers on, the http redirection on the CARP
 interface doesn't work. But when I only have one on, then the
 redirection works just fine. Is CARP getting confused with the
 packets?

 On Thu, Nov 13, 2008 at 5:51 PM, Vivek Ayer [EMAIL PROTECTED] wrote:
 Yay! I got ssh and http to work on the CARP interface. Thanks.

 However, the httpd redirect is not working just yet on the CARP
 interface for one of the computers. Does IP balancing mess up
 redirect?

 When I only have one router up doing the redirect, the CARP interface
 works, but when I have both routers on, the CARP interface defaults to
 the one that doesn't apparently do redirection. I'm going to
 troubleshoot and turn off the one that works and turn on the computer
 that doesn't redirect.

 Any other suggestions for troubleshooting this weird setup I have? Has
 anyone ever done this before having CARP'd web servers behind CARP'd
 routers?

 Here's my current pf.conf:

 #   $OpenBSD: pf.conf,v 1.35 2008/02/29 17:04:55 reyk Exp $
 #
 # See pf.conf(5) and /usr/share/pf for syntax and examples.
 # Remember to set net.inet.ip.forwarding=1 and/or net.inet6.ip6.forwarding=1
 # in /etc/sysctl.conf if packets are to be forwarded between interfaces.

 # macros
 ext_if = re0 # External Interface (169.229.158.0/24)
 int_if = xl0 # Internal Interface (192.168.1.0/24)
 localnet = $int_if:network
 webserver = 192.168.1.50 # Redundant Sun Servers
 nameserver = 192.168.1.101 # Dell L400 Celeron
 webports = { http , https }
 domainport = { domain }
 tcp_services = { ssh }
 icmp_types = echoreq
 carpdevs = { carp0 , carp1 }
 syncdev = { re1 }
 carp_mcast = 224.0.0.18

 # extra tweaks
 set skip on lo
 set block-policy return
 set loginterface $ext_if
 scrub in all

 # nat
 nat on $ext_if from $localnet to any - ($ext_if)
 no nat on $int_if proto tcp from $int_if to $localnet
 nat on $int_if proto tcp from $localnet to $webserver port $webports - 
 $int_if

 # rdr for http
 rdr on $ext_if proto tcp from any to any port $webports - $webserver
 rdr on $int_if proto tcp from $localnet to $ext_if port $webports - 
 $webserver
 rdr on $int_if proto tcp from $localnet to $int_if port $webports - 
 $webserver

 # rdr for domain (tcp)
 rdr on $ext_if proto tcp from any to any port $domainport - $nameserver
 rdr on $int_if proto tcp from $localnet to $ext_if port $domainport -
 $nameserver
 rdr on $int_if proto tcp from $localnet to $int_if port $domainport -
 $nameserver

 # rdr for domain (udp)
 rdr on $ext_if proto udp from any to any port $domainport - $nameserver
 rdr on $int_if proto udp from $localnet to $ext_if port $domainport -
 $nameserver
 rdr on $int_if proto udp from $localnet to $int_if port $domainport -
 $nameserver

 # pass rules
 block in # Default Deny
 pass out keep state
 antispoof quick for { lo }
 pass in inet proto icmp all icmp-type $icmp_types keep state # Let Ping In
 pass in quick on $int_if
 pass in on $ext_if inet proto tcp from any to ($ext_if) \
   port $tcp_services flags S/SA keep state # Allow SSH Access from Outside
 pass in on $ext_if inet proto tcp from any to $webserver port $webports \
   flags S/SA synproxy state
 pass in on $ext_if inet proto udp from any to $nameserver port $domainport
 pass in on $ext_if inet proto tcp from any to $nameserver port $domainport \
   flags S/SA synproxy state

 # Basic CARP/pfsync pass rules
 pass on $carpdevs proto carp keep state
 pass quick on $ext_if proto carp \
   from $ext_if:network to $carp_mcast keep state
 pass on $syncdev proto pfsync

 # Internet-Facing CARP rules
 pass in on $ext_if inet proto tcp from any to (carp0) \
   port $tcp_services flags S/SA keep state # Allow SSH Access from Outside
 pass in on $ext_if inet proto tcp from any to (carp0) \
   port $webports flags S/SA synproxy state
 pass in on $ext_if inet proto udp from any to (carp0) \
   port $domainport
 pass in on $ext_if inet proto tcp from any to (carp0) \
   port $domainport flags S/SA synproxy state

 # LAN-Facing CARP rules
 pass in on $int_if inet proto tcp from $localnet to (carp1) \
   port $tcp_services flags S/SA keep state # Allow SSH Access from Inside
 pass in on $int_if inet proto tcp from $localnet to (carp1) \
   port $webports flags S/SA synproxy state
 pass in on $int_if 

Re: vpn with an iphone

[Girish Venkatachalam]

On 12:36:00 Nov 17, Johan Beisser wrote:
 PoPToP is in ports.
 

I dunno a thing about iPhone but there is also 
/usr/ports/net/pptp

-Girish

Re: Fresh install question

[Girish Venkatachalam]

On 15:34:47 Nov 17, Jorge Valbuena wrote:
 One simple thing that i will try is:
 
 If is already installed OpenBSD 4.2 and  wants to install 4.3 or 4.4 , first 
 take a look at the /etc/fstab file and write down the name of the /home 
 partition
 
 /dev/wd0h /home ffs rw,nodev,nosuid 1 2
 
 
 When installing the new version leave untouched that partition,  and after 
 first boot put the line manually in your new /etc/fstab
 
 I hope this can help !
 

It also helps to note down the starting and ending cylinders of the
partition you want to preserve.

You can think of the OpenBSD fdisk partition as one big contiguous block
of sectors. Irrespective of its physical location, it is one single
unidimensional series of sectors. Each sector is exactly 512 bytes.

OpenBSD fdisk and disklabel unlike the ones found in other OSes always
tell us the cylinder boundaries.

This has helped me think a bit more clearly.

-Girish

Re: Can't SSH into CARP'd system from the outside

[Vivek Ayer]

I suspect I'm getting this connection reset error because:

IN---ROUTERS---WEB SERVER1
T---ROUTERW---WEB SERVER2

SW is switch here.

If one router is on, it has carp0 and carp1 on either side and it can
send the request to the servers which may be load-balanced which is
fine. But when I turn on the other router, which also has carp0 and
carp1 on either side, it would normally cause a problem if it were a
slave, but because it takes turns with the other routers on being
master on both carp0 AND carp1, that switch to master is synchronized.
So I get the situation:

REQUEST(carp0:on here) ROUTER(carp1:was on here, but turned
off)S--WEB SERVER
(carp0:off here) ROUTER(carp1:turned on here
instead)--W-WEB SERVER

That's why I suspect I get the connection reset error in firefox when
requesting a webpage from inside. In other works the polling rates on
carp0 and carp1 of the routers are not in sync even though I set them
up symmetrically.

Any suggestions as to how go about tackling this. I don't want to
completely make a router the slave, but I can partially make it less
preferred. Do I make it advskew values asymmetric and what would be
the preferred values?

I can't figure out why ssh doesn't give me connection reset errors
when I enter from the outside. Maybe ssh has some way of keeping alive
the path that's about to close due to ip balancing.

Thanks,
Vivek
On Mon, Nov 17, 2008 at 8:22 PM, Vivek Ayer [EMAIL PROTECTED] wrote:
 So any resolution on the apache redirection? When I go to the website,
 I get the Connection Interrupted error. This only occurs when both
 routers are on. Oddly enough, when I ssh into the virtual IP, ssh
 traffic doesn't get jumbled up because of the ip balancing. I suspect
 I may have to up the advskew values to allow for the length of the
 polling rate to increase. May be apache traffic needs every part of a
 page to come from the same source IP. Should I try changing the
 advskew value on the routers? I can only get to the website, when one
 router is one, which really defeats the purpose of high availability
 and redundancy.

 Thanks,
 Vivek

 On Thu, Nov 13, 2008 at 6:39 PM, Vivek Ayer [EMAIL PROTECTED] wrote:
 Confirmed. If I have both routers on, the http redirection on the CARP
 interface doesn't work. But when I only have one on, then the
 redirection works just fine. Is CARP getting confused with the
 packets?

 On Thu, Nov 13, 2008 at 5:51 PM, Vivek Ayer [EMAIL PROTECTED] wrote:
 Yay! I got ssh and http to work on the CARP interface. Thanks.

 However, the httpd redirect is not working just yet on the CARP
 interface for one of the computers. Does IP balancing mess up
 redirect?

 When I only have one router up doing the redirect, the CARP interface
 works, but when I have both routers on, the CARP interface defaults to
 the one that doesn't apparently do redirection. I'm going to
 troubleshoot and turn off the one that works and turn on the computer
 that doesn't redirect.

 Any other suggestions for troubleshooting this weird setup I have? Has
 anyone ever done this before having CARP'd web servers behind CARP'd
 routers?

 Here's my current pf.conf:

 #   $OpenBSD: pf.conf,v 1.35 2008/02/29 17:04:55 reyk Exp $
 #
 # See pf.conf(5) and /usr/share/pf for syntax and examples.
 # Remember to set net.inet.ip.forwarding=1 and/or net.inet6.ip6.forwarding=1
 # in /etc/sysctl.conf if packets are to be forwarded between interfaces.

 # macros
 ext_if = re0 # External Interface (169.229.158.0/24)
 int_if = xl0 # Internal Interface (192.168.1.0/24)
 localnet = $int_if:network
 webserver = 192.168.1.50 # Redundant Sun Servers
 nameserver = 192.168.1.101 # Dell L400 Celeron
 webports = { http , https }
 domainport = { domain }
 tcp_services = { ssh }
 icmp_types = echoreq
 carpdevs = { carp0 , carp1 }
 syncdev = { re1 }
 carp_mcast = 224.0.0.18

 # extra tweaks
 set skip on lo
 set block-policy return
 set loginterface $ext_if
 scrub in all

 # nat
 nat on $ext_if from $localnet to any - ($ext_if)
 no nat on $int_if proto tcp from $int_if to $localnet
 nat on $int_if proto tcp from $localnet to $webserver port $webports - 
 $int_if

 # rdr for http
 rdr on $ext_if proto tcp from any to any port $webports - $webserver
 rdr on $int_if proto tcp from $localnet to $ext_if port $webports - 
 $webserver
 rdr on $int_if proto tcp from $localnet to $int_if port $webports - 
 $webserver

 # rdr for domain (tcp)
 rdr on $ext_if proto tcp from any to any port $domainport - $nameserver
 rdr on $int_if proto tcp from $localnet to $ext_if port $domainport -
 $nameserver
 rdr on $int_if proto tcp from $localnet to $int_if port $domainport -
 $nameserver

 # rdr for domain (udp)
 rdr on $ext_if proto udp from any to any port $domainport - $nameserver
 rdr on $int_if proto udp from $localnet to $ext_if port $domainport -
 $nameserver
 rdr on $int_if proto udp from $localnet to $int_if port $domainport -
 $nameserver

 # pass rules
 block in # 

Re: Fresh install question

[Denny White]

On Mon, Nov 17, 2008 at 10:50:13AM +0100, Alexander Hall spoke thusly:
 Denny White wrote:
 I've always tried to do a fresh install any time possible,
 and then copy all my backed up /home and /data stuff back
 to the new installed system. I'm just trying to figure out
 if there's a way to keep those 2 slices intact while wiping
 out and recreating everything else, i.e., /usr, /var,  /tmp.
 I rebooted on the new 4.4 install cd and tried to see if there
 was a different way to go about things but couldn't figure it
 out there. I read up on disklabel  fdisk  googled around for
 a couple of days before asking the list. So, if someone knows
 where I can find some info on it, I'd really appreciate it. 

 Something like replying no to Do you want to use the entire disk for 
 openbsd could be a good start. I believe that would keep the existing 
 partitions, and you could map them to their respective mount mounts again. 
 I think, however, that you need to _not_ specify mount points for the file 
 systems you want to preserve to prevent them from being newfs'd.

 Since I seldom, if ever, do that kind of fresh reinstalls, you'd better 
 compare the above with install.sh et al. In any way i think it should be 
 possible, but pretty please do make those backups before anyway. :-)

 /Alexander

Thanks, Alexander. I'll give it a shot. I just did a dump on everything
to a separate drive. Also rsync my homedir to that drive nightly. Worse
case is, I screw it up  just copy everything back like before. ;)

-- 

Denny White

===
GnuPG key  : 0x1644E79A  |  http://wwwkeys.nl.pgp.net
Fingerprint: D0A9 AD44 1F10 E09E 0E67  EC25 CB44 F2E5 1644 E79A
===

Re: ami and bioctl questions

[Dieter]

 At work I've got a server with an LSI MegaRAID (dmesg below) that 
 suddenly seems to be killing hard drives.  Last Thursday I had one drive 
 fail, and the system didn't begin rebuilding onto the hot spare until I 
 rebooted.

I would hope that the controller isn't killing drives.

Can we presume the system has clean power, temps are ok, no vibration, etc. ?

 Hitachi's drive testing tool seems to be windows only, so are there any 
 drive checking utilities that can check an individual drive when it's a 
 part of a RAID1?  Or is it safe to assume that if the drive fails in the 
 RAID it is really dead.  I'm trying to make sure I'm not seeing some 
 kind of problem with the enclosure or the megaraid card before I start 
 shipping drives back to Hitachi.

Can you get the SMART data from the drives?  Interpreting SMART data
is another problem, but maybe you can find a clue there.

Is it possible that the drives just took too long to read or write and
the RAID marked them bad?  Maybe remapping a bad sector takes too long...

Maybe hook them to a different controller (no RAID) and do a simple test
with dd over the entire drive, something like

dd if=/dev/suspect_disk of=/dev/null bs=1m
dd if=/dev/zero of=/dev/suspect_disk bs=1m

and see if you get any errors from dd or in dmesg.

Re: Fresh install question

[Denny White]

On Mon, Nov 17, 2008 at 07:04:31AM -0500, Nick Holland spoke thusly:
 Denny White wrote:
  I've always tried to do a fresh install any time possible,
  and then copy all my backed up /home and /data stuff back
  to the new installed system. I'm just trying to figure out
  if there's a way to keep those 2 slices intact while wiping
  out and recreating everything else, i.e., /usr, /var,  /tmp.
  I rebooted on the new 4.4 install cd and tried to see if there
  was a different way to go about things but couldn't figure it
  out there. I read up on disklabel  fdisk  googled around for
  a couple of days before asking the list. So, if someone knows
  where I can find some info on it, I'd really appreciate it. 
 
 Just don't define mount points for the partitions you wish to
 keep, and they won't be newfs'd (i.e., existing data will be
 preserved).
 
 AFTER the install, you will go in and edit /etc/fstab and add
 your saved partitions.  Ta-da! your data is back.
 
 Have a backup anyway, of course.  Sucks to fat-finger something
 in the process...
 
 Nick.
 
 

Thanks, Nick. Yeah, that's what some other replies said. And, like
I said too in my answer, everything's just been dumped  homedir
rsynced, so I'm going to give it a try. And yes, fat fingers suck.
I know from experience. ;) Thanks for the help.

Good case in point. Forgot cc [EMAIL PROTECTED] What a dweeb! ;) Fat fingers
rule!

-- 

Denny White

===
GnuPG key  : 0x1644E79A  |  http://wwwkeys.nl.pgp.net
Fingerprint: D0A9 AD44 1F10 E09E 0E67  EC25 CB44 F2E5 1644 E79A
===

Re: Fresh install question

[Denny White]

  Original-Nachricht 
  Datum: Mon, 17 Nov 2008 01:14:46 -0600
  Von: Denny White [EMAIL PROTECTED]
  An: OpenBSD Questions misc@openbsd.org
  Betreff: Fresh install question
 
  I've always tried to do a fresh install any time possible,
  and then copy all my backed up /home and /data stuff back
  to the new installed system. I'm just trying to figure out
  if there's a way to keep those 2 slices intact while wiping
  out and recreating everything else, i.e., /usr, /var,  /tmp.
  I rebooted on the new 4.4 install cd and tried to see if there
  was a different way to go about things but couldn't figure it
  out there. I read up on disklabel  fdisk  googled around for
  a couple of days before asking the list. So, if someone knows
  where I can find some info on it, I'd really appreciate it. 
  
  
  -- 
  
  Denny White
 
 -- 
 Ist Ihr Browser Vista-kompatibel? Jetzt die neuesten 
 Browser-Versionen downloaden: http://www.gmx.net/de/go/browser
 
On Mon, Nov 17, 2008 at 03:34:47PM +0100, Jorge Valbuena spoke thusly:
 One simple thing that i will try is:
 
 If is already installed OpenBSD 4.2 and  wants to install 4.3 or 4.4 , first 
 take a look at the /etc/fstab file and write down the name of the /home 
 partition
 
 /dev/wd0h /home ffs rw,nodev,nosuid 1 2
 
 
 When installing the new version leave untouched that partition,  and after 
 first boot put the line manually in your new /etc/fstab
 
 I hope this can help !
 
 Jorge

Yep, that's been the general consensus in the other replies. Thanks
for the help, Jorge. Along with just having dumped everything and
rsynced my homedir, I also have fstab  quite a few other etc files
saved separately on my 2nd backup drive. Now all I have to do is try
to avoid 'fat fingers' as Nick advised. ;)
 
-- 

Denny White

===
GnuPG key  : 0x1644E79A  |  http://wwwkeys.nl.pgp.net
Fingerprint: D0A9 AD44 1F10 E09E 0E67  EC25 CB44 F2E5 1644 E79A
===

Re: Fresh install question

[Denny White]

On Tue, Nov 18, 2008 at 06:58:22AM +0530, Girish Venkatachalam spoke thusly:
 On 15:34:47 Nov 17, Jorge Valbuena wrote:
  One simple thing that i will try is:
  
  If is already installed OpenBSD 4.2 and  wants to install 4.3 or 4.4 , 
  first take a look at the /etc/fstab file and write down the name of the 
  /home partition
  
  /dev/wd0h /home ffs rw,nodev,nosuid 1 2
  
  
  When installing the new version leave untouched that partition,  and after 
  first boot put the line manually in your new /etc/fstab
  
  I hope this can help !
  
 
 It also helps to note down the starting and ending cylinders of the
 partition you want to preserve.
 
 You can think of the OpenBSD fdisk partition as one big contiguous block
 of sectors. Irrespective of its physical location, it is one single
 unidimensional series of sectors. Each sector is exactly 512 bytes.
 
 OpenBSD fdisk and disklabel unlike the ones found in other OSes always
 tell us the cylinder boundaries.
 
 This has helped me think a bit more clearly.
 
 -Girish
 

Thanks, Girish. Believe it or not, I actually thought to do that.
I know, miracles never cease. But thanks for reminding me. You
know from off list correspondence about how much my memory banks
will hold (or won't). ;)


-- 

Denny White

===
GnuPG key  : 0x1644E79A  |  http://wwwkeys.nl.pgp.net
Fingerprint: D0A9 AD44 1F10 E09E 0E67  EC25 CB44 F2E5 1644 E79A
===