Re: OpenBSD router stops functioning but still send CARP advertisements

[Simon Morvan]

Le 27/05/2009 15:38, Stuart Henderson a icrit :
 Simon Morvangar...@zone84.net  wrote:

 After a couple of hours/days one of the box stop functioning properly :
 no ping, no more SSH access but I still capture CARP avertisement on the
 network segments (when it occurs on the master). As a result, when it
 happens on the master, the slave does not take over.
  

 A few ideas...

 Do you have any different hardware you can try instead to rule out
 some incompatibility with the machines?  Have you checked for BIOS updates
 etc that might help?

 Can you break into DDB when this happens? (You'll need to set ddb.console=1
 in sysctl.conf and reboot if it's not already set). If you can, trace/ps might
 be useful. If not it's a useful data point. (make sure you can trigger it
 correctly while the system is running normally; ctrl+alt+esc on glass console,
 or BREAK on serial console; then you can 'c'ontinue).


For what is worth, I haven't got any problems in 5 days since I switched 
em0 and re0 roles. I can't tell if it's related to the NICs themselves. 
I wish I could make any further tests, but this is a production 
platform... If I manage to get that type of hardware again, or a 
comfortable maintenance window, I'll run a new stress test and let you know.

-- 
Simon.

Re: urtw(4)

[Predrag Punosevac]

I bought a new Wireles USB device, using 5-29-2008 amd64 snapshot

That is an awfully old snapshot. You might want to use something from
this year.

Cheers,
Predrag

P.S. Sorry Sam I couldn't resist:-) 

proper test for 64bitness of platform?

[Ted Walther]

I'm preparing a port of newLISP.  Is there a simple test I can run to
find out if the host platform is 64bit?  A #define has to be set in the
code according to whether the platform is 64bit or not.

Am I right in assuming that OpenBSD only supports 32bit and 64bit
platforms at the moment?

Ted

--
   There's a party in your skull.  And you're invited!

Name:Ted Walther
Phone:   604-755-7732
Skype:   tederific
Email:   t...@reactor-core.org
Address: 1755 246 St, LANGLEY BC  V2Z1G4

Re: PF/Carp/Pfsync

[Georg Kahest]

#   $OpenBSD: netstart,v 1.122 2008/07/23 16:05:47 sthen Exp $

#   $OpenBSD: rc,v 1.318 2008/07/09 20:23:47 djm Exp $

# uname -a
OpenBSD node1 4.4 GENERIC.MP#1 amd64

On P, 2009-05-31 at 19:32 +0200, Stuart Henderson wrote:
 On 2009-05-28, Georg Kahest ge...@viatel.ee wrote:
  Hello, i have strange problem with my Carp/Pfsync, when i manualy
  failover via carpdemote or ifconfig carpX down, then the failover works
  okey, it even works okey when one box goes down, but when the prefered
  master comes up again and starts to act as carp master, then client who
  has carp as its gateway loses some packets on the moment of failover, im
  wondering what could cause that, what could i have overlooked, and why
  the problem only exists when box comes from reboot, rather then always.
 
 Which OpenBSD version, and which versions of /etc/netstart and /etc/rc?
 
-- 
Georg Kahest ge...@viatel.ee
ProGroup Holding

Re: PF/Carp/Pfsync

[Stuart Henderson]

On 2009/06/01 12:55, Georg Kahest wrote:
 #   $OpenBSD: netstart,v 1.122 2008/07/23 16:05:47 sthen Exp $
 
 #   $OpenBSD: rc,v 1.318 2008/07/09 20:23:47 djm Exp $
 
 # uname -a
 OpenBSD node1 4.4 GENERIC.MP#1 amd64

It's not what I was thinking it might be then (there was a change
to the order of pfsync/pfctl in the startup scripts and I wondered
if it might have been relevant, but you already have that).

I'm not sure what it might be then..



 On P, 2009-05-31 at 19:32 +0200, Stuart Henderson wrote:
  On 2009-05-28, Georg Kahest ge...@viatel.ee wrote:
   Hello, i have strange problem with my Carp/Pfsync, when i manualy
   failover via carpdemote or ifconfig carpX down, then the failover works
   okey, it even works okey when one box goes down, but when the prefered
   master comes up again and starts to act as carp master, then client who
   has carp as its gateway loses some packets on the moment of failover, im
   wondering what could cause that, what could i have overlooked, and why
   the problem only exists when box comes from reboot, rather then always.
  
  Which OpenBSD version, and which versions of /etc/netstart and /etc/rc?

Re: PF/Carp/Pfsync

[Georg Kahest]

This log from prefered (master node), it seems that the problem is carp0
takes master even before carp1 has went to backup, how to resolve it, so
that they would go master at the same time.


Jun  1 14:45:54 node1 /bsd: carp0: state transition: INIT - BACKUP
Jun  1 14:45:54 node1 /bsd: carp: carp0 demoted group carp to 2
Jun  1 14:45:54 node1 /bsd: carp: carp0 demoted group egress to 0
Jun  1 14:45:54 node1 /bsd: carp1: state transition: INIT - BACKUP
Jun  1 14:45:54 node1 /bsd: carp: carp1 demoted group carp to 1
Jun  1 14:45:55 node1 /bsd: carp1: state transition: BACKUP - INIT
Jun  1 14:45:55 node1 /bsd: carp: carp1 demoted group carp to 2
Jun  1 14:45:57 node1 /bsd: carp0: state transition: BACKUP - MASTER
Jun  1 14:45:57 node1 /bsd: carp: pfsync0 demoted group carp to 1
Jun  1 14:45:57 node1 /bsd: carp: pfsync0 demoted group pfsync to 0
Jun  1 14:45:57 node1 /bsd: carp1: state transition: INIT - BACKUP
Jun  1 14:45:57 node1 /bsd: carp: carp1 demoted group carp to 0
Jun  1 14:46:00 node1 /bsd: carp1: state transition: BACKUP - MASTER


On E, 2009-06-01 at 13:14 +0200, Stuart Henderson wrote:
 On 2009/06/01 12:55, Georg Kahest wrote:
  #   $OpenBSD: netstart,v 1.122 2008/07/23 16:05:47 sthen Exp $
 
  #   $OpenBSD: rc,v 1.318 2008/07/09 20:23:47 djm Exp $
 
  # uname -a
  OpenBSD node1 4.4 GENERIC.MP#1 amd64
 
 It's not what I was thinking it might be then (there was a change
 to the order of pfsync/pfctl in the startup scripts and I wondered
 if it might have been relevant, but you already have that).
 
 I'm not sure what it might be then..
 
 
 
  On P, 2009-05-31 at 19:32 +0200, Stuart Henderson wrote:
   On 2009-05-28, Georg Kahest ge...@viatel.ee wrote:
Hello, i have strange problem with my Carp/Pfsync, when i manualy
failover via carpdemote or ifconfig carpX down, then the failover works
okey, it even works okey when one box goes down, but when the prefered
master comes up again and starts to act as carp master, then client who
has carp as its gateway loses some packets on the moment of failover, im
wondering what could cause that, what could i have overlooked, and why
the problem only exists when box comes from reboot, rather then always.
  
   Which OpenBSD version, and which versions of /etc/netstart and /etc/rc?
-- 
Georg Kahest ge...@viatel.ee
ProGroup Holding

Re: PF/Carp/Pfsync

[Georg Kahest]

i had modified rc conf a little and last log paste was because of that
modification, this is the current log, but still the client behind lan
carp loses its packets, first to his gateway with host uncreachable and
after few packets its timeout, and then everything starts working okey.
 
Jun  1 15:20:05 node1 savecore: no core dump
Jun  1 15:20:07 node1 /bsd: carp0: state transition: INIT - BACKUP
Jun  1 15:20:07 node1 /bsd: carp: carp0 demoted group carp to 2
Jun  1 15:20:07 node1 /bsd: carp: carp0 demoted group egress to 0
Jun  1 15:20:07 node1 /bsd: carp1: state transition: INIT - BACKUP
Jun  1 15:20:07 node1 /bsd: carp: carp1 demoted group carp to 1
Jun  1 15:20:10 node1 /bsd: carp0: state transition: BACKUP - MASTER
Jun  1 15:20:10 node1 /bsd: carp1: state transition: BACKUP - MASTER
Jun  1 15:20:10 node1 /bsd: carp: pfsync0 demoted group carp to 0
Jun  1 15:20:10 node1 /bsd: carp: pfsync0 demoted group pfsync to 0


On E, 2009-06-01 at 13:14 +0200, Stuart Henderson wrote:
 On 2009/06/01 12:55, Georg Kahest wrote:
  #   $OpenBSD: netstart,v 1.122 2008/07/23 16:05:47 sthen Exp $
 
  #   $OpenBSD: rc,v 1.318 2008/07/09 20:23:47 djm Exp $
 
  # uname -a
  OpenBSD node1 4.4 GENERIC.MP#1 amd64
 
 It's not what I was thinking it might be then (there was a change
 to the order of pfsync/pfctl in the startup scripts and I wondered
 if it might have been relevant, but you already have that).
 
 I'm not sure what it might be then..
 
 
 
  On P, 2009-05-31 at 19:32 +0200, Stuart Henderson wrote:
   On 2009-05-28, Georg Kahest ge...@viatel.ee wrote:
Hello, i have strange problem with my Carp/Pfsync, when i manualy
failover via carpdemote or ifconfig carpX down, then the failover works
okey, it even works okey when one box goes down, but when the prefered
master comes up again and starts to act as carp master, then client who
has carp as its gateway loses some packets on the moment of failover, im
wondering what could cause that, what could i have overlooked, and why
the problem only exists when box comes from reboot, rather then always.
  
   Which OpenBSD version, and which versions of /etc/netstart and /etc/rc?
-- 
Georg Kahest ge...@viatel.ee
ProGroup Holding

Re: PF/Carp/Pfsync

[Georg Kahest]

Okey i think i figured it out, the problem was with my switch spanning
tree, when i disabled it for appropiate vlans everything started to work
correctly.


On E, 2009-06-01 at 13:14 +0200, Stuart Henderson wrote:
 On 2009/06/01 12:55, Georg Kahest wrote:
  #   $OpenBSD: netstart,v 1.122 2008/07/23 16:05:47 sthen Exp $
 
  #   $OpenBSD: rc,v 1.318 2008/07/09 20:23:47 djm Exp $
 
  # uname -a
  OpenBSD node1 4.4 GENERIC.MP#1 amd64
 
 It's not what I was thinking it might be then (there was a change
 to the order of pfsync/pfctl in the startup scripts and I wondered
 if it might have been relevant, but you already have that).
 
 I'm not sure what it might be then..
 
 
 
  On P, 2009-05-31 at 19:32 +0200, Stuart Henderson wrote:
   On 2009-05-28, Georg Kahest ge...@viatel.ee wrote:
Hello, i have strange problem with my Carp/Pfsync, when i manualy
failover via carpdemote or ifconfig carpX down, then the failover works
okey, it even works okey when one box goes down, but when the prefered
master comes up again and starts to act as carp master, then client who
has carp as its gateway loses some packets on the moment of failover, im
wondering what could cause that, what could i have overlooked, and why
the problem only exists when box comes from reboot, rather then always.
  
   Which OpenBSD version, and which versions of /etc/netstart and /etc/rc?
-- 
Georg Kahest ge...@viatel.ee
ProGroup Holding

Re: proper test for 64bitness of platform?

[Stuart Henderson]

On 2009-06-01, Ted Walther t...@enumera.com wrote:
 I'm preparing a port of newLISP.  Is there a simple test I can run to
 find out if the host platform is 64bit?  A #define has to be set in the
 code according to whether the platform is 64bit or not.

We set _LP64 and __LP64__ variables on 64-bit arch.

$ cpp -dM /dev/null | grep LP64
#define _LP64 1
#define __LP64__ 1

 Am I right in assuming that OpenBSD only supports 32bit and 64bit
 platforms at the moment?

You're right, we only support 32- and 64-bit platforms.

Re: PF/Carp/Pfsync

[Georg Kahest]

Okey now that the failover seems to be work i have hit another problem,
the thing is when failover occurs and other node takes over, the client
connection wont hit right ALTQ queue anymore, rather it goes
unqueued(full speed) , and only the new connections initated after
failover will hit the right queue, is there anything i can do to fix it,
or its design flaw that cannot be corrected? 

On E, 2009-06-01 at 14:37 +0200, georg wrote:
 Okey i think i figured it out, the problem was with my switch spanning
 tree, when i disabled it for appropiate vlans everything started to work
 correctly.
 
 
 On E, 2009-06-01 at 13:14 +0200, Stuart Henderson wrote:
  On 2009/06/01 12:55, Georg Kahest wrote:
   #   $OpenBSD: netstart,v 1.122 2008/07/23 16:05:47 sthen Exp $
  
   #   $OpenBSD: rc,v 1.318 2008/07/09 20:23:47 djm Exp $
  
   # uname -a
   OpenBSD node1 4.4 GENERIC.MP#1 amd64
 
  It's not what I was thinking it might be then (there was a change
  to the order of pfsync/pfctl in the startup scripts and I wondered
  if it might have been relevant, but you already have that).
 
  I'm not sure what it might be then..
 
 
 
   On P, 2009-05-31 at 19:32 +0200, Stuart Henderson wrote:
On 2009-05-28, Georg Kahest ge...@viatel.ee wrote:
 Hello, i have strange problem with my Carp/Pfsync, when i manualy
 failover via carpdemote or ifconfig carpX down, then the failover 
 works
 okey, it even works okey when one box goes down, but when the prefered
 master comes up again and starts to act as carp master, then client 
 who
 has carp as its gateway loses some packets on the moment of failover, 
 im
 wondering what could cause that, what could i have overlooked, and why
 the problem only exists when box comes from reboot, rather then 
 always.
   
Which OpenBSD version, and which versions of /etc/netstart and /etc/rc?
 --
 Georg Kahest ge...@viatel.ee
 ProGroup Holding
 
-- 
Georg Kahest ge...@viatel.ee
ProGroup Holding

Re: PF/Carp/Pfsync

[Stuart Henderson]

On 2009/06/01 15:57, Georg Kahest wrote:
 Okey now that the failover seems to be work i have hit another problem,
 the thing is when failover occurs and other node takes over, the client
 connection wont hit right ALTQ queue anymore, rather it goes
 unqueued(full speed) , and only the new connections initated after
 failover will hit the right queue, is there anything i can do to fix it,
 or its design flaw that cannot be corrected? 

That should have been fixed before 4.4; are the rulesets identical
between the firewalls?

 On E, 2009-06-01 at 14:37 +0200, georg wrote:
  Okey i think i figured it out, the problem was with my switch spanning
  tree, when i disabled it for appropiate vlans everything started to work
  correctly.

Ahh. Makes sense.

Re: PF/Carp/Pfsync

[Georg Kahest]

Yes the rulesets are identical, strange thing is from pftop it seems
that it hits default queue (25mbit queue) but somehow the client gets
10~MB/s what seems more of interface root queue value rather then that
default queue. Thou the real queue it should use is at 8mbit.

On E, 2009-06-01 at 15:09 +0200, Stuart Henderson wrote:
 On 2009/06/01 15:57, Georg Kahest wrote:
  Okey now that the failover seems to be work i have hit another problem,
  the thing is when failover occurs and other node takes over, the client
  connection wont hit right ALTQ queue anymore, rather it goes
  unqueued(full speed) , and only the new connections initated after
  failover will hit the right queue, is there anything i can do to fix it,
  or its design flaw that cannot be corrected?
 
 That should have been fixed before 4.4; are the rulesets identical
 between the firewalls?
 
  On E, 2009-06-01 at 14:37 +0200, georg wrote:
   Okey i think i figured it out, the problem was with my switch spanning
   tree, when i disabled it for appropiate vlans everything started to work
   correctly.
 
 Ahh. Makes sense.
 
-- 
Georg Kahest ge...@viatel.ee
ProGroup Holding

Re: Rewriting Addresses in SMTPD

[Jacek Masiulaniec]

On Sun, May 31, 2009 at 10:56:50PM -0400, Aaron W. Hsu wrote:
 Is there a way in smtpd(8) yet, to do something like genericstables in 
 sendmail? Right now, when my client sendmail sends out a mail, it 
 rewrites the envelope and the From addresses to be valid email addresses 
 with the domain that I want tacked on to the username. I couldn't 
 find a way to do this in smtpd.conf(5), which seems to have aliases 
 and virtual domain maps for receiving mail, but not sending it.

We don't have it yet.  We will at one point.

 If this is better done before the mail is sent to smtpd(8), is there 
 a way to do this with mail(1)?

You may pass sendmail options to mail(1), eg.:

  echo test | mail root -f f...@foo.com -F Fred

Not sure how useful that is in your case.

Re: Rewriting Addresses in SMTPD

[Gilles Chehade]

On Mon, Jun 01, 2009 at 04:11:29PM +0200, Jacek Masiulaniec wrote:
 On Sun, May 31, 2009 at 10:56:50PM -0400, Aaron W. Hsu wrote:
  Is there a way in smtpd(8) yet, to do something like genericstables in 
  sendmail? Right now, when my client sendmail sends out a mail, it 
  rewrites the envelope and the From addresses to be valid email addresses 
  with the domain that I want tacked on to the username. I couldn't 
  find a way to do this in smtpd.conf(5), which seems to have aliases 
  and virtual domain maps for receiving mail, but not sending it.
 
 We don't have it yet.  We will at one point.
 
  If this is better done before the mail is sent to smtpd(8), is there 
  a way to do this with mail(1)?
 
 You may pass sendmail options to mail(1), eg.:
 
   echo test | mail root -f f...@foo.com -F Fred
 
 Not sure how useful that is in your case.


Ooops, i replied in private, but basically what i said was:

it is on a todo list, we'll work on it, but there's stuff to finish
prior to that.

Gilles

Re: Wireless help, please

[Ben Goren]

On 2009 May 31, at 2:53 PM, Fred Crowson wrote:

 How is your iMac getting its IP address?

When I manually set up the IP address (etc.) for the iMac, I get  
several seconds of connectivity before the link goes dead. That  
doesn't seem to be enough time to get a DHCP lease, though I do have  
dhcpd running on the OpenBSD laptop.

The same laptop provides dhcp services to the iMac on the wired  
network just fine.

Cheers,

b

[demime 1.01d removed an attachment of type application/pkcs7-signature which 
had a name of smime.p7s]

PF, pfctl and parse.y

[Anton Maksimenkov]

I want add keyword to PF's rule. I started with pfctl. Suppose I want
to add keyword spraychld.
So, I add field to struct pf_rule (as showed in diff below) and tried
to add keyword to pfctl's parse.y processor.
But it won't to compile.

Where I was wrong?

# cd/usr/src/sbin/pfctl
# make clean  make depend  make
rm -f a.out [Ee]rrs mklog core *.core y.tab.h  pfctl pfctl.o parse.o
pfctl_parser.o pf_print_state.o pfctl_altq.o pfctl_osfp.o
pfctl_radix.o pfctl_table.o pfctl_qstats.o pfctl_optimize.o
pf_ruleset.o  pfctl.ln pfctl_parser.ln pf_print_state.ln pfctl_altq.ln
pfctl_osfp.ln pfctl_radix.ln pfctl_table.ln pfctl_qstats.ln
pfctl_optimize.ln pf_ruleset.ln parse.ln   parse.c
yacc  parse.y
mv y.tab.c parse.c
mkdep -a -I/usr/src/sbin/pfctl pfctl.c pfctl_parser.c pf_print_state.c
pfctl_altq.c pfctl_osfp.c pfctl_radix.c pfctl_table.c pfctl_qstats.c
pfctl_optimize.c /usr/src/sbin/pfctl/../../sys/net/pf_ruleset.c
parse.c
cc -O2 -pipe  -Wall -Wmissing-prototypes -Wno-uninitialized
-Wstrict-prototypes -I/usr/src/sbin/pfctl   -c pfctl.c
cc -O2 -pipe  -Wall -Wmissing-prototypes -Wno-uninitialized
-Wstrict-prototypes -I/usr/src/sbin/pfctl   -c parse.c
parse.y: In function `yyparse':
parse.y:1876: error: structure has no member named `spraychld'
*** Error code 1

Stop in /usr/src/sbin/pfctl (line 92 of /usr/share/mk/sys.mk).


Here is the diff:
Index: sys/net/pfvar.h
===
RCS file: /cvs/src/sys/net/pfvar.h,v
retrieving revision 1.283
diff -N -u sys/net/pfvar.h
--- sys/net/pfvar.h 16 Feb 2009 00:31:25 -  1.283
+++ sys/net/pfvar.h 1 Jun 2009 15:41:13 -
@@ -581,6 +581,7 @@
 #define PF_STATE_MODULATE  0x2
 #define PF_STATE_SYNPROXY  0x3
u_int8_t keep_state;
+   u_int8_t spraychld;
sa_family_t  af;
u_int8_t proto;
u_int8_t type;
Index: sbin/pfctl/parse.y
===
RCS file: /cvs/src/sbin/pfctl/parse.y,v
retrieving revision 1.555
diff -N -u sbin/pfctl/parse.y
--- sbin/pfctl/parse.y  19 Feb 2009 17:08:42 -  1.555
+++ sbin/pfctl/parse.y  1 Jun 2009 15:42:25 -
@@ -210,6 +210,7 @@
 #define FOM_TOS0x04
 #define FOM_KEEP   0x08
 #define FOM_SRCTRACK   0x10
+#define FOM_SPRAYCHLD  0x12
struct node_uid *uid;
struct node_gid *gid;
struct {
@@ -225,6 +226,7 @@
int  action;
struct node_state_opt   *options;
} keep;
+   u_int8_t spraychld;
int  fragment;
int  allowopts;
char*label;
@@ -432,7 +434,7 @@

 %token PASS BLOCK SCRUB RETURN IN OS OUT LOG QUICK ON FROM TO FLAGS
 %token RETURNRST RETURNICMP RETURNICMP6 PROTO INET INET6 ALL ANY ICMPTYPE
-%token ICMP6TYPE CODE KEEP MODULATE STATE PORT RDR NAT BINAT ARROW NODF
+%token ICMP6TYPE CODE KEEP MODULATE STATE SPRAYCHLD PORT RDR NAT
BINAT ARROW NODF
 %token MINTTL ERROR ALLOWOPTS FASTROUTE FILENAME ROUTETO DUPTO REPLYTO NO LABEL
 %token NOROUTE URPFFAILED FRAGMENT USER GROUP MAXMSS MAXIMUM TTL TOS DROP TABLE
 %token REASSEMBLE FRAGDROP FRAGCROP ANCHOR NATANCHOR RDRANCHOR BINATANCHOR
@@ -1871,6 +1873,7 @@
r.quick = $3.quick;
r.prob = $9.prob;
r.rtableid = $9.rtableid;
+   r.spraychld = $9.spraychld; /* 1876 line HERE */

r.af = $6;
if ($9.tag)
@@ -2305,6 +2308,14 @@
filter_opts.marker |= FOM_TOS;
filter_opts.tos = $2;
}
+   | SPRAYCHLD {
+   if (filter_opts.marker  FOM_SPRAYCHLD) {
+   yyerror(spraychld cannot be redefined);
+   YYERROR;
+   }
+   filter_opts.marker |= FOM_SPRAYCHLD;
+   filter_opts.spraychld = 1;
+   }
| keep {
if (filter_opts.marker  FOM_KEEP) {
yyerror(modulate or keep cannot be redefined);
@@ -5321,6 +5332,7 @@
{ sloppy, SLOPPY},
{ source-hash,SOURCEHASH},
{ source-track,   SOURCETRACK},
+   { spraychld,  SPRAYCHLD},
{ state,  STATE},
{ state-defaults, STATEDEFAULTS},
{ state-policy,   STATEPOLICY},

-- 
antonvm

Re: proper test for 64bitness of platform?

[Matthias Kilian]

 We set _LP64 and __LP64__ variables on 64-bit arch.

 $ cpp -dM /dev/null | grep LP64
 #define _LP64 1
 #define __LP64__ 1

It should also be ok to (ab)use LONG_BIT from limits.h, depending
on how the code is 64 bit specific.

Ciao,
Kili

Re: proper test for 64bitness of platform?

[bofh]

On Mon, Jun 1, 2009 at 8:51 AM, Stuart Henderson s...@spacehopper.org wrote:

 You're right, we only support 32- and 64-bit platforms.

What?!  No 128 bit support?!  Oh my god, the sky is falling, how can
you secure stuff in only 64 bit, the sky is falling, etc etc! :)

Actually, what I want is variable bit support, like, iirc, the PDP
(I'm too young to actually remember one of these).


-- 
http://www.glumbert.com/media/shift
http://www.youtube.com/watch?v=tGvHNNOLnCk
This officer's men seem to follow him merely out of idle curiosity.
-- Sandhurst officer cadet evaluation.
Securing an environment of Windows platforms from abuse - external or
internal - is akin to trying to install sprinklers in a fireworks
factory where smoking on the job is permitted.  -- Gene Spafford
learn french:  http://www.youtube.com/watch?v=j1G-3laJJP0feature=related

Gkrellmd in 4.5

[Lars Kotthoff]

Hi all,

 I've just upgraded to 4.5 and gkrellmd (gkrellm-server) package seems to have a
memory leak -- it's RAM usage is growing constantly and is at about 20M resident
now, less than one day after starting the machine.

Did anybody experience anything similar and knows a fix?

Thanks,

Lars

Re: proper test for 64bitness of platform?

[Ted Walther]

On Mon, Jun 01, 2009 at 12:51:31PM +, Stuart Henderson wrote:

On 2009-06-01, Ted Walther t...@enumera.com wrote:

I'm preparing a port of newLISP.  Is there a simple test I can run to
find out if the host platform is 64bit?  A #define has to be set in the
code according to whether the platform is 64bit or not.


We set _LP64 and __LP64__ variables on 64-bit arch.

$ cpp -dM /dev/null | grep LP64
#define _LP64 1
#define __LP64__ 1


Thank you Stuart.  It looks like all platforms with gcc support these
two defines.  Is there any reason to prefer one or another?  Google
found a netbsd post where someone said to prefer _LP64, then another
person said that is only for kernel use, use __arch64__ in userland.

Ted

--
   There's a party in your skull.  And you're invited!

Name:Ted Walther
Phone:   604-755-7732
Skype:   tederific
Email:   t...@reactor-core.org
Address: 1755 246 St, LANGLEY BC  V2Z1G4

Re: urtw(4)

[Sam Fourman Jr.]

On Mon, Jun 1, 2009 at 2:31 AM, Predrag Punosevac punoseva...@gmail.com wrote:
I bought a new Wireles USB device, using 5-29-2008 amd64 snapshot

 That is an awfully old snapshot. You might want to use something from
 this year.

 Cheers,
 Predrag

 P.S. Sorry Sam I couldn't resist:-)

Sorry that was a typo it is a very current snapshot, it is from 5-29-2009

Sam

Detailed usage graphs w/PF

[Steven Surdock]

Greetings,

I'm looking at using a pair of OBSD systems to perform a couple of
functions,
  +  ISP load balancing  failover (using NAT)
  +  Site to Site IPSec termination (via ipsec)
  +  Egress Bandwidth Management (via PF)
  +  Web/HTML Detailed usage reporting (via ??)

I've done the first three, and the last with flow-tools, but has anyone
used anything a little friendlier than flow-tools/flowscan to get
detailed (per IP, per protocol, per port) usage reporting?  I also see
that pfflowd is marked as broken due to pfsync changes.  I suspect this
means I'll need to use 4.4 if I want to use pfflowd...  Thanks!

-Steve S.

Re: Gkrellmd in 4.5

[Antoine Jacoutot]

On Mon, 1 Jun 2009, Lars Kotthoff wrote:

 Hi all,
 
  I've just upgraded to 4.5 and gkrellmd (gkrellm-server) package seems to 
 have a
 memory leak -- it's RAM usage is growing constantly and is at about 20M 
 resident
 now, less than one day after starting the machine.
 
 Did anybody experience anything similar and knows a fix?

Yup.
Fixed in current more than 2 months ago:

http://www.openbsd.org/cgi-bin/cvsweb/ports/sysutils/gkrellm/gkrellm/patches/patch-src_sysdeps_openbsd_c.diff?r1=1.13;r2=1.14;f=h


-- 
Antoine

Re: WebHosting Management Software

[Vadim Zhukov]

On Friday 29 May 2009 05:24:33 Insan Praja SW wrote:
 Hi Misc@,
 I'm currently looking for some OpenBSD-friendly (OpenSource/Free)
 WebHosting Management software. My colleagues seem to find a hardtimes
 for this kind of software works with OpenBSD.
 Any clue and input appreciated.
 Thanks,

WebMin/UserMin _was_ in ports, you can try to take port from Attic and 
update. It has awful security track, though.

I think you can also set up cPanel, it's mostly Perl-based so not a big 
problem. But it'll require some discussion with its authors about 
compiling cPanel kernel for OpenBSD. AFAIK, you'll have success 
chances if you order more than one license from them. (And yes, it's a 
piece of very, very crap code too).

-- 
  Best wishes,
Vadim Zhukov

A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
A: Top-posting.
Q: What is the most annoying thing in e-mail?

Re: Detailed usage graphs w/PF

[Jason Dixon]

On Mon, Jun 01, 2009 at 03:58:08PM -0400, Steven Surdock wrote:
 Greetings,
 
 I'm looking at using a pair of OBSD systems to perform a couple of
 functions,
   +  ISP load balancing  failover (using NAT)
   +  Site to Site IPSec termination (via ipsec)
   +  Egress Bandwidth Management (via PF)
   +  Web/HTML Detailed usage reporting (via ??)
 
 I've done the first three, and the last with flow-tools, but has anyone
 used anything a little friendlier than flow-tools/flowscan to get
 detailed (per IP, per protocol, per port) usage reporting?  I also see
 that pfflowd is marked as broken due to pfsync changes.  I suspect this
 means I'll need to use 4.4 if I want to use pfflowd...  Thanks!

You don't need pfflowd any longer.

man 4 pflow

-- 
Jason Dixon
DixonGroup Consulting
http://www.dixongroup.net/

Re: PF, pfctl and parse.y

[Henning Brauer]

* Anton Maksimenkov anton...@gmail.com [2009-06-01 17:48]:
 I want add keyword to PF's rule. I started with pfctl. Suppose I want
 to add keyword spraychld.
 So, I add field to struct pf_rule (as showed in diff below) and tried
 to add keyword to pfctl's parse.y processor.
 But it won't to compile.
 
 Where I was wrong?

you don't have the changed pfvar.h in /usr/include/net/

-- 
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting - Hamburg  Amsterdam

Re: PF/Carp/Pfsync

[Henning Brauer]

* Georg Kahest ge...@viatel.ee [2009-06-01 15:21]:
 Yes the rulesets are identical, strange thing is from pftop it seems
 that it hits default queue (25mbit queue) but somehow the client gets
 10~MB/s what seems more of interface root queue value rather then that
 default queue. Thou the real queue it should use is at 8mbit.

that is expected with states without reference back to a rule. this
clearly proves your rulesets are not identical, because otherwise that
ref would have been there.
and in any case - current behaves differently, queueing info now lives
on the state.

-- 
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting - Hamburg  Amsterdam

Re: Gkrellmd in 4.5

[Lars Kotthoff]

 Yup.
 Fixed in current more than 2 months ago:

Excellent, thanks!

Lars

List of old forked or frozen code like apache that needs cleanup?

[Daniel Ouellet]

Hi,

Is there some code in the tree that like apache a few years ago stop 
following the source for valid license reason, or was forked, kind of, 
that would need or benefit from cleanup just like I did apache in 2004-2006?


Kind of disgraceful janitor work if you like, but that would be 
beneficial never the less and sure clean the tree a little bit.


I am asking as I have a few guys that want to learn some stuff and I 
would take this on myself to make it happen somehow if there is a need 
for it or some that needs to be done. Worst case I could do some myself 
like in the pass years.


Anything that have a bunch of Windows, Novel, or what not code in there 
that is frozen or only maintain by OpenBSD now that needs cleanup would 
be nice to know.


Fell free to reply in private as to not pollute the list unless there is 
a need for it. Make your list as long as you want so that I may pick 
something interesting if possible, or that really is in bad need of dead 
code removal under OpenBSD.


If there is a real need for that, then I could start sending diff's for it.

Thanks for your time!

Daniel

Re: Detailed usage graphs w/PF

[Stuart Henderson]

On 2009-06-01, Steven Surdock ssurd...@engineered-net.com wrote:
 Greetings,

 I'm looking at using a pair of OBSD systems to perform a couple of
 functions,
   +  ISP load balancing  failover (using NAT)
   +  Site to Site IPSec termination (via ipsec)
   +  Egress Bandwidth Management (via PF)
   +  Web/HTML Detailed usage reporting (via ??)

 I've done the first three, and the last with flow-tools, but has anyone
 used anything a little friendlier than flow-tools/flowscan to get
 detailed (per IP, per protocol, per port) usage reporting?  I also see
 that pfflowd is marked as broken due to pfsync changes.  I suspect this
 means I'll need to use 4.4 if I want to use pfflowd...  Thanks!

use pflow from base OS to export flows; we have nfdump and nfprofile
in ports to log them, and there is a web UI nfsen that goes with these
(not in ports yet, but it has its own installer) that you can use to
make it look all pretty.

http://www.ripe.net/ripe/meetings/ripe-50/presentations/ripe50-plenary-tue-nfsen-nfdump.pdf

Re: proper test for 64bitness of platform?

[Ted Walther]

On Mon, Jun 01, 2009 at 07:50:59PM +0200, Matthias Kilian wrote:

We set _LP64 and __LP64__ variables on 64-bit arch.

$ cpp -dM /dev/null | grep LP64
#define _LP64 1
#define __LP64__ 1


It should also be ok to (ab)use LONG_BIT from limits.h, depending
on how the code is 64 bit specific.


Whichever solution is best, it would be nice if it was somewhat portable
to other unices.  The _LP64 || __LP64__ solution seems to be portable
anywhere a recent version of gcc is in use.

Ted

--
   There's a party in your skull.  And you're invited!

Name:Ted Walther
Phone:   604-755-7732
Skype:   tederific
Email:   t...@reactor-core.org
Address: 1755 246 St, LANGLEY BC  V2Z1G4

Re: Is anyone using the TeX Live DVD binaries for OpenBSD?

[Stefan Wollny]

Am Mon, 1 Jun 2009 00:08:19 +0100
schrieb Edd Barrett vex...@gmail.com:

 Hi,

 Over at the TeX Live camp we are wondering if anyone is using the
 binaries found on the DVD distributed by the TeX User Group on
 OpenBSD?

...

Hi Edd,

please excuse if this may sound odd to you - but do those binaries on
the TeX Live DVD differ to those you provide via
http://www.openbsd.org/4.5_packages/i386/texlive_texmf-full-2008p1.tgz-long.h
tml?

BTW: Thank you for maintaining this port - it works like a charm!

Kind regards,
STEFAN

[demime 1.01d removed an attachment of type application/pgp-signature which had 
a name of signature.asc]

netstat byte counter wrap?

[Cameron Schaus]

Do the netstat ibytes and obytes counters wrap, and if so at what limit 
do they wrap?


eg.
# netstat -nbI fxp0  
NameMtu   Network Address   Ibytes Obytes

fxp01500  Link  00:10:f3:08:5c:69 1269729588 2520482812

Cam

Re: netstat byte counter wrap?

[Claudio Jeker]

On Mon, Jun 01, 2009 at 06:02:28PM -0600, Cameron Schaus wrote:
 Do the netstat ibytes and obytes counters wrap, and if so at what limit  
 do they wrap?


Yes, they will wrap. The limit is 2^64 - 1 so don't expect it to happen
anytime soon.

 eg.
 # netstat -nbI fxp0  NameMtu   Network Address   
 Ibytes Obytes
 fxp01500  Link  00:10:f3:08:5c:69 1269729588 2520482812

 Cam


-- 
:wq Claudio

Re: Detailed usage graphs w/PF

[Diana Eichert]

I know you asked about pretty picture graphs, but I will second
Stuart's recommendation of nfdump.  Graphs may be pretty but if
you want to dig into the data nfdump is very useful.

diana

On Mon, 1 Jun 2009, Stuart Henderson wrote:


On 2009-06-01, Steven Surdock ssurd...@engineered-net.com wrote:
use pflow from base OS to export flows; we have nfdump and nfprofile
in ports to log them, and there is a web UI nfsen that goes with these
(not in ports yet, but it has its own installer) that you can use to
make it look all pretty.

http://www.ripe.net/ripe/meetings/ripe-50/presentations/ripe50-plenary-tue-nfsen-nfdump.pdf

Re: List of old forked or frozen code like apache that needs cleanup?

[Евгений Юнак]

Hi!
Personally, i think this is a really good question, because there are many
people, who are just starting up, and they could be of some help, if they
knew what to do. I think it would be a great idea of having a general list of
what needs to be done, in any way, and what should not. And the ideas about
future improvements can be published somewhere and discussed. It will
be very beneficial for possible new developers, and won't be hard to
implement
and maintain.
How do you feel about it?

-- 
The best the little guy can do is what
the little guy does right

Re: List of old forked or frozen code like apache that needs cleanup?

[Jacob Meuser]

On Tue, Jun 02, 2009 at 05:05:09AM +0300, ???  wrote:
 Hi!
 Personally, i think this is a really good question, because there are many
 people, who are just starting up, and they could be of some help, if they
 knew what to do. I think it would be a great idea of having a general list of
 what needs to be done, in any way, and what should not. And the ideas about
 future improvements can be published somewhere and discussed. It will
 be very beneficial for possible new developers, and won't be hard to
 implement
 and maintain.
 How do you feel about it?

I think it's far more productive to just go ahead and work on what you
want, then see if other people agree with what you've done.  even if
no one else agrees, you'll probably learn something.  actually, you'll
probably learn more if people don't agree ...

as far as old or forked code, just look through the sources and cvs
commits.

-- 
jake...@sdf.lonestar.org
SDF Public Access UNIX System - http://sdf.lonestar.org

Re: List of old forked or frozen code like apache that needs cleanup?

[patrick keshishian]

On Mon, Jun 1, 2009 at 7:05 PM, PP2P3P5P=P8P9 P.P=P0P: e.yu...@gmail.com
wrote:
 Hi!
 Personally, i think this is a really good question, because there are many
 people, who are just starting up, and they could be of some help, if they
 knew what to do. I think it would be a great idea of having a general list
of
 what needs to be done

You mean something like the bug database?

http://www.openbsd.org/query-pr.html

select State: Open click Query PRs. You can even customize the
list by Category, Class, Severity and Priority.

--patrick

Re: List of old forked or frozen code like apache that needs cleanup?

[Евгений Юнак]

2009/6/2 patrick keshishian pkesh...@gmail.com:
 On Mon, Jun 1, 2009 at 7:05 PM, PP2P3P5P=P8P9 P.P=P0P: e.yu...@gmail.com
wrote:
 Hi!
 Personally, i think this is a really good question, because there are many
 people, who are just starting up, and they could be of some help, if they
 knew what to do. I think it would be a great idea of having a general list
of
 what needs to be done

 You mean something like the bug database?

Yes, but the tracker is about bugs, there is no such category as
enhancement proposal. Maybe, just include such class? And i feel
there still is a need for
a list of what needs to be done, and who is responsible (think most active
developers) for what subsystem. That will bring more openness to the
development process, and it actually helps. OpenBSD was the first one to
have public anon cvs. Having such tools is a normal way of communication in
a big open source project, isn't it?
Don't get me wrong, i'm not requesting or demanding anything, i'm just
throwing me ideas, hoping it would help the community become involved.
I know many (three to four, actually ;)) happy OpenBSD users, who would
love to contribute, but they don't know where to start with. Reading
code that already exist, then writing some new - that's how it always
works, but when
you are unexperienced and just want to give it a try it really helps
when someone
points out what to do for you, so you just have to find a way to do
it. It's also
always good to know that someone needs your code, your work, not that it will
be thrown away, it helps motivating. People are all different, and for
some of them  this is important. Also, one brain is good, ten are much
better, so if
by any chance i can get an experienced kernel hacker review my idea before
i actually code it, i would greatly appreciate that.
Am i completely wrong and should shut up? I'm fine with it, just tell me,
thanks for your time!

--
The best the little guy can do is what
the little guy does right

Re: List of old forked or frozen code like apache that needs cleanup?

[patrick keshishian]

On Mon, Jun 1, 2009 at 8:12 PM, PP2P3P5P=P8P9 P.P=P0P: e.yu...@gmail.com
wrote:
 2009/6/2 patrick keshishian pkesh...@gmail.com:
 On Mon, Jun 1, 2009 at 7:05 PM, PP2P3P5P=P8P9 P.P=P0P: e.yu...@gmail.com
wrote:
 Hi!
 Personally, i think this is a really good question, because there are
many
 people, who are just starting up, and they could be of some help, if they
 knew what to do. I think it would be a great idea of having a general list
of
 what needs to be done

 You mean something like the bug database?

 Yes, but the tracker is about bugs, there is no such category as
 enhancement proposal. Maybe, just include such class? And i feel
 there still is a need for
 a list of what needs to be done, and who is responsible (think most active

personally, fixing existing bugs should be on top of what needs to be
done. writing new code, with new bugs should definitely come after
fixing existing issues.

 developers) for what subsystem. That will bring more openness to the
 development process, and it actually helps. OpenBSD was the first one to
 have public anon cvs. Having such tools is a normal way of communication in
 a big open source project, isn't it?
 Don't get me wrong, i'm not requesting or demanding anything, i'm just
 throwing me ideas, hoping it would help the community become involved.
 I know many (three to four, actually ;)) happy OpenBSD users, who would
 love to contribute, but they don't know where to start with. Reading
 code that already exist, then writing some new - that's how it always
 works, but when
 you are unexperienced and just want to give it a try it really helps
 when someone
 points out what to do for you, so you just have to find a way to do
 it. It's also
 always good to know that someone needs your code, your work, not that it
will
 be thrown away, it helps motivating.

one of the obsd developers recently (yesterday maybe?) said something
to the effect of before writing code one should read a lot of code. i
agree.

fixing bugs should be a good place for anyone really interested in
improving the system they use on daily basis. new code is sexy. but if
that's what you are after, you probably don't care too much about the
base system.

 People are all different, and for
 some of them B this is important. Also, one brain is good, ten are much
 better, so if
 by any chance i can get an experienced kernel hacker review my idea before
 i actually code it, i would greatly appreciate that.

I don't mean to speak for any developer, but, i am pretty sure an
experienced kernel hacker would much rather see code than spend time
discussing ideas, or at least some proof-of-concept code. spending
time discussing something with someone, who after all it's said and
done, may end up never get it coded, could turn out to be a colossal
waste of time and energy.

just my 2-cents of worthless US fiat money.

--patrick

Re: List of old forked or frozen code like apache that needs cleanup?

[Christiano Farina Haesbaert]

On Tue, Jun 02, 2009 at 06:12:36AM +0300, ??  wrote:
 2009/6/2 patrick keshishian pkesh...@gmail.com:
  On Mon, Jun 1, 2009 at 7:05 PM, PP2P3P5P=P8P9 P.P=P0P:
e.yu...@gmail.com
 wrote:
  Hi!
  Personally, i think this is a really good question, because there are
many
  people, who are just starting up, and they could be of some help, if
they
  knew what to do. I think it would be a great idea of having a general
list
 of
  what needs to be done
 
  You mean something like the bug database?

 Yes, but the tracker is about bugs, there is no such category as
 enhancement proposal. Maybe, just include such class? And i feel
 there still is a need for
 a list of what needs to be done, and who is responsible (think most active
 developers) for what subsystem. That will bring more openness to the
 development process, and it actually helps. OpenBSD was the first one to
 have public anon cvs. Having such tools is a normal way of communication in
 a big open source project, isn't it?
 Don't get me wrong, i'm not requesting or demanding anything, i'm just
 throwing me ideas, hoping it would help the community become involved.
 I know many (three to four, actually ;)) happy OpenBSD users, who would
 love to contribute, but they don't know where to start with. Reading
 code that already exist, then writing some new - that's how it always
 works, but when
 you are unexperienced and just want to give it a try it really helps
 when someone
 points out what to do for you, so you just have to find a way to do
 it. It's also
 always good to know that someone needs your code, your work, not that it
will
 be thrown away, it helps motivating. People are all different, and for
 some of them  this is important. Also, one brain is good, ten are much
 better, so if
 by any chance i can get an experienced kernel hacker review my idea before
 i actually code it, i would greatly appreciate that.
 Am i completely wrong and should shut up? I'm fine with it, just tell me,
 thanks for your time!


Count me as one of these guys, I'm always looking at the bug database
but I often lose my motivation questioning if my work would be useful.

Would be nice to have a place with easy to intermediate things that
have to be done.

--
Christiano Farina HAESBAERT
Do NOT send me html mail.

Re: List of old forked or frozen code like apache that needs cleanup?

[Евгений Юнак]

Thank you all for your replies, now i (and hopefully someone else)
know how thing
really are. Thank you again, and sorry for my bad English.

-- 
The best the little guy can do is what
the little guy does right