Re: OpenBSD router stops functioning but still send CARP advertisements
Le 27/05/2009 15:38, Stuart Henderson a icrit : Simon Morvangar...@zone84.net wrote: After a couple of hours/days one of the box stop functioning properly : no ping, no more SSH access but I still capture CARP avertisement on the network segments (when it occurs on the master). As a result, when it happens on the master, the slave does not take over. A few ideas... Do you have any different hardware you can try instead to rule out some incompatibility with the machines? Have you checked for BIOS updates etc that might help? Can you break into DDB when this happens? (You'll need to set ddb.console=1 in sysctl.conf and reboot if it's not already set). If you can, trace/ps might be useful. If not it's a useful data point. (make sure you can trigger it correctly while the system is running normally; ctrl+alt+esc on glass console, or BREAK on serial console; then you can 'c'ontinue). For what is worth, I haven't got any problems in 5 days since I switched em0 and re0 roles. I can't tell if it's related to the NICs themselves. I wish I could make any further tests, but this is a production platform... If I manage to get that type of hardware again, or a comfortable maintenance window, I'll run a new stress test and let you know. -- Simon.
Re: urtw(4)
I bought a new Wireles USB device, using 5-29-2008 amd64 snapshot That is an awfully old snapshot. You might want to use something from this year. Cheers, Predrag P.S. Sorry Sam I couldn't resist:-)
proper test for 64bitness of platform?
I'm preparing a port of newLISP. Is there a simple test I can run to find out if the host platform is 64bit? A #define has to be set in the code according to whether the platform is 64bit or not. Am I right in assuming that OpenBSD only supports 32bit and 64bit platforms at the moment? Ted -- There's a party in your skull. And you're invited! Name:Ted Walther Phone: 604-755-7732 Skype: tederific Email: t...@reactor-core.org Address: 1755 246 St, LANGLEY BC V2Z1G4
Re: PF/Carp/Pfsync
# $OpenBSD: netstart,v 1.122 2008/07/23 16:05:47 sthen Exp $ # $OpenBSD: rc,v 1.318 2008/07/09 20:23:47 djm Exp $ # uname -a OpenBSD node1 4.4 GENERIC.MP#1 amd64 On P, 2009-05-31 at 19:32 +0200, Stuart Henderson wrote: On 2009-05-28, Georg Kahest ge...@viatel.ee wrote: Hello, i have strange problem with my Carp/Pfsync, when i manualy failover via carpdemote or ifconfig carpX down, then the failover works okey, it even works okey when one box goes down, but when the prefered master comes up again and starts to act as carp master, then client who has carp as its gateway loses some packets on the moment of failover, im wondering what could cause that, what could i have overlooked, and why the problem only exists when box comes from reboot, rather then always. Which OpenBSD version, and which versions of /etc/netstart and /etc/rc? -- Georg Kahest ge...@viatel.ee ProGroup Holding
Re: PF/Carp/Pfsync
On 2009/06/01 12:55, Georg Kahest wrote: # $OpenBSD: netstart,v 1.122 2008/07/23 16:05:47 sthen Exp $ # $OpenBSD: rc,v 1.318 2008/07/09 20:23:47 djm Exp $ # uname -a OpenBSD node1 4.4 GENERIC.MP#1 amd64 It's not what I was thinking it might be then (there was a change to the order of pfsync/pfctl in the startup scripts and I wondered if it might have been relevant, but you already have that). I'm not sure what it might be then.. On P, 2009-05-31 at 19:32 +0200, Stuart Henderson wrote: On 2009-05-28, Georg Kahest ge...@viatel.ee wrote: Hello, i have strange problem with my Carp/Pfsync, when i manualy failover via carpdemote or ifconfig carpX down, then the failover works okey, it even works okey when one box goes down, but when the prefered master comes up again and starts to act as carp master, then client who has carp as its gateway loses some packets on the moment of failover, im wondering what could cause that, what could i have overlooked, and why the problem only exists when box comes from reboot, rather then always. Which OpenBSD version, and which versions of /etc/netstart and /etc/rc?
Re: PF/Carp/Pfsync
This log from prefered (master node), it seems that the problem is carp0 takes master even before carp1 has went to backup, how to resolve it, so that they would go master at the same time. Jun 1 14:45:54 node1 /bsd: carp0: state transition: INIT - BACKUP Jun 1 14:45:54 node1 /bsd: carp: carp0 demoted group carp to 2 Jun 1 14:45:54 node1 /bsd: carp: carp0 demoted group egress to 0 Jun 1 14:45:54 node1 /bsd: carp1: state transition: INIT - BACKUP Jun 1 14:45:54 node1 /bsd: carp: carp1 demoted group carp to 1 Jun 1 14:45:55 node1 /bsd: carp1: state transition: BACKUP - INIT Jun 1 14:45:55 node1 /bsd: carp: carp1 demoted group carp to 2 Jun 1 14:45:57 node1 /bsd: carp0: state transition: BACKUP - MASTER Jun 1 14:45:57 node1 /bsd: carp: pfsync0 demoted group carp to 1 Jun 1 14:45:57 node1 /bsd: carp: pfsync0 demoted group pfsync to 0 Jun 1 14:45:57 node1 /bsd: carp1: state transition: INIT - BACKUP Jun 1 14:45:57 node1 /bsd: carp: carp1 demoted group carp to 0 Jun 1 14:46:00 node1 /bsd: carp1: state transition: BACKUP - MASTER On E, 2009-06-01 at 13:14 +0200, Stuart Henderson wrote: On 2009/06/01 12:55, Georg Kahest wrote: # $OpenBSD: netstart,v 1.122 2008/07/23 16:05:47 sthen Exp $ # $OpenBSD: rc,v 1.318 2008/07/09 20:23:47 djm Exp $ # uname -a OpenBSD node1 4.4 GENERIC.MP#1 amd64 It's not what I was thinking it might be then (there was a change to the order of pfsync/pfctl in the startup scripts and I wondered if it might have been relevant, but you already have that). I'm not sure what it might be then.. On P, 2009-05-31 at 19:32 +0200, Stuart Henderson wrote: On 2009-05-28, Georg Kahest ge...@viatel.ee wrote: Hello, i have strange problem with my Carp/Pfsync, when i manualy failover via carpdemote or ifconfig carpX down, then the failover works okey, it even works okey when one box goes down, but when the prefered master comes up again and starts to act as carp master, then client who has carp as its gateway loses some packets on the moment of failover, im wondering what could cause that, what could i have overlooked, and why the problem only exists when box comes from reboot, rather then always. Which OpenBSD version, and which versions of /etc/netstart and /etc/rc? -- Georg Kahest ge...@viatel.ee ProGroup Holding
Re: PF/Carp/Pfsync
i had modified rc conf a little and last log paste was because of that modification, this is the current log, but still the client behind lan carp loses its packets, first to his gateway with host uncreachable and after few packets its timeout, and then everything starts working okey. Jun 1 15:20:05 node1 savecore: no core dump Jun 1 15:20:07 node1 /bsd: carp0: state transition: INIT - BACKUP Jun 1 15:20:07 node1 /bsd: carp: carp0 demoted group carp to 2 Jun 1 15:20:07 node1 /bsd: carp: carp0 demoted group egress to 0 Jun 1 15:20:07 node1 /bsd: carp1: state transition: INIT - BACKUP Jun 1 15:20:07 node1 /bsd: carp: carp1 demoted group carp to 1 Jun 1 15:20:10 node1 /bsd: carp0: state transition: BACKUP - MASTER Jun 1 15:20:10 node1 /bsd: carp1: state transition: BACKUP - MASTER Jun 1 15:20:10 node1 /bsd: carp: pfsync0 demoted group carp to 0 Jun 1 15:20:10 node1 /bsd: carp: pfsync0 demoted group pfsync to 0 On E, 2009-06-01 at 13:14 +0200, Stuart Henderson wrote: On 2009/06/01 12:55, Georg Kahest wrote: # $OpenBSD: netstart,v 1.122 2008/07/23 16:05:47 sthen Exp $ # $OpenBSD: rc,v 1.318 2008/07/09 20:23:47 djm Exp $ # uname -a OpenBSD node1 4.4 GENERIC.MP#1 amd64 It's not what I was thinking it might be then (there was a change to the order of pfsync/pfctl in the startup scripts and I wondered if it might have been relevant, but you already have that). I'm not sure what it might be then.. On P, 2009-05-31 at 19:32 +0200, Stuart Henderson wrote: On 2009-05-28, Georg Kahest ge...@viatel.ee wrote: Hello, i have strange problem with my Carp/Pfsync, when i manualy failover via carpdemote or ifconfig carpX down, then the failover works okey, it even works okey when one box goes down, but when the prefered master comes up again and starts to act as carp master, then client who has carp as its gateway loses some packets on the moment of failover, im wondering what could cause that, what could i have overlooked, and why the problem only exists when box comes from reboot, rather then always. Which OpenBSD version, and which versions of /etc/netstart and /etc/rc? -- Georg Kahest ge...@viatel.ee ProGroup Holding
Re: PF/Carp/Pfsync
Okey i think i figured it out, the problem was with my switch spanning tree, when i disabled it for appropiate vlans everything started to work correctly. On E, 2009-06-01 at 13:14 +0200, Stuart Henderson wrote: On 2009/06/01 12:55, Georg Kahest wrote: # $OpenBSD: netstart,v 1.122 2008/07/23 16:05:47 sthen Exp $ # $OpenBSD: rc,v 1.318 2008/07/09 20:23:47 djm Exp $ # uname -a OpenBSD node1 4.4 GENERIC.MP#1 amd64 It's not what I was thinking it might be then (there was a change to the order of pfsync/pfctl in the startup scripts and I wondered if it might have been relevant, but you already have that). I'm not sure what it might be then.. On P, 2009-05-31 at 19:32 +0200, Stuart Henderson wrote: On 2009-05-28, Georg Kahest ge...@viatel.ee wrote: Hello, i have strange problem with my Carp/Pfsync, when i manualy failover via carpdemote or ifconfig carpX down, then the failover works okey, it even works okey when one box goes down, but when the prefered master comes up again and starts to act as carp master, then client who has carp as its gateway loses some packets on the moment of failover, im wondering what could cause that, what could i have overlooked, and why the problem only exists when box comes from reboot, rather then always. Which OpenBSD version, and which versions of /etc/netstart and /etc/rc? -- Georg Kahest ge...@viatel.ee ProGroup Holding
Re: proper test for 64bitness of platform?
On 2009-06-01, Ted Walther t...@enumera.com wrote: I'm preparing a port of newLISP. Is there a simple test I can run to find out if the host platform is 64bit? A #define has to be set in the code according to whether the platform is 64bit or not. We set _LP64 and __LP64__ variables on 64-bit arch. $ cpp -dM /dev/null | grep LP64 #define _LP64 1 #define __LP64__ 1 Am I right in assuming that OpenBSD only supports 32bit and 64bit platforms at the moment? You're right, we only support 32- and 64-bit platforms.
Re: PF/Carp/Pfsync
Okey now that the failover seems to be work i have hit another problem, the thing is when failover occurs and other node takes over, the client connection wont hit right ALTQ queue anymore, rather it goes unqueued(full speed) , and only the new connections initated after failover will hit the right queue, is there anything i can do to fix it, or its design flaw that cannot be corrected? On E, 2009-06-01 at 14:37 +0200, georg wrote: Okey i think i figured it out, the problem was with my switch spanning tree, when i disabled it for appropiate vlans everything started to work correctly. On E, 2009-06-01 at 13:14 +0200, Stuart Henderson wrote: On 2009/06/01 12:55, Georg Kahest wrote: # $OpenBSD: netstart,v 1.122 2008/07/23 16:05:47 sthen Exp $ # $OpenBSD: rc,v 1.318 2008/07/09 20:23:47 djm Exp $ # uname -a OpenBSD node1 4.4 GENERIC.MP#1 amd64 It's not what I was thinking it might be then (there was a change to the order of pfsync/pfctl in the startup scripts and I wondered if it might have been relevant, but you already have that). I'm not sure what it might be then.. On P, 2009-05-31 at 19:32 +0200, Stuart Henderson wrote: On 2009-05-28, Georg Kahest ge...@viatel.ee wrote: Hello, i have strange problem with my Carp/Pfsync, when i manualy failover via carpdemote or ifconfig carpX down, then the failover works okey, it even works okey when one box goes down, but when the prefered master comes up again and starts to act as carp master, then client who has carp as its gateway loses some packets on the moment of failover, im wondering what could cause that, what could i have overlooked, and why the problem only exists when box comes from reboot, rather then always. Which OpenBSD version, and which versions of /etc/netstart and /etc/rc? -- Georg Kahest ge...@viatel.ee ProGroup Holding -- Georg Kahest ge...@viatel.ee ProGroup Holding
Re: PF/Carp/Pfsync
On 2009/06/01 15:57, Georg Kahest wrote: Okey now that the failover seems to be work i have hit another problem, the thing is when failover occurs and other node takes over, the client connection wont hit right ALTQ queue anymore, rather it goes unqueued(full speed) , and only the new connections initated after failover will hit the right queue, is there anything i can do to fix it, or its design flaw that cannot be corrected? That should have been fixed before 4.4; are the rulesets identical between the firewalls? On E, 2009-06-01 at 14:37 +0200, georg wrote: Okey i think i figured it out, the problem was with my switch spanning tree, when i disabled it for appropiate vlans everything started to work correctly. Ahh. Makes sense.
Re: PF/Carp/Pfsync
Yes the rulesets are identical, strange thing is from pftop it seems that it hits default queue (25mbit queue) but somehow the client gets 10~MB/s what seems more of interface root queue value rather then that default queue. Thou the real queue it should use is at 8mbit. On E, 2009-06-01 at 15:09 +0200, Stuart Henderson wrote: On 2009/06/01 15:57, Georg Kahest wrote: Okey now that the failover seems to be work i have hit another problem, the thing is when failover occurs and other node takes over, the client connection wont hit right ALTQ queue anymore, rather it goes unqueued(full speed) , and only the new connections initated after failover will hit the right queue, is there anything i can do to fix it, or its design flaw that cannot be corrected? That should have been fixed before 4.4; are the rulesets identical between the firewalls? On E, 2009-06-01 at 14:37 +0200, georg wrote: Okey i think i figured it out, the problem was with my switch spanning tree, when i disabled it for appropiate vlans everything started to work correctly. Ahh. Makes sense. -- Georg Kahest ge...@viatel.ee ProGroup Holding
Re: Rewriting Addresses in SMTPD
On Sun, May 31, 2009 at 10:56:50PM -0400, Aaron W. Hsu wrote: Is there a way in smtpd(8) yet, to do something like genericstables in sendmail? Right now, when my client sendmail sends out a mail, it rewrites the envelope and the From addresses to be valid email addresses with the domain that I want tacked on to the username. I couldn't find a way to do this in smtpd.conf(5), which seems to have aliases and virtual domain maps for receiving mail, but not sending it. We don't have it yet. We will at one point. If this is better done before the mail is sent to smtpd(8), is there a way to do this with mail(1)? You may pass sendmail options to mail(1), eg.: echo test | mail root -f f...@foo.com -F Fred Not sure how useful that is in your case.
Re: Rewriting Addresses in SMTPD
On Mon, Jun 01, 2009 at 04:11:29PM +0200, Jacek Masiulaniec wrote: On Sun, May 31, 2009 at 10:56:50PM -0400, Aaron W. Hsu wrote: Is there a way in smtpd(8) yet, to do something like genericstables in sendmail? Right now, when my client sendmail sends out a mail, it rewrites the envelope and the From addresses to be valid email addresses with the domain that I want tacked on to the username. I couldn't find a way to do this in smtpd.conf(5), which seems to have aliases and virtual domain maps for receiving mail, but not sending it. We don't have it yet. We will at one point. If this is better done before the mail is sent to smtpd(8), is there a way to do this with mail(1)? You may pass sendmail options to mail(1), eg.: echo test | mail root -f f...@foo.com -F Fred Not sure how useful that is in your case. Ooops, i replied in private, but basically what i said was: it is on a todo list, we'll work on it, but there's stuff to finish prior to that. Gilles
Re: Wireless help, please
On 2009 May 31, at 2:53 PM, Fred Crowson wrote: How is your iMac getting its IP address? When I manually set up the IP address (etc.) for the iMac, I get several seconds of connectivity before the link goes dead. That doesn't seem to be enough time to get a DHCP lease, though I do have dhcpd running on the OpenBSD laptop. The same laptop provides dhcp services to the iMac on the wired network just fine. Cheers, b [demime 1.01d removed an attachment of type application/pkcs7-signature which had a name of smime.p7s]
PF, pfctl and parse.y
I want add keyword to PF's rule. I started with pfctl. Suppose I want to add keyword spraychld. So, I add field to struct pf_rule (as showed in diff below) and tried to add keyword to pfctl's parse.y processor. But it won't to compile. Where I was wrong? # cd/usr/src/sbin/pfctl # make clean make depend make rm -f a.out [Ee]rrs mklog core *.core y.tab.h pfctl pfctl.o parse.o pfctl_parser.o pf_print_state.o pfctl_altq.o pfctl_osfp.o pfctl_radix.o pfctl_table.o pfctl_qstats.o pfctl_optimize.o pf_ruleset.o pfctl.ln pfctl_parser.ln pf_print_state.ln pfctl_altq.ln pfctl_osfp.ln pfctl_radix.ln pfctl_table.ln pfctl_qstats.ln pfctl_optimize.ln pf_ruleset.ln parse.ln parse.c yacc parse.y mv y.tab.c parse.c mkdep -a -I/usr/src/sbin/pfctl pfctl.c pfctl_parser.c pf_print_state.c pfctl_altq.c pfctl_osfp.c pfctl_radix.c pfctl_table.c pfctl_qstats.c pfctl_optimize.c /usr/src/sbin/pfctl/../../sys/net/pf_ruleset.c parse.c cc -O2 -pipe -Wall -Wmissing-prototypes -Wno-uninitialized -Wstrict-prototypes -I/usr/src/sbin/pfctl -c pfctl.c cc -O2 -pipe -Wall -Wmissing-prototypes -Wno-uninitialized -Wstrict-prototypes -I/usr/src/sbin/pfctl -c parse.c parse.y: In function `yyparse': parse.y:1876: error: structure has no member named `spraychld' *** Error code 1 Stop in /usr/src/sbin/pfctl (line 92 of /usr/share/mk/sys.mk). Here is the diff: Index: sys/net/pfvar.h === RCS file: /cvs/src/sys/net/pfvar.h,v retrieving revision 1.283 diff -N -u sys/net/pfvar.h --- sys/net/pfvar.h 16 Feb 2009 00:31:25 - 1.283 +++ sys/net/pfvar.h 1 Jun 2009 15:41:13 - @@ -581,6 +581,7 @@ #define PF_STATE_MODULATE 0x2 #define PF_STATE_SYNPROXY 0x3 u_int8_t keep_state; + u_int8_t spraychld; sa_family_t af; u_int8_t proto; u_int8_t type; Index: sbin/pfctl/parse.y === RCS file: /cvs/src/sbin/pfctl/parse.y,v retrieving revision 1.555 diff -N -u sbin/pfctl/parse.y --- sbin/pfctl/parse.y 19 Feb 2009 17:08:42 - 1.555 +++ sbin/pfctl/parse.y 1 Jun 2009 15:42:25 - @@ -210,6 +210,7 @@ #define FOM_TOS0x04 #define FOM_KEEP 0x08 #define FOM_SRCTRACK 0x10 +#define FOM_SPRAYCHLD 0x12 struct node_uid *uid; struct node_gid *gid; struct { @@ -225,6 +226,7 @@ int action; struct node_state_opt *options; } keep; + u_int8_t spraychld; int fragment; int allowopts; char*label; @@ -432,7 +434,7 @@ %token PASS BLOCK SCRUB RETURN IN OS OUT LOG QUICK ON FROM TO FLAGS %token RETURNRST RETURNICMP RETURNICMP6 PROTO INET INET6 ALL ANY ICMPTYPE -%token ICMP6TYPE CODE KEEP MODULATE STATE PORT RDR NAT BINAT ARROW NODF +%token ICMP6TYPE CODE KEEP MODULATE STATE SPRAYCHLD PORT RDR NAT BINAT ARROW NODF %token MINTTL ERROR ALLOWOPTS FASTROUTE FILENAME ROUTETO DUPTO REPLYTO NO LABEL %token NOROUTE URPFFAILED FRAGMENT USER GROUP MAXMSS MAXIMUM TTL TOS DROP TABLE %token REASSEMBLE FRAGDROP FRAGCROP ANCHOR NATANCHOR RDRANCHOR BINATANCHOR @@ -1871,6 +1873,7 @@ r.quick = $3.quick; r.prob = $9.prob; r.rtableid = $9.rtableid; + r.spraychld = $9.spraychld; /* 1876 line HERE */ r.af = $6; if ($9.tag) @@ -2305,6 +2308,14 @@ filter_opts.marker |= FOM_TOS; filter_opts.tos = $2; } + | SPRAYCHLD { + if (filter_opts.marker FOM_SPRAYCHLD) { + yyerror(spraychld cannot be redefined); + YYERROR; + } + filter_opts.marker |= FOM_SPRAYCHLD; + filter_opts.spraychld = 1; + } | keep { if (filter_opts.marker FOM_KEEP) { yyerror(modulate or keep cannot be redefined); @@ -5321,6 +5332,7 @@ { sloppy, SLOPPY}, { source-hash,SOURCEHASH}, { source-track, SOURCETRACK}, + { spraychld, SPRAYCHLD}, { state, STATE}, { state-defaults, STATEDEFAULTS}, { state-policy, STATEPOLICY}, -- antonvm
Re: proper test for 64bitness of platform?
We set _LP64 and __LP64__ variables on 64-bit arch. $ cpp -dM /dev/null | grep LP64 #define _LP64 1 #define __LP64__ 1 It should also be ok to (ab)use LONG_BIT from limits.h, depending on how the code is 64 bit specific. Ciao, Kili
Re: proper test for 64bitness of platform?
On Mon, Jun 1, 2009 at 8:51 AM, Stuart Henderson s...@spacehopper.org wrote: You're right, we only support 32- and 64-bit platforms. What?! No 128 bit support?! Oh my god, the sky is falling, how can you secure stuff in only 64 bit, the sky is falling, etc etc! :) Actually, what I want is variable bit support, like, iirc, the PDP (I'm too young to actually remember one of these). -- http://www.glumbert.com/media/shift http://www.youtube.com/watch?v=tGvHNNOLnCk This officer's men seem to follow him merely out of idle curiosity. -- Sandhurst officer cadet evaluation. Securing an environment of Windows platforms from abuse - external or internal - is akin to trying to install sprinklers in a fireworks factory where smoking on the job is permitted. -- Gene Spafford learn french: http://www.youtube.com/watch?v=j1G-3laJJP0feature=related
Gkrellmd in 4.5
Hi all, I've just upgraded to 4.5 and gkrellmd (gkrellm-server) package seems to have a memory leak -- it's RAM usage is growing constantly and is at about 20M resident now, less than one day after starting the machine. Did anybody experience anything similar and knows a fix? Thanks, Lars
Re: proper test for 64bitness of platform?
On Mon, Jun 01, 2009 at 12:51:31PM +, Stuart Henderson wrote: On 2009-06-01, Ted Walther t...@enumera.com wrote: I'm preparing a port of newLISP. Is there a simple test I can run to find out if the host platform is 64bit? A #define has to be set in the code according to whether the platform is 64bit or not. We set _LP64 and __LP64__ variables on 64-bit arch. $ cpp -dM /dev/null | grep LP64 #define _LP64 1 #define __LP64__ 1 Thank you Stuart. It looks like all platforms with gcc support these two defines. Is there any reason to prefer one or another? Google found a netbsd post where someone said to prefer _LP64, then another person said that is only for kernel use, use __arch64__ in userland. Ted -- There's a party in your skull. And you're invited! Name:Ted Walther Phone: 604-755-7732 Skype: tederific Email: t...@reactor-core.org Address: 1755 246 St, LANGLEY BC V2Z1G4
Re: urtw(4)
On Mon, Jun 1, 2009 at 2:31 AM, Predrag Punosevac punoseva...@gmail.com wrote: I bought a new Wireles USB device, using 5-29-2008 amd64 snapshot That is an awfully old snapshot. You might want to use something from this year. Cheers, Predrag P.S. Sorry Sam I couldn't resist:-) Sorry that was a typo it is a very current snapshot, it is from 5-29-2009 Sam
Detailed usage graphs w/PF
Greetings, I'm looking at using a pair of OBSD systems to perform a couple of functions, + ISP load balancing failover (using NAT) + Site to Site IPSec termination (via ipsec) + Egress Bandwidth Management (via PF) + Web/HTML Detailed usage reporting (via ??) I've done the first three, and the last with flow-tools, but has anyone used anything a little friendlier than flow-tools/flowscan to get detailed (per IP, per protocol, per port) usage reporting? I also see that pfflowd is marked as broken due to pfsync changes. I suspect this means I'll need to use 4.4 if I want to use pfflowd... Thanks! -Steve S.
Re: Gkrellmd in 4.5
On Mon, 1 Jun 2009, Lars Kotthoff wrote: Hi all, I've just upgraded to 4.5 and gkrellmd (gkrellm-server) package seems to have a memory leak -- it's RAM usage is growing constantly and is at about 20M resident now, less than one day after starting the machine. Did anybody experience anything similar and knows a fix? Yup. Fixed in current more than 2 months ago: http://www.openbsd.org/cgi-bin/cvsweb/ports/sysutils/gkrellm/gkrellm/patches/patch-src_sysdeps_openbsd_c.diff?r1=1.13;r2=1.14;f=h -- Antoine
Re: WebHosting Management Software
On Friday 29 May 2009 05:24:33 Insan Praja SW wrote: Hi Misc@, I'm currently looking for some OpenBSD-friendly (OpenSource/Free) WebHosting Management software. My colleagues seem to find a hardtimes for this kind of software works with OpenBSD. Any clue and input appreciated. Thanks, WebMin/UserMin _was_ in ports, you can try to take port from Attic and update. It has awful security track, though. I think you can also set up cPanel, it's mostly Perl-based so not a big problem. But it'll require some discussion with its authors about compiling cPanel kernel for OpenBSD. AFAIK, you'll have success chances if you order more than one license from them. (And yes, it's a piece of very, very crap code too). -- Best wishes, Vadim Zhukov A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing in e-mail?
Re: Detailed usage graphs w/PF
On Mon, Jun 01, 2009 at 03:58:08PM -0400, Steven Surdock wrote: Greetings, I'm looking at using a pair of OBSD systems to perform a couple of functions, + ISP load balancing failover (using NAT) + Site to Site IPSec termination (via ipsec) + Egress Bandwidth Management (via PF) + Web/HTML Detailed usage reporting (via ??) I've done the first three, and the last with flow-tools, but has anyone used anything a little friendlier than flow-tools/flowscan to get detailed (per IP, per protocol, per port) usage reporting? I also see that pfflowd is marked as broken due to pfsync changes. I suspect this means I'll need to use 4.4 if I want to use pfflowd... Thanks! You don't need pfflowd any longer. man 4 pflow -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net/
Re: PF, pfctl and parse.y
* Anton Maksimenkov anton...@gmail.com [2009-06-01 17:48]: I want add keyword to PF's rule. I started with pfctl. Suppose I want to add keyword spraychld. So, I add field to struct pf_rule (as showed in diff below) and tried to add keyword to pfctl's parse.y processor. But it won't to compile. Where I was wrong? you don't have the changed pfvar.h in /usr/include/net/ -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg Amsterdam
Re: PF/Carp/Pfsync
* Georg Kahest ge...@viatel.ee [2009-06-01 15:21]: Yes the rulesets are identical, strange thing is from pftop it seems that it hits default queue (25mbit queue) but somehow the client gets 10~MB/s what seems more of interface root queue value rather then that default queue. Thou the real queue it should use is at 8mbit. that is expected with states without reference back to a rule. this clearly proves your rulesets are not identical, because otherwise that ref would have been there. and in any case - current behaves differently, queueing info now lives on the state. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg Amsterdam
Re: Gkrellmd in 4.5
Yup. Fixed in current more than 2 months ago: Excellent, thanks! Lars
List of old forked or frozen code like apache that needs cleanup?
Hi, Is there some code in the tree that like apache a few years ago stop following the source for valid license reason, or was forked, kind of, that would need or benefit from cleanup just like I did apache in 2004-2006? Kind of disgraceful janitor work if you like, but that would be beneficial never the less and sure clean the tree a little bit. I am asking as I have a few guys that want to learn some stuff and I would take this on myself to make it happen somehow if there is a need for it or some that needs to be done. Worst case I could do some myself like in the pass years. Anything that have a bunch of Windows, Novel, or what not code in there that is frozen or only maintain by OpenBSD now that needs cleanup would be nice to know. Fell free to reply in private as to not pollute the list unless there is a need for it. Make your list as long as you want so that I may pick something interesting if possible, or that really is in bad need of dead code removal under OpenBSD. If there is a real need for that, then I could start sending diff's for it. Thanks for your time! Daniel
Re: Detailed usage graphs w/PF
On 2009-06-01, Steven Surdock ssurd...@engineered-net.com wrote: Greetings, I'm looking at using a pair of OBSD systems to perform a couple of functions, + ISP load balancing failover (using NAT) + Site to Site IPSec termination (via ipsec) + Egress Bandwidth Management (via PF) + Web/HTML Detailed usage reporting (via ??) I've done the first three, and the last with flow-tools, but has anyone used anything a little friendlier than flow-tools/flowscan to get detailed (per IP, per protocol, per port) usage reporting? I also see that pfflowd is marked as broken due to pfsync changes. I suspect this means I'll need to use 4.4 if I want to use pfflowd... Thanks! use pflow from base OS to export flows; we have nfdump and nfprofile in ports to log them, and there is a web UI nfsen that goes with these (not in ports yet, but it has its own installer) that you can use to make it look all pretty. http://www.ripe.net/ripe/meetings/ripe-50/presentations/ripe50-plenary-tue-nfsen-nfdump.pdf
Re: proper test for 64bitness of platform?
On Mon, Jun 01, 2009 at 07:50:59PM +0200, Matthias Kilian wrote: We set _LP64 and __LP64__ variables on 64-bit arch. $ cpp -dM /dev/null | grep LP64 #define _LP64 1 #define __LP64__ 1 It should also be ok to (ab)use LONG_BIT from limits.h, depending on how the code is 64 bit specific. Whichever solution is best, it would be nice if it was somewhat portable to other unices. The _LP64 || __LP64__ solution seems to be portable anywhere a recent version of gcc is in use. Ted -- There's a party in your skull. And you're invited! Name:Ted Walther Phone: 604-755-7732 Skype: tederific Email: t...@reactor-core.org Address: 1755 246 St, LANGLEY BC V2Z1G4
Re: Is anyone using the TeX Live DVD binaries for OpenBSD?
Am Mon, 1 Jun 2009 00:08:19 +0100 schrieb Edd Barrett vex...@gmail.com: Hi, Over at the TeX Live camp we are wondering if anyone is using the binaries found on the DVD distributed by the TeX User Group on OpenBSD? ... Hi Edd, please excuse if this may sound odd to you - but do those binaries on the TeX Live DVD differ to those you provide via http://www.openbsd.org/4.5_packages/i386/texlive_texmf-full-2008p1.tgz-long.h tml? BTW: Thank you for maintaining this port - it works like a charm! Kind regards, STEFAN [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
netstat byte counter wrap?
Do the netstat ibytes and obytes counters wrap, and if so at what limit do they wrap? eg. # netstat -nbI fxp0 NameMtu Network Address Ibytes Obytes fxp01500 Link 00:10:f3:08:5c:69 1269729588 2520482812 Cam
Re: netstat byte counter wrap?
On Mon, Jun 01, 2009 at 06:02:28PM -0600, Cameron Schaus wrote: Do the netstat ibytes and obytes counters wrap, and if so at what limit do they wrap? Yes, they will wrap. The limit is 2^64 - 1 so don't expect it to happen anytime soon. eg. # netstat -nbI fxp0 NameMtu Network Address Ibytes Obytes fxp01500 Link 00:10:f3:08:5c:69 1269729588 2520482812 Cam -- :wq Claudio
Re: Detailed usage graphs w/PF
I know you asked about pretty picture graphs, but I will second Stuart's recommendation of nfdump. Graphs may be pretty but if you want to dig into the data nfdump is very useful. diana On Mon, 1 Jun 2009, Stuart Henderson wrote: On 2009-06-01, Steven Surdock ssurd...@engineered-net.com wrote: use pflow from base OS to export flows; we have nfdump and nfprofile in ports to log them, and there is a web UI nfsen that goes with these (not in ports yet, but it has its own installer) that you can use to make it look all pretty. http://www.ripe.net/ripe/meetings/ripe-50/presentations/ripe50-plenary-tue-nfsen-nfdump.pdf
Re: List of old forked or frozen code like apache that needs cleanup?
Hi! Personally, i think this is a really good question, because there are many people, who are just starting up, and they could be of some help, if they knew what to do. I think it would be a great idea of having a general list of what needs to be done, in any way, and what should not. And the ideas about future improvements can be published somewhere and discussed. It will be very beneficial for possible new developers, and won't be hard to implement and maintain. How do you feel about it? -- The best the little guy can do is what the little guy does right
Re: List of old forked or frozen code like apache that needs cleanup?
On Tue, Jun 02, 2009 at 05:05:09AM +0300, ??? wrote: Hi! Personally, i think this is a really good question, because there are many people, who are just starting up, and they could be of some help, if they knew what to do. I think it would be a great idea of having a general list of what needs to be done, in any way, and what should not. And the ideas about future improvements can be published somewhere and discussed. It will be very beneficial for possible new developers, and won't be hard to implement and maintain. How do you feel about it? I think it's far more productive to just go ahead and work on what you want, then see if other people agree with what you've done. even if no one else agrees, you'll probably learn something. actually, you'll probably learn more if people don't agree ... as far as old or forked code, just look through the sources and cvs commits. -- jake...@sdf.lonestar.org SDF Public Access UNIX System - http://sdf.lonestar.org
Re: List of old forked or frozen code like apache that needs cleanup?
On Mon, Jun 1, 2009 at 7:05 PM, PP2P3P5P=P8P9 P.P=P0P: e.yu...@gmail.com wrote: Hi! Personally, i think this is a really good question, because there are many people, who are just starting up, and they could be of some help, if they knew what to do. I think it would be a great idea of having a general list of what needs to be done You mean something like the bug database? http://www.openbsd.org/query-pr.html select State: Open click Query PRs. You can even customize the list by Category, Class, Severity and Priority. --patrick
Re: List of old forked or frozen code like apache that needs cleanup?
2009/6/2 patrick keshishian pkesh...@gmail.com: On Mon, Jun 1, 2009 at 7:05 PM, PP2P3P5P=P8P9 P.P=P0P: e.yu...@gmail.com wrote: Hi! Personally, i think this is a really good question, because there are many people, who are just starting up, and they could be of some help, if they knew what to do. I think it would be a great idea of having a general list of what needs to be done You mean something like the bug database? Yes, but the tracker is about bugs, there is no such category as enhancement proposal. Maybe, just include such class? And i feel there still is a need for a list of what needs to be done, and who is responsible (think most active developers) for what subsystem. That will bring more openness to the development process, and it actually helps. OpenBSD was the first one to have public anon cvs. Having such tools is a normal way of communication in a big open source project, isn't it? Don't get me wrong, i'm not requesting or demanding anything, i'm just throwing me ideas, hoping it would help the community become involved. I know many (three to four, actually ;)) happy OpenBSD users, who would love to contribute, but they don't know where to start with. Reading code that already exist, then writing some new - that's how it always works, but when you are unexperienced and just want to give it a try it really helps when someone points out what to do for you, so you just have to find a way to do it. It's also always good to know that someone needs your code, your work, not that it will be thrown away, it helps motivating. People are all different, and for some of them this is important. Also, one brain is good, ten are much better, so if by any chance i can get an experienced kernel hacker review my idea before i actually code it, i would greatly appreciate that. Am i completely wrong and should shut up? I'm fine with it, just tell me, thanks for your time! -- The best the little guy can do is what the little guy does right
Re: List of old forked or frozen code like apache that needs cleanup?
On Mon, Jun 1, 2009 at 8:12 PM, PP2P3P5P=P8P9 P.P=P0P: e.yu...@gmail.com wrote: 2009/6/2 patrick keshishian pkesh...@gmail.com: On Mon, Jun 1, 2009 at 7:05 PM, PP2P3P5P=P8P9 P.P=P0P: e.yu...@gmail.com wrote: Hi! Personally, i think this is a really good question, because there are many people, who are just starting up, and they could be of some help, if they knew what to do. I think it would be a great idea of having a general list of what needs to be done You mean something like the bug database? Yes, but the tracker is about bugs, there is no such category as enhancement proposal. Maybe, just include such class? And i feel there still is a need for a list of what needs to be done, and who is responsible (think most active personally, fixing existing bugs should be on top of what needs to be done. writing new code, with new bugs should definitely come after fixing existing issues. developers) for what subsystem. That will bring more openness to the development process, and it actually helps. OpenBSD was the first one to have public anon cvs. Having such tools is a normal way of communication in a big open source project, isn't it? Don't get me wrong, i'm not requesting or demanding anything, i'm just throwing me ideas, hoping it would help the community become involved. I know many (three to four, actually ;)) happy OpenBSD users, who would love to contribute, but they don't know where to start with. Reading code that already exist, then writing some new - that's how it always works, but when you are unexperienced and just want to give it a try it really helps when someone points out what to do for you, so you just have to find a way to do it. It's also always good to know that someone needs your code, your work, not that it will be thrown away, it helps motivating. one of the obsd developers recently (yesterday maybe?) said something to the effect of before writing code one should read a lot of code. i agree. fixing bugs should be a good place for anyone really interested in improving the system they use on daily basis. new code is sexy. but if that's what you are after, you probably don't care too much about the base system. People are all different, and for some of them B this is important. Also, one brain is good, ten are much better, so if by any chance i can get an experienced kernel hacker review my idea before i actually code it, i would greatly appreciate that. I don't mean to speak for any developer, but, i am pretty sure an experienced kernel hacker would much rather see code than spend time discussing ideas, or at least some proof-of-concept code. spending time discussing something with someone, who after all it's said and done, may end up never get it coded, could turn out to be a colossal waste of time and energy. just my 2-cents of worthless US fiat money. --patrick
Re: List of old forked or frozen code like apache that needs cleanup?
On Tue, Jun 02, 2009 at 06:12:36AM +0300, ?? wrote: 2009/6/2 patrick keshishian pkesh...@gmail.com: On Mon, Jun 1, 2009 at 7:05 PM, PP2P3P5P=P8P9 P.P=P0P: e.yu...@gmail.com wrote: Hi! Personally, i think this is a really good question, because there are many people, who are just starting up, and they could be of some help, if they knew what to do. I think it would be a great idea of having a general list of what needs to be done You mean something like the bug database? Yes, but the tracker is about bugs, there is no such category as enhancement proposal. Maybe, just include such class? And i feel there still is a need for a list of what needs to be done, and who is responsible (think most active developers) for what subsystem. That will bring more openness to the development process, and it actually helps. OpenBSD was the first one to have public anon cvs. Having such tools is a normal way of communication in a big open source project, isn't it? Don't get me wrong, i'm not requesting or demanding anything, i'm just throwing me ideas, hoping it would help the community become involved. I know many (three to four, actually ;)) happy OpenBSD users, who would love to contribute, but they don't know where to start with. Reading code that already exist, then writing some new - that's how it always works, but when you are unexperienced and just want to give it a try it really helps when someone points out what to do for you, so you just have to find a way to do it. It's also always good to know that someone needs your code, your work, not that it will be thrown away, it helps motivating. People are all different, and for some of them this is important. Also, one brain is good, ten are much better, so if by any chance i can get an experienced kernel hacker review my idea before i actually code it, i would greatly appreciate that. Am i completely wrong and should shut up? I'm fine with it, just tell me, thanks for your time! Count me as one of these guys, I'm always looking at the bug database but I often lose my motivation questioning if my work would be useful. Would be nice to have a place with easy to intermediate things that have to be done. -- Christiano Farina HAESBAERT Do NOT send me html mail.
Re: List of old forked or frozen code like apache that needs cleanup?
Thank you all for your replies, now i (and hopefully someone else) know how thing really are. Thank you again, and sorry for my bad English. -- The best the little guy can do is what the little guy does right