Re: Building ramdisk (was trees, 3rd time's a charm (ok+tests) )
On Thursday, October 20, 2011, Brett brett.ma...@gmx.com wrote: On Fri, 21 Oct 2011 00:28:01 -0400 Ted Unangst t...@tedunangst.com wrote: On Fri, Oct 21, 2011, Brett wrote: Ted Unangst asked if I was using vnd0 (which shows in the error message). As far as I know I am not, it does not show up in the boot dmesg and I did not configure it myself. I assumed this was something used in the ramdisk compiling process. Well, it's busy, so you are. It is used by the ramdisk build, but if it's already in use that doesn't work. vnconfig -l may help. I'm running all the programs that I had open when I got that build error message (reported in first post), except for make ramdisk, and now my vnodes are all quiet: # vnconfig -l vnd0: not in use vnd1: not in use vnd2: not in use vnd3: not in use # (vnd's, not vnodes. The former are a block device, the latter are a kernel datastructure) The likely cause of it being busy before is a previous attempt to build the ramdisks which failed. When that happens the image of the ramdisk is left configured as a vnd so you can diagnose the problem. Make sure you do vnconfig-u vnd0 after a failed build in that case. Philip Guenther
Re: pkg_add stems not working for some packages
On Tue, Oct 18, 2011 at 11:21:45AM +0200, Marc Espie wrote: On Tue, Oct 18, 2011 at 09:55:06AM +0200, Erling Westenvik wrote: I can do: $ sudo pkg_add vim--gtk2 but not: $ sudo pkg_add mutt--sasl-sidebar-slang-compressed Can't find mutt--sasl-sidebar-slang-compressed Too many dashes after the stems-indicator? Running OpenBSD 4.9 GENERIC.MP#794 i386. Try with -current, I fixed a bug that looks very much like this (two months ago ?) You should be able to just update pkg_add, even on 4.9. I've never laid hands on -current before, shame to say, but tried with a fresh install of the latest snapshot on a spare machine and that did the trick. Thanks! Regards, Erling
Re: Delete just one alias from an interface
Hehe yes I have guessed so... Thanks again it worked like a charm! - Original Message - From: Alexander Hall ha...@openbsd.org To: ML mail mlnos...@yahoo.com Cc: misc@openbsd.org misc@openbsd.org Sent: Friday, October 21, 2011 12:18 AM Subject: Re: Delete just one alias from an interface On 10/20/11 21:48, Alexander Hall wrote: On 10/20/11 18:43, ML mail wrote: Hi, I have an interface with a few IP aliases and I would like to remove just one single alias IP without affecting any other aliases. Which command would I use for that? ifconfig delete IP_OF_ALIAS Would this be correct? It would work. ifconfig IP delete would be even more 'correct'. You could create a fake interface and test this yourself, as in # ifconfig lo1 create # ifconfig lo1 172.29.0.1 # ifconfig lo1 172.29.0.2 # ifconfig lo1 172.29.0.3 ...and obviously that testing would reveal that I forgot^Wdeliberately left out the alias on the two lines above... :-P # ifconfig lo1 172.29.0.2 delete # ifconfig lo1 ... # ifconfig lo1 destroy Regards, ML
Re: how to use the new rc.d system to start the daemon with systrace?
On 2011-10-21, johnw johnw.m...@gmail.com wrote: after upgrade to current, now /etc/rc use the new rc.d system. my question is how to start the daemon(ntpd, named etc ..) with systrace? before upgrade to new rc.d system, i can edit /etc/rc like this echo 'starting named'; named $named_flags to echo 'starting named'; systrace -Ua named $named_flags any idea? thank you. it would be *possible* to do something like this and set named_systrace=YES in rc.conf.local, but I don't know if we want to go down that route, systrace isn't very widely used for daemons.. Index: rc.subr === RCS file: /cvs/src/etc/rc.d/rc.subr,v retrieving revision 1.55 diff -u -p -r1.55 rc.subr --- rc.subr 15 Oct 2011 16:05:15 - 1.55 +++ rc.subr 21 Oct 2011 10:13:33 - @@ -44,7 +44,7 @@ rc_rm_runfile() { } rc_start() { - ${rcexec} ${daemon} ${daemon_flags} ${_bg} + ${rcexec} ${rcsystrace} ${daemon} ${daemon_flags} ${_bg} } rc_check() { @@ -183,6 +183,7 @@ _RC_RUNFILE=${_RC_RUNDIR}/${_name} eval _rcflags=\${${_name}_flags} eval _rcuser=\${${_name}_user} +eval _rcsystrace=\${${_name}_systrace} getcap -f /etc/login.conf ${_name} 1/dev/null 21 \ daemon_class=${_name} @@ -193,8 +194,10 @@ getcap -f /etc/login.conf ${_name} 1/de [ -n ${_RC_FORCE} ] [ X${_rcflags} = XNO ] unset _rcflags [ -n ${_rcflags} ] daemon_flags=${_rcflags} [ -n ${_rcuser} ] daemon_user=${_rcuser} +[ -n ${_rcsystrace} ] [ X${_rcsystrace} = XYES ] || unset _rcsystrace daemon_flags=$(printf ' %s' ${daemon_flags}) daemon_flags=${daemon_flags## } pexp=${daemon}${daemon_flags:+ ${daemon_flags}} rcexec=su -l -c ${daemon_class} -s /bin/sh ${daemon_user} -c +[ -n ${_rcsystrace} ] rcsystrace=/bin/systrace -Ua
Re: why skip is not shown in pfctl -s rules ?
skip is an option, not a rule. # pfctl -s Int -v | grep skip On 2011-10-20, ??? chipits...@gmail.com wrote: Dear Sirs, I added couple of rules to pf config file xxx:/root# grep skip /etc/pf.conf set skip on enc0 set skip on lo0 xxx:/root# pfctl -f /etc/pf.conf xxx:/root# but I do not find skip in pfctl -s rules output: xxx:/root# pfctl -s rules | grep skip xxx:/root# is it ok ? Cheers, Ilya Shipitsin
Debugging apcupsd with Back-UPS CS 500
Hi *! I am in need of some help with debugging the UPS set-up I am running... I have an APC Back-UPS CS 500 connected to my server (OpenBSD 4.8) with an USB cable. When I connect the UPS to the server, I get this in dmesg: ugen0 at uhub4 port 2 American Power Conversion Back-UPS 500 FW: 6.4.I USB FW: c1 rev 1.10/1.00 addr 2 To control the UPS, I have installed the apcupsd package. I'm using UPSCABLE smart UPSTYPE usb in apcupsd.conf, everything else is left at default. When I start apcupsd with /usr/local/sbin/apcupsctl start everything seems to work fine initially - I get a broadcast message about Communications with UPS restored. and I can use apcaccess to get the status of the UPS. However, a short while later, I start getting Communications with UPS restored. messages roughly every 10s or so, flooding the logs. For each of these events, dmesg shows ugen0 detached ugen0 at uhub4 port 2 American Power Conversion Back-UPS 500 FW: 6.4.I USB FW: c1 rev 1.10/1.00 addr 2 So, it looks as if the UPS falls off the USB and reconnects again imediately and continues to do so indefinitely. I have seen this with two different motherboards running the same software, so I would tend to believe it's not the USB port itself. Also, I have had this same UPS running with an older version of this sever (still under OpenBSD 4.4, if I remember correctly) at some point, but unfortunately, I do not know anymore when exactly this problem started. Any hints as to what I could check are most welcome. Thanks in advance, Thomas P.S.: I've also dabbled with nut, but could not get it to work with the UPS at all - I probably just fail to understand the docs to get the correct incantation of driver and port... -- - Thomas Ribbrockhttp://www.ribbrock.org/ You have to live on the edge of reality - to make your dreams come true!
Re: Building ramdisk (was trees, 3rd time's a charm (ok+tests) )
# vnconfig -l vnd0: not in use vnd1: not in use vnd2: not in use vnd3: not in use # vnd's, not vnodes. Is OpenBSD causing my dyslexia or merely bringing to light a preexisting condition? The likely cause of it being busy before is a previous attempt to build the ramdisks which failed. When that happens the image of the ramdisk is left configured as a vnd so you can diagnose the problem. Make sure you do vnconfig-u vnd0 after a failed build in that case. Philip Guenther OK, that does sound likely. Thanks everyone, for the help. Brett.
Re: dhclient, resolv.conf
Antoine Jacoutot wrote: I use this: send dhcp-lease-time 3600; request subnet-mask, broadcast-address, routers; And my resolv.conf is not modified. That's because you happen to be using a DHCP server that has good enough manners not to try to shove unrequested options (like name servers) down your machine's throat. My experience is that there are in fact quite a few DHCP servers out there which are not so well behaved. Then dhclient-script will happily mess with your resolv.conf even though your dhclient.conf never asked the DHCP server for anything related to DNS servers. See http://marc.info/?l=openbsd-techm=131302612614702w=2 for my complete opinion on the matter... Rogier Krieger wrote: I do not see why you prefer editing resolv.conf over dhclient.conf, though, but I trust you have your reasons. See the link above. It leads to the duplication of information between /etc/resolv.conf, /etc/resolv.conf.tail, and /etc/dhclient.conf, and thus has the feel of curing the /etc/resolv.conf symptom instead of curing the dhclient-script disease :-) In short, supersede and resolv.conf.tail work but they are aesthetically unpleasing, IMHO (I'm not speaking for the original poster, who might have a different rational). Philippe
slow download
I got a problem with snapshot (not shure if it's the last), download is really slow, 0.3 to 1 Mbps per customent. Also a lot of paquet lost beginning from the openbsd. The're around 800 to 1000 users on this server. Bandwith is not a problem but we often saw limitation in number of paquets be the problem on our old servers. When it's happen with linux, it often a ct sysctl value. I saw this too with PF on FreeBSD that I add to give higher value in set limit. I use the same limit value than on my FreeBSD server that have 3 x more traffic and users. set limit { states 196608, src-nodes 16384, frags 8192, tables 1024, table-entries 131072 } so I really don't think those value are too low # pfctl -si Status: Enabled for 0 days 05:18:11 Debug: err State Table Total Rate current entries24986 searches 112481055 5891.8/s inserts 3846438 201.5/s removals 3821452 200.2/s Counters match5534959 289.9/s bad-offset 00.0/s fragment 260.0/s short 12840.1/s normalize6020.0/s memory 42280.2/s bad-timestamp 00.0/s congestion 00.0/s ip-option 10.0/s proto-cksum00.0/s state-mismatch 204461.1/s state-insert 240.0/s state-limit00.0/s src-limit 00.0/s synproxy 00.0/s no queue and I don't see any error in dmesg or in the log. CPU load is between 4 to 8% load checking with systat, 1920704 active memory free. Interrupts total from 6 to 7k. Is there a sysctl that could block too much connexion ? I looked at the inet list 1 by 1 but didn't find anything for now. Any other idea ? Michel DMESG : arpresolve: 10.8.1.4: route without link local address (This one come often and also see somethime 10.8.1.26) syncing disks... done r OpenBSD 5.0-current (GENERIC.MP) #70: Mon Sep 12 02:07:20 MDT 2011 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 2135490560 (2036MB) avail mem = 2064576512 (1968MB) mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.6 @ 0x9f800 (22 entries) bios0: vendor American Megatrends Inc. version 080016 date 03/04/2011 acpi0 at bios0: rev 2 acpi0: sleep states S0 S1 S4 S5 acpi0: tables DSDT FACP APIC MCFG OEMB HPET GSCI SSDT acpi0: wakeup devices P0P1(S4) PS2K(S4) PS2M(S4) USB0(S4) USB1(S4) USB2(S4) USB3(S4) EUSB(S4) P0P4(S4) P0P5(S4) P0P6(S4) P0P7(S4) P0P8(S4) P0P9(S4) SLPB(S4) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Atom(TM) CPU N550 @ 1.50GHz, 1500.18 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,EST,TM2,SSSE3,CX16,xTPR,PDCM,MOVBE,NXE,LONG cpu0: 512KB 64b/line 8-way L2 cache cpu0: apic clock running at 166MHz cpu1 at mainbus0: apid 2 (application processor) cpu1: Intel(R) Atom(TM) CPU N550 @ 1.50GHz, 1499.99 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,EST,TM2,SSSE3,CX16,xTPR,PDCM,MOVBE,NXE,LONG cpu1: 512KB 64b/line 8-way L2 cache cpu2 at mainbus0: apid 1 (application processor) cpu2: Intel(R) Atom(TM) CPU N550 @ 1.50GHz, 1499.99 MHz cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,EST,TM2,SSSE3,CX16,xTPR,PDCM,MOVBE,NXE,LONG cpu2: 512KB 64b/line 8-way L2 cache cpu3 at mainbus0: apid 3 (application processor) cpu3: Intel(R) Atom(TM) CPU N550 @ 1.50GHz, 1499.99 MHz cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,EST,TM2,SSSE3,CX16,xTPR,PDCM,MOVBE,NXE,LONG cpu3: 512KB 64b/line 8-way L2 cache ioapic0 at mainbus0: apid 4 pa 0xfec0, version 20, 24 pins ioapic0: misconfigured as apic 1, remapped to apid 4 acpimcfg0 at acpi0 addr 0xe000, bus 0-255 acpihpet0 at acpi0: 14318179 Hz acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 5 (P0P1) acpiprt2 at acpi0: bus 1 (P0P4) acpiprt3 at acpi0: bus 2 (P0P5) acpiprt4 at acpi0: bus 3 (P0P6) acpiprt5 at acpi0: bus 4 (P0P7) acpiprt6 at acpi0: bus -1 (P0P8) acpiprt7 at acpi0: bus -1 (P0P9) acpicpu0 at acpi0: PSS acpicpu1 at acpi0: PSS acpicpu2 at acpi0: PSS acpicpu3 at acpi0: PSS
Re: slow download - sysctl limit ?
really look like a sysctl limit, tcpdump give me lot of packets dropped by kernel. I commented every block rule to be sure it was not a rules mistake in pf pfctl -vnf /etc/pf.conf without tables and macro set limit states 196608 set limit src-nodes 16384 set limit frags 8192 set limit tables 1024 set limit table-entries 131072 match out on em0 inet from ipnat to any nat-to X.X.X.X pass in quick on lo0 inet6 from any to ::1 flags S/SA pass in quick on lo0 inet6 from any to fe80::1 flags S/SA pass out quick on lo0 inet6 from any to ::1 flags S/SA pass out quick on lo0 inet6 from any to fe80::1 flags S/SA pass in quick on lo0 inet from any to 127.0.0.1 flags S/SA pass out quick on lo0 inet from any to 127.0.0.1 flags S/SA pass in quick from admin to any flags S/SA pass out quick from admin to any flags S/SA pass in quick on int_if proto tcp from any port = ABCD to any flags S/SA pass in quick on int_if proto tcp from any port = ABCE to any flags S/SA pass in quick on int_if proto udp from any port = XYZ to any pass in all flags S/SA pass out all flags S/SA tcpdump -i em1 71579 packets received by filter 70115 packets dropped by kernel I change those sysctl value : sysctl net.inet.tcp.recvspace=65535 sysctl net.inet.tcp.sendspace=65535 sysctl net.inet.ip.maxqueue=2048 sysctl kern.somaxconn=2048 sysctl net.bpf.bufsize=2097152 sysctl net.bpf.maxbufsize=4194304 sysctl net.inet.ip.portfirst=32768 sysctl net.inet.ip.portlast=49151 sysctl net.inet.ip.porthifirst=49152 sysctl net.inet.ip.porthilast=65535 sysctl kern.seminfo.semmni=1024 sysctl kern.seminfo.semmns=4096 sysctl kern.shminfo.shmmax=67018864 sysctl kern.shminfo.shmall=32768 The're now a lot less paquet lost but speed test is as much slow. Any idea ? Thanks Michel Le 2011-10-21 10:42, Michel Blais a icrit : I got a problem with snapshot (not shure if it's the last), download is really slow, 0.3 to 1 Mbps per customent. Also a lot of paquet lost beginning from the openbsd. The're around 800 to 1000 users on this server. Bandwith is not a problem but we often saw limitation in number of paquets be the problem on our old servers. When it's happen with linux, it often a ct sysctl value. I saw this too with PF on FreeBSD that I add to give higher value in set limit. I use the same limit value than on my FreeBSD server that have 3 x more traffic and users. set limit { states 196608, src-nodes 16384, frags 8192, tables 1024, table-entries 131072 } so I really don't think those value are too low # pfctl -si Status: Enabled for 0 days 05:18:11 Debug: err State Table Total Rate current entries24986 searches 112481055 5891.8/s inserts 3846438 201.5/s removals 3821452 200.2/s Counters match5534959 289.9/s bad-offset 00.0/s fragment 260.0/s short 12840.1/s normalize6020.0/s memory 42280.2/s bad-timestamp 00.0/s congestion 00.0/s ip-option 10.0/s proto-cksum00.0/s state-mismatch 204461.1/s state-insert 240.0/s state-limit00.0/s src-limit 00.0/s synproxy 00.0/s no queue and I don't see any error in dmesg or in the log. CPU load is between 4 to 8% load checking with systat, 1920704 active memory free. Interrupts total from 6 to 7k. Is there a sysctl that could block too much connexion ? I looked at the inet list 1 by 1 but didn't find anything for now. Any other idea ? Michel DMESG : arpresolve: 10.8.1.4 http://10.8.1.4: route without link local address (This one come often and also see somethime 10.8.1.26) syncing disks... done r OpenBSD 5.0-current (GENERIC.MP http://GENERIC.MP) #70: Mon Sep 12 02:07:20 MDT 2011 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP http://GENERIC.MP real mem = 2135490560 (2036MB) avail mem = 2064576512 (1968MB) mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.6 @ 0x9f800 (22 entries) bios0: vendor American Megatrends Inc. version 080016 date 03/04/2011 acpi0 at bios0: rev 2 acpi0: sleep states S0 S1 S4 S5 acpi0: tables DSDT FACP APIC MCFG OEMB HPET GSCI SSDT acpi0: wakeup devices P0P1(S4) PS2K(S4) PS2M(S4) USB0(S4) USB1(S4) USB2(S4) USB3(S4) EUSB(S4) P0P4(S4) P0P5(S4) P0P6(S4) P0P7(S4) P0P8(S4) P0P9(S4) SLPB(S4) acpitimer0 at acpi0: 3579545 Hz, 24
Re: slow download - packets dropped by kernel
packets dropped by kernel The number of packets that were dropped, due to a lack of buffer space. http://publib.boulder.ibm.com/infocenter/aix/v6r1/index.jsp?topic=%2Fcom.ibm.aix.cmds%2Fdoc%2Faixcmds5%2Ftcpdump.htm I saw on a forum to give more value to bpf size : change those value 2 time x2 : my actual size : # sysctl net.bpf.bufsize=8388608 net.bpf.bufsize: 4194304 - 8388608 # sysctl net.bpf.maxbufsize=16777216 net.bpf.maxbufsize: 8388608 - 16777216 Still the same. Anything else that could make kernel drop paquets ? Thanks Le 2011-10-21 11:46, Michel Blais a icrit : really look like a sysctl limit, tcpdump give me lot of packets dropped by kernel. I commented every block rule to be sure it was not a rules mistake in pf pfctl -vnf /etc/pf.conf without tables and macro set limit states 196608 set limit src-nodes 16384 set limit frags 8192 set limit tables 1024 set limit table-entries 131072 match out on em0 inet from ipnat to any nat-to X.X.X.X pass in quick on lo0 inet6 from any to ::1 flags S/SA pass in quick on lo0 inet6 from any to fe80::1 flags S/SA pass out quick on lo0 inet6 from any to ::1 flags S/SA pass out quick on lo0 inet6 from any to fe80::1 flags S/SA pass in quick on lo0 inet from any to 127.0.0.1 flags S/SA pass out quick on lo0 inet from any to 127.0.0.1 flags S/SA pass in quick from admin to any flags S/SA pass out quick from admin to any flags S/SA pass in quick on int_if proto tcp from any port = ABCD to any flags S/SA pass in quick on int_if proto tcp from any port = ABCE to any flags S/SA pass in quick on int_if proto udp from any port = XYZ to any pass in all flags S/SA pass out all flags S/SA tcpdump -i em1 71579 packets received by filter 70115 packets dropped by kernel I change those sysctl value : sysctl net.inet.tcp.recvspace=65535 sysctl net.inet.tcp.sendspace=65535 sysctl net.inet.ip.maxqueue=2048 sysctl kern.somaxconn=2048 sysctl net.bpf.bufsize=2097152 sysctl net.bpf.maxbufsize=4194304 sysctl net.inet.ip.portfirst=32768 sysctl net.inet.ip.portlast=49151 sysctl net.inet.ip.porthifirst=49152 sysctl net.inet.ip.porthilast=65535 sysctl kern.seminfo.semmni=1024 sysctl kern.seminfo.semmns=4096 sysctl kern.shminfo.shmmax=67018864 sysctl kern.shminfo.shmall=32768 The're now a lot less paquet lost but speed test is as much slow. Any idea ? Thanks Michel Le 2011-10-21 10:42, Michel Blais a icrit : I got a problem with snapshot (not shure if it's the last), download is really slow, 0.3 to 1 Mbps per customent. Also a lot of paquet lost beginning from the openbsd. The're around 800 to 1000 users on this server. Bandwith is not a problem but we often saw limitation in number of paquets be the problem on our old servers. When it's happen with linux, it often a ct sysctl value. I saw this too with PF on FreeBSD that I add to give higher value in set limit. I use the same limit value than on my FreeBSD server that have 3 x more traffic and users. set limit { states 196608, src-nodes 16384, frags 8192, tables 1024, table-entries 131072 } so I really don't think those value are too low # pfctl -si Status: Enabled for 0 days 05:18:11 Debug: err State Table Total Rate current entries24986 searches 112481055 5891.8/s inserts 3846438 201.5/s removals 3821452 200.2/s Counters match5534959 289.9/s bad-offset 00.0/s fragment 260.0/s short 12840.1/s normalize6020.0/s memory 42280.2/s bad-timestamp 00.0/s congestion 00.0/s ip-option 10.0/s proto-cksum00.0/s state-mismatch 204461.1/s state-insert 240.0/s state-limit00.0/s src-limit 00.0/s synproxy 00.0/s no queue and I don't see any error in dmesg or in the log. CPU load is between 4 to 8% load checking with systat, 1920704 active memory free. Interrupts total from 6 to 7k. Is there a sysctl that could block too much connexion ? I looked at the inet list 1 by 1 but didn't find anything for now. Any other idea ? Michel DMESG : arpresolve: 10.8.1.4 http://10.8.1.4: route without link local address (This one come often and also see somethime 10.8.1.26) syncing disks... done r OpenBSD 5.0-current (GENERIC.MP http://GENERIC.MP) #70: Mon Sep 12
Re: slow download - sysctl limit ?
I reseted everything (reboot it), After that, change ifq.maxlen from 256 to 512, after 1024 and finally for 2056. ifq.drops always stay at 0 and I still have around half paquets dropped by kernel. thanks Michel 2011/10/21 Daniel Melameth dan...@melameth.com If sysctl net.inet.ip.ifq.drops is greater than zero, you might want to try doubling net.inet.ip.ifq.maxlen until net.inet.ip.ifq.drops stops incrementing. As for the other sysctl values you changed, you might want to reset them to their defaults as you'll get a lot of flak on this list for blindly changing them. On Fri, Oct 21, 2011 at 9:46 AM, Michel Blais mic...@targointernet.com wrote: really look like a sysctl limit, tcpdump give me lot of packets dropped by kernel. I commented every block rule to be sure it was not a rules mistake in pf pfctl -vnf /etc/pf.conf without tables and macro set limit states 196608 set limit src-nodes 16384 set limit frags 8192 set limit tables 1024 set limit table-entries 131072 match out on em0 inet from ipnat to any nat-to X.X.X.X pass in quick on lo0 inet6 from any to ::1 flags S/SA pass in quick on lo0 inet6 from any to fe80::1 flags S/SA pass out quick on lo0 inet6 from any to ::1 flags S/SA pass out quick on lo0 inet6 from any to fe80::1 flags S/SA pass in quick on lo0 inet from any to 127.0.0.1 flags S/SA pass out quick on lo0 inet from any to 127.0.0.1 flags S/SA pass in quick from admin to any flags S/SA pass out quick from admin to any flags S/SA pass in quick on int_if proto tcp from any port = ABCD to any flags S/SA pass in quick on int_if proto tcp from any port = ABCE to any flags S/SA pass in quick on int_if proto udp from any port = XYZ to any pass in all flags S/SA pass out all flags S/SA tcpdump -i em1 71579 packets received by filter 70115 packets dropped by kernel I change those sysctl value : sysctl net.inet.tcp.recvspace=65535 sysctl net.inet.tcp.sendspace=65535 sysctl net.inet.ip.maxqueue=2048 sysctl kern.somaxconn=2048 sysctl net.bpf.bufsize=2097152 sysctl net.bpf.maxbufsize=4194304 sysctl net.inet.ip.portfirst=32768 sysctl net.inet.ip.portlast=49151 sysctl net.inet.ip.porthifirst=49152 sysctl net.inet.ip.porthilast=65535 sysctl kern.seminfo.semmni=1024 sysctl kern.seminfo.semmns=4096 sysctl kern.shminfo.shmmax=67018864 sysctl kern.shminfo.shmall=32768 The're now a lot less paquet lost but speed test is as much slow. Any idea ? Thanks Michel Le 2011-10-21 10:42, Michel Blais a icrit : I got a problem with snapshot (not shure if it's the last), download is really slow, 0.3 to 1 Mbps per customent. Also a lot of paquet lost beginning from the openbsd. The're around 800 to 1000 users on this server. Bandwith is not a problem but we often saw limitation in number of paquets be the problem on our old servers. When it's happen with linux, it often a ct sysctl value. I saw this too with PF on FreeBSD that I add to give higher value in set limit. I use the same limit value than on my FreeBSD server that have 3 x more traffic and users. set limit { states 196608, src-nodes 16384, frags 8192, tables 1024, table-entries 131072 } so I really don't think those value are too low # pfctl -si Status: Enabled for 0 days 05:18:11 Debug: err State Table Total Rate current entries24986 searches 112481055 5891.8/s inserts 3846438 201.5/s removals 3821452 200.2/s Counters match5534959 289.9/s bad-offset 00.0/s fragment 260.0/s short 12840.1/s normalize6020.0/s memory 42280.2/s bad-timestamp 00.0/s congestion 00.0/s ip-option 10.0/s proto-cksum00.0/s state-mismatch 204461.1/s state-insert 240.0/s state-limit00.0/s src-limit 00.0/s synproxy 00.0/s no queue and I don't see any error in dmesg or in the log. CPU load is between 4 to 8% load checking with systat, 1920704 active memory free. Interrupts total from 6 to 7k. Is there a sysctl that could block too much connexion ? I looked at the inet list 1 by 1 but didn't find anything for now. Any other idea ? Michel DMESG : arpresolve: 10.8.1.4 http://10.8.1.4: route
Re: High interrupt rates after resume
* Alexander Polakov polac...@gmail.com [111017 02:02]: I've got a problem. When I suspend my laptop (Lenovo X100e, dmesg below), it suspends just fine, and resumes well too (thanks for that!). But after resume I see high interrupt rates (like 77%) in top and vmstat, it feels slower and fan never stops. Any ideas? I made some experiments with boot bsd -c 1) disable ohci. 57% interrupts 2) disable ehci. ~20% interrupts 3) disable ahci. starts from 5%, +0.1% every ~5 seconds (???) 4) disable re. 57% interrupts 5) disable azalia. 57% interrupts -- Alexander Polakov | plhk.ru
Unbreak fortune/unstr
Hi! I've noticed that the unstr utility from games/fortune does not work properly. When reading the header of .dat files, all the other utilities do some endianness correction, but unstr does not. Therefore, it gets wrong information, and produces garbage. The diff below fixes this symptom. Using the unpatched unstr on any datfile previously generated by strfile aborts quickly since the flags are not interpreted correctly. By commenting out the flag processing code, unstr works to some degree, but doesn't get the right number of entries and runs in a pseudo-endless loop. The patched version doesn't exhibit those symptoms. Still, I don't understand the reason why strfile does htonl (strfile.c at line 220 onwards) for all the header fields in the first place, only for fortune then to undo it (and for unstr to forget doing it, therefore not working). Also, fortune.c at line 1107 does ntohl to undo the htonl of strfile.c for every header field but for tbl.str_version, which is explicitely commented out. This seems rather odd -- looking at fortune's behaviour in the debugger shows that without ntohl the str_version comes in in reverse byte order, as expected. According to CVS, this oddity comes all the way from the initial import. The second diff fixes that. Last, I'd like to suggest that strfile and unstr be included in the base distribution. It seems strange that their source is there and the fortune(6) manpage loops through hoops to mention that they can be compiled if one wishes so -- but before I try to patch that, I'd like to hear whether there are some non-obvious reasons why they are kept out. Cheers, s//un Index: unstr/unstr.c === RCS file: /cvs/src/games/fortune/unstr/unstr.c,v retrieving revision 1.10 diff -u -r1.10 unstr.c --- unstr/unstr.c 27 Oct 2009 23:59:24 - 1.10 +++ unstr/unstr.c 21 Oct 2011 17:26:11 - @@ -79,6 +79,12 @@ (void) fread(tbl.str_shortlen, sizeof(tbl.str_shortlen), 1, Dataf); (void) fread(tbl.str_flags,sizeof(tbl.str_flags),1, Dataf); (void) fread( tbl.stuff,sizeof(tbl.stuff),1, Dataf); + tbl.str_version = ntohl(tbl.str_version); + tbl.str_numstr = ntohl(tbl.str_numstr); + tbl.str_longlen = ntohl(tbl.str_longlen); + tbl.str_shortlen = ntohl(tbl.str_shortlen); + tbl.str_flags = ntohl(tbl.str_flags); + if (!(tbl.str_flags (STR_ORDERED | STR_RANDOM))) errx(1, nothing to do -- table in file order); Delimch = tbl.str_delim; Index: fortune/fortune.c === RCS file: /cvs/src/games/fortune/fortune/fortune.c,v retrieving revision 1.30 diff -u -r1.30 fortune.c --- fortune/fortune.c 3 Jan 2011 17:38:24 - 1.30 +++ fortune/fortune.c 21 Oct 2011 17:26:11 - @@ -1104,7 +1104,7 @@ exit(1); } - /* fp-tbl.str_version = ntohl(fp-tbl.str_version); */ + fp-tbl.str_version = ntohl(fp-tbl.str_version); fp-tbl.str_numstr = ntohl(fp-tbl.str_numstr); fp-tbl.str_longlen = ntohl(fp-tbl.str_longlen); fp-tbl.str_shortlen = ntohl(fp-tbl.str_shortlen); -- squeak!
Re: Unbreak fortune/unstr
Still, I don't understand the reason why strfile does htonl (strfile.c at line 220 onwards) for all the header fields in the first place, only for fortune then to undo it (and for unstr to forget doing it, therefore not working). The idea is that, as much as possible, we would like files in the system to be portable (if copied) to other systems. Also, fortune.c at line 1107 does ntohl to undo the htonl of strfile.c for every header field but for tbl.str_version, which is explicitely commented out. This seems rather odd -- looking at fortune's behaviour in the debugger shows that without ntohl the str_version comes in in reverse byte order, as expected. According to CVS, this oddity comes all the way from the initial import. The second diff fixes that. Last, I'd like to suggest that strfile and unstr be included in the base distribution. It seems strange that their source is there and the fortune(6) manpage loops through hoops to mention that they can be compiled if one wishes so -- but before I try to patch that, I'd like to hear whether there are some non-obvious reasons why they are kept out. I am not a fan of filling the binary distribution with tools which noone will use. Perhaps the code for these could be merged into fortune itself, as options. Or perhaps the entire way for building these things could be improved even beyond that, because datfiles/Makefile is pretty disgusting.
Re: slow download
You haven't explained what this machine is doing. But a few random comments from a wild assumption that it's just routing packets + PF: - MP is not helping you, and may be making things worse - amd64 is probably not helping you, and may be making things worse - try comparing kern.pool_debug=0 and kern.pool_debug=1 if you can say a bit more about what you're doing, maybe you'll get some other tips. On 2011-10-21, Michel Blais mic...@targointernet.com wrote: I got a problem with snapshot (not shure if it's the last), download is really slow, 0.3 to 1 Mbps per customent. Also a lot of paquet lost beginning from the openbsd. The're around 800 to 1000 users on this server. Bandwith is not a problem but we often saw limitation in number of paquets be the problem on our old servers. When it's happen with linux, it often a ct sysctl value. I saw this too with PF on FreeBSD that I add to give higher value in set limit. I use the same limit value than on my FreeBSD server that have 3 x more traffic and users. set limit { states 196608, src-nodes 16384, frags 8192, tables 1024, table-entries 131072 } so I really don't think those value are too low # pfctl -si Status: Enabled for 0 days 05:18:11 Debug: err State Table Total Rate current entries24986 searches 112481055 5891.8/s inserts 3846438 201.5/s removals 3821452 200.2/s Counters match5534959 289.9/s bad-offset 00.0/s fragment 260.0/s short 12840.1/s normalize6020.0/s memory 42280.2/s bad-timestamp 00.0/s congestion 00.0/s ip-option 10.0/s proto-cksum00.0/s state-mismatch 204461.1/s state-insert 240.0/s state-limit00.0/s src-limit 00.0/s synproxy 00.0/s no queue and I don't see any error in dmesg or in the log. CPU load is between 4 to 8% load checking with systat, 1920704 active memory free. Interrupts total from 6 to 7k. Is there a sysctl that could block too much connexion ? I looked at the inet list 1 by 1 but didn't find anything for now. Any other idea ? Michel DMESG : arpresolve: 10.8.1.4: route without link local address (This one come often and also see somethime 10.8.1.26) syncing disks... done r OpenBSD 5.0-current (GENERIC.MP) #70: Mon Sep 12 02:07:20 MDT 2011 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 2135490560 (2036MB) avail mem = 2064576512 (1968MB) mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.6 @ 0x9f800 (22 entries) bios0: vendor American Megatrends Inc. version 080016 date 03/04/2011 acpi0 at bios0: rev 2 acpi0: sleep states S0 S1 S4 S5 acpi0: tables DSDT FACP APIC MCFG OEMB HPET GSCI SSDT acpi0: wakeup devices P0P1(S4) PS2K(S4) PS2M(S4) USB0(S4) USB1(S4) USB2(S4) USB3(S4) EUSB(S4) P0P4(S4) P0P5(S4) P0P6(S4) P0P7(S4) P0P8(S4) P0P9(S4) SLPB(S4) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Atom(TM) CPU N550 @ 1.50GHz, 1500.18 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,EST,TM2,SSSE3,CX16,xTPR,PDCM,MOVBE,NXE,LONG cpu0: 512KB 64b/line 8-way L2 cache cpu0: apic clock running at 166MHz cpu1 at mainbus0: apid 2 (application processor) cpu1: Intel(R) Atom(TM) CPU N550 @ 1.50GHz, 1499.99 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,EST,TM2,SSSE3,CX16,xTPR,PDCM,MOVBE,NXE,LONG cpu1: 512KB 64b/line 8-way L2 cache cpu2 at mainbus0: apid 1 (application processor) cpu2: Intel(R) Atom(TM) CPU N550 @ 1.50GHz, 1499.99 MHz cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,EST,TM2,SSSE3,CX16,xTPR,PDCM,MOVBE,NXE,LONG cpu2: 512KB 64b/line 8-way L2 cache cpu3 at mainbus0: apid 3 (application processor) cpu3: Intel(R) Atom(TM) CPU N550 @ 1.50GHz, 1499.99 MHz cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,EST,TM2,SSSE3,CX16,xTPR,PDCM,MOVBE,NXE,LONG cpu3: 512KB 64b/line 8-way L2 cache
Re: slow download
2011/10/21 Michel Blais mic...@targointernet.com This is for a firewall and main gateway of my network. Is a atom dual core cpu 1.6 Ghz with 2 Go or RAM It have 2 realtek onboard nic but since I wanted Intel NIC, I added a 3 intel NIC optional board. em0 is use to connect to my ISP fiber link em1 is use to connect to my Lan re1 is use to connect direct to the router for maintenance. PF is use for firewall and nat some users. Others have public IP. PMACCT to collect some network stat. OLSRd for dynamic routing that annonce 0.0.0.0/0 Michel 2011/10/21 Stuart Henderson s...@spacehopper.org You haven't explained what this machine is doing. But a few random comments from a wild assumption that it's just routing packets + PF: - MP is not helping you, and may be making things worse - amd64 is probably not helping you, and may be making things worse - try comparing kern.pool_debug=0 and kern.pool_debug=1 if you can say a bit more about what you're doing, maybe you'll get some other tips. On 2011-10-21, Michel Blais mic...@targointernet.com wrote: I got a problem with snapshot (not shure if it's the last), download is really slow, 0.3 to 1 Mbps per customent. Also a lot of paquet lost beginning from the openbsd. The're around 800 to 1000 users on this server. Bandwith is not a problem but we often saw limitation in number of paquets be the problem on our old servers. When it's happen with linux, it often a ct sysctl value. I saw this too with PF on FreeBSD that I add to give higher value in set limit. I use the same limit value than on my FreeBSD server that have 3 x more traffic and users. set limit { states 196608, src-nodes 16384, frags 8192, tables 1024, table-entries 131072 } so I really don't think those value are too low # pfctl -si Status: Enabled for 0 days 05:18:11 Debug: err State Table Total Rate current entries24986 searches 112481055 5891.8/s inserts 3846438 201.5/s removals 3821452 200.2/s Counters match5534959 289.9/s bad-offset 00.0/s fragment 260.0/s short 12840.1/s normalize6020.0/s memory 42280.2/s bad-timestamp 00.0/s congestion 00.0/s ip-option 10.0/s proto-cksum00.0/s state-mismatch 204461.1/s state-insert 240.0/s state-limit00.0/s src-limit 00.0/s synproxy 00.0/s no queue and I don't see any error in dmesg or in the log. CPU load is between 4 to 8% load checking with systat, 1920704 active memory free. Interrupts total from 6 to 7k. Is there a sysctl that could block too much connexion ? I looked at the inet list 1 by 1 but didn't find anything for now. Any other idea ? Michel DMESG : arpresolve: 10.8.1.4: route without link local address (This one come often and also see somethime 10.8.1.26) syncing disks... done r OpenBSD 5.0-current (GENERIC.MP) #70: Mon Sep 12 02:07:20 MDT 2011 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/ GENERIC.MP real mem = 2135490560 (2036MB) avail mem = 2064576512 (1968MB) mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.6 @ 0x9f800 (22 entries) bios0: vendor American Megatrends Inc. version 080016 date 03/04/2011 acpi0 at bios0: rev 2 acpi0: sleep states S0 S1 S4 S5 acpi0: tables DSDT FACP APIC MCFG OEMB HPET GSCI SSDT acpi0: wakeup devices P0P1(S4) PS2K(S4) PS2M(S4) USB0(S4) USB1(S4) USB2(S4) USB3(S4) EUSB(S4) P0P4(S4) P0P5(S4) P0P6(S4) P0P7(S4) P0P8(S4) P0P9(S4) SLPB(S4) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Atom(TM) CPU N550 @ 1.50GHz, 1500.18 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,EST,TM2,SSSE3,CX16,xTPR,PDCM,MOVBE,NXE,LONG cpu0: 512KB 64b/line 8-way L2 cache cpu0: apic clock running at 166MHz cpu1 at mainbus0: apid 2 (application processor) cpu1: Intel(R) Atom(TM) CPU N550 @ 1.50GHz, 1499.99 MHz cpu1:
Re: Unbreak fortune/unstr
* Theo de Raadt on Fri, Oct 21, 2011 at 11:49:22AM -0600: Last, I'd like to suggest that strfile and unstr be included in the base distribution. It seems strange that their source is there and the fortune(6) manpage loops through hoops to mention that they can be compiled if one wishes so -- but before I try to patch that, I'd like to hear whether there are some non-obvious reasons why they are kept out. I am not a fan of filling the binary distribution with tools which noone will use. Perhaps the code for these could be merged into fortune itself, as options. That sounds like a sensible idea. I will give it a try. -- When we transitioned from 32-bit offsets, we did so *without* the abominable hack that StunOS uses that requires -DDONT_SCREW_ME_WITH_A_SPLINTERY_TIMBER_FOR_USING_64_BIT_OFF_T or whatever it is. -- Thor Lancelot Simon; comp.unix.bsd.netbsd.misc
Re: dhclient, resolv.conf
On Thu, Oct 20, 2011 at 08:53:16PM +, sophia.ort...@googlemail.com wrote: Rogier Krieger rkrie...@gmail.com wrote: you can use the 'script' parameter described in dhclient.conf Perhaps the best solution, not far from what I had in mind from the beginning, but not a simple configuration for a simple task. I do not see why you prefer editing resolv.conf over dhclient.conf, though, but I trust you have your reasons. I find the idea of bringing dhclient with tricks to write a configuration file that I can type myself absurd. I didnt manage to avoid that dhclient write a search option in resolv.conf. If you are using dhclient, then /etc/resolv.conf is not really a configuration file. You are choosing to have your host dynamically configured by an outside agency and /etc/resolv.conf becomes a tool to implement that dynamic configuration. So, to me, the logical approach is to control the dynamic configuration process to produce the result you want, not artificially contrain the implementation mechanism available to the dynamic configuration you receive. Neither approach is perfect. Ken ?ukasz Czarniecki l...@sanki.roteh.pl wrote: chflags uchg /etc/resolv.conf Thanks! But that sounds like brute force. :) Do you know why opaque flag disappeared in OpenBSD? I think it can be usefull under circumstances. Regards SO
Multiple smarthost relays with smptd
I am trying to set up forwarding to two remote SMTP servers. Not at the same time obviously, but depending on the from line (personal and work address and accompanying outgoing servers). Secrets file: smtp1.example.com u...@example.com:pass smtp2.example.org u...@example.org:pass smtpd.conf: accept for all relay via smtp1.example.com tls auth secrets accept for all relay via smtp2.example.org tls auth secrets The problem is, first smarthost is always used. Envelope senders are properly set. Is there a way to make this work?
Re: slow download
No bridge, just routed. We use pmacct because we need the memory plug in for dynamicly unpriorise those taking too much bandwith for fair sharing policy. We also use pmacct on FreeBSD and Linux so we have the same tool everywhere and use the same scripts on every platform. Thanks Michel Le 21 oct. 2011 17:27, Stuart Henderson s...@spacehopper.org a icrit : On 2011/10/21 17:01, Michel Blais wrote: This is for a firewall and main gateway of my network. Is a atom dual core cpu 1.6 Ghz with 2 Go or RAM It have 2 realtek onboard nic but since I wanted Intel NIC, I added a 3 intel NIC optional board. em0 is use to connect to my ISP fiber link em1 is use to connect to my Lan re1 is use to connect direct to the router for maintenance. PF is use for firewall and nat some users. Others have public IP. any bridging or is this just routed? (if bridged, read http://marc.info/?l=openbsd-miscm=124082008204226, it has a few problems..) PMACCT to collect some network stat. is this using BPF capture? consider pflow(4) instead (netflow compatible, this exports flows directly from PF in kernel mode, so the overheads are much lower).
Re: High interrupt rates after resume
On Sun, Oct 16, 2011 at 3:00 PM, Alexander Polakov polac...@gmail.com wrote: I've got a problem. When I suspend my laptop (Lenovo X100e, dmesg below), it suspends just fine, and resumes well too (thanks for that!). But after resume I see high interrupt rates (like 77%) in top and vmstat, it feels slower and fan never stops. Any ideas? ... % vmstat -iv interrupt total rate irq0/clock 185246 199 irq0/ipi 225445 242 irq0/ipi_nop 216556 232 irq0/ipi_flushfp 320 irq0/ipi_synchfp 87469 irq0/ipi_mtrr 10 irq0/ipi_setperf 1100 irq144/acpi0 11601 irq99/re063806 irq97/ahci0 11188 12 irq98/ohci0 10 irq98/ohci1 10 irq100/ohci210 irq101/ehci1 2600 irq98/azalia0 25407 27 irq145/pckbc030233 irq146/pckbc038264 Total 687383 739 That's the after-resume output? What's the vmstat -i output look like before you first suspend+resume and the system is idle? Philip Guenther
Compranet 5.0 para Servidores Públicos, Atención Gobierno!
476525 [IMAGE] [demime 1.01d removed an attachment of type image/jpeg which had a name of compranet gob.jpg]