Re: ksh's HISTFILE

[Paul de Weerd]

On Wed, Mar 14, 2012 at 02:13:22AM -0400, Hugo Villeneuve wrote:
| Usually, the history file is used to seed the current shell process
| in-memory history and when the shell quits, it's overwriten.

Yeah, and the part I hate about that behaviour is that with two
concurrent sessions it means you only get the extra history from the
last shell to exit.  That makes it pretty inconsistent and unexpected
(which I agree the behaviour of two intermixed histories can also be,
although I would argue that this is more "HISTORY"cally correct, as it
lists history in chronological order).

| That's how it works in:
| 
| OpenBSD's csh, GNU's bash, etc.

That doesn't mean that's 'correct' behavior.  At any rate, I love
history, but not across sessions, so I usually don't touch HISTFILE (or
unset it when set) to make sure I don't get a history file and when I
am on other systems, I try to configure them to have similar behavior.

Paul 'WEiRD' de Weerd

-- 
>[<++>-]<+++.>+++[<-->-]<.>+++[<+
+++>-]<.>++[<>-]<+.--.[-]
 http://www.weirdnet.nl/ 

Re: Pre-orders for 5.1, and the new song!

[Alan Cheng]

Great!

By the way, the picture on http://openbsd.org/51.html is still linked to
http://openbsd.org/images/MAD.jpg. Someone might want to fix it.

-Alan

http://www.kdump.cn/store
On Wed, Mar 14, 2012 at 10:46 AM, Theo de Raadt wrote:

> It is that time again.  I have just activated pre-orders for CDs,
> tshirts, and posters for the 5.1 release -- due May 1.
>
>http://openbsd.org/orders.html
>
> At the same time, I am making available the song that will come out
> with the release (hmm, it is still moving out to the ftp mirrors at
> the moment, but that is ok).  The song and details of it are linked
> from:
>
>http://openbsd.org/lyrics.html
>
> And there is something else.  Five years ago we made available an
> Audio CD that contained 5 years of songs.  Well, we have made a new
> audio CD since enough new songs have been made.  It is not very
> expensive, so please consider buying this as well when you place any
> order.  It has some rather nice liner notes.  Had some great fun
> coming up with the cover for that CD:
>
>   http://openbsd.org/images/cdaudio2.gif
>
> I'd also like you remind you that Michael Lucas new "SSH Mastery" book
> is also now available, in case anyone was waiting for the 5.1 release
> to place one order.
>
>http://openbsd.org/books.html#book9
>
> Please consider purchasing these items and/or making a donation, since
> this is a very important revenue source which keeps the project going.

Re: ksh's HISTFILE

[Hugo Villeneuve]

On Tue, Mar 13, 2012 at 07:05:22PM -0700, Claus Assmann wrote:
> On Tue, Mar 13, 2012, Hugo Villeneuve wrote:
> > On Mon, Mar 12, 2012 at 01:03:54PM +0200, lilit-aibolit wrote:
> 
> > > export HISTFILE=~/.sh_history
> 
> > Because last time I tried, it was unusable if you ran more than two
> > session concurently, as both shell would use the same file directly
> 
> Maybe try something like this?
> 
> HISTFILE=${HOME%/}/.ksh_hist.$$

:) funny

I think the default behavior when HISTFILE is unset (empty in process
memory buffer) is more usefull than an 1/32000 chance to get the
history of the last time ksh was run.

I personally do not beleive in an history file. I just wanted to
tell people that in OpenBSD's ksh, it works like nothing else.


Usually, the history file is used to seed the current shell process
in-memory history and when the shell quits, it's overwriten.

That's how it works in:

OpenBSD's csh, GNU's bash, etc.

Re: Pre-orders for 5.1, and the new song!

[patrick keshishian]

On Tue, Mar 13, 2012 at 7:46 PM, Theo de Raadt 
wrote:
> It is that time again.  I have just activated pre-orders for CDs,
> tshirts, and posters for the 5.1 release -- due May 1.
>
>http://openbsd.org/orders.html
>
> At the same time, I am making available the song that will come out
> with the release (hmm, it is still moving out to the ftp mirrors at
> the moment, but that is ok).  The song and details of it are linked
> from:
>
>http://openbsd.org/lyrics.html
>
> And there is something else.  Five years ago we made available an
> Audio CD that contained 5 years of songs.  Well, we have made a new
> audio CD since enough new songs have been made.  It is not very
> expensive, so please consider buying this as well when you place any
> order.  It has some rather nice liner notes.  Had some great fun
> coming up with the cover for that CD:
>
>   http://openbsd.org/images/cdaudio2.gif
>
> I'd also like you remind you that Michael Lucas new "SSH Mastery" book
> is also now available, in case anyone was waiting for the 5.1 release
> to place one order.
>
>http://openbsd.org/books.html#book9
>
> Please consider purchasing these items and/or making a donation, since
> this is a very important revenue source which keeps the project going.
>

Excellent news! Thank you OpenBSD!

OpenBSD Order 2012/3/13-22:21:yy-22xxx
Your order currently is:
-> 1 [CDA2] OpenBSD Audio CD: The Songs 4.1 - 5.1 @ CDN $15.00
-> 2 [T37] Bugbusters Shirt (?)  @ CDN $25.00
-> 1 [P51] OpenBSD 5.1 Poster @ CDN $20.00
-> 10 [CD51] OpenBSD 5.1 CD @ CDN $50.00
-> 1 [T34] The Black Hoodie (?)  @ CDN $60.00


--patrick

Re: dmesg mac mini A1347

[Wesley]

Hi 

Yes i can test it. Keep you informed about it.
Cheers, 

Wesley
MOUEDINE ASSABY

On 14.03.2012 05:18, Brad Smith wrote: 

> Hi Wesley,
>

> Would you be able to build a kernel with the following diff
> applied
and send me the dmesg from the new kernel?
> 
> Index:
sys/dev/pci/nviic.c
>
===
>
RCS file: /home/cvs/src/sys/dev/pci/nviic.c,v
> retrieving revision
1.15
> diff -u -p -r1.15 nviic.c
> --- sys/dev/pci/nviic.c 8 Apr 2010
00:23:53 - 1.15
> +++ sys/dev/pci/nviic.c 14 Mar 2012 00:41:22
-
> @@ -125,7 +125,8 @@ const struct pci_matchid nviic_ids[] = {
> {
PCI_VENDOR_NVIDIA, PCI_PRODUCT_NVIDIA_MCP67_SMB },
> {
PCI_VENDOR_NVIDIA, PCI_PRODUCT_NVIDIA_MCP73_SMB },
> {
PCI_VENDOR_NVIDIA, PCI_PRODUCT_NVIDIA_MCP77_SMB },
> - {
PCI_VENDOR_NVIDIA, PCI_PRODUCT_NVIDIA_MCP79_SMB }
> + {
PCI_VENDOR_NVIDIA, PCI_PRODUCT_NVIDIA_MCP79_SMB },
> + {
PCI_VENDOR_NVIDIA, PCI_PRODUCT_NVIDIA_MCP89_SMB }
> };
> 
> int

Pre-orders for 5.1, and the new song!

[Theo de Raadt]

It is that time again.  I have just activated pre-orders for CDs,
tshirts, and posters for the 5.1 release -- due May 1.

http://openbsd.org/orders.html

At the same time, I am making available the song that will come out
with the release (hmm, it is still moving out to the ftp mirrors at
the moment, but that is ok).  The song and details of it are linked
from:

http://openbsd.org/lyrics.html

And there is something else.  Five years ago we made available an
Audio CD that contained 5 years of songs.  Well, we have made a new
audio CD since enough new songs have been made.  It is not very
expensive, so please consider buying this as well when you place any
order.  It has some rather nice liner notes.  Had some great fun
coming up with the cover for that CD:

   http://openbsd.org/images/cdaudio2.gif 

I'd also like you remind you that Michael Lucas new "SSH Mastery" book
is also now available, in case anyone was waiting for the 5.1 release
to place one order.

http://openbsd.org/books.html#book9

Please consider purchasing these items and/or making a donation, since
this is a very important revenue source which keeps the project going.

Welcome to Just A Click Away

[Lily Jones]

Morning,


We would be grateful if you could give me one minute.
As
 mentioned before, we deem our product has strong unique selling points 
in USA.Please find enclosed and Attached here to some new products.

ph.justclickaway.co.cc/
Please feel free to call me at any time, I will continually provide full 
support.
Thang you!

Taculing, Bacolod City
Philippines
034-708-0663
0939-346-1166 

[demime 1.01d removed an attachment of type application/octet-stream which had 
a name of Just A Click Away .rar]

Re: ksh's HISTFILE

[Claus Assmann]

On Tue, Mar 13, 2012, Hugo Villeneuve wrote:
> On Mon, Mar 12, 2012 at 01:03:54PM +0200, lilit-aibolit wrote:

> > export HISTFILE=~/.sh_history

> Because last time I tried, it was unusable if you ran more than two
> session concurently, as both shell would use the same file directly

Maybe try something like this?

HISTFILE=${HOME%/}/.ksh_hist.$$

ksh's HISTFILE [was: Re: SSH, root can repeat commands with up arrow, others cannot]

[Hugo Villeneuve]

On Mon, Mar 12, 2012 at 01:03:54PM +0200, lilit-aibolit wrote:
> 11.03.2012 21:43, Chris Bennett P?P8QP5Q:
> >This started for me a while back.
> >Login as root, I can repeat older commands with up down arrows.
> >History command shows history.
> >
> >su -l otheruser
> >
> >Cannot use up down arrows to access history.
> >History command shows correct history.
> >
> >Login remotely as otheruser.
> >Same problem.
> >
> >Chris Bennett
> >
>
> try to add this to your .profile:
>
> export HISTFILE=~/.sh_history
>
> and re-login.
>
> it is work for me and save all history after disconnect
> and start new session.

Has there been improvement in ksh's history file recently? Like
since 5.0?

Because last time I tried, it was unusable if you ran more than two
session concurently, as both shell would use the same file directly
which lead to odd behavior. Like you did up history in one shell,
and you would see a command entered in the other one. Very wierd
to grasp.

(50+ OpenBSD's apologist will email me right back to tell me that
it's a feature. It's not GNU's bash the standard. Things can be
different.)

Re: No way natting-to carp interface

[Shane Lazarus]

Heya


On Wed, Mar 14, 2012 at 5:15 AM, Paquitiu  wrote:
> Hi.
...
> hostname.carp12
> inet 81.92.37.12 255.255.255.248 81.92.37.15 balancing ip carpnodes
> 120:0,121:100 pass PaSSWord12
>
> hostname.carp13
> inet 81.92.37.12 255.255.255.248 81.92.37.15 balancing ip carpnodes
> 130:100,131:0 pass PaSSWord13
...

Any reason those two interfaces have the same IP Address?

Shane

Re: CVS: cvs.openbsd.org: src

[Gilles Chehade]

On Tue, Mar 13, 2012 at 05:07:58PM -0600, Gilles Chehade wrote:
> CVSROOT:  /cvs
> Module name:  src
> Changes by:   gil...@cvs.openbsd.org  2012/03/13 17:07:58
> 
> Modified files:
>   usr.sbin/smtpd : scheduler_ramqueue.c 
> 
> Log message:
> When moving back envelope from offload tree to msg tree ... remove the
> envelope from offload tree not msg tree, this corrupts the ramqueue in
> ways that I couldn't imagine before wasting so many hours tracking it.
> 
> Fixes crash on my server under load, no crash after about 20K mails
> processed from up to 150 concurrent sessions.
> 

Now would be an interesting time to start testing seriously OpenSMTPD.

We know it still lacks features but it should provide what's needed for
the base system and should be reliable. Just test and you will see if
your needs are met or not.

Please report all bugs, crashes and features missing to gilles@, eric@
and chl@; we will focus on bugs and crashes at first but will keep
track of the feature requests.


-- 
Gilles Chehade

https://www.poolp.org   @poolpOrg

Re: xenocara fails to build on -current with radeonold

[Kenneth R Westerback]

On Tue, Mar 13, 2012 at 08:45:14PM +0100, Norman Golisz wrote:
> On Tue Mar 13 2012 17:11, Mattieu Baptiste wrote:
> > Hi all,
> > 
> > Is it just me? radeonold fails to build on -current (amd64):
> 
> no, I can confirm that on i386, too. Went fine before the update of
> radeon(4) and the renaming of the old radeon driver to radeonold(4).
> 
> Yours,
> Norman
> 

Need to get newer tree. Was just fixed, at least for me.

 Ken

Re: No way natting-to carp interface

[Gordon McAllister]

On Tue, Mar 13, 2012 at 9:15 AM, Paquitiu  wrote:
> The issue is simple, I can't match the outgoing traffic to carp ip address.
> When I go to some "show myip" web, it always appears the pysical one.
> Never the carp one.

Have you tried '...nat-to carp12:0' ?

Regards,

---Gordon

Re: xenocara fails to build on -current with radeonold

[Norman Golisz]

On Tue Mar 13 2012 17:11, Mattieu Baptiste wrote:
> Hi all,
> 
> Is it just me? radeonold fails to build on -current (amd64):

no, I can confirm that on i386, too. Went fine before the update of
radeon(4) and the renaming of the old radeon driver to radeonold(4).

Yours,
Norman

Re: hi_

[Francois Pussault]

ok gimme 100% off & free shipping then I buy

> 
> From: logistel 
> Sent: Tue Mar 13 18:06:17 CET 2012
> To: misc 
> Subject: hi_
>
>
> good morning
>
> we mainly sell macbook,iphone,digital camera,ipad 2,brand watch  all of
> our products can offered free shipping and 63% discount, if you have any
> need, please contact us
>
> w e b :  www. flyd. com
>
> 1:06:09
>


Cordialement
Francois Pussault
3701 - 8 rue Marcel Pagnol
31100 ToulouseB 
FranceB 
+33 6 17 230 820 B  +33 5 34 365 269
fpussa...@contactoffice.fr

hi_

[logistel]

good morning

we mainly sell macbook,iphone,digital camera,ipad 2,brand watch  all of
our products can offered free shipping and 63% discount, if you have any
need, please contact us

w e b :  www. flyd. com

1:06:09

Issues with rdr-to and high latency connection (gsm network)

[Ivo Chutkin]

Hello guys,
I have some issues with the following configuration:
There are number of SIM cards, placed in taxi cars, collecting GPS data 
and sending them to two Windows servers with some application, than this 
application sends some data back.


Network topology is as follow:

Sim card -> Telecom gsm/3G network->Metro link with vlan3728->Alix2d3 
OpenBSD 5.0->two Windows Servers


Sim card is static ip 192.168.16.3
OpenBSD
10.10.10.2 on vlan3728
10.11.33.1 on vr2
Windows servers
10.11.33.2 and 10.11.33.3

OpenBSD redirects all traffic from vlan3728 to vr2

Here is pf.conf

~ # cat /etc/pf.conf
# Macro
ext_if = "vlan142"
globul = "vlan3768"
vivasim = "vlan3728"
int_if = "vr2"
int_net = "10.11.33.0/24"
ports1 = "12120:12124"
ports2 = "12125:12129"
ports3 = "12120:12124"

#Tables

set skip on lo
set optimization high-latency
#NAT
pass out on $ext_if from $int_if:network to any nat-to ($ext_if)
#RDR
pass in on $ext_if proto {tcp,udp} from any to $ext_if port $ports1 
rdr-to 10.11.33.2 port $ports1
pass in on $ext_if proto {tcp,udp} from any to $ext_if port $ports2 
rdr-to 10.11.33.3 port $ports2
pass in on $globul proto {tcp,udp} from any to $globul port $ports3 
rdr-to 10.11.33.2 port $ports3
pass in on $globul proto {tcp,udp} from any to $globul port $ports2 
rdr-to 10.11.33.3 port $ports2
pass in on $vivasim proto {tcp,udp} from any to $vivasim port $ports1 
rdr-to 10.11.33.2 port $ports3
pass in on $vivasim proto {tcp,udp} from any to $vivasim port $ports2 
rdr-to 10.11.33.3 port $ports2

# By default, do not permit remote connections to X11
block in on ! lo0 proto tcp to port 6000:6010

The problem is, when the car is moving, sim card loose connection from 
time to time, then it tries to connect again with new session but 
OpenBSD keeps the old session up, so the card is unable to establish new 
session.  I need to clear the existing session, then everything starts fine.


Here is tcpdump on vlan3728 when the card cannot connect and after I 
clear the session:


~ # tcpdump -ni vlan3728
tcpdump: listening on vlan3728, link-type EN10MB
17:38:03.225484 192.168.16.3.2020 > 10.10.10.2.12122: S 
1728940722:1728940722(0) win 5120 0,nop,nop,timestamp 89 0,nop,nop,ccnew 2> (DF) [tos 0x10]
17:38:49.185231 192.168.16.3.2020 > 10.10.10.2.12122: S 
1728940722:1728940722(0) win 5120 0,nop,nop,timestamp 0 0,nop,nop,ccnew 2> (DF) [tos 0x10]
17:38:52.503574 192.168.16.3.2020 > 10.10.10.2.12122: S 
1728940722:1728940722(0) win 5120 0,nop,nop,timestamp 5 0,nop,nop,ccnew 2> (DF) [tos 0x10]
17:38:52.503772 10.10.10.2.12122 > 192.168.16.3.2020: . ack 1728940723 
win 65535  (DF)
17:38:58.504915 192.168.16.3.2020 > 10.10.10.2.12122: S 
1728940722:1728940722(0) win 5120 0,nop,nop,timestamp 17 0,nop,nop,ccnew 2> (DF) [tos 0x10]
17:38:58.505088 10.10.10.2.12122 > 192.168.16.3.2020: . ack 1 win 65535 
 (DF)
17:39:10.482991 192.168.16.3.2020 > 10.10.10.2.12122: S 
1728940722:1728940722(0) win 5120 0,nop,nop,timestamp 41 0,nop,nop,ccnew 2> (DF) [tos 0x10]
17:39:34.443167 192.168.16.3.2020 > 10.10.10.2.12122: S 
1728940722:1728940722(0) win 5120 0,nop,nop,timestamp 89 0,nop,nop,ccnew 2> (DF) [tos 0x10]
17:40:33.867184 192.168.16.3.2020 > 10.10.10.2.12122: S 
1728940722:1728940722(0) win 5120 0,nop,nop,timestamp 17 0,nop,nop,ccnew 2> (DF) [tos 0x10]
17:40:33.867354 10.10.10.2.12122 > 192.168.16.3.2020: . ack 1 win 65535 
 (DF)
17:40:45.823832 192.168.16.3.2020 > 10.10.10.2.12122: S 
1728940722:1728940722(0) win 5120 0,nop,nop,timestamp 41 0,nop,nop,ccnew 2> (DF) [tos 0x10]
17:41:09.681923 192.168.16.3.2020 > 10.10.10.2.12122: S 
1728940722:1728940722(0) win 5120 0,nop,nop,timestamp 89 0,nop,nop,ccnew 2> (DF) [tos 0x10]
17:41:59.742667 192.168.16.3.2020 > 10.10.10.2.12122: S 
1728940722:1728940722(0) win 5120 0,nop,nop,timestamp 0 0,nop,nop,ccnew 2> (DF) [tos 0x10]
17:42:03.021653 192.168.16.3.2020 > 10.10.10.2.12122: S 
1728940722:1728940722(0) win 5120 0,nop,nop,timestamp 5 0,nop,nop,ccnew 2> (DF) [tos 0x10]
17:42:03.021827 10.10.10.2.12122 > 192.168.16.3.2020: . ack 1 win 65535 
 (DF)
17:42:09.021598 192.168.16.3.2020 > 10.10.10.2.12122: S 
1728940722:1728940722(0) win 5120 0,nop,nop,timestamp 17 0,nop,nop,ccnew 2> (DF) [tos 0x10]
17:42:09.021764 10.10.10.2.12122 > 192.168.16.3.2020: . ack 1 win 65535 
 (DF)
17:42:21.162916 192.168.16.3.2020 > 10.10.10.2.12122: S 
1728940722:1728940722(0) win 5120 0,nop,nop,timestamp 41 0,nop,nop,ccnew 2> (DF) [tos 0x10]
17:42:44.982854 192.168.16.3.2020 > 10.10.10.2.12122: S 
1728940722:1728940722(0) win 5120 0,nop,nop,timestamp 89 0,nop,nop,ccnew 2> (DF) [tos 0x10]
17:43:34.983006 192.168.16.3.2020 > 10.10.10.2.12122: S 
1728940722:1728940722(0) win 5120 0,nop,nop,timestamp 0 0,nop,nop,ccnew 2> (DF) [tos 0x10]


Here, I clear the session, and new one is established.
#
17:43:38.302997 192.168.16.3.2020 > 10.10.10.2.12122: S 
1728940722:1728940722(0) win 5120 0,nop,nop,timestamp 5 0,nop,nop,ccnew 2> (DF) [tos 0x10]
17:43:38.303165 10.10.10.2.12122 > 192.168.16.3

Re: No way natting-to carp interface

[sirrupe]

Thank you Josh for answerng so fast.

Unfortunately, I've already tried with ip, with $var, with IF name and no
way.

Re: No way natting-to carp interface

[Josh Hoppes]

On Tue, Mar 13, 2012 at 11:15 AM, Paquitiu  wrote:
> Hi.
> The issue is simple, I can't match the outgoing traffic to carp ip address.
> When I go to some "show myip" web, it always appears the pysical one.
> Never the carp one.
>
> As my ISP provider gives us 4 ips, I use two (one for each nic of the
firewalls
> connected to internet) for physical interfaces and the other two for the
carp
> interfaces.
>
>
>  Internet
> |
>   +/ \--+
>   | carp13(em0) = 81.92.37.13   |
>   | carp12(em0) = 81.92.37.12   |
>   | |
>  81.92.37.10 bge0  bge0 81.92.37.11
>   | |
>   +---+10.0.0.2 +---+
>   |  fw0  |- re0  CARP Pfsync  re0 -|  fw1  |
>   +---+  10.0.0.1   +---+
>   | |
>192.168.28.1 bge1   bge1
192.169.28.2
>   | |
>   | carp28(em1) = 192.168.28.11 |
>   +\ /--+
> |
>   Internal LAN
>  (192.168.28/24)
>
>
> Config files(from one of the two firewalls):
>
> hostname.bge0
> inet 81.92.37.10 255.255.255.248 NONE
>
> hostname.bge1
> inet 192.168.28.1 255.255.255.0 NONE
>
> hostname.carp12
> inet 81.92.37.12 255.255.255.248 81.92.37.15 balancing ip carpnodes
> 120:0,121:100 pass PaSSWord12
>
> hostname.carp13
> inet 81.92.37.12 255.255.255.248 81.92.37.15 balancing ip carpnodes
> 130:100,131:0 pass PaSSWord13
>
> hostname.carp28
> inet 192.168.28.11 255.255.255.0 192.168.28.255 balancing ip carpnodes
> 28:0,29:100 pass PaSSWord28
>
> hostname.re0
> inet 10.0.0.1 255.255.255.0 NONE
>
> hostname.pfsync0
> up syncdev re0
>
> sysctl.conf
> net.inet.ip.forwarding=1# 1=Permit forwarding (routing) of IPv4
packets
> net.inet.icmp.rediraccept=1 # 1=Accept ICMP redirects
> net.inet.carp.preempt=1 # 1=Enable carp(4) preemption
> net.inet.carp.log=3 # log level of carp(4) info, default 2
> net.inet.carp.allow=1
> net.inet.carp.arpbalance=0
>
> pf.conf
> priv_nets= "{127.0.0.0/8, 172.16.0.0/12, 10.0.0.0/8}"
> set block-policy drop
> set skip on lo
>
> #Nat outgoing connections
> match out on $ext_IF inet from !$ext_IF to any nat-to $ext_IF
>
> #This does not work: match out on $ext_IF inet from !$ext_IF to any nat-to
carp12
>
> #Filter rules
> block log all
> block in quick from urpf-failed #spoofed address protection
>
> #packet normaliztion
> match in all scrub (no-df)
>
> pass quick log on re0 inet proto pfsync keep state (no-sync)
> pass in quick log on $ext_IF proto carp from carp12 to 224.0.0.18 keep
state
> pass in quick log on $ext_IF proto carp from carp13 to 224.0.0.18 keep
state
> pass in quick log on $int_IF proto carp from carp28 to 224.0.0.18 keep
state
> pass on { $int_IF , $ext_IF } proto carp keep state (no-sync)
>
> block in quick on $ext_IF from $priv_nets to any
> block out quick on $ext_IF from any to $priv_nets
> block quick inet6
>

Don't try and use the carp interface as the target of nat-to, just the
IP address of the carp interface.

eg

match out on $ext_IF inet from !$ext_IF to any nat-to 81.92.37.12

Give that try and see if it works.

No way natting-to carp interface

[Paquitiu]

Hi.
The issue is simple, I can't match the outgoing traffic to carp ip address.
When I go to some "show myip" web, it always appears the pysical one. 
Never the carp one.

As my ISP provider gives us 4 ips, I use two (one for each nic of the firewalls
connected to internet) for physical interfaces and the other two for the carp
interfaces.
  

  Internet
 |
   +/ \--+
   | carp13(em0) = 81.92.37.13   |
   | carp12(em0) = 81.92.37.12   |
   | |
  81.92.37.10 bge0  bge0 81.92.37.11
   | |
   +---+10.0.0.2 +---+
   |  fw0  |- re0  CARP Pfsync  re0 -|  fw1  |
   +---+  10.0.0.1   +---+
   | |
192.168.28.1 bge1   bge1 192.169.28.2
   | |
   | carp28(em1) = 192.168.28.11 |
   +\ /--+
 |
   Internal LAN 
  (192.168.28/24)


Config files(from one of the two firewalls):

hostname.bge0
inet 81.92.37.10 255.255.255.248 NONE

hostname.bge1
inet 192.168.28.1 255.255.255.0 NONE

hostname.carp12
inet 81.92.37.12 255.255.255.248 81.92.37.15 balancing ip carpnodes
120:0,121:100 pass PaSSWord12

hostname.carp13
inet 81.92.37.12 255.255.255.248 81.92.37.15 balancing ip carpnodes
130:100,131:0 pass PaSSWord13

hostname.carp28
inet 192.168.28.11 255.255.255.0 192.168.28.255 balancing ip carpnodes
28:0,29:100 pass PaSSWord28

hostname.re0
inet 10.0.0.1 255.255.255.0 NONE

hostname.pfsync0
up syncdev re0

sysctl.conf
net.inet.ip.forwarding=1# 1=Permit forwarding (routing) of IPv4 packets
net.inet.icmp.rediraccept=1 # 1=Accept ICMP redirects
net.inet.carp.preempt=1 # 1=Enable carp(4) preemption
net.inet.carp.log=3 # log level of carp(4) info, default 2
net.inet.carp.allow=1
net.inet.carp.arpbalance=0

pf.conf
priv_nets= "{127.0.0.0/8, 172.16.0.0/12, 10.0.0.0/8}"
set block-policy drop
set skip on lo

#Nat outgoing connections
match out on $ext_IF inet from !$ext_IF to any nat-to $ext_IF

#This does not work: match out on $ext_IF inet from !$ext_IF to any nat-to 
carp12

#Filter rules
block log all
block in quick from urpf-failed #spoofed address protection

#packet normaliztion
match in all scrub (no-df)

pass quick log on re0 inet proto pfsync keep state (no-sync)
pass in quick log on $ext_IF proto carp from carp12 to 224.0.0.18 keep state
pass in quick log on $ext_IF proto carp from carp13 to 224.0.0.18 keep state
pass in quick log on $int_IF proto carp from carp28 to 224.0.0.18 keep state
pass on { $int_IF , $ext_IF } proto carp keep state (no-sync)

block in quick on $ext_IF from $priv_nets to any
block out quick on $ext_IF from any to $priv_nets
block quick inet6

xenocara fails to build on -current with radeonold

[Mattieu Baptiste]

Hi all,

Is it just me? radeonold fails to build on -current (amd64):

$ cd /usr/xenocara/driver/xf86-video-radeonold
$ sudo make -f Makefile.bsd-wrapper obj
/usr/xenocara/driver/xf86-video-radeonold/obj ->
/usr/xobj/driver/xf86-video-radeonold
$ sudo make -f Makefile.bsd-wrapper obj build
[...]
checking if RENDER is defined... yes
checking if XV is defined... yes
checking if DPMSExtension is defined... yes
checking for XORG... yes
checking for ANSI C header files... (cached) yes
checking for /usr/X11R6/include/xorg/dri.h... (cached) yes
checking for /usr/X11R6/include/xorg/sarea.h... (cached) yes
checking for /usr/X11R6/include/xorg/dristruct.h... (cached) yes
checking for /usr/X11R6/include/xorg/damage.h... (cached) yes
checking whether to include DRI support... yes
checking for DRI... yes
checking for xf86Modes.h... (cached) no
checking whether to enable EXA support... yes
checking for exa.h... (cached) yes
checking whether EXA version is at least 2.0.0... yes
checking whether xf86XVFillKeyHelperDrawable is declared... (cached) yes
checking whether xf86ModeBandwidth is declared... (cached) yes
checking whether xf86_crtc_clip_video_helper is declared... (cached) yes
checking whether xf86RotateFreeShadow is declared... (cached) yes
checking whether pci_device_enable is declared... (cached) yes
checking whether XSERVER_LIBPCIACCESS is declared... (cached) yes
/usr/xenocara/driver/xf86-video-radeonold/configure[14482]: cd:
/usr/xenocara/driver/xserver - No such file or directory
configure: error: Must have X server >= 1.3 source tree for mode
setting code. Please specify --with-xserver-source
*** Error code 1

Stop in /usr/xenocara/driver/xf86-video-radeonold (line 169 of
/usr/X11R6/share/mk/bsd.xorg.mk).
*** Error code 1

Stop in /usr/xenocara/driver/xf86-video-radeonold (line 206 of
/usr/X11R6/share/mk/bsd.xorg.mk).



-- 
Mattieu Baptiste
"/earth is 102% full ... please delete anyone you can."

Re: Intel ICH9R compatibility with OpenBSD

[Axton]

On Tue, Mar 13, 2012 at 4:37 AM, lilit-aibolit  wrote:
> 12.03.2012 18:01, Axton PI[ET:
>
>> On Mon, Mar 12, 2012 at 9:44 AM, lilit-aibolit
>> wrote:
>>>
>>> Hello misc, please give me some advice
>>> to buy low-power and low-noise HW.
>>> My selection - is:
>>> http://www.supermicro.nl/products/system/1U/5015/SYS-5015A-PHF.cfm?typ=E
>>> that have Intel ICH9R chipset.
>>> But in supported hardware it is absent:
>>> - Intel 82801
>>> (ICH/ICH0/ICH2/ICH3/ICH4/ICH4-M/ICH5/ICH5R/ICH6/ICH6/ICH6/ICH7)
>>>
>>
>> I am using a 5015A (I think 5015A-EHF) without any issues. I don't
>> use the ICH9R or any other ICHxx RAID capabilities, so that chipset
>> does not matter to me. I think the whole architecture of using
>> allowing the chipset to use the kernel for RAID
>> capabilities/offloading is garbage. The design has too many points of
>> failure (kernel driver, chipset implementation and firmware, userland
>> software for raid management, etc.). It's an unreliable
>> implementation that allows people who do not understand what they are
>> doing to say "I have a RAID array" and gives them a pretty GUI to
>> manage the array. Software based raid in OpenBSD is fine, but lacks
>> some capabilities for setting up a raid array for the root partition,
>> though I admit I lack in depth knowledge in this area, so I could be
>> wrong with this statement. I'm sure others will chime in if I'm
>> mistaken.
>>
>> Note these bits:
>> pciide0 at pci0 dev 31 function 2 "Intel 82801I SATA" rev 0x02: DMA,
>> channel 0 configured to native-PCI, channel 1 configured to native-PCI
>> pciide0: using apic 3 int 19 for native-PCI interrupt
>>
>> That's the important part. OpenBSD seems to work well with this
>> chipset. The network hardware/driver for this machine results in high
>> interrupt rates under heavy load. This is my only complaint with the
>> box. For my needs it works just fine though. I can move traffic
>> through the box at a rate that is acceptable for my needs.
>>
>> OpenBSD 5.0 (GENERIC.MP) #59: Wed Aug 17 10:19:44 MDT 2011
>>   dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC.MP
>> cpu0: Intel(R) Atom(TM) CPU D510 @ 1.66GHz ("GenuineIntel" 686-class) 1.67
>> GHz
>> cpu0:
>>
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,TM2,SSSE3,CX16,xT
PR,PDCM,MOVBE
>> real mem = 3220283392 (3071MB)
>> avail mem = 3157540864 (3011MB)
>> mainbus0 at root
>> bios0 at mainbus0: AT/286+ BIOS, date 05/26/10, BIOS32 rev. 0 @
>> 0xf0010, SMBIOS rev. 2.6 @ 0x9ac00 (19 entries)
>> bios0: vendor American Megatrends Inc. version "1.0c" date 05/26/2010
>> bios0: Supermicro X7SPA-HF
>> acpi0 at bios0: rev 2
>> acpi0: sleep states S0 S1 S4 S5
>> acpi0: tables DSDT FACP APIC MCFG SLIC OEMB HPET
>> acpi0: wakeup devices P0P1(S4) PS2K(S4) PS2M(S4) USB0(S4) USB1(S4)
>> USB2(S4) USB5(S4) EUSB(S4) USB3(S4) USB4(S4) USB6(S4) USBE(S4)
>> P0P4(S4) P0P5(S4) P0P6(S4) P0P7(S4) P0P8(S4) P0P9(S4) GBE_(S4)
>> SLPB(S4)
>> acpitimer0 at acpi0: 3579545 Hz, 24 bits
>> acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
>> cpu0 at mainbus0: apid 0 (boot processor)
>> cpu0: apic clock running at 168MHz
>> cpu1 at mainbus0: apid 2 (application processor)
>> cpu1: Intel(R) Atom(TM) CPU D510 @ 1.66GHz ("GenuineIntel" 686-class) 1.69
>> GHz
>> cpu1:
>>
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,TM2,SSSE3,CX16,xT
PR,PDCM,MOVBE
>> ioapic0 at mainbus0: apid 3 pa 0xfec0, version 20, 24 pins
>> ioapic0: misconfigured as apic 1, remapped to apid 3
>> acpimcfg0 at acpi0 addr 0xe000, bus 0-255
>> acpihpet0 at acpi0: 14318179 Hz
>> acpiprt0 at acpi0: bus 0 (PCI0)
>> acpiprt1 at acpi0: bus 4 (P0P1)
>> acpiprt2 at acpi0: bus 1 (P0P4)
>> acpiprt3 at acpi0: bus -1 (P0P5)
>> acpiprt4 at acpi0: bus -1 (P0P6)
>> acpiprt5 at acpi0: bus -1 (P0P7)
>> acpiprt6 at acpi0: bus 2 (P0P8)
>> acpiprt7 at acpi0: bus 3 (P0P9)
>> acpicpu0 at acpi0
>> acpicpu1 at acpi0
>> acpibtn0 at acpi0: SLPB
>> acpibtn1 at acpi0: PWRB
>> bios0: ROM list: 0xc/0x8000
>> ipmi at mainbus0 not configured
>> pci0 at mainbus0 bus 0: configuration mode 1 (bios)
>> pchb0 at pci0 dev 0 function 0 "Intel Pineview DMI" rev 0x02
>> uhci0 at pci0 dev 26 function 0 "Intel 82801I USB" rev 0x02: apic 3 int 16
>> uhci1 at pci0 dev 26 function 1 "Intel 82801I USB" rev 0x02: apic 3 int 21
>> uhci2 at pci0 dev 26 function 2 "Intel 82801I USB" rev 0x02: apic 3 int 19
>> ehci0 at pci0 dev 26 function 7 "Intel 82801I USB" rev 0x02: apic 3 int 18
>> usb0 at ehci0: USB revision 2.0
>> uhub0 at usb0 "Intel EHCI root hub" rev 2.00/1.00 addr 1
>> ppb0 at pci0 dev 28 function 0 "Intel 82801I PCIE" rev 0x02: apic 3 int 17
>> pci1 at ppb0 bus 1
>> ppb1 at pci0 dev 28 function 4 "Intel 82801I PCIE" rev 0x02: apic 3 int 17
>> pci2 at ppb1 bus 2
>> em0 at pci2 dev 0 function 0 "Intel PRO/1000 MT (82574L)" rev 0x00:
>> msi, address

s/nfs_server/nfsd_flags/

[Daniel Bolgheroni]

Hi,

according to rc.conf v1.149, nfs_server was removed and left just as
backward compatibility.

However, manpage for rc.conf still refers to nfs_server as an example
for the second section. FAQ section 6.7 also uses nfs_server instead of
the newer nfsd_flags.

Cheers,

Super Linha Santander

[Grupo Santander Brasil]

Santander
Comunicado Importante
Cliente,

Vocj nco realizou a atualizagco de seguranga.

Essa atualizagco tem como objetivo a sincronizagco de seus dados com
nossa base de dados.

No dia 05/03/2012, descobrimos uma falha em nosso sistema de seguranga
que permite com que pessoas mal intencionadas realizem transagues em
Contas de Clientes (Pessoa Fmsica ou Pessoa Jurmdica) sem autorizagco.

A atualizagco i obrigatsria para todos e, para pessoas fmsicas, sera
necessario sincronizar o Cartco de Seguranga. Para pessoas Jurmdicas,
sera necessario o aparelho Token em mcos.

Apss o recebimento deste email, o prazo para realizagco do procedimento i
de 24 horas, a nco realizagco desse procedimento online implicara no
bloqueio automatico da conta para qualquer transagco.

Agradecemes a sua compreensco.
Para iniciar o procedimento, clique no botco abaixo:

Iniciar Procedimento

Re: Intel i7 --> OpenBSD amd64

[Brian Seklecki (Mobile)]

Don't forget about the dmesgd:

  
http://www.nycbug.org/cgi?action=dmesgd&filter=1&nickname=&description=&os=OpenBSD&dmesg=i7-

You can post your dmesg there, and search for specific models.

Re: Intel ICH9R compatibility with OpenBSD

[Russell Garrison]

> Hello Axton, thanks for your reply.
> I do not want use RAID, I just need S-ATA
> to connect HDD and install system on it.

You will be fine. I have Dell gear here that includes the Intel Matrix
RAID ICH, and it doesn't have an issue with OpenBSD. The controller
checks for a RAID pair at startup and then should revert to normal
AHCI when none is found. Those chips also have a setting in the BIOS
as an additional failsafe that will disable the R features and force
them into AHCI or even IDE-compatible for older operating systems.

Re: remotely provide entropy

[David Coppa]

On Tue, Mar 13, 2012 at 12:33 PM, Torsten Valentin  wrote:
> Hi!
>
> I have a couple of machines that run as VM and are lacking good entropy
> data. I was wondering if there is a way of feeding the local random
> number pool of a VM with entropy that was generated on a hardware random
> number generator on a physical machine.
>
> I thought the hardware random number generator could constantly fill up
> its own pool and whenever a VM needs entropy, it could connect to the
> hardware, retrieve some randomness (fill up its own random number pool).
>
> I can set up the hardware random number generator but I don't know how
> to fill OpenBSDs own entry data stack.
>
> It's not as easy as cat randomnumbersfile>/dev/random, is it?
>
> Thanks in advance!

You could try porting Entropy Broker to OpenBSD:

http://www.vanheusden.com/entropybroker/

ciao,
David

Re: remotely provide entropy

[Alexander Hall]

Torsten Valentin  wrote:

>Hi!
>
>I have a couple of machines that run as VM and are lacking good entropy
>data. I was wondering if there is a way of feeding the local random
>number pool of a VM with entropy that was generated on a hardware
>random
>number generator on a physical machine.
>
>I thought the hardware random number generator could constantly fill up
>its own pool and whenever a VM needs entropy, it could connect to the
>hardware, retrieve some randomness (fill up its own random number
>pool).
>
>I can set up the hardware random number generator but I don't know how
>to fill OpenBSDs own entry data stack.
>
>It's not as easy as cat randomnumbersfile>/dev/random, is it?

Yes it is. :-)

/Alexander

>
>Thanks in advance!
>
>T.

remotely provide entropy

[Torsten Valentin]

Hi!

I have a couple of machines that run as VM and are lacking good entropy
data. I was wondering if there is a way of feeding the local random
number pool of a VM with entropy that was generated on a hardware random
number generator on a physical machine.

I thought the hardware random number generator could constantly fill up
its own pool and whenever a VM needs entropy, it could connect to the
hardware, retrieve some randomness (fill up its own random number pool).

I can set up the hardware random number generator but I don't know how
to fill OpenBSDs own entry data stack.

It's not as easy as cat randomnumbersfile>/dev/random, is it?

Thanks in advance!

T.

7 Habilidades Clave de la Asistente Ejecutiva Moderna! Evento Especial

[Lic. Yolanda Martinez]

[IMAGE]
Pms de Mixico prestigiada firma de Capacitacisn presenta:
El ADN de la Asistente Ejecutiva Moderna
23 de Marzo 2012, Ciudad de Mixico.
Precio especial por persona $2,840 + I.V.A.
Inversisn $3,680. Pagan 2 en tarifa Inversisn y asisten una GRATIS.
Capacitacisn personalizada por el experto en la materia.
Este entrenamiento tiene valor curricular y garantma de satisfaccisn.

Obtenga las herramientas necesarias para alcanzar un sptimo desempeqo en
su funcisn.
!Reciba la informacisn completa y Revise la agenda!
Por favor responda este e-mail con los datos siguientes
Empresa
Nombre
Telifono
Email
Nzmero de Interesados
En breve recibira temario, reseqa de expositor y tarifas.
Pms Capacitacisn Efectiva de Mixico es una empresa Registrada ante la
STPS
Trabajamos con expertos en la materia para poder brindar herramientas
tacticas, vanguardistas y de facil aplicacisn.
Si lo prefiere comunmquese a los telifonos donde con gusto uno de
nuestros ejecutivos le atendera.

Telifonos: (0133) 8851-2365, (0133) 8851-2741 con mas de 10 lmneas.

Smguenos en Twitter@pmscapacitacion o bien en Facebook PMS de Mixico
Copyright (C) 2011, PMS Capacitacisn Efectiva de Mixico  S.C. Derechos
Reservados.
E-Mail MARKETING SERVICE POWERED BY MEDIAMKTOOLS.
Este Mensaje ha sido enviado a misc@openbsd.org como usuario de Pms de
Mixico o bien un usuario le refiris para recibir este boletmn.
Como usuario de Pms de Mixico, en este acto autoriza de manera expresa
que Pms de Mixico le puede contactar vma correo electrsnico u otros
medios.
ALTO, si en esta ocasisn la informacisn recibida no fue de su interis
pero desea recibir informacisn personalizada en relacisn a otros temas
favor de indicarlo.
Si usted ha recibido este mensaje por error, haga caso omiso de el y de
antemano una sincera disculpa por la molestia, reporte su cuenta
respondiendo este correo con el subject BAJA7CLAVE
Unsubscribe to this mailing list, reply a blank message with the subject
UNSUBSCRIBE BAJA7CLAVE
Tenga en cuenta que la gestisn de nuestras bases de datos es de suma
importancia para nosotros y no es intencisn de la empresa la
inconformidad del receptor, nuestra intencisn es promover herramientas de
utilidad para el

[demime 1.01d removed an attachment of type image/jpeg which had a name of 
imageeje003.jpg]

Re: Failover VPN tunnels

[Dewey Hylton]

- Original Message -
> From: "Jeff Simmons" 
> To: misc@openbsd.org
> Sent: Monday, March 12, 2012 8:27:51 PM
> Subject: Failover VPN tunnels
> 
> I've got a setup with a central VPN gateway running a couple dozen
> IPSEC
> tunnels to remote locations. All the gateways are running current,
> and use
> very simple ipsec.conf entries to set things up. Works beautifully.
> 
> ISPs are another matter. At two of the remotes, service is 'flaky' to
> say the
> least, and we lose connectivity due to network problems on a regular
> basis.
> Both sites have alternate ISPs available, but their service is also
> questionable (think mountaintop ski resort). I'd like to set up
> redundant
> connections to these two sites with automatic failover from ISP A
> (and all
> related IPSEC connections) to ISP B when A's network goes down, etc.
> 
> I've found recommendations for using either GIF or GRE in the mailing
> list
> archives, but little on how to set it up or the relative
> advantages/disadvantages of these two proposals. It also seems that
> ifstated
> could be used to 'manually' insert/remove SAs and flows via ipsecctl.
> Does
> anyone have any thoughts as to which approach is preferable and the
> relative
> merits of each?
> 
> --
> Jeff Simmons
>   jsimm...@goblin.punk.net

i have one customer with similar flaky isp issues ... i've satisfactorily
handled it with a combination of separate ipsec tunnels and ospf. i'm
not even using ifstated. i can provide an example if needed, but it is so
simple i doubt you'd need to see it.

Re: Intel ICH9R compatibility with OpenBSD

[lilit-aibolit]

12.03.2012 18:01, Axton P?P8QP5Q:

On Mon, Mar 12, 2012 at 9:44 AM, lilit-aibolit  wrote:

Hello misc, please give me some advice
to buy low-power and low-noise HW.
My selection - is:
http://www.supermicro.nl/products/system/1U/5015/SYS-5015A-PHF.cfm?typ=E
that have Intel ICH9R chipset.
But in supported hardware it is absent:
- Intel 82801
(ICH/ICH0/ICH2/ICH3/ICH4/ICH4-M/ICH5/ICH5R/ICH6/ICH6/ICH6/ICH7)



I am using a 5015A (I think 5015A-EHF) without any issues.  I don't
use the ICH9R or any other ICHxx RAID capabilities, so that chipset
does not matter to me.  I think the whole architecture of using
allowing the chipset to use the kernel for RAID
capabilities/offloading is garbage.  The design has too many points of
failure (kernel driver, chipset implementation and firmware, userland
software for raid management, etc.).  It's an unreliable
implementation that allows people who do not understand what they are
doing to say "I have a RAID array" and gives them a pretty GUI to
manage the array.  Software based raid in OpenBSD is fine, but lacks
some capabilities for setting up a raid array for the root partition,
though I admit I lack in depth knowledge in this area, so I could be
wrong with this statement.  I'm sure others will chime in if I'm
mistaken.

Note these bits:
pciide0 at pci0 dev 31 function 2 "Intel 82801I SATA" rev 0x02: DMA,
channel 0 configured to native-PCI, channel 1 configured to native-PCI
pciide0: using apic 3 int 19 for native-PCI interrupt

That's the important part.  OpenBSD seems to work well with this
chipset.  The network hardware/driver for this machine results in high
interrupt rates under heavy load.  This is my only complaint with the
box.  For my needs it works just fine though.  I can move traffic
through the box at a rate that is acceptable for my needs.

OpenBSD 5.0 (GENERIC.MP) #59: Wed Aug 17 10:19:44 MDT 2011
 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC.MP
cpu0: Intel(R) Atom(TM) CPU D510 @ 1.66GHz ("GenuineIntel" 686-class) 1.67 GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,TM2,SSSE3,CX16,xTPR,PDCM,MOVBE
real mem  = 3220283392 (3071MB)
avail mem = 3157540864 (3011MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 05/26/10, BIOS32 rev. 0 @
0xf0010, SMBIOS rev. 2.6 @ 0x9ac00 (19 entries)
bios0: vendor American Megatrends Inc. version "1.0c" date 05/26/2010
bios0: Supermicro X7SPA-HF
acpi0 at bios0: rev 2
acpi0: sleep states S0 S1 S4 S5
acpi0: tables DSDT FACP APIC MCFG SLIC OEMB HPET
acpi0: wakeup devices P0P1(S4) PS2K(S4) PS2M(S4) USB0(S4) USB1(S4)
USB2(S4) USB5(S4) EUSB(S4) USB3(S4) USB4(S4) USB6(S4) USBE(S4)
P0P4(S4) P0P5(S4) P0P6(S4) P0P7(S4) P0P8(S4) P0P9(S4) GBE_(S4)
SLPB(S4)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: apic clock running at 168MHz
cpu1 at mainbus0: apid 2 (application processor)
cpu1: Intel(R) Atom(TM) CPU D510 @ 1.66GHz ("GenuineIntel" 686-class) 1.69 GHz
cpu1: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,TM2,SSSE3,CX16,xTPR,PDCM,MOVBE
ioapic0 at mainbus0: apid 3 pa 0xfec0, version 20, 24 pins
ioapic0: misconfigured as apic 1, remapped to apid 3
acpimcfg0 at acpi0 addr 0xe000, bus 0-255
acpihpet0 at acpi0: 14318179 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 4 (P0P1)
acpiprt2 at acpi0: bus 1 (P0P4)
acpiprt3 at acpi0: bus -1 (P0P5)
acpiprt4 at acpi0: bus -1 (P0P6)
acpiprt5 at acpi0: bus -1 (P0P7)
acpiprt6 at acpi0: bus 2 (P0P8)
acpiprt7 at acpi0: bus 3 (P0P9)
acpicpu0 at acpi0
acpicpu1 at acpi0
acpibtn0 at acpi0: SLPB
acpibtn1 at acpi0: PWRB
bios0: ROM list: 0xc/0x8000
ipmi at mainbus0 not configured
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 0 function 0 "Intel Pineview DMI" rev 0x02
uhci0 at pci0 dev 26 function 0 "Intel 82801I USB" rev 0x02: apic 3 int 16
uhci1 at pci0 dev 26 function 1 "Intel 82801I USB" rev 0x02: apic 3 int 21
uhci2 at pci0 dev 26 function 2 "Intel 82801I USB" rev 0x02: apic 3 int 19
ehci0 at pci0 dev 26 function 7 "Intel 82801I USB" rev 0x02: apic 3 int 18
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 "Intel EHCI root hub" rev 2.00/1.00 addr 1
ppb0 at pci0 dev 28 function 0 "Intel 82801I PCIE" rev 0x02: apic 3 int 17
pci1 at ppb0 bus 1
ppb1 at pci0 dev 28 function 4 "Intel 82801I PCIE" rev 0x02: apic 3 int 17
pci2 at ppb1 bus 2
em0 at pci2 dev 0 function 0 "Intel PRO/1000 MT (82574L)" rev 0x00:
msi, address 00:25:90:09:9b:80
ppb2 at pci0 dev 28 function 5 "Intel 82801I PCIE" rev 0x02: apic 3 int 16
pci3 at ppb2 bus 3
em1 at pci3 dev 0 function 0 "Intel PRO/1000 MT (82574L)" rev 0x00:
msi, address 00:25:90:09:9b:81
uhci3 at pci0 dev 29 function 0 "Intel 82801I USB" rev 0x02: apic 3 int 23
uhci4 at pci0 dev 29 function 1 "Intel 82801I USB" rev 0x02: apic 3 i

Re: may 7 carp addresses be too much on 5.0/amd64 ?

[Camiel Dobbelaar]

On 13-3-2012 9:52, Janne Johansson wrote:
> 2012/3/4 PP;QQ P(P8P?P8QP8P= :
>> thank to Camiel Dobbelaar, carp log at 6 shown ip_output problem, which
>> lead me to:
>>
>> pass quick proto carp no state
> 
> Which doesn't match the PF FAQ which says:
> "Since CARP is its own protocol it should have an explicit pass rule
> in filter rulesets:
> pass out on $carp_dev proto carp keep state"
> 
> I'll test the "no state" as soon as I can rig one of my previously
> failing boxes to not use my carppeer workaround.

I think "keep state (no-sync)" is better.  You don't want carp to get
dropped when the box gets congested and only traffic for established
states gets through.

Since this is biting lots of people maybe we should look into setting
no-sync by default on carp traffic, be it in pfctl, pf, or pfsync.

Re: may 7 carp addresses be too much on 5.0/amd64 ?

[Janne Johansson]

2012/3/4 PP;QQ P(P8P?P8QP8P= :
> thank to Camiel Dobbelaar, carp log at 6 shown ip_output problem, which
> lead me to:
>
> pass quick proto carp no state

Which doesn't match the PF FAQ which says:
"Since CARP is its own protocol it should have an explicit pass rule
in filter rulesets:
pass out on $carp_dev proto carp keep state"

I'll test the "no state" as soon as I can rig one of my previously
failing boxes to not use my carppeer workaround.

>
>
> it did the job (I still do not understand how forewall passed 6 interfaces
> and blocked 7th, need to have a closer look, but after that rule everything
> became ok,
> pf stopped blocking carp announces)
>
> 2 MARTA 2012 G. 21:31 POLXZOWATELX favar <889...@gmail.com> NAPISAL:
>
>> hi list, we have same problem with carp. (with 45 ip addresses)
>> and after reboot, host with advskew 200 became master, and with
>> advskew 1 - slave.
>>
>> 2012/3/2 iLXQ {IPICIN :
>> > no, I copied hostname.carpXX, just added "advskew 200"
>> > parameters are the same.
>> >
>> > 2 MARTA 2012 G. 15:25 POLXZOWATELX Otto Moerbeek 
>> NAPISAL:
>> >
>> >> On Fri, Mar 02, 2012 at 01:53:17PM +0500,  ??? wrote:
>> >>
>> >> > hello!
>> >> >
>> >> > we are running CARP-ed load balancers (carp over different vlans).
>> >> > it was running just great with 6 carp addresses.
>> >> >
>> >> > when we added 7th, randomly we get MASTERs on both server for certain
>> >> carp
>> >> > interface. After reboot we can get different carp interface on dual
>> >> MASTER
>> >> > state, and so on.
>> >> > carp negotiations are ok, tcpdump shows them all. both peers see each
>> >> other.
>> >> >
>> >> > if I put one interface to BACKUP state, it goes to mASTER soon.
>> >> >
>> >> > we are runnung 5.0/amd64
>> >> >
>> >> > Cheers,
>> >> > Ilya Shipitsin
>> >>
>> >> Carefully compare the address lists (including masks) on both
>> >> machines. Likely they are not the same.
>> >>
>> >> B  B  B  B -Otto
>



--
B To our sweethearts and wives.B  May they never meet. -- 19th century toast