Re: ksh's HISTFILE
On Wed, Mar 14, 2012 at 02:13:22AM -0400, Hugo Villeneuve wrote: | Usually, the history file is used to seed the current shell process | in-memory history and when the shell quits, it's overwriten. Yeah, and the part I hate about that behaviour is that with two concurrent sessions it means you only get the extra history from the last shell to exit. That makes it pretty inconsistent and unexpected (which I agree the behaviour of two intermixed histories can also be, although I would argue that this is more "HISTORY"cally correct, as it lists history in chronological order). | That's how it works in: | | OpenBSD's csh, GNU's bash, etc. That doesn't mean that's 'correct' behavior. At any rate, I love history, but not across sessions, so I usually don't touch HISTFILE (or unset it when set) to make sure I don't get a history file and when I am on other systems, I try to configure them to have similar behavior. Paul 'WEiRD' de Weerd -- >[<++>-]<+++.>+++[<-->-]<.>+++[<+ +++>-]<.>++[<>-]<+.--.[-] http://www.weirdnet.nl/
Re: Pre-orders for 5.1, and the new song!
Great! By the way, the picture on http://openbsd.org/51.html is still linked to http://openbsd.org/images/MAD.jpg. Someone might want to fix it. -Alan http://www.kdump.cn/store On Wed, Mar 14, 2012 at 10:46 AM, Theo de Raadt wrote: > It is that time again. I have just activated pre-orders for CDs, > tshirts, and posters for the 5.1 release -- due May 1. > >http://openbsd.org/orders.html > > At the same time, I am making available the song that will come out > with the release (hmm, it is still moving out to the ftp mirrors at > the moment, but that is ok). The song and details of it are linked > from: > >http://openbsd.org/lyrics.html > > And there is something else. Five years ago we made available an > Audio CD that contained 5 years of songs. Well, we have made a new > audio CD since enough new songs have been made. It is not very > expensive, so please consider buying this as well when you place any > order. It has some rather nice liner notes. Had some great fun > coming up with the cover for that CD: > > http://openbsd.org/images/cdaudio2.gif > > I'd also like you remind you that Michael Lucas new "SSH Mastery" book > is also now available, in case anyone was waiting for the 5.1 release > to place one order. > >http://openbsd.org/books.html#book9 > > Please consider purchasing these items and/or making a donation, since > this is a very important revenue source which keeps the project going.
Re: ksh's HISTFILE
On Tue, Mar 13, 2012 at 07:05:22PM -0700, Claus Assmann wrote: > On Tue, Mar 13, 2012, Hugo Villeneuve wrote: > > On Mon, Mar 12, 2012 at 01:03:54PM +0200, lilit-aibolit wrote: > > > > export HISTFILE=~/.sh_history > > > Because last time I tried, it was unusable if you ran more than two > > session concurently, as both shell would use the same file directly > > Maybe try something like this? > > HISTFILE=${HOME%/}/.ksh_hist.$$ :) funny I think the default behavior when HISTFILE is unset (empty in process memory buffer) is more usefull than an 1/32000 chance to get the history of the last time ksh was run. I personally do not beleive in an history file. I just wanted to tell people that in OpenBSD's ksh, it works like nothing else. Usually, the history file is used to seed the current shell process in-memory history and when the shell quits, it's overwriten. That's how it works in: OpenBSD's csh, GNU's bash, etc.
Re: Pre-orders for 5.1, and the new song!
On Tue, Mar 13, 2012 at 7:46 PM, Theo de Raadt wrote: > It is that time again. I have just activated pre-orders for CDs, > tshirts, and posters for the 5.1 release -- due May 1. > >http://openbsd.org/orders.html > > At the same time, I am making available the song that will come out > with the release (hmm, it is still moving out to the ftp mirrors at > the moment, but that is ok). The song and details of it are linked > from: > >http://openbsd.org/lyrics.html > > And there is something else. Five years ago we made available an > Audio CD that contained 5 years of songs. Well, we have made a new > audio CD since enough new songs have been made. It is not very > expensive, so please consider buying this as well when you place any > order. It has some rather nice liner notes. Had some great fun > coming up with the cover for that CD: > > http://openbsd.org/images/cdaudio2.gif > > I'd also like you remind you that Michael Lucas new "SSH Mastery" book > is also now available, in case anyone was waiting for the 5.1 release > to place one order. > >http://openbsd.org/books.html#book9 > > Please consider purchasing these items and/or making a donation, since > this is a very important revenue source which keeps the project going. > Excellent news! Thank you OpenBSD! OpenBSD Order 2012/3/13-22:21:yy-22xxx Your order currently is: -> 1 [CDA2] OpenBSD Audio CD: The Songs 4.1 - 5.1 @ CDN $15.00 -> 2 [T37] Bugbusters Shirt (?) @ CDN $25.00 -> 1 [P51] OpenBSD 5.1 Poster @ CDN $20.00 -> 10 [CD51] OpenBSD 5.1 CD @ CDN $50.00 -> 1 [T34] The Black Hoodie (?) @ CDN $60.00 --patrick
Re: dmesg mac mini A1347
Hi Yes i can test it. Keep you informed about it. Cheers, Wesley MOUEDINE ASSABY On 14.03.2012 05:18, Brad Smith wrote: > Hi Wesley, > > Would you be able to build a kernel with the following diff > applied and send me the dmesg from the new kernel? > > Index: sys/dev/pci/nviic.c > === > RCS file: /home/cvs/src/sys/dev/pci/nviic.c,v > retrieving revision 1.15 > diff -u -p -r1.15 nviic.c > --- sys/dev/pci/nviic.c 8 Apr 2010 00:23:53 - 1.15 > +++ sys/dev/pci/nviic.c 14 Mar 2012 00:41:22 - > @@ -125,7 +125,8 @@ const struct pci_matchid nviic_ids[] = { > { PCI_VENDOR_NVIDIA, PCI_PRODUCT_NVIDIA_MCP67_SMB }, > { PCI_VENDOR_NVIDIA, PCI_PRODUCT_NVIDIA_MCP73_SMB }, > { PCI_VENDOR_NVIDIA, PCI_PRODUCT_NVIDIA_MCP77_SMB }, > - { PCI_VENDOR_NVIDIA, PCI_PRODUCT_NVIDIA_MCP79_SMB } > + { PCI_VENDOR_NVIDIA, PCI_PRODUCT_NVIDIA_MCP79_SMB }, > + { PCI_VENDOR_NVIDIA, PCI_PRODUCT_NVIDIA_MCP89_SMB } > }; > > int
Pre-orders for 5.1, and the new song!
It is that time again. I have just activated pre-orders for CDs, tshirts, and posters for the 5.1 release -- due May 1. http://openbsd.org/orders.html At the same time, I am making available the song that will come out with the release (hmm, it is still moving out to the ftp mirrors at the moment, but that is ok). The song and details of it are linked from: http://openbsd.org/lyrics.html And there is something else. Five years ago we made available an Audio CD that contained 5 years of songs. Well, we have made a new audio CD since enough new songs have been made. It is not very expensive, so please consider buying this as well when you place any order. It has some rather nice liner notes. Had some great fun coming up with the cover for that CD: http://openbsd.org/images/cdaudio2.gif I'd also like you remind you that Michael Lucas new "SSH Mastery" book is also now available, in case anyone was waiting for the 5.1 release to place one order. http://openbsd.org/books.html#book9 Please consider purchasing these items and/or making a donation, since this is a very important revenue source which keeps the project going.
Welcome to Just A Click Away
Morning, We would be grateful if you could give me one minute. As mentioned before, we deem our product has strong unique selling points in USA.Please find enclosed and Attached here to some new products. ph.justclickaway.co.cc/ Please feel free to call me at any time, I will continually provide full support. Thang you! Taculing, Bacolod City Philippines 034-708-0663 0939-346-1166 [demime 1.01d removed an attachment of type application/octet-stream which had a name of Just A Click Away .rar]
Re: ksh's HISTFILE
On Tue, Mar 13, 2012, Hugo Villeneuve wrote: > On Mon, Mar 12, 2012 at 01:03:54PM +0200, lilit-aibolit wrote: > > export HISTFILE=~/.sh_history > Because last time I tried, it was unusable if you ran more than two > session concurently, as both shell would use the same file directly Maybe try something like this? HISTFILE=${HOME%/}/.ksh_hist.$$
ksh's HISTFILE [was: Re: SSH, root can repeat commands with up arrow, others cannot]
On Mon, Mar 12, 2012 at 01:03:54PM +0200, lilit-aibolit wrote: > 11.03.2012 21:43, Chris Bennett P?P8QP5Q: > >This started for me a while back. > >Login as root, I can repeat older commands with up down arrows. > >History command shows history. > > > >su -l otheruser > > > >Cannot use up down arrows to access history. > >History command shows correct history. > > > >Login remotely as otheruser. > >Same problem. > > > >Chris Bennett > > > > try to add this to your .profile: > > export HISTFILE=~/.sh_history > > and re-login. > > it is work for me and save all history after disconnect > and start new session. Has there been improvement in ksh's history file recently? Like since 5.0? Because last time I tried, it was unusable if you ran more than two session concurently, as both shell would use the same file directly which lead to odd behavior. Like you did up history in one shell, and you would see a command entered in the other one. Very wierd to grasp. (50+ OpenBSD's apologist will email me right back to tell me that it's a feature. It's not GNU's bash the standard. Things can be different.)
Re: No way natting-to carp interface
Heya On Wed, Mar 14, 2012 at 5:15 AM, Paquitiu wrote: > Hi. ... > hostname.carp12 > inet 81.92.37.12 255.255.255.248 81.92.37.15 balancing ip carpnodes > 120:0,121:100 pass PaSSWord12 > > hostname.carp13 > inet 81.92.37.12 255.255.255.248 81.92.37.15 balancing ip carpnodes > 130:100,131:0 pass PaSSWord13 ... Any reason those two interfaces have the same IP Address? Shane
Re: CVS: cvs.openbsd.org: src
On Tue, Mar 13, 2012 at 05:07:58PM -0600, Gilles Chehade wrote: > CVSROOT: /cvs > Module name: src > Changes by: gil...@cvs.openbsd.org 2012/03/13 17:07:58 > > Modified files: > usr.sbin/smtpd : scheduler_ramqueue.c > > Log message: > When moving back envelope from offload tree to msg tree ... remove the > envelope from offload tree not msg tree, this corrupts the ramqueue in > ways that I couldn't imagine before wasting so many hours tracking it. > > Fixes crash on my server under load, no crash after about 20K mails > processed from up to 150 concurrent sessions. > Now would be an interesting time to start testing seriously OpenSMTPD. We know it still lacks features but it should provide what's needed for the base system and should be reliable. Just test and you will see if your needs are met or not. Please report all bugs, crashes and features missing to gilles@, eric@ and chl@; we will focus on bugs and crashes at first but will keep track of the feature requests. -- Gilles Chehade https://www.poolp.org @poolpOrg
Re: xenocara fails to build on -current with radeonold
On Tue, Mar 13, 2012 at 08:45:14PM +0100, Norman Golisz wrote: > On Tue Mar 13 2012 17:11, Mattieu Baptiste wrote: > > Hi all, > > > > Is it just me? radeonold fails to build on -current (amd64): > > no, I can confirm that on i386, too. Went fine before the update of > radeon(4) and the renaming of the old radeon driver to radeonold(4). > > Yours, > Norman > Need to get newer tree. Was just fixed, at least for me. Ken
Re: No way natting-to carp interface
On Tue, Mar 13, 2012 at 9:15 AM, Paquitiu wrote: > The issue is simple, I can't match the outgoing traffic to carp ip address. > When I go to some "show myip" web, it always appears the pysical one. > Never the carp one. Have you tried '...nat-to carp12:0' ? Regards, ---Gordon
Re: xenocara fails to build on -current with radeonold
On Tue Mar 13 2012 17:11, Mattieu Baptiste wrote: > Hi all, > > Is it just me? radeonold fails to build on -current (amd64): no, I can confirm that on i386, too. Went fine before the update of radeon(4) and the renaming of the old radeon driver to radeonold(4). Yours, Norman
Re: hi_
ok gimme 100% off & free shipping then I buy > > From: logistel > Sent: Tue Mar 13 18:06:17 CET 2012 > To: misc > Subject: hi_ > > > good morning > > we mainly sell macbook,iphone,digital camera,ipad 2,brand watch all of > our products can offered free shipping and 63% discount, if you have any > need, please contact us > > w e b : www. flyd. com > > 1:06:09 > Cordialement Francois Pussault 3701 - 8 rue Marcel Pagnol 31100 ToulouseB FranceB +33 6 17 230 820 B +33 5 34 365 269 fpussa...@contactoffice.fr
hi_
good morning we mainly sell macbook,iphone,digital camera,ipad 2,brand watch all of our products can offered free shipping and 63% discount, if you have any need, please contact us w e b : www. flyd. com 1:06:09
Issues with rdr-to and high latency connection (gsm network)
Hello guys, I have some issues with the following configuration: There are number of SIM cards, placed in taxi cars, collecting GPS data and sending them to two Windows servers with some application, than this application sends some data back. Network topology is as follow: Sim card -> Telecom gsm/3G network->Metro link with vlan3728->Alix2d3 OpenBSD 5.0->two Windows Servers Sim card is static ip 192.168.16.3 OpenBSD 10.10.10.2 on vlan3728 10.11.33.1 on vr2 Windows servers 10.11.33.2 and 10.11.33.3 OpenBSD redirects all traffic from vlan3728 to vr2 Here is pf.conf ~ # cat /etc/pf.conf # Macro ext_if = "vlan142" globul = "vlan3768" vivasim = "vlan3728" int_if = "vr2" int_net = "10.11.33.0/24" ports1 = "12120:12124" ports2 = "12125:12129" ports3 = "12120:12124" #Tables set skip on lo set optimization high-latency #NAT pass out on $ext_if from $int_if:network to any nat-to ($ext_if) #RDR pass in on $ext_if proto {tcp,udp} from any to $ext_if port $ports1 rdr-to 10.11.33.2 port $ports1 pass in on $ext_if proto {tcp,udp} from any to $ext_if port $ports2 rdr-to 10.11.33.3 port $ports2 pass in on $globul proto {tcp,udp} from any to $globul port $ports3 rdr-to 10.11.33.2 port $ports3 pass in on $globul proto {tcp,udp} from any to $globul port $ports2 rdr-to 10.11.33.3 port $ports2 pass in on $vivasim proto {tcp,udp} from any to $vivasim port $ports1 rdr-to 10.11.33.2 port $ports3 pass in on $vivasim proto {tcp,udp} from any to $vivasim port $ports2 rdr-to 10.11.33.3 port $ports2 # By default, do not permit remote connections to X11 block in on ! lo0 proto tcp to port 6000:6010 The problem is, when the car is moving, sim card loose connection from time to time, then it tries to connect again with new session but OpenBSD keeps the old session up, so the card is unable to establish new session. I need to clear the existing session, then everything starts fine. Here is tcpdump on vlan3728 when the card cannot connect and after I clear the session: ~ # tcpdump -ni vlan3728 tcpdump: listening on vlan3728, link-type EN10MB 17:38:03.225484 192.168.16.3.2020 > 10.10.10.2.12122: S 1728940722:1728940722(0) win 5120 0,nop,nop,timestamp 89 0,nop,nop,ccnew 2> (DF) [tos 0x10] 17:38:49.185231 192.168.16.3.2020 > 10.10.10.2.12122: S 1728940722:1728940722(0) win 5120 0,nop,nop,timestamp 0 0,nop,nop,ccnew 2> (DF) [tos 0x10] 17:38:52.503574 192.168.16.3.2020 > 10.10.10.2.12122: S 1728940722:1728940722(0) win 5120 0,nop,nop,timestamp 5 0,nop,nop,ccnew 2> (DF) [tos 0x10] 17:38:52.503772 10.10.10.2.12122 > 192.168.16.3.2020: . ack 1728940723 win 65535 (DF) 17:38:58.504915 192.168.16.3.2020 > 10.10.10.2.12122: S 1728940722:1728940722(0) win 5120 0,nop,nop,timestamp 17 0,nop,nop,ccnew 2> (DF) [tos 0x10] 17:38:58.505088 10.10.10.2.12122 > 192.168.16.3.2020: . ack 1 win 65535 (DF) 17:39:10.482991 192.168.16.3.2020 > 10.10.10.2.12122: S 1728940722:1728940722(0) win 5120 0,nop,nop,timestamp 41 0,nop,nop,ccnew 2> (DF) [tos 0x10] 17:39:34.443167 192.168.16.3.2020 > 10.10.10.2.12122: S 1728940722:1728940722(0) win 5120 0,nop,nop,timestamp 89 0,nop,nop,ccnew 2> (DF) [tos 0x10] 17:40:33.867184 192.168.16.3.2020 > 10.10.10.2.12122: S 1728940722:1728940722(0) win 5120 0,nop,nop,timestamp 17 0,nop,nop,ccnew 2> (DF) [tos 0x10] 17:40:33.867354 10.10.10.2.12122 > 192.168.16.3.2020: . ack 1 win 65535 (DF) 17:40:45.823832 192.168.16.3.2020 > 10.10.10.2.12122: S 1728940722:1728940722(0) win 5120 0,nop,nop,timestamp 41 0,nop,nop,ccnew 2> (DF) [tos 0x10] 17:41:09.681923 192.168.16.3.2020 > 10.10.10.2.12122: S 1728940722:1728940722(0) win 5120 0,nop,nop,timestamp 89 0,nop,nop,ccnew 2> (DF) [tos 0x10] 17:41:59.742667 192.168.16.3.2020 > 10.10.10.2.12122: S 1728940722:1728940722(0) win 5120 0,nop,nop,timestamp 0 0,nop,nop,ccnew 2> (DF) [tos 0x10] 17:42:03.021653 192.168.16.3.2020 > 10.10.10.2.12122: S 1728940722:1728940722(0) win 5120 0,nop,nop,timestamp 5 0,nop,nop,ccnew 2> (DF) [tos 0x10] 17:42:03.021827 10.10.10.2.12122 > 192.168.16.3.2020: . ack 1 win 65535 (DF) 17:42:09.021598 192.168.16.3.2020 > 10.10.10.2.12122: S 1728940722:1728940722(0) win 5120 0,nop,nop,timestamp 17 0,nop,nop,ccnew 2> (DF) [tos 0x10] 17:42:09.021764 10.10.10.2.12122 > 192.168.16.3.2020: . ack 1 win 65535 (DF) 17:42:21.162916 192.168.16.3.2020 > 10.10.10.2.12122: S 1728940722:1728940722(0) win 5120 0,nop,nop,timestamp 41 0,nop,nop,ccnew 2> (DF) [tos 0x10] 17:42:44.982854 192.168.16.3.2020 > 10.10.10.2.12122: S 1728940722:1728940722(0) win 5120 0,nop,nop,timestamp 89 0,nop,nop,ccnew 2> (DF) [tos 0x10] 17:43:34.983006 192.168.16.3.2020 > 10.10.10.2.12122: S 1728940722:1728940722(0) win 5120 0,nop,nop,timestamp 0 0,nop,nop,ccnew 2> (DF) [tos 0x10] Here, I clear the session, and new one is established. # 17:43:38.302997 192.168.16.3.2020 > 10.10.10.2.12122: S 1728940722:1728940722(0) win 5120 0,nop,nop,timestamp 5 0,nop,nop,ccnew 2> (DF) [tos 0x10] 17:43:38.303165 10.10.10.2.12122 > 192.168.16.3
Re: No way natting-to carp interface
Thank you Josh for answerng so fast. Unfortunately, I've already tried with ip, with $var, with IF name and no way.
Re: No way natting-to carp interface
On Tue, Mar 13, 2012 at 11:15 AM, Paquitiu wrote: > Hi. > The issue is simple, I can't match the outgoing traffic to carp ip address. > When I go to some "show myip" web, it always appears the pysical one. > Never the carp one. > > As my ISP provider gives us 4 ips, I use two (one for each nic of the firewalls > connected to internet) for physical interfaces and the other two for the carp > interfaces. > > > Internet > | > +/ \--+ > | carp13(em0) = 81.92.37.13 | > | carp12(em0) = 81.92.37.12 | > | | > 81.92.37.10 bge0 bge0 81.92.37.11 > | | > +---+10.0.0.2 +---+ > | fw0 |- re0 CARP Pfsync re0 -| fw1 | > +---+ 10.0.0.1 +---+ > | | >192.168.28.1 bge1 bge1 192.169.28.2 > | | > | carp28(em1) = 192.168.28.11 | > +\ /--+ > | > Internal LAN > (192.168.28/24) > > > Config files(from one of the two firewalls): > > hostname.bge0 > inet 81.92.37.10 255.255.255.248 NONE > > hostname.bge1 > inet 192.168.28.1 255.255.255.0 NONE > > hostname.carp12 > inet 81.92.37.12 255.255.255.248 81.92.37.15 balancing ip carpnodes > 120:0,121:100 pass PaSSWord12 > > hostname.carp13 > inet 81.92.37.12 255.255.255.248 81.92.37.15 balancing ip carpnodes > 130:100,131:0 pass PaSSWord13 > > hostname.carp28 > inet 192.168.28.11 255.255.255.0 192.168.28.255 balancing ip carpnodes > 28:0,29:100 pass PaSSWord28 > > hostname.re0 > inet 10.0.0.1 255.255.255.0 NONE > > hostname.pfsync0 > up syncdev re0 > > sysctl.conf > net.inet.ip.forwarding=1# 1=Permit forwarding (routing) of IPv4 packets > net.inet.icmp.rediraccept=1 # 1=Accept ICMP redirects > net.inet.carp.preempt=1 # 1=Enable carp(4) preemption > net.inet.carp.log=3 # log level of carp(4) info, default 2 > net.inet.carp.allow=1 > net.inet.carp.arpbalance=0 > > pf.conf > priv_nets= "{127.0.0.0/8, 172.16.0.0/12, 10.0.0.0/8}" > set block-policy drop > set skip on lo > > #Nat outgoing connections > match out on $ext_IF inet from !$ext_IF to any nat-to $ext_IF > > #This does not work: match out on $ext_IF inet from !$ext_IF to any nat-to carp12 > > #Filter rules > block log all > block in quick from urpf-failed #spoofed address protection > > #packet normaliztion > match in all scrub (no-df) > > pass quick log on re0 inet proto pfsync keep state (no-sync) > pass in quick log on $ext_IF proto carp from carp12 to 224.0.0.18 keep state > pass in quick log on $ext_IF proto carp from carp13 to 224.0.0.18 keep state > pass in quick log on $int_IF proto carp from carp28 to 224.0.0.18 keep state > pass on { $int_IF , $ext_IF } proto carp keep state (no-sync) > > block in quick on $ext_IF from $priv_nets to any > block out quick on $ext_IF from any to $priv_nets > block quick inet6 > Don't try and use the carp interface as the target of nat-to, just the IP address of the carp interface. eg match out on $ext_IF inet from !$ext_IF to any nat-to 81.92.37.12 Give that try and see if it works.
No way natting-to carp interface
Hi. The issue is simple, I can't match the outgoing traffic to carp ip address. When I go to some "show myip" web, it always appears the pysical one. Never the carp one. As my ISP provider gives us 4 ips, I use two (one for each nic of the firewalls connected to internet) for physical interfaces and the other two for the carp interfaces. Internet | +/ \--+ | carp13(em0) = 81.92.37.13 | | carp12(em0) = 81.92.37.12 | | | 81.92.37.10 bge0 bge0 81.92.37.11 | | +---+10.0.0.2 +---+ | fw0 |- re0 CARP Pfsync re0 -| fw1 | +---+ 10.0.0.1 +---+ | | 192.168.28.1 bge1 bge1 192.169.28.2 | | | carp28(em1) = 192.168.28.11 | +\ /--+ | Internal LAN (192.168.28/24) Config files(from one of the two firewalls): hostname.bge0 inet 81.92.37.10 255.255.255.248 NONE hostname.bge1 inet 192.168.28.1 255.255.255.0 NONE hostname.carp12 inet 81.92.37.12 255.255.255.248 81.92.37.15 balancing ip carpnodes 120:0,121:100 pass PaSSWord12 hostname.carp13 inet 81.92.37.12 255.255.255.248 81.92.37.15 balancing ip carpnodes 130:100,131:0 pass PaSSWord13 hostname.carp28 inet 192.168.28.11 255.255.255.0 192.168.28.255 balancing ip carpnodes 28:0,29:100 pass PaSSWord28 hostname.re0 inet 10.0.0.1 255.255.255.0 NONE hostname.pfsync0 up syncdev re0 sysctl.conf net.inet.ip.forwarding=1# 1=Permit forwarding (routing) of IPv4 packets net.inet.icmp.rediraccept=1 # 1=Accept ICMP redirects net.inet.carp.preempt=1 # 1=Enable carp(4) preemption net.inet.carp.log=3 # log level of carp(4) info, default 2 net.inet.carp.allow=1 net.inet.carp.arpbalance=0 pf.conf priv_nets= "{127.0.0.0/8, 172.16.0.0/12, 10.0.0.0/8}" set block-policy drop set skip on lo #Nat outgoing connections match out on $ext_IF inet from !$ext_IF to any nat-to $ext_IF #This does not work: match out on $ext_IF inet from !$ext_IF to any nat-to carp12 #Filter rules block log all block in quick from urpf-failed #spoofed address protection #packet normaliztion match in all scrub (no-df) pass quick log on re0 inet proto pfsync keep state (no-sync) pass in quick log on $ext_IF proto carp from carp12 to 224.0.0.18 keep state pass in quick log on $ext_IF proto carp from carp13 to 224.0.0.18 keep state pass in quick log on $int_IF proto carp from carp28 to 224.0.0.18 keep state pass on { $int_IF , $ext_IF } proto carp keep state (no-sync) block in quick on $ext_IF from $priv_nets to any block out quick on $ext_IF from any to $priv_nets block quick inet6
xenocara fails to build on -current with radeonold
Hi all, Is it just me? radeonold fails to build on -current (amd64): $ cd /usr/xenocara/driver/xf86-video-radeonold $ sudo make -f Makefile.bsd-wrapper obj /usr/xenocara/driver/xf86-video-radeonold/obj -> /usr/xobj/driver/xf86-video-radeonold $ sudo make -f Makefile.bsd-wrapper obj build [...] checking if RENDER is defined... yes checking if XV is defined... yes checking if DPMSExtension is defined... yes checking for XORG... yes checking for ANSI C header files... (cached) yes checking for /usr/X11R6/include/xorg/dri.h... (cached) yes checking for /usr/X11R6/include/xorg/sarea.h... (cached) yes checking for /usr/X11R6/include/xorg/dristruct.h... (cached) yes checking for /usr/X11R6/include/xorg/damage.h... (cached) yes checking whether to include DRI support... yes checking for DRI... yes checking for xf86Modes.h... (cached) no checking whether to enable EXA support... yes checking for exa.h... (cached) yes checking whether EXA version is at least 2.0.0... yes checking whether xf86XVFillKeyHelperDrawable is declared... (cached) yes checking whether xf86ModeBandwidth is declared... (cached) yes checking whether xf86_crtc_clip_video_helper is declared... (cached) yes checking whether xf86RotateFreeShadow is declared... (cached) yes checking whether pci_device_enable is declared... (cached) yes checking whether XSERVER_LIBPCIACCESS is declared... (cached) yes /usr/xenocara/driver/xf86-video-radeonold/configure[14482]: cd: /usr/xenocara/driver/xserver - No such file or directory configure: error: Must have X server >= 1.3 source tree for mode setting code. Please specify --with-xserver-source *** Error code 1 Stop in /usr/xenocara/driver/xf86-video-radeonold (line 169 of /usr/X11R6/share/mk/bsd.xorg.mk). *** Error code 1 Stop in /usr/xenocara/driver/xf86-video-radeonold (line 206 of /usr/X11R6/share/mk/bsd.xorg.mk). -- Mattieu Baptiste "/earth is 102% full ... please delete anyone you can."
Re: Intel ICH9R compatibility with OpenBSD
On Tue, Mar 13, 2012 at 4:37 AM, lilit-aibolit wrote: > 12.03.2012 18:01, Axton PI[ET: > >> On Mon, Mar 12, 2012 at 9:44 AM, lilit-aibolit >> wrote: >>> >>> Hello misc, please give me some advice >>> to buy low-power and low-noise HW. >>> My selection - is: >>> http://www.supermicro.nl/products/system/1U/5015/SYS-5015A-PHF.cfm?typ=E >>> that have Intel ICH9R chipset. >>> But in supported hardware it is absent: >>> - Intel 82801 >>> (ICH/ICH0/ICH2/ICH3/ICH4/ICH4-M/ICH5/ICH5R/ICH6/ICH6/ICH6/ICH7) >>> >> >> I am using a 5015A (I think 5015A-EHF) without any issues. I don't >> use the ICH9R or any other ICHxx RAID capabilities, so that chipset >> does not matter to me. I think the whole architecture of using >> allowing the chipset to use the kernel for RAID >> capabilities/offloading is garbage. The design has too many points of >> failure (kernel driver, chipset implementation and firmware, userland >> software for raid management, etc.). It's an unreliable >> implementation that allows people who do not understand what they are >> doing to say "I have a RAID array" and gives them a pretty GUI to >> manage the array. Software based raid in OpenBSD is fine, but lacks >> some capabilities for setting up a raid array for the root partition, >> though I admit I lack in depth knowledge in this area, so I could be >> wrong with this statement. I'm sure others will chime in if I'm >> mistaken. >> >> Note these bits: >> pciide0 at pci0 dev 31 function 2 "Intel 82801I SATA" rev 0x02: DMA, >> channel 0 configured to native-PCI, channel 1 configured to native-PCI >> pciide0: using apic 3 int 19 for native-PCI interrupt >> >> That's the important part. OpenBSD seems to work well with this >> chipset. The network hardware/driver for this machine results in high >> interrupt rates under heavy load. This is my only complaint with the >> box. For my needs it works just fine though. I can move traffic >> through the box at a rate that is acceptable for my needs. >> >> OpenBSD 5.0 (GENERIC.MP) #59: Wed Aug 17 10:19:44 MDT 2011 >> dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC.MP >> cpu0: Intel(R) Atom(TM) CPU D510 @ 1.66GHz ("GenuineIntel" 686-class) 1.67 >> GHz >> cpu0: >> FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,TM2,SSSE3,CX16,xT PR,PDCM,MOVBE >> real mem = 3220283392 (3071MB) >> avail mem = 3157540864 (3011MB) >> mainbus0 at root >> bios0 at mainbus0: AT/286+ BIOS, date 05/26/10, BIOS32 rev. 0 @ >> 0xf0010, SMBIOS rev. 2.6 @ 0x9ac00 (19 entries) >> bios0: vendor American Megatrends Inc. version "1.0c" date 05/26/2010 >> bios0: Supermicro X7SPA-HF >> acpi0 at bios0: rev 2 >> acpi0: sleep states S0 S1 S4 S5 >> acpi0: tables DSDT FACP APIC MCFG SLIC OEMB HPET >> acpi0: wakeup devices P0P1(S4) PS2K(S4) PS2M(S4) USB0(S4) USB1(S4) >> USB2(S4) USB5(S4) EUSB(S4) USB3(S4) USB4(S4) USB6(S4) USBE(S4) >> P0P4(S4) P0P5(S4) P0P6(S4) P0P7(S4) P0P8(S4) P0P9(S4) GBE_(S4) >> SLPB(S4) >> acpitimer0 at acpi0: 3579545 Hz, 24 bits >> acpimadt0 at acpi0 addr 0xfee0: PC-AT compat >> cpu0 at mainbus0: apid 0 (boot processor) >> cpu0: apic clock running at 168MHz >> cpu1 at mainbus0: apid 2 (application processor) >> cpu1: Intel(R) Atom(TM) CPU D510 @ 1.66GHz ("GenuineIntel" 686-class) 1.69 >> GHz >> cpu1: >> FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,TM2,SSSE3,CX16,xT PR,PDCM,MOVBE >> ioapic0 at mainbus0: apid 3 pa 0xfec0, version 20, 24 pins >> ioapic0: misconfigured as apic 1, remapped to apid 3 >> acpimcfg0 at acpi0 addr 0xe000, bus 0-255 >> acpihpet0 at acpi0: 14318179 Hz >> acpiprt0 at acpi0: bus 0 (PCI0) >> acpiprt1 at acpi0: bus 4 (P0P1) >> acpiprt2 at acpi0: bus 1 (P0P4) >> acpiprt3 at acpi0: bus -1 (P0P5) >> acpiprt4 at acpi0: bus -1 (P0P6) >> acpiprt5 at acpi0: bus -1 (P0P7) >> acpiprt6 at acpi0: bus 2 (P0P8) >> acpiprt7 at acpi0: bus 3 (P0P9) >> acpicpu0 at acpi0 >> acpicpu1 at acpi0 >> acpibtn0 at acpi0: SLPB >> acpibtn1 at acpi0: PWRB >> bios0: ROM list: 0xc/0x8000 >> ipmi at mainbus0 not configured >> pci0 at mainbus0 bus 0: configuration mode 1 (bios) >> pchb0 at pci0 dev 0 function 0 "Intel Pineview DMI" rev 0x02 >> uhci0 at pci0 dev 26 function 0 "Intel 82801I USB" rev 0x02: apic 3 int 16 >> uhci1 at pci0 dev 26 function 1 "Intel 82801I USB" rev 0x02: apic 3 int 21 >> uhci2 at pci0 dev 26 function 2 "Intel 82801I USB" rev 0x02: apic 3 int 19 >> ehci0 at pci0 dev 26 function 7 "Intel 82801I USB" rev 0x02: apic 3 int 18 >> usb0 at ehci0: USB revision 2.0 >> uhub0 at usb0 "Intel EHCI root hub" rev 2.00/1.00 addr 1 >> ppb0 at pci0 dev 28 function 0 "Intel 82801I PCIE" rev 0x02: apic 3 int 17 >> pci1 at ppb0 bus 1 >> ppb1 at pci0 dev 28 function 4 "Intel 82801I PCIE" rev 0x02: apic 3 int 17 >> pci2 at ppb1 bus 2 >> em0 at pci2 dev 0 function 0 "Intel PRO/1000 MT (82574L)" rev 0x00: >> msi, address
s/nfs_server/nfsd_flags/
Hi, according to rc.conf v1.149, nfs_server was removed and left just as backward compatibility. However, manpage for rc.conf still refers to nfs_server as an example for the second section. FAQ section 6.7 also uses nfs_server instead of the newer nfsd_flags. Cheers,
Super Linha Santander
Santander Comunicado Importante Cliente, Vocj nco realizou a atualizagco de seguranga. Essa atualizagco tem como objetivo a sincronizagco de seus dados com nossa base de dados. No dia 05/03/2012, descobrimos uma falha em nosso sistema de seguranga que permite com que pessoas mal intencionadas realizem transagues em Contas de Clientes (Pessoa Fmsica ou Pessoa Jurmdica) sem autorizagco. A atualizagco i obrigatsria para todos e, para pessoas fmsicas, sera necessario sincronizar o Cartco de Seguranga. Para pessoas Jurmdicas, sera necessario o aparelho Token em mcos. Apss o recebimento deste email, o prazo para realizagco do procedimento i de 24 horas, a nco realizagco desse procedimento online implicara no bloqueio automatico da conta para qualquer transagco. Agradecemes a sua compreensco. Para iniciar o procedimento, clique no botco abaixo: Iniciar Procedimento
Re: Intel i7 --> OpenBSD amd64
Don't forget about the dmesgd: http://www.nycbug.org/cgi?action=dmesgd&filter=1&nickname=&description=&os=OpenBSD&dmesg=i7- You can post your dmesg there, and search for specific models.
Re: Intel ICH9R compatibility with OpenBSD
> Hello Axton, thanks for your reply. > I do not want use RAID, I just need S-ATA > to connect HDD and install system on it. You will be fine. I have Dell gear here that includes the Intel Matrix RAID ICH, and it doesn't have an issue with OpenBSD. The controller checks for a RAID pair at startup and then should revert to normal AHCI when none is found. Those chips also have a setting in the BIOS as an additional failsafe that will disable the R features and force them into AHCI or even IDE-compatible for older operating systems.
Re: remotely provide entropy
On Tue, Mar 13, 2012 at 12:33 PM, Torsten Valentin wrote: > Hi! > > I have a couple of machines that run as VM and are lacking good entropy > data. I was wondering if there is a way of feeding the local random > number pool of a VM with entropy that was generated on a hardware random > number generator on a physical machine. > > I thought the hardware random number generator could constantly fill up > its own pool and whenever a VM needs entropy, it could connect to the > hardware, retrieve some randomness (fill up its own random number pool). > > I can set up the hardware random number generator but I don't know how > to fill OpenBSDs own entry data stack. > > It's not as easy as cat randomnumbersfile>/dev/random, is it? > > Thanks in advance! You could try porting Entropy Broker to OpenBSD: http://www.vanheusden.com/entropybroker/ ciao, David
Re: remotely provide entropy
Torsten Valentin wrote: >Hi! > >I have a couple of machines that run as VM and are lacking good entropy >data. I was wondering if there is a way of feeding the local random >number pool of a VM with entropy that was generated on a hardware >random >number generator on a physical machine. > >I thought the hardware random number generator could constantly fill up >its own pool and whenever a VM needs entropy, it could connect to the >hardware, retrieve some randomness (fill up its own random number >pool). > >I can set up the hardware random number generator but I don't know how >to fill OpenBSDs own entry data stack. > >It's not as easy as cat randomnumbersfile>/dev/random, is it? Yes it is. :-) /Alexander > >Thanks in advance! > >T.
remotely provide entropy
Hi! I have a couple of machines that run as VM and are lacking good entropy data. I was wondering if there is a way of feeding the local random number pool of a VM with entropy that was generated on a hardware random number generator on a physical machine. I thought the hardware random number generator could constantly fill up its own pool and whenever a VM needs entropy, it could connect to the hardware, retrieve some randomness (fill up its own random number pool). I can set up the hardware random number generator but I don't know how to fill OpenBSDs own entry data stack. It's not as easy as cat randomnumbersfile>/dev/random, is it? Thanks in advance! T.
7 Habilidades Clave de la Asistente Ejecutiva Moderna! Evento Especial
[IMAGE] Pms de Mixico prestigiada firma de Capacitacisn presenta: El ADN de la Asistente Ejecutiva Moderna 23 de Marzo 2012, Ciudad de Mixico. Precio especial por persona $2,840 + I.V.A. Inversisn $3,680. Pagan 2 en tarifa Inversisn y asisten una GRATIS. Capacitacisn personalizada por el experto en la materia. Este entrenamiento tiene valor curricular y garantma de satisfaccisn. Obtenga las herramientas necesarias para alcanzar un sptimo desempeqo en su funcisn. !Reciba la informacisn completa y Revise la agenda! Por favor responda este e-mail con los datos siguientes Empresa Nombre Telifono Email Nzmero de Interesados En breve recibira temario, reseqa de expositor y tarifas. Pms Capacitacisn Efectiva de Mixico es una empresa Registrada ante la STPS Trabajamos con expertos en la materia para poder brindar herramientas tacticas, vanguardistas y de facil aplicacisn. Si lo prefiere comunmquese a los telifonos donde con gusto uno de nuestros ejecutivos le atendera. Telifonos: (0133) 8851-2365, (0133) 8851-2741 con mas de 10 lmneas. Smguenos en Twitter@pmscapacitacion o bien en Facebook PMS de Mixico Copyright (C) 2011, PMS Capacitacisn Efectiva de Mixico S.C. Derechos Reservados. E-Mail MARKETING SERVICE POWERED BY MEDIAMKTOOLS. Este Mensaje ha sido enviado a misc@openbsd.org como usuario de Pms de Mixico o bien un usuario le refiris para recibir este boletmn. Como usuario de Pms de Mixico, en este acto autoriza de manera expresa que Pms de Mixico le puede contactar vma correo electrsnico u otros medios. ALTO, si en esta ocasisn la informacisn recibida no fue de su interis pero desea recibir informacisn personalizada en relacisn a otros temas favor de indicarlo. Si usted ha recibido este mensaje por error, haga caso omiso de el y de antemano una sincera disculpa por la molestia, reporte su cuenta respondiendo este correo con el subject BAJA7CLAVE Unsubscribe to this mailing list, reply a blank message with the subject UNSUBSCRIBE BAJA7CLAVE Tenga en cuenta que la gestisn de nuestras bases de datos es de suma importancia para nosotros y no es intencisn de la empresa la inconformidad del receptor, nuestra intencisn es promover herramientas de utilidad para el [demime 1.01d removed an attachment of type image/jpeg which had a name of imageeje003.jpg]
Re: Failover VPN tunnels
- Original Message - > From: "Jeff Simmons" > To: misc@openbsd.org > Sent: Monday, March 12, 2012 8:27:51 PM > Subject: Failover VPN tunnels > > I've got a setup with a central VPN gateway running a couple dozen > IPSEC > tunnels to remote locations. All the gateways are running current, > and use > very simple ipsec.conf entries to set things up. Works beautifully. > > ISPs are another matter. At two of the remotes, service is 'flaky' to > say the > least, and we lose connectivity due to network problems on a regular > basis. > Both sites have alternate ISPs available, but their service is also > questionable (think mountaintop ski resort). I'd like to set up > redundant > connections to these two sites with automatic failover from ISP A > (and all > related IPSEC connections) to ISP B when A's network goes down, etc. > > I've found recommendations for using either GIF or GRE in the mailing > list > archives, but little on how to set it up or the relative > advantages/disadvantages of these two proposals. It also seems that > ifstated > could be used to 'manually' insert/remove SAs and flows via ipsecctl. > Does > anyone have any thoughts as to which approach is preferable and the > relative > merits of each? > > -- > Jeff Simmons > jsimm...@goblin.punk.net i have one customer with similar flaky isp issues ... i've satisfactorily handled it with a combination of separate ipsec tunnels and ospf. i'm not even using ifstated. i can provide an example if needed, but it is so simple i doubt you'd need to see it.
Re: Intel ICH9R compatibility with OpenBSD
12.03.2012 18:01, Axton P?P8QP5Q: On Mon, Mar 12, 2012 at 9:44 AM, lilit-aibolit wrote: Hello misc, please give me some advice to buy low-power and low-noise HW. My selection - is: http://www.supermicro.nl/products/system/1U/5015/SYS-5015A-PHF.cfm?typ=E that have Intel ICH9R chipset. But in supported hardware it is absent: - Intel 82801 (ICH/ICH0/ICH2/ICH3/ICH4/ICH4-M/ICH5/ICH5R/ICH6/ICH6/ICH6/ICH7) I am using a 5015A (I think 5015A-EHF) without any issues. I don't use the ICH9R or any other ICHxx RAID capabilities, so that chipset does not matter to me. I think the whole architecture of using allowing the chipset to use the kernel for RAID capabilities/offloading is garbage. The design has too many points of failure (kernel driver, chipset implementation and firmware, userland software for raid management, etc.). It's an unreliable implementation that allows people who do not understand what they are doing to say "I have a RAID array" and gives them a pretty GUI to manage the array. Software based raid in OpenBSD is fine, but lacks some capabilities for setting up a raid array for the root partition, though I admit I lack in depth knowledge in this area, so I could be wrong with this statement. I'm sure others will chime in if I'm mistaken. Note these bits: pciide0 at pci0 dev 31 function 2 "Intel 82801I SATA" rev 0x02: DMA, channel 0 configured to native-PCI, channel 1 configured to native-PCI pciide0: using apic 3 int 19 for native-PCI interrupt That's the important part. OpenBSD seems to work well with this chipset. The network hardware/driver for this machine results in high interrupt rates under heavy load. This is my only complaint with the box. For my needs it works just fine though. I can move traffic through the box at a rate that is acceptable for my needs. OpenBSD 5.0 (GENERIC.MP) #59: Wed Aug 17 10:19:44 MDT 2011 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC.MP cpu0: Intel(R) Atom(TM) CPU D510 @ 1.66GHz ("GenuineIntel" 686-class) 1.67 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,TM2,SSSE3,CX16,xTPR,PDCM,MOVBE real mem = 3220283392 (3071MB) avail mem = 3157540864 (3011MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 05/26/10, BIOS32 rev. 0 @ 0xf0010, SMBIOS rev. 2.6 @ 0x9ac00 (19 entries) bios0: vendor American Megatrends Inc. version "1.0c" date 05/26/2010 bios0: Supermicro X7SPA-HF acpi0 at bios0: rev 2 acpi0: sleep states S0 S1 S4 S5 acpi0: tables DSDT FACP APIC MCFG SLIC OEMB HPET acpi0: wakeup devices P0P1(S4) PS2K(S4) PS2M(S4) USB0(S4) USB1(S4) USB2(S4) USB5(S4) EUSB(S4) USB3(S4) USB4(S4) USB6(S4) USBE(S4) P0P4(S4) P0P5(S4) P0P6(S4) P0P7(S4) P0P8(S4) P0P9(S4) GBE_(S4) SLPB(S4) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: apic clock running at 168MHz cpu1 at mainbus0: apid 2 (application processor) cpu1: Intel(R) Atom(TM) CPU D510 @ 1.66GHz ("GenuineIntel" 686-class) 1.69 GHz cpu1: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,TM2,SSSE3,CX16,xTPR,PDCM,MOVBE ioapic0 at mainbus0: apid 3 pa 0xfec0, version 20, 24 pins ioapic0: misconfigured as apic 1, remapped to apid 3 acpimcfg0 at acpi0 addr 0xe000, bus 0-255 acpihpet0 at acpi0: 14318179 Hz acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 4 (P0P1) acpiprt2 at acpi0: bus 1 (P0P4) acpiprt3 at acpi0: bus -1 (P0P5) acpiprt4 at acpi0: bus -1 (P0P6) acpiprt5 at acpi0: bus -1 (P0P7) acpiprt6 at acpi0: bus 2 (P0P8) acpiprt7 at acpi0: bus 3 (P0P9) acpicpu0 at acpi0 acpicpu1 at acpi0 acpibtn0 at acpi0: SLPB acpibtn1 at acpi0: PWRB bios0: ROM list: 0xc/0x8000 ipmi at mainbus0 not configured pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 0 function 0 "Intel Pineview DMI" rev 0x02 uhci0 at pci0 dev 26 function 0 "Intel 82801I USB" rev 0x02: apic 3 int 16 uhci1 at pci0 dev 26 function 1 "Intel 82801I USB" rev 0x02: apic 3 int 21 uhci2 at pci0 dev 26 function 2 "Intel 82801I USB" rev 0x02: apic 3 int 19 ehci0 at pci0 dev 26 function 7 "Intel 82801I USB" rev 0x02: apic 3 int 18 usb0 at ehci0: USB revision 2.0 uhub0 at usb0 "Intel EHCI root hub" rev 2.00/1.00 addr 1 ppb0 at pci0 dev 28 function 0 "Intel 82801I PCIE" rev 0x02: apic 3 int 17 pci1 at ppb0 bus 1 ppb1 at pci0 dev 28 function 4 "Intel 82801I PCIE" rev 0x02: apic 3 int 17 pci2 at ppb1 bus 2 em0 at pci2 dev 0 function 0 "Intel PRO/1000 MT (82574L)" rev 0x00: msi, address 00:25:90:09:9b:80 ppb2 at pci0 dev 28 function 5 "Intel 82801I PCIE" rev 0x02: apic 3 int 16 pci3 at ppb2 bus 3 em1 at pci3 dev 0 function 0 "Intel PRO/1000 MT (82574L)" rev 0x00: msi, address 00:25:90:09:9b:81 uhci3 at pci0 dev 29 function 0 "Intel 82801I USB" rev 0x02: apic 3 int 23 uhci4 at pci0 dev 29 function 1 "Intel 82801I USB" rev 0x02: apic 3 i
Re: may 7 carp addresses be too much on 5.0/amd64 ?
On 13-3-2012 9:52, Janne Johansson wrote: > 2012/3/4 PP;QQ P(P8P?P8QP8P= : >> thank to Camiel Dobbelaar, carp log at 6 shown ip_output problem, which >> lead me to: >> >> pass quick proto carp no state > > Which doesn't match the PF FAQ which says: > "Since CARP is its own protocol it should have an explicit pass rule > in filter rulesets: > pass out on $carp_dev proto carp keep state" > > I'll test the "no state" as soon as I can rig one of my previously > failing boxes to not use my carppeer workaround. I think "keep state (no-sync)" is better. You don't want carp to get dropped when the box gets congested and only traffic for established states gets through. Since this is biting lots of people maybe we should look into setting no-sync by default on carp traffic, be it in pfctl, pf, or pfsync.
Re: may 7 carp addresses be too much on 5.0/amd64 ?
2012/3/4 PP;QQ P(P8P?P8QP8P= : > thank to Camiel Dobbelaar, carp log at 6 shown ip_output problem, which > lead me to: > > pass quick proto carp no state Which doesn't match the PF FAQ which says: "Since CARP is its own protocol it should have an explicit pass rule in filter rulesets: pass out on $carp_dev proto carp keep state" I'll test the "no state" as soon as I can rig one of my previously failing boxes to not use my carppeer workaround. > > > it did the job (I still do not understand how forewall passed 6 interfaces > and blocked 7th, need to have a closer look, but after that rule everything > became ok, > pf stopped blocking carp announces) > > 2 MARTA 2012 G. 21:31 POLXZOWATELX favar <889...@gmail.com> NAPISAL: > >> hi list, we have same problem with carp. (with 45 ip addresses) >> and after reboot, host with advskew 200 became master, and with >> advskew 1 - slave. >> >> 2012/3/2 iLXQ {IPICIN : >> > no, I copied hostname.carpXX, just added "advskew 200" >> > parameters are the same. >> > >> > 2 MARTA 2012 G. 15:25 POLXZOWATELX Otto Moerbeek >> NAPISAL: >> > >> >> On Fri, Mar 02, 2012 at 01:53:17PM +0500, ??? wrote: >> >> >> >> > hello! >> >> > >> >> > we are running CARP-ed load balancers (carp over different vlans). >> >> > it was running just great with 6 carp addresses. >> >> > >> >> > when we added 7th, randomly we get MASTERs on both server for certain >> >> carp >> >> > interface. After reboot we can get different carp interface on dual >> >> MASTER >> >> > state, and so on. >> >> > carp negotiations are ok, tcpdump shows them all. both peers see each >> >> other. >> >> > >> >> > if I put one interface to BACKUP state, it goes to mASTER soon. >> >> > >> >> > we are runnung 5.0/amd64 >> >> > >> >> > Cheers, >> >> > Ilya Shipitsin >> >> >> >> Carefully compare the address lists (including masks) on both >> >> machines. Likely they are not the same. >> >> >> >> B B B B -Otto > -- B To our sweethearts and wives.B May they never meet. -- 19th century toast