Re: Suspend/Resume on Lemote Yeeloong netbook

[Miod Vallat]

> I have installed OpenBSD onto my Lemote netbook, and have apmd running on
> startup. If I run the command 'zzz' the computer suspends perfectly.
> However, on turning the machine back on, it boots as normal, with complains
> about being uncleanly shutdown.

How did you `turn the machine back on'?

> On closing the lid of the netbook, the computer remains on.

OpenBSD is not able to detect lid close on the Yeeloong at the moment.

> So, simply put, how can I make suspend/resume work? I'm happy to run the
> 'zzz' command instead of closing the lid, I'd just like to know how to make
> it work at all.

Suspend: zzz
Resume: press any key or the touchpad. Do not touch the power button.

Miod

Re: A type in the man page for re_format

[Jason McIntyre]

On Wed, Jun 05, 2013 at 06:24:46PM +, Peter Fraser wrote:
>  [[:>:]]
>  Anchors the single character regular expression or subexpression
>  immediately following it to the end of a word.
> 
> Should say 
> 
> [[:>:]]
>  Anchors the single character regular expression or subexpression
>  immediately preceding it to the end of a word.
> 

fixed, thanks!
jmc

Re: PF policy routing route-to rules don’t catch any packet

[Raimundo Santos]

On 5 June 2013 17:50, Ville Valkonen  wrote:
>
> Hi,
>
> just confirming one thing: did you flush the pf states between the
> tests? I must admit, I mainly glanced the problem, so sorry if this is
> an old tip. This was the first thing that popped into my mind when
> reading about your solution.
>

Hi Ville!

I am glad to hear some response :) - make me feel more part of misc@.

Yes, in almost all tests done I have flushed the states. Like this:

pfctl -F all && pfctl -d && pfct -ef test.conf

I am starting to guess that the beautiful PF "state machine" really does
not work well with this kind of IP spoofing, to name it better, tproxy.
But this is only a guess.

Oh, and sorry, I forgot to put the new and fresh and working config, here
they are:

# all macros are now living outside, for future anchors files
include "/etc/pf.d/macros.conf"

table  persist file "/etc/pf.d/akamai.table"
table  persist file "/etc/pf.d/int_net.table"

# okey, I really do not think we will need all that mutch,
# but the machine has a lot of resources, why not spare?
set limit states 6304000
set limit tables 5000
set limit src-nodes 20
set limit frags 3000
set optimization aggressive
#set state-policy if-bound
# future is netflow/openflow to network analisys, isn't it?
set state-defaults pflow, no-sync

set skip on lo

#block private nets
block in log quick on {  \
 $ext_if_1,\
 $ext_if_2,\
 $ext_if_3,\
 $squid_master_if, \
 $int_if_1 } from $RFC1918 label "blocking RFC1918"

# trying to prioritizing things
#match in all scrub (no-df max-mss 1440)
match proto tcp flags any no state set prio (3,5)
match proto tcp to port { ssh, 9876 } flags any no state set prio(5,7)
match proto tcp to port { http, https } flags any no state set prio (5,6)
match proto tcp from port { http, https } flags any no state set prio (5,6)
match proto udp no state set prio 4

# test NAT IP_REAL -> IP_REAL:
# $ext_if_4 is a PPPoE pseudo-interface
# testing how to route/nat to a emergency link traffic to/from Akamai
pass out quick on $ext_if_4 to  flags any nat-to ($ext_if_4)
pass in  quick on $squid_master_if proto tcp to  port http flags
any \
 route-to ($ext_if_4 $ext_gw_4)
pass in  quick on $int_if_1 proto tcp to  port != http flags any \
 route-to ($ext_if_4 $ext_gw_4)
pass in  quick on $int_if_1 proto udp to  port != http \
 route-to ($ext_if_4 $ext_gw_4)
pass out quick on { $ext_if_1, $ext_if_2, $ext_if_3 } to  flags any
\
 route-to ($ext_if_4 $ext_gw_4)

# here the magic begins

# just to see how many packets are passing
pass out on $squid_master_if from {, $int_gw_1 } flags any no state
pass out on $squid_master_if to {, $int_gw_1 } flags any no state
pass in  on $squid_master_if from {, $int_gw_1 } flags any no state
pass in  on $squid_master_if to {, $int_gw_1 } flags any no state

# route to squid_master
# ...from int_net
pass in quick on $int_if_1 proto tcp from { , $int_gw_1 } to port
http \
 route-to ($squid_master_if $squid_master_gw) flags any no state set prio
(5,6)
# ...from external_net
pass in quick on { $ext_if_1, $ext_if_2, $ext_if_3 } proto tcp from port
http \
 to { , $int_gw_1 } \
 route-to ($squid_master_if $squid_master_gw) flags any no state set prio
(5,6)

Ville, if you have some idea about keeping states with tproxy in mind, it
will be very welcomed! Thank you :)

Raimundo Santos

Re: PF policy routing route-to rules don’t catch any packet

[Ville Valkonen]

Hi,

just confirming one thing: did you flush the pf states between the
tests? I must admit, I mainly glanced the problem, so sorry if this is
an old tip. This was the first thing that popped into my mind when
reading about your solution.

--
Sincerely,
Ville Valkonen

On 5 June 2013 22:39, Raimundo Santos  wrote:
> I've got the issue solved by disabling states on all rules which deal with
> the tproxy.
>
>
> On 4 June 2013 11:28, Raimundo Santos  wrote:
>
>> I am guessing that the problem lies with flags S/SA.
>>
>> Changing all rules to flags any, and the packets hits the rules, but
>> things go worse: no web navigation... this is driving me mad!
>>
>>
>>
>> On 3 June 2013 13:09, Raimundo Santos  wrote:
>>
>>> Hi there!
>>>
>>> I asked, without an answer, something about nat-to and real IPs. Well, I
>>> really need an answer there, so if someone get a clue, I will be glad tho
>>> hear :)
>>>
>>> Now, to the new issue!
>>>
>>> Here in our WiFi ISP we are have contracted a tproxy service from FreeBSD
>>> Brasil. It is somehow working, but I can not figure out exactly how. Here
>>> is a diagram of the desired paths:
>>>
>>> http://devio.us/~raitech/Obsd53PfTproxy.png
>>>
>>> These are my rules by now:
>>>
>>> RFC1918 = "{ 172.16/12, 192.168/16, 10/8, 127/8 }"
>>> table  persist {  internal nets, all valid IPs }
>>>
>>> ext_if_1 = "em0"
>>> ext_gw_1 = "187.72.X.X"
>>> ext_ip_1 = "187.72.X.X"
>>>
>>> ext_if_2 = "em1"
>>> ext_gw_2 = "187.72.X.X"
>>> ext_ip_2 = "187.72.X.X"
>>>
>>> ext_if_3 = "alc0"
>>> ext_gw_3 = "187.72.X.X"
>>> ext_ip_3 = "187.72.X.X"
>>>
>>> int_if_1 = "em2"
>>> int_gw_1 = "187.72.X.X"
>>> int_ip_1 = "187.72.X.X"
>>>
>>> squid_master_if = "em3"
>>> squid_master_gw = "187.72.X.X"
>>> squid_master_ip = "187.72.X.X"
>>>
>>> set limit states 6304000
>>> set limit tables 5000
>>> set limit src-nodes 20
>>> set limit frags 3000
>>> set optimization aggressive
>>> set state-defaults pflow, no-sync
>>>
>>> set skip on lo
>>>
>>> block in log quick on {  \
>>>  $ext_if_1,\
>>>  $ext_if_2,\
>>>  $ext_if_3,\
>>>  $squid_master_if, \
>>>  $int_if_1 } from $RFC1918 label "blocking RFC1918"
>>>
>>> # trying to prioritizing ACKs...
>>> match set prio (3,5)
>>> # ... and all traffic http. https over the others
>>> match proto tcp to port { http, https } set prio (5,6)
>>> match proto tcp from port { http, https } set prio (5,6)
>>>
>>> match proto tcp to port { ssh, 9876 } set prio(5,7)
>>>
>>> pass in on $int_if_1 proto tcp from { , $int_gw_1 } to port http
>>> \
>>>  route-to ($squid_master_if $squid_master_gw)
>>>
>>> pass in on { $ext_if_1, $ext_if_2, $ext_if_3 } proto tcp from port http \
>>>  to { , $int_gw_1 } \
>>>  route-to ($squid_master_if $squid_master_gw)
>>>
>>> pass in on $squid_master_if proto tcp from { , $int_gw_1 } to \
>>>  port http no state route-to \
>>> { \
>>>   ($ext_if_1 $ext_gw_1) , \
>>>   ($ext_if_2 $ext_gw_2)   \
>>> } least-states label "cahce external outbound balancing"
>>>
>>> pass in on $squid_master_if proto tcp from port http\
>>>  to { , $int_gw_1 } route-to ($int_if_1 $int_gw_1)   \
>>>  label "cahce internal outbound routing"
>>>
>>> An here are a pfctl -vsr output:
>>>
>>> block drop in log quick on em0 inet from 172.16.0.0/12 to any label
>>> "blocking RFC1918"
>>>   [ Evaluations: 61764339  Packets: 332   Bytes: 32854   States:
>>> 0 ]
>>>   [ Inserted: uid 0 pid 19584 State Creations: 0 ]
>>> block drop in log quick on em0 inet from 192.168.0.0/16 to any label
>>> "blocking RFC1918"
>>>   [ Evaluations: 5883927   Packets: 114   Bytes: 28621   States:
>>> 0 ]
>>>   [ Inserted: uid 0 pid 19584 State Creations: 0 ]
>>> block drop in log quick on em0 inet from 10.0.0.0/8 to any label
>>> "blocking RFC1918"
>>>   [ Evaluations: 5883813   Packets: 170   Bytes: 18354   States:
>>> 0 ]
>>>   [ Inserted: uid 0 pid 19584 State Creations: 0 ]
>>> block drop in log quick on em0 inet from 127.0.0.0/8 to any label
>>> "blocking RFC1918"
>>>   [ Evaluations: 5883643   Packets: 0 Bytes: 0   States:
>>> 0 ]
>>>   [ Inserted: uid 0 pid 19584 State Creations: 0 ]
>>> block drop in log quick on em1 inet from 172.16.0.0/12 to any label
>>> "blocking RFC1918"
>>>   [ Evaluations: 60684174  Packets: 305   Bytes: 30912   States:
>>> 0 ]
>>>   [ Inserted: uid 0 pid 19584 State Creations: 0 ]
>>> block drop in log quick on em1 inet from 192.168.0.0/16 to any label
>>> "blocking RFC1918"
>>>   [ Evaluations: 6862827   Packets: 93Bytes: 9232States:
>>> 0 ]
>>>   [ Inserted: uid 0 pid 19584 State Creations: 0 ]
>>> block drop in log quick on em1 inet from 10.0.0.0/8 to any label
>>> "blocking RFC1918"
>>>   [ Evaluations: 6862734   Packets: 196   Bytes: 19396   States:
>>> 0 ]
>>>   [ Inserted: uid 0 pid 19584 State Creations: 0 ]
>>> block drop in log quick on em1 inet from 127.0.0.0/8 to any label
>>> "blocking RFC1918"
>>>   [ Eva

Re: rsync too slow between two disks with softraid crypto

[Martin Schröder]

2013/6/5 Henning Brauer :
> * Nick  [2013-03-02 04:09]:
>> Atom = low power consumption for low performance processing.
>
> err, no. the current atoms are blazingly fast really. and

"Current" being Cedarview? Because the network appliances I've seen
till today (e.g. from Lanner or Bytemine) still have the Pineview
(D510) CPUs.

Best
   Martin

Re: OSPF ABR/ASBR issue

[Stijn]

On 5/06/2013 0:16, Claudio Jeker wrote:

On Mon, Jun 03, 2013 at 03:43:21PM +0300, Kapetanakis Giannis wrote:

On 01/06/13 18:44, Claudio Jeker wrote:

Can you give this diff a spin? Not much tested but the current way we
define an area as active (having at least one active neighbor) is wrong.
This changes the decision to have at least one active interface
(not IF_STA_DOWN). Not sure if that will cause troubles with passive
interfaces since those are not considered active.  At least it seems that
RFC 3509 uses this to define active areas.

Thanks

Just tested this diff and it does not work in my case for passive
interfaces (either carp or loopback).

area 0.0.0.7 {
stub
interface carp8 {passive}
interface lo1 {passive}
}

If I add carp8 or lo1 in area 0.0.0.0 then the routes are announced.


Yeah, while the diff fixed the B flag it did not solve the problem that we
skipped our own networks. This version should solve that (at least it does
in my quick test).

Needs lots of testing since this changes core parts of the route calculation.

Hi Claudio,

I tried your second patch as well. Initially it looks well. When soekris 
is the only OSPF router in area 0.0.0.3, the connected network in area 
0.0.0.3 is announced properly on the Cisco router.


However, when I add eeepc in area 0.0.0.3 the route remains announced, 
BUT it's removed as soon as I stop ospfd on eeepc. Doing a "ospfctl 
reload" on soekris brings it back in the initial state (route is 
announced on Cisco router).


Also when I disconnect sis2 on soekris (interface in area 0.0.0.3), 
soekris is shown as an "ASBR" router on the Cisco router. Plugging sis2 
back in makes the state again "ABR/ASBR" (and also gets the connected 
network in area 0.0.0.3 back in the routing table).


Looking promising.

G,
Stijn

Re: PF policy routing route-to rules don’t catch any packet

[Raimundo Santos]

I've got the issue solved by disabling states on all rules which deal with
the tproxy.


On 4 June 2013 11:28, Raimundo Santos  wrote:

> I am guessing that the problem lies with flags S/SA.
>
> Changing all rules to flags any, and the packets hits the rules, but
> things go worse: no web navigation... this is driving me mad!
>
>
>
> On 3 June 2013 13:09, Raimundo Santos  wrote:
>
>> Hi there!
>>
>> I asked, without an answer, something about nat-to and real IPs. Well, I
>> really need an answer there, so if someone get a clue, I will be glad tho
>> hear :)
>>
>> Now, to the new issue!
>>
>> Here in our WiFi ISP we are have contracted a tproxy service from FreeBSD
>> Brasil. It is somehow working, but I can not figure out exactly how. Here
>> is a diagram of the desired paths:
>>
>> http://devio.us/~raitech/Obsd53PfTproxy.png
>>
>> These are my rules by now:
>>
>> RFC1918 = "{ 172.16/12, 192.168/16, 10/8, 127/8 }"
>> table  persist {  internal nets, all valid IPs }
>>
>> ext_if_1 = "em0"
>> ext_gw_1 = "187.72.X.X"
>> ext_ip_1 = "187.72.X.X"
>>
>> ext_if_2 = "em1"
>> ext_gw_2 = "187.72.X.X"
>> ext_ip_2 = "187.72.X.X"
>>
>> ext_if_3 = "alc0"
>> ext_gw_3 = "187.72.X.X"
>> ext_ip_3 = "187.72.X.X"
>>
>> int_if_1 = "em2"
>> int_gw_1 = "187.72.X.X"
>> int_ip_1 = "187.72.X.X"
>>
>> squid_master_if = "em3"
>> squid_master_gw = "187.72.X.X"
>> squid_master_ip = "187.72.X.X"
>>
>> set limit states 6304000
>> set limit tables 5000
>> set limit src-nodes 20
>> set limit frags 3000
>> set optimization aggressive
>> set state-defaults pflow, no-sync
>>
>> set skip on lo
>>
>> block in log quick on {  \
>>  $ext_if_1,\
>>  $ext_if_2,\
>>  $ext_if_3,\
>>  $squid_master_if, \
>>  $int_if_1 } from $RFC1918 label "blocking RFC1918"
>>
>> # trying to prioritizing ACKs...
>> match set prio (3,5)
>> # ... and all traffic http. https over the others
>> match proto tcp to port { http, https } set prio (5,6)
>> match proto tcp from port { http, https } set prio (5,6)
>>
>> match proto tcp to port { ssh, 9876 } set prio(5,7)
>>
>> pass in on $int_if_1 proto tcp from { , $int_gw_1 } to port http
>> \
>>  route-to ($squid_master_if $squid_master_gw)
>>
>> pass in on { $ext_if_1, $ext_if_2, $ext_if_3 } proto tcp from port http \
>>  to { , $int_gw_1 } \
>>  route-to ($squid_master_if $squid_master_gw)
>>
>> pass in on $squid_master_if proto tcp from { , $int_gw_1 } to \
>>  port http no state route-to \
>> { \
>>   ($ext_if_1 $ext_gw_1) , \
>>   ($ext_if_2 $ext_gw_2)   \
>> } least-states label "cahce external outbound balancing"
>>
>> pass in on $squid_master_if proto tcp from port http\
>>  to { , $int_gw_1 } route-to ($int_if_1 $int_gw_1)   \
>>  label "cahce internal outbound routing"
>>
>> An here are a pfctl -vsr output:
>>
>> block drop in log quick on em0 inet from 172.16.0.0/12 to any label
>> "blocking RFC1918"
>>   [ Evaluations: 61764339  Packets: 332   Bytes: 32854   States:
>> 0 ]
>>   [ Inserted: uid 0 pid 19584 State Creations: 0 ]
>> block drop in log quick on em0 inet from 192.168.0.0/16 to any label
>> "blocking RFC1918"
>>   [ Evaluations: 5883927   Packets: 114   Bytes: 28621   States:
>> 0 ]
>>   [ Inserted: uid 0 pid 19584 State Creations: 0 ]
>> block drop in log quick on em0 inet from 10.0.0.0/8 to any label
>> "blocking RFC1918"
>>   [ Evaluations: 5883813   Packets: 170   Bytes: 18354   States:
>> 0 ]
>>   [ Inserted: uid 0 pid 19584 State Creations: 0 ]
>> block drop in log quick on em0 inet from 127.0.0.0/8 to any label
>> "blocking RFC1918"
>>   [ Evaluations: 5883643   Packets: 0 Bytes: 0   States:
>> 0 ]
>>   [ Inserted: uid 0 pid 19584 State Creations: 0 ]
>> block drop in log quick on em1 inet from 172.16.0.0/12 to any label
>> "blocking RFC1918"
>>   [ Evaluations: 60684174  Packets: 305   Bytes: 30912   States:
>> 0 ]
>>   [ Inserted: uid 0 pid 19584 State Creations: 0 ]
>> block drop in log quick on em1 inet from 192.168.0.0/16 to any label
>> "blocking RFC1918"
>>   [ Evaluations: 6862827   Packets: 93Bytes: 9232States:
>> 0 ]
>>   [ Inserted: uid 0 pid 19584 State Creations: 0 ]
>> block drop in log quick on em1 inet from 10.0.0.0/8 to any label
>> "blocking RFC1918"
>>   [ Evaluations: 6862734   Packets: 196   Bytes: 19396   States:
>> 0 ]
>>   [ Inserted: uid 0 pid 19584 State Creations: 0 ]
>> block drop in log quick on em1 inet from 127.0.0.0/8 to any label
>> "blocking RFC1918"
>>   [ Evaluations: 6862538   Packets: 0 Bytes: 0   States:
>> 0 ]
>>   [ Inserted: uid 0 pid 19584 State Creations: 0 ]
>> block drop in log quick on alc0 inet from 172.16.0.0/12 to any label
>> "blocking RFC1918"
>>   [ Evaluations: 50726925  Packets: 304   Bytes: 30856   States:
>> 0 ]
>>   [ Inserted: uid 0 pid 19584 State Creations: 0 ]
>> block drop in log quick on alc0 inet from 192.168.0.0/16 to any label
>> "block

Re: renaming name of interfaces

[Henning Brauer]

* Jiri B  [2013-03-14 16:32]:
> Situation: onboard network card is broken and was used in OS.
> You just plug additional network card, and disable the old
> one via `config' (is this right?). The "policy" in your
> setup is the order of network cards make some logic:
> * 1st backup/installation
> * 2nd service
> * 3rd admin access
> Now you don't use old broken card but you can't make new
> one being first for example. I don't say this is good
> design but I saw it used a lot in my previous job.
> Renaming new card to old one is impossible.

if you had used a one-member interface group to refer to that
interface in the first place you'd only had to deal with the
hostname.if file, at least in many scenarios.

-- 
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de, Full-Service ISP
Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully Managed
Henning Brauer Consulting, http://henningbrauer.com/

Re: announce nat pool to ospf

[Stuart Henderson]

On 2013-06-05, Kapetanakis Giannis  wrote:
> Hi,
>
> I'm setting up a pair off redundant carp/pfsync firewalls/routers to 
> perform as VLAN gateways.
> The firewalls will announce the VLAN networks to OSPF and also will do 
> NAT on traffic destinating to the internet.
>
> I'm using a carp interface to announce the NAT pool to OSPF which works 
> but I'm not feeling very sure about it.
> I've also tried setting up a blackhole route but failover didn't work on 
> carpdemote.
>
> Would anyone suggest a better way to do this?
>
> thanks,
>
> Giannis
>
>

This seems perfectly reasonable to me, and useful whether it's done to
announce into OSPF as well, or just straight routing.

I've also done similar using carp interfaces for a subnet covering
VPN clients before (using ifstated to kill isakmpd on the backup /
start isakmpd on the master, as needed).

Re: pf: inline anchor rules in not enough to keep tables in memory?

[Henning Brauer]

* Maxim Khitrov  [2013-03-13 18:57]:
> I was a bit surprised by the following behavior when configuring pf on
> OpenBSD 5.2. Non-persistent tables that are only referenced by inline
> anchor rules, as in the following example, are removed from memory
> when pf.conf is loaded.

not-so-wild guess - that's the dreaded table namespace stuff. don't ask
unless you're a coder - the table code really needs a rewrite. a close
look at npf's table code (note that I didn't, so I don't have an
opnion on it) before starting from scratch is in order.
and code != user visible interface, before i get that whining again.

-- 
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de, Full-Service ISP
Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully Managed
Henning Brauer Consulting, http://henningbrauer.com/

A type in the man page for re_format

[Peter Fraser]

 [[:>:]]
 Anchors the single character regular expression or subexpression
 immediately following it to the end of a word.

Should say 

[[:>:]]
 Anchors the single character regular expression or subexpression
 immediately preceding it to the end of a word.

Re: rsync too slow between two disks with softraid crypto

[Stuart Henderson]

On 2013-06-05, Henning Brauer  wrote:
> * Nick  [2013-03-02 04:09]:
>> Atom = low power consumption for low performance processing.
>
> err, no. the current atoms are blazingly fast really. and
>
>> Crypto
>
> they do for breakfast.

the next ones should be *much* better.

Re: rsync too slow between two disks with softraid crypto

[Henning Brauer]

* Henning Brauer  [2013-06-05 20:05]:
> * Nick  [2013-03-02 04:09]:
> > Atom = low power consumption for low performance processing.
> err, no. the current atoms are blazingly fast really. and

ewps. I didn't mean to send this to the list. without context that
statement isn't true - nick & I know each other for MANY years, so
he'll understand it :)

-- 
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de, Full-Service ISP
Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully Managed
Henning Brauer Consulting, http://henningbrauer.com/

Re: rsync too slow between two disks with softraid crypto

[Henning Brauer]

* Nick  [2013-03-02 04:09]:
> Atom = low power consumption for low performance processing.

err, no. the current atoms are blazingly fast really. and

> Crypto

they do for breakfast.

-- 
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de, Full-Service ISP
Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully Managed
Henning Brauer Consulting, http://henningbrauer.com/

Suspend/Resume on Lemote Yeeloong netbook

[Garry Taylor]

Hello,
Apologies if this is the wrong group, I could not find a list specific to
MIPS/Loongson devices.

I have installed OpenBSD onto my Lemote netbook, and have apmd running on
startup. If I run the command 'zzz' the computer suspends perfectly.
However, on turning the machine back on, it boots as normal, with complains
about being uncleanly shutdown.

On closing the lid of the netbook, the computer remains on.

So, simply put, how can I make suspend/resume work? I'm happy to run the
'zzz' command instead of closing the lid, I'd just like to know how to make
it work at all.

Thanks

Garry

Re: 5.2 > 5.3 mouse issues

[F Bax]

On Tue, Jun 4, 2013 at 1:19 PM, F Bax  wrote:

> I just upgraded from 5.2-release to 5.3-release and notice the following
> issues with touchpad mouse control.
> 1) using left-click then drag to hilight then copy text no longer works;
> happens in term window or gui app (ie: firefox).
> 2) When using google maps in firefox; the mouse pointer takes about 2-3
> seconds to convert from pointer to grab/drag to move map within window.
> 3) Another website I use has an interface to maps; left-click mouse never
> converts from pointer to grab/drag mode.
>


After further testing; I find that all three issues are in fact a single
problem.  When I left-click, I must wait 3 seconds before taking any of the
previously mentioned drag actions (either to hilight text or to scroll
maps).  I also found that the same issue arises when trying to move or
resize a window.

Can someone please point me to the correct file that allows me to tinker
with settings that will "fix" this behaviour?

dmesg follows

OpenBSD 5.3 (GENERIC.MP) #62: Tue Mar 12 18:21:20 MDT 2013
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 3218931712 (3069MB)
avail mem = 3110813696 (2966MB)
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xe0010 (68 entries)
bios0: vendor LENOVO version "7IET30WW (1.11 )" date 07/13/2007
bios0: LENOVO 8744J2U
acpi0 at bios0: rev 2
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP SSDT ECDT TCPA APIC MCFG HPET SLIC BOOT SSDT SSDT
SSDT S
SDT
acpi0: wakeup devices LID_(S3) SLPB(S3) LURT(S3) DURT(S3) EXP0(S4) EXP1(S4)
EXP2
(S4) EXP3(S4) PCI1(S4) USB0(S3) USB1(S3) USB2(S3) USB7(S3) HDEF(S4)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpiec0 at acpi0
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM)2 CPU T7200 @ 2.00GHz, 1994.62 MHz
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CF
LUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,EST,TM
2,SSSE3,CX16,xTPR,PDCM,LONG,LAHF,PERF
cpu0: 4MB 64b/line 16-way L2 cache
cpu0: apic clock running at 166MHz
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Intel(R) Core(TM)2 CPU T7200 @ 2.00GHz, 1994.34 MHz
cpu1:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CF
LUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,EST,TM
2,SSSE3,CX16,xTPR,PDCM,LONG,LAHF,PERF
cpu1: 4MB 64b/line 16-way L2 cache
ioapic0 at mainbus0: apid 1 pa 0xfec0, version 20, 24 pins
ioapic0: misconfigured as apic 2, remapped to apid 1
acpimcfg0 at acpi0 addr 0xf000, bus 0-63
acpihpet0 at acpi0: 14318179 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 1 (AGP_)
acpiprt2 at acpi0: bus 2 (EXP0)
acpiprt3 at acpi0: bus 3 (EXP1)
acpiprt4 at acpi0: bus 4 (EXP2)
acpiprt5 at acpi0: bus 12 (EXP3)
acpiprt6 at acpi0: bus 21 (PCI1)
acpicpu0 at acpi0: C3, C2, C1, PSS
acpicpu1 at acpi0: C3, C2, C1, PSS
acpipwrres0 at acpi0: PUBS
acpitz0 at acpi0: critical temperature is 127 degC
acpitz1 at acpi0: critical temperature is 100 degC
acpibtn0 at acpi0: LID_
acpibtn1 at acpi0: SLPB
acpibat0 at acpi0: BAT0 model "92P1133" serial  4562 type LION oem
"Panasonic"
acpibat1 at acpi0: BAT1 not present
acpiac0 at acpi0: AC unit online
acpithinkpad0 at acpi0
acpidock0 at acpi0: GDCK not docked (0)
cpu0: Enhanced SpeedStep 1994 MHz: speeds: 2000, 1667, 1333, 1000 MHz
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "Intel 82945GM Host" rev 0x03
ppb0 at pci0 dev 1 function 0 "Intel 82945GM PCIE" rev 0x03: msi
pci1 at ppb0 bus 1
vga1 at pci1 dev 0 function 0 "ATI Mobility FireGL V5250" rev 0x00
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
radeondrm0 at vga1: apic 1 int 16
drm0 at radeondrm0
azalia0 at pci0 dev 27 function 0 "Intel 82801GB HD Audio" rev 0x02: msi
azalia0: codecs: Analog Devices AD1981HD, Conexant/0x2bfa, using Analog
Devices
AD1981HD
audio0 at azalia0
ppb1 at pci0 dev 28 function 0 "Intel 82801GB PCIE" rev 0x02: msi
pci2 at ppb1 bus 2
em0 at pci2 dev 0 function 0 "Intel PRO/1000MT (82573L)" rev 0x00: msi,
address
00:1a:6b:6b:20:6c
ppb2 at pci0 dev 28 function 1 "Intel 82801GB PCIE" rev 0x02: msi
pci3 at ppb2 bus 3
wpi0 at pci3 dev 0 function 0 "Intel PRO/Wireless 3945ABG" rev 0x02: msi,
MoW1,
address 00:1b:77:8d:23:55
ppb3 at pci0 dev 28 function 2 "Intel 82801GB PCIE" rev 0x02: msi
pci4 at ppb3 bus 4
ppb4 at pci0 dev 28 function 3 "Intel 82801GB PCIE" rev 0x02: msi
pci5 at ppb4 bus 12
uhci0 at pci0 dev 29 function 0 "Intel 82801GB USB" rev 0x02: apic 1 int 16
uhci1 at pci0 dev 29 function 1 "Intel 82801GB USB" rev 0x02: apic 1 int 17
uhci2 at pci0 dev 29 function 2 "Intel 82801GB USB" rev 0x02: apic 1 int 18
uhci3 at pci0 dev 29 function 3 "Intel 82801GB USB" rev 0x02: apic 1 int 19
ehci0 at pci0 dev 29 function 7 "Intel 82801GB USB" rev 0x02: apic 1 int 19
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 "Intel EHCI root hub" rev 2.00/1.00 

Re: Shell for PF

[Henning Brauer]

* Fil DiNoto  [2013-02-16 21:54]:
> I prefer rule processing order

kinda funny, that is what I consider the biggest (and unfixable)
mistake in pf.

but that's all history.

-- 
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de, Full-Service ISP
Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully Managed
Henning Brauer Consulting, http://henningbrauer.com/

Re: Compiler erro building 5.3

[Zoran Kolic]

> ../../../../arch/i386/i386/locore.s:1755: Error: no such instruction: `stac'
> ../../../../arch/i386/i386/locore.s:1759: Error: no such instruction: `clac'

I'd start from this.

 Zoran

announce nat pool to ospf

[Kapetanakis Giannis]

Hi,

I'm setting up a pair off redundant carp/pfsync firewalls/routers to 
perform as VLAN gateways.
The firewalls will announce the VLAN networks to OSPF and also will do 
NAT on traffic destinating to the internet.


I'm using a carp interface to announce the NAT pool to OSPF which works 
but I'm not feeling very sure about it.
I've also tried setting up a blackhole route but failover didn't work on 
carpdemote.


Would anyone suggest a better way to do this?

thanks,

Giannis

Re: Compiler error building 5.3

[Marc Espie]

On Wed, Jun 05, 2013 at 07:01:27PM +1000, John Tate wrote:
> I am having trouble building 5.3, I ran cvs a second time just be to be
> sure everything was right.
> ../../../../arch/i386/i386/locore.s
> ../../../../arch/i386/i386/locore.s: Assembler messages:
> ../../../../arch/i386/i386/locore.s:1755: Error: no such instruction: `stac'
> ../../../../arch/i386/i386/locore.s:1759: Error: no such instruction: `clac'
> *** Error code 1

You didn't read the FAQ, did you ? especially the part about 
"following current"...

Remote OpenBSD configuration

[sven falempin]

Will/Do openBSD provide an OpenFlow daemon ?

-- 
-
() ascii ribbon campaign - against html e-mail
/\

Re: Compiler error building 5.3

[Jonathan Gray]

On Wed, Jun 05, 2013 at 07:01:27PM +1000, John Tate wrote:
> I am having trouble building 5.3, I ran cvs a second time just be to be
> sure everything was right.
> 
> # make clean && make
> rm -f eddep *bsd *bsd.gdb tags *.[dio] [a-z]*.s  [Ee]rrs linterrs assym.h
> cat ../../../../arch/i386/i386/genassym.cf ../../../../arch/i386/i386/
> genassym.cf |  sh ../../../../kern/genassym.sh cc  -Werror -Wall
> -Wstrict-prototypes -Wmissing-prototypes  -Wno-main -Wno-uninitialized
> -Wno-format  -Wstack-larger-than-2047  -fno-builtin-printf
> -fno-builtin-snprintf  -fno-builtin-vsnprintf -fno-builtin-log
>  -fno-builtin-log2 -fno-builtin-malloc  -O2 -pipe -nostdinc -I.
> -I../../../.. -I../../../../arch -DDDB -DDIAGNOSTIC -DKTRACE -DACCOUNTING
> -DKMEMSTATS -DPTRACE -DCRYPTO -DSYSVMSG -DSYSVSEM -DSYSVSHM
> -DUVM_SWAP_ENCRYPT -DCOMPAT_43 -DCOMPAT_O51 -DLKM -DFFS -DFFS2
> -DFFS_SOFTUPDATES -DUFS_DIRHASH -DQUOTA -DEXT2FS -DMFS -DNFSCLIENT
> -DNFSSERVER -DCD9660 -DUDF -DMSDOSFS -DFIFO -DSOCKET_SPLICE -DTCP_SACK
> -DTCP_ECN -DTCP_SIGNATURE -DINET -DALTQ -DINET6 -DIPSEC -DPPP_BSDCOMP
> -DPPP_DEFLATE -DPIPEX -DMROUTING -DMPLS -DBOOT_CONFIG -DUSER_PCICONF
> -DKVM86 -DUSER_LDT -DAPERTURE -DCOMPAT_LINUX -DPROCFS -DNTFS -DHIBERNATE
> -DPCIVERBOSE -DEISAVERBOSE -DUSBVERBOSE -DWSDISPLAY_COMPAT_USL
> -DWSDISPLAY_COMPAT_RAWKBD -DWSDISPLAY_DEFAULTSCREENS="6"
> -DWSDISPLAY_COMPAT_PCVT -DX86EMU -DONEWIREVERBOSE -DMAXUSERS=80 -D_KERNEL
> -MD -MP -MF assym.P > assym.h.tmp
> sed '1s/.*/assym.h: \\/' assym.P > assym.d
> sort -u assym.h.tmp > assym.h
> cc -D_LOCORE -x assembler-with-cpp  -fno-builtin-printf
> -fno-builtin-snprintf  -fno-builtin-vsnprintf -fno-builtin-log
>  -fno-builtin-log2 -fno-builtin-malloc  -nostdinc -I. -I../../../..
> -I../../../../arch -DDDB -DDIAGNOSTIC -DKTRACE -DACCOUNTING -DKMEMSTATS
> -DPTRACE -DCRYPTO -DSYSVMSG -DSYSVSEM -DSYSVSHM -DUVM_SWAP_ENCRYPT
> -DCOMPAT_43 -DCOMPAT_O51 -DLKM -DFFS -DFFS2 -DFFS_SOFTUPDATES -DUFS_DIRHASH
> -DQUOTA -DEXT2FS -DMFS -DNFSCLIENT -DNFSSERVER -DCD9660 -DUDF -DMSDOSFS
> -DFIFO -DSOCKET_SPLICE -DTCP_SACK -DTCP_ECN -DTCP_SIGNATURE -DINET -DALTQ
> -DINET6 -DIPSEC -DPPP_BSDCOMP -DPPP_DEFLATE -DPIPEX -DMROUTING -DMPLS
> -DBOOT_CONFIG -DUSER_PCICONF -DKVM86 -DUSER_LDT -DAPERTURE -DCOMPAT_LINUX
> -DPROCFS -DNTFS -DHIBERNATE -DPCIVERBOSE -DEISAVERBOSE -DUSBVERBOSE
> -DWSDISPLAY_COMPAT_USL -DWSDISPLAY_COMPAT_RAWKBD
> -DWSDISPLAY_DEFAULTSCREENS="6" -DWSDISPLAY_COMPAT_PCVT -DX86EMU
> -DONEWIREVERBOSE -DMAXUSERS=80 -D_KERNEL -MD -MP -c
> ../../../../arch/i386/i386/locore.s
> ../../../../arch/i386/i386/locore.s: Assembler messages:
> ../../../../arch/i386/i386/locore.s:1755: Error: no such instruction: `stac'
> ../../../../arch/i386/i386/locore.s:1759: Error: no such instruction: `clac'
> *** Error code 1
> 
> Stop in /usr/src/sys/arch/i386/compile/KINTARO (line 165 of /usr/share/mk/
> sys.mk).
> 
> KINTARO is just GENERIC with a pretty name.

You need an an updated binutils that supports those instructions.
The easiest way to get this a binary upgrade to 5.3.

Re: Compiler error building 5.3

[Scott McEachern]

On 06/05/13 05:01, John Tate wrote:

I am having trouble building 5.3, I ran cvs a second time just be to be
sure everything was right.


You are referring to -current, right?

Amd64 works fine, I don't know about i386.

OpenBSD 5.3-current (GENERIC.MP) #0: Wed Jun  5 04:14:56 EDT 2013
r...@elminster.blackstaff.ca:/usr/src/sys/arch/amd64/compile/GENERIC.MP


--
Scott McEachern

https://www.blackstaff.ca

"Those who would give up essential liberty to purchase a little temporary safety 
deserve neither liberty nor safety." -- Benjamin Franklin

Re: OSPF ABR/ASBR issue

[Kapetanakis Giannis]

On 05/06/13 10:50, Kapetanakis Giannis wrote:

On 05/06/13 01:16, Claudio Jeker wrote:
Yeah, while the diff fixed the B flag it did not solve the problem 
that we skipped our own networks. This version should solve that (at 
least it does in my quick test). Needs lots of testing since this 
changes core parts of the route calculation. 


First impression is good :)

Finally I'm getting my networks advertised.
I'll test it more and report if something is wrong.

G



I think I discovered a strange situation in this.

The following setup works:

no redistribute 10.1.30.0/30
#redistribute connected
#redistribute static

area 0.0.0.0 {
   interface bge0 {
  auth-type crypt
  auth-md xx xx
  auth-md-keyid xx
   }
}

area 0.0.0.7 {
   stub
   interface lo1 {passive}
   interface carp8 {passive}
   interface carp79 {passive}
}

If I remove lo1 from area .7 then the routes to carp8 and carp79 are lost...
although I can see them in

# ospfctl s d area 0.0.0.0

Summary Net Link States (Area 0.0.0.0)
10.0.8.0  obsd-router-id556  0x8004 0xfb7d
10.0.79.0 obsd-router-id556  0x8004 0xfb7d

G

Compiler error building 5.3

[John Tate]

I am having trouble building 5.3, I ran cvs a second time just be to be
sure everything was right.

# make clean && make
rm -f eddep *bsd *bsd.gdb tags *.[dio] [a-z]*.s  [Ee]rrs linterrs assym.h
cat ../../../../arch/i386/i386/genassym.cf ../../../../arch/i386/i386/
genassym.cf |  sh ../../../../kern/genassym.sh cc  -Werror -Wall
-Wstrict-prototypes -Wmissing-prototypes  -Wno-main -Wno-uninitialized
-Wno-format  -Wstack-larger-than-2047  -fno-builtin-printf
-fno-builtin-snprintf  -fno-builtin-vsnprintf -fno-builtin-log
 -fno-builtin-log2 -fno-builtin-malloc  -O2 -pipe -nostdinc -I.
-I../../../.. -I../../../../arch -DDDB -DDIAGNOSTIC -DKTRACE -DACCOUNTING
-DKMEMSTATS -DPTRACE -DCRYPTO -DSYSVMSG -DSYSVSEM -DSYSVSHM
-DUVM_SWAP_ENCRYPT -DCOMPAT_43 -DCOMPAT_O51 -DLKM -DFFS -DFFS2
-DFFS_SOFTUPDATES -DUFS_DIRHASH -DQUOTA -DEXT2FS -DMFS -DNFSCLIENT
-DNFSSERVER -DCD9660 -DUDF -DMSDOSFS -DFIFO -DSOCKET_SPLICE -DTCP_SACK
-DTCP_ECN -DTCP_SIGNATURE -DINET -DALTQ -DINET6 -DIPSEC -DPPP_BSDCOMP
-DPPP_DEFLATE -DPIPEX -DMROUTING -DMPLS -DBOOT_CONFIG -DUSER_PCICONF
-DKVM86 -DUSER_LDT -DAPERTURE -DCOMPAT_LINUX -DPROCFS -DNTFS -DHIBERNATE
-DPCIVERBOSE -DEISAVERBOSE -DUSBVERBOSE -DWSDISPLAY_COMPAT_USL
-DWSDISPLAY_COMPAT_RAWKBD -DWSDISPLAY_DEFAULTSCREENS="6"
-DWSDISPLAY_COMPAT_PCVT -DX86EMU -DONEWIREVERBOSE -DMAXUSERS=80 -D_KERNEL
-MD -MP -MF assym.P > assym.h.tmp
sed '1s/.*/assym.h: \\/' assym.P > assym.d
sort -u assym.h.tmp > assym.h
cc -D_LOCORE -x assembler-with-cpp  -fno-builtin-printf
-fno-builtin-snprintf  -fno-builtin-vsnprintf -fno-builtin-log
 -fno-builtin-log2 -fno-builtin-malloc  -nostdinc -I. -I../../../..
-I../../../../arch -DDDB -DDIAGNOSTIC -DKTRACE -DACCOUNTING -DKMEMSTATS
-DPTRACE -DCRYPTO -DSYSVMSG -DSYSVSEM -DSYSVSHM -DUVM_SWAP_ENCRYPT
-DCOMPAT_43 -DCOMPAT_O51 -DLKM -DFFS -DFFS2 -DFFS_SOFTUPDATES -DUFS_DIRHASH
-DQUOTA -DEXT2FS -DMFS -DNFSCLIENT -DNFSSERVER -DCD9660 -DUDF -DMSDOSFS
-DFIFO -DSOCKET_SPLICE -DTCP_SACK -DTCP_ECN -DTCP_SIGNATURE -DINET -DALTQ
-DINET6 -DIPSEC -DPPP_BSDCOMP -DPPP_DEFLATE -DPIPEX -DMROUTING -DMPLS
-DBOOT_CONFIG -DUSER_PCICONF -DKVM86 -DUSER_LDT -DAPERTURE -DCOMPAT_LINUX
-DPROCFS -DNTFS -DHIBERNATE -DPCIVERBOSE -DEISAVERBOSE -DUSBVERBOSE
-DWSDISPLAY_COMPAT_USL -DWSDISPLAY_COMPAT_RAWKBD
-DWSDISPLAY_DEFAULTSCREENS="6" -DWSDISPLAY_COMPAT_PCVT -DX86EMU
-DONEWIREVERBOSE -DMAXUSERS=80 -D_KERNEL -MD -MP -c
../../../../arch/i386/i386/locore.s
../../../../arch/i386/i386/locore.s: Assembler messages:
../../../../arch/i386/i386/locore.s:1755: Error: no such instruction: `stac'
../../../../arch/i386/i386/locore.s:1759: Error: no such instruction: `clac'
*** Error code 1

Stop in /usr/src/sys/arch/i386/compile/KINTARO (line 165 of /usr/share/mk/
sys.mk).

KINTARO is just GENERIC with a pretty name.

-- 
www.johntate.org

Re: OSPF ABR/ASBR issue

[Kapetanakis Giannis]

On 05/06/13 01:16, Claudio Jeker wrote:
Yeah, while the diff fixed the B flag it did not solve the problem 
that we skipped our own networks. This version should solve that (at 
least it does in my quick test). Needs lots of testing since this 
changes core parts of the route calculation. 


First impression is good :)

Finally I'm getting my networks advertised.
I'll test it more and report if something is wrong.

G