ipmi(4) and acpi(4) - ACPI IPMI Operation Region
hi there. i saw there was (again) question about ipmi(4) being disabled while acpi(4) is running. fyi, there is a new thingy which allows IPMI run on top of ACPI - ACPI IPMI Operation Region. http://msdn.microsoft.com/en-us/library/windows/hardware/ff543825%28v=vs.85%29.aspx http://www.intel.com/content/dam/www/public/us/en/documents/product-briefs/ipmi-second-gen-interface-spec-v2-rev1-1.pdf per MS article, it is relatively new (only available on Win7 and up). not sure about motherboard firmwares support, but spec itself is definitely there, waiting for someone to implement it ;) so it's at least theoretically possible to have ipmi(4) either at apic(4), or at mainbus(4). cheers, alexey
net.inet.ip.arpqueued
Hi, I was doing some ARP troubleshooting, and noticed this sysctl variable, and was wondering what it is for? On our office firewall with just 14 ARP entries, I see it's normally at 0 but on a busy data centre firewall with 1,541 ARP entries, it seems to always be at or near 100, and never above. This is just speculation, but it would appear that the maximum queue length is 100, and that ARP requests may potentially be dropped above that number? Can somebody confirm this? Am I currently running into ARP limitations, or this is indicative of other problems? Is it possible to increase the queue length to something larger through the kernel configuration or at compile time, and would this be advisable? Thanks, Han
FAQ 7.3
Hi all, since installing 5.4 release on my amd64 laptop I am enjoying really nice (sun like!) fonts due to the implemented framebuffer for CLI. Unfortunately scrollback with shift+pgup does not work anymore and faq 7.3 does not mention this at all. What should i do to have scrollback again? Btw, to mitigate this fact, is there maybe a mode to determine the geometry of cli framebuffer, like 80x50 or 100x40 etc? Thanks
Re: Patch to remove adult content from spamd(8) man page
On 11/21/2013 12:33 PM, J. Lewis Muir wrote: I found some of the example email addresses and domains in the spamd(8) man page to be somewhat adult in nature. If given the choice, I'd choose to read the man page without the adult content. Here's a patch against -current that replaces the adult examples with cleaner alternatives. Would a developer be willing to accept this patch? you want really dirty smut? We got LAWYERS e-mail addresses in the man pages. Talk about something to keep the kids away from... I don't think that's gonna fly. Those particular ones almost qualify as a signature -- anyone who's worked with the project for a while will look at those and say, Oh, I know who wrote this! Stuff like this is part of the fun for people developing OpenBSD (and hopefully, fun for some of the users). Please understand that we don't want anyone to take away our fun. As someone who works in a professional environment, where results don't matter as long as the word Enterprise grade is attached to the product, and security is important, as long as it doesn't get in the way of ANYTHING else, and failure is fine, as long as there's an outside company you can blame it on, a little unprofessionalism is a relief. Nick.
[fwd jlm...@imca-cat.org: Patch to remove adult content from spamd(8) man page]
- Forwarded message from J. Lewis Muir jlm...@imca-cat.org - Date: Thu, 21 Nov 2013 11:33:41 -0600 From: J. Lewis Muir jlm...@imca-cat.org To: misc@openbsd.org Subject: Patch to remove adult content from spamd(8) man page I found some of the example email addresses and domains in the spamd(8) man page to be somewhat adult in nature. If given the choice, I'd choose to read the man page without the adult content. Here's a patch against -current that replaces the adult examples with cleaner alternatives. Would a developer be willing to accept this patch? Thanks, Lewis Index: libexec/spamd/spamd.8 === RCS file: /cvs/src/libexec/spamd/spamd.8,v retrieving revision 1.119 diff -u -p -r1.119 spamd.8 --- libexec/spamd/spamd.8 27 Sep 2012 20:12:32 - 1.119 +++ libexec/spamd/spamd.8 21 Nov 2013 16:50:06 - @@ -415,7 +415,7 @@ For example, if .Pa spamd.alloweddomains contains: .Bd -literal -offset indent -@humpingforjesus.com +@top1marketing.com obtuse.com .Ed .Pp @@ -423,7 +423,7 @@ The following destination addresses .Em would not cause the sending host to be trapped: .Bd -literal -offset indent -beardedcl...@humpingforjesus.com +f...@top1marketing.com b...@obtuse.com b...@snouts.obtuse.com .Ed @@ -432,8 +432,8 @@ However the following addresses .Em would cause the sending host to be trapped: .Bd -literal -offset indent -pe...@apostles.humpingforjesus.com -bigbu...@bofh.ucs.ualberta.ca +cu...@stooges.top1marketing.com +win...@bofh.ucs.ualberta.ca .Ed .Pp A low priority MX IP address may be specified with the - End forwarded message - -- It was the Nicolatians who first coined the separation between lay and clergy.
Re: FAQ 7.3
Yes tmux would be a hack i use it already on sparc64 over ssh. But here the idea was using just vanilla console with the least possible clutter. The idea of fb on console could enable the porting of software like the fbi picture viewer on linux, but if the scrollback gets disabled the loss to me is more than the benefit. Il 21/nov/2013 13:43 Stefan Sperling s...@openbsd.org ha scritto: On Thu, Nov 21, 2013 at 01:05:34PM +0100, Paolo Aglialoro wrote: Hi all, since installing 5.4 release on my amd64 laptop I am enjoying really nice (sun like!) fonts due to the implemented framebuffer for CLI. Unfortunately scrollback with shift+pgup does not work anymore and faq 7.3 does not mention this at all. What should i do to have scrollback again? Btw, to mitigate this fact, is there maybe a mode to determine the geometry of cli framebuffer, like 80x50 or 100x40 etc? Thanks tmux(1) has a scroll-back buffer ('Ctrl-b [' to enter copy mode, use arrow or pgup/pgdown keys to scroll, use 'q' to exit copy mode). Not quite the same, but perhaps that will help you.
Re: Patch to remove adult content from spamd(8) man page
On 2013-11-21 20:04, Gilles Chehade wrote: On Thu, Nov 21, 2013 at 08:02:06PM +0100, za...@gmx.com wrote: Different people have different concepts of morality. I believe it would be better to remove anything that is controversial, for whatever reason -- even if in *my* concept of morality there was nothing wrong with it. I feel offended by those who feel offended about some man page. Maybe we should remove them as they are causing controversy ? A reasonable person is the one who takes into consideration others, among other things. Yes, you can take that defying attitude, but it does not seem very constructive in the context of a community, such as the OpenBSD community, where people are trying to achieve something useful. Bickering about silly things is not constructive at all. The best guideline with regard to similar matters is that of AVOIDING bike shedding issues.
Re: Patch to remove adult content from spamd(8) man page
Different people have different concepts of morality. I believe it would be better to remove anything that is controversial, for whatever reason -- even if in *my* concept of morality there was nothing wrong with it. The people who write code get to decide how they document it. If someone doesn't like it, don't have to use it. They can walk away. But above all, the principle is simple. If such persons use the software, they are BEYOND CRITICISM. Even the manual pages have a disclaimer that makes this clear: .\ THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR .\ IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES .\ OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. .\ IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, .\ INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT .\ NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, .\ DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY .\ THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT .\ (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\ THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. Don't like it? Then walk away. To take this back to the original complaint, being critical of Bob's Charity at writing the software and documentation is UN-CHRISTIAN. Or is it? Is this some fake morality where your sensibilities override the original charity? The complaint is deeply offensive to any sense of right and wrong, in effectively every culture.
BGPd : Announce received prefix to another peer
Hello, I'm trying to re-announce a received subnet from peer A to peer B. Here's what I've done : #peer A neighbor $peer4_IP { remote-as $peer4_AS descr $peer4_NAME local-address $LOCAL_ADDR holdtime20 holdtime min3 announceself set weight 200 set localpref 200 } #peer B neighbor $peer3_IP { remote-as $peer3_AS descr $peer3_NAME multihop2 local-address $LOCAL_ADDR holdtime180 holdtime min3 announceself set localpref 150 } allow to $peer3_IP prefix / /24 prefix that I wan to redistribute to peer A/ prefixlen = 32 set prepend-self 1 Can anybody tell me what's wrong and how I can do that ? Second question : how can I check the route I'm announcing to a neighbor with bgpctl (something like bgpctl show neighbor NEIGH1 advertised-routes) ? Thanks Cédric -- OCEANET --- [AGENCE DU MANS] 7, rue des Frênes ZAC de la Pointe 72190 SARGE LES LE MANS [t] +33 (0)2.43.50.26.50 [f] +33 (0)2.43.72.21.14 [AGENCE D'ANGERS] 5, rue Fleming Angers Technopole 49066 ANGERS [t] +33 (0)2.41.19.28.65 [f] +33 (0)2.52.19.22.00 http://www.oceanet.com http://www.oceanet-telecom.com
Re: Patch to remove adult content from spamd(8) man page
On Thu, Nov 21, 2013, at 11:33 AM, J. Lewis Muir wrote: I found some of the example email addresses and domains in the spamd(8) man page to be somewhat adult in nature. If given the choice, I'd choose to read the man page without the adult content. Here's a patch against -current that replaces the adult examples with cleaner alternatives. Would a developer be willing to accept this patch? The OpenBSD man pages are not a Disney movie. For that matter, neither is most of the rest of the world, or the Internet. If you deal at all with spam on the Internet, you will see far, far worse than that. Actually, even if you somehow manage to not get a single piece of spam, you'll see far worse things from time to time on this mailing list right here. I like bigbu...@bofh.ucs.ualberta.ca and I cannot lie. -- Shawn K. Quinn skqu...@rushpost.com
Re: sound
No, I started sndiod as root. It switched to _sndiod then failed to open audio device I restricted access to. No bugs with sound system. Just limit /dev/audio* to wheel only was a bad idea. Now everything is fine. 21.11.2013, 11:50, Alexandre Ratchov a...@caoua.org: On Thu, Nov 21, 2013 at 06:01:58AM +0400, Alexander Pakhomov wrote: Got it with gdb. I restricted access to /dev/audio* to wheel (tried to restrict anybody else to hear my laptop mic), this causes sndiod to fail after privdrop(). you could start a private sndiod process to get exclusive access to the hardware. First ensure that no programs are using the audio hardware which is exclusive (not even the system sndiod). Then start as a regular user: sndiod -aon your other options then, optionnaly, you could crank to -20 the sndiod process priority with renice(2). -- Alexandre
Re: Patch to remove adult content from spamd(8) man page
On 11/21/13 21:44, J. Lewis Muir wrote: On 11/21/13 2:12 PM, Shawn K. Quinn wrote: On Thu, Nov 21, 2013, at 11:33 AM, J. Lewis Muir wrote: I found some of the example email addresses and domains in the spamd(8) man page to be somewhat adult in nature. If given the choice, I'd choose to read the man page without the adult content. Here's a patch against -current that replaces the adult examples with cleaner alternatives. Would a developer be willing to accept this patch? The OpenBSD man pages are not a Disney movie. For that matter, neither is most of the rest of the world, or the Internet. If you deal at all with spam on the Internet, you will see far, far worse than that. Actually, even if you somehow manage to not get a single piece of spam, you'll see far worse things from time to time on this mailing list right here. Hi, Shawn. I understand that, and I'm not trying to tell people how they should talk on a mailing list. But to me documentation for a project like OpenBSD is different. It's not individual people talking however they like to talk. It's well-written text intended for users to read to understand some part of the OpenBSD operating system. I don't know of other OpenBSD user-facing documentation (i.e. website, man pages, etc.) that has off-color (at least to me) content. I'm vegan, but I can cope with this: $ zgrep -rw deadbeef /usr/share/man/ /usr/share/man/man1/perlembed.1:\deadbeef /usr/share/man/man1/perlfaq5.1:\# Pity the poor deadbeef. /usr/share/man/man5/bgpd.conf.5:tcp md5sig key deadbeef /Alexander
Re: FAQ 7.3
On 11/21/2013 09:22 AM, Paolo Aglialoro wrote: Yes tmux would be a hack i use it already on sparc64 over ssh. But here the idea was using just vanilla console with the least possible clutter. The idea of fb on console could enable the porting of software like the fbi picture viewer on linux, but if the scrollback gets disabled the loss to me is more than the benefit. well, if you really don't like it and don't wish to use X, turn off the DRM with UKC and disable inteldrm or disable radeondrm, and your old text mode console will be back. And X will be broke. As you are running on a laptop, I'd suspect the lack of X will be a far bigger showstopper. Personally, I happily trade the scrollback for the better than 80x25 text mode (80x25 is so..1970s), and use tmux or an xterm if I want scrollback. But yes, faq7.3 (among others...DRM has complicated much of this page!) needs to be updated (oops). Nick. Il 21/nov/2013 13:43 Stefan Sperling s...@openbsd.org ha scritto: On Thu, Nov 21, 2013 at 01:05:34PM +0100, Paolo Aglialoro wrote: Hi all, since installing 5.4 release on my amd64 laptop I am enjoying really nice (sun like!) fonts due to the implemented framebuffer for CLI. Unfortunately scrollback with shift+pgup does not work anymore and faq 7.3 does not mention this at all. What should i do to have scrollback again? Btw, to mitigate this fact, is there maybe a mode to determine the geometry of cli framebuffer, like 80x50 or 100x40 etc? Thanks tmux(1) has a scroll-back buffer ('Ctrl-b [' to enter copy mode, use arrow or pgup/pgdown keys to scroll, use 'q' to exit copy mode). Not quite the same, but perhaps that will help you.
Gnome 3.10 on current
Hello I've decided to give gnome 3.10 a shot in the latest current snapshot. Here are some of the issues big and small I've encountered: 1- gdm fails to start, or better it starts but the frowny face comes up saying that there's been an error and to logout. After that it either goes to a black s creen with a pointer or cycles some more times before going to a blacks creen. 2- when running gnome session ps | aux reports apmd not running anymore even if started at boot, trying to start it with apmd -d shows that /dev/apmctl is alre ady in use (I assume it's been used by the instance started at boot), sysctl hw.setperf is always =100 while gnome is running. After gnome-session closed I cou ld then see apmd running but I had to restart it since setperf was stuck to 100. 3-gnome-session crashes randomly 4-I could not get video thumbnails to work (but really this didn't matter much given the other issues). Here are my dmesg and part of /var/log/messages. OpenBSD 5.4-current (GENERIC.MP) #155: Wed Nov 20 12:24:39 MST 2013 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 7993376768 (7623MB) avail mem = 7772450816 (7412MB) mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xe9550 (52 entries) bios0: vendor American Megatrends Inc. version F3 date 09/28/2012 bios0: Gigabyte Technology Co., Ltd. F2A55M-DS2 acpi0 at bios0: rev 2 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP APIC FPDT MCFG MSDM HPET MSDM IFEU SSDT SSDT IVRS CRAT BGRT acpi0: wakeup devices SBAZ(S4) PS2K(S3) PS2M(S3) P0PC(S4) OHC1(S4) EHC1(S4) OHC2(S4) EHC2(S4) OHC3(S4) EHC3(S4) OHC4(S4) XHC0(S4) XHC1(S4) PE20(S4) PE21(S4) PE22(S4) [...] acpitimer0 at acpi0: 3579545 Hz, 32 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 16 (boot processor) cpu0: AMD A8-6600K APU with Radeon(tm) HD Graphics , 3893.46 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,POPCNT,AES,XSAVE,AVX,F16C,NXE,MMXX,FFXSR,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,XOP,SKINIT,WDT,FMA4,NODEID,TBM,TOPEXT,ITSC,BMI1 cpu0: 64KB 64b/line 2-way I-cache, 16KB 64b/line 4-way D-cache, 2MB 64b/line 16-way L2 cache cpu0: ITLB 48 4KB entries fully associative, 24 4MB entries fully associative cpu0: DTLB 64 4KB entries fully associative, 64 4MB entries fully associative cpu0: smt 0, core 0, package 0 cpu0: apic clock running at 99MHz cpu0: mwait min=64, max=64, C-substates=0.0.0.0.0, IBE cpu1 at mainbus0: apid 17 (application processor) cpu1: AMD A8-6600K APU with Radeon(tm) HD Graphics , 1930.85 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,POPCNT,AES,XSAVE,AVX,F16C,NXE,MMXX,FFXSR,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,XOP,SKINIT,WDT,FMA4,NODEID,TBM,TOPEXT,ITSC,BMI1 cpu1: 64KB 64b/line 2-way I-cache, 16KB 64b/line 4-way D-cache, 2MB 64b/line 16-way L2 cache cpu1: ITLB 48 4KB entries fully associative, 24 4MB entries fully associative cpu1: DTLB 64 4KB entries fully associative, 64 4MB entries fully associative cpu1: smt 0, core 1, package 0 cpu2 at mainbus0: apid 18 (application processor) cpu2: AMD A8-6600K APU with Radeon(tm) HD Graphics , 1930.80 MHz cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,POPCNT,AES,XSAVE,AVX,F16C,NXE,MMXX,FFXSR,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,XOP,SKINIT,WDT,FMA4,NODEID,TBM,TOPEXT,ITSC,BMI1 cpu2: 64KB 64b/line 2-way I-cache, 16KB 64b/line 4-way D-cache, 2MB 64b/line 16-way L2 cache cpu2: ITLB 48 4KB entries fully associative, 24 4MB entries fully associative cpu2: DTLB 64 4KB entries fully associative, 64 4MB entries fully associative cpu2: smt 0, core 2, package 0 cpu3 at mainbus0: apid 19 (application processor) cpu3: AMD A8-6600K APU with Radeon(tm) HD Graphics , 1930.83 MHz cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,POPCNT,AES,XSAVE,AVX,F16C,NXE,MMXX,FFXSR,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,XOP,SKINIT,WDT,FMA4,NODEID,TBM,TOPEXT,ITSC,BMI1 cpu3: 64KB 64b/line 2-way I-cache, 16KB 64b/line 4-way D-cache, 2MB 64b/line 16-way L2 cache cpu3: ITLB 48 4KB entries fully associative, 24 4MB entries fully associative cpu3: DTLB 64 4KB entries fully associative, 64 4MB entries fully associative cpu3: smt 0, core 3, package 0 ioapic0 at mainbus0: apid 5 pa 0xfec0, version 21, 24 pins acpimcfg0 at acpi0 addr 0xe000, bus 0-255 acpihpet0 at acpi0: 14318180 Hz acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 4 (P0PC) acpiprt2 at acpi0: bus -1 (PE20) acpiprt3 at acpi0: bus -1 (PE21) acpiprt4 at acpi0: bus -1 (PE22)
Re: Relayd on FreeBSD crashing
Since this is an OpenBSD mailing list I recommend you build an OpenBSD system and run intree relayd, otherwise see below. Does FreeBSD have a ports mailing list? If so I would recommend you posting your issue there. You could also try to contact the FreeBSD relayd ports maintainer. On Thu, 21 Nov 2013, ILIAS BERTSIMAS wrote: Hello, We recently upgraded to the latest port version of relayd for FreeBSD 9.1 RELEASE-p7 and it started crashing unexpectedly. We had no issues with the older version and it was running stable for more than a year. The only thing in the logs is that: Nov 21 09:19:09 lb1 kernel: pid 20098 (relayd), uid 913: exited on signal 10 Nov 21 09:19:15 lb1 kernel: Limiting open port RST response from 201 to 200 packets/sec Nov 21 09:37:26 lb1 kernel: pid 20792 (relayd), uid 913: exited on signal 11 Nov 21 10:26:18 lb1 kernel: pid 23162 (relayd), uid 913: exited on signal 10 We upgraded for the new load balancing algorithms which we did not even start using yet.
Re: BGP changes to support CARP better
On 15/11/13 16:50, Adam Thompson wrote: On 13-11-15 04:17 AM, Andy wrote: On 12/11/13 05:48, Chris Cappuccio wrote: Two BGP sessions from different IPs (no CARP) BGP next-hop pointing to CARP-protected IP Hi Chris, This sounds good.. Could you clarify further? I can clarify for him, see below. (Apologies if he's already done it - I'm on the daily digest.) Setup eBGP to the Transit router on both OBSD boxes using physical IPs, and iBGP between the OBSD routers. Got that working fine without 'depends on' (don't want the BGP teardown/setup delay. Yup. How are you configuring the BGP next-hop to the CARP IP?? match to x.x.x.x set nexthop x.x.x.x allow from any allow to any Hi Adam, The problem is to do with ensuring inbound packets always go to the CARP master. That's what set nexthop does in BGP - it tells the *other* router what to use for its nexthop. Hi, I have observed some strangeness with this! :( I have two OpenBSD firewalls running in a CARP pair. Each firewall in the pair has a single eBGP neighbor with the same single Cisco router using its physical IP with no 'depends on' statement. I have added the following line to /etc/bgp.conf on both firewalls; match to 170.16.3.1 set nexthop 170.16.3.4 NB; 170.16.3.1 is the Cisco router and 170.16.3.4 is the CARP IP of the firewall pair. If I start BGP on FW1 (master), the announced network seen in the Cisco has a nexthop = the physical IP and not the CARP IP :( If I start BGP on FW2 (backup), the announced network seen in the Cisco has a nexthop = the CARP IP :) Hmm, strange.. Maybe something is wrong with the master config I thought, but lets just try switching CARP first. So I stopped OpenBGPd on both and swapped the CARP master to be the other firewall etc. If I start BGP on FW1 (backup), the announced network seen in the Cisco has a nexthop = the CARP IP :) If I start BGP on FW2 (master), the announced network seen in the Cisco has a nexthop = the physical IP and not the CARP IP :( This is really strange! It seems that only the CARP backup sets the nexthop properly. Just for kicks, I shut down BGP on both and restarted BGPd on just the backup. Cisco shows one route via the CARP IP as wanted. I then swapped the CARP master again, and started BGP on the other firewall (just made backup). And now the Cisco shows two routes both via the CARP IP... This is what we want all the time. This confirms that if BGP is started when its the backup it works, but if its started when its the master, its the nexthop is the physical IP? Any thoughts as I'm lost.. This is just strange! Cheers, Andy. 'match to X.X.X.161 set nexthop X.X.X.162' Wouldn't this only mean that the outbound packets would egress to the transit via the CARP IP? Its the inbound control that's needed. Nope. It's actually much more difficult to control the egress IP, AFAIK. I was thinking about using ifstatd to dynamically change the MED / path prepending based on the CARP status, rather than trying to force which router is master. Experience says that fail-overs happen for many reasons (probably once every couple of months), but so far never because the master is actually dead, which means BGP will pretty much always be left running on the old master (unless ifstatd does something to it).. With 'set nexthop', it's OK if the old BGP session stays up - packets will always come inbound to the CARP master. You don't need to do anything to bgpd or routing tables on the old box. What you *might* have to do is use ifstated(8) to ensure that the LAN carp(4) interface always stays in sync with the WAN carp(4) interface. (i.e. router #1 being master for inside-facing while #2 is master for outside-facing will break pf(4).) I just can't seem to figure out a true clean way of doing this without configuring multiple BGP attributes in OpenBGPd based on CARP status :( I think that's only because you had the wrong end of the stick for the nexthop attribute. PS; For inbound path control which would you recommend? MED or padding the AS path? I.e. is one potentially more responsive than another.. Neither! Just set nexthop appropriately.
Re: carp+pfsync+relayd question
Hello list, painfully i had to migrate the relayd service to a linux boxes with piranha until find the issue that caused relayd exit unexpectedly. So if someone want to make some smoke test to find the issue, please tellme. Best regads, Leonardo Saludos.- Leonardo Santagostini http://ar.linkedin.com/in/santagostini 2013/11/18 Leonardo Santagostini lsantagost...@gmail.com Hello all, unfortunally i have to setup a cron entry that bounce relayd. Here the log that show how relayd stopped working Nov 18 18:34:55 v-arcbabalancer01 relayd[20347]: relay relay5, session 1961 (54 active), 0, 200.16.99.232 - 172.19.224.71:80, done Nov 18 18:34:55 v-arcbabalancer01 relayd[28629]: relay relay4, session 1959 (40 active), 0, 201.251.221.57 - 172.19.224.72:80, done Nov 18 18:34:55 v-arcbabalancer01 relayd[13074]: relay relay4, session 1990 (61 active), 0, 190.189.189.171 - 172.19.224.70:80, done Nov 18 18:34:55 v-arcbabalancer01 relayd[24546]: relay exiting, pid 24546 Nov 18 18:34:55 v-arcbabalancer01 relayd[13924]: relay relay4, session 1883 (43 active), 0, 190.228.28.250 - :0, buffer event timeout Nov 18 18:34:55 v-arcbabalancer01 relayd[27128]: relay relay4, session 2063 (49 active), 0, 201.255.217.232 - 172.19.224.71:80, done Nov 18 18:34:55 v-arcbabalancer01 relayd[24551]: pfe exiting, pid 24551 Nov 18 18:34:55 v-arcbabalancer01 relayd[3602]: hce exiting, pid 3602 Nov 18 18:34:55 v-arcbabalancer01 relayd[13924]: relay relay4, session 1964 (43 active), 0, 190.12.181.160 - 172.19.224.73:80, done Nov 18 18:34:55 v-arcbabalancer01 relayd[17688]: relay relay4, session 2080 (49 active), 0, 186.126.250.165 - 172.19.224.72:80, done Nov 18 18:34:55 v-arcbabalancer01 relayd[28629]: relay relay5, session 1891 (39 active), 0, 190.179.204.226 - :0, buffer event timeout Nov 18 18:34:55 v-arcbabalancer01 relayd[28629]: relay relay4, session 1962 (39 active), 0, 190.189.189.171 - 172.19.224.70:80, done Nov 18 18:34:55 v-arcbabalancer01 relayd[22840]: relay exiting, pid 22840 Nov 18 18:34:55 v-arcbabalancer01 relayd[5545]: relay exiting, pid 5545 Nov 18 18:34:55 v-arcbabalancer01 relayd[1089]: relay exiting, pid 1089 Nov 18 18:34:55 v-arcbabalancer01 relayd[28629]: relay exiting, pid 28629 Nov 18 18:34:55 v-arcbabalancer01 relayd[857]: relay exiting, pid 857 Nov 18 18:34:55 v-arcbabalancer01 relayd[27128]: relay exiting, pid 27128 Nov 18 18:34:55 v-arcbabalancer01 relayd[20347]: relay exiting, pid 20347 Nov 18 18:34:55 v-arcbabalancer01 relayd[13074]: relay exiting, pid 13074 Nov 18 18:34:55 v-arcbabalancer01 relayd[7637]: relay exiting, pid 7637 Nov 18 18:34:55 v-arcbabalancer01 relayd[8449]: relay exiting, pid 8449 Nov 18 18:34:55 v-arcbabalancer01 relayd[30009]: relay exiting, pid 30009 Nov 18 18:34:55 v-arcbabalancer01 relayd[13924]: relay exiting, pid 13924 Nov 18 18:34:55 v-arcbabalancer01 relayd[4542]: relay exiting, pid 4542 Nov 18 18:34:55 v-arcbabalancer01 relayd[13505]: parent terminating, pid 13505 Nov 18 18:39:11 v-arcbabalancer01 puppet-agent[20912]: Finished catalog run in 2.59 seconds Nov 18 18:58:04 v-arcbabalancer01 relayd[9964]: startup Best regards, yours Saludos.- Leonardo Santagostini http://ar.linkedin.com/in/santagostini 2013/11/18 Leonardo Santagostini lsantagost...@gmail.com Hello Jan, thanks for answering. The point was with booting without bsd.mp, now box rebooted and showing 4 procs =) By now, all is working fine. Thank for all your support. I will keep you all informed how things are going. Best regards Saludos.- Leonardo Santagostini http://ar.linkedin.com/in/santagostini 2013/11/18 Jan Lambertz jd.arb...@googlemail.com qemu-kvm ...-smp sockets=2 ... solved it for me. What qemu version an build are you using ? Am 14.11.2013 18:47 schrieb Leonardo Santagostini lsantagost...@gmail.com : Thanks a lot to all, i will give it a try and gives tou you feedback as soon as it get implemented. Saludos.- Leonardo Santagostini http://ar.linkedin.com/in/santagostini 2013/11/14 Andy a...@brandwatch.com On 14/11/13 15:21, Leonardo Santagostini wrote: Hello misc, Im doing my final approach to put a production system with carp+pfsync+relayd on production. The point is that im facing some trouble setting more than one ip alias address with different vhid and different passwd. So, this is the scenario. Im trying to relayd more or less 15 sites so i have conceptual doubts. 1) is it nesessary to create one carp interface for each one of my internals VIP address 2) my understanding is that i have to work with pf on my carp interfaces. I have tried to put two different VIP's on my carp, but whitout lucky. Here is the homework. [root@server ~]# uname -a OpenBSD server.internaldomain.com 5.4 GENERIC#37 amd64 [root@server ~]# [root@server ~]# cat /etc/hostname.em0 inet 172.19.224.180 255.255.255.0
Re: Patch to remove adult content from spamd(8) man page
On 11/21/13 2:12 PM, Shawn K. Quinn wrote: On Thu, Nov 21, 2013, at 11:33 AM, J. Lewis Muir wrote: I found some of the example email addresses and domains in the spamd(8) man page to be somewhat adult in nature. If given the choice, I'd choose to read the man page without the adult content. Here's a patch against -current that replaces the adult examples with cleaner alternatives. Would a developer be willing to accept this patch? The OpenBSD man pages are not a Disney movie. For that matter, neither is most of the rest of the world, or the Internet. If you deal at all with spam on the Internet, you will see far, far worse than that. Actually, even if you somehow manage to not get a single piece of spam, you'll see far worse things from time to time on this mailing list right here. Hi, Shawn. I understand that, and I'm not trying to tell people how they should talk on a mailing list. But to me documentation for a project like OpenBSD is different. It's not individual people talking however they like to talk. It's well-written text intended for users to read to understand some part of the OpenBSD operating system. I don't know of other OpenBSD user-facing documentation (i.e. website, man pages, etc.) that has off-color (at least to me) content. Thanks, Lewis
Re: Patch to remove adult content from spamd(8) man page
On Thu, Nov 21, 2013, at 01:51 PM, J. Lewis Muir wrote: I was just wishing I didn't have to read a few examples that to me were off-color. Honestly, those examples are no worse than 'Gnomovision' (which makes passes at compilers). You haven't begun to see off-color until you've seen some of the spam out there. To me it was requesting a small improvement to the documentation, for which I did the work and submitted a patch. I was hoping it wouldn't really matter much to anyone, and then I wouldn't be bothered by the examples anymore. It's good you submitted a patch. But apparently it does matter a whole lot to some people, and honestly, to me it's the principle of the thing more than anything else. You really want to see off-color? Run these two commands. Prepare to faint. $ find /usr/src -type f | xargs grep -w fuck $ find /usr/src -type f | xargs grep -w shit -- Shawn K. Quinn skqu...@rushpost.com
Re: Patch to remove adult content from spamd(8) man page
On 11/21/13 20:51, J. Lewis Muir wrote: I do like the software; that's why I was reading about it. And I like the documentation too; I think it's very good. I was not intending to be critical of the documentation; rather, I was just wishing I didn't have to read a few examples that to me were off-color. To me it was requesting a small improvement to the documentation, for which I did the work and submitted a patch. I was hoping it wouldn't really matter much to anyone, and then I wouldn't be bothered by the examples anymore. Hi J, You expressed your feelings. I don't agree, but that's fine. You submitted a diff. That's good. Talk is cheap, etc. However, as you noticed, it just won't happen. Case closed. /Alexander
Re: Patch to remove adult content from spamd(8) man page
2013/11/21 J. Lewis Muir jlm...@imca-cat.org On 11/21/13 12:23 PM, Nick Holland wrote: Stuff like this is part of the fun for people developing OpenBSD (and hopefully, fun for some of the users). Please understand that we don't want anyone to take away our fun. Hi, Nick. I understand the concept of fun within a project, and I'm all for that; I'm not trying to take away fun. However, I find this particular fun to be vulgar and would rather not read it in documentation if possible. If you work with mail servers and try to stop spam and _that_ offends you, you will be in for a treat. That is _peanuts_ compared to the content of the spam you are supposed to filter out. -- May the most significant bit of your life be positive.
Re: Patch to remove adult content from spamd(8) man page
On 21/11/13 2:15 PM, za...@gmx.com wrote: On 2013-11-21 20:04, Gilles Chehade wrote: On Thu, Nov 21, 2013 at 08:02:06PM +0100, za...@gmx.com wrote: Different people have different concepts of morality. I believe it would be better to remove anything that is controversial, for whatever reason -- even if in *my* concept of morality there was nothing wrong with it. I feel offended by those who feel offended about some man page. Maybe we should remove them as they are causing controversy ? A reasonable person is the one who takes into consideration others, among other things. Yes, you can take that defying attitude, but it does not seem very constructive in the context of a community, such as the OpenBSD community, where people are trying to achieve something useful. Bickering about silly things is not constructive at all. The best guideline with regard to similar matters is that of AVOIDING bike shedding issues. This is a useless discussion about silly things and is not constructive at all. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Re: Patch to remove adult content from spamd(8) man page
Shawn K. Quinn [skqu...@rushpost.com] wrote: $ find /usr/src -type f | xargs grep -w fuck $ find /usr/src -type f | xargs grep -w shit find -type f ? How about just grep -r ?
Re: Patch to remove adult content from spamd(8) man page
On Thu, Nov 21, 2013 at 11:33 AM, J. Lewis Muir jlm...@imca-cat.org wrote: I found some of the example email addresses and domains in the spamd(8) man page to be somewhat adult in nature. If given the choice, I'd choose to read the man page without the adult content. Here's a patch against -current that replaces the adult examples with cleaner alternatives. Would a developer be willing to accept this patch? Thanks, Lewis Index: libexec/spamd/spamd.8 === RCS file: /cvs/src/libexec/spamd/spamd.8,v retrieving revision 1.119 diff -u -p -r1.119 spamd.8 --- libexec/spamd/spamd.8 27 Sep 2012 20:12:32 - 1.119 +++ libexec/spamd/spamd.8 21 Nov 2013 16:50:06 - @@ -415,7 +415,7 @@ For example, if .Pa spamd.alloweddomains contains: .Bd -literal -offset indent -@humpingforjesus.com +@top1marketing.com I'd prefer to read the man page without encountering references to top1marketing. Widely-appreciated humor is a difficult thing to construct; however, referencing the Stooges is a good start.
Patch to remove adult content from spamd(8) man page
I found some of the example email addresses and domains in the spamd(8) man page to be somewhat adult in nature. If given the choice, I'd choose to read the man page without the adult content. Here's a patch against -current that replaces the adult examples with cleaner alternatives. Would a developer be willing to accept this patch? Thanks, Lewis Index: libexec/spamd/spamd.8 === RCS file: /cvs/src/libexec/spamd/spamd.8,v retrieving revision 1.119 diff -u -p -r1.119 spamd.8 --- libexec/spamd/spamd.8 27 Sep 2012 20:12:32 - 1.119 +++ libexec/spamd/spamd.8 21 Nov 2013 16:50:06 - @@ -415,7 +415,7 @@ For example, if .Pa spamd.alloweddomains contains: .Bd -literal -offset indent -@humpingforjesus.com +@top1marketing.com obtuse.com .Ed .Pp @@ -423,7 +423,7 @@ The following destination addresses .Em would not cause the sending host to be trapped: .Bd -literal -offset indent -beardedcl...@humpingforjesus.com +f...@top1marketing.com b...@obtuse.com b...@snouts.obtuse.com .Ed @@ -432,8 +432,8 @@ However the following addresses .Em would cause the sending host to be trapped: .Bd -literal -offset indent -pe...@apostles.humpingforjesus.com -bigbu...@bofh.ucs.ualberta.ca +cu...@stooges.top1marketing.com +win...@bofh.ucs.ualberta.ca .Ed .Pp A low priority MX IP address may be specified with the
Re: BGP changes to support CARP better
(Apologies for top-posting) I've seen the same thing, but I assumed I'd made a mistake somewhere. Maybe not. -Adam Andy a...@brandwatch.com wrote: On 15/11/13 16:50, Adam Thompson wrote: On 13-11-15 04:17 AM, Andy wrote: On 12/11/13 05:48, Chris Cappuccio wrote: Two BGP sessions from different IPs (no CARP) BGP next-hop pointing to CARP-protected IP Hi Chris, This sounds good.. Could you clarify further? I can clarify for him, see below. (Apologies if he's already done it - I'm on the daily digest.) Setup eBGP to the Transit router on both OBSD boxes using physical IPs, and iBGP between the OBSD routers. Got that working fine without 'depends on' (don't want the BGP teardown/setup delay. Yup. How are you configuring the BGP next-hop to the CARP IP?? match to x.x.x.x set nexthop x.x.x.x allow from any allow to any Hi Adam, The problem is to do with ensuring inbound packets always go to the CARP master. That's what set nexthop does in BGP - it tells the *other* router what to use for its nexthop. Hi, I have observed some strangeness with this! :( I have two OpenBSD firewalls running in a CARP pair. Each firewall in the pair has a single eBGP neighbor with the same single Cisco router using its physical IP with no 'depends on' statement. I have added the following line to /etc/bgp.conf on both firewalls; match to 170.16.3.1 set nexthop 170.16.3.4 NB; 170.16.3.1 is the Cisco router and 170.16.3.4 is the CARP IP of the firewall pair. If I start BGP on FW1 (master), the announced network seen in the Cisco has a nexthop = the physical IP and not the CARP IP :( If I start BGP on FW2 (backup), the announced network seen in the Cisco has a nexthop = the CARP IP :) Hmm, strange.. Maybe something is wrong with the master config I thought, but lets just try switching CARP first. So I stopped OpenBGPd on both and swapped the CARP master to be the other firewall etc. If I start BGP on FW1 (backup), the announced network seen in the Cisco has a nexthop = the CARP IP :) If I start BGP on FW2 (master), the announced network seen in the Cisco has a nexthop = the physical IP and not the CARP IP :( This is really strange! It seems that only the CARP backup sets the nexthop properly. Just for kicks, I shut down BGP on both and restarted BGPd on just the backup. Cisco shows one route via the CARP IP as wanted. I then swapped the CARP master again, and started BGP on the other firewall (just made backup). And now the Cisco shows two routes both via the CARP IP... This is what we want all the time. This confirms that if BGP is started when its the backup it works, but if its started when its the master, its the nexthop is the physical IP? Any thoughts as I'm lost.. This is just strange! Cheers, Andy. 'match to X.X.X.161 set nexthop X.X.X.162' Wouldn't this only mean that the outbound packets would egress to the transit via the CARP IP? Its the inbound control that's needed. Nope. It's actually much more difficult to control the egress IP, AFAIK. I was thinking about using ifstatd to dynamically change the MED / path prepending based on the CARP status, rather than trying to force which router is master. Experience says that fail-overs happen for many reasons (probably once every couple of months), but so far never because the master is actually dead, which means BGP will pretty much always be left running on the old master (unless ifstatd does something to it).. With 'set nexthop', it's OK if the old BGP session stays up - packets will always come inbound to the CARP master. You don't need to do anything to bgpd or routing tables on the old box. What you *might* have to do is use ifstated(8) to ensure that the LAN carp(4) interface always stays in sync with the WAN carp(4) interface. (i.e. router #1 being master for inside-facing while #2 is master for outside-facing will break pf(4).) I just can't seem to figure out a true clean way of doing this without configuring multiple BGP attributes in OpenBGPd based on CARP status :( I think that's only because you had the wrong end of the stick for the nexthop attribute. PS; For inbound path control which would you recommend? MED or padding the AS path? I.e. is one potentially more responsive than another.. Neither! Just set nexthop appropriately.
Re: Haswell/Iris Pro 5200 protection fault trap
Just for the record - there seems to some feature to power down or up the display audio device (azalia0) to be invoked in the protection fault trap. Connecting a display panel to the external HDMI port seems to help azalia0 through the cold boot. Inspired by off-list and Windows device manager warning for that device. OpenBSD 5.4-current (GENERIC.MP) #0: Thu Nov 21 18:14:17 CET 2013 r...@smartie.doris.net:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 8489422848 (8096MB) avail mem = 8255299584 (7872MB) mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xeb270 (35 entries) bios0: vendor American Megatrends Inc. version 4.6.5 date 08/13/2013 bios0: Notebook W740SU acpi0 at bios0: rev 2 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP APIC FPDT SSDT SSDT SSDT MCFG HPET SSDT SSDT DMAR acpi0: wakeup devices PXSX(S4) RP01(S4) PXSX(S4) RP02(S4) PXSX(S4) RP03(S4) PXSX(S4) RP04(S4) PXSX(S4) RP05(S4) PXSX(S4) RP06(S4) PXSX(S4) RP07(S4) PXSX(S4) RP08(S4) [...] acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Core(TM) i7-4750HQ CPU @ 2.00GHz, 1995.69 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID cpu0: 256KB 64b/line 8-way L2 cache cpu0: smt 0, core 0, package 0 cpu0: apic clock running at 99MHz cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4, IBE cpu1 at mainbus0: apid 2 (application processor) cpu1: Intel(R) Core(TM) i7-4750HQ CPU @ 2.00GHz, 1995.38 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID cpu1: 256KB 64b/line 8-way L2 cache cpu1: smt 0, core 1, package 0 cpu2 at mainbus0: apid 4 (application processor) cpu2: Intel(R) Core(TM) i7-4750HQ CPU @ 2.00GHz, 1995.38 MHz cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID cpu2: 256KB 64b/line 8-way L2 cache cpu2: smt 0, core 2, package 0 cpu3 at mainbus0: apid 6 (application processor) cpu3: Intel(R) Core(TM) i7-4750HQ CPU @ 2.00GHz, 1995.38 MHz cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID cpu3: 256KB 64b/line 8-way L2 cache cpu3: smt 0, core 3, package 0 cpu4 at mainbus0: apid 1 (application processor) cpu4: Intel(R) Core(TM) i7-4750HQ CPU @ 2.00GHz, 1995.38 MHz cpu4: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID cpu4: 256KB 64b/line 8-way L2 cache cpu4: smt 1, core 0, package 0 cpu5 at mainbus0: apid 3 (application processor) cpu5: Intel(R) Core(TM) i7-4750HQ CPU @ 2.00GHz, 1995.38 MHz cpu5: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID cpu5: 256KB 64b/line 8-way L2 cache cpu5: smt 1, core 1, package 0 cpu6 at mainbus0: apid 5 (application processor) cpu6: Intel(R) Core(TM) i7-4750HQ CPU @ 2.00GHz, 1995.38 MHz cpu6: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID cpu6: 256KB 64b/line 8-way L2 cache cpu6: smt 1, core 2, package 0 cpu7 at mainbus0: apid 7 (application processor) cpu7: Intel(R) Core(TM) i7-4750HQ CPU @ 2.00GHz, 1995.38 MHz cpu7:
Re: Patch to remove adult content from spamd(8) man page
On 21 Nov 2013, at 21:04, Gilles Chehade gil...@poolp.org wrote: On Thu, Nov 21, 2013 at 08:02:06PM +0100, za...@gmx.com wrote: Different people have different concepts of morality. I believe it would be better to remove anything that is controversial, for whatever reason -- even if in *my* concept of morality there was nothing wrong with it. I feel offended by those who feel offended about some man page. Maybe we should remove them as they are causing controversy ? Amen! [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Re: Patch to remove adult content from spamd(8) man page
On 11/21/13 12:23 PM, Nick Holland wrote: Stuff like this is part of the fun for people developing OpenBSD (and hopefully, fun for some of the users). Please understand that we don't want anyone to take away our fun. Hi, Nick. I understand the concept of fun within a project, and I'm all for that; I'm not trying to take away fun. However, I find this particular fun to be vulgar and would rather not read it in documentation if possible. Too bad. You can use other software. I decided to make a guess as to the region you are from. I guessed right. That kind of attitude is largely extinct, and remains in only a few backwards regions of the planet. Your request is ridiculous. I'm going to go out on a limb and point these pages out: http://en.wikipedia.org/wiki/Lemont,_Illinois http://en.wikipedia.org/wiki/Prude We'll probably get a complaint from Saudia Arabia next about a time related man page...
Re: Patch to remove adult content from spamd(8) man page
Different people have different concepts of morality. I believe it would be better to remove anything that is controversial, for whatever reason -- even if in *my* concept of morality there was nothing wrong with it.
Re: Patch to remove adult content from spamd(8) man page
On 11/21/13 12:23 PM, Nick Holland wrote: Stuff like this is part of the fun for people developing OpenBSD (and hopefully, fun for some of the users). Please understand that we don't want anyone to take away our fun. Hi, Nick. I understand the concept of fun within a project, and I'm all for that; I'm not trying to take away fun. However, I find this particular fun to be vulgar and would rather not read it in documentation if possible. Thanks, Lewis
Re: BGP changes to support CARP better
Ah, so we have a potential bug here then I'm thinking! After all, why would the setting of nexthop have anything to do with CARP? On Thu 21 Nov 2013 16:14:33 GMT, Adam Thompson wrote: (Apologies for top-posting) I've seen the same thing, but I assumed I'd made a mistake somewhere. Maybe not. -Adam Andy a...@brandwatch.com wrote: On 15/11/13 16:50, Adam Thompson wrote: On 13-11-15 04:17 AM, Andy wrote: On 12/11/13 05:48, Chris Cappuccio wrote: Two BGP sessions from different IPs (no CARP) BGP next-hop pointing to CARP-protected IP Hi Chris, This sounds good.. Could you clarify further? I can clarify for him, see below. (Apologies if he's already done it - I'm on the daily digest.) Setup eBGP to the Transit router on both OBSD boxes using physical IPs, and iBGP between the OBSD routers. Got that working fine without 'depends on' (don't want the BGP teardown/setup delay. Yup. How are you configuring the BGP next-hop to the CARP IP?? match to x.x.x.x set nexthop x.x.x.x allow from any allow to any Hi Adam, The problem is to do with ensuring inbound packets always go to the CARP master. That's what set nexthop does in BGP - it tells the *other* router what to use for its nexthop. Hi, I have observed some strangeness with this! :( I have two OpenBSD firewalls running in a CARP pair. Each firewall in the pair has a single eBGP neighbor with the same single Cisco router using its physical IP with no 'depends on' statement. I have added the following line to /etc/bgp.conf on both firewalls; match to 170.16.3.1 set nexthop 170.16.3.4 NB; 170.16.3.1 is the Cisco router and 170.16.3.4 is the CARP IP of the firewall pair. If I start BGP on FW1 (master), the announced network seen in the Cisco has a nexthop = the physical IP and not the CARP IP :( If I start BGP on FW2 (backup), the announced network seen in the Cisco has a nexthop = the CARP IP :) Hmm, strange.. Maybe something is wrong with the master config I thought, but lets just try switching CARP first. So I stopped OpenBGPd on both and swapped the CARP master to be the other firewall etc. If I start BGP on FW1 (backup), the announced network seen in the Cisco has a nexthop = the CARP IP :) If I start BGP on FW2 (master), the announced network seen in the Cisco has a nexthop = the physical IP and not the CARP IP :( This is really strange! It seems that only the CARP backup sets the nexthop properly. Just for kicks, I shut down BGP on both and restarted BGPd on just the backup. Cisco shows one route via the CARP IP as wanted. I then swapped the CARP master again, and started BGP on the other firewall (just made backup). And now the Cisco shows two routes both via the CARP IP... This is what we want all the time. This confirms that if BGP is started when its the backup it works, but if its started when its the master, its the nexthop is the physical IP? Any thoughts as I'm lost.. This is just strange! Cheers, Andy. 'match to X.X.X.161 set nexthop X.X.X.162' Wouldn't this only mean that the outbound packets would egress to the transit via the CARP IP? Its the inbound control that's needed. Nope. It's actually much more difficult to control the egress IP, AFAIK. I was thinking about using ifstatd to dynamically change the MED / path prepending based on the CARP status, rather than trying to force which router is master. Experience says that fail-overs happen for many reasons (probably once every couple of months), but so far never because the master is actually dead, which means BGP will pretty much always be left running on the old master (unless ifstatd does something to it).. With 'set nexthop', it's OK if the old BGP session stays up - packets will always come inbound to the CARP master. You don't need to do anything to bgpd or routing tables on the old box. What you *might* have to do is use ifstated(8) to ensure that the LAN carp(4) interface always stays in sync with the WAN carp(4) interface. (i.e. router #1 being master for inside-facing while #2 is master for outside-facing will break pf(4).) I just can't seem to figure out a true clean way of doing this without configuring multiple BGP attributes in OpenBGPd based on CARP status :( I think that's only because you had the wrong end of the stick for the nexthop attribute. PS; For inbound path control which would you recommend? MED or padding the AS path? I.e. is one potentially more responsive than another.. Neither! Just set nexthop appropriately.
Re: BGPd : Announce received prefix to another peer
On 2013-11-21, OCEANET - Cédric BASSAGET ced...@oceanet.com wrote: Hello, I'm trying to re-announce a received subnet from peer A to peer B. Here's what I've done : #peer A neighbor $peer4_IP { remote-as $peer4_AS descr $peer4_NAME local-address $LOCAL_ADDR holdtime20 holdtime min3 announceself set weight 200 set localpref 200 } #peer B neighbor $peer3_IP { remote-as $peer3_AS descr $peer3_NAME multihop2 local-address $LOCAL_ADDR holdtime180 holdtime min3 announceself set localpref 150 } allow to $peer3_IP prefix / /24 prefix that I wan to redistribute to peer A/ prefixlen = 32 set prepend-self 1 Can anybody tell me what's wrong and how I can do that ? Second question : how can I check the route I'm announcing to a neighbor with bgpctl (something like bgpctl show neighbor NEIGH1 advertised-routes) ? Thanks C�dric announce self restricts announcements to be only your locally originated prefixes. You need announce all and then filter out the ones you don't want.
Re: FAQ 7.3
On Thu, Nov 21, 2013 at 01:05:34PM +0100, Paolo Aglialoro wrote: Hi all, since installing 5.4 release on my amd64 laptop I am enjoying really nice (sun like!) fonts due to the implemented framebuffer for CLI. Unfortunately scrollback with shift+pgup does not work anymore and faq 7.3 does not mention this at all. What should i do to have scrollback again? Btw, to mitigate this fact, is there maybe a mode to determine the geometry of cli framebuffer, like 80x50 or 100x40 etc? Thanks tmux(1) has a scroll-back buffer ('Ctrl-b [' to enter copy mode, use arrow or pgup/pgdown keys to scroll, use 'q' to exit copy mode). Not quite the same, but perhaps that will help you.
Re: Patch to remove adult content from spamd(8) man page
A reasonable person is the one who takes into consideration others, among other things. Yes, take into consider others, LIKE THE AUTHOR. Who, if you'll notice the copyright notice, is the premier other to be taken into consideration. I see gmx.com and yet you seem to know little of the moral rights of the author? The community standards don't include burning books, which is what removing those comments from his manual page would be equivelant to. Yes, you can take that defying attitude, but it does not seem very constructive in the context of a community, such as the OpenBSD community, where people are trying to achieve something useful. The only person who did something useful, is the author of the software. He wrote it. Everyone else is just a freeloader -- including me, when I use this software. By using his software, I am not achieving anything useful in a community form. I'm just a user. So you are you. Unless I have an improvement to the software written up, I am just a user. Your context of the community sentence equates developers and users in a way similar to calling a tourist walking a sidewalk in a different country as trying to achieve something useful. Oh boy, such massive added value... There is a user community, and a development community. You forget your place -- especially when you reply to gilles, who has written the other major mail-delivery related piece of software in the tree. Bickering about silly things is not constructive at all. The best guideline with regard to similar matters is that of AVOIDING bike shedding issues. Listen to yourself, proud of the complex words you found in a dictionary. context of the community. What a load of uptight bull. You, sir, forgot your place, and should walk away.
Re: FAQ 7.3
What should i do to have scrollback again? Scrollback is currently not supported when running frame buffer display drivers. I am not aware of plans to work on restoring this feature (although it is probably somewhere on my todolist). Btw, to mitigate this fact, is there maybe a mode to determine the geometry of cli framebuffer, like 80x50 or 100x40 etc? Not yet. However, there is work in progress to allow for the console font metrics to be changed at runtime, which would in turn allow different resolutions for the textmode emulation. Soon to hit a source tree near you. Miod
Re: Patch to remove adult content from spamd(8) man page
On 11/21/13 1:11 PM, Theo de Raadt wrote: Different people have different concepts of morality. I believe it would be better to remove anything that is controversial, for whatever reason -- even if in *my* concept of morality there was nothing wrong with it. The people who write code get to decide how they document it. If someone doesn't like it, don't have to use it. They can walk away. But above all, the principle is simple. If such persons use the software, they are BEYOND CRITICISM. Even the manual pages have a disclaimer that makes this clear: .\ THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS .\ OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED .\ WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR .\ PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE .\ FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR .\ CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT .\ OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; .\ OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY .\ OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT .\ (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE .\ USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH .\ DAMAGE. Don't like it? Then walk away. To take this back to the original complaint, being critical of Bob's Charity at writing the software and documentation is UN-CHRISTIAN. Or is it? Is this some fake morality where your sensibilities override the original charity? Hi, Theo. I do like the software; that's why I was reading about it. And I like the documentation too; I think it's very good. I was not intending to be critical of the documentation; rather, I was just wishing I didn't have to read a few examples that to me were off-color. To me it was requesting a small improvement to the documentation, for which I did the work and submitted a patch. I was hoping it wouldn't really matter much to anyone, and then I wouldn't be bothered by the examples anymore. Thanks, Lewis
Re: Patch to remove adult content from spamd(8) man page
On Thu, Nov 21, 2013 at 08:02:06PM +0100, za...@gmx.com wrote: Different people have different concepts of morality. I believe it would be better to remove anything that is controversial, for whatever reason -- even if in *my* concept of morality there was nothing wrong with it. I feel offended by those who feel offended about some man page. Maybe we should remove them as they are causing controversy ? -- Gilles Chehade https://www.poolp.org @poolpOrg
Relayd on FreeBSD crashing
Hello, We recently upgraded to the latest port version of relayd for FreeBSD 9.1 RELEASE-p7 and it started crashing unexpectedly. We had no issues with the older version and it was running stable for more than a year. The only thing in the logs is that: Nov 21 09:19:09 lb1 kernel: pid 20098 (relayd), uid 913: exited on signal 10 Nov 21 09:19:15 lb1 kernel: Limiting open port RST response from 201 to 200 packets/sec Nov 21 09:37:26 lb1 kernel: pid 20792 (relayd), uid 913: exited on signal 11 Nov 21 10:26:18 lb1 kernel: pid 23162 (relayd), uid 913: exited on signal 10 We upgraded for the new load balancing algorithms which we did not even start using yet.
Re: FAQ 7.3
On 11/21/2013 02:31 PM, Miod Vallat wrote: What should i do to have scrollback again? Scrollback is currently not supported when running frame buffer display drivers. I am not aware of plans to work on restoring this feature (although it is probably somewhere on my todolist). Btw, to mitigate this fact, is there maybe a mode to determine the geometry of cli framebuffer, like 80x50 or 100x40 etc? Not yet. However, there is work in progress to allow for the console font metrics to be changed at runtime, which would in turn allow different resolutions for the textmode emulation. Soon to hit a source tree near you. Miod KMS is a very good thing for X company. I'm disappointed that another very useful feature (scrollback) got lost along the way. When things go wrong, especially during stressful operations like reinstall and upgrade configuration files, 24x80 is IMnsHO inadequate and scrollback is really, really useful. At those times tmux or other layers are not easily available - /usr may not be mountable yet, the net is almost certainly off because pf hasn't been configured correctly yet, and it's quite likely there's no other machine around to use for a serial console. Please keep us posted on the font metric changes. 50x would be a lot better but still very much less than the current 100 or more scrollback lines. How early in the boot process would the font metric change capabilities be accessible? Could a boot-time or config option work? I'd be very glad to test and help debug anything in this area. thanks Geoff Steckel
Re: Patch to remove adult content from spamd(8) man page
On Thu, Nov 21, 2013 at 21:47, Alexander Hall wrote: I'm vegan, but I can cope with this: $ zgrep -rw deadbeef /usr/share/man/ /usr/share/man/man1/perlembed.1:\deadbeef /usr/share/man/man1/perlfaq5.1:\# Pity the poor deadbeef. /usr/share/man/man5/bgpd.conf.5:tcp md5sig key deadbeef Don't forget /usr/share/games/fortune/recipes! (Which I notice can also be blamed on Bob. Sensing a pattern here...)