Re: MeteorJS on OpenBSD - has anyone tried?

[Turvamies IT Security Services]

Sorry for not doing my googling. ;)

https://forums.meteor.com/t/openbsd-tester-please/13112/7

- Jyri

xpdf crashes when going fullscreen

[Alessandro DE LAURENZIS]

Dear misc@ readers,

just noticed that xpdf receives a bus error as soon as the fullscreen mode is
activated.  A gdb trace follows, hoping it gives some hints:

GNU gdb 6.3
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "amd64-unknown-openbsd6.0"...(no debugging symbols 
found)

(gdb) run
Starting program: /usr/local/bin/xpdf

Program received signal SIGBUS, Bus error.
0x1693d3cabc78 in XtWindowOfObject () from /usr/X11R6/lib/libXt.so.11.0

-- 
Alessandro DE LAURENZIS
[mailto:jus...@atlantide.t28.net]
LinkedIn: http://it.linkedin.com/in/delaurenzis

MeteorJS on OpenBSD - has anyone tried?

[Turvamies IT Security Services]

Dear everyone,

I'd be curious to know if anyone on this list has investigated the idea
of running MeteorJS on OpenBSD. Did you get it running and if so, would
you be willing to share a walk through?

- Jyri

6.0 Poster Sighting

[patrick keshishian]

22/08/2016 - midday - Southern California, USA

Re: openfiles limit

[Ted Unangst]

Bambero wrote:
> # sysctl kern.nfiles ; fstat | wc -l
> kern.nfiles=2470
> 3594
> 
> What's the difference between kern.nfiles and fstat?

fstat includes the program executable itself and its working directories,
which don't count as open files.

> # getcap -f /etc/login.conf mysqld
> mysqld: :openfiles-cur=128: :openfiles-max=256:
> 
> # su _mysql
> # ulimit -a
> time(cpu-seconds)unlimited
> file(blocks) unlimited
> coredump(blocks) unlimited
> data(kbytes) 33554432
> stack(kbytes)8192
> lockedmem(kbytes)10825182
> memory(kbytes)   32472388
> nofiles(descriptors) 128
> processes1310
> 
> So why mysql is allowed to open more than 256 files:
> 
> # fstat -u _mysql | wc -l
>  998

file limits are per process, not per user.

openfiles limit

[Bambero]

Hi,

Some question about openfiles limit...

I can't understand how openbsd counts open files.

Ex.

# sysctl kern.nfiles ; fstat | wc -l
kern.nfiles=2470
3594

What's the difference between kern.nfiles and fstat?

Secondly, I set class limits for mysql for testing:

# rcctl get mysqld
mysqld_class=mysqld
mysqld_flags=
mysqld_timeout=30
mysqld_user=root

# userinfo _mysql
login   _mysql
passwd  *
uid 502
groups  _mysql
change  NEVER
class   mysqld
gecos   MySQL Account
dir /nonexistent
shell   /sbin/nologin
expire  NEVER

# getcap -f /etc/login.conf mysqld
mysqld: :openfiles-cur=128: :openfiles-max=256:

# su _mysql
# ulimit -a
time(cpu-seconds)unlimited
file(blocks) unlimited
coredump(blocks) unlimited
data(kbytes) 33554432
stack(kbytes)8192
lockedmem(kbytes)10825182
memory(kbytes)   32472388
nofiles(descriptors) 128
processes1310

So why mysql is allowed to open more than 256 files:

# fstat -u _mysql | wc -l
 998

Can anyone help with that?

# uname -a
OpenBSD zeus.apisoft.pl 5.9 GENERIC.MP#1888 amd64

Regards,
Bambero

problem install 5.9 on HP Pro 3130 MT

[thrph]

I had try to install OpenBSD 5.9 on HP Pro 3130 MT, with usb and dvd
media.
The install process stop on message: 
root on rd0a swap on rd0b dump on rd0b

can somebody help me to find a solution?

best regards

em(4) errors on Dell Latitude E5570

[Jan Stary]

This is current/amd64 on a Dell Latitude E5570 (dmesg below).
I am seeing some watchdog errors on the em(4), which is

  em0 at pci0 dev 31 function 6 "Intel I219-LM2" rev 0x31: msi, address [...]

I219 is explicitly mentioned in the em(4) manpage,
but not "I219-LM2".

The problem is that once I disconnect the eternet cable,
and re-connect it again, the em0 will never get a dhcp lease again.
(Upon startup, during boot, em0 configures just fine.)

Once I reconnect the cable, the dhclient will try forever to get
a new lease, but will not succeed, while em(4) starts to say:

Aug 23 22:47:16 dell /bsd: em0: watchdog: head 3 tail 0 TDH 0 TDT 3
Aug 23 22:47:22 dell /bsd: em0: watchdog: head 1 tail 0 TDH 0 TDT 1
Aug 23 22:47:44 dell /bsd: em0: watchdog: head 3 tail 0 TDH 0 TDT 3
Aug 23 22:47:56 dell /bsd: em0: watchdog: head 3 tail 0 TDH 0 TDT 3
Aug 23 22:48:11 dell /bsd: em0: watchdog: head 4 tail 0 TDH 0 TDT 4
Aug 23 22:48:41 dell last message repeated 2 times
Aug 23 22:48:53 dell /bsd: em0: watchdog: head 3 tail 0 TDH 0 TDT 3
Aug 23 22:49:17 dell last message repeated 2 times
Aug 23 22:49:36 dell /bsd: em0: watchdog: head 5 tail 0 TDH 0 TDT 5
Aug 23 22:49:48 dell /bsd: em0: watchdog: head 3 tail 0 TDH 0 TDT 3

netstat -I em0 shows zero Ierrs and zero Oerrs.

I don't know what that message means.
How can I help debug this?

Jan


OpenBSD 6.0-current (GENERIC.MP) #2381: Mon Aug 22 09:19:53 MDT 2016
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 16810340352 (16031MB)
avail mem = 16296390656 (15541MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xeac10 (107 entries)
bios0: vendor Dell Inc. version "1.5.0" date 04/22/2016
bios0: Dell Inc. Latitude E5570
acpi0 at bios0: rev 2
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP APIC FPDT FIDT MCFG HPET SSDT LPIT SSDT SSDT SSDT DBGP 
DBG2 SSDT UEFI SSDT SSDT SLIC ASF!
acpi0: wakeup devices PEGP(S4) PEG0(S4) PEGP(S4) PEG1(S4) PEGP(S4) PEG2(S4) 
UAR1(S3) PXSX(S4) RP09(S4) PXSX(S4) RP10(S4) PXSX(S4) RP11(S4) PXSX(S4) 
RP12(S4) PXSX(S4) [...]
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM) i5-6440HQ CPU @ 2.60GHz, 2295.51 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,SENSOR,ARAT
cpu0: 256KB 64b/line 8-way L2 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
cpu0: apic clock running at 24MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4.1.1.1, IBE
cpu1 at mainbus0: apid 2 (application processor)
cpu1: Intel(R) Core(TM) i5-6440HQ CPU @ 2.60GHz, 2294.65 MHz
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,SENSOR,ARAT
cpu1: 256KB 64b/line 8-way L2 cache
cpu1: smt 0, core 1, package 0
cpu2 at mainbus0: apid 4 (application processor)
cpu2: Intel(R) Core(TM) i5-6440HQ CPU @ 2.60GHz, 2294.65 MHz
cpu2: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,SENSOR,ARAT
cpu2: 256KB 64b/line 8-way L2 cache
cpu2: smt 0, core 2, package 0
cpu3 at mainbus0: apid 6 (application processor)
cpu3: Intel(R) Core(TM) i5-6440HQ CPU @ 2.60GHz, 2294.65 MHz
cpu3: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,SENSOR,ARAT
cpu3: 256KB 64b/line 8-way L2 cache
cpu3: smt 0, core 3, package 0
ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 120 pins
acpimcfg0 at acpi0 addr 0xf000, bus 0-127
acpihpet0 at acpi0: 2399 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus -1 (PEG0)
acpiprt2 at acpi0: bus -1 (PEG1)
acpiprt3 at acpi0: bus 

Re: Carp and VLANs

[Andrew Seguin]

Thank you,

This (having unique VHID) was the solution.

I had considered originally that since each carp device is on its own VLAN,
that would represent a unique broadcast domain and it wouldn't be violating
anything - but without your suggestion I'm not sure I would have gone back
to review that decision.

I'm still a bit curious how it came to that. I did snoop if carp
announcements were leaking from a tagged vlan onto the default network, but
didn't see any sign of that. So maybe it was because the VLANs were riding
on top of the same physical interface... but a lot less important now.

Regards,
Andrew




On Tue, Aug 23, 2016 at 8:34 PM, John Jasen 
wrote:

> All your carp devices have the same VHID. As two share the same network,
> that could cause problems.
>
>
>
>
> On 08/23/2016 01:40 PM, Andrew Seguin wrote:
> > Hi,
> >
> > I'm building up an OpenBSD router/firewall (migrating away from FreeBSD)
> > but have been blocked by a behavior of carp in combination with VLANs
> that
> > I didn't expect or experience before. I'm hoping somebody could enlighten
> > me a little bit about why carp floating IPs stop working when the carp
> > status is master for the physical interface.
> >
> >
> > Originally, there was a pair of FreeBSD systems (FW1 and FW2) where I had
> > no issues with carp managed IPs.
> >
> > At the moment, one system is reinstalled with OpenBSD 5.9 (FW1), the
> other
> > remains with FreeBSD (FW2).
> >
> > The network is setup in such a way that the default vlan (1) is untagged,
> > and this network is for all the network management. All other traffic
> goes
> > over tagged networks. The network switches we have simply work in this
> way
> > and so I can't make vlan 1 also a tagged interface to test the impact of
> > such a configuration.
> >
> > As long as the OpenBSD system is not the master for the default /
> untagged
> > network associated to the physical network interface, the system will
> > accept packets for its CARP IPs.
> >
> > When OpenBSD becomes master for the untagged network, it won't forward or
> > respond (ping) to packets addressed to its floating IP.
> >
> > Configuration files for the physical interface (sk0) and a couple VLANs
> (I
> > run a dozen, but trimmed back to two for the purpose of this mail).
> >
> > # cat /etc/sysctl.conf
> > net.inet.carp.allow=1
> > net.inet.carp.preempt=1
> > net.inet.ip.forwarding=1
> >
> > # cat /etc/hostname.sk0
> >   inet
> > 10.1.0.2 255.255.255.0 NONE description "main link"
> > inet 10.0.0.2 255.255.255.0
> >
> > # cat /etc/hostname.carp1
> > vhid 1 pass password carpdev sk0 advskew 150
> > inet 10.1.0.1 255.255.255.0
> > inet alias 10.0.0.1 255.255.255.0
> >
> > # cat /etc/hostname.vlan10
> > inet 10.10.0.2 255.255.255.0 NONE vlan 10 vlandev sk0 description
> "Printer
> > network"
> >
> > # cat /etc/hostname.carp10
> > vhid 1
> pass
> > password carpdev vlan10 advskew 150
> > inet 10.10.0.1 255.255.255.0
> >
> > # cat /etc/hostname.vlan50
> > inet 10.50.0.2 255.255.255.0 NONE vlan 50 vlandev sk0 description
> "Wireless
> > backbone"
> >
> > # cat /etc/hostname.carp50
> > vhid 1 pass password carpdev vlan50 advskew 150
> > inet 10.50.0.1 255.255.255.0
> >
> >
> > The other system has a similar configuration with the exception that IPs
> > ending in .2 are .3 on FW2 and FW2 has advskew 100.
> >
> >
> > If I make FW1 (OpenBSD) the master for vlan10 and vlan50 (ifconfig carp10
> > advskew 1; ifconfig carp50 advskew) but not for sk0, then it will forward
> > packets between those two networks without problem and ping 10.10.0.1
> works
> > fine.
> >
> > The moment I make it the master for sk0 (ifconfig carp1 advskew 1), it no
> > longer forwards packets (between vlan10 and vlan50, vlan10 and the
> untagged
> > vlan) and it no longer responds to ping for any of the IPs associated to
> > the carp interfaces from external systems (ping 10.10.0.2 works, ping
> > 10.10.0.1 doesn't work) although from the local box it works (ping
> > 10.10.0.1 from FW1 works). Output from ifconfig shows FW1 is the master
> for
> > all interfaces.
> >
> > Throughout, I am able to keep working with the box remotely as long as I
> > logged in via the local subnet IP (ie: from a workstation with IP
> > 10.10.0.50, I can ssh to 10.10.0.2).
> >
> > For testing ... while the FW1 (OpenBSD) is master for all interfaces, I
> > used tcpdump and could see the packets arriving at the system only if I
> > took the dump on sk0 or carp1. No packets show up on vlan10 or carp10 for
> > the box. On vlan10 - I can see all traffic addressed to 10.10.0.2 without
> > problem. On carp10 - I only see the "CARPv2-advertise" and arp
> > request/response packets.
> >
> > To rule things out, I've kept the PF configuration as simple as possible
> > for testing (simply 1 line: "pass").
> >
> > I always made sure that the 

Re: Recent package archives?

[Christian Weisgerber]

"STeve Andre'":

> Does anyone have archives of recent amd64 snapshot packages?
> 
> I blew my aug-09 set away and I'd like libreoffice back.  Anyone?

amd64 libreoffice packages are available again, starting with today's
(2016-08-23) package snapshot.

-- 
Christian "naddy" Weisgerber  na...@mips.inka.de

Re: Carp and VLANs

[John Jasen]

All your carp devices have the same VHID. As two share the same network,
that could cause problems.




On 08/23/2016 01:40 PM, Andrew Seguin wrote:
> Hi,
>
> I'm building up an OpenBSD router/firewall (migrating away from FreeBSD)
> but have been blocked by a behavior of carp in combination with VLANs that
> I didn't expect or experience before. I'm hoping somebody could enlighten
> me a little bit about why carp floating IPs stop working when the carp
> status is master for the physical interface.
>
>
> Originally, there was a pair of FreeBSD systems (FW1 and FW2) where I had
> no issues with carp managed IPs.
>
> At the moment, one system is reinstalled with OpenBSD 5.9 (FW1), the other
> remains with FreeBSD (FW2).
>
> The network is setup in such a way that the default vlan (1) is untagged,
> and this network is for all the network management. All other traffic goes
> over tagged networks. The network switches we have simply work in this way
> and so I can't make vlan 1 also a tagged interface to test the impact of
> such a configuration.
>
> As long as the OpenBSD system is not the master for the default / untagged
> network associated to the physical network interface, the system will
> accept packets for its CARP IPs.
>
> When OpenBSD becomes master for the untagged network, it won't forward or
> respond (ping) to packets addressed to its floating IP.
>
> Configuration files for the physical interface (sk0) and a couple VLANs (I
> run a dozen, but trimmed back to two for the purpose of this mail).
>
> # cat /etc/sysctl.conf
> net.inet.carp.allow=1
> net.inet.carp.preempt=1
> net.inet.ip.forwarding=1
>
> # cat /etc/hostname.sk0
>   inet
> 10.1.0.2 255.255.255.0 NONE description "main link"
> inet 10.0.0.2 255.255.255.0
>
> # cat /etc/hostname.carp1
> vhid 1 pass password carpdev sk0 advskew 150
> inet 10.1.0.1 255.255.255.0
> inet alias 10.0.0.1 255.255.255.0
>
> # cat /etc/hostname.vlan10
> inet 10.10.0.2 255.255.255.0 NONE vlan 10 vlandev sk0 description "Printer
> network"
>
> # cat /etc/hostname.carp10
> vhid 1 pass
> password carpdev vlan10 advskew 150
> inet 10.10.0.1 255.255.255.0
>
> # cat /etc/hostname.vlan50
> inet 10.50.0.2 255.255.255.0 NONE vlan 50 vlandev sk0 description "Wireless
> backbone"
>
> # cat /etc/hostname.carp50
> vhid 1 pass password carpdev vlan50 advskew 150
> inet 10.50.0.1 255.255.255.0
>
>
> The other system has a similar configuration with the exception that IPs
> ending in .2 are .3 on FW2 and FW2 has advskew 100.
>
>
> If I make FW1 (OpenBSD) the master for vlan10 and vlan50 (ifconfig carp10
> advskew 1; ifconfig carp50 advskew) but not for sk0, then it will forward
> packets between those two networks without problem and ping 10.10.0.1 works
> fine.
>
> The moment I make it the master for sk0 (ifconfig carp1 advskew 1), it no
> longer forwards packets (between vlan10 and vlan50, vlan10 and the untagged
> vlan) and it no longer responds to ping for any of the IPs associated to
> the carp interfaces from external systems (ping 10.10.0.2 works, ping
> 10.10.0.1 doesn't work) although from the local box it works (ping
> 10.10.0.1 from FW1 works). Output from ifconfig shows FW1 is the master for
> all interfaces.
>
> Throughout, I am able to keep working with the box remotely as long as I
> logged in via the local subnet IP (ie: from a workstation with IP
> 10.10.0.50, I can ssh to 10.10.0.2).
>
> For testing ... while the FW1 (OpenBSD) is master for all interfaces, I
> used tcpdump and could see the packets arriving at the system only if I
> took the dump on sk0 or carp1. No packets show up on vlan10 or carp10 for
> the box. On vlan10 - I can see all traffic addressed to 10.10.0.2 without
> problem. On carp10 - I only see the "CARPv2-advertise" and arp
> request/response packets.
>
> To rule things out, I've kept the PF configuration as simple as possible
> for testing (simply 1 line: "pass").
>
> I always made sure that the corresponding CARP interfaces were in a backup
> state on FW2 (freebsd) and via tcpdump that packets weren't ending up there
> by some accident of the switches.
>
> I've tried setting the subnet masks for the floating (carp) IP addresses to
> be 255.255.255.255 - didn't change the behavior.
>
> I set net.inet.carp.log=7 - nothing is noted in /var/log/messages beyond
> the transitions (carp1: state transition: BACKUP -> MASTER; MASTER ->
> BACKUP).
>
> Since then, I'm out of ideas what to try and am turning to the mailing list
> for help.
>
> I'm rather new to OpenBSD, but I reviewed the FAQ and searched on google,
> read man pages for carp, ifconfig, hostname.if, etc but didn't get any new
> ideas.
>
> Any ideas or suggestions what else I might look at?
>
> Is this expected behavior or have I overlooked some configuration option?
>
> Thanks in advance,
> Andrew

Carp and VLANs

[Andrew Seguin]

Hi,

I'm building up an OpenBSD router/firewall (migrating away from FreeBSD)
but have been blocked by a behavior of carp in combination with VLANs that
I didn't expect or experience before. I'm hoping somebody could enlighten
me a little bit about why carp floating IPs stop working when the carp
status is master for the physical interface.


Originally, there was a pair of FreeBSD systems (FW1 and FW2) where I had
no issues with carp managed IPs.

At the moment, one system is reinstalled with OpenBSD 5.9 (FW1), the other
remains with FreeBSD (FW2).

The network is setup in such a way that the default vlan (1) is untagged,
and this network is for all the network management. All other traffic goes
over tagged networks. The network switches we have simply work in this way
and so I can't make vlan 1 also a tagged interface to test the impact of
such a configuration.

As long as the OpenBSD system is not the master for the default / untagged
network associated to the physical network interface, the system will
accept packets for its CARP IPs.

When OpenBSD becomes master for the untagged network, it won't forward or
respond (ping) to packets addressed to its floating IP.

Configuration files for the physical interface (sk0) and a couple VLANs (I
run a dozen, but trimmed back to two for the purpose of this mail).

# cat /etc/sysctl.conf
net.inet.carp.allow=1
net.inet.carp.preempt=1
net.inet.ip.forwarding=1

# cat /etc/hostname.sk0
  inet
10.1.0.2 255.255.255.0 NONE description "main link"
inet 10.0.0.2 255.255.255.0

# cat /etc/hostname.carp1
vhid 1 pass password carpdev sk0 advskew 150
inet 10.1.0.1 255.255.255.0
inet alias 10.0.0.1 255.255.255.0

# cat /etc/hostname.vlan10
inet 10.10.0.2 255.255.255.0 NONE vlan 10 vlandev sk0 description "Printer
network"

# cat /etc/hostname.carp10
vhid 1 pass
password carpdev vlan10 advskew 150
inet 10.10.0.1 255.255.255.0

# cat /etc/hostname.vlan50
inet 10.50.0.2 255.255.255.0 NONE vlan 50 vlandev sk0 description "Wireless
backbone"

# cat /etc/hostname.carp50
vhid 1 pass password carpdev vlan50 advskew 150
inet 10.50.0.1 255.255.255.0


The other system has a similar configuration with the exception that IPs
ending in .2 are .3 on FW2 and FW2 has advskew 100.


If I make FW1 (OpenBSD) the master for vlan10 and vlan50 (ifconfig carp10
advskew 1; ifconfig carp50 advskew) but not for sk0, then it will forward
packets between those two networks without problem and ping 10.10.0.1 works
fine.

The moment I make it the master for sk0 (ifconfig carp1 advskew 1), it no
longer forwards packets (between vlan10 and vlan50, vlan10 and the untagged
vlan) and it no longer responds to ping for any of the IPs associated to
the carp interfaces from external systems (ping 10.10.0.2 works, ping
10.10.0.1 doesn't work) although from the local box it works (ping
10.10.0.1 from FW1 works). Output from ifconfig shows FW1 is the master for
all interfaces.

Throughout, I am able to keep working with the box remotely as long as I
logged in via the local subnet IP (ie: from a workstation with IP
10.10.0.50, I can ssh to 10.10.0.2).

For testing ... while the FW1 (OpenBSD) is master for all interfaces, I
used tcpdump and could see the packets arriving at the system only if I
took the dump on sk0 or carp1. No packets show up on vlan10 or carp10 for
the box. On vlan10 - I can see all traffic addressed to 10.10.0.2 without
problem. On carp10 - I only see the "CARPv2-advertise" and arp
request/response packets.

To rule things out, I've kept the PF configuration as simple as possible
for testing (simply 1 line: "pass").

I always made sure that the corresponding CARP interfaces were in a backup
state on FW2 (freebsd) and via tcpdump that packets weren't ending up there
by some accident of the switches.

I've tried setting the subnet masks for the floating (carp) IP addresses to
be 255.255.255.255 - didn't change the behavior.

I set net.inet.carp.log=7 - nothing is noted in /var/log/messages beyond
the transitions (carp1: state transition: BACKUP -> MASTER; MASTER ->
BACKUP).

Since then, I'm out of ideas what to try and am turning to the mailing list
for help.

I'm rather new to OpenBSD, but I reviewed the FAQ and searched on google,
read man pages for carp, ifconfig, hostname.if, etc but didn't get any new
ideas.

Any ideas or suggestions what else I might look at?

Is this expected behavior or have I overlooked some configuration option?

Thanks in advance,
Andrew

Re: motd is missing?

[Otto Moerbeek]

On Tue, Aug 23, 2016 at 03:14:55PM +0200, Christer Solskogen wrote:

> Hi!
> 
> /etc/motd is not displayed on my system anymore when logging in with ssh.
> In sshd_config I see:
> #PrintMotd yes
> 
> But even removing the hashtag (and restarting ssh) it's still not displayed.
> 
> 
> It's not working on
> OpenBSD tugs.antarctica.no 6.0 GENERIC.MP#2383 amd64
> 
> $ cat /etc/motd
> OpenBSD 6.0-current (GENERIC.MP) #2383: Mon Aug 22 17:28:09 MDT 2016
> 
> Welcome to OpenBSD: The proactively secure Unix-like operating system.
> 
> Please use the sendbug(1) utility to report bugs in the system.
> Before reporting a bug, please try to reproduce it with the latest
> version of the code.  With bug reports, please try to ensure that
> enough information to reproduce the problem is enclosed, and if a
> known fix for it exists, include that as well.
> 
> 
> But it works fine on
> OpenBSD hugs.antarctica.no 6.0 GENERIC.MP#2348 amd64
> 
> This might *very* well be that I've done something stupid, but it
> might also be a bug. Anyone else seeing this?
> 
> -- 
> chs

I noted this too. The diff below should fix it.

-Otto

Index: session.c
===
RCS file: /cvs/src/usr.bin/ssh/session.c,v
retrieving revision 1.284
diff -u -p -r1.284 session.c
--- session.c   19 Aug 2016 03:18:06 -  1.284
+++ session.c   23 Aug 2016 14:34:58 -
@@ -505,8 +505,7 @@ do_exec_pty(Session *s, const char *comm
close(ttyfd);
 
/* record login, etc. similar to login(1) */
-   if (command != NULL)
-   do_login(s, command);
+   do_login(s, command);
 
/*
 * Do common processing for the child, such as execing

Re: strange behaviour spamd

[Boudewijn Dijkstra]

Op Thu, 21 Jul 2016 17:34:37 +0200 schreef Markus Rosjat :
I noticed that a trapped ip gets whitelisted when there are still  
greylisted messages. this shouldn't happen when I use the -a -t switches  
to trap the ip or do I miss something here ?


Indeed it shouldn't and since OpenBSD 4.9 it is believed that it doesn't.

http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/libexec/spamd/grey.c.diff?r1=1.49=1.50=h

If it does anyway, then maybe there is a mistake in your configuration or  
your spamlogd is interfering (w/ outgoing mail).



--
Gemaakt met Opera's e-mailprogramma: http://www.opera.com/mail/

motd is missing?

[Christer Solskogen]

Hi!

/etc/motd is not displayed on my system anymore when logging in with ssh.
In sshd_config I see:
#PrintMotd yes

But even removing the hashtag (and restarting ssh) it's still not displayed.


It's not working on
OpenBSD tugs.antarctica.no 6.0 GENERIC.MP#2383 amd64

$ cat /etc/motd
OpenBSD 6.0-current (GENERIC.MP) #2383: Mon Aug 22 17:28:09 MDT 2016

Welcome to OpenBSD: The proactively secure Unix-like operating system.

Please use the sendbug(1) utility to report bugs in the system.
Before reporting a bug, please try to reproduce it with the latest
version of the code.  With bug reports, please try to ensure that
enough information to reproduce the problem is enclosed, and if a
known fix for it exists, include that as well.


But it works fine on
OpenBSD hugs.antarctica.no 6.0 GENERIC.MP#2348 amd64

This might *very* well be that I've done something stupid, but it
might also be a bug. Anyone else seeing this?

-- 
chs