Re: network problem with latest snapshots

2018-10-04 Thread Thanos Tsouanas 
Hello,

I was hoping it could have been some "bad timing" with the snapshots
back then but the problem is still there with the latest snapshot:
this ethernet card cannot work under -current, but works fine under
6.3, and used to work under -current up to july-august (I'm sorry I
can't be more exact).

The dmesg from the **working** (6.3) box:

bge0 at pci3 dev 0 function 0 "Broadcom BCM5761" rev 0x10, BCM5761 A1
(0x5761100), APE firmware DASH 1.54.1.0bge0: APE event 0x00020510 send
timed out
brgphy0 at bge0 phy 1: BCM5761 10/100/1000baseT PHY, rev. 0

Any help on how I can provide further info that might be useful..?

Problem description in the original message:

On Sat, Sep 8, 2018 at 2:45 PM Thanos Tsouanas  wrote:
> So, my box was working fine from a relatively recent snapshot (first
> days of Aug).  Then I upgraded to a snapshot of Sep 5th, and I can no
> longer connect to my local network:
> dhclient responds with "got link" but ends with "no lease", and bge0
> has no IP assigned to it.
> Even if I assign inet IP, netmask, and gateway manually, there is no
> connectivity.
> I cannot ping my gateway (or anything else, for that matter).
> On the other hand, booting with the miniroot63.fs and exiting to
> shell, indeed everything works fine.
> I tried the miniroot64.fs's of 5/sep and the most recent one of 7/sep,
> and both behave the same way.  I believe this is a card-specific
> problem because the same snapshots work fine on a different machine on
> the same network (my laptop for example).
>
> The interface is a bge, and I do get some error messages from the kernel:
>
> APE event 0x... send timed out
>
> But I've always had those error messages with this particular ethernet
> card and never experienced any problems, and when I boot on the
> miniroot63.fs, the same messages appear, but the interface is still
> working fine.
>
> Any help on how to debug this / or how to provide more useful
> information, would be appreciated!

Cheers

-- 
Thanos Tsouanas
http://www.tsouanas.org/

Re: Monitoring system

2018-10-04 Thread Tony Boston 
I am using Icinga2 on all our machines - you'll find it in packages and
the newest version you'll get with OpenBSD 6.4

On 10/05/18 05:09, Tom Smyth wrote:
> Both of of the ones I emailed to you are in ports
> 
> also there is pmmact by the Legend paulo Lucende
> that can aggregate and convert multiple logs to different formats
> worth having a look at that also ...
> On Fri, 5 Oct 2018 at 04:08, Tom Smyth  wrote:
>>
>>
>> Librenms would be worth a look i believe it has email alerting
>> and snmp support needs php and mysql
>> Zabbix   ...havent used this one but it has monitoring functionality ...
>> If you are monitoring alot of systems, make sure your storage can
>> cope with alot of I/O or you will see annoying gaps in your graphs
>> so use SSDs and make sure that when formatting the system
>> that you align with 1MB offset ...  2048 sectors  (instead the default
>> 64 bytes)
>>
>> Peace
>> Tom Smyth
>>
>>
>> On Thu, 4 Oct 2018 at 23:57, flipchan  wrote:
>>>
>>> Greetings all,
>>>
>>> I need to install a monitoring system with email notifications, I have used 
>>> mmonit which is great but it's a little too pricey for personal use.
>>>
>>> Can anyone recommend a open source monitoring system that support email 
>>> notifications and monitoring of multiple hosts running openbsd.
>>>
>>>
>>> Something more modern then nagios would be great, I just need it to work so 
>>> as long as it supports email notifications and monitoring of more then one 
>>> host it's good
>>>
>>>
>>> Thanks in advance
>>>
>>>
>>>
>>> --
>>> Take Care Sincerely flipchan layerprox dev
>>
>>
>>
>> --
>> Kindest regards,
>> Tom Smyth
>>
>> Mobile: +353 87 6193172
>> The information contained in this E-mail is intended only for the
>> confidential use of the named recipient. If the reader of this message
>> is not the intended recipient or the person responsible for
>> delivering it to the recipient, you are hereby notified that you have
>> received this communication in error and that any review,
>> dissemination or copying of this communication is strictly prohibited.
>> If you have received this in error, please notify the sender
>> immediately by telephone at the number above and erase the message
>> You are requested to carry out your own virus check before
>> opening any attachment.
> 
> 
> 

-- 
GPG-KEY: 0x5C5C239D81121B35
GPG-FP:  49CC8250 CDCF2183 6209C1AE 625677C1 F7783D5F
Threema: DN8PJX4Z

Re: Monitoring system

2018-10-04 Thread Tom Smyth 
Both of of the ones I emailed to you are in ports

also there is pmmact by the Legend paulo Lucende
that can aggregate and convert multiple logs to different formats
worth having a look at that also ...
On Fri, 5 Oct 2018 at 04:08, Tom Smyth  wrote:
>
>
> Librenms would be worth a look i believe it has email alerting
> and snmp support needs php and mysql
> Zabbix   ...havent used this one but it has monitoring functionality ...
> If you are monitoring alot of systems, make sure your storage can
> cope with alot of I/O or you will see annoying gaps in your graphs
> so use SSDs and make sure that when formatting the system
> that you align with 1MB offset ...  2048 sectors  (instead the default
> 64 bytes)
>
> Peace
> Tom Smyth
>
>
> On Thu, 4 Oct 2018 at 23:57, flipchan  wrote:
> >
> > Greetings all,
> >
> > I need to install a monitoring system with email notifications, I have used 
> > mmonit which is great but it's a little too pricey for personal use.
> >
> > Can anyone recommend a open source monitoring system that support email 
> > notifications and monitoring of multiple hosts running openbsd.
> >
> >
> > Something more modern then nagios would be great, I just need it to work so 
> > as long as it supports email notifications and monitoring of more then one 
> > host it's good
> >
> >
> > Thanks in advance
> >
> >
> >
> > --
> > Take Care Sincerely flipchan layerprox dev
>
>
>
> --
> Kindest regards,
> Tom Smyth
>
> Mobile: +353 87 6193172
> The information contained in this E-mail is intended only for the
> confidential use of the named recipient. If the reader of this message
> is not the intended recipient or the person responsible for
> delivering it to the recipient, you are hereby notified that you have
> received this communication in error and that any review,
> dissemination or copying of this communication is strictly prohibited.
> If you have received this in error, please notify the sender
> immediately by telephone at the number above and erase the message
> You are requested to carry out your own virus check before
> opening any attachment.



-- 
Kindest regards,
Tom Smyth

Mobile: +353 87 6193172
The information contained in this E-mail is intended only for the
confidential use of the named recipient. If the reader of this message
is not the intended recipient or the person responsible for
delivering it to the recipient, you are hereby notified that you have
received this communication in error and that any review,
dissemination or copying of this communication is strictly prohibited.
If you have received this in error, please notify the sender
immediately by telephone at the number above and erase the message
You are requested to carry out your own virus check before
opening any attachment.

Re: Monitoring system

2018-10-04 Thread Tom Smyth 
Librenms would be worth a look i believe it has email alerting
and snmp support needs php and mysql
Zabbix   ...havent used this one but it has monitoring functionality ...
If you are monitoring alot of systems, make sure your storage can
cope with alot of I/O or you will see annoying gaps in your graphs
so use SSDs and make sure that when formatting the system
that you align with 1MB offset ...  2048 sectors  (instead the default
64 bytes)

Peace
Tom Smyth


On Thu, 4 Oct 2018 at 23:57, flipchan  wrote:
>
> Greetings all,
>
> I need to install a monitoring system with email notifications, I have used 
> mmonit which is great but it's a little too pricey for personal use.
>
> Can anyone recommend a open source monitoring system that support email 
> notifications and monitoring of multiple hosts running openbsd.
>
>
> Something more modern then nagios would be great, I just need it to work so 
> as long as it supports email notifications and monitoring of more then one 
> host it's good
>
>
> Thanks in advance
>
>
>
> --
> Take Care Sincerely flipchan layerprox dev



-- 
Kindest regards,
Tom Smyth

Mobile: +353 87 6193172
The information contained in this E-mail is intended only for the
confidential use of the named recipient. If the reader of this message
is not the intended recipient or the person responsible for
delivering it to the recipient, you are hereby notified that you have
received this communication in error and that any review,
dissemination or copying of this communication is strictly prohibited.
If you have received this in error, please notify the sender
immediately by telephone at the number above and erase the message
You are requested to carry out your own virus check before
opening any attachment.

Re: Performance impact of PF on APU2

2018-10-04 Thread Benjamin Petit 
I am very brave indeed :)
   
  OpenBSD 6.4 (GENERIC.MP) #0: Wed Oct  3 13:49:29 CEST 2018
  hrv...@r620-2.srce.hr:/sys/arch/amd64/compile/GENERIC.MP
  real mem = 1996279808 (1903MB)
  avail mem = 1926565888 (1837MB)
  mpath0 at root
  scsibus0 at mpath0: 256 targets
  mainbus0 at root
  bios0 at mainbus0: SMBIOS rev. 2.7 @ 0x77fd7020 (7 entries)
  bios0: vendor coreboot version "v4.0.19" date 20180902
  bios0: PC Engines apu2

But I see even worst performance now: 458 Mbits/sec

 
On Thu, 2018-10-04 at 22:26 +0200, Hrvoje Popovski wrote:
> On 4.10.2018. 5:58, Benjamin Petit wrote:
> > Ok so I compared 6.3-release, 6.3-release+syspatches(=stable?) and
> > the latest snapshot from October 2.
> > 
> > I measured iperf3 throughput between A and B, like this:
> > PC A <---> APU2 <---> PC B
> > 
> > pf rules are the one shipped by default in 6.3:
> > 
> >   gw# pfctl
> > -sr
> >  
> >   block return all
> >   pass all flags S/SA
> >   block return in on ! lo0 proto tcp from any to any port 6000:6010
> >   block return out log proto tcp all user = 55
> >   block return out log proto udp all user = 55
> > 
> > OpenBSD 6.3 RELEASE:   
> >   - pf enabled:  841 Mbits/sec  
> >   - pf disabled: 935 Mbits/sec
> > 
> > OpenBSD 6.3 + Syspatch:
> >   - pf enabled:  803 Mbits/sec
> >   - pf disabled: 936 Mbits/sec
> > 
> > OpenBSD CURRENT:
> >   - pf enabled: 526 Mbits/sec (541 with kern.pool_debug=0)
> >   - pf disabled: 934 Mbits/sec
> > 
> > So there is a small perf drop when applying all syspatches to 6.3
> > (not sure which one cause the drop), 
> > but the performance drop SIGNIFICANTLY using the latest snapshot.
> > 
> > Am I missing something? (I really hope I am)
> > 
> 
> Hi,
> 
> if you're feeling brave enough and you can test/experiment
> with pf you can download openbsd kernel with experimental MP support
> from here http://kosjenka.srce.hr/~hrvoje/zaprocvat/smpfbsd
> 
> SHA256 (smpfbsd) =
> e95e94190a0e52de7690b3278cfab14985817089e7a53615cd2599420593b32c
> 
> this kernel is compiled with option WITH_PF_LOCK and NET_TASKQ=4
> 
> before you download it please backup your active kernel so if
> something
> goes wrong you can put it back ..
> 
> cp /bsd /goodbsd
> cp smpfbsd /bsd
> reboot
> 
> if something goes wrong at boot prompt before kernel starts to boot
> you
> can boot old kernel with command - boot goodbsd
> 
> i'm running this kernel for few days and i'm hitting pf, pfsync and
> pflow quite hard and it seems stable :)
>

Monitoring system

2018-10-04 Thread flipchan 
Greetings all, 

I need to install a monitoring system with email notifications, I have used 
mmonit which is great but it's a little too pricey for personal use.

Can anyone recommend a open source monitoring system that support email 
notifications and monitoring of multiple hosts running openbsd.


Something more modern then nagios would be great, I just need it to work so as 
long as it supports email notifications and monitoring of more then one host 
it's good 


Thanks in advance 



-- 
Take Care Sincerely flipchan layerprox dev

Re: httpd and cgi

2018-10-04 Thread trondd 
On Thu, October 4, 2018 12:54 pm, Kihaguru Gathura wrote:
> Hi,
>
> For the following httpd setup, cgi scripts give a 403 Page not found
> on browser. However after removing the line:
>
> location "/*" {
> authenticate "Staff Only" with "/htpasswds"
> }
>
> cgi scripts run fine but no authentication for document root of course.
>
> Please explain the situation.
>
>
>
> ...
># $OpenBSD: httpd.conf,v 1.18 2018/03/23 11:36:41 florian Exp $
>
> server "xyz.co.ke" {
> listen on * port 80
> listen on :: port 80
> location "/.well-known/acme-challenge/*" {
> root "/acme"
> root strip 2
> }
> location * {
> block return 302 "https://$HTTP_HOST$REQUEST_URI;
> }
> }
>
> server "xyz.co.ke" {
> listen on * tls port 443
> listen on :: tls port 443
> hsts
> tls {
> certificate "/etc/ssl/xyz.co.ke.fullchain.pem"
> key "/etc/ssl/private/xyz.co.ke.key"
> }
> location "/.well-known/acme-challenge/*" {
> root "/acme"
> root strip 2
> }
> root "/xyz.co.ke"
> location "/*" {
> authenticate "Staff Only" with "/htpasswds"
> }
>
> location "/public/*" {
> directory auto index
> }
> location "/xyz/*" {
> root "/"
> fastcgi
> authenticate "Staff Only" with "/htpasswds"
> }
> }
> ..
>
> Thank you,
>
> Regards
>
> Kihaguru.
>

Move the location "/*" block to the bottom of the server block after the
specific paths.


location path {...}
Specify server configuration rules for a specific location. The path
argument will be matched against the request path with shell globbing
rules. In case of multiple location statements in the same context,
the first matching location statement will be put into effect, while
all later ones will be ignored. Therefore it is advisable to match for
more specific paths first and for generic ones later on.

Re: Performance impact of PF on APU2

2018-10-04 Thread Stuart Henderson 
On 2018-10-04, Benjamin Petit  wrote:
> I don't think the APU2 uses HT

correct

Re: Performance impact of PF on APU2

2018-10-04 Thread Hrvoje Popovski 
On 4.10.2018. 5:58, Benjamin Petit wrote:
> Ok so I compared 6.3-release, 6.3-release+syspatches(=stable?) and the latest 
> snapshot from October 2.
> 
> I measured iperf3 throughput between A and B, like this:
> PC A <---> APU2 <---> PC B
> 
> pf rules are the one shipped by default in 6.3:
> 
>   gw# pfctl -sr   
>    
>   block return all
>   pass all flags S/SA
>   block return in on ! lo0 proto tcp from any to any port 6000:6010
>   block return out log proto tcp all user = 55
>   block return out log proto udp all user = 55
> 
> OpenBSD 6.3 RELEASE:   
>   - pf enabled:  841 Mbits/sec  
>   - pf disabled: 935 Mbits/sec
> 
> OpenBSD 6.3 + Syspatch:
>   - pf enabled:  803 Mbits/sec
>   - pf disabled: 936 Mbits/sec
> 
> OpenBSD CURRENT:
>   - pf enabled: 526 Mbits/sec (541 with kern.pool_debug=0)
>   - pf disabled: 934 Mbits/sec
> 
> So there is a small perf drop when applying all syspatches to 6.3 (not sure 
> which one cause the drop), 
> but the performance drop SIGNIFICANTLY using the latest snapshot.
> 
> Am I missing something? (I really hope I am)
> 

Hi,

if you're feeling brave enough and you can test/experiment
with pf you can download openbsd kernel with experimental MP support
from here http://kosjenka.srce.hr/~hrvoje/zaprocvat/smpfbsd

SHA256 (smpfbsd) =
e95e94190a0e52de7690b3278cfab14985817089e7a53615cd2599420593b32c

this kernel is compiled with option WITH_PF_LOCK and NET_TASKQ=4

before you download it please backup your active kernel so if something
goes wrong you can put it back ..

cp /bsd /goodbsd
cp smpfbsd /bsd
reboot

if something goes wrong at boot prompt before kernel starts to boot you
can boot old kernel with command - boot goodbsd

i'm running this kernel for few days and i'm hitting pf, pfsync and
pflow quite hard and it seems stable :)

httpd and cgi

2018-10-04 Thread Kihaguru Gathura 
Hi,

For the following httpd setup, cgi scripts give a 403 Page not found
on browser. However after removing the line:

location "/*" {
authenticate "Staff Only" with "/htpasswds"
}

cgi scripts run fine but no authentication for document root of course.

Please explain the situation.



...
   # $OpenBSD: httpd.conf,v 1.18 2018/03/23 11:36:41 florian Exp $

server "xyz.co.ke" {
listen on * port 80
listen on :: port 80
location "/.well-known/acme-challenge/*" {
root "/acme"
root strip 2
}
location * {
block return 302 "https://$HTTP_HOST$REQUEST_URI;
}
}

server "xyz.co.ke" {
listen on * tls port 443
listen on :: tls port 443
hsts
tls {
certificate "/etc/ssl/xyz.co.ke.fullchain.pem"
key "/etc/ssl/private/xyz.co.ke.key"
}
location "/.well-known/acme-challenge/*" {
root "/acme"
root strip 2
}
root "/xyz.co.ke"
location "/*" {
authenticate "Staff Only" with "/htpasswds"
}

location "/public/*" {
directory auto index
}
location "/xyz/*" {
root "/"
fastcgi
authenticate "Staff Only" with "/htpasswds"
}
}
..

Thank you,

Regards

Kihaguru.