Re: Profiling ifconfig
Profiling ifconfig was my first guess, I am not an experienced programmer in any sense of the word. I did the ktrace/kdump run, and the result is just 65 lines, most of which seem normal (attached). The suspicious lines below: ``` 78429 ifconfig 1639744429.761912 CALL socket(AF_INET,0x2,0) 78429 ifconfig 1639744429.761920 RET socket 3 78429 ifconfig 1639744429.761922 CALL ioctl(3,SIOCGIFFLAGS,0xcc175b5b2a8) 78429 ifconfig 1639744429.761925 RET ioctl 0 78429 ifconfig 1639744429.761926 CALL ioctl(3,SIOCGIFXFLAGS,0xcc175b5b2a8) 78429 ifconfig 1639744429.761927 RET ioctl 0 78429 ifconfig 1639744429.761928 CALL ioctl(3,SIOCGIFMETRIC,0xcc175b5b2a8) 78429 ifconfig 1639744429.761929 RET ioctl 0 78429 ifconfig 1639744429.761934 CALL ioctl(3,SIOCBRDGRTS,0x7f7bda50) 78429 ifconfig 1639744429.761936 RET ioctl -1 errno 25 Inappropriate ioctl for device 78429 ifconfig 1639744429.761937 CALL ioctl(3,SIOCGIFMTU,0xcc175b5b2a8) 78429 ifconfig 1639744429.761939 RET ioctl 0 78429 ifconfig 1639744429.761939 CALL ioctl(3,SIOCGIFRDOMAIN,0xcc175b5b2a8) 78429 ifconfig 1639744429.761942 RET ioctl 0 78429 ifconfig 1639744429.761943 CALL ioctl(3,SIOCGIFLLPRIO,0xcc175b5b2a8) 78429 ifconfig 1639744429.761944 RET ioctl 0 78429 ifconfig 1639744429.761945 CALL ioctl(3,SIOCGIFFLAGS,0x7f7bda80) 78429 ifconfig 1639744429.761946 RET ioctl 0 78429 ifconfig 1639744429.761947 CALL ioctl(3,SIOCSIFFLAGS,0x7f7bda80) 78429 ifconfig 1639744660.684179 RET ioctl 0 78429 ifconfig 1639744660.701556 CALL mprotect(0xcc385a48000,0x1000,0x3) ``` I have no idea what this means, to be honest. ioctl(3,SIOCSIFFLAGS,0x7f7bda80) seems to be the one running for 231 second. I looked at the code of if_vio.c, and it seems to be taking time at calling vio_init (as there is not much more in this ioctl), however, I do not know much about debugging kernel drivers, so suggestions welcome :). Is there a way to recompile it with profiling/tracing information, or maybe just putting printfs manually around the most interesting lines would be more productive? ifconfig-kdump.result.2021-12-17_12-34 Description: Binary data "Theo de Raadt" writes: > Claudio Jeker wrote: > >> On Thu, Dec 16, 2021 at 03:55:43PM +0800, Vladimir Nikishkin wrote: >> > Hello, everyone >> > >> > Recently I had a problem: my system is losing network connectivity, >> > although the interface (vio0 on KVM) seemed up. Restarting the >> > connection with `ifconfig vio0 down` and `ifconfig vio0 up` restores the >> > connection. >> > >> > However, when I timed the execution, I found that the second `up` can >> > take up to 15 minutes. (Hugely unexpected!) To find out where the >> > program is waiting, I decided to recompile ifconfig from source with >> > debugging and profiling support. >> > >> > Slightly adjusting the commands provided by the Makefile, I came up with >> > the following commands: >> > >> > ``` >> > egcc -O0 -g -pg -fPIC -Werror-implicit-function-declaration -c ifconfig.c >> > egcc -O0 -g -pg -fPIC -Werror-implicit-function-declaration -c brconfig.c >> > egcc -O0 -g -pg -fPIC -Werror-implicit-function-declaration -c sff.c >> > egcc -g -pg -shared -pie -o ifconfig ifconfig.o brconfig.o sff.o -lc -pg >> > ``` >> > >> > However, when I run ./ifconfig compiled like this, I am getting (besides >> > the output of ifconfig itself) the following error message: >> > >> > ``` >> > gmon.out: No such file or directory >> > ``` >> > >> > I find this unexpected. Compiling and linking a simple helloworld with >> > -pg -g seems to be working fine, and gmon.out is produced as expected. >> > >> > What am I doing wrong? Is there something specific that needs to be >> > permitted to profile ifconfig? >> >> I doubt the problem is in ifconfig(8) itself but more an ioctl that takes >> long to finish. Anyway for prfiling to work you need to neuter unveil() in >> ifconfig. e.g. by changing the code. With unveil on the gmon.out file >> written in the atexit handler can't be created. > > Wrong tool being used to debug a userland program. It is better to attach > a debugger to a -g executable. Or use ktrace -di with kdump, to figure out > what system calls it is stuck in. > > And I suspect you will quickly decide there is no problem in ifconfig.. -- Your sincerely, Vladimir Nikishkin (MiEr, lockywolf) (Laptop)
Profiling ifconfig
Hello, everyone Recently I had a problem: my system is losing network connectivity, although the interface (vio0 on KVM) seemed up. Restarting the connection with `ifconfig vio0 down` and `ifconfig vio0 up` restores the connection. However, when I timed the execution, I found that the second `up` can take up to 15 minutes. (Hugely unexpected!) To find out where the program is waiting, I decided to recompile ifconfig from source with debugging and profiling support. Slightly adjusting the commands provided by the Makefile, I came up with the following commands: ``` egcc -O0 -g -pg -fPIC -Werror-implicit-function-declaration -c ifconfig.c egcc -O0 -g -pg -fPIC -Werror-implicit-function-declaration -c brconfig.c egcc -O0 -g -pg -fPIC -Werror-implicit-function-declaration -c sff.c egcc -g -pg -shared -pie -o ifconfig ifconfig.o brconfig.o sff.o -lc -pg ``` However, when I run ./ifconfig compiled like this, I am getting (besides the output of ifconfig itself) the following error message: ``` gmon.out: No such file or directory ``` I find this unexpected. Compiling and linking a simple helloworld with -pg -g seems to be working fine, and gmon.out is produced as expected. What am I doing wrong? Is there something specific that needs to be permitted to profile ifconfig? -- Your sincerely, Vladimir Nikishkin (MiEr, lockywolf) (Laptop)
(Feedback needed) openbsd and ulimits.
Hello, everyone. I found this problem when trying to write some go on OpenBSD: https://github.com/google/starlark-go/issues/382 OpenBSD enforces ulimits on virtual space, whereas many operating systems do not. `starlark`, as, in fact, many other pieces of software, casually allocate "all virtual space in 32 bits", because presumably that does not hurt on other operating systems. Hence, software using starlark compiles, but does not run. What would be the best approach to make it work on OpenBSD? I am not an expert on POSIX memory management in any sense of the word, so please, those who are, comment on that issue. -- Your sincerely, Vladimir Nikishkin (MiEr, lockywolf) (Laptop)
portgen does not handle go ports with capital letter in name
Dear all, I tried to use portgen to semi-automatically generate a port for a go project with a capital letter in the name. It failed with a cryptic error. I commented out the code in Port.pm the place which retries to generate a name for everything other than Perl (p5), and it worked. I thing Go.pm does not expect to be called the second time with a name. Hope this helps. -- Your sincerely, Vladimir Nikishkin (MiEr, lockywolf) (Laptop)
Re: (bug?) relayd forward to directives interfering
This has actually been reported before: https://www.mail-archive.com/bugs@openbsd.org/msg14189.html Jean-Pierre de Villiers writes: > On 21/08/11 04:34pm, Vladimir Nikishkin wrote: >> I do not think my setup is related to "TLS Inspection". > > Apologies, my misunderstanding. I always forget I divert traffic to to > localhost in my setup. Anyway, > >> There is no problem connecting to the TLS-enabled backend. The problem >> appears when connecting to the HTTP backend, when, _at the same time_, >> in the same relay there is another redirect to the TLS backend. > > Did you make sure to use the https scheme in your curl request? > Something like: > > $ curl https://domain.example/http > > The listener is still a TLS listener even if the backend uses only plain > http. > > Sorry for the confusion. > > Regards, > JP -- Your sincerely, Vladimir Nikishkin (MiEr, lockywolf) (Laptop)
Re: (bug?) relayd forward to directives interfering
I do not think my setup is related to "TLS Inspection". There is no problem connecting to the TLS-enabled backend. The problem appears when connecting to the HTTP backend, when, _at the same time_, in the same relay there is another redirect to the TLS backend. On Wed, 11 Aug 2021 at 16:15, Jean-Pierre de Villiers wrote: > > On 21/08/11 02:40pm, Vladimir Nikishkin wrote: > > However, if I keep "with tls", the requests to port 81 are going > > encrypted, and are failing with the following message in relayd logs: > > `SSL routines:ST_CONNECT:tlsv1 alert protocol version`, > > `TLS handshake error: handshake failed:`. > > What you're currently attemting is referred to as TLS inspection in > relayd.conf(5). This is when one combines client and server modes. > > In order for TLS inspection to function properly the protocol options > "ca cert" and "ca key" both need to be set. Further details found in > the "TLS Relays" and "Protocols" sections of relayd.conf(5). > > Regards, > JP -- Yours sincerely, Vladimir Nikishkin (Sent from GMail web interface.)
(bug?) relayd forward to directives interfering
Hello, everyon I have a super simple (sanitised) relayd.conf ``` $ext_ip = 192.168.1.1 table { 127.0.0.1 } table { 127.0.0.1 } http protocol "p-https" { tls session tickets tls keypair domain.example tls ca file "/etc/ssl/cert.pem" http websockets tcp { nodelay, sack, socket buffer 65536, backlog 100 } return error block pass request path log "/http*" forward to pass request path log "/https*" forward to pass response } relay "tlsforward" { listen on $ext_ip port 443 tls protocol "p-https" forward to port 81 forward with tls to port 82 } ``` The the problem is with the second-to-last line. If I remove "with tls", then requests to 82 are forwarded unencrypted, and curl test reports `curl: (52) Empty reply from server`. However, if I keep "with tls", the requests to port 81 are going encrypted, and are failing with the following message in relayd logs: `SSL routines:ST_CONNECT:tlsv1 alert protocol version`, `TLS handshake error: handshake failed:`. There should not be any TLS handshakes at port 81, because the backend at port 81 is http-only. Could someone verify that this is the case? Is there anything I am missing here? -- Your sincerely, Vladimir Nikishkin (MiEr, lockywolf) (Laptop)
iked choosing the wrong policy?
Hello, everyone. This is my iked.conf: ``` ikev2 "for-phone" passive esp \ from any to 10.0.3.2/32 \ local egress peer any \ ikesa enc aes-256 prf hmac-sha2-256 auth hmac-sha2-256 group ecp256 \ childsa enc aes-256 auth hmac-sha2-256 prf hmac-sha2-256 group ecp256 \ srcid server.mine \ dstid phone.mine \ eap "mschap-v2" \ config address 10.0.3.2 \ config name-server 10.0.0.1 \ config netmask 255.255.255.255 \ config protected-subnet 10.0.0.0/24 \ config protected-subnet 10.0.1.0/24 \ config protected-subnet 10.0.2.0/24 \ tag "ROADW" ikev2 "for-laptop" passive esp \ from any to 10.0.3.3/32 \ local egress peer any \ ikesa enc aes-256 auth hmac-sha2-512 prf hmac-sha2-512 group ecp521 \ childsa enc aes-256 auth hmac-sha2-512 group ecp521 \ srcid server.mine \ dstid laptop.mine \ rsa \ config address 10.0.3.3 \ config name-server 10.0.0.1 \ config netmask 255.255.255.255 \ config protected-subnet 10.0.0.0/24 \ config protected-subnet 10.0.1.0/24 \ config protected-subnet 10.0.2.0/24 \ tag "ROADW" ``` I expected the peer presenting itself as "phone.mine" get the first policy (as long as it manages to authenticate by mschapv2), and the peer presenting itself as "laptop.mine" to get the second policy. However, what happens in reality is that both of them are being given the second policy, and the phone fails to authenticate. If I comment out the second policy, the phone successfully gets the first policy and authenticates itself, but, obviously, the laptop does not work then. How to correct the setup? -- Your sincerely, Vladimir Nikishkin (MiEr, lockywolf) (Laptop)
Potential bug in /usr/sbin/ndp lines 316-364 with RTF_LLINFO
Hello, everyone. I believe, ndp.c has a bug. 1. Line 319 defines a fresh m_rtmsg, and does not initialise it. 2. Therefore m_rtmsg.m_rtm should be empty or zero. (Or constant, I am not very sure) 3. Line 329 defines rtm and makes it a pointer to a fresh (empty or constant) m_rtmsg.m_rtm. 4. Nothing uses either m_rtmsg or rtm until lines 363+364. 5. On line 363, `if` checks that rtm->rtm_flags & RTF_LLINFO is true. Effectively, it is checking that m_rtmsg.r_rtm.rtm_flags has some bit set. This check is either checking an uninitialised, or a constant value. (I am not very sure how fresh structures are initialised in OpenBSD) In either case, it is not useful. In effect, `ndp -s ` always fails, because this check is always false. -- Your sincerely, Vladimir Nikishkin (MiEr, lockywolf) (Laptop)
ndp for ND (ipv6) proxying on /64 prefix is failing cryptically.
Hello, everyone I am running an OpenBSD 6.9 Vultr node. Vultr is issuing /64 prefixes with SLAAC. I have a few machines behind this node, connected via wireguard. For simplicity, let us say that vio0 is the default interface, configured the way Vultr suggests: hostname.vio0 dhcp inet6 autoconf -temporary -soii wireguard is configured like this: hostname.wg0 inet6 128 !/usr/local/bin/wg setconf wg0 /etc/wireguard/server.conf from the outside I cannot pint , the response being 2401:c080:1c00:a4::33 icmp_seq=3 Destination unreachable: Address unreachable If my understanding is correct, that is because wg0 cannot respond to ND requests from the router. Trying to set up proxy NDP, I am running ndp like thi: ndp -s temp proxy If I understand correctly, this should make "vio0" announce the static ip to the router. (the words "temp" and "proxy" seem to have no effect) However, ndp errs: ndp: set: cannot configure a new entry There seems to have been a similar error in 2008: http://openbsd-archive.7691.n7.nabble.com/error-with-ndp-only-on-sparc64-td200752.html and https://marc.info/?l=openbsd-ipv6&m=120731349004033&w=2 sysctl: net.inet6.ip6.forwarding=1 but net.inet6.ip6.accept_rtadv=0 seems to have disappeared. What is it that I am doing wrong? The nabble message mentions some bug in ndp, but it should have disappeared long ago. Perhaps, an FAQ entry related to ndp would be nice to have? Ipv6 is supposed to have the adoption rate of 33%, not such an uncommon thing any more. -- Your sincerely, Vladimir Nikishkin (MiEr, lockywolf) (Laptop)
Re: what's wrong with /etc/netstart rum0 on 5.2
On Wed, Dec 5, 2012 at 5:10 AM, lilit-aibolit wrote: > inet 192.168.55.254 255.255.255.0 NONE -inet6 media autoselect mode 11g \ > mediaopt hostap chan 8 nwid namewifi \ > I'd use the 'wpakey' keyword in /etc/hostname.rum0 like so: inet 192.168.55.254 255.255.255.0 NONE media autoselect mode 11g \ mediaopt hostap chan 8 nwid namewifi wpakey blah-blah up -inet6 Seems to work for me with /etc/netstart rum0 -- #include "Vlad"
Re: gre mpls packet decapsulation (4.8/i386)
that's how this service is designed (what you see as pseudowire) is there a roadmap for L2/pseudowire support? cheers! Vladimir On Mon, Nov 8, 2010 at 10:08 AM, Claudio Jeker wrote: > > OK, those packets look like PWE3 encapsulated ethernet frames. mpe(4) only > supports L3 IP/IPv6 traffic for now. So the only way out here is to use a > L3 MPLS VPN. > :wq Claudio
Re: Bridge frame reassembly over gif/ipsec
Hi, 1. as far as my knowledge goes pure mpls packet should not be fragmented 2. i am unuware of IPSec encap of MPLS, maybe in GRE first? but once such encap is done there is DF bit set. 3. maybe it will be easier to put additional routers on both endpoints with interfaces set with an IP MTU, small enough? cheers! Vladimir On Sun, Nov 7, 2010 at 11:02 PM, Doug Clements wrote: > Hi, > From the man page for bridge (4): > > If an IP packet is too large for the outgoing interface, the bridge > will > perform IP fragmentation. This can happen when bridge members have > different MTUs or when IP fragments are reassembled by pf. Non-IP > packets which are too large for the outgoing interface will be dropped. > > Is it somehow possible (maybe with different features?) to fragment a > layer2 frame for reassembly on the other side of a bridge? This would > be for use with MPLS, so using pf's scrub directive would not be > applicable. The desired behavior would be to take in 1500 bytes of IP > payload with an added MPLS label and transport this inside a gif/ipsec > tunnel over the internet (with a wan-link MTU of 1500). > > --Doug
Re: gre mpls packet decapsulation (4.8/i386)
tcpdump -nvi vic1 -X ip proto 47 18:20:27.697032 gre 10.163.0.8 > 10.163.0.162: [] gre-proto-0x8847 (DF) (ttl 255, id 276, len 130) : 4500 0082 0114 4000 ff2f 6449 0aa3 0008 e.@./dI.#.. 0010: 0aa3 00a2 8847 032c 91ff 0016 4d40 .#."...G.,...M@ 0020: 17f3 0050 5601 009e 8100 05e6 0800 4500 .s.PV..f..E. 0030: 0054 6891 ff01 3d28 0aa3 00a2 0aa3 .Th....=(.#.".# 0040: 0008 0800 17dc c975 4cd4 3cdb 000a .\Iu..LT<[.. 0050: a1f1 0809 0a0b 0c0d 0e0f 1011 1213 1415 !q.. 0060: 1617 1819 1a1b .. tcpdump -nvi gre0 -X 18:20:27.697069 MPLS(label 13001, exp 0, ttl 255) : 032c 91ff 0016 4d40 17f3 0050 5601 009e .,....@.s.pv... 0010: 8100 05e6 0800 4500 0054 6891 ff01 ...f..E..Th.... 0020: 3d28 0aa3 00a2 0aa3 0008 0800 17dc c975 =(.#.".#.\Iu 0030: 4cd4 3cdb 000a a1f1 0809 0a0b 0c0d ..LT<[..!q.. 0040: 0e0f 1011 1213 1415 1617 1819 1a1b 1c1d 0050: 1e1f 2021 2223 2425 2627 2829 2a2b 2c2d .. !"#$%&'()*+,- 0060: 2e2f 3031 3233 3435 3637 ./01234567 On Fri, Nov 5, 2010 at 6:13 PM, Stuart Henderson wrote: > In gmane.os.openbsd.misc, you wrote: > > see pcap's attached, > > > > On Fri, Nov 5, 2010 at 4:08 PM, Claudio Jeker >wrote: > > > >> On Fri, Nov 05, 2010 at 03:43:07PM +0100, Vladimir Ostrovskiy wrote: > >> > Hello All, > >> > a question: > >> > >> Please just include tcpdump -nvi vic1 -X and tcpdump -nvi gre0 -X > output. > >> Tcpdump is in base for a reason. Include route -n show -mpls as well > >> please. > >> > >> AF 33 is MPLS and gre(4) so that seems to be OK. > >> -- > >> :wq Claudio > > > > [demime 1.01d removed an attachment of type application/octet-stream > which had a name of gre0-capture.pcap] > > > > [demime 1.01d removed an attachment of type application/octet-stream > which had a name of vic1-capture.pcap] > > > > > > Just include the output from the commands Claudio showed, pasted into the > email body (i.e. in-line text, not as an attachment).
Re: gre mpls packet decapsulation (4.8/i386)
forgot the routes # route -n show -mpls Routing tables MPLS: In label Out label Op Gateway Flags Refs Use Mtu Prio Interface 3 - LOCAL default UGT 0 0 - 56 vic0 16 - LOCAL 10.166.41.1 UGT 0 0 - 56 vic0 17 131071 SWAP 10.163.0.161 UGT 0 0 - 56 vic1 18 - LOCAL 192.168.255.1 UGT 0 0 33200 56 lo1 13000 - POP mpe0 T 0 0 - 4 mpe0 13001 - POP mpe1 T 0 14 - 4 mpe1 On Fri, Nov 5, 2010 at 4:08 PM, Claudio Jeker wrote: > On Fri, Nov 05, 2010 at 03:43:07PM +0100, Vladimir Ostrovskiy wrote: > > Hello All, > > a question: > > Please just include tcpdump -nvi vic1 -X and tcpdump -nvi gre0 -X output. > Tcpdump is in base for a reason. Include route -n show -mpls as well > please. > > AF 33 is MPLS and gre(4) so that seems to be OK. > -- > :wq Claudio
Re: gre mpls packet decapsulation (4.8/i386)
see pcap's attached, On Fri, Nov 5, 2010 at 4:08 PM, Claudio Jeker wrote: > On Fri, Nov 05, 2010 at 03:43:07PM +0100, Vladimir Ostrovskiy wrote: > > Hello All, > > a question: > > Please just include tcpdump -nvi vic1 -X and tcpdump -nvi gre0 -X output. > Tcpdump is in base for a reason. Include route -n show -mpls as well > please. > > AF 33 is MPLS and gre(4) so that seems to be OK. > -- > :wq Claudio [demime 1.01d removed an attachment of type application/octet-stream which had a name of gre0-capture.pcap] [demime 1.01d removed an attachment of type application/octet-stream which had a name of vic1-capture.pcap]
gre mpls packet decapsulation (4.8/i386)
Hello All, a question: i have a setup where an mpls P router sends via GRE SDP (service delivery path) traffic to an openbsd machine, acting as a PE, i need to have my traffic decapsulated to the original payload (minus gre, minus mpls headers) however i have difficulties getting proper payload after a gre interface. following interfaces are configured. original ip addresses are replaced with A and B. vic1: flags=88843 mtu 1530 lladdr 00:50:56:01:00:9e priority: 0 media: Ethernet autoselect status: active inet ___A___ netmask 0xfff8 broadcast __C__ gre0: flags=89011 mtu 1476 priority: 0 groups: gre physical address inet ___A___--> ___B___ inet ___A___--> ___B___netmask 0xff00 mpe1: flags=51 mtu 1500 priority: 0 mpls label: 13001 groups: mpe lo1: flags=8049 mtu 33200 priority: 0 groups: lo inet 192.168.255.1 netmask 0xff00 a packet comes in with following stack, as captured on the vic1. there in MPLS header i have expected label 13001 which should be "poped", see attachment, gre-mpls-packet.png, however on the gre0 interface at the same time i see some family 33 header, prepending the payload of original packet starting with the mpls header, see attachment: data-packet.png i run a custom 4.8 kernel on i386 with MP, MPLS and mpe enabled cheers! Vladimir [demime 1.01d removed an attachment of type image/png which had a name of gre-mpls-packet.png] [demime 1.01d removed an attachment of type image/png which had a name of data-packet.png]
Re: OpenBSD Vim Programming FAQ
On 11:43 Thu 12 Aug, Darrin Chandler wrote: > On Thu, Aug 12, 2010 at 01:07:47PM +0200, Tomas Vavrys wrote: > > 2010/8/12 Ingo Schwarze : > > > Oh, and also note that "OpenBSD and vim" is a weird topic. "OpenBSD > > > and nvi" or "OpenBSD and mg" would seem more natural. On the other > > > hand, some people (including Marco) apparently like the topic, so it > > > may be useful. B But don't feel disappointed if many people > > > completely ignore your effort because you are focussing on a > > > non-standard combination. > > > > > Unfortunately there is at least 7 people who would like to see some > > tutorial. > > I do not think it's a weird topic, and I know of developers aside from > Marco who use Vim (who have kindly shared some settings with me). style(9): Indentation is an 8 character tab. Second level indents are four spaces. while (cnt < 20) z = a + really + long + statement + that + needs + two + lines + gets + indented + four + spaces + on + the + second + and + subsequent + lines; How do you guys follow this rule in vim neatly?
Re: What does your environment look like?
On 15:32 Tue 05 Jan, Jonathan Thornburg wrote: > Very minimalist: > > No xdm -- I login and type 'startx&;logout'. startx() { pgrep startx && wsconsctl display.focus=4 \ || (/usr/X11R6/bin/startx >& ~/.startx.out &) lock -pn } (zsh) Might be useful and more convinient
Re: core dump files in invalid format on 4.3 (x86)
iirc core dump format was changed to elf(5) sometime around when PIE was imported, you probably need older gdb On 20:38 Thu 08 Oct, openbsd.misc.tmp openbsd.misc.tmp wrote: > Hi! > > I have an application that in very seldom cases causes core dumps on about a > dotzen machines that are located on customers sites. > > What I have is application.core, but I cannot read this: > > # gdb -c /home/me/application.core /home/me/application > GNU gdb 6.3 > Copyright 2004 Free Software Foundation, Inc. > GDB is free software, covered by the GNU General Public License, and you are > welcome to change it and/or distribute copies of it under certain > conditions. > Type "show copying" to see the conditions. > There is absolutely no warranty for GDB. Type "show warranty" for details. > This GDB was configured as "i386-unknown-openbsd4.3"...(no debugging symbols > found) > > "/home/me/application.core " is not a core dump: File format not recognized > (gdb) quit > > # file /home/me/application.core > /home/me/application.core: data > > Anybody got an idea how this can happen? What can I do with the file I have? > > This happened more than once. Yet, all the .core files I was able to get > were unusable to me. However, when I initiate a .core file by exiting the > application intentionally with a signal, the resulting core files are OK. > > Thanks in advance! > > Regards, > T.
Re: General RE-Build Question
On 16:42 Thu 27 Nov, Morris, Roy wrote: > Hmmm, thanks. I think I'll take the rm -r route. > Sounds like I fracked something up for sure. > cvsco from ports/devel/cvsutils might be a better way to fix a screwed up tree then (less traffic). -- Vladimir Kirillov
Re: relayd exits when disabling and enabling hosts
My recommendation is not to release software that hasn't had even the most basic testing. I would consider disabling/enabling basic functionality. I would consider relayd coredumps on state changes with 4.3-RELEASE to be a huge no no. I thank you for your contribution however I am allowed to express my opinion over crappy software. I have Googled over issues that I laid out and they have been around for a while e.g. check Questions at https://calomel.org/relayd.html Therefore I said that relayd is alpha quality software at best. You are welcome to take offense at that however I am saying this so that people who may critically rely on this can make proper evaluation. Vladimir Reyk Floeter wrote: my recommendation is to stay away from this list if you're not able to send useful bug reports. i use relayd in many production setups and it works just fine; of course there are bugs but they can fixed or reported. anyway, i can verify your problem on cleaning up the pf anchor, i also did some changes before 4.4 here. On Mon, Nov 10, 2008 at 03:15:22PM -0500, Vladimir wrote: My recommendation is to stay away from relayd. I have had only bad experiences with it including a bad production outage. It fails on state changes, it fails on enabling or disabling hosts, it fails for no apparent reason. When it fails it doesn't clean up and you have to run manually something along these lines for i in `pfctl -a 'relayd/*' -vvsA | sed 's,^.*relayd/,,'` do pfctl -a relayd/$i -Fa etc. etc. Vladimir David Caro wrote: first of all, sorry for my english (i'm spaniard) i have two testing firewalls running OpenBSD 4.3 -release (fresh install), with carp and pfsync configured and working, but when i disable one host with 'relayctl host disable' and then enable it, relayd exits. a screenshot of the relayd: [EMAIL PROTECTED]:~]# relayd -d -vvv startup init_filter: filter init done relay_privinit: adding relay web init_tables: created 0 tables protocol 0: name default hce_notify_done: 192.168.4.11 (recv_icmp: done) flags: 0x0004 host 192.168.4.11, check icmp (0ms), state unknown -> up, availability 100.00% type: pfe_dispatch_imsg: state 1 for host 5 192.168.4.11 tcp hce_notify_done: 192.168.4.12 (recv_icmp: done) relay_init: max open files 1024 host 192.168.4.12, check icmp (0ms), state unknown -> up, availability 100.00% relay_init: max open files 1024 relay_init: max open files 1024 relay_init: max open files 1024 relay_init: max open files 1024 adding 3 hosts from table pruebas:80 pfe_dispatch_imsg: state 1 for host 4 192.168.4.12 adding 3 hosts from table pruebas:80 adding 3 hosts from table pruebas:80 adding 3 hosts from table pruebas:80 adding 3 hosts from table pruebas:80 relay_launch: running relay web hce_notify_done: 192.168.4.13 (recv_icmp: done) relay_launch: running relay web relay_launch: running relay web relay_launch: running relay web relay_launch: running relay web host 192.168.4.13, check icmp (0ms), state unknown -> up, availability 100.00% pfe_dispatch_imsg: state 1 for host 3 192.168.4.13 hce_notify_done: 192.168.4.11 (recv_icmp: done) hce_notify_done: 192.168.4.12 (recv_icmp: done) hce_notify_done: 192.168.4.13 (recv_icmp: done) disable_host: disabled host 4 hce_notify_done: 192.168.4.11 (recv_icmp: done) hce_notify_done: 192.168.4.13 (recv_icmp: done) host 192.168.4.12, check icmp (0ms), state up -> down, availability 0.00% hce_notify_done: 192.168.4.11 (recv_icmp: done) hce_notify_done: 192.168.4.13 (recv_icmp: done) enable_host: enabled host 4 hce_notify_done: 192.168.4.11 (recv_icmp: done) hce_notify_done: 192.168.4.12 (recv_icmp: done) host 192.168.4.12, check icmp (0ms), state unknown -> up, availability 33.33% pfe_dispatch_imsg: host 4 => 0 hce_notify_done: 192.168.4.13 (recv_icmp: done) fatal: pfe_dispatch_imsg: desynchronized host check engine exiting check_child: lost child: pf update engine exited socket relay engine exiting socket relay engine exiting socket relay engine exiting socket relay engine exiting socket relay engine exiting terminating and the relayctl: -- [EMAIL PROTECTED]:~]# relayctl show summary Id TypeNameAvlblty Status 0 relay web active 1 table pruebas:80 active (3 hosts up) 5 host192.168.4.11100.00% up 4 host192.168.4.12100.00% up 3 host192.168.4.13100.00% up [EMAIL PROTECTED]:~]# relayctl host disable 4 command succeeded [EMAIL PROTECTED]:~]# relayctl show summary Id TypeNameAvlblty Status 0 relay web active 1 table prue
Re: relayd exits when disabling and enabling hosts
My recommendation is to stay away from relayd. I have had only bad experiences with it including a bad production outage. It fails on state changes, it fails on enabling or disabling hosts, it fails for no apparent reason. When it fails it doesn't clean up and you have to run manually something along these lines for i in `pfctl -a 'relayd/*' -vvsA | sed 's,^.*relayd/,,'` do pfctl -a relayd/$i -Fa etc. etc. Vladimir David Caro wrote: first of all, sorry for my english (i'm spaniard) i have two testing firewalls running OpenBSD 4.3 -release (fresh install), with carp and pfsync configured and working, but when i disable one host with 'relayctl host disable' and then enable it, relayd exits. a screenshot of the relayd: [EMAIL PROTECTED]:~]# relayd -d -vvv startup init_filter: filter init done relay_privinit: adding relay web init_tables: created 0 tables protocol 0: name default hce_notify_done: 192.168.4.11 (recv_icmp: done) flags: 0x0004 host 192.168.4.11, check icmp (0ms), state unknown -> up, availability 100.00% type: pfe_dispatch_imsg: state 1 for host 5 192.168.4.11 tcp hce_notify_done: 192.168.4.12 (recv_icmp: done) relay_init: max open files 1024 host 192.168.4.12, check icmp (0ms), state unknown -> up, availability 100.00% relay_init: max open files 1024 relay_init: max open files 1024 relay_init: max open files 1024 relay_init: max open files 1024 adding 3 hosts from table pruebas:80 pfe_dispatch_imsg: state 1 for host 4 192.168.4.12 adding 3 hosts from table pruebas:80 adding 3 hosts from table pruebas:80 adding 3 hosts from table pruebas:80 adding 3 hosts from table pruebas:80 relay_launch: running relay web hce_notify_done: 192.168.4.13 (recv_icmp: done) relay_launch: running relay web relay_launch: running relay web relay_launch: running relay web relay_launch: running relay web host 192.168.4.13, check icmp (0ms), state unknown -> up, availability 100.00% pfe_dispatch_imsg: state 1 for host 3 192.168.4.13 hce_notify_done: 192.168.4.11 (recv_icmp: done) hce_notify_done: 192.168.4.12 (recv_icmp: done) hce_notify_done: 192.168.4.13 (recv_icmp: done) disable_host: disabled host 4 hce_notify_done: 192.168.4.11 (recv_icmp: done) hce_notify_done: 192.168.4.13 (recv_icmp: done) host 192.168.4.12, check icmp (0ms), state up -> down, availability 0.00% hce_notify_done: 192.168.4.11 (recv_icmp: done) hce_notify_done: 192.168.4.13 (recv_icmp: done) enable_host: enabled host 4 hce_notify_done: 192.168.4.11 (recv_icmp: done) hce_notify_done: 192.168.4.12 (recv_icmp: done) host 192.168.4.12, check icmp (0ms), state unknown -> up, availability 33.33% pfe_dispatch_imsg: host 4 => 0 hce_notify_done: 192.168.4.13 (recv_icmp: done) fatal: pfe_dispatch_imsg: desynchronized host check engine exiting check_child: lost child: pf update engine exited socket relay engine exiting socket relay engine exiting socket relay engine exiting socket relay engine exiting socket relay engine exiting terminating and the relayctl: -- [EMAIL PROTECTED]:~]# relayctl show summary Id TypeNameAvlblty Status 0 relay web active 1 table pruebas:80 active (3 hosts up) 5 host192.168.4.11100.00% up 4 host192.168.4.12100.00% up 3 host192.168.4.13100.00% up [EMAIL PROTECTED]:~]# relayctl host disable 4 command succeeded [EMAIL PROTECTED]:~]# relayctl show summary Id TypeNameAvlblty Status 0 relay web active 1 table pruebas:80 active (2 hosts up) 5 host192.168.4.11100.00% up 4 host192.168.4.12disabled 3 host192.168.4.13100.00% up [EMAIL PROTECTED]:~]# relayctl host disable 4 command succeeded [EMAIL PROTECTED]:~]# relayctl show summary Id TypeNameAvlblty Status 0 relay web active 1 table pruebas:80 active (2 hosts up) 5 host192.168.4.11100.00% up 4 host192.168.4.12disabled 3 host192.168.4.13100.00% up [EMAIL PROTECTED]:~]# relayctl host enable 4 command succeeded [EMAIL PROTECTED]:~]# relayctl show summary Id TypeNameAvlblty Status 0 relay web active 1 table pruebas:80
Re: NAT + IPsec problem
This is something I have struggled myself and don't have a good solution to. I actually asked a similar question to yours couple days ago :-( http://marc.info/?l=openbsd-misc&m=122530349320838&w=2 Basically NATing stuff going through a VPN tunnel doesn't really work. I have followed the recipe from this post http://fixunix.com/bsd/87865-nat-ipsec-openbsd-pf-isakmpd.html however I was unsuccessful. I have currently resorted to using a HAproxy to proxy the traffic. Vladimir BARDOU Pierre wrote: Hello, I am trying to setup an IPsec connection. Here is the ipsec.conf : ike esp from 10.63.61.0/26 to 193.164.151.0/28 peer 193.164.151.35 \ main auth hmac-sha1 enc aes-256 \ quick auth hmac-sha1 enc aes-256 group modp1024 psk "" Tunnels go up well : flow esp in from 193.164.151.0/28 to 10.63.61.0/26 peer 193.164.151.35 srcid 212.99.28.26/32 dstid 10.3.2.2/32 type use flow esp out from 10.63.61.0/26 to 193.164.151.0/28 peer 193.164.151.35 srcid 212.99.28.26/32 dstid 10.3.2.2/32 type require esp tunnel from 193.164.151.35 to 212.99.28.26 spi 0x1fd5f292 auth hmac-sha1 enc aes esp tunnel from 212.99.28.26 to 193.164.151.35 spi 0xa0b3fc57 auth hmac-sha1 enc aes As my LAN is adressed using 10.31.0.0/16, I need to nat to 10.63.61.xxx before the tunnel. So I put this in my pf.conf : nat from 10.31.30.1 to 193.164.151.1 -> 10.63.61.2 The problem is tha packets going from 10.31.30.1 to 193.164.151.1 don't go through the tunnel, they are going to the internet. Here is the pflog : Nov 06 15:16:16.932324 rule 532/(match) pass in on bge0: 10.31.30.1 > 193.164.151.1: icmp: echo request Nov 06 15:16:16.932362 rule 1/(match) block out on em0: 10.63.61.2 > 193.164.151.1: icmp: echo request -> Packets are going out through em0 (my inet interface) instead of enc0 As pf doc says translation occurs before filtering, I don't understand why pf can see my real adress (10.31.30.1). And the most important : why outgoing packets -with "good" adresses- don't go through the tunnel ? Have I misconfigured something ? Thank you for your help -- Cordialement, Pierre BARDOU CSIM - Bureau 012 Midi PyrC)nC)es Informatique HospitaliC(re 12 rue Michel Labrousse BP93668 F-31036 Toulouse CEDEX 1 TC)l : 05 67 31 90 84 Fax : 05 34 61 51 00 Mail : [EMAIL PROTECTED]
NATing traffic going into the ipsec tunnel
We need to connect to a vendor's network over VPN however they are telling us we need to NAT all the traffic going to their network. They also want publicly addressable IPs as the NATed address (go figure). I have read extensively and looked at manuals but can't quite get it working Set up is as follows 1.1.1.1 -> My network VPN endpoint 1.1.1.100 -> My NAT address (I took it off the $ext_if) 2.2.2.1 -> Vendor Network VPN endpoint 2.2.2.100 -> Vendor NAT address Vendor is running a TCP service on 2.2.2.100:5000 that I am trying to access from my network. I have set up a VPN tunnel which seems to be in place e.g. doing netstat -nr shows this Encap: Source Port DestinationPort Proto SA(Address/Proto/Type/Direction) 2.2.2.100/32 0 1.1.1.100/320 0 2.2.2.1/esp/use/in 1.1.1.100/32 0 2.2.2.100/32 0 0 2.2.2.1/esp/require/out Then per instructions in following document I did http://fixunix.com/bsd/87865-nat-ipsec-openbsd-pf-isakmpd.html ifconfig lo1 1.1.1.100/32 route add 2.2.2.100/32 1.1.1.100 If I do that I can ping Vendor NAT address from the firewall itself but telnetting to port 2.2.2.100:5000 never connects. Then I added nat on lo1 from 10.0.8.0/24 to 2.2.2.100 -> 1.1.1.100 If I then try to ping 2.2.2.100 from e.g. 10.0.8.101 I get From 10.0.8.254 icmp_seq=1 Time to live exceeded If I try to telnet to 2.2.2.100:5000 I get # telnet 2.2.2.100 5000 Trying 2.2.2.100... telnet: connect to address 2.2.2.100: No route to host telnet: Unable to connect to remote host: No route to host If I try to sniff on lo1 I get > tcpdump -vvv -i lo1 tcpdump: listening on lo1, link-type LOOP 13:14:40.279954 10.0.8.101.55173 > 2.2.2.100.3128: S [tcp sum ok] 4262188680:4262188680(0) win 5840 0,nop,wscale 7> (DF) [tos 0x10] (ttl 63, id 3738, len 60) 13:14:40.279982 10.0.8.101.55173 > 2.2.2.100.3128: S [tcp sum ok] 4262188680:4262188680(0) win 5840 0,nop,wscale 7> (DF) [tos 0x10] (ttl 62, id 21751, len 60) 13:14:40.279993 10.0.8.101.55173 > 2.2.2.100.3128: S [tcp sum ok] 4262188680:4262188680(0) win 5840 0,nop,wscale 7> (DF) [tos 0x10] (ttl 61, id 29876, len 60) I even tried assigning the 1.1.1.100 enc0 interface which enables me to connect to 2.2.2.100:5000 from the firewall but nat over enc0 doesn't work. I would appreciate any help. Thanks, Vladimir
Re: azalia -- no sound on CURRENT
On 00:57 Fri 24 Oct, Aaron Stellman wrote: > Hello misc@, > Compiled freshly checked out -current from 10/23/08 -- no sound. > Looked through mixerctl and audioctl outputs, didn't find anything > interesting. > Downgraded azalia_codec.c to 1.49 >azalia.h to 1.15 >azalia.c to 1.55 > recompiled kernel -- sound works again. > If needed, I could track down exact revision that causes the problem. > Here's dmesg, GAMMA = GENERIC.MP + NTFS Hi! Show us the outputs of mixerctl -va and audioctl too please, -- Vladimir Kirillov http://darkproger.net
Re: uvm_mapent_alloc
On 10:18 Mon 13 Oct, Artur Grabowski wrote: > Wow. I'm impressed. So if I mailed you a random diff that you don't > understand you'd happily apply it without having a single clue about > what the diff does and who sent it? > > Cool. Can I have your money and business without going through that > hassle? Can't be bothered to make a malicious diff right now, > haven't had coffee yet. Whoops, sorry for just mailing the random diff, did it because one familiar guy had the same problem on 4.3 and updating to current after this uvm-related commit got into tree did the trick (probably getting to -current could be the only right answer, not just playing with diffs) My bad. -- Vladimir Kirillov http://darkproger.net
Re: uvm_mapent_alloc
On 19:25 Fri 10 Oct, Beavis wrote: > Vladimir, > > Sorry to bother you but I tried to apply the patch on uvm_map.c > > i copied the patch you gave me here and run > > patch -p0 < uvm_map.patch > > I get some rej. files. any pointers or help will be greatly > appreciated from anyone. or probably copy the diff to sys/uvm/ and apply it there... -- Vladimir Kirillov http://darkproger.net
Re: uvm_mapent_alloc
On 19:25 Fri 10 Oct, Beavis wrote: > Vladimir, > > Sorry to bother you but I tried to apply the patch on uvm_map.c > > i copied the patch you gave me here and run > > patch -p0 < uvm_map.patch > > I get some rej. files. any pointers or help will be greatly > appreciated from anyone. > you should do patch -p3 in /usr/src but running -current might be better :) -- Vladimir Kirillov http://darkproger.net
Re: uvm_mapent_alloc
On 14:44 Fri 10 Oct, Beavis wrote: > thanks for the reply vladimir. > > is it needed to upgrade my 4.3 stable to -current? isn't there a patch > available for this? The 4.3 uvm_map.c is 5 diffs far from this patch http://www.openbsd.org/cgi-bin/cvsweb/src/sys/uvm/uvm_map.c?r1=1.104#rev1.104 you can generate the diff yourself, cvs diff -r1.99 -r1.104 uvm_map.c or here: Index: uvm_map.c === RCS file: /cvs/src/sys/uvm/uvm_map.c,v retrieving revision 1.99 retrieving revision 1.104 diff -u -p -r1.99 -r1.104 --- uvm_map.c 15 Sep 2007 10:10:37 - 1.99 +++ uvm_map.c 23 Sep 2008 13:25:46 - 1.104 @@ -1,4 +1,4 @@ -/* $OpenBSD: uvm_map.c,v 1.99 2007/09/15 10:10:37 martin Exp $ */ +/* $OpenBSD: uvm_map.c,v 1.104 2008/09/23 13:25:46 art Exp $ */ /* $NetBSD: uvm_map.c,v 1.86 2000/11/27 08:40:03 chs Exp $ */ /* @@ -98,6 +98,7 @@ static struct timeval uvm_kmapent_last_w static struct timeval uvm_kmapent_warn_rate = { 10, 0 }; struct uvm_cnt uvm_map_call, map_backmerge, map_forwmerge; +struct uvm_cnt map_nousermerge; struct uvm_cnt uvm_mlk_call, uvm_mlk_hint; const char vmmapbsy[] = "vmmapbsy"; @@ -538,6 +539,7 @@ uvm_map_init(void) UVMCNT_INIT(map_backmerge, UVMCNT_CNT, 0, "# uvm_map() back merges", 0); UVMCNT_INIT(map_forwmerge, UVMCNT_CNT, 0, "# uvm_map() missed forward", 0); + UVMCNT_INIT(map_nousermerge, UVMCNT_CNT, 0, "# back merges skipped", 0); UVMCNT_INIT(uvm_mlk_call, UVMCNT_CNT, 0, "# map lookup calls", 0); UVMCNT_INIT(uvm_mlk_hint, UVMCNT_CNT, 0, "# map lookup hint hits", 0); @@ -726,6 +728,8 @@ uvm_map_p(struct vm_map *map, vaddr_t *s if ((map->flags & VM_MAP_INTRSAFE) == 0) splassert(IPL_NONE); + else + splassert(IPL_VM); /* * step 0: sanity check of protection code @@ -832,6 +836,15 @@ uvm_map_p(struct vm_map *map, vaddr_t *s goto step3; } + /* +* Only merge kernel mappings, but keep track +* of how much we skipped. +*/ + if (map != kernel_map && map != kmem_map) { + UVMCNT_INCR(map_nousermerge); + goto step3; + } + if (prev_entry->aref.ar_amap) { error = amap_extend(prev_entry, size); if (error) { @@ -897,6 +910,8 @@ step3: if ((flags & UVM_FLAG_OVERLAY) == 0) new_entry->etype |= UVM_ET_NEEDSCOPY; } + if (flags & UVM_FLAG_HOLE) + new_entry->etype |= UVM_ET_HOLE; new_entry->protection = prot; new_entry->max_protection = maxprot; @@ -1098,6 +1113,45 @@ uvm_map_spacefits(struct vm_map *map, va } /* + * uvm_map_pie: return a random load address for a PIE executable + * properly aligned. + */ + +#ifndef VM_PIE_MAX_ADDR +#define VM_PIE_MAX_ADDR (VM_MAXUSER_ADDRESS / 4) +#endif + +#ifndef VM_PIE_MIN_ADDR +#define VM_PIE_MIN_ADDR VM_MIN_ADDRESS +#endif + +#ifndef VM_PIE_MIN_ALIGN +#define VM_PIE_MIN_ALIGN PAGE_SIZE +#endif + +vaddr_t +uvm_map_pie(vaddr_t align) +{ + vaddr_t addr, space, min; + + align = MAX(align, VM_PIE_MIN_ALIGN); + + /* round up to next alignment */ + min = (VM_PIE_MIN_ADDR + align - 1) & ~(align - 1); + + if (align >= VM_PIE_MAX_ADDR || min >= VM_PIE_MAX_ADDR) + return (align); + + space = (VM_PIE_MAX_ADDR - min) / align; + space = MIN(space, (u_int32_t)-1); + + addr = (vaddr_t)arc4random_uniform((u_int32_t)space) * align; + addr += min; + + return (addr); +} + +/* * uvm_map_hint: return the beginning of the best area suitable for * creating a new mapping with "prot" protection. */ @@ -1385,6 +1439,8 @@ uvm_unmap_remove(struct vm_map *map, vad if ((map->flags & VM_MAP_INTRSAFE) == 0) splassert(IPL_NONE); + else + splassert(IPL_VM); /* * find first entry @@ -1451,7 +1507,9 @@ uvm_unmap_remove(struct vm_map *map, vad * special case: handle mappings to anonymous kernel objects. * we want to free these pages right away... */ - if (map->flags & VM_MAP_INTRSAFE) { + if (UVM_ET_ISHOLE(entry)) { + /* nothing to do! */ + } else if (map->flags & VM_MAP_INTRSAFE) { uvm_km_pgremove_intrsafe(entry->start, entry->end); pmap_kremove(entry->start, len); } else if (UVM_ET_ISOBJ(entry) && @@ -3697,9 +3755,8 @@ uvm_object_printit(uobj, full, pr) sta
Re: uvm_mapent_alloc
On 13:42 Fri 10 Oct, Beavis wrote: > Greetings, > >I currently have a 4.3 running a modified kernel (disabled ACPI and > APM because they hang on my HS20 Blade) I'm receiving the following > Error: > > uvm_mapent_alloc: out of static map entries > > > Is there a way for me to adjust this through sysctl? > > > > any help will be greatly appreciated. I run webservers on this box. > > looks like this is fixed in -current, see http://article.gmane.org/gmane.os.openbsd.cvs/79457 -- Vladimir Kirillov http://darkproger.net
Re: microphone input for azalia?
On 18:16 Thu 02 Oct, Alexandre Ratchov wrote: > there seems to be a problem with the driver (afaik it should select > other usable parameters instead of failing) By the way, now this problem may be solved by these azalia(4) patches: http://article.gmane.org/gmane.os.openbsd.tech/15986 they do work for me. -- Vladimir Kirillov http://darkproger.net
Re: Macbook Pro Bluetooth
On 22:47 Tue 07 Oct, Aaron W. Hsu wrote: > Hello, > > Can anyone tell me whether the Macbook Pro's USB Bluetooth Adaptor is > supported? I get the following line from my dmesg: > > ugen0 at uhub0 port 4 "Apple Computer Bluetooth" rev 2.00/0.0b addr 2 > > Unfortunately, I don't see any ubt device, even though I have enabled > it in my kernel. > > If the usb adaptor is not supported, what bluetooth adaptors are > supported? Does anyone have any recommendations? > > Aaron Hsu > Which kernel are you using? GENERIC has bluetooth disabled. -- Vladimir Kirillov http://darkproger.net
Re: Azalia configured but no audio
On 14:45 Sun 05 Oct, Jairo Souto wrote: > outputs.headphones.mute=off > outputs.headphones.dir=output > outputs.headphones.boos=off > outputs.headphones.eapd=off > outputs.speaker3.mute=off > outputs.speaker3.dir=output > outputs.speaker3.boost=off > outputs.speaker3.eapd=off > outputs.speaker4.mute=off try these: outputs.speaker3.eapd=on outputs.headphones.eapd=on they worked for me. -- Vladimir Kirillov
Re: microphone input for azalia?
On 16:37 Thu 02 Oct, Jacob Meuser wrote: > hmm, you did > > $ aucat -o file.raw > $ aucat -i file.raw > > and the sound played at the wrong rate? try > > $ aucat -R 48000 -o file.raw > $ aucat -r 48000 -i file.raw > didn't work for me. -- Vladimir Kirillov
Re: microphone input for azalia?
On 18:16 Thu 02 Oct, Alexandre Ratchov wrote: > > there seems to be a problem with the driver (afaik it should select > other usable parameters instead of failing) > > you can workaround this by forcing it to use 44.1kHz, while > resampling 22kHz -> 44.1kHz, as follows: > > aucat -r 22000 -i file.raw -u -R 44100 > aucat -r 8000 -i file.raw -u -R 44100 (i was recording with aucat -o file.raw) this did the trick for me, i managed to hear what i say but it was also very loud noise from the speakers, and the volume of noise depends on how low the rate it (no noise on -r 44100 at all) -- Vladimir Kirillov
Re: microphone input for azalia?
On 14:31 Thu 02 Oct, Jacob Meuser wrote: > > inputs.mic=127,127 > probably need to raise this to 255 Tried it, > > inputs.sel.source=mic > > what other sources are available? use `mixerctl -v' to see the > options. inputs.sel.source=mic [ mic speaker5 speaker6 speaker7 speaker3 headphones speaker ] > > inputs.sel2.source=speaker3 > what other sources are available? `mixerctl -v' inputs.sel2.source=headphones [ mic speaker5 speaker6 speaker7 speaker3 headphones speaker2 ] (same as inputs.sel.source) > > inputs.usingdac=02 > > record.usingadc=07 > > do you have `08' as a choice here? if I'm reading the datasheet right, > inputs.sel corresponds to one of adc 07 or 08, inputs.sel2 corresponds > to the other. anyway, I'd wait to try fiddling with this last. > raise the amp outputs first, check the sources, and if that fails, > try a different adc. I tried to play with it too, but it gave no effect. BUT: i played with mixerctl a little more: inputs.mic: 127,127 -> 254,254 inputs.sel.source: headphones -> mic and managed to record the sound, but the playback of it was too fast, i could not hear any words (the 5-seconds record was played for ~0.7 sec). i also could not lower the rate of playback: $ aucat -r 22000 -i file.raw /dev/audio: can't set audio params to s16le,0:1,22000Hz: Invalid argument -- Vladimir Kirillov
microphone input for azalia?
Hi everyone! I've been trying to record some sound using the microphone, but i failed. azalia(4) manual has nothing about recording, unfortunately. I played with aucat -i/-o to play record sound, but the result file remained silent. Is it possible to record sound right now?.. Thanks, in advance. PS: here is some information: $ dmesg | grep azalia azalia0 at pci0 dev 27 function 0 "Intel 82801H HD Audio" rev 0x03: apic 2 int 22 (irq 10) azalia0: codec[s]: Realtek/0x0268 audio0 at azalia0 $ mixerctl inputs.dac=192,192 inputs.dac2=126,126 inputs.mix.dac.mute=off inputs.mix2.dac.mute=off inputs.mix2.speaker8.m=off inputs.mix3.dac2.mute=off inputs.mix3.speaker8.m=off inputs.mix3.dac.mute=off outputs.speaker3.mute=off outputs.speaker3.dir=output outputs.speaker3.boost=off outputs.speaker3.eapd=on outputs.headphones.mute=on outputs.headphones.dir=output outputs.headphones.boos=off outputs.headphones.eapd=on outputs.speaker4.mute=off outputs.mic.mute=off inputs.mic=127,127 outputs.mic.dir=input inputs.speaker5=127,127 outputs.speaker6.mute=off inputs.speaker6=127,127 outputs.speaker6.dir=output inputs.sel.source=mic outputs.sel.mute=off outputs.sel=120,120 inputs.sel2.source=speaker3 outputs.sel2.mute=off outputs.sel2=120,120 inputs.usingdac=02 record.usingadc=07 $ audioctl name=HD-Audio version=1.0 config=azalia0 encodings=slinear_le:16,slinear_le:16 properties=full_duplex,independent full_duplex=0 fullduplex=0 blocksize=8704 hiwat=7 lowat=5 output_muted=0 monitor_gain=0 mode=play play.rate=44100 play.channels=2 play.precision=16 play.encoding=slinear_le play.gain=192 play.balance=32 play.port=0x0 play.avail_ports=0x0 play.seek=52224 play.samples=5004800 play.eof=0 play.pause=0 play.error=0 play.waiting=0 play.open=1 play.active=1 play.buffer_size=65536 play.block_size=8704 play.errors=0 record.rate=44100 record.channels=2 record.precision=16 record.encoding=slinear_le record.gain=127 record.balance=32 record.port=0x0 record.avail_ports=0x0 record.seek=0 record.samples=0 record.eof=0 record.pause=0 record.error=0 record.waiting=0 record.open=0 record.active=0 record.buffer_size=65536 record.block_size=8704 record.errors=0 -- Vladimir Kirillov
Re: alix help
On 12:55 Sun 21 Sep, [EMAIL PROTECTED] wrote: > /etc/boot.conf: > set tty com0 > stty com0 38400 I think it's better to set com speed _before_ setting com0 as tty, it can start throwing garbage into console, as it was spectated on soekris net4801: stty com0 38400 set tty com0 ... -- Vladimir Kirillov
Re: "suspend" command - curious of function
On 16:40 Fri 19 Sep, Brian Drain wrote: > What does the "suspend" command do? I cannot find a man page on it, or > entry in the FAQ, or anything useful in the mailing list archives or > google (seems most deal with laptop suspend/restore).. When I type > suspend at the cmd line, it drops me past the command line. Can't ^C or > ^Z or anything out of it. Does it have a purpose? This is being run > from an i386 desktop and I have no real need for it, just curious about > it's function. > hi! Looks like it's shell-related job control function, it is nothing related to an OS. in ksh(1) it is an alias: suspend='kill -STOP $$' for bash(1) it looks like this: suspend [-f] Suspend the execution of this shell until it receives a SIGCONT signal. The -f option says not to complain if this is a login shell; just suspend anyway. The return status is 0 unless the shell is a login shell and -f is not supplied, or if job control is not enabled. -- Vladimir Kirillov
Re: Does OpenBSD have adjustkernel?
On 15:37 Sun 14 Sep, Ling Xiaoheng wrote: > Hey,guys: > > In NetBSD its have adjustkernel perl script can custom your kernel > configuration file,how about OpenBSD? > I custom my OpenBSD kernel configuration and rebuild it,but in the > dmesg I found > > OpenBSD 4.2 (GENERIC) #375: Tue Aug 28 10:38:44 MDT 2007 > [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC > > I rename my configuration file to OpenBSD,but in dmesg its also > GENERIC,how can I change it? > > Hi! Try reading OpenBSD FAQ about compiling and read config(8) -- Vladimir Kirillov
Re: 2200 MHz on a 2.00GHz
47:14 rgephy0 at re0 phy 7: RTL8169S/8110S PHY, rev. 2 uhci2 at pci0 dev 29 function 0 "Intel 82801H USB" rev 0x03: apic 2 int 23 (irq 10) uhci3 at pci0 dev 29 function 1 "Intel 82801H USB" rev 0x03: apic 2 int 19 (irq 11) uhci4 at pci0 dev 29 function 2 "Intel 82801H USB" rev 0x03: apic 2 int 18 (irq 10) ehci1 at pci0 dev 29 function 7 "Intel 82801H USB" rev 0x03: apic 2 int 23 (irq 10) usb1 at ehci1: USB revision 2.0 uhub1 at usb1 "Intel EHCI root hub" rev 2.00/1.00 addr 1 ppb3 at pci0 dev 30 function 0 "Intel 82801BAM Hub-to-PCI" rev 0xf3 pci4 at ppb3 bus 8 "O2 Micro Firewire" rev 0x02 at pci4 dev 5 function 0 not configured sdhc0 at pci4 dev 5 function 2 "O2 Micro OZ711MP1 SDHC" rev 0x02: apic 2 int 22 (irq 10) sdmmc0 at sdhc0 "O2 Micro OZ711MP1 XDHC" rev 0x01 at pci4 dev 5 function 3 not configured ichpcib0 at pci0 dev 31 function 0 "Intel 82801HBM LPC" rev 0x03: PM disabled pciide0 at pci0 dev 31 function 1 "Intel 82801HBM IDE" rev 0x03: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility atapiscsi0 at pciide0 channel 0 drive 0 scsibus0 at atapiscsi0: 2 targets, initiator 7 cd0 at scsibus0 targ 0 lun 0: ATAPI 5/cdrom removable cd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2 pciide0: channel 1 disabled (no drives) ahci0 at pci0 dev 31 function 2 "Intel 82801HBM AHCI" rev 0x03: apic 2 int 18 (irq 10), AHCI 1.1 ahci0: PHY offline on port 1 ahci0: PHY offline on port 2 scsibus1 at ahci0: 32 targets, initiator 32 sd0 at scsibus1 targ 0 lun 0: SCSI3 0/direct fixed sd0: 152627MB, 512 bytes/sec, 312581808 sec total ichiic0 at pci0 dev 31 function 3 "Intel 82801H SMBus" rev 0x03: apic 2 int 18 (irq 10) iic0 at ichiic0 spdmem0 at iic0 addr 0x50: 1GB DDR2 SDRAM non-parity PC2-5300CL5 SO-DIMM spdmem1 at iic0 addr 0x52: 1GB DDR2 SDRAM non-parity PC2-5300CL5 SO-DIMM usb2 at uhci0: USB revision 1.0 uhub2 at usb2 "Intel UHCI root hub" rev 1.00/1.00 addr 1 usb3 at uhci1: USB revision 1.0 uhub3 at usb3 "Intel UHCI root hub" rev 1.00/1.00 addr 1 usb4 at uhci2: USB revision 1.0 uhub4 at usb4 "Intel UHCI root hub" rev 1.00/1.00 addr 1 usb5 at uhci3: USB revision 1.0 uhub5 at usb5 "Intel UHCI root hub" rev 1.00/1.00 addr 1 usb6 at uhci4: USB revision 1.0 uhub6 at usb6 "Intel UHCI root hub" rev 1.00/1.00 addr 1 isa0 at ichpcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pms0 at pckbc0 (aux slot) pckbc0: using irq 12 for aux slot wsmouse0 at pms0 mux 0 pcppi0 at isa0 port 0x61 npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 mtrr: Pentium Pro MTRR support softraid0 at root root on sd0a swap on sd0b dump on sd0b kqemu: kqemu version 0x00010300 loaded, max locked mem=1043660kB DDB symbols added: 188320 bytes -- Vladimir Kirillov http://darkproger.net
ponuda za posao
Potovani U prolici smo da Vam ponudimo najnoviju mogicnost zarade. Uskoro na naim prostorima pocinje da radi "Lyoness" Na vrijeme zauzmite svoje mjesto u ovom perspektivnom poslu. Uclanjenje je potpuno besplatno-nita ne rizikujete. Informiite se http://lyonesszarada.50webs.com
Re: Internal loadbalancing
dane johansen wrote: Probably you run into this situation: client (10.0.5.233 <http://10.0.5.233>) -> firewall (10.0.5.200 <http://10.0.5.200>) -> rdr -> server (10.0.5.81 <http://10.0.5.81>) No servers see's that packet came in from the same subnet and goes directly to the client which does not expect reply from 10.0.5.81 <http://10.0.5.81> it expects reply from 10.0.5.200 <http://10.0.5.200>. You may want to read this: http://www.openbsd.org/faq/pf/rdr.html#reflect I figured out what the problem is/was and the document you referenced helped me figure it out. Basically my network is something like this Internet <--> ext_if <--> Machine <--> vlan1/carp1 ( 10.0.1.0/24) | vlan50/carp50 ( 10.0.5.0/24) I was basically trying to get clients from vlan1 to load balance across machines on vlan50. Initially I had rdr pass on vlan50 proto tcp to 10.0.5.200 port $ports_web -> 10.0.5.81 This doesn't work since traffic destined from 10.0.1.0 never hits interface vlan50. I had to put a rdr on the interface traffic was coming in from e.g. vlan1 so the correct working configuration is rdr pass on vlan1 proto tcp to 10.0.5.200 port $ports_web -> 10.0.5.81 Thanks, Vladimir
Re: CARP devices do not see IP broadcasts #2
Heinrich Rebehn wrote: I tried this again on real hardware - same result. Is this expected behavior? I assume there are PF rules you need to write up. Also DHCP broadcasts to 255.255.255.255 which will likely be handled by $ext_if so you have to somehow "attach" it to the carp interface. Googling this may help you http://archives.neohapsis.com/archives/openbsd/2006-10/1206.html Vladimir In order to get familiar with CARP, i have set up a playground with 3 machines under vmware. I noticed that the CARP devices do not see any IP broadcasts, so this would make CARP unusable for a DHCP server or anything else that needs to respond to IP broadcasts. Is this expected behavior or may this be just a vmware anomaly? (Yes, i did chmod 666 /dev/vmnet*) I did not see anything about this in the docs. Attached is the ifconfig output of one CARP machine plus its dmesg. -- Heinrich Rebehn University of Bremen Physics / Electrical and Electronics Engineering - Department of Telecommunications - Phone : +49/421/218-4664 Fax :-3341 lo0: flags=8049 mtu 33208 groups: lo inet 127.0.0.1 netmask 0xff00 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3 pcn0: flags=8b43 mtu 1500 lladdr 00:0c:29:b9:64:69 media: Ethernet autoselect (autoselect) inet6 fe80::20c:29ff:feb9:6469%pcn0 prefixlen 64 scopeid 0x1 enc0: flags=0<> mtu 1536 vlan0: flags=8943 mtu 1496 lladdr 00:0c:29:b9:64:69 vlan: 10 priority: 0 parent interface: pcn0 groups: vlan inet6 fe80::20c:29ff:feb9:6469%vlan0 prefixlen 64 scopeid 0x4 vlan1: flags=8943 mtu 1496 lladdr 00:0c:29:b9:64:69 vlan: 11 priority: 0 parent interface: pcn0 groups: vlan inet6 fe80::20c:29ff:feb9:6469%vlan1 prefixlen 64 scopeid 0x5 carp0: flags=8843 mtu 1500 lladdr 00:00:5e:00:01:0a carp: MASTER carpdev vlan0 vhid 10 advbase 1 advskew 1 groups: carp inet6 fe80::200:5eff:fe00:10a%carp0 prefixlen 64 scopeid 0x6 inet 134.102.176.170 netmask 0xff00 broadcast 134.102.176.255 carp1: flags=8843 mtu 1500 lladdr 00:00:5e:00:01:0b carp: MASTER carpdev vlan1 vhid 11 advbase 1 advskew 1 groups: carp inet6 fe80::200:5eff:fe00:10b%carp1 prefixlen 64 scopeid 0x7 inet 192.168.1.100 netmask 0xff00 broadcast 192.168.1.255 OpenBSD 4.2 (GENERIC) #1: Fri Sep 14 12:22:31 CEST 2007 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: AMD Athlon(tm) 64 X2 Dual Core Processor 4400+ ("AuthenticAMD" 686-class, 1024KB L2 cache) 2.32 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SSE3 cpu0: AMD erratum 89 present, BIOS upgrade may be required real mem = 267939840 (255MB) avail mem = 251437056 (239MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 04/17/06, BIOS32 rev. 0 @ 0xfd880, SMBIOS rev. 2.31 @ 0xe0010 (45 entries) bios0: vendor Phoenix Technologies LTD version "6.00" date 04/17/2006 bios0: VMware, Inc. VMware Virtual Platform apm0 at bios0: Power Management spec V1.2 apm0: AC on, battery charge unknown apm0: flags 30102 dobusy 0 doidle 1 pcibios0 at bios0: rev 2.1 @ 0xfd880/0x780 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdf30/176 (9 entries) pcibios0: PCI Interrupt Router at 000:07:0 ("Intel 82371FB ISA" rev 0x00) pcibios0: PCI bus #1 is the last bus bios0: ROM list: 0xc/0x8000 0xc8000/0x1000 0xdc000/0x4000! 0xe/0x4000! cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 "Intel 82443BX AGP" rev 0x01 ppb0 at pci0 dev 1 function 0 "Intel 82443BX AGP" rev 0x01 pci1 at ppb0 bus 1 piixpcib0 at pci0 dev 7 function 0 "Intel 82371AB PIIX4 ISA" rev 0x08 pciide0 at pci0 dev 7 function 1 "Intel 82371AB IDE" rev 0x01: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility wd0 at pciide0 channel 0 drive 0: wd0: 64-sector PIO, LBA, 1024MB, 2097152 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2 atapiscsi0 at pciide0 channel 1 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: SCSI0 5/cdrom removable cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2 piixpm0 at pci0 dev 7 function 3 "Intel 82371AB Power" rev 0x08: SMBus disabled vga1 at pci0 dev 15 function 0 "VMware Virtual SVGA II" rev 0x00 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) bha3 at pci0 dev 16 function 0 "BusLogic MultiMaster" rev 0x01: irq 11, BusLogic 9xxC SCSI bha3: model BT-958, firmware 5.07B bha3: sync, parity scsibus1 at bha3: 8 targets pcn0 at pci0 dev 17 function 0 "AMD 79c970 PCnet-PCI" rev 0x10, Am79c970A, rev 0: irq 9, address 00:0c:29:b9:64:69 isa0 at piixpcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at p
Re: Internal loadbalancing
dane johansen wrote: Probably you run into this situation: client (10.0.5.233 <http://10.0.5.233>) -> firewall (10.0.5.200 <http://10.0.5.200>) -> rdr -> server (10.0.5.81 <http://10.0.5.81>) No servers see's that packet came in from the same subnet and goes directly to the client which does not expect reply from 10.0.5.81 <http://10.0.5.81> it expects reply from 10.0.5.200 <http://10.0.5.200>. You may want to read this: http://www.openbsd.org/faq/pf/rdr.html#reflect I obviously omitted the most pertinent information. My apologies. client's IP is actually 10.0.1.50 coming from a different subnet so the path is really client (10.0.1.50) -> firewall (10.0.1.1) -> firewall (10.0.5.200) -> rdr -> server (10.0.5.81 => gw is 10.0.5.1) Vladimir
Internal loadbalancing
I have an existing firewall that already load balances our web server traffic from an external IP across two web servers that are on the internal network. I would like to set up "internal load balancing" since I have webservices internally I would like to provide to the rest of the cluster. These services should not be exposed to the external world. So for such a purpose I added an alias to an existing carp interface for 10.0.5.200 carp50: flags=8843 mtu 1500 lladdr 00:00:5e:00:01:96 carp: MASTER carpdev vlan50 vhid 150 advbase 1 advskew 100 groups: carp inet6 fe80::200:5eff:fe00:196%carp50 prefixlen 64 scopeid 0x10 inet 10.0.5.1 netmask 0xff00 broadcast 10.0.5.255 inet 10.0.5.200 netmask 0xff00 broadcast 10.0.5.255 I would like to "load balance" that traffic across two other web servers that are on e.g. 10.0.5.81 and 10.0.5.82. For the time being I added a following RDR rule rdr pass on $if_local proto tcp to 10.0.5.200 port $ports_web -> 10.0.5.81 Unfortunately I can't connect to 10.0.5.200. For example if from another server on the network I do $ telnet 10.0.5.81 80 Trying 10.0.5.81... Connected to web1.local (10.0.5.81). Escape character is '^]'. However if I do $ telnet 10.0.5.200 80 Trying 10.0.5.200... telnet: connect to address 10.0.5.200: Connection refused telnet: Unable to connect to remote host: Connection refused Sniffing on carp50 shows no activity. I suppose there may be some "routing confusion" however I even tried setting up another totally different physical interface, created carp10 and IP 10.0.1.200 redirecting to 10.0.5.81 with the same effect. Any help would be appreciated. Thanks, Vladimir
Re: DHCP clients cannot connect to internet
Please provide output of: #pfctl -s all and #sysctl net.inet.ip.forwarding and your routing table: On 6/25/06, FTP <[EMAIL PROTECTED]> wrote: Hi there, on a 3.9 newly installed box I started DHCPD. The clients do obtain an IP address but cannot go 'out' to the Internet. -- Thank you. Vladimir. Y. Plotnikov, http://www.smartwebco.com
Re: MySQL losts TCP connection.
Thank you, gays. login.conf adapted and problem solved (tested on mysqldump --all-databases >/dev/null)
MySQL losts TCP connection.
Hello! I have installed OpenBSD 3.8 and MySQL server 4.0.24 (from ports) From time to time (after high load) I got next - mysql drops connects by TCP/IP (simple connection closed after telnet to port 3306) and next in logs: Few lines like 060620 14:51:06 [ERROR] /usr/local/libexec/mysqld: Can't find file: './tasktrack er/mantis_news_table.frm' (errno: 9) then, after I send HUP signal to mysqld process, I got next in error output: Status information: Current dir: /var/mysql/ Running threads: 2 Stack size: 196608 Current locks: lock: 0x7ee75a24: lock: 0x8bab9a24: Then also a lot of locks (about 100 total locks listen) and, finally, log ends width: Key caches: default Buffer_size: 268435456 Block_size: 1024 Division_limit:100 Age_limit: 300 blocks used: 9524 not flushed: 0 w_requests: 3798 writes: 1898 r_requests: 346940 reads:2035 handler status: read_key: 371358 read_next: 488795 read_rnd 14869 read_first: 2385 write: 34562 delete 341 update: 242660 Table status: Opened tables:334 Open tables: 334 Open files: 664 Open streams: 0 Alarm status: Active alarms: 2 Max used alarms: 61 Next alarm time: 28780 # cat /etc/sysctl.conf | grep -v "^#" kern.maxfiles=2 #cat /etc/my.cnf |grep -v "^#" [client] port= 3306 socket = /tmp/mysql.sock [mysqld] user = _mysql open-files=2 set-variable = max_connections=300 set-variable = back_log=120 skip-locking set-variable = key_buffer=256M set-variable = max_allowed_packet=1M set-variable = table_cache=512 set-variable = sort_buffer=1M set-variable = record_buffer=1M set-variable = myisam_sort_buffer_size=64M set-variable = thread_cache=8 set-variable = thread_concurrency=2 log_slow_queries = slow_query.log tmpdir = /tmp/ datadir = /var/mysql [mysqldump] quick set-variable = max_allowed_packet=16M [isamchk] set-variable = key_buffer=128M set-variable = sort_buffer=128M set-variable = read_buffer=2M set-variable = write_buffer=2M [mysqlhotcopy] interactive-timeout Where is my error in configuration? I tired to download and install fresh stable mysql-4 brach but I got same result. -- Thank you. Vladimir. Y. Plotnikov, http://www.smartwebco.com/
Dual home (IP + alias) gateway box and internal network
Hello! I have small problem with dual homed gateway, below, tail of pf.ctl: ext_if_a= "xl0" ext_if_b= "xl0" ext_gw_a= "aaa.bbb.ccc.ddd" ext_gw_b= "zzz.xxx.ccc.vvv" pass out route-to ($ext_if_a $ext_gw_a) from ($ext_if_a) \ to !($ext_if_a:network) keep state pass out route-to ($ext_if_b $ext_gw_b) from ($ext_if_b) \ to !($ext_if_b:network) keep state pass in reply-to ($ext_if_a $ext_gw_a) proto tcp flags S/SA tagged EXT_IF_A \ keep state pass in reply-to ($ext_if_b $ext_gw_b) proto tcp flags S/SA tagged EXT_IF_B \ keep state pass in reply-to ($ext_if_a $ext_gw_a) proto udp tagged EXT_IF_A \ keep state pass in reply-to ($ext_if_b $ext_gw_b) proto udp tagged EXT_IF_B \ keep state pass in on $ext_if_a reply-to ($ext_if_a $ext_gw_a) inet proto icmp \ icmp-type echoreq code 0 keep state pass in on $ext_if_a inet proto icmp from ($ext_if_a:network) \ icmp-type echoreq code 0 keep state pass in on $ext_if_b reply-to ($ext_if_b $ext_gw_b) inet proto icmp \ icmp-type echoreq code 0 keep state pass in on $ext_if_b inet proto icmp from ($ext_if_b:network) \ icmp-type echoreq code 0 keep state We attach both providers cables into one AT-8024 switch with same VLAN outlets. So, I configure my interface at gateway for one IP address and one alias address. this host woring fine in both networks. Then, I need to separate IP flow from internal network. Internal network aslo, haves two small TCP network (/29) and one IP and alias on every machine. When I pass ping from external hosts - all going fine. When I try to telnet 22 - I got connection timed out. But I see packets on external interface of my gateway. Where I'm wrong? -- Thank you. Vladimir. Y. Plotnikov http://www.smartwebco.com/
Source route with aliases.
Hello OpenBSD guru! I just looking for solution for source route. One interface connected to "smart" switch (network "A"). Second network ("B") from another ISP comes on _SAME_ UTP cable. So, I can declare one main interface with default route (Network A). But I need for leave another network (B) working (incoming traffic only, but replies should pass to this network, of course). What do think, it is possible, to use interface and alias for resolve source routing? No ways for create new one physical link for new one interface :-(. -- Thank you. Vladimir. Y. Plotnikov, http://www.smartwebco.com
Re: pf and ftp
Sorry, of course, this line exists in my config: @4 pass in quick inet proto tcp from any to my.ip.address.com port = ftp-data keep state [ Skip steps: i=44 d=50 f=44 p=44 sa=end sp=end da=12 ] [ queue: qname= qid=0 pqname= pqid=0 ] On 2/27/06, edgarz <[EMAIL PROTECTED]> wrote: > hi! > you forgot port 20 (ftp-data) > > > vladimir plotnikov wrote: > > Hello! > > > > Sorry for stupid question. > > part of pf.conf: > > > > pass in on $ext_if proto tcp from any to any port 21 keep state > > pass in on $ext_if proto tcp from any to any port > 49151 keep state > > ... > > block return-rst in log on $ext_if proto tcp all > > > > > > Part of log file: > > Feb 27 14:56:46.142988 rule 59/(match) block in on em0: a.b.c.d.54506 > > > >>e.f.g.h.49887: [|tcp] (DF) > > > > > > PF Debug output for rule #59: > > @59 block return-rst in log on em0 proto tcp all > > [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] > > [ queue: qname= qid=0 pqname= pqid=0 ] > > > > PF debug output for my FTP rule: > > @48 pass in on em0 proto tcp from any to any port > 49151 keep state > > [ Skip steps: d=50 sa=end sp=end da=end ] > > [ queue: qname= qid=0 pqname= pqid=0 ] > > > > and rule #50: > > @50 pass out all keep state > > [ Skip steps: f=end sa=end sp=end da=end ] > > [ queue: qname= qid=0 pqname= pqid=0 ] > > > > > > sysctl: > > net.inet.ip.porthifirst=49152 > > net.inet.ip.porthilast=65535 > > > > > > why I cannot establish FTP connection with host? where I wrong? > > > > same problem with udp/53: > > pass in inet proto tcp from any to my.ip.address.com port = 53 keep > > state #flags S/SA modulate state > > block return-icmp in log on $ext_if proto udp all > > > > don't allows incoming connections from another host (dig server.name > > @this.host) > > > > thank you for help! > > > > -- > > Thank you. > > Vladimir. Y. Plotnikov, http://www.smartwebco.com/ Cell Phone > > +420-774-311-015 > > ICQ: 24270826, skype ID: vladimirplotnikov > -- Thank you. Vladimir. Y. Plotnikov, http://www.smartwebco.com/ Cell Phone +420-774-311-015 ICQ: 24270826, skype ID: vladimirplotnikov
pf and ftp
Hello! Sorry for stupid question. part of pf.conf: pass in on $ext_if proto tcp from any to any port 21 keep state pass in on $ext_if proto tcp from any to any port > 49151 keep state ... block return-rst in log on $ext_if proto tcp all Part of log file: Feb 27 14:56:46.142988 rule 59/(match) block in on em0: a.b.c.d.54506 > e.f.g.h.49887: [|tcp] (DF) PF Debug output for rule #59: @59 block return-rst in log on em0 proto tcp all [ Skip steps: i=end d=end f=end p=end sa=end sp=end da=end dp=end ] [ queue: qname= qid=0 pqname= pqid=0 ] PF debug output for my FTP rule: @48 pass in on em0 proto tcp from any to any port > 49151 keep state [ Skip steps: d=50 sa=end sp=end da=end ] [ queue: qname= qid=0 pqname= pqid=0 ] and rule #50: @50 pass out all keep state [ Skip steps: f=end sa=end sp=end da=end ] [ queue: qname= qid=0 pqname= pqid=0 ] sysctl: net.inet.ip.porthifirst=49152 net.inet.ip.porthilast=65535 why I cannot establish FTP connection with host? where I wrong? same problem with udp/53: pass in inet proto tcp from any to my.ip.address.com port = 53 keep state #flags S/SA modulate state block return-icmp in log on $ext_if proto udp all don't allows incoming connections from another host (dig server.name @this.host) thank you for help! -- Thank you. Vladimir. Y. Plotnikov, http://www.smartwebco.com/ Cell Phone +420-774-311-015 ICQ: 24270826, skype ID: vladimirplotnikov
Re: otherOS is to daemontools as openbsd is to ?
Hi! Take look on FAQ pages: http://www.openbsd.org/faq/faq14.html#MountImage On 2/26/06, Travis H. <[EMAIL PROTECTED]> wrote: > Just curious, I recall hearing there was a clone of daemontools for > OpenBSD, what was it called? > > TIA > -- > Security Guru for Hire http://www.lightconsulting.com/~travis/ -><- > GPG fingerprint: 9D3F 395A DAC5 5CCC 9066 151D 0A6B 4098 0C55 1484 > > -- Thank you. Vladimir. Y. Plotnikov, http://www.smartwebco.com/. Cell Phone +420-774-311-015 ICQ: 24270826, skype ID: vladimirplotnikov
Promise PDC20378 and mirroring.
Hello! As first: Happy coming New Year! Does anybody know how I can use RAID Mirror on PDC20378 card? my configuration: pci3 at ppb2 bus 3 pciide0 at pci3 dev 14 function 0 "Promise PDC20378" rev 0x02: DMA wd0 at pciide0 channel 0 drive 0: wd0: 16-sector PIO, LBA48, 114473MB, 234441648 sectors wd0(pciide0:0:0): using BIOS timings, Ultra-DMA mode 6 wd1 at pciide0 channel 1 drive 0: wd1: 16-sector PIO, LBA48, 114473MB, 234441648 sectors wd1(pciide0:1:0): using BIOS timings, Ultra-DMA mode 6 on 1st drive few partitions with live data. We need to use mirror feature for prevent data lost. How we can setup hardware or software mirroring with leave 1st drive live? without dump/restore ? -- Thank you. Vladimir. Y. Plotnikov, BasalPro + SmartWeb LTD. Cell Phone +420-774-311-015 ICQ: 24270826, skype ID: vladimirplotnikov
Re: CARP+Pfsync+Bind
Quoting ed <[EMAIL PROTECTED]>: Zone transfers are on tcp/53, DNS lookups are 53/udp, so: pass in on $ext_if proto udp from any to $DNS port 53 keep state and if required: pass in on $ext_if proto tcp from $ext_net to $DNS port 53 keep state I use TinyDNS here, so we don't really need to transfer zones as its handled with a single data file. CARP can be good with DNS. Ok. This 2 servers DNS masters. But if the one server will master(CARP master,not dns) and other CARP slave, zones sends only from CARP master and I need some sync tool such as rsync to syncing zones files between 2 master DNS servers(one master CARP and one slave CARP)? Or if I want to do load balancing with CARP, how it affect on BIND?
CARP+Pfsync+Bind
Hello everyone! We have 1 server on which running firewall and DNS master service. And we planned to install another server for load balancing and redudancy. 2 servers(each have running PF and BIND) will balancing load (or one will master and other slave) for DNS and PF. Does anyone protect DNS service via CARP and PFsync? Does it work? Whether there can be problems(for example, with zones transfers, dns queries and other)?