Re: softraid/bioctl cant find device /dev/bio
On Mon, Aug 3, 2020 at 12:00 PM Brian Brombacher wrote: > > > On Aug 3, 2020, at 11:51 AM, sven falempin > wrote: > > > > > On Mon, Aug 3, 2020 at 11:38 AM Brian Brombacher > wrote: > >> >> >> > On Aug 3, 2020, at 9:54 AM, sven falempin >> wrote: >> > >> > Hello >> > >> > I saw a similar issue in the mailing list around decembre 2019, >> > following an electrical problem softraid doesn't bring devices ups >> > >> > >> > # ls /dev/sd?? >> > /dev/sd0a /dev/sd0g /dev/sd0m /dev/sd1c /dev/sd1i /dev/sd1o /dev/sd2e >> > /dev/sd2k >> > /dev/sd0b /dev/sd0h /dev/sd0n /dev/sd1d /dev/sd1j /dev/sd1p /dev/sd2f >> > /dev/sd2l >> > /dev/sd0c /dev/sd0i /dev/sd0o /dev/sd1e /dev/sd1k /dev/sd2a /dev/sd2g >> > /dev/sd2m >> > /dev/sd0d /dev/sd0j /dev/sd0p /dev/sd1f /dev/sd1l /dev/sd2b /dev/sd2h >> > /dev/sd2n >> > /dev/sd0e /dev/sd0k /dev/sd1a /dev/sd1g /dev/sd1m /dev/sd2c /dev/sd2i >> > /dev/sd2o >> > /dev/sd0f /dev/sd0l /dev/sd1b /dev/sd1h /dev/sd1n /dev/sd2d /dev/sd2j >> > /dev/sd2p >> > # dmesg | grep 6.7 >> > OpenBSD 6.7 (RAMDISK_CD) #177: Thu May 7 11:19:02 MDT 2020 >> > # dmesg | grep sd >> >dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/RAMDISK_CD >> > wsdisplay1 at vga1 mux 1: console (80x25, vt100 emulation) >> > sd0 at scsibus1 targ 0 lun 0: >> > t10.ATA_QEMU_HARDDISK_Q >> > M5_ >> > sd0: 1907729MB, 512 bytes/sector, 3907029168 sectors, thin >> > sd1 at scsibus1 targ 1 lun 0: >> > t10.ATA_QEMU_HARDDISK_Q >> > M7_ >> > sd1: 1907729MB, 512 bytes/sector, 3907029168 sectors, thin >> > wskbd0 at pckbd0: console keyboard, using wsdisplay1 >> > softraid0: trying to bring up sd2 degraded >> > softraid0: sd2 was not shutdown properly >> > softraid0: sd2 is offline, will not be brought online >> > # bioctl -d sd2 >> > bioctl: Can't locate sd2 device via /dev/bio >> > # >> > >> > I suspect a missing devices in /dev ( but it seems i have the required >> one ) >> > and MAKEDEV all of course did a `uid 0 on /: out of inodes` >> > >> > I have backups but i ' d like to fix the issue ! >> >> Hi Sven, >> >> The device sd2 wasn’t attached by softraid, your /dev/bio is fine. This >> can happen if softraid fails to find all component disks or the metadata on >> one or more components does not match expectations (newer metadata seen on >> other disks). Make sure all of the component disks are working. If that >> is not the issue, you may need to re-run the command that you used to >> create the array and include -C force. Be very careful doing this, I >> suggest running the command once without -C force to ensure it found all >> the components and fails to bring the array up due to the same error >> message you got (attempt to bring up degraded). >> >> If you’re not careful, you can blow out the whole array. >> >> -Brian >> >> >> The disk looks fine, the disklabel is ok, the array is just sd0 and sda1 > both got the disklabel RAID part, > shall i do further checks ? > > # bioctl -c 1 -l /dev/sd0a,/dev/sd1a softraid0 > softraid0: trying to bring up sd2 degraded > softraid0: sd2 was not shutdown properly > softraid0: sd2 is offline, will not be brought online > softraid0: trying to bring up sd2 degraded > softraid0: sd2 was not shutdown properly > softraid0: sd2 is offline, will not be brought online > > I wouldnt like to blow the whole array ! sd0a should be in perfect > condition but unsure about sd1a, i probably need to bioctl -R sd1 > > > Traditionally at this point, I would run the command again with -C force > and my RAID 1 array is fine. I might be doing dangerous things and not > know, so other voices please chime in. > > [Moved to misc@] > > > > # bioctl -C force -c 1 -l /dev/sd0a,/dev/sd1a softraid0 sd2 at scsibus2 targ 1 lun 0: sd2: 1907726MB, 512 bytes/sector, 3907023473 sectors softraid0: RAID 1 volume attached as sd2 both volumes are online , partitions are visible but fsck is not happy at all :-( Can i do something before fsck -y ( i have backups ) -- -- - Knowing is not enough; we must apply. Willing is not enough; we must do
Stuck in Needbuf state, trying to understand (6.7)
Hello, I have a script that mostly untar stuff on a vnd device. And i have the same problem with syspatch The program state gets into needbuf forever, ( the top state ). I'm trying to figure out what is happening, I have a feeling it may be an entropy exhaustion but it's just a guess. vmstat -m goes near 100% usage quickly and swap/memory is like empty according to top. Is it possible to get out of `vmstat -m` logged memory, could it be a limit in login.conf that I reach without knowing ? Once the problem is present, I cannot do anything but reboot which does not help to understand what is going on. Please hAlp.
Re: Odd /tmp behavior
On Tue, Jan 7, 2020 at 12:18 PM Raymond, David wrote: > On an AMD-64 workstation /tmp fills up to 105% according to df, > apparently as a result of UNIX pipes in a shell script passing a whole > lot of moderately big files. Examination of /tmp with du and ls -gal > on /tmp shows no big files and trying to delete everything that is > there has no effect. Rebooting cleans out /tmp. > > I had /tmp mounted with the standard options + softdep. I eliminated > softdep and the problem appears to have gone away. > > Any ideas on what is going on with softdep here? Dmesg shows a long > series of "/tmp file system full" messages. > > Dave Raymond > > -- > David J. Raymond > david.raym...@nmt.edu > http://physics.nmt.edu/~raymond > > man fstat -- -- - Knowing is not enough; we must apply. Willing is not enough; we must do
Re: A sad raid/fsck story
On Sat, Oct 5, 2019 at 8:39 AM Nick Holland wrote: > > On 10/4/19 8:37 AM, sven falempin wrote: > ... > > How [do I] check the state of the MIRROR raid array , to detect large > > amount of failures on one of the two disk ? > > > > Best. > > > > fsck has NOTHING to do with the status of your drives. > It's a File System ChecKer. Your disk can be covered with unreadable > sectors but if the file system on that disk is intact, fsck reports > no problem. Conversely, your disks can be fine, but your file system > can be scrambled beyond recognition; bad news from fsck doesn't mean > your drive is bad. > > To check the status of the disks, you probably want to slip a call > to bioctl into /etc/daily.local: > > # bioctl softraid0 > Volume Status Size Device > softraid0 0 Online 7945693712896 sd2 RAID1 > 0 Online 7945693712896 0:0.0 noencl > 1 Online 7945693712896 0:1.0 noencl > > This is a happy array. If you have a bad drive, one of those > physical drives is going to not be online. > > Nick. > My moral of the story is: if your raid array is not mounting, check smart, check bioctl, FSCK each disk separately and then restore or dump the bad drive Next, Raid 5 is cool . It knows which disk failed the checksum ?
denverton acpi reboot
it works, (did not in 6.4 ) who s the awesome fellow who did that Thank you -- -- - Knowing is not enough; we must apply. Willing is not enough; we must do
Re: A sad raid/fsck story
On Fri, Oct 4, 2019 at 8:10 AM Nick Holland wrote: > > On 10/3/19 10:01 AM, sven falempin wrote: > > Dear readers, > > > > I was running a OpenBSD (6.4) device, with a raid mirror array. > > One of the disk failed, so the system ask me to fsck, > > Probably not quite that simple. More likely, the disk failed, > that took the system down hard, and it needed an fsck on reboot. > Which is normal, RAID or otherwise. > > > which I did before checking the raid status manually ( :'( ) , > > THEN I rebooted and softraid told me: one of the hard drive is dead. > > > > But fsck already destroyed a few file on the mirror. > > that seems unlikely. that's not what fsck does -- fsck's job is to > repair a file system. If it removes a file, the file is already > damaged. > > > Probably a user error, nevertheless, In openbsd 'simply work' mindset, > > maybe the /etc/rc could warn or even perform some bioctl check on raid > > array when first fsck / mount > > fails. > > I'm not seeing what this has to do with RAID, soft or otherwise. If your > system needed an fsck, it needed it whether it was a simple drive or a > RAID array. If you need an fsck, you are likely to have lost data. > > > ( Lost data recovered from backup ) > > And again...nothing to do with either fsck or RAID -- you have to have > a backup. RAID doesn't change that. > > Nick. > Let me reformulate as a question, because I clearly misslead you in thinking that fsck -p from rc would delete files or having a backup is a bad idea. @_@ I lose recent data with fsck -y , and use it because i have a backup, the data loss here was massive (old untouched files). How to check the state of the MIRROR raid array , to detect large amount of failures on one of the two disk ? Best. -- -- - Knowing is not enough; we must apply. Willing is not enough; we must do
A sad raid/fsck story
Dear readers, I was running a OpenBSD (6.4) device, with a raid mirror array. One of the disk failed, so the system ask me to fsck, which I did before checking the raid status manually ( :'( ) , THEN I rebooted and softraid told me: one of the hard drive is dead. But fsck already destroyed a few file on the mirror. Probably a user error, nevertheless, In openbsd 'simply work' mindset, maybe the /etc/rc could warn or even perform some bioctl check on raid array when first fsck / mount fails. Cheers. ( Lost data recovered from backup )
spool smtpd filling
Sorry to disturb , what is filling my /var/spool/smtpd/offline directory ? Smtpd is off on my device ( no mailing ) weekly/monthly active or not it feels this directory ( looks like 6.4 novelty ) Best.
SAD ( pkg_add does linux like stuff ie: not working, no explanation )
Maybe obvious ? if so why no message from the software ? [0]-[web]-[/var/www/logs] # pkg_add php_curl quirks-3.124 signed on 2019-04-15T12:10:16Z Can't find php_curl [0]-[web]-[/var/www/logs] # cat /etc/installurl http://cdn.openbsd.org/pub/OpenBSD But [0]-[web]-[/var/www/logs] # curl --head https://cdn.openbsd.org/pub/OpenBSD/6.5/packages/amd64/php-curl-7.2.17.tgz HTTP/2 200 server: nginx content-type: application/octet-stream last-modified: Mon, 15 Apr 2019 12:09:10 GMT etag: "5cb47466-8e35" backend-name: 5GnZ0LBU5CzDw9NCjFbkjI--F_ftp_hostserver_de accept-ranges: bytes date: Wed, 28 Aug 2019 14:01:52 GMT via: 1.1 varnish age: 0 x-served-by: cache-cdg20753-CDG x-cache: MISS x-cache-hits: 0 x-timer: S1567000912.203130,VS0,VE54 content-length: 36405 [0]-[web]-[/var/www/logs] # date Wed Aug 28 04:07:24 CEST 2019 LIKE WHY PLEASE ? -- -- - Knowing is not enough; we must apply. Willing is not enough; we must do
Re: DNS Race Condition on Boot
Aren’t new version enabling (some.host) to not race ? On Thu, Jul 4, 2019 at 7:26 AM Andy Lemin wrote: > Hey guys. > > Thanks for the ideas. Sadly I cannot use static IPs as we don’t control > the domains. > > I think I’ll use Otto’s suggestion as I am already doing that to provide a > black hole table for the spamhaus drop list. So I’ll just enhance that > script to manage some more tables 😀 > > After all, the current fqdns in pf.conf can still go out of date (pf only > resolves dns -> IP once during rule apply). So this solves that too. > > Cheers, Andy. > > > > Sent from a teeny tiny keyboard, so please excuse typos > > > On 4 Jul 2019, at 09:18, Otto Moerbeek wrote: > > > >> On Thu, Jul 04, 2019 at 09:14:19AM +0100, Andy Lemin wrote: > >> > >> Hi guys, > >> > >> Is anyone else aware of the Unbound and PF race condition that exists > when FQDNs are used in pf.conf with a local Unbound server? > > > > Yes, it's an obvious one isn't it? > > > >> > >> The issue occurs when pf starts before unbound, but where pf fails to > start as it cannot resolve some DNS names.. and so unbound also fails to > work when it is started later in the boot because pf failed to start.. > >> > >> The only solution I’ve found so far is to add some commands to > /etc/rc.local (run end of boot) to temporarily disable (the failed) pf, > restart unbound, and restart pf again now unbound is working. > >> > >> Just wondering if anyone knows of a cleaner workaround? PS; Using an > external DNS server in resolv.conf is not an option in this scenario. > > > > Do not use DNS names in pf.conf. Use a IP addresses or a table filled > > from a file. Run some script to update the file periodically. If it > > changed kick pf. > > > >-Otto > > > > -- -- - Knowing is not enough; we must apply. Willing is not enough; we must do
Re: request for testing: bootstrapping time
On Mon, Jun 3, 2019 at 1:44 AM Otto Moerbeek wrote:
>
> Hi,
>
> If you ever wanted to be more involved in OpenBSD here's a chanche:
>
> https://marc.info/?l=openbsd-tech&m=155950103825035&w=2
>
> It requires setting up a test machine running a recent snapshot, so
> that's a nice first step. Then get the sources and apply the patch,
> build and test
>
> You'll find help getting src and bulding the system in the FAQ.
>
> Much appreciated!
>
> -Otto
>
Dear readers,
I'd like to share some result regarding ntpd , I did not yet configure
DNSSEC and will try that later.
I use a local unbound, and have some issue regarding time on some devices.
on 6.0 I was unable to use constraint: it was not working.
my current production version is 6.4, and I have 'problems' similar to
the one nicely explain above,
I still feel like a STDERR warning would be nice for -s flag failure,
because reading log in rcctl like management script
when time is not set is 'incomplete'.
This is an important feature to TEST. ( thank you Otto for working on ntpd )
I m running a slightly modified HEAD version in the test, see __why not__
this is a * pre test *
First I stopped ntpd and changed the date , then run with -ds
badblock# rcctl stop ntpd && date 20180603.00 && ntpd -s
ntpd(ok)
Sun Jun 3 00:00:00 EDT 2018
ntp engine ready
trying to resolve www.google.com
resolve www.google.com done: 2
trying to resolve pool.ntp.org
resolve pool.ntp.org done: 4
constraint request to 2607:f8b0:4020:804::2004
constraint request to 172.217.13.196
tls connect failed: 2607:f8b0:4020:804::2004 (www.google.com):
connect: No route to host
no constraint reply from 2607:f8b0:4020:804::2004 received in time,
next query 900s
constraint reply from 172.217.13.196: offset 31567971.561072
reply from 206.108.0.131: offset 31567971.791870 delay 0.016370, next query 8s
set local clock to Mon Jun 3 08:53:04 EDT 2019 (offset 31567971.791870s)
reply from 154.11.146.39: offset 15783985.894667 delay
31567971.873626, next query 5s
reply from 209.115.181.107: offset 15783985.890166 delay
31567971.885181, next query 7s
reply from 205.206.70.2: offset 15783985.888720 delay
31567971.886449, next query 6s
reply from 154.11.146.39: offset -0.000489 delay 0.082025, next query 6s
reply from 205.206.70.2: offset -0.011286 delay 0.087997, next query 6s
reply from 206.108.0.131: offset 0.003587 delay 0.022641, next query 8s
reply from 209.115.181.107: offset -0.006413 delay 0.091241, next query 9s
reply from 154.11.146.39: offset 0.013697 delay 0.110286, next query 7s
reply from 205.206.70.2: offset -0.010733 delay 0.091208, next query 9s
reply from 206.108.0.131: offset 0.010468 delay 0.036784, next query 9s
reply from 209.115.181.107: offset -0.01 delay 0.096816, next query 8s
peer 154.11.146.39 now valid
as we can read here in basic scenario the constraint will force the
setup, when everything s fine, ….everything s fine !
Assuming you have a nicely place anchor
Let 's do : echo 'block on egress proto {tcp,udp} from any to any port
ntp' | pfctl -f - -a 'top'
or echo 'block on egress proto {tcp,udp} from any to any port ntp' >>
/etc/pf.conf && pfctl -f /etc/pf.conf in a default setup.
Things can get more interesting. I m not sure why but I had to modify
my /etc/hosts to force ipv4 , no matter.
Nevertheless:
badblock# ntpd -sd
ntp engine ready
trying to resolve www.google.com
resolve www.google.com done: 1
trying to resolve pool.ntp.org
resolve pool.ntp.org done: 4
constraint request to 172.217.13.132
constraint reply from 172.217.13.132: offset 31568246.201761
set local clock to Sun Jun 3 00:42:25 EDT 2018 (offset 0.00s)
^Cntp engine exiting
Terminating
badblock# date
Sun Jun 3 00:42:35 EDT 2018
badblock# ntpd -sd
ntp engine ready
trying to resolve www.google.com
resolve www.google.com done: 1
trying to resolve pool.ntp.org
resolve pool.ntp.org done: 4
constraint request to 172.217.13.132
constraint reply from 172.217.13.132: offset 31568246.593501
set local clock to Sun Jun 3 00:42:39 EDT 2018 (offset 0.00s)
^Cntp engine exiting
Terminating
The clock suddenly refuse to be set up correctly with the HTTP header.
And it is logged that clock is set : set local clock to Sun Jun 3
00:42:39 EDT 2018 (offset 0.00s)
wrongly.
Given the above proposition, the ULTRA_VIOLENCE mode may not be working
as the clock wont be offset by the http header.
I hope this *pretest* log may help other user to test this important
bootstrapping.
The above result is for me a problem, and I will have to thwart this
first ( and find time for DNSSEC setup).
NB: it is possible to have a network where HTTPS is possible but NTP
blocked or invalid (or hacked), and
/etc/ssl/cert.pem + a valid ip/domain ( why not constraint https://a
valid ip/ ) trust level is above the BIOS for me.
Best.
tl;dr
And by the way, restricting or having custom certificate would be a
strong feature ntpd -c /etc/ssl/restricted.pem ,
also se
Re: No more KDE konsole after upgrade to 6.5
>From where did you load up the base65.tgz ? On Thu, Apr 25, 2019 at 5:01 AM Federico Giannici wrote: > I just upgraded my home amd64 from 6.4 to 6.5 and now KDE's konsole no > longer works. > > The binary seems to be there and upgraded: > > casa:/home/giannici# ll /usr/local/bin/konsole > -rwxr-xr-x 1 root bin 13056 Apr 14 20:14 /usr/local/bin/konsole* > > But it seems to refer to a library that no longer exists: > > casa:/home/giannici# ldd /usr/local/bin/konsole > /usr/local/bin/konsole: > ld.so: konsole: can't load library 'libc++.so.1.0' > /usr/local/bin/konsole: signal 9 > > casa:/home/giannici# ll /usr/lib/libc++* > -r--r--r-- 1 root bin 11406734 Apr 13 22:35 /usr/lib/libc++.a > -r--r--r-- 1 root bin 5028101 Oct 11 2018 /usr/lib/libc++.so.2.0 > -r--r--r-- 1 root bin 5139984 Apr 13 22:35 /usr/lib/libc++.so.2.1 > -r--r--r-- 1 root bin 11953012 Apr 13 22:35 /usr/lib/libc++_p.a > -r--r--r-- 1 root bin 1994654 Apr 13 22:35 /usr/lib/libc++abi.a > -r--r--r-- 1 root bin 1232152 Apr 13 22:35 /usr/lib/libc++abi.so.0.1 > -r--r--r-- 1 root bin 2009386 Apr 13 22:35 /usr/lib/libc++abi_p.a > > > I tried to pkg_delete and pkg_add all KDEs packages, but nothing changed. > > Is this a problem of my installation, or is it a common problem? > > Thanks. > > -- -- - Knowing is not enough; we must apply. Willing is not enough; we must do
I patched my kernel
and I feel safer now, thank you Nicolas Collignon, Corentin Bayet, Eloi Vanderbeken, Luca Moro at Synacktiv.com and special thanks to Maxime Villard Hail MAXIME ! -- -- - Knowing is not enough; we must apply. Willing is not enough; we must do
OpenBSD 6.4 cu and cuaU0
Readers, I unplug my USB serial cable and know my cu is stuck and I cannot kill it (8 , 9 , 15 ) The process flags in ps are Dp Any insight ? Isnt that a bug ? -- -- - Knowing is not enough; we must apply. Willing is not enough; we must do
Re: Slow VPN Performance
On Fri, Jan 18, 2019 at 8:58 AM Radek wrote:
> I have configured Site-to-Site ikev2 VPN between two routers (Soekris
> net5501-70).
> Over the internet my transfer speed between these machines is up to
> 5000KB/s (it is OK).
> Over the VPN it is up to 400KB/s only.
>
> Is there any way to squeeze more performance out from these hardware and
> speed up the VPN?
>
> Tested with netcat:
> $ nc 10.0.15.254 1234 < 49MB.test
> $ nc -l 1234 > 49MB.test
>
> $ cat /etc/iked.conf
> ikev2 quick active esp from $local_gw to $remote_gw \
> from $local_lan to $remote_lan peer $remote_gw \
> psk "pass"
>
> $ dmesg | head
> OpenBSD 6.3 (GENERIC) #0: Wed Apr 25 16:38:25 CEST 2018
> rdk@RAC_fw63:/usr/src/sys/arch/i386/compile/GENERIC
> cpu0: Geode(TM) Integrated Processor by AMD PCS ("AuthenticAMD" 586-class)
> 500 MHz
> cpu0: FPU,DE,PSE,TSC,MSR,CX8,SEP,PGE,CMOV,CFLUSH,MMX,MMXX,3DNOW2,3DNOW
> real mem = 536363008 (511MB)
> avail mem = 512651264 (488MB)
> mpath0 at root
> scsibus0 at mpath0: 256 targets
> mainbus0 at root
> bios0 at mainbus0: date 20/80/26, BIOS32 rev. 0 @ 0xfac40
>
>
>
You should use curl + nginx (with tmpfs) or iperf for bw testing.
don't drop data, maybe the driver of the ethernet card is crappy ?
just drop the all sendbug data if you actually want to help.
Have you tried your NC on the loopback as a reference ?
is the HEADER compression activated ?
--
--
-
Knowing is not enough; we must apply. Willing is not enough; we must do
Re: iked.conf insanity (passing traffic locally between two tunneled subnets)
On Thu, Jan 10, 2019 at 5:13 AM Stuart Henderson wrote: > > On 2019-01-10, Daniel Ouellet wrote: > > I have two separate subnets (on different interfaces) on a router. I am > > trying to tunnel both subnets over the internet to another router on my > > network. I can tunnel one subnet easily and everything works as > > expected, but when I tunnel the 2nd subnet, then traffic from one local > > subnet is no longer forwarded to the other subnet, but is > > unconditionally sent into the ipsec tunnel, bypassing the routing table. > > OpenBSD's implementation of ipsec doesn't use the routing table, if you > want that (unless you make code changes) you will need to use a > different tunnel interface (gif or others) and just use ipsec to protect > the gif traffic. > Dear all, Can someone point out an example of this gif+ipsec setup somewhere ? I failed at finding any GIF ref when looking IPSEC+OPENBSD, also man ipsec does not list gif, only enc. Best. -- -- - Knowing is not enough; we must apply. Willing is not enough; we must do
Simple case with not obvious solution
Amazing Readers, In my syslog.conf I put ssllog.my.domain when the computer start syslog is like : meeeh your pppoe has not started yet :-( ; IE: bad hostname @ssllog.my.domain so I have to SIGHUP when network is actually ready. Is there a common way to solve this ( I failed to find one in man pages ) ? ( I _cannot_ write into /etc/hosts ) Also if the ip change, I guess a SIGHUP is required ? -- -- - Knowing is not enough; we must apply. Willing is not enough; we must do
Re: vmctl / vmd
On Sun, Aug 12, 2018 at 4:53 AM Stuart Henderson wrote: > > On 2018-08-11, Mike Larkin wrote: > > On Fri, Aug 10, 2018 at 04:14:28PM -0400, sven falempin wrote: > >> Dear readers, > >> > >> I just installed / syspatch a fresh 6.3 and i was not able to get the > >> network working > >> inside the alpine-virt-3.8.0-x86_64.iso kernel . > >> > >> I tried -L ( witch create a TAP with 100.64.id network :S ), and -n > >> and -i with manual bridge setup. > > You can fix that to use a more appropriate network with "local prefix" > in vm.conf. > > >> I see packets going through and arp replies but no reply inside the VM. > >> (pf disabled and forwarding possible) > >> > >> is there any recent regression with the setup of alpine linux inside vmd ? > >> > > > > all my VMs still work with -current. > > > > -L requires the corresponding NAT rule in pf.conf, which obviously means pf > > needs to be enabled. > > And bridge requires that you don't use dhclient on the bridged interface > on the host. > > Thank you I m actually using my patched dhclient that filter out on Mac address Maybe i screw up with the nating ( may have forgotten ) when trying -L I will probably try again soon but i m evaluating the possibility to get the intel working completely at the moment. Best, -- -- - Knowing is not enough; we must apply. Willing is not enough; we must do
vmctl / vmd
Dear readers, I just installed / syspatch a fresh 6.3 and i was not able to get the network working inside the alpine-virt-3.8.0-x86_64.iso kernel . I tried -L ( witch create a TAP with 100.64.id network :S ), and -n and -i with manual bridge setup. I see packets going through and arp replies but no reply inside the VM. (pf disabled and forwarding possible) is there any recent regression with the setup of alpine linux inside vmd ? Cheers -- -- - Knowing is not enough; we must apply. Willing is not enough; we must do
Dmesg Crash error message
Hello readers, I read crash(8) first, my kernel told me : process: table is full syncing disk init died. Did i ran too much process ? where can i check that ? Best. ( i m upgrading and this is 6.0 , i guess the message may appear again ) -- -- - Knowing is not enough; we must apply. Willing is not enough; we must do
Perl , divert-to and getsockname
Hello,
I m trying to use divert-to and Perl to manage in one place incoming packet,
keeping the destination address intact
As man says :
--
divert-to host port port Used to redirect packets to a local socket
bound to host and port. The packets will not be modified, so
getsockname(2) on the socket will return the original destination
address of the packet.
--
OI::Socket in perl do
sub recv {
@_ == 3 || @_ == 4 or croak 'usage: $sock->recv(BUF, LEN [, FLAGS])';
my $sock = $_[0];
my $len = $_[2];
my $flags = $_[3] || 0;
# remember who we recv'd from
${*$sock}{'io_socket_peername'} = recv($sock, $_[1]='', $len, $flags);
}
But RECV read a buffer, that could be multiple incoming data.
--
any call to getsockname(2) reply 127.0.0.1 which is the bind i pass
to the UDP socket ,
which is kinda normal .
i did `pass on ingress proto udp divert-to 127.0.0.1 port 1234`
So far I do not see how i could make this work. And relayd use divert
socket, is there
an example of this somewhere ?
Best.
--
--
-
Knowing is not enough; we must apply. Willing is not enough; we must do
Re: RDONLY but for the good ( pledged ) guys
On Tue, Jun 26, 2018 at 7:05 PM Edgar Pettijohn III wrote: > > > > On 06/26/18 13:50, Raul Miller wrote: > > Personally, I can't totally figure out what this policy would be. > > > > My current best approximation is: there's a period of time when > > pkg_add and syspatch are running and that is a time when writes are > > allowed, other than that, not. > > > > I could maybe rig up something more complicated using inherited > > cryptographic tokens but the potential special cases wind up with > > approximately the same effect. > > > > You could mount everything ro and have a wrapper script around pkg_add > that remounts it rw and when its done remount it ro. Of course other > processes would then be able to write as well. Seems like you would need > a new system call or some such mechanism to truly accomplish what you want. > http://man.openbsd.org/unveil.2 🎉 -- -- - Knowing is not enough; we must apply. Willing is not enough; we must do
RDONLY but for the good ( pledged ) guys
Hello, As a user i come across one use case where i m thinking : i do not want any program/exec to modify base or local base ( (/usr and /bin /bsd etc.. ) except syspatch and pkg_add -u. Please stop and tell if it does not make sense. I did look at pledge(2) and mount as pledge may force rdonly and mount as wxallowed. I did not really find a clever way to enforce pkg_add and syspatch to be the only binaries to actually write in usr/local and base 'stuff'. Because mount can have multiple device on one patch i was tricked to think, it would be fun to mount one device in multiple place ( rdonly ) and one time rw. Which would somewhat allow to chroot to a writable system before running syspatch. Another way would to force every program to be pledge rdonly by default on non /var /tmp path and the force some kind of flag to allow writing in specific path. Like wxallowed, but pledgewrite, then the binary would call pledge() and gain write access. Maybe a bit too complex and strange. If you read that far, thank you, can you think of a clever way to enforce this policy without heavily modifying the base ? Best. -- -- - Knowing is not enough; we must apply. Willing is not enough; we must do
Re: Troobleshooting help for UVM
On Wed, May 2, 2018, 14:57 Jeremie Courreges-Anglas wrote: > On Wed, May 02 2018, sven falempin wrote: > > 6.3 + syspatch > > > > UVM: pid (perl), uid 0 killed: out of swap > > > > no ddb, i m not using swap in perl afaik, and it seems strange > > a userland script can 'kill' UVM > > I read the error message as "uvm could not find free mem and killed > a perl process running as root". > > > > > OpenBSD 6.3 (GENERIC.MP) #107: Sat Mar 24 14:21:59 MDT 2018 > > dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP > > real mem = 2080227328 (1983MB) > > avail mem = 2010144768 (1917MB) > > mpath0 at root > > scsibus0 at mpath0: 256 targets > > mainbus0 at root > > bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xf68b0 (9 entries) > > bios0: vendor SeaBIOS version "2:1.10.2-58953eb7" date 04/01/2014 > > bios0: OpenStack Foundation OpenStack Nova > > acpi0 at bios0: rev 0 > > acpi0: sleep states S3 S4 S5 > > acpi0: tables DSDT FACP SSDT APIC > > acpi0: wakeup devices > > acpitimer0 at acpi0: 3579545 Hz, 24 bits > > acpimadt0 at acpi0 addr 0xfee0: PC-AT compat > > cpu0 at mainbus0: apid 0 (boot processor) > > cpu0: Intel Core Processor (Haswell, no TSX), 2394.83 MHz > > cpu0: > > > FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SS,SSE3,PCLMUL,VMX,SSSE3,FMA3,CX16,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,HV,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,ARAT,MELTDOWN > > cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB > > 64b/line 16-way L2 cache > > cpu0: ITLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped > > cpu0: DTLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped > > cpu0: smt 0, core 0, package 0 > > mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges > > cpu0: apic clock running at 999MHz > > ioapic0 at mainbus0: apid 0 pa 0xfec0, version 11, 24 pins > > acpiprt0 at acpi0: bus 0 (PCI0) > > acpicpu0 at acpi0: C1(@1 halt!) > > "ACPI0006" at acpi0 not configured > > acpicmos0 at acpi0 > > "PNP0A06" at acpi0 not configured > > "PNP0A06" at acpi0 not configured > > "PNP0A06" at acpi0 not configured > > pvbus0 at mainbus0: KVM > > pci0 at mainbus0 bus 0 > > pchb0 at pci0 dev 0 function 0 "Intel 82441FX" rev 0x02 > > pcib0 at pci0 dev 1 function 0 "Intel 82371SB ISA" rev 0x00 > > pciide0 at pci0 dev 1 function 1 "Intel 82371SB IDE" rev 0x00: DMA, > > channel 0 wired to compatibility, channel 1 wired to compatibility > > pciide0: channel 0 disabled (no drives) > > pciide0: channel 1 disabled (no drives) > > uhci0 at pci0 dev 1 function 2 "Intel 82371SB USB" rev 0x01: apic 0 int > 11 > > piixpm0 at pci0 dev 1 function 3 "Intel 82371AB Power" rev 0x03: apic 0 > int 9 > > iic0 at piixpm0 > > vga1 at pci0 dev 2 function 0 "Cirrus Logic CL-GD5446" rev 0x00 > > wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) > > wsdisplay0: screen 1-5 added (80x25, vt100 emulation) > > virtio0 at pci0 dev 3 function 0 "Qumranet Virtio Network" rev 0x00 > > vio0 at virtio0: address fa:16:3e:ec:59:66 > > virtio0: msix shared > > virtio1 at pci0 dev 4 function 0 "Qumranet Virtio Storage" rev 0x00 > > vioblk0 at virtio1 > > scsibus1 at vioblk0: 2 targets > > sd0 at scsibus1 targ 0 lun 0: SCSI3 0/direct > fixed > > sd0: 10240MB, 512 bytes/sector, 20971520 sectors > > virtio1: msix shared > > virtio2 at pci0 dev 5 function 0 "Qumranet Virtio Memory" rev 0x00 > > viomb0 at virtio2 > > virtio2: apic 0 int 10 > > isa0 at pcib0 > > isadma0 at isa0 > > fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 > > com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo > > com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo > > pckbc0 at isa0 port 0x60/5 irq 1 irq 12 > > pckbd0 at pckbc0 (kbd slot) > > wskbd0 at pckbd0: console keyboard, using wsdisplay0 > > pms0 at pckbc0 (aux slot) > > wsmouse0 at pms0 mux 0 > > pcppi0 at isa0 port 0x61 > > spkr0 at pcppi0 > > usb0 at uhci0: USB revision 1.0 > > uhub0 at usb0 configuration 1 interface 0 "Intel UHCI root hub" rev > > 1.00/1.00 addr 1 > > vmm0 at mainbus0: VMX/EPT > > uhidev0 at uhub0 port 1 configuration 1 interface 0 "QEMU QEMU USB > > Tablet" rev 2.00/0.00 addr 2 > > uhidev0: iclass 3
Troobleshooting help for UVM
6.3 + syspatch UVM: pid (perl), uid 0 killed: out of swap no ddb, i m not using swap in perl afaik, and it seems strange a userland script can 'kill' UVM OpenBSD 6.3 (GENERIC.MP) #107: Sat Mar 24 14:21:59 MDT 2018 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 2080227328 (1983MB) avail mem = 2010144768 (1917MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xf68b0 (9 entries) bios0: vendor SeaBIOS version "2:1.10.2-58953eb7" date 04/01/2014 bios0: OpenStack Foundation OpenStack Nova acpi0 at bios0: rev 0 acpi0: sleep states S3 S4 S5 acpi0: tables DSDT FACP SSDT APIC acpi0: wakeup devices acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel Core Processor (Haswell, no TSX), 2394.83 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SS,SSE3,PCLMUL,VMX,SSSE3,FMA3,CX16,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,HV,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,ARAT,MELTDOWN cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 64b/line 16-way L2 cache cpu0: ITLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped cpu0: DTLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges cpu0: apic clock running at 999MHz ioapic0 at mainbus0: apid 0 pa 0xfec0, version 11, 24 pins acpiprt0 at acpi0: bus 0 (PCI0) acpicpu0 at acpi0: C1(@1 halt!) "ACPI0006" at acpi0 not configured acpicmos0 at acpi0 "PNP0A06" at acpi0 not configured "PNP0A06" at acpi0 not configured "PNP0A06" at acpi0 not configured pvbus0 at mainbus0: KVM pci0 at mainbus0 bus 0 pchb0 at pci0 dev 0 function 0 "Intel 82441FX" rev 0x02 pcib0 at pci0 dev 1 function 0 "Intel 82371SB ISA" rev 0x00 pciide0 at pci0 dev 1 function 1 "Intel 82371SB IDE" rev 0x00: DMA, channel 0 wired to compatibility, channel 1 wired to compatibility pciide0: channel 0 disabled (no drives) pciide0: channel 1 disabled (no drives) uhci0 at pci0 dev 1 function 2 "Intel 82371SB USB" rev 0x01: apic 0 int 11 piixpm0 at pci0 dev 1 function 3 "Intel 82371AB Power" rev 0x03: apic 0 int 9 iic0 at piixpm0 vga1 at pci0 dev 2 function 0 "Cirrus Logic CL-GD5446" rev 0x00 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) virtio0 at pci0 dev 3 function 0 "Qumranet Virtio Network" rev 0x00 vio0 at virtio0: address fa:16:3e:ec:59:66 virtio0: msix shared virtio1 at pci0 dev 4 function 0 "Qumranet Virtio Storage" rev 0x00 vioblk0 at virtio1 scsibus1 at vioblk0: 2 targets sd0 at scsibus1 targ 0 lun 0: SCSI3 0/direct fixed sd0: 10240MB, 512 bytes/sector, 20971520 sectors virtio1: msix shared virtio2 at pci0 dev 5 function 0 "Qumranet Virtio Memory" rev 0x00 viomb0 at virtio2 virtio2: apic 0 int 10 isa0 at pcib0 isadma0 at isa0 fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo pckbc0 at isa0 port 0x60/5 irq 1 irq 12 pckbd0 at pckbc0 (kbd slot) wskbd0 at pckbd0: console keyboard, using wsdisplay0 pms0 at pckbc0 (aux slot) wsmouse0 at pms0 mux 0 pcppi0 at isa0 port 0x61 spkr0 at pcppi0 usb0 at uhci0: USB revision 1.0 uhub0 at usb0 configuration 1 interface 0 "Intel UHCI root hub" rev 1.00/1.00 addr 1 vmm0 at mainbus0: VMX/EPT uhidev0 at uhub0 port 1 configuration 1 interface 0 "QEMU QEMU USB Tablet" rev 2.00/0.00 addr 2 uhidev0: iclass 3/0 ums0 at uhidev0: 3 buttons, Z dir wsmouse1 at ums0 mux 0 vscsi0 at root scsibus2 at vscsi0: 256 targets softraid0 at root scsibus3 at softraid0: 256 targets root on sd0a (fe232e2f6ab8c86a.a) swap on sd0b dump on sd0b WARNING: / was not properly unmounted fd0 at fdc0 drive 1: density unknown No swap actually : fe232e2f6ab8c86a.a / ffs rw,wxallowed 1 1 swap /var/run mfs rw,nodev,nosuid,-s=32M 0 0 -- -- - Knowing is not enough; we must apply. Willing is not enough; we must do
Re: kernel relink segfaults on ALIX
On Thu, Apr 19, 2018 at 1:01 PM, IL Ka wrote: > Upgrade may affect kernel, so you need to reorder it at least once after > upgrade! > > I am not sure which policy do OpenBSD use, but generally if something is > not documented it is subject to be changed in minor upgrade. > > The only reference to this script is ``/etc/rc`` (line 620) without of any > variable, and since "reorder_kernel" is > not documented it would be absolutelly legal to rename it and update > /etc/rc accordingly. > > So, this little hack may be broken after upgrade anyway. > > I wish there were ``man reorder_kernel(8)`` and ``reorder_kernel=NO`` > documented in ``rc.conf(8)`` > But if I understood everything correct, developers say we should not > disable this script, > that is why they do not document it nor create an option in rc.conf. > > > On Thu, Apr 19, 2018 at 7:42 PM, wrote: > > > One step further would be to put that in your rc.local so it survives an > > upgrade. > > On Apr 19, 2018 9:44 AM, IL Ka wrote: > > > > > > Ancient UNIX way to disable anything: ``doas chmod -x > > > /usr/libexec/reorder_kernel`` ;) > > > > > > Although ``reorder_kernel`` is very simple ksh script, I agree it > should > > be > > > documented. > > > > > > grep aslr /etc/rc.conf >> /etc/rc.conf.local When you reboot often on crap drive, or if you are not exposed (test device), relinking is waste of time IF you are online , keep it . Just comment in rc -_- for kernel -- -- - Knowing is not enough; we must apply. Willing is not enough; we must do
DMESG / syslog
Dear readers, This question is probably answer somewhere but i m afraid to follow any non openBSD style answer. How do it get DMESG messages in my log ( like when a usb is attached ) syslog *.* does not contain them right ? Best, -- -- - Knowing is not enough; we must apply. Willing is not enough; we must do
Re: OpenBSD vs Linux KVM Guest Performance and Stability
On Mon, Apr 16, 2018 at 10:33 AM, Claudio Jeker wrote: > On Mon, Apr 16, 2018 at 04:15:42PM +0200, Daniel Santos wrote: > > I looking for some experience sharing from those who also run OpenBSD > inside > > KVM on Linux. > > > > I was running 5.2 and now 6.2 inside KVM on a Linux wheezy host with 3.2 > > kernel. > > > > This system was used as an all in one Zabbix monitoring server, which > > included the full stack required to run a central monitoring server: > > > > -Lighttpd > > -Zabbix Server > > -Zabbix Agent > > -Mysql Server > > -SNMP utils > > > > First it was using Zabbix 2.x then I have upgraded it to the 3.x series. > The > > zabbix server was regularily crashing or stopped logging to the DB and > > needed to be restarted. > > If not that then the db and page load was terribly slow even on LAN and I > > only had <15 clients on this server. I started moving the components off > one > > by one, at the end only the zabbix server engine left on the vm even that > > sometimes just stuck and stopped sending data to a standalone other linux > > mysql vm. Then I gave up, I recreated the whole environment with the same > > Zabbix version on an all in one Debian 9 vm and since then it runs > > flawlessly. Another issue was that I kept getting dropped packet entries > in > > my pflog on the enabled ports (seems like broken connections). > > > > Zabbix needs a fast DB which I would not run virtualised. Also the crashes > you have seen may have been fixed in the meantime (between 6.2 and 6.3 > there was an libc asr fix that made zabbix reliable for me). > > I run a few KVM OpenBSD machines (mainly network / load balancers) they > work reasonably well. > > -- > :wq Claudio > > really depends on the KVM/linux version -- -- - Knowing is not enough; we must apply. Willing is not enough; we must do
Re: (6.3) RTM_DELETE on lease renewal; why ?
On Wed, Apr 4, 2018 at 12:04 AM, sven falempin wrote: > Dear readers, > > For a long time now, using dhclient to renew a lease trigger a > RTM_DELETE, then RTM_ADD, > because it always remove everything before applying the lease (well > the IP) ( without like checking it s a renewal and nothing changed ). > > # route monitor & > # dhclient vio0 > got message of size 96 on Wed Apr 4 03:56:53 2018 > RTM_PROPOSAL: config proposal: len 96, source dhcp table 0, ifidx 1, > pid: 47718, seq -1773381169, errno 0 > flags: > fmask: > use:0 mtu:0expire:0 > locks: inits: > Static Routes: > Domain search: > Domain Name Servers: > vio0: bound to 100.64.1.3 from 100.64.1.2 (fe:e1:bb:d1:af:df) > got message of size 208 on Wed Apr 4 03:56:53 2018 > RTM_DELETE: Delete Route: len 208, priority 3, table 0, ifidx 1, pid: > 88062, seq 0, errno 0 > flags: > fmask: > use:4 mtu:0expire: -14 > locks: inits: > sockaddrs: > 100.64.1.2 link#1 255.255.255.255 fe:e1:bb:d1:af:de 100.64.1.3 > got message of size 192 on Wed Apr 4 03:56:53 2018 > RTM_RESOLVE: Route created by cloning: len 192, priority 3, table 0, > ifidx 1, pid: 0, seq 0, errno 0 > flags: > fmask: > use:0 mtu:0expire:0 > locks: inits: > sockaddrs: > 100.64.1.2 fe:e1:ba:d0:19:81 fe:e1:bb:d1:af:de 100.64.1.3 > got message of size 144 on Wed Apr 4 03:56:53 2018 > RTM_ADD: Add Route: len 144, priority 0, table 0, ifidx 1, pid: 88062, > seq 0, errno 17 > flags: > fmask: > use:0 mtu:0expire:0 > locks: inits: > sockaddrs: > default 100.64.1.2 default > got message of size 192 on Wed Apr 4 03:56:55 2018 > RTM_GET: Report Metrics: len 192, priority 8, table 0, ifidx 1, pid: > 88062, seq 512726977, errno 0 > flags: > fmask: > use:0 mtu:0expire:0 > locks: inits: > sockaddrs: > default 100.64.1.2 default fe:e1:bb:d1:af:de 100.64.1.3 > > Is there a reason behind this behavior ? is it just to set aside some > complexity ? > > Can't this trigger a (UDP) packet drop ? > > Best. Oh, it as been fixed too, it only do that on explicit request. Great , thank you -- -- - Knowing is not enough; we must apply. Willing is not enough; we must do
(6.3) RTM_DELETE on lease renewal; why ?
Dear readers, For a long time now, using dhclient to renew a lease trigger a RTM_DELETE, then RTM_ADD, because it always remove everything before applying the lease (well the IP) ( without like checking it s a renewal and nothing changed ). # route monitor & # dhclient vio0 got message of size 96 on Wed Apr 4 03:56:53 2018 RTM_PROPOSAL: config proposal: len 96, source dhcp table 0, ifidx 1, pid: 47718, seq -1773381169, errno 0 flags: fmask: use:0 mtu:0expire:0 locks: inits: Static Routes: Domain search: Domain Name Servers: vio0: bound to 100.64.1.3 from 100.64.1.2 (fe:e1:bb:d1:af:df) got message of size 208 on Wed Apr 4 03:56:53 2018 RTM_DELETE: Delete Route: len 208, priority 3, table 0, ifidx 1, pid: 88062, seq 0, errno 0 flags: fmask: use:4 mtu:0expire: -14 locks: inits: sockaddrs: 100.64.1.2 link#1 255.255.255.255 fe:e1:bb:d1:af:de 100.64.1.3 got message of size 192 on Wed Apr 4 03:56:53 2018 RTM_RESOLVE: Route created by cloning: len 192, priority 3, table 0, ifidx 1, pid: 0, seq 0, errno 0 flags: fmask: use:0 mtu:0expire:0 locks: inits: sockaddrs: 100.64.1.2 fe:e1:ba:d0:19:81 fe:e1:bb:d1:af:de 100.64.1.3 got message of size 144 on Wed Apr 4 03:56:53 2018 RTM_ADD: Add Route: len 144, priority 0, table 0, ifidx 1, pid: 88062, seq 0, errno 17 flags: fmask: use:0 mtu:0expire:0 locks: inits: sockaddrs: default 100.64.1.2 default got message of size 192 on Wed Apr 4 03:56:55 2018 RTM_GET: Report Metrics: len 192, priority 8, table 0, ifidx 1, pid: 88062, seq 512726977, errno 0 flags: fmask: use:0 mtu:0expire:0 locks: inits: sockaddrs: default 100.64.1.2 default fe:e1:bb:d1:af:de 100.64.1.3 Is there a reason behind this behavior ? is it just to set aside some complexity ? Can't this trigger a (UDP) packet drop ? Best.
Re: counting dropped packets for pf
https://man.openbsd.org/pflow.4 On Wed, Mar 28, 2018 at 4:03 PM, 3 wrote: > > On 03/28/18 15:04, 3 wrote: > >> hi guys. when the pflow option first appeared, i was surprised by the > >> stupidity of those who implemented it- pflow could not be specified > >> for block-rules, i.e. dropped packets were not taken into account. as > > > hm. you've suffered nine years of this stupidity of others but have not > > been able to add labels to your block rules? > > > Just as an experiment I added labels to the block rules on my > > most-easily-reachable-from-here gateway, as in > > > block log (all) label blockgen > > block drop log (all) quick from label portalbrutes > > block drop log (all) quick from label abusives > > block drop log (all) quick from label webtrash > > block drop log (all) quick from label bruteforce > > > block drop log (all) quick from label longterm > > block in log (all) on ! lo0 proto tcp to port 6000:6010 label remotex11 > > > and voila, pfctl -sl gives me after a few minutes > > > [Wed Mar 28 16:15:29] peter@skapet:~$ sudo pfctl -vsl > > blockgen 3739 452 19856 448 19664 4 192 0 > > portalbrutes 3739 0 0 0 0 0 0 0 > > abusives 3739 301 14681 301 14681 0 0 0 > > webtrash 3438 0 0 0 0 0 0 0 > > bruteforce 3438 0 0 0 0 0 0 0 > > longterm 3438 0 0 0 0 0 0 0 > > remotex11 3438 0 0 0 0 0 0 0 > > > man pf.conf is your friend, please consult there before letting > > resentment stew for years next time, huh? > > maybe im so dumb and blind to see pflow here.. and maybe deal not in > me. where is pflow? > > -- -- - Knowing is not enough; we must apply. Willing is not enough; we must do
vmctl and 6.3/testing
Readers, I was able to setup a 6.3 openbsd inside a vmd (neat) but i had to use '-b /bsd.rd' because '-d install63.fs' always crashed inside the guest kernel at 'mount'. Now testing snapshots inside snapshots. Feels good man. -- -- - Knowing is not enough; we must apply. Willing is not enough; we must do
Re: Dual-ISP home router setup problems
i just use route -T X exec dhclient in 6.3
AWESOME
On Mon, Mar 19, 2018 at 7:54 AM, Samuel Wagen wrote:
> And of course, too much copy paste while trying to use documentation
> IP ranges. The two gateways in pf.conf above should be
>
> isp_a_gw = "198.51.100.1"
> isp_b_gw = "203.0.113.1"
>
> The rest stands.
>
> On Mon, Mar 19, 2018 at 1:40 PM, Samuel Wagen wrote:
>> Hello,
>>
>> I'm trying to build a home router with OpenBSD. I have two ISPs, both are
>> giving me real IPs, one with straight DHCP (ISP_A), the other - via PPPoE
>> (ISP_B). I've described the topology with more detail in the diagram below.
>>
>> I wanted to use PF with routing domains instead of multipath forwarding, due
>> to multipath being very finicky when a link goes down. My current setup is
>> described below. I have the following issues:
>>
>> - Initially I can't pass traffic from the LAN. I think this is due to the
>> packets on em0 being dropped before PF has a chance to reach them, due
>> to missing default route on rdomain 0. If I execute the following two
>> commands:
>> # route -T 0 add 198.51.100.0/24 127.0.0.1
>> # route -T 0 add 203.0.113.0/24 127.0.0.1
>> then traffic starts passing half of the time - if the round-robin
>> decides it should go over the PPPoE link (ISP_B) - traffic from the LAN
>> flows. If, however, it decides to go through the other link (ISP_A) -
>> nothing passes, and I get the following kernel messages:
>>
>> arpresolve: 198.51.100.0: route contains no arp information
>>
>> - Traffic from the gateway itself to the Internet always fails, unless I
>> specify a routing domain manually (route -T 1 exec whatever). Not sure
>> what bogus route to add here, so that packets aren't dropped before PF,
>> and what to add to PF so that they flow.
>>
>> In other words, I'm stuck, and need some pointers on how to continue and what
>> am I doing wrong. I'm running latest snapshot, but also tried with 6.2.
>>
>> Many thanks in advance.
>>
>> Here's the info about my config, let me know if you need me to provide some
>> more. The "internet" networks are from RFC5737 for illustration purposes.
>>
>> 1. Network diagram
>>
>>+-+ +-+
>>| ISP_A | | ISP_B |
>>+---+-+ +---+-+
>>| |
>>| |
>>| |
>> ++-+-+++
>> || em1 em2/pppoe0 ||
>> || DHCP client real IP ||
>> || IP: 198.51.100.20IP: 203.0.113.40 ||
>> || Net: 198.51.100.0/24 Net: 203.0.113.0/24 ||
>> || GW: 198.51.100.1 GW: 203.0.113.1 ||
>> || rdomain 1rdomain 2||
>> G| group isp_a group isp_b |G
>> A||A
>> T||T
>> E+- - - - - - - - - - - NAT- - - - - - - - - - - -+E
>> W||W
>> A||A
>> Y| em0 |Y
>> || DHCP server ||
>> || IP: 172.16.16.1 ||
>> || Net: 172.16.16.0/24 ||
>> || rdomain 0||
>> || group lan||
>> +++---++
>> |
>> |
>> |
>>+--++
>>|LAN|
>>+---+
>>
>>
>> 2. Interface config files
>>
>> - /etc/hostname.em0
>>
>> inet 172.16.16.1 255.255.255.0 172.16.16.255 group lan
>>
>> - /etc/hostname.em1
>>
>> dhcp group isp_a rdomain 1
>>
>> - /etc/hostname.em2
>>
>> up
>>
>> - /etc/hostname.pppoe0
>>
>> inet 0.0.0.0 255.255.255.255 NONE \
>> pppoedev em2 authproto chap \
>> authname 'user' authkey 'verysecret' \
>> group isp_b \
>> rdomain 2 \
>> up
>> dest 0.0.0.1
>> !/sbin/route -T 2 add default -ifp pppoe0 0.0.0.1
>>
>>
>> 3. DHCP server config (/etc/dhcpd.conf)
>>
>> subnet 172.16.16.0 netmask 255.255.255.0 {
>> option domain-name-servers 172.16.16.2, 172.16.16.3;
>> option routers 172.16.16.1;
>> range 172.16.16.100 172.16.16.199;
>> }
>>
>>
>> 4. PF config
>>
>> # Need to figure out how avoid hardcoding these
>> isp_a_gw = "172.16.18.1"
>> isp_b_gw = "192.168.68.1"
>>
>> set debug debug
>>
>> match in log all scrub (no-df random-id max-mss 1440)
>>
>> match out log on em1 from (lan:network) nat-to (em1)
>> match out log on pppoe0 from (lan:network) nat-to (pppoe0)
>>
>> pass out log on lan to (
Re: The disconnected AC adapter affects Java application launch speed. (SqlDeveloper from Oracle)
On Wed, Nov 1, 2017 at 8:05 AM, dmitry.sensei wrote: > Hi! > > Very slow start of the Java application (sqldeveloper) with the AC adapter > disconnected. When the adapter is paired - the speed is quite acceptable > > Laptop HP Probook 6470b > > OpenBSD 6.2 stable > > is this a known strangeness? is there a workaround for the problem? where > and how to look / check to see for yourself, if nothing will help > > -- > Dmitry Orlov News flash: computer tries to save power on battery devs are baffled o/ -- -- - Knowing is not enough; we must apply. Willing is not enough; we must do
Re: a pf question maybe asked a 1000 times
On Fri, Oct 20, 2017 at 9:09 AM, Michael Hekeler
wrote:
>
> Glad to hear that you have solved the problem
>
>
> > as you may notice I added the ping and the dns to the ruleset since
> > this was blocked in the original set of rules.
>
> You can allow outgoind dns with one single rule:
>
> pass out on $ext_if inet proto { tcp, udp } from $ext_if \
> to any port domain keep state
>
>
> > ...
> > pass on hvn0 inet proto icmp all icmp-type echoreq
>
> just to be curious: what is the effect of "on" in your rules "pass on ..."
> As to pf.conf(5) there are only "in" or "out"
>
>
>
>
> https://man.openbsd.org/pflog
Observe what your are doing block log []
tcpdump [-n] -i pflog0
--
--
-
Knowing is not enough; we must apply. Willing is not enough; we must do
Re: late 6.1 question ( arp , table , routing )
On Wed, Sep 13, 2017 at 9:43 AM, Mike Belopuhov wrote: > On Mon, Sep 11, 2017 at 18:41 -0400, sven falempin wrote: > > Feels like it s impossible to use virtual routing table without a > rdomain > > on interface with 6.1 > > > > I think you were relying on an arp(1) bug that influenced your > understanding of routing tables and routing domains. To recap: > > 1. There can be only one ARP table per routing domain. > > > # arp -V 122 -s 172.16.1.1 ac:64:dd:b0:00:03 [permanent] > > arp: writing to routing socket: No such process > > arp: 172.16.1.1: No such process > > > > What you're trying to do here is to add an ARP entry on the > routing domain 122 (not routing table 122). > > 2. A single routing domain can have multiple routing tables. > > > Even if the routing can be modify with > > > > /sbin/route -T122 add -inet 172.16.1.1 -llinfo -link -static -iface em5 > && > > route -T122 add default 172.16.1.1 > > > > This adds a default route into the routing table number 122 > no matter which routing domain it belongs to (0 in your case). > > > - > > > > # route -T122 show > > Routing tables > > > > Internet: > > DestinationGatewayFlags Refs Use Mtu Prio > > Iface > > default172.16.1.1 UGS00 - 8 > em5 > > 172.16.1.1 link#6 UHLS 01 - 8 > em5 > > > > - > > > > arp table remain empty and i cannot ping -V 122 172.16.1.1 > > > > This was possible 6.0 > > > > Will it be possible in 6.2 ?? YES :-D :o > > > > arp(1) had a bug that prevented all of it's execution modes > from working on multiple rdomains, so it appears that you > were relying on "arp -V 122" working on rdomain 0 while in > fact the intention was for it work work on rdomain 122 and > this should be the case now. > > Hope this clarifies the situation. > > > # uname -a > > OpenBSD lulz.com 6.2 GENERIC.MP#63 amd64 > > > > # ifconfig em0 > > em0: flags=8843 mtu 1500 > > lladdr 00:03:2d:36:95:5e > > index 1 priority 0 llprio 3 > > groups: egress > > media: Ethernet autoselect (1000baseT > full-duplex,rxpause,txpause) > > status: active > > inet 172.16.1.45 netmask 0xff00 broadcast 172.16.1.255 > > > > # route -T 120 add default 172.16.1.1 > > add net default: gateway 172.16.1.1 > > # ping -V 172.16.1.1 > > ping: rtable value is invalid: 172.16.1.1 > > # ping -V 120 172.16.1.1 > > PING 172.16.1.1 (172.16.1.1): 56 data bytes > > 64 bytes from 172.16.1.1: icmp_seq=0 ttl=255 time=0.444 ms > > 64 bytes from 172.16.1.1: icmp_seq=1 ttl=255 time=0.351 ms > > > > > > -- > > > > I m asking a lot but > > Is there a chance to fix this in 6.1 without to much work ?? > > Any workaround ( better than mine ) ? > > > > [0]-[]-[/] > > # ifconfig em5 > > em5: flags=8843 mtu 1500 > > lladdr fe:e1:ba:28:22:44 > > description: citywan > > index 6 priority 0 llprio 3 > > groups: egress > > media: Ethernet autoselect (100baseTX > full-duplex,rxpause,txpause) > > status: active > > inet 172.16.1.33 netmask 0xff00 broadcast 172.16.1.255 > > [0]-[]-[/] > > # route -T 111 add default 172.16.1.1 > > add net default: gateway 172.16.1.1: Network is unreachable > > > > You should send this bug report separately. > Do I understand it correctly that this command doesn't work > util you issue the one below? > > /sbin/route -T122 add -inet 172.16.1.1 -llinfo -link -static -iface em5 > > > This is the only bug report of the mail, all the above is trying to workaround. -- -- - Knowing is not enough; we must apply. Willing is not enough; we must do
late 6.1 question ( arp , table , routing )
Feels like it s impossible to use virtual routing table without a rdomain on interface with 6.1 # arp -V 122 -s 172.16.1.1 ac:64:dd:b0:00:03 [permanent] arp: writing to routing socket: No such process arp: 172.16.1.1: No such process Even if the routing can be modify with /sbin/route -T122 add -inet 172.16.1.1 -llinfo -link -static -iface em5 && route -T122 add default 172.16.1.1 - # route -T122 show Routing tables Internet: DestinationGatewayFlags Refs Use Mtu Prio Iface default172.16.1.1 UGS00 - 8 em5 172.16.1.1 link#6 UHLS 01 - 8 em5 - arp table remain empty and i cannot ping -V 122 172.16.1.1 This was possible 6.0 Will it be possible in 6.2 ?? YES :-D :o # uname -a OpenBSD lulz.com 6.2 GENERIC.MP#63 amd64 # ifconfig em0 em0: flags=8843 mtu 1500 lladdr 00:03:2d:36:95:5e index 1 priority 0 llprio 3 groups: egress media: Ethernet autoselect (1000baseT full-duplex,rxpause,txpause) status: active inet 172.16.1.45 netmask 0xff00 broadcast 172.16.1.255 # route -T 120 add default 172.16.1.1 add net default: gateway 172.16.1.1 # ping -V 172.16.1.1 ping: rtable value is invalid: 172.16.1.1 # ping -V 120 172.16.1.1 PING 172.16.1.1 (172.16.1.1): 56 data bytes 64 bytes from 172.16.1.1: icmp_seq=0 ttl=255 time=0.444 ms 64 bytes from 172.16.1.1: icmp_seq=1 ttl=255 time=0.351 ms -- I m asking a lot but Is there a chance to fix this in 6.1 without to much work ?? Any workaround ( better than mine ) ? [0]-[]-[/] # ifconfig em5 em5: flags=8843 mtu 1500 lladdr fe:e1:ba:28:22:44 description: citywan index 6 priority 0 llprio 3 groups: egress media: Ethernet autoselect (100baseTX full-duplex,rxpause,txpause) status: active inet 172.16.1.33 netmask 0xff00 broadcast 172.16.1.255 [0]-[]-[/] # route -T 111 add default 172.16.1.1 add net default: gateway 172.16.1.1: Network is unreachable i am not used to these king of behavior change with openbsd. Best. -- -- - Knowing is not enough; we must apply. Willing is not enough; we must do
Missing or wrong step in following current
Hello,
I downloaded a snapshot and follow current order from the page ( from
the snapshot date )
But apparently my clang is not in place completely
or something else is missing
cat /sys/arch/amd64/amd64/genassym.cf
/sys/arch/amd64/amd64/genassym.cf | sh /sys/kern/genas
sym.sh cc -g -Werror -Wall -Wimplicit-function-declaration
-Wno-uninitialized -Wno-pointer-s
ign -Wframe-larger-than=2047 -mcmodel=kernel -mno-red-zone -mno-sse2
-mno-sse -mno-3dnow -m
no-mmx -msoft-float -fno-omit-frame-pointer -ffreestanding -fno-pie
-O2 -pipe -nostdinc -I/sy
s -I/sys/arch/amd64/compile/GENERIC/obj -I/sys/arch -DDDB -DDIAGNOSTIC
-DKTRACE -DACCOUNTING
-DKMEMSTATS -DPTRACE -DCRYPTO -DSYSVMSG -DSYSVSEM -DSYSVSHM
-DUVM_SWAP_ENCRYPT -DFFS -DFFS2 -
DFFS_SOFTUPDATES -DUFS_DIRHASH -DQUOTA -DEXT2FS -DMFS -DNFSCLIENT
-DNFSSERVER -DCD9660 -DUDF
-DMSDOSFS -DFIFO -DFUSE -DSOCKET_SPLICE -DTCP_SACK -DTCP_ECN
-DTCP_SIGNATURE -DART -DINET6 -D
IPSEC -DPPP_BSDCOMP -DPPP_DEFLATE -DPIPEX -DMROUTING -DMPLS
-DBOOT_CONFIG -DUSER_PCICONF -DAP
ERTURE -DMTRR -DNTFS -DHIBERNATE -DPCIVERBOSE -DUSBVERBOSE
-DWSDISPLAY_COMPAT_USL -DWSDISPLAY
_COMPAT_RAWKBD -DWSDISPLAY_DEFAULTSCREENS="6" -DX86EMU
-DONEWIREVERBOSE -DMAXUSERS=80 -D_KERN
EL -MD -MP -MF assym.P > assym.h.tmp
/tmp/genassym_c.VERse7MT2A:22:7: error: unexpected token in argument list
__asm("XYZZY SRUN %0" : : "n" (SRUN));
~~
# which clang cc | xargs cmp && echo mkay
mkay
Am i forced to reinstall a snapshot or can i fix that ?
# cvs -q up -Pd
? sys/arch/amd64/compile/KTEST
? sys/arch/amd64/conf/KTEST
#
--
--
-
Knowing is not enough; we must apply. Willing is not enough; we must do
fun stuff to try on 6.2-beta
I have a fun behavior but it s on the deprecated 6.0 , sorry i m slow af.
Given the start procedure you can kill smtpd early by renewing the lease,
looks like the bug in ospf
So to the tester do:
rcctl smtpd stop
(smtpd -d &) ; sleep 0.1 && dhclient re0
replace re0 with your favorite fxp or em or whatever
the sleep must trigger the dhcp during the setup phase,
change the 0.1 according toyour speed.
setup_done(p_ca);
setup_done(p_control);
setup_done(p_lka);
setup_done(p_pony);
setup_done(p_queue);
setup_done(p_scheduler);
log_debug("smtpd: setup done");
i do not know if this can be consider as a bug . .. but it could be annoying.
I guess it is a bug if it happens during renew and you for some reason
reboot smtpd
sometimes
best,
--
--
-
Knowing is not enough; we must apply. Willing is not enough; we must do
Re: File Server with OpenBSD?
On Tue, Mar 7, 2017 at 11:55 AM, Solène Rapenne wrote: > Le 2017-03-07 17:29, Roderick a écrit : > >> Before I make a decision, I want to ask you for suggestions. >> >> I want to make a small file server, just to separate important >> files from my working system. Two disks as Raid 1. Files are to >> be read with NFS. Emphasis: >> >> (1) Data Integrity (not security :). >> >> (2) some degree of indepencence from hardware and operating system. >> Disk are to be readable for many decades. Standard File System >> readable after moving the Disks to another computer, different >> hardware, perhaps with different OS. >> >> I was thinking on doing it with FreeBSD and ZFS. I find the last >> interesting because: (a) it make checksums and corrections if >> a checksum in a disk is wrong (using the other disk in the array), >> (b) many OS are implementing it. But I find horrible how >> resource hungry it is. >> >> Do you have an idea? >> >> I do preffer OpenBSD, but is there an appropriate file system >> for archiving? >> >> I thank for any suggestion >> Rodrigo. >> > > > Hello, > > I have my private file server using OpenBSD. That's not the best system > for that but it works. > If you are comfortable with and you don't need extra speed, that will be > ok. > > For data integrity, you may use sysutils/bitrot to check for data > integrity (bit rot). > With OpenBSD, you won't get snapshots, on-the-fly compression etc... > 2 cents: vnconfig /bioctl for RAID1 + CRYPTO for the partition ? CRYPTO will indirectly check for error and RAID1 create redondancy and a way to snaphots all of that. Maybe CRYPTO compress data , or was it a removed option ? > Don't forget backups, that the most important thing for your file server > :-) > > Regards > > -- -- Knowing is not enough; we must apply. Willing is not enough; we must do
Re: increased load average
On Fri, Mar 3, 2017 at 5:28 AM, Infoomatic wrote: > Hi, > I have got "QOTOM Mini PC" with a 4-core "Intel(R) Celeron(R) CPU J1900 @ > 1.99GHz, 2000.45 MHz" CPU and 8GB RAM acting as firewall for a 12MBit > synchronous connection and routing all traffic to our datacenter via > OpenVPN. > Since the upgrade yesterday from -stable to -current, the load average > jumped from about 0.2 to 1.7. There hasn't been changes in our userbase > (<10 users) or anything else, is this a known problem? I use the MP kernel. > > regards, > infoomatic > > Having your cpu doing more is not a bad thing IF the user experience get better, i am sure this report will be interesting when put in the perspective with how fast content and services are provided. Note that current is development mode, they may have put some additional debugging info as the current rework is quite deep, this may higher the load. Dont forgot : http://undeadly.org/cgi?action=article&sid=20090715034920 Load is not cpu usage. Maybe some other metric comparison will be interesting to do (systat(1) and vmstat(8) if you can switch from to another version easily :-) -- - () ascii ribbon campaign - against html e-mail /\
Re: Content filtering through pf?
Not a pf job Best to greese monkey your js to drop or stuff like http://www.opera.com/blogs/news/2015/11/how-operas-video-compression-technology-works/ Last ressort : relayd + mime type filtering. On Thu, Feb 23, 2017 at 10:27 AM, Alan Corey wrote: > I'm wondering if it's possible to do content filtering in a firewall. > Maybe with something that cooperates with pf. I'm on a very limited > (5 GB/month) metered internet connection through a cell phone and I'm > not the only user when I have it shared over wifi. I'd like to block > video because it's an incredible waste. Problematic clients are > Android/Kindle. User competence in not clicking where they shouldn't > is sometimes an issue. > > I can see this happening if there's a file size available during > transfers, if the size is under a certain threshold value it just > passes without interference, over a certain size the first few bytes > of the file get checked. If it fails the check that exact URL to the > file would get blacklisted for maybe 24 hours. I've noticed watching > random transfers with wget that in some cases it knows the file size > from somewhere and sometimes not. Presumably there's no size > available on streaming video so just block it. > > There seems to be an abundance of video in advertising in apps but > also in news apps there's a mix of video and text stories. Most of > the world assumes bandwidth is free and fast. Some videos are bigger > than entire operating systems, and most are fairly pointless. If the > transfer is happening over an ssl connection maybe not much can be > done since from the firewall's perspective it's just encrypted data, > essentially inside a tunnel. > > -- - () ascii ribbon campaign - against html e-mail /\
Re: pppoe does not want to finish connexion :-( please help
On Sat, Feb 18, 2017 at 12:15 AM, sven falempin wrote: > ( stable 5.9 i ll update soon ) > I carefully read man pages, find out i cant use hostname.pppoe > because ??? i am probably not seeing something obvious but ... > > So i execute : > ifconfig pppoe0 destroy # for fresh start :D > ifconfig pppoe0 pppoedev em6 authproto pap authname\ > YY authkey X && ifconfig pppoe0 debug &&\ > ifconfig pppoe0 inet 0.0.0.0 0.0.0.0 broadcast 255.255.255.255 && echo OK > > When i do not pass first the auth params it doesnt work, once it s up , no > more configuring > if i got this right. > > The first ip given after auth is always rejected : > /bsd: pppoe0: ipcp parse opt values: address IPV4 [not agreed] send > conf-nak > > Then > > pppoe0: ipcp nak opts: address [wantaddr OtherIPV4] [agree] > > But > > pppoe0: ipcp parse opt values: still need hisaddr send conf-nak > > until the driver abandoned all hope. > > And know i am just scratching my head :-( > > when in doubt just take a nap s/broadcast/netmask/g *facepalm* -- - () ascii ribbon campaign - against html e-mail /\
pppoe does not want to finish connexion :-( please help
( stable 5.9 i ll update soon ) I carefully read man pages, find out i cant use hostname.pppoe because ??? i am probably not seeing something obvious but ... So i execute : ifconfig pppoe0 destroy # for fresh start :D ifconfig pppoe0 pppoedev em6 authproto pap authname\ YY authkey X && ifconfig pppoe0 debug &&\ ifconfig pppoe0 inet 0.0.0.0 0.0.0.0 broadcast 255.255.255.255 && echo OK When i do not pass first the auth params it doesnt work, once it s up , no more configuring if i got this right. The first ip given after auth is always rejected : /bsd: pppoe0: ipcp parse opt values: address IPV4 [not agreed] send conf-nak Then pppoe0: ipcp nak opts: address [wantaddr OtherIPV4] [agree] But pppoe0: ipcp parse opt values: still need hisaddr send conf-nak until the driver abandoned all hope. And know i am just scratching my head :-( -- - () ascii ribbon campaign - against html e-mail /\
Re: installXX.fs build
On Fri, Jan 27, 2017 at 5:01 PM, Jiri B wrote: > On Fri, Jan 27, 2017 at 08:29:08PM +0100, Thuban wrote: > > Hi, > > > > Just by curiosity, I was wondering how installXX.fs file is build? > > https://github.com/openbsd/src/blob/master/distrib/amd64/iso/Makefile#L9 > > j. > > and then line 45. -- - () ascii ribbon campaign - against html e-mail /\
starting avahi the proper way
Misc Readers, 6.0 GENERIC.MP#2 amd64 here I installed cupsd, and notice avahi would help to find some dnssd stuff. i then notice avahi would need dbus to start # # avahi-daemon 0.6.31 starting up. # dbus_bus_get_private(): Failed to connect to socket /var/run/dbus/system_bus_socket: No such file or directory pkg_add did a great job putting all the rc.d files but dbus start failed while `/usr/local/bin/dbus-launch` actually did something moreover /var/run/dbus/ does not exists as a directory and creating does not help and ahavi still does not start. I do not know where to look for all those zeroconfig daemons : manpages ? avahi docs ? dbus documentation ? Am i just suppose to put some stuff in my rc.conf.local (usually the package tell this kind of stuff ) ? If someone already did this, i would gladly save some of time ! Cheers. -- - () ascii ribbon campaign - against html e-mail /\
Re: mounting tmpfs ???
On Thu, Dec 15, 2016 at 4:32 PM, Stuart Henderson wrote: > On 2016/12/15 11:23, sven falempin wrote: > > > > > > On Wed, Dec 14, 2016 at 11:36 AM, Stuart Henderson > > wrote: > > > > On 2016/12/14 11:07, sven falempin wrote: > > > On Wed, Dec 14, 2016 at 10:51 AM, Stuart Henderson < > > s...@spacehopper.org> > > > wrote: > > > > > > > On 2016/12/14 10:44, sven falempin wrote: > > > > > [130]-[~] > > > > > # ktrace mount_tmpfs -s20M tmpfs /foo > > > > > mount_tmpfs: tmpfs on /foo: Operation not supported > > > > > [1]-[~] > > > > > # ls -ld /foo > > > > > drwxr-xr-x 2 root wheel 512 Dec 14 16:26 /foo > > > > > > > > > > > > revision 1.229 > > > > date: 2016/07/25 19:52:56; author: deraadt; state: Exp; > > lines: +2 -2; > > > > commit > > > > id: SKJd8VyGOLxZLj1g; > > > > disable tmpfs because it receives zero maintainance. > > > > > > > > > > > > > > > Okay, > > > > > > i am using this daily, what can i do !? > > > besides compiling my own 'unsuported' kernel . . . > > > > Switch to mfs? > > > > > > > > tmpfs was supposed to replace mfs, afaik > > a memory problem, shall we maintain mfs better > > and dump tmpfs or fix tmpfs which is 'better than mfs' ? > > You can do whichever you like, I'm not telling you what to spend > your time on :-) > > Though I'm not aware of anything that needs doing to mfs really, > it works as expected. > > I moved from mfs to tmpfs , i ll move back i have a vague memory of some not free memmory on mfs. -- () ascii ribbon campaign - against html e-mail /\
Re: -current
On Fri, Nov 25, 2016 at 7:01 PM, sven falempin wrote: > Just send 500$ to Theo in Cash and we ll arrange it > DISCLAIMER this email is not engaging anyone into anything -- - () ascii ribbon campaign - against html e-mail /\
Re: -current
Just send 500$ to Theo in Cash and we ll arrange it On Fri, Nov 25, 2016 at 6:55 PM, wrote: > Hello - Where can I get sys.tar.gz -current? Thanks! Chuck > > -- - () ascii ribbon campaign - against html e-mail /\
Re: 4th nic for pcengines apu2
On Wed, Oct 19, 2016 at 9:20 AM, Mihai Popescu wrote: > > e.g. from Lanner. > > Can you compensate for the price difference? OR better, do you know a > retailer to sell this on the same price as pcengines in your area? > > Lanner is from another league. > > You can also use rdomain/vlan and a good switch. Also you may use a usb to ethernet , or serial to ethernet and connect the two board. And keep the apu you know. -- - () ascii ribbon campaign - against html e-mail /\
reply-to/dup-to/route-to hostdecl detailed explannation
Dear PF users and coders, If someone strictly follow the BNF of pf.conf man pages (thansk for the great doc guys) the declaration after route-to would be able to be (ifX:someting)@ifY. It does not make much sense as the first part would be a gateway if i understood well enough. Maybe the :peer would be usefull, route-to (tun0:peer)@tun0 feels 'legit' 1 pass in quick on vether2 from (vether2:network) to 10/8 rdr-to 10.1.2.3 2 pass in quick on vether2 from (vether2:network) to 10/8 rdr-to 10.1.2.3 reply-to 172.16.1.8@em5 3 pass in quick on vether2 from (vether2:network) to 10/8 rdr-to 10.1.2.3 reply-to 172.16.1.8 4 pass in quick on vether2 from (vether2:network) to 10/8 rdr-to 10.1.2.3 reply-to em5 pass in quick on vether2 from (vether2:network) to 10/8 rdr-to 10.1.2.3 reply-to (em5:0)@em5 Last rules is not parsed. First rule will reply and route data given basic logic, in a mpath case with multiple default route it may reply on an interface different from the connection entry. It's fine. Second rules reply using 172.16.1.8 as a gateway and end on em5. Third rules does the same but on the most relevant interface. But what actually does the fourth ? does the system look a root that match destination on em5 ? (i stopped my code reading in pfctl/parse.y) I may be a good idea to explain this in the man page ? Thanks for reading, Best. -- - () ascii ribbon campaign - against html e-mail /\
Re: OpenBSD 6.0 CDs arrived today
Montreal Got them monday :D On Wed, Sep 7, 2016 at 8:53 PM, patrick keshishian wrote: > Also arrived in Southern California USA > > http://sidster.org/gallery/obsd/60/img_2538.sml.jpg > > Fantastic work folks and great tee-shirt design! > Also a "thank you" to Lyn at OpenBSD Store. > > --patrick > > > On 9/7/16, Kenneth Gober wrote: >> Shipments of OpenBSD 6.0 CDs have started arriving, I'm in the USA, >> New York area. >> >> -ken > -- - () ascii ribbon campaign - against html e-mail /\
Re: Overloaded machine kernel death
On Sun, Aug 21, 2016 at 8:17 PM, sven falempin wrote: > > > On Sun, Aug 21, 2016 at 4:57 PM, Stuart Henderson > wrote: > >> On 2016-08-20, sven falempin wrote: >> > On Sat, Aug 20, 2016 at 3:50 PM, Stuart Henderson >> > wrote: >> > >> >> This report is totally useless without a dmesg. >> >> We don't know which version,which arch, and a bunch of other >> >> things that would be included in it. >> >> >> >> >> > Yes i just leave it in Misc , because i think the problem is acutally >> not >> > openBSD related. >> > Unless work-binpatch59-amd64 is dirty . >> >> So 5.9 + patches. It's probably worth trying -current and see if it >> behaves >> any better. >> >> > For those interested this is related to the amount of cores i give to the > VM. > The problem does not occur if i put a 1 socket , 4 cores config in qemu but > it does with a 2 socket 4 cores, and also 1 socket 6 cores. > > This makes very difficult to know where is the problem qemu or openBSD ? > > Moreover the device is actually used and only with high load i can create > the > problem, i d like > > Using systat i saw a very high load of softnet and way to much fork, that > i will > work on reducing. But that s about it. > > load averages: 15.13, 15.59, 16.02 > X 02:11:50 > 187 processes: 3 running, 180 idle, 4 on processor >up 1 > day, 3:05 > CPU0 states: 0.0% user, 9.7% nice, 45.4% system, 26.3% interrupt, 18.7% > idle > CPU1 states: 0.0% user, 6.2% nice, 61.3% system, 6.6% interrupt, 25.9% > idle > CPU2 states: 0.0% user, 4.5% nice, 65.0% system, 1.0% interrupt, 29.5% > idle > CPU3 states: 0.0% user, 15.8% nice, 70.8% system, 1.9% interrupt, 11.4% > idle > Memory: Real: 617M/1633M act/tot Free: 6299M Cache: 714M Swap: 0K/182M > > This is after reducing the load a bit. > > I will try current if the problem persist, to get some maybe useful back > traces. > > Problem did occur again :'(, will try to update to snapshot or current given the -current state. Looks like the correctly reported bug by Giovanni It was the middle of night, and all i have is some screenshot but i transcripted here the ?double free? i forgot cpu2 :S mach ddbcpu 0 Stopped at Debugger+0x9: leave Debugger() at Debugger+0x9 x86_ipi_handler at x86_ipi_handler+0x76 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x1c --- interrupt --- __mp_lock()+0x42 virtio_pci_intr+0x4b intr_handler+0x67 intr_ioapic_level22+0xcd --- interrupt --- __mp_lock()+0x42 syscall+0x2a5 --- syscall number 198 --- end of kernel end trace frame 0x12e3378fb5700 count: 6 0x12e407b1f43a mach ddbcpu 1 Stopped at Debugger+0x9: leave Debugger() at Debugger+0x9 x86_ipi_handler at x86_ipi_handler+0x76 Xresume_lapic_ipi() at Xresume_lapic_ipi+0x1c --- interrupt --- __mp_lock()+0x42 syscall+0x2a5 --- syscall number 4 --- end of kernel end trace frame 0x112e8f5fc4f0 count: 10 0x112e19aaf79a dev = 0x410, block = 8, fs=/var/www/json_data panic ffs_blkfree: freeing free block Stopped at Debugger+0x9 TID PID UID PRFLAGS PFLAGS CPU 21187 21187 0 0x2 0 0 perl *23127 27210 0 0 0x400 3 jsondb debugger panic ffs_blkfree ffs_indirtrunc ffs_truncate ufs_onactive VOP_INACTIVE vput ufs_remove VOP_REMOVE dounlinkat syscall syscall --- number 10 --- end <> is (dmesg in thread) : -smp sockets=1,cores=4 -drive file=/var/lib/images/100/vm-100-disk-2.qcow2,if=none,id=drive-virtio1,cache=writeback,format=qcow2,aio=native -device virtio-blk-pci,drive=drive-virtio1,id=virtio1,bus=pci.0,addr=0xb -drive file=/var/lib/images/100/vm-100-disk-1.qcow2,if=none,id=drive-virtio0,cache=writeback,format=qcow2,aio=native -device virtio-blk-pci,drive=drive-virtio0,id=virtio0,bus=pci.0,addr=0xa QEMU emulator version 1.4.1 Even if something silly is happening inside Qemu, it may helps ? Cheers. -- - () ascii ribbon campaign - against html e-mail /\
Re: Overloaded machine kernel death
On Sun, Aug 21, 2016 at 4:57 PM, Stuart Henderson wrote: > On 2016-08-20, sven falempin wrote: > > On Sat, Aug 20, 2016 at 3:50 PM, Stuart Henderson > > wrote: > > > >> This report is totally useless without a dmesg. > >> We don't know which version,which arch, and a bunch of other > >> things that would be included in it. > >> > >> > > Yes i just leave it in Misc , because i think the problem is acutally not > > openBSD related. > > Unless work-binpatch59-amd64 is dirty . > > So 5.9 + patches. It's probably worth trying -current and see if it behaves > any better. > > For those interested this is related to the amount of cores i give to the VM. The problem does not occur if i put a 1 socket , 4 cores config in qemu but it does with a 2 socket 4 cores, and also 1 socket 6 cores. This makes very difficult to know where is the problem qemu or openBSD ? Moreover the device is actually used and only with high load i can create the problem, i d like Using systat i saw a very high load of softnet and way to much fork, that i will work on reducing. But that s about it. load averages: 15.13, 15.59, 16.02 X 02:11:50 187 processes: 3 running, 180 idle, 4 on processor up 1 day, 3:05 CPU0 states: 0.0% user, 9.7% nice, 45.4% system, 26.3% interrupt, 18.7% idle CPU1 states: 0.0% user, 6.2% nice, 61.3% system, 6.6% interrupt, 25.9% idle CPU2 states: 0.0% user, 4.5% nice, 65.0% system, 1.0% interrupt, 29.5% idle CPU3 states: 0.0% user, 15.8% nice, 70.8% system, 1.9% interrupt, 11.4% idle Memory: Real: 617M/1633M act/tot Free: 6299M Cache: 714M Swap: 0K/182M This is after reducing the load a bit. I will try current if the problem persist, to get some maybe useful back traces. -- - () ascii ribbon campaign - against html e-mail /\
Re: Overloaded machine kernel death
On Sat, Aug 20, 2016 at 3:50 PM, Stuart Henderson wrote: > This report is totally useless without a dmesg. > We don't know which version,which arch, and a bunch of other > things that would be included in it. > > Yes i just leave it in Misc , because i think the problem is acutally not openBSD related. Unless work-binpatch59-amd64 is dirty . OpenBSD 5.9 (GENERIC.MP) #10: Wed Aug 3 13:46:07 CEST 2016 r...@stable-59-amd64.mtier.org: /binpatchng/work-binpatch59-amd64/src/sys/arch/amd64/compile/GENERIC.MP real mem = 8573149184 (8175MB) avail mem = 8309125120 (7924MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xfd900 (15 entries) bios0: vendor Bochs version "Bochs" date 01/01/2011 bios0: Bochs Bochs acpi0 at bios0: rev 0 acpi0: sleep states S3 S4 S5 acpi0: tables DSDT FACP SSDT APIC HPET acpi0: wakeup devices acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Common KVM processor, 2667.07 MHz cpu0: FPU,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,CX16,HV,NXE,LONG cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 64b/line 16-way L2 cache cpu0: ITLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped cpu0: DTLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges cpu0: apic clock running at 1000MHz cpu1 at mainbus0: apid 1 (application processor) cpu1: Common KVM processor, 2666.86 MHz cpu1: FPU,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,CX16,HV,NXE,LONG cpu1: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 64b/line 16-way L2 cache cpu1: ITLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped cpu1: DTLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped cpu1: smt 0, core 1, package 0 cpu2 at mainbus0: apid 2 (application processor) cpu2: Common KVM processor, 2666.85 MHz cpu2: FPU,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,CX16,HV,NXE,LONG cpu2: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 64b/line 16-way L2 cache cpu2: ITLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped cpu2: DTLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped cpu2: smt 0, core 2, package 0 cpu3 at mainbus0: apid 3 (application processor) cpu3: Common KVM processor, 2666.87 MHz cpu3: FPU,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,CX16,HV,NXE,LONG cpu3: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 64b/line 16-way L2 cache cpu3: ITLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped cpu3: DTLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped cpu3: smt 0, core 3, package 0 ioapic0 at mainbus0: apid 0 pa 0xfec0, version 11, 24 pins acpihpet0 at acpi0: 1 Hz acpiprt0 at acpi0: bus 0 (PCI0) acpicpu0 at acpi0: C1(@1 halt!) acpicpu1 at acpi0: C1(@1 halt!) acpicpu2 at acpi0: C1(@1 halt!) acpicpu3 at acpi0: C1(@1 halt!) pvbus0 at mainbus0: KVM pci0 at mainbus0 bus 0 pchb0 at pci0 dev 0 function 0 "Intel 82441FX" rev 0x02 pcib0 at pci0 dev 1 function 0 "Intel 82371SB ISA" rev 0x00 pciide0 at pci0 dev 1 function 1 "Intel 82371SB IDE" rev 0x00: DMA, channel 0 wired to compatibility, channel 1 wired to compatibility pciide0: channel 0 disabled (no drives) pciide0: channel 1 disabled (no drives) uhci0 at pci0 dev 1 function 2 "Intel 82371SB USB" rev 0x01: apic 0 int 11 piixpm0 at pci0 dev 1 function 3 "Intel 82371AB Power" rev 0x03: apic 0 int 9 iic0 at piixpm0 iic0: addr 0x18 00=00 01=00 02=00 03=00 04=00 05=00 06=00 07=00 08=00 words 00= 01= 02= 03= 04= 05= 06= 07= iic0: addr 0x1a 00=00 01=00 02=00 03=00 04=00 05=00 06=00 07=00 08=00 words 00= 01= 02= 03= 04= 05= 06= 07= iic0: addr 0x29 00=00 01=00 02=00 03=00 04=00 05=00 06=00 07=00 08=00 words 00= 01= 02= 03= 04= 05= 06= 07= iic0: addr 0x2b 00=00 01=00 02=00 03=00 04=00 05=00 06=00 07=00 08=00 words 00= 01= 02= 03= 04= 05= 06= 07= iic0: addr 0x4c 00=00 01=00 02=00 03=00 04=00 05=00 06=00 07=00 08=00 words 00= 01= 02= 03= 04= 05= 06= 07= iic0: addr 0x4e 00=00 01=00 02=00 03=00 04=00 05=00 06=00 07=00 08=00 words 00= 01= 02= 03= 04= 05= 06= 07= vga1 at pci0 dev 2 function 0 "Cirrus Logic CL-GD5446" rev 0x00 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) virtio0 at pci0 dev 3 function 0 "Qumranet Virtio Memory" rev 0x00 viomb0 at virtio0 virtio0: apic 0 int 11 virtio1 at pci0 dev 10 function 0 "Qumranet Virtio Storage" rev 0x00 vioblk0 at virtio1
Overloaded machine kernel death
Because it runs under qemu, filling a bug report is ...
nevertheless i leave the trace info here, in case it is relevant,
also does this mean i ran out of memmory ?>
arp info overwritten for 10.14.0.1 by fe:e1:ba:d0:f8:62 on vether114
arp info overwritten for REDACTED by 00:07:b4:00:01:02 on vio0
arp info overwritten for REDACTED by 00:07:b4:00:01:01 on vio0
arp: attempt to overwrite entry for 10.36.0.1 on vether136 by
fe:e1:ba:db:c5:e9
on trunk136
arp info overwritten for 10.36.0.1 by fe:e1:ba:db:c5:e9 on vether136
uvm_fault(0xff021680ee00, 0x11, 0, 1) -> e
kernel: page fault trap, code=0
Stopped at uvm_pmr_addr_RB_REMOVE+0x94:cmpq0x10(%rax),%rbx
ddb{0}> trace
uvm_pmr_addr_RB_REMOVE() at uvm_pmr_addr_RB_REMOVE+0x94
uvm_pmr_remove_addr() at uvm_pmr_remove_addr+0x11
uvm_pmr_get1page() at uvm_pmr_get1page+0x1ae
uvm_pmr_getpages() at uvm_pmr_getpages+0x514
uvm_pagealloc() at uvm_pagealloc+0x128
uvm_fault() at uvm_fault+0xaee
trap() at trap+0x5f0
--- trap (number 6) ---
end of kernel
end trace frame: 0x1482aa29b820, count: -7
0x148244132eb7:
Those arp info overwritten are normal ?
--
-
() ascii ribbon campaign - against html e-mail
/\
Re: github
On Sun, Aug 7, 2016 at 11:17 AM, Donald Allen wrote: >> Date: Sun, 7 Aug 2016 17:59:07 +0300 >> From: con...@gmx.com >> To: > misc@openbsd.org >> Subject: Re: github >> >> On 16:43 Sun 07 Aug, Ingo Schwarze > wrote: Do you have any plans to move the OpenBSD source code repository to github? >>> >>> Absolutely not. The OpenBSD repository will remain > secure and >>> will not be outsourced to a random third party. >> >> I'm sorry, > are we talking about the same OpenBSD CVS tree that does not >> offer any kind > of encryption and transfers all your data in plain over >> the network (except > for developers who use SSH of course)? How's that >> secure? >> >> Moreover, Git > itself allows you to check what the hell is going on using >> your local > history (e.g. git pull will not work without some love if >> somebody changes > your repo on the GitHub side without your awareness). >> Also signed commits > FWIW. > > And github offers two-factor authentication, so if enabled, not simple > to hack the account. > The openBSD tree is duplicated over the SSH protocol, not HTTPS; You are spreading miss information. -- - () ascii ribbon campaign - against html e-mail /\
Re: 6.0 lyrics
On Wed, Jul 27, 2016 at 1:29 AM, wrote: > I'm impressed. Great job on the music and artwork, I'm sure the > cyberpunk community screaming right now. It's a great contemporary > remake of a classic work that marked a generation. Congrats for > everyone that worked on this. > plus 5 more it s a recording company now ? can we 'speak up and hack' ? -- - () ascii ribbon campaign - against html e-mail /\
non directly related openbsd question
Dear readers, Is someone using CEPH in production ? Have you mounted this on openBSD, or did you try the qemu driver ? Cheers (just poking around to see how this is. -- - () ascii ribbon campaign - against html e-mail /\
Re: dhcarp
On Fri, May 13, 2016 at 4:47 PM, ML mail wrote: > Hi > > > Did anyone already try this DHCARP article > https://sites.google.com/site/bsdstuff/dhcarp in order to run carp with > an ISP providing a dynamic IP address through DHCP? Or is there any easier > method for dealing with a dynamic IP address on the WAN side of the CARP > interfaces? > > Regards > ML > > i patched 5.8 (kernel+dhclient) to have dhclient working with carp, worked well, dumped it because real life sucks. -- - () ascii ribbon campaign - against html e-mail /\
libstdc++ (bug?) / libc++ (cant test)
Dear openbsd users,
Today i had to patch a cpp program like this
- (*_obj).insert(p);
+
+ size_t s = _obj->erase( key );
+ //fprintf(stderr, "wtf %d\n", s); //ANNO 2016 LIBC++ NEW WAY...
+
+ _obj->insert(p);
_obj is define like this
class Foo { std::shared_ptr< std::map< std::vector , Foo> > }
new C++14 is integrating an upsert or whatever, i did not read the last
patches on
gnu libstdc++
This occurs this the last patch of g++.
I wanted to try clang/llvm but figure, well if i want that on openbsd
i ll have to not sleep next week end.
Unless i miss something.
I share this , in case you encounter some crazy bug on a cpp program..
and it s another cent, in the lets get rid of gnu jar.
Cheers.
--
-
() ascii ribbon campaign - against html e-mail
/\
Re: Routing issue with multiple interface on the same network.
i do not think it is. it makes no sense to have the same network on two interface, this way, IMHO. On Fri, Apr 22, 2016 at 1:25 PM, Jean-Daniel Dupas wrote: > Hello, > > I'm trying to configure a machine with multiple interface on the same > network > (one standard interface and one carp interface). > > My problem is that if I set the default routing table to the second > interface, > the system can't find it and return "no route" for any distant address > resolution. > > The problem occurs even when using to standard iface (so carp is not > involved). > > Note that my configuration works perfectly well on OpenBSD 5.7. I did test > the > problem with 5.9 and current, and both fail. > > > Here is my configuration: > > --- ifconfig > lo0: flags=8049 mtu 32768 > priority: 0 > groups: lo > inet6 ::1 prefixlen 128 > inet6 fe80::1%lo0 prefixlen 64 scopeid 0x6 > inet 127.0.0.1 netmask 0xff00 > vio0: flags=8843 mtu 1500 > lladdr 52:54:00:9e:b2:2b > priority: 0 > media: Ethernet autoselect > status: active > inet 10.0.1.2 netmask 0x broadcast 10.0.255.255 > vio1: flags=8843 mtu 1500 > lladdr 52:54:00:fd:df:4c > priority: 0 > media: Ethernet autoselect > status: active > inet 192.168.0.11 netmask 0xff00 broadcast 192.168.0.255 > vio2: flags=8843 mtu 1500 > lladdr 52:54:00:d0:e8:1d > priority: 0 > groups: egress > media: Ethernet autoselect > status: active > inet 192.168.0.12 netmask 0xff00 broadcast 192.168.0.255 > > > --- route -n show > Routing tables > > Internet: > DestinationGatewayFlags Refs Use Mtu Prio > Iface > default192.168.0.1UGS0 46 - 8 > vio2 > 10.0/1610.0.1.2 UC 3 26 - 4 > vio0 > 10.0.0.1 00:00:5e:00:01:01 UHLc 0 59 - 4 > vio0 > 10.0.1.2 52:54:00:9e:b2:2b UHLl 0 34 - 1 > vio0 > 10.0.1.15 52:54:00:0e:62:c7 UHLc 0 16 - 4 > vio0 > 10.0.3.10 ac:87:a3:1d:3f:9d UHLc 1 16 - 4 > vio0 > 10.0.255.255 10.0.1.2 UHb00 - 1 > vio0 > 127.0.0.1 127.0.0.1 UHl0 192 32768 1 lo0 > 192.168.0/24 192.168.0.11 UCP17 - 4 > vio1 > 192.168.0/24 192.168.0.12 UCP00 - 4 > vio2 > 192.168.0.1link#2 UHLc 0 25 - 4 > vio1 > 192.168.0.11 52:54:00:fd:df:4c UHLl 0 16 - 1 > vio1 > 192.168.0.12 52:54:00:d0:e8:1d UHLl 03 - 1 > vio2 > 192.168.0.255 192.168.0.11 UHPb 00 - 1 > vio1 > 192.168.0.255 192.168.0.12 UHPb 00 - 1 > vio2 > > Internet6: > DestinationGatewayFlags > Refs > Use Mtu Prio Iface > ::1::1UHl > 0 > 0 32768 1 lo0 > fe80::1%lo0fe80::1%lo0UHl > 0 > 0 32768 1 lo0 > ff01::%lo0/32 ::1UC >0 > 1 32768 4 lo0 > ff02::%lo0/32 ::1UC >0 > 1 32768 4 lo0 > > > -- ping 8.8.8.8 > PING 8.8.8.8 (8.8.8.8): 56 data bytes > ping: sendto: No route to host > ping: wrote 8.8.8.8 64 chars, ret=-1 > ping: sendto: No route to host > ping: wrote 8.8.8.8 64 chars, ret=-1 > --- 8.8.8.8 ping statistics --- > 2 packets transmitted, 0 packets received, 100.0% packet loss > [1]81614 exit 1 ping 8.8.8.8 > > If I change the default route to vio1, it works. The problem occurs only > when > the default route is on the second interface (vio2, or carp0 in my cases). > > Can someone confirm this is a bug in the routing system ? > > Regards > Jean-Daniel. > > -- - () ascii ribbon campaign - against html e-mail /\
Re: Quick APU2 review
On Wed, Apr 20, 2016 at 4:32 AM, Stuart Henderson wrote: > On 2016-04-19, sven falempin wrote: > >> This : https://github.com/jasperla/openbsd-wip ?? > > Yes > > > 5 ftp http://download.flashrom.org/releases/flashrom-0.9.9.tar.bz2 > > No, don't do it this way. Use the port in openbsd-wip. > > Or if you aren't completely comfortable with this, just use the > vendor's tool. > > http://pcengines.ch/howto.htm#bios > http://pcengines.ch/howto.htm#TinyCoreLinux > > > On 2016-04-19, Chris Cappuccio wrote: > >> Like : echo /bin/ksh > /etc/rc.securelevel ?? > > > > echo sysctl kern.securelevel=-1 >/etc/rc.securelevel > > Yes > > >> No patch here : wont work ? > > The patch is in the flashrom directory in openbsd-wip. > > > Get the securelevel right first, then worry about the patch > > I would do it the other way round. Only run with securelevel=-1 > for the absolute minimum time needed, just when you're trying to > actually update the bios. Don't go building ports (especially > ones that aren't even committed) like that. > > Thank you all, yes i used tiny core after. I saw than on 5.8 and 5.9 -stable SDCARD is not working i can boot but after there is a driver error (5.9 go a bit further) it s the "AMD Hudson-2" who handle it apparently. If the commit exists in -current can you point it out so i can backport it in 5.9-stable ? (i prefer beeing on stable, and 6 month is a bit long). -- - () ascii ribbon campaign - against html e-mail /\
Re: Quick APU2 review
On Tue, Apr 19, 2016 at 1:06 PM, Stuart Henderson wrote: > On 2016/04/19 12:33, sven falempin wrote: > > > > > > On Mon, Apr 18, 2016 at 6:07 PM, Stuart Henderson > > wrote: > > > > On 2016-04-18, Christian Weisgerber wrote: > > > On 2016-04-18, Stuart Henderson wrote: > > > > > >> From a different machine though. Compared to APU1 the APU2 has > > 4x the L2 > > >> cache, RAM is clocked a quarter faster, twice the number of cpu > > cores, > > >> and a few more cpu features (e.g. AES-NI, RDRAND). > > > > > > For the record: The APU2 does not have RDRAND. > > > > Ah, I thought I saw a page suggesting that the cpu did, sorry for > > misinformation. > > O > > > > > > > > Is it really possible to flash the BIOS from openBSD ? > > A few people reported that flashrom in openbsd-wip works. You'll need to > patch pciutils (see pciutils.diff in the openbsd-wip dir) and boot with > securelevel temporarily set to -1 to use it. > > This : https://github.com/jasperla/openbsd-wip ?? Like : echo /bin/ksh > /etc/rc.securelevel ?? No patch here : wont work ? 5 ftp http://download.flashrom.org/releases/flashrom-0.9.9.tar.bz2 6 bunzip2 ./flashrom-0.9.9.tar.bz2 19 grep -A 12 OpenBSD ./README 20 sudo pkg_add gmake 21 sudo pkg_add pciutils 23 sudo pkg_add libusb-compat 24 gmake 25 find ./ -name flashrom $ file flashrom flashrom: ELF 64-bit LSB shared object, x86-64, version 1 $ ldd ./flashrom ./flashrom: StartEnd Type Open Ref GrpRef Name 1d198350 1d19839b7000 exe 10 0 ./flashrom 1d1c3a10f000 1d1c3a524000 rlib 01 0 /usr/lib/libz.so.5.0 1d1bcd0fe000 1d1bcd503000 rlib 01 0 /usr/local/lib/libusb.so.10.0 1d1c15b35000 1d1c15f4 rlib 02 0 /usr/local/lib/libusb-1.0.so.1.0 1d1c01646000 1d1c01b2 rlib 01 0 /usr/lib/libc.so.80.1 1d1c0873d000 1d1c08b4f000 rlib 04 0 /usr/lib/libpthread.so.19.0 1d1c6130 1d1c6130 rtld 01 0 /usr/libexec/ld.so -- - () ascii ribbon campaign - against html e-mail /\
Re: Quick APU2 review
On Mon, Apr 18, 2016 at 6:07 PM, Stuart Henderson wrote: > On 2016-04-18, Christian Weisgerber wrote: > > On 2016-04-18, Stuart Henderson wrote: > > > >> From a different machine though. Compared to APU1 the APU2 has 4x the L2 > >> cache, RAM is clocked a quarter faster, twice the number of cpu cores, > >> and a few more cpu features (e.g. AES-NI, RDRAND). > > > > For the record: The APU2 does not have RDRAND. > > Ah, I thought I saw a page suggesting that the cpu did, sorry for > misinformation. > O > > Is it really possible to flash the BIOS from openBSD ? -- - () ascii ribbon campaign - against html e-mail /\
Re: Quick APU2 review
On Mon, Apr 18, 2016 at 10:11 AM, sven falempin wrote: > I had problem with my USB3 key, but i do not truct the key that much > > Use (A)uto layout, (E)dit auto layout, or create (C)ustom layout? [a] > /dev/rsd1a: 521.3MB in 1067648 sectors of 512 bytes > 4 cylinder groups of 130.33MB, 8341 blocks, 16768 inodes each > /dev/rsd1k: 4554.6MB in 9327776 sectors of 512 bytes > 23 cylinder groups of 202.47MB, 12958 blocks, 25984 inodes each > newfs: cg 0: bad magic number > newfs: fsinit1 failed > /dev/rsd1d: 826.1MB in 1691840 sectors of 512 bytes > 5 cylinder groups of 202.47MB, 12958 blocks, 25984 inodes each > /dev/rsd1f: 1341.3MB in 2747008 sectors of 512 bytes > 7 cylinder groups of 202.47MB, 12958 blocks, 25984 inodes each > newfs: reduced number of fragments per cylinder group from 99424 to 99032 > to enlarge last cylinder group > /dev/rsd1g: 776.8MB in 1590848 sectors of 512 bytes > 5 cylinder groups of 193.42MB, 12379 blocks, 24832 inodes each > /dev/rsd1h: 2930.6MB in 6001920 sectors of 512 bytes > 15 cylinder groups of 202.47MB, 12958 blocks, 25984 inodes each > /dev/rsd1j: 1653.0MB in 3385440 sectors of 512 bytes > 9 cylinder groups of 202.47MB, 12958 blocks, 25984 inodes each > newfs: cg 0: bad magic number > newfs: fsinit1 failed > /dev/rsd1i: 1200.5MB in 2458656 sectors of 512 bytes > 6 cylinder groups of 202.47MB, 12958 blocks, 25984 inodes each > newfs: cg 0: bad magic number > newfs: fsinit1 failed > /dev/rsd1e: 1227.4MB in 2513760 sectors of 512 bytes > 7 cylinder groups of 202.47MB, 12958 blocks, 25984 inodes each > Available disks are: sd0. > Which disk do you wish to initialize? (or 'done') [done] > /dev/sd1a (8d4b156cca50297b.a) on /mnt type ffs (rw, asynchronous, local) > mount_ffs: 8d4b156cca50297b.k on /mnt/home: Invalid argument > > > Perks the preboot log: > Mainboard PCEngines apu2 Enable. > APIC: 00 missing read_resources > APIC: 01 missing read_resources > APIC: 02 missing read_resources > APIC: 03 missing read_resources > SeaBIOS (version rel-1.8.0-190-gc029eab-20151109_141843-wim-ws) > BUILD: gcc: binutils: (GNU Binutils) 2.23.2 > SeaBIOS (version rel-1.8.0-190-gc029eab-20151109_141843-wim-ws) > BUILD: gcc: binutils: (GNU Binutils) 2.23.2 > Found coreboot cbmem console @ 77fdf000 > Found mainboard PC Engines PCEngines apu2 > Relocating init from 0x000eb200 to 0x77f66110 (size 32352) > Found CBFS header at 0xfc50 > multiboot: eax=0, ebx=0 > boot order: > 1: /pci@i0cf8/usb@10/usb-*@1 > 2: /pci@i0cf8/usb@10/usb-*@2 > 3: /pci@i0cf8/usb@10/usb-*@3 > 4: /pci@i0cf8/usb@10/usb-*@4 > 5: /pci@i0cf8/*@11/drive@0/disk@0 > 6: /pci@i0cf8/*@11/drive@1/disk@0 > 7: /rom@genroms/pxe.rom > 8: pxen0 > 9: scon1 > 10: > Found 21 PCI devices (max PCI bus is 03) > Copying SMBIOS entry point from 0x77fb7000 to 0x000f3040 > Copying ACPI RSDP from 0x77fb8000 to 0x000f3010 > Copying MPTABLE from 0x77fdc000/77fdc010 to 0x000f2e60 > Copying PIR from 0x77fdd000 to 0x000f2e30 > Using pmtimer, ioport 0x818 > Scan for VGA option rom > Running option rom at c000:0003 > > Google, Inc. > Serial Graphics Adapter 08/22/15 > SGABIOS $Id: sgabios.S 8 2010-04-22 00:03:40Z nlaredo $ > (wiv@coreboot-Virtual-Ma > chine) > Sat Aug 22 09:25:30 UTC 2015 > Term: 80x24 > IO4 0 > Turning on vga text mode console > [.] > SeaBIOS (version rel-1.8.0-190-gc029eab-20151109_141843-wim-ws) > XHCI init on dev 00:10.0: regs @ 0xfeb22000, 4 ports, 32 slots, 32 byte > contexts > XHCIextcap 0x1 @ feb22500 > XHCIprotocol USB 3.00, 2 ports (offset 1), def 0 > XHCIprotocol USB 2.00, 2 ports (offset 3), def 10 > XHCIextcap 0xa @ feb22540 > Found 2 serial ports > ATA controller 1 at 4010/4020/0 (irq 0 dev 88) > EHCI init on dev 00:13.0 (regs=0xfeb25420) > ATA controller 2 at 4018/4024/0 (irq 0 dev 88) > Searching bootorder for: /pci@i0cf8/*@14,7 > Searching bootorder for: /rom@img/memtest > Searching bootorder for: /rom@img/setup > XHCI port #3: 0x00200e03, powered, enabled, pls 0, speed 3 [High] > Searching bootorder for: /pci@i0cf8/usb@10/storage@3/*@0/*@0,0 > Searching bootorder for: /pci@i0cf8/usb@10/usb-*@3 > USB MSC vendor='Kingston' product='DataTraveler G2' rev='1.00' type=0 > removable= > 1 > USB MSC blksize=512 sectors=3919872 > Initialized USB HUB (0 ports used) > All threads complete. > Scan for option roms > PCengines Press F10 key now for boot menu: > Searching bootorder for: HALT > drive 0x000f2dc0: PCHS=0/0/0 translation=lba LCHS=972/64/63 s=3919872 > Space available for UMB: c1000-ef000, f-f2dc0 > Returne
Re: Quick APU2 review
And finally just after this test, CPU was 104degC according to sysctl, so if you want to use it, get a box ! -- - () ascii ribbon campaign - against html e-mail /\
Re: Quick APU2 review
I had problem with my USB3 key, but i do not truct the key that much Use (A)uto layout, (E)dit auto layout, or create (C)ustom layout? [a] /dev/rsd1a: 521.3MB in 1067648 sectors of 512 bytes 4 cylinder groups of 130.33MB, 8341 blocks, 16768 inodes each /dev/rsd1k: 4554.6MB in 9327776 sectors of 512 bytes 23 cylinder groups of 202.47MB, 12958 blocks, 25984 inodes each newfs: cg 0: bad magic number newfs: fsinit1 failed /dev/rsd1d: 826.1MB in 1691840 sectors of 512 bytes 5 cylinder groups of 202.47MB, 12958 blocks, 25984 inodes each /dev/rsd1f: 1341.3MB in 2747008 sectors of 512 bytes 7 cylinder groups of 202.47MB, 12958 blocks, 25984 inodes each newfs: reduced number of fragments per cylinder group from 99424 to 99032 to enlarge last cylinder group /dev/rsd1g: 776.8MB in 1590848 sectors of 512 bytes 5 cylinder groups of 193.42MB, 12379 blocks, 24832 inodes each /dev/rsd1h: 2930.6MB in 6001920 sectors of 512 bytes 15 cylinder groups of 202.47MB, 12958 blocks, 25984 inodes each /dev/rsd1j: 1653.0MB in 3385440 sectors of 512 bytes 9 cylinder groups of 202.47MB, 12958 blocks, 25984 inodes each newfs: cg 0: bad magic number newfs: fsinit1 failed /dev/rsd1i: 1200.5MB in 2458656 sectors of 512 bytes 6 cylinder groups of 202.47MB, 12958 blocks, 25984 inodes each newfs: cg 0: bad magic number newfs: fsinit1 failed /dev/rsd1e: 1227.4MB in 2513760 sectors of 512 bytes 7 cylinder groups of 202.47MB, 12958 blocks, 25984 inodes each Available disks are: sd0. Which disk do you wish to initialize? (or 'done') [done] /dev/sd1a (8d4b156cca50297b.a) on /mnt type ffs (rw, asynchronous, local) mount_ffs: 8d4b156cca50297b.k on /mnt/home: Invalid argument Perks the preboot log: Mainboard PCEngines apu2 Enable. APIC: 00 missing read_resources APIC: 01 missing read_resources APIC: 02 missing read_resources APIC: 03 missing read_resources SeaBIOS (version rel-1.8.0-190-gc029eab-20151109_141843-wim-ws) BUILD: gcc: binutils: (GNU Binutils) 2.23.2 SeaBIOS (version rel-1.8.0-190-gc029eab-20151109_141843-wim-ws) BUILD: gcc: binutils: (GNU Binutils) 2.23.2 Found coreboot cbmem console @ 77fdf000 Found mainboard PC Engines PCEngines apu2 Relocating init from 0x000eb200 to 0x77f66110 (size 32352) Found CBFS header at 0xfc50 multiboot: eax=0, ebx=0 boot order: 1: /pci@i0cf8/usb@10/usb-*@1 2: /pci@i0cf8/usb@10/usb-*@2 3: /pci@i0cf8/usb@10/usb-*@3 4: /pci@i0cf8/usb@10/usb-*@4 5: /pci@i0cf8/*@11/drive@0/disk@0 6: /pci@i0cf8/*@11/drive@1/disk@0 7: /rom@genroms/pxe.rom 8: pxen0 9: scon1 10: Found 21 PCI devices (max PCI bus is 03) Copying SMBIOS entry point from 0x77fb7000 to 0x000f3040 Copying ACPI RSDP from 0x77fb8000 to 0x000f3010 Copying MPTABLE from 0x77fdc000/77fdc010 to 0x000f2e60 Copying PIR from 0x77fdd000 to 0x000f2e30 Using pmtimer, ioport 0x818 Scan for VGA option rom Running option rom at c000:0003 Google, Inc. Serial Graphics Adapter 08/22/15 SGABIOS $Id: sgabios.S 8 2010-04-22 00:03:40Z nlaredo $ (wiv@coreboot-Virtual-Ma chine) Sat Aug 22 09:25:30 UTC 2015 Term: 80x24 IO4 0 Turning on vga text mode console [.] SeaBIOS (version rel-1.8.0-190-gc029eab-20151109_141843-wim-ws) XHCI init on dev 00:10.0: regs @ 0xfeb22000, 4 ports, 32 slots, 32 byte contexts XHCIextcap 0x1 @ feb22500 XHCIprotocol USB 3.00, 2 ports (offset 1), def 0 XHCIprotocol USB 2.00, 2 ports (offset 3), def 10 XHCIextcap 0xa @ feb22540 Found 2 serial ports ATA controller 1 at 4010/4020/0 (irq 0 dev 88) EHCI init on dev 00:13.0 (regs=0xfeb25420) ATA controller 2 at 4018/4024/0 (irq 0 dev 88) Searching bootorder for: /pci@i0cf8/*@14,7 Searching bootorder for: /rom@img/memtest Searching bootorder for: /rom@img/setup XHCI port #3: 0x00200e03, powered, enabled, pls 0, speed 3 [High] Searching bootorder for: /pci@i0cf8/usb@10/storage@3/*@0/*@0,0 Searching bootorder for: /pci@i0cf8/usb@10/usb-*@3 USB MSC vendor='Kingston' product='DataTraveler G2' rev='1.00' type=0 removable= 1 USB MSC blksize=512 sectors=3919872 Initialized USB HUB (0 ports used) All threads complete. Scan for option roms PCengines Press F10 key now for boot menu: Searching bootorder for: HALT drive 0x000f2dc0: PCHS=0/0/0 translation=lba LCHS=972/64/63 s=3919872 Space available for UMB: c1000-ef000, f-f2dc0 Returned 258048 bytes of ZoneHigh e820 map has 6 items: 0: - 0009f800 = 1 RAM 1: 0009f800 - 000a = 2 RESERVED 2: 000f - 0010 = 2 RESERVED 3: 0010 - 77fad000 = 1 RAM 4: 77fad000 - 7800 = 2 RESERVED 5: f800 - fc00 = 2 RESERVED enter handle_19: NULL Booting from Hard Disk... Booting from :7c00 Using drive 0, partition 3. Loading. probing: pc0 com0 com1 mem[638K 1918M a20=on] disk: hd0+ >> OpenBSD/amd64 BOOT 3.28 switching console to com0 -- -
Re: Quick APU2 review
http://s4.postimg.org/5ov9malvh/back.jpg http://s1.postimg.org/qqiiqvfi7/front.jpg wait for it. On Mon, Apr 18, 2016 at 7:29 AM, Mihai Popescu wrote: > > But his point is still valid. > > Yes? APU1x is old and tested, so I can bet that benchmarks are readily > available. It is over-popular already, full of examples and tests. The > user was interested in APU2x wich is totally different. > > > He knew he had an inferior machine but it was still able to saturate a > 150Mb/s line. > > Where is your logic? Inferior looking at what? How much is 150Mb/s? > > > These requests for 'Real World' numbers are almost always stupid, > > No! Those are the real ones, the rest are just numbers. > > because the people asking are almost certain to never need the max > amount of bandwidth even a modest machine can supply. > > Wrong again. The market is full of applications demading power and > power. Look in the browser world! > > > Really? Are you actually considering this box for use at the > telecommunications provider you work for? > > You have no idea how many boxes like that are deployed in the > production environments. > My provider is offering 1Gb/sec in its own ISP network, at my door for > aprox. 10 euro/month. That is 1ooo Mb/sec and it can be reach most of > the time. So , do I really need a box to handle that? And this is home > install. > > -- - () ascii ribbon campaign - against html e-mail /\
malloc openbsd awesomness
malloc.conf could be per process ? extern char *malloc_options; malloc_options = "H*>**>*"; This would change the behavior of the program, not other ? -- - () ascii ribbon campaign - against html e-mail /\
simple dhclient question
Hello Misc, is it possible to change the defaul right access of leases info $ cat /var/db/dhclient.leases.em0 cat: /var/db/dhclient.leases.em0: Permission denied I have no secret in this file, but a user might want to check the routers list, or if the lease is still valid. Is there a reason to only let wheel read that ? -- - () ascii ribbon campaign - against html e-mail /\
pfsync and table
Hello All, Sunday is Valentine day I know pfsync will sync the state between two routers, sasync and other tools will help syncing other daemon, Are pf table synced as well ? is it possible to ignore one table ? Best. -- - () ascii ribbon campaign - against html e-mail /\
carp dhclient
Dear Readers, Without IP carp is marked as inactive, i tried to set up a stupid IP on it and then call dhclient. It sends packet but does configure interface. :'( Any particular reason for this ? Thank you. -- - () ascii ribbon campaign - against html e-mail /\
Re: implementing circular queue for tcpdump logging
syslog has memory buffer that rotates. (:name:size) pflogd can log, tcpump | logger is you want something else problem solved. On Thu, Jan 28, 2016 at 10:03 AM, Alan McKay wrote: > Hi folks, > > Something I've done on other platforms e.g on a firewall is have > tcpdump running and logging to disk. You know ahead of time how much > disk space to allocate to this task, and there are command line > options on tcpdump that you can adjust to accomplish this. So it will > always occupy that known amount of space, and you know that you have > the last X hours of traffic logged. Basically use the option to > change to a new log file as soon as it hits size X, combined with the > option to limit the number of log files to Y. > > Has anyone done something like this with OpenBSD? I don't see > anything obvious and was wondering what others might have done to > accomplish this. Perhaps some kind of wrapper script ... > > thanks, > -Alan > > -- > "You should sit in nature for 20 minutes a day. > Unless you are busy, then you should sit for an hour" > - Zen Proverb > > -- - () ascii ribbon campaign - against html e-mail /\
Re: carp and bridge
On Tue, Jan 26, 2016 at 6:29 PM, sven falempin wrote: > Dear readers, > > How bridge and carp interfaces works together ? > > can i bridge an interface that is a carpdev ? > or should i bridge the carpdev ?? > will the different physical be advertise and > would be able to contact the carp interface address ? > > Thank you for any input that would save a bit of try and error :-) > > -- > For those who cares, you cannot carp a bridged interface but you can bridge a carp ed interface. Trace and all reported. OTHA, preempt seems to be activated by default , my sysctl is marked as =0 when i unplug the Master, slave is doing the job, when i plug Master again it took back control, which would the preempt=1 behavior. << For most scenarios it is desirable to have a well-defined master, achieved by enabling the preempt option. Enable it on both host A and B: # sysctl net.inet.carp.preempt=1 >> This is cool, but if master reboot each minute ... and i want to keep the switching fast preempt=0 is usefull, switch is performed, alert is send, fix are made and when master is stable it s activated again. Cheers. -- - () ascii ribbon campaign - against html e-mail /\
carp and bridge
Dear readers, How bridge and carp interfaces works together ? can i bridge an interface that is a carpdev ? or should i bridge the carpdev ?? will the different physical be advertise and would be able to contact the carp interface address ? Thank you for any input that would save a bit of try and error :-) -- - () ascii ribbon campaign - against html e-mail /\
Re: PF: can't make queueing and priority work as expected
On Fri, Jan 8, 2016 at 6:35 PM, Marko CupaÄ wrote:
> On Fri, 8 Jan 2016 11:13:08 -0500
> sven falempin wrote:
>
> > You will need to forward the all rule set i think, maybe the set prio
> > 0 is erased by a further rules, try to pass in quick those p2p
> > traffic before maybe ?
>
> I had the luxury of ditching the complete ruleset for very simple one:
>
> ---pf.conf-start---
> # RUNTIME OPTIONS
> set skip on lo0
>
> # INTERFACES
> if_int = "re2"
> if_ext = "pppoe0"
>
> # HOSTS & NETWORKS
> localnet = "{ 192.168.33.0/24 }"
>
> # PORTS
> both_p2p = "{ 1000:65535 }"
>
> # NAT
> match in all scrub ( no-df random-id max-mss 1440 )
> match out on $if_ext inet from $localnet to any nat-to ($if_ext:0)
>
> # RULES
> block drop log all
> pass inet from ($if_ext:0) to any
> pass inet from $localnet to any
> pass inet proto tcp from ($if_ext:0) to any port $both_p2p \
> set ( prio 0 )
> pass inet proto tcp from $localnet to any port $both_p2p \
> set ( prio 0 )
> pass inet proto udp from ($if_ext:0) to any port $both_p2p \
> set ( prio 0 )
> pass inet proto udp from $localnet to any port $both_p2p \
> set ( prio 0 )
> ---pf.conf-end---
>
> Actual ruleset (as seen by pfctl -sr output) is as follows:
>
> ---pfctl-sr-start---
> match in all scrub (no-df random-id max-mss 1440)
> match out on pppoe0 inet from 192.168.33.0/24 to any nat-to (pppoe0:0)
> block drop log all
> pass inet from (pppoe0:0) to any flags S/SA
> pass inet from 192.168.33.0/24 to any flags S/SA
> pass inet proto tcp from (pppoe0:0) to any port 1000:65535 \
> flags S/SA set ( prio 0 )
> pass inet proto tcp from 192.168.33.0/24 to any port 1000:65535 \
> flags S/SA set ( prio 0 )
> pass inet proto udp from (pppoe0:0) to any port 1000:65535 \
> set ( prio 0 )
> pass inet proto udp from 192.168.33.0/24 to any port 1000:65535 \
> set ( prio 0 )
> ---pfctl-sr-end---
>
> Situation is still the same: torrents being downloaded at full speed
> (~8Mbit/s), simultaneous download of install59.fs from ftp.openbsd.org
> averages at ~6Kbit/s.
>
> Can anyone reproduce this?
> --
> Before enlightenment - chop wood, draw water.
> After enlightenment - chop wood, draw water.
>
> Marko CupaÄ
> https://www.mimar.rs/
>
First of all, you cannot stop p2p outside world to flood you in, whatever
you do in udp.
If the software say "hey world DDOS me on my IP" , the world will ddos you
and packet will load the other
side of your pppoe.
So dont start ranting for the 50 hours, it s frustrating but there is hope,
but you may have to rethink your position
about bandwith shapping magic.
What is was proposing is you to quick out the rules first , something LIKE
this,
but it wont work dude, afaik, and it will be the same whatever the
algorithm.
---pf.conf-start---
# RUNTIME OPTIONS
set skip on lo0
# INTERFACES
if_int = "re2"
if_ext = "pppoe0"
# HOSTS & NETWORKS
localnet = "{ 192.168.33.0/24 }"
# PORTS
both_p2p = "{ 1000:65535 }"
match in all scrub ( no-df random-id max-mss 1440 )
# NAT
pass quick out on $if_ext inet from ($if_int:network) to any port
1000:65535 set prio 0 nat-to ($if_ext:0)
match out on $if_ext inet from $localnet to any nat-to ($if_ext:0)
# RULES
block drop log all
pass inet from ($if_ext:0) to any
pass inet from $localnet to any
pass inet proto tcp from ($if_ext:0) to any port $both_p2p \
set ( prio 0 )
pass inet proto tcp from $localnet to any port $both_p2p \
set ( prio 0 )
pass inet proto udp from ($if_ext:0) to any port $both_p2p \
set ( prio 0 )
pass inet proto udp from $localnet to any port $both_p2p \
set ( prio 0 )
---pf.conf-end---
--
() ascii ribbon campaign - against html e-mail
/\
Re: PF: can't make queueing and priority work as expected
On Thu, Jan 7, 2016 at 1:28 PM, Marko CupaÄ wrote:
> Hi,
>
> I am setting up gateway for a small network which has two main types of
> traffic: p2p and http(s). The idea is to give p2p traffic all the
> available bandwidth until there is http(s) traffic, in which case p2p
> should be throttled down and http(s) should be given all the available
> bandwidth.
>
> The problem is that p2p does not get throttled down when http(s) is on
> wire. I spent days re-reading QUEUEING section of pf.conf and
> chapter #7 of 3rd edition of "Book of PF" but I still couldn't make it
> work. From 'systat queues' I can conclude that traffic seem to be
> assigned to appropriate queues, but queue bandwidth does not seem to be
> respected. What am I doing wrong?
>
> Snapshot of 'systat queues' and active pf.conf below:
>
> QUEUE BW SCH P PKTS BYTES DROP_P DROP_B QLEN P/S B/S
> upload on pppoe 860K 0 0 0 00 00
> ack 10K228K 12M 0 00 364 20K
> fast20K 60 5397 0 00 00
> bulk 800K 263 110K 0 00 0.6 417
> slow30K 34234 35M 0 00 59 67K
> download on re2 8M 0 0 0 00 00
> ack100K 18314 1205K 0 00 34 2388
> fast 200K 51 15491 0 00 00
> bulk 8M 29014 41M 0 00 57 85K
> slow 500K317K 457M 0 00 523 771K
>
>
> # INTERFACE MACROS
> if_int = "re2"
> if_ext = "pppoe0"
>
> # HOST MACROS
> efreet= "{ 192.168.33.20 }"
> rpi = "{ 192.168.33.22 }"
>
> # PORT MACROS
> p2p = "{ 1:65535 }"
> prpi= "{ 4:40100 }"
> ipsec = "{ 500 4500 }"
> web = "{ 80 443 }"
> mail= "{ 25 110 143 587 993 995 }"
> xmpp= "{ 5222 }"
>
> # TABLES
> tablepersist
>
> # RUNTIME OPTIONS
> set ruleset-optimization none
> set loginterface $if_ext
>
> # QUEUES
> queue upload on $if_ext bandwidth 860K
>queue ack parent upload qlimit 50 bandwidth 10K
>queue fast parent upload qlimit 50 bandwidth 20K
>queue bulk parent upload qlimit 50 bandwidth 800K default
>queue slow parent upload qlimit 50 bandwidth 30K
> queue download on $if_intbandwidth 8800K
>queue ack parent download qlimit 50 bandwidth 100K
>queue fast parent download qlimit 50 bandwidth 200K
>queue bulk parent download qlimit 50 bandwidth 8000K default
>queue slow parent download qlimit 50 bandwidth 500K
>
> # QUICKS AND BLOCKS
> block log quick inet6
> block log quick from
> antispoof for $if_int
> antispoof for $if_ext
>
> # SCRUB & NAT
> match in all scrub ( no-df random-id max-mss 1440 )
> match out on egress inet from $if_int:network to any nat-to ($if_ext:0)
>
> # SHAPING
> match proto icmp set ( queue fast prio 4 )
> match proto tcp to port 22set ( queue ( fast ack ) prio ( 4 5 ) )
> match proto tcp to port 53set ( queue ( fast ack ) prio ( 4 5 ) )
> match proto udp to port 53set ( queue fast prio 4 )
> match proto tcp to port $web set ( queue ( bulk ack ) prio ( 3 5 ) )
> match proto tcp to port $mail set ( queue ( bulk ack ) prio ( 3 5 ) )
> match proto tcp to port $xmpp set ( queue ( bulk ack ) prio ( 3 5 ) )
> match proto tcp to port $p2p set ( queue ( slow ack ) prio ( 0 5 ) )
> match proto udp to port $p2p set ( queue slow prio 0 )
>
> # RULES
> block log all
>
> pass in on $if_int inet proto icmp from $if_int:network to any
> pass in on $if_int inet proto tcp from $if_int:network to any \
> port 22
> pass in on $if_int inet proto tcp from $if_int:network to any \
> port 53
> pass in on $if_int inet proto udp from $if_int:network to any \
> port 53
> pass in on $if_int inet proto tcp from $if_int:network to any \
> port $web
> pass in on $if_int inet proto tcp from $if_int:network to any \
> port $mail
> pass in on $if_int inet proto tcp from $if_int:network to any \
> port $xmpp
> pass in on $if_int inet proto tcp from $if_int:network to any \
> port $p2p
> pass in on $if_int inet proto udp from $if_int:network to any \
> port $p2p
>
> pass out on $if_ext inet proto icmp from ($if_ext:0) to any
> pass out on $if_ext inet proto tcp from ($if_ext:0) to any \
> port 22
> pass out on $if_ext inet proto tcp from ($if_ext:0) to any \
> port 53
> pass out on $if_ext inet proto udp from ($if_ext:0) to any \
> port 53
> pass out on $if_ext inet proto tcp from ($if_ext:0) to any \
> port $web
> pass out on $if_ext inet proto tcp from ($if_ext:0) to any \
> port $mail
> pass out on $if_ext inet proto tcp from ($if_ext:0) to any \
> port $xmpp
> pass out on $if_ext inet proto tcp fro
pf log , icmp and bad network
Dear readers, I am setting up a network according to external specification and using openbsd (it s up to date 5.7, 5.8 is coming), question is after the explanation of the setup. Two routers are connected together through others routers. They are gateway of the local network user, and on each side there is another router, on the same lan, those routers provide interconnection. Client router1 bsd(gw) router2 bsd(gw) - Server \_ opaque routeropaque router_/ This is ugly and i change the sysctl to not send icmp redirect warning, which i would called your network spec is ugly icmp warning. I came accross a new behavior to me, when connecting a TCP from Client to Server; i have a sackOK , if i 'pass on interface ... flags any', i can communicate, for a minute between client and server. When i send icmp , with ping from client to server or from router1 to Server probe go through (if i do ping -c1 -w2 and wait a second before each everything is OK) It looks like this, $ ping -c1 -w2 -I 10.54.213.241 10.19.71.21 PING 10.19.71.21 (10.19.71.21): 56 data bytes 64 bytes from 10.19.71.21: icmp_seq=0 ttl=61 time=1.070 ms --- 10.19.71.21 ping statistics --- 1 packets transmitted, 1 packets received, 0.0% packet loss round-trip min/avg/max/std-dev = 1.070/1.070/1.070/0.000 ms $ ping -c3 -w2 -I 10.54.213.241 10.19.71.21 PING 10.19.71.21 (10.19.71.21): 56 data bytes 64 bytes from 10.19.71.21: icmp_seq=0 ttl=61 time=1.129 ms --- 10.19.71.21 ping statistics --- 3 packets transmitted, 1 packets received, 66.7% packet loss round-trip min/avg/max/std-dev = 1.129/1.129/1.129/0.000 ms Only two block rules : $ sudo pfctl -s rules | grep block block drop in log quick from urpf-failed to any label "uRPF" block drop log all Only strange configuration is the physical interface is in a bridge and the IP on a vether interface inside the bridge. There is a set skip in the physical interface, and - pass on vether from (vether:network) to (vether:network) - pass in on vether from (vether:network) to server:network - pass out on vether from server:network to (vether:network) So data goes client->interface->bridge->(vether?)->bridge->interface->network. *My problem*: pflog0 is empty, but pfctl -d fix the problem (any input welcome) ( I will now test a workaround involving GRE to suppress the redirect warning , instead of just silencing them ) Thank you if you made it that far in the mail ! -- - () ascii ribbon campaign - against html e-mail /\
Re: Firewall rules and features
Ok , I agree, and thank you for the accurate answer. OTOH the server was rejecting all the other request, (i do not think it was badly configure) and it ended up rejecting the good one also (after a lng time of use) I first look in nsd manpages to see if i could figure why and found nothing ( a log like i reject packet because ...) I tried verbosity: 2, ratelimit: 1024 ( but nsd wasnt up to date - NSD version 3.2.5 ) I wanted to have a workaround, of course there is another authoritative to answer, therefore i ended up filtering content. If i run authoritative server can i filter to answer to only certain IP addresses ? Like a list of public/root DNS ? My next step was to look at dnssec, which would be nice to have anyway. On Mon, Nov 9, 2015 at 10:34 PM, Nick Holland wrote: > On 11/09/15 16:45, sven falempin wrote: > > For the first time ever i did something with iptable > > that i dont know how to do (simply) with > > pf. > > Something i think it is usefull. > > > > I have a domain server, nsd, it serves whatever.com, > > Authoritative server, then. > > > the server is like flooded with request for no reason, > > Welcome to the Internet. It happens. > > > with iptables i was able to add > > <-m string --hex-string whatever|03|com> > > in the rules. > > > > So i only accept DNS request that matters to me. > > > > Is there a way ? (something simpler than diverting to a > > sort of grep -v ). > > I'd call that a wrong way to do it, definitely. > > If your name server is configured properly, it should be ignoring domain > requests it isn't authoritative for. Not a problem. If you are running > a resolver, it should be resolving only for the IP addresses you manage > (here PF can help you, but the resolver can deal with that, too). > > > Would it be a cool feature ? or because it s a protocol shall > > it be done inside relayd ? > > No. String and pattern matching in the kernel is not a really good > plan. And if you are doing it in an application outside of the kernel, > why not just do it in NSD and be done with it? > > Nor is this solving a problem. Let NSD do its job correctly, and it > will just ignore those queries. DNS queries are really small, and > authoritative servers put very little load on the processor. The query > is going to get received, looked at, and either responded to or > dropped...adding extra layers here to change who receives and processes > the query isn't helping anything. In fact -- assuming NSD is fairly > efficient (I think it is), what I propose is this: > Packet comes in (kernel) > Packet is compared against domains served (NSD) > Response or drop (NSD) > > What you propose is this: > Packet comes in (kernel) > packet is compared against domains served (filter) > drop ... OR -> > packet is compared against domains served (AGAIN!) (NSD) > response (NSD) > > I don't think you win anything here by duplicating a step. > > OR if you want to be nasty, set up a full resolver that returns the IP > of some really nasty, rude or inappropriate site for ALL queries except > the ones that should be answering for. (actually, I don't recommend > doing this, but it made me grin to think about it. "Why do I keep > ending up on the My Little Pony website??"). Again, just because you > CAN do something doesn't make it a good idea. > > Nick. > > -- - () ascii ribbon campaign - against html e-mail /\
Re: Firewall rules and features
Thank you Pedro fot http://ftp.openbsd.org/pub/OpenBSD/5.8/packages/amd64/dnsfilter-0.4p0.tgz I am not sure this is as good as it could be, according to the mail there is room for improvement. Worth a test , and it s better to improve than to add up yet another small program, i wonder how good is the libdns compared to other. Best regards, On Mon, Nov 9, 2015 at 6:38 PM, Pedro Caetano wrote: > Hi, > > I guess one could use pf's divert-to and dnsfilter. > > http://marc.info/?l=openbsd-misc&m=134187877220567&w=2 > > Regards, > Pedro Caetano > > On Mon, Nov 9, 2015 at 9:45 PM, sven falempin > wrote: > >> For the first time ever i did something with iptable >> that i dont know how to do (simply) with >> pf. >> Something i think it is usefull. >> >> I have a domain server, nsd, it serves whatever.com, >> the server is like flooded with request for no reason, >> >> with iptables i was able to add >> <-m string --hex-string whatever|03|com> >> in the rules. >> >> So i only accept DNS request that matters to me. >> >> Is there a way ? (something simpler than diverting to a >> sort of grep -v ). >> >> Would it be a cool feature ? or because it s a protocol shall >> it be done inside relayd ? >> >> Best regards. >> >> -- >> >> - >> () ascii ribbon campaign - against html e-mail >> /\ >> >> > -- - () ascii ribbon campaign - against html e-mail /\
Firewall rules and features
For the first time ever i did something with iptable that i dont know how to do (simply) with pf. Something i think it is usefull. I have a domain server, nsd, it serves whatever.com, the server is like flooded with request for no reason, with iptables i was able to add <-m string --hex-string whatever|03|com> in the rules. So i only accept DNS request that matters to me. Is there a way ? (something simpler than diverting to a sort of grep -v ). Would it be a cool feature ? or because it s a protocol shall it be done inside relayd ? Best regards. -- - () ascii ribbon campaign - against html e-mail /\
Dmesg
"eeprom" at iic0 addr 0x50 not configured : huh ? "Intel Bay Trail TXE" rev 0x0e at pci0 dev 26 function 0 not configured : what ? OpenBSD 5.8 (GENERIC) #254: Fri Aug 14 04:59:16 EDT 2015 real mem = 415232 (3959MB) avail mem = 4022620160 (3836MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xe9570 (14 entries) bios0: vendor American Megatrends Inc. version "BAR3NA01" date 08/11/2015 bios0: NF533 NF533 acpi0 at bios0Entering acpi matching devices!!!: rev 2 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP APIC FPDT MCFG LPIT HPET SSDT SSDT SSDT UEFI acpi0: wakeup devices XHC1(S4) EHC1(S4) PXSX(S4) PXSX(S4) PXSX(S4) PXSX(S4) BRCM(S0) BRC3(S0) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Celeron(R) CPU J1900 @ 1.99GHz, 2000.45 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX ,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,RDRAND,NXE, LONG,LAHF,3DNOWP,PERF,ITSC,SMEP,ERMS,SENSOR,ARAT cpu0: 1MB 64b/line 16-way L2 cache cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges cpu0: apic clock running at 83MHz cpu0: mwait min=64, max=64, C-substates=0.2.0.0.0.0.3.3, IBE cpu at mainbus0: not configured cpu at mainbus0: not configured cpu at mainbus0: not configured ioapic0 at mainbus0: apid 1 pa 0xfec0, version 20, 87 pins acpimcfg0 at acpi0 addr 0xe000, bus 0-255 acpihpet0 at acpi0: 14318179 Hz acpiprt0 at acpi0Match number 42 : bus 0 (PCI0) acpiprt1 at acpi0Match number 42 : bus 1 (RP01) acpiprt2 at acpi0Match number 42 : bus 7 (RP02) acpiprt3 at acpi0Match number 42 : bus 8 (RP03) acpiprt4 at acpi0Match number 42 : bus 9 (RP04) acpiec0 at acpi0: not present acpicpu0 at acpi0match acpicpu_attach number 26 C2: state 6: substate 8 >= num 3: C3(10@1500 mwait.1@0x52), C1(1000@1 mwait.1), PSS acpipwrres0 at acpi0: PLPE acpipwrres1 at acpi0: PLPE acpipwrres2 at acpi0: USBC, resource for EHC1, OTG1 acpipwrres3 at acpi0: CLK0, resource for CAM1 acpipwrres4 at acpi0: CLK1, resource for CAM0, CAM2 acpitz0 at acpi0: critical temperature is 127 degC acpibat0 at acpi0: BAT0 not present acpibat1 at acpi0: BAT1 not present acpibat2 at acpi0: BAT2 not present acpibtn0 at acpi0: LID0 acpibtn1 at acpi0: PWRB acpibtn2 at acpi0: SLPB acpivideo0 at acpi0: GFX0 cpu0: Enhanced SpeedStep 2000 MHz: speeds: 1993, 1992, 1909, 1826, 1743, 1660, 1577, 1494, 1411, 1328 MHz pci0 at mainbus0 bus 0 pchb0 at pci0 dev 0 function 0 "Intel Bay Trail Host" rev 0x0e match acpi pci number 41 vga1 at pci0 dev 2 function 0 "Intel Bay Trail Video" rev 0x0e intagp at vga1 not configured wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) match acpi pci number 41 ahci0 at pci0 dev 19 function 0 "Intel Bay Trail AHCI" rev 0x0e: msi, AHCI 1.3 scsibus1 at ahci0: 32 targets match acpi pci number 41 xhci0 at pci0 dev 20 function 0 "Intel Bay Trail xHCI" rev 0x0e: msi usb0 at xhci0: USB revision 3.0 uhub0 at usb0 "Intel xHCI root hub" rev 3.00/1.00 addr 1 match acpi pci number 41 "Intel Bay Trail TXE" rev 0x0e at pci0 dev 26 function 0 not configured ppb0 at pci0 dev 28 function 0 "Intel Bay Trail I2C" rev 0x0e: msi pci1 at ppb0 bus 1 ppb1 at pci1 dev 0 function 0 vendor "Pericom", unknown product 0x2608 rev 0x00 pci2 at ppb1 bus 2 ppb2 at pci2 dev 1 function 0 vendor "Pericom", unknown product 0x2608 rev 0x00: msi pci3 at ppb2 bus 3 em0 at pci3 dev 0 function 0 "Intel I350" rev 0x01: msi, address 00:30:18:c0:cd:08 match acpi pci number 41 em1 at pci3 dev 0 function 1 "Intel I350" rev 0x01: msi, address 00:30:18:c0:cd:09 match acpi pci number 41 match acpi pci number 41 ppb3 at pci2 dev 2 function 0 vendor "Pericom", unknown product 0x2608 rev 0x00: msi pci4 at ppb3 bus 4 em2 at pci4 dev 0 function 0 "Intel I211" rev 0x03: msi, address 00:30:18:28:22:45 match acpi pci number 41 match acpi pci number 41 ppb4 at pci2 dev 3 function 0 vendor "Pericom", unknown product 0x2608 rev 0x00: msi pci5 at ppb4 bus 5 match acpi pci number 41 ppb5 at pci2 dev 4 function 0 vendor "Pericom", unknown product 0x2608 rev 0x00: msi pci6 at ppb5 bus 6 match acpi pci number 41 match acpi pci number 41 match acpi pci number 41 ppb6 at pci0 dev 28 function 1 "Intel Bay Trail PCIE" rev 0x0e: msi pci7 at ppb6 bus 7 em3 at pci7 dev 0 function 0 "Intel I211" rev 0x03: msi, address 00:30:18:28:22:42 match acpi pci number 41 match acpi pci number 41 ppb7 at pci0 dev 28 function 2 "Intel Bay Trail PCIE" rev 0x0e: msi pci8 at ppb7 bus 8 em4 at pci8 dev 0 function 0 "Intel I211" rev 0x03: msi, address 00:30:18:28:22:43 match acpi pci number 41 match acpi pci number 41 ppb8 at pci0 dev 28 function 3 "Intel Bay Trail PCIE" rev 0x0e: msi pci9 at ppb8 bus 9 em5 at pci9 dev 0 function 0 "Intel I
Re: Show us your /etc/profile
PS1='[\[`if test $? -eq 0; then echo "\e[1;32m"; else echo "\e[1;31m";
fi`\]$?\[\e[0m\]]-[\[\e[0;34m\]\h\[\e[0m\]]-[\[\e[0;34m\]\w\[\e[0m\]]\[\n\]\$
'
Where is that awesome post about the CRC24 to get a nice color for
each hostname ?
There: https://www.mail-archive.com/misc@openbsd.org/msg136871.html
On Fri, Aug 28, 2015 at 11:54 AM, Patrick Dohman wrote:
> My back to SCO additionsâ¦
>
>
> #-#
> # Print the current directory, hostname & user#
> #-#
>
> HOST=`hostname`
> PS1='$(print -n "[${USER}@${HOST%%.*} ";[[ "$HOME" == "$PWD" ]] && print
> -n "~" ||([[ "${PWD##*/}" == "" ]] && print -n "/" || print -n
> "${PWD##*/}");print "]$")'
>
> #***
> HISTFILE=~/.ksh_history
> export HISTFILE
> HISTSIZE=500; export HISTSIZE
> #
>
>
> #-#
> # a few Korn/Bash shell aliases #
> #-#
>
> alias l="ls -la"
> alias vi=âvim"
>
> Regards
> Patrick
>
>
> > On Aug 27, 2015, at 7:36 PM, T B wrote:
> >
> > Resurrecting this not-too-old thread. You might find this one useful if
> > you run CARP firewalls which gives you a dynamic prompt telling you the
> > master/backup/other status.
> >
> > function fwStatus {
> >IFCONFIG=`ifconfig -a | grep carp:`
> >NUMCARPS=`echo "$IFCONFIG" | wc -l`
> >BACKUPCARPS=`echo "$IFCONFIG" | grep 'carp: BACKUP' | wc -l`
> >MASTERCARPS=`echo "$IFCONFIG" | grep 'carp: MASTER' | wc -l`
> >
> >if [[ "$MASTERCARPS" == "$NUMCARPS" ]]; then
> >printf master
> >elif [[ "$BACKUPCARPS" == "$NUMCARPS" ]]; then
> >printf backup
> >else
> >printf other
> >fi
> > }
> >
> > HOSTNAME=`hostname -s`
> > PS1='${USER}@${HOSTNAME}:${PWD} ($(fwStatus)) $ '
> >
> >
> > On Wed, Aug 5, 2015 at 1:43 AM, Sean Kamath
> > wrote:
> >
> >> On Aug 2, 2015, at 8:49 AM, li...@wrant.com wrote:
> >>
> never
> thought of using a shell function in .profile till I read this thread.
> >>>
> >>> ...
> >>>
> >>> Functions has always been impressive once you move past the alias
> >>> shortcomings (can't handle arguments etc), so also worth a read the
> >>> "Functions" section.
> >>
> >>
> >> Functions have been amazingly useful and impressive for a very long
> time.
> >> They are also not limited to ksh. In fact, my introduction to this very
> >> useful aspect of shell programming was from Sun's rcS script, which has
> >> this:
> >>
> >> # Simulates cat in sh so it doesn't need to be on the root filesystem.
> >> #
> >> shcat() {
> >>while [ $# -ge 1 ]; do
> >>while read i; do
> >>echo "$i"
> >>done < $1
> >>shift
> >>done
> >> }
> >>
> >>
> >> There have been times when I've been on systems in single user mode
> >> without filesystems, and knowing how to do some things we typically use
> >> external programs for in the shell can be a lifesaver, like "echo *" as
> a
> >> poor man's "ls".
> >>
> >> If your directory isn't *that* large, 'for i in *; do echo $i; done |
> wc
> >> -l' works well. Well, for some definition of 'well'.
> >>
> >> My point is that shell functions allow you to do some fairly complex
> >> stuff, and if you're careful, you can avoid execs. There are places the
> >> shell forks, however. It can be a fun exercise to find them with
> profiling
> >> tools. :-)
> >>
> >> Sean
>
>
--
() ascii ribbon campaign - against html e-mail
/\
Re: Kernel Driver Question
On Fri, Aug 21, 2015 at 3:30 PM, Miod Vallat wrote: >> is 'bus_dma' >> http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man9/bus_dma.9 >> the <> of 'ioremap/ioread32' >> http://www.makelinux.net/ldd3/chp-9-sect-4-- >> ? > > I don't think so. > > It looks like you are attempting to port a PCI driver, and attempting to > access the device's register. > > PCI device regions in memory and I/O space are made available to the > kernel with pci_mapreg_map(), which gives you a bus_space_handle_t > suitable for use with thi bus_space(9) API. This would be a sugar-coated > equivalent of ioremap(). > > From then on, bus_space_read_(N/8) will match ioreadN() calls. Thank you :-) I figure it was not dma by grep the call of those everywhere, still need to understand the mapping. ( working on the AMD Bobcat WDT actually, i have the base adress trough bus space map : in acpi 0xFED0 and the then doc say go to 00b0 but i do not understand where this address makes sense, and how to write in it ) -- - () ascii ribbon campaign - against html e-mail /\
Kernel Driver Question
Dear Readers,
is 'bus_dma'
http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man9/bus_dma.9
the <> of 'ioremap/ioread32'
http://www.makelinux.net/ldd3/chp-9-sect-4--
?
trying to port a driver : watchdog/sp5100_tco.c, wondering the openbsd
equivalent of readl :
if (sp5100_tco_pci->revision >= 0x40) {
/* Read SBResource_MMIO from AcpiMmioEn(PM_Reg: 24h) */
outb(SB800_PM_ACPI_MMIO_EN+3, SB800_IO_PM_INDEX_REG);
[..bus space map equivalent..]
} else {
[...]
/* Check MMIO address conflict */
if (request_mem_region_exclusive(val, SP5100_WDT_MEM_MAP_SIZE,
dev_name)) {
[...]
tcobase = ioremap(val, SP5100_WDT_MEM_MAP_SIZE);
[...]
/* Check that the watchdog action is set to reset the system */
[..ioread32 old school form..]
val = readl(SP5100_WDT_CONTROL(tcobase));
Best regards,
Dependencies package dbus and madness
Can't install dbus-1.8.16v0 because of libraries |library ICE.10.0 not found |library SM.9.0 not found |library X11.16.0 not found |library xcb.3.1 not found Can someone remind me why a bus need those. Just to vent a bit please. -- - () ascii ribbon campaign - against html e-mail /\
Re: # symbol - The English Way...
Synonyms: hash, octothorn, pound sign, number sign, hashtag, tic-tac-toe sign, naughts and crosses sign/symbol Press Tic Tac Toe Key please . Go back to work now Homer. On Wed, Jun 17, 2015 at 2:56 PM, Max Power wrote: > http://time.com/2870942/hashtag-oed-oxford-english-dictionary/ > > Thank You boys for reply!! > > Just for the knowledge. > > -- - () ascii ribbon campaign - against html e-mail /\
Re: SAMBA CIFS/SMBMOUNT
On Wed, Jun 10, 2015 at 2:54 PM, Stuart Henderson wrote: > On 2015/06/10 13:33, sven falempin wrote: > > > > > > On Wed, Jun 10, 2015 at 4:32 AM, Stuart Henderson > > wrote: > > > > On 2015-06-07, Max Power wrote: > > > Hi guys! > > > Question about OpenBSD 5.7 amd64. > > > How to mount shared device via samba fs? > > > > > > I tried in this way: > > > # mount -t cifs //192.168.2.111/raid5/download /BACKUP -o > > > username=user,password=passwd > > > and this returns: > > > mount: no mount helper program found for cifs: No such file or > > directory > > > > > > Thank You for reply. > > > > There is no kernel CIFS support, you must use a FUSE-based > > filesystem > > (like usmb) or a converter (like sharity-light as czarkoff@ > > suggested). > > usmb worked better for me but it's a bit rough at the edges. > > > > > > > > USMB ? > > Yes. > > o, this: http://ametros.net/code.html -- - () ascii ribbon campaign - against html e-mail /\
Re: SAMBA CIFS/SMBMOUNT
On Wed, Jun 10, 2015 at 4:32 AM, Stuart Henderson wrote: > On 2015-06-07, Max Power wrote: > > Hi guys! > > Question about OpenBSD 5.7 amd64. > > How to mount shared device via samba fs? > > > > I tried in this way: > > # mount -t cifs //192.168.2.111/raid5/download /BACKUP -o > > username=user,password=passwd > > and this returns: > > mount: no mount helper program found for cifs: No such file or directory > > > > Thank You for reply. > > There is no kernel CIFS support, you must use a FUSE-based filesystem > (like usmb) or a converter (like sharity-light as czarkoff@ suggested). > usmb worked better for me but it's a bit rough at the edges. > > USMB ? -- - () ascii ribbon campaign - against html e-mail /\
Re: ifconfig bridge and trunk
On Thu, May 28, 2015 at 10:55 AM, Martin Pieuchot wrote: > On 28/05/15(Thu) 10:38, Ted Unangst wrote: > > Why is the ifconfig keyword to add an interface to a bridge "add" and the > > keyword to add an interface to a trunk "trunkport"? > > Because nobody sent a diff to unify ifconfig(8) ? > > If you can also merge "vlandev", "carpdev", "syncdev" and "pppoedev" in > the same fashion, that would be awesome. I'd suggest "parent" since > that's the term we use, but others might have a better idea. > > Of course backward compatibility is needed ;) > > 2 cents: all the *dev could use the 'dev' or 'if' or 'iface' but it s not the same for trunk and bridge : they got a list of interfaces. on freebsd it is addm for addmember and ifconfig lagg0 up laggproto lacp laggport fxp0 laggport fxp1 10.0.0.3/24 i spare you the linux tools. -- - () ascii ribbon campaign - against html e-mail /\
Re: Can someone with current do :
On Thu, Apr 2, 2015 at 11:23 AM, Kent R. Spillner wrote:
> On Thu, Apr 02, 2015 at 08:19:00AM -0400, sven falempin wrote:
> > Sorry, no time to make a decent report ATM, must release.
> > route add XXX -link -iface Y
> > creates problems.
>
> Such a beautiful piece of performance art should be preserved:
>
> Index: usr.bin/mg//theo.c
> ===
> RCS file: /work/cvsroot/src/usr.bin/mg/theo.c,v
> retrieving revision 1.146
> diff -p -u -r1.146 theo.c
> --- usr.bin/mg//theo.c 19 Mar 2015 21:48:05 - 1.146
> +++ usr.bin/mg//theo.c 2 Apr 2015 15:17:08 -
> @@ -35,11 +35,13 @@
> #include "kbd.h"
>
> void theo_init(void);
> static int theo_analyze(int, int);
> +static int sven_analyze(int, int);
> static int theo(int, int);
>
> static PF theo_pf[] = {
> - theo_analyze
> + theo_analyze,
> + sven_analyze
> };
>
> static struct KEYMAPE (1) theomap = {
> @@ -47,7 +49,7 @@ static struct KEYMAPE (1) theomap = {
> 1,
> rescan,
> {
> - { CCHR('M'), CCHR('M'), theo_pf, NULL }
> + { CCHR('M'), CCHR('N'), theo_pf, NULL }
> }
> };
>
> @@ -197,6 +199,12 @@ static const char *talk[] = {
>
> static const int ntalk = sizeof(talk)/sizeof(talk[0]);
>
> +static const char *sven_talk[] = {
> + "Sorry, no time to make a decent report ATM, must release."
> +};
> +
> +static const int nsven_talk = sizeof(sven_talk)/sizeof(sven_talk[0]);
> +
> /* ARGSUSED */
> static int
> theo_analyze(int f, int n)
> @@ -205,6 +213,26 @@ theo_analyze(int f, int n)
> int len;
>
> str = talk[arc4random_uniform(ntalk)];
> + len = strlen(str);
> +
> + enewline(FFRAND, 2);
> +
> + while (len--)
> + linsert(1, *str++);
> +
> + enewline(FFRAND, 2);
> +
> + return (TRUE);
> +}
> +
> +/* ARGSUSED */
> +static int
> +sven_analyze(int f, int n)
> +{
> + const char *str;
> + int len;
> +
> + str = sven_talk[arc4random_uniform(nsven_talk)];
> len = strlen(str);
>
> enewline(FFRAND, 2);
>
How can you have so much time on your hand , i am jealous.
--
-
() ascii ribbon campaign - against html e-mail
/\
Re: Can someone with current do :
On Thu, Apr 2, 2015 at 4:51 AM, Martin Pieuchot wrote: > On 01/04/15(Wed) 20:30, sven falempin wrote: > > ping 8.8.88. > > > > (probably fixed by then, it crash here but i am far from current) > > > What crashes? ping? The kernel? Could you provide trace? A bug report > without information is useless, nobody can tell if it is already fixed or > even if it has the *same* problem :) > > Mar > > Sorry, no time to make a decent report ATM, must release. route add XXX -link -iface Y creates problems. -- - () ascii ribbon campaign - against html e-mail /\
Re: Can someone with current do :
On Wed, Apr 1, 2015 at 8:30 PM, sven falempin wrote: > ping 8.8.88. > > (probably fixed by then, it crash here but i am far from current) > and the problem is with some static routes so do not even bother. Sorry. -- - () ascii ribbon campaign - against html e-mail /\
Can someone with current do :
ping 8.8.88. (probably fixed by then, it crash here but i am far from current) Thank you. -- - () ascii ribbon campaign - against html e-mail /\
Re: Fund raising
On Fri, Mar 27, 2015 at 2:25 AM, Theo de Raadt wrote: > >I'm actually wearing an openbsd shirt now with an openssh poster > >behind me on the wall. > > > >What's the URL to the legacy store? I want to see what remains in > >their inventory. > > Note: > > Recent difficulties have resulted in zero (Z E R O) of the proceeds > from Austin's shop going towards OpenBSD. And it may have been > happening for a while before that. > > (history repeats itself) > > But the new shop is alright ? -- - () ascii ribbon campaign - against html e-mail /\
Re: Getting errors during security(8) maintenance
On Fri, Mar 27, 2015 at 8:41 AM, Ingo Schwarze wrote:
> Hi Denis,
>
> Denis Lapshin wrote on Thu, Mar 26, 2015 at 11:33:16AM +0300:
>
> > Some time ago start getting errors after nightly Secutiry running:
> >
> > Use of uninitialized value $home in concatenation (.)
> > or string at /usr/libexec/security line 356.
>
> Fixed in -current, thanks for reporting.
>
> Regarding the corrupted file /etc/passwd on your machine,
> use vipw(8) in the way i explained before.
>
> Note that 5.4 is old and no longer supported.
>
> Yours,
> Ingo
>
>
good morning
my $homes = find_homes;
check_rhosts_owner @$_ foreach @$homes;
I am not sure about perl internal but aren 't you playing too much from @
to \@ lol
why not check_homes(sub {
check_rhosts_content @_;
check whaterver you want on passwd;
});
Just leaving that here:
#!/usr/bin/perl
use strict;
use v5.10;
use Data::Dumper;
sub whatever {
open my $fh, '<', $ARGV[0] or die 'oops'.$!;
my @passwd = map [ @{[split /:/]}[0,2,5] ], <$fh>;
my @homes = grep {
$_[0]($_);
} @passwd;
return \@homes;
}
my $check_home = sub {
say Dumper($_) ;
unless ( -d $_->[ 2 ] ) {
warn $_->[ 2 ].' is not existing, so what ? ';
return;
}
return 1;
};
say Dumper(whatever($check_home));
--
-
() ascii ribbon campaign - against html e-mail
/\
Re: Help, my 5.6 stable is insane : cant resolv dns inside programs (ftp and curl)
On Wed, Mar 4, 2015 at 2:11 PM, Raf Czlonka wrote: > On Wed, Mar 04, 2015 at 06:47:38PM GMT, sven falempin wrote: > > > # i did play around with the file resolv.conf > > # cat /etc/resolv.conf > > lookup file > > nameserver 127.0.0.1 > > nameserver 8.8.8.8 > > # because i dont get it i even did that > > # cat /etc/resolv.conf.tail > > nameserver 8.8.8.8 > > This is due to the fact that both 'host' and 'dig' are *DNS* lookup > utilities - for obvious reasons, they care only about 'nameserver' > entries in '/etc/resolv.conf'. For other utilities, which rely on > gethostbyname(3) and gethostbyaddr(3), the 'lookup' option specifies the > database and, if more than one, the order which is to be searched for > host information. > > In your example above, 'lookup' is only set up for '/etc/hosts' hence > utilities like 'ftp', or 'curl', fail - change it to 'lookup file bind' > (or remove that line altogether) and everything will go back to normal. > > Remove 'nameserver' options from there and, as you might expect, DNS > lookups themselves will fail. > > Raf > > YES, lookup file bind, (but i did delete the line completly and it wasnt working.) Fun fact , i actually know that but i fail to spot it . Thank you :-) -- - () ascii ribbon campaign - against html e-mail /\
Help, my 5.6 stable is insane : cant resolv dns inside programs (ftp and curl)
# i did play around with the file resolv.conf # cat /etc/resolv.conf lookup file nameserver 127.0.0.1 nameserver 8.8.8.8 # because i dont get it i even did that # cat /etc/resolv.conf.tail nameserver 8.8.8.8 [0]-[router]-[~] # host google.ca google.ca has address 173.194.45.47 google.ca has address 173.194.45.55 google.ca has address 173.194.45.56 google.ca has address 173.194.45.63 google.ca has IPv6 address 2a00:1450:4007:805::100f google.ca mail is handled by 30 alt2.aspmx.l.google.com. google.ca mail is handled by 20 alt1.aspmx.l.google.com. google.ca mail is handled by 40 alt3.aspmx.l.google.com. google.ca mail is handled by 50 alt4.aspmx.l.google.com. google.ca mail is handled by 10 aspmx.l.google.com. [0]-[router]-[~] # host google.ca 127.0.0.1 Using domain server: Name: 127.0.0.1 Address: 127.0.0.1#53 Aliases: google.ca has address 173.194.45.47 google.ca has address 173.194.45.55 google.ca has address 173.194.45.56 google.ca has address 173.194.45.63 google.ca has IPv6 address 2a00:1450:4007:805::100f google.ca mail is handled by 30 alt2.aspmx.l.google.com. google.ca mail is handled by 20 alt1.aspmx.l.google.com. google.ca mail is handled by 40 alt3.aspmx.l.google.com. google.ca mail is handled by 50 alt4.aspmx.l.google.com. google.ca mail is handled by 10 aspmx.l.google.com. [0]-[router]-[~] # host google.ca 8.8.8.8 Using domain server: Name: 8.8.8.8 Address: 8.8.8.8#53 Aliases: google.ca has address 216.58.211.99 google.ca has IPv6 address 2a00:1450:4007:806::1017 google.ca mail is handled by 40 alt3.aspmx.l.google.com. google.ca mail is handled by 50 alt4.aspmx.l.google.com. google.ca mail is handled by 10 aspmx.l.google.com. google.ca mail is handled by 20 alt1.aspmx.l.google.com. google.ca mail is handled by 30 alt2.aspmx.l.google.com. [0]-[router]-[~] # ftp -o /dev/null http://google.ca ftp: google.ca: no address associated with name [1]-[router]-[~] # # dig 127.0.0.1 google.fr [.also work ok.] -- - () ascii ribbon campaign - against html e-mail /\
Re: Alternative way to get sources, CVS slow
On Sun, Feb 22, 2015 at 3:48 PM, Henrique Lengler wrote: > On Sun, Feb 22, 2015 at 04:40:39PM -0300, Henrique Lengler wrote: > > On Sun, Feb 22, 2015 at 05:18:24PM +, Stuart Henderson wrote: > > > Interesting.. I stopped running local cvsync to my server at home > > > a while ago, as 'cvs up' from my mirror (over adsl) was faster, not > > > even taking the extra cvsync time into account ;) > > > > So I successfully fetched the code, now I will compile, and see if I get > any error, > > as I get before. Because last time I checkout the code, things like > xenocara failed to build. > > > Holy #@$$!! > > I got a compiler error, the same I posted here: > http://marc.info/?l=openbsd-misc&m=142444902627315&w=2 > > I really need help, I'm following he FAQ, and I don't know why it don't > work! > -- > Regards > > Henrique Lengler > > > I agree CVS is a bit slow, I do not know if it is ssh, the cvs design or the amount of bandwith/cpu put into the mirrors/ If you want help, you have to give way more information, maybe you just forgot an important part or, as often, compile a part of current and break stuffs. -- - () ascii ribbon campaign - against html e-mail /\
