Newbie Problem: Can't ping carp device

does work. Remote ping on 172.16.3.220 does work. Remote ping on 172.16.3.223 does not work. Given that this is such a basic setup there must be something I am missing here. Shouldn't I be able to ping the CARP device remotely? Any help is appreciated! Thanks, -- Stephan A. Rickauer

Re: CARP/PFSYNC

'sysctl -w net.inet.carp.preempt=1' do the trick? -- Stephan A. Rickauer Institut f|r Neuroinformatik Universitdt / ETH Z|rich Winterthurerstriasse 190 CH-8057 Z|rich Tel: +41 44 635 30 50 Sek: +41 44 635 30 52 Fax: +41 44 635 30 53 http://www.ini.ethz.ch

Re: Newbie Problem: Can't ping carp device [SOLVED]

Turned out the problem is related to VMware's GSX server on which I experimented using virtual machines (which I didn't mention). Setting up CARP on 'real' hardware went fine without glitches. Stephan A. Rickauer schrieb: Don't think so: -bash-3.00# pfctl -s rules -bash-3.00# Jason Dixon

Re: sysctl tuning for maximum network performance [off topic]

Ted Unangst schrieb: i don't understand why people keep asking the same question. if there were some fast sysctl knob, why would we set it to slow? why would there even be such a retarded knob? From Spinal Tap: You see, most blokes will be playing at 10. Youre on 10, all the way up, all

Re: sysctl tuning for maximum network performance [off topic]

Antti Nykdnen schrieb: On Fri, Sep 02, 2005 at 09:04:48AM +0200, Stephan A. Rickauer wrote: You see, most blokes will be playing at 10. Youre on 10, all the way up, all the way up...Where can you go from there? Nowhere. What we do, is if we need that extra push over the cliff...Eleven. One

Lifecycle question

, does that mean one needs to upgrade the entire OS every half year? I couldn't get that from the website. Thanks for helping, -- Stephan A. Rickauer Institut f|r Neuroinformatik Universitdt / ETH Z|rich Winterthurerstriasse 190 CH-8057 Z|rich Tel: +41 44 635

Re: Lifecycle question

already in love with it, since I plan to use it as a HA-firewall using carp and pfsync. Problem here is just that it looks as if I had to reinstall it all year ... Thanks, -- Stephan A. Rickauer Institut f|r Neuroinformatik Universitdt / ETH Z|rich

Re: Lifecycle question

Giedrius RekaE!ius schrieb: If it's just a firewall, and you won't need any new features (wich will come with some new release), then why should you upgrade? Just configure it, put the because patch-xy has been made for release zz where I have release bb after 'it has been in the dark

Re: Lifecycle question

with conflicting userland version yz ... nightmares. I guess I'll risk it with OpenBSD ;) -- Stephan A. Rickauer Institut f|r Neuroinformatik Universitdt / ETH Z|rich Winterthurerstriasse 190 CH-8057 Z|rich Tel: +41 44 635 30 50 Sek: +41 44 635 30 52 Fax: +41 44 635 30 53

Re: Lifecycle question

Henning Brauer schrieb: you don't have to reinstall at all. hogwash by some people here. I have about a hundred servers in production, some are upgraded ever since 2.7 times or so. upgrade typically takes us 5 minutes and one reboot a box. Well, I am thinking of using OpenBSD for our

Re: Lifecycle question

Abraham Al-Saleh schrieb: I am already in love with it, since I plan to use it as a HA-firewall using carp and pfsync. Problem here is just that it looks as if I had to reinstall it all year ... If that's the case, then you just take one down, upgrade it, bring it back online, take the other

Re: Lifecycle question

... Well, I am not a programmer, therefore I may not see the effort. Thanks for your comments! -- Stephan A. Rickauer Institut f|r Neuroinformatik Universitdt / ETH Z|rich Winterthurerstriasse 190 CH-8057 Z|rich Tel: +41 44 635 30 50 Sek: +41 44 635 30 52

Re: Lifecycle question

as well. That's why I can't understand people can really live with the 6 months lifecycle. Thanks, -- Stephan A. Rickauer Institut f|r Neuroinformatik Universitdt / ETH Z|rich Winterthurerstriasse 190 CH-8057 Z|rich Tel: +41 44 635 30 50 Sek: +41 44 635

tcpdump/pflog - rule numbering

about how pflog numbers the rules. Could anyone point me there? Thanks! -- Stephan A. Rickauer Institut f|r Neuroinformatik Universitdt / ETH Z|rich Winterthurerstriasse 190 CH-8057 Z|rich Tel: +41 44 635 30 50 Sek: +41 44 635 30 52 Fax: +41 44 635 30

Re: tcpdump/pflog - rule numbering

as well ... somtimes life is so obvious ;) -- Stephan A. Rickauer Institut f|r Neuroinformatik Universitdt / ETH Z|rich Winterthurerstriasse 190 CH-8057 Z|rich Tel: +41 44 635 30 50 Sek: +41 44 635 30 52 Fax: +41 44 635 30 53 http://www.ini.ethz.ch

Re: tcpdump/pflog - rule numbering

Stuart Henderson schrieb: # pfctl -sr -vv Cool! -- Stephan A. Rickauer Institut f|r Neuroinformatik Universitdt / ETH Z|rich Winterthurerstriasse 190 CH-8057 Z|rich Tel: +41 44 635 30 50 Sek: +41 44 635 30 52 Fax: +41 44 635 30 53 http

Re: sendmail and clamd

Cristian Del Carlo schrieb: What can i use to connect sendmail and clamd? We use clamsmtp on linux. Don't know whether it is available for OpenBSD... Anyway: http://memberwebs.com/nielsen/software/clamsmtp/ -- Stephan A. Rickauer Institut f|r Neuroinformatik

Re: Lifecycle question

;) ). -- Stephan A. Rickauer Institut f|r Neuroinformatik Universitdt / ETH Z|rich Winterthurerstriasse 190 CH-8057 Z|rich Tel: +41 44 635 30 50 Sek: +41 44 635 30 52 Fax: +41 44 635 30 53 http://www.ini.ethz.ch

Re: Sendmail nullclient

Will H. Backman wrote: Here is what I use in Linux (sendmail 8.12.10): Thanks. But this is not a real nullclient configuration - or at least not what I was expecting. According to various documentations, this should be enough. Unfortunately, it isn't and I am not a sendmail specialist:

Re: Sendmail nullclient

: SYSERR(root): savemail: cannot save rejected email anywhere BTW: I _can_ telnet on port 25 of my mail host. Thanks for you help again, -- Stephan A. Rickauer Institut f|r Neuroinformatik Universitdt / ETH Z|rich Winterthurerstriasse 190 CH-8057 Z|rich

Re: Sendmail nullclient

, but without learning sendmail I am/was not able to simply configure my system as 'send-only' machine... -- Stephan A. Rickauer Institut f|r Neuroinformatik Universitdt / ETH Z|rich Winterthurerstriasse 190 CH-8057 Z|rich Tel: +41 44 635 30 50 Sek: +41 44 635 30 52

Re: Sendmail nullclient

not being delivered locally, even if generated locally. Everything should go to host xy. -- Stephan A. Rickauer Institut f|r Neuroinformatik Universitdt / ETH Z|rich Winterthurerstriasse 190 CH-8057 Z|rich Tel: +41 44 635 30 50 Sek: +41 44 635 30 52 Fax: +41

Re: Sendmail nullclient

should not be accepted at all from remote and locally generated mail (reports etc.) should go to smart host. Seems to be so easy ... any ideas? -- Stephan A. Rickauer Institut f|r Neuroinformatik Universitdt / ETH Z|rich Winterthurerstriasse 190 CH-8057 Z

Re: Lifecycle question

Theo de Raadt wrote: If this is what your real agenda is -- baiting -- then you should consider staying off our project's mailing lists. It is not about baiting, but about learning. Learning involves asking questions. Questions may offend people. It is not my intention to upset people as

Re: Sendmail nullclient

Antoine Jacoutot wrote: Stephan A. Rickauer wrote: Seems to be so easy ... any ideas? Sure, edit the following file (or copy it under a new name) : /usr/share/sendmail/cf/submit.mc Great, that's a big step. The remaining problem is I don't know how to configure it in a way the hostname

Re: Sendmail nullclient [SOLVED]

the delivered mails. Thanks a lot for the help! -- Stephan A. Rickauer Institut f|r Neuroinformatik Universitdt / ETH Z|rich Winterthurerstriasse 190 CH-8057 Z|rich Tel: +41 44 635 30 50 Sek: +41 44 635 30 52 Fax: +41 44 635 30 53 http://www.ini.ethz.ch

Migration to PF - some questions

, a netfilter forward rules needs to be replaced by two pf rules (in general)? Thanks, -- Stephan A. Rickauer Institut f|r Neuroinformatik Universitdt / ETH Z|rich Winterthurerstriasse 190 CH-8057 Z|rich Tel: +41 44 635 30 50 Sek: +41 44 635 30 52 Fax: +41 44 635

Re: Migration to PF - some questions

. -- Stephan A. Rickauer Institut f|r Neuroinformatik Universitdt / ETH Z|rich Winterthurerstriasse 190 CH-8057 Z|rich Tel: +41 44 635 30 50 Sek: +41 44 635 30 52 Fax: +41 44 635 30 53 http://www.ini.ethz.ch

Re: ftp-proxy(8) and pf question

a transparent ftp proxy with native openbsd tools... Thanks, -- Stephan A. Rickauer Institut f|r Neuroinformatik Universitdt / ETH Z|rich Winterthurerstriasse 190 CH-8057 Z|rich Tel: +41 44 635 30 50 Sek: +41 44 635 30 52 Fax: +41 44 635 30 53 http

Re: ftp-proxy(8) and pf question

and behaves like a 'real proxy'. Especially using anchors to write pf rules dynamically is a cool idea. Will it replace the other ftp-proxy at some point that comes with OpenBSD? Thanks a lot, -- Stephan A. Rickauer Institut f|r Neuroinformatik Universitdt

em/carp switches slower than fxp/carp

carpdev fxp0 vhid 3 advbase 1 advskew 100 Fri Sep 23 14:25:44 CEST 2005 carp: BACKUP carpdev em0 vhid 1 advbase 1 advskew 100 carp: BACKUP carpdev em1 vhid 2 advbase 1 advskew 100 carp: BACKUP carpdev fxp0 vhid 3 advbase 1 advskew 100 Any ideas? Thanks! -- Stephan

Re: em/carp switches slower than fxp/carp

VLAN's. The switches are interconnected by a 'trunk'. I guess the general problem here is two machines appear with one mac address at the same time on both switches, right? How can one solve that? My 'level 3' knowledge is kind of rudimentary, only ... Thanks, -- Stephan A. Rickauer

3.7 crashing - procedure?

. Thanks a lot, -- Stephan A. Rickauer Institut f|r Neuroinformatik Universitdt / ETH Z|rich Winterthurerstriasse 190 CH-8057 Z|rich Tel: +41 44 635 30 50 Sek: +41 44 635 30 52 Fax: +41 44 635 30 53 http://www.ini.ethz.ch

Re: em/carp switches slower than fxp/carp [SOLVED]

Hello Jason, Jason Ackley wrote: Stephan A. Rickauer wrote: I guess the general problem here is two machines appear with one mac address at the same time on both switches, right? How can one solve that? You may also want to make sure that the port is in STP 'portfast' mode or whatever

/etc/hostname.if convention

suggest to change it, I am just curious where it comes from. Thanks! -- Stephan A. Rickauer Institut f|r Neuroinformatik Universitdt / ETH Z|rich Winterthurerstriasse 190 CH-8057 Z|rich Tel: +41 44 635 30 50 Sek: +41 44 635 30 52 Fax: +41 44 635 30 53

Re: iptables vs pf

, security, ease of administration and robustness. And consider, this is no theoretic blabla, I just migrated our entire firewall infrastructure from netfilter to pf ;) Have fun, -- Stephan A. Rickauer Institut f|r Neuroinformatik Universitdt / ETH Z|rich

Re: CARP states apparently not changing correctly (causes some connection drops)

'? -- Stephan A. Rickauer Institut f|r Neuroinformatik Universitdt / ETH Z|rich Winterthurerstriasse 190 CH-8057 Z|rich http://www.ini.ethz.ch

Intel SRCSAS144E

Anyone having first hands experience with Intels SRCSAS144E RAID controller? According to mfi(4) it is not only supported but also registers nicely with bio(4). A bioctl output would be highly appreciated, too. Thanks, -- Stephan A. Rickauer

Re: Bioctl ciss controller status

the issue but I'm not sure what happened to the code. FYI, this issue doesn't seem to happen on the DL380. I do have the same issue with 4.1 on a DL385, though. Only one volume configured, controller firmware 2.08. # bioctl ciss0 bioctl: Can't locate ciss0 device via /dev/bio -- Stephan

Re: Bioctl ciss controller status

week. However, if there is a developer interested in getting this quick fix more beautiful, I could enable remote login on one of our machines for testing and developing. Please contact me off list. Thanks, -- Stephan A. Rickauer

arc0: unable to query firmware for sensor info

firmware for sensor info Any help, of course, is greatly appreciated. The server is not productive yet, so I can help providing all data that may be required. SSH login is also possible. Thanks! [1] http://marc.info/?l=openbsd-miscm=118148605315920w=2 -- Stephan A. Rickauer

Re: arc0: unable to query firmware for sensor info

On Fri, Sep 28, 2007 at 08:35:10AM +1000, David Gwynne wrote: On 27/09/2007, at 8:06 PM, Stephan A. Rickauer wrote: A new server shippped by a local vendor fails to boot bsd.mp, with and without acpi enabled (amd64, 4.2). Without acpi it will reboot directly after mounting the root device

Re: I need a new non-sucky laptop...

On Tue, Oct 02, 2007 at 04:24:44PM +1000, Tanvir Ahmed wrote: I'm using OpenBSD 4.1 with a modified kernel on Lenovo Thinkpad T60 Out of curiosity, what modifications are necessary in your point of view? -- Stephan A. Rickauer

Re: arc0: unable to query firmware for sensor info

can't boot. -- Stephan A. Rickauer --- Institute of Neuroinformatics Tel +41 44 635 30 50 University / ETH Zurich Sec +41 44 635 30 52 Winterthurerstrasse 190 Fax +41 44 635 30 53 CH-8057 Zurich

Re: ms exchange replacement

and devtodo (cause I can). BTW: Does anyone happen to know of a mobile phone than _really_ synchronizes todo's and calendar with OpenBSD? I don't mind using command line tools or write a perl script around some tools ... -- Stephan A. Rickauer

Re: Jumb Frames

On Wed, Oct 03, 2007 at 01:32:15AM -0700, Jake Conk wrote: I was wondering if setting my ethernet's card mtu to 9000 is all I have to do to enable jumbo frames? (and of course set it on all other devices that the card connects to) works for me. -- Stephan A. Rickauer

Re: Lifecycle question [Not again!]

the chance and upgrade 3.7 to 3.8 on my carp firewall setup. And all I wanted to tell you here is that you all were right: It is not just smooth, consistent and easy - it's really fun! The entire upgrade took me less than an hour without one microsecond of down time. Cool. Thanks again, -- Stephan

Re: Lifecycle question [Not again!]

one thing producing trouble was to recompile ftp-proxy from Camiel Dobbelaar which I use since I find it more useful than the system one. Well, actually it wasn't trouble - I just had to do it manually, of course ;) -- Stephan A. Rickauer Institut f|r

Re: usb2ether hw recommendation

Stuart Henderson wrote: --On 23 November 2005 11:49 +0100, Stephan A. Rickauer wrote: are there any device recommendations for usb Ethernet network adapters supported by the drivers listed by 'apropos usb|grep -i ether|grep -v Class' on 3.8? Searching the web for the chipsets usually gives me

Re: usb2ether hw recommendation

Hello, Stephan A. Rickauer wrote: ugen0 at uhub4 port 1 ugen0: ASIX Electronics AX88178, rev 2.00/0.01, addr 2 I guess I _was_ unlucky. It's a Level one usb-0200. Seems I was to quick. axe(4) should be the right one ... I'll try. I am stuck now. All I could find out was that I have

Re: usb2ether hw recommendation

On 11/24/05, Stephan A. Rickauer [EMAIL PROTECTED] wrote: Hello, Stephan A. Rickauer wrote: ugen0 at uhub4 port 1 ugen0: ASIX Electronics AX88178, rev 2.00/0.01, addr 2 I guess I _was_ unlucky. It's a Level one usb-0200. Seems I was to quick. axe(4) should be the right one ... I'll try. I

Re: usb2ether hw recommendation

Stephan A. Rickauer wrote: Hello, Stephan A. Rickauer wrote: ugen0 at uhub4 port 1 ugen0: ASIX Electronics AX88178, rev 2.00/0.01, addr 2 I guess I _was_ unlucky. It's a Level one usb-0200. Seems I was to quick. axe(4) should be the right one ... I'll try. I am stuck now. All I could find

df reports capacity 100%

on /projects2.4T 2.0T 418G 84% /projects Not a problem at all, but maybe some developer is interested in understanding this phenomena or knows what one can do to cleanly update the Size information. Thanks. -- Stephan A. Rickauer

Re: df reports capacity 100%

Otto Moerbeek wrote: This is a known bug and not fixable until we change the statfs structure. http://cvs.openbsd.org/cgi-bin/query-pr-wrapper?full=yesnumbers=5169 Awesome. I wish other software had such a high quality of support. Thanks Otto. -- Stephan A. Rickauer

uvm_mapent_alloc: out of static map entries

on my not so busy i386 4.0-current web server I get uvm_mapent_alloc: out of static map entries ~ once every two days. The archives bear a wide range of suggestions, from tweaking kernel feature xy to not touching anything, because that's stupid. However, this message bothers me a bit and so I

Re: Printing using a network printer

to Debug, restart cupsd and have a look at your log files in /var/log/cups/, most importantly error_log -- Stephan A. Rickauer --- Institute of Neuroinformatics Tel +41 44 635 30 50 University / ETH Zurich Sec +41

Fw: Security Development Lifecycle (SDL) Banned Function Calls

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 OpenBSD as a reference ... Begin forwarded message: - Date: Wed, 04 Apr 2007 10:25:34 +0200 To: Stephan A. Rickauer [EMAIL PROTECTED] Subject: Security Development Lifecycle (SDL) Banned Function Calls Theo de

-stable no longer mentioned in dmesg?

clean make depend make reboot BTW: What is that #0 for (release has #1435)? Thanks! -- Stephan A. Rickauer --- Institute of Neuroinformatics Tel +41 44 635 30 50 University / ETH Zurich Sec +41 44 635 30 52

Re: -stable no longer mentioned in dmesg?

On Fri, 4 May 2007 13:30:06 +0200 Reyk Floeter [EMAIL PROTECTED] wrote: On Fri, May 04, 2007 at 01:15:20PM +0200, Stephan A. Rickauer wrote: quick question: My newly build 4.1-stable on i386 says in dmesg: OpenBSD 4.1 (GENERIC) #0: Thu May 3 14:29:53 CEST 2007 [EMAIL PROTECTED

OpenExpo 2008 Bern

like last year we'll be present at the OpenExpo event in Bern, Switzerland on March 12/13 2008. It's completely free entrance, but you have to get a ticket online. Feel free to drop by. http://www.openexpo.ch/ Stephan

Gratuitous ARP

Does anyone happen to know a tool that sends out gratuitous arp from userland on openbsd? P.S. I know there is CARP, but I need to send out o;?gratuitous arp anyway ;) Thanks, Stephan

Re: Gratuitous ARP

On Mon, 2008-03-24 at 23:11 +0100, Henning Brauer wrote: MAC=00:11:22:33:44:55 DNET=dnet for IP in `ifconfig $interface | grep 'inet ' | \ sed 's/ *inet \([0-9]*\.[0-9]*\.[0-9]*\.[0-9]*\) netmask.*/\1/'`; do ${DNET} arp op rep sha ${MAC} spa ${IP} tpa ${IP} | \ ${DNET} eth

Re: wpa now in current?!

-in-progress, but the basic functionality is there. -- Stephan A. Rickauer --- Institute of Neuroinformatics Tel +41 44 635 30 50 University / ETH Zurich Sec +41 44 635 30 52 Winterthurerstrasse 190 Fax

QLogic lies: now it's up to you

media. -- Stephan A. Rickauer --- Institute of Neuroinformatics Tel +41 44 635 30 50 University / ETH Zurich Sec +41 44 635 30 52 Winterthurerstrasse 190 Fax +41 44 635 30 53 CH-8057 Zurich

Re: QLogic lies: now it's up to you

of this week. Thanks guys. On Mon, 2008-04-21 at 11:59 +0200, Stephan A. Rickauer wrote: In October 2007 I have established contact with QLogic, to investigate whether they could help us in making iSCSI HBAs work in OpenBSD by donating some hardware and by providing free programming

[OT] Which C learning approach to take

understand BSD? Does it make sense to grab a very old version (4.4BSD?) since it is less complex? Which source code is a good example for understanding how Unix basically works? Thanks, -- Stephan A. Rickauer --- Institut für

sticker of transparant, white puffy hits Switzerland

Was also included in the 3.9 CD parcel I've received today! Aweseome, now the directors have to look at puffy everytime they enter my door ;) Thanks, guys. -- Stephan A. Rickauer --- Institut f|r Neuroinformatik Tel: +41 44

Donations to OpenSSH

to be seen as a hero (other's are ;) ) but I did want to emphasize how astonishingly easy it is to help - at least sometimes. Thanks for Open{BSD|SSH} and thanks for the 'real' openness. -- Stephan A. Rickauer --- Institut f|r Neuroinformatik

Re: PF/CARP load balancing

you think that avenue may lead to a more robust solution? No. -- Stephan A. Rickauer --- Institut f|r Neuroinformatik Tel: +41 44 635 30 50 Universitdt / ETH Z|rich Sek: +41 44 635 30 52 Winterthurerstrasse 190

Re: PF/CARP load balancing

. It will always do at least what heartbeat does for you and even more (if you want) and much faster. If you have to use linux for some reason, you can try UCARP (or keepalived). -- Stephan A. Rickauer --- Institut f|r Neuroinformatik

pflogger in 3.9 (tcpdump)

at http://www.openbsd.org.my/faq/pf/pt/logging.html which now does not work(tm) any longer as described, since the user 'pflogger' can't use tcpdump on the log file. I worked around this by using sudo. Is this the recommended way of doing it? -- Stephan A. Rickauer

apmd -C in 3.9

[EMAIL PROTECTED]:# for i in 1 2 3; do md5 -t | grep Time; done Time = 2.926772 seconds Time = 1.039970 seconds Time = 0.594676 seconds Really nice... saving the world by saving power ;) -- Stephan [demime 1.01d removed an attachment of type application/pgp-signature which had a name of

OT: Serial2ssh device

then securely connect to ethernet and offer some openssh login. Any recommendations in addition to the colorful lies on the web from all the vendors? Experiences? Any pitfalls? Thanks, -- Stephan A. Rickauer --- Institut f|r Neuroinformatik

Re: OT: Serial2ssh device

fund back to OpenSSH? If so, I'd like to support them by buying one of there devices. -- Stephan A. Rickauer --- Institut f|r Neuroinformatik Tel: +41 44 635 30 50 Universitdt / ETH Z|rich Sek: +41 44 635 30 52

Re: OT: Serial2ssh device

I don't believe there is one that has contributed. Why doesn't that surprise me ... going for Cyclades now anyway - thanks for all your comments and suggestions. -- Stephan A. Rickauer --- Institut f|r Neuroinformatik Tel

Re: DDOS attack

sonjaya wrote: How to blok ddos/Flooding/ssh brute attack with pf . Thanks to ( max-src-nodes 20, max-src-states 1 ) brute forcing just disappeared. Stephan [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]

Re: BSD kernel going to be included in University

what happens when the teacher explains a particular struct and everyone is reading a different source. Not to mention the poor Sysadmin forced to support more than one OS in one class ;) -- Stephan A. Rickauer --- Institut f|r

firewall on 3.9 i386, crashing after carp failover

In a setup of two redundant carp firewalls, each serving four interfaces, the master crashes regularly (but not always) after a manuall failover from the backup to the master. This is how I do the manual failover ('carpdown' on master): ---snip--- for i in 0 1 2 3; do ifconfig carp$i down; done

Re: sokeris output

Lars Hansson wrote: On Monday 24 July 2006 13:33, Gustavo Rios wrote: PS: If you have a kernel configuration file for exact that hardware, i would enjoy too. Save yourself a loft of pain and frustration and get a CF large enough (256Mb) for the base system and use the GENERIC kernel. This

Re: Help to debug Openbsd freezes...

Ian Watts wrote: It's still running 3.5 (ok, ok, don't shoot, it's an old one but upgrades are not easy). It's an i386 1U in a safe environment (colo) They are. That's exactly one of the main reasons why I have started using OpenBSD at our Institute. Twice a year I spend ~ 2 hours (that

Re: currently opened file descriptors

Sebastian Benoit wrote: Stephan A. Rickauer([EMAIL PROTECTED]) on 2006.08.04 09:20:09 +: How can one list the number of file descriptors a shell and any processes created by that shell are currently opened? fstat (1) /B. brilliant. Thanks. -- Stephan A. Rickauer

Re: Mail Server configuration question(s)

have a look at Courier or Cyrus now ;) -- Stephan A. Rickauer --- Institut f|r Neuroinformatik Tel: +41 44 635 30 50 Universitdt / ETH Z|rich Sek: +41 44 635 30 52 Winterthurerstrasse 190 Fax: +41 44

Re: Why no compiler on prod system [Was: Re: How to update httpd without a compiller]

Tomas wrote: Yes it's too late, but why to let a hacker to compile his exploits on your system and to go compromising other PCs (from your DMZ or from internet, it doesn't matter). If a hacker is on your system, he'll also manage to install the compiler himself before using it. Stephan

netstat, socket, pid

What is the most elegant way to find out which pid/program belongs to which socket? netstat(1) and archive didn't help me in that case. Thanks, -- Stephan A. Rickauer --- Institut f|r Neuroinformatik Tel: +41 44 635 30 50

Re: hearing complaints regarding pre-orders

order forms are displaying the prices properly on their index pages: https://https.openbsd.org/cgi-bin/order?CD40=1CD40%2b=Add https://https.openbsd.org/cgi-bin/order.eu?CD40=1CD40%2b=Add -- Stephan A. Rickauer --- Institut f|r

Broadcom HT-1000 chipset

Building a new OpenBSD server I am planning to buy a Tyan S3950 mainboard. Has anybody experience with that chipset? http://tyan.com/products/html/tomcath1000s.html Thanks, -- Stephan A. Rickauer --- Institut f|r Neuroinformatik

Re: Broadcom HT-1000 chipset

works? Nvidia, no. VIA? -- Stephan A. Rickauer --- Institut f|r Neuroinformatik Tel: +41 44 635 30 50 Universitdt / ETH Z|rich Sek: +41 44 635 30 52 Winterthurerstrasse 190 Fax: +41 44 635 30 53 CH

Re: Broadcom HT-1000 chipset

Stephan A. Rickauer wrote: Stuart Henderson wrote: http://www.kernel.org/hg/linux-2.6/?cs=fbcb10423ad8 * Documentation: * Available under NDA only. Errata info very hard to get. That's bad. I don't really wanna support those companies. But which vendor is doing good amd64 chipsets

Thanks once more

supported. Respect. -- Stephan A. Rickauer --- Institut f|r Neuroinformatik Tel: +41 44 635 30 50 Universitdt / ETH Z|rich Sek: +41 44 635 30 52 Winterthurerstrasse 190 Fax: +41 44 635 30 53 CH-8057 Z

Re: [ami] Unable to set Hot Spare on MegaRAID SATA 300-8x

. However, I will only be able to lend it for a couple of weeks since it belongs to a future customer (which expects a rock solid OpenBSD fileserver ;) ). -- Stephan A. Rickauer --- Institut f|r Neuroinformatik Tel: +41 44 635 30 50

Re: bioctl compatible LSIs?

, read this: http://marc.theaimsgroup.com/?l=openbsd-miscm=116103468316956w=2 Not a big deal though, unless you can't afford to reboot on disk failure. It's on Marco's 'radar' anyway ;) -- Stephan A. Rickauer --- Institut f|r

saslauthd and rimap

If someone happens to run saslauthd 2.1.22 on OpenBSD and uses rimap as authmech against a cyrus server, please try to authenticate using a password with double-quotes. I think we've found a bug here and it would be neat to have a confirmation. Thanks, -- Stephan A. Rickauer

Qlogic shipped one adapter, finally

Update: Qlogic finally managed to donate one iSCSI HBA to the OpenBSD project. I'd like to thank everybody who participated in emailing Qlogic - this step applied the required pressure so they finally kept their promise. Stephan. On Mon, 2008-04-21 at 20:52 +0200, Stephan A. Rickauer wrote

setting PKG_CACHE stopps pkg_add

(this is i386, 4.3 release) PKG_PATH contains three locations 0) PKG_CACHE dir 1) first http server (mirror.switch.ch) 2) second http server (mirror.startek.ch) # echo $PKG_PATH /pkg_cache/:http://mirror.switch.ch/ftp/pub/OpenBSD/4.3/packages/i386/:http://mirror.startek.ch/OpenBSD/pkg/i386/e17/

Re: Net-SNMP segfaults under OpenBSD 4.3

On Wed, 2008-06-25 at 11:17 -0400, (private) HKS wrote: In my quest for real SNMP monitoring of OpenBSD, I installed net-snmp-5.4.1p0 on an OpenBSD 4.3 box via packages. The executable segfaults every time I try to run it. This happens with or without command-line options, with my custom

CARP node crashing reproducibly (4.3-stable)

897 1 0 1 1 0 81 plimitpl 152 6600 647 1 0 1 1 0 80 inpcbpl 216 1480120 147993 3 0 3 3 0 81 In use 20068K, total allocated 23264K; utilization 86.3% -- Stephan A. Rickauer

Re: CARP node crashing reproducibly (4.3-stable)

groups: carp egress inet6 fe80::200:5eff:fe00:103%carp3 prefixlen 64 scopeid 0xc inet 130.60.x.xxx netmask 0xfffc broadcast 130.60.x.xxx I think this it ;) -- Stephan A. Rickauer --- Institute of Neuroinformatics

Re: CARP node crashing reproducibly (4.3-stable)

On Fri, 2008-07-11 at 21:32 +0200, Henning Brauer wrote: * Stephan A. Rickauer [EMAIL PROTECTED] [2008-07-11 16:59]: Here's all data I was able to get off our crashing machine, the backup node of our CARP cluster, that used to run flawlessly since 3.7. We can reproduce the problem

Re: CARP node crashing reproducibly (4.3-stable)

On Mon, 2008-07-14 at 14:22 +0200, Henning Brauer wrote: perfect analysis! looks like the only sane thing to do in that case is to bail and not send the icmp. I've compiled a new kernel with the patch. The machine is no longer crashing on pf_send_icmp(). However, I now see memory leaking

Re: CARP node crashing reproducibly (4.3-stable)

are right. The leak we've seen is due to a kernel build we must have introduced by using an unclean source tree. Problem solved. However, the patch you've implemented in 1.610 of pf.c does fix the crashes we've seen before. Thanks a lot! -- Stephan A. Rickauer

  1   2   >