Re: CARP hash vuln
On Tue, Dec 21, 2010 at 2:23 AM, Fernando Quintero fernando.a.quint...@gmail.com wrote: some comment? http://seclists.org/bugtraq/2010/Dec/200 I'm not able to provide a solution, but this is of course a bug that needs to be fixed. I think claudio@ or henning@ are the right persons to ping... Ciao, David
Re: 64 bit cvsup pkg?
On Tue, Dec 21, 2010 at 7:33 AM, Indunil Jayasooriya induni...@gmail.com wrote: I installed OpenBSD 64 bit. I want to update it by using cvsup.But, I am not able to find a *cvsup* 64 bit pkg . cvsup is ONLY_FOR_ARCHS = i386, but there is csup, see http://marc.info/?t=12576307312r=1w=2. Rune
Re: CARP hash vuln
On Tue, Dec 21, 2010 at 09:34:01AM +0100, David Coppa wrote: On Tue, Dec 21, 2010 at 2:23 AM, Fernando Quintero fernando.a.quint...@gmail.com wrote: some comment? http://seclists.org/bugtraq/2010/Dec/200 I'm not able to provide a solution, but this is of course a bug that needs to be fixed. If you look at my commit message from 3 years ago, you'll see that we are well aware of this: http://www.openbsd.org/cgi-bin/cvsweb/src/sys/netinet/ip_carp.c?f=h#rev1.152 If someone comes up with a replay protection that works without the help of synchronized clocks, I'm happy to fix this. OTOH, I'm still not convinced that it's worth the effort to fix a L2-only attack. There's still enough other ways for a DoS on L2.
Re: PF and States
On 12/20/10 15:52, Kevin Wilcox wrote: On 19 December 2010 07:16, Henning Brauerlists-open...@bsws.de wrote: you're way off ;) I had 2 million during a DDoS. things got a bit slow but everything worked. Henning - out of curiosity, what were the specs on that hardware? It may be interesting to know of any specifics tweaks in that setup (besides net.inet.ip.ifq.maxlen and set limit states), if any. My understanding was that pf won't use more than 1GB of RAM, which I thought to equal about 1 million states, but I never verified that information and now it's been so long I can't recall the source. According to pf_var.h, a struct pf_state is roughly 212 bytes on amd64.
Re: dhcpd troubleshooting
On 20 December 2010 23:28, Kenneth R Westerback kwesterb...@rogers.com wrote: On Mon, Dec 20, 2010 at 09:23:34PM +1030, Damon McMahon wrote: On 19 December 2010 23:28, Kenneth R Westerback kwesterb...@rogers.com wrote: On Sun, Dec 19, 2010 at 10:29:56PM +1030, Damon McMahon wrote: Greetings, I have a troublesome DHCP client -- a Brother MFC-9420CN multifunction centre -- I'd like to troubleshoot. It's being assigned a lease including IP address and gateway address by dhcpd(8), but not a subnet mask. How do you know it is not getting a subnet mask? What does the printer say its subnet mask is? The printer shows a netmask of 000.000.000.000 i.e. no netmask, and I can't ping or otherwise establish connectivity with the printer. Once I manually specify the netmask 255.255.255.0 everything's hunky dory, so it would appear the netmask isn't being acquired properly. As someone else has said, capturing the conversation via tcpdump would show what the printer is asking for and what is being sent. If you have Yes if in doubt packet-capture is a good idea, I guess -- didn't realise that tcpdump(8) can interpret DHCP which helps :-) From what I can tell below, the subnet mask (SM) is being offered. # tcpdump -envvX -s 1500 -i xl0 tcpdump: listening on xl0, link-type EN10MB 20:54:45.656327 00:80:77:88:8b:59 ff:ff:ff:ff:ff:ff 0030 62: snap 0:0:0:81:37 sap aa ui/C len=37 : 0300 8137 0028 0001 ??.7??.( 0010: 0453 0080 ..??.S.. 0020: 7788 8b59 6000 0001 w..Y`... 20:54:50.289087 00:80:77:88:8b:59 ff:ff:ff:ff:ff:ff 0800 590: 0.0.0.0.68 255.255.255.255.67: [udp sum ok] xid:0x56f6 flags:0x8000 vend-rfc1048 DHCP:DISCOVER MSZ:548 PR:SM+DG+NS+HN+DN+BR+NTP+YD+WNS+WNT HN:brothermfc (ttl 60, id 0, len 576) : 4500 0240 3c11 7cae e...@.|? 0010: 0044 0043 022c 52d2 0101 0600 .D.C.,R? 0020: 56f6 8000 ..V? 0030: 0080 7788 8b59 ..w..Y.. 0040: 0050: 0060: 0070: 0080: 0090: 00a0: 00b0: 00c0: 00d0: 00e0: 00f0: 0100: 6382 5363 3501 0139 c.Sc5..9 0110: 0202 2437 0a01 0306 0c0f 1c2a 282c 2e0c ..$7...*(,.. 0120: 0a62 726f 7468 6572 6d66 63ff .brothermfc? 0130: 0140: 0150: 0160: 0170: 0180: 0190: 01a0: 01b0: 01c0: 01d0: 01e0: 01f0: 0200: 0210: 0220: 0230: 20:54:50.290420 00:60:08:34:91:f9 00:80:77:88:8b:59 0800 366: 192.168.0.1.67 255.255.255.255.68: [udp sum ok] xid:0x56f6 flags:0x8000 Y:192.168.0.2 S:192.168.0.1 vend-rfc1048 DHCP:OFFER SID:192.168.0.1 LT:86400 SM:255.255.255.0 DG:192.168.0.1 NS:192.168.1.1 HN:brothermfc DN:office BR:192.168.0.255 NTP:192.168.0.1 RN:43200 RB:75600 SMTP:192.168.0.1 [tos 0x10] (ttl 16, id 0, len 352) : 4510 0160 1011 e8d4 c0a8 0001 E..`.... 0010: 0043 0044 014c d110 0201 0600 .C.D.L?. 0020: 56f6 8000 c0a8 0002 ..V???.. 0030: c0a8 0001 0080 7788 8b59 ??w..Y.. 0040:
Re: dhcpd troubleshooting
On Tue, Dec 21, 2010 at 09:43:17PM +1030, Damon McMahon wrote: On 20 December 2010 23:28, Kenneth R Westerback kwesterb...@rogers.com wrote: On Mon, Dec 20, 2010 at 09:23:34PM +1030, Damon McMahon wrote: On 19 December 2010 23:28, Kenneth R Westerback kwesterb...@rogers.com wrote: On Sun, Dec 19, 2010 at 10:29:56PM +1030, Damon McMahon wrote: Greetings, I have a troublesome DHCP client -- a Brother MFC-9420CN multifunction centre -- I'd like to troubleshoot. It's being assigned a lease including IP address and gateway address by dhcpd(8), but not a subnet mask. How do you know it is not getting a subnet mask? What does the printer say its subnet mask is? The printer shows a netmask of 000.000.000.000 i.e. no netmask, and I can't ping or otherwise establish connectivity with the printer. Once I manually specify the netmask 255.255.255.0 everything's hunky dory, so it would appear the netmask isn't being acquired properly. As someone else has said, capturing the conversation via tcpdump would show what the printer is asking for and what is being sent. If you have Yes if in doubt packet-capture is a good idea, I guess -- didn't realise that tcpdump(8) can interpret DHCP which helps :-) From what I can tell below, the subnet mask (SM) is being offered. # tcpdump -envvX -s 1500 -i xl0 tcpdump: listening on xl0, link-type EN10MB 20:54:45.656327 00:80:77:88:8b:59 ff:ff:ff:ff:ff:ff 0030 62: snap 0:0:0:81:37 sap aa ui/C len=37 ? : 0300 8137 0028 0001 ???.7??.( ? 0010: 0453 0080 ?..??.S.. ? 0020: 7788 8b59 6000 0001 ?w..Y`... 20:54:50.289087 00:80:77:88:8b:59 ff:ff:ff:ff:ff:ff 0800 590: 0.0.0.0.68 255.255.255.255.67: [udp sum ok] xid:0x56f6 flags:0x8000 vend-rfc1048 DHCP:DISCOVER MSZ:548 PR:SM+DG+NS+HN+DN+BR+NTP+YD+WNS+WNT HN:brothermfc (ttl 60, id 0, len 576) ? : 4500 0240 3c11 7cae ?...@.|? ? 0010: 0044 0043 022c 52d2 0101 0600 ?.D.C.,R? ? 0020: 56f6 8000 ?..V? ? 0030: 0080 7788 8b59 ?..w..Y.. ? 0040: ? ? 0050: ? ? 0060: ? ? 0070: ? ? 0080: ? ? 0090: ? ? 00a0: ? ? 00b0: ? ? 00c0: ? ? 00d0: ? ? 00e0: ? ? 00f0: ? ? 0100: 6382 5363 3501 0139 ?c.Sc5..9 ? 0110: 0202 2437 0a01 0306 0c0f 1c2a 282c 2e0c ?..$7...*(,.. ? 0120: 0a62 726f 7468 6572 6d66 63ff ?.brothermfc? ? 0130: ? ? 0140: ? ? 0150: ? ? 0160: ? ? 0170: ? ? 0180: ? ? 0190: ? ? 01a0: ? ? 01b0: ? ? 01c0: ? ? 01d0: ? ? 01e0: ? ? 01f0: ? ? 0200: ? ? 0210: ? ? 0220: ? ? 0230: ? 20:54:50.290420 00:60:08:34:91:f9 00:80:77:88:8b:59 0800 366: 192.168.0.1.67 255.255.255.255.68: [udp sum ok] xid:0x56f6 flags:0x8000 Y:192.168.0.2 S:192.168.0.1 vend-rfc1048 DHCP:OFFER SID:192.168.0.1 LT:86400 SM:255.255.255.0 DG:192.168.0.1 NS:192.168.1.1 HN:brothermfc DN:office BR:192.168.0.255 NTP:192.168.0.1 RN:43200 RB:75600 SMTP:192.168.0.1 [tos 0x10] (ttl 16, id 0, len 352) ? : 4510 0160 1011 e8d4 c0a8 0001 ?E..`.... ? 0010: 0043 0044 014c d110 0201 0600 ?.C.D.L?. ? 0020: 56f6 8000
correspondance et mariage
This is a MIME-encoded message that elise07652 sent through Multiply. To read it, you need a HTML-capable mail client.
Re: PF and States
* Kevin Wilcox ke...@tux.appstate.edu [2010-12-20 16:01]: On 19 December 2010 07:16, Henning Brauer lists-open...@bsws.de wrote: * Ryan McBride mcbr...@openbsd.org [2010-12-03 09:52]: More than 100,000. I havn't tested lately (planning to do so soo), but I would expect somewhere closer to 500,000. you're way off ;) I had 2 million during a DDoS. things got a bit slow but everything worked. Henning - out of curiosity, what were the specs on that hardware? OpenBSD 4.8-stable (GENERIC) #1: Mon Oct 4 16:19:06 CEST 2010 henn...@terak.bsws.de:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel(R) Core(TM)2 CPU 6600 @ 2.40GHz (GenuineIntel 686-class) 2.40 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM real mem = 1072128000 (1022MB) avail mem = 1044631552 (996MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 08/25/07, BIOS32 rev. 0 @ 0xfd470, SMBIOS rev. 2.51 @ 0x3feeb000 (31 entries) bios0: vendor Phoenix Technologies LTD version 6.00 date 08/25/2007 bios0: Supermicro PDSMi acpi0 at bios0: rev 0 acpi0: sleep states S0 S1 S4 S5 acpi0: tables DSDT FACP MCFG HPET APIC BOOT ASF! SSDT SSDT acpi0: wakeup devices DEV1(S5) EXP1(S5) PXHA(S5) EXP5(S5) EXP6(S5) PCIB(S5) KBC0(S1) MSE0(S1) COM1(S5) COM2(S5) USB1(S4) USB2(S4) USB3(S4) USB4(S4) EUSB(S4) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpihpet0 at acpi0: 14318179 Hz acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: apic clock running at 268MHz ioapic0 at mainbus0: apid 1 pa 0xfec0, version 20, 24 pins ioapic1 at mainbus0: apid 2 pa 0xfec1, version 20, 24 pins acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 1 (DEV1) acpiprt2 at acpi0: bus 9 (EXP1) acpiprt3 at acpi0: bus 10 (PXHA) acpiprt4 at acpi0: bus 13 (EXP5) acpiprt5 at acpi0: bus 14 (EXP6) acpiprt6 at acpi0: bus 15 (PCIB) acpicpu0 at acpi0: PSS acpibtn0 at acpi0: PWRB bios0: ROM list: 0xc/0xb000 ipmi at mainbus0 not configured cpu0: Enhanced SpeedStep 2395 MHz: speeds: 900, 600 MHz pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 0 function 0 Intel E7230 Host rev 0xc0 ppb0 at pci0 dev 1 function 0 Intel E7230 PCIE rev 0xc0: apic 1 int 16 (irq 11) pci1 at ppb0 bus 1 ppb1 at pci0 dev 28 function 0 Intel 82801GB PCIE rev 0x01: apic 1 int 17 (irq 12) pci2 at ppb1 bus 9 ppb2 at pci2 dev 0 function 0 Intel PCIE-PCIE rev 0x09 pci3 at ppb2 bus 10 em0 at pci3 dev 1 function 0 Intel PRO/1000MT (82541GI) rev 0x00: apic 2 int 0 (irq 11), address 00:0e:0c:37:d1:86 Intel IOxAPIC rev 0x09 at pci2 dev 0 function 1 not configured ppb3 at pci0 dev 28 function 4 Intel 82801G PCIE rev 0x01: apic 1 int 17 (irq 12) pci4 at ppb3 bus 13 em1 at pci4 dev 0 function 0 Intel PRO/1000MT (82573E) rev 0x03: apic 1 int 16 (irq 11), address 00:30:48:92:08:32 ppb4 at pci0 dev 28 function 5 Intel 82801G PCIE rev 0x01: apic 1 int 16 (irq 11) pci5 at ppb4 bus 14 em2 at pci5 dev 0 function 0 Intel PRO/1000MT (82573L) rev 0x00: apic 1 int 17 (irq 12), address 00:30:48:92:08:33 uhci0 at pci0 dev 29 function 0 Intel 82801GB USB rev 0x01: apic 1 int 23 (irq 10) uhci1 at pci0 dev 29 function 1 Intel 82801GB USB rev 0x01: apic 1 int 19 (irq 11) uhci2 at pci0 dev 29 function 2 Intel 82801GB USB rev 0x01: apic 1 int 18 (irq 5) uhci3 at pci0 dev 29 function 3 Intel 82801GB USB rev 0x01: apic 1 int 16 (irq 11) ehci0 at pci0 dev 29 function 7 Intel 82801GB USB rev 0x01: apic 1 int 23 (irq 10) usb0 at ehci0: USB revision 2.0 uhub0 at usb0 Intel EHCI root hub rev 2.00/1.00 addr 1 ppb5 at pci0 dev 30 function 0 Intel 82801BA Hub-to-PCI rev 0xe1 pci6 at ppb5 bus 15 vga1 at pci6 dev 0 function 0 ATI ES1000 rev 0x02 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) radeondrm0 at vga1: apic 1 int 16 (irq 11) drm0 at radeondrm0 ichpcib0 at pci0 dev 31 function 0 Intel 82801GB LPC rev 0x01: PM disabled pciide0 at pci0 dev 31 function 1 Intel 82801GB IDE rev 0x01: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility pciide0: channel 0 disabled (no drives) pciide0: channel 1 disabled (no drives) ahci0 at pci0 dev 31 function 2 Intel 82801GR AHCI rev 0x01: apic 1 int 19 (irq 11), AHCI 1.1 scsibus0 at ahci0: 32 targets sd0 at scsibus0 targ 0 lun 0: ATA, ST380815AS, 3.AA SCSI3 0/direct fixed sd0: 76319MB, 512 bytes/sec, 156301488 sec total ichiic0 at pci0 dev 31 function 3 Intel 82801GB SMBus rev 0x01: apic 1 int 19 (irq 11) iic0 at ichiic0 lm1 at iic0 addr 0x2d: W83627HF wbng0 at iic0 addr 0x2f: w83793g spdmem0 at iic0 addr 0x50: 512MB DDR2 SDRAM non-parity PC2-5300CL5 spdmem1 at iic0 addr 0x52: 512MB DDR2 SDRAM non-parity PC2-5300CL5 usb1 at uhci0: USB revision 1.0 uhub1 at usb1 Intel UHCI root hub rev 1.00/1.00 addr 1 usb2 at uhci1: USB revision 1.0 uhub2 at usb2 Intel UHCI root hub rev 1.00/1.00 addr 1 usb3 at uhci2: USB
Re: 64 bit cvsup pkg?
On 2010-12-21, Rune Lynge rune.ly...@gmail.com wrote: On Tue, Dec 21, 2010 at 7:33 AM, Indunil Jayasooriya induni...@gmail.com wrote: I installed OpenBSD 64 bit. I want to update it by using cvsup.But, I am not able to find a *cvsup* 64 bit pkg . cvsup is ONLY_FOR_ARCHS = i386, but there is csup, see http://marc.info/?t=12576307312r=1w=2. also note that CVSup is not especially widely used with OpenBSD (and there are a rather limited number of mirrors offering it), most people are either using anoncvs directly against an online mirror, or cvsync and then anoncvs from a local repository.
Re: add new disk
This was the procedure I follow in 4.3 sucessfully, the same I did in 4.8 and doesn't work: -bash-3.2# fdisk -i sd1 - -- ATTENTION - UPDATING MASTER BOOT RECORD -- - Do you wish to write new MBR and partition table? [n] MBR is unchanged -bash-3.2# fdisk -i sd1 - -- ATTENTION - UPDATING MASTER BOOT RECORD -- - Do you wish to write new MBR and partition table? [n] y -bash-3.2# disklabel -E sd1 # Inside MBR partition 3: type A6 start 32 size 2097120 Treating sectors 32-2097152 as the OpenBSD portion of the disk. You can use the 'b' command to change this. Initial label editor (enter '?' for help at any prompt) a a offset: [32] size: [2097120] FS type: [4.2BSD] q Write new label?: [y] y -bash-3.2# newfs /dev/sd1a newfs: : /dev/sd1a: not a character-special device /dev/sd1a: 1024.0MB in 2097120 sectors of 512 bytes 6 cylinder groups of 202.47MB, 12958 blocks, 25984 inodes each super-block backups (for fsck -b #) at: 32, 414688, 829344, 1244000, 1658656, 2073312, no, not really different (though some things are more precise now) So...the basics: What did you do? What did you expect to happen? What did you see happen? Nick. -- Using Opera's revolutionary email client: http://www.opera.com/mail/
Re: add new disk
Otto, this is not 4.8 it's 4.3, so this is a error now and not a warning, what I must changte in the comnand line to make it work with 4.8? LeaL This is not 4.8. This warning has been upgraded to an error now. Read my previous reply and follow the advise in it. -Otto /dev/sd1a: 1024.0MB in 2097120 sectors of 512 bytes 6 cylinder groups of 202.47MB, 12958 blocks, 25984 inodes each super-block backups (for fsck -b #) at: 32, 414688, 829344, 1244000, 1658656, 2073312, no, not really different (though some things are more precise now) So...the basics: What did you do? What did you expect to happen? What did you see happen? Nick. -- Using Opera's revolutionary email client: http://www.opera.com/mail/ -- Using Opera's revolutionary email client: http://www.opera.com/mail/
Re: add new disk
On Tue, Dec 21, 2010 at 08:09:58AM -0600, Orestes Leal R. wrote: This was the procedure I follow in 4.3 sucessfully, the same I did in 4.8 and doesn't work: -bash-3.2# fdisk -i sd1 - -- ATTENTION - UPDATING MASTER BOOT RECORD -- - Do you wish to write new MBR and partition table? [n] MBR is unchanged -bash-3.2# fdisk -i sd1 - -- ATTENTION - UPDATING MASTER BOOT RECORD -- - Do you wish to write new MBR and partition table? [n] y -bash-3.2# disklabel -E sd1 # Inside MBR partition 3: type A6 start 32 size 2097120 Treating sectors 32-2097152 as the OpenBSD portion of the disk. You can use the 'b' command to change this. Initial label editor (enter '?' for help at any prompt) a a offset: [32] size: [2097120] FS type: [4.2BSD] q Write new label?: [y] y -bash-3.2# newfs /dev/sd1a newfs: : /dev/sd1a: not a character-special device This is not 4.8. This warning has been upgraded to an error now. Read my previous reply and follow the advise in it. -Otto /dev/sd1a: 1024.0MB in 2097120 sectors of 512 bytes 6 cylinder groups of 202.47MB, 12958 blocks, 25984 inodes each super-block backups (for fsck -b #) at: 32, 414688, 829344, 1244000, 1658656, 2073312, no, not really different (though some things are more precise now) So...the basics: What did you do? What did you expect to happen? What did you see happen? Nick. -- Using Opera's revolutionary email client: http://www.opera.com/mail/
Re: add new disk
Do you need it in Braille? Couple of people said to you what to do. Use raw device and not block device. Is it so hard to read man page for newfs to see that in DESCRIPTION part? On Tue, Dec 21, 2010 at 3:25 PM, Orestes Leal R. l...@cubacatering.avianet.cu wrote: Otto, this is not 4.8 it's 4.3, so this is a error now and not a warning, what I must changte in the comnand line to make it work with 4.8? LeaL This is not 4.8. This warning has been upgraded to an error now. Read my previous reply and follow the advise in it. B B B B -Otto /dev/sd1a: 1024.0MB in 2097120 sectors of 512 bytes 6 cylinder groups of 202.47MB, 12958 blocks, 25984 inodes each super-block backups (for fsck -b #) at: B 32, 414688, 829344, 1244000, 1658656, 2073312, no, not really different (though some things are more precise now) So...the basics: What did you do? What did you expect to happen? What did you see happen? Nick. -- Using Opera's revolutionary email client: http://www.opera.com/mail/ -- Using Opera's revolutionary email client: http://www.opera.com/mail/
Re: add new disk
On Tue, Dec 21, 2010 at 08:25:35AM -0600, Orestes Leal R. wrote: Otto, this is not 4.8 it's 4.3, so this is a error now and not a warning, what I must changte in the comnand line to make it work with 4.8? LeaL newfs /dev/rsd1a Ken This is not 4.8. This warning has been upgraded to an error now. Read my previous reply and follow the advise in it. -Otto /dev/sd1a: 1024.0MB in 2097120 sectors of 512 bytes 6 cylinder groups of 202.47MB, 12958 blocks, 25984 inodes each super-block backups (for fsck -b #) at: 32, 414688, 829344, 1244000, 1658656, 2073312, no, not really different (though some things are more precise now) So...the basics: What did you do? What did you expect to happen? What did you see happen? Nick. -- Using Opera's revolutionary email client: http://www.opera.com/mail/ -- Using Opera's revolutionary email client: http://www.opera.com/mail/
Re: add new disk
No, I don't, I'm at work and here don't have a 4.8 box, only 4.6, By raw you mean use /dev/sd0 instead /dev/sd0a for example? Do you need it in Braille? Couple of people said to you what to do. Use raw device and not block device. Is it so hard to read man page for newfs to see that in DESCRIPTION part? On Tue, Dec 21, 2010 at 3:25 PM, Orestes Leal R. l...@cubacatering.avianet.cu wrote: Otto, this is not 4.8 it's 4.3, so this is a error now and not a warning, what I must changte in the comnand line to make it work with 4.8? LeaL This is not 4.8. This warning has been upgraded to an error now. Read my previous reply and follow the advise in it. -Otto /dev/sd1a: 1024.0MB in 2097120 sectors of 512 bytes 6 cylinder groups of 202.47MB, 12958 blocks, 25984 inodes each super-block backups (for fsck -b #) at: 32, 414688, 829344, 1244000, 1658656, 2073312, no, not really different (though some things are more precise now) So...the basics: What did you do? What did you expect to happen? What did you see happen? Nick. -- Using Opera's revolutionary email client: http://www.opera.com/mail/ -- Using Opera's revolutionary email client: http://www.opera.com/mail/ -- Using Opera's revolutionary email client: http://www.opera.com/mail/
Re: add new disk
On Tue, 21 Dec 2010 08:25:35 -0600 Orestes Leal R. l...@cubacatering.avianet.cu wrote: Otto, this is not 4.8 it's 4.3, so this is a error now and not a warning, what I must changte in the comnand line to make it work with 4.8? *sigh* you have been told what is wrong before, but lets end this. newfs /dev/sd1a was wrong but was handled gracefully. and it is still wrong but now it bombs out. newfs works on raw devices. raw devices start with 'r'. the right command simply is newfs /dev/rsd1a. ^ now that it was spelled out, it might be easier for you to read up on this in the manpages.
Re: add new disk
On Tue, Dec 21, 2010 at 08:48:14AM -0600, Orestes Leal R. wrote: No, I don't, I'm at work and here don't have a 4.8 box, only 4.6, By raw you mean use /dev/sd0 instead /dev/sd0a for example? http://www.openbsd.org/cgi-bin/man.cgi?query=newfs Search for 'raw' or read the second paragraph in the section DESCRIPTION. Or do you not have Internet at work? Do you need it in Braille? Couple of people said to you what to do. Use raw device and not block device. Is it so hard to read man page for newfs to see that in DESCRIPTION part? On Tue, Dec 21, 2010 at 3:25 PM, Orestes Leal R. l...@cubacatering.avianet.cu wrote: Otto, this is not 4.8 it's 4.3, so this is a error now and not a warning, what I must changte in the comnand line to make it work with 4.8? LeaL This is not 4.8. This warning has been upgraded to an error now. Read my previous reply and follow the advise in it. -Otto /dev/sd1a: 1024.0MB in 2097120 sectors of 512 bytes 6 cylinder groups of 202.47MB, 12958 blocks, 25984 inodes each super-block backups (for fsck -b #) at: 32, 414688, 829344, 1244000, 1658656, 2073312, no, not really different (though some things are more precise now) So...the basics: What did you do? What did you expect to happen? What did you see happen? Nick. -- Using Opera's revolutionary email client: http://www.opera.com/mail/ -- Using Opera's revolutionary email client: http://www.opera.com/mail/ -- Using Opera's revolutionary email client: http://www.opera.com/mail/ -- / Raimo Niskanen, Erlang/OTP, Ericsson AB
Re: add new disk
Thanks robert, that's a simple explanation, thanks, LeaL *sigh* you have been told what is wrong before, but lets end this. newfs /dev/sd1a was wrong but was handled gracefully. and it is still wrong but now it bombs out. newfs works on raw devices. raw devices start with 'r'. the right command simply is newfs /dev/rsd1a. ^ now that it was spelled out, it might be easier for you to read up on this in the manpages.
Re: add new disk
On Tue, Dec 21, 2010 at 02:59:12PM +0100, roberth wrote: On Tue, 21 Dec 2010 08:25:35 -0600 Orestes Leal R. l...@cubacatering.avianet.cu wrote: Otto, this is not 4.8 it's 4.3, so this is a error now and not a warning, what I must changte in the comnand line to make it work with 4.8? *sigh* you have been told what is wrong before, but lets end this. newfs /dev/sd1a was wrong but was handled gracefully. and it is still wrong but now it bombs out. newfs works on raw devices. raw devices start with 'r'. the right command simply is newfs /dev/rsd1a. Or just newfs sd1a which is also in the man page, and in Section 14.4 of the FAQ.
4.6 box periodic 100% cpu on vmware
I've been playing with OpenBSD for a little while now, and really love it when I need to throw together a quick firewall, web server, dhcp server, etc. I've got on firewall that I've been using for a little while now, OpenBSD 4.6, running on a VMWare ESXi box. It normally performs fine, and it is doing some NAT and firewall functions with PF. I've pushed quite a few packets through it and am impressed with the performance I am able to get out of it. However, it seems like roughly every 2-3 weeks, I'll experience an issue with it where it will stop responding. I can still ping the machine, but it won't forward any packets, accept SSH connections, or respond to basically anything. If I check on my VMWare host machine it is showing 100% cpu utilization, and I am unable to access the console directly through VMWare. Performing a reset through VMWare fixes it and it runs fine again, for a few weeks, until the same problem occurs. After resetting the box I check out all the log files but I have never been able to see anything that even remotely seems relevant to what could have been happening. I know of no way to see what processes are running and eating up the cpu when this occurs, since I can't get it to respond to anything. I am hoping someone may be able to help point me in the right steps of where to begin troubleshooting this-- I am a fairly experienced Windows admin, but still pretty new to the BSD world, but am trying my best to adopt it wherever possible! Thanks in advance!
Re: 4.6 box periodic 100% cpu on vmware
Matthew Sullenberger sully () sadburger ! com wrote at 2010-12-21 18:22:48: I've been playing with OpenBSD for a little while now, and really love it when I need to throw together a quick firewall, web server, dhcp server, etc. I've got on firewall that I've been using for a little while now, OpenBSD 4.6, running on a VMWare ESXi box. It normally performs fine, and it is doing some NAT and firewall functions with PF. I've pushed quite a few packets through it and am impressed with the performance I am able to get out of it. However, it seems like roughly every 2-3 weeks, I'll experience an issue with it where it will stop responding. I can still ping the machine, but it won't forward any packets, accept SSH connections, or respond to basically anything. If I check on my VMWare host machine it is showing 100% cpu utilization, and I am unable to access the console directly through VMWare. Performing a reset through VMWare fixes it and it runs fine again, for a few weeks, until the same problem occurs. After resetting the box I check out all the log files but I have never been able to see anything that even remotely seems relevant to what could have been happening. I know of no way to see what processes are running and eating up the cpu when this occurs, since I can't get it to respond to anything. I am hoping someone may be able to help point me in the right steps of where to begin troubleshooting this-- I am a fairly experienced Windows admin, but still pretty new to the BSD world, but am trying my best to adopt it wherever possible! Thanks in advance! I don't think you will find many here who will not recommend against **ever** running **any** firewall as a hosted application in the strongest terms. It is probably the very worst application of all to run in a virtual machine. This is because the one machine that you leaving wholly exposed to attack is the ESXi host that the firewall is on: everything has to come through it to get to the firewall machine in the first place. Which doesn't answer the initial question, but I will not be surprised if most of the devs think that this issue is more pressing than the initial question. -- Ed Ahlsen-Girard
Re: 4.6 box periodic 100% cpu on vmware
Without run obsd, occurs the same thing ? 2010/12/21 Matthew Sullenberger su...@sadburger.com I've been playing with OpenBSD for a little while now, and really love it when I need to throw together a quick firewall, web server, dhcp server, etc. I've got on firewall that I've been using for a little while now, OpenBSD 4.6, running on a VMWare ESXi box. It normally performs fine, and it is doing some NAT and firewall functions with PF. I've pushed quite a few packets through it and am impressed with the performance I am able to get out of it. However, it seems like roughly every 2-3 weeks, I'll experience an issue with it where it will stop responding. I can still ping the machine, but it won't forward any packets, accept SSH connections, or respond to basically anything. If I check on my VMWare host machine it is showing 100% cpu utilization, and I am unable to access the console directly through VMWare. Performing a reset through VMWare fixes it and it runs fine again, for a few weeks, until the same problem occurs. After resetting the box I check out all the log files but I have never been able to see anything that even remotely seems relevant to what could have been happening. I know of no way to see what processes are running and eating up the cpu when this occurs, since I can't get it to respond to anything. I am hoping someone may be able to help point me in the right steps of where to begin troubleshooting this-- I am a fairly experienced Windows admin, but still pretty new to the BSD world, but am trying my best to adopt it wherever possible! Thanks in advance!
Re: [OT] Mail Archive Management
On 2010-12-20, Joachim Schipper joac...@joachimschipper.nl wrote: Similarly, IMAP has a SEARCH extension. Most IMAP servers will keep indices for you, but getting the mail client to issue the proper commands (instead of searching locally) may take some doc-reading. In Mutt, use = instead of ~ to search server-side. e.g. l =b sometext If you use Dovecot or Cyrus and are searching message bodies regularly, you might want to enable full-text indexing, it speeds up searches hugely (of course at the expense of slow though often offline indexing operations and some extra disk space).
Especial Regalos de navidad!
[IMAGE]*Los precio estan expresados en pesos argentinos e incluye IVA. En caso de no querer recibir mas este correo por favor presione AQUI .
randomize spamd-setup time in cron?
hi there, i was wondering if it's a good idea to randomize the time of the spamd-setup cronjob. are there some numbers how big traffic are we generating with this? is this an issue? -f -- think carefully before wishing, it might just come true.
Re: pfsync defer, ipv6 delay problem
Try and get the difference between netstat -sp pfsync with a single ipv6 connection. Does it correspond with any of the packets/states discarded? On 2010-12-17, Marco Fretz marco.fr...@gmail.com wrote: Hi, I have a problem with ipv6 connections and firewalls with enabled pfsync defer. IPv4 inital packets are forwarded without noticeable delay. IPv6 inital packes are delayed by 0.5-2 seconds. The situation looks like this: 2 firewalls at main site 2 firewalls at remote site firewalls are redundant with carp and pfsync. master firewall (site1) has a gif / ipsec tunnel to master firewall (site2) slave firewall (site1) has gif / ipsec tunnel to slave firewall (site2) ospf is running over the gif tunnels and internal network. defer is needed to use both tunnels for redundancy. working great. currently I just use ipv4 traffic trough the gif tunnels and also no ospf for ipv6 is running at all. the firewalls are fully ipv6 enabled and office network and some servers at site1 need ipv6 internet access. unfortunately this ipv6 internet traffic is affected by the pfsync defer. site 1 ~ $ netstat -sp pfsync pfsync: 65205 packets received (IPv4) 0 packets received (IPv6) 0 packets discarded for bad interface 0 packets discarded for bad ttl 0 packets shorter than header 0 packets discarded for bad version 0 packets discarded for bad HMAC 0 packets discarded for bad action 0 packets discarded for short packet 9261 states discarded for bad values 1045 stale states 347 failed state lookup/inserts 4879875 packets sent (IPv4) 0 packets sent (IPv6) 0 send failed due to mbuf memory error 0 send error site 2 ~ $ netstat -sp pfsync pfsync: 4878073 packets received (IPv4) 0 packets received (IPv6) 0 packets discarded for bad interface 0 packets discarded for bad ttl 0 packets shorter than header 0 packets discarded for bad version 0 packets discarded for bad HMAC 0 packets discarded for bad action 0 packets discarded for short packet 464 states discarded for bad values 2037 stale states 21950 failed state lookup/inserts 483946 packets sent (IPv4) 0 packets sent (IPv6) 0 send failed due to mbuf memory error 0 send error the delay for ipv6 connections for the initial packet is gone as soon I do a ifconfig pfsync0 -defer. any ideas? thanks in advance for any hints on this. greets marco
Re: pfsync nic problem.
On 2010-12-19, Alessandro Baggi alessandro.ba...@gmail.com wrote: Hi list. I've a little question about pfsync. Supposing to have two firewall, with 3 nic, one for lan, one for wan and one for DMZ, and supposing a similar scenario: firewall 1 firewall 2 WAN: re0WAN: xl0 LAN: rl0 LAN: rl0 DMZ: rl1DMZ: rl1 when pfsync send the interface state updates on backup firewall, pfsync update the table of states for the name of interfaces of first firewall? (in my scenario, the syncronization won't works for re0 and xl0, right? Then, firewall 2 box must have nic card name equal to nic card name of first firewall or they can to be different? if this is the issue, and having those scenario, there is a method to make a valid update for re0 and xl0? thanks in advance. states don't normally depend on the interface (and if you *do* make them dependent on that with if-bound states, i'm not sure if pfsync handles that...) are you having problems or is this theoretical? if you're having problems then send a dmesg and full details. if it's theoretical, why don't you just try it for yourself? this stuff is easy to check and first-hand experience beats a post from some random dude on a mailing list.
Re: IP bridge was briefly working now is not, OpenBSD 4.8, amd64, bridge from PC wifi to Beagleboard
On 2010-12-20, brett brett.ma...@gmail.com wrote: On the OpenBSD PC I created a bridge: # ifconfig nfe0 inet 192.168.10.12 netmask 255.255.255.0 # ifconfig bridge0 create In /etc/hostname.nfe0 is the single word: up In /etc/hostname.otus0 is the single word: up In /etc/bridgename.bridge0 is: add nfe0 add otus0 up You must use either WDS or hostap to bridge 802.11 interfaces to wired interfaces, there are not spaces for enough MAC addresses in the standard 802.11 frames to handle bridging. (OpenBSD doesn't support WDS). Some commercial wireless devices support a 'client-bridge' mode without WDS; this uses something which can basically be described as a layer-2 NAT. To do this using OpenBSD I would suggest just doing standard layer-3 NAT with PF and dhcpd instead. I am not sure why it worked before Nor am I.
Re: IP bridge was briefly working now is not, OpenBSD 4.8, amd64, bridge from PC wifi to Beagleboard
On 22 December 2010 10:26, Stuart Henderson s...@spacehopper.org wrote: On 2010-12-20, brett brett.ma...@gmail.com wrote: On the OpenBSD PC I created a bridge: # ifconfig nfe0 inet 192.168.10.12 netmask 255.255.255.0 # ifconfig bridge0 create In /etc/hostname.nfe0 is the single word: up In /etc/hostname.otus0 is the single word: up In /etc/bridgename.bridge0 is: add nfe0 add otus0 up You must use either WDS or hostap to bridge 802.11 interfaces to wired interfaces, there are not spaces for enough MAC addresses in the standard 802.11 frames to handle bridging. (OpenBSD doesn't support WDS). Some commercial wireless devices support a 'client-bridge' mode without WDS; this uses something which can basically be described as a layer-2 NAT. To do this using OpenBSD I would suggest just doing standard layer-3 NAT with PF and dhcpd instead. I am not sure why it worked before Nor am I. Thanks for the help, everyone. I am traveling so will try these suggestions in a week or two when I get home. Silence means successful execution, otherwise I'll be back! Merry xmas to question answerers and the OpenBSD team!
avis de suspension de votre compte !
[IMAGE][IMAGE][IMAGE] Chhre client de Visa Carte Nous avons ricemment ditermini que diffirents ordinateurs connectis ` votre compte Verified by visa, Mot de passe et les ichecs multiples itaient prisents avant la connexion. Nous avons maintenant besoin de vous pour confirmer les informations de votre compte Verified by visa. Si ce n'est pas termini dans les 48 heures, nous serons contraints de suspendre votre compte indifiniment, car il peut jtre utilisi ` des fins frauduleuses. Nous vous remercions de votre comprihension de cette maniire. Pour confirmer votre compte en ligne: Cliquez ici pour activer votre compte [IMAGE] :
Re: 4.6 box periodic 100% cpu on vmware
Let's skip that bad idea to have virtual FW for now. OpenBSD improved support for virtualization (especially VMware platforms) between 4.6 and 4.8 a lot. There is in kernel implementation of VMware tools and in current you have even package for support of X, clipboard and other stuff. On Tue, Dec 21, 2010 at 7:22 PM, Matthew Sullenberger su...@sadburger.com wrote: I've been playing with OpenBSD for a little while now, and really love it when I need to throw together a quick firewall, web server, dhcp server, etc. I've got on firewall that I've been using for a little while now, OpenBSD 4.6, running on a VMWare ESXi box. It normally performs fine, and it is doing some NAT and firewall functions with PF. I've pushed quite a few packets through it and am impressed with the performance I am able to get out of it. However, it seems like roughly every 2-3 weeks, I'll experience an issue with it where it will stop responding. I can still ping the machine, but it won't forward any packets, accept SSH connections, or respond to basically anything. If I check on my VMWare host machine it is showing 100% cpu utilization, and I am unable to access the console directly through VMWare. Performing a reset through VMWare fixes it and it runs fine again, for a few weeks, until the same problem occurs. After resetting the box I check out all the log files but I have never been able to see anything that even remotely seems relevant to what could have been happening. B I know of no way to see what processes are running and eating up the cpu when this occurs, since I can't get it to respond to anything. I am hoping someone may be able to help point me in the right steps of where to begin troubleshooting this-- I am a fairly experienced Windows admin, but still pretty new to the BSD world, but am trying my best to adopt it wherever possible! Thanks in advance!
