Re: MIDI over USB

[Alexandre Ratchov]

On Wed, Jan 11, 2012 at 08:43:59AM +0100, pet...@schwertfisch.de wrote:
 
 Why is the extra -t slave needed to play audio tracks when
 the sub-device (mmc) is in slave mode already?

the -tslave (aka mmc control) in the player is to allow the stream to
relocate. So it's needed.

Without -tslave, the player will start synchornously (because the
server will block it until all clients start) but won't know how to
relocate.

 Is there other software from packages that can be controlled this way
 (start, stop, relocate)?

audio/lmms is supposed to support mmc, but I've never used it this
way. Note that mmc is only necessary to relocate. If you only need the
program to start and stay in sync, any app using a server sub-device
with -tslave should work.

 Also, when using your setup and leaving out the -t slave the track
 can be started from midish using the p command, but it only plays 
 for a second or so and then stops.
 
 $ aucat -fsnd/0.mmc -qmidithru/0 -i song50.wav  -d 
 snd0: playing s16le,0:1,44100
 snd0: block size is 480 frames, using 27 blocks
 starting device
 server relocated to 0
 wav(wav0)/run: stopping
 snd0: closing device

short answer:
 - if mmc is required, both -qport and -tslave are needed
 - else, if -qport is required, mmc should be disabled in midish

long answer:

Even if -tslave is missing, aucat uses mmc internally (because code is
simpler this way), so mmc is not 100% disabled when -tslave is
missing. In the above case, midish sends the stop - relocate - start
sequence, and aucat interprets it, but only partially. There's no
extra code to filter mmc out when -tslave is missing (which would be
cleaner).

-- Alexandre

Re: No schizophrenia

[Rares Aioanei]

On 01/11/2012 01:19 AM, John Tate wrote:

Just an idiot, Jan Stary, who turned the sentence 7 years of
FreeBSD/OpenBSD experience into OpenBSD Guru. I wish I had more time and
less faith in minds like hers. What an embarrassment... oh dear. She should
learn to read.

I'm back, healthy as can be. I had a nice holiday.

I NEVER SAID THE WORD GURU I NEVER SAID THE WORD GURU I NEVER SAID THE WORD
GURU I NEVER SAID THE WORD GURU I NEVER SAID THE WORD GURU I NEVER SAID THE
WORD GURU I NEVER SAID THE WORD GURU I NEVER SAID THE WORD GURU I NEVER
SAID THE WORD GURU I NEVER SAID THE WORD GURU I NEVER SAID THE WORD GURU I
NEVER SAID THE WORD GURU

John Tate

Jan Stary is a male, John, and a very helpful member of the community. 
About your holiday, looks like they had to use more electric shocks in 
there. You talk like a Stephen King character.


...

--
Rares Aioanei

Re: No schizophrenia

[Bret Lambert]

On Wed, Jan 11, 2012 at 12:19 AM, John Tate j...@johntate.org wrote:
 Just an idiot, Jan Stary, who turned the sentence 7 years of
 FreeBSD/OpenBSD experience into OpenBSD Guru. I wish I had more time and
 less faith in minds like hers. What an embarrassment... oh dear. She should
 learn to read.

 I'm back, healthy as can be. I had a nice holiday.

 I NEVER SAID THE WORD GURU I NEVER SAID THE WORD GURU I NEVER SAID THE WORD
 GURU I NEVER SAID THE WORD GURU I NEVER SAID THE WORD GURU I NEVER SAID THE
 WORD GURU I NEVER SAID THE WORD GURU I NEVER SAID THE WORD GURU I NEVER
 SAID THE WORD GURU I NEVER SAID THE WORD GURU I NEVER SAID THE WORD GURU I
 NEVER SAID THE WORD GURU

The intertruck begs to differ:

I was a Linux hacker since I was 13. I am a bit of a guru[1]

[1] http://marc.info/?l=openbsd-miscm=132275346807070w=2

Re: No schizophrenia

[Stuart Henderson]

On 2012-01-11, Bret Lambert bret.lamb...@gmail.com wrote:
 On Wed, Jan 11, 2012 at 12:19 AM, John Tate j...@johntate.org wrote:
 Just an idiot, Jan Stary, who turned the sentence 7 years of
 FreeBSD/OpenBSD experience into OpenBSD Guru. I wish I had more time and
 less faith in minds like hers. What an embarrassment... oh dear. She should
 learn to read.

 I'm back, healthy as can be. I had a nice holiday.

 I NEVER SAID THE WORD GURU I NEVER SAID THE WORD GURU I NEVER SAID THE WORD
 GURU I NEVER SAID THE WORD GURU I NEVER SAID THE WORD GURU I NEVER SAID THE
 WORD GURU I NEVER SAID THE WORD GURU I NEVER SAID THE WORD GURU I NEVER
 SAID THE WORD GURU I NEVER SAID THE WORD GURU I NEVER SAID THE WORD GURU I
 NEVER SAID THE WORD GURU

 The intertruck begs to differ:

 I was a Linux hacker since I was 13. I am a bit of a guru[1]

 [1] http://marc.info/?l=openbsd-miscm=132275346807070w=2



So is this a guru meditation error?

locate weirdness

[L. V. Lammert]

Have a 4.3 server with a really weird problem: locate ONLY indexes 
one [user file] partition! IOW, no binaries are indexed, nor is /usr/, /var, ..


All filesystems are ffs;

I deleted /var/db/locate.db and recreated 
with  /usr/libexec/locate.updatedb more than once;


locate.rc is stock:

==
TMPDIR=/var/tmp
FCODES=/var/db/locate.database
SEARCHPATHS=/
PRUNEPATHS=/tmp /var/tmp /usr/tmp
FILESYSTEMS=ffs ufs ext2fs

[comments pruned]
=

The locate database seems to be normal:

Database: /var/db/locate.database
Compression: Front: 19.48%, Bigram: 65.90%, Total: 14.52%
Filenames: 218512, Characters: 14825215, Database size: 2153551
Bigram characters: 734303, Integers: 5440, 8-Bit characters: 3

=

Trying to troubleshoot a Perl module problem, and locate is not 
returning any hits except user files g!


Any pointers on what is 'intefering' with the process?

Lee

Comunicado de comprovante de operação

[Itau 30h]

  Voc- est- recebendo esta comunica--o de opera--o realizada
 no Ita- Bankline enviada por Mariana Duarte Silva.

 Coment-rio do remetente: Pagamento

 Visualizar_Comprovante

 N-mero do Controle: 2231.6722.66

 O comprovante estar- dispon-vel por 7 dias.

 Atenciosamente,
 Banco Ita-

Re: No schizophrenia

[Peter Hunčár]

Omg,  this one is still going on?

Please stop filling those Internet tubes with useless attempts to argument
with a troll. You'd never win. And this whole topic...  Waste of time...

Peter
On Jan 11, 2012 12:24 AM, John Tate j...@johntate.org wrote:

 Just an idiot, Jan Stary, who turned the sentence 7 years of
 FreeBSD/OpenBSD experience into OpenBSD Guru. I wish I had more time and
 less faith in minds like hers. What an embarrassment... oh dear. She should
 learn to read.

 I'm back, healthy as can be. I had a nice holiday.

 I NEVER SAID THE WORD GURU I NEVER SAID THE WORD GURU I NEVER SAID THE WORD
 GURU I NEVER SAID THE WORD GURU I NEVER SAID THE WORD GURU I NEVER SAID THE
 WORD GURU I NEVER SAID THE WORD GURU I NEVER SAID THE WORD GURU I NEVER
 SAID THE WORD GURU I NEVER SAID THE WORD GURU I NEVER SAID THE WORD GURU I
 NEVER SAID THE WORD GURU

 John Tate

 --
 www.johntate.org

Re: Multiple ISP-connections/Routing/Packet filtering

[Dr.-Ing. Torsten Finke]

Hello Russell, 

On Wed, Jan 11, 2012 at 07:46:59AM -0500, Russell Garrison wrote:
 Have you considered routing domains?


no I have not. According to your hint I started to study their concept, but
have not found a description that would meet my situation. 


Thanks for your idea and 

best regards


Torsten


 On Tue, Jan 10, 2012 at 1:41 PM, Dr.-Ing. Torsten Finke
 torsten.fi...@igh-essen.com wrote:
  Hello Jorge,
 
  I read again your mail and now i'm lost !
 
  You Wrote:
 
  How can I force my Extl. FW to reply on exactly the same interface it
had been requested on?  For example I am running OpenVPN(1194/UDP)
between my HomeOffice (Z=Client) and the Intl. FW(=Server). Alike I
would appretiate SSH-portforwarding from Internet to the Intl. FW. 
 
 
  SSH port forwarding from internet to Internal server is something like :
 
  ext_if=vr0
  ext_ip=1.2.3.4
  Spvt= 4.5.6.7
 
  match in on $ext_if proto tcp from any to $ext_ip port 22 rdr-to $Spvt
 
  pass in on $ext_if proto tcp from any to $Spvt port 22
  pass out on $int_if proto tcp from any to $Spvt port 22
 
 
 
 
  The above line redirects all traffic coming from any place in internet to
  my external IP ( 1.2.3.4) to the server  4.5.6.7 which is located in my
  internal lan, in other words the packet comes in on external interface ,
  goes out on internal interface ..
 
  These works on OpenBSD 4.8 or newer !
 
  Is this what you need ?
 
  no. Obviously I have not explained clearly what my problem is.
 
  On my firewall I have TWO different internet connections. It is simple to 
  forward - for instance ssh -
  from both connections to an internal machine. Now this machine answers and 
  the
  firewall sends the reply back. How can I force the firewall to send the 
  reply
  over exactly that interface the request came in? The problem is that the
  client anywhere on the internet expects the answer from the very address it
  had contacted. If now the reply comes from another address, it will get 
  lost.
 
 
  Best regards
 
  Torsten
 
 
 
  On Tue, Jan 10, 2012 at 10:46 AM, Dr.-Ing. Torsten Finke 
  torsten.fi...@igh-essen.com wrote:
 
   Hello Jorge,
  
If i understood you well, the answer to your question is here !
   
   
http://www.openbsd.org/faq/pf/pools.html
   
Under the section Load Balancing outgoing traffic, or take a look at:
   
http://www.openbsd.org/faq/faq6.html#Multipath
   
   
There are good examples there !
   
I hope this can help !
  
   thank you for this. The FAQ on pools has nice examples but none of them
   really
   faces my problem. It discusses load balancing of incoming traffic to
   several
   servers as well as load balancing of outgoing traffic. I cannot figure 
   out
   how
   to dispatch replies to incoming requests over different connections.
  
   The FAQ on multipath has helped me very well to set up multiple default
   routes
   - this works very well.
  
   Best regards
  
   Torsten
  
  
 Dear List,

 Here I show my network topology. Maybe it seems quite typical. My
 internal network is located behind an Intl/Extl Firewall which is
 connected to the Internet(IN) via pppoe/ppp(8). On the other side I 
 run
 different systems, for instance a home office network, a mobile 
 laptop,
 and several customers.


+---+ +---+
| A | | B | (PC)
+-+-+ +-+-+
  | |   +-+
--+-+---| Intl FW |---(DMZ)---+
(LAN/int)   +-+   |
  |
  +---+
  |  +---+
  |      | Z | 
 (PC)
  |  ()  +---+
  |  +-+ pppoe/ppp(8) +---+  ()  ++|
  |  | |--| DSL-Modem |--()--| GW |+-
  |  | | rl0/tun0 +---+  ()  ++
(HomeOffice)
  +--| Extl FW | ( IN )  +--+
 | | pppoe/ppp(8) +---+  ()--| Customer |
 | |--| DSL-Modem |--()  +--+
 +-+ rl1/tun1 +---+  ()  ++
 OpenBSD 4.8 ()--| Mobile |
 ++

 My question is about the setup of routing and packet filtering on the
 External Firewall:

 How can I force my Extl. FW to reply on exactly the same interface it
 had been requested on?  For example I am running OpenVPN(1194/UDP)
 between my HomeOffice (Z=Client) and the Intl. FW(=Server). Alike I
 would appretiate SSH-portforwarding from Internet to the Intl. FW.

 I tried using route-to and reply-to, but that did not work -
 PF.CONF(5) 

OpenSMTPD memory leak...

[Ivan Nudzik]

Hi,
I'm running OpenBSD5 (all from binaries) as a spam filter installed in 
SPARC
LDOM (T1000). I've changed sendmail for OpenSMTPD and after few weeks a see
that OpenSMTPD ate almost all memory:

root@homer $ ps aux | grep smtpd
root  5866  0.0  0.1  1296  2544 ??  Is23Nov110:10.40 smtpd:
[priv] (smtpd)
_smtpd   32416  0.0  0.1  1088  2160 ??  I 23Nov110:23.96 smtpd:
control (smtpd)
_smtpd 862  0.0  0.1  1136  2384 ??  I 23Nov116:59.17 smtpd:
lookup agent (smtpd)
_smtpd   25812  0.0  0.1   848  1944 ??  I 23Nov110:04.31 smtpd: mail
delivery agent (smtpd)
_smtpd   19507  0.0  0.1   944  1984 ??  I 23Nov113:01.57 smtpd: mail
filter agent (smtpd)
_smtpd7286  0.0 64.5 3180912 1184408 ??  I 23Nov11  950:16.16 smtpd:
mail transfer agent (smtpd)
_smtpd1789  0.0  0.1  1536  2640 ??  I 23Nov117:35.61 smtpd: queue
(smtpd)
_smtpd   27134  0.0  0.1  1288  2384 ??  I 23Nov118:22.50 smtpd:
runner (smtpd)
_smtpd4856  0.0  0.2  1768  4296 ??  I 23Nov11   10:01.85 smtpd: smtp
server (smtpd)

Are you devs already aware of that leak? Can I help with some traces/dumps
till I'll must restart it?

I.

Re: locate weirdness

[Theo de Raadt]

 Have a 4.3 server [rest deleted]

There is a ton of documentation that makes it clear you are on your
own more than two releases back.

Re: locate weirdness

[L. V. Lammert]

At 10:41 AM 1/11/2012, Theo de Raadt wrote:

 Have a 4.3 server [rest deleted]

There is a ton of documentation that makes it clear you are on your
own more than two releases back.


So, you're advocating incomplete information? Is that not a bigger problem?

Lee 

Re: locate weirdness

[Theo de Raadt]

  Have a 4.3 server [rest deleted]

There is a ton of documentation that makes it clear you are on your
own more than two releases back.

So, you're advocating incomplete information? Is that not a bigger problem?

No, I am advocating that you TAKE CARE OF YOUR OWN PROBLEMS YOURSELF.

We do not support old releases.  AT ALL.

Re: OpenSMTPD memory leak...

[Eric Faurot]

On Wed, Jan 11, 2012 at 05:39:43PM +0100, Ivan Nudzik wrote:
   Hi,
   I'm running OpenBSD5 (all from binaries) as a spam filter installed in 
 SPARC
 LDOM (T1000). I've changed sendmail for OpenSMTPD and after few weeks a see
 that OpenSMTPD ate almost all memory:

  [snip]

 Are you devs already aware of that leak? Can I help with some traces/dumps
 till I'll must restart it?

I bet it's this one:
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/smtpd/ssl.c#rev1.38

If you want to try opensmtpd you should really really run the code from
current. The one shipped with 5.0 is old and it does not help finding bugs.

Eric.

Anyone got a 48 port gigabit switch, small and lower power? looking for a good home?

[Bob Beck]

OpenBSD's building infrastructure has a need for such things. if you
are in the process of rewhacking your network, I would love to hear
from you if you have such beasts that might be sent our way.

We are looking to get these things in Calgary, Canada.

Re: locate weirdness

[Bob Beck]

 So, you're advocating incomplete information? Is that not a bigger problem?

No, we don't support old releases. 4.3 is very old. You should update
your OS to something supported, and likely your problem will go away.

Aşkınızı Ateşleyin

[Yes Feromon]

Yes! Feromon A~k Parf|m|



Yes! Feromon Parf|m, kad}nlar} etkileyen ve cinsel istek arzusunu  

tetikleyen erkek feromonu igerir.



\zerinizdeki kokuyu alan bayanlarda cinsel istek uyand}r}r.



Yes! Feromon Parf|m etkisi kan}tlanm}~ bir |r|nd|r ABD'de en gok satan  

feromon kokular aras}ndad}r.



Yes! Feromon Parf|m Hakk}nda Detayl} Bilgi

Re: locate weirdness

[Barry Grumbine]

On Wed, Jan 11, 2012 at 9:49 AM, L. V. Lammert l...@omnitec.net wrote:
 At 10:41 AM 1/11/2012, Theo de Raadt wrote:

  Have a 4.3 server [rest deleted]

 There is a ton of documentation that makes it clear you are on your
 own more than two releases back.


 So, you're advocating incomplete information? Is that not a bigger problem?

Lee


Bite the bullet, upgrade, life is better at 5.0

Prior to last year, I had been upgrading OpenBSD by clean install,
then install and configure all packages, it was a major hassle.

Things hit critical mass about a year ago.  I had five systems on
either 4.2 or 4.3.  I gave in and decided to learn the new upgrade
tools.  As a result I upgraded nearly all my 10+ OpenBSD systems to
4.9 over the course of 3-4 weeks.  That was a total of 43 upgrades
counting each release on each system.  I'm more confident in my
OpenBSD systems now and the 4.9-5.0 upgrades went even more smoothly
(once I figured out /etc/rc.d/).

I'm not sure how I missed them before, but follow the upgrade guides
is essential:
http://www.openbsd.org/faq/upgrade50.html

Once you get to 4.3, upgrading your systems becomes a whole lot
easier, thanks in large part to sysmerge(8), introduced in 4.4
The upgrade from 4.2 - 4.3 was still a bit of a hassle, but after
that upgrades went fairly smooth with little incident.

It is very interesting to see sysmerge(8) get better and better with
each release.

Go get'em man, those upgrades are nowhere near as hard as they once
were, back in the day when you had to grep 10,000 LOC, uphill, both
ways, just to get schooled.


Have a nice day,

Barry

Re: locate weirdness

[L. V. Lammert]

At 01:04 PM 1/11/2012, Barry Grumbine wrote:

Bite the bullet, upgrade, life is better at 5.0


Sorry, but *UPGRADING* isn't the question - the question is why 
locate is not working properly. If nobody has ever seen such a 
problem, it would be quite more forthright to just admit that than 
spout the normal crap this list promulgates. But, then, I should have 
expected multiple replies that are off topic, of no help, and not 
worth the time to read. Sorry, I had momentarily forgotten the 
definition of OBSD Misc - my bad.


If nobody can answer the question, that's is not a problem, just say so!

Lee

Re: locate weirdness

[Barry Grumbine]

 Bite the bullet, upgrade, life is better at 5.0


...knew I forgot something.

There aren't many North American mirrors that go back to 4.2.  I was
fortunate to find obsd.cec.mtu.edu which Nick Holland recently
notified us that he needs to take down very soon.

After Looking through all the mirrors, I think the only OpenBSD
archive located in North America is planetunix.net :
ftp://mirror.planetunix.net/pub/OpenBSD/4.3/

Most of the rest only mirror a couple of releases.


-Barry

Re: locate weirdness

[Jeremy O'Brien]

On Wed, Jan 11, 2012 at 14:17, L. V. Lammert l...@omnitec.net wrote:
 At 01:04 PM 1/11/2012, Barry Grumbine wrote:

 Bite the bullet, upgrade, life is better at 5.0


 Sorry, but *UPGRADING* isn't the question - the question is why locate is
 not working properly. If nobody has ever seen such a problem, it would be
 quite more forthright to just admit that than spout the normal crap this
 list promulgates. But, then, I should have expected multiple replies that
 are off topic, of no help, and not worth the time to read. Sorry, I had
 momentarily forgotten the definition of OBSD Misc - my bad.

 If nobody can answer the question, that's is not a problem, just say so!

Lee


4.3 was released May 1, 2008. That's almost 4 years old software. What
are you expecting here? Someone to check out the code from that
version and deeply inspect what may be causing your problem, that is
more than likely already fixed in a later version? The replies were
perfectly valid and helpful. In the software world, you're using an
antique.

Re: locate weirdness

[David Cantrell]

On 01/11/2012 02:30 PM, Jeremy O'Brien wrote:

On Wed, Jan 11, 2012 at 14:17, L. V. Lammertl...@omnitec.net  wrote:

At 01:04 PM 1/11/2012, Barry Grumbine wrote:


Bite the bullet, upgrade, life is better at 5.0



Sorry, but *UPGRADING* isn't the question - the question is why locate is
not working properly. If nobody has ever seen such a problem, it would be
quite more forthright to just admit that than spout the normal crap this
list promulgates. But, then, I should have expected multiple replies that
are off topic, of no help, and not worth the time to read. Sorry, I had
momentarily forgotten the definition of OBSD Misc - my bad.

If nobody can answer the question, that's is not a problem, just say so!

Lee



4.3 was released May 1, 2008. That's almost 4 years old software. What
are you expecting here? Someone to check out the code from that
version and deeply inspect what may be causing your problem, that is
more than likely already fixed in a later version? The replies were
perfectly valid and helpful. In the software world, you're using an
antique.


They were valid replies, but a straw man argument at best.  I think he 
would have preferred to hear something more like:


Yeah, I saw something similar happen on my systems running an older 
release.  I don't really remember the release, but I do remember the 
problem eventually went away for me.  I'm not really sure of what's 
happening, but my best guess is giving the latest release a try and 
seeing if that solves the problem for you.


--
David Cantrell david.l.cantr...@gmail.com
WH6DSN | http://blog.burdell.org/

Re: locate weirdness

[L. V. Lammert]

At 01:30 PM 1/11/2012, Jeremy O'Brien wrote:


4.3 was released May 1, 2008. That's almost 4 years old software. What
are you expecting here? Someone to check out the code from that
version and deeply inspect what may be causing your problem, that is
more than likely already fixed in a later version?


Another typical reply - the question was has anyone ever seen 
anything like this, .. or, perhaps, what could be causing it. No 
need for the off-topic diatribes - a simple no would more than suffice.


Lee

Re: locate weirdness

[Theo de Raadt]

 They were valid replies, but a straw man argument at best.  I think he 
 would have preferred to hear something more like:
 
 Yeah, I saw something similar happen on my systems running an older 
 release.  I don't really remember the release, but I do remember the 
 problem eventually went away for me.  I'm not really sure of what's 
 happening, but my best guess is giving the latest release a try and 
 seeing if that solves the problem for you.

The OP has been around long enough to know we don't like talking about
ancient code.

It is completely FAQ, and he knows better.

It's not a kernel crash.  It's not pf letting packets through.  It's
locate.  Come on.

Re: locate weirdness

[Jeremy O'Brien]

On Wed, Jan 11, 2012 at 14:47, L. V. Lammert l...@omnitec.net wrote:
 At 01:30 PM 1/11/2012, Jeremy O'Brien wrote:

 4.3 was released May 1, 2008. That's almost 4 years old software. What
 are you expecting here? Someone to check out the code from that
 version and deeply inspect what may be causing your problem, that is
 more than likely already fixed in a later version?


 Another typical reply - the question was has anyone ever seen anything like
 this, .. or, perhaps, what could be causing it. No need for the off-topic
 diatribes - a simple no would more than suffice.


OK then. I have used OpenBSD since 4.0, and I have not seen this
behavior. I recommend seeing if an upgrade fixes your problem. ;)

Re: locate weirdness

[Marian Hettwer]

Hi,


Am 11.01.12 20:17, schrieb L. V. Lammert:

At 01:04 PM 1/11/2012, Barry Grumbine wrote:

Bite the bullet, upgrade, life is better at 5.0


Sorry, but *UPGRADING* isn't the question - the question is why locate
is not working properly.


No. You were advised to upgrade, since 4.3 is not supported anymore. 
Heck, probably nobody can even remember whether something was odd with 
locate in 4.3.
Upgrade to a supported release and if you still face problems, come back 
to the list.


Try to look from a different angle here.
Say, you would have an old Debian Sarge release (years old) and you 
would approach a debian mailing list with something is weird with 
locate, pretty sure you would get a lot of advises to upgrade first, 
test then, and if problem persists, come back.


All good and jolly!

./Marian

Re: Disk blocking and unacceptable wait times with Areca ARC 1210

[George Steel]

I've installed OpenBSD onto this box from 4.6 through 5.0 to compare wait
times for simple operations. I don't expect miracles from this relatively
cheap raid controller, but, I expect it to be at least as quick as a regular
sata drive!

So, I'm dd'ing 10GB of zeros to a file, sleeping for a second then timing
how long it takes ls to list the directory contents...

To summarise, write speeds were quickest in 5.0 but system response times
were
worst. Everything was pretty respectable in 4.6 but still a lot slower than
a single disk.

My test was a country mile from scientific so if there's a better way to come
up with results that might help reveal what the problem is I'd be glad to run
more tests...

Here's what I've been doing:

# dd if=/dev/zero of=./testfile bs=1024k count=1  sleep 1; time ls -la 
/dev/null;
... followed by a few more...
# time ls -la  /dev/null;

And the results where the ls time is a subjective average:

The other server I've got in the office...
OpenBSD 4.6 i386 on a single SATA drive:
ls: 0.000u 0.020s 0:00.03 66.6% 0+0k 0+0io 0pf+0w
dd: 1048576 bytes transferred in 94.775 secs (110637306 bytes/sec)

OpenBSD 5.0 amd64 RAID 5
ls: 0m5.80s real 0m0.00s user 0m0.13s system
dd: 1048576 bytes transferred in 53.736 secs (195132964 bytes/sec)
Remarks: Terribly slow!

OpenBSD 4.9 amd64 RAID 5
ls: 0m5.95s real 0m0.00s user 0m0.06s system
dd: 1048576 bytes transferred in 75.058 secs (139700269 bytes/sec)
Remarks: No better than 5.0

OpenBSD 4.8 amd64 RAID 5
ls: 0m5.72s real 0m0.00s user 0m0.04s system
dd: 1048576 bytes transferred in 103.893 secs (100927877 bytes/sec)
Remarks: A bit quicker, got some really quick response times

OpenBSD 4.7 amd64 RAID 5
ls: 0m4.79s real 0m0.00s user 0m0.04s system
dd: 1048576 bytes transferred in 95.476 secs (109825323 bytes/sec)
Remarks: A little quicker than 4.8

OpenBSD 4.6 amd64 RAID 5
ls: 0m1.90s real 0m0.00s user 0m0.02s system
dd: 1048576 bytes transferred in 64.263 secs (163166944 bytes/sec)
Remarks: Consistently around the 2 second mark


 George Steel [li...@netglue.co] wrote:
 I've been testing and comparing between servers using dd -if /dev/zero and
then performing simple tasks like ls.
 On a 4.6 server with a single SATA disk, ls spits out the listing
immediately, on this RAID 5 box, the terminal hangs for as much as 12 seconds
then begrudgingly spits out the dir listing line by line.
 I expect the system to become slower whilst writing 10GB of zeros to a
file, but it seems to me that something is going on with this RAID box because
the wait is unbelievable compared to a much lower spec machine.
 Perhaps this is to be expected with a relatively cheap RAID controller? and
I'd be better off just attaching separate disks and doing softraid.
 If I cat the 10GB file to /dev/null and perform the same type of
operations, everything is as quick as you'd expect.

 On 10 Jan 2012, at 17:48, Chris Cappuccio wrote:

 George Steel [li...@netglue.co] wrote:
 Yeah, I did start up top before hand on another terminal and biowait was
all I saw with a 1 sec delay.
 I repeated the test several times and never saw anything other than
biowait
 I also had a look with ps but couldn't really interpret what I saw other
than ps reported state as D for both processes.
 I'm also not much good at interpreting systat but to my untrained eye, I
couldn't see much difference between the idle machine and a heavy write other
than lots of disk IO
 There's nothing in any logs and I've also tried the RAID card in
different slots.
 I also installed i386 and had the same problem


 what activity is tying your disks up like this?

 --

Re: locate weirdness

[L. V. Lammert]

On Wed, 11 Jan 2012, Marian Hettwer wrote:

 Hi,


 Am 11.01.12 20:17, schrieb L. V. Lammert:
  At 01:04 PM 1/11/2012, Barry Grumbine wrote:
  Bite the bullet, upgrade, life is better at 5.0
 
  Sorry, but *UPGRADING* isn't the question - the question is why locate
  is not working properly.

 No. You were advised to upgrade, since 4.3 is not supported anymore.
 Heck, probably nobody can even remember whether something was odd with
 locate in 4.3.
 Upgrade to a supported release and if you still face problems, come back
 to the list.

 Try to look from a different angle here.
 Say, you would have an old Debian Sarge release (years old) and you
 would approach a debian mailing list with something is weird with
 locate, pretty sure you would get a lot of advises to upgrade first,
 test then, and if problem persists, come back.

 All good and jolly!

 ./Marian

Hope you got off on the bs, .. as usual, offtopic, nothing useful, not
worth readying. Quite repetitive of the other BS, actually.

Lee

Re: locate weirdness

[Philip Guenther]

Time for today's how to debug a problem lesson.

On Wed, Jan 11, 2012 at 7:26 AM, L. V. Lammert l...@omnitec.net wrote:
 Have a 4.3 server with a really weird problem: locate ONLY indexes one [user
 file] partition! IOW, no binaries are indexed, nor is /usr/, /var, ..

Lesson #1: examine the anomalous data for clues.

So, you're saying that
locate /usr | grep ^/usr | head

returns nothing but
locate /home | grep ^/home | head

returns something?  (/home being a stand-in for whatever your unsaid
[user file] partition is)

Perhaps you should investigate how those two directories differ?


 The locate database seems to be normal:

 Database: /var/db/locate.database
 Compression: Front: 19.48%, Bigram: 65.90%, Total: 14.52%
 Filenames: 218512, Characters: 14825215, Database size: 2153551
 Bigram characters: 734303, Integers: 5440, 8-Bit characters: 3

Lesson #2: step through the problem computation and verify the
correctness of intermediate stages.

So you've run locate.updatedb manually.  It's just a shell script, so
perhaps you should run the commands in it manually, one by one and
examining the intermediate output of pipes, etc.  Be sure to do so in
a shell that reproduces how locate.updatedb is called from
/etc/weekly!


Philip Guenther

Re: Disk blocking and unacceptable wait times with Areca ARC 1210

[Chris Cappuccio]

I think your report falls a little short on explaining the problem. It's cool 
to see the benchmarks improve in 5.0. But Remarks: Terribly slow! is all you 
provide to explain the problem in the same 5.0

It would be better to have another test that represents the problem along with 
each dd test. Or at least a more detailed explanation of the rest of the 
system's responsiveness during the dd.

When it gets slow, anything already running is still runnign but the disk is 
all tied up and you can't start new commands? Does it affect access to disks 
other than the one you are tying up?

If only one disk is affected at a time, 5.0 is the fastest, and has the most 
trouble with responsiveness while being fast, this is likely to be improved by 
a fair I/O scheduler. There is a generic framework in place now for schedulers 
to get plugged in I don't think anybody has actually written it yet.

There's also an issue with dirty buffers getting eaten up, but that is 
prominent on slow devices, and you'd be WAITing in buf_needva in that case.

George Steel [li...@netglue.co] wrote:
 I've installed OpenBSD onto this box from 4.6 through 5.0 to compare wait
 times for simple operations. I don't expect miracles from this relatively
 cheap raid controller, but, I expect it to be at least as quick as a regular
 sata drive!
 
 So, I'm dd'ing 10GB of zeros to a file, sleeping for a second then timing
 how long it takes ls to list the directory contents...
 
 To summarise, write speeds were quickest in 5.0 but system response times were
 worst. Everything was pretty respectable in 4.6 but still a lot slower than 
 a single disk.
 
 My test was a country mile from scientific so if there's a better way to come
 up with results that might help reveal what the problem is I'd be glad to run
 more tests...
 
 Here's what I've been doing:
 
 # dd if=/dev/zero of=./testfile bs=1024k count=1  sleep 1; time ls -la  
 /dev/null;
 ... followed by a few more...
 # time ls -la  /dev/null;
 
 And the results where the ls time is a subjective average:
 
 The other server I've got in the office...
 OpenBSD 4.6 i386 on a single SATA drive:
 ls: 0.000u 0.020s 0:00.03 66.6% 0+0k 0+0io 0pf+0w
 dd: 1048576 bytes transferred in 94.775 secs (110637306 bytes/sec)
 
 OpenBSD 5.0 amd64 RAID 5
 ls: 0m5.80s real 0m0.00s user 0m0.13s system
 dd: 1048576 bytes transferred in 53.736 secs (195132964 bytes/sec)
 Remarks: Terribly slow!
 
 OpenBSD 4.9 amd64 RAID 5
 ls: 0m5.95s real 0m0.00s user 0m0.06s system
 dd: 1048576 bytes transferred in 75.058 secs (139700269 bytes/sec)
 Remarks: No better than 5.0
 
 OpenBSD 4.8 amd64 RAID 5
 ls: 0m5.72s real 0m0.00s user 0m0.04s system
 dd: 1048576 bytes transferred in 103.893 secs (100927877 bytes/sec)
 Remarks: A bit quicker, got some really quick response times
 
 OpenBSD 4.7 amd64 RAID 5
 ls: 0m4.79s real 0m0.00s user 0m0.04s system
 dd: 1048576 bytes transferred in 95.476 secs (109825323 bytes/sec)
 Remarks: A little quicker than 4.8
 
 OpenBSD 4.6 amd64 RAID 5
 ls: 0m1.90s real 0m0.00s user 0m0.02s system
 dd: 1048576 bytes transferred in 64.263 secs (163166944 bytes/sec)
 Remarks: Consistently around the 2 second mark
 
 
  George Steel [li...@netglue.co] wrote:
  I've been testing and comparing between servers using dd -if /dev/zero and 
  then performing simple tasks like ls.
  On a 4.6 server with a single SATA disk, ls spits out the listing 
  immediately, on this RAID 5 box, the terminal hangs for as much as 12 
  seconds then begrudgingly spits out the dir listing line by line.
  I expect the system to become slower whilst writing 10GB of zeros to a 
  file, but it seems to me that something is going on with this RAID box 
  because the wait is unbelievable compared to a much lower spec machine.
  Perhaps this is to be expected with a relatively cheap RAID controller? 
  and I'd be better off just attaching separate disks and doing softraid.
  If I cat the 10GB file to /dev/null and perform the same type of 
  operations, everything is as quick as you'd expect.
  
  On 10 Jan 2012, at 17:48, Chris Cappuccio wrote:
  
  George Steel [li...@netglue.co] wrote:
  Yeah, I did start up top before hand on another terminal and biowait was 
  all I saw with a 1 sec delay.
  I repeated the test several times and never saw anything other than 
  biowait
  I also had a look with ps but couldn't really interpret what I saw other 
  than ps reported state as D for both processes.
  I'm also not much good at interpreting systat but to my untrained eye, I 
  couldn't see much difference between the idle machine and a heavy write 
  other than lots of disk IO
  There's nothing in any logs and I've also tried the RAID card in 
  different slots.
  I also installed i386 and had the same problem
  
  
  what activity is tying your disks up like this?
  
  -- 

-- 
There are only three sports: bullfighting, motor racing, and mountaineering; 
all the 

Re: Install without the DNS domain name from DHCP

[Andres Perera]

On Sun, Jan 1, 2012 at 4:22 PM, bofh goodb...@gmail.com wrote:
 On Sun, Jan 1, 2012 at 2:47 PM, Josh Jevosh jev...@gmail.com wrote:
 Hello.

 I'm installing OpenBSD 5.0. When I configure the networking to DHCP it
goes
 ahead and sets the DNS domain name to something that it got from my ISP. I
 would like to only use the short name that I specified as the hostname as
 the entire hostname excluding the rest of it that comes from my ISP. How
do
 I do that?

 You want to play with the options in /etc/dhclient.conf. B I have
 supersede host-name and supersede domain-name in mine. B However, I
 don't know if you can use

 supersede domain-name ;

this constantly comes up on the list for some reason. it shouldn't
because it doesn't do anything

once you actually test it, you'll see that setting an option to the
empty string is the same as not setting the option at all (so dhclient
fallsback to defaults)

maybe it needs to be documented somewhere...


 as a valid option. B The better way is probably to include a search
 line in resolv.conf for the domain you are going to use (or the domain
 your ISP gives you). B Or get a free one from dyndns.org (or any other
 free ones).

 Everyone should really use FQDN - short names suck and make people lazy.


 --
 http://www.glumbert.com/media/shift
 http://www.youtube.com/watch?v=tGvHNNOLnCk
 This officer's men seem to follow him merely out of idle curiosity.
 -- Sandhurst officer cadet evaluation.
 Securing an environment of Windows platforms from abuse - external or
 internal - is akin to trying to install sprinklers in a fireworks
 factory where smoking on the job is permitted. B -- Gene Spafford
 learn french: B http://www.youtube.com/watch?v=30v_g83VHK4

Re: locate weirdness

[L. V. Lammert]

On Wed, 11 Jan 2012, Philip Guenther wrote:

 Also, in order to help others when they encounter a similar issue,
 please be sure to post what the problem and/or solution were once you
 figure them out.

 Philip Guenther

Amen! At least there's a chance it would turn up in the search engines.

Lee

Re: locate weirdness

[L. V. Lammert]

On Wed, 11 Jan 2012, Philip Guenther wrote:

 Lesson #1: examine the anomalous data for clues.

 So, you're saying that
 locate /usr | grep ^/usr | head

 returns nothing but

Yep! As does locate /usr

 locate /home | grep ^/home | head

 returns something?  (/home being a stand-in for whatever your unsaid
 [user file] partition is)

 Perhaps you should investigate how those two directories differ?

That was the original question - both are ffs, both are rw, the only
difference between then that /home is nosuid, however that does not
affect locate on 3.3, 4.9, or 5.0 (just tested).

TFTR!

Lee

Re: locate weirdness

[Philip Guenther]

Also, in order to help others when they encounter a similar issue,
please be sure to post what the problem and/or solution were once you
figure them out.


Philip Guenther

Re: locate weirdness

[Philip Guenther]

On Wed, Jan 11, 2012 at 1:09 PM, L. V. Lammert l...@omnitec.net wrote:
 On Wed, 11 Jan 2012, Philip Guenther wrote:
 Lesson #1: examine the anomalous data for clues.

 So, you're saying that
 locate /usr | grep ^/usr | head

 returns nothing but

 Yep! As does locate /usr

 locate /home | grep ^/home | head

 returns something?  (/home being a stand-in for whatever your unsaid
 [user file] partition is)

 Perhaps you should investigate how those two directories differ?

 That was the original question - both are ffs, both are rw, the only
 difference between then that /home is nosuid, however that does not
 affect locate on 3.3, 4.9, or 5.0 (just tested).

If you've established that the two directories have no differences in
mode, etc, then I guess you'll have to go with the walk through
things step by step path then.


Philip Guenther

Re: Disk blocking and unacceptable wait times with Areca ARC 1210

[Ted Unangst]

On Wed, Jan 11, 2012, Chris Cappuccio wrote:

 If only one disk is affected at a time, 5.0 is the fastest, and has the
 most trouble with responsiveness while being fast, this is likely to be
 improved by a fair I/O scheduler. There is a generic framework in place
 now for schedulers to get plugged in I don't think anybody has actually
 written it yet.
 
 There's also an issue with dirty buffers getting eaten up, but that is
 prominent on slow devices, and you'd be WAITing in buf_needva in that case.

I don't think needva has been totally ruled out from what I've seen,
though it's less likely.  My other guess is that the raid card itself
prioritizes writes over reads leading to a backlog of read requests.

Re: locate weirdness

[Lars]

L. V. Lammert wrote:
 At 01:04 PM 1/11/2012, Barry Grumbine wrote:
Bite the bullet, upgrade, life is better at 5.0

 Sorry, but *UPGRADING* isn't the question - the question is why
 locate is not working properly. If nobody has ever seen such a
 problem, it would be quite more forthright to just admit that than
 spout the normal crap this list promulgates. But, then, I should have
 expected multiple replies that are off topic, of no help, and not
 worth the time to read. Sorry, I had momentarily forgotten the
 definition of OBSD Misc - my bad.

 If nobody can answer the question, that's is not a problem, just say so!

  Lee



Why don't you download 5.0 on a separate disc or folder and then compare
the differences using a diff tool to see what changed and if it is fixed
in 5.0 you can apply a  patch to your old one. find the problem files,
compare them to the new code. Also make sure the bug isn't in the new
release because if it is, you should report it.

Re: Disk blocking and unacceptable wait times with Areca ARC 1210

[Chris Cappuccio]

Ted Unangst [t...@tedunangst.com] wrote:
 On Wed, Jan 11, 2012, Chris Cappuccio wrote:
 
  There's also an issue with dirty buffers getting eaten up, but that is
  prominent on slow devices, and you'd be WAITing in buf_needva in that case.
 
 I don't think needva has been totally ruled out from what I've seen,
 though it's less likely.  My other guess is that the raid card itself
 prioritizes writes over reads leading to a backlog of read requests.

But the behavior changes with each kernel he tests. It sounds like 4.6 and 4.8 
are quite acceptable, the rest are not ?

Re: Disk blocking and unacceptable wait times with Areca ARC 1210

[Geoff Steckel]

On 01/11/2012 05:12 PM, Ted Unangst wrote:

On Wed, Jan 11, 2012, Chris Cappuccio wrote:


If only one disk is affected at a time, 5.0 is the fastest, and has the
most trouble with responsiveness while being fast, this is likely to be
improved by a fair I/O scheduler. There is a generic framework in place
now for schedulers to get plugged in I don't think anybody has actually
written it yet.

There's also an issue with dirty buffers getting eaten up, but that is
prominent on slow devices, and you'd be WAITing in buf_needva in that case.

I don't think needva has been totally ruled out from what I've seen,
though it's less likely.  My other guess is that the raid card itself
prioritizes writes over reads leading to a backlog of read requests.

I didn't follow the thread all the way back, so forgive me if this has
been covered. I'm betting that the disk subsystem  RAID controller
combination are choking on queued metadata writes. Some of the questions
are aimed at the user, and some at people who know the system code.

User: Is the file system mounted with soft updates?
Would the writes of the bit maps, inode and indirect blocks have piled up?
Does turning off soft updates help?

What is the block/cluster size? What is the stripe size and RAID 
configuration?

RAIDs are really slow doing the required read-modify-write on small writes.
The cacheing algorithm(s) in the cluster may be interfering with the 
metadata writes.


When reading the file the first time when no metadata is cached, does 
the delay occur?


If the file is opened in update mode so that no new allocation is done,
does the delay occur? A trivial program might have to be written
(C, Python, Perl, LISP, COBOL, whatever).

Developers: Would the filesystem code write logically contiguous data
blocks out of order? If so, that could trigger read-modify-writes as well.
Has the soft update code changed to accumulate more metadata in core?

I don't know if there's any utility which can capture data about the 
types of

data in the disk queues. That would rule this out.

Again, if this has been covered, just ignore me.

Geoff Steckel

Re: locate weirdness

[Ted Unangst]

On Wed, Jan 11, 2012, L. V. Lammert wrote:
 At 01:30 PM 1/11/2012, Jeremy O'Brien wrote:
 
4.3 was released May 1, 2008. That's almost 4 years old software. What
are you expecting here? Someone to check out the code from that
version and deeply inspect what may be causing your problem, that is
more than likely already fixed in a later version?
 
 Another typical reply - the question was has anyone ever seen
 anything like this, .. or, perhaps, what could be causing it. No
 need for the off-topic diatribes - a simple no would more than suffice.

okie, dokie.  locate works for me!

Re: locate weirdness

[Marian Hettwer]

Am 11.01.12 22:34, schrieb Ted Unangst:

On Wed, Jan 11, 2012, L. V. Lammert wrote:

At 01:30 PM 1/11/2012, Jeremy O'Brien wrote:


4.3 was released May 1, 2008. That's almost 4 years old software. What
are you expecting here? Someone to check out the code from that
version and deeply inspect what may be causing your problem, that is
more than likely already fixed in a later version?


Another typical reply - the question was has anyone ever seen
anything like this, .. or, perhaps, what could be causing it. No
need for the off-topic diatribes - a simple no would more than suffice.


okie, dokie.  locate works for me!


Ah! History Channel.

/me too haz workin locate

([foobar@bistromath] ~)$ locate pfctl
/sbin/pfctl
/usr/sbin/ospfctl
([foobar@bistromath] ~)$ uname -a
OpenBSD bistromath.meganet.local 4.0 GENERIC#1107 i386
([foobar@bistromath] ~)$ time sudo /usr/libexec/locate.updatedb
Password:

real0m9.379s
user0m1.453s
sys 0m3.406s
([foobar@bistromath] ~)$ echo $?
0

I really should update this system ;-)

./Marian

Re: OpenBSD 5.0 Snapshot: ASUS Wireless Card - Not Configured

[Steven]

* Christiano F. Haesbaert haesba...@haesbaert.org [120109 08:45]:

On 9 January 2012 02:21, Steven w.steven.schnei...@ualberta.net wrote:

IC. Any recommendations for a good replacement wireless card?  I've
read the list on the FAQ, but my experience in wireless cards is
(besides the ASUS card) practically nil.

Should I just hang on to the ASUS and see what happens with
subsequent snapshots?

Of course, I could just do both



ral(4) is usually a good recommendation, they're cheap and work well.


Thanks, I'll look into that.  The command from up-on-high (my wife)
is that she have wireless.  She doesn't much care how it's done.

I'll hang on to the ASUS for now.  If a Dev needs an ASUS I'll be
happy to donate it to the cause.  Drop me a line and I'll try to
send it out as soon as I possibly can. :-)

--
W. Steven Schneider  w.steven.schnei...@ualberta.net

CARP strangeness after 5.0 upgrade

[Markus Wernig]

Hello all

I have recently upgraded a pair of CARPed firewalls from 4.6 to 5.0
(late, I know ...) after almost 2 years of absolutely flawless operation
(ipv4 interfaces only).

I have changed all the nat/rdr rules in pf.conf to the new syntax, not
changed any other fw/nw setting (at least to my knowledge - I used
sysmerge in the process, carefully, and haven't noticed any fw/nw
related changes in any file. The boxes are rather straight forwardly
configured plain firewalls and very close to the default settings).

They have 4 interfaces each, the external (egress, carp0 on em0) one
being connected to the provider's switches (professional gear, Cisco or
the like), the dmz (internal, carp1-3 on em1-3) ones being connected to
a pair of levelone gsw-1641 (web smart switch, the cheap stuff).

The two fw (fw1=master, and fw2=backup) and switches have been rebooted
multiple times by now.

The problem now is that the CARP master selection leads to weird
results. After rebooting both, I get the following picture:

fw1 (master, advbase 1 advskew 1):
carp0: BACKUP
carp1: MASTER
carp2: MASTER
carp3: BACKUP

ifconfig -g carp
carp: carp demote count 3

fw2 (backup, advbase 1 advskew 10)
carp0: MASTER
carp1: MASTER
carp2: MASTER
carp3: MASTER

ifconfig -g carp
carp: carp demote count 2

I get the following in dmesg on fw1:
carp: carp0 demoted group carp by 1 to 129 (carpdev)
carp: carp1 demoted group carp by 1 to 130 (carpdev)
carp: carp2 demoted group carp by 1 to 131 (carpdev)
carp: carp3 demoted group carp by 1 to 132 (carpdev)
carp: carp2 demoted group carp by -1 to 131 (carpdev)
carp: carp2 demoted group xfer by -1 to 0 (carpdev)
carp: carp0 demoted group carp by -1 to 130 (carpdev)
carp: pfsync0 demoted group carp by 1 to 131 (pfsync bulk start)
carp: pfsync0 demoted group pfsync by 1 to 1 (pfsync bulk start)
carp: carp3 demoted group carp by -1 to 130 (carpdev)
carp: carp3 demoted group mgmt by -1 to 0 (carpdev)
carp: carp1 demoted group carp by -1 to 129 (carpdev)
carp: carp1 demoted group coca by -1 to 0 (carpdev)
carp2: state transition: BACKUP - MASTER
carp1: state transition: BACKUP - MASTER
carp: pfsync0 demoted group carp by -1 to 128 (pfsync bulk done)
carp: pfsync0 demoted group pfsync by -1 to 0 (pfsync bulk done)
carp: carp2 demoted group carp by 1 to 129 ( snderrors)
carp: carp1 demoted group carp by 1 to 130 ( snderrors)
carp: carp1 demoted group coca by 1 to 1 ( snderrors)
carp: carp2 demoted group xfer by 1 to 1 ( snderrors)
carp0: state transition: BACKUP - MASTER
carp3: state transition: BACKUP - MASTER
carp: carp3 demoted group carp by 1 to 3 ( snderrors)
carp: carp3 demoted group mgmt by 1 to 1 ( snderrors)
carp0: state transition: MASTER - BACKUP
nd6_na_input: duplicate IP6 address fe80:0008::0200:5eff:fe00:01c8
carp3: state transition: MASTER - BACKUP


dmesg on fw2 gives this:
carp: carp0 demoted group carp by 1 to 129 (carpdev)
carp: carp1 demoted group carp by 1 to 130 (carpdev)
carp: carp2 demoted group carp by 1 to 131 (carpdev)
carp: carp3 demoted group carp by 1 to 132 (carpdev)
carp: pfsync0 demoted group carp by 1 to 133 (pfsync bulk start)
carp: pfsync0 demoted group pfsync by 1 to 1 (pfsync bulk start)
carp: carp2 demoted group carp by -1 to 132 (carpdev)
carp: carp2 demoted group xfer by -1 to 0 (carpdev)
carp: carp1 demoted group carp by -1 to 131 (carpdev)
carp: carp1 demoted group coca by -1 to 0 (carpdev)
carp: carp0 demoted group carp by -1 to 130 (carpdev)
carp: carp3 demoted group carp by -1 to 129 (carpdev)
carp: carp3 demoted group mgmt by -1 to 0 (carpdev)
carp: pfsync0 demoted group carp by -1 to 128 (pfsync bulk done)
carp: pfsync0 demoted group pfsync by -1 to 0 (pfsync bulk done)
carp2: state transition: BACKUP - MASTER
carp1: state transition: BACKUP - MASTER
carp: carp2 demoted group carp by 1 to 129 ( snderrors)
carp: carp1 demoted group carp by 1 to 130 ( snderrors)
carp: carp1 demoted group coca by 1 to 1 ( snderrors)
carp: carp2 demoted group xfer by 1 to 1 ( snderrors)
carp0: state transition: BACKUP - MASTER
carp3: state transition: BACKUP - MASTER
carp: carp3 demoted group carp by 1 to 3 ( snderrors)
carp: carp3 demoted group mgmt by 1 to 1 ( snderrors)
carp0: state transition: MASTER - BACKUP
nd6_na_input: duplicate IP6 address fe80:0008::0200:5eff:fe00:01c8
arp info overwritten for 10.10.10.100 by 00:1e:68:9a:e4:4f on em2
nd6_na_input: duplicate IP6 address fe80:0009::0200:5eff:fe00:01c9
carp3: state transition: MASTER - BACKUP
nd6_na_input: duplicate IP6 address fe80:000b::0200:5eff:fe00:01ff
nd6_na_input: duplicate IP6 address fe80:000a::0200:5eff:fe00:01d2
carp0: state transition: BACKUP - MASTER
carp3: state transition: BACKUP - MASTER
carp: carp3 demoted group carp by -1 to 2 ( snderrors)
carp: carp3 demoted group mgmt by -1 to 0 ( snderrors)
nd6_na_input: duplicate IP6 address fe80:000a::0200:5eff:fe00:01d2
nd6_na_input: duplicate IP6 address fe80:0009::0200:5eff:fe00:01c9
carp0: state transition: MASTER - BACKUP
nd6_na_input: duplicate IP6 address 

Re: locate weirdness

[Philip Guenther]

On Wed, Jan 11, 2012 at 3:02 PM, Marian Hettwer m...@kernel32.de wrote:
...
 ([foobar@bistromath] ~)$ time sudo /usr/libexec/locate.updatedb
 Password:

Ah, but that's *not* how locate.updatedb is invoked by the cronjob!
There's a reason I called out the need to mimic that when trying to
replicate the problem while walking through locate.updatedb
manually...


Philip Guenther

BSDCan 2012 - call for papers

[Dan Langille]

BSDCan 2012 will be held 11-12 May, 2012 in Ottawa at the University of
Ottawa. It will be preceded by two days of tutorials on 9-10 May.

NOTE: This will be Fri/Sat with tutorials on Wed/Thu.

We are now accepting proposals for talks.

The talks should be designed with a very strong technical content bias.
Proposals of a business development or marketing nature are not
appropriate for this venue.

If you are doing something interesting with a BSD operating system,
please submit a proposal. Whether you are developing a very complex
system using BSD as the foundation, or helping others and have a story
to tell about how BSD played a role, we want to hear about your
experience.  People using BSD as a platform for research are also
encouraged to submit a proposal. Possible topics include:

* How we manage a giant installation with respect to handling spam.
* and/or sysadmin.
* and/or networking.

From the BSDCan website, the Archives section will allow you to review
the wide variety of past BSDCan presentations as further examples.

Both users and developers are encouraged to share their experiences.

The schedule is:

8 Jan 2012 Proposal acceptance begins
29 Jan 2012 Proposal acceptance ends
19 Feb 2012 Confirmation of accepted proposals

See also http://www.bsdcan.org/2012/papers.php

Instructions for submitting a proposal to BSDCan 2012 are available
from: http://www.bsdcan.org/2012/submissions.php

--
Dan Langille - http://langille.org

Re: locate weirdness

[L. V. Lammert]

On Wed, 11 Jan 2012, Philip Guenther wrote:

 On Wed, Jan 11, 2012 at 3:02 PM, Marian Hettwer m...@kernel32.de wrote:
 ...
  ([foobar@bistromath] ~)$ time sudo /usr/libexec/locate.updatedb
  Password:

 Ah, but that's *not* how locate.updatedb is invoked by the cronjob!
 There's a reason I called out the need to mimic that when trying to
 replicate the problem while walking through locate.updatedb
 manually...

Agreed, .. but if locate.update does NOT run as root, that would seem to
indicate some problem other than permissions.

BTW - Looked at a couple of other possiblities, .. mysql had a lot of
space in log files so I freed up most of them, no change; the other
possibility could be that of a memory problem, but I have no knowledge of
'bigmem' and how that works.

Lee

Re: locate weirdness

[Marian Hettwer]

Am 12.01.12 00:13, schrieb Philip Guenther:

On Wed, Jan 11, 2012 at 3:02 PM, Marian Hettwerm...@kernel32.de  wrote:
...

([foobar@bistromath]~)$ time sudo /usr/libexec/locate.updatedb
Password:


Ah, but that's *not* how locate.updatedb is invoked by the cronjob!
There's a reason I called out the need to mimic that when trying to
replicate the problem while walking through locate.updatedb
manually...



[root@bistromath] ~ # /bin/sh /etc/weekly

Rebuilding locate database:

Rebuilding whatis databases:
[root@bistromath] ~ # echo $?
0


still on OpenBSD 4.0.
And /etc/weekly looks like a reasonable easy straight forward shell 
script. (I would expect nothing else in OpenBSD).


./Marian

Re: OpenBSD 5.0 Snapshot: ASUS Wireless Card - Not Configured

[Steven]

* Tomas Bodzar tomas.bod...@gmail.com [120108 00:00]:

On Sun, Jan 8, 2012 at 6:29 AM, Steven w.steven.schnei...@ualberta.net
wrote:

Hi,

I recently purchased an ASUS PCE-N15 Wireless-N PCI-E Adapter.

http://www.asus.com/Networks/Wireless_Adapters/PCEN15/


Details from pcidump will be maybe useful for developers, but it seems
like you have some Win-only/proprietary stuff for which Linux has
binary blob because of NDA or something.


Well, I'm not sure in what format the pcidump might be useful.

pcidump -v 2:0:0

 2:0:0: Realtek unknown
0x: Vendor ID: 10ec Product ID: 8178
0x0004: Command: 0007 Status ID: 0010
0x0008: Class: 02 Subclass: 80 Interface: 00 Revision: 01
0x000c: BIST: 00 Header Type: 00 Latency Timer: 00 Cache Line Size: 10
0x0010: BAR io addr: 0xbe00/0x0100
0x0014: BAR empty ()
0x0018: BAR mem 64bit addr: 0xfcffc000/0x4000
0x0020: BAR empty ()
0x0024: BAR empty ()
0x0028: Cardbus CIS: 
0x002c: Subsystem Vendor ID: 1043 Product ID: 84b6
0x0030: Expansion ROM Base Address: 
0x0038: 
0x003c: Interrupt Pin: 01 Line: 0a Min Gnt: 00 Max Lat: 00
0x0040: Capability 0x01: Power Management
0x0050: Capability 0x05: Message Signaled Interrupts (MSI)
0x0070: Capability 0x10: PCI Express
Link Speed: 2.5 / 2.5 Gb/s Link Width: x1 / x1

--
W. Steven Schneider  w.steven.schnei...@ualberta.net

Re: locate weirdness

[Philip Guenther]

On Wed, Jan 11, 2012 at 3:18 PM, L. V. Lammert l...@omnitec.net wrote:
 On Wed, 11 Jan 2012, Philip Guenther wrote:
...
 Ah, but that's *not* how locate.updatedb is invoked by the cronjob!
 There's a reason I called out the need to mimic that when trying to
 replicate the problem while walking through locate.updatedb
 manually...

 Agreed, .. but if locate.update does NOT run as root, that would seem to
 indicate some problem other than permissions.

If you're saying what I think you're saying, then I disagree and think
your logic is backwards.
What user do you think locate.updatedb is run as?


Philip Guenther

Re: locate weirdness

[L. V. Lammert]

On Wed, 11 Jan 2012, Philip Guenther wrote:

  Agreed, .. but if locate.update does NOT run as root, that would seem to
  indicate some problem other than permissions.

 If you're saying what I think you're saying, then I disagree and think
 your logic is backwards.
 What user do you think locate.updatedb is run as?

If it does not run as root, then it isn't a permission issue as running as
root provides all required permissions, eh?

I have never seen locate.updatedb fail when run as root (3.0 to 5.0,
actually), .. but, then, it isn't exactly 'failing', it just isn't
indexing anything except /home.

The only other possible hypothesis, is that it is running out of memory;
one would expect some sort of error to be returned in that case and a
blank database as a result, not one partially populated.

Lee

Limit ICMP echo reply

[Limaunion]

Hi all! very simple PF question, is it possible to limit the number of 
ICMP echo replies, like 5/min from any source address ?

TIA!

Re: locate weirdness

[Nick Holland]

On 01/11/12 14:24, Barry Grumbine wrote:
 Bite the bullet, upgrade, life is better at 5.0

 
 ...knew I forgot something.
 
 There aren't many North American mirrors that go back to 4.2.  I was
 fortunate to find obsd.cec.mtu.edu which Nick Holland recently
 notified us that he needs to take down very soon.

Ouch.

I opted to archive old versions of OpenBSD for historical interest...
When did we get Mozilla ported?  What platforms were supported back in
the 2.5 days?  What was it like to install OpenBSD 2.0 on a 386 system?
 Etc. It's FUN.  And, storage is cheap; for something like $500US
several years ago, I was able to add 1.5G of redundant storage to
obsd.cec.mtu.edu, and that allowed me to make a comprehensive archive
available, and being it was my money and my interest, I did. :)  Same
reason I collect 80+ year old calculating devices and 40 year old
calculators...but this, I can easily share with others.

It was certainly never intended to be USED for production.  It bothers
me that people may have been using my archive to avoid upgrading
('specially since I write the upgrade guides!).

(for anyone tempted to snarf down all my old archival versions of
OpenBSD before the final shut down of obsd.cec.mtu.edu, don't worry, I
believe I'll be able to get all the hardware (20U worth! loaded with
data) back, so the data won't be vanishing into thin air.  And, I don't
believe it is the only copy left on the 'net.)

I've removed everything from 4.8 and before from the easily spotted
space on the mirror, so it is now only available in a directory clearly
marked archive.

Nick.

Re: Multiple ISP-connections/Routing/Packet filtering

[Steven Surdock]

I ran OpenVPN on the loopback and did an rdr (back in the day).  It has
worked for me.

http://marc.info/?l=openbsd-miscm=119446553412564w=2

-Steve S.

 -Original Message-
 From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf
 Of Dr.-Ing. Torsten Finke
 Sent: Wednesday, January 11, 2012 10:48 AM
 To: misc@openbsd.org
 Subject: Re: Multiple ISP-connections/Routing/Packet filtering

 Hello Russell,

 On Wed, Jan 11, 2012 at 07:46:59AM -0500, Russell Garrison wrote:
  Have you considered routing domains?


 no I have not. According to your hint I started to study their
concept,
 but have not found a description that would meet my situation.


 Thanks for your idea and

 best regards


 Torsten


  On Tue, Jan 10, 2012 at 1:41 PM, Dr.-Ing. Torsten Finke
  torsten.fi...@igh-essen.com wrote:
   Hello Jorge,
  
   I read again your mail and now i'm lost !
  
   You Wrote:
  
   How can I force my Extl. FW to reply on exactly the same
interface
   it
 had been requested on?  For example I am running
 OpenVPN(1194/UDP) between my HomeOffice (Z=Client) and the
 Intl. FW(=Server). Alike I would appretiate
SSH-portforwarding
 from Internet to the Intl. FW. 
  
  
   SSH port forwarding from internet to Internal server is something
 like :
  
   ext_if=vr0
   ext_ip=1.2.3.4
   Spvt= 4.5.6.7
  
   match in on $ext_if proto tcp from any to $ext_ip port 22 rdr-to
   $Spvt
  
   pass in on $ext_if proto tcp from any to $Spvt port 22 pass out
on
   $int_if proto tcp from any to $Spvt port 22
  
  
  
  
   The above line redirects all traffic coming from any place in
   internet to my external IP ( 1.2.3.4) to the server  4.5.6.7
which
   is located in my internal lan, in other words the packet comes in
   on external interface , goes out on internal interface ..
  
   These works on OpenBSD 4.8 or newer !
  
   Is this what you need ?
  
   no. Obviously I have not explained clearly what my problem is.
  
   On my firewall I have TWO different internet connections. It is
   simple to forward - for instance ssh - from both connections to an
   internal machine. Now this machine answers and the firewall sends
   the reply back. How can I force the firewall to send the reply
over
   exactly that interface the request came in? The problem is that
the
   client anywhere on the internet expects the answer from the very
 address it had contacted. If now the reply comes from another address,
 it will get lost.
  
  
   Best regards
  
   Torsten
  
  
  
   On Tue, Jan 10, 2012 at 10:46 AM, Dr.-Ing. Torsten Finke 
   torsten.fi...@igh-essen.com wrote:
  
Hello Jorge,
   
 If i understood you well, the answer to your question is here
!


 http://www.openbsd.org/faq/pf/pools.html

 Under the section Load Balancing outgoing traffic, or take a
 look at:

 http://www.openbsd.org/faq/faq6.html#Multipath


 There are good examples there !

 I hope this can help !
   
thank you for this. The FAQ on pools has nice examples but none
of them really faces my problem. It discusses load balancing of
incoming traffic to several servers as well as load balancing
of
outgoing traffic. I cannot figure out how to dispatch replies
to
incoming requests over different connections.
   
The FAQ on multipath has helped me very well to set up multiple
default routes
- this works very well.
   
Best regards
   
Torsten
   
   
  Dear List,
 
  Here I show my network topology. Maybe it seems quite
  typical. My internal network is located behind an Intl/Extl
  Firewall which is connected to the Internet(IN) via
  pppoe/ppp(8). On the other side I run different systems,
for
  instance a home office network, a mobile laptop, and
several
 customers.
 
 
 +---+ +---+
 | A | | B | (PC)
 +-+-+ +-+-+
   | |   +-+
 --+-+---| Intl FW |---(DMZ)---+
 (LAN/int)   +-+   |
   |
  +---+
   |
 +---+
   |   
|
 Z | (PC)
   |  ()
 +---+
   |  +-+ pppoe/ppp(8) +---+  ()  ++
 |
   |  | |--| DSL-Modem |--()--| GW
|---
 -+-
   |  | | rl0/tun0 +---+  ()  ++
 (HomeOffice)
   +--| Extl FW | ( IN )
+
 --+
  | | pppoe/ppp(8) +---+  ()--|
 Customer |
  | |--| DSL-Modem |--()
+
 --+
  +-+ rl1/tun1 +---+  ()
+
 +
  OpenBSD 4.8 ()--|
Mobile
 |
 
  ++
 
  My question is about the setup of routing and packet
  filtering on the External 

Re: locate weirdness

[Philip Guenther]

On Wed, Jan 11, 2012 at 4:08 PM, L. V. Lammert l...@omnitec.net wrote:
 On Wed, 11 Jan 2012, Philip Guenther wrote:

  Agreed, .. but if locate.update does NOT run as root, that would seem to
  indicate some problem other than permissions.

 If you're saying what I think you're saying, then I disagree and think
 your logic is backwards.
 What user do you think locate.updatedb is run as?

 If it does not run as root, then it isn't a permission issue as running as
 root provides all required permissions, eh?

I'm sorry, but I don't understand that sentence.  It appears to
conflate running as root with not running as root, or I'm miscounting
the 'not's.

So let me try again: what user do you think locate.updatedb is run as?


 I have never seen locate.updatedb fail when run as root (3.0 to 5.0,
 actually), .. but, then, it isn't exactly 'failing', it just isn't
 indexing anything except /home.

I don't understand this sentence either.  If the word fail is
ambiguous or unclear, then use a different word instead!  I cannot
tell from what you wrote what behavior you saw when you manually ran
locate.updatedb as root on (say) 3.0.


Philip Guenther

Re: OpenBSD 5.0 Snapshot: ASUS Wireless Card - Not Configured

[Stuart Henderson]

On 2012-01-11, Steven w.steven.schnei...@ualberta.net wrote:
 * Christiano F. Haesbaert haesba...@haesbaert.org [120109 08:45]:
On 9 January 2012 02:21, Steven w.steven.schnei...@ualberta.net wrote:
 IC. Any recommendations for a good replacement wireless card?  I've
 read the list on the FAQ, but my experience in wireless cards is
 (besides the ASUS card) practically nil.

 Should I just hang on to the ASUS and see what happens with
 subsequent snapshots?

 Of course, I could just do both


ral(4) is usually a good recommendation, they're cheap and work well.

 Thanks, I'll look into that.  The command from up-on-high (my wife)
 is that she have wireless.  She doesn't much care how it's done.

 I'll hang on to the ASUS for now.  If a Dev needs an ASUS I'll be
 happy to donate it to the cause.  Drop me a line and I'll try to
 send it out as soon as I possibly can. :-)


What do you want to do with the wireless? Is this for acting as an
access point? (in this case I would be looking at athn(4) devices) or
just for connecting to an existing wireless network? (in which case
you are likely to have good luck by just picking up a random cheap
USB device).

El ADN de la Asistente Ejecutiva Moderna

[Marta Solis]

476525

[IMAGE]

Pms de Mixico prestigiada firma de Capacitacisn presenta:

La Asistente Ejecutiva Moderna

-Mas de 900 asistentes satisfechas nos respaldansupera con ixito los
retos del 2012.

-Obtenga las herramientas necesarias para alcanzar un sptimo desempeqo en
su funcisn.

!Reciba la informacisn completa! Por favor responda este e-mail con los
datos siguientes

Empresa

Nombre

Telifono

Email

Nzmero de Interesados

En breve recibira temario, reseqa de expositor y tarifas.

Pms Capacitacisn Efectiva de Mixico es una empresa Registrada ante la
STPS

Trabajamos con expertos en la materia para poder brindar herramientas
tacticas, vanguardistas y de facil aplicacisn.

100% Garantma de Satisfaccisn.

Si lo prefiere comunmquese a los telifonos donde con gusto uno de
nuestros ejecutivos le atendera.

Telifonos: (0133) 8851-2365, (0133) 8851-2741 con mas de 10 lmneas.

Smguenos en Twitter@pmscapacitacion o bien en Facebook PMS de Mixico

Copyright (C) 2011, PMS Capacitacisn Efectiva de Mixico  S.C. Derechos
Reservados.
E-Mail MARKETING SERVICE POWERED BY MEDIAMKTOOLS.

Este Mensaje ha sido enviado a misc@openbsd.org como usuario de Pms de
Mixico o bien un usuario le refiris para recibir este boletmn.
Como usuario de Pms de Mixico, en este acto autoriza de manera expresa
que Pms de Mixico le puede contactar vma correo electrsnico u otros
medios.
ALTO, si en esta ocasisn la informacisn recibida no fue de su interis
pero desea recibir informacisn personalizada en relacisn a otros temas
favor de indicarlo.
Si usted ha recibido este mensaje por error, haga caso omiso de el y de
antemano una sincera disculpa por la molestia, reporte su cuenta
respondiendo este correo con el subject BAJAEJECUTIVA
Unsubscribe to this mailing list, reply a blank message with the subject
UNSUBSCRIBE BAJAEJECUTIVA
Tenga en cuenta que la gestisn de nuestras bases de datos es de suma
importancia para nosotros y no es intencisn de la empresa la
inconformidad del receptor, nuestra intencisn es promover herramientas de
utilidad para el

[demime 1.01d removed an attachment of type image/jpeg which had a name of 
promo asistentes h.jpg]

Re: Multiple ISP-connections/Routing/Packet filtering

[Lawrence Teo]

Steven's method has worked for me as well, with OpenVPN on OpenBSD 4.9.

Lawrence

On Wed, Jan 11, 2012 at 07:48:55PM -0500, Steven Surdock wrote:
 I ran OpenVPN on the loopback and did an rdr (back in the day).  It has
 worked for me.
 
 http://marc.info/?l=openbsd-miscm=119446553412564w=2
 
 -Steve S.
 
  -Original Message-
  From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf
  Of Dr.-Ing. Torsten Finke
  Sent: Wednesday, January 11, 2012 10:48 AM
  To: misc@openbsd.org
  Subject: Re: Multiple ISP-connections/Routing/Packet filtering
 
  Hello Russell,
 
  On Wed, Jan 11, 2012 at 07:46:59AM -0500, Russell Garrison wrote:
   Have you considered routing domains?
 
 
  no I have not. According to your hint I started to study their
 concept,
  but have not found a description that would meet my situation.
 
 
  Thanks for your idea and
 
  best regards
 
 
  Torsten
 
 
   On Tue, Jan 10, 2012 at 1:41 PM, Dr.-Ing. Torsten Finke
   torsten.fi...@igh-essen.com wrote:
Hello Jorge,
   
I read again your mail and now i'm lost !
   
You Wrote:
   
How can I force my Extl. FW to reply on exactly the same
 interface
it
  had been requested on?  For example I am running
  OpenVPN(1194/UDP) between my HomeOffice (Z=Client) and the
  Intl. FW(=Server). Alike I would appretiate
 SSH-portforwarding
  from Internet to the Intl. FW. 
   
   
SSH port forwarding from internet to Internal server is something
  like :
   
ext_if=vr0
ext_ip=1.2.3.4
Spvt= 4.5.6.7
   
match in on $ext_if proto tcp from any to $ext_ip port 22 rdr-to
$Spvt
   
pass in on $ext_if proto tcp from any to $Spvt port 22 pass out
 on
$int_if proto tcp from any to $Spvt port 22
   
   
   
   
The above line redirects all traffic coming from any place in
internet to my external IP ( 1.2.3.4) to the server  4.5.6.7
 which
is located in my internal lan, in other words the packet comes in
on external interface , goes out on internal interface ..
   
These works on OpenBSD 4.8 or newer !
   
Is this what you need ?
   
no. Obviously I have not explained clearly what my problem is.
   
On my firewall I have TWO different internet connections. It is
simple to forward - for instance ssh - from both connections to an
internal machine. Now this machine answers and the firewall sends
the reply back. How can I force the firewall to send the reply
 over
exactly that interface the request came in? The problem is that
 the
client anywhere on the internet expects the answer from the very
  address it had contacted. If now the reply comes from another address,
  it will get lost.
   
   
Best regards
   
Torsten
   
   
   
On Tue, Jan 10, 2012 at 10:46 AM, Dr.-Ing. Torsten Finke 
torsten.fi...@igh-essen.com wrote:
   
 Hello Jorge,

  If i understood you well, the answer to your question is here
 !
 
 
  http://www.openbsd.org/faq/pf/pools.html
 
  Under the section Load Balancing outgoing traffic, or take a
  look at:
 
  http://www.openbsd.org/faq/faq6.html#Multipath
 
 
  There are good examples there !
 
  I hope this can help !

 thank you for this. The FAQ on pools has nice examples but none
 of them really faces my problem. It discusses load balancing of
 incoming traffic to several servers as well as load balancing
 of
 outgoing traffic. I cannot figure out how to dispatch replies
 to
 incoming requests over different connections.

 The FAQ on multipath has helped me very well to set up multiple
 default routes
 - this works very well.

 Best regards

 Torsten


   Dear List,
  
   Here I show my network topology. Maybe it seems quite
   typical. My internal network is located behind an Intl/Extl
   Firewall which is connected to the Internet(IN) via
   pppoe/ppp(8). On the other side I run different systems,
 for
   instance a home office network, a mobile laptop, and
 several
  customers.
  
  
  +---+ +---+
  | A | | B | (PC)
  +-+-+ +-+-+
| |   +-+
  --+-+---| Intl FW |---(DMZ)---+
  (LAN/int)   +-+   |
|
   +---+
|
  +---+
|   
 |
  Z | (PC)
|  ()
  +---+
|  +-+ pppoe/ppp(8) +---+  ()  ++
  |
|  | |--| DSL-Modem |--()--| GW
 |---
  -+-
|  | | rl0/tun0 +---+  ()  ++
  (HomeOffice)
+--| Extl FW | ( IN )
 +
  --+
   | | pppoe/ppp(8) +---+  ()--|
  Customer |
   | 

NAT Firewalls and Client IPs in SSL Requests

[Sam Vaughan]

I have a web server handling predominantly https traffic sitting on a DMZ
behind a CARP'd firewall of two ALIX 2D3s.

Since the firewall is NATting traffic to the web server, the source IP of
requests arriving at the web server is always the firewall's CARP address on
the DMZ.  I'd like the server to see the original client IP.

The only solution I can think of is to use relayd, pound etc. as a layer 7
reverse proxy on the firewall that decrypts the SSL and inserts an
X-Forwarded-For header.  The problem there though is that the firewall is
lightweight with just a 500MHz Geode, whereas the web server has dual quad
core 2.3GHz E5410 Xeons sitting mostly idle.  Even if the firewall can handle
the load now, it'll quickly become a bottleneck if traffic increases.

There might be hardware accelerator products that will work with the ALIX
boards, but it seems to me that scalability in future will depend on
separating the SSL decryption from the firewall.

How can I get the best of both worlds, offloading the SSL decryption from the
firewall without losing the client's IP?  Do any reverse proxies support
handing off just the decryption load to other machines?  How do big sites
separate their SSL decryption from their firewalls without losing this
valuable information?

Thanks in advance,

Sam

Re: OpenBSD 5.0 Snapshot: ASUS Wireless Card - Not Configured

[Steven]

* Stuart Henderson s...@spacehopper.org [120111 19:00]:

Date: Thu, 12 Jan 2012 01:42:11 + (UTC)
From: Stuart Henderson s...@spacehopper.org
To: misc@openbsd.org
Subject: Re: OpenBSD 5.0 Snapshot: ASUS Wireless Card - Not Configured
Content-Type: text/plain; charset=us-ascii
User-Agent: slrn/0.9.9p1 (OpenBSD)
Sender: owner-m...@openbsd.org

On 2012-01-11, Steven w.steven.schnei...@ualberta.net wrote:

* Christiano F. Haesbaert haesba...@haesbaert.org [120109 08:45]:

On 9 January 2012 02:21, Steven w.steven.schnei...@ualberta.net wrote:

IC. Any recommendations for a good replacement wireless card?  I've
read the list on the FAQ, but my experience in wireless cards is
(besides the ASUS card) practically nil.

Should I just hang on to the ASUS and see what happens with
subsequent snapshots?

Of course, I could just do both



ral(4) is usually a good recommendation, they're cheap and work well.


Thanks, I'll look into that.  The command from up-on-high (my wife)
is that she have wireless.  She doesn't much care how it's done.

I'll hang on to the ASUS for now.  If a Dev needs an ASUS I'll be
happy to donate it to the cause.  Drop me a line and I'll try to
send it out as soon as I possibly can. :-)



What do you want to do with the wireless? Is this for acting as an
access point? (in this case I would be looking at athn(4) devices) or
just for connecting to an existing wireless network? (in which case
you are likely to have good luck by just picking up a random cheap
USB device).


It would act as an access point.  We have several wireless devices
(ie. my wife's laptop) and I want to implement a wireless network
for these devices.

--
W. Steven Schneider  w.steven.schnei...@ualberta.net

Re: CARP strangeness after 5.0 upgrade

[Markus Wernig]

On 01/12/12 00:05, Markus Wernig wrote:

 If I set net.inet.carp.log=7, I get lots of the following on both fws,
 only for carp1 and carp2, never for carp0 and carp3:
 carp2: ip_output failed: 65
 carp1: ip_output failed: 65
 carp2: ip_output failed: 65
 carp1: ip_output failed: 65
 carp2: ip_output failed: 65
 carp1: ip_output failed: 65

Hi all

After another round of reboots (no config changed) this has now shifted
to carp2 and carp3:
Jan 12 08:33:17 fw1 /bsd: carp2: ip_output failed: 65
Jan 12 08:33:17 fw1 /bsd: carp3: ip_output failed: 65
Jan 12 08:33:18 fw1 /bsd: carp2: ip_output failed: 65
Jan 12 08:33:18 fw1 /bsd: carp3: ip_output failed: 65

And consequently tcpdump shows outgoing carp traffic on em0 and em1 only.

Does anybody have an idea where to search further?

krgds /markus