date:20130222

Re: viomb0 at virtio0panic: Non dma-reachable buffer at curaddr 0x11f7c0a14(raw)

2013-02-22 Thread Johan Huldtgren

On 2/22/13 8:21 PM, Johan Huldtgren wrote:
> hello,
>
> upgraded to the latest amd64 snapshot today (dated Feb 21st) and
> server panics on boot. This is a KVM guest at a hosted facility, as I
> can't boot I am unable to get a dmesg, but here is the text from the
> panic (with the last few lines)
>
> vga1 at pci0 dev 2 function 0 "Cirrus Logic CL-GD5446" rev 0x00
> wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
> wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
> em0 at pci0 dev 3 function 0 "Intel PRO/1000MT (82540EM)" rev 0x03:
> apic 1 int 11, address 52:54:00:4e:22:85
> virtio0 at pci0 dev 4 function 0 "Qumranet Virtio Memory" rev 0x00:
> Virtio Memory Balloon Device
> viomb0 at virtio0panic: Non dma-reachable buffer at curaddr 0x11f7c0a14(raw)
> Stopped at   Debugger+0x5:   leave
> Debugger() at Debugger+0x5
> panic() at panic+0xe4
> _bus_dmamap_load_buffer() at _bus_dmamap_load_buffer+0x198
> _bus_dmamap_load() at _bus_dmamap_load+0x68
> viomb_attach() at viomb_attach+0x219
> config_attach() at config_attach+0x1d4
> virtio_pci_attach() at virtio_pci_attach+0x144
> config_attach() at config_attach+0x1d4
> pci_probe_device() at pci_probe_device+0x3e2
> pci_enumerate_bus() at pci_enumerate_bus+0xe9
> end trace frame: 0x80e64d80, count: 0
> RUN AT LEAST 'trace' AND 'ps' AND INCLUDE OUTPUT WHEN REPORTING THIS PANIC!
> DO NOT EVEN BOTHER REPORTING THIS WITHOUT INCLUDING THAT INFORMATION!
> ddb> trace
> Debugger() at Debugger+0x5
> panic() at panic+0xe4
> _bus_dmamap_load_buffer() at _bus_dmamap_load_buffer+0x198
> _bus_dmamap_load() at _bus_dmamap_load+0x68
> viomb_attach() at viomb_attach+0x219
> config_attach() at config_attach+0x1d4
> virtio_pci_attach() at virtio_pci_attach+0x1d4
> pci_probe_device() at pci_probe_device+0x3e2
> pci_enumerate_bus() at pci_enumerate_bus+0xe9
> config_attach() at config_attach_0x1d4
> mainbus_attach() at mainbus_attach+0x163
> config_attach() at config_attach+0x1d4
> cpu_configure() at cpu_configure+0x17
> main() at main+0x3d5
> end trace frame: 0x0, count: -15
> ddb> ps
>   PID   PPID PGRPUIDS   FLAGS  WAIT
>   COMMAND
> *0   -10 07
> 0x200   swapper
> ddb> show registers
> ds  0x2bd0
> es  0x48f0 acpi_pdirpa+0x3e8
> fs   0x1
> gs  0
> rdi  0x1
> rsi  0x5
> rbp 0x80e648e0end+0xd6540
> rbx 0x80822bd0   x86_bus_space_mem_ops+0x250
> rdx 0x8082093f_length_code+0xb1f
> rcx0
> rax 0x1
> r8   0x80e64800end+0xd6460
> r9   0x1
> r100
> r110x20
> r12  0x100
> r13  0x80e648f0end+0xd6550
> r14   0x8013d280
> r150
> rip  0x80459475Debugger+0x5
> cs   0x8
> rflags   0x202
> rsp 0x80e648e0end+0xd6540
> ss0x10
> Debugger+0x5: leave
> ddb>

bsd -c
disable viomb

got me back up and running at least. dmesg is attached for completeness.

.jh
OpenBSD 5.3 (GENERIC) #41: Thu Feb 21 20:31:41 MST 2013
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC
real mem = 4293853184 (4094MB)
avail mem = 4157087744 (3964MB)
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xfbd3f (10 entries)
bios0: vendor QEMU version "QEMU" date 01/01/2007
acpi0 at bios0: rev 0
acpi0: sleep states S3 S4 S5
acpi0: tables DSDT FACP APIC
acpi0: wakeup devices
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
acpiprt0 at acpi0: bus 0 (PCI0)
acpicpu0 at acpi0
mpbios at bios0 not configured
cpu0 at mainbus0: (uniprocessor)
cpu0: QEMU Virtual CPU version 0.9.1, 2667.29 MHz
cpu0: 
FPU,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SSE3,NXE,LONG,PERF
cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 64b/line 
16-way L2 cache
cpu0: ITLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped
cpu0: DTLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "Intel 82441FX" rev 0x02
pcib0 at pci0 dev 1 function 0 "Intel 82371SB ISA" rev 0x00
pciide0 at pci0 dev 1 function 1 "Intel 82371SB IDE" rev 0x00: DMA, channel 0 
wired to compati

rtl8188cus wifi usb dongle not in monitor mode?

2013-02-22 Thread Monthadar Al Jaberi

Hi,

I have a Dlink DWA121 that contains a realtek rtl8188cus chipset. It
is supported by openBSD with urtwn driver.

The man page for the driver states that the driver supports monitor mode.

So I wanted to try monitor mode. I installed openBSD 5.2 on a Pentium4
machine I have and did the following:

ifconfig urtwn0 chan 1
ifconfig urtwn0 mediaopt monitor
ifconfig urtwn0 up

Then I ran tcpdump -i urtwn0 -y IEEE802_11

But I only see frames that has broadcast as destination. For example I
could see ARP request and not the arp reply.

Any idea why? Wifi chip in monitor mode should receive all frame types.

Then I look a bit in the driver and found this:

void
urtwn_rxfilter_init(struct urtwn_softc *sc)
{
/* Initialize Rx filter. */
/* TODO: use better filter for monitor mode. */
urtwn_write_4(sc, R92C_RCR,
R92C_RCR_AAP | R92C_RCR_APM | R92C_RCR_AM | R92C_RCR_AB |
R92C_RCR_APP_ICV | R92C_RCR_AMF | R92C_RCR_HTC_LOC_CTRL |
R92C_RCR_APP_MIC | R92C_RCR_APP_PHYSTS);
/* Accept all multicast frames. */
urtwn_write_4(sc, R92C_MAR + 0, 0x);
urtwn_write_4(sc, R92C_MAR + 4, 0x);
/* Accept all management frames. */
urtwn_write_2(sc, R92C_RXFLTMAP0, 0x);
/* Reject all control frames. */
urtwn_write_2(sc, R92C_RXFLTMAP1, 0x);
/* Accept all data frames. */
urtwn_write_2(sc, R92C_RXFLTMAP2, 0x);
}

The comment talking about better filter for monitor mode caught my
attention. So I thought maybe you guys can help me?

I tried to run with the firmware that was checked in when the driver
first appeared in openBSD but I got same results.

Thank you in advance!
Monthadar

-- 
Monthadar Al Jaberi

Re: Softraid 1 Help

2013-02-22 Thread Robert

On Fri, 22 Feb 2013 12:00:06 -0600
Brandon Tanner  wrote:
> Thanks for any feedback.

Let's give you some more detailed advice (yes, you still need to read the man 
pages ;) )

1) MAKEDEV is only needed if the device you want doesn't yet exist in /dev. 
sd1, sd2 and sd3 are probably already there.

2) "man fdisk". Yes, you will need to do it on sd1 and sd2. It initializes the 
partition table.

3) "man disklabel". Create a partition on sd1 and sd2 called "a". This gives 
you sd1a and sd2a, your data partitions that you will use for the RAID. Read 
the man page to figure out what sd1c/sd2c is.

Read http://openbsd.org/faq/faq14.html to understand what fdisk and disklabel 
does.

4) "man bioctl". Now create a RAID1 device, using sd1a and sd2a as the "special 
devices". This will give you sd3 (or the next free number), your RAID disk.

5) Now you need to initialize this new sd3 disk like any other disk. Run fdisk 
on it, then disklabel, and you will end up with sd3a, your RAID data disk.

6) Final step; format this sd3a ("man newfs") and finally mount it.


This should give you an idea of what steps are required. But as previously 
suggested, read the FAQ and the man pages, and understand them ;) - unless you 
don't care about your data.

kind regards,
Robert

Re: Kernel Panic on 5.2 running on KVM

2013-02-22 Thread Stuart Henderson

On 2013-02-22, Peter Farmer  wrote:
> Unfortunately now getting "em0: watchdog timeout -- resetting" on my VMs
> (on 5.3-beta) , which also locks the terminal for me, so can't bring the
> network up :(

with -current you might want to try switching the network interface type
to virtio, using the vio(4) driver

Re: Precisions on ZFS (was: Millions of files in /var/www & inode / out of space issue.)

2013-02-22 Thread Peter Hessler

No, just end the thread.

-- 
There's an old proverb that says just about whatever you want it to.

Re: Precisions on ZFS (was: Millions of files in /var/www & inode / out of space issue.)

2013-02-22 Thread Miod Vallat

> Please, please, please, can someone port ZFS, just to end this endless
> thread...?

Please someone port HAMMER instead. We are only interested in free
software, with no strings attached.

Re: Precisions on ZFS (was: Millions of files in /var/www & inode / out of space issue.)

2013-02-22 Thread Dustin Fechner

Please, please, please, can someone port ZFS, just to end this endless
thread...?

Re: Precisions on ZFS (was: Millions of files in /var/www & inode / out of space issue.)

2013-02-22 Thread bofh

On Fri, Feb 22, 2013 at 3:27 AM, Tomas Bodzar  wrote:
> What's much more funny is that Oracle is paying for training and
> support to Joyent to be able to offer at least some level of support
> in ZFS for its own customers :D

http://www.youtube.com/watch?v=-zRN7XLCRhc

Funny rant half way through.  If you hate Oracle, start at 33:00.

Choice quote:  This is one of those Oracle conundrums. You decide to
leave and then you realize you can only pick one thing to quit over.

Within 45 days of Oracle close sourcing Solaris, all ZFS engineers
left. All DTrace engineers left. This is... incredible. And they all
went to illumos!

-- 
http://www.glumbert.com/media/shift
http://www.youtube.com/watch?v=tGvHNNOLnCk
"This officer's men seem to follow him merely out of idle curiosity."
-- Sandhurst officer cadet evaluation.
"Securing an environment of Windows platforms from abuse - external or
internal - is akin to trying to install sprinklers in a fireworks
factory where smoking on the job is permitted."  -- Gene Spafford
learn french:  http://www.youtube.com/watch?v=30v_g83VHK4

Re: Precisions on ZFS (was: Millions of files in /var/www & inode / out of space issue.)

2013-02-22 Thread Mike Jackson

Yeah, can I order one? This thread is hilariously funny! I even managed to get 
an entire car full of people laughing by reading it to them from my mobile.

Long live OpenBSD and long live ZFS -  I love you both!

On 22 Feb 2013, at 16:18, Brian Callahan  wrote:

> On 2/22/2013 8:02 AM, Ted Unangst wrote:
>> On Fri, Feb 22, 2013 at 06:42, Eric Furman wrote:
>>> Until your name is on this list;
>>> http://www.openbsd.org/cgi-bin/cvsweb/~checkout~/ports/geo/openbsd-developers/files/OpenBSD
>>> 
>>> YOU ARE NOT A DEVELOPER.
> 
> I'm making this into a shirt.
> 
> ~Brian

Re: Kernel Panic on 5.2 running on KVM

2013-02-22 Thread Peter Farmer

That's a little tricky from a VNC console, so this is the best I can do:

http://habanero.projectchilli.com/~pfarmer/screens/



On 22 February 2013 17:26, Chris Cappuccio  wrote:

> dmesg?
>
> Peter Farmer [pfarmer...@gmail.com] wrote:
> > Unfortunately now getting "em0: watchdog timeout -- resetting" on my VMs
> > (on 5.3-beta) , which also locks the terminal for me, so can't bring the
> > network up :(
> >
> >
> > On 22 February 2013 15:49, Peter Farmer  wrote:
> >
> > > Building a 5.3-beta template now, will let you know.
> > >
> > >
> > > On 22 February 2013 15:26, Chris Cappuccio  wrote:
> > >
> > >> before you go much further, try openbsd 5.3-beta first
> > >>
> > >> ftp://ftp.openbsd.org/pub/OpenBSD/snapshots/amd64/
> > >>
> > >> Peter Farmer [pfarmer...@gmail.com] wrote:
> > >> > Hi,
> > >> >
> > >> > I have a pair of OpenBSD 5.2 VMs running on KVM, they have a carp
> > >> interface
> > >> > and are running relayd to load balancer http traffic into two
> webservers
> > >> > (also VMs). While benchmarking the setup with ab, I noticed that the
> > >> > OpenBSD VMs panic'd, I can easily reproduce the panics. Here is a
> > >> typical
> > >> > stack trace:
> > >> >
> > >> > uvm_fault(0xfe807d0c62a8, 0x0, 0, 1) -> e
> > >> > kernel: page fault trap, code=0
> > >> > Stopped at  somove+0x22:movq0x78(%rdi),%r14
> > >> > ddb> somove() at somove+0x22
> > >> > sowwakeup() at sowwakeup+0x26
> > >> > tcp_input() at tcp_input+0x2a37
> > >> > ipv4_input() at ipv4_input+0x584
> > >> > ipintr() at ipintr+0x7f
> > >> > netintr() at netintr+0xd5
> > >> > softintr_dispatch() at softintr_dispatch+0x5d
> > >> > Xsoftnet() at Xsoftnet+0x28
> > >> > --- interrupt ---
> > >> > (null)() at 0x800021454e30
> > >> > end of kernel
> > >> > end trace frame: 0x4043c748, count: -9
> > >> > ddb>PID   PPID   PGRPUID  S   FLAGS  WAIT
>  COMMAND
> > >> >
> > >> >  13819  1  13819  0  30x80  selectsendmail
> > >> >  15713  1  15713  0  30x80  ttyin getty
> > >> >   3077  1   3077  0  30x80  ttyin getty
> > >> >   1982  1   1982  0  30x80  ttyin getty
> > >> >  12235  1  12235  0  30x80  ttyin getty
> > >> >  17057  1  17057  0  30x80  ttyin getty
> > >> >  23271  1  23271  0  30x80  selectcron
> > >> >   4619  1   4619  0  30x80  selectruby18
> > >> >  13722  1  13722 99  30x80  poll  sndiod
> > >> >  22844  18069  18069 89  30x80  kqreadrelayd
> > >> >  19323  18069  18069 89  30x80  kqreadrelayd
> > >> >   1643  18069  18069 89  30x80  kqreadrelayd
> > >> > *26499  18069  18069 89  7   0relayd
> > >> >  18069   9864  18069 89  30x80  kqreadrelayd
> > >> >  10272   9864  10272 89  30x80  kqreadrelayd
> > >> >  13354   9864  13354 89  30x80  kqreadrelayd
> > >> >   9864  1   9864  0  30x80  kqreadrelayd
> > >> >  22085  1  22085  0  30x80  selectsshd
> > >> >  18165  18463  19253 83  30x80  poll  ntpd
> > >> >  18463  19253  19253 83  30x80  poll  ntpd
> > >> >  19253  1  19253  0  30x80  poll  ntpd
> > >> >  26963  18156  18156 74  30x80  bpf   pflogd
> > >> >  18156  1  18156  0  30x80  netio pflogd
> > >> >  30594  10090  10090 73  20x80syslogd
> > >> >  10090  1  10090  0  30x80  netio syslogd
> > >> >   3510  1   3510 77  30x80  poll  dhclient
> > >> >  20348  1  22482  0  30x80  poll  dhclient
> > >> >  25124  1  25124 77  30x80  poll  dhclient
> > >> >  12672  1  22482  0  30x80  poll  dhclient
> > >> > 13  0  0  0  30x100200  aiodoned  aiodoned
> > >> > 12  0  0  0  30x100200  syncerupdate
> > >> > 11  0  0  0  30x100200  cleaner   cleaner
> > >> > 10  0  0  0  30x100200  reaperreaper
> > >> >  9  0  0  0  30x100200  pgdaemon  pagedaemon
> > >> >  8  0  0  0  30x100200  bored crypto
> > >> >  7  0  0  0  30x100200  pftm  pfpurge
> > >> >  6  0  0  0  30x100200  usbtskusbtask
> > >> >  5  0  0  0  30x100200  usbatsk   usbatsk
> > >> >  4  0  0  0  30x100200  acpi0 acpi0
> > >> >  3  0  0  0  30x100200  bored syswq
> > >> >  2  0  0  0  3  0x40100200idle0
> > >> >  1  0  1  0  30x80  wait

Re: Softraid 1 Help

2013-02-22 Thread Nick Holland


On 02/22/2013 01:00 PM, Brandon Tanner wrote:

Hello,

This is my first time posting to this list. I am wanting to setup a
softraid 1 array, with two 3TB drives. Every guide or howto I can find
though is about installing onto such an array. My case however, the boot
drive is on its own, a 250GB'er. I simply want to create the array with
softraid, mount it at /storage, and use it. Does anyone know of any guides
that cover this kind of scenario?


man bioctl.


I also have a few questions about what I read so far.

1. a few guides talk about using the MAKEDEV shell script. Do I still need
to use that for my scenario?


oy.  You have to understand what you are doing...not just type things 
randomly that you find on the 'net...


(I sometimes get tempted to post a page (anonymously, of course) of 
"tips" for people to do... all of which being slightly obfuscated 
versions of major data loss instructions, such as "rm -rf /" or "format 
c:", to use as a way to encourage people to understand what they are 
typing.  Other times, looking at some of the crap on the 'net, I see 
people have beat me to it, unintentionally)



2. Also, since my target array will not be a bootable array, do I still
need to fdisk -yi the devices? I read in the FAQ that fdisk won't report
the sizes correctly, but that I shouldn't worry though, since disklabel
with the b option will cover it.


why would you not want to do the fdisk step?
Can you live without it?...well, if done perfectly, probably.  I'd 
suggest just following the man page...  If you got to ask, just do it 
right.  If you understand, you will probably opt to do it right, too.



3. My two identical 3TB drives are sd1 and sd2, and bioctl reported that
sd3 is created. I ran newfs -O 2 on it, and that seemed to work. I can't
figure out how to mount it though. mount /dev/rsd3c /storage says something
about block device required.


um. you ran newfs on what?
yes, you created sd3...but you still have to fdisk it, disklabel it, and 
THEN you can format the partitions.


And, you don't use the 'c' partition as a file system.  ever.  Just 
don't.  (and for those in the peanut gallery who say, "but I got away 
with it!", no, it just didn't bite you yet).


See FAQ14...

you can skip the "-O2", unless you are making an under-sized partition 
you may later want to growfs to FFS2 size.


Nick.

Re: Softraid 1 Help

2013-02-22 Thread noah pugsley

You haven't added any partitions to the raid set you created. And then
you're trying to mount that using the raw mode device. Either you're
reading a bad tutorial or didn't follow all the steps.

Add a partition and try mounting that using the block device, sd3, not rsd3.

You owe it to yourself to read at least the sectiom of the faq covering disks.

-noah

On 2/22/13, Brandon Tanner  wrote:
> Hello,
>
> This is my first time posting to this list. I am wanting to setup a
> softraid 1 array, with two 3TB drives. Every guide or howto I can find
> though is about installing onto such an array. My case however, the boot
> drive is on its own, a 250GB'er. I simply want to create the array with
> softraid, mount it at /storage, and use it. Does anyone know of any guides
> that cover this kind of scenario?
>
> I also have a few questions about what I read so far.
>
> 1. a few guides talk about using the MAKEDEV shell script. Do I still need
> to use that for my scenario?
>
> 2. Also, since my target array will not be a bootable array, do I still
> need to fdisk -yi the devices? I read in the FAQ that fdisk won't report
> the sizes correctly, but that I shouldn't worry though, since disklabel
> with the b option will cover it.
>
> 3. My two identical 3TB drives are sd1 and sd2, and bioctl reported that
> sd3 is created. I ran newfs -O 2 on it, and that seemed to work. I can't
> figure out how to mount it though. mount /dev/rsd3c /storage says something
> about block device required.
>
> That's about as far as I got.
>
> Thanks for any feedback.
>
> -Pyrite

Re: OpenBSD5.3-beta, kernel panic : pf.conf with once option

2013-02-22 Thread Wesley M.A.


Le 2013-02-22 21:41, Mike Belopuhov a écrit :


short answer: don't do that.  you have to use an anchor.

regarding the actual crash -- i'll look at it asap.



Thank you very much for your reply, your advice.

Wesley

Softraid 1 Help

2013-02-22 Thread Brandon Tanner

Hello,

This is my first time posting to this list. I am wanting to setup a
softraid 1 array, with two 3TB drives. Every guide or howto I can find
though is about installing onto such an array. My case however, the boot
drive is on its own, a 250GB'er. I simply want to create the array with
softraid, mount it at /storage, and use it. Does anyone know of any guides
that cover this kind of scenario?

I also have a few questions about what I read so far.

1. a few guides talk about using the MAKEDEV shell script. Do I still need
to use that for my scenario?

2. Also, since my target array will not be a bootable array, do I still
need to fdisk -yi the devices? I read in the FAQ that fdisk won't report
the sizes correctly, but that I shouldn't worry though, since disklabel
with the b option will cover it.

3. My two identical 3TB drives are sd1 and sd2, and bioctl reported that
sd3 is created. I ran newfs -O 2 on it, and that seemed to work. I can't
figure out how to mount it though. mount /dev/rsd3c /storage says something
about block device required.

That's about as far as I got.

Thanks for any feedback.

-Pyrite

Re: OpenBSD5.3-beta, kernel panic : pf.conf with once option

2013-02-22 Thread Mike Belopuhov

On 22 February 2013 14:02, Wesley M.A.  wrote:
> Hi,
>
> I'm running :
> kern.version=OpenBSD 5.3-beta (GENERIC) #33: Fri Feb 15 17:03:34 MST 2013
> dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC
>
> 2 network cards : bge0 and axe0
>
> "pfctl -vf /etc/pf.conf" load the ruleset, but just after i do "telnet
> hostname.on.internet 110" this on a workstation, i have a kernel panic on my
> OpenBSD gateway :
>
> uvm_fault(0xd0a51660,0x0, 0, 1) -> e
> Kernel: page fault trap, code=0
> Stopped at pf_purge_rule +0x11: mov 0x10(%ebx),%eax
>
>
> my pf.conf :
> 
> ports_tcp="{80 25 443 587 995 21}"
> set skip on lo
> match out on egress inet from bge0:network to any nat-to egress
> block log all
> pass out
> pass in on bge0 inet proto icmp icmp-type echoreq
> pass in on bge0 inet proto tcp from bge0:network to any port $ports_tcp
> pass in on bge0 inet proto tcp from bge0:network to any port 110 once
> pass in on bge0 inet proto udp from bge0:network to any port domain
> pass in on bge0 inet proto tcp from bge0:network to any port 22
>

short answer: don't do that.  you have to use an anchor.

regarding the actual crash -- i'll look at it asap.

Re: Kernel Panic on 5.2 running on KVM

2013-02-22 Thread Peter Farmer

Unfortunately now getting "em0: watchdog timeout -- resetting" on my VMs
(on 5.3-beta) , which also locks the terminal for me, so can't bring the
network up :(


On 22 February 2013 15:49, Peter Farmer  wrote:

> Building a 5.3-beta template now, will let you know.
>
>
> On 22 February 2013 15:26, Chris Cappuccio  wrote:
>
>> before you go much further, try openbsd 5.3-beta first
>>
>> ftp://ftp.openbsd.org/pub/OpenBSD/snapshots/amd64/
>>
>> Peter Farmer [pfarmer...@gmail.com] wrote:
>> > Hi,
>> >
>> > I have a pair of OpenBSD 5.2 VMs running on KVM, they have a carp
>> interface
>> > and are running relayd to load balancer http traffic into two webservers
>> > (also VMs). While benchmarking the setup with ab, I noticed that the
>> > OpenBSD VMs panic'd, I can easily reproduce the panics. Here is a
>> typical
>> > stack trace:
>> >
>> > uvm_fault(0xfe807d0c62a8, 0x0, 0, 1) -> e
>> > kernel: page fault trap, code=0
>> > Stopped at  somove+0x22:movq0x78(%rdi),%r14
>> > ddb> somove() at somove+0x22
>> > sowwakeup() at sowwakeup+0x26
>> > tcp_input() at tcp_input+0x2a37
>> > ipv4_input() at ipv4_input+0x584
>> > ipintr() at ipintr+0x7f
>> > netintr() at netintr+0xd5
>> > softintr_dispatch() at softintr_dispatch+0x5d
>> > Xsoftnet() at Xsoftnet+0x28
>> > --- interrupt ---
>> > (null)() at 0x800021454e30
>> > end of kernel
>> > end trace frame: 0x4043c748, count: -9
>> > ddb>PID   PPID   PGRPUID  S   FLAGS  WAIT  COMMAND
>> >
>> >  13819  1  13819  0  30x80  selectsendmail
>> >  15713  1  15713  0  30x80  ttyin getty
>> >   3077  1   3077  0  30x80  ttyin getty
>> >   1982  1   1982  0  30x80  ttyin getty
>> >  12235  1  12235  0  30x80  ttyin getty
>> >  17057  1  17057  0  30x80  ttyin getty
>> >  23271  1  23271  0  30x80  selectcron
>> >   4619  1   4619  0  30x80  selectruby18
>> >  13722  1  13722 99  30x80  poll  sndiod
>> >  22844  18069  18069 89  30x80  kqreadrelayd
>> >  19323  18069  18069 89  30x80  kqreadrelayd
>> >   1643  18069  18069 89  30x80  kqreadrelayd
>> > *26499  18069  18069 89  7   0relayd
>> >  18069   9864  18069 89  30x80  kqreadrelayd
>> >  10272   9864  10272 89  30x80  kqreadrelayd
>> >  13354   9864  13354 89  30x80  kqreadrelayd
>> >   9864  1   9864  0  30x80  kqreadrelayd
>> >  22085  1  22085  0  30x80  selectsshd
>> >  18165  18463  19253 83  30x80  poll  ntpd
>> >  18463  19253  19253 83  30x80  poll  ntpd
>> >  19253  1  19253  0  30x80  poll  ntpd
>> >  26963  18156  18156 74  30x80  bpf   pflogd
>> >  18156  1  18156  0  30x80  netio pflogd
>> >  30594  10090  10090 73  20x80syslogd
>> >  10090  1  10090  0  30x80  netio syslogd
>> >   3510  1   3510 77  30x80  poll  dhclient
>> >  20348  1  22482  0  30x80  poll  dhclient
>> >  25124  1  25124 77  30x80  poll  dhclient
>> >  12672  1  22482  0  30x80  poll  dhclient
>> > 13  0  0  0  30x100200  aiodoned  aiodoned
>> > 12  0  0  0  30x100200  syncerupdate
>> > 11  0  0  0  30x100200  cleaner   cleaner
>> > 10  0  0  0  30x100200  reaperreaper
>> >  9  0  0  0  30x100200  pgdaemon  pagedaemon
>> >  8  0  0  0  30x100200  bored crypto
>> >  7  0  0  0  30x100200  pftm  pfpurge
>> >  6  0  0  0  30x100200  usbtskusbtask
>> >  5  0  0  0  30x100200  usbatsk   usbatsk
>> >  4  0  0  0  30x100200  acpi0 acpi0
>> >  3  0  0  0  30x100200  bored syswq
>> >  2  0  0  0  3  0x40100200idle0
>> >  1  0  1  0  30x80  wait  init
>> >  0 -1  0  0  3   0x200  scheduler swapper
>> > ddb> rebooting...
>> >
>> >
>> > dmesg from same machine:
>> >
>> > OpenBSD 5.2 (GENERIC) #309: Wed Aug  1 09:58:55 MDT 2012
>> > dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC
>> > real mem = 2146369536 (2046MB)
>> > avail mem = 2066952192 (1971MB)
>> > mainbus0 at root
>> > bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xfbc4f (10 entries)
>> > bios0: vendor QEMU version "QEMU" date 01/01/2007
>> > acpi0 at bios0: rev 0
>> > acpi0: sleep states S3 S4 S5
>> > acpi0: tables

Re: Snort, DAQ, and established flow

2013-02-22 Thread Wesley M.A.


Le 2013-02-22 20:34, Lawrence Teo a écrit :
So when you start Snort with the rc.d script, the rc.d script runs 
snort

with -c /etc/snort/snort.conf, so it knows where to find the DAQ
modules.

If you want to use snort -v without using the config file:

snort --daq-dir=/usr/local/lib/daq/ -v

Lawrence


Thank you very much.

Wesley

Re: Snort, DAQ, and established flow

2013-02-22 Thread Lawrence Teo

On Fri, Feb 22, 2013 at 08:19:04PM +0400, Wesley M.A. wrote:
> >Please read /usr/local/share/doc/pkg-readmes/snort-2.9.4.0 for
> >OpenBSD-specific Snort documentation.  Specifically, the
> >recommended way
> >to start Snort is to use the /etc/rc.d/snort script.  The rc.d(8) man
> >page has information about rc.d scripts.
> >
> >Hope this helps,
> >Lawrence
> 
> You are very funny, i already read /usr/local/share/doc/pkg-readmes/*

I just wanted to make sure you didn't miss those docs.

> And the same for :
> Configure /etc/snort/snort.conf (HOME_NET, EXTERNAL_NET,
> var...RULES) local.rules file
> And put pkg_scripts="snort" in /etc/rc.conf.local and start it
> manually with /etc/rc.d/snort start
> 
> Therefore thank you for your trie.

/etc/snort/snort.conf contains this line:

config daq_dir: /usr/local/lib/daq/

So when you start Snort with the rc.d script, the rc.d script runs snort
with -c /etc/snort/snort.conf, so it knows where to find the DAQ
modules.

If you want to use snort -v without using the config file:

snort --daq-dir=/usr/local/lib/daq/ -v

Lawrence

Re: Snort, DAQ, and established flow

2013-02-22 Thread Wesley M.A.


Please read /usr/local/share/doc/pkg-readmes/snort-2.9.4.0 for
OpenBSD-specific Snort documentation.  Specifically, the recommended 
way

to start Snort is to use the /etc/rc.d/snort script.  The rc.d(8) man
page has information about rc.d scripts.

Hope this helps,
Lawrence


You are very funny, i already read /usr/local/share/doc/pkg-readmes/*

And the same for :
Configure /etc/snort/snort.conf (HOME_NET, EXTERNAL_NET, var...RULES) 
local.rules file
And put pkg_scripts="snort" in /etc/rc.conf.local and start it manually 
with /etc/rc.d/snort start


Therefore thank you for your trie.

Cheers,

Wesley

Re: Snort, DAQ, and established flow

2013-02-22 Thread Lawrence Teo

On Fri, Feb 22, 2013 at 03:05:36PM +0400, Wesley M.A. wrote:
> Hi,
> 
> I use OpenBSD 5.3-beta
> kern.version=OpenBSD 5.3-beta (GENERIC) #33: Fri Feb 15 17:03:34 MST
> 2013
> dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC
> 
> I have some questions:
> 
> 1) If i run this :  $(whereis snort) -v # give me :
> Running in packet dump mode
> 
> --== Initializing Snort ==--
> Initializing Output Plugins!
> ERROR: Can't find pcap DAQ!
> Fatal Error, Quitting..
> 
> what is missing ? i already tried add p5-Net-Pcap, py-libpcap, same
> error...

Please read /usr/local/share/doc/pkg-readmes/snort-2.9.4.0 for
OpenBSD-specific Snort documentation.  Specifically, the recommended way
to start Snort is to use the /etc/rc.d/snort script.  The rc.d(8) man
page has information about rc.d scripts.

Hope this helps,
Lawrence

Re: Downlink speed limit

2013-02-22 Thread Jes

Tested with a 54Mbps wireless connection and pf disabled, the problem 
remains. My wifi card is:


iwn0 at pci2 dev 0 function 0 "Intel Centrino Advanced-N 6200" rev 0x35: 
msi, MIMO 2T2R, MoW


the problem remains: bandwithd limited to 4Mbps  (tested with speedof.me).

So, it's not an em0 or iwn0 related issue. The same laptop with fedora 
18 gets 20Mbps.


My kernel es 5.3 Generic amd64, snapshot from february 17.

My laptop is a Thinkpad T410.

No special customizations in /etc/sysctl.conf, only:


machdep.allowaperture=2 # See xf86(4)
#Users can mount
kern.usermount=1
kern.bufcachepercent=50
#Laptop lid suspend (not active)
machdep.lidsuspend=0

#Ip Forwarding
net.inet.ip.forwarding=1

net.inet.ip.ifq.maxlen=512 # Maximum allowed input queue length 
(256*number of interfaces)


#Samba
kern.maxfiles=16384


Some clue?

Thanks,

Jes



On 02/21/13 20:51, sven falempin wrote:



On Thu, Feb 21, 2013 at 12:39 PM, Jes > wrote:


Hi Sven:

My laptop is a Thinkpad T410, with two disks. Fedora 18 installed
in the
first, and OpenBSD in the second. The ethernet card is:

em0 at pci0 dev 25 function 0 "Intel 82577LM" rev 0x06: msi, address
f0:de:f1:11:5e:42


# netstat -i
NameMtu   Network Address  Ipkts Ierrs Opkts
Oerrs Colls
lo0 33152   12 0 12
0 0
lo0 33152 localhost/1 localhost   12 0 12
0 0
lo0 33152 fe80::%lo0/ fe80::1%lo0 12 0 12
0 0
lo0 33152 localhost   localhost   12 0 12
0 0
em0 1500f0:de:f1:11:5e:4247578 0   8230
0 0
em0 1500  fe80::%em0/ fe80::f2de:f1ff:f47578 0 8230  
  0 0
em0 1500  185.14.165. 185.14.165.83.dyn47578 0 8230  
  0 0
iwn0*   150000:27:10:81:bf:1c0 0  0
0 0
enc0*   00 0  0
0 0
pflog0  331520 0  0
0 0



# vmstat -i
interrupt   total rate
irq0/clock 589062  399
irq0/ipi  1377979  933
irq144/acpi0  2950
irq100/inteldrm0 85435
irq112/em0  50136   33
irq96/ehci0 28840   19
irq176/azalia0   64064
irq101/ehci1   260
irq102/ahci046781   31
irq145/pckbc043872
irq146/pckbc0  287700  194
Total 2400155 1626


# uname -a
OpenBSD openfourten.my.domain 5.3 GENERIC.MP#36
 amd64


# ping www.yahoo.com 
PING ds-eu-fp3.wa1.b.yahoo.com 
(87.248.122.122): 56 data bytes
64 bytes from 87.248.122.122 : icmp_seq=0
ttl=51 time=102.293 ms
64 bytes from 87.248.122.122 : icmp_seq=1
ttl=51 time=103.218 ms
64 bytes from 87.248.122.122 : icmp_seq=2
ttl=51 time=108.620 ms
64 bytes from 87.248.122.122 : icmp_seq=3
ttl=51 time=100.815 ms
64 bytes from 87.248.122.122 : icmp_seq=4
ttl=51 time=109.586 ms
64 bytes from 87.248.122.122 : icmp_seq=5
ttl=51 time=107.245 ms
64 bytes from 87.248.122.122 : icmp_seq=6
ttl=51 time=108.278 ms
64 bytes from 87.248.122.122 : icmp_seq=7
ttl=51 time=103.384 ms

# cat /etc/hostname.em0
dhcp



# ifconfig em0
em0: flags=8843 mtu 1500
 lladdr f0:de:f1:11:5e:42
 priority: 0
 groups: egress
 media: Ethernet autoselect (100baseTX
full-duplex,rxpause,txpause)
 status: active
 inet6 fe80::f2de:f1ff:fe11:5e42%em0 prefixlen 64 scopeid 0x1
 inet 83.165.14.185 netmask 0xf800 broadcast 83.165.15.255




# netstat -s
ip:
 9994 total packets received
 0 bad header checksums
 0 with size smaller than minimum
 0 with data size < data length
 0 with header length < data size
 0 with data length < header length
 0 with bad options
 0 with incorrect version number
 0 fragments received
 0 fragments dropped (duplicates or out of space)
 0 malformed fragments dropped
 0 fragments dropped after timeout
 0 packets reassembled ok
 9982 packets for this host
 0 packets for unknown/unsupported protocol
 0 packets forwarded

Re: Kernel Panic on 5.2 running on KVM

2013-02-22 Thread Peter Farmer

Building a 5.3-beta template now, will let you know.


On 22 February 2013 15:26, Chris Cappuccio  wrote:

> before you go much further, try openbsd 5.3-beta first
>
> ftp://ftp.openbsd.org/pub/OpenBSD/snapshots/amd64/
>
> Peter Farmer [pfarmer...@gmail.com] wrote:
> > Hi,
> >
> > I have a pair of OpenBSD 5.2 VMs running on KVM, they have a carp
> interface
> > and are running relayd to load balancer http traffic into two webservers
> > (also VMs). While benchmarking the setup with ab, I noticed that the
> > OpenBSD VMs panic'd, I can easily reproduce the panics. Here is a typical
> > stack trace:
> >
> > uvm_fault(0xfe807d0c62a8, 0x0, 0, 1) -> e
> > kernel: page fault trap, code=0
> > Stopped at  somove+0x22:movq0x78(%rdi),%r14
> > ddb> somove() at somove+0x22
> > sowwakeup() at sowwakeup+0x26
> > tcp_input() at tcp_input+0x2a37
> > ipv4_input() at ipv4_input+0x584
> > ipintr() at ipintr+0x7f
> > netintr() at netintr+0xd5
> > softintr_dispatch() at softintr_dispatch+0x5d
> > Xsoftnet() at Xsoftnet+0x28
> > --- interrupt ---
> > (null)() at 0x800021454e30
> > end of kernel
> > end trace frame: 0x4043c748, count: -9
> > ddb>PID   PPID   PGRPUID  S   FLAGS  WAIT  COMMAND
> >
> >  13819  1  13819  0  30x80  selectsendmail
> >  15713  1  15713  0  30x80  ttyin getty
> >   3077  1   3077  0  30x80  ttyin getty
> >   1982  1   1982  0  30x80  ttyin getty
> >  12235  1  12235  0  30x80  ttyin getty
> >  17057  1  17057  0  30x80  ttyin getty
> >  23271  1  23271  0  30x80  selectcron
> >   4619  1   4619  0  30x80  selectruby18
> >  13722  1  13722 99  30x80  poll  sndiod
> >  22844  18069  18069 89  30x80  kqreadrelayd
> >  19323  18069  18069 89  30x80  kqreadrelayd
> >   1643  18069  18069 89  30x80  kqreadrelayd
> > *26499  18069  18069 89  7   0relayd
> >  18069   9864  18069 89  30x80  kqreadrelayd
> >  10272   9864  10272 89  30x80  kqreadrelayd
> >  13354   9864  13354 89  30x80  kqreadrelayd
> >   9864  1   9864  0  30x80  kqreadrelayd
> >  22085  1  22085  0  30x80  selectsshd
> >  18165  18463  19253 83  30x80  poll  ntpd
> >  18463  19253  19253 83  30x80  poll  ntpd
> >  19253  1  19253  0  30x80  poll  ntpd
> >  26963  18156  18156 74  30x80  bpf   pflogd
> >  18156  1  18156  0  30x80  netio pflogd
> >  30594  10090  10090 73  20x80syslogd
> >  10090  1  10090  0  30x80  netio syslogd
> >   3510  1   3510 77  30x80  poll  dhclient
> >  20348  1  22482  0  30x80  poll  dhclient
> >  25124  1  25124 77  30x80  poll  dhclient
> >  12672  1  22482  0  30x80  poll  dhclient
> > 13  0  0  0  30x100200  aiodoned  aiodoned
> > 12  0  0  0  30x100200  syncerupdate
> > 11  0  0  0  30x100200  cleaner   cleaner
> > 10  0  0  0  30x100200  reaperreaper
> >  9  0  0  0  30x100200  pgdaemon  pagedaemon
> >  8  0  0  0  30x100200  bored crypto
> >  7  0  0  0  30x100200  pftm  pfpurge
> >  6  0  0  0  30x100200  usbtskusbtask
> >  5  0  0  0  30x100200  usbatsk   usbatsk
> >  4  0  0  0  30x100200  acpi0 acpi0
> >  3  0  0  0  30x100200  bored syswq
> >  2  0  0  0  3  0x40100200idle0
> >  1  0  1  0  30x80  wait  init
> >  0 -1  0  0  3   0x200  scheduler swapper
> > ddb> rebooting...
> >
> >
> > dmesg from same machine:
> >
> > OpenBSD 5.2 (GENERIC) #309: Wed Aug  1 09:58:55 MDT 2012
> > dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC
> > real mem = 2146369536 (2046MB)
> > avail mem = 2066952192 (1971MB)
> > mainbus0 at root
> > bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xfbc4f (10 entries)
> > bios0: vendor QEMU version "QEMU" date 01/01/2007
> > acpi0 at bios0: rev 0
> > acpi0: sleep states S3 S4 S5
> > acpi0: tables DSDT FACP SSDT APIC
> > acpi0: wakeup devices
> > acpitimer0 at acpi0: 3579545 Hz, 24 bits
> > acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
> > acpiprt0 at acpi0: bus 0 (PCI0)
> > acpicpu0 at acpi0
> > mpbios at bios0 not configured
> > vmt0 at mainbus0
> > vmware: open failed, eax=564d5868, ecx=001e, edx

Re: Snort, DAQ, and established flow

2013-02-22 Thread Wesley M.A.


Thank you very much for your answer.

I just read man pages...

Cheers,

Wesley

Le 2013-02-22 18:35, Chris Eidem a écrit :

Spend more time reading the docs:

https://www.snort.org/start/requirements

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
DAQ

DAQ is the Data-Acquisition API that is necessary to use Snort
version 2.9.0 and above.

For more information and to download please visit DAQ[1]
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

Any more chatter about snort is not relevant to this list, take your
questions to the snort listserve.

[1] http://www.snort.org/downloads/2103

-Original Message-
From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On
Behalf Of Wesley M.A.
Sent: Friday, February 22, 2013 5:06 AM
To: misc@openbsd.org
Subject: Snort, DAQ, and established flow

Hi,

I use OpenBSD 5.3-beta
kern.version=OpenBSD 5.3-beta (GENERIC) #33: Fri Feb 15 17:03:34 MST
2013
 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC

I have some questions:

1) If i run this :  $(whereis snort) -v # give me :
Running in packet dump mode

 --== Initializing Snort ==--
Initializing Output Plugins!
ERROR: Can't find pcap DAQ!
Fatal Error, Quitting..

what is missing ? i already tried add p5-Net-Pcap, py-libpcap, same
error...

2) i have these rules in my local.rules file :
# detect RDP
alert tcp $HOME_NET any -> any 3389 (msg : "traffic rdp"; sid:110091)
# detect social network : 8minutesDating
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"SOCIAL NET 
-

8minuteD
ating"; flow:to_server,established; content:"Host\:";
pcre:"/(Host\:)(\s[a-zA-Z0-9.-]+\.|\s)(8minutedating.c
om)\r\n/"; sid: 1871000;)

RDP Alert works well.
But social network alert doesn't work if i let the rule option
"flow:to_server,established" activated.
Any idea ?

Thank you very much for your help!

Cheers,

Wesley

My snort.conf file :
-
ipvar HOME_NET 10.100.1.0/24
ipvar EXTERNAL_NET !$HOME_NET
ipvar DNS_SERVERS $HOME_NET
ipvar SMTP_SERVERS $HOME_NET
ipvar HTTP_SERVERS $HOME_NET
ipvar SQL_SERVERS $HOME_NET
ipvar TELNET_SERVERS $HOME_NET
ipvar SSH_SERVERS $HOME_NET
ipvar FTP_SERVERS $HOME_NET
ipvar SIP_SERVERS $HOME_NET
portvar HTTP_PORTS

[80,81,311,591,593,901,1220,1414,1830,2301,2381,2809,3128,3702,4343,5250,7001,7145,7510,,7779,8000,8008,8014,8028,8080,8088,8118,8123,8180,8181,8243,8280,8800,,8899,9080,9090,9091,9443,,11371,5]
portvar SHELLCODE_PORTS !80
portvar ORACLE_PORTS 1024:
portvar SSH_PORTS 22
portvar FTP_PORTS [21,2100,3535]
portvar SIP_PORTS [5060,5061,5600]
portvar FILE_DATA_PORTS [$HTTP_PORTS,110,143]
portvar GTP_PORTS [2123,2152,3386]
ipvar AIM_SERVERS

[64.12.24.0/23,64.12.28.0/23,64.12.161.0/24,64.12.163.0/24,64.12.200.0/24,205.188.3.0/24,205.188.5.0/24,205.188.7.0/24,205.188.9.0/24,205.188.153.0/24,205.188.179.0/24,205.188.248.0/24]
var RULE_PATH /etc/snort/rules
var SO_RULE_PATH /etc/snort/so_rules
var PREPROC_RULE_PATH /etc/snort/preproc_rules
config disable_decode_alerts
config disable_tcpopt_experimental_alerts
config disable_tcpopt_obsolete_alerts
config disable_tcpopt_ttcp_alerts
config disable_tcpopt_alerts
config disable_ipopt_alerts
config checksum_mode: all
config daq_dir: /usr/local/lib/daq/
config pcre_match_limit: 3500
config pcre_match_limit_recursion: 1500
config detection: search-method ac-split search-optimize
max-pattern-len 20
config event_queue: max_queue 8 log 3 order_events content_length
config paf_max: 16000
dynamicpreprocessor directory 
/usr/local/lib/snort_dynamicpreprocessor/

dynamicengine /usr/local/lib/snort_dynamicengine/libsf_engine.so
dynamicdetection directory /usr/local/lib/snort_dynamicrules
preprocessor normalize_ip4
preprocessor normalize_tcp: ips ecn stream
preprocessor normalize_icmp4
preprocessor normalize_ip6
preprocessor normalize_icmp6
preprocessor frag3_global: max_frags 65536
preprocessor frag3_engine: policy windows detect_anomalies
overlap_limit 10 min_fragment_length 100 timeout 180
preprocessor stream5_global: track_tcp yes, \
track_udp yes, \
track_icmp no, \
max_tcp 262144, \
max_udp 131072, \
max_active_responses 2, \
min_response_seconds 5
preprocessor stream5_tcp: policy windows, detect_anomalies,
require_3whs 180, \
overlap_limit 10, small_segments 3 bytes 150, timeout 180, \
 ports client 21 22 23 25 42 53 79 109 110 111 113 119 135 136 
137

139 143 \
 161 445 513 514 587 593 691 1433 1521 2100 3306 6070 6665 


6667 6668 6669 \
 7000 8181 32770 32771 32772 32773 32774 32775 32776 32777 
32778

32779, \
 ports both 80 81 311 443 465 563 591 593 636 901 989 992 993 994
995 1220 1414 1830 2301 2381 2809 3128 3702 4343 5250 7907 7001 7145
7510 7802  7779 \
 7801 7900 7901 7902 7903 7904 7905 7906 7908 7909 7910 7911
7912 7913 7914 7915 7916 \
 7917 7918 7919 7920 8000 8008 8014 8028 8080 8088 8118 8123
8180 8243 8280 8800  8899 9080 9090 9091 9443  11371 5
preprocessor stream5_udp: timeout 180
pre

Re: Precisions on ZFS (was: Millions of files in /var/www & inode / out of space issue.)

2013-02-22 Thread Brian Callahan


On 2/22/2013 8:02 AM, Ted Unangst wrote:

On Fri, Feb 22, 2013 at 06:42, Eric Furman wrote:

Until your name is on this list;
http://www.openbsd.org/cgi-bin/cvsweb/~checkout~/ports/geo/openbsd-developers/files/OpenBSD

YOU ARE NOT A DEVELOPER.




I'm making this into a shirt.

~Brian

Kernel Panic on 5.2 running on KVM

2013-02-22 Thread Peter Farmer

Hi,

I have a pair of OpenBSD 5.2 VMs running on KVM, they have a carp interface
and are running relayd to load balancer http traffic into two webservers
(also VMs). While benchmarking the setup with ab, I noticed that the
OpenBSD VMs panic'd, I can easily reproduce the panics. Here is a typical
stack trace:

uvm_fault(0xfe807d0c62a8, 0x0, 0, 1) -> e
kernel: page fault trap, code=0
Stopped at  somove+0x22:movq0x78(%rdi),%r14
ddb> somove() at somove+0x22
sowwakeup() at sowwakeup+0x26
tcp_input() at tcp_input+0x2a37
ipv4_input() at ipv4_input+0x584
ipintr() at ipintr+0x7f
netintr() at netintr+0xd5
softintr_dispatch() at softintr_dispatch+0x5d
Xsoftnet() at Xsoftnet+0x28
--- interrupt ---
(null)() at 0x800021454e30
end of kernel
end trace frame: 0x4043c748, count: -9
ddb>PID   PPID   PGRPUID  S   FLAGS  WAIT  COMMAND

 13819  1  13819  0  30x80  selectsendmail
 15713  1  15713  0  30x80  ttyin getty
  3077  1   3077  0  30x80  ttyin getty
  1982  1   1982  0  30x80  ttyin getty
 12235  1  12235  0  30x80  ttyin getty
 17057  1  17057  0  30x80  ttyin getty
 23271  1  23271  0  30x80  selectcron
  4619  1   4619  0  30x80  selectruby18
 13722  1  13722 99  30x80  poll  sndiod
 22844  18069  18069 89  30x80  kqreadrelayd
 19323  18069  18069 89  30x80  kqreadrelayd
  1643  18069  18069 89  30x80  kqreadrelayd
*26499  18069  18069 89  7   0relayd
 18069   9864  18069 89  30x80  kqreadrelayd
 10272   9864  10272 89  30x80  kqreadrelayd
 13354   9864  13354 89  30x80  kqreadrelayd
  9864  1   9864  0  30x80  kqreadrelayd
 22085  1  22085  0  30x80  selectsshd
 18165  18463  19253 83  30x80  poll  ntpd
 18463  19253  19253 83  30x80  poll  ntpd
 19253  1  19253  0  30x80  poll  ntpd
 26963  18156  18156 74  30x80  bpf   pflogd
 18156  1  18156  0  30x80  netio pflogd
 30594  10090  10090 73  20x80syslogd
 10090  1  10090  0  30x80  netio syslogd
  3510  1   3510 77  30x80  poll  dhclient
 20348  1  22482  0  30x80  poll  dhclient
 25124  1  25124 77  30x80  poll  dhclient
 12672  1  22482  0  30x80  poll  dhclient
13  0  0  0  30x100200  aiodoned  aiodoned
12  0  0  0  30x100200  syncerupdate
11  0  0  0  30x100200  cleaner   cleaner
10  0  0  0  30x100200  reaperreaper
 9  0  0  0  30x100200  pgdaemon  pagedaemon
 8  0  0  0  30x100200  bored crypto
 7  0  0  0  30x100200  pftm  pfpurge
 6  0  0  0  30x100200  usbtskusbtask
 5  0  0  0  30x100200  usbatsk   usbatsk
 4  0  0  0  30x100200  acpi0 acpi0
 3  0  0  0  30x100200  bored syswq
 2  0  0  0  3  0x40100200idle0
 1  0  1  0  30x80  wait  init
 0 -1  0  0  3   0x200  scheduler swapper
ddb> rebooting...


dmesg from same machine:

OpenBSD 5.2 (GENERIC) #309: Wed Aug  1 09:58:55 MDT 2012
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC
real mem = 2146369536 (2046MB)
avail mem = 2066952192 (1971MB)
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xfbc4f (10 entries)
bios0: vendor QEMU version "QEMU" date 01/01/2007
acpi0 at bios0: rev 0
acpi0: sleep states S3 S4 S5
acpi0: tables DSDT FACP SSDT APIC
acpi0: wakeup devices
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
acpiprt0 at acpi0: bus 0 (PCI0)
acpicpu0 at acpi0
mpbios at bios0 not configured
vmt0 at mainbus0
vmware: open failed, eax=564d5868, ecx=001e, edx=5658
vmt0: failed to open backdoor RPC channel (TCLO protocol)
cpu0 at mainbus0: (uniprocessor)
cpu0: QEMU Virtual CPU version 0.10.50, 2200.26 MHz
cpu0:
FPU,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SSE3,NXE,LONG
cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB
64b/line 16-way L2 cache
cpu0: ITLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped
cpu0: DTLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "Intel 82441FX" rev 0x02
pcib0 at pci0 dev 1 function 0 "Intel 8237

Re: openbsd5.3-beta, pf.conf, new keyword : once

2013-02-22 Thread Voland Levit

On Fri, Feb 22, 2013 at 04:43:35PM +0400, Wesley M.A. wrote:
> Hi,
> 
> I just see this in the pf.conf manpage:
> 
> onceCreates a one shot rule that will remove itself from an active
> ruleset after the first match.  In case this is the only
> rule in
> the anchor, the anchor will be destroyed automatically after
> the
> rule is matched.
> 
> It is a excellent feature, is it possible to have a example of use ?

For testing purpose, for DIY port knocking..

Re: openbsd5.3-beta, pf.conf, new keyword : once

2013-02-22 Thread Wesley M.A.


Le 2013-02-22 16:52, Scott McEachern a écrit :

On 02/22/13 07:43, Wesley M.A. wrote:

Hi,

I just see this in the pf.conf manpage:

onceCreates a one shot rule that will remove itself from an 
active
ruleset after the first match.  In case this is the only 
rule in
the anchor, the anchor will be destroyed automatically after 
the

rule is matched.

It is a excellent feature, is it possible to have a example of use ?

Cheers,

Wesley.



Actually it was put in about a year and a half ago:

http://www.openbsd.org/cgi-bin/cvsweb/src/share/man/man5/pf.conf.5.diff?r1=1.507;r2=1.508;f=h


my fault!



Nitpicking aside, thanks for mentioning it... I didn't know about it
either until now!


;-)

--
Wesley

OpenBSD5.3-beta, kernel panic : pf.conf with once option

2013-02-22 Thread Wesley M.A.


Hi,

I'm running :
kern.version=OpenBSD 5.3-beta (GENERIC) #33: Fri Feb 15 17:03:34 MST 
2013

dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC

2 network cards : bge0 and axe0

"pfctl -vf /etc/pf.conf" load the ruleset, but just after i do "telnet 
hostname.on.internet 110" this on a workstation, i have a kernel panic 
on my OpenBSD gateway :


uvm_fault(0xd0a51660,0x0, 0, 1) -> e
Kernel: page fault trap, code=0
Stopped at pf_purge_rule +0x11: mov 0x10(%ebx),%eax


my pf.conf :

ports_tcp="{80 25 443 587 995 21}"
set skip on lo
match out on egress inet from bge0:network to any nat-to egress
block log all
pass out
pass in on bge0 inet proto icmp icmp-type echoreq
pass in on bge0 inet proto tcp from bge0:network to any port $ports_tcp
pass in on bge0 inet proto tcp from bge0:network to any port 110 once
pass in on bge0 inet proto udp from bge0:network to any port domain
pass in on bge0 inet proto tcp from bge0:network to any port 22

my dmesg :
---
OpenBSD 5.3-beta (GENERIC) #33: Fri Feb 15 17:03:34 MST 2013
dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel(R) Pentium(R) M processor 1.73GHz ("GenuineIntel" 
686-class) 1.73 GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,TM,PBE,NXE,EST,TM2,PERF

real mem  = 2137059328 (2038MB)
avail mem = 2091167744 (1994MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 05/30/05, BIOS32 rev. 0 @ 
0xfd5f0, SMBIOS rev. 2.3 @ 0xe71e0 (61 entries)
bios0: vendor FUJITSU // Phoenix Technologies Ltd. version "Version 
1.05" date 05/30/2005

bios0: FUJITSU SIEMENS LIFEBOOK S7020
acpi0 at bios0: rev 0
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP APIC SSDT SSDT SSDT SSDT MCFG BOOT
acpi0: wakeup devices PCIB(S4) UAR1(S3) MODM(S3) AZAL(S3) EXP1(S4) 
EXP2(S4) LID_(S4)

acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: apic clock running at 133MHz
ioapic0 at mainbus0: apid 1 pa 0xfec0, version 20, 24 pins
ioapic0: misconfigured as apic 0, remapped to apid 1
acpimcfg0 at acpi0 addr 0xe000, bus 0-6
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 6 (PCIB)
acpiprt2 at acpi0: bus 2 (EXP1)
acpiprt3 at acpi0: bus 3 (EXP2)
acpicpu0 at acpi0: C3, C2, PSS
acpibtn0 at acpi0: LID_
acpibtn1 at acpi0: PWRB
acpiac0 at acpi0: AC unit online
acpibat0 at acpi0: CMB1 model "CP191240 / CP191241" serial 1 type LION 
oem "Fujitsu"

acpibat1 at acpi0: CMB2 not present
acpidock0 at acpi0: REPL not docked (0)
acpivideo0 at acpi0: GFX0
bios0: ROM list: 0xc/0xf200! 0xcf800/0x1000 0xd0800/0x1600 
0xdc000/0x4000!

cpu0: Enhanced SpeedStep 1730 MHz: speeds: 1733, 1333, 1067, 800 MHz
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 0 function 0 "Intel 82915GM Host" rev 0x03
vga1 at pci0 dev 2 function 0 "Intel 82915GM Video" rev 0x03
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
intagp0 at vga1
agp0 at intagp0: aperture at 0xc000, size 0x1000
inteldrm0 at vga1: apic 1 int 16
drm0 at inteldrm0
"Intel 82915GM Video" rev 0x03 at pci0 dev 2 function 1 not configured
azalia0 at pci0 dev 27 function 0 "Intel 82801FB HD Audio" rev 0x04: 
msi
azalia0: codecs: Realtek ALC260, AT&T/Lucent/0x3026, using Realtek 
ALC260

audio0 at azalia0
ppb0 at pci0 dev 28 function 0 "Intel 82801FB PCIE" rev 0x04: apic 1 
int 17

pci1 at ppb0 bus 2
bge0 at pci1 dev 0 function 0 "Broadcom BCM5751M" rev 0x11, BCM5750 B1 
(0x4101): apic 1 int 16, address 00:0b:5d:94:e3:23

brgphy0 at bge0 phy 1: BCM5750 10/100/1000baseT PHY, rev. 0
ppb1 at pci0 dev 28 function 1 "Intel 82801FB PCIE" rev 0x04: apic 1 
int 16

pci2 at ppb1 bus 3
uhci0 at pci0 dev 29 function 0 "Intel 82801FB USB" rev 0x04: apic 1 
int 23
uhci1 at pci0 dev 29 function 1 "Intel 82801FB USB" rev 0x04: apic 1 
int 19
uhci2 at pci0 dev 29 function 2 "Intel 82801FB USB" rev 0x04: apic 1 
int 18
uhci3 at pci0 dev 29 function 3 "Intel 82801FB USB" rev 0x04: apic 1 
int 16
ehci0 at pci0 dev 29 function 7 "Intel 82801FB USB" rev 0x04: apic 1 
int 23

usb0 at ehci0: USB revision 2.0
uhub0 at usb0 "Intel EHCI root hub" rev 2.00/1.00 addr 1
ppb2 at pci0 dev 30 function 0 "Intel 82801BAM Hub-to-PCI" rev 0xd4
pci3 at ppb2 bus 6
cbb0 at pci3 dev 3 function 0 "O2 Micro OZ711MP1 CardBus" rev 0x20: 
apic 1 int 16
iwi0 at pci3 dev 5 function 0 "Intel PRO/Wireless 2200BG" rev 0x05: 
apic 1 int 18, address 00:13:ce:60:16:17
"TI TSB43AB21 FireWire" rev 0x00 at pci3 dev 6 function 0 not 
configured

cardslot0 at cbb0 slot 0 flags 0
cardbus0 at cardslot0: bus 7 device 0 cacheline 0x0, lattimer 0x20
pcmcia0 at cardslot0
ichpcib0 at pci0 dev 31 function 0 "Intel 82801FBM LPC" rev 0x04: PM 
disabled
pciide0 at pci0 dev 31 function 1 "Intel 82801FB IDE" rev 0x04: DMA, 
channel 0 configured to compatibility, channel 1 configured to 
compatibility

pciide0: channel 0

Re: Precisions on ZFS (was: Millions of files in /var/www & inode / out of space issue.)

2013-02-22 Thread Ted Unangst

On Fri, Feb 22, 2013 at 06:42, Eric Furman wrote:
> Until your name is on this list;
> http://www.openbsd.org/cgi-bin/cvsweb/~checkout~/ports/geo/openbsd-developers/files/OpenBSD
> 
> YOU ARE NOT A DEVELOPER.

Now that's hysterical.

Re: Precisions on ZFS (was: Millions of files in /var/www & inode / out of space issue.)

2013-02-22 Thread Janne Johansson

OpenBSD doesn't believe much in them, and doesn't need lkms for all basic usage.
It just didn't get disabled in case someone (like OpenAFS users) wants it.
It doesn't work on all platforms, either

2013/2/22 Juan Francisco Cantero Hurtado :
> On Fri, Feb 22, 2013 at 04:22:51AM -0500, Jiri B wrote:
>> On Fri, Feb 22, 2013 at 03:29:21AM +0100, Juan Francisco Cantero Hurtado 
>> wrote:
>> > OpenBSD doesn't have support for loadable kernel modules or FUSE, so
>> > OpenBSD should include the code inside of the kernel. This is a big
>> > difference with FreeBSD/NetBSD/Linux.
>>
>> http://www.openbsd.org/cgi-bin/cvsweb/src/sys/conf/GENERIC?rev=1.193;content-type=text%2Fplain
>> option  LKM   # loadable kernel modules
>>
>> It does have LKM (kqemu used it) but not using it by default.
>>
>> jbelka
>
> I didn't know about lkm before of the mail of Andres. I never needed
> extra modules.
>
> --
> Juan Francisco Cantero Hurtado http://juanfra.info
>



-- 
May the most significant bit of your life be positive.

openbsd5.3-beta, pf.conf, new keyword : once

2013-02-22 Thread Wesley M.A.


Hi,

I just see this in the pf.conf manpage:

onceCreates a one shot rule that will remove itself from an active
ruleset after the first match.  In case this is the only rule 
in
the anchor, the anchor will be destroyed automatically after 
the

rule is matched.

It is a excellent feature, is it possible to have a example of use ?

Cheers,

Wesley.

Re: Precisions on ZFS (was: Millions of files in /var/www & inode / out of space issue.)

2013-02-22 Thread Juan Francisco Cantero Hurtado

On Fri, Feb 22, 2013 at 04:22:51AM -0500, Jiri B wrote:
> On Fri, Feb 22, 2013 at 03:29:21AM +0100, Juan Francisco Cantero Hurtado 
> wrote:
> > OpenBSD doesn't have support for loadable kernel modules or FUSE, so
> > OpenBSD should include the code inside of the kernel. This is a big
> > difference with FreeBSD/NetBSD/Linux.
> 
> http://www.openbsd.org/cgi-bin/cvsweb/src/sys/conf/GENERIC?rev=1.193;content-type=text%2Fplain
> option  LKM   # loadable kernel modules
> 
> It does have LKM (kqemu used it) but not using it by default.
> 
> jbelka

I didn't know about lkm before of the mail of Andres. I never needed
extra modules.

-- 
Juan Francisco Cantero Hurtado http://juanfra.info

Re: Precisions on ZFS (was: Millions of files in /var/www & inode / out of space issue.)

2013-02-22 Thread Eric Furman

That proves nothing. 
Until your name is on this list;
http://www.openbsd.org/cgi-bin/cvsweb/~checkout~/ports/geo/openbsd-developers/files/OpenBSD
YOU ARE NOT A DEVELOPER.
FUCK YOU!

On Fri, Feb 22, 2013, at 06:29 AM, Martin Schröder wrote:
> 2013/2/22 Eric Furman :
> > but Martin Schröder is not a developer. So what is his word worth???
> 
> http://www.openbsd.org/faq/faq8.html#Journaling
> 
> Now go and fuck yourself.

Re: Precisions on ZFS (was: Millions of files in /var/www & inode / out of space issue.)

2013-02-22 Thread Peter Hessler

Please take personal insults off list.  We are not interested.

-- 
Don't cook tonight -- starve a rat today!

Re: Millions of files in /var/www & inode / out of space issue.

2013-02-22 Thread Janne Johansson

2013/2/22 Paolo Aglialoro :
> The source was available, but it relies on Sun/Oracle patents.
>> The CDDL license it was provided under allows use of those patents,
>> but only subject to certain conditions, and there are indemnification
>> clauses that some projects cannot agree to.
>
> Does this mean that freebsd, netbsd, maczfs, zfs fuse driver for linux and
> the tons of other projects are all at risk? Till today, nobody of them has
> been sued. Don't they work on the 28th release of zfs, the last one
> considered free before it became closed source? Did closing the source
> "edit" the conditions of previous releases?

Perhaps mixing licenses make the user (if the user resells a combined
system for instance) liable instead of the project.
Would be perfectly legal to provide source for something incompatible
licensewise, and then have the users carry the blame instead.
Would not be nice, but legal.

-- 
May the most significant bit of your life be positive.

Re: Precisions on ZFS (was: Millions of files in /var/www & inode / out of space issue.)

2013-02-22 Thread Martin Schröder

2013/2/22 Eric Furman :
> but Martin Schröder is not a developer. So what is his word worth???

http://www.openbsd.org/faq/faq8.html#Journaling

Now go and fuck yourself.

Re: Precisions on ZFS

2013-02-22 Thread Eric Furman

There are *PATENTS* involved.
So even reveres engineering things does not solve the problem.
Reverse engineered code is still *PATENTED*.
You have to write new original code to avoid PATENTS.
Who wants to do that?
I would guess, no one on the OBSD team.
It's not worth it. 

On Fri, Feb 22, 2013, at 03:30 AM, Jeremie Le Hen wrote:
> Hi,
> 
> I know that it has been requested to stop bother OpenBSD users with ZFS,
> but there are a few not-quite-right things that I want to precise.  This
> will be my last post on the subject.
> 
> On Thu, Feb 21, 2013 at 08:54:13PM -0500, goodb0fh wrote:
> > On Feb 21, 2013, at 6:57 PM, Matthias Appel  
> > wrote:
> > .
> > > 
> > > That is what I wanted to sayso if there Is ZFS-a and ZFS-b, why call 
> > > both of them ZFS?
> 
> Historically there was a single ZFS in OpenSolaris (and Solaris).  Other
> OSes, esp. FreeBSD, brought it in their code base.  Then Oracle closed
> the source and put additional features.  The other-ZFS that stayed
> opensource in illumos and gained additional features as well.  So yes
> they are incompatible, they have the same name, this is annoying.  But I
> don't think any of them is more legitimate to be called ZFS.  
> 
> I think (hope?) over time, people will prefix "ZFS" with something that
> describes the branch unambiguously, like "Oracle ZFS" on one hand and
> "OSS ZFS" / "illumos ZFS" on the other.
> 
> 
> > ZFS has version numbers.  They are backward but not forward compatible
> > so newer code can mount older ZFS but not the other way round.  As
> > version increases, capabilities increases, from supporting
> > compression, more compression options, dedup and finally, in the
> > version in Solaris 11, encryption as well.
> > 
> > All Illumos/opensolaris versions of ZFS do not support ZFS type
> > encryption, sadly.
> 
> This was true until Oracle closed the source because there was only one
> linear monotonically-increasing version number which clearly identified
> which features were available in the pool.  
> 
> Oracle basically ignores the other ZFS so they have stayed on the same
> track.  On the other hand, illumos is well aware that this may be a
> problem in the future so, as Bryan Horstmann-Allen explained.  That way
> there can be multiple ZFS versions, the feature flag will indicate which
> feature were supported when the pool was created.
> 
> Regards,
> -- 
> Jeremie Le Hen
> 
> Scientists say the world is made up of Protons, Neutrons and Electrons.
> They forgot to mention Morons.

Re: Millions of files in /var/www & inode / out of space issue.

2013-02-22 Thread Eric Furman

YES, unless they signed NDA. Which I can tell you they did.

On Fri, Feb 22, 2013, at 05:44 AM, Paolo Aglialoro wrote:
> The source was available, but it relies on Sun/Oracle patents.
> > The CDDL license it was provided under allows use of those patents,
> > but only subject to certain conditions, and there are indemnification
> > clauses that some projects cannot agree to.
> >
> 
> Does this mean that freebsd, netbsd, maczfs, zfs fuse driver for linux
> and
> the tons of other projects are all at risk? Till today, nobody of them
> has
> been sued. Don't they work on the 28th release of zfs, the last one
> considered free before it became closed source? Did closing the source
> "edit" the conditions of previous releases?

Re: Precisions on ZFS (was: Millions of files in /var/www & inode / out of space issue.)

2013-02-22 Thread Eric Furman

but Martin Schröder is not a developer. So what is his word worth???
I don't know and neither does Martin Schröder.

On Fri, Feb 22, 2013, at 04:23 AM, Martin Schröder wrote:
> 2013/2/22 Juan Francisco Cantero Hurtado :
> > Here in the BSD world, we have HAMMER, a good alternative with a license
> > compatible and a reasonable requirements.
> 
> Here in the OpenBSD world we don't have HAMMER.
> 
> Best
>Martin

Snort, DAQ, and established flow

2013-02-22 Thread Wesley M.A.


Hi,

I use OpenBSD 5.3-beta
kern.version=OpenBSD 5.3-beta (GENERIC) #33: Fri Feb 15 17:03:34 MST 
2013

dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC

I have some questions:

1) If i run this :  $(whereis snort) -v # give me :
Running in packet dump mode

--== Initializing Snort ==--
Initializing Output Plugins!
ERROR: Can't find pcap DAQ!
Fatal Error, Quitting..

what is missing ? i already tried add p5-Net-Pcap, py-libpcap, same 
error...


2) i have these rules in my local.rules file :
# detect RDP
alert tcp $HOME_NET any -> any 3389 (msg : "traffic rdp"; sid:110091)
# detect social network : 8minutesDating
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"SOCIAL NET - 
8minuteD
ating"; flow:to_server,established; content:"Host\:"; 
pcre:"/(Host\:)(\s[a-zA-Z0-9.-]+\.|\s)(8minutedating.c

om)\r\n/"; sid: 1871000;)

RDP Alert works well.
But social network alert doesn't work if i let the rule option 
"flow:to_server,established" activated.

Any idea ?

Thank you very much for your help!

Cheers,

Wesley

My snort.conf file :
-
ipvar HOME_NET 10.100.1.0/24
ipvar EXTERNAL_NET !$HOME_NET
ipvar DNS_SERVERS $HOME_NET
ipvar SMTP_SERVERS $HOME_NET
ipvar HTTP_SERVERS $HOME_NET
ipvar SQL_SERVERS $HOME_NET
ipvar TELNET_SERVERS $HOME_NET
ipvar SSH_SERVERS $HOME_NET
ipvar FTP_SERVERS $HOME_NET
ipvar SIP_SERVERS $HOME_NET
portvar HTTP_PORTS 
[80,81,311,591,593,901,1220,1414,1830,2301,2381,2809,3128,3702,4343,5250,7001,7145,7510,,7779,8000,8008,8014,8028,8080,8088,8118,8123,8180,8181,8243,8280,8800,,8899,9080,9090,9091,9443,,11371,5]

portvar SHELLCODE_PORTS !80
portvar ORACLE_PORTS 1024:
portvar SSH_PORTS 22
portvar FTP_PORTS [21,2100,3535]
portvar SIP_PORTS [5060,5061,5600]
portvar FILE_DATA_PORTS [$HTTP_PORTS,110,143]
portvar GTP_PORTS [2123,2152,3386]
ipvar AIM_SERVERS 
[64.12.24.0/23,64.12.28.0/23,64.12.161.0/24,64.12.163.0/24,64.12.200.0/24,205.188.3.0/24,205.188.5.0/24,205.188.7.0/24,205.188.9.0/24,205.188.153.0/24,205.188.179.0/24,205.188.248.0/24]

var RULE_PATH /etc/snort/rules
var SO_RULE_PATH /etc/snort/so_rules
var PREPROC_RULE_PATH /etc/snort/preproc_rules
config disable_decode_alerts
config disable_tcpopt_experimental_alerts
config disable_tcpopt_obsolete_alerts
config disable_tcpopt_ttcp_alerts
config disable_tcpopt_alerts
config disable_ipopt_alerts
config checksum_mode: all
config daq_dir: /usr/local/lib/daq/
config pcre_match_limit: 3500
config pcre_match_limit_recursion: 1500
config detection: search-method ac-split search-optimize 
max-pattern-len 20

config event_queue: max_queue 8 log 3 order_events content_length
config paf_max: 16000
dynamicpreprocessor directory /usr/local/lib/snort_dynamicpreprocessor/
dynamicengine /usr/local/lib/snort_dynamicengine/libsf_engine.so
dynamicdetection directory /usr/local/lib/snort_dynamicrules
preprocessor normalize_ip4
preprocessor normalize_tcp: ips ecn stream
preprocessor normalize_icmp4
preprocessor normalize_ip6
preprocessor normalize_icmp6
preprocessor frag3_global: max_frags 65536
preprocessor frag3_engine: policy windows detect_anomalies 
overlap_limit 10 min_fragment_length 100 timeout 180

preprocessor stream5_global: track_tcp yes, \
   track_udp yes, \
   track_icmp no, \
   max_tcp 262144, \
   max_udp 131072, \
   max_active_responses 2, \
   min_response_seconds 5
preprocessor stream5_tcp: policy windows, detect_anomalies, 
require_3whs 180, \

   overlap_limit 10, small_segments 3 bytes 150, timeout 180, \
ports client 21 22 23 25 42 53 79 109 110 111 113 119 135 136 137 
139 143 \
161 445 513 514 587 593 691 1433 1521 2100 3306 6070 6665  
6667 6668 6669 \
7000 8181 32770 32771 32772 32773 32774 32775 32776 32777 32778 
32779, \
ports both 80 81 311 443 465 563 591 593 636 901 989 992 993 994 
995 1220 1414 1830 2301 2381 2809 3128 3702 4343 5250 7907 7001 7145 
7510 7802  7779 \
7801 7900 7901 7902 7903 7904 7905 7906 7908 7909 7910 7911 
7912 7913 7914 7915 7916 \
7917 7918 7919 7920 8000 8008 8014 8028 8080 8088 8118 8123 
8180 8243 8280 8800  8899 9080 9090 9091 9443  11371 5

preprocessor stream5_udp: timeout 180
preprocessor http_inspect: global iis_unicode_map unicode.map 1252 
compress_depth 65535 decompress_depth 65535

preprocessor http_inspect_server: server default \
http_methods { GET POST PUT SEARCH MKCOL COPY MOVE LOCK UNLOCK 
NOTIFY POLL BCOPY BDELETE BMOVE LINK UNLINK OPTIONS HEAD DELETE TRACE 
TRACK CONNECT SOURCE SUBSCRIBE UNSUBSCRIBE PROPFIND PROPPATCH BPROPFIND 
BPROPPATCH RPC_CONNECT PROXY_SUCCESS BITS_POST CCM_POST SMS_POST 
RPC_IN_DATA RPC_OUT_DATA RPC_ECHO_DATA } \

chunk_length 50 \
server_flow_depth 0 \
client_flow_depth 0 \
post_depth 65495 \
oversize_dir_length 500 \
max_header_length 750 \
max_headers 100 \
max_spaces 0 \
small_chunk_length { 10 5 } \
ports { 80 81 311 591 593 901 1220 1414 1830 2301 2381 2809 3128 
3702 4343 5250 70

Re: Millions of files in /var/www & inode / out of space issue.

2013-02-22 Thread Paolo Aglialoro

The source was available, but it relies on Sun/Oracle patents.
> The CDDL license it was provided under allows use of those patents,
> but only subject to certain conditions, and there are indemnification
> clauses that some projects cannot agree to.
>

Does this mean that freebsd, netbsd, maczfs, zfs fuse driver for linux and
the tons of other projects are all at risk? Till today, nobody of them has
been sued. Don't they work on the 28th release of zfs, the last one
considered free before it became closed source? Did closing the source
"edit" the conditions of previous releases?

Re: Precisions on ZFS (was: Millions of files in /var/www & inode / out of space issue.)

2013-02-22 Thread Jiri B

On Fri, Feb 22, 2013 at 04:22:51AM -0500, Jiri B wrote:
> On Fri, Feb 22, 2013 at 03:29:21AM +0100, Juan Francisco Cantero Hurtado 
> wrote:
> > OpenBSD doesn't have support for loadable kernel modules or FUSE, so
> > OpenBSD should include the code inside of the kernel. This is a big
> > difference with FreeBSD/NetBSD/Linux.
> 
> http://www.openbsd.org/cgi-bin/cvsweb/src/sys/conf/GENERIC?rev=1.193;content-type=text%2Fplain
> option  LKM   # loadable kernel modules
> 
> It does have LKM (kqemu used it) but not using it by default.

Just for record, NOBODY is preventing to port ZFS with any license
to OpenBSD but it will NEVER be part of base OS. But still you
can port it, support it and load it via LKM.

jirib

Re: Precisions on ZFS (was: Millions of files in /var/www & inode / out of space issue.)

2013-02-22 Thread Martin Schröder

2013/2/22 Juan Francisco Cantero Hurtado :
> Here in the BSD world, we have HAMMER, a good alternative with a license
> compatible and a reasonable requirements.

Here in the OpenBSD world we don't have HAMMER.

Best
   Martin

Re: Precisions on ZFS (was: Millions of files in /var/www & inode / out of space issue.)

2013-02-22 Thread Jiri B

On Fri, Feb 22, 2013 at 03:29:21AM +0100, Juan Francisco Cantero Hurtado wrote:
> OpenBSD doesn't have support for loadable kernel modules or FUSE, so
> OpenBSD should include the code inside of the kernel. This is a big
> difference with FreeBSD/NetBSD/Linux.

http://www.openbsd.org/cgi-bin/cvsweb/src/sys/conf/GENERIC?rev=1.193;content-type=text%2Fplain
optionLKM   # loadable kernel modules

It does have LKM (kqemu used it) but not using it by default.

jbelka

Re: Precisions on ZFS (was: Millions of files in /var/www & inode / out of space issue.)

2013-02-22 Thread Peter Hessler

On 2013 Feb 22 (Fri) at 09:27:59 +0100 (+0100), Tomas Bodzar wrote:
:On Thu, Feb 21, 2013 at 11:50 PM, Jeremie Le Hen  wrote:
:> On Thu, Feb 21, 2013 at 05:15:35PM -0500, Bryan Horstmann-Allen wrote:
:>> I apologize this is off-topic, but I'm somewhat close to the illumos project
:>> and would like to correct a few things.
:>>
:>> [...things corrected...]
:>
:> Well, thank you very much for correcting me and providing us high quality
:> informations!
:
:What's much more funny is that Oracle is paying for training and
:support to Joyent to be able to offer at least some level of support
:in ZFS for its own customers :D

Oracle, Joyent, and ZFS.  None of these are related to OpenBSD.  Please
take this off the list.


-- 
Adult, n.:
One old enough to know better.

Re: Precisions on ZFS

2013-02-22 Thread Peter Hessler

On 2013 Feb 22 (Fri) at 09:30:08 +0100 (+0100), Jeremie Le Hen wrote:
:Hi,
:
:I know that it has been requested to stop bother OpenBSD users with ZFS,
:but there are a few not-quite-right things that I want to precise.  This
:will be my last post on the subject.
:

You misspelled "sorry for annoying everyone, and I won't even send this email".


-- 
Afternoon very favorable for romance.  Try a single person for a
change.

Re: Precisions on ZFS

2013-02-22 Thread Jeremie Le Hen

Hi,

I know that it has been requested to stop bother OpenBSD users with ZFS,
but there are a few not-quite-right things that I want to precise.  This
will be my last post on the subject.

On Thu, Feb 21, 2013 at 08:54:13PM -0500, goodb0fh wrote:
> On Feb 21, 2013, at 6:57 PM, Matthias Appel  wrote:
> .
> > 
> > That is what I wanted to sayso if there Is ZFS-a and ZFS-b, why call 
> > both of them ZFS?

Historically there was a single ZFS in OpenSolaris (and Solaris).  Other
OSes, esp. FreeBSD, brought it in their code base.  Then Oracle closed
the source and put additional features.  The other-ZFS that stayed
opensource in illumos and gained additional features as well.  So yes
they are incompatible, they have the same name, this is annoying.  But I
don't think any of them is more legitimate to be called ZFS.  

I think (hope?) over time, people will prefix "ZFS" with something that
describes the branch unambiguously, like "Oracle ZFS" on one hand and
"OSS ZFS" / "illumos ZFS" on the other.

> ZFS has version numbers.  They are backward but not forward compatible
> so newer code can mount older ZFS but not the other way round.  As
> version increases, capabilities increases, from supporting
> compression, more compression options, dedup and finally, in the
> version in Solaris 11, encryption as well.
> 
> All Illumos/opensolaris versions of ZFS do not support ZFS type
> encryption, sadly.

This was true until Oracle closed the source because there was only one
linear monotonically-increasing version number which clearly identified
which features were available in the pool.  

Oracle basically ignores the other ZFS so they have stayed on the same
track.  On the other hand, illumos is well aware that this may be a
problem in the future so, as Bryan Horstmann-Allen explained.  That way
there can be multiple ZFS versions, the feature flag will indicate which
feature were supported when the pool was created.

Regards,
-- 
Jeremie Le Hen

Scientists say the world is made up of Protons, Neutrons and Electrons.
They forgot to mention Morons.

Re: Precisions on ZFS (was: Millions of files in /var/www & inode / out of space issue.)

2013-02-22 Thread Tomas Bodzar

On Thu, Feb 21, 2013 at 11:50 PM, Jeremie Le Hen  wrote:
> On Thu, Feb 21, 2013 at 05:15:35PM -0500, Bryan Horstmann-Allen wrote:
>> I apologize this is off-topic, but I'm somewhat close to the illumos project
>> and would like to correct a few things.
>>
>> [...things corrected...]
>
> Well, thank you very much for correcting me and providing us high quality
> informations!

What's much more funny is that Oracle is paying for training and
support to Joyent to be able to offer at least some level of support
in ZFS for its own customers :D

>
> Regards,
> --
> Jeremie Le Hen
>
> Scientists say the world is made up of Protons, Neutrons and Electrons.
> They forgot to mention Morons.

48 matches

Mail list logo