netstat output shuffles (new feature?)
Hi, Just installed 2015-FEB-17 amd64 snapshot[1] and at first I thought the order of daemon start-up had changed, and for some strange reason sshd was started after smtpd, and X? $ netstat -afinet Active Internet connections (including servers) Proto Recv-Q Send-Q Local Address Foreign Address(state) tcp 0 0 *.ssh *.*LISTEN tcp 0 0 *.6000 *.*LISTEN tcp 0 0 localhost.smtp *.*LISTEN Active Internet connections (including servers) Proto Recv-Q Send-Q Local Address Foreign Address(state) udp 0 0 build.3815 otherbox.ntp udp 0 0 *.syslog *.* Quick look in /etc/rc didn't confirm this. *shrug* about 5 minutes later: $ netstat -afinet Active Internet connections (including servers) Proto Recv-Q Send-Q Local Address Foreign Address(state) tcp 0 0 *.6000 *.*LISTEN tcp 0 0 localhost.smtp *.*LISTEN tcp 0 0 *.ssh *.*LISTEN Active Internet connections (including servers) Proto Recv-Q Send-Q Local Address Foreign Address(state) udp 0 0 build.3815 otherbox.ntp udp 0 0 *.syslog *.* This is what I'm used to seeing. The first processes (based on start-up/socket bind time) at the bottom of the list (stack) and the newest at the top. I figured not to bother misc@ about this, but the order changed again next time I looked at netstat. Is this caused by some change in the kernel or netstat? Thanks, --patrick [1] sysctl kern.version kern.version=OpenBSD 5.7-beta (GENERIC) #801: Tue Feb 17 12:38:11 MST 2015 t...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC
OpenBSD usb cannot be read on Windows
I used the dd'' command to make a bootable USB drive. The USB is 16G. After I am done with the installation, I want to use the USB under Windows for other purposes. Windows reads only 240 M. How can I recover the 16G on the USB?
ehci_idone: ex=0xd90fd934 is done!
recently i have bought a cheapo usb hub, nothing fancy, just to keep the mouse, keyboard, wifi in one place. i have it plugged in at boot time. in dmesg.boot things look good. then hotplugd starts to run and receives all these devices. by the time i login, all the devices work but i have this in the logs: /var/log/messages: Feb 18 10:25:42 hatvan attach[5808]: DEVCLASS=0, DEVNAME=uhub5 Feb 18 10:25:42 hatvan attach[26613]: DEVCLASS=3, DEVNAME=run0 Feb 18 10:25:42 hatvan attach[6382]: DEVCLASS=0, DEVNAME=ums0 Feb 18 10:25:42 hatvan attach[19471]: DEVCLASS=0, DEVNAME=uhid1 Feb 18 10:25:42 hatvan attach[7128]: DEVCLASS=0, DEVNAME=uhid2 Feb 18 10:25:42 hatvan attach[21013]: DEVCLASS=0, DEVNAME=softraid0 Feb 18 10:25:42 hatvan attach[28869]: DEVCLASS=5, DEVNAME=wsmouse2 Feb 18 10:25:42 hatvan attach[31776]: DEVCLASS=5, DEVNAME=wsmouse1 Feb 18 10:25:42 hatvan attach[24252]: DEVCLASS=0, DEVNAME=ugen0 Feb 18 10:25:42 hatvan attach[22473]: DEVCLASS=0, DEVNAME=ukbd0 Feb 18 10:25:42 hatvan attach[12734]: DEVCLASS=0, DEVNAME=uhid3 Feb 18 10:25:42 hatvan attach[20698]: DEVCLASS=0, DEVNAME=uhid0 Feb 18 10:25:42 hatvan attach[14234]: DEVCLASS=0, DEVNAME=sensordev Feb 18 10:25:42 hatvan attach[22971]: DEVCLASS=0, DEVNAME=uhidev3 Feb 18 10:25:42 hatvan attach[30500]: DEVCLASS=0, DEVNAME=scsibus2 Feb 18 10:25:42 hatvan attach[29655]: DEVCLASS=0, DEVNAME=uhidev1 Feb 18 10:25:42 hatvan attach[6644]: DEVCLASS=0, DEVNAME=uhidev2 Feb 18 10:25:42 hatvan attach[3098]: DEVCLASS=0, DEVNAME=ums1 Feb 18 10:25:42 hatvan attach[12115]: DEVCLASS=0, DEVNAME=scsibus3 Feb 18 10:25:42 hatvan attach[7499]: DEVCLASS=5, DEVNAME=wskbd1 Feb 18 10:25:42 hatvan attach[21089]: DEVCLASS=0, DEVNAME=vscsi0 Feb 18 10:25:42 hatvan attach[23823]: DEVCLASS=0, DEVNAME=uhidev0 Feb 18 10:25:43 hatvan /bsd: ehci_idone: ex=0xd90fd934 is done! Feb 18 10:25:43 hatvan last message repeated 2 times Feb 18 10:25:43 hatvan /bsd: ehci_idone: ex=0xd90fda84 is done! Feb 18 10:25:46 hatvan dhclient[4435]: run0 down; exiting /var/log/daemon: Feb 18 10:25:42 hatvan hotplugd[20965]: started Feb 18 10:25:42 hatvan hotplugd[20965]: uhub5 attached, class 0 Feb 18 10:25:42 hatvan hotplugd[20965]: run0 attached, class 3 Feb 18 10:25:42 hatvan hotplugd[20965]: wsmouse1 attached, class 5 Feb 18 10:25:42 hatvan hotplugd[20965]: ums0 attached, class 0 Feb 18 10:25:42 hatvan hotplugd[20965]: uhid0 attached, class 0 Feb 18 10:25:42 hatvan hotplugd[20965]: uhid1 attached, class 0 Feb 18 10:25:42 hatvan hotplugd[20965]: uhid2 attached, class 0 Feb 18 10:25:42 hatvan hotplugd[20965]: uhidev0 attached, class 0 Feb 18 10:25:42 hatvan hotplugd[20965]: wskbd1 attached, class 5 Feb 18 10:25:42 hatvan hotplugd[20965]: ukbd0 attached, class 0 Feb 18 10:25:42 hatvan hotplugd[20965]: uhidev1 attached, class 0 Feb 18 10:25:42 hatvan hotplugd[20965]: wsmouse2 attached, class 5 Feb 18 10:25:42 hatvan hotplugd[20965]: ums1 attached, class 0 Feb 18 10:25:42 hatvan hotplugd[20965]: uhidev2 attached, class 0 Feb 18 10:25:42 hatvan hotplugd[20965]: uhid3 attached, class 0 Feb 18 10:25:42 hatvan hotplugd[20965]: uhidev3 attached, class 0 Feb 18 10:25:42 hatvan hotplugd[20965]: ugen0 attached, class 0 Feb 18 10:25:42 hatvan hotplugd[20965]: scsibus2 attached, class 0 Feb 18 10:25:42 hatvan hotplugd[20965]: vscsi0 attached, class 0 Feb 18 10:25:42 hatvan hotplugd[20965]: sensordev attached, class 0 Feb 18 10:25:42 hatvan hotplugd[20965]: scsibus3 attached, class 0 Feb 18 10:25:42 hatvan hotplugd[20965]: softraid0 attached, class 0 Feb 18 10:25:46 hatvan dhclient[4435]: run0 down; exiting Feb 18 10:25:51 hatvan dhclient[6032]: DHCPREQUEST on run0 to 255.255.255.255 Feb 18 10:25:52 hatvan dhclient[6032]: DHCPACK from 10.10.10.1 (xx:xx:xx:xx:xx:xx) Feb 18 10:25:52 hatvan dhclient[6032]: bound to 10.10.10.60 -- renewal in 604780 seconds. so i thought i'd mention it, because ehci_idone messages are not good news :] -f OpenBSD 5.7-beta (GENERIC.MP) #742: Tue Feb 17 12:50:59 MST 2015 t...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC.MP cpu0: Intel(R) Core(TM) Duo CPU L2400 @ 1.66GHz (GenuineIntel 686-class) 1.67 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,NXE,SSE3,MWAIT,VMX,EST,TM2,xTPR,PDCM,PERF real mem = 2137341952 (2038MB) avail mem = 2090029056 (1993MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: date 03/31/11, BIOS32 rev. 0 @ 0xfd690, SMBIOS rev. 2.4 @ 0xe0010 (67 entries) bios0: vendor LENOVO version 7BETD8WW (2.19 ) date 03/31/2011 bios0: LENOVO 1705CTO acpi0 at bios0: rev 2 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP SSDT ECDT TCPA APIC MCFG HPET SLIC BOOT SSDT SSDT SSDT SSDT acpi0: wakeup devices LID_(S3) SLPB(S3) DURT(S3) EXP0(S4) EXP1(S4) EXP2(S4) EXP3(S4) PCI1(S4) USB0(S3) USB1(S3) USB2(S3) USB7(S3) HDEF(S4) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpiec0 at acpi0 acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot
Re: Installing OpenBSD 5.6 using a USB Flash drive
I downloaded -current snapshot and used to install and guess what! I T W O R K E D I am just so happy after spending 13 (yes thirteen) days of full time trying everything to make this work. As I said before, I spent all my life working on Windows and this is the first time I work on a non-Windows environment. Even the machine, I bought it 13 days ago. So every thing was new to me. I would never have done it without your help, so thank you: Raimo NiskanenJosh GrosseErling WestenvikStuart HendersonPeter N. M. HansteenJiri BJan Stary From: afyous...@hotmail.com To: raimo+open...@erix.ericsson.se; misc@openbsd.org Subject: Re: Installing OpenBSD 5.6 using a USB Flash drive Date: Tue, 17 Feb 2015 18:22:04 + Oops! I did not see that 'disk' actually was among the possible set locations. Have you tried that? Yes I have. Could you please refer to previous discussions. If you cannot see many emails included here, then there must be something wrong with Outlook.com I am using. Date: Tue, 17 Feb 2015 16:14:42 +0100 From: raimo+open...@erix.ericsson.se To: misc@openbsd.org Subject: Re: Installing OpenBSD 5.6 using a USB Flash drive On Tue, Feb 17, 2015 at 12:51:41PM +0100, Raimo Niskanen wrote: On Tue, Feb 17, 2015 at 10:36:20AM +, A Y wrote: Hi all, I used the following command to create a USB flash drive installation media (with all file sets included): # dd if=/location/install56.fs of=/dev/rsd0c bs=1m The USB flash drive was created successfully. The boot process from the USB was done. However, when we came to installing file sets, the following prompt was displayed: Location of sets? (disk http or 'done') [http] Now, what can I do to direct the installation process to look for the file sets in the USB flash drive? The documentation says: Once the install kernel is booted, you have several options of where to get the install file sets: CD-ROM, HTTP, Local disk partition, NFS (no mention to USB) As adviced, I did the following from the shell: cd /devsh MAKEDEV sd1 mkdir /mnt1mount /dev/sd1a /mnt1 But I got the following error: Device not configured Thank you Strange. I think 'disk' should be among the possible set locations. Oops! I did not see that 'disk' actually was among the possible set locations. Have you tried that? What kind of machine is this? Use the shell for some diagnostics. Check your dmesg. Does the install kernel (bsd.rd) detect the flash drive? Check what sysctl hw.disknames says. It seems the USB disk is not detected even though BIOS and boot(8) manages to boot the kernel. If so there might be BIOS options that can help e.g setting the disks to AHCI mode, depending on what kind of machine this is. -- / Raimo Niskanen, Erlang/OTP, Ericsson AB -- / Raimo Niskanen, Erlang/OTP, Ericsson AB
Performance Counters
Hi, Is there any command that will let me access the processor's performance counters?? I am looking for something like Linux's perf / FreeBSDs pmcstat that will help me get the IPC (Instructions per cycle) of the system. Thanks
Re: Help needed: pkg_add dropps connections
Am Mittwoch, den 18.02.2015, 08:46 +0100 schrieb Stefan Wollny: Only with 'pkg_add' the connection is entirely gone and 'pkg_add' subsequently complains about 'No route to host'... and only on this particular machine. Just wildly guessing here: At least on Linux, the kernel will reply No route to host not only if there is no route in the routing table, but also if it received an ICMP dest unreach, including admin prohibited. Maybe it would be useful tcpdump the the line (maybe add lo0 in case it's something locally generated) to see if something suspicious is happening when the connection terminates. -- David Dahlberg Fraunhofer FKIE, Dept. Communication Systems (KOM) | Tel: +49-228-9435-845 Fraunhoferstr. 20, 53343 Wachtberg, Germany| Fax: +49-228-856277
Re: Help needed: pkg_add dropps connections
Am 02/18/15 um 01:40 schrieb Nick Holland: On 02/17/15 18:59, Stefan Wollny wrote: ftp: connect: No route to host you need to fix that before you worry about anything. Once you get THAT fixed, then you can get back to worrying about your dropping connections. Gotta make it before you can drop it. Mmmmh - it may not be related to the issue of this thread, but /var/log/messages has nothing when the connection is lost. At connect there are two complaints from avahi-daemon and adsuck: ~ $ date sh reconnect Wed Feb 18 11:56:45 CET 2015 ifconfig: SIOCGIFFLAGS: Device not configured loopback localhostdone BASE-ADDRESS.MCAST.N link#5 done ::/128 localhostdone ::/128 localhostdone ::127.0.0.0/128 localhostdone ::224.0.0.0/128 localhostdone ::255.0.0.0/128 localhostdone :::0.0.0.0/128 localhostdone 2002::/128 localhostdone 2002:7f00::/128 localhostdone 2002:e000::/128 localhostdone 2002:ff00::/128 localhostdone fe80::/128 localhostdone fec0::/128 localhostdone ff01::/128 localhostdone ff02::/128 localhostdone ifconfig: SIOCSTRUNKPORT: Device busy ifconfig: SIOCSTRUNKPORT: Device busy DHCPREQUEST on trunk0 to 255.255.255.255 DHCPREQUEST on trunk0 to 255.255.255.255 DHCPACK from 192.168.178.1 (00:24:fe:31:e3:ea) bound to 192.168.178.31 -- renewal in 432000 seconds. ~ $ date tail -f /var/log/messages Wed Feb 18 11:56:43 CET 2015 [... older stuff omitted .. ] Feb 18 11:56:45 idefix dhclient[26941]: trunk0 down; exiting Feb 18 11:56:45 idefix avahi-daemon[12643]: IP_DROP_MEMBERSHIP failed: Can't assign requested address Feb 18 11:56:45 idefix adsuck[16092]: can't convert wire packet to struct I'd like to point out that the connection is lost too when running 'pkg_add' right on the console. And YES - I had tried without adsuck enabled before. I had posted it yesterday but here is once more the reconnect-script: ~ $ cat reconnect #/bin/sh sudo /sbin/ifconfig em0 down sudo /sbin/ifconfig wpi0 down sudo /sbin/ifconfig rsu0 down sudo /sbin/ifconfig trunk0 down sudo /sbin/route flush sudo sh /etc/netstart
Re: OpenBSD usb cannot be read on Windows
I used the dd'' command to make a bootable USB drive. The USB is 16G. After I am done with the installation, I want to use the USB under Windows for other purposes. Windows reads only 240 M. How can I recover the 16G on the USB? Reformat it. Priit
Re: Serial console on Sunix 40XX (PCI)
On Mon, Feb 16, 2015 at 10:50:35AM +0100, Radek wrote: I'm trying to setup a serial console. My RS-232 is an old PCIcard. I tried this way: boot set tty com4 /etc/ttys: tty00 /usr/libexec/getty std.9600 vt220 on secure tty04 /usr/libexec/getty std.9600 vt220 on secure but can't connect to console and the system doesn't boot. What am I doing wrong? The boot loader is a simplistic program making use of basic CPU features and BIOS services. It can't access every device like a fully initialized kernel can. At startup, the boot loader will probe the available device it can make use of. It will look like this: probing: pc0 com0 apm pci mem[640K 990M a20=on] disk: hd0+ hd1+* OpenBSD/i386 BOOT 3.26 On this computer, I can use com0 or pc0 (display) as a console. com0 is a standard traditionnal motherboard serial port. Look at what your boot loader tell you. Very likely, only tradionnal serial port can be use, not something attached to a puc card. [Note that boot loader names can be different that kernel device names.] Beside that, if you just want a login console on tty04, add the local flag to the /etc/ttys file. The truth is that there is very few DTE-to-DTE serial cable that provide the correct signaling to support open on DCD only. like: tty04 /usr/libexec/getty std.9600 vt220 on secure local # dmesg OpenBSD 5.6 (GENERIC.MP) #1: Wed Feb 11 11:23:16 CET 2015 r...@samba56.prac:/usr/src/sys/arch/i386/compile/GENERIC.MP ... puc0 at pci4 dev 0 function 0 Sunix 40XX rev 0x01: ports: 1 com com4 at puc0 port 0 apic 2 int 16: ti16750, 64 byte fifo com4: probed fifo depth: 32 bytes Your dmesg didn't show traditionnal serial ports. Good luck.
Re: netstat output shuffles (new feature?)
On 2/18/15, patrick keshishian pkesh...@gmail.com wrote: Hi, Just installed 2015-FEB-17 amd64 snapshot[1] and at first I thought the order of daemon start-up had changed, and for some strange reason sshd was started after smtpd, and X? $ netstat -afinet Active Internet connections (including servers) Proto Recv-Q Send-Q Local Address Foreign Address (state) tcp 0 0 *.ssh *.*LISTEN tcp 0 0 *.6000 *.*LISTEN tcp 0 0 localhost.smtp *.*LISTEN Active Internet connections (including servers) Proto Recv-Q Send-Q Local Address Foreign Address (state) udp 0 0 build.3815 otherbox.ntp udp 0 0 *.syslog *.* Quick look in /etc/rc didn't confirm this. *shrug* about 5 minutes later: $ netstat -afinet Active Internet connections (including servers) Proto Recv-Q Send-Q Local Address Foreign Address (state) tcp 0 0 *.6000 *.*LISTEN tcp 0 0 localhost.smtp *.*LISTEN tcp 0 0 *.ssh *.*LISTEN Active Internet connections (including servers) Proto Recv-Q Send-Q Local Address Foreign Address (state) udp 0 0 build.3815 otherbox.ntp udp 0 0 *.syslog *.* This is what I'm used to seeing. The first processes (based on start-up/socket bind time) at the bottom of the list (stack) and the newest at the top. I figured not to bother misc@ about this, but the order changed again next time I looked at netstat. Is this caused by some change in the kernel or netstat? it is due to new qsort code in netstat. ... so never mind. I see another difference testing this with nc. but that would need another topic. 'nite. --patrick Thanks, --patrick [1] sysctl kern.version kern.version=OpenBSD 5.7-beta (GENERIC) #801: Tue Feb 17 12:38:11 MST 2015 t...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC
Re: OpenBSD usb cannot be read on Windows
On Wed, Feb 18, 2015 at 09:37:31AM +, A Y wrote: I used the following command under OpenBSD 5.6: #dd if=/location/install56.fs of=/dev/rsd1c bs=1m When I try to reformat it under Windows, it formats only 240 M. So is it possible to format is under OpenBSD so that I can get the full size (16G) back? Zero out the MBR from OpenBSD. # dd if=/dev/null of=/dev/rsd1c bs=512 count=1 Then format it from Windows. Date: Wed, 18 Feb 2015 11:17:31 +0200 Subject: Re: OpenBSD usb cannot be read on Windows From: pr...@kivisoo.ee To: afyous...@hotmail.com CC: misc@openbsd.org I used the dd'' command to make a bootable USB drive. The USB is 16G. After I am done with the installation, I want to use the USB under Windows for other purposes. Windows reads only 240 M. How can I recover the 16G on the USB? Reformat it. Priit -- / Raimo Niskanen, Erlang/OTP, Ericsson AB
Re: OpenBSD usb cannot be read on Windows
I used the following command under OpenBSD 5.6: #dd if=/location/install56.fs of=/dev/rsd1c bs=1m When I try to reformat it under Windows, it formats only 240 M. So is it possible to format is under OpenBSD so that I can get the full size (16G) back? Date: Wed, 18 Feb 2015 11:17:31 +0200 Subject: Re: OpenBSD usb cannot be read on Windows From: pr...@kivisoo.ee To: afyous...@hotmail.com CC: misc@openbsd.org I used the dd'' command to make a bootable USB drive. The USB is 16G. After I am done with the installation, I want to use the USB under Windows for other purposes. Windows reads only 240 M. How can I recover the 16G on the USB? Reformat it. Priit
Re: Installing OpenBSD 5.6 using a USB Flash drive
Am 2015-02-17 17:27, schrieb A Y: dmesg|grep ^.d0 returns only sd0 sysctl hw.disknames returns sd0 and rd0 my machine is a 10.1 inch netbook Lenovo E10-30 running Intel Celeron N2830 Dual Core 64 bit. Do you think I should have used amd64 installation instead of i386? Will depend mostly on your available RAM. i386 is 32 bit. See https://en.wikipedia.org/wiki/RAM_limit#32-bit_x86_RAM_limit
Re: OpenBSD usb cannot be read on Windows
Priit Kivisoo said: Windows reads only 240 M. How can I recover the 16G on the USB? Reformat it. You will likely need to get rid of mbr partition to reclaim the space. You can do it with fdisk, dd (dd if=/dev/zero of=/dev/sdNc bs=512 count=1) or with Windows' Disk Management tool (You can find it in Computer Management shell). -- Dmitrij D. Czarkoff
Re: Help needed: pkg_add dropps connections
Am 02/18/15 um 10:19 schrieb David Dahlberg: Am Mittwoch, den 18.02.2015, 08:46 +0100 schrieb Stefan Wollny: Only with 'pkg_add' the connection is entirely gone and 'pkg_add' subsequently complains about 'No route to host'... and only on this particular machine. Just wildly guessing here: At least on Linux, the kernel will reply No route to host not only if there is no route in the routing table, but also if it received an ICMP dest unreach, including admin prohibited. Maybe it would be useful tcpdump the the line (maybe add lo0 in case it's something locally generated) to see if something suspicious is happening when the connection terminates. Hi David, thank you for your suggestions. Well - I am just an ordinary OpenBSD-user lacking any knowledge of the kernel's interna. So I can't really comment on that, except that I have pass on $ext_if inet proto icmp all icmp-type 8 code 0 in my pf.conf. I picked up your suggestion on watching lo0 as well (pflog0 has nothing!). Here are the last lines before the connection is lost (below this I post the output of netstat): Feb 18 11:27:22.550315 127.0.0.1.53 127.0.0.1.7621: 27100 1/0/0 2a00:15a8:0:100:d91f:5023:0:1 (80) Feb 18 11:27:22.825300 127.0.0.1.44811 127.0.0.1.53: 43221+ A? ftp.hostserver.de. (35) Feb 18 11:27:22.827907 127.0.0.1.53 127.0.0.1.44811: 43221 1/0/0 A 217.31.80.35 (68) Feb 18 11:27:22.828023 127.0.0.1.34231 127.0.0.1.53: 50848+ ? ftp.hostserver.de. (35) Feb 18 11:27:22.831648 127.0.0.1.53 127.0.0.1.34231: 50848 1/0/0 2a00:15a8:0:100:d91f:5023:0:1 (80) Feb 18 11:27:23.098915 127.0.0.1.16511 127.0.0.1.53: 8621+ A? ftp.hostserver.de. (35) Feb 18 11:27:23.101493 127.0.0.1.53 127.0.0.1.16511: 8621 1/0/0 A 217.31.80.35 (68) Feb 18 11:27:23.101653 127.0.0.1.46720 127.0.0.1.53: 2234+ ? ftp.hostserver.de. (35) Feb 18 11:27:23.105205 127.0.0.1.53 127.0.0.1.46720: 2234 1/0/0 2a00:15a8:0:100:d91f:5023:0:1 (80) Feb 18 11:27:23.405236 127.0.0.1.45409 127.0.0.1.53: 4242+ A? ftp.hostserver.de. (35) Feb 18 11:27:23.407778 127.0.0.1.53 127.0.0.1.45409: 4242 1/0/0 A 217.31.80.35 (68) Feb 18 11:27:23.407947 127.0.0.1.16371 127.0.0.1.53: 8430+ ? ftp.hostserver.de. (35) Feb 18 11:27:23.411508 127.0.0.1.53 127.0.0.1.16371: 8430 1/0/0 2a00:15a8:0:100:d91f:5023:0:1 (80) Feb 18 11:27:23.679032 127.0.0.1.2311 127.0.0.1.53: 25995+ A? ftp.hostserver.de. (35) Feb 18 11:27:23.681589 127.0.0.1.53 127.0.0.1.2311: 25995 1/0/0 A 217.31.80.35 (68) Feb 18 11:27:23.681730 127.0.0.1.37804 127.0.0.1.53: 28055+ ? ftp.hostserver.de. (35) Feb 18 11:27:23.685347 127.0.0.1.53 127.0.0.1.37804: 28055 1/0/0 2a00:15a8:0:100:d91f:5023:0:1 (80) Feb 18 11:27:24.100921 127.0.0.1.18524 127.0.0.1.53: 55509+ A? ftp.hostserver.de. (35) Feb 18 11:27:24.103570 127.0.0.1.53 127.0.0.1.18524: 55509 1/0/0 A 217.31.80.35 (68) Feb 18 11:27:24.103721 127.0.0.1.36652 127.0.0.1.53: 48339+ ? ftp.hostserver.de. (35) Feb 18 11:27:24.107271 127.0.0.1.53 127.0.0.1.36652: 48339 1/0/0 2a00:15a8:0:100:d91f:5023:0:1 (80) Feb 18 11:27:24.461192 127.0.0.1.45534 127.0.0.1.53: 8946+ A? ftp.hostserver.de. (35) Feb 18 11:27:24.463762 127.0.0.1.53 127.0.0.1.45534: 8946 1/0/0 A 217.31.80.35 (68) Feb 18 11:27:24.463896 127.0.0.1.13402 127.0.0.1.53: 38619+ ? ftp.hostserver.de. (35) Feb 18 11:27:24.467481 127.0.0.1.53 127.0.0.1.13402: 38619 1/0/0 2a00:15a8:0:100:d91f:5023:0:1 (80) Feb 18 11:27:25.022575 127.0.0.1.48140 127.0.0.1.53: 44181+ A? ftp.hostserver.de. (35) Feb 18 11:27:25.025149 127.0.0.1.53 127.0.0.1.48140: 44181 1/0/0 A 217.31.80.35 (68) Feb 18 11:27:25.025271 127.0.0.1.46973 127.0.0.1.53: 5352+ ? ftp.hostserver.de. (35) Feb 18 11:27:25.028825 127.0.0.1.53 127.0.0.1.46973: 5352 1/0/0 2a00:15a8:0:100:d91f:5023:0:1 (80) Feb 18 11:27:42.868652 127.0.0.1.17889 127.0.0.1.53: 46223+ TXT? current.cvd.clamav.net. (40) Feb 18 11:27:47.877392 127.0.0.1.21280 127.0.0.1.53: 46223+ TXT? current.cvd.clamav.net. (40) Feb 18 11:27:53.384447 127.0.0.1.44956 127.0.0.1.53: 48829+ A? imap.web.de. (29) Feb 18 11:27:57.887443 127.0.0.1.8685 127.0.0.1.53: 46223+ TXT? current.cvd.clamav.net. (40) Feb 18 11:27:58.387460 127.0.0.1.39806 127.0.0.1.53: 48829+ A? imap.web.de. (29) Feb 18 11:27:57.887443 127.0.0.1.8685 127.0.0.1.53: 46223+ TXT? current.cvd.clamav.net. (40) Feb 18 11:27:58.387460 127.0.0.1.39806 127.0.0.1.53: 48829+ A? imap.web.de. (29) Feb 18 11:28:08.397608 127.0.0.1.24938 127.0.0.1.53: 48829+ A? imap.web.de. (29) Feb 18 11:28:12.928554 127.0.0.1.53 127.0.0.1.17889: 46223 NXDomain*- 0/1/0 (147) Feb 18 11:28:12.928576 127.0.0.1 127.0.0.1: icmp: 127.0.0.1 udp port 17889 unreachable Feb 18 11:28:17.897755 127.0.0.1.45338 127.0.0.1.53: 46223+ TXT? current.cvd.clamav.net. (40) Feb 18 11:28:17.938892 127.0.0.1.53 127.0.0.1.21280: 46223 NXDomain*- 0/1/0 (147) Feb 18 11:28:17.938915 127.0.0.1 127.0.0.1: icmp: 127.0.0.1 udp port 21280 unreachable Feb 18 11:28:23.448486 127.0.0.1.53 127.0.0.1.44956: 48829
Re: current/amd64 on Asus J1800I-C
On Feb 04 09:49:59, h...@stare.cz wrote: On Jan 11 12:48:09, h...@stare.cz wrote: Continuing http://marc.info/?t=14042978995r=1w=2 with current/amd64. On Jul 02 12:43:58, h...@stare.cz wrote: So I got me this Asus board with an integrated Celeron http://www.asus.com/Motherboards/J1800IC/specifications/ and put 2G of Crucial RAM in it. On Jul 02 12:56:22, o...@drijf.net wrote: http://archives.neohapsis.com/archives/openbsd/2014-05/1637.html Thanks for the pointer. It can boot a kernel built with the following diff: Index: arch/amd64/amd64/lapic.c === RCS file: /cvs/src/sys/arch/amd64/amd64/lapic.c,v retrieving revision 1.37 diff -u -p -r1.37 lapic.c --- arch/amd64/amd64/lapic.c6 Jan 2015 12:50:47 - 1.37 +++ arch/amd64/amd64/lapic.c11 Jan 2015 11:12:13 - @@ -190,7 +190,7 @@ lapic_set_lvt(void) || mpi-cpu_id == ci-ci_apicid)) { #ifdef DIAGNOSTIC if (mpi-ioapic_pin 1) - panic(lapic_set_lvt: bad pin value %d, + printf(lapic_set_lvt: bad pin value %d\n, mpi-ioapic_pin); #endif if (mpi-ioapic_pin == 0) With the above diff, I can run OpnBSD on that board (dmesg below). The default installation still panics during boot though: http://stare.cz/dmesg/asus-J1800IC-lapic-panic.jpg http://stare.cz/dmesg/asus-J1800IC-lapic-trace.jpg Can anyone please elaborate on what exactly is wrong with that board? What's a pin value and what does make 72 bad? With the last amd64 snapshot (dmesg below) it boots OK. Thank you! Edited highlights of the diff to previous dmesg follow, previous dmesgs at http://stare.cz/dmesg/ (asus-J1800IC.*) (1) I don't know if it's related to the change that made the panic go away, but among what seems to be garbage in the dmesg(1) output, this comes right before th OpenBSD line: NJ1800IC.CAPWARNING! BIOS Recovery mode has been detected, Please put the file into HDD or a removable USB media device, And then reset your computer. You can also insert ASUS Support CD to your CD-ROM and reset your computer, If you have done these, Please wait a (2) -acpi0: tables DSDT FACP APIC FPDT MCFG LPIT HPET SSDT SSDT SSDT UEFI +acpi0: tables DSDT FACP APIC FPDT MCFG LPIT HPET SSDT SSDT SSDT UEFI SSDT Does that mean another ACPI table is now being detected? (3) +acpimadt0: bogus nmi for apid 0 I suppose this is another piece of ACPI information being gathered. (4) -lapic_set_lvt: bad pin value 72 Oh yeah. Still, how is that pin value not bad anymore? Please let me know what I can do to further test/debug this not-entirely-non-problematic HW. Thanks again! Jan OpenBSD 5.7-beta (GENERIC.MP) #856: Tue Feb 17 12:43:12 MST 2015 t...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 912130048 (869MB) avail mem = 883990528 (843MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xebd60 (43 entries) bios0: vendor American Megatrends Inc. version 0604 date 06/10/2014 bios0: ASUS All Series acpi0 at bios0: rev 2 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP APIC FPDT MCFG LPIT HPET SSDT SSDT SSDT UEFI SSDT acpi0: wakeup devices UAR5(S4) UAR8(S4) PS2K(S4) PS2M(S4) UAR1(S4) URIR(S4) XHC1(S4) EHC1(S4) PXSX(S4) PXSX(S4) PXSX(S4) PXSX(S4) PWRB(S0) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Celeron(R) CPU J1800 @ 2.41GHz, 2417.21 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,RDRAND,NXE,LONG,LAHF,3DNOWP,PERF,ITSC,SMEP,ERMS cpu0: 1MB 64b/line 16-way L2 cache cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges cpu0: apic clock running at 83MHz cpu0: mwait min=64, max=64, C-substates=0.2.0.0.0, IBE cpu1 at mainbus0: apid 2 (application processor) cpu1: Intel(R) Celeron(R) CPU J1800 @ 2.41GHz, 2416.67 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,RDRAND,NXE,LONG,LAHF,3DNOWP,PERF,ITSC,SMEP,ERMS cpu1: 1MB 64b/line 16-way L2 cache cpu1: smt 0, core 1, package 0 ioapic0 at mainbus0: apid 1 pa 0xfec0, version 20, 87 pins acpimadt0: bogus nmi for apid 0 acpimadt0: bogus nmi for apid 2 acpimcfg0 at acpi0 addr 0xe000, bus 0-255 acpihpet0 at acpi0: 14318179 Hz acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 1 (RP01) acpiprt2 at acpi0: bus 2 (RP02)
Re: Help needed: pkg_add dropps connections
Am 02/18/15 um 17:20 schrieb Stefan Wollny: # pkg_add -ui quirks-2.52 signed on 2015-02-17T13:51:20Z Error from http://ftp.hostserver.de/pub/OpenBSD/snapshots/packages/amd64/adsuck-2.5.0p2.tgz ftp: Error retrieving file: 403 Forbidden # * S U C C E S S * (I don't care for that one file - the connection didn't fail!) Now we have to figure out how to make that permanent... For the records: Gene gave me a hint on using 'env_keep'. I had to do my homework first as I never had taken notice of this before 8-) Long story short: If I am at home where I use the http_proxy, enabling this in the sudoers file by env_keep makes my day. (Very 'difficult' to achieve - uncomment one line!). But if I go without the http_proxy-variable set like e.g. in a hotel the connections still gets lost. Only difference this time is the error-note which now says no address associated with name' and no longer 'No route to host. Again: A big THANK YOU to you all who helped with you time and knowledge! Best, STEFAN
Re: OpenBSD firefox useragent Facebook
Erling Westenvik said: My Windows computers does not have this problem, neither does my laptop when it's connected through various gateways. And what about user-agent from your desktop and laptop? Do they work? -- Dmitrij D. Czarkoff
Re: OpenBSD firefox useragent Facebook
I've got two workstations and one laptop running amd64/current. problem, neither does my laptop when it's connected through various gateways. And what do you think your user agent is when you connect through those other gateways? ipchicken.com should tell you. This might have to do with which Facebook CDN node you might be hitting and DNS caching.
CPU criteria for OpenBSD firewall
Hi, Stupid question but if you would have to choose between two different Intel CPUs for an OpenBSD firewall using 4 to 6 Intel NICs with all /24 networks behind and around 50-60 Mbit/s average traffic would you rather choose the CPU with higher Frequency and less cores or for a CPU with lower frequency but more cores? For example: - E5-2630Lv3, 20M Cache, 1.80 GHz, 8 cores: http://ark.intel.com/products/83357/Intel-Xeon-Processor-E5-2630L-v3-20M-Cache-1_80-GHz - E5-2637v3, 15M Cache, 3.50 GHz, 4 cores: http://ark.intel.com/products/83358/Intel-Xeon-Processor-E5-2637-v3-15M-Cache-3_50-GHz Or asked differently, which are the importants criteria to look at first for a CPU intended to be used in an OpenBSD firewall? Regards ML
Re: CPU criteria for OpenBSD firewall
On 02/18/15 17:30, ML mail wrote: Hi, Stupid question but if you would have to choose between two different Intel CPUs for an OpenBSD firewall using 4 to 6 Intel NICs with all /24 networks behind and around 50-60 Mbit/s average traffic would you rather choose the CPU with higher Frequency and less cores or for a CPU with lower frequency but more cores? ... actually, I'd ask more useful questions. Realistically, most modern fast CPUs (let's leave out special cases like the Intel Atom, though even that might do it for you) will do the job just fine. Or asked differently, which are the importants criteria to look at first for a CPU intended to be used in an OpenBSD firewall? Discussing the merits of a CPU that's 95% idle vs. one that's 90% idle really misses a few points. If I were looking for a box, I'd look at more important issues: (in no particular order. And your criteria WILL differ from mine) * How fast a machine boots. * Availability of repair and upgrade parts * Low cost, so I can get a second machine and CARP 'em together. * General usability of the system and support by OpenBSD * Good bus structure for application * Well-supported NICs * Power consumption. * Quiet * Simple The last one probably deserves comment (and should probably be ranked at the top of my list): Simple wins out in reliability over complex. For a firewall, I'd rather have two non-RAIDed systems in a CARP setup over one machine with multiple power supplies, RAID controllers and other fluff that really does nothing for you IN THIS APPLICATION. If something takes your firewall down, you will lose more packets waiting for a super server to do its Power-on Self-test than you will because your processor is not the latest and greatest or theoretical best. I'd rather a couple few-year-old desktops that can reboot in 60 seconds over a super-server that spends two minutes showing you the wonderful RAID controller you don't care about. Yes, OpenBSD's filtering and packet moving system uses only one processor, so if you are pushing the limits, you will want more power-per-core over more cores, but you probably won't be pushing the limits. You will have N-1 cores all but completely idle, and one that is not very busy, On board cache could matter too, but again, all it will do in your case is reduce the load on the CPU even more, but it won't pump any more packets. Nick.
Re: Help needed: pkg_add dropps connections
On Wed, Feb 18, 2015 at 10:27:12AM -0500, Alan Corey wrote: This is probably unrelated but I've noticed that the fetching that happens with make install in ports seems less robust than it used to be. If my internet provider disconnects or the connection gets reset beyond that, it doesn't resume the download. And I've tried setting FETCH_CMD to wget -c, it doesn't help much (in 5.6, that's what I have my 5.2 machine set to). So I do a make install, wait until I've got a working URL, then ctrl-c to stop it, copy the url, open another rxvt in the distfiles dir, type wget, paste the URL. wget very rarely fails. I've got portsql installed and was able to make myself some partial fetchlists from that but my query didn't find dependencies of dependencies. A scratch install of 5.6 still took a couple months. Fetching large subsets of distfiles just works handsomely with dpb -F
Re: OpenBSD firefox useragent Facebook
On Wed, Feb 18, 2015 at 04:40:04PM +0100, Alexander Salmin wrote: Not using facebook but have you checked on another computer? Feels like this is not related to OpenBSD. Anyway, your best choice is using developer-tools and trying to identify which requests works and which does not. Maybe you have like me, local DNS-server which blocks famous ad-providers IPs or similar in your hosts-file? It's OpenBSD specific in that way that it only happens on my OpenBSD computers. I've got two workstations and one laptop running amd64/current. The gateway is running unbound, but the problem got nothing to do with that. My Windows computers does not have this problem, neither does my laptop when it's connected through various gateways. I might try to install 5.6 or 5.5 on some machine just to test. I think the problem arose sometimes in between August and November. Are there some libraries in OpenBSD that are shared between Firefox, Seamonkey AND Chrome, and which could result in erraneous DOM behavior? Not that many OpenBSD'ers using FaceBook, eh? *feeling dirty* On 2015-02-18 15:32:41, Erling Westenvik wrote: Not sure if this belongs in @misc or @ports - if any! - but I'll give the former a shot. All below applies to amd64/current-installations of mine. The last few months, I've been unable to tag other people when commenting on Facebook. I've tried resetting Firefox, disabling add-ons, deleting old profiles, reinstalling the browser, and even doing a fresh install of Firefox on a new OpenBSD installation. All to now avail. I suspect the user agent setting to be the culprit and have tried experimenting with various strings. Some of them enables me to tag other people, but messes up other things. Would anyone using Facebook be so kind as to provide me with a working user agent string for Firefox (35.0) ? Thanks, Erling PS. Just checked and neither Seamonkey nor Chrome will let me tag people in comments. This is getting weird...
Re: Help needed: pkg_add dropps connections
Am 02/18/15 um 17:08 schrieb Stuart Henderson: On 2015-02-18, Stefan Wollny stefan.wol...@web.de wrote: Could mss 1460 be the core of the issue? I have the following: ~ $ sudo cat /etc/pf.conf | grep mss match in all scrub (no-df random-id max-mss 1440) ~ $ sudo cat /etc/sysctl.conf | grep mss net.inet.tcp.mssdflt=1440 Neither of these make sense on a typical laptop, and they make me query what else you might have changed on the system. What does pfctl -si say? When you get the no route to host, what does e.g. route -n get 8.8.8.8 say? (i.e. some host on the internet). Are you able to ping your fritzbox or the proxy-server at that time? Hi Stuart, to answer your question: No, the line is dead - I can't ping anything. But I just received off-list the suggestion from Gene that the environment variables might not being passed on to root. I followed his advice like so: # export http_proxy=http://192.168.178.23:3128 # export ftp_proxy=http://192.168.178.23:3128 # export PKG_PATH=http://ftp.hostserver.de/pub/OpenBSD/snapshots/packages/amd64/ # print $http_proxy http://192.168.178.23:3128 # print $ftp_proxy http://192.168.178.23:3128 # print $PKG_PATH http://ftp.hostserver.de/pub/OpenBSD/snapshots/packages/amd64/ # pkg_add -ui quirks-2.52 signed on 2015-02-17T13:51:20Z Error from http://ftp.hostserver.de/pub/OpenBSD/snapshots/packages/amd64/adsuck-2.5.0p2.tgz ftp: Error retrieving file: 403 Forbidden # * S U C C E S S * (I don't care for that one file - the connection didn't fail!) Now we have to figure out how to make that permanent... At this point already I'd like to THANK YOU all who took some time to help me! Best, STEFAN
Re: Installing OpenBSD 5.6 using a USB Flash drive
The machine has 2 M RAM, so I guess, according to the link you provided, I am ok with i386 even though it is 32 bit and the machine is 64 bit. Am I correct? Date: Wed, 18 Feb 2015 11:43:56 +0100 From: open...@tower-net.de To: misc@openbsd.org Subject: Re: Installing OpenBSD 5.6 using a USB Flash drive Am 2015-02-17 17:27, schrieb A Y: dmesg|grep ^.d0 returns only sd0 sysctl hw.disknames returns sd0 and rd0 my machine is a 10.1 inch netbook Lenovo E10-30 running Intel Celeron N2830 Dual Core 64 bit. Do you think I should have used amd64 installation instead of i386? Will depend mostly on your available RAM. i386 is 32 bit. See https://en.wikipedia.org/wiki/RAM_limit#32-bit_x86_RAM_limit
Re: Help needed: pkg_add dropps connections
Am 02/18/15 um 13:51 schrieb Marc Espie: On Tue, Feb 17, 2015 at 02:44:42PM -0800, Gene wrote: quirks-2.52 signed on 2015-02-14T12:43:06Z Error from http://ftp.hostserver.de/pub/OpenBSD/snapshots/packages/amd64/curl-7.40.0.tgz ftp: connect: No route to host It's using ftp. I'm not familiar with how package management works with OpenBSD, so I don't know if this is a weird quirk of the pkg_add command or if he's not setting his package source properly. pkg_add does not do network connections directly for protocols where ftp(1) does know how to deal. pkg_add, however, closes connections aggressively when it's got the info it needs. If, somehow, your ftp setup is broken, then you might overflow the server with 100s of connections. Just do something like: ftp http://ftp.hostserver.de/pub/OpenBSD/snapshots/packages/amd64/curl-7.40.0.tgz (manually) close it halfway thru using ^C. If you don't see the connection being terminated properly, then you don't need to look further. That's your whole issue. or do it on something larger like http://ftp.hostserver.de/pub/OpenBSD/snapshots/packages/amd64/texlive_base-2013p3.tgz so that you have time to abort before the whole transfer is finished. OK: To rule out any implications I disabled the http-proxy in my .profile first. I checked for - ftp ftp://... - ftp http://... Both connections were terminated after 95 seconds (according to pftop) after closing with ^C. Now with http-proxy-variable being unset I gave 'pkg_add' another try: With 145 open connections the connection to the internet was lost.
OpenBSD firefox useragent Facebook
Not sure if this belongs in @misc or @ports - if any! - but I'll give the former a shot. All below applies to amd64/current-installations of mine. The last few months, I've been unable to tag other people when commenting on Facebook. I've tried resetting Firefox, disabling add-ons, deleting old profiles, reinstalling the browser, and even doing a fresh install of Firefox on a new OpenBSD installation. All to now avail. I suspect the user agent setting to be the culprit and have tried experimenting with various strings. Some of them enables me to tag other people, but messes up other things. Would anyone using Facebook be so kind as to provide me with a working user agent string for Firefox (35.0) ? Thanks, Erling PS. Just checked and neither Seamonkey nor Chrome will let me tag people in comments. This is getting weird...
Re: Help needed: pkg_add dropps connections
Am 02/18/15 um 15:07 schrieb Marc Espie: On Wed, Feb 18, 2015 at 02:32:39PM +0100, Stefan Wollny wrote: I checked for - ftp ftp://... - ftp http://... Both connections were terminated after 95 seconds (according to pftop) after closing with ^C. Now with http-proxy-variable being unset I gave 'pkg_add' another try: closing should be synchronous with the ^C giving you back the shell prompt. If it waits for 95 seconds, your network setup is fucked up. My mistake: Bad wording... The shell-prompt is back within 2~3 seconds. In a second xterm I had pftop running showing me that the connection was closed after the '95 seconds' I mentioned. Maybe I should change the SDD to another one and test with a fresh installation...
Re: OpenBSD usb cannot be read on Windows
Jan,Thank you very much for the tool. It is great. I got my 16 G back. Date: Wed, 18 Feb 2015 11:26:44 +0100 From: ja...@volny.cz To: afyous...@hotmail.com Subject: Re: OpenBSD usb cannot be read on Windows Hi AY, you can use HP Storage format tool on Windows, that restores the full capacity. http://download.cnet.com/HP-USB-Disk-Storage-Format-Tool/3000-2094_4-10974082 .html Jan On Wed, Feb 18, 2015 at 09:37:31AM +, A Y wrote: I used the following command under OpenBSD 5.6: #dd if=/location/install56.fs of=/dev/rsd1c bs=1m When I try to reformat it under Windows, it formats only 240 M. So is it possible to format is under OpenBSD so that I can get the full size (16G) back? Date: Wed, 18 Feb 2015 11:17:31 +0200 Subject: Re: OpenBSD usb cannot be read on Windows From: pr...@kivisoo.ee To: afyous...@hotmail.com CC: misc@openbsd.org I used the dd'' command to make a bootable USB drive. The USB is 16G. After I am done with the installation, I want to use the USB under Windows for other purposes. Windows reads only 240 M. How can I recover the 16G on the USB? Reformat it. Priit -- Be the change you want to see in the world.
Re: Help needed: pkg_add dropps connections
Am 02/18/15 um 12:09 schrieb Stefan Wollny: Am 02/18/15 um 01:40 schrieb Nick Holland: On 02/17/15 18:59, Stefan Wollny wrote: ftp: connect: No route to host you need to fix that before you worry about anything. Once you get THAT fixed, then you can get back to worrying about your dropping connections. Gotta make it before you can drop it. Mmmmh - it may not be related to the issue of this thread, but /var/log/messages has nothing when the connection is lost. At connect there are two complaints from avahi-daemon and adsuck: ~ $ date sh reconnect Wed Feb 18 11:56:45 CET 2015 ifconfig: SIOCGIFFLAGS: Device not configured loopback localhostdone BASE-ADDRESS.MCAST.N link#5 done ::/128 localhostdone ::/128 localhostdone ::127.0.0.0/128 localhostdone ::224.0.0.0/128 localhostdone ::255.0.0.0/128 localhostdone :::0.0.0.0/128 localhostdone 2002::/128 localhostdone 2002:7f00::/128 localhostdone 2002:e000::/128 localhostdone 2002:ff00::/128 localhostdone fe80::/128 localhostdone fec0::/128 localhostdone ff01::/128 localhostdone ff02::/128 localhostdone ifconfig: SIOCSTRUNKPORT: Device busy ifconfig: SIOCSTRUNKPORT: Device busy DHCPREQUEST on trunk0 to 255.255.255.255 DHCPREQUEST on trunk0 to 255.255.255.255 DHCPACK from 192.168.178.1 (00:24:fe:31:e3:ea) bound to 192.168.178.31 -- renewal in 432000 seconds. ~ $ date tail -f /var/log/messages Wed Feb 18 11:56:43 CET 2015 [... older stuff omitted .. ] Feb 18 11:56:45 idefix dhclient[26941]: trunk0 down; exiting Feb 18 11:56:45 idefix avahi-daemon[12643]: IP_DROP_MEMBERSHIP failed: Can't assign requested address Feb 18 11:56:45 idefix adsuck[16092]: can't convert wire packet to struct I'd like to point out that the connection is lost too when running 'pkg_add' right on the console. And YES - I had tried without adsuck enabled before. I had posted it yesterday but here is once more the reconnect-script: ~ $ cat reconnect #/bin/sh sudo /sbin/ifconfig em0 down sudo /sbin/ifconfig wpi0 down sudo /sbin/ifconfig rsu0 down sudo /sbin/ifconfig trunk0 down sudo /sbin/route flush sudo sh /etc/netstart OK - I changed pf.conf to log on all allowed connections. Here are the last lines from 'tcpdump -nettti pflog0' before the connection is lost: Feb 18 12:28:09.752328 rule 20/(match) pass out on trunk0: 192.168.178.31.26112 217.31.80.35.80: S 2557329514:2557329514(0) win 16384 mss 1460,nop,nop,sackOK,nop,wscale 3,nop,nop,timestamp 965690760[|tcp] (DF) Feb 18 12:28:10.063647 rule 20/(match) pass out on trunk0: 192.168.178.31.11874 217.31.80.35.80: S 264716856:264716856(0) win 16384 mss 1460,nop,nop,sackOK,nop,wscale 3,nop,nop,timestamp 2436088594[|tcp] (DF) Feb 18 12:28:10.376068 rule 20/(match) pass out on trunk0: 192.168.178.31.30104 217.31.80.35.80: S 2435427941:2435427941(0) win 16384 mss 1460,nop,nop,sackOK,nop,wscale 3,nop,nop,timestamp 47943579[|tcp] (DF) Feb 18 12:28:10.655702 rule 20/(match) pass out on trunk0: 192.168.178.31.40737 217.31.80.35.80: S 2432567211:2432567211(0) win 16384 mss 1460,nop,nop,sackOK,nop,wscale 3,nop,nop,timestamp 1107182930[|tcp] (DF) Feb 18 12:28:10.930614 rule 20/(match) pass out on trunk0: 192.168.178.31.41772 217.31.80.35.80: S 1999637066:1999637066(0) win 16384 mss 1460,nop,nop,sackOK,nop,wscale 3,nop,nop,timestamp 2831739904[|tcp] (DF) Feb 18 12:28:12.941274 rule 20/(match) pass out on trunk0: 192.168.178.31.41934 217.31.80.35.80: S 1637879660:1637879660(0) win 16384 mss 1460,nop,nop,sackOK,nop,wscale 3,nop,nop,timestamp 2522921076[|tcp] (DF) Feb 18 12:28:13.274194 rule 20/(match) pass out on trunk0: 192.168.178.31.15493 217.31.80.35.80: S 3826414152:3826414152(0) win 16384 mss 1460,nop,nop,sackOK,nop,wscale 3,nop,nop,timestamp 1932273166[|tcp] (DF) Feb 18 12:28:13.563635 rule 20/(match) pass out on trunk0: 192.168.178.31.12790 217.31.80.35.80: S 1899274144:1899274144(0) win 16384 mss 1460,nop,nop,sackOK,nop,wscale 3,nop,nop,timestamp 771850913[|tcp] (DF) Feb 18 12:28:13.894579 rule 20/(match) pass out on trunk0: 192.168.178.31.34868 217.31.80.35.80: S 220640463:220640463(0) win 16384 mss 1460,nop,nop,sackOK,nop,wscale 3,nop,nop,timestamp 1280756876[|tcp] (DF) Feb 18 12:28:14.069995 rule 20/(match) pass out on trunk0: 192.168.178.31.20335 217.31.80.35.80: S 726036165:726036165(0) win 16384 mss 1460,nop,nop,sackOK,nop,wscale 3,nop,nop,timestamp 391830302[|tcp] (DF) Feb 18 12:28:14.349303 rule 20/(match) pass out on trunk0: 192.168.178.31.2050 217.31.80.35.80: S 2533225330:2533225330(0) win 16384 mss 1460,nop,nop,sackOK,nop,wscale 3,nop,nop,timestamp 3452245743[|tcp] (DF) Feb 18 12:28:14.696570 rule 20/(match) pass out on trunk0:
Re: Serial console on Sunix 40XX (PCI)
I set comaddr: machine comaddr 0xdf00/0x0020 set tty com4 but I only got some kind of trash on my console output (ŃuBÓZ6ÁÂ$őďNŚO%âăÔkşľŚÚĄy). I replaced my PCIcard with other one: # pcidump -v 4:0:0: NetMos Nm9835 0x: Vendor ID: 9710 Product ID: 9835 0x0004: Command: 0001 Status: 0280 0x0008: Class: 07 Subclass: 80 Interface: 00 Revision: 01 0x000c: BIST: 00 Header Type: 00 Latency Timer: 20 Cache Line Size: 10 0x0010: BAR io addr: 0xdf00/0x0008 0x0014: BAR io addr: 0xde00/0x0008 0x0018: BAR io addr: 0xdd00/0x0008 0x001c: BAR io addr: 0xdc00/0x0008 0x0020: BAR io addr: 0xdb00/0x0008 0x0024: BAR io addr: 0xda00/0x0010 0x0028: Cardbus CIS: 0x002c: Subsystem Vendor ID: 1000 Product ID: 0012 0x0030: Expansion ROM Base Address: 0x0038: 0x003c: Interrupt Pin: 01 Line: 0c Min Gnt: 00 Max Lat: 00 # cat /etc/boot.conf machine comaddr 0xdf00/0x0008 set tty com4 # dmesg pci4 at ppb3 bus 4 puc0 at pci4 dev 0 function 0 NetMos Nm9835 rev 0x01: ports: 2 com, 1 lpt com4 at puc0 port 0 apic 2 int 16: ns16550a, 16 byte fifo com4: console com5 at puc0 port 1 apic 2 int 16: ns16550a, 16 byte fifo lpt3 at puc0 port 2 apic 2 int 16 My serial console works well now. Thanks! On Mon, 16 Feb 2015 10:23:25 -0800 Mike Larkin mlar...@azathoth.net wrote: man boot search for 'comaddr'. You probably need to set that up. Also, the bootloader may not understand the 16750. -ml On Mon, Feb 16, 2015 at 10:50:35AM +0100, Radek wrote: I'm trying to setup a serial console. My RS-232 is an old PCIcard. I tried this way: boot set tty com4 /etc/ttys: tty00 /usr/libexec/getty std.9600 vt220 on secure tty04 /usr/libexec/getty std.9600 vt220 on secure but can't connect to console and the system doesn't boot. What am I doing wrong? # dmesg OpenBSD 5.6 (GENERIC.MP) #1: Wed Feb 11 11:23:16 CET 2015 r...@samba56.prac:/usr/src/sys/arch/i386/compile/GENERIC.MP cpu0: Intel(R) Core(TM) i7 CPU 960 @ 3.20GHz (GenuineIntel 686-class) 3.38 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,NXE,LONG,SSE3,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,LAHF,PERF,ITSC real mem = 3487911936 (3326MB) avail mem = 3418468352 (3260MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 08/24/10, BIOS32 rev. 0 @ 0xfa810, SMBIOS rev. 2.4 @ 0xf0100 (39 entries) bios0: vendor Award Software International, Inc. version F2 date 08/24/2010 bios0: Gigabyte Technology Co., Ltd. X58-USB3 acpi0 at bios0: rev 0 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP MCFG EUDS MATS TAMG APIC SSDT acpi0: wakeup devices PEX0(S5) PEX1(S5) PEX2(S5) PEX3(S5) PEX4(S5) PEX5(S5) HUB0(S5) USB0(S3) USB1(S3) USB2(S3) USB3(S3) USB4(S3) USB5(S3) USBE(S3) USE2(S3) AZAL(S5) [...] acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimcfg0 at acpi0 addr 0xf000, bus 0-63 acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges cpu0: apic clock running at 134MHz cpu0: mwait min=64, max=64, C-substates=0.2.1.1.0, IBE cpu1 at mainbus0: apid 2 (application processor) cpu1: Intel(R) Core(TM) i7 CPU 960 @ 3.20GHz (GenuineIntel 686-class) 3.24 GHz cpu1: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,NXE,LONG,SSE3,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,LAHF,PERF,ITSC cpu2 at mainbus0: apid 4 (application processor) cpu2: Intel(R) Core(TM) i7 CPU 960 @ 3.20GHz (GenuineIntel 686-class) 3.24 GHz cpu2: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,NXE,LONG,SSE3,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,LAHF,PERF,ITSC cpu3 at mainbus0: apid 6 (application processor) cpu3: Intel(R) Core(TM) i7 CPU 960 @ 3.20GHz (GenuineIntel 686-class) 3.24 GHz cpu3: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,NXE,LONG,SSE3,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,LAHF,PERF,ITSC cpu4 at mainbus0: apid 1 (application processor) cpu4: Intel(R) Core(TM) i7 CPU 960 @ 3.20GHz (GenuineIntel 686-class) 3.24 GHz cpu4: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,NXE,LONG,SSE3,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,LAHF,PERF,ITSC cpu5 at mainbus0: apid 3 (application processor) cpu5: Intel(R)
Re: Packet integrity error (600 bytes remaining)
On Wed, Feb 18, 2015 at 01:34:48PM +0100, Jan Stary wrote: I just updated my ASUS J1800I-C to the latest amd64 snapshot, and can no longer connect to it via ssh from my Thinkpad T400. The error message is Packet integrity error (600 bytes remaining) at /usr/src/usr.bin/ssh/ssh/../clientloop.c:2097 Disconnecting: Packet integrity error. It is always 600 bytes. The full output of ssh -vv is below. Note that this happens after a successful authentication via key. I ssh'd like that without problems minutes before I upgraded the ASUS to the amd64 snapshot. I can connect now from the source Thinkpad to anywhere else without problems. I can connect now to the target ASUS from anywhere else without problems. I can connect now the other way round, from the ASUS to the Thinkpad. Needless to say, nothing has changed on my home network. Both machines are connected to the same switch, and are on the same network (192.168.111.0/24). Both dmesgs below; the target machine (ASUS) is the latest amd64 snapshot, the Thinkpad is a Tuesday Feb 10 amd64 snapshot. Is it crazy to think that this particular combination of client and server is somehow broken? I thought I would just report this before I upgrade the Thinkpad too. Jan This is known, there has been a window where the ssh client was broken. Upgrade your ssh client to -current or use -oUpdateHostkeys=no as a workaround. -Otto hans@lenovo:~$ ssh -vv media OpenSSH_6.7, LibreSSL 2.1 debug1: Reading configuration data /etc/ssh/ssh_config debug2: ssh_connect: needpriv 0 debug1: Connecting to media [192.168.111.8] port 22. debug1: Connection established. debug1: identity file /home/hans/.ssh/id_rsa type 1 debug1: key_load_public: No such file or directory debug1: identity file /home/hans/.ssh/id_rsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/hans/.ssh/id_dsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/hans/.ssh/id_dsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/hans/.ssh/id_ecdsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/hans/.ssh/id_ecdsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/hans/.ssh/id_ed25519 type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/hans/.ssh/id_ed25519-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_6.7 debug1: Remote protocol version 2.0, remote software version OpenSSH_6.7 debug1: match: OpenSSH_6.7 pat OpenSSH* compat 0x0400 debug2: fd 3 setting O_NONBLOCK debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug2: kex_parse_kexinit: curve25519-sha...@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ecdsa-sha2-nistp256-cert-...@openssh.com,ecdsa-sha2-nistp384-cert-...@openssh.com,ecdsa-sha2-nistp521-cert-...@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519-cert-...@openssh.com,ssh-rsa-cert-...@openssh.com,ssh-dss-cert-...@openssh.com,ssh-rsa-cert-...@openssh.com,ssh-dss-cert-...@openssh.com,ssh-ed25519,ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,aes128-...@openssh.com,aes256-...@openssh.com,chacha20-poly1...@openssh.com,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-...@lysator.liu.se debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,aes128-...@openssh.com,aes256-...@openssh.com,chacha20-poly1...@openssh.com,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-...@lysator.liu.se debug2: kex_parse_kexinit: umac-64-...@openssh.com,umac-128-...@openssh.com,hmac-sha2-256-...@openssh.com,hmac-sha2-512-...@openssh.com,hmac-sha1-...@openssh.com,umac...@openssh.com,umac-...@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5-...@openssh.com,hmac-ripemd160-...@openssh.com,hmac-sha1-96-...@openssh.com,hmac-md5-96-...@openssh.com,hmac-md5,hmac-ripemd160,hmac-ripemd...@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: umac-64-...@openssh.com,umac-128-...@openssh.com,hmac-sha2-256-...@openssh.com,hmac-sha2-512-...@openssh.com,hmac-sha1-...@openssh.com,umac...@openssh.com,umac-...@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5-...@openssh.com,hmac-ripemd160-...@openssh.com,hmac-sha1-96-...@openssh.com,hmac-md5-96-...@openssh.com,hmac-md5,hmac-ripemd160,hmac-ripemd...@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,z...@openssh.com,zlib debug2: kex_parse_kexinit: none,z...@openssh.com,zlib debug2:
Re: The CDs have signatures, too
On Wed, Feb 18, 2015 at 1:17 AM, Christian Weisgerber na...@mips.inka.de wrote: Remember, the official OpenBSD CDs carry signatures, too. And we need to keep copies of those out-of-band. Printed copy and old CDs where they won't get thrown away --It's a good reason to buy the CDs now instead of later. Periodically save/printout a copy of the cvs mirror page, too. https://securelist.com/files/2015/02/Equation_group_questions_and_answers.pdf | The attacks that use physical media (CD-ROMs) are particularly | interesting because they indicate the use of a technique known as | interdiction, where the attackers intercept shipped goods and | replace them with Trojanized versions. | | One such incident involved targeting participants at a scientific | conference in Houston. Upon returning home, some of the participants | received by mail a copy of the conference proceedings, together | with a slideshow including various conference materials. The | [compromised ?] CD-ROM used autorun.inf to execute an installer | that began by attempting to escalate privileges using two known | EQUATION group exploits. Next, it attempted to run the group's | DOUBLEFANTASY implant and install it onto the victim's machine. The | exact method by which these CDs were interdicted is unknown. We do | not believe the conference organizers did this on purpose. At the | same time, the super-rare DOUBLEFANTASY malware, together with its | installer with two zero-day exploits, don't end up on a CD by | accident. | | Another example is a Trojanized Oracle installation CD that contains | an EQUATIONLASER Trojan dropper alongside the Oracle installer. (Page 15.) -- Christian naddy Weisgerber na...@mips.inka.de -- Joel Rees Be careful when you look at conspiracy. Look first in your own heart, and ask yourself if you are not your own worst enemy. Arm yourself with knowledge of yourself, as well.
Re: Help needed: pkg_add dropps connections
On Tue, Feb 17, 2015 at 03:15:14PM +0100, Stefan Wollny wrote: Hello! I'd like to pick up an issue that is bugging me for some time now: Whenever I run 'pkg_add -ui' my connection gets terminated soon, reliably at the latest once packages starting with g are checked. I suspect it is in my pf.conf but it is not obvious to me. My system: Lenovo T60 running amd64-current. Below I provide the obligatory dmesg, pf.conf, rc.conf.local and sysctl.conf. Checking what is going on with 'pftop' I noticed that 'pkg_add' opens up hundreds of connections, all with state 'TIME_WAIT:TIME_WAIT' or 'FIN_WAIT_2:FIN_WAIT_2'. Once around 100 such states are established the connection will be dropped soon. I've tried ftp.hostserver.de, openbsd.cs.fau.de and ftp.openbsd.org - all show the same behaviour. E.g. PKG_PATH is set in my .profile like so: PKG_PATH=http://ftp.hostserver.de/pub/OpenBSD/snapshots/packages/amd64/ All those connections get closed by pkg_add. If you don't see them closing in your pf log, you need to figure out why.
Re: Help needed: pkg_add dropps connections
On Wed, Feb 18, 2015 at 02:32:39PM +0100, Stefan Wollny wrote: I checked for - ftp ftp://... - ftp http://... Both connections were terminated after 95 seconds (according to pftop) after closing with ^C. Now with http-proxy-variable being unset I gave 'pkg_add' another try: closing should be synchronous with the ^C giving you back the shell prompt. If it waits for 95 seconds, your network setup is fucked up.
Packet integrity error (600 bytes remaining)
I just updated my ASUS J1800I-C to the latest amd64 snapshot, and can no longer connect to it via ssh from my Thinkpad T400. The error message is Packet integrity error (600 bytes remaining) at /usr/src/usr.bin/ssh/ssh/../clientloop.c:2097 Disconnecting: Packet integrity error. It is always 600 bytes. The full output of ssh -vv is below. Note that this happens after a successful authentication via key. I ssh'd like that without problems minutes before I upgraded the ASUS to the amd64 snapshot. I can connect now from the source Thinkpad to anywhere else without problems. I can connect now to the target ASUS from anywhere else without problems. I can connect now the other way round, from the ASUS to the Thinkpad. Needless to say, nothing has changed on my home network. Both machines are connected to the same switch, and are on the same network (192.168.111.0/24). Both dmesgs below; the target machine (ASUS) is the latest amd64 snapshot, the Thinkpad is a Tuesday Feb 10 amd64 snapshot. Is it crazy to think that this particular combination of client and server is somehow broken? I thought I would just report this before I upgrade the Thinkpad too. Jan hans@lenovo:~$ ssh -vv media OpenSSH_6.7, LibreSSL 2.1 debug1: Reading configuration data /etc/ssh/ssh_config debug2: ssh_connect: needpriv 0 debug1: Connecting to media [192.168.111.8] port 22. debug1: Connection established. debug1: identity file /home/hans/.ssh/id_rsa type 1 debug1: key_load_public: No such file or directory debug1: identity file /home/hans/.ssh/id_rsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/hans/.ssh/id_dsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/hans/.ssh/id_dsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/hans/.ssh/id_ecdsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/hans/.ssh/id_ecdsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/hans/.ssh/id_ed25519 type -1 debug1: key_load_public: No such file or directory debug1: identity file /home/hans/.ssh/id_ed25519-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_6.7 debug1: Remote protocol version 2.0, remote software version OpenSSH_6.7 debug1: match: OpenSSH_6.7 pat OpenSSH* compat 0x0400 debug2: fd 3 setting O_NONBLOCK debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug2: kex_parse_kexinit: curve25519-sha...@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ecdsa-sha2-nistp256-cert-...@openssh.com,ecdsa-sha2-nistp384-cert-...@openssh.com,ecdsa-sha2-nistp521-cert-...@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519-cert-...@openssh.com,ssh-rsa-cert-...@openssh.com,ssh-dss-cert-...@openssh.com,ssh-rsa-cert-...@openssh.com,ssh-dss-cert-...@openssh.com,ssh-ed25519,ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,aes128-...@openssh.com,aes256-...@openssh.com,chacha20-poly1...@openssh.com,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-...@lysator.liu.se debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,aes128-...@openssh.com,aes256-...@openssh.com,chacha20-poly1...@openssh.com,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-...@lysator.liu.se debug2: kex_parse_kexinit: umac-64-...@openssh.com,umac-128-...@openssh.com,hmac-sha2-256-...@openssh.com,hmac-sha2-512-...@openssh.com,hmac-sha1-...@openssh.com,umac...@openssh.com,umac-...@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5-...@openssh.com,hmac-ripemd160-...@openssh.com,hmac-sha1-96-...@openssh.com,hmac-md5-96-...@openssh.com,hmac-md5,hmac-ripemd160,hmac-ripemd...@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: umac-64-...@openssh.com,umac-128-...@openssh.com,hmac-sha2-256-...@openssh.com,hmac-sha2-512-...@openssh.com,hmac-sha1-...@openssh.com,umac...@openssh.com,umac-...@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5-...@openssh.com,hmac-ripemd160-...@openssh.com,hmac-sha1-96-...@openssh.com,hmac-md5-96-...@openssh.com,hmac-md5,hmac-ripemd160,hmac-ripemd...@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,z...@openssh.com,zlib debug2: kex_parse_kexinit: none,z...@openssh.com,zlib debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: kex_parse_kexinit: curve25519-sha...@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1
Re: Help needed: pkg_add dropps connections
On Tue, Feb 17, 2015 at 02:44:42PM -0800, Gene wrote: quirks-2.52 signed on 2015-02-14T12:43:06Z Error from http://ftp.hostserver.de/pub/OpenBSD/snapshots/packages/amd64/curl-7.40.0.tgz ftp: connect: No route to host It's using ftp. I'm not familiar with how package management works with OpenBSD, so I don't know if this is a weird quirk of the pkg_add command or if he's not setting his package source properly. pkg_add does not do network connections directly for protocols where ftp(1) does know how to deal. pkg_add, however, closes connections aggressively when it's got the info it needs. If, somehow, your ftp setup is broken, then you might overflow the server with 100s of connections. Just do something like: ftp http://ftp.hostserver.de/pub/OpenBSD/snapshots/packages/amd64/curl-7.40.0.tgz (manually) close it halfway thru using ^C. If you don't see the connection being terminated properly, then you don't need to look further. That's your whole issue. or do it on something larger like http://ftp.hostserver.de/pub/OpenBSD/snapshots/packages/amd64/texlive_base-2013p3.tgz so that you have time to abort before the whole transfer is finished.
Re: Help needed: pkg_add dropps connections
Have you also tried without the proxy? On 2015-02-18 13:47:26, Marc Espie wrote: On Tue, Feb 17, 2015 at 03:15:14PM +0100, Stefan Wollny wrote: Hello! I'd like to pick up an issue that is bugging me for some time now: Whenever I run 'pkg_add -ui' my connection gets terminated soon, reliably at the latest once packages starting with g are checked. I suspect it is in my pf.conf but it is not obvious to me. My system: Lenovo T60 running amd64-current. Below I provide the obligatory dmesg, pf.conf, rc.conf.local and sysctl.conf. Checking what is going on with 'pftop' I noticed that 'pkg_add' opens up hundreds of connections, all with state 'TIME_WAIT:TIME_WAIT' or 'FIN_WAIT_2:FIN_WAIT_2'. Once around 100 such states are established the connection will be dropped soon. I've tried ftp.hostserver.de, openbsd.cs.fau.de and ftp.openbsd.org - all show the same behaviour. E.g. PKG_PATH is set in my .profile like so: PKG_PATH=http://ftp.hostserver.de/pub/OpenBSD/snapshots/packages/amd64/ All those connections get closed by pkg_add. If you don't see them closing in your pf log, you need to figure out why.
Re: Help needed: pkg_add dropps connections
On Tue, Feb 17, 2015 at 06:10:37PM -0500, Nick Holland wrote: it's using the ftp(1) FTP client, which (in OpenBSD) does a wonderful job of fetching things via the HTTP protocol as well as the FTP protocol. now, he says it is blowing up after around 100 states. Sounds like his firewall/proxy/whatever is limiting the state count per station. Goodness knows this works very well usually, so it's something different between his system and mine...and I'm putting my money on his firewall or proxy. Now, pkg_add has a whole lot of magic to limit the number of active connections to a given site down to ONE single active connection at any given time. *however* it *does* close connections abruptly, just closing the fd connected to ftp(1), and letting it die. *If* those connections are not dropped properly (having to do with the machine setup), *then* you will end up with 100s of unterminated connections... which at some point is going to overflow the machine, of course. This has nothing to do with ftp:// , which is another can of trouble entirely. Aggressive NATs tend to break ftp, as any big package will have a DATA connection active for long, and will tend to terminate the CTRL connection early, unless the NAT knows about ftp (which is why ftp proxies are a good idea, and which is why I implemented the ftp-level keep-alive hack, which actually sends NOP commands vryyy slowly on the CTRL connection while the DATA connection is going on, to avoid this drop). Again, there CAN be an issue with closing ftp connections early, as those depend on telnet urgent signaling mechanisms, which tend to be bungled by a lot of proxies (hey, why read the RFC when we can do a FUCKED UP UNTESTED JOB OF writing TESTOSTERONE ladden shit ?) As for http, well, there was some hope in using HTTP 1.1 to not terminate the connection. Unfortunately, most http servers screwed the pooch by being vulnerable to Byte-Range attacks (yeah, no-one learnt from the TCP fragmentation attacks from 15 years ago. But you know, man, http is all shiny and new, and the new generation doesn't even care about the lower layers as long as they've got their shiny JSON and node.js, and go/rust shitz)... so direct http 1.1 usage from pkg_add never went beyond the planning stage, as most http servers out there will just terminate http 1.1 connections early in a fairly random way). TL;DR: you got to fix your network setup so you can abort partial fetches thru ftp(1) without any dangling network state remaining after the ^C. That's what's screwed in that specific situation.
Re: Packet integrity error (600 bytes remaining)
Both dmesgs below; the target machine (ASUS) is the latest amd64 snapshot, the Thinkpad is a Tuesday Feb 10 amd64 snapshot. Is it crazy to think that this particular combination of client and server is somehow broken? I thought I would just report this before I upgrade the Thinkpad too. This is known, there has been a window where the ssh client was broken. Upgrade your ssh client to -current or use -oUpdateHostkeys=no as a workaround. Yes, upgrading the client to current/amd64 as well solved it. Thanks. Jan
Re: Help needed: pkg_add dropps connections
Am 02/18/15 um 16:27 schrieb Alan Corey: This is probably unrelated but I've noticed that the fetching that happens with make install in ports seems less robust than it used to be. If my internet provider disconnects or the connection gets reset beyond that, it doesn't resume the download. And I've tried setting FETCH_CMD to wget -c, it doesn't help much (in 5.6, that's what I have my 5.2 machine set to). So I do a make install, wait until I've got a working URL, then ctrl-c to stop it, copy the url, open another rxvt in the distfiles dir, type wget, paste the URL. wget very rarely fails. I've got portsql installed and was able to make myself some partial fetchlists from that but my query didn't find dependencies of dependencies. A scratch install of 5.6 still took a couple months. On 2/18/15, owner-m...@openbsd.org owner-m...@openbsd.org wrote: chopped many K Credit is the root of all evil. - AB1JX Oh dear ... a couple of month for a scratch install??? Why don't you just take the CD from the shelf? I'd rather stay with stable than fiddling for month. You see - reconneting 10~15 times while pkg_add -ui updates my installed packages is a major annoyance, but actually I am done on a slow hotel-WLAN within 3~4 hours. It can be achieved if there is s.th. interesting on TV. At home with a modest fast line I am done within 30 minutes or so and my system runs with the latest current-amd64. What bothers me most is that I just can't figure out _why_ the connection gets lost...
Re: Help needed: pkg_add dropps connections
Am 02/18/15 um 15:16 schrieb Stefan Wollny: Am 02/18/15 um 15:07 schrieb Marc Espie: On Wed, Feb 18, 2015 at 02:32:39PM +0100, Stefan Wollny wrote: I checked for - ftp ftp://... - ftp http://... Both connections were terminated after 95 seconds (according to pftop) after closing with ^C. Now with http-proxy-variable being unset I gave 'pkg_add' another try: closing should be synchronous with the ^C giving you back the shell prompt. If it waits for 95 seconds, your network setup is fucked up. My mistake: Bad wording... The shell-prompt is back within 2~3 seconds. In a second xterm I had pftop running showing me that the connection was closed after the '95 seconds' I mentioned. Maybe I should change the SDD to another one and test with a fresh installation... Just as a follow up: Before setting up a fresh system I did another test (actually again) without adsuck enabled: Long story short: Still the connection gets dropped running 'pkg_add -ui'
Re: Help needed: pkg_add dropps connections
On 2015-02-18, Stefan Wollny stefan.wol...@web.de wrote: Could mss 1460 be the core of the issue? I have the following: ~ $ sudo cat /etc/pf.conf | grep mss match in all scrub (no-df random-id max-mss 1440) ~ $ sudo cat /etc/sysctl.conf | grep mss net.inet.tcp.mssdflt=1440 Neither of these make sense on a typical laptop, and they make me query what else you might have changed on the system. What does pfctl -si say? When you get the no route to host, what does e.g. route -n get 8.8.8.8 say? (i.e. some host on the internet). Are you able to ping your fritzbox or the proxy-server at that time?
Re: OpenBSD firefox useragent Facebook
Not using facebook but have you checked on another computer? Feels like this is not related to OpenBSD. Anyway, your best choice is using developer-tools and trying to identify which requests works and which does not. Maybe you have like me, local DNS-server which blocks famous ad-providers IPs or similar in your hosts-file? On 2015-02-18 15:32:41, Erling Westenvik wrote: Not sure if this belongs in @misc or @ports - if any! - but I'll give the former a shot. All below applies to amd64/current-installations of mine. The last few months, I've been unable to tag other people when commenting on Facebook. I've tried resetting Firefox, disabling add-ons, deleting old profiles, reinstalling the browser, and even doing a fresh install of Firefox on a new OpenBSD installation. All to now avail. I suspect the user agent setting to be the culprit and have tried experimenting with various strings. Some of them enables me to tag other people, but messes up other things. Would anyone using Facebook be so kind as to provide me with a working user agent string for Firefox (35.0) ? Thanks, Erling PS. Just checked and neither Seamonkey nor Chrome will let me tag people in comments. This is getting weird...
Re: Help needed: pkg_add dropps connections
This is probably unrelated but I've noticed that the fetching that happens with make install in ports seems less robust than it used to be. If my internet provider disconnects or the connection gets reset beyond that, it doesn't resume the download. And I've tried setting FETCH_CMD to wget -c, it doesn't help much (in 5.6, that's what I have my 5.2 machine set to). So I do a make install, wait until I've got a working URL, then ctrl-c to stop it, copy the url, open another rxvt in the distfiles dir, type wget, paste the URL. wget very rarely fails. I've got portsql installed and was able to make myself some partial fetchlists from that but my query didn't find dependencies of dependencies. A scratch install of 5.6 still took a couple months. On 2/18/15, owner-m...@openbsd.org owner-m...@openbsd.org wrote: chopped many K Credit is the root of all evil. - AB1JX
Re: Installing OpenBSD 5.6 using a USB Flash drive
On February 18, 2015 11:43:56 AM CET, Markus Kolb open...@tower-net.de wrote: Am 2015-02-17 17:27, schrieb A Y: dmesg|grep ^.d0 returns only sd0 sysctl hw.disknames returns sd0 and rd0 my machine is a 10.1 inch netbook Lenovo E10-30 running Intel Celeron N2830 Dual Core 64 bit. Do you think I should have used amd64 installation instead of i386? Will depend mostly on your available RAM. i386 is 32 bit. Either way, I see no reason not to run amd64 on that processor. /Alexander See https://en.wikipedia.org/wiki/RAM_limit#32-bit_x86_RAM_limit
Re: CPU criteria for OpenBSD firewall
I might start a flame now but the higher freq and less core model is the better choice unless your firewall will do other things than packetfiltering and routing. On 2015-02-18 22:30:31, ML mail wrote: Hi, Stupid question but if you would have to choose between two different Intel CPUs for an OpenBSD firewall using 4 to 6 Intel NICs with all /24 networks behind and around 50-60 Mbit/s average traffic would you rather choose the CPU with higher Frequency and less cores or for a CPU with lower frequency but more cores? For example: - E5-2630Lv3, 20M Cache, 1.80 GHz, 8 cores: http://ark.intel.com/products/83357/Intel-Xeon-Processor-E5-2630L-v3-20M-Cache-1_80-GHz - E5-2637v3, 15M Cache, 3.50 GHz, 4 cores: http://ark.intel.com/products/83358/Intel-Xeon-Processor-E5-2637-v3-15M-Cache-3_50-GHz Or asked differently, which are the importants criteria to look at first for a CPU intended to be used in an OpenBSD firewall? Regards ML
Re: CPU criteria for OpenBSD firewall
To expand on Alexander's point, look at the FAQ: http://www.openbsd.org/faq/pf/perf.html If you aren't doing a lot of filtering, just passing traffic over multiple interfaces, more cores might be beneficial. -Eugene On Wed, Feb 18, 2015 at 2:50 PM, Alexander Salmin alexan...@salmin.biz wrote: I might start a flame now but the higher freq and less core model is the better choice unless your firewall will do other things than packetfiltering and routing. On 2015-02-18 22:30:31, ML mail wrote: Hi, Stupid question but if you would have to choose between two different Intel CPUs for an OpenBSD firewall using 4 to 6 Intel NICs with all /24 networks behind and around 50-60 Mbit/s average traffic would you rather choose the CPU with higher Frequency and less cores or for a CPU with lower frequency but more cores? For example: - E5-2630Lv3, 20M Cache, 1.80 GHz, 8 cores: http://ark.intel.com/products/83357/Intel-Xeon-Processor-E5-2630L-v3-20M-Cache-1_80-GHz - E5-2637v3, 15M Cache, 3.50 GHz, 4 cores: http://ark.intel.com/products/83358/Intel-Xeon-Processor-E5-2637-v3-15M-Cache-3_50-GHz Or asked differently, which are the importants criteria to look at first for a CPU intended to be used in an OpenBSD firewall? Regards ML
Re: CPU criteria for OpenBSD firewall
On 19-02-2015 01:12, Eric Furman wrote: A firewall should be a firewall. Period. It's your first line of defense against attack. Each and every additional thing you run on it just makes it that much more vulnerable to attack. Of course it does. But since not all of us have the budget for this kind of setup, I believe this trade-off is an acceptable one, if you understand the risks. Also, there are some things you can't do if you run the services on a separate machine such as divert(4). Cheers, Giancarlo Razzolini
Re: CPU criteria for OpenBSD firewall
On Wed, Feb 18, 2015, at 07:54 PM, Giancarlo Razzolini wrote: On 18-02-2015 20:30, ML mail wrote: Stupid question but if you would have to choose between two different Intel CPUs for an OpenBSD firewall using 4 to 6 Intel NICs with all /24 networks behind and around 50-60 Mbit/s average traffic would you rather choose the CPU with higher Frequency and less cores or for a CPU with lower frequency but more cores? This question isn't stupid at all. And the answer is probably entirely based on your setup. I do have a similar system, but with less average traffic, 10MB/s, and one 6-port intel card. In my setup, having the lower frequency, more cores is better, because my firewall isn't used just for PF. If you're gonna use you OpenBSD firewall for other processes such as, proxy, dns server, web server, dhcp server, it won't hurt to have more cores. A firewall should be a firewall. Period. It's your first line of defense against attack. Each and every additional thing you run on it just makes it that much more vulnerable to attack.
Re: CPU criteria for OpenBSD firewall
On 18-02-2015 20:30, ML mail wrote: Stupid question but if you would have to choose between two different Intel CPUs for an OpenBSD firewall using 4 to 6 Intel NICs with all /24 networks behind and around 50-60 Mbit/s average traffic would you rather choose the CPU with higher Frequency and less cores or for a CPU with lower frequency but more cores? This question isn't stupid at all. And the answer is probably entirely based on your setup. I do have a similar system, but with less average traffic, 10MB/s, and one 6-port intel card. In my setup, having the lower frequency, more cores is better, because my firewall isn't used just for PF. If you're gonna use you OpenBSD firewall for other processes such as, proxy, dns server, web server, dhcp server, it won't hurt to have more cores. Cheers, Giancarlo Razzolini
Re: CPU criteria for OpenBSD firewall
On 18 Feb 2015 at 15:18, Gene wrote: To expand on Alexander's point, look at the FAQ: http://www.openbsd.org/faq/pf/perf.html If you aren't doing a lot of filtering, just passing traffic over multiple interfaces, more cores might be beneficial. -Eugene Actually, at this time and the near future, passing traffic (i.e. the kernel network stack) happens entirely on CPU0. The network gurus *are* working on making the network layer multiprocessor capable, but my impression from watching the tech@ list is that this goal is still some ways off. At the present time, only userland applications can and do make use of the additional CPU cores. So to quote the old-timers on this list -- only the OP can determine the characterstics of the specific workload and firewall configuration. But unless that firewall includes many CPU-intensive proxies, it will most likely perform best with fewer yet faster cores. -Jacob. On Wed, Feb 18, 2015 at 2:50 PM, Alexander Salmin alexan...@salmin.biz wrote: I might start a flame now but the higher freq and less core model is the better choice unless your firewall will do other things than packetfiltering and routing. On 2015-02-18 22:30:31, ML mail wrote: Hi, Stupid question but if you would have to choose between two different Intel CPUs for an OpenBSD firewall using 4 to 6 Intel NICs with all /24 networks behind and around 50-60 Mbit/s average traffic would you rather choose the CPU with higher Frequency and less cores or for a CPU with lower frequency but more cores? For example: - E5-2630Lv3, 20M Cache, 1.80 GHz, 8 cores: http://ark.intel.com/products/83357/Intel-Xeon-Processor-E5-2630L-v3-2 0M-Cache-1_80-GHz - E5-2637v3, 15M Cache, 3.50 GHz, 4 cores: http://ark.intel.com/products/83358/Intel-Xeon-Processor-E5-2637-v3-15 M-Cache-3_50-GHz Or asked differently, which are the importants criteria to look at first for a CPU intended to be used in an OpenBSD firewall? Regards ML