Re: help with bgpd error messages
On Wed, 29 Apr 2015 11:02:09 +0200 Marko Cupać marko.cu...@mimar.rs wrote: On Tue, 28 Apr 2015 15:11:21 +0200 Claudio Jeker cje...@diehard.n-r-g.com wrote: The fatal in RDE: peer_up: bad state bug is fixed in 5.7 IIRC. Not sure if it was backported to 5.6. As a workaround you can disable the graceful restart capability to not trigger that code path. I was intending to upgrade on Friday anyway so no problem. In the meantime I updated to -stable, it's too early to say if it fixed it. I am on 5.7 release + errata patches now, and bgpd crashed again: May 6 10:06:07 bgp1 bgpd[11681]: neighbor 82.117.192.121 (sbb): sync error May 6 10:06:07 bgp1 bgpd[11681]: neighbor 82.117.192.121 (sbb): sending notification: Header error, synchronization error May 6 10:06:07 bgp1 bgpd[11681]: neighbor 82.117.192.121 (sbb): graceful restart of IPv4 unicast, keeping routes May 6 10:06:07 bgp1 bgpd[11681]: neighbor 82.117.192.121 (sbb): state change Established - Idle, reason: Fatal error May 6 10:06:07 bgp1 bgpd[11681]: neighbor 82.117.192.121 (sbb): state change Idle - Connect, reason: Start May 6 10:06:07 bgp1 bgpd[3820]: incremented the demote state of group 'carp' May 6 10:06:07 bgp1 bgpd[11681]: neighbor 82.117.192.121 (sbb): state change Connect - OpenSent, reason: Connection opened May 6 10:06:07 bgp1 bgpd[11681]: neighbor 82.117.192.121 (sbb): state change OpenSent - Active, reason: Connection closed May 6 10:06:08 bgp1 bgpd[11681]: neighbor 82.117.192.121 (sbb): sending notification: error in UPDATE message, attribute length wrong May 6 10:06:08 bgp1 bgpd[11681]: neighbor 82.117.192.121 (sbb): state change Active - Idle, reason: Fatal error May 6 10:06:38 bgp1 bgpd[11681]: neighbor 82.117.192.121 (sbb): state change Idle - Connect, reason: Start May 6 10:06:38 bgp1 bgpd[11681]: neighbor 82.117.192.121 (sbb): state change Connect - OpenSent, reason: Connection opened May 6 10:06:38 bgp1 bgpd[11681]: neighbor 82.117.192.121 (sbb): state change OpenSent - Active, reason: Connection closed May 6 10:08:07 bgp1 bgpd[11681]: neighbor 82.117.192.121 (sbb): graceful restart of IPv4 unicast, time-out, flushing May 6 10:08:38 bgp1 bgpd[11681]: neighbor 82.117.192.121 (sbb): state change Active - Connect, reason: ConnectRetryTimer expired May 6 10:08:38 bgp1 bgpd[11681]: neighbor 82.117.192.121 (sbb): state change Connect - OpenSent, reason: Connection opened May 6 10:08:38 bgp1 bgpd[11681]: neighbor 82.117.192.121 (sbb): state change OpenSent - OpenConfirm, reason: OPEN message received May 6 10:08:38 bgp1 bgpd[11681]: neighbor 82.117.192.121 (sbb): state change OpenConfirm - Established, reason: KEEPALIVE message received May 6 10:08:38 bgp1 bgpd[31241]: fatal in RDE: peer_up: bad state May 6 10:08:38 bgp1 bgpd[3820]: dispatch_imsg in main: pipe closed May 6 10:08:38 bgp1 bgpd[3820]: decremented the demote state of group 'carp' May 6 10:08:38 bgp1 bgpd[11681]: neighbor 82.117.192.121 (sbb): sending notification: Cease, administratively down May 6 10:08:38 bgp1 bgpd[11681]: neighbor 82.117.192.121 (sbb): state change Established - Idle, reason: Stop May 6 10:08:38 bgp1 bgpd[11681]: neighbor 178.253.194.253 (orion): sending notification: Cease, administratively down May 6 10:08:38 bgp1 bgpd[11681]: neighbor 178.253.194.253 (orion): state change Established - Idle, reason: Stop May 6 10:08:38 bgp1 bgpd[11681]: session engine exiting May 6 10:08:40 bgp1 bgpd[3820]: kernel routing table 0 (Loc-RIB) decoupled May 6 10:08:40 bgp1 bgpd[3820]: Terminating I guess bug is not solved in 5.7 release then. Maybe 5.7 stable? This issue is having really bad impact on my network. Both ISP links are up and running, but - as bgpd dies - my firewall has no routes which effectively stops the traffic flow with the Internet. I have contacted ISPs and ask them to check if they are sending us bad bgp packets. Regardless of that, I think bgpd shouldn't just shutdown itself no matter what payload it gets? Any help with this would be highly appreciated. -- Marko Cupać https://www.mimar.rs
Re: OpenSSH for Android
On 2015-05-05, Bertrand Caplet bertrand.cap...@chunkz.net wrote: Hey, I'm using JuiceSSH it's pretty good and free, but I don't know about ciphers... JuiceSSH uses http://www.jcraft.com/jsch/ for its SSH implementation, which itself relies on JCE for crypto, so there are a couple of layers below JuiceSSH itself where ed25519/poly1305 would need adding.
sslsplit needs to be restarted every 30 min.
Hi all, I have a strange problem with sslsplit (installed from packages) in a OpenBSD 5.7 amd64 host. Every 30 minutes (more or less. It is not exactly), sslsplit needs to be restarted: May 6 09:50:14 obsd57 monit[23714]: Monit start delay set -- pause for 120s May 6 09:52:14 obsd57 monit[16338]: 'localhost' Monit started May 6 09:53:14 obsd57 monit[16338]: 'sslsplit' process is not running May 6 09:53:14 obsd57 monit[16338]: 'sslsplit' trying to restart May 6 09:53:14 obsd57 monit[16338]: 'sslsplit' start: /etc/rc.d/sslsplit May 6 09:53:44 obsd57 monit[16338]: 'sslsplit' process is running with pid 22344 May 6 10:27:45 obsd57 monit[16338]: 'sslsplit' process is not running May 6 10:27:45 obsd57 monit[16338]: 'sslsplit' trying to restart May 6 10:27:46 obsd57 monit[16338]: 'sslsplit' start: /etc/rc.d/sslsplit May 6 10:28:16 obsd57 monit[16338]: 'sslsplit' process is running with pid 5788 May 6 11:00:19 obsd57 monit[16338]: 'sslsplit' process is not running May 6 11:00:19 obsd57 monit[16338]: 'sslsplit' trying to restart May 6 11:00:19 obsd57 monit[16338]: 'sslsplit' start: /etc/rc.d/sslsplit May 6 11:00:49 obsd57 monit[16338]: 'sslsplit' process is running with pid 1295 Is this a normal behavior?? Or maybe exists some problem in this OpenBSD host? From the other side, all other services running in this box, works without problems: dnscrypt_proxy, pf, opensmtpd, etc ... Thanks.
Re: openbsd's complete packages size
I'll give you the fish while teaching how to fish, OK? :) On Wed, May 06, 2015 at 11:26:38AM +, elvis wrote: | Hi guys I'd like to know the size of the whole packages.. In | particular for the i386 architecture. I really don't know where to | get this info.! [weerd@despair] $ lftp ftp://ftp.eu.openbsd.org lftp ftp.eu.openbsd.org:~ cd pub/OpenBSD/snapshots/packages cd ok, cwd=/pub/OpenBSD/snapshots/packages lftp ftp.eu.openbsd.org:/pub/OpenBSD/snapshots/packages du -sh i386/ 28G i386/ Happy fishing. Paul 'WEiRD' de Weerd -- [++-]+++.+++[---].+++[+ +++-].++[-]+.--.[-] http://www.weirdnet.nl/
Re: httpd 500 error with php-fpm (only https)
On Wed, May 06, 2015 at 02:49:44PM +0200, Alex Greif wrote:
Hi,
With the current snapshot on amd64 and have the following problem:
I am running httpd and php-fpm with a custom joomla (php) installation,
that crashes when I access the site with https.
Http runs fine without any problems.
FWIW I have this exact same issue on a wordpress installation (httpd(8) with
tls and php_fpm).
I haven't had the time to look at it at all yet... but I just wanted to add a +1
With https, php-fpm spawns the max number of max children,
and then never releases them. Finally httpd throws a 500 error.
I cannot figure oy whether it is a httpd or a php-fpm problem,
but I understand the httpd webserver as s sort of proxy in front
of the fastcgi daemon. So I assume thet the problem is with httpd tls,
but I am really not sure.
Here is my setup...
installed: httpd, php-5.6, php-fpm-5.6, postgresql
manually installed from tarball: joomla 3.4.1
The first https request works fine, but (in admin mode) switching between
the menus User Manager and Menu Manager triggers the error.
my php-fpm.conf settings (I also used higher values, but this made no
difference):
pm = dynamic
pm.max_children = 20
pm.start_servers = 15
pm.min_spare_servers = 10
pm.max_spare_servers = 20
php-fpm spawns children gradually and then it is running permanently with the
max children.
Here are the logs from (/usr/local/sbin/php-fpm-5.6 -F -O)
[06-May-2015 11:18:49.940744] DEBUG: pid 7845,
fpm_pctl_perform_idle_server_maintenance(), line 379: [pool www] currently 20
active children, 0 spare children, 20 running children. Spawning rate 1
[06-May-2015 11:18:50.950807] DEBUG: pid 7845,
fpm_pctl_perform_idle_server_maintenance(), line 379: [pool www] currently 20
active children, 0 spare children, 20 running children. Spawning rate 1
[06-May-2015 11:18:51.960904] DEBUG: pid 7845,
fpm_pctl_perform_idle_server_maintenance(), line 379: [pool www] currently 20
active children, 0 spare children, 20 running children. Spawning rate 1
[06-May-2015 11:18:52.970830] DEBUG: pid 7845,
fpm_pctl_perform_idle_server_maintenance(), line 379: [pool www] currently 20
active children, 0 spare children, 20 running children. Spawning rate 1
my httpd.conf settings:
server jo1.example.com {
listen on * port 80
listen on * tls port 443
tls key /etc/ssl/private/jo1.example.com.key
tls certificate /etc/ssl/jo1.example.com.crt
# Set max upload size to 513M (in bytes)
connection max request body 537919488
root /jo1
directory { no auto index, index index.php }
# Any other PHP file
location *.php {
fastcgi socket /run/php-fpm.sock
}
}
Here are the last log messages from httpd (httpd -d -vvv)
server jo1.example.com, client 3 (5 active), ip:42380 - ip:443,
Connection refused (500 Internal Server Error)
server jo1.example.com, client 6 (2 active), ip:48145 - ip, done
server jo1.example.com, client 4 (6 active), ip:48128 - ip, done
server jo1.example.com, client 8 (5 active), ip:48142 - ip, done
server jo1.example.com, client 9 (4 active), ip:48143 - ip, done
server jo1.example.com, client 6 (4 active), ip:48137 - ip, done
server jo1.example.com, client 5 (3 active), ip:48135 - ip, done
jo1.example.com ip - - [06/May/2015:11:20:44 +0200] UNKNOWN 400 0
server jo1.example.com, client 2 (3 active), ip:42379 - ip:443, bad
request (400 Bad Request)
jo1.example.com ip - - [06/May/2015:11:20:44 +0200] UNKNOWN 400 0
server jo1.example.com, client 1 (2 active), ip:42376 - ip:443, bad
request (400 Bad Request)
jo1.example.com ip - - [06/May/2015:11:20:44 +0200] UNKNOWN 400 0
server jo1.example.com, client 10 (1 active), ip:42402 - ip:443, bad
request (400 Bad Request)
jo1.example.com ip - - [06/May/2015:11:20:44 +0200] UNKNOWN 400 0
server jo1.example.com, client 1 (1 active), ip:42377 - ip:443, bad
request (400 Bad Request)
jo1.example.com ip - - [06/May/2015:11:20:44 +0200] UNKNOWN 400 0
server jo1.example.com, client 1 (2 active), ip:42375 - ip:443, bad
request (400 Bad Request)
jo1.example.com ip - - [06/May/2015:11:20:44 +0200] UNKNOWN 400 0
server jo1.example.com, client 2 (1 active), ip:42378 - ip:443, bad
request (400 Bad Request)
I am quite new to OpenBSD so an tips are appreciated how I can get more logs
or find the cause of the problem.
Thanks,
Alex.
--
Antoine
Re: httpd 500 error with php-fpm (only https)
On Wed, May 06, 2015 at 02:52:33PM +0200, Antoine Jacoutot wrote:
On Wed, May 06, 2015 at 02:49:44PM +0200, Alex Greif wrote:
Hi,
With the current snapshot on amd64 and have the following problem:
I am running httpd and php-fpm with a custom joomla (php) installation,
that crashes when I access the site with https.
Http runs fine without any problems.
FWIW I have this exact same issue on a wordpress installation (httpd(8) with
tls and php_fpm).
I haven't had the time to look at it at all yet... but I just wanted to add a
+1
Also happens with php-5.6...
With https, php-fpm spawns the max number of max children,
and then never releases them. Finally httpd throws a 500 error.
I cannot figure oy whether it is a httpd or a php-fpm problem,
but I understand the httpd webserver as s sort of proxy in front
of the fastcgi daemon. So I assume thet the problem is with httpd tls,
but I am really not sure.
Here is my setup...
installed: httpd, php-5.6, php-fpm-5.6, postgresql
manually installed from tarball: joomla 3.4.1
The first https request works fine, but (in admin mode) switching between
the menus User Manager and Menu Manager triggers the error.
my php-fpm.conf settings (I also used higher values, but this made no
difference):
pm = dynamic
pm.max_children = 20
pm.start_servers = 15
pm.min_spare_servers = 10
pm.max_spare_servers = 20
php-fpm spawns children gradually and then it is running permanently with
the max children.
Here are the logs from (/usr/local/sbin/php-fpm-5.6 -F -O)
[06-May-2015 11:18:49.940744] DEBUG: pid 7845,
fpm_pctl_perform_idle_server_maintenance(), line 379: [pool www] currently
20 active children, 0 spare children, 20 running children. Spawning rate 1
[06-May-2015 11:18:50.950807] DEBUG: pid 7845,
fpm_pctl_perform_idle_server_maintenance(), line 379: [pool www] currently
20 active children, 0 spare children, 20 running children. Spawning rate 1
[06-May-2015 11:18:51.960904] DEBUG: pid 7845,
fpm_pctl_perform_idle_server_maintenance(), line 379: [pool www] currently
20 active children, 0 spare children, 20 running children. Spawning rate 1
[06-May-2015 11:18:52.970830] DEBUG: pid 7845,
fpm_pctl_perform_idle_server_maintenance(), line 379: [pool www] currently
20 active children, 0 spare children, 20 running children. Spawning rate 1
my httpd.conf settings:
server jo1.example.com {
listen on * port 80
listen on * tls port 443
tls key /etc/ssl/private/jo1.example.com.key
tls certificate /etc/ssl/jo1.example.com.crt
# Set max upload size to 513M (in bytes)
connection max request body 537919488
root /jo1
directory { no auto index, index index.php }
# Any other PHP file
location *.php {
fastcgi socket /run/php-fpm.sock
}
}
Here are the last log messages from httpd (httpd -d -vvv)
server jo1.example.com, client 3 (5 active), ip:42380 - ip:443,
Connection refused (500 Internal Server Error)
server jo1.example.com, client 6 (2 active), ip:48145 - ip, done
server jo1.example.com, client 4 (6 active), ip:48128 - ip, done
server jo1.example.com, client 8 (5 active), ip:48142 - ip, done
server jo1.example.com, client 9 (4 active), ip:48143 - ip, done
server jo1.example.com, client 6 (4 active), ip:48137 - ip, done
server jo1.example.com, client 5 (3 active), ip:48135 - ip, done
jo1.example.com ip - - [06/May/2015:11:20:44 +0200] UNKNOWN 400 0
server jo1.example.com, client 2 (3 active), ip:42379 - ip:443, bad
request (400 Bad Request)
jo1.example.com ip - - [06/May/2015:11:20:44 +0200] UNKNOWN 400 0
server jo1.example.com, client 1 (2 active), ip:42376 - ip:443, bad
request (400 Bad Request)
jo1.example.com ip - - [06/May/2015:11:20:44 +0200] UNKNOWN 400 0
server jo1.example.com, client 10 (1 active), ip:42402 - ip:443, bad
request (400 Bad Request)
jo1.example.com ip - - [06/May/2015:11:20:44 +0200] UNKNOWN 400 0
server jo1.example.com, client 1 (1 active), ip:42377 - ip:443, bad
request (400 Bad Request)
jo1.example.com ip - - [06/May/2015:11:20:44 +0200] UNKNOWN 400 0
server jo1.example.com, client 1 (2 active), ip:42375 - ip:443, bad
request (400 Bad Request)
jo1.example.com ip - - [06/May/2015:11:20:44 +0200] UNKNOWN 400 0
server jo1.example.com, client 2 (1 active), ip:42378 - ip:443, bad
request (400 Bad Request)
I am quite new to OpenBSD so an tips are appreciated how I can get more
logs or find the cause of the problem.
Thanks,
Alex.
--
Antoine
--
Antoine
openbsd's complete packages size
Hi guys I'd like to know the size of the whole packages.. In particular for the i386 architecture. I really don't know where to get this info.! Thnks..!! Enviado desde mi BlackBerry de Movistar
Re: help with bgpd error messages
* Marko Cupać marko.cu...@mimar.rs [2015-05-06 12:01]: I am on 5.7 release + errata patches now, and bgpd crashed again: May 6 10:06:07 bgp1 bgpd[11681]: neighbor 82.117.192.121 (sbb): sync error I guess bug is not solved in 5.7 release then. Maybe 5.7 stable? Sigh. THERE IS NO BUG. As I told you before, sync error means the first 16 bytes of the BGP message aren't all-ones as required by the Standards. Either the equipment on the other side is severly broken or something is very screwed up with the network in between. bgp packets. Regardless of that, I think bgpd shouldn't just shutdown itself no matter what payload it gets? the later shutdown indeed shouldn't happen. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services GmbH, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS. Virtual Dedicated Servers, Root to Fully Managed Henning Brauer Consulting, http://henningbrauer.com/
Re: help with bgpd error messages
On 2015-05-06, Marko Cupać marko.cu...@mimar.rs wrote: On Wed, 29 Apr 2015 11:02:09 +0200 Marko Cupać marko.cu...@mimar.rs wrote: On Tue, 28 Apr 2015 15:11:21 +0200 Claudio Jeker cje...@diehard.n-r-g.com wrote: The fatal in RDE: peer_up: bad state bug is fixed in 5.7 IIRC. Not sure if it was backported to 5.6. As a workaround you can disable the graceful restart capability to not trigger that code path. I was intending to upgrade on Friday anyway so no problem. In the meantime I updated to -stable, it's too early to say if it fixed it. I am on 5.7 release + errata patches now, and bgpd crashed again: May 6 10:06:07 bgp1 bgpd[11681]: neighbor 82.117.192.121 (sbb): sync error May 6 10:06:07 bgp1 bgpd[11681]: neighbor 82.117.192.121 (sbb): sending notification: Header error, synchronization error May 6 10:06:07 bgp1 bgpd[11681]: neighbor 82.117.192.121 (sbb): graceful restart of IPv4 unicast, keeping routes Can you get a packet capture of TCP port 179 during a failure? tcpdump -i interface -w bgp.`date +%Y%m%d-%H%M`.pcap -s1500 tcp and port 179 It might be best to run it from a script run from cron which pkills tcpdump and rotates the file to avoid having huge files. You can review the files with 'tcpdump -nvvr [filename]', but the raw pcap files (and time of the failure as shown in logs) are more useful for anyone else looking into this. I guess bug is not solved in 5.7 release then. Maybe 5.7 stable? No changes to bgpd in 5.7-stable. (There were some changes in -current but they won't affect this). This issue is having really bad impact on my network. Both ISP links are up and running, but - as bgpd dies - my firewall has no routes which effectively stops the traffic flow with the Internet. I have contacted ISPs and ask them to check if they are sending us bad bgp packets. Regardless of that, I think bgpd shouldn't just shutdown itself no matter what payload it gets? There are two parts to this. One is it seems there is a bad BGP message hitting the parser in bgpd. Most likely it comes from the peer (though I haven't looked at the code deeply enough to rule out other possibilities). Every BGP message is supposed to start with 16 0xff bytes, this sync error log message is only triggered when a message is seen which does not have this. When this happens it is correct that the *peer* is taken down as there is some major problem. A packet trace with the right parts in it should confirm whether the problem is with a message from the peer or internal to bgpd. The other part is that it's triggering bgpd exiting. That's not good. Any help with this would be highly appreciated. Any idea what software (version number may be relevant too) your neighbours are using? Or at least what hardware vendor shows up in their MAC address? pkg_add maclookup arp -an | grep their_ip_address | maclookup
httpd 500 error with php-fpm (only https)
Hi,
With the current snapshot on amd64 and have the following problem:
I am running httpd and php-fpm with a custom joomla (php) installation,
that crashes when I access the site with https.
Http runs fine without any problems.
With https, php-fpm spawns the max number of max children,
and then never releases them. Finally httpd throws a 500 error.
I cannot figure oy whether it is a httpd or a php-fpm problem,
but I understand the httpd webserver as s sort of proxy in front
of the fastcgi daemon. So I assume thet the problem is with httpd tls,
but I am really not sure.
Here is my setup...
installed: httpd, php-5.6, php-fpm-5.6, postgresql
manually installed from tarball: joomla 3.4.1
The first https request works fine, but (in admin mode) switching between
the menus User Manager and Menu Manager triggers the error.
my php-fpm.conf settings (I also used higher values, but this made no
difference):
pm = dynamic
pm.max_children = 20
pm.start_servers = 15
pm.min_spare_servers = 10
pm.max_spare_servers = 20
php-fpm spawns children gradually and then it is running permanently with the
max children.
Here are the logs from (/usr/local/sbin/php-fpm-5.6 -F -O)
[06-May-2015 11:18:49.940744] DEBUG: pid 7845,
fpm_pctl_perform_idle_server_maintenance(), line 379: [pool www] currently 20
active children, 0 spare children, 20 running children. Spawning rate 1
[06-May-2015 11:18:50.950807] DEBUG: pid 7845,
fpm_pctl_perform_idle_server_maintenance(), line 379: [pool www] currently 20
active children, 0 spare children, 20 running children. Spawning rate 1
[06-May-2015 11:18:51.960904] DEBUG: pid 7845,
fpm_pctl_perform_idle_server_maintenance(), line 379: [pool www] currently 20
active children, 0 spare children, 20 running children. Spawning rate 1
[06-May-2015 11:18:52.970830] DEBUG: pid 7845,
fpm_pctl_perform_idle_server_maintenance(), line 379: [pool www] currently 20
active children, 0 spare children, 20 running children. Spawning rate 1
my httpd.conf settings:
server jo1.example.com {
listen on * port 80
listen on * tls port 443
tls key /etc/ssl/private/jo1.example.com.key
tls certificate /etc/ssl/jo1.example.com.crt
# Set max upload size to 513M (in bytes)
connection max request body 537919488
root /jo1
directory { no auto index, index index.php }
# Any other PHP file
location *.php {
fastcgi socket /run/php-fpm.sock
}
}
Here are the last log messages from httpd (httpd -d -vvv)
server jo1.example.com, client 3 (5 active), ip:42380 - ip:443, Connection
refused (500 Internal Server Error)
server jo1.example.com, client 6 (2 active), ip:48145 - ip, done
server jo1.example.com, client 4 (6 active), ip:48128 - ip, done
server jo1.example.com, client 8 (5 active), ip:48142 - ip, done
server jo1.example.com, client 9 (4 active), ip:48143 - ip, done
server jo1.example.com, client 6 (4 active), ip:48137 - ip, done
server jo1.example.com, client 5 (3 active), ip:48135 - ip, done
jo1.example.com ip - - [06/May/2015:11:20:44 +0200] UNKNOWN 400 0
server jo1.example.com, client 2 (3 active), ip:42379 - ip:443, bad
request (400 Bad Request)
jo1.example.com ip - - [06/May/2015:11:20:44 +0200] UNKNOWN 400 0
server jo1.example.com, client 1 (2 active), ip:42376 - ip:443, bad
request (400 Bad Request)
jo1.example.com ip - - [06/May/2015:11:20:44 +0200] UNKNOWN 400 0
server jo1.example.com, client 10 (1 active), ip:42402 - ip:443, bad
request (400 Bad Request)
jo1.example.com ip - - [06/May/2015:11:20:44 +0200] UNKNOWN 400 0
server jo1.example.com, client 1 (1 active), ip:42377 - ip:443, bad
request (400 Bad Request)
jo1.example.com ip - - [06/May/2015:11:20:44 +0200] UNKNOWN 400 0
server jo1.example.com, client 1 (2 active), ip:42375 - ip:443, bad
request (400 Bad Request)
jo1.example.com ip - - [06/May/2015:11:20:44 +0200] UNKNOWN 400 0
server jo1.example.com, client 2 (1 active), ip:42378 - ip:443, bad
request (400 Bad Request)
I am quite new to OpenBSD so an tips are appreciated how I can get more logs or
find the cause of the problem.
Thanks,
Alex.
Re: man -m broken without man.conf ?
On Wed, 06 May 2015 19:47:23 +0200, Ingo Schwarze wrote: Are you OK with the following patch? It uses the default path if and only if /etc/man.conf (or the -C argument) does not exist or does not contain any manpath or _whatdb directive. That looks reasonable. Having the logic in manconf_file() seems less fragile. - todd
relayd.conf man page question
Hi, while reading the relayd.conf man page, I found the following unclear paragraph: ... RELAYS listen on address [port port] [tls] ... If the port option is not specified, the port from the listen on directive will be used. My question: which *other* listen on directive is meant here? Or is the port mandatory? Thanks, ALex.
Announcing Livingston County BSD User Group (LivBUG)
[Please keep inquires off list if you're interested in LivBUG] This is a one time spam to all the *BSD mailing lists to announce a new BSD User Group I'm trying to start in Livingston County, Michigan. I'm calling it LivBUG [0]. I'd like to invite anyone from the Brighton, Fowlerville, Howell, Pinckney and nearby communities to join us at our Inaugural Meeting (TBA) [1]. As of now we plan on holding our meetings at the Hamburg Township Library. I plan on giving an introduction talk on OpenBSD (originally presented by fellow OpenBSD developer Brian Callahan). If you're interested in attending a meeting please join our mailing list over at LivBUG [0] or are Meetup.com page [1] (we are currently using meetup.com as a temporary space while we build more infrastructure and gage interest). Thanks for tolerating the spam! [0] http://livbug.org [1] http://www.meetup.com/Livingston-County-BSD-User-Group-LivBUG/events/222334139/ -- James Turner
Re: help with bgpd error messages
On Wed, May 06, 2015 at 03:10:44PM +0200, Henning Brauer wrote: * Marko Cupa?? marko.cu...@mimar.rs [2015-05-06 12:01]: I am on 5.7 release + errata patches now, and bgpd crashed again: May 6 10:06:07 bgp1 bgpd[11681]: neighbor 82.117.192.121 (sbb): sync error I guess bug is not solved in 5.7 release then. Maybe 5.7 stable? Sigh. THERE IS NO BUG. As I told you before, sync error means the first 16 bytes of the BGP message aren't all-ones as required by the Standards. Either the equipment on the other side is severly broken or something is very screwed up with the network in between. bgp packets. Regardless of that, I think bgpd shouldn't just shutdown itself no matter what payload it gets? the later shutdown indeed shouldn't happen. Yes, that is the bug. I think we fixed some time ago but now I need to double check what happened there. It seems there is still an issue with graceful restart and some peer state transitions. Time to rethink all of this... -- :wq Claudio
Re: man -m broken without man.conf ?
Hi Todd, hi Jan,
Todd C. Miller wrote on Wed, May 06, 2015 at 09:42:41AM -0600:
On Wed, 06 May 2015 17:23:20 +0200, Jan Stary wrote:
This is the latest amd64 snapshot.
Is seems that there is a subtle bug in man(1).
If I augment my man path with -m ~/man,
as I do with alias man='man -m ~/man',
man(1) does not find the system manpages, saying
man: No entry for ls in the manual.
but it does find and display those in ~/man correctly.
This happens if /etc/man.conf does not exist.
Precise problem report, thanks.
It also works if the MANPATH environment variable is set.
Not quite true; if MANPATH starts or ends with : or contains ::
and man.conf does not exist or contains no manpath or _whatdb
directive, it fails to combine MANPATH with the default path and
instead uses MANPATH only.
The problem appears to be this:
if (conf-manpath.sz == 0)
manpath_parseline(conf-manpath, manpath_default, 0);
True.
If -m is specified, conf-manpath.sz will be 1, not 0.
Not necessarily, if the -m argument contains at least one colon,
conf-manpath.sz will be greater than 1.
An ugly way to fix this is:
if (conf-manpath.sz == !!auxp)
manpath_parseline(conf-manpath, manpath_default, 0);
That's an incomplete fix for two reasons: It works neither with a
colon in -m nor with a leading, trailing, or double colon in MANPATH.
Are you OK with the following patch?
It uses the default path if and only if /etc/man.conf (or the -C
argument) does not exist or does not contain any manpath or
_whatdb directive.
Yours,
Ingo
Index: manpath.c
===
RCS file: /cvs/src/usr.bin/mandoc/manpath.c,v
retrieving revision 1.14
diff -u -p -r1.14 manpath.c
--- manpath.c 27 Mar 2015 17:36:56 - 1.14
+++ manpath.c 6 May 2015 17:30:35 -
@@ -39,7 +39,6 @@ void
manconf_parse(struct manconf *conf, const char *file,
char *defp, char *auxp)
{
- char manpath_default[] = MANPATH_DEFAULT;
char*insert;
/* Always prepend -m. */
@@ -59,8 +58,6 @@ manconf_parse(struct manconf *conf, cons
/* No MANPATH; use man.conf(5) only. */
if (NULL == defp || '\0' == defp[0]) {
manconf_file(conf, file);
- if (conf-manpath.sz == 0)
- manpath_parseline(conf-manpath, manpath_default, 0);
return;
}
@@ -164,13 +161,14 @@ static void
manconf_file(struct manconf *conf, const char *file)
{
const char *const toks[] = { manpath, output, _whatdb };
+ char manpath_default[] = MANPATH_DEFAULT;
FILE*stream;
char*cp, *ep;
size_t len, tok;
if ((stream = fopen(file, r)) == NULL)
- return;
+ goto out;
while ((cp = fgetln(stream, len)) != NULL) {
ep = cp + len;
@@ -204,6 +202,7 @@ manconf_file(struct manconf *conf, const
/* FALLTHROUGH */
case 0: /* manpath */
manpath_add(conf-manpath, cp, 0);
+ *manpath_default = '\0';
break;
case 1: /* output */
manconf_output(conf-output, cp);
@@ -212,8 +211,11 @@ manconf_file(struct manconf *conf, const
break;
}
}
-
fclose(stream);
+
+out:
+ if (*manpath_default != '\0')
+ manpath_parseline(conf-manpath, manpath_default, 0);
}
void
Re: httpd 500 error with php-fpm (only https)
On Wed, May 06, 2015 at 04:37:05PM +0200, Antoine Jacoutot wrote:
On Wed, May 06, 2015 at 02:52:33PM +0200, Antoine Jacoutot wrote:
On Wed, May 06, 2015 at 02:49:44PM +0200, Alex Greif wrote:
Hi,
With the current snapshot on amd64 and have the following problem:
I am running httpd and php-fpm with a custom joomla (php) installation,
that crashes when I access the site with https.
Http runs fine without any problems.
FWIW I have this exact same issue on a wordpress installation (httpd(8)
with tls and php_fpm).
I haven't had the time to look at it at all yet... but I just wanted to add
a +1
Also happens with php-5.6...
yes, I also experienced the problem with php-5.5 and php-5.6 with the current
snapshot
With https, php-fpm spawns the max number of max children,
and then never releases them. Finally httpd throws a 500 error.
I cannot figure oy whether it is a httpd or a php-fpm problem,
but I understand the httpd webserver as s sort of proxy in front
of the fastcgi daemon. So I assume thet the problem is with httpd tls,
but I am really not sure.
Here is my setup...
installed: httpd, php-5.6, php-fpm-5.6, postgresql
manually installed from tarball: joomla 3.4.1
The first https request works fine, but (in admin mode) switching between
the menus User Manager and Menu Manager triggers the error.
my php-fpm.conf settings (I also used higher values, but this made no
difference):
pm = dynamic
pm.max_children = 20
pm.start_servers = 15
pm.min_spare_servers = 10
pm.max_spare_servers = 20
php-fpm spawns children gradually and then it is running permanently with
the max children.
Here are the logs from (/usr/local/sbin/php-fpm-5.6 -F -O)
[06-May-2015 11:18:49.940744] DEBUG: pid 7845,
fpm_pctl_perform_idle_server_maintenance(), line 379: [pool www]
currently 20 active children, 0 spare children, 20 running children.
Spawning rate 1
[06-May-2015 11:18:50.950807] DEBUG: pid 7845,
fpm_pctl_perform_idle_server_maintenance(), line 379: [pool www]
currently 20 active children, 0 spare children, 20 running children.
Spawning rate 1
[06-May-2015 11:18:51.960904] DEBUG: pid 7845,
fpm_pctl_perform_idle_server_maintenance(), line 379: [pool www]
currently 20 active children, 0 spare children, 20 running children.
Spawning rate 1
[06-May-2015 11:18:52.970830] DEBUG: pid 7845,
fpm_pctl_perform_idle_server_maintenance(), line 379: [pool www]
currently 20 active children, 0 spare children, 20 running children.
Spawning rate 1
my httpd.conf settings:
server jo1.example.com {
listen on * port 80
listen on * tls port 443
tls key /etc/ssl/private/jo1.example.com.key
tls certificate /etc/ssl/jo1.example.com.crt
# Set max upload size to 513M (in bytes)
connection max request body 537919488
root /jo1
directory { no auto index, index index.php }
# Any other PHP file
location *.php {
fastcgi socket /run/php-fpm.sock
}
}
Here are the last log messages from httpd (httpd -d -vvv)
server jo1.example.com, client 3 (5 active), ip:42380 - ip:443,
Connection refused (500 Internal Server Error)
server jo1.example.com, client 6 (2 active), ip:48145 - ip, done
server jo1.example.com, client 4 (6 active), ip:48128 - ip, done
server jo1.example.com, client 8 (5 active), ip:48142 - ip, done
server jo1.example.com, client 9 (4 active), ip:48143 - ip, done
server jo1.example.com, client 6 (4 active), ip:48137 - ip, done
server jo1.example.com, client 5 (3 active), ip:48135 - ip, done
jo1.example.com ip - - [06/May/2015:11:20:44 +0200] UNKNOWN 400 0
server jo1.example.com, client 2 (3 active), ip:42379 - ip:443, bad
request (400 Bad Request)
jo1.example.com ip - - [06/May/2015:11:20:44 +0200] UNKNOWN 400 0
server jo1.example.com, client 1 (2 active), ip:42376 - ip:443, bad
request (400 Bad Request)
jo1.example.com ip - - [06/May/2015:11:20:44 +0200] UNKNOWN 400 0
server jo1.example.com, client 10 (1 active), ip:42402 - ip:443, bad
request (400 Bad Request)
jo1.example.com ip - - [06/May/2015:11:20:44 +0200] UNKNOWN 400 0
server jo1.example.com, client 1 (1 active), ip:42377 - ip:443, bad
request (400 Bad Request)
jo1.example.com ip - - [06/May/2015:11:20:44 +0200] UNKNOWN 400 0
server jo1.example.com, client 1 (2 active), ip:42375 - ip:443, bad
request (400 Bad Request)
jo1.example.com ip - - [06/May/2015:11:20:44 +0200] UNKNOWN 400 0
server jo1.example.com, client 2 (1 active), ip:42378 - ip:443, bad
request (400 Bad Request)
I am quite new to OpenBSD so an tips are appreciated how I can get more
logs or find the cause of the problem.
Thanks,
Alex.
--
qt4-4.8.6p0
Is qt4-4.8.6p0 broken in 5.7 release? I tried to install KDE4 using http://ftp.openbsd.org/pub/OpenBSD/5.7/packages/amd64/ as the package path and when it gets to 98 percent while extracting qt4, it gets a fatal error stating [lib/qt4/translations/qt_de.qml]: Premature end of archive. It states a partial installation recorded as partial-qt4-4.8.6p0.2 at /usr/libdata/perl5/OpenBSD/PkgAdd.pm line 817 Stan
man -m broken without man.conf ?
This is the latest amd64 snapshot. Is seems that there is a subtle bug in man(1). If I augment my man path with -m ~/man, as I do with alias man='man -m ~/man', man(1) does not find the system manpages, saying man: No entry for ls in the manual. but it does find and display those in ~/man correctly. This happens if /etc/man.conf does not exist. With /etc/man.conf present (the default one from /etc/examples), it works as expected, including the alias; i.e. man(1) finds and displays the system manual pages, and those from ~/man too. So the operation of man(1) is not the same with the default config as without no config at all. It seems that without /etc/man.conf, 'man -m path' augments an empty searchlist, as opposed to augmenting the default searchlist. Jan
Re: man -m broken without man.conf ?
On Wed, 06 May 2015 17:23:20 +0200, Jan Stary wrote: This is the latest amd64 snapshot. Is seems that there is a subtle bug in man(1). If I augment my man path with -m ~/man, as I do with alias man='man -m ~/man', man(1) does not find the system manpages, saying man: No entry for ls in the manual. but it does find and display those in ~/man correctly. This happens if /etc/man.conf does not exist. It also works if the MANPATH environment variable is set. The problem appears to be this: if (conf-manpath.sz == 0) manpath_parseline(conf-manpath, manpath_default, 0); If -m is specified, conf-manpath.sz will be 1, not 0. An ugly way to fix this is: if (conf-manpath.sz == !!auxp) manpath_parseline(conf-manpath, manpath_default, 0); - todd
OpenBGPd Version
Is it simply whatever version the OS is now? I didn't see any version switch on the daemon. - Mike Hammett Intelligent Computing Solutions http://www.ics-il.com Midwest Internet Exchange http://www.midwest-ix.com
