Re: [DIFF] user & group delete named in upgrade57.html

2015-09-09 Thread Craig Skinner 
Resend:

On 2015-08-31 Mon 10:52 AM |, Craig Skinner wrote:
> Hi there,
> 
> BIND is binned.
> 
> --- upgrade57.htmlMon Aug 31 10:44:41 2015
> +++ upgrade57-del-named.html  Mon Aug 31 10:46:46 2015
> @@ -495,6 +495,8 @@ rm -r /var/tmp
>  ln -s /tmp /var/tmp
>  
>  groupdel _lkm
> +userdel named
> +groupdel named
>  userdel smmsp
>  groupdel smmsp
>

Re: issue with pf syntax parser

2015-09-09 Thread Joseph A Borg 
just tested this. how nice. makes the configuration file infinitely more 
readable without having to hassle over extra whitespace (which is not 
meaningful).

just for the record, it seems, in lists, the parser treats newline as a space 

so you can have something like this, which is confusing to me but it might be 
readable to somebody else:

passin on $DMZ_if   
\
inet proto { 
tcp udp 
}   
\
to port $keep_tcp_out


> On 05 Sep 2015, at 18:48, Benny Lofgren  wrote:
> 
> On 2015-09-04 14:30, Joseph A Borg wrote:
>> I have something like this in pf.conf:
>> 
>> services = "{ 
>>  ssh,
>> \
>>  http, https, 8000, 
>> 8080, 8088,  \
>>  smtp, pop3, pop3s, 
>> imap, imaps, \
>>  submission, 465,
>> \
>>  domain, ntp 
>> \
>>  }"
>> 
>> if there’s white space after the back slash the parser barfs by not creating 
>> the macro and then raising an error when it’s first used.
>> 
>> I would assume this to be an inconvenience for the user as it’s not always 
>> possible to check whitespace after the backslash
> 
> 
> Everyone who commented so far seem to have missed the obvious - you
> don't NEED to escape the newline in this case. The parser handles this
> case just fine without them:
> 
> paddan:/etc# cat /tmp/tstpf.conf
> services = "{
>ssh,
>http, https, 8000, 8080, 8088,
>smtp, pop3, pop3s, imap, imaps,
>submission, 465,
>domain, ntp
>}"
> 
> block in proto tcp from any to any port $services
> 
> paddan:/etc# pfctl -f /tmp/tstpf.conf
> paddan:/etc# pfctl -s rules
> block drop in proto tcp from any to any port = 22
> block drop in proto tcp from any to any port = 80
> block drop in proto tcp from any to any port = 443
> block drop in proto tcp from any to any port = 8000
> block drop in proto tcp from any to any port = 8080
> block drop in proto tcp from any to any port = 8088
> block drop in proto tcp from any to any port = 25
> block drop in proto tcp from any to any port = 110
> block drop in proto tcp from any to any port = 995
> block drop in proto tcp from any to any port = 143
> block drop in proto tcp from any to any port = 993
> block drop in proto tcp from any to any port = 587
> block drop in proto tcp from any to any port = 465
> block drop in proto tcp from any to any port = 53
> block drop in proto tcp from any to any port = 123
> paddan:/etc# _
> 
> 
> Regards,
> /Benny

Re: Incoming packets arrives on an interface and outgoing packets takes another interface

2015-09-09 Thread Marko Cupać 
On Wed, 9 Sep 2015 12:11:38 +0200
jean-yves boisiaud  wrote:

> I resolved the problem with the reply-to pf directive.

Hi,

I'm struggling with the same problem as well. Could you please share
relevant part of your ruleset?

Thank you in advance,
-- 
Before enlightenment - chop wood, draw water.
After  enlightenment - chop wood, draw water.

Marko Cupać
https://www.mimar.rs/

Re: Incoming packets arrives on an interface and outgoing packets takes another interface

2015-09-09 Thread jean-yves boisiaud 
I resolved the problem with the reply-to pf directive.

Thanks to P. Lamaiziere


2015-09-08 12:16 GMT+02:00 jean-yves boisiaud <
jean-yves.boisi...@alcor-consulting.fr>:

> hello,
>
> I'm using OBSD 5.7 as a firewall with carp and pfsync, more ipsec VPN used
> with sasyncd.
>
> I have two Internet interfaces, one is the default route (em1), the other
> is for legacy traffic (em2). I also have a DMZ/LANs interface (em0).
>
> Outgoing traffic from LANs (arriving on em0) to the Internet works
> perfectly, whatever it takes em1 or em2 (depending on static routes or pf
> rules with route-to).
>
> Incoming traffic from the internet that arrives on em1 to the LANs
> (through em0) is also ok.
>
> But there is a problem with the incoming traffic from the internet when it
> arrives on em2.
>
> For example, from a host on the Internet, when I ping the external IP
> (local or CARP) of the em1 interface, ICMP echo requests packets arrive on
> em2 (correct). But echo replies take the em1 interface, with the IP source
> of em2 (not correct).
>
> I tried to use the if-bound in pf.conf, but nothing changes.
>
> How could I resolve this routing problem ?
>
> Thanks for your help.
>
>
> --
> Jean-Yves Boisiaud - Alcor Consulting
> 24, rue de la Glycine
> 49250 Saint Remy la Varenne
>



-- 
Jean-Yves Boisiaud - Alcor Consulting
24, rue de la Glycine
49250 Saint Remy la Varenne

Re: issue with pf syntax parser

2015-09-09 Thread Raul Miller 
On Wed, Sep 9, 2015 at 4:21 AM, Joseph A Borg  wrote:
> so you can have something like this, which is confusing to me but it might be 
> readable to somebody else:
>
> passin on $DMZ_if 
>   \
> inet proto {
> tcp udp
> } 
>   \
> to port $keep_tcp_out

Yeah, that's a good example of something which should probably
be just one line without redundant whitespace.

Thanks,

-- 
Raul

Re: 2^64 - 39 ...

2015-09-09 Thread Michal Bozon 
> ...
> Michael
> 

you have won!


> 
> --- /usr/src/games/factor/factor.c  Wed Oct 28 00:59:24 2009
> +++ factor.cTue Sep  8 20:06:44 2015
> @@ -192,6 +192,19 @@ pr_fact(u_int64_t val) /* Factor this value. 
> */
> (void)putchar('\n');
>  }
>  
> +static u_int32_t
> +int_sqrt(u_int64_t y)
> +{
> +int i;
> +u_int32_t m_i;
> +u_int32_t m = 0;
> + 
> +for (i = 32; i >= 0; i--) {
> +m_i = m | (1U << i);
> +if ((u_int32_t)m_i * m_i <= y) m = m_i;
> +}
> +return m;
> +}
>  
>  /* At this point, our number may have factors greater than those in primes[];
>   * however, we can generate primes up to 32 bits (see primes(6)), which is
> @@ -208,7 +221,7 @@ pr_bigfact(u_int64_t val)   /* Factor this value. */
> char table[TABSIZE];/* Eratosthenes sieve of odd numbers */
>  
> start = *pr_limit + 2;
> -   stop  = (ubig)sqrt((double)val);
> +   stop  = int_sqrt(val);
> if ((stop & 0x1) == 0)
> stop++;
> /*

Re: Incoming packets arrives on an interface and outgoing packets takes another interface

2015-09-09 Thread jean-yves boisiaud 
the rule :

pass in quick on em2 inet proto icmp from any to em2:network

becomes :

pass in quick on em2 inet proto icmp from any to em2:network \
reply-to (em2 $em2_gw)


where $em2_gw is the IP of our provider's router.


hope that helps.

2015-09-09 13:54 GMT+02:00 Marko Cupać :

> On Wed, 9 Sep 2015 12:11:38 +0200
> jean-yves boisiaud  wrote:
>
> > I resolved the problem with the reply-to pf directive.
>
> Hi,
>
> I'm struggling with the same problem as well. Could you please share
> relevant part of your ruleset?
>
> Thank you in advance,
> --
> Before enlightenment - chop wood, draw water.
> After  enlightenment - chop wood, draw water.
>
> Marko Cupać
> https://www.mimar.rs/
>
>


--
Jean-Yves Boisiaud - Alcor Consulting
24, rue de la Glycine
49250 Saint Remy la Varenne
mobile : +33 6 63 71 73 46  fixe : +33 9 72 41 19 35

Re: Incoming packets arrives on an interface and outgoing packets takes another interface

2015-09-09 Thread Kapetanakis Giannis 

On 09/09/15 15:39, jean-yves boisiaud wrote:

the rule :

pass in quick on em2 inet proto icmp from any to em2:network

becomes :

pass in quick on em2 inet proto icmp from any to em2:network \
 reply-to (em2 $em2_gw)


where $em2_gw is the IP of our provider's router.


Just an addition in case you have traffic originating from the same 
network (don't reply through the gateway), before that rule you can also 
add:


pass in quick on em2 inet proto icmp from em2:network reply-to em2

Looking for assistance with rtwn(4) on 5.8

2015-09-09 Thread Nickolas P. O'Malley 
Hello,
I'm new to the OpenBSD community and mailing list, so please forgive me if this 
is the wrong list to ask.
I decided to install a snapshot of 5.8 on my workstation today, because I found 
out that it features a new driver that supports my wireless NIC. However I'm 
hitting roadblock after roadblock trying to find support.
I found one thread in the archives mentioning rtwn(4), and a Stefan was asking 
if there's anyone who has an RTL8192CE and wants to test it with the driver. I 
have this card and I'm having trouble getting it to work. I've run fw_update 
locally on the rtwn-firmware-1.0.tgz file. I'm just not sure if this is a 
problem with the driver, or just plain user error.
I looked around the FAQ and read a few manpages, but I'm still at a loss here. 
Has anyone had any luck with this card and driver? Doea OpenBSD expect me to do 
anything more than install the firmware and reboot?
If it helps at all, this is the dmesg entry for my card:
"Realtek RTL8192CE" rev 0x01 at pci5 dev 0 function 0 not configured
Thanks a lot!

Running roundcube over httpd

2015-09-09 Thread Alexander Hall 

Hi!

Does anyone have an example for a functional configuration for 
roundcube[mail] over the new httpd?


pkg-readmes/roundcubemail* seems to be for running apache.

/Alexander

Re: Running roundcube over httpd

2015-09-09 Thread Chris Cappuccio 
Alexander Hall [alexan...@beard.se] wrote:
> Hi!
> 
> Does anyone have an example for a functional configuration for
> roundcube[mail] over the new httpd?
> 
> pkg-readmes/roundcubemail* seems to be for running apache.
> 

It "just works" when you use a standard php_fpm config.

Re: NFS umount stuck on client machine

2015-09-09 Thread Dag Richards 

I had this happen once before in the long long ago.

I wound up creating a new nfs server with an export of the same name.
The client was then able to dismount.
Certainly a PITA, a reboot though cause for self loathing may be simpler.

If you mount from fstab in the future make sure you soft mount it.


Dot Yet wrote:

Hello,

I've a stale nfs mount stuck on one of the client machines. The NFS server
was powered down and decommissioned, but the client did not umount the nfs
directory beforehand. Is there a way for me to clean up the stale nfs
connection on the client side without restarting the machine? I've tried
umount -f, but that did not help.

Let me know if there is a simpler way.

Thanks,
dot.



--
Dag H. Richards  ( no title / no lettres )

The first rule of tautology club is the first rule of tautology club.

This message may or may not contain proprietary information.
Since it is being relayed by SMTP across an unknown number of
relays to its destination, using a protocol that is traditionally
plain ASCII, it's silly to pretend it is still confidential.
If you are not the intended recipient of this message,
there is simply nothing I can do about that. Attempting to bind you
to some destruction protocol through this windbag sig paragraph is
Quixotic at best..

NFS umount stuck on client machine

2015-09-09 Thread Dot Yet 
Hello,

I've a stale nfs mount stuck on one of the client machines. The NFS server
was powered down and decommissioned, but the client did not umount the nfs
directory beforehand. Is there a way for me to clean up the stale nfs
connection on the client side without restarting the machine? I've tried
umount -f, but that did not help.

Let me know if there is a simpler way.

Thanks,
dot.

Re: Running roundcube over httpd

2015-09-09 Thread Edgar Pettijohn 

On 09/09/2015 06:03 PM, Alexander Hall wrote:

Hi!

Does anyone have an example for a functional configuration for 
roundcube[mail] over the new httpd?


pkg-readmes/roundcubemail* seems to be for running apache.

/Alexander


server "mail.pettijohn-web.com" {
listen on $ext_addr tls port 443

location "*.php" {
fastcgi socket "/run/php-fpm.sock"
}

directory index index.php

tls certificate "/etc/ssl/webserver.pem"
tls key "/etc/ssl/private/webserver.pem"

root "/htdocs/roundcubemail"
}

dmesg (current) MacBook Air 5,2 (2012) Intel 1.8

2015-09-09 Thread Aaron Poffenberger 
Occasional problems with loading firmware for urtwn as seen near the end 
of this dmesg:

 urtwn0: could not load firmware page 1

I've also seen the same message for page 0.

Suspend/resume is mostly reliable. I've seen the two issues noted in 
this thread.



1) Trackpad erratic after resume. The "xinput enable" trick works for me 
almost always. It didn't work with the 2015-09-07 build. It definitely 
work in this build.



2) Garbled text from keyboard on a text console when running X after 
suspend/resume is a still an issue.



I tried UEFI booting with both 2015-09-07 and 2015-09-09 builds. Hangs 
very early as seen in this image.



--Aaron

OpenBSD 5.8-current (RAMDISK_CD) #1242: Mon Sep  7 07:05:10 MDT 2015
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/RAMDISK_CD
RTC BIOS diagnostic error 
ff

real mem = 4180746240 (3987MB)
avail mem = 4052320256 (3864MB)
mainbus0 at root
bios0 at mainbus0
acpi0 at bios0: rev 2
acpi0: tables DSDT FACP HPET APIC SBST ECDT SSDT SSDT SSDT SSDT SSDT 
SSDT SSDT SSDT SSDT SSDT SSDT DMAR MCFG

acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM) i5-3427U CPU @ 1.80GHz, 1696.38 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS,SENSOR,ARAT

cpu0: 256KB 64b/line 8-way L2 cache
cpu0: apic clock running at 99MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.1.2, IBE
cpu at mainbus0: not configured
cpu at mainbus0: not configured
cpu at mainbus0: not configured
ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins
ioapic0: misconfigured as apic 0, remapped to apid 2
acpiec0 at acpi0
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus -1 (P0P2)
acpiprt2 at acpi0: bus -1 (PEG2)
acpiprt3 at acpi0: bus 2 (RP02)
acpiprt4 at acpi0: bus 3 (RP05)
memory map conflict 0xe00f8000/0x1000
memory map conflict 0xfed1c000/0x4000
memory map conflict 0xffe7/0x3
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "Intel Core 3G Host" rev 0x09
vga1 at pci0 dev 2 function 0 "Intel HD Graphics 4000" rev 0x09
wsdisplay1 at vga1 mux 1: console (80x25, vt100 emulation)
xhci0 at pci0 dev 20 function 0 "Intel 7 Series xHCI" rev 0x04: msi
usb0 at xhci0: USB revision 3.0
uhub0 at usb0 "Intel xHCI root hub" rev 3.00/1.00 addr 1
"Intel 7 Series MEI" rev 0x04 at pci0 dev 22 function 0 not configured
ehci0 at pci0 dev 26 function 0 "Intel 7 Series USB" rev 0x04: apic 2 int 23
usb1 at ehci0: USB revision 2.0
uhub1 at usb1 "Intel EHCI root hub" rev 2.00/1.00 addr 1
"Intel 7 Series HD Audio" rev 0x04 at pci0 dev 27 function 0 not configured
ppb0 at pci0 dev 28 function 0 "Intel 7 Series PCIE" rev 0xc4: msi
pci1 at ppb0 bus 1
ppb1 at pci0 dev 28 function 1 "Intel 7 Series PCIE" rev 0xc4: msi
pci2 at ppb1 bus 2
"Broadcom BCM43224" rev 0x01 at pci2 dev 0 function 0 not configured
ppb2 at pci0 dev 28 function 4 "Intel 7 Series PCIE" rev 0xc4: msi
pci3 at ppb2 bus 3
ppb3 at pci3 dev 0 function 0 vendor "Intel", unknown product 0x1547 rev 
0x03

pci4 at ppb3 bus 4
ppb4 at pci4 dev 0 function 0 vendor "Intel", unknown product 0x1547 rev 
0x03: msi

pci5 at ppb4 bus 5
vendor "Intel", unknown product 0x1547 (class system subclass 
miscellaneous, rev 0x03) at pci5 dev 0 function 0 not configured
ppb5 at pci4 dev 3 function 0 vendor "Intel", unknown product 0x1547 rev 
0x03: msi

pci6 at ppb5 bus 6
ppb6 at pci4 dev 4 function 0 vendor "Intel", unknown product 0x1547 rev 
0x03: msi

pci7 at ppb6 bus 55
ppb7 at pci4 dev 5 function 0 vendor "Intel", unknown product 0x1547 rev 
0x03: msi

pci8 at ppb7 bus 104
ppb8 at pci4 dev 6 function 0 vendor "Intel", unknown product 0x1547 rev 
0x03: msi

pci9 at ppb8 bus 105
ehci1 at pci0 dev 29 function 0 "Intel 7 Series USB" rev 0x04: apic 2 int 22
usb2 at ehci1: USB revision 2.0
uhub2 at usb2 "Intel EHCI root hub" rev 2.00/1.00 addr 1
"Intel QS77 LPC" rev 0x04 at pci0 dev 31 function 0 not configured
ahci0 at pci0 dev 31 function 2 "Intel 7 Series AHCI" rev 0x04: msi, 
AHCI 1.3

ahci0: port 0: 6.0Gb/s
scsibus0 at ahci0: 32 targets
sd0 at scsibus0 targ 0 lun 0:  SCSI3 
0/direct fixed naa.

sd0: 115712MB, 512 bytes/sector, 236978176 sectors, thin
"Intel 7 Series SMBus" rev 0x04 at pci0 dev 31 function 3 not configured
isa0 at mainbus0
com0 at isa0 port 0x3f8/8 irq 4: ns8250, no fifo
urtwn0 at uhub0 port 1 configuration 1 interface 0 "Realtek Belkin 
Wireless Adapter" rev 2.00/2.00 addr 2

urtwn0: MAC/BB RTL8192CU, RF

Re: Incoming packets arrives on an interface and outgoing packets takes another interface

2015-09-09 Thread Giancarlo Razzolini 
Em 09-09-2015 07:11, jean-yves boisiaud escreveu:
> I resolved the problem with the reply-to pf directive.
If you enable multipath and add the default gateways, you can use a
reply-to for the interface only, not needing to pass the gateway
address. This solves both LAN connectivity and internet connectivity
going to the right interfaces.

Cheers,
Giancarlo Razzolini