Re: asking for help compiling dns stats collector (dsc)

[Imre Oolberg]

Hi!

On 2016-02-22 20:08, Stuart Henderson wrote:

On 2016-02-21, Imre Oolberg  wrote:

Hi!

I am in the middle of implementing 
https://www.dns-oarc.net/tools/dsc/
while on OpenBSD is running nameserver process i.e. there needs to 
be

also collector part of DSC and I am not succeeding compiling it.
Platform is OpenBSD v 5.8 amd64 and source is 
dsc-201502251630.tar.gz.

After unpacking i get

imre-obsd-58-rec:~/dsc/l/dsc-201502251630/collector# make
...
cc -g -Wall -DUSE_IPV6=1 -g -O2  -g -Wall -DUSE_IPV6=1 -g -O2-c
base64.c
cc -g -Wall -DUSE_IPV6=1 -g -O2  -g -Wall -DUSE_IPV6=1 -g -O2-c
generic_counter.c
cc -g -Wall -DUSE_IPV6=1 -g -O2  -g -Wall -DUSE_IPV6=1 -g -O2-c
pcap.c
cc -g -Wall -DUSE_IPV6=1 -g -O2  -g -Wall -DUSE_IPV6=1 -g -O2-c
ncap.c
cc -g -Wall -DUSE_IPV6=1 -g -O2  -g -Wall -DUSE_IPV6=1 -g -O2-c
dns_protocol.c
dns_protocol.c:9:33: error: arpa/nameser_compat.h: No such file or
directory
*** Error 1 in dsc (:87 'dns_protocol.o')
*** Error 1 in /root/dsc/l/dsc-201502251630/collector (Makefile:2
'all')

So i found that probably i need libbind package and continuing in
collector/dsc directory like this

imre-obsd-58-rec:~/dsc/l/dsc-201502251630/collector/dsc# ./configure
CFLAGS="-I/usr/local/include/bind" 
LDFLAGS="-L/usr/local/lib/libbind"


i get further (it think almost to the end on compilation)

imre-obsd-58-rec:~/dsc/l/dsc-201502251630/collector/dsc# make
...
cc -g -Wall -DUSE_IPV6=1 -I/usr/local/include/bind   -g -Wall
-DUSE_IPV6=1 -I/usr/local/include/bind -c config_hooks.c
cc -g -Wall -DUSE_IPV6=1 -I/usr/local/include/bind   -g -Wall
-DUSE_IPV6=1 -I/usr/local/include/bind -c hashtbl.c
cc -g -Wall -DUSE_IPV6=1 -I/usr/local/include/bind   -g -Wall
-DUSE_IPV6=1 -I/usr/local/include/bind -c lookup3.c
cc -g -Wall -DUSE_IPV6=1 -I/usr/local/include/bind   -g -Wall
-DUSE_IPV6=1 -I/usr/local/include/bind -c xmalloc.c
cc -g -Wall -DUSE_IPV6=1 -I/usr/local/include/bind   -g -Wall
-DUSE_IPV6=1 -I/usr/local/include/bind -c inX_addr.c
c++ -o dsc base64.o  generic_counter.o  pcap.o  ncap.o  
dns_protocol.o

dns_message.o  ip_message.o  daemon.o  md_array.o  null_index.o
qtype_index.o  qclass_index.o  tld_index.o  country_index.o
rcode_index.o  qnamelen_index.o  qname_index.o  msglen_index.o
client_ipv4_addr_index.o  client_ipv4_net_index.o
md_array_xml_printer.o  ip_direction_index.o  ip_proto_index.o
ip_version_index.o  certain_qnames_index.o  
query_classification_index.o

idn_qname_index.o  edns_version_index.o  edns_bufsiz_index.o
do_bit_index.o  rd_bit_index.o  tc_bit_index.o  qr_aa_bits_index.o
opcode_index.o  transport_index.o  dns_ip_version_index.o
dns_source_port_index.o  ParseConfig.o  config_hooks.o  hashtbl.o
lookup3.o  xmalloc.o  inX_addr.o  -L/usr/local/lib/libbind-lpcap
 ../TmfBase/Hapy/src/.libs/libHapy.a
dns_protocol.o: In function `grok_question':
/root/dsc/l/dsc-201502251630/collector/dsc/dns_protocol.c:93: 
warning:

warning: strcpy() is almost always misused, please use strlcpy()
pcap.o: In function `handle_tcp':
/root/dsc/l/dsc-201502251630/collector/dsc/pcap.c:552: warning:
warning: sprintf() is often misused, please use snprintf()
query_classification_index.o: In function `a_for_a':

/root/dsc/l/dsc-201502251630/collector/dsc/query_classification_index.c:71:
undefined reference to `__inet_aton'
inX_addr.o: In function `inXaddr_ntop':
/root/dsc/l/dsc-201502251630/collector/dsc/inX_addr.c:28: undefined
reference to `__inet_ntop'
/root/dsc/l/dsc-201502251630/collector/dsc/inX_addr.c:31: undefined
reference to `__inet_ntop'
inX_addr.o: In function `inXaddr_pton':
/root/dsc/l/dsc-201502251630/collector/dsc/inX_addr.c:41: undefined
reference to `__inet_pton'
/root/dsc/l/dsc-201502251630/collector/dsc/inX_addr.c:45: undefined
reference to `__inet_pton'
collect2: ld returned 1 exit status
*** Error 1 in /root/dsc/l/dsc-201502251630/collector/dsc 
(Makefile:65

'dsc')

For example text around query_classification_index.c:71 reads like 
this


static int
a_for_a(const dns_message * m)
{
 struct in_addr a;
 if (m->qtype != T_A)
 return 0;
 if (inet_aton(m->qname, ))
 return CLASS_A_FOR_A;
 return 0;
}

I would be very thankful if you could point to me how to solve it 
and

progress from here to ./dsc binary.


Imre

PS I searched ports collection for similarities and actually found 
file


/usr/ports/pobj/dnstop-20140915/dnstop-20140915/inX_addr.c

which is very similar to

/root/dsc/l/dsc-201502251630/collector/dsc/inX_addr.c

and has some inet_* funtsions in it. dnstop from ports compiles and
runs fine. So i think i must be missing something obvious here. 
Needless
to say i cant compile and read source but still i try to be 
attentive to

your answer! :)




You're going to need some things like

(cflags/cxxflags)
-nostdinc -I/usr/local/include/bind -I/usr/include 
-I/usr/local/include


(ldflags)
-L/usr/local/lib/libbind 

Re: no bandwidthd src pkd in /usr/ports

[Indunil Jayasooriya]

> > I want to install bandwidthd. But I can't find a src pkg in /usr/ports
> >
> > is there a Binary pkg?
>
> There's neither a package nor a port.


Thanks for this.


>
> > what about this ?
> >
> >
> https://sourceforge.net/projects/bandwidthd/files/bandwidthd/bandwidthd%202.0.1/bandwidthd-2.0.1.tgz/download
>
> This is just the program's source tarball.
>
> ok



> > Any comment?
>
> Look for something with a similar functionality which is both in ports
> and, preferably, in active development - this software hasn't seen a
> release in over 11 years.
>
>   What about darkstat  ( /usr/ports/net/darkstat/ )

or something else you can recommend?









> Regards,
>
> Raf
>



-- 
cat /etc/motd

Thank you
Indunil Jayasooriya
http://www.theravadanet.net/
http://www.siyabas.lk/sinhala_how_to_install.html   -  Download Sinhala
Fonts

Re: no bandwidthd src pkd in /usr/ports

[Raf Czlonka]

On Thu, Feb 25, 2016 at 06:26:10AM GMT, Indunil Jayasooriya wrote:

> Hi Misc,

Hi Indunil,

> I have OpenBSD 5.5 64 bit gateway.

It is in need of an update, then ;^)

> I want to install bandwidthd. But I can't find a src pkg in /usr/ports
>
> is there a Binary pkg?

There's neither a package nor a port.

> what about this ?
>
> https://sourceforge.net/projects/bandwidthd/files/bandwidthd/bandwidthd%202.0.1/bandwidthd-2.0.1.tgz/download

This is just the program's source tarball.

> Any comment?

Look for something with a similar functionality which is both in ports
and, preferably, in active development - this software hasn't seen a
release in over 11 years.

Regards,

Raf

Re: Alternative route table issue on 5.8

[Martin Pieuchot]

On 25/02/16(Thu) 00:05, Martin Pieuchot wrote:
> On 24/02/16(Wed) 21:57, Jean-Daniel Dupas wrote:
> > > Le 24 févr. 2016 à 19:58, Martin Pieuchot  a écrit :
> > >
> > > On 24/02/16(Wed) 18:56, Jean-Daniel Dupas wrote:
> > >> Hello,
> > >>
> > >> On OpenBSD 5.7, I'm using alternative route table to send ping a on
> > specific
> > >> route.
> > >>
> > >> On a fresh install, I simply do
> > >>
> > >>> route -T 1 add default 192.168.1.1
> > >>> ping  -V 1 8.8.8.8
> > >>
> > >> It works well on 5.7, but I can't managed to get it working on 5.8.
> > >>
> > >> On a fresh install of 5.8, doing the same commands result in a "No route
> > to
> > >> host" error.
> > >
> > > Which command result in this error?  ping?  Is this regression also
> > > present in -current?  It is close to 5.9 so fixing this bug now makes
> > > a lot of sense.
> > >
> > > What does "route -T1 get 8.8.8.8" returns you?  Are the outputs of
> > > "route -n show" for the table 0 and 1 different between 5.7 and 5.8?
> > > Could you post them?
> > 
> > Here is some details. The output of all commands are the same.
> > The only change is that trying to access the network using the custom table
> > fails.
> 
> The problem is that there's no entry for your gateway, 10.0.0.1, in the
> table 1 and the kernel no longer link route entries across tables.

Does the diff below help?

Index: net/route.c
===
RCS file: /cvs/src/sys/net/route.c,v
retrieving revision 1.294
diff -u -p -r1.294 route.c
--- net/route.c 24 Feb 2016 22:41:53 -  1.294
+++ net/route.c 25 Feb 2016 06:46:23 -
@@ -389,7 +389,8 @@ _rtalloc(struct sockaddr *dst, uint32_t 
 * this behavior.  But it is safe since rt_checkgate() wont
 * allow us to us this route later on.
 */
-   nhrt = rt_match(rt->rt_gateway, NULL, flags | RT_RESOLVE, rtableid);
+   nhrt = rt_match(rt->rt_gateway, NULL, flags | RT_RESOLVE,
+   rtable_l2(rtableid));
if (nhrt == NULL)
return (rt);

no bandwidthd src pkd in /usr/ports

[Indunil Jayasooriya]

Hi Misc,

I have OpenBSD 5.5 64 bit gateway.

I want to install  bandwidthd. But I can't find a src pkg in /usr/ports

is there a Binary pkg?

what about this ?

https://sourceforge.net/projects/bandwidthd/files/bandwidthd/bandwidthd%202.0.1/bandwidthd-2.0.1.tgz/download

Any comment?




-- 
cat /etc/motd

Thank you
Indunil Jayasooriya
http://www.theravadanet.net/
http://www.siyabas.lk/sinhala_how_to_install.html   -  Download Sinhala
Fonts

Re: IPv6

[Chris Cappuccio]

Paul Ammann [p...@fastmail.us] wrote:
> Hi
> 
> I've been reading about IPv6 and the KAME project. 
> 
> I read that OpenBSD integrated just IPv6 code rather than both (having
> developed their own IPSec stack).
> 
> The information that I'm reading is from 2004. Does anyone who if this
> is still true?
> 

It's still true.

Re: Alternative route table issue on 5.8

[Martin Pieuchot]

On 24/02/16(Wed) 21:57, Jean-Daniel Dupas wrote:
> > Le 24 févr. 2016 à 19:58, Martin Pieuchot  a écrit :
> >
> > On 24/02/16(Wed) 18:56, Jean-Daniel Dupas wrote:
> >> Hello,
> >>
> >> On OpenBSD 5.7, I'm using alternative route table to send ping a on
> specific
> >> route.
> >>
> >> On a fresh install, I simply do
> >>
> >>> route -T 1 add default 192.168.1.1
> >>> ping  -V 1 8.8.8.8
> >>
> >> It works well on 5.7, but I can't managed to get it working on 5.8.
> >>
> >> On a fresh install of 5.8, doing the same commands result in a "No route
> to
> >> host" error.
> >
> > Which command result in this error?  ping?  Is this regression also
> > present in -current?  It is close to 5.9 so fixing this bug now makes
> > a lot of sense.
> >
> > What does "route -T1 get 8.8.8.8" returns you?  Are the outputs of
> > "route -n show" for the table 0 and 1 different between 5.7 and 5.8?
> > Could you post them?
> 
> Here is some details. The output of all commands are the same.
> The only change is that trying to access the network using the custom table
> fails.

The problem is that there's no entry for your gateway, 10.0.0.1, in the
table 1 and the kernel no longer link route entries across tables.

I'm not sure how to fix this correctly.  Does it work if add a cloning
route in the table 1?  Something like

# route -T1 add 10.0.0/24 -cloning -iface 10.0.0.111

> === OpenBSD 5.7
> 
> > # route -n show
> Routing tables
> 
> Internet:
> DestinationGatewayFlags   Refs  Use   Mtu  Prio Iface
> default10.0.0.1   UGS00 - 8 em0
> 10.0.0/24  link#1 UC 20 - 4 em0
> 10.0.0.1   link#1 UHLc   10 - 4 em0
> 10.0.0.105 6c:40:08:ac:a1:5c  UHLc   1   48 - 4 em0
> 10.0.0.111 08:00:27:c3:bd:7a  UHLl   00 - 1 lo0
> 10.0.0.255 link#1 UHLb   00 - 1 em0
> 127/8  127.0.0.1  UGRS   00 32768 8 lo0
> 127.0.0.1  127.0.0.1  UHl10 32768 1 lo0
> 224/4  127.0.0.1  URS00 32768 8 lo0
> —
> 
> > route -T 1 add default 10.0.0.1
> add net default: gateway 10.0.0.1
> > route -T1 -n show
> Routing tables
> 
> Internet:
> DestinationGatewayFlags   Refs  Use   Mtu  Prio Iface
> default10.0.0.1   UGS00 - 8 em0
> 
> > route -T 1 get 8.8.8.8
>route to: google-public-dns-a.google.com
> destination: default
>mask: default
> gateway: 10.0.0.1
>   interface: em0
>  if address: 10.0.0.111
>priority: 8 (static)
>   flags: 
>  use   mtuexpire
>0 0 0
> 
> > ping -V 1 8.8.8.8
> PING 8.8.8.8 (8.8.8.8): 56 data bytes
> 64 bytes from 8.8.8.8: icmp_seq=0 ttl=54 time=42.833 ms
> …
> 
> === OpenBSD 5.9 (snapshot)
> > route -n show
> Routing tables
> 
> Internet:
> DestinationGatewayFlags   Refs  Use   Mtu  Prio Iface
> default10.0.0.1   UGS04 - 8 vio0
> 10.0.0/24  10.0.0.110 UC 36 - 4 vio0
> 10.0.0.1   b8:26:6c:7f:77:87  UHLc   18 - 4 vio0
> 10.0.0.2   b8:c7:5d:ca:9d:fe  UHLc   03 - 4 vio0
> 10.0.0.105 6c:40:08:ac:a1:5c  UHLc   18 - 4 vio0
> 10.0.0.110 08:00:27:c3:bd:7a  UHLl   0   10 - 1 vio0
> 10.0.0.255 10.0.0.110 UHb02 - 1 vio0
> 127/8  127.0.0.1  UGRS   00 32768 8 lo0
> 127.0.0.1  127.0.0.1  UHl05 32768 1 lo0
> 224/4  127.0.0.1  URS00 32768 8 lo0
> 
> > route -T 1 add default 10.0.0.1
> add net default: gateway 10.0.0.1
> > route -T1 -n show
> Routing tables
> 
> Internet:
> DestinationGatewayFlags   Refs  Use   Mtu  Prio Iface
> default10.0.0.1   UGS00 - 8 vio0
> 
> > route -T 1 get 8.8.8.8
>route to: google-public-dns-a.google.com
> destination: default
>mask: default
> gateway: 10.0.0.1
>   interface: vio0
>  if address: 10.0.0.111
>priority: 8 (static)
>   flags: 
>  use   mtuexpire
>4 0 0
> 
> > ping -V 1 8.8.8.8
> PING 8.8.8.8 (8.8.8.8): 56 data bytes
> ping: sendto: No route to host
> …

Re: Just curious, what are approx plans for kernel-multicore-ness next 1-2 years? (net/file IO) How much is it a relevant prio?

[Chris Cappuccio]

Tinker [ti...@openmailbox.org] wrote:
> First, Thank you for this fantastically awesome OS.
> 
> 
> Just curious, what are approx plans for kernel-multicore-ness next 1-2
> years? (Network IO, file/disk IO)
> 

Network SMP (and other subsystems required to support it) is the heaviest
area right now. 

> 
> Are there any relevant cases today where the singlecore architecture
> actually is limiting? Say on a 20-core machine doing random file and network
> IO full-on.
> 

Many, especially once you go past 4 or 8 cores.

Re: e-commerce framework suggestion? medoc?

[arrowscript]

So, I'll probably use Ubercart. Thanks everyone.
The "Django" software seems good too 'Mariano', I'll read more on that.

About the laws and regulations 'Dave', I will need to see that. Here in my 
country we have all these regulations too. Thanks for the advice.

Re: Alternative route table issue on 5.8

[Jean-Daniel Dupas]

> Le 24 févr. 2016 à 19:58, Martin Pieuchot  a écrit :
>
> On 24/02/16(Wed) 18:56, Jean-Daniel Dupas wrote:
>> Hello,
>>
>> On OpenBSD 5.7, I'm using alternative route table to send ping a on
specific
>> route.
>>
>> On a fresh install, I simply do
>>
>>> route -T 1 add default 192.168.1.1
>>> ping  -V 1 8.8.8.8
>>
>> It works well on 5.7, but I can't managed to get it working on 5.8.
>>
>> On a fresh install of 5.8, doing the same commands result in a "No route
to
>> host" error.
>
> Which command result in this error?  ping?  Is this regression also
> present in -current?  It is close to 5.9 so fixing this bug now makes
> a lot of sense.
>
> What does "route -T1 get 8.8.8.8" returns you?  Are the outputs of
> "route -n show" for the table 0 and 1 different between 5.7 and 5.8?
> Could you post them?

Here is some details. The output of all commands are the same.
The only change is that trying to access the network using the custom table
fails.

=== OpenBSD 5.7

> # route -n show
Routing tables

Internet:
DestinationGatewayFlags   Refs  Use   Mtu  Prio Iface
default10.0.0.1   UGS00 - 8 em0
10.0.0/24  link#1 UC 20 - 4 em0
10.0.0.1   link#1 UHLc   10 - 4 em0
10.0.0.105 6c:40:08:ac:a1:5c  UHLc   1   48 - 4 em0
10.0.0.111 08:00:27:c3:bd:7a  UHLl   00 - 1 lo0
10.0.0.255 link#1 UHLb   00 - 1 em0
127/8  127.0.0.1  UGRS   00 32768 8 lo0
127.0.0.1  127.0.0.1  UHl10 32768 1 lo0
224/4  127.0.0.1  URS00 32768 8 lo0
—

> route -T 1 add default 10.0.0.1
add net default: gateway 10.0.0.1
> route -T1 -n show
Routing tables

Internet:
DestinationGatewayFlags   Refs  Use   Mtu  Prio Iface
default10.0.0.1   UGS00 - 8 em0

> route -T 1 get 8.8.8.8
   route to: google-public-dns-a.google.com
destination: default
   mask: default
gateway: 10.0.0.1
  interface: em0
 if address: 10.0.0.111
   priority: 8 (static)
  flags: 
 use   mtuexpire
   0 0 0

> ping -V 1 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
64 bytes from 8.8.8.8: icmp_seq=0 ttl=54 time=42.833 ms
…

=== OpenBSD 5.9 (snapshot)
> route -n show
Routing tables

Internet:
DestinationGatewayFlags   Refs  Use   Mtu  Prio Iface
default10.0.0.1   UGS04 - 8 vio0
10.0.0/24  10.0.0.110 UC 36 - 4 vio0
10.0.0.1   b8:26:6c:7f:77:87  UHLc   18 - 4 vio0
10.0.0.2   b8:c7:5d:ca:9d:fe  UHLc   03 - 4 vio0
10.0.0.105 6c:40:08:ac:a1:5c  UHLc   18 - 4 vio0
10.0.0.110 08:00:27:c3:bd:7a  UHLl   0   10 - 1 vio0
10.0.0.255 10.0.0.110 UHb02 - 1 vio0
127/8  127.0.0.1  UGRS   00 32768 8 lo0
127.0.0.1  127.0.0.1  UHl05 32768 1 lo0
224/4  127.0.0.1  URS00 32768 8 lo0

> route -T 1 add default 10.0.0.1
add net default: gateway 10.0.0.1
> route -T1 -n show
Routing tables

Internet:
DestinationGatewayFlags   Refs  Use   Mtu  Prio Iface
default10.0.0.1   UGS00 - 8 vio0

> route -T 1 get 8.8.8.8
   route to: google-public-dns-a.google.com
destination: default
   mask: default
gateway: 10.0.0.1
  interface: vio0
 if address: 10.0.0.111
   priority: 8 (static)
  flags: 
 use   mtuexpire
   4 0 0

> ping -V 1 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
ping: sendto: No route to host
…

Just curious, what are approx plans for kernel-multicore-ness next 1-2 years? (net/file IO) How much is it a relevant prio?

[Tinker]

First, Thank you for this fantastically awesome OS.


Just curious, what are approx plans for kernel-multicore-ness next 1-2 
years? (Network IO, file/disk IO)



Are there any relevant cases today where the singlecore architecture 
actually is limiting? Say on a 20-core machine doing random file and 
network IO full-on.



Just curious. Thanks.

Re: Alternative route table issue on 5.8

[Martin Pieuchot]

On 24/02/16(Wed) 18:56, Jean-Daniel Dupas wrote:
> Hello,
> 
> On OpenBSD 5.7, I'm using alternative route table to send ping a on specific
> route.
> 
> On a fresh install, I simply do
> 
> > route -T 1 add default 192.168.1.1
> > ping  -V 1 8.8.8.8
> 
> It works well on 5.7, but I can't managed to get it working on 5.8.
> 
> On a fresh install of 5.8, doing the same commands result in a "No route to
> host" error.

Which command result in this error?  ping?  Is this regression also
present in -current?  It is close to 5.9 so fixing this bug now makes
a lot of sense.

What does "route -T1 get 8.8.8.8" returns you?  Are the outputs of
"route -n show" for the table 0 and 1 different between 5.7 and 5.8? 
Could you post them?

Alternative route table issue on 5.8

[Jean-Daniel Dupas]

Hello,

On OpenBSD 5.7, I'm using alternative route table to send ping a on specific
route.

On a fresh install, I simply do

> route -T 1 add default 192.168.1.1
> ping  -V 1 8.8.8.8

It works well on 5.7, but I can't managed to get it working on 5.8.

On a fresh install of 5.8, doing the same commands result in a "No route to
host" error.

Do I need to do something more to make it work ?

Thanks
Jean-Daniel

Re: IPv6

[Paul Ammann]

Thank you, Theo, for the history and clarification. It's always good to
hear stories like this.

I'm building a IPv6 lab and I was trying to figure out fact from
fiction.
 

On Wed, Feb 24, 2016, at 11:58 AM, Theo de Raadt wrote:
> > I've been reading about IPv6 and the KAME project. 
> > 
> > I read that OpenBSD integrated just IPv6 code rather than both (having
> > developed their own IPSec stack).
> > 
> > The information that I'm reading is from 2004. Does anyone who if this
> > is still true?
> 
> KAME had a v6 stack that included ipsec.  On the other hand, some of
> their routing logic was highly immature and incomplete, and would have
> mirrored code that was already in the BSD kernel.
> 
> In OpenBSD land, an IPSEC stack was already far in development, by
> angelos;
> it was a packet defer architecture that could work with hardware crypto
> engines, and used the standard routing table for policy decision logic.
> 
> There is a third part to the story.  Craig Metz bad adapted the routing
> logic in the kernel to make it v6 ready.  itojun recognized merging of
> these codebases as a good direction forward. 
> 
> So itojun, cmetz and angelos came up with a plan to merge the right
> parts together and started it, then a bit later over a week the job
> was completed at the first openbsd hackathon in my house, Jun 4 - 6,
> 1999.  (Oddly, I now believe it was longer than 3 days, but it is hard
> to remember 17 years back).
> 
> We believe that day was the first time ipv6 worked in a full official
> operating system, and same with ipsec, and same with ipsec over ipv6
> (i recall that being a lot more flaky, but it was early days).  Other
> ipv6 work by other teams had just been "testbeds", not fully targetted
> towards complete integration and shipping.
> 
> Off in FreeBSD land, a bit later, they were connected to different
> members of the KAME team, and instead opted to integrate KAME v6 +
> ipsec as-is.  About 10 years later, they saw the light and integrated
> angelos's ipsec stack as well as an option, probably because it the
> crypto offload / cpu crypto instruction awareness (which is largely
> due the ability of the forwarding path to defer packet crypto job in a
> staged forwarding path, which I convinced angelos to build in support
> of how hardware engines would work).  A few years ago they finished
> that switchover.
> 
> that help?

Re: APC UPS & sensorsd - how?

[Maxim Khitrov]

On Wed, Feb 24, 2016 at 3:38 AM, lilit-aibolit  wrote:
> On 03/22/2015 05:44 PM, T. Ribbrock wrote:
>>
>> Then, I re-applied power, but that, too, was never flagged by sensorsd.
>> For some reason, it looks like sensorsd only ever detects a status change
>> (for these rules) when it gets started - but not afterwards. Regards, Thomas
>
> Have you succeed with getting status change while sensord is running?

low=0:high=0 has been working well for me:

https://marc.info/?l=openbsd-misc=144529176814155=2

Re: IPv6

[Theo de Raadt]

> I've been reading about IPv6 and the KAME project. 
> 
> I read that OpenBSD integrated just IPv6 code rather than both (having
> developed their own IPSec stack).
> 
> The information that I'm reading is from 2004. Does anyone who if this
> is still true?

KAME had a v6 stack that included ipsec.  On the other hand, some of
their routing logic was highly immature and incomplete, and would have
mirrored code that was already in the BSD kernel.

In OpenBSD land, an IPSEC stack was already far in development, by angelos;
it was a packet defer architecture that could work with hardware crypto
engines, and used the standard routing table for policy decision logic.

There is a third part to the story.  Craig Metz bad adapted the routing
logic in the kernel to make it v6 ready.  itojun recognized merging of
these codebases as a good direction forward. 

So itojun, cmetz and angelos came up with a plan to merge the right
parts together and started it, then a bit later over a week the job
was completed at the first openbsd hackathon in my house, Jun 4 - 6,
1999.  (Oddly, I now believe it was longer than 3 days, but it is hard
to remember 17 years back).

We believe that day was the first time ipv6 worked in a full official
operating system, and same with ipsec, and same with ipsec over ipv6
(i recall that being a lot more flaky, but it was early days).  Other
ipv6 work by other teams had just been "testbeds", not fully targetted
towards complete integration and shipping.

Off in FreeBSD land, a bit later, they were connected to different
members of the KAME team, and instead opted to integrate KAME v6 +
ipsec as-is.  About 10 years later, they saw the light and integrated
angelos's ipsec stack as well as an option, probably because it the
crypto offload / cpu crypto instruction awareness (which is largely
due the ability of the forwarding path to defer packet crypto job in a
staged forwarding path, which I convinced angelos to build in support
of how hardware engines would work).  A few years ago they finished
that switchover.

that help?

Re: e-commerce framework suggestion? medoc?

[Marc Espie]

For the eshop part, you can use ubercart (drupal module). It should be
reasonably sound and maintained.

Re: e-commerce framework suggestion? medoc?

[Dave Anderson]

On Wed, 24 Feb 2016, arrowscr...@mail.com wrote:

I'm currently deciding to do a "e-commerce" website. I noticed that 
OpenBSD Store use a software from medoc.com.
If not medoc, do you guys have any other suggestion for e-commerce 
framework? It have to be open source, because I can't pay a service 
now (and I woudn't trust them anyway). The idea is to be secure as 
possible (I know it's difficult with all this sql/php madness).

I'll, of course, use httpd(8) on -stable.

Regards.


Be _very_ careful about this. You don't say where you live or work, but 
(at least in the U.S.) a whole bunch of laws and regulations pop up to 
make your life miserable if you start dealing with credit card info, 
etc.  (I'm no expert on this, but am involved in an organization which 
uses a commercial e-commerce service to shield itself from all this and 
have overheard quite a bit of discussion on the subject.)  I'd strongly 
recommend that, before doing anything about this, you carefully 
investigate what your responsibilities and liabilities would be.


Dave

--
Dave Anderson

Genere ganancias a través del Marketing digital y Redes sociales

[Lic Claudia Molina]

Incremente sus VENTAS y aumente el POSICIONAMIENTO
de su negocio a través del Marketing Digital

Marketing digital
MARKETING DIGITAL Y REDES SOCIALES PARA EMPRESAS DE ALIMENTOS Y BEBIDAS.

¡Obtenga la información completa!
Sólo presione sobre la fecha ó la imagen.



16
Marzo
Monterrey.

18
Marzo
Guadalajara.






También puede llamarnos a nuestro lada sin costo:
01-800-333-77-26
Será un placer atenderle!
Lic. Claudia Molina.
Líder de Proyecto



misc@openbsd.org No es usted o considera que recibe demasiados correos?, sólo
responda con la palabra RAGNAR en el asunto y
su e-mail será retirado de nuestro listado en las próximas 48 hrs.

[demime 1.01d removed an attachment of type image/jpeg which had a name of 
img1.jpg]

Re: change partition size impossible?

[Josh Grosse]

On 2016-02-24 07:55, dmitry.sensei wrote:

Like this:
http://daemonforums.org/showthread.php?t=5332


As the author of the guidance in that ancient forum thread, please note
that the recommendation in my first response to use one large filesystem 
should
be disregarded.  The prevalent use of disks larger than a BIOS is able 
to

address may cause boot problems -- as noted in FAQ 14.6.

I do think that the step-by-step "howto" I created for the thread's OP 
near
the end may be helpful, but only if it is understood that the whole 
point is

the procedure is to chaing the wings on our aircraft while we are parked
on the tarmac, and not currently in flight at 10,000 meters.

And, like any random "howto" one finds on the Interwebs, use with 
caution.

Never ever ever blindly copying and pasting *any* of it.  ANY OF IT.



On Wed, Feb 24, 2016 at 12:20 PM, Jaap Bosman  wrote:

Hello

Is it possible to change partition size in OpenBSD 5.9?

Try to change partition size on install: error message: "partition f 
is
currently 4194304 sectors in size and can have a maximum size of 
4194304

sectors."

Tried to use disklabel.
delete partition and make new one with preferred size  message is now 
"Open

partition would move or shrink"

I want partition l and f and e to change.

Filesystem SizeUsed   Avail Capacity  Mounted on
/dev/sd0a 1005M   51.8M903M 5%/
/dev/sd0l  298G   36.0K283G 0%/home -->  10 GB
/dev/sd0d  3.9G   10.0K3.7G 0%/tmp
/dev/sd0f  2.0G364M1.5G19%/usr --->  150 GB
/dev/sd0g 1005M210M745M22%/usr/X11R6
/dev/sd0h  9.8G218K9.3G 0%/usr/local
/dev/sd0k  2.0G2.0K1.9G 0%/usr/obj
/dev/sd0j  2.0G2.0K1.9G 0%/usr/src
/dev/sd0e 11.5G7.6M   10.9G 0%/var -->  150 GB

I am on amd64 OpenBSD_5.9

thanks

Jaap

Re: change partition size impossible?

[Jaap Bosman]

Problem solved.
I did a re install and edit the filesystem
first delete all partitions from d and above
than add all partitions and give the size I want.
and add mounted parts.

thanks again

On 24-02-16 wk8 08.20, Jaap Bosman wrote:

Hello

Is it possible to change partition size in OpenBSD 5.9?

Try to change partition size on install: error message: "partition f is
currently 4194304 sectors in size and can have a maximum size of 4194304
sectors."

Tried to use disklabel.
delete partition and make new one with preferred size  message is now
"Open partition would move or shrink"

I want partition l and f and e to change.

Filesystem SizeUsed   Avail Capacity  Mounted on
/dev/sd0a 1005M   51.8M903M 5%/
/dev/sd0l  298G   36.0K283G 0%/home -->  10 GB
/dev/sd0d  3.9G   10.0K3.7G 0%/tmp
/dev/sd0f  2.0G364M1.5G19%/usr --->  150 GB
/dev/sd0g 1005M210M745M22%/usr/X11R6
/dev/sd0h  9.8G218K9.3G 0%/usr/local
/dev/sd0k  2.0G2.0K1.9G 0%/usr/obj
/dev/sd0j  2.0G2.0K1.9G 0%/usr/src
/dev/sd0e 11.5G7.6M   10.9G 0%/var -->  150 GB

I am on amd64 OpenBSD_5.9

thanks

Jaap

Re: Upgrade to 5.8 broke equal-cost multipath configuration

[Jean-Daniel Dupas]

> Le 24 févr. 2016 à 12:56, Jean-Daniel Dupas  a écrit
:
>
>> Le 24 févr. 2016 à 10:57, Stuart Henderson  a
écrit
> :
>>
>> In gmane.os.openbsd.misc, you wrote:
>>> Hi,
>>>
>>> After more test, it looks like a change in the mpath behavior.
>>>
>>> Is looks like the route is based on the source IP and not the dest IP as
> it
>>> should.
>>>
>>> Is it expected ?
>>
>> ECMP is meant to be based on a hash of source and destination addresses,
>> if it is still a problem with -current (I think it will be, but don't have
>> a suitable test setup here) then please report it on bugs@.
>
> A quick test with a 5.9 snapshot show the same behavior. I'm not familiar
with
> the kernel sources, but a quick gdb session reveal that there is a problem
> with the mpath selection.
> I look like the dest address used to compute the hash is always empty, so
the
> hash end's up being always the same value.
> I will fill a reports with the information I managed to gather.

I did fill a bug report, but just in case someone is interrested, I think the
issue is
in rtable_match() (rtable.c)

Instead of using the dest address to compute the hash that is used to choose
the route, that function uses the radix node dest address (which is always 0
in
my case as it represents the default route).

Re: sshfs man page, -o idmap=user

[Rudolf Sykora]

> After putting
> kern.usermount=1
> into /etc/sysctl.conf and changing the rights
> chmod 660 /dev/fuse0
> I was then able to mount a remote filesystem, but
> I ran into permission problems. Thus I tried
> to add -o idmap=user into the command, which
> results in immediate diconnecting:
>
> $ sshfs -o idmap=user s...@ssh.du3.cesnet.cz: mnt/du3
> remote host has disconnected
> $ sshfs s...@ssh.du3.cesnet.cz: mnt/du3 -o idmap=user
> remote host has disconnected
> $ sshfs s...@ssh.du3.cesnet.cz: mnt/du3
> s...@ssh.du3.cesnet.cz's password:


I still haven't overcome this.
So is there any working way to mount locally a remote
filesystem (where all, the username, uid, gid are
different) and not run into permission problems?

Thanks
Ruda

simple dhclient question

[sven falempin]

Hello Misc,

is it possible to change the defaul right access of leases info

$ cat /var/db/dhclient.leases.em0

cat: /var/db/dhclient.leases.em0: Permission denied

I have no secret in this file, but a user might want to check the routers
list,
or if the lease is still valid.

Is there a reason to only let wheel read that ?

-- 
-
() ascii ribbon campaign - against html e-mail
/\

Re: How full can a ffs filesystem be?

[John Long]

On Wed, Feb 24, 2016 at 10:50:41AM +0100, Otto Moerbeek wrote:
> On Wed, Feb 24, 2016 at 05:43:06AM +, John Long wrote:
> 
> > On Tue, Feb 23, 2016 at 09:48:44PM -0500, Nick Holland wrote:
> > > On 02/23/16 14:42, John Long wrote:
> > > > Is there any rule of thumb as to how full an ffs filesystem can be 
> > > > without
> > > > impacting performance or integrity issues?
> > > 
> > > The people who wrote the code set the limit at 95%...so if you are
> > > looking for a "Rule of Thumb"...that's it, provided by the People Who
> > > Know Best.
> > > 
> > > Most of us have managed to fill a partition completely with no harm to
> > > the system (no promises on the file!).  But performance isn't our
> > > concern at that point.  File integrity isn't an issue until you try to
> > > write when there is no space.
> > > 
> > > But really, if you are dancing over the 95% point and are happy about
> > > it, you have entered Special Case Land, rules of thumb don't apply and
> > > you are responsible for your own situation.
> > 
> > Thanks, this is good info. I need to get move some files around then. These
> > little Lemote boxes are such nifty ftp servers I tend to keep piling things
> > up on them.
> 
> But note the minfree reserve for root only (see tunefs(8)) is
> already set at 5% by default. If df(1) reports the fs is 100% full, 
> actually 5% room is left, for root only.

I remember that, thanks. Nice safety valve.

/jl

-- 
ASCII ribbon campaign ( ) Powered by Lemote Fuloong
 against HTML e-mail   X  Loongson MIPS and OpenBSD
   and proprietary/ \http://www.mutt.org
 attachments /   \  Code Blue or Go Home!
 Encrypted email preferred  PGP Key 2048R/DA65BC04 

Re: hostname | /etc/hosts

[Peter N. M. Hansteen]

On Wed, Feb 24, 2016 at 12:59:04PM +, Craig Skinner wrote:
> Do not use .local - it buggers up Apple toys.

I would also recommend not using any valid top-level domain that you do not 
control for
this purpose.

A certain (microsoft-heavy) organization's choice of $companyname.int as the 
domain
for their internal-but-occasionally-internet-visible machines comes to mind. 

For a totally separate set of reasons, I was not compelled to stick around to 
help them
sort out that particular mess.

- P
-- 
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
"Remember to set the evil bit on all malicious network traffic"
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.

Re: hostname | /etc/hosts

[Kamil Cholewiński]

On Wed, 24 Feb 2016, Peter Hessler  wrote:
> On 2016 Feb 24 (Wed) at 12:59:04 + (+), Craig Skinner wrote:
> :Hi Rodrigo,
> :
> :On 2016-02-24 Wed 10:48 AM |, Roderick wrote:
> :> 
> :> Should the name in /etc/myname include a domain name? Even when I
> :> do not have a static IP registered in a public DNS?
> :> 
> :
> :Yes, these non-public "domains" are suitable:
> :.localdomain
> :.internal
> :.private
> :.priv
>
> Do not depend on any domain that you don't own.  Just because it isn't
> allocated _now_ doesn't mean it won't be.
>

This. See how Google bought '.dev'.

https://tools.ietf.org/html/rfc2606

Any other relevant RFC's?

K.

Re: hostname | /etc/hosts

[Peter Hessler]

On 2016 Feb 24 (Wed) at 12:59:04 + (+), Craig Skinner wrote:
:Hi Rodrigo,
:
:On 2016-02-24 Wed 10:48 AM |, Roderick wrote:
:> 
:> Should the name in /etc/myname include a domain name? Even when I
:> do not have a static IP registered in a public DNS?
:> 
:
:Yes, these non-public "domains" are suitable:
:.localdomain
:.internal
:.private
:.priv

Do not depend on any domain that you don't own.  Just because it isn't
allocated _now_ doesn't mean it won't be.

:
:You can serve them on your private network with NSD/Unbound too.
:
:Do not use .local - it buggers up Apple toys.
:
:Cheers.
:-- 
:I am ready to meet my Maker.  Whether my Maker is prepared
:for the great ordeal of meeting me is another matter.
:-- Winston Churchill
:

-- 
Warp 7 -- It's a law we can live with.

Re: change partition size impossible?

[dmitry.sensei]

Like this:
http://daemonforums.org/showthread.php?t=5332

On Wed, Feb 24, 2016 at 12:20 PM, Jaap Bosman  wrote:
> Hello
>
> Is it possible to change partition size in OpenBSD 5.9?
>
> Try to change partition size on install: error message: "partition f is
> currently 4194304 sectors in size and can have a maximum size of 4194304
> sectors."
>
> Tried to use disklabel.
> delete partition and make new one with preferred size  message is now "Open
> partition would move or shrink"
>
> I want partition l and f and e to change.
>
> Filesystem SizeUsed   Avail Capacity  Mounted on
> /dev/sd0a 1005M   51.8M903M 5%/
> /dev/sd0l  298G   36.0K283G 0%/home -->  10 GB
> /dev/sd0d  3.9G   10.0K3.7G 0%/tmp
> /dev/sd0f  2.0G364M1.5G19%/usr --->  150 GB
> /dev/sd0g 1005M210M745M22%/usr/X11R6
> /dev/sd0h  9.8G218K9.3G 0%/usr/local
> /dev/sd0k  2.0G2.0K1.9G 0%/usr/obj
> /dev/sd0j  2.0G2.0K1.9G 0%/usr/src
> /dev/sd0e 11.5G7.6M   10.9G 0%/var -->  150 GB
>
> I am on amd64 OpenBSD_5.9
>
> thanks
>
> Jaap
>



-- 
Dmitry Orlov

Re: hostname | /etc/hosts

[Craig Skinner]

Hi Rodrigo,

On 2016-02-24 Wed 10:48 AM |, Roderick wrote:
> 
> Should the name in /etc/myname include a domain name? Even when I
> do not have a static IP registered in a public DNS?
> 

Yes, these non-public "domains" are suitable:
.localdomain
.internal
.private
.priv

You can serve them on your private network with NSD/Unbound too.

Do not use .local - it buggers up Apple toys.

Cheers.
-- 
I am ready to meet my Maker.  Whether my Maker is prepared
for the great ordeal of meeting me is another matter.
-- Winston Churchill

Re: hostname | /etc/hosts

[Janne Johansson]

2016-02-24 11:48 GMT+01:00 Roderick :

> Dear Sirs!
>
> Should the name in /etc/myname include a domain name? Even when I
> do not have a static IP registered in a public DNS?
>
> In "man 5 myname" I read:
>
> "The file should contain a single line specifying the fully
> qualified domain name (FQDN) of the system"
>
> Does FQDN mean, that anyone in the internet must be able to
> resolve the name? Or only resolvable in my machine?
>


No, not to everyone on the internet. Just a fully qualified name, which
should
involve at least a hostname and a top-level domain and a dot in between,
with
optional parts with domain-names in between.

Since "dk." resolves to an A-record, I guess that works as an FQDN.

As for how complete myname needs to be depends a lot on what you expect
from the machine. Mailservers tend to want to strip the hostname part and
default
to the domain part of an FQDN if you don't specify otherwise, so for a
mailserver,
putting "blaha" alone in myname would probably not work out as expected.

But for a test-compile-machine in a throw-away VM to see if libblurg can be
ported,
the name may have zero impact if it isn't well-formed.

-- 
May the most significant bit of your life be positive.

change partition size impossible?

[Jaap Bosman]

Hello

Is it possible to change partition size in OpenBSD 5.9?

Try to change partition size on install: error message: "partition f is 
currently 4194304 sectors in size and can have a maximum size of 4194304 
sectors."


Tried to use disklabel.
delete partition and make new one with preferred size  message is now 
"Open partition would move or shrink"


I want partition l and f and e to change.

Filesystem SizeUsed   Avail Capacity  Mounted on
/dev/sd0a 1005M   51.8M903M 5%/
/dev/sd0l  298G   36.0K283G 0%/home -->  10 GB
/dev/sd0d  3.9G   10.0K3.7G 0%/tmp
/dev/sd0f  2.0G364M1.5G19%/usr --->  150 GB
/dev/sd0g 1005M210M745M22%/usr/X11R6
/dev/sd0h  9.8G218K9.3G 0%/usr/local
/dev/sd0k  2.0G2.0K1.9G 0%/usr/obj
/dev/sd0j  2.0G2.0K1.9G 0%/usr/src
/dev/sd0e 11.5G7.6M   10.9G 0%/var -->  150 GB

I am on amd64 OpenBSD_5.9

thanks

Jaap

Re: e-commerce framework suggestion? medoc?

[Mariano Baragiola]

Django[0] is a popular choice nowadays. There's also DjangoCMS[1] which
is "easier" to use for less technical people. And don't forget to
examine as many as ecommerce[2] modules as you want.

[0] http://www.djangoproject.com/
[1] http://www.django-cms.org/
[2] https://www.djangopackages.com/grids/g/ecommerce/

Re: Upgrade to 5.8 broke equal-cost multipath configuration

[Jean-Daniel Dupas]

> Le 24 févr. 2016 à 10:57, Stuart Henderson  a écrit
:
>
> In gmane.os.openbsd.misc, you wrote:
>> Hi,
>>
>> After more test, it looks like a change in the mpath behavior.
>>
>> Is looks like the route is based on the source IP and not the dest IP as
it
>> should.
>>
>> Is it expected ?
>
> ECMP is meant to be based on a hash of source and destination addresses,
> if it is still a problem with -current (I think it will be, but don't have
> a suitable test setup here) then please report it on bugs@.

A quick test with a 5.9 snapshot show the same behavior. I'm not familiar with
the kernel sources, but a quick gdb session reveal that there is a problem
with the mpath selection.
I look like the dest address used to compute the hash is always empty, so the
hash end's up being always the same value.
I will fill a reports with the information I managed to gather.

Thanks.

hostname | /etc/hosts

[Roderick]

Dear Sirs!

Should the name in /etc/myname include a domain name? Even when I
do not have a static IP registered in a public DNS?

In "man 5 myname" I read:

"The file should contain a single line specifying the fully
qualified domain name (FQDN) of the system"

Does FQDN mean, that anyone in the internet must be able to
resolve the name? Or only resolvable in my machine?

I do not find any restriction in "man 1 hostname".

I also read in myname (5):



The name must be resolvable, either by matching a hostname specified in 
/etc/hosts (see hosts(5)) or through DNS (see resolv.conf(5)).

<<

And at the end of "man 5 hosts":




Host names may contain any printable character other than a
field delimiter, newline, or comment character."
<<

As I understand, names in /etc/hosts must not necessarily contain
a dot (a "domain"). /etc/hosts is not a hierarchical database,
the dot is only necessary for the hierarchical DNS database.

Thanks,
Rodrigo.

Re: How full can a ffs filesystem be?

[Otto Moerbeek]

On Wed, Feb 24, 2016 at 05:43:06AM +, John Long wrote:

> On Tue, Feb 23, 2016 at 09:48:44PM -0500, Nick Holland wrote:
> > On 02/23/16 14:42, John Long wrote:
> > > Is there any rule of thumb as to how full an ffs filesystem can be without
> > > impacting performance or integrity issues?
> > 
> > The people who wrote the code set the limit at 95%...so if you are
> > looking for a "Rule of Thumb"...that's it, provided by the People Who
> > Know Best.
> > 
> > Most of us have managed to fill a partition completely with no harm to
> > the system (no promises on the file!).  But performance isn't our
> > concern at that point.  File integrity isn't an issue until you try to
> > write when there is no space.
> > 
> > But really, if you are dancing over the 95% point and are happy about
> > it, you have entered Special Case Land, rules of thumb don't apply and
> > you are responsible for your own situation.
> 
> Thanks, this is good info. I need to get move some files around then. These
> little Lemote boxes are such nifty ftp servers I tend to keep piling things
> up on them.

But note the minfree reserve for root only (see tunefs(8)) is
already set at 5% by default. If df(1) reports the fs is 100% full, 
actually 5% room is left, for root only.

-Otto

Re: relayd: high CPU usage by one or two proc. of many

[Stuart Henderson]

On 2016-02-24, mxb  wrote:
> Hey,
> I have a strange behavior of relayd running on 5.8.
> This machine almost exclusively terminates TLS traffic.
> Exceptions are forwards which are in backup state (listen on CARP).
>
> Some times one or two relayd processes out of many consumes a lot of CPU
> and stays like this until I restart relayd.

> ktrace gives me following:
> 4013 relayd   CALL  getdtablecount()
>   4013 relayd   RET   getdtablecount 101/0x65
>   4013 relayd   CALL  getrlimit(RLIMIT_NOFILE,0x7f7bb630)
>   4013 relayd   STRU  struct rlimit { cur=65536, max=65536 }
>   4013 relayd   RET   getrlimit 0
>   4013 relayd   CALL  recvmsg(550,0x7f7bb6a0,0)
>   4013 relayd   RET   recvmsg -1 errno 35 Resource temporarily unavailable
>   4013 relayd   CALL  getdtablecount()
>   4013 relayd   RET   getdtablecount 101/0x65
>   4013 relayd   CALL  getrlimit(RLIMIT_NOFILE,0x7f7bb630)
>   4013 relayd   STRU  struct rlimit { cur=65536, max=65536 }
>   4013 relayd   RET   getrlimit 0
>   4013 relayd   CALL  recvmsg(550,0x7f7bb6a0,0)
>   4013 relayd   RET   recvmsg -1 errno 35 Resource temporarily unavailable
>   4013 relayd   CALL  getdtablecount()
>   4013 relayd   RET   getdtablecount 101/0x65
>   4013 relayd   CALL  getrlimit(RLIMIT_NOFILE,0x7f7bb630)
>   4013 relayd   STRU  struct rlimit { cur=65536, max=65536 }
>   4013 relayd   RET   getrlimit 0
>   4013 relayd   CALL  recvmsg(550,0x7f7bb6a0,0)
>   4013 relayd   RET   recvmsg -1 errno 35 Resource temporarily unavailable
> 
> Human readable file after kdump is filled with those lines.
> This as far of my understanding is about limit of openfiles.

It's not files; errno 35 is EAGAIN - it is likely that this was
fixed in -current (2015/12/05).

IPv6

[Paul Ammann]

Hi

I've been reading about IPv6 and the KAME project. 

I read that OpenBSD integrated just IPv6 code rather than both (having
developed their own IPSec stack).

The information that I'm reading is from 2004. Does anyone who if this
is still true?

Regards,

Paul

Re: APC UPS & sensorsd - how?

[lilit-aibolit]

On 03/22/2015 05:44 PM, T. Ribbrock wrote:
Then, I re-applied power, but that, too, was never flagged by 
sensorsd. For some reason, it looks like sensorsd only ever detects a 
status change (for these rules) when it gets started - but not 
afterwards. Regards, Thomas 

Have you succeed with getting status change while sensord is running?

bug in pair ?

[Holger Glaess]

hi

i play around with pair
with current 5.9 .

what i dit

# cat /etc/hostname.pair*
inet 172.16.0.1 255.255.255.248 NONE

rdomain 3
inet 172.16.0.2 255.255.255.248 NONE


so i can ping now between rdoamin 0 and rdomain 3

because i dont patch the interface like the man page
describe.

bug ?

holger

relayd: high CPU usage by one or two proc. of many

[mxb]

Hey,
I have a strange behavior of relayd running on 5.8.
This machine almost exclusively terminates TLS traffic.
Exceptions are forwards which are in backup state (listen on CARP).

Some times one or two relayd processes out of many consumes a lot of CPU
and stays like this until I restart relayd.

ktrace gives me following:
4013 relayd   CALL  getdtablecount()
  4013 relayd   RET   getdtablecount 101/0x65
  4013 relayd   CALL  getrlimit(RLIMIT_NOFILE,0x7f7bb630)
  4013 relayd   STRU  struct rlimit { cur=65536, max=65536 }
  4013 relayd   RET   getrlimit 0
  4013 relayd   CALL  recvmsg(550,0x7f7bb6a0,0)
  4013 relayd   RET   recvmsg -1 errno 35 Resource temporarily unavailable
  4013 relayd   CALL  getdtablecount()
  4013 relayd   RET   getdtablecount 101/0x65
  4013 relayd   CALL  getrlimit(RLIMIT_NOFILE,0x7f7bb630)
  4013 relayd   STRU  struct rlimit { cur=65536, max=65536 }
  4013 relayd   RET   getrlimit 0
  4013 relayd   CALL  recvmsg(550,0x7f7bb6a0,0)
  4013 relayd   RET   recvmsg -1 errno 35 Resource temporarily unavailable
  4013 relayd   CALL  getdtablecount()
  4013 relayd   RET   getdtablecount 101/0x65
  4013 relayd   CALL  getrlimit(RLIMIT_NOFILE,0x7f7bb630)
  4013 relayd   STRU  struct rlimit { cur=65536, max=65536 }
  4013 relayd   RET   getrlimit 0
  4013 relayd   CALL  recvmsg(550,0x7f7bb6a0,0)
  4013 relayd   RET   recvmsg -1 errno 35 Resource temporarily unavailable

Human readable file after kdump is filled with those lines.
This as far of my understanding is about limit of openfiles.
Thus login.conf was modified and relayd restarted.

Original problem however is yet there and ktrace looks the same.

relayd:\
:maxproc-max=31:\
:openfiles-cur=16384:\
:openfiles-max=65536:\
:tc=daemon:

 
Question if there is anything else can be done to trace this down?

Br

//mxb

Re: e-commerce framework suggestion? medoc?

[Marcus MERIGHI]

arrowscr...@mail.com (arrowscr...@mail.com), 2016.02.24 (Wed) 07:15 (CET):
> I'm currently deciding to do a "e-commerce" website. I noticed that
> OpenBSD Store use a software from medoc.com. 
> If not medoc, do you guys have any other suggestion for e-commerce
> framework? It have to be open source, because I can't pay a service
> now (and I woudn't trust them anyway). The idea is to be secure as
> possible (I know it's difficult with all this sql/php madness).
> I'll, of course, use httpd(8) on -stable.

What is in ports/packages...

$ pkg_add sqlports-compact
$ sqlite3 /usr/local/share/sqlports-compact "SELECT * from Descr \
where VALUE LIKE \"%e-commerce%\";"
8780|Ubercart is an e-commerce suite developed for Drupal. It has been
designed with the end user in mind, focusing on usability in three key
areas: store configuration, product and catalog creation, and order
administration. On the front end, all major systems are configurable and
integrate with the standard Drupal systems (node, taxonomy, user, etc.).
On the back end, the settings pages and order administration pages have
been designed with ease of use in mind.

Bye, Marcus

> !DSPAM:56cd4b4e88231894794140!