Re: Unbound in base, yes, what about ldns?

[Атанас Владимиров]

Thanks.


2014-03-20 1:44 GMT+02:00 Chris Smith obsd_m...@chrissmith.org:

 See the thread unbound dnssec revisited I started on 12/30/2013 for
 some hints. Looks like creating a new directory with the proper
 permissions is the best way to go.


 On Wed, Mar 19, 2014 at 7:01 PM, Àòàíàñ Âëàäèìèðîâ don.na...@gmail.com
 wrote:
  Hi,
  Sorry for Off-topic, but when you enable DNSSEC validation and fetch a
 root
  key with unbound-anchor(8) (needs root) the following error shows up in
  /var/log/messages:
 
  unbound: [0:0] error: could not open autotrust file for writing,
  /etc/root.key.29136-0: Permission denied
 
  May be this is because _unbound user has no rights to write to
  /var/unbound/etc/ after chroot.
  Am I correct? Any solutions?
 
  Best regards,
  Atanas

Re: PPTP after removing of userland ppp(8)

[Атанас Владимиров]

2014-03-20 1:15 GMT+02:00 Stefan Sperling s...@openbsd.org:


 ppp(8) used net/pptp as a pseudo-device via pipes to a pptp process.

 With pppd(8) I don't think there is support for using a pipe to
 a separate process as a device. Perhaps there is another way
 to make pptp work with pppd. I don't know.



 npppd supports PPTP but I believe it's currently server-side only.
 One possible path forward would be PPTP-client support in npppd.
 I don't know if there are any plans for this and I don't have any
 such plans myself.

 Yes, it's only server-side


 Even though I'm still listed as maintainer of net/pptp I haven't used
 it in a long time. If net/pptp goes away I won't miss it.


From FAQ:

PPTP
 The Point to Point Tunneling Protocol (PPTP) is a proprietary Microsoft
 protocol. A pptp client is available which interfaces with 
 pppd(8)http://www.openbsd.org/cgi-bin/man.cgi?query=pppdsektion=8 and
 is capable of connecting to the PPTP-based Virtual Private Networks (VPN)
 used by some cable and xDSL providers. pptp itself must be installed from
 packages http://www.openbsd.org/faq/faq15.html#PkgMgmt or 
 portshttp://www.openbsd.org/faq/faq15.html#Ports.
 Further instructions on setting up and using pptp are available in the man
 page which is installed with the pptp package.

Is the following patch correct:
--- faq6.html   Mon Dec  2 09:06:04 2013
+++ faq6.html.new   Thu Mar 20 10:35:38 2014
@@ -982,7 +982,7 @@
 The Point to Point Tunneling Protocol (PPTP) is a proprietary Microsoft
 protocol.
 A pptp client is available which interfaces with
-a href=http://www.openbsd.org/cgi-bin/man.cgi?query=pppdamp;sektion=8
pppd(8)/a
+a href=
http://www.openbsd.org/cgi-bin/man.cgi?query=pppamp;sektion=8amp;manpath=OpenBSD+5.4
ppp(8)/a
 and is capable of connecting to the PPTP-based Virtual Private Networks
(VPN)
 used by some cable and xDSL providers.
 pptp itself must be installed from a
href=faq15.html#PkgMgmtpackages/a

PPTP after removing of userland ppp(8)

[Атанас Владимиров]

Hi,
I was running PPTP client pptp-1.7.2p4 with userland ppp(8). It was a basic
setup from pptp(8) manual page and specifically PPTP on a router example.
What are my alternatives to run PPTP to connect to Microsoft VPN server?
May I use ppp(4) and pppd(8) and if so can you point me to the right
direction.
Thanks for your time.
Atanas

Re: Unbound in base, yes, what about ldns?

[Атанас Владимиров]

Hi,
Sorry for Off-topic, but when you enable DNSSEC validation and fetch a root
key with unbound-anchor(8) (needs root) the following error shows up in
/var/log/messages:

unbound: [0:0] error: could not open autotrust file for writing,
/etc/root.key.29136-0: Permission denied

May be this is because _unbound user has no rights to write to
/var/unbound/etc/ after chroot.
Am I correct? Any solutions?

Best regards,
Atanas

Re: Dovecot bsdauth(user): unknown user

[Атанас Владимиров]

Oof.  I didn't notice this earlier, but you're running -current, and
this has seen some changes in the last week.  You might want to take a
look at this thread: http://marc.info/?t=13910782254r=1w=2

I don't have an easy way to test (not running -current or using
passwd/bsdauth), and it's not clear from the discussion whether the
changes that fixed dovecot in Brad's testing were committed or not.
However, it looks like one more fix to getpwent.c was committed after
your last update, and it's probably worth trying.

Based on the info you provided, today I made another `make release`.
Now everything is working as it should be. Sorry for making a fuss
and thanks for the help.

Atanas Vladimirov

Re: Dovecot bsdauth(user): unknown user

[Атанас Владимиров]

 # pwd_mkdb
 usage: pwd_mkdb [-c] [-p | -s] [-d directory] [-u username] file
 # pwd_mkdb -c /etc/master.passwd
 #

 It seems that everything is OK, isn't it?.

Did the problems with unknown user persist afterward?

Yes, the problem persist.

$ sudo doveadm auth test vlado
Password:
passdb: vlado auth failed
extra fields:
  user=vlado
$ sudo pwd_mkdb
usage: pwd_mkdb [-c] [-p | -s] [-d directory] [-u username] file
$ sudo pwd_mkdb -c /etc/master.passwd
$ sudo doveadm auth test vlado
Password:
passdb: vlado auth failed
extra fields:
  user=vlado

$ tail /var/log/maillog
Mar 10 08:08:16 ns dovecot: auth-worker(21267): bsdauth(vlado):
unknown user (given password: K4*x9)
Mar 10 08:08:51 ns dovecot: auth-worker(21267): bsdauth(vlado):
unknown user (given password: Qa*we00)
Mar 10 08:09:41 ns dovecot: auth-worker(21267): bsdauth(vlado):
unknown user (given password: K*rx9)
Mar 10 08:10:18 ns dovecot: auth-worker(21267): bsdauth(vlado):
unknown user (given password: K*x9)

If I enter wrong password error for the account that is working
normaly, error is password mismatch. With correct password for the
same account the log is silent as it should to be.


$ sudo doveadm auth test jul
Password:
passdb: jul auth failed
extra fields:
  user=jul

$ tail /var/log/maillog

Mar 10 09:50:38 ns dovecot: auth-worker(836): bsdauth(jul): Password
mismatch (given password: Qazxsw)

Re: Dovecot bsdauth(user): unknown user

[Атанас Владимиров]

No, they had default login class. I'm still trying to find out some pattern
when and why this behavior occurs. When I create new account with `useradd
accountname` then set a password with `passwd accountname` and then
`doveadm auth test accountname`, everything seems good. Then `usermod -L
default accountname` and doveadm auth failed. When I created new account
with adduser - doveadm failed.
An old account on the system works fine no matter in which loggin class I
move it. I tried to move my account to other class without any luck.
Here is my login.conf. I can provide other info, too. Thanks for your time.

$ cat /etc/login.conf
# $OpenBSD: login.conf.in,v 1.6 2012/02/06 21:25:13 sobrado Exp $

#
# Sample login.conf file.  See login.conf(5) for details.
#

#
# Standard authentication styles:
#
# krb5-or-pwd   First try Kerberos V password, then local password file
# passwdUse only the local password file
# krb5  Use only the Kerberos V password
# chpassDo not authenticate, but change users password (change
#   the YP password if the user has one, else change the
#   local password)
# lchpass   Do not login; change user's local password instead
# radiusUse radius authentication
# rejectUse rejected authentication
# skey  Use S/Key authentication
# activ ActivCard X9.9 token authentication
# cryptoCRYPTOCard X9.9 token authentication
# snk   Digital Pathways SecureNet Key authentication
# tis   TIS Firewall Toolkit authentication
# token Generic X9.9 token authentication
# yubikey   YubiKey authentication
#

# Default allowed authentication styles
auth-defaults:auth=passwd,skey:

# Default allowed authentication styles for authentication type ftp
auth-ftp-defaults:auth-ftp=passwd:

#
# The default values
# To alter the default authentication types change the line:
#   :tc=auth-defaults:\
# to be read something like: (enables passwd, myauth, and activ)
#   :auth=passwd,myauth,activ:\
# Any value changed in the daemon class should be reset in default
# class.
#
default:\
:path=/usr/bin /bin /usr/sbin /sbin /usr/X11R6/bin /usr/local/bin
/usr/local/sbin:\
:umask=022:\
:datasize-max=512M:\
:datasize-cur=512M:\
:maxproc-max=256:\
:maxproc-cur=128:\
:openfiles-cur=512:\
:stacksize-cur=4M:\
:localcipher=blowfish,6:\
:ypcipher=old:\
:tc=auth-defaults:\
:tc=auth-ftp-defaults:

#
# Settings used by /etc/rc and root
# This must be set properly for daemons started as root by inetd as well.
# Be sure reset these values back to system defaults in the default class!
#
daemon:\
:ignorenologin:\
:datasize=infinity:\
:maxproc=infinity:\
:openfiles-cur=128:\
:stacksize-cur=8M:\
:localcipher=blowfish,8:\
:tc=default:

dovecot:\
:openfiles-cur=512:\
:openfiles-max=2048:\
:tc=daemon:

#
# Staff have fewer restrictions and can login even when nologins are set.
#
staff:\
:datasize-cur=2048M:\
:datasize-max=infinity:\
:maxproc-max=512:\
:maxproc-cur=128:\
:ignorenologin:\
:requirehome@:\
:tc=default:

#
# Authpf accounts get a special motd and shell
#
authpf:\
:welcome=/etc/motd.authpf:\
:shell=/usr/sbin/authpf:\
:tc=default:

#
# Override resource limits for certain daemons started by rc.d(8)
#
bgpd:\
:openfiles-cur=512:\
:tc=daemon:





2014-03-09 15:19 GMT+02:00 Alexander Hall alexan...@beard.se:

On 03/08/14 23:30, Àòàíàñ Âëàäèìèðîâ wrote:

 Hi,
 I have a very strange problem with one user. After upgrade from home
 made
 release today dovecot stoped authenticating my account. Root and other
 accounts are working well. I also made two new accounts which worked as
 they should. It seems that for dovecot my account (vlado) not exists.
 Thanks for any help.


 Do the two new accounts have the same login class (=staff)? I would
 check the various auth= and auth-*= settings in /etc/login.conf.

 /Alexander

 In case the error message is a bit misleading



 #
 /var/log/maillog:

 Mar  8 23:40:20 ns dovecot: auth-worker(2646): bsdauth(vlado): unknown
 user
 (given password: Qazxswe00)
 Mar  8 23:42:12 ns dovecot: auth-worker(6589): bsdauth(vlado): unknown
 user
 (given password: Qzxswe00)
 Mar  8 23:42:40 ns dovecot: auth-worker(6589): bsdauth(vlado): unknown
 user
 (given password: Qawe00)
 Mar  8 23:43:15 ns dovecot: auth-worker(6589): bsdauth(vlado): unknown
 user
 (given password: Qaze00)
 Mar  8 23:43:36 ns dovecot: auth-worker(6589): bsdauth(vlado): unknown
 user
 (given password: dsd)

 #
 /etc/passwd
 
 _dovecot:*:518:518:Dovecot Account:/nonexistent:/sbin/nologin
 _dovenull:*:666:666:Dovecot Login User:/nonexistent:/sbin/nologin
 _netflow:*:575:575:flow-tools 

Re: Dovecot bsdauth(user): unknown user

[Атанас Владимиров]

What happens if you just run pwd_mkdb -c /etc/master.passwd as root?
What about just pwd_mkdb? It looks like the error you're seeing in the
log (bsdauth(vlado): unknown user...) comes down to a failure in
getpwent_r(), and would be causing problems before the user's login
class is relevant.

# pwd_mkdb
usage: pwd_mkdb [-c] [-p | -s] [-d directory] [-u username] file
# pwd_mkdb -c /etc/master.passwd
#

It seems that everything is OK, isn't it?.

Dovecot bsdauth(user): unknown user

[Атанас Владимиров]

Hi,
I have a very strange problem with one user. After upgrade from home made
release today dovecot stoped authenticating my account. Root and other
accounts are working well. I also made two new accounts which worked as
they should. It seems that for dovecot my account (vlado) not exists.
Thanks for any help.

#
/var/log/maillog:

Mar  8 23:40:20 ns dovecot: auth-worker(2646): bsdauth(vlado): unknown user
(given password: Qazxswe00)
Mar  8 23:42:12 ns dovecot: auth-worker(6589): bsdauth(vlado): unknown user
(given password: Qzxswe00)
Mar  8 23:42:40 ns dovecot: auth-worker(6589): bsdauth(vlado): unknown user
(given password: Qawe00)
Mar  8 23:43:15 ns dovecot: auth-worker(6589): bsdauth(vlado): unknown user
(given password: Qaze00)
Mar  8 23:43:36 ns dovecot: auth-worker(6589): bsdauth(vlado): unknown user
(given password: dsd)

#
/etc/passwd

_dovecot:*:518:518:Dovecot Account:/nonexistent:/sbin/nologin
_dovenull:*:666:666:Dovecot Login User:/nonexistent:/sbin/nologin
_netflow:*:575:575:flow-tools user:/var/empty:/sbin/nologin
_nfcapd:*:649:649:nfcapd user:/nonexistent:/sbin/nologin
vlado:*:1000:1000:Atanas Vladimirov:/home/vlado:/bin/ksh


#
/etc/master.passwd
_netflow:*:575:575:daemon:0:0:flow-tools
user:/var/empty:/sbin/nologin
_nfcapd:*:649:649:daemon:0:0:nfcapd
user:/nonexistent:/sbin/nologin
vlado:$2a$06$iVr1p*hmfMLW:1000:1000:staff:0:0:Atanas
Vladimirov:/home/vlado:/bin/ksh

#
$ dovecot -n

# 2.2.10: /etc/dovecot/dovecot.conf
# OS: OpenBSD 5.5 i386
auth_debug = yes
auth_verbose = yes
auth_verbose_passwords = plain
first_valid_uid = 1000
imap_client_workarounds = delay-newmail tb-extra-mailbox-sep tb-lsub-flags
mail_debug = yes
mbox_write_locks = fcntl
mmap_disable = yes
namespace inbox {
  inbox = yes
  location =
  mailbox Drafts {
special_use = \Drafts
  }
  mailbox Junk {
special_use = \Junk
  }
  mailbox Sent {
special_use = \Sent
  }
  mailbox Sent Messages {
special_use = \Sent
  }
  mailbox Trash {
special_use = \Trash
  }
  prefix =
}
passdb {
  driver = bsdauth
}
pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
ssl = required
ssl_cert = /etc/ssl/dovecotcert.pem
ssl_key = /etc/ssl/private/dovecot.pem
userdb {
  driver = passwd
}

#
dmesg:

OpenBSD 5.5-current (GENERIC.MP) #0: Sat Mar  8 14:41:24 EET 2014
r...@i386.bsdbg.net:/usr/src/sys/arch/i386/compile/GENERIC.MP
cpu0: AMD Athlon(tm) 64 X2 Dual Core Processor 4400+ (AuthenticAMD
686-class, 512KB L2 cache) 2.31 GHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,NXE,MMXX,FFXSR,LON
G,3DNOW2,3DNOW,SSE3,CX16,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,3DNOWP
real mem  = 2129096704 (2030MB)
avail mem = 2081988608 (1985MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 06/02/10, BIOS32 rev. 0 @ 0xf2030,
SMBIOS rev. 2.4 @ 0xf (70 entries)
bios0: vendor Phoenix Technologies, LTD version ASUS M2NPV-VM ACPI BIOS
Revision 5005 date 06/02/2010
bios0: ASUSTek Computer INC. M2NPV-VM
acpi0 at bios0: rev 2
acpi0: sleep states S0 S1 S3 S4 S5
acpi0: tables DSDT FACP MCFG APIC
acpi0: wakeup devices HUB0(S5) XVRA(S5) XVRB(S5) XVRC(S5) UAR1(S5) UAR2(S5)
PS2M(S4) PS2K(S4) USB0(S4) USB2(S4) AZAD(S5) MMAC
(S5) MMCI(S5)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimcfg0 at acpi0 addr 0xe000, bus 0-255
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 200MHz
cpu1 at mainbus0: apid 1 (application processor)
cpu1: AMD Athlon(tm) 64 X2 Dual Core Processor 4400+ (AuthenticAMD
686-class, 512KB L2 cache) 2.31 GHz
cpu1:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,NXE,MMXX,FFXSR,LON
G,3DNOW2,3DNOW,SSE3,CX16,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,3DNOWP
ioapic0 at mainbus0: apid 4 pa 0xfec0, version 11, 24 pins
ioapic0: misconfigured as apic 0, remapped to apid 4
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 1 (HUB0)
acpicpu0 at acpi0
acpicpu1 at acpi0
acpitz0 at acpi0: critical temperature is 75 degC
acpibtn0 at acpi0: PWRB
aibs0 at acpi0 RTMP RVLT RFAN
aibs0: FSIF: misformed package: 3/5, assume 5
bios0: ROM list: 0xc/0xec00 0xd4000/0x1000 0xd5000/0x1000
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
NVIDIA C51 Host rev 0xa2 at pci0 dev 0 function 0 not configured
NVIDIA C51 Memory rev 0xa2 at pci0 dev 0 function 2 not configured
NVIDIA C51 Memory rev 0xa2 at pci0 dev 0 function 3 not configured
NVIDIA C51 Memory rev 0xa2 at pci0 dev 0 function 4 not configured
NVIDIA C51 Memory rev 0xa2 at pci0 dev 0 function 5 not configured
NVIDIA C51 Memory rev 0xa2 at pci0 dev 0 function 6 not configured
NVIDIA C51 Memory rev 0xa2 at pci0 dev 0 function 7 not configured
vga1 at pci0 dev 5 function 0 NVIDIA 

Re: Kernel Panic with Mon May 13 snapshot

[Атанас Владимиров]

Hi,
I built a kernel that include the fix in pf.c and everything is fine now.
Thanks,
Atanas Vladimirov

[ns]~$ uptime
 5:37PM  up 3 days,  3:44, 1 user, load averages: 1.23, 0.74, 0.64

[ns]~$ dmesg
OpenBSD 5.3-current (GENERIC) #0: Wed May 15 23:59:01 EEST 2013

vl...@ns.bsdbg.net:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: AMD Athlon(TM) XP1600+ (AuthenticAMD 686-class, 256KB L2 cache)
1.42 GHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE,MMXX,3DNOW2,3DNOW
real mem  = 804765696 (767MB)
avail mem = 780185600 (744MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 03/03/03, BIOS32 rev. 0 @ 0xf0d00,
SMBIOS rev. 2.3 @ 0xf2bc0 (46 entries)
bios0: vendor Award Software, Inc. version ASUS A7V266-C ACPI BIOS Rev
1014 date 03/03/2003
bios0: ASUSTeK Computer INC. A7V266-C
apm0 at bios0: Power Management spec V1.2 (BIOS management disabled)
apm0: APM power management enable: unrecognized device ID (9)
apm0: APM engage (device 1): power management disabled (1)
acpi at bios0 function 0x0 not configured
pcibios0 at bios0: rev 2.1 @ 0xf/0x1572
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf14b0/192 (10 entries)
pcibios0: PCI Interrupt Router at 000:17:0 (VIA VT82C586 ISA rev 0x00)
pcibios0: PCI bus #1 is the last bus
bios0: ROM list: 0xc/0x8000 0xc8000/0x1000 0xcc000/0x1000
cpu0 at mainbus0: (uniprocessor)
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 0 function 0 VIA VT8366 PCI rev 0x00
viaagp0 at pchb0: v2
agp0 at viaagp0: aperture at 0xfe80, size 0xe40
ppb0 at pci0 dev 1 function 0 VIA VT8366 AGP rev 0x00
pci1 at ppb0 bus 1
vga1 at pci0 dev 12 function 0 S3 ViRGE DX/GX rev 0x01
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
em0 at pci0 dev 13 function 0 Intel PRO/1000MT (82540EM) rev 0x02: irq
11, address 00:07:e9:10:32:a8
em1 at pci0 dev 15 function 0 Intel PRO/1000MT (82540EM) rev 0x02: irq
10, address 00:07:e9:10:2a:20
viapm0 at pci0 dev 17 function 0 VIA VT8233A ISA rev 0x00: SMI
iic0 at viapm0
lm1 at iic0 addr 0x2d: AS99127F
viapm0: 24-bit timer at 3579545Hz
pciide0 at pci0 dev 17 function 1 VIA VT82C571 IDE rev 0x06: ATA133,
channel 0 configured to compatibility, channel 1 confi
gured to compatibility
wd0 at pciide0 channel 0 drive 0: WDC WD800JB-00ETA0
wd0: 16-sector PIO, LBA48, 76319MB, 156301488 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5
pciide0: channel 1 disabled (no drives)
uhci0 at pci0 dev 17 function 2 VIA VT83C572 USB rev 0x23: irq 12
uhci1 at pci0 dev 17 function 3 VIA VT83C572 USB rev 0x23: irq 12
usb0 at uhci0: USB revision 1.0
uhub0 at usb0 VIA UHCI root hub rev 1.00/1.00 addr 1
usb1 at uhci1: USB revision 1.0
uhub1 at usb1 VIA UHCI root hub rev 1.00/1.00 addr 1
isa0 at mainbus0
isadma0 at isa0
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
com0: console
com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pcppi0 at isa0 port 0x61
spkr0 at pcppi0
npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
mtrr: Pentium Pro MTRR support
vscsi0 at root
scsibus0 at vscsi0: 256 targets
softraid0 at root
scsibus1 at softraid0: 256 targets
root on wd0a (b198b672451a33ab.a) swap on wd0b dump on wd0b
WARNING: / was not properly unmounted

Kernel Panic with Mon May 13 snapshot

[Атанас Владимиров]

Hi,
I had a kernel panic after upgrade to latest snapshot.
`trace` and `ps` follows, dmesg at bottom

OpenBSD/i386 (ns.bsdbg.net) (tty00)

login:pool_do_get: pfstatekeypl: curpage NULL, nitems 1
panic: pool_do_get: nitems inconsistent
Stopped at  Debugger+0x4:   popl%ebp
RUN AT LEAST 'trace' AND 'ps' AND INCLUDE OUTPUT WHEN REPORTING THIS PANIC!
DO NOT EVEN BOTHER REPORTING THIS WITHOUT INCLUDING THAT INFORMATION!
ddb trace
Debugger(d095e5d8,f54f5930,d093c980,f54f5930,d0a48814) at Debugger+0x4
panic(d093c980,d09351a0,1,400,d6613400) at panic+0x5d
pool_do_get(d0aab860,a,f54f59d4,d0449222,f57b51d0) at pool_do_get+0x2e3
pool_get(d0aab860,a,f54f5a04,d03d4904,a) at pool_get+0x47
pf_alloc_state_key(a,7fff,0,f54f59d4,f57b51c8) at pf_alloc_state_key+0x19
pf_state_key_setup(f54f5b5c,f54f5ae8,f54f5ae4,0,0) at
pf_state_key_setup+0x34
pf_test_rule(f54f5b5c,f54f5b50,f54f5b4c,f54f5b54,f54f5b48) at
pf_test_rule+0xd1
d
pf_test(2,2,d1a10030,f54f5cac,0) at pf_test+0xd6a
ip_output(d6613400,0,d0ac0724,1,0) at ip_output+0x54d
ip_forward(d6613400,0,d1abf000,f54f5eac,0) at ip_forward+0x1be
ipv4_input(d6613400,6,f54f5ec4,d04a1a35,d020305d) at ipv4_input+0x37b
ipintr(d020305d,d19f66a0,f54f5ee4,d05d658f,0) at ipintr+0x73
netintr(0,d19f7500,d65fa2e8,0,d0202042) at netintr+0xc5
softintr_dispatch(1) at softintr_dispatch+0x4f
Xsoftnet() at Xsoftnet+0x12
--- interrupt ---
apm_cpu_idle(d0432c25,d0ab5264,d0b6e760,f54f4000,d65fa174) at
apm_cpu_idle+0x8a
cpu_idle_cycle(d0b6e760) at cpu_idle_cycle+0xc
Bad frame pointer: 0xd0c36e28

ddb ps
   PID   PPID   PGRPUID  S   FLAGS  WAIT  COMMAND
 10464  24684  26061  0  30x80  netio ping
 24684  26061  26061  0  30x88  pause sh
 12010  1  12010601  30x80  kqreadunbound
 17194   5156   5156 67  30x80  netconphp-fpm-5.3
 32405   5156   5156 67  30x80  netconphp-fpm-5.3
  1145   5156   5156 67  30x80  netconphp-fpm-5.3
  1090  18553   1090   1000  30x80  kqreadtmux
 18553  27685  18553   1000  30x88  pause ksh
 27685  30126  30126   1000  30x80  selectsshd
 30126830  30126  0  30x80  poll  sshd
  7331  10843  10843 67  30x80  kqreadnginx
 15631  1  15631  0  30x80  selectssh
 20013   8951  20013   1000  30x80  selectventrilo_srv
  2271  1  1  0  30x88  pause ldattach
  5833  1   5833  0  30x80  ttyin getty
  1755  1   1755  0  30x80  ttyin getty
 22092  1  22092  0  30x80  ttyin getty
  2192  1   2192  0  30x80  ttyin getty
 11132  1  11132  0  30x80  ttyin getty
 23104  1  23104  0  30x80  ttyin getty
 21475  1  21475  0  30x80  selectcron
 20869  1  20869 67  30x80  kqreadthttpd
 15354  1  15354  0  30x80  selectsymux
 26694  1  26694535  30x80  nanosleep symon
 22426  1  22426   1001  30x80  nanosleep perl
  8951  13314   8951   1000  30x80  ttyin ksh
 13314  1  13314   1000  30x80  kqreadtmux
  5427  32025  18182515  30x80  netio log_file_daemon
  1669  1   2292697  30x80  poll  cvsyncd
 32025  18182  18182515  30x80  poll  squid
 18182  1  18182515  30x80  wait  squid
 24708   2226  26353502  3   0x4100080  sigwait   mysqld
  2360   2226  26353502  3   0x4100080  thrsleep  mysqld
  2813   2226  26353502  3   0x4100080  selectmysqld
 15086   2226  26353502  3   0x4100080  selectmysqld
 28516   2226  26353502  3   0x4100080  selectmysqld
 25548   2226  26353502  3   0x4100080  thrsleep  mysqld
 13217   2226  26353502  3   0x4100080  thrsleep  mysqld
  4672   2226  26353502  3   0x4100080  thrsleep  mysqld
 25375   2226  26353502  3   0x4100080  thrsleep  mysqld
  7368   2226  26353502  30x80  selectmysqld
  2226  1  26353  0  30x88  pause sh
  5156  1   5156  0  30x80  kqreadphp-fpm-5.3
 30395  1  30395 62  30x80  bpf   spamlogd
 27623   1163   1163 62  30x80  piperdspamd
26   1163   1163 62  30x80  selectspamd
  1163  1   1163 62  30x80  nanosleep spamd
 21585  1  21585 71  30x80  kqreadftp-proxy
 10843  1  10843  0  30x88  pause nginx
 17208  16088  16088 95  30x80  kqreadsmtpd
  1515  16088  16088 95  30x80  kqreadsmtpd
 27291  16088  16088 95  30x80  kqreadsmtpd
 15064  16088  

Re: Kernel Panic with Mon May 13 snapshot

[Атанас Владимиров]

2013/5/15 Ted Unangst t...@tedunangst.com

 On Wed, May 15, 2013 at 22:31, ?? ?? wrote:
  Hi,
  I had a kernel panic after upgrade to latest snapshot.
  `trace` and `ps` follows, dmesg at bottom
 
  OpenBSD/i386 (ns.bsdbg.net) (tty00)
 
  login:pool_do_get: pfstatekeypl: curpage NULL, nitems 1

 There was a fix to pf.c made yesterday that I would guess fixes this.


May I try to build and install a new kernel with that fix, or to wait for a
new snapshot?
Thank you.

Atanas Vladimirov

Re: Arpresolve route without link local address

[Атанас Владимиров]

Hi,
I added those two lines after block lines in my pf.conf:


 pass quick from (self) to 94.26.7.0/24 set queue b_ack
 pass quick from 94.26.7.0/24 to (self) set queue b_ack


 I'm still get the same error. Also I found that permanent static MAC
disappear when dhclient recieve a leases from my ISP DHCP server. In fact
every static MAC that I set is gone after dhclient leases. Is that normal?

[ns]~$ cat /etc/ether.mac
XX.XX.XX.33 00:50:45:5f:16:58 permanent
192.168.1.2 6c:f0:49:00:7f:9b permanent

[ns]~$ sudo arp -da  sudo arp -Ff /etc/ether.mac

[ns]~$ arp -na
? (XX.XX.XX.33) at 00:50:45:5f:16:58 on em0 permanent static
? (192.168.1.2) at 6c:f0:49:00:7f:9b on vlan41 permanent static

After 5 min, when dhclient recieve leases:

[ns]~$ arp -na
? (XX.XX.XX.33) at 00:50:45:5f:16:58 on em0
? (192.168.1.2) at 6c:f0:49:00:7f:9b on vlan41

Vlan41 is on top of em1. Shoud I report this behavior as bug?

dmesg:
OpenBSD 5.2-current (GENERIC) #19: Mon Jan 21 17:55:18 MST 2013
t...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: AMD Athlon(TM) XP1600+ (AuthenticAMD 686-class, 256KB L2 cache)
1.42 GHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE,MMXX,3DNOW2,3DNOW
real mem  = 402112512 (383MB)
avail mem = 384552960 (366MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 03/03/03, BIOS32 rev. 0 @ 0xf0d00,
SMBIOS rev. 2.3 @ 0xf2bc0 (46 entries)
bios0: vendor Award Software, Inc. version ASUS A7V266-C ACPI BIOS Rev
1014 date 03/03/2003
bios0: ASUSTeK Computer INC. A7V266-C
apm0 at bios0: Power Management spec V1.2
acpi at bios0 function 0x0 not configured
pcibios0 at bios0: rev 2.1 @ 0xf/0x1572
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf14b0/192 (10 entries)
pcibios0: PCI Interrupt Router at 000:17:0 (VIA VT82C586 ISA rev 0x00)
pcibios0: PCI bus #1 is the last bus
bios0: ROM list: 0xc/0x8000 0xc8000/0x1000 0xcc000/0x1000
cpu0 at mainbus0: (uniprocessor)
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 0 function 0 VIA VT8366 PCI rev 0x00
viaagp0 at pchb0: v2
agp0 at viaagp0: aperture at 0xfe80, size 0xe40
ppb0 at pci0 dev 1 function 0 VIA VT8366 AGP rev 0x00
pci1 at ppb0 bus 1
vga1 at pci0 dev 12 function 0 S3 ViRGE DX/GX rev 0x01
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
em0 at pci0 dev 13 function 0 Intel PRO/1000MT (82540EM) rev 0x02: irq
11, address 00:07:e9:10:32:a8
em1 at pci0 dev 15 function 0 Intel PRO/1000MT (82540EM) rev 0x02: irq
10, address 00:07:e9:10:2a:20
viapm0 at pci0 dev 17 function 0 VIA VT8233A ISA rev 0x00: SMI
iic0 at viapm0
lm1 at iic0 addr 0x2d: AS99127F
viapm0: 24-bit timer at 3579545Hz
pciide0 at pci0 dev 17 function 1 VIA VT82C571 IDE rev 0x06: ATA133,
channel 0 configured to compatibility, channel 1 configured to compatibilit
y
wd0 at pciide0 channel 0 drive 0: WDC WD800JB-00ETA0
wd0: 16-sector PIO, LBA48, 76319MB, 156301488 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5
pciide0: channel 1 disabled (no drives)
uhci0 at pci0 dev 17 function 2 VIA VT83C572 USB rev 0x23: irq 12
uhci1 at pci0 dev 17 function 3 VIA VT83C572 USB rev 0x23: irq 12
usb0 at uhci0: USB revision 1.0
uhub0 at usb0 VIA UHCI root hub rev 1.00/1.00 addr 1
usb1 at uhci1: USB revision 1.0
uhub1 at usb1 VIA UHCI root hub rev 1.00/1.00 addr 1
isa0 at mainbus0
isadma0 at isa0
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
com0: console
com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pcppi0 at isa0 port 0x61
spkr0 at pcppi0
npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
mtrr: Pentium Pro MTRR support
vscsi0 at root
scsibus0 at vscsi0: 256 targets
softraid0 at root
scsibus1 at softraid0: 256 targets
root on wd0a swap on wd0b dump on wd0b

Re: Arpresolve route without link local address

[Атанас Владимиров]

Hi,
Today I upgraded to 11.01.2013 snapshot and I'm still get the same error.
I have permanent static for my default route.

[ns]~$ sudo /usr/sbin/arp -Ff /etc/ether.mac

[ns]~$ cat /etc/ether.mac
XX.XX.XX.33 00:50:45:5f:16:58 permanent

[ns]~$ arp -a
gw.xx.xx (XX.XX.XX.33) at 00:50:45:5f:16:58 on em0 permanent static

After a while:
[ns]~$ arp -a
gw.xx.xx (XX.XX.XX.33) at 00:50:45:5f:16:58 on em0

the permanent static arp disappear.

/var/log/messages:
Jan 14 20:46:47 ns /bsd: arpresolve: XX.XX.7.33: route without link local
address
Jan 14 20:51:47 ns last message repeated 42 times

/var/log/daemon:
Jan 14 20:46:47 ns dhclient[2970]: DHCPREQUEST on em0 to XX.XX.7.1 port 67
Jan 14 20:46:47 ns dhclient[2970]: DHCPACK from XX.XX.7.33
(00:50:45:5f:16:58)
Jan 14 20:46:47 ns dhclient[2970]: bound to XX.XX.7.48 -- renewal in 300
seconds.

Here is my pf.conf

[ns]~$ sudo cat /etc/pf.conf


 Macros
###

### Interfaces ###
 ExtIf =em0
 IntIf =vlan41
 Free  =vlan81
 pppx  =192.168.3.0/25
 lo0   =127.0.0.1

### Hosts ###
 vl=192.168.1.2
 jl=192.168.1.3
 ve=192.168.1.4
 ntp=192.168.1.5
 sam=192.168.1.14
 dpc11=192.168.1.11

### Ports ###
 low_ports = 0:1024
 hi_ports  = 1025:65535
 web   = {20, 21, 22, 25, 80, 443, 3389, 5900, 6000, , 8080}
 ssh_extif = 
 rdc   = 3389
 rdc_extif = 4900
 squid = 8080
 squid_extif = 443
 vl_skype  = 30001
 jl_skype  = 30002
 ve_skype  = 30003
 vl_torrent= 30004
 jl_torrent= 30005
 ve_torrent= 30006
 vl_hfs= 8081
 ftp_proxy = 8021
 symux = 2100
 ftp   = 21
 vnc_ext   = 59001
 vnc_int   = 5900
 sftp  = 2
 l2tp  = { 500, 1701, 4500 }
 trace = 33434:33498
### Queues, States and Types ###
 IcmpType =icmp-type 8 code 0
 SynState =flags S/SAFR synproxy state

### Tables ###
  table bgnets file /etc/bgnets
  table spamd-white persist
  table proxy-users persist { 188.254.185.154, 212.50.72.29,
85.217.136.0/21, \
 95.111.100.14, 212.233.176.65, 78.128.124.161, 190.32.172.28 }
##  panama
  table isp persist { 94.26.7.32/27 }
  table BLOCK persist { 82.119.88.70 }

 Options
##
### Misc Options
 set block-policy drop
 set loginterface $ExtIf
 set skip on lo0
 set optimization aggressive
# set state-defaults pflow

 Queueing


 altq on $ExtIf bandwidth 100% hfsc queue { BG, INTER }
  queue INTER bandwidth 3% hfsc (upperlimit 2950Kb) \
 { i_ack, i_dns, i_ntp, i_web, i_bulk, i_bittor }
queue i_ack bandwidth 30% priority 8 qlimit 500 hfsc (realtime
30%)
queue i_dns bandwidth  5% priority 7 qlimit 500 hfsc (realtime
10%)
queue i_ntp bandwidth 10% priority 6 qlimit 500 hfsc (realtime
10%)
queue i_web bandwidth 30% priority 5 qlimit 500 hfsc (realtime
20%)
queue i_bulkbandwidth 19% priority 2 qlimit 500 hfsc (realtime
15%)
queue i_bittor  bandwidth  1% priority 0 qlimit 2000 hfsc (default,
upperlimit 60%)

  queue BG bandwidth 30% hfsc (upperlimit 30Mb) \
 { b_ack, b_dns, b_ntp, b_rdc, b_web, b_bulk, b_bittor }
queue b_ack bandwidth 10% priority 8 qlimit 500 hfsc (realtime
10%)
queue b_dns bandwidth 1%  priority 7 qlimit 500 hfsc (realtime
1% )
queue b_ntp bandwidth 10% priority 7 qlimit 500 hfsc (realtime
1% )
queue b_rdc bandwidth 10% priority 6 qlimit 500 hfsc (realtime
10%)
queue b_web bandwidth 30% priority 5 qlimit 500 hfsc (realtime
30%)
queue b_bulkbandwidth 30% priority 4 qlimit 500 hfsc (realtime
10%)
queue b_bittor  bandwidth 1%  priority 0 qlimit 500 hfsc
(upperlimit 85%)

 Translation and Filtering
###

### BLOCK all in/out on all interfaces by default and log
 blocklog on $ExtIf
 block return log on $IntIf
 block return log on $Free
 block quick  log on $ExtIf from BLOCK

### Network Address Translation (NAT with outgoing source port
randomization)
 match out log on egress from (self) \
to any nat-to ($ExtIf:0) port 1024:65535
 match out log on egress from !($ExtIf:0) \
to any nat-to ($ExtIf:0) port 1024:65535

### NAT from IntIf to FreeWifi
 match out log on $Free from $IntIf:network \
to $Free:network nat-to ($Free:0) port 1024:65535

### Packet normalization ( scrubbing )
 match log on $ExtIf all scrub (random-id max-mss 1472)

### Ftp ( secure ftp proxy for LAN )
 anchor ftp-proxy/*

### pppx
 pass log from $pppx

### $ExtIf inbound 

# npppd
  pass in log on $ExtIf proto {tcp, udp} from bgnets \
 to ($ExtIf) port $l2tp queue b_dns

# Named ( bind dns )
  pass in log on $ExtIf inet proto udp from any \
 to ($ExtIf) port domain queue i_dns
  pass in log on $ExtIf inet proto udp from bgnets \
 to ($ExtIf) port domain queue b_dns

# OpenSSH
  

Arpresolve route without link local address

[Атанас Владимиров]

Hi,
After upgrade to 08.01.2013 snapshot, I get a lot of

/bsd: arpresolve: XX.XX.XX.33: route without link local address

in /var/log/messages. XX.XX.XX.33 is my default gateway.

[ns]~$ cat /etc/hostname.em0
up
dhcp
-inet6

[ns]~$ tail /var/log/messages
...
Jan 10 20:31:47 ns /bsd: arpresolve: 94.26.7.33: route without link local
address
Jan 10 20:31:47 ns /bsd: arpresolve: 94.26.7.33: route without link local
address
...
Jan 10 20:36:47 ns /bsd: arpresolve: XX.XX.X.33: route without link local
address
Jan 10 20:36:47 ns last message repeated 7 times

I can provide more info if it's needed.

dmesg:

OpenBSD 5.2-current (GENERIC) #14: Tue Jan  8 14:13:14 MST 2013
dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: AMD Athlon(TM) XP1600+ (AuthenticAMD 686-class, 256KB L2 cache)
1.42 GHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE,MMXX,3DNOW2,3DNOW
real mem  = 402112512 (383MB)
avail mem = 384561152 (366MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 03/03/03, BIOS32 rev. 0 @ 0xf0d00,
SMBIOS rev. 2.3 @ 0xf2bc0 (46 entries)
bios0: vendor Award Software, Inc. version ASUS A7V266-C ACPI BIOS Rev
1014 date 03/03/2003
bios0: ASUSTeK Computer INC. A7V266-C
apm0 at bios0: Power Management spec V1.2
acpi at bios0 function 0x0 not configured
pcibios0 at bios0: rev 2.1 @ 0xf/0x1572
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf14b0/192 (10 entries)
pcibios0: PCI Interrupt Router at 000:17:0 (VIA VT82C586 ISA rev 0x00)
pcibios0: PCI bus #1 is the last bus
bios0: ROM list: 0xc/0x8000 0xc8000/0x1000 0xcc000/0x1000
cpu0 at mainbus0: (uniprocessor)
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 0 function 0 VIA VT8366 PCI rev 0x00
viaagp0 at pchb0: v2
agp0 at viaagp0: aperture at 0xfe80, size 0xe40
ppb0 at pci0 dev 1 function 0 VIA VT8366 AGP rev 0x00
pci1 at ppb0 bus 1
vga1 at pci0 dev 12 function 0 S3 ViRGE DX/GX rev 0x01
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
em0 at pci0 dev 13 function 0 Intel PRO/1000MT (82540EM) rev 0x02: irq
11, address 00:07:e9:10:32:a8
em1 at pci0 dev 15 function 0 Intel PRO/1000MT (82540EM) rev 0x02: irq
10, address 00:07:e9:10:2a:20
viapm0 at pci0 dev 17 function 0 VIA VT8233A ISA rev 0x00: SMI
iic0 at viapm0
lm1 at iic0 addr 0x2d: AS99127F
viapm0: 24-bit timer at 3579545Hz
pciide0 at pci0 dev 17 function 1 VIA VT82C571 IDE rev 0x06: ATA133,
channel 0 configured to compatibility, channel 1 confi
gured to compatibility
wd0 at pciide0 channel 0 drive 0: WDC WD800JB-00ETA0
wd0: 16-sector PIO, LBA48, 76319MB, 156301488 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5
pciide0: channel 1 disabled (no drives)
uhci0 at pci0 dev 17 function 2 VIA VT83C572 USB rev 0x23: irq 12
uhci1 at pci0 dev 17 function 3 VIA VT83C572 USB rev 0x23: irq 12
usb0 at uhci0: USB revision 1.0
uhub0 at usb0 VIA UHCI root hub rev 1.00/1.00 addr 1
usb1 at uhci1: USB revision 1.0
uhub1 at usb1 VIA UHCI root hub rev 1.00/1.00 addr 1
isa0 at mainbus0
isadma0 at isa0
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
com0: console
com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pcppi0 at isa0 port 0x61
spkr0 at pcppi0
npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
mtrr: Pentium Pro MTRR support
vscsi0 at root
scsibus0 at vscsi0: 256 targets
softraid0 at root
scsibus1 at softraid0: 256 targets
root on wd0a swap on wd0b dump on wd0b

PF 'traceroute -I host' 'tracert host' problem

[Атанас Владимиров]

Hi
I move from 4.6 to 4.7, rewrite my pf.conf rules to match new style.
Everything works fine, but when I try to traceroute a host with -I flag
(force to use icmp) on my obsd fw
I got Request time out on all hops exclude the last one, which I was my
target to traceroute. Here is an example:

[ns]~$ traceroute -I data.bg
traceroute to data.bg (195.149.248.130), 64 hops max, 60 byte packets
 1  * * *
 2  * * *
 3  * * *
 4  web.data.bg (195.149.248.130)  0.740 ms  0.707 ms  0.733 ms

As you can see only the last hop is present.
Example without -I flag (using udp);

[ns]~$ traceroute data.bg
traceroute to data.bg (195.149.248.130), 64 hops max, 40 byte packets
 1  gw.tbc.bg (94.26.7.33)  0.591 ms  0.462 ms  0.443 ms
 2  peer.tbc.bg (94.26.50.2)  0.961 ms  1.317 ms  1.965 ms
 3  85.91.141.65 (85.91.141.65)  0.866 ms  0.905 ms  1.93 ms
 4  web.data.bg (195.149.248.130)  0.847 ms  0.732 ms  0.712 ms

When I use 'tracert host' on MS Windows box behind my obsd fw, I got a same
behavior

 C:\Users\Administratortracert data.bg
Tracing route to data.bg [195.149.248.130]
over a maximum of 30 hops:
  11 ms1 ms1 ms  ns.bsdbg.net [192.168.1.1]
  2 *** Request timed out.
  3 *** Request timed out.
  4 *** Request timed out.
  51 ms 1 ms 1 ms  web.data.bg [195.149.248.130]
Trace complete.

Here first hop is my obsd fw. I use tcpdump to see what actually happens:

[ns]~# tcpdump -nettti pflog0 host vlado and icmp
tcpdump: listening on pflog0, link-type PFLOG
Aug 19 02:29:32.165656 rule 85/(match) pass in on em1: 192.168.1.2 
195.149.248.130: icmp: echo request [ttl 1]
Aug 19 02:29:33.168104 rule 120/(match) pass out on em0: 192.168.1.2 
195.149.248.130: icmp: echo request [ttl 1]
Aug 19 02:29:33.168117 rule 17/(match) match out on em0: 192.168.1.2 
195.149.248.130: icmp: echo request [ttl 1]
Aug 19 02:29:33.168128 rule 16/(match) match out on em0: 192.168.1.2 
195.149.248.130: icmp: echo request [ttl 1]
Aug 19 02:29:33.168593 rule 120/(match) pass in on em0: 94.26.7.33 
192.168.1.2: icmp: time exceeded in-transit [tos 0xc0]
Aug 19 02:29:33.168613 rule 14/(match) block out on em1: 94.26.7.33 
192.168.1.2: icmp: time exceeded in-transit [tos 0xc0]
Aug 19 02:29:36.960715 rule 120/(match) pass in on em0: 94.26.7.33 
192.168.1.2: icmp: time exceeded in-transit [tos 0xc0]
Aug 19 02:29:40.960831 rule 120/(match) pass in on em0: 94.26.7.33 
192.168.1.2: icmp: time exceeded in-transit [tos 0xc0]
Aug 19 02:29:44.962196 rule 120/(match) pass in on em0: 94.26.50.2 
192.168.1.2: icmp: time exceeded in-transit [tos 0xc0]
Aug 19 02:29:48.961438 rule 120/(match) pass in on em0: 94.26.50.2 
192.168.1.2: icmp: time exceeded in-transit [tos 0xc0]
Aug 19 02:29:52.961678 rule 120/(match) pass in on em0: 94.26.50.2 
192.168.1.2: icmp: time exceeded in-transit [tos 0xc0]
Aug 19 02:29:56.960795 rule 120/(match) pass in on em0: 85.91.141.65 
192.168.1.2: icmp: time exceeded in-transit
Aug 19 02:30:00.960785 rule 120/(match) pass in on em0: 85.91.141.65 
192.168.1.2: icmp: time exceeded in-transit
Aug 19 02:30:05.002249 rule 120/(match) pass in on em0: 85.91.141.65 
192.168.1.2: icmp: time exceeded in-transit
Aug 19 02:30:08.960640 rule 120/(match) pass in on em0: 195.149.248.130 
192.168.1.2: icmp: echo reply
Aug 19 02:30:08.961639 rule 120/(match) pass in on em0: 195.149.248.130 
192.168.1.2: icmp: echo reply
Aug 19 02:30:08.962888 rule 120/(match) pass in on em0: 195.149.248.130 
192.168.1.2: icmp: echo reply

When I turn off pf (pfctl -d) 'traceroute -I' work as it should.
I really don't know what happen.
Thanks in advance,
Atanas

Here is my pf.conf
##
pf.conf
##

 Macros ##

### Interfaces ###
 ExtIf =em0
 IntIf =em1

### Hosts ###
 vl=192.168.1.2
 jl=192.168.1.3
 ve=192.168.1.4
 ntp=192.168.1.5

### Queues, States and Types ###
 IcmpType =icmp-type 8 code 0
 SynState =flags S/SAFR synproxy state
 TcpState =flags S/SAFR modulate state
 UdpState =keep state

### Ports ###
# Squid
 squid=2020

# Remote Desktop Connection
 rdc_int=3389
 rdc_ext=4000

# Skype
 vl_skype=30001
 jl_skype=30002
 ve_skype=30003

# uTorrent
 vl_torrent=30004
 jl_torrent=30005
 ve_torrent=30006
 urange=30004:30006

# HFS
 vl_hfs=8080

# VsFTP
 ftprange=55000:6
 FtpPort =8021

# Symux
 symux=2100

# Battle.net
 bnet=6112

# Ssh
 ssh_ext=443

### Stateful Tracking Options (STO) ###
 ExtIfSTO  =(max 9000, source-track rule, max-src-conn 2000, max-src-nodes
254)
 IntIfSTO  =(max 250,  source-track rule, max-src-conn 100,  max-src-nodes
254, max-src-conn-rate 75/20)
 PostfxSTO =(max 100,  source-track rule, max-src-states 5,
max-src-nodes 30,  max-src-conn-rate 10/300, overload BLACKLIST flush
global, tcp.established 45)
 SpamdSTO  =(max 500,  source-track rule, max-src-conn 10,   max-src-nodes
300, max-src-conn-rate 2/300, tcp.established 10)
 SshSTO=(max 10,   source-track rule, max-src-conn 10,   max-src-nodes

Re: Apache Firefox and Ogg Theora (Byte-range requests)

[Атанас Владимиров]

2010/2/18 Pierre-Yves Ritschard p...@spootnik.org

  This appears to be due to the format of the string being passed to
  strtonum().  ap_strtol() was tolerant of it.  It's being passed the
  string from the Range: header.
 
  For example, the following valid request (taken directly from sniffing a
  wget session).
 
   GET /testfile HTTP/1.0
   Range: bytes=300417024-
 
  This ends up following the code path of the first strtonum() call around
  line 159 in http_protocol.c in the parse_byterange() function.  The
  string passed to strtonum to convert (r-range) not only contains the
  number from the header, but the trailing dash (300417024-), which
  strtonum does not like.  As strtonum fails, the start offset is set to
  0.
 
  This bug should be present on a 64-bit arch as well.
 
 
 Hi,

 I broke it when unbreaking support for large files in Content-Length (which
 would otherwise report 0). I'll have a diff ready soon which fixes that.

  - pyr.


I'm glad to hear this :)

Re: Apache can't resume downloads after upgrade to 4.6

[Атанас Владимиров]

2010/2/9 Matthew Mulrooney openbsd-2010.01...@matthew.mulrooney.ca


  I'm using OpenBSD since 4.4 and today I noticed that httpd server doesn''t
 support resuming while a file is downloading.


 The in-tree Apache (Apache 1.3.29 + improvements) doesn't support the range
 header (so you can't resume a previous download);  as far as I know, it
 never has.

 If you need resume support, install the Apache httpd 2.2.11 package.

 Matthew




Today I tried this: I installed OpenBSD 4.4 and OpenBSD 4.5 and after that I
ran the same test as yesterday.
The results:

#
Downloading from OpenBSD 4.4

[time]/root# wget -O ./xx http://192.168.1.10/pf
--19:58:39--  http://192.168.1.10/pf
   = `./xx'
Connecting to 192.168.1.10:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 5,242,880 [text/plain]

17%
[=
] 921,3022.12M/sETA 00:01^   C
[time]/root# wget -c -O ./xx http://192.168.1.10/pf
--19:58:52--  http://192.168.1.10/pf
   = `./xx'
Connecting to 192.168.1.10:80... connected.
HTTP request sent, awaiting response... 206 Partial Content
Length: 5,242,880 (3,944,746 to go) [text/plain]

69%
[
] 3,652,977  2.22M/sETA 00:00^   C
[time]/root# wget -c -O ./xx http://192.168.1.10/pf
--19:59:02--  http://192.168.1.10/pf
   = `./xx'
Connecting to 192.168.1.10:80... connected.
HTTP request sent, awaiting response... 206 Partial Content
Length: 5,242,880 (1,147,535 to go) [text/plain]

100%[==]
5,242,880  2.26M/sETA 00:00

19:59:02 (2.26 MB/s) - `./xx' saved [5242880/5242880]


#
Downloading from OpenBSD 4.5

[time]/root# wget -O ./xx http://192.168.1.10/pf
--20:26:44--  http://192.168.1.10/pf
   = `./xx'
Connecting to 192.168.1.10:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 20,971,520 [text/plain]

17%
[==
] 3,624,661  2.14M/sETA 00:07^C
[time]/root# wget -c -O ./xx http://192.168.1.10/pf
--20:26:51--  http://192.168.1.10/pf
   = `./xx'
Connecting to 192.168.1.10:80... connected.
HTTP request sent, awaiting response... 206 Partial Content
Length: 20,971,520 (16,945,451 to go) [text/plain]

47%
[=
] 9,952,621  2.28M/sETA 00:04^C
[time]/root# wget -c -O ./xx http://192.168.1.10/pf
--20:26:56--  http://192.168.1.10/pf
   = `./xx'
Connecting to 192.168.1.10:80... connected.
HTTP request sent, awaiting response... 206 Partial Content
Length: 20,971,520 (10,576,531 to go) [text/plain]

80%
[==
] 16,878,596 2.17M/sETA 00:01^C
[time]/root# wget -c -O ./xx http://192.168.1.10/pf
--20:27:02--  http://192.168.1.10/pf
   = `./xx'
Connecting to 192.168.1.10:80... connected.
HTTP request sent, awaiting response... 206 Partial Content
Length: 20,971,520 (3,929,084 to go) [text/plain]

100%[=]
20,971,520 2.30M/sETA 00:00

20:27:03 (2.30 MB/s) - `./xx' saved [20971520/20971520]

As you can see Apache supports resume in both OBSD 4.4 and OBSD 4.5.
Why it isn't like this in OBSD 4.6?

Atanas

Apache can't resume downloads after upgrade to 4.6

[Атанас Владимиров]

Hello misc,
I'm using OpenBSD since 4.4 and today I noticed that httpd server doesn''t
support resuming while a file is downloading.
I made an upgrade from 4.5 to 4.6 couple days ago. I googled this problem
and it appears that Apache supports resuming by default. I made the
following  tests:
I ran orbit downloader on a Windows machine and it turns out that the web
server doesn't support resuming. When pausing the download everything begins
from scratch after resuming.
I ran wget on my time server (FreeBSD 4.11)  and here are the results:

==
[time]/root# wget -c -O ./xx http://bsdbg.net/pf
--22:58:36--  http://bsdbg.net/pf
   = `./xx'
Resolving bsdbg.net... done.
Connecting to bsdbg.net[192.168.1.1]:80... connected.
HTTP request sent, awaiting response... 200 OK

Continued download failed on this file, which conflicts with `-c'.
Refusing to truncate existing file `pf'.



All of the tests were made after resetting the Apache config to default.
Has anyone experienced such problems?
Thanks in advance.

*Here is uname:*

[ns]~# uname -a
OpenBSD ns.bsdbg.net 4.6 GENERIC#0 i386



*Here is dmesg*

[ns]~# dmesg
OpenBSD 4.6-stable (GENERIC) #0: Fri Feb  5 20:34:04 EET 2010
r...@ns.bsdbg.net:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: AMD Sempron(tm) Processor 3200+ (AuthenticAMD 686-class, 128KB L2
cache) 1.81 GHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SSE3,CX16
real mem  = 1055420416 (1006MB)
avail mem = 1011703808 (964MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 02/05/08, BIOS32 rev. 0 @ 0xf2030,
SMBIOS rev. 2.4 @ 0xf (70 entries)
bios0: vendor Phoenix Technologies, LTD version ASUS M2NPV-VM ACPI BIOS
Revision 1301 date 02/05/2008
bios0: ASUSTek Computer INC. M2NPV-VM
acpi0 at bios0: rev 2
acpi0: tables DSDT FACP MCFG APIC
acpi0: wakeup devices HUB0(S5) XVRA(S5) XVRB(S5) XVRC(S5) UAR1(S5) UAR2(S5)
PS2M(S4) PS2K(S4) USB0(S4) USB2(S4) AZAD(S5) MMAC(S5) MMCI(S5)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: apic clock running at 200MHz
ioapic0 at mainbus0: apid 2 pa 0xfec0, version 11, 24 pins
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 1 (HUB0)
acpicpu0 at acpi0
acpitz0 at acpi0: critical temperature 75 degC
acpibtn0 at acpi0: PWRB
bios0: ROM list: 0xc/0xec00
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
NVIDIA C51 Host rev 0xa2 at pci0 dev 0 function 0 not configured
NVIDIA C51 Memory rev 0xa2 at pci0 dev 0 function 1 not configured
NVIDIA C51 Memory rev 0xa2 at pci0 dev 0 function 2 not configured
NVIDIA C51 Memory rev 0xa2 at pci0 dev 0 function 3 not configured
NVIDIA C51 Memory rev 0xa2 at pci0 dev 0 function 4 not configured
NVIDIA C51 Memory rev 0xa2 at pci0 dev 0 function 5 not configured
NVIDIA C51 Memory rev 0xa2 at pci0 dev 0 function 6 not configured
NVIDIA C51 Memory rev 0xa2 at pci0 dev 0 function 7 not configured
vga1 at pci0 dev 5 function 0 NVIDIA GeForce 6150 rev 0xa2
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
NVIDIA MCP51 Host rev 0xa2 at pci0 dev 9 function 0 not configured
pcib0 at pci0 dev 10 function 0 NVIDIA MCP51 ISA rev 0xa3
nviic0 at pci0 dev 10 function 1 NVIDIA MCP51 SMBus rev 0xa3
iic0 at nviic0
spdmem0 at iic0 addr 0x50: 512MB DDR2 SDRAM non-parity PC2-5300CL5
spdmem1 at iic0 addr 0x51: 512MB DDR2 SDRAM non-parity PC2-5300CL5
iic1 at nviic0
NVIDIA MCP51 Memory rev 0xa3 at pci0 dev 10 function 2 not configured
pciide0 at pci0 dev 13 function 0 NVIDIA MCP51 IDE rev 0xa1: DMA, channel
0 configured to compatibility, channel 1 configured to compatibility
wd0 at pciide0 channel 0 drive 0: WDC WD800JB-00JJC0
wd0: 16-sector PIO, LBA, 76319MB, 156301488 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5
pciide0: channel 1 disabled (no drives)
ppb0 at pci0 dev 16 function 0 NVIDIA MCP51 PCI-PCI rev 0xa2
pci1 at ppb0 bus 1
xl0 at pci1 dev 8 function 0 3Com 3c905C 100Base-TX rev 0x74: apic 2 int
16 (irq 10), address 00:50:da:e1:34:84
bmtphy0 at xl0 phy 24: 3C905C internal PHY, rev. 6
xl1 at pci1 dev 9 function 0 3Com 3c905C 100Base-TX rev 0x74: apic 2 int
17 (irq 11), address 00:04:76:18:a5:3f
bmtphy1 at xl1 phy 24: 3C905C internal PHY, rev. 6
pchb0 at pci0 dev 24 function 0 AMD AMD64 0Fh HyperTransport rev 0x00
pchb1 at pci0 dev 24 function 1 AMD AMD64 0Fh Address Map rev 0x00
pchb2 at pci0 dev 24 function 2 AMD AMD64 0Fh DRAM Cfg rev 0x00
kate0 at pci0 dev 24 function 3 AMD AMD64 0Fh Misc Cfg rev 0x00: core rev
DH-F2
isa0 at pcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pcppi0 at isa0 port 0x61
midi0 at pcppi0: PC speaker
spkr0 at pcppi0
it0 at isa0 port 0x2e/2: