Re: Unbound in base, yes, what about ldns?
Thanks. 2014-03-20 1:44 GMT+02:00 Chris Smith obsd_m...@chrissmith.org: See the thread unbound dnssec revisited I started on 12/30/2013 for some hints. Looks like creating a new directory with the proper permissions is the best way to go. On Wed, Mar 19, 2014 at 7:01 PM, Àòàíàñ Âëàäèìèðîâ don.na...@gmail.com wrote: Hi, Sorry for Off-topic, but when you enable DNSSEC validation and fetch a root key with unbound-anchor(8) (needs root) the following error shows up in /var/log/messages: unbound: [0:0] error: could not open autotrust file for writing, /etc/root.key.29136-0: Permission denied May be this is because _unbound user has no rights to write to /var/unbound/etc/ after chroot. Am I correct? Any solutions? Best regards, Atanas
Re: PPTP after removing of userland ppp(8)
2014-03-20 1:15 GMT+02:00 Stefan Sperling s...@openbsd.org: ppp(8) used net/pptp as a pseudo-device via pipes to a pptp process. With pppd(8) I don't think there is support for using a pipe to a separate process as a device. Perhaps there is another way to make pptp work with pppd. I don't know. npppd supports PPTP but I believe it's currently server-side only. One possible path forward would be PPTP-client support in npppd. I don't know if there are any plans for this and I don't have any such plans myself. Yes, it's only server-side Even though I'm still listed as maintainer of net/pptp I haven't used it in a long time. If net/pptp goes away I won't miss it. From FAQ: PPTP The Point to Point Tunneling Protocol (PPTP) is a proprietary Microsoft protocol. A pptp client is available which interfaces with pppd(8)http://www.openbsd.org/cgi-bin/man.cgi?query=pppdsektion=8 and is capable of connecting to the PPTP-based Virtual Private Networks (VPN) used by some cable and xDSL providers. pptp itself must be installed from packages http://www.openbsd.org/faq/faq15.html#PkgMgmt or portshttp://www.openbsd.org/faq/faq15.html#Ports. Further instructions on setting up and using pptp are available in the man page which is installed with the pptp package. Is the following patch correct: --- faq6.html Mon Dec 2 09:06:04 2013 +++ faq6.html.new Thu Mar 20 10:35:38 2014 @@ -982,7 +982,7 @@ The Point to Point Tunneling Protocol (PPTP) is a proprietary Microsoft protocol. A pptp client is available which interfaces with -a href=http://www.openbsd.org/cgi-bin/man.cgi?query=pppdamp;sektion=8 pppd(8)/a +a href= http://www.openbsd.org/cgi-bin/man.cgi?query=pppamp;sektion=8amp;manpath=OpenBSD+5.4 ppp(8)/a and is capable of connecting to the PPTP-based Virtual Private Networks (VPN) used by some cable and xDSL providers. pptp itself must be installed from a href=faq15.html#PkgMgmtpackages/a
PPTP after removing of userland ppp(8)
Hi, I was running PPTP client pptp-1.7.2p4 with userland ppp(8). It was a basic setup from pptp(8) manual page and specifically PPTP on a router example. What are my alternatives to run PPTP to connect to Microsoft VPN server? May I use ppp(4) and pppd(8) and if so can you point me to the right direction. Thanks for your time. Atanas
Re: Unbound in base, yes, what about ldns?
Hi, Sorry for Off-topic, but when you enable DNSSEC validation and fetch a root key with unbound-anchor(8) (needs root) the following error shows up in /var/log/messages: unbound: [0:0] error: could not open autotrust file for writing, /etc/root.key.29136-0: Permission denied May be this is because _unbound user has no rights to write to /var/unbound/etc/ after chroot. Am I correct? Any solutions? Best regards, Atanas
Re: Dovecot bsdauth(user): unknown user
Oof. I didn't notice this earlier, but you're running -current, and this has seen some changes in the last week. You might want to take a look at this thread: http://marc.info/?t=13910782254r=1w=2 I don't have an easy way to test (not running -current or using passwd/bsdauth), and it's not clear from the discussion whether the changes that fixed dovecot in Brad's testing were committed or not. However, it looks like one more fix to getpwent.c was committed after your last update, and it's probably worth trying. Based on the info you provided, today I made another `make release`. Now everything is working as it should be. Sorry for making a fuss and thanks for the help. Atanas Vladimirov
Re: Dovecot bsdauth(user): unknown user
# pwd_mkdb usage: pwd_mkdb [-c] [-p | -s] [-d directory] [-u username] file # pwd_mkdb -c /etc/master.passwd # It seems that everything is OK, isn't it?. Did the problems with unknown user persist afterward? Yes, the problem persist. $ sudo doveadm auth test vlado Password: passdb: vlado auth failed extra fields: user=vlado $ sudo pwd_mkdb usage: pwd_mkdb [-c] [-p | -s] [-d directory] [-u username] file $ sudo pwd_mkdb -c /etc/master.passwd $ sudo doveadm auth test vlado Password: passdb: vlado auth failed extra fields: user=vlado $ tail /var/log/maillog Mar 10 08:08:16 ns dovecot: auth-worker(21267): bsdauth(vlado): unknown user (given password: K4*x9) Mar 10 08:08:51 ns dovecot: auth-worker(21267): bsdauth(vlado): unknown user (given password: Qa*we00) Mar 10 08:09:41 ns dovecot: auth-worker(21267): bsdauth(vlado): unknown user (given password: K*rx9) Mar 10 08:10:18 ns dovecot: auth-worker(21267): bsdauth(vlado): unknown user (given password: K*x9) If I enter wrong password error for the account that is working normaly, error is password mismatch. With correct password for the same account the log is silent as it should to be. $ sudo doveadm auth test jul Password: passdb: jul auth failed extra fields: user=jul $ tail /var/log/maillog Mar 10 09:50:38 ns dovecot: auth-worker(836): bsdauth(jul): Password mismatch (given password: Qazxsw)
Re: Dovecot bsdauth(user): unknown user
No, they had default login class. I'm still trying to find out some pattern when and why this behavior occurs. When I create new account with `useradd accountname` then set a password with `passwd accountname` and then `doveadm auth test accountname`, everything seems good. Then `usermod -L default accountname` and doveadm auth failed. When I created new account with adduser - doveadm failed. An old account on the system works fine no matter in which loggin class I move it. I tried to move my account to other class without any luck. Here is my login.conf. I can provide other info, too. Thanks for your time. $ cat /etc/login.conf # $OpenBSD: login.conf.in,v 1.6 2012/02/06 21:25:13 sobrado Exp $ # # Sample login.conf file. See login.conf(5) for details. # # # Standard authentication styles: # # krb5-or-pwd First try Kerberos V password, then local password file # passwdUse only the local password file # krb5 Use only the Kerberos V password # chpassDo not authenticate, but change users password (change # the YP password if the user has one, else change the # local password) # lchpass Do not login; change user's local password instead # radiusUse radius authentication # rejectUse rejected authentication # skey Use S/Key authentication # activ ActivCard X9.9 token authentication # cryptoCRYPTOCard X9.9 token authentication # snk Digital Pathways SecureNet Key authentication # tis TIS Firewall Toolkit authentication # token Generic X9.9 token authentication # yubikey YubiKey authentication # # Default allowed authentication styles auth-defaults:auth=passwd,skey: # Default allowed authentication styles for authentication type ftp auth-ftp-defaults:auth-ftp=passwd: # # The default values # To alter the default authentication types change the line: # :tc=auth-defaults:\ # to be read something like: (enables passwd, myauth, and activ) # :auth=passwd,myauth,activ:\ # Any value changed in the daemon class should be reset in default # class. # default:\ :path=/usr/bin /bin /usr/sbin /sbin /usr/X11R6/bin /usr/local/bin /usr/local/sbin:\ :umask=022:\ :datasize-max=512M:\ :datasize-cur=512M:\ :maxproc-max=256:\ :maxproc-cur=128:\ :openfiles-cur=512:\ :stacksize-cur=4M:\ :localcipher=blowfish,6:\ :ypcipher=old:\ :tc=auth-defaults:\ :tc=auth-ftp-defaults: # # Settings used by /etc/rc and root # This must be set properly for daemons started as root by inetd as well. # Be sure reset these values back to system defaults in the default class! # daemon:\ :ignorenologin:\ :datasize=infinity:\ :maxproc=infinity:\ :openfiles-cur=128:\ :stacksize-cur=8M:\ :localcipher=blowfish,8:\ :tc=default: dovecot:\ :openfiles-cur=512:\ :openfiles-max=2048:\ :tc=daemon: # # Staff have fewer restrictions and can login even when nologins are set. # staff:\ :datasize-cur=2048M:\ :datasize-max=infinity:\ :maxproc-max=512:\ :maxproc-cur=128:\ :ignorenologin:\ :requirehome@:\ :tc=default: # # Authpf accounts get a special motd and shell # authpf:\ :welcome=/etc/motd.authpf:\ :shell=/usr/sbin/authpf:\ :tc=default: # # Override resource limits for certain daemons started by rc.d(8) # bgpd:\ :openfiles-cur=512:\ :tc=daemon: 2014-03-09 15:19 GMT+02:00 Alexander Hall alexan...@beard.se: On 03/08/14 23:30, Àòàíàñ Âëàäèìèðîâ wrote: Hi, I have a very strange problem with one user. After upgrade from home made release today dovecot stoped authenticating my account. Root and other accounts are working well. I also made two new accounts which worked as they should. It seems that for dovecot my account (vlado) not exists. Thanks for any help. Do the two new accounts have the same login class (=staff)? I would check the various auth= and auth-*= settings in /etc/login.conf. /Alexander In case the error message is a bit misleading # /var/log/maillog: Mar 8 23:40:20 ns dovecot: auth-worker(2646): bsdauth(vlado): unknown user (given password: Qazxswe00) Mar 8 23:42:12 ns dovecot: auth-worker(6589): bsdauth(vlado): unknown user (given password: Qzxswe00) Mar 8 23:42:40 ns dovecot: auth-worker(6589): bsdauth(vlado): unknown user (given password: Qawe00) Mar 8 23:43:15 ns dovecot: auth-worker(6589): bsdauth(vlado): unknown user (given password: Qaze00) Mar 8 23:43:36 ns dovecot: auth-worker(6589): bsdauth(vlado): unknown user (given password: dsd) # /etc/passwd _dovecot:*:518:518:Dovecot Account:/nonexistent:/sbin/nologin _dovenull:*:666:666:Dovecot Login User:/nonexistent:/sbin/nologin _netflow:*:575:575:flow-tools
Re: Dovecot bsdauth(user): unknown user
What happens if you just run pwd_mkdb -c /etc/master.passwd as root? What about just pwd_mkdb? It looks like the error you're seeing in the log (bsdauth(vlado): unknown user...) comes down to a failure in getpwent_r(), and would be causing problems before the user's login class is relevant. # pwd_mkdb usage: pwd_mkdb [-c] [-p | -s] [-d directory] [-u username] file # pwd_mkdb -c /etc/master.passwd # It seems that everything is OK, isn't it?.
Dovecot bsdauth(user): unknown user
Hi, I have a very strange problem with one user. After upgrade from home made release today dovecot stoped authenticating my account. Root and other accounts are working well. I also made two new accounts which worked as they should. It seems that for dovecot my account (vlado) not exists. Thanks for any help. # /var/log/maillog: Mar 8 23:40:20 ns dovecot: auth-worker(2646): bsdauth(vlado): unknown user (given password: Qazxswe00) Mar 8 23:42:12 ns dovecot: auth-worker(6589): bsdauth(vlado): unknown user (given password: Qzxswe00) Mar 8 23:42:40 ns dovecot: auth-worker(6589): bsdauth(vlado): unknown user (given password: Qawe00) Mar 8 23:43:15 ns dovecot: auth-worker(6589): bsdauth(vlado): unknown user (given password: Qaze00) Mar 8 23:43:36 ns dovecot: auth-worker(6589): bsdauth(vlado): unknown user (given password: dsd) # /etc/passwd _dovecot:*:518:518:Dovecot Account:/nonexistent:/sbin/nologin _dovenull:*:666:666:Dovecot Login User:/nonexistent:/sbin/nologin _netflow:*:575:575:flow-tools user:/var/empty:/sbin/nologin _nfcapd:*:649:649:nfcapd user:/nonexistent:/sbin/nologin vlado:*:1000:1000:Atanas Vladimirov:/home/vlado:/bin/ksh # /etc/master.passwd _netflow:*:575:575:daemon:0:0:flow-tools user:/var/empty:/sbin/nologin _nfcapd:*:649:649:daemon:0:0:nfcapd user:/nonexistent:/sbin/nologin vlado:$2a$06$iVr1p*hmfMLW:1000:1000:staff:0:0:Atanas Vladimirov:/home/vlado:/bin/ksh # $ dovecot -n # 2.2.10: /etc/dovecot/dovecot.conf # OS: OpenBSD 5.5 i386 auth_debug = yes auth_verbose = yes auth_verbose_passwords = plain first_valid_uid = 1000 imap_client_workarounds = delay-newmail tb-extra-mailbox-sep tb-lsub-flags mail_debug = yes mbox_write_locks = fcntl mmap_disable = yes namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox Sent Messages { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { driver = bsdauth } pop3_client_workarounds = outlook-no-nuls oe-ns-eoh ssl = required ssl_cert = /etc/ssl/dovecotcert.pem ssl_key = /etc/ssl/private/dovecot.pem userdb { driver = passwd } # dmesg: OpenBSD 5.5-current (GENERIC.MP) #0: Sat Mar 8 14:41:24 EET 2014 r...@i386.bsdbg.net:/usr/src/sys/arch/i386/compile/GENERIC.MP cpu0: AMD Athlon(tm) 64 X2 Dual Core Processor 4400+ (AuthenticAMD 686-class, 512KB L2 cache) 2.31 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,NXE,MMXX,FFXSR,LON G,3DNOW2,3DNOW,SSE3,CX16,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,3DNOWP real mem = 2129096704 (2030MB) avail mem = 2081988608 (1985MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 06/02/10, BIOS32 rev. 0 @ 0xf2030, SMBIOS rev. 2.4 @ 0xf (70 entries) bios0: vendor Phoenix Technologies, LTD version ASUS M2NPV-VM ACPI BIOS Revision 5005 date 06/02/2010 bios0: ASUSTek Computer INC. M2NPV-VM acpi0 at bios0: rev 2 acpi0: sleep states S0 S1 S3 S4 S5 acpi0: tables DSDT FACP MCFG APIC acpi0: wakeup devices HUB0(S5) XVRA(S5) XVRB(S5) XVRC(S5) UAR1(S5) UAR2(S5) PS2M(S4) PS2K(S4) USB0(S4) USB2(S4) AZAD(S5) MMAC (S5) MMCI(S5) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimcfg0 at acpi0 addr 0xe000, bus 0-255 acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges cpu0: apic clock running at 200MHz cpu1 at mainbus0: apid 1 (application processor) cpu1: AMD Athlon(tm) 64 X2 Dual Core Processor 4400+ (AuthenticAMD 686-class, 512KB L2 cache) 2.31 GHz cpu1: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,NXE,MMXX,FFXSR,LON G,3DNOW2,3DNOW,SSE3,CX16,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,3DNOWP ioapic0 at mainbus0: apid 4 pa 0xfec0, version 11, 24 pins ioapic0: misconfigured as apic 0, remapped to apid 4 acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 1 (HUB0) acpicpu0 at acpi0 acpicpu1 at acpi0 acpitz0 at acpi0: critical temperature is 75 degC acpibtn0 at acpi0: PWRB aibs0 at acpi0 RTMP RVLT RFAN aibs0: FSIF: misformed package: 3/5, assume 5 bios0: ROM list: 0xc/0xec00 0xd4000/0x1000 0xd5000/0x1000 pci0 at mainbus0 bus 0: configuration mode 1 (bios) NVIDIA C51 Host rev 0xa2 at pci0 dev 0 function 0 not configured NVIDIA C51 Memory rev 0xa2 at pci0 dev 0 function 2 not configured NVIDIA C51 Memory rev 0xa2 at pci0 dev 0 function 3 not configured NVIDIA C51 Memory rev 0xa2 at pci0 dev 0 function 4 not configured NVIDIA C51 Memory rev 0xa2 at pci0 dev 0 function 5 not configured NVIDIA C51 Memory rev 0xa2 at pci0 dev 0 function 6 not configured NVIDIA C51 Memory rev 0xa2 at pci0 dev 0 function 7 not configured vga1 at pci0 dev 5 function 0 NVIDIA
Re: Kernel Panic with Mon May 13 snapshot
Hi, I built a kernel that include the fix in pf.c and everything is fine now. Thanks, Atanas Vladimirov [ns]~$ uptime 5:37PM up 3 days, 3:44, 1 user, load averages: 1.23, 0.74, 0.64 [ns]~$ dmesg OpenBSD 5.3-current (GENERIC) #0: Wed May 15 23:59:01 EEST 2013 vl...@ns.bsdbg.net:/usr/src/sys/arch/i386/compile/GENERIC cpu0: AMD Athlon(TM) XP1600+ (AuthenticAMD 686-class, 256KB L2 cache) 1.42 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE,MMXX,3DNOW2,3DNOW real mem = 804765696 (767MB) avail mem = 780185600 (744MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 03/03/03, BIOS32 rev. 0 @ 0xf0d00, SMBIOS rev. 2.3 @ 0xf2bc0 (46 entries) bios0: vendor Award Software, Inc. version ASUS A7V266-C ACPI BIOS Rev 1014 date 03/03/2003 bios0: ASUSTeK Computer INC. A7V266-C apm0 at bios0: Power Management spec V1.2 (BIOS management disabled) apm0: APM power management enable: unrecognized device ID (9) apm0: APM engage (device 1): power management disabled (1) acpi at bios0 function 0x0 not configured pcibios0 at bios0: rev 2.1 @ 0xf/0x1572 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf14b0/192 (10 entries) pcibios0: PCI Interrupt Router at 000:17:0 (VIA VT82C586 ISA rev 0x00) pcibios0: PCI bus #1 is the last bus bios0: ROM list: 0xc/0x8000 0xc8000/0x1000 0xcc000/0x1000 cpu0 at mainbus0: (uniprocessor) pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 0 function 0 VIA VT8366 PCI rev 0x00 viaagp0 at pchb0: v2 agp0 at viaagp0: aperture at 0xfe80, size 0xe40 ppb0 at pci0 dev 1 function 0 VIA VT8366 AGP rev 0x00 pci1 at ppb0 bus 1 vga1 at pci0 dev 12 function 0 S3 ViRGE DX/GX rev 0x01 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) em0 at pci0 dev 13 function 0 Intel PRO/1000MT (82540EM) rev 0x02: irq 11, address 00:07:e9:10:32:a8 em1 at pci0 dev 15 function 0 Intel PRO/1000MT (82540EM) rev 0x02: irq 10, address 00:07:e9:10:2a:20 viapm0 at pci0 dev 17 function 0 VIA VT8233A ISA rev 0x00: SMI iic0 at viapm0 lm1 at iic0 addr 0x2d: AS99127F viapm0: 24-bit timer at 3579545Hz pciide0 at pci0 dev 17 function 1 VIA VT82C571 IDE rev 0x06: ATA133, channel 0 configured to compatibility, channel 1 confi gured to compatibility wd0 at pciide0 channel 0 drive 0: WDC WD800JB-00ETA0 wd0: 16-sector PIO, LBA48, 76319MB, 156301488 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5 pciide0: channel 1 disabled (no drives) uhci0 at pci0 dev 17 function 2 VIA VT83C572 USB rev 0x23: irq 12 uhci1 at pci0 dev 17 function 3 VIA VT83C572 USB rev 0x23: irq 12 usb0 at uhci0: USB revision 1.0 uhub0 at usb0 VIA UHCI root hub rev 1.00/1.00 addr 1 usb1 at uhci1: USB revision 1.0 uhub1 at usb1 VIA UHCI root hub rev 1.00/1.00 addr 1 isa0 at mainbus0 isadma0 at isa0 com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo com0: console com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pcppi0 at isa0 port 0x61 spkr0 at pcppi0 npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 mtrr: Pentium Pro MTRR support vscsi0 at root scsibus0 at vscsi0: 256 targets softraid0 at root scsibus1 at softraid0: 256 targets root on wd0a (b198b672451a33ab.a) swap on wd0b dump on wd0b WARNING: / was not properly unmounted
Kernel Panic with Mon May 13 snapshot
Hi, I had a kernel panic after upgrade to latest snapshot. `trace` and `ps` follows, dmesg at bottom OpenBSD/i386 (ns.bsdbg.net) (tty00) login:pool_do_get: pfstatekeypl: curpage NULL, nitems 1 panic: pool_do_get: nitems inconsistent Stopped at Debugger+0x4: popl%ebp RUN AT LEAST 'trace' AND 'ps' AND INCLUDE OUTPUT WHEN REPORTING THIS PANIC! DO NOT EVEN BOTHER REPORTING THIS WITHOUT INCLUDING THAT INFORMATION! ddb trace Debugger(d095e5d8,f54f5930,d093c980,f54f5930,d0a48814) at Debugger+0x4 panic(d093c980,d09351a0,1,400,d6613400) at panic+0x5d pool_do_get(d0aab860,a,f54f59d4,d0449222,f57b51d0) at pool_do_get+0x2e3 pool_get(d0aab860,a,f54f5a04,d03d4904,a) at pool_get+0x47 pf_alloc_state_key(a,7fff,0,f54f59d4,f57b51c8) at pf_alloc_state_key+0x19 pf_state_key_setup(f54f5b5c,f54f5ae8,f54f5ae4,0,0) at pf_state_key_setup+0x34 pf_test_rule(f54f5b5c,f54f5b50,f54f5b4c,f54f5b54,f54f5b48) at pf_test_rule+0xd1 d pf_test(2,2,d1a10030,f54f5cac,0) at pf_test+0xd6a ip_output(d6613400,0,d0ac0724,1,0) at ip_output+0x54d ip_forward(d6613400,0,d1abf000,f54f5eac,0) at ip_forward+0x1be ipv4_input(d6613400,6,f54f5ec4,d04a1a35,d020305d) at ipv4_input+0x37b ipintr(d020305d,d19f66a0,f54f5ee4,d05d658f,0) at ipintr+0x73 netintr(0,d19f7500,d65fa2e8,0,d0202042) at netintr+0xc5 softintr_dispatch(1) at softintr_dispatch+0x4f Xsoftnet() at Xsoftnet+0x12 --- interrupt --- apm_cpu_idle(d0432c25,d0ab5264,d0b6e760,f54f4000,d65fa174) at apm_cpu_idle+0x8a cpu_idle_cycle(d0b6e760) at cpu_idle_cycle+0xc Bad frame pointer: 0xd0c36e28 ddb ps PID PPID PGRPUID S FLAGS WAIT COMMAND 10464 24684 26061 0 30x80 netio ping 24684 26061 26061 0 30x88 pause sh 12010 1 12010601 30x80 kqreadunbound 17194 5156 5156 67 30x80 netconphp-fpm-5.3 32405 5156 5156 67 30x80 netconphp-fpm-5.3 1145 5156 5156 67 30x80 netconphp-fpm-5.3 1090 18553 1090 1000 30x80 kqreadtmux 18553 27685 18553 1000 30x88 pause ksh 27685 30126 30126 1000 30x80 selectsshd 30126830 30126 0 30x80 poll sshd 7331 10843 10843 67 30x80 kqreadnginx 15631 1 15631 0 30x80 selectssh 20013 8951 20013 1000 30x80 selectventrilo_srv 2271 1 1 0 30x88 pause ldattach 5833 1 5833 0 30x80 ttyin getty 1755 1 1755 0 30x80 ttyin getty 22092 1 22092 0 30x80 ttyin getty 2192 1 2192 0 30x80 ttyin getty 11132 1 11132 0 30x80 ttyin getty 23104 1 23104 0 30x80 ttyin getty 21475 1 21475 0 30x80 selectcron 20869 1 20869 67 30x80 kqreadthttpd 15354 1 15354 0 30x80 selectsymux 26694 1 26694535 30x80 nanosleep symon 22426 1 22426 1001 30x80 nanosleep perl 8951 13314 8951 1000 30x80 ttyin ksh 13314 1 13314 1000 30x80 kqreadtmux 5427 32025 18182515 30x80 netio log_file_daemon 1669 1 2292697 30x80 poll cvsyncd 32025 18182 18182515 30x80 poll squid 18182 1 18182515 30x80 wait squid 24708 2226 26353502 3 0x4100080 sigwait mysqld 2360 2226 26353502 3 0x4100080 thrsleep mysqld 2813 2226 26353502 3 0x4100080 selectmysqld 15086 2226 26353502 3 0x4100080 selectmysqld 28516 2226 26353502 3 0x4100080 selectmysqld 25548 2226 26353502 3 0x4100080 thrsleep mysqld 13217 2226 26353502 3 0x4100080 thrsleep mysqld 4672 2226 26353502 3 0x4100080 thrsleep mysqld 25375 2226 26353502 3 0x4100080 thrsleep mysqld 7368 2226 26353502 30x80 selectmysqld 2226 1 26353 0 30x88 pause sh 5156 1 5156 0 30x80 kqreadphp-fpm-5.3 30395 1 30395 62 30x80 bpf spamlogd 27623 1163 1163 62 30x80 piperdspamd 26 1163 1163 62 30x80 selectspamd 1163 1 1163 62 30x80 nanosleep spamd 21585 1 21585 71 30x80 kqreadftp-proxy 10843 1 10843 0 30x88 pause nginx 17208 16088 16088 95 30x80 kqreadsmtpd 1515 16088 16088 95 30x80 kqreadsmtpd 27291 16088 16088 95 30x80 kqreadsmtpd 15064 16088
Re: Kernel Panic with Mon May 13 snapshot
2013/5/15 Ted Unangst t...@tedunangst.com On Wed, May 15, 2013 at 22:31, ?? ?? wrote: Hi, I had a kernel panic after upgrade to latest snapshot. `trace` and `ps` follows, dmesg at bottom OpenBSD/i386 (ns.bsdbg.net) (tty00) login:pool_do_get: pfstatekeypl: curpage NULL, nitems 1 There was a fix to pf.c made yesterday that I would guess fixes this. May I try to build and install a new kernel with that fix, or to wait for a new snapshot? Thank you. Atanas Vladimirov
Re: Arpresolve route without link local address
Hi, I added those two lines after block lines in my pf.conf: pass quick from (self) to 94.26.7.0/24 set queue b_ack pass quick from 94.26.7.0/24 to (self) set queue b_ack I'm still get the same error. Also I found that permanent static MAC disappear when dhclient recieve a leases from my ISP DHCP server. In fact every static MAC that I set is gone after dhclient leases. Is that normal? [ns]~$ cat /etc/ether.mac XX.XX.XX.33 00:50:45:5f:16:58 permanent 192.168.1.2 6c:f0:49:00:7f:9b permanent [ns]~$ sudo arp -da sudo arp -Ff /etc/ether.mac [ns]~$ arp -na ? (XX.XX.XX.33) at 00:50:45:5f:16:58 on em0 permanent static ? (192.168.1.2) at 6c:f0:49:00:7f:9b on vlan41 permanent static After 5 min, when dhclient recieve leases: [ns]~$ arp -na ? (XX.XX.XX.33) at 00:50:45:5f:16:58 on em0 ? (192.168.1.2) at 6c:f0:49:00:7f:9b on vlan41 Vlan41 is on top of em1. Shoud I report this behavior as bug? dmesg: OpenBSD 5.2-current (GENERIC) #19: Mon Jan 21 17:55:18 MST 2013 t...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC cpu0: AMD Athlon(TM) XP1600+ (AuthenticAMD 686-class, 256KB L2 cache) 1.42 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE,MMXX,3DNOW2,3DNOW real mem = 402112512 (383MB) avail mem = 384552960 (366MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 03/03/03, BIOS32 rev. 0 @ 0xf0d00, SMBIOS rev. 2.3 @ 0xf2bc0 (46 entries) bios0: vendor Award Software, Inc. version ASUS A7V266-C ACPI BIOS Rev 1014 date 03/03/2003 bios0: ASUSTeK Computer INC. A7V266-C apm0 at bios0: Power Management spec V1.2 acpi at bios0 function 0x0 not configured pcibios0 at bios0: rev 2.1 @ 0xf/0x1572 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf14b0/192 (10 entries) pcibios0: PCI Interrupt Router at 000:17:0 (VIA VT82C586 ISA rev 0x00) pcibios0: PCI bus #1 is the last bus bios0: ROM list: 0xc/0x8000 0xc8000/0x1000 0xcc000/0x1000 cpu0 at mainbus0: (uniprocessor) pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 0 function 0 VIA VT8366 PCI rev 0x00 viaagp0 at pchb0: v2 agp0 at viaagp0: aperture at 0xfe80, size 0xe40 ppb0 at pci0 dev 1 function 0 VIA VT8366 AGP rev 0x00 pci1 at ppb0 bus 1 vga1 at pci0 dev 12 function 0 S3 ViRGE DX/GX rev 0x01 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) em0 at pci0 dev 13 function 0 Intel PRO/1000MT (82540EM) rev 0x02: irq 11, address 00:07:e9:10:32:a8 em1 at pci0 dev 15 function 0 Intel PRO/1000MT (82540EM) rev 0x02: irq 10, address 00:07:e9:10:2a:20 viapm0 at pci0 dev 17 function 0 VIA VT8233A ISA rev 0x00: SMI iic0 at viapm0 lm1 at iic0 addr 0x2d: AS99127F viapm0: 24-bit timer at 3579545Hz pciide0 at pci0 dev 17 function 1 VIA VT82C571 IDE rev 0x06: ATA133, channel 0 configured to compatibility, channel 1 configured to compatibilit y wd0 at pciide0 channel 0 drive 0: WDC WD800JB-00ETA0 wd0: 16-sector PIO, LBA48, 76319MB, 156301488 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5 pciide0: channel 1 disabled (no drives) uhci0 at pci0 dev 17 function 2 VIA VT83C572 USB rev 0x23: irq 12 uhci1 at pci0 dev 17 function 3 VIA VT83C572 USB rev 0x23: irq 12 usb0 at uhci0: USB revision 1.0 uhub0 at usb0 VIA UHCI root hub rev 1.00/1.00 addr 1 usb1 at uhci1: USB revision 1.0 uhub1 at usb1 VIA UHCI root hub rev 1.00/1.00 addr 1 isa0 at mainbus0 isadma0 at isa0 com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo com0: console com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pcppi0 at isa0 port 0x61 spkr0 at pcppi0 npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 mtrr: Pentium Pro MTRR support vscsi0 at root scsibus0 at vscsi0: 256 targets softraid0 at root scsibus1 at softraid0: 256 targets root on wd0a swap on wd0b dump on wd0b
Re: Arpresolve route without link local address
Hi, Today I upgraded to 11.01.2013 snapshot and I'm still get the same error. I have permanent static for my default route. [ns]~$ sudo /usr/sbin/arp -Ff /etc/ether.mac [ns]~$ cat /etc/ether.mac XX.XX.XX.33 00:50:45:5f:16:58 permanent [ns]~$ arp -a gw.xx.xx (XX.XX.XX.33) at 00:50:45:5f:16:58 on em0 permanent static After a while: [ns]~$ arp -a gw.xx.xx (XX.XX.XX.33) at 00:50:45:5f:16:58 on em0 the permanent static arp disappear. /var/log/messages: Jan 14 20:46:47 ns /bsd: arpresolve: XX.XX.7.33: route without link local address Jan 14 20:51:47 ns last message repeated 42 times /var/log/daemon: Jan 14 20:46:47 ns dhclient[2970]: DHCPREQUEST on em0 to XX.XX.7.1 port 67 Jan 14 20:46:47 ns dhclient[2970]: DHCPACK from XX.XX.7.33 (00:50:45:5f:16:58) Jan 14 20:46:47 ns dhclient[2970]: bound to XX.XX.7.48 -- renewal in 300 seconds. Here is my pf.conf [ns]~$ sudo cat /etc/pf.conf Macros ### ### Interfaces ### ExtIf =em0 IntIf =vlan41 Free =vlan81 pppx =192.168.3.0/25 lo0 =127.0.0.1 ### Hosts ### vl=192.168.1.2 jl=192.168.1.3 ve=192.168.1.4 ntp=192.168.1.5 sam=192.168.1.14 dpc11=192.168.1.11 ### Ports ### low_ports = 0:1024 hi_ports = 1025:65535 web = {20, 21, 22, 25, 80, 443, 3389, 5900, 6000, , 8080} ssh_extif = rdc = 3389 rdc_extif = 4900 squid = 8080 squid_extif = 443 vl_skype = 30001 jl_skype = 30002 ve_skype = 30003 vl_torrent= 30004 jl_torrent= 30005 ve_torrent= 30006 vl_hfs= 8081 ftp_proxy = 8021 symux = 2100 ftp = 21 vnc_ext = 59001 vnc_int = 5900 sftp = 2 l2tp = { 500, 1701, 4500 } trace = 33434:33498 ### Queues, States and Types ### IcmpType =icmp-type 8 code 0 SynState =flags S/SAFR synproxy state ### Tables ### table bgnets file /etc/bgnets table spamd-white persist table proxy-users persist { 188.254.185.154, 212.50.72.29, 85.217.136.0/21, \ 95.111.100.14, 212.233.176.65, 78.128.124.161, 190.32.172.28 } ## panama table isp persist { 94.26.7.32/27 } table BLOCK persist { 82.119.88.70 } Options ## ### Misc Options set block-policy drop set loginterface $ExtIf set skip on lo0 set optimization aggressive # set state-defaults pflow Queueing altq on $ExtIf bandwidth 100% hfsc queue { BG, INTER } queue INTER bandwidth 3% hfsc (upperlimit 2950Kb) \ { i_ack, i_dns, i_ntp, i_web, i_bulk, i_bittor } queue i_ack bandwidth 30% priority 8 qlimit 500 hfsc (realtime 30%) queue i_dns bandwidth 5% priority 7 qlimit 500 hfsc (realtime 10%) queue i_ntp bandwidth 10% priority 6 qlimit 500 hfsc (realtime 10%) queue i_web bandwidth 30% priority 5 qlimit 500 hfsc (realtime 20%) queue i_bulkbandwidth 19% priority 2 qlimit 500 hfsc (realtime 15%) queue i_bittor bandwidth 1% priority 0 qlimit 2000 hfsc (default, upperlimit 60%) queue BG bandwidth 30% hfsc (upperlimit 30Mb) \ { b_ack, b_dns, b_ntp, b_rdc, b_web, b_bulk, b_bittor } queue b_ack bandwidth 10% priority 8 qlimit 500 hfsc (realtime 10%) queue b_dns bandwidth 1% priority 7 qlimit 500 hfsc (realtime 1% ) queue b_ntp bandwidth 10% priority 7 qlimit 500 hfsc (realtime 1% ) queue b_rdc bandwidth 10% priority 6 qlimit 500 hfsc (realtime 10%) queue b_web bandwidth 30% priority 5 qlimit 500 hfsc (realtime 30%) queue b_bulkbandwidth 30% priority 4 qlimit 500 hfsc (realtime 10%) queue b_bittor bandwidth 1% priority 0 qlimit 500 hfsc (upperlimit 85%) Translation and Filtering ### ### BLOCK all in/out on all interfaces by default and log blocklog on $ExtIf block return log on $IntIf block return log on $Free block quick log on $ExtIf from BLOCK ### Network Address Translation (NAT with outgoing source port randomization) match out log on egress from (self) \ to any nat-to ($ExtIf:0) port 1024:65535 match out log on egress from !($ExtIf:0) \ to any nat-to ($ExtIf:0) port 1024:65535 ### NAT from IntIf to FreeWifi match out log on $Free from $IntIf:network \ to $Free:network nat-to ($Free:0) port 1024:65535 ### Packet normalization ( scrubbing ) match log on $ExtIf all scrub (random-id max-mss 1472) ### Ftp ( secure ftp proxy for LAN ) anchor ftp-proxy/* ### pppx pass log from $pppx ### $ExtIf inbound # npppd pass in log on $ExtIf proto {tcp, udp} from bgnets \ to ($ExtIf) port $l2tp queue b_dns # Named ( bind dns ) pass in log on $ExtIf inet proto udp from any \ to ($ExtIf) port domain queue i_dns pass in log on $ExtIf inet proto udp from bgnets \ to ($ExtIf) port domain queue b_dns # OpenSSH
Arpresolve route without link local address
Hi, After upgrade to 08.01.2013 snapshot, I get a lot of /bsd: arpresolve: XX.XX.XX.33: route without link local address in /var/log/messages. XX.XX.XX.33 is my default gateway. [ns]~$ cat /etc/hostname.em0 up dhcp -inet6 [ns]~$ tail /var/log/messages ... Jan 10 20:31:47 ns /bsd: arpresolve: 94.26.7.33: route without link local address Jan 10 20:31:47 ns /bsd: arpresolve: 94.26.7.33: route without link local address ... Jan 10 20:36:47 ns /bsd: arpresolve: XX.XX.X.33: route without link local address Jan 10 20:36:47 ns last message repeated 7 times I can provide more info if it's needed. dmesg: OpenBSD 5.2-current (GENERIC) #14: Tue Jan 8 14:13:14 MST 2013 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC cpu0: AMD Athlon(TM) XP1600+ (AuthenticAMD 686-class, 256KB L2 cache) 1.42 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE,MMXX,3DNOW2,3DNOW real mem = 402112512 (383MB) avail mem = 384561152 (366MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 03/03/03, BIOS32 rev. 0 @ 0xf0d00, SMBIOS rev. 2.3 @ 0xf2bc0 (46 entries) bios0: vendor Award Software, Inc. version ASUS A7V266-C ACPI BIOS Rev 1014 date 03/03/2003 bios0: ASUSTeK Computer INC. A7V266-C apm0 at bios0: Power Management spec V1.2 acpi at bios0 function 0x0 not configured pcibios0 at bios0: rev 2.1 @ 0xf/0x1572 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf14b0/192 (10 entries) pcibios0: PCI Interrupt Router at 000:17:0 (VIA VT82C586 ISA rev 0x00) pcibios0: PCI bus #1 is the last bus bios0: ROM list: 0xc/0x8000 0xc8000/0x1000 0xcc000/0x1000 cpu0 at mainbus0: (uniprocessor) pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 0 function 0 VIA VT8366 PCI rev 0x00 viaagp0 at pchb0: v2 agp0 at viaagp0: aperture at 0xfe80, size 0xe40 ppb0 at pci0 dev 1 function 0 VIA VT8366 AGP rev 0x00 pci1 at ppb0 bus 1 vga1 at pci0 dev 12 function 0 S3 ViRGE DX/GX rev 0x01 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) em0 at pci0 dev 13 function 0 Intel PRO/1000MT (82540EM) rev 0x02: irq 11, address 00:07:e9:10:32:a8 em1 at pci0 dev 15 function 0 Intel PRO/1000MT (82540EM) rev 0x02: irq 10, address 00:07:e9:10:2a:20 viapm0 at pci0 dev 17 function 0 VIA VT8233A ISA rev 0x00: SMI iic0 at viapm0 lm1 at iic0 addr 0x2d: AS99127F viapm0: 24-bit timer at 3579545Hz pciide0 at pci0 dev 17 function 1 VIA VT82C571 IDE rev 0x06: ATA133, channel 0 configured to compatibility, channel 1 confi gured to compatibility wd0 at pciide0 channel 0 drive 0: WDC WD800JB-00ETA0 wd0: 16-sector PIO, LBA48, 76319MB, 156301488 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5 pciide0: channel 1 disabled (no drives) uhci0 at pci0 dev 17 function 2 VIA VT83C572 USB rev 0x23: irq 12 uhci1 at pci0 dev 17 function 3 VIA VT83C572 USB rev 0x23: irq 12 usb0 at uhci0: USB revision 1.0 uhub0 at usb0 VIA UHCI root hub rev 1.00/1.00 addr 1 usb1 at uhci1: USB revision 1.0 uhub1 at usb1 VIA UHCI root hub rev 1.00/1.00 addr 1 isa0 at mainbus0 isadma0 at isa0 com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo com0: console com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pcppi0 at isa0 port 0x61 spkr0 at pcppi0 npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 mtrr: Pentium Pro MTRR support vscsi0 at root scsibus0 at vscsi0: 256 targets softraid0 at root scsibus1 at softraid0: 256 targets root on wd0a swap on wd0b dump on wd0b
PF 'traceroute -I host' 'tracert host' problem
Hi I move from 4.6 to 4.7, rewrite my pf.conf rules to match new style. Everything works fine, but when I try to traceroute a host with -I flag (force to use icmp) on my obsd fw I got Request time out on all hops exclude the last one, which I was my target to traceroute. Here is an example: [ns]~$ traceroute -I data.bg traceroute to data.bg (195.149.248.130), 64 hops max, 60 byte packets 1 * * * 2 * * * 3 * * * 4 web.data.bg (195.149.248.130) 0.740 ms 0.707 ms 0.733 ms As you can see only the last hop is present. Example without -I flag (using udp); [ns]~$ traceroute data.bg traceroute to data.bg (195.149.248.130), 64 hops max, 40 byte packets 1 gw.tbc.bg (94.26.7.33) 0.591 ms 0.462 ms 0.443 ms 2 peer.tbc.bg (94.26.50.2) 0.961 ms 1.317 ms 1.965 ms 3 85.91.141.65 (85.91.141.65) 0.866 ms 0.905 ms 1.93 ms 4 web.data.bg (195.149.248.130) 0.847 ms 0.732 ms 0.712 ms When I use 'tracert host' on MS Windows box behind my obsd fw, I got a same behavior C:\Users\Administratortracert data.bg Tracing route to data.bg [195.149.248.130] over a maximum of 30 hops: 11 ms1 ms1 ms ns.bsdbg.net [192.168.1.1] 2 *** Request timed out. 3 *** Request timed out. 4 *** Request timed out. 51 ms 1 ms 1 ms web.data.bg [195.149.248.130] Trace complete. Here first hop is my obsd fw. I use tcpdump to see what actually happens: [ns]~# tcpdump -nettti pflog0 host vlado and icmp tcpdump: listening on pflog0, link-type PFLOG Aug 19 02:29:32.165656 rule 85/(match) pass in on em1: 192.168.1.2 195.149.248.130: icmp: echo request [ttl 1] Aug 19 02:29:33.168104 rule 120/(match) pass out on em0: 192.168.1.2 195.149.248.130: icmp: echo request [ttl 1] Aug 19 02:29:33.168117 rule 17/(match) match out on em0: 192.168.1.2 195.149.248.130: icmp: echo request [ttl 1] Aug 19 02:29:33.168128 rule 16/(match) match out on em0: 192.168.1.2 195.149.248.130: icmp: echo request [ttl 1] Aug 19 02:29:33.168593 rule 120/(match) pass in on em0: 94.26.7.33 192.168.1.2: icmp: time exceeded in-transit [tos 0xc0] Aug 19 02:29:33.168613 rule 14/(match) block out on em1: 94.26.7.33 192.168.1.2: icmp: time exceeded in-transit [tos 0xc0] Aug 19 02:29:36.960715 rule 120/(match) pass in on em0: 94.26.7.33 192.168.1.2: icmp: time exceeded in-transit [tos 0xc0] Aug 19 02:29:40.960831 rule 120/(match) pass in on em0: 94.26.7.33 192.168.1.2: icmp: time exceeded in-transit [tos 0xc0] Aug 19 02:29:44.962196 rule 120/(match) pass in on em0: 94.26.50.2 192.168.1.2: icmp: time exceeded in-transit [tos 0xc0] Aug 19 02:29:48.961438 rule 120/(match) pass in on em0: 94.26.50.2 192.168.1.2: icmp: time exceeded in-transit [tos 0xc0] Aug 19 02:29:52.961678 rule 120/(match) pass in on em0: 94.26.50.2 192.168.1.2: icmp: time exceeded in-transit [tos 0xc0] Aug 19 02:29:56.960795 rule 120/(match) pass in on em0: 85.91.141.65 192.168.1.2: icmp: time exceeded in-transit Aug 19 02:30:00.960785 rule 120/(match) pass in on em0: 85.91.141.65 192.168.1.2: icmp: time exceeded in-transit Aug 19 02:30:05.002249 rule 120/(match) pass in on em0: 85.91.141.65 192.168.1.2: icmp: time exceeded in-transit Aug 19 02:30:08.960640 rule 120/(match) pass in on em0: 195.149.248.130 192.168.1.2: icmp: echo reply Aug 19 02:30:08.961639 rule 120/(match) pass in on em0: 195.149.248.130 192.168.1.2: icmp: echo reply Aug 19 02:30:08.962888 rule 120/(match) pass in on em0: 195.149.248.130 192.168.1.2: icmp: echo reply When I turn off pf (pfctl -d) 'traceroute -I' work as it should. I really don't know what happen. Thanks in advance, Atanas Here is my pf.conf ## pf.conf ## Macros ## ### Interfaces ### ExtIf =em0 IntIf =em1 ### Hosts ### vl=192.168.1.2 jl=192.168.1.3 ve=192.168.1.4 ntp=192.168.1.5 ### Queues, States and Types ### IcmpType =icmp-type 8 code 0 SynState =flags S/SAFR synproxy state TcpState =flags S/SAFR modulate state UdpState =keep state ### Ports ### # Squid squid=2020 # Remote Desktop Connection rdc_int=3389 rdc_ext=4000 # Skype vl_skype=30001 jl_skype=30002 ve_skype=30003 # uTorrent vl_torrent=30004 jl_torrent=30005 ve_torrent=30006 urange=30004:30006 # HFS vl_hfs=8080 # VsFTP ftprange=55000:6 FtpPort =8021 # Symux symux=2100 # Battle.net bnet=6112 # Ssh ssh_ext=443 ### Stateful Tracking Options (STO) ### ExtIfSTO =(max 9000, source-track rule, max-src-conn 2000, max-src-nodes 254) IntIfSTO =(max 250, source-track rule, max-src-conn 100, max-src-nodes 254, max-src-conn-rate 75/20) PostfxSTO =(max 100, source-track rule, max-src-states 5, max-src-nodes 30, max-src-conn-rate 10/300, overload BLACKLIST flush global, tcp.established 45) SpamdSTO =(max 500, source-track rule, max-src-conn 10, max-src-nodes 300, max-src-conn-rate 2/300, tcp.established 10) SshSTO=(max 10, source-track rule, max-src-conn 10, max-src-nodes
Re: Apache Firefox and Ogg Theora (Byte-range requests)
2010/2/18 Pierre-Yves Ritschard p...@spootnik.org This appears to be due to the format of the string being passed to strtonum(). ap_strtol() was tolerant of it. It's being passed the string from the Range: header. For example, the following valid request (taken directly from sniffing a wget session). GET /testfile HTTP/1.0 Range: bytes=300417024- This ends up following the code path of the first strtonum() call around line 159 in http_protocol.c in the parse_byterange() function. The string passed to strtonum to convert (r-range) not only contains the number from the header, but the trailing dash (300417024-), which strtonum does not like. As strtonum fails, the start offset is set to 0. This bug should be present on a 64-bit arch as well. Hi, I broke it when unbreaking support for large files in Content-Length (which would otherwise report 0). I'll have a diff ready soon which fixes that. - pyr. I'm glad to hear this :)
Re: Apache can't resume downloads after upgrade to 4.6
2010/2/9 Matthew Mulrooney openbsd-2010.01...@matthew.mulrooney.ca I'm using OpenBSD since 4.4 and today I noticed that httpd server doesn''t support resuming while a file is downloading. The in-tree Apache (Apache 1.3.29 + improvements) doesn't support the range header (so you can't resume a previous download); as far as I know, it never has. If you need resume support, install the Apache httpd 2.2.11 package. Matthew Today I tried this: I installed OpenBSD 4.4 and OpenBSD 4.5 and after that I ran the same test as yesterday. The results: # Downloading from OpenBSD 4.4 [time]/root# wget -O ./xx http://192.168.1.10/pf --19:58:39-- http://192.168.1.10/pf = `./xx' Connecting to 192.168.1.10:80... connected. HTTP request sent, awaiting response... 200 OK Length: 5,242,880 [text/plain] 17% [= ] 921,3022.12M/sETA 00:01^ C [time]/root# wget -c -O ./xx http://192.168.1.10/pf --19:58:52-- http://192.168.1.10/pf = `./xx' Connecting to 192.168.1.10:80... connected. HTTP request sent, awaiting response... 206 Partial Content Length: 5,242,880 (3,944,746 to go) [text/plain] 69% [ ] 3,652,977 2.22M/sETA 00:00^ C [time]/root# wget -c -O ./xx http://192.168.1.10/pf --19:59:02-- http://192.168.1.10/pf = `./xx' Connecting to 192.168.1.10:80... connected. HTTP request sent, awaiting response... 206 Partial Content Length: 5,242,880 (1,147,535 to go) [text/plain] 100%[==] 5,242,880 2.26M/sETA 00:00 19:59:02 (2.26 MB/s) - `./xx' saved [5242880/5242880] # Downloading from OpenBSD 4.5 [time]/root# wget -O ./xx http://192.168.1.10/pf --20:26:44-- http://192.168.1.10/pf = `./xx' Connecting to 192.168.1.10:80... connected. HTTP request sent, awaiting response... 200 OK Length: 20,971,520 [text/plain] 17% [== ] 3,624,661 2.14M/sETA 00:07^C [time]/root# wget -c -O ./xx http://192.168.1.10/pf --20:26:51-- http://192.168.1.10/pf = `./xx' Connecting to 192.168.1.10:80... connected. HTTP request sent, awaiting response... 206 Partial Content Length: 20,971,520 (16,945,451 to go) [text/plain] 47% [= ] 9,952,621 2.28M/sETA 00:04^C [time]/root# wget -c -O ./xx http://192.168.1.10/pf --20:26:56-- http://192.168.1.10/pf = `./xx' Connecting to 192.168.1.10:80... connected. HTTP request sent, awaiting response... 206 Partial Content Length: 20,971,520 (10,576,531 to go) [text/plain] 80% [== ] 16,878,596 2.17M/sETA 00:01^C [time]/root# wget -c -O ./xx http://192.168.1.10/pf --20:27:02-- http://192.168.1.10/pf = `./xx' Connecting to 192.168.1.10:80... connected. HTTP request sent, awaiting response... 206 Partial Content Length: 20,971,520 (3,929,084 to go) [text/plain] 100%[=] 20,971,520 2.30M/sETA 00:00 20:27:03 (2.30 MB/s) - `./xx' saved [20971520/20971520] As you can see Apache supports resume in both OBSD 4.4 and OBSD 4.5. Why it isn't like this in OBSD 4.6? Atanas
Apache can't resume downloads after upgrade to 4.6
Hello misc, I'm using OpenBSD since 4.4 and today I noticed that httpd server doesn''t support resuming while a file is downloading. I made an upgrade from 4.5 to 4.6 couple days ago. I googled this problem and it appears that Apache supports resuming by default. I made the following tests: I ran orbit downloader on a Windows machine and it turns out that the web server doesn't support resuming. When pausing the download everything begins from scratch after resuming. I ran wget on my time server (FreeBSD 4.11) and here are the results: == [time]/root# wget -c -O ./xx http://bsdbg.net/pf --22:58:36-- http://bsdbg.net/pf = `./xx' Resolving bsdbg.net... done. Connecting to bsdbg.net[192.168.1.1]:80... connected. HTTP request sent, awaiting response... 200 OK Continued download failed on this file, which conflicts with `-c'. Refusing to truncate existing file `pf'. All of the tests were made after resetting the Apache config to default. Has anyone experienced such problems? Thanks in advance. *Here is uname:* [ns]~# uname -a OpenBSD ns.bsdbg.net 4.6 GENERIC#0 i386 *Here is dmesg* [ns]~# dmesg OpenBSD 4.6-stable (GENERIC) #0: Fri Feb 5 20:34:04 EET 2010 r...@ns.bsdbg.net:/usr/src/sys/arch/i386/compile/GENERIC cpu0: AMD Sempron(tm) Processor 3200+ (AuthenticAMD 686-class, 128KB L2 cache) 1.81 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SSE3,CX16 real mem = 1055420416 (1006MB) avail mem = 1011703808 (964MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 02/05/08, BIOS32 rev. 0 @ 0xf2030, SMBIOS rev. 2.4 @ 0xf (70 entries) bios0: vendor Phoenix Technologies, LTD version ASUS M2NPV-VM ACPI BIOS Revision 1301 date 02/05/2008 bios0: ASUSTek Computer INC. M2NPV-VM acpi0 at bios0: rev 2 acpi0: tables DSDT FACP MCFG APIC acpi0: wakeup devices HUB0(S5) XVRA(S5) XVRB(S5) XVRC(S5) UAR1(S5) UAR2(S5) PS2M(S4) PS2K(S4) USB0(S4) USB2(S4) AZAD(S5) MMAC(S5) MMCI(S5) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: apic clock running at 200MHz ioapic0 at mainbus0: apid 2 pa 0xfec0, version 11, 24 pins acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 1 (HUB0) acpicpu0 at acpi0 acpitz0 at acpi0: critical temperature 75 degC acpibtn0 at acpi0: PWRB bios0: ROM list: 0xc/0xec00 pci0 at mainbus0 bus 0: configuration mode 1 (bios) NVIDIA C51 Host rev 0xa2 at pci0 dev 0 function 0 not configured NVIDIA C51 Memory rev 0xa2 at pci0 dev 0 function 1 not configured NVIDIA C51 Memory rev 0xa2 at pci0 dev 0 function 2 not configured NVIDIA C51 Memory rev 0xa2 at pci0 dev 0 function 3 not configured NVIDIA C51 Memory rev 0xa2 at pci0 dev 0 function 4 not configured NVIDIA C51 Memory rev 0xa2 at pci0 dev 0 function 5 not configured NVIDIA C51 Memory rev 0xa2 at pci0 dev 0 function 6 not configured NVIDIA C51 Memory rev 0xa2 at pci0 dev 0 function 7 not configured vga1 at pci0 dev 5 function 0 NVIDIA GeForce 6150 rev 0xa2 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) NVIDIA MCP51 Host rev 0xa2 at pci0 dev 9 function 0 not configured pcib0 at pci0 dev 10 function 0 NVIDIA MCP51 ISA rev 0xa3 nviic0 at pci0 dev 10 function 1 NVIDIA MCP51 SMBus rev 0xa3 iic0 at nviic0 spdmem0 at iic0 addr 0x50: 512MB DDR2 SDRAM non-parity PC2-5300CL5 spdmem1 at iic0 addr 0x51: 512MB DDR2 SDRAM non-parity PC2-5300CL5 iic1 at nviic0 NVIDIA MCP51 Memory rev 0xa3 at pci0 dev 10 function 2 not configured pciide0 at pci0 dev 13 function 0 NVIDIA MCP51 IDE rev 0xa1: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility wd0 at pciide0 channel 0 drive 0: WDC WD800JB-00JJC0 wd0: 16-sector PIO, LBA, 76319MB, 156301488 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5 pciide0: channel 1 disabled (no drives) ppb0 at pci0 dev 16 function 0 NVIDIA MCP51 PCI-PCI rev 0xa2 pci1 at ppb0 bus 1 xl0 at pci1 dev 8 function 0 3Com 3c905C 100Base-TX rev 0x74: apic 2 int 16 (irq 10), address 00:50:da:e1:34:84 bmtphy0 at xl0 phy 24: 3C905C internal PHY, rev. 6 xl1 at pci1 dev 9 function 0 3Com 3c905C 100Base-TX rev 0x74: apic 2 int 17 (irq 11), address 00:04:76:18:a5:3f bmtphy1 at xl1 phy 24: 3C905C internal PHY, rev. 6 pchb0 at pci0 dev 24 function 0 AMD AMD64 0Fh HyperTransport rev 0x00 pchb1 at pci0 dev 24 function 1 AMD AMD64 0Fh Address Map rev 0x00 pchb2 at pci0 dev 24 function 2 AMD AMD64 0Fh DRAM Cfg rev 0x00 kate0 at pci0 dev 24 function 3 AMD AMD64 0Fh Misc Cfg rev 0x00: core rev DH-F2 isa0 at pcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pcppi0 at isa0 port 0x61 midi0 at pcppi0: PC speaker spkr0 at pcppi0 it0 at isa0 port 0x2e/2: