if_iwm.c on 5.7 -stable
Hi, it appears I have the same problem as stated here: http://openbsd-archive.7691.n7.nabble.com/iwm0-fatal-firmware-error-on-current-td267434.html I am on 5.7 -stable, however, and am very reluctant to go -current. Could I just patch if_iwm.c to the latest revision and rebuild the kernel on -stable? -- Marko Cupać https://www.mimar.rs/
Re: if_iwm.c on 5.7 -stable
On Wed, 20 May 2015 18:28:10 +0200 Marko Cupać marko.cu...@mimar.rs wrote: Hi, it appears I have the same problem as stated here: http://openbsd-archive.7691.n7.nabble.com/iwm0-fatal-firmware-error-on-current-td267434.html I am on 5.7 -stable, however, and am very reluctant to go -current. Could I just patch if_iwm.c to the latest revision and rebuild the kernel on -stable? I couldn't :( ../../../../dev/pci/if_iwm.c:1: error: expected '=', ',', ';', 'asm' or '__attribute__' before '-' token cc1: warnings being treated as errors In file included from ../../../../sys/_types.h:37, from ../../../../sys/_endian.h:36, from ../../../../sys/endian.h:41, from ../../../../sys/types.h:45, from ../../../../sys/param.h:56, from ../../../../dev/pci/if_iwm.c:110: ./machine/_types.h:56: warning: data definition has no type or storage class ./machine/_types.h:56: warning: type defaults to 'int' in declaration of 'label_t' In file included from ../../../../dev/pci/if_iwm.c:119: ../../../../sys/systm.h:303: error: expected ')' before '*' token ../../../../sys/systm.h:304: error: expected ')' before '*' token *** Error 1 in /usr/src/sys/arch/amd64/compile/GENERIC.MP (Makefile:933 'if_iwm.o') I guess I'll have to go -current. -- Marko Cupać https://www.mimar.rs/
can't wake from zzz
:d2:44:3f:e8:63 azalia1 at pci0 dev 27 function 0 Intel 8 Series HD Audio rev 0x04: msi azalia1: codecs: Realtek ALC292 audio0 at azalia1 ppb0 at pci0 dev 28 function 0 Intel 8 Series PCIE rev 0xe4: msi pci1 at ppb0 bus 2 rtsx0 at pci1 dev 0 function 0 Realtek RTS5227 Card Reader rev 0x01: msi sdmmc0 at rtsx0 ppb1 at pci0 dev 28 function 1 Intel 8 Series PCIE rev 0xe4: msi pci2 at ppb1 bus 3 iwm0 at pci2 dev 0 function 0 Intel Dual Band Wireless AC 7260 rev 0x83, msi ehci0 at pci0 dev 29 function 0 Intel 8 Series USB rev 0x04: apic 2 int 23 usb0 at ehci0: USB revision 2.0 uhub0 at usb0 Intel EHCI root hub rev 2.00/1.00 addr 1 pcib0 at pci0 dev 31 function 0 Intel 8 Series LPC rev 0x04 ahci0 at pci0 dev 31 function 2 Intel 8 Series AHCI rev 0x04: msi, AHCI 1.3 ahci0: port 0: 6.0Gb/s scsibus1 at ahci0: 32 targets sd0 at scsibus1 targ 0 lun 0: ATA, KINGSTON SV300S3, 521A SCSI3 0/direct fixed naa.50026b72410ec74e sd0: 228936MB, 512 bytes/sector, 468862128 sectors, thin ichiic0 at pci0 dev 31 function 3 Intel 8 Series SMBus rev 0x04: apic 2 int 18 iic0 at ichiic0 spdmem0 at iic0 addr 0x50: 8GB DDR3 SDRAM PC3-12800 SO-DIMM isa0 at pcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot): using irq 1 wskbd0 at pckbd0: console keyboard, using wsdisplay0 pms0 at pckbc0 (aux slot): using irq 12 wsmouse0 at pms0 mux 0 wsmouse1 at pms0 mux 0 pms0: Synaptics clickpad, firmware 8.1 pcppi0 at isa0 port 0x61 spkr0 at pcppi0 uhub1 at uhub0 port 1 Intel Rate Matching Hub rev 2.00/0.04 addr 2 ugen0 at uhub1 port 6 Validity Sensors product 0x0017 rev 1.10/0.78 addr 3 ugen1 at uhub1 port 7 Intel product 0x07dc rev 2.00/0.01 addr 4 uvideo0 at uhub1 port 8 configuration 1 interface 0 SunplusIT INC. Integrated Camera rev 2.00/0.03 addr 5 video0 at uvideo0 vscsi0 at root scsibus2 at vscsi0: 256 targets softraid0 at root scsibus3 at softraid0: 256 targets root on sd0a (743fecaed9a07558.a) swap on sd0b dump on sd0b WARNING: / was not properly unmounted iwm0: hw rev: 0x140, fw ver 25.228 (API ver 9), address 5c:51:4f:78:c6:1b -- Marko Cupać https://www.mimar.rs/
Re: help with bgpd error messages
On Thu, 7 May 2015 13:01:49 +0200 Marko Cupać marko.cu...@mimar.rs wrote: On Wed, 6 May 2015 10:53:38 + (UTC) Stuart Henderson s...@spacehopper.org wrote: Can you get a packet capture of TCP port 179 during a failure? tcpdump -i interface -w bgp.`date +%Y%m%d-%H%M`.pcap -s1500 tcp and port 179 It might be best to run it from a script run from cron which pkills tcpdump and rotates the file to avoid having huge files. I am capturing packets on interface facing problematic ISP, and I will send pcap files if/when bgpd crashes again. Any idea what software (version number may be relevant too) your neighbours are using? Or at least what hardware vendor shows up in their MAC address? Their MAC is 54:75:d0:45:8f:00 which appears to be Cisco. In the meantime I contacted this ISP's support and told them they are crashing my bgpd, probably because they are sending me non-standard bgp packets which do not start with all-ones, as the standard requires. The guy didn't have much idea what I was speaking about, but he said he will forward request to network engineers. An hour later he contacted me back, saying that they indeed found some irregularities which are now fixed. He couldn't give me the details. If my bgpd crashes again I will have pcap files ready. Also, if there is anything else I can do to help troubleshoot this I'd be glad to participate. Regards, I dropped by just to say that I haven't given this up, but I haven't replied anything because I had no bgpd crashes since my last email. Probably ISP indeed fixed their part of not sending me garbage. I also have been capturing bgp packets, and will continue to do so until the end of the month in case I get another crash. -- Marko Cupać https://www.mimar.rs
offtopic: political correctness
Hi, I am reading 2nd edition of Absolute OpenBSD 2nd Edition and can't but notice paragraph Confidentiality on XXX page of Introduction: ---cut-here--- Confidentiality This means that secret data should remain secret. Your private infor- mation must not get into the public eye. That Eastern European kiddie porn syndicate should not get your credit card number. ---cut-here--- This sound quite nazi to me. Should Western European kiddie porn syndicate be able to get my credit card number, as opposed to Eastern European kiddie porn syndicate, which should not? Or does that mean that kiddie porn syndicate exists only in Eastern Europe, but not in - let's say - New Zealand or Canada? I guess this was intended to be a joke, but in my opinion it sucks. -- Marko Cupać https://www.mimar.rs
Re: help with bgpd error messages
On Wed, 6 May 2015 10:53:38 + (UTC) Stuart Henderson s...@spacehopper.org wrote: Can you get a packet capture of TCP port 179 during a failure? tcpdump -i interface -w bgp.`date +%Y%m%d-%H%M`.pcap -s1500 tcp and port 179 It might be best to run it from a script run from cron which pkills tcpdump and rotates the file to avoid having huge files. I am capturing packets on interface facing problematic ISP, and I will send pcap files if/when bgpd crashes again. Any idea what software (version number may be relevant too) your neighbours are using? Or at least what hardware vendor shows up in their MAC address? Their MAC is 54:75:d0:45:8f:00 which appears to be Cisco. In the meantime I contacted this ISP's support and told them they are crashing my bgpd, probably because they are sending me non-standard bgp packets which do not start with all-ones, as the standard requires. The guy didn't have much idea what I was speaking about, but he said he will forward request to network engineers. An hour later he contacted me back, saying that they indeed found some irregularities which are now fixed. He couldn't give me the details. If my bgpd crashes again I will have pcap files ready. Also, if there is anything else I can do to help troubleshoot this I'd be glad to participate. Regards, -- Marko Cupać https://www.mimar.rs
Re: help with bgpd error messages
On Wed, 29 Apr 2015 11:02:09 +0200 Marko Cupać marko.cu...@mimar.rs wrote: On Tue, 28 Apr 2015 15:11:21 +0200 Claudio Jeker cje...@diehard.n-r-g.com wrote: The fatal in RDE: peer_up: bad state bug is fixed in 5.7 IIRC. Not sure if it was backported to 5.6. As a workaround you can disable the graceful restart capability to not trigger that code path. I was intending to upgrade on Friday anyway so no problem. In the meantime I updated to -stable, it's too early to say if it fixed it. I am on 5.7 release + errata patches now, and bgpd crashed again: May 6 10:06:07 bgp1 bgpd[11681]: neighbor 82.117.192.121 (sbb): sync error May 6 10:06:07 bgp1 bgpd[11681]: neighbor 82.117.192.121 (sbb): sending notification: Header error, synchronization error May 6 10:06:07 bgp1 bgpd[11681]: neighbor 82.117.192.121 (sbb): graceful restart of IPv4 unicast, keeping routes May 6 10:06:07 bgp1 bgpd[11681]: neighbor 82.117.192.121 (sbb): state change Established - Idle, reason: Fatal error May 6 10:06:07 bgp1 bgpd[11681]: neighbor 82.117.192.121 (sbb): state change Idle - Connect, reason: Start May 6 10:06:07 bgp1 bgpd[3820]: incremented the demote state of group 'carp' May 6 10:06:07 bgp1 bgpd[11681]: neighbor 82.117.192.121 (sbb): state change Connect - OpenSent, reason: Connection opened May 6 10:06:07 bgp1 bgpd[11681]: neighbor 82.117.192.121 (sbb): state change OpenSent - Active, reason: Connection closed May 6 10:06:08 bgp1 bgpd[11681]: neighbor 82.117.192.121 (sbb): sending notification: error in UPDATE message, attribute length wrong May 6 10:06:08 bgp1 bgpd[11681]: neighbor 82.117.192.121 (sbb): state change Active - Idle, reason: Fatal error May 6 10:06:38 bgp1 bgpd[11681]: neighbor 82.117.192.121 (sbb): state change Idle - Connect, reason: Start May 6 10:06:38 bgp1 bgpd[11681]: neighbor 82.117.192.121 (sbb): state change Connect - OpenSent, reason: Connection opened May 6 10:06:38 bgp1 bgpd[11681]: neighbor 82.117.192.121 (sbb): state change OpenSent - Active, reason: Connection closed May 6 10:08:07 bgp1 bgpd[11681]: neighbor 82.117.192.121 (sbb): graceful restart of IPv4 unicast, time-out, flushing May 6 10:08:38 bgp1 bgpd[11681]: neighbor 82.117.192.121 (sbb): state change Active - Connect, reason: ConnectRetryTimer expired May 6 10:08:38 bgp1 bgpd[11681]: neighbor 82.117.192.121 (sbb): state change Connect - OpenSent, reason: Connection opened May 6 10:08:38 bgp1 bgpd[11681]: neighbor 82.117.192.121 (sbb): state change OpenSent - OpenConfirm, reason: OPEN message received May 6 10:08:38 bgp1 bgpd[11681]: neighbor 82.117.192.121 (sbb): state change OpenConfirm - Established, reason: KEEPALIVE message received May 6 10:08:38 bgp1 bgpd[31241]: fatal in RDE: peer_up: bad state May 6 10:08:38 bgp1 bgpd[3820]: dispatch_imsg in main: pipe closed May 6 10:08:38 bgp1 bgpd[3820]: decremented the demote state of group 'carp' May 6 10:08:38 bgp1 bgpd[11681]: neighbor 82.117.192.121 (sbb): sending notification: Cease, administratively down May 6 10:08:38 bgp1 bgpd[11681]: neighbor 82.117.192.121 (sbb): state change Established - Idle, reason: Stop May 6 10:08:38 bgp1 bgpd[11681]: neighbor 178.253.194.253 (orion): sending notification: Cease, administratively down May 6 10:08:38 bgp1 bgpd[11681]: neighbor 178.253.194.253 (orion): state change Established - Idle, reason: Stop May 6 10:08:38 bgp1 bgpd[11681]: session engine exiting May 6 10:08:40 bgp1 bgpd[3820]: kernel routing table 0 (Loc-RIB) decoupled May 6 10:08:40 bgp1 bgpd[3820]: Terminating I guess bug is not solved in 5.7 release then. Maybe 5.7 stable? This issue is having really bad impact on my network. Both ISP links are up and running, but - as bgpd dies - my firewall has no routes which effectively stops the traffic flow with the Internet. I have contacted ISPs and ask them to check if they are sending us bad bgp packets. Regardless of that, I think bgpd shouldn't just shutdown itself no matter what payload it gets? Any help with this would be highly appreciated. -- Marko Cupać https://www.mimar.rs
Re: building httpd after applying 005_httpd.patch.sig fails
On Sat, 2 May 2015 06:53:26 + (UTC) Stuart Henderson s...@spacehopper.org wrote: On 2015-05-01, Marko Cupać marko.cu...@mimar.rs wrote: Hi, I have another failed build after errata patch application, this time with 005_httpd.patch.sig. # make yacc -d /usr/src/usr.sbin/httpd/parse.y mv y.tab.c parse.c make: don't know how to make /usr/include/ressl.h (prerequisite of: parse.o) Stop in /usr/src/usr.sbin/httpd I don't know how, but your httpd source directory is old, it should not refer to ressl.h at all - this was renamed some time ago. I can't but notice that out of 4 errata patches for 5.7 I encountered so far, I had to fix typo in one, one applied and built fine, and two failed. Which is 25% success rate. While there is a possibility something is wrong with my system (which I doubt as I deleted /usr/src /usr/xenocara and /usr/ports dirs, extracted fresh sources from http://ftp.eu.openbsd.org/pub/OpenBSD/5.7/ and started Where exactly on ftp.eu? I checked the src.tar.gz file from the 5.7 directory and the httpd sources look correct to me. applying errata patches), could it be that someone did really bad job testing these patches? They could have done with a bit more proof-reading but the problem you are currently seeing isn't to do with the patch. In the end it was my fault, apparently. I forgot I updated sources to 5.6-stable few day ago, rebuilt kernel and userland, leaving stuff in /usr/obj/. I am usually release + errata kind of guy, so I never had this situation before. This time around I removed src, xenocara, ports _and_ obj directories in /usr. Patches were applied ok (002 still has the typo but working around that was easy), and all the builds finished well. Sorry for the fuss. -- Marko Cupać https://www.mimar.rs
strange syslogd behaviour
Hi, I have a pair of firewalls with identical syslog.conf files. Nothing special, just removed all the comments, and added a few lines for npppd log redirection: # $OpenBSD: syslog.conf,v 1.17 2005/05/25 07:35:38 david Exp $ # npppd by pacija !!npppd *.* /var/log/npppd !* *.notice;auth,authpriv,cron,ftp,kern,lpr,mail,user.none /var/log/messages kern.debug;syslog,user.info /var/log/messages auth.info /var/log/authlog authpriv.debug /var/log/secure cron.info /var/cron/log daemon.info /var/log/daemon ftp.info/var/log/xferlog lpr.debug /var/log/lpd-errs mail.info /var/log/maillog *.emerg * If I rsync syslog.conf from one firewall to another and restart syslogd, everything works as expected. However, if I list file contents with cat in ssh session on one firewall and paste it in vi in ssh session on another one, although I get expected terminal output: pacija@nat2:~ $ sudo /etc/rc.d/syslogd restart syslogd(ok) syslogd(ok) Only syslogd exiting (and not consequent start) is logged: May 3 00:36:57 nat2 syslogd: exiting on signal 15 After this syslogd is shown as running but nothing gets logged to messages, authlog etc. pacija@nat2:~ $ ps ax | grep syslog 27166 ?? Ss 0:00.01 syslogd: [priv] (syslogd) 2840 ?? S 0:00.00 /usr/sbin/syslogd 29084 p0 R+ 0:00.00 grep syslog Is this just my system or someone can reproduce this? What could be the reason for this? Thank you in advance, -- Marko Cupać https://www.mimar.rs
Re: strange syslogd behaviour
On Sat, 2 May 2015 16:03:51 -0700 Philip Guenther guent...@gmail.com wrote: On Sat, May 2, 2015 at 3:55 PM, Marko Cupać marko.cu...@mimar.rs wrote: I have a pair of firewalls with identical syslog.conf files. Nothing special, just removed all the comments, and added a few lines for npppd log redirection: ... If I rsync syslog.conf from one firewall to another and restart syslogd, everything works as expected. However, if I list file contents with cat in ssh session on one firewall and paste it in vi in ssh session on another one, although I get expected terminal output: ... Only syslogd exiting (and not consequent start) is logged: May 3 00:36:57 nat2 syslogd: exiting on signal 15 After this syslogd is shown as running but nothing gets logged to messages, authlog etc. ... Is this just my system or someone can reproduce this? What could be the reason for this? So the results for a file scp'ed differs from one copy-n-pasted. Did you consider using diff on the resulting files to see how they differed? The syntax of syslog.conf treats tabs differently than spaces. When you cat, then copy and paste, you're almost certainly converting the tabs to spaces. Or it could be something completely different that diff will reveal. Philip Guenther Hi Philip, thank you for looking into it. Here's the diff: pacija@nat2:~ $ diff -u syslog.conf syslog.conf.copy --- syslog.conf Sun May 3 01:05:33 2015 +++ syslog.conf.copySun May 3 01:06:03 2015 @@ -1,15 +1,15 @@ -# $OpenBSD: syslog.conf,v 1.17 2005/05/25 07:35:38 david Exp $ +# $OpenBSD: syslog.conf,v 1.17 2005/05/25 07:35:38 david Exp $ # npppd by pacija !!npppd -*.*/var/log/npppd +*.* /var/log/npppd !* -*.notice;auth,authpriv,cron,ftp,kern,lpr,mail,user.none /var/log/messages -kern.debug;syslog,user.info/var/log/messages -auth.info /var/log/authlog -authpriv.debug /var/log/secure -cron.info /var/cron/log -daemon.info/var/log/daemon -ftp.info /var/log/xferlog -lpr.debug /var/log/lpd-errs -mail.info /var/log/maillog -*.emerg* +*.notice;auth,authpriv,cron,ftp,kern,lpr,mail,user.none /var/log/messages +kern.debug;syslog,user.info /var/log/messages +auth.info /var/log/authlog +authpriv.debug /var/log/secure +cron.info /var/cron/log +daemon.info /var/log/daemon +ftp.info/var/log/xferlog +lpr.debug /var/log/lpd-errs +mail.info /var/log/maillog +*.emerg * So, clearly there are differences (probably tabs and spaces as you say). I see in syslog.conf man page that The selector field is separated from the action field by one or more tab characters. Spaces aren't mentioned. So, while I agree I should read man page and respect instruction about tabs, it appears it is quite easy to make a mistake and end up with system that does not log, without obvious reason. Is 'tabs only' really necessary? Why are spaces bad? pf for example does not seem to care if I use spaces or tabs. Also, wouldn't it be good to have a mechanism to parse conf file and warn that no logging will be done instead of just throw 'syslogd (ok)' and quit all the logging? Regards, -- Marko Cupać https://www.mimar.rs
rebuilding smtpd after applying 004_smtpd.patch.sig fails
Hi, I have just upgraded to 5.7 and am in process of applying errata patches. 04_smtpd.patch.sig applies fine, but building smtpd afterwards fails with the following message: ssl.o(.text+0x9df): In function `ssl_ctx_create': : undefined reference to `SSL_CTX_use_certificate_chain_mem' collect2: ld returned 1 exit status *** Error 1 in smtpd (bsd.prog.mk:85 'smtpd') *** Error 1 in /usr/src/usr.sbin/smtpd (bsd.subdir.mk:48 'all') -- Marko Cupać https://www.mimar.rs
building httpd after applying 005_httpd.patch.sig fails
Hi, I have another failed build after errata patch application, this time with 005_httpd.patch.sig. # make yacc -d /usr/src/usr.sbin/httpd/parse.y mv y.tab.c parse.c make: don't know how to make /usr/include/ressl.h (prerequisite of: parse.o) Stop in /usr/src/usr.sbin/httpd I can't but notice that out of 4 errata patches for 5.7 I encountered so far, I had to fix typo in one, one applied and built fine, and two failed. Which is 25% success rate. While there is a possibility something is wrong with my system (which I doubt as I deleted /usr/src /usr/xenocara and /usr/ports dirs, extracted fresh sources from http://ftp.eu.openbsd.org/pub/OpenBSD/5.7/ and started applying errata patches), could it be that someone did really bad job testing these patches? -- Marko Cupać https://www.mimar.rs
patching the patch :) 002_libxfont.patch.sig
Hi, during process of applying errata patch 002_libxfont.patch.sig I have found a typo, so here's the patch which corrects it: --- 002_libxfont.patch.sig.orig Fri May 1 21:07:02 2015 +++ 002_libxfont.patch.sig Fri May 1 21:07:24 2015 @@ -17,7 +17,7 @@ Then build and install a new libXfont: -cd /usr/xenocara/lib/libXont +cd /usr/xenocara/lib/libXfont make -f Makefile.bsd-wrapper obj make -f Makefile.bsd-wrapper build Thanks for the new release :) -- Marko Cupać https://www.mimar.rs
ro ignored in fstab
Hi, I have a firewall which was originally installed with 5.4 release, and it was configured to be resistant to sudden power outages by means of mounting / as read only, and /var and /dev partitions as mfs populated from /mfs/var and /mfs/dev. Here's fstab: e3f2007c8606c31a.a / ffs ro 1 1 swap /var mfs rw,-P=/mfs/var,-s=32768,nodev,nosuid,noexec 0 0 swap /dev mfs rw,-P=/mfs/dev,-s=8192,-i=128,nosuid,noexec 0 0 Although this is non-critical box on local network, I wanted to keep it up to date so yesterday I upgraded it to 5.5 first, and then to 5.6. It appears that it no longer mounts / as read only. mount output shows the following: /dev/wd0a on / type ffs (local) mfs:15966 on /var type mfs (asynchronous, local, nodev, noexec, nosuid, size=32768 512-blocks) mfs:29006 on /dev type mfs (asynchronous, local, noexec, nosuid, size=8192 512-blocks) Trying to remount it as read/write says device busy: $ sudo mount -ur / mount_ffs: /dev/wd0a on /: Device busy What could be preventing read-only mount? Thank you in advance, -- Marko Cupać https://www.mimar.rs
Re: help with bgpd error messages
On Tue, 28 Apr 2015 15:11:21 +0200 Claudio Jeker cje...@diehard.n-r-g.com wrote: The fatal in RDE: peer_up: bad state bug is fixed in 5.7 IIRC. Not sure if it was backported to 5.6. As a workaround you can disable the graceful restart capability to not trigger that code path. I was intending to upgrade on Friday anyway so no problem. In the meantime I updated to -stable, it's too early to say if it fixed it. Thank you, -- Marko Cupać https://www.mimar.rs
Re: ro ignored in fstab
On Wed, 29 Apr 2015 13:47:38 +0200 Otto Moerbeek o...@drijf.net wrote: On Wed, Apr 29, 2015 at 01:39:34PM +0200, Otto Moerbeek wrote: On Wed, Apr 29, 2015 at 01:13:28PM +0200, Marko Cupa?? wrote: Hi, I have a firewall which was originally installed with 5.4 release, and it was configured to be resistant to sudden power outages by means of mounting / as read only, and /var and /dev partitions as mfs populated from /mfs/var and /mfs/dev. Here's fstab: e3f2007c8606c31a.a / ffs ro 1 1 swap /var mfs rw,-P=/mfs/var,-s=32768,nodev,nosuid,noexec 0 0 swap /dev mfs rw,-P=/mfs/dev,-s=8192,-i=128,nosuid,noexec 0 0 Although this is non-critical box on local network, I wanted to keep it up to date so yesterday I upgraded it to 5.5 first, and then to 5.6. It appears that it no longer mounts / as read only. mount output shows the following: /dev/wd0a on / type ffs (local) mfs:15966 on /var type mfs (asynchronous, local, nodev, noexec, nosuid, size=32768 512-blocks) mfs:29006 on /dev type mfs (asynchronous, local, noexec, nosuid, size=8192 512-blocks) Trying to remount it as read/write says device busy: $ sudo mount -ur / mount_ffs: /dev/wd0a on /: Device busy What could be preventing read-only mount? rc mounts / rw explicitly these days, to be able to write a random Btw, it has been like that since 1997, so you had a modified rc, I presume. generator seed for the next boot. Why you cannot update to r/w I don't know, but fstat -f / might tell you more. If a file on / is open for r/w, the mount -u wil fail, as documented. Otto, thank you for fstat tip, there was bunch of files but just one that was being written to: pacija@rsbgavaalix02:~ $ sudo fstat -f / USER CMD PID FD MOUNTINUM MODE R/WSZ|DV _syslogd syslogd26174 14 / 390155 -rw--- w 4524 Next, i searched for a file with this INUM: pacija@rsbgavaalix02:~ $ sudo find / -inum 390155 /etc/cron/log AFAIK, cron related stuff should be in /var/cron, not /etc/cron. Listing /var showed that cron is a symlink: pacija@rsbgavaalix02:~ $ ls -lh /var/ lrwxr-xr-x 1 root wheel9B Apr 29 11:43 cron - /etc/cron Maybe this has something to do with the way I copied /var to /mfs/var (i used cp -RPp)? I am going to re-try with tar. -- Marko Cupać https://www.mimar.rs
Re: ro ignored in fstab (SOLVED)
On Wed, 29 Apr 2015 14:16:15 +0200 Marko Cupać marko.cu...@mimar.rs wrote: On Wed, 29 Apr 2015 13:47:38 +0200 Otto Moerbeek o...@drijf.net wrote: On Wed, Apr 29, 2015 at 01:39:34PM +0200, Otto Moerbeek wrote: On Wed, Apr 29, 2015 at 01:13:28PM +0200, Marko Cupa?? wrote: Hi, I have a firewall which was originally installed with 5.4 release, and it was configured to be resistant to sudden power outages by means of mounting / as read only, and /var and /dev partitions as mfs populated from /mfs/var and /mfs/dev. Here's fstab: e3f2007c8606c31a.a / ffs ro 1 1 swap /var mfs rw,-P=/mfs/var,-s=32768,nodev,nosuid,noexec 0 0 swap /dev mfs rw,-P=/mfs/dev,-s=8192,-i=128,nosuid,noexec 0 0 Although this is non-critical box on local network, I wanted to keep it up to date so yesterday I upgraded it to 5.5 first, and then to 5.6. It appears that it no longer mounts / as read only. mount output shows the following: /dev/wd0a on / type ffs (local) mfs:15966 on /var type mfs (asynchronous, local, nodev, noexec, nosuid, size=32768 512-blocks) mfs:29006 on /dev type mfs (asynchronous, local, noexec, nosuid, size=8192 512-blocks) Trying to remount it as read/write says device busy: $ sudo mount -ur / mount_ffs: /dev/wd0a on /: Device busy What could be preventing read-only mount? rc mounts / rw explicitly these days, to be able to write a random Btw, it has been like that since 1997, so you had a modified rc, I presume. generator seed for the next boot. Why you cannot update to r/w I don't know, but fstat -f / might tell you more. If a file on / is open for r/w, the mount -u wil fail, as documented. Otto, thank you for fstat tip, there was bunch of files but just one that was being written to: pacija@rsbgavaalix02:~ $ sudo fstat -f / USER CMD PID FD MOUNTINUM MODE R/W SZ|DV _syslogd syslogd26174 14 / 390155 -rw--- w 4524 Next, i searched for a file with this INUM: pacija@rsbgavaalix02:~ $ sudo find / -inum 390155 /etc/cron/log AFAIK, cron related stuff should be in /var/cron, not /etc/cron. Listing /var showed that cron is a symlink: pacija@rsbgavaalix02:~ $ ls -lh /var/ lrwxr-xr-x 1 root wheel9B Apr 29 11:43 cron - /etc/cron Maybe this has something to do with the way I copied /var to /mfs/var (i used cp -RPp)? I am going to re-try with tar. Deleting /mfs/var/cron as a symlink and moving /etc/cron to /mfs/var/cron solved my problem. I guess back at the time of original setup I followed outdated howto which suggested symlinking cron dir from var to etc: https://www.packetmischief.ca/openbsd-compact-flash-firewall/ Regards, -- Marko Cupać https://www.mimar.rs
help with bgp error messages
Hi, I have a pair of OpenBSD 5.6 firewalls running releases happily for years (I think since 5.1). They are in CARP failover mode, running bgp sessions with upstrem providers and filtering traffic. Few days ago I had Internet outage (first in years), which appear to happen as a result of bgpd crash. I could ping ISP's interface, but then i noticed i have no routes at all (except connected ones) in routing table. Next, I discovered there is no bgpd running process. Restarting bgpd gave me routes and Internet connectivity back. Here's excerpt from messages log: Apr 17 18:29:18 bgp2 bgpd[9759]: neighbor 82.117.192.121 (sbb): sync error Apr 17 18:29:18 bgp2 bgpd[9759]: neighbor 82.117.192.121 (sbb): sending notification: Header error, synchronization error Apr 17 18:29:18 bgp2 bgpd[9759]: neighbor 82.117.192.121 (sbb): graceful restart of IPv4 unicast, keeping routes Apr 17 18:29:18 bgp2 bgpd[24107]: neighbor 82.117.192.121 (sbb): bad nlri prefix Apr 17 18:29:19 bgp2 bgpd[9759]: neighbor 82.117.192.121 (sbb): sending notification: error in UPDATE message, network unacceptable Apr 17 18:29:51 bgp2 bgpd[9759]: neighbor 82.117.192.121 (sbb): graceful restart of IPv4 unicast, not restarted, flushing Apr 17 18:29:52 bgp2 bgpd[24107]: fatal in RDE: peer_up: bad state Apr 17 18:29:52 bgp2 bgpd[32268]: dispatch_imsg in main: pipe closed Apr 17 18:29:52 bgp2 bgpd[9759]: neighbor 82.117.192.121 (sbb): sending notification: Cease, administratively down Apr 17 18:29:52 bgp2 bgpd[9759]: neighbor 178.253.194.253 (orion): sending notification: Cease, administratively down Also from daemon log at the same time: Apr 17 18:29:18 bgp2 bgpd[9759]: neighbor 82.117.192.121 (sbb): sync error Apr 17 18:29:18 bgp2 bgpd[9759]: neighbor 82.117.192.121 (sbb): sending notification: Header error, synchronization error Apr 17 18:29:18 bgp2 bgpd[9759]: neighbor 82.117.192.121 (sbb): graceful restart of IPv4 unicast, keeping routes Apr 17 18:29:18 bgp2 bgpd[9759]: neighbor 82.117.192.121 (sbb): state change Established - Idle, reason: Fatal error Apr 17 18:29:18 bgp2 bgpd[9759]: neighbor 82.117.192.121 (sbb): state change Idle - Connect, reason: Start Apr 17 18:29:18 bgp2 bgpd[32268]: incremented the demote state of group 'carp' Apr 17 18:29:18 bgp2 bgpd[24107]: neighbor 82.117.192.121 (sbb): bad nlri prefix Apr 17 18:29:18 bgp2 bgpd[9759]: neighbor 82.117.192.121 (sbb): state change Connect - OpenSent, reason: Connection opened Apr 17 18:29:18 bgp2 bgpd[9759]: neighbor 82.117.192.121 (sbb): state change OpenSent - Active, reason: Connection closed Apr 17 18:29:19 bgp2 bgpd[9759]: neighbor 82.117.192.121 (sbb): sending notification: error in UPDATE message, network unacceptable Apr 17 18:29:19 bgp2 bgpd[9759]: neighbor 82.117.192.121 (sbb): state change Active - Idle, reason: Fatal error Apr 17 18:29:49 bgp2 bgpd[9759]: neighbor 82.117.192.121 (sbb): state change Idle - Connect, reason: Start Apr 17 18:29:49 bgp2 bgpd[9759]: neighbor 82.117.192.121 (sbb): state change Connect - OpenSent, reason: Connection opened Apr 17 18:29:51 bgp2 bgpd[9759]: neighbor 82.117.192.121 (sbb): graceful restart of IPv4 unicast, not restarted, flushing Apr 17 18:29:51 bgp2 bgpd[9759]: neighbor 82.117.192.121 (sbb): state change OpenSent - OpenConfirm, reason: OPEN message received Apr 17 18:29:51 bgp2 bgpd[9759]: neighbor 82.117.192.121 (sbb): state change OpenConfirm - Established, reason: KEEPALIVE message received Apr 17 18:29:52 bgp2 bgpd[24107]: fatal in RDE: peer_up: bad state Apr 17 18:29:52 bgp2 bgpd[32268]: dispatch_imsg in main: pipe closed Apr 17 18:29:52 bgp2 bgpd[9759]: neighbor 82.117.192.121 (sbb): sending notification: Cease, administratively down Apr 17 18:29:52 bgp2 bgpd[32268]: decremented the demote state of group 'carp' Apr 17 18:29:52 bgp2 bgpd[9759]: neighbor 82.117.192.121 (sbb): state change Established - Idle, reason: Stop Apr 17 18:29:52 bgp2 bgpd[9759]: neighbor 178.253.194.253 (orion): sending notification: Cease, administratively down Apr 17 18:29:52 bgp2 bgpd[9759]: neighbor 178.253.194.253 (orion): state change Established - Idle, reason: Stop Apr 17 18:29:52 bgp2 bgpd[9759]: session engine exiting Apr 17 18:29:54 bgp2 bgpd[32268]: kernel routing table 0 (Loc-RIB) decoupled Apr 17 18:29:55 bgp2 bgpd[32268]: Terminating I would be grateful if someone explained me me what happened here, and also what to do in order to avoid it in the future. Thank you in advance, -- Marko Cupać https://www.mimar.rs
help with bgpd error messages
Hi, I have a pair of OpenBSD 5.6 firewalls running releases happily for years (I think since 5.1). They are in CARP failover mode, running bgp sessions with upstrem providers and filtering traffic. Few days ago I had Internet outage (first in years), which appear to happen as a result of bgpd crash. I could ping ISP's interface, but then i noticed i have no routes at all (except connected ones) in routing table. Next, I discovered there is no bgpd running process. Restarting bgpd gave me routes and Internet connectivity back. Here's excerpt from messages log: Apr 17 18:29:18 bgp2 bgpd[9759]: neighbor 82.117.192.121 (sbb): sync error Apr 17 18:29:18 bgp2 bgpd[9759]: neighbor 82.117.192.121 (sbb): sending notification: Header error, synchronization error Apr 17 18:29:18 bgp2 bgpd[9759]: neighbor 82.117.192.121 (sbb): graceful restart of IPv4 unicast, keeping routes Apr 17 18:29:18 bgp2 bgpd[24107]: neighbor 82.117.192.121 (sbb): bad nlri prefix Apr 17 18:29:19 bgp2 bgpd[9759]: neighbor 82.117.192.121 (sbb): sending notification: error in UPDATE message, network unacceptable Apr 17 18:29:51 bgp2 bgpd[9759]: neighbor 82.117.192.121 (sbb): graceful restart of IPv4 unicast, not restarted, flushing Apr 17 18:29:52 bgp2 bgpd[24107]: fatal in RDE: peer_up: bad state Apr 17 18:29:52 bgp2 bgpd[32268]: dispatch_imsg in main: pipe closed Apr 17 18:29:52 bgp2 bgpd[9759]: neighbor 82.117.192.121 (sbb): sending notification: Cease, administratively down Apr 17 18:29:52 bgp2 bgpd[9759]: neighbor 178.253.194.253 (orion): sending notification: Cease, administratively down Also from daemon log at the same time: Apr 17 18:29:18 bgp2 bgpd[9759]: neighbor 82.117.192.121 (sbb): sync error Apr 17 18:29:18 bgp2 bgpd[9759]: neighbor 82.117.192.121 (sbb): sending notification: Header error, synchronization error Apr 17 18:29:18 bgp2 bgpd[9759]: neighbor 82.117.192.121 (sbb): graceful restart of IPv4 unicast, keeping routes Apr 17 18:29:18 bgp2 bgpd[9759]: neighbor 82.117.192.121 (sbb): state change Established - Idle, reason: Fatal error Apr 17 18:29:18 bgp2 bgpd[9759]: neighbor 82.117.192.121 (sbb): state change Idle - Connect, reason: Start Apr 17 18:29:18 bgp2 bgpd[32268]: incremented the demote state of group 'carp' Apr 17 18:29:18 bgp2 bgpd[24107]: neighbor 82.117.192.121 (sbb): bad nlri prefix Apr 17 18:29:18 bgp2 bgpd[9759]: neighbor 82.117.192.121 (sbb): state change Connect - OpenSent, reason: Connection opened Apr 17 18:29:18 bgp2 bgpd[9759]: neighbor 82.117.192.121 (sbb): state change OpenSent - Active, reason: Connection closed Apr 17 18:29:19 bgp2 bgpd[9759]: neighbor 82.117.192.121 (sbb): sending notification: error in UPDATE message, network unacceptable Apr 17 18:29:19 bgp2 bgpd[9759]: neighbor 82.117.192.121 (sbb): state change Active - Idle, reason: Fatal error Apr 17 18:29:49 bgp2 bgpd[9759]: neighbor 82.117.192.121 (sbb): state change Idle - Connect, reason: Start Apr 17 18:29:49 bgp2 bgpd[9759]: neighbor 82.117.192.121 (sbb): state change Connect - OpenSent, reason: Connection opened Apr 17 18:29:51 bgp2 bgpd[9759]: neighbor 82.117.192.121 (sbb): graceful restart of IPv4 unicast, not restarted, flushing Apr 17 18:29:51 bgp2 bgpd[9759]: neighbor 82.117.192.121 (sbb): state change OpenSent - OpenConfirm, reason: OPEN message received Apr 17 18:29:51 bgp2 bgpd[9759]: neighbor 82.117.192.121 (sbb): state change OpenConfirm - Established, reason: KEEPALIVE message received Apr 17 18:29:52 bgp2 bgpd[24107]: fatal in RDE: peer_up: bad state Apr 17 18:29:52 bgp2 bgpd[32268]: dispatch_imsg in main: pipe closed Apr 17 18:29:52 bgp2 bgpd[9759]: neighbor 82.117.192.121 (sbb): sending notification: Cease, administratively down Apr 17 18:29:52 bgp2 bgpd[32268]: decremented the demote state of group 'carp' Apr 17 18:29:52 bgp2 bgpd[9759]: neighbor 82.117.192.121 (sbb): state change Established - Idle, reason: Stop Apr 17 18:29:52 bgp2 bgpd[9759]: neighbor 178.253.194.253 (orion): sending notification: Cease, administratively down Apr 17 18:29:52 bgp2 bgpd[9759]: neighbor 178.253.194.253 (orion): state change Established - Idle, reason: Stop Apr 17 18:29:52 bgp2 bgpd[9759]: session engine exiting Apr 17 18:29:54 bgp2 bgpd[32268]: kernel routing table 0 (Loc-RIB) decoupled Apr 17 18:29:55 bgp2 bgpd[32268]: Terminating I would be grateful if someone explained me me what happened here, and also what to do in order to avoid it in the future. Thank you in advance, -- Marko Cupać https://www.mimar.rs
Re: L2TP using Npppd and IPsec
On Thu, 26 Mar 2015 13:21:10 -0400 Predrag Punosevac punoseva...@gmail.com wrote: Hi Misc, I need to provide secure access to a web application running on my servers to handful typical desktop users. I am thinking of requiring them to have L2TP/IPSec VPN tunnel before they can browse my application. HTTPS is not good enough due to the nature of the application. Why L2TP? I am not a Windows uses but it seems that it should be trivial to setup client side https://www.hideipvpn.com/2010/03/howto-windows-7-ipsecl2tp-vpn-setup-tutorial/ and avoid customer service requests, on another hand I am reading man pages for npppd and ipsec on 5.7 and Giovanni's slides from two years ago http://www.slideshare.net/GiovanniBechis/npppd-easy-vpn-with-openbsd for the talk he gave at BSDCan IIRC. I don't need to use RADIUS just a local authentication database. It is in the base and it seems very easy to configure. Is anybody running similar setup in production? Any caveats? Any other advises before I take a plunge. Predrag P.S. I have quite a bit experience with OpenVPN server on OpenBSD but in my experience getting credentials to a Windows client is pain because a typical user knows only to double click and I don't know now to properly make Windows packages. This setup works for 2 years like charm: https://www.mimar.rs/sysadmin/2013/npppd-novi-openbsd-pptp-server PPTP though, not L2TP. -- Marko Cupać https://www.mimar.rs
Re: 5.6 errata patch 006 problem
On Thu, 12 Mar 2015 07:23:40 -0400 Ted Unangst t...@tedunangst.com wrote: Marko Cupać wrote: Hi, I have applied errata patch 006 related to relayd to 5.6 source code, but it does not build. Any advices? # make cc -o relayd parse.o agentx.o ca.o carp.o check_icmp.o check_script.o check_tcp.o config.o control.o hce.o log.o name2id.o pfe.o pfe_filter.o pfe_route.o proc.o relay.o relay_http.o relay_udp.o relayd.o shuffle.o snmp.o ssl.o ssl_privsep.o -levent -lssl -lcrypto -lutil /usr/lib/libssl.so.27.0: undefined reference to `dtls1_build_sequence_number' /usr/lib/libssl.so.27.0: undefined reference to `OPENSSL_DIR_read' /usr/lib/libssl.so.27.0: undefined reference to `ssl_cipher_get_evp_aead' /usr/lib/libssl.so.27.0: undefined reference to `dtls1_heartbeat' /usr/lib/libssl.so.27.0: undefined reference to `tls1_process_heartbeat' /usr/lib/libssl.so.27.0: undefined reference to `OPENSSL_DIR_end' Those functions were deleted before 5.6. I don't know how you managed to build a libssl.so.27 that references them. I don't think I have built them. If I remember well, this system was freshly installed with 5.5 release back when it was actual. I have just upgraded it to 5.6 (following advice from upgrade56, without install kernel). -- Marko Cupać https://www.mimar.rs
5.6 errata patch 006 problem
Hi, I have applied errata patch 006 related to relayd to 5.6 source code, but it does not build. Any advices? # make cc -o relayd parse.o agentx.o ca.o carp.o check_icmp.o check_script.o check_tcp.o config.o control.o hce.o log.o name2id.o pfe.o pfe_filter.o pfe_route.o proc.o relay.o relay_http.o relay_udp.o relayd.o shuffle.o snmp.o ssl.o ssl_privsep.o -levent -lssl -lcrypto -lutil /usr/lib/libssl.so.27.0: undefined reference to `dtls1_build_sequence_number' /usr/lib/libssl.so.27.0: undefined reference to `OPENSSL_DIR_read' /usr/lib/libssl.so.27.0: undefined reference to `ssl_cipher_get_evp_aead' /usr/lib/libssl.so.27.0: undefined reference to `dtls1_heartbeat' /usr/lib/libssl.so.27.0: undefined reference to `tls1_process_heartbeat' /usr/lib/libssl.so.27.0: undefined reference to `OPENSSL_DIR_end' collect2: ld returned 1 exit status *** Error 1 in /usr/src/usr.sbin/relayd (bsd.prog.mk:84 'relayd') -- Marko Cupać https://www.mimar.rs
Re: 5.6 errata patch 006 problem (SOLVED)
On Thu, 12 Mar 2015 12:32:52 +0100 Marko Cupać marko.cu...@mimar.rs wrote: On Thu, 12 Mar 2015 07:23:40 -0400 Ted Unangst t...@tedunangst.com wrote: Marko Cupać wrote: Hi, I have applied errata patch 006 related to relayd to 5.6 source code, but it does not build. Any advices? # make cc -o relayd parse.o agentx.o ca.o carp.o check_icmp.o check_script.o check_tcp.o config.o control.o hce.o log.o name2id.o pfe.o pfe_filter.o pfe_route.o proc.o relay.o relay_http.o relay_udp.o relayd.o shuffle.o snmp.o ssl.o ssl_privsep.o -levent -lssl -lcrypto -lutil /usr/lib/libssl.so.27.0: undefined reference to `dtls1_build_sequence_number' /usr/lib/libssl.so.27.0: undefined reference to `OPENSSL_DIR_read' /usr/lib/libssl.so.27.0: undefined reference to `ssl_cipher_get_evp_aead' /usr/lib/libssl.so.27.0: undefined reference to `dtls1_heartbeat' /usr/lib/libssl.so.27.0: undefined reference to `tls1_process_heartbeat' /usr/lib/libssl.so.27.0: undefined reference to `OPENSSL_DIR_end' Those functions were deleted before 5.6. I don't know how you managed to build a libssl.so.27 that references them. I don't think I have built them. If I remember well, this system was freshly installed with 5.5 release back when it was actual. I have just upgraded it to 5.6 (following advice from upgrade56, without install kernel). It went on to install all the errata patches, and after installing 017 http://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/017_openssl.patch.sig ... I went back to 006 and 009 and they installed fine. -- Marko Cupać https://www.mimar.rs
Re: 5.6 errata patch 006 problem
On Thu, 12 Mar 2015 11:55:22 +0100 Marko Cupać marko.cu...@mimar.rs wrote: Hi, I have applied errata patch 006 related to relayd to 5.6 source code, but it does not build. Any advices? Also with 009: cc -o httpd parse.o config.o control.o httpd.o log.o logger.o proc.o server.o server_http.o server_file.o server_fcgi.o -levent -lressl -lssl -lcrypto -lutil /usr/lib/libssl.so.27.0: undefined reference to `dtls1_build_sequence_number' /usr/lib/libssl.so.27.0: undefined reference to `OPENSSL_DIR_read' /usr/lib/libssl.so.27.0: undefined reference to `ssl_cipher_get_evp_aead' /usr/lib/libssl.so.27.0: undefined reference to `dtls1_heartbeat' /usr/lib/libssl.so.27.0: undefined reference to `tls1_process_heartbeat' /usr/lib/libssl.so.27.0: undefined reference to `OPENSSL_DIR_end' collect2: ld returned 1 exit status *** Error 1 in /usr/src/usr.sbin/httpd (bsd.prog.mk:84 'httpd') -- Marko Cupać https://www.mimar.rs
Re: Munich BSD meetup
On Sun, 8 Feb 2015 01:42:50 -0500 Christopher Barry christopher.r.ba...@gmail.com wrote: I mean, you guys did buy Budweiser, just sayin... I am still buying Budweiser, it is my favourite beer. Just probably not the one you are referring to. Budweis is German name for city of České Budějovice in Czech Republic. Budweiser means the one from Budweis, the same as New Yorker means the one from New York. http://en.wikipedia.org/wiki/Budweiser_Budvar_Brewery -- Marko Cupać
clementine stutters when playing local files
Hi, When playing local mp3 files in clementine, there are frequent short skips. Listening to the same files over network (icecast) everything is ok. This is modern laptop with SSD disk, I guess it should be faster than wifi. Any advice on where should I start looking for solution? Thank you in advance, -- Marko Cupać https://www.mimar.rs/
Re: xfce4-power-manager not updating battery status
On Wed, 17 Dec 2014 17:33:36 +0100
Alessandro DE LAURENZIS just22@gmail.com wrote:
Maybe useless to say, but you should add the user session d-bus part
too; in .xinitrc, something like:
# Start a session bus instance of dbus-daemon
if [ -x /usr/local/bin/dbus-launch -a -z ${DBUS_SESSION_BUS_ADDRESS} ]; then
eval `dbus-launch --sh-syntax --exit-with-session`
fi
(see /usr/local/share/doc/pkg-readmes/dbus-x.y.z, maybe not needed if
your login/session manager does that for you).
Alessandro,
are you sure I need both dbus sessions? As far as I understand, it is
either system-wide dbus in pkg_scripts, or per-user, when one does not
want to run system-wide service.
--
Marko Cupać
https://www.mimar.rs/
Re: clementine stutters when playing local files
On Thu, 18 Dec 2014 09:13:31 +0100 Marko Cupać marko.cu...@mimar.rs wrote: Hi, When playing local mp3 files in clementine, there are frequent short skips. Listening to the same files over network (icecast) everything is ok. I searched around, and It appears that I have I/O bottleneck, as vmstat constantly shows blocked processes even though laptop does close to nothing: procsmemory pagediskstraps cpu r b wavm fre flt re pi po fr sr sd0 sd1 int sys cs us sy id 1 5 0 817348 6063372 680 0 0 0 0 0 11 1068 1911 26543 4849 6 6 88 2 5 0 817364 6063352 41 0 0 0 0 0 0 0 131 7076 933 4 0 96 2 5 0 817424 6063288 37 0 0 0 0 0 0 0 135 7334 983 3 1 96 1 5 0 817436 6067428 37 0 0 0 0 0 0 0 143 6822 921 3 1 96 1 5 0 817516 6067348 43 0 0 0 0 0 0 0 134 7337 976 5 0 95 0 5 0 817520 6067340 25 0 0 0 0 0 0 0 133 7001 939 3 1 96 1 5 0 817744 6067116 80 0 0 0 0 0 0 0 136 7419 998 4 0 96 2 5 0 817760 6067100 38 0 0 0 0 0 0 0 134 6944 936 2 1 97 2 5 0 818096 6066764 176 0 0 0 0 0 0 0 134 7668 1147 4 1 95 2 5 0 818124 6066720 34 0 0 0 0 0 2 0 132 6949 941 3 0 97 2 5 0 818420 6066424 112 0 0 0 0 0 0 0 141 8124 1058 3 2 95 1 5 0 818416 6066428 27 0 0 0 0 0 0 0 134 7435 981 3 1 96 2 5 0 818656 6066236 136 0 0 0 0 0 0 0 168 7714 1069 4 1 95 1 5 0 818672 6075136 27 0 0 0 0 0 0 0 141 7140 947 4 2 94 Here's atactl identify output: Model: KINGSTON SV300S37A240G, Rev: 521ABBF0, Serial #: 50026B72410EC74E Device type: ATA, fixed Cylinders: 16383, heads: 16, sec/track: 63, total sectors: 468862128 Device capabilities: ATA standby timer values IORDY operation IORDY disabling Device supports the following standards: ATA-2 ATA-3 ATA-4 ATA-5 ATA-6 ATA-7 ATA-8 Master password revision code 0xfffe Device supports the following command sets: NOP command READ BUFFER command WRITE BUFFER command Host Protected Area feature set Read look-ahead Write cache Power Management feature set Security Mode feature set SMART feature set Flush Cache Ext command Flush Cache command 48bit address feature set Set Max security extension commands Set Features subcommand required Power-up in standby feature set Advanced Power Management feature set DOWNLOAD MICROCODE command IDLE IMMEDIATE with UNLOAD FEATURE SMART self-test SMART error logging Device has enabled the following command sets/features: NOP command READ BUFFER command WRITE BUFFER command Host Protected Area feature set Read look-ahead Write cache Power Management feature set SMART feature set Flush Cache Ext command Flush Cache command 48bit address feature set Set Features subcommand required Advanced Power Management feature set DOWNLOAD MICROCODE command Any advice on where should I start looking for solution? Thank you in advance, -- Marko Cupać https://www.mimar.rs/
Re: xfce4-power-manager not updating battery status
On Thu, 18 Dec 2014 10:52:42 +0100 Stefan Sperling s...@stsp.name wrote: You need both, I believe. On my system with XFCE running I see: $ pgrep -fl dbus 6078 /usr/local/bin/dbus-daemon --fork --print-pid 5 --print-address 7 --session 10590 /usr/local/bin/dbus-launch --sh-syntax --exit-with-session xfce4-session 20502 /usr/local/bin/dbus-daemon --system I tried both ways, with and without mentioned lines in ~/.xinitrc. I would still say that there is no need for them in ~/.xinitrc, as they are already in system-wide /etc/X11/xinit/xinitrc, as stated in mentioned pkg-readmes/dbus-X.X.X One way or another, battery status is still not updated in xfce4-power-manager. As for Stefan's suggestion for removing external battery, I have just tried it, and xfce4-power-manager still does not update status. Here's what sensors say without external battery: pacija@efreet:/usr/local/share/doc/pkg-readmes $ sysctl -a | grep bat hw.sensors.acpibat0.volt0=11.10 VDC (voltage) hw.sensors.acpibat0.volt1=12.38 VDC (current voltage) hw.sensors.acpibat0.power0=5.46 W (rate) hw.sensors.acpibat0.watthour0=18.86 Wh (last full capacity) hw.sensors.acpibat0.watthour1=0.94 Wh (warning capacity) hw.sensors.acpibat0.watthour2=0.20 Wh (low capacity) hw.sensors.acpibat0.watthour3=17.28 Wh (remaining capacity), OK hw.sensors.acpibat0.watthour4=23.20 Wh (design capacity) hw.sensors.acpibat0.raw0=2 (battery charging), OK After inserting external battery live, without reboot: pacija@efreet:/usr/local/share/doc/pkg-readmes $ sysctl -a | grep bat hw.sensors.acpibat0.volt0=11.10 VDC (voltage) hw.sensors.acpibat0.volt1=12.34 VDC (current voltage) hw.sensors.acpibat0.power0=0.00 W (rate) hw.sensors.acpibat0.watthour0=18.86 Wh (last full capacity) hw.sensors.acpibat0.watthour1=0.94 Wh (warning capacity) hw.sensors.acpibat0.watthour2=0.20 Wh (low capacity) hw.sensors.acpibat0.watthour3=17.78 Wh (remaining capacity), OK hw.sensors.acpibat0.watthour4=23.20 Wh (design capacity) hw.sensors.acpibat0.raw0=0 (battery idle), OK hw.sensors.acpibat1.volt0=0.00 VDC (voltage) hw.sensors.acpibat1.volt1=11.59 VDC (current voltage) hw.sensors.acpibat1.power0=25.05 W (rate) hw.sensors.acpibat1.watthour0=0.00 Wh (last full capacity) hw.sensors.acpibat1.watthour1=0.00 Wh (warning capacity) hw.sensors.acpibat1.watthour2=0.00 Wh (low capacity) hw.sensors.acpibat1.watthour3=1.08 Wh (remaining capacity), OK hw.sensors.acpibat1.watthour4=0.00 Wh (design capacity) hw.sensors.acpibat1.raw0=2 (battery full), OK While we are at it, which value is apm supposed to show? Combined acpibat0 and acpibat1? Thanks to all the participants for help. -- Marko Cupać https://www.mimar.rs/
constant blocked procs in vmstat
Hi, I have constant number of blocked procs in vmstat after xfce starts when system-wide dbus is enabled in pkg_scripts on my laptop: pacija@efreet:~ $ vmstat 1 10 procsmemory pagedisk traps cpu r b wavm fre flt re pi po fr sr sd0 int sys cs us sy id 1 4 0 201148 7327260 3506 0 0 0 0 0 228 340 14801 1258 2 2 96 0 4 0 201148 7327260 28 0 0 0 0 0 0 35 540 75 0 0 100 0 4 0 201156 7327248 42 0 0 0 0 0 0 625 2742 436 0 1 99 0 4 0 201160 7327240 13 0 0 0 0 0 0 256 904 138 0 0 100 0 4 0 201248 7327148 173 0 0 0 0 0 0 602 5636 737 0 0 100 0 4 0 201248 7327148 13 0 0 0 0 0 0 614 3147 460 0 0 100 0 4 0 201256 7327140 15 0 0 0 0 0 0 202 2064 238 0 0 100 0 4 0 201256 7327140 13 0 0 0 0 0 0 22 1355 170 0 0 100 0 4 0 201268 7327128 52 0 0 0 0 0 0 25 2183 399 1 0 99 0 4 0 201268 7327128 24 0 0 0 0 0 0 18 1518 185 0 0 100 If i disable system-wide dbus, it drops to constant 1. How can I find out what are blocked processes? And why are they constantly blocked? Thank you in advance, -- Marko Cupać https://www.mimar.rs/
Re: clementine stutters when playing local files
On Thu, 18 Dec 2014 16:12:38 +0400 Vadim Zhukov persg...@gmail.com wrote: Yes, there are issues related to the fact that disk I/O causes major - from the audio's point of view - pauses. Unfortunately I'm not expert in this area, but this is what you could do: 1. Disable sonogram in Clementine. Yes, this helps a bit, but I was too lazy to investigate, why. :) 2. Try to _lower_ buffer sizes. Larger buffer causes larger read. Eventually I'll look at Clementine 2.x... Hi Vadim, thank you for the tip. I lowered buffer size to 1000ms and disabled moodbar generation, and I do not experience any more stutters. What remains unanswered is why my 50€ SSD gives worse throughput than 5€ wifi adapter, but let's leave it for another thread. -- Marko Cupać https://www.mimar.rs/
Re: xfce4-power-manager not updating battery status
On Wed, 17 Dec 2014 09:00:14 +0100 Peter Hessler phess...@theapt.org wrote: Does running apm show the correct battery status? While plugged in: Battery state: high, 100% remaining, unknown life estimate A/C adapter state: connected Performance adjustment mode: manual (1796 MHz) On battery: Battery state: high, 100% remaining, unknown life estimate A/C adapter state: not connected Performance adjustment mode: manual (1796 MHz) -- Marko Cupać https://www.mimar.rs/
remmina rdp hangs, maxes cpu
Hi, I have a problem with remmina on 5.6 when connecting to RDP servers. Quite often it hangs, and I have to alt-tab out of it and kill it. Also CPU is at max while hang. Here's top output: pacija@efreet:~ $ top -d 1 load averages: 2.34, 2.14, 1.53efreet.mimar.rs 09:48:36 85 processes: 82 idle, 1 dead, 2 on processor CPU0 states: 14.3% user, 0.0% nice, 0.5% system, 0.5% interrupt, 84.7% idle CPU1 states: 20.3% user, 0.0% nice, 0.4% system, 0.0% interrupt, 79.3% idle CPU2 states: 17.4% user, 0.0% nice, 0.5% system, 0.0% interrupt, 82.1% idle CPU3 states: 16.3% user, 0.0% nice, 0.5% system, 0.0% interrupt, 83.2% idle Memory: Real: 884M/1537M act/tot Free: 6117M Cache: 297M Swap: 0K/4095M PID USERNAME PRI NICE SIZE RES STATE WAIT TIMECPU COMMAND 29462 pacija640 54M 75M onproc-30:03 199.07% remmina 10071 _x11 20 21M 63M sleep select0:32 5.22% Xorg 15000 pacija280 806M 224M sleep thrslee 0:26 1.90% chrome 24731 pacija 20 3784K 16M sleep poll 0:05 1.42% xfwm4 17739 pacija 20 6004K 20M sleep poll 0:03 0.39% xfce4-panel 23172 pacija 20 7928K 22M sleep poll 0:02 0.34% xfce4-terminal 14799 pacija 20 107M 101M sleep poll 0:29 0.00% chrome 15492 pacija280 750M 166M sleep thrslee 0:13 0.00% chrome 28439 pacija 20 219M 91M sleep kqread0:12 0.00% chrome 27425 pacija 20 12M 56M sleep poll 0:05 0.00% owncloud 15526 pacija 20 11M 30M sleep poll 0:04 0.00% sylpheed 24977 pacija280 672M 88M sleep thrslee 0:04 0.00% chrome 9923 pacija 20 39M 79M sleep poll 0:03 0.00% clementine 20156 pacija280 656M 74M sleep thrslee 0:02 0.00% chrome 30792 pacija280 655M 77M sleep thrslee 0:02 0.00% chrome 10421 pacija 20 11M 25M idle poll 0:02 0.00% mousepad 30104 pacija 20 9448K 30M sleep poll 0:01 0.00% pidgin 11707 pacija 20 6756K 21M sleep poll 0:01 0.00% xfdesktop -- Marko Cupać https://www.mimar.rs/
Re: xfce4-power-manager not updating battery status
On Wed, 17 Dec 2014 09:54:12 +0100 Peter Hessler phess...@theapt.org wrote: And after you've been on battery for 5-10 minutes? Does that give updated information? In the meantime, I have turned apmd (apmd -A), so I have additional info about battery life estimate: Battery state: high, 81% remaining, 202 minutes life estimate A/C adapter state: not connected Performance adjustment mode: auto (775 MHz) In layman's terms, I'd say that OpenBSD has correct information which is correctly read by xfce4-power-manager upon start of the application, but is not updated afterwards. -- Marko Cupać https://www.mimar.rs/
drm intel i915 errors
Hi, I see these in message log on my ThinkPad T440: Dec 17 09:58:23 efreet /bsd: error: [drm:pid10071:intel_dp_set_link_train] *ERROR* Timed out waiting for DP idle patterns Dec 17 09:58:23 efreet /bsd: error: [drm:pid10071:i915_write32] *ERROR* Unknown unclaimed register before writing to 64040 Dec 17 10:07:03 efreet /bsd: error: [drm:pid10071:intel_dp_set_link_train] *ERROR* Timed out waiting for DP idle patterns Dec 17 10:07:03 efreet /bsd: error: [drm:pid10071:i915_write32] *ERROR* Unknown unclaimed register before writing to 64040 I don't experience problems, but perhaps developers will have some use of the information. -- Marko Cupać https://www.mimar.rs/
Re: xfce4-power-manager not updating battery status
On Wed, 17 Dec 2014 10:53:48 +0100 Stefan Sperling s...@stsp.name wrote: Do you have a system dbus running? If not, add dbus_daemon to pkg_scripts in /etc/rc.local. I've never seen this plugin not working for me. Yep, I am running system wide dbus daemon, here's my pkg_scripts line: pkg_scripts=dbus_daemon avahi_daemon avahi_dnsconfd slim Relevant lines in slim.conf: login_cmd exec /bin/sh -l ~/.xinitrc %session sessionsxfce4 Contents of .xinitrc: export LC_CTYPE=en_US.UTF-8 /usr/local/bin/startxfce4 --with-ck-launch Could the problem be related to the fact that my ThinkPad T440 has two batteries, one that is integrated, and the other that is changeable? -- Marko Cupać https://www.mimar.rs/
urtwn device timeout
Hi, I have occasional device timeout from urtwn on my ThinkPad T440 with usb wifi dongle. All I get in dmesg is: urtwn0: device timeout ifconfig still shows it as associated: urtwn0: flags=28c43UP,BROADCAST,RUNNING,OACTIVE,SIMPLEX,MULTICAST,NOINET6 mtu 1500 lladdr 6c:19:8f:b3:98:02 priority: 4 groups: wlan egress media: IEEE802.11 autoselect (OFDM54 mode 11g) status: active ieee80211: nwid somessid chan 6 bssid 24:a4:3c:65:ca:f7 180dB wpakey not displayed wpaprotos wpa1,wpa2 wpaakms psk wpaciphers tkip,ccmp wpagroupcipher tkip inet 10.90.7.15 netmask 0xff80 broadcast 10.90.7.127 I can ping local IP address, but nothing else. Little blue light on the adapter is on during times of outage. netstart restores the connection for a few seconds, after which it drops again. Re-inserting usb dongle followed by netstart re-estabilishes connection for a longer period. I noticed that dongle was quite hot when I removed it. I don't know if it is related, but I had similar problem with integrated wifi adapter on linux with iwlwifi driver. It would wander off to AP with worse signal, or just stop transmitting. I'd have to turn adapter off and on in order to restore the connection. Any good people out there to help me out with this? -- Marko Cupać https://www.mimar.rs/
Re: remmina rdp hangs, maxes cpu
On Wed, 17 Dec 2014 09:50:36 +0100 Marko Cupać marko.cu...@mimar.rs wrote: Hi, I have a problem with remmina on 5.6 when connecting to RDP servers. Quite often it hangs, and I have to alt-tab out of it and kill it. Also CPU is at max while hang. Here's top output: pacija@efreet:~ $ top -d 1 load averages: 2.34, 2.14, 1.53efreet.mimar.rs 09:48:36 85 processes: 82 idle, 1 dead, 2 on processor CPU0 states: 14.3% user, 0.0% nice, 0.5% system, 0.5% interrupt, 84.7% idle CPU1 states: 20.3% user, 0.0% nice, 0.4% system, 0.0% interrupt, 79.3% idle CPU2 states: 17.4% user, 0.0% nice, 0.5% system, 0.0% interrupt, 82.1% idle CPU3 states: 16.3% user, 0.0% nice, 0.5% system, 0.0% interrupt, 83.2% idle Memory: Real: 884M/1537M act/tot Free: 6117M Cache: 297M Swap: 0K/4095M PID USERNAME PRI NICE SIZE RES STATE WAIT TIMECPU COMMAND 29462 pacija640 54M 75M onproc-30:03 199.07% remmina 10071 _x11 20 21M 63M sleep select0:32 5.22% Xorg 15000 pacija280 806M 224M sleep thrslee 0:26 1.90% chrome 24731 pacija 20 3784K 16M sleep poll 0:05 1.42% xfwm4 17739 pacija 20 6004K 20M sleep poll 0:03 0.39% xfce4-panel 23172 pacija 20 7928K 22M sleep poll 0:02 0.34% xfce4-terminal 14799 pacija 20 107M 101M sleep poll 0:29 0.00% chrome 15492 pacija280 750M 166M sleep thrslee 0:13 0.00% chrome 28439 pacija 20 219M 91M sleep kqread0:12 0.00% chrome 27425 pacija 20 12M 56M sleep poll 0:05 0.00% owncloud 15526 pacija 20 11M 30M sleep poll 0:04 0.00% sylpheed 24977 pacija280 672M 88M sleep thrslee 0:04 0.00% chrome 9923 pacija 20 39M 79M sleep poll 0:03 0.00% clementine 20156 pacija280 656M 74M sleep thrslee 0:02 0.00% chrome 30792 pacija280 655M 77M sleep thrslee 0:02 0.00% chrome 10421 pacija 20 11M 25M idle poll 0:02 0.00% mousepad 30104 pacija 20 9448K 30M sleep poll 0:01 0.00% pidgin 11707 pacija 20 6756K 21M sleep poll 0:01 0.00% xfdesktop It has also dumped core for the first time now: pacija@efreet:~ $ gdb /usr/local/bin/remmina remmina.core GNU gdb 6.3 Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type show copying to see the conditions. There is absolutely no warranty for GDB. Type show warranty for details. This GDB was configured as amd64-unknown-openbsd5.6... Core was generated by `remmina'. Program terminated with signal 11, Segmentation fault. Reading symbols from /usr/lib/libpthread.so.18.0...done. Loaded symbols for /usr/lib/libpthread.so.18.0 Loaded symbols for /usr/local/bin/remmina Reading symbols from /usr/local/lib/libgtk-3.so.1200.0...done. Loaded symbols for /usr/local/lib/libgtk-3.so.1200.0 Reading symbols from /usr/local/lib/libgdk-3.so.1200.0...done. Loaded symbols for /usr/local/lib/libgdk-3.so.1200.0 Reading symbols from /usr/local/lib/libglib-2.0.so.4000.0...done. Loaded symbols for /usr/local/lib/libglib-2.0.so.4000.0 Reading symbols from /usr/local/lib/libgio-2.0.so.4000.0...done. Loaded symbols for /usr/local/lib/libgio-2.0.so.4000.0 Reading symbols from /usr/local/lib/libgobject-2.0.so.4000.0...done. Loaded symbols for /usr/local/lib/libgobject-2.0.so.4000.0 Reading symbols from /usr/local/lib/libgmodule-2.0.so.4000.0...done. Loaded symbols for /usr/local/lib/libgmodule-2.0.so.4000.0 Reading symbols from /usr/local/lib/libgthread-2.0.so.4000.0...done. Loaded symbols for /usr/local/lib/libgthread-2.0.so.4000.0 Reading symbols from /usr/local/lib/libpango-1.0.so.3600.0...done. Loaded symbols for /usr/local/lib/libpango-1.0.so.3600.0 Reading symbols from /usr/local/lib/libcairo.so.12.2...done. Loaded symbols for /usr/local/lib/libcairo.so.12.2 Reading symbols from /usr/local/lib/libgdk_pixbuf-2.0.so.3000.0...done. Loaded symbols for /usr/local/lib/libgdk_pixbuf-2.0.so.3000.0 Reading symbols from /usr/local/lib/libatk-1.0.so.21209.1...done. Loaded symbols for /usr/local/lib/libatk-1.0.so.21209.1 Reading symbols from /usr/X11R6/lib/libSM.so.9.0...done. Loaded symbols for /usr/X11R6/lib/libSM.so.9.0 Reading symbols from /usr/X11R6/lib/libICE.so.10.0...done. Loaded symbols for /usr/X11R6/lib/libICE.so.10.0 Reading symbols from /usr/X11R6/lib/libX11.so.16.0...done. Loaded symbols for /usr/X11R6/lib/libX11.so.16.0 Reading symbols from /usr/X11R6/lib/libXext.so.13.0...done. Loaded symbols for /usr/X11R6/lib/libXext.so.13.0 Reading symbols from /usr/local/lib/libssh.so.1.0...done. Loaded symbols for /usr/local/lib/libssh.so.1.0 Symbols already loaded for /usr/lib/libpthread.so.18.0 Reading symbols from /usr/local/lib
xfce4-power-manager not updating battery status
Hi, not being satisfied with various Linux flavours on my ThinkPad T440, I have reverted back to OpenBSD. With the exception of non-supported internal wifi card (realtek usb dongle works more or less fine with urtwn), and not having sound over HDMI (I have dedicated another older laptop for HTPC use), I use it without significant problems so far. As a long time xfce user, I got used to monitor my battery status with xfce4-power-manager. Unfortunately, I don't have much use of it, as it does not update battery status in real time. Upon start it shows the correct status, but it does not update afterwards. I need to restart the application in order to update. Any chance for fixing this? Thank you in advance. -- Marko Cupać https://www.mimar.rs/
default ospfd.conf missing in 5.6
Hi, I am setting new firewall on OpenBSD 5.6 amd64. I have noticed that default ospfd.conf is missing from /etc. Was it left out on purpose? If I am not mistaken, all services in base system should have default conf included with release. Regards, -- Marko Cupać https://www.mimar.rs
Re: default ospfd.conf missing in 5.6
On Wed, 12 Nov 2014 11:11:24 +0100 Marko Cupać marko.cu...@mimar.rs wrote: Hi, I am setting new firewall on OpenBSD 5.6 amd64. I have noticed that default ospfd.conf is missing from /etc. Was it left out on purpose? If I am not mistaken, all services in base system should have default conf included with release. Found it in /etc/examples/. Sorry for the fuss. -- Marko Cupać https://www.mimar.rs
Re: carp not reverting to master
On Thu, 02 Oct 2014 18:02:23 +0100 Andy a...@brandwatch.com wrote: Hi Try setting the advskew to a number greater than 200 and less then 254. This seems to be the most stable. For best practice our primary runs with carp and pfsync values of '1'. And the backup runs with carp and pfsync values of '2'. We do this for two reasons. 1) it is extremely stable! 2) We found that CARP master is almost random/unstable when both firewalls have the same value (esp '0'), because; When advbase is set to 0 the skew value alone is used to calculate how often advertisements are sent (the advertisement window) using this formula: Window in microseconds = advskew * 100 / 256 E.g. 100 * 100 / 256 = 390625us So it would take much to cause a flip.. Setting advbase to 1 on both is better as this is more stable if you want to have the same carp demote counters.. Good luck :) Andy Andy, thank you for the tip for increasing advskew value, I'm gonna try it out. I had failover on another pair of firewalls, this time external ones, running bgp. Carp is not reverting to master some 5 hours so far. On master, while down, carp is demoted, pfsync is not: pacija@bgp1:~ $ ifconfig -g carp carp: carp demote count 1 pacija@bgp1:~ $ ifconfig -g pfsync pfsync: carp demote count 0 On backup, while master, neither is demoted: pacija@bgp2:~ $ ifconfig -g carp carp: carp demote count 0 pacija@bgp2:~ $ ifconfig -g pfsync pfsync: carp demote count 0 In /var/log/messages on downed master, I can see there was some turbulence: Oct 14 15:21:19 bgp1 /bsd: carp2: state transition: MASTER - BACKUP Oct 14 15:21:19 bgp1 /bsd: carp1: state transition: MASTER - BACKUP Oct 14 15:21:22 bgp1 /bsd: carp1: state transition: BACKUP - MASTER Oct 14 15:21:22 bgp1 /bsd: carp2: state transition: BACKUP - MASTER Oct 14 15:22:52 bgp1 /bsd: carp2: state transition: MASTER - BACKUP Oct 14 15:22:52 bgp1 /bsd: carp1: state transition: MASTER - BACKUP Oct 14 15:22:53 bgp1 /bsd: carp3: state transition: MASTER - BACKUP Oct 14 15:23:02 bgp1 /bsd: carp3: state transition: BACKUP - MASTER Oct 14 15:23:03 bgp1 /bsd: carp1: state transition: BACKUP - MASTER Oct 14 15:23:03 bgp1 /bsd: carp2: state transition: BACKUP - MASTER Oct 14 15:23:41 bgp1 /bsd: carp1: state transition: MASTER - BACKUP Oct 14 15:23:41 bgp1 /bsd: carp2: state transition: MASTER - BACKUP Oct 14 15:23:41 bgp1 /bsd: carp3: state transition: MASTER - BACKUP Oct 14 15:23:54 bgp1 /bsd: carp3: state transition: BACKUP - MASTER Oct 14 15:23:56 bgp1 /bsd: carp2: state transition: BACKUP - MASTER Oct 14 15:23:56 bgp1 /bsd: carp1: state transition: BACKUP - MASTER Oct 14 15:26:04 bgp1 /bsd: carp2: state transition: MASTER - BACKUP Oct 14 15:26:04 bgp1 /bsd: carp1: state transition: MASTER - BACKUP Oct 14 15:26:04 bgp1 /bsd: carp3: state transition: MASTER - BACKUP And in /var/log/daemon there is also bgp flapping at that time: Oct 14 15:22:53 bgp1 bgpd[1380]: nexthop 82.117.192.124 now valid: directly connected Oct 14 15:23:02 bgp1 bgpd[1380]: nexthop 82.117.192.124 now valid: via 82.117.192.124 Oct 14 15:23:41 bgp1 bgpd[1380]: nexthop 82.117.192.124 now valid: directly connected Oct 14 15:23:54 bgp1 bgpd[1380]: nexthop 82.117.192.124 now valid: via 82.117.192.124 Oct 14 15:26:04 bgp1 bgpd[1380]: nexthop 82.117.192.124 now valid: directly connected 82.117.192.124 is address of one of three carp interfaces. I have 'demote carp' in bgpd.conf, so that master does not reclaim its master role before bgp routes are up. The question remains, why is it not reverting back to master once everything is ok? -- Marko Cupać https://www.mimar.rs
carp not reverting to master
Hi, I have carp setup on two pairs of interfaces on our internal firewalls that sit between private network and DMZ. The problem is that, for some unknown reason, from time to time, carp fails over to nat2 (backup), and does not revert to nat1 (master), until I manually carpdemote nat2. If I understand carp well, my configuration should revert to master as soon as it becomes available. If not, how can I achieve it? Here's carp interfaces config: nat1 (master): pacija@nat1:~ $ sudo cat /etc/hostname.carp1 inet 192.168.225.6 255.255.255.248 192.168.225.7 \ vhid 1 pass mypass carpdev bnx0 pacija@nat1:~ $ sudo cat /etc/hostname.carp2 inet 193.53.106.32 255.255.255.0 193.53.106.255 \ vhid 2 pass mypass carpdev bnx1 inet alias 193.53.106.33 255.255.255.255 inet alias 193.53.106.34 255.255.255.255 inet alias 193.53.106.35 255.255.255.255 inet alias 193.53.106.36 255.255.255.255 inet alias 193.53.106.37 255.255.255.255 inet alias 193.53.106.38 255.255.255.255 inet alias 193.53.106.39 255.255.255.255 nat2 (backup): pacija@nat2:~ $ sudo cat /etc/hostname.carp1 inet 192.168.225.6 255.255.255.248 192.168.225.7 \ vhid 1 advskew 100 pass mypass carpdev bnx0 pacija@nat2:~ $ sudo cat /etc/hostname.carp2 inet 193.53.106.32 255.255.255.0 193.53.106.255 \ vhid 2 advskew 100 pass mypass carpdev bnx1 inet alias 193.53.106.33 255.255.255.255 inet alias 193.53.106.34 255.255.255.255 inet alias 193.53.106.35 255.255.255.255 inet alias 193.53.106.36 255.255.255.255 inet alias 193.53.106.37 255.255.255.255 inet alias 193.53.106.38 255.255.255.255 inet alias 193.53.106.39 255.255.255.255 -- Marko Cupać https://www.mimar.rs/
Re: carp not reverting to master
On Thu, 02 Oct 2014 10:37:19 +0100 Andy a...@brandwatch.com wrote: nat1 will only preempt the nat2 after a fail-over to nat2 if the carp group and the pfsync group have the same demotion counter. ifconfig -g carp ifconfig -g pfsync So if the failover which is happening for some unknown reason is affecting the demotion counters in anyway, preemption back to nat1 will not happen until you normalise the carp and pfsync group's demotion counters as you say.. Cheers, Andy. Hi Andy, thank you for looking into it. At the moment nat1 is master, nat2 is backup (desired situation). On both firewalls demote carp for both groups (carp and pfsync) is 0: pacija@nat1:~ $ ifconfig -g carp carp: carp demote count 0 pacija@nat1:~ $ ifconfig -g pfsync pfsync: carp demote count 0 pacija@nat2:~ $ ifconfig -g carp carp: carp demote count 0 pacija@nat2:~ $ ifconfig -g pfsync pfsync: carp demote count 0 If I reboot nat1, nat2 becomes master until nat1 reboots. After that, it correctly hands master role to nat1. But in some situations (I don't know what triggers them, hence to me their reason is unknown to me - both firewalls are in same rack, switch, UPS etc.), nat1 hands master role to nat2 and waits for days in backup role. I didn't look the value of demote count for pfsync in this situation, but as for carp, they are 1 on nat1 (preferred master), and 0 on nat2 (preferred backup). Is carp increasing demote counter on preferred master for some reason? How can I make them normalize automatically? Regards, -- Marko Cupać https://www.mimar.rs/
Re: carp not reverting to master
On Thu, 2 Oct 2014 09:59:10 -0400 Alan McKay alan.mc...@gmail.com wrote: You have not yet shown the output of ifconfig Check the advskew values on the interfaces. When carpdemote values are equal then advskew determines who is MASTER Hi Alan, I have posted advskew values in initial mail (0 on masters, 100 on backups). What could be bumping carpdemote on master to 1? -- Marko Cupać https://www.mimar.rs/
Re: sound over hdmi?
On Thu, 21 Aug 2014 20:50:52 -0300 Giancarlo Razzolini grazzol...@gmail.com wrote: I've never tried on OpenBSD. But from someone that had experience from both type of graphic cards, the ones that have their own internal mixer and the ones that only have a S/PDIF input, both of them can be tricky to get sound over HDMI. Without knowing the specific card model, it's hard to even begin to answer your question. Laptop model is: http://www.bhphotovideo.com/c/product/1014784-REG/lenovo_20b6005rus_t440_i5_4300u_4gb_500gb_windows_7_windows_8.html Graphics card is Intel HD Graphics 4400. Here's relevant pcidump output: 0:2:0: Intel HD Graphics 0x: Vendor ID: 8086 Product ID: 0a16 0x0004: Command: 0007 Status: 0090 0x0008: Class: 03 Subclass: 00 Interface: 00 Revision: 0b 0x000c: BIST: 00 Header Type: 00 Latency Timer: 00 Cache Line Size: 00 0x0010: BAR mem 64bit addr: 0xf000/0x0040 0x0018: BAR mem prefetchable 64bit addr: 0xe000/0x1000 0x0020: BAR io addr: 0x3000/0x0040 0x0024: BAR empty () 0x0028: Cardbus CIS: 0x002c: Subsystem Vendor ID: 17aa Product ID: 220c 0x0030: Expansion ROM Base Address: 0x0038: 0x003c: Interrupt Pin: 01 Line: 0b Min Gnt: 00 Max Lat: 00 0x0090: Capability 0x05: Message Signaled Interrupts (MSI) 0x00d0: Capability 0x01: Power Management 0x00a4: Capability 0x13: PCI Advanced Features 0:3:0: Intel Core 4G HD Audio 0x: Vendor ID: 8086 Product ID: 0a0c 0x0004: Command: 0006 Status: 0010 0x0008: Class: 04 Subclass: 03 Interface: 00 Revision: 0b 0x000c: BIST: 00 Header Type: 00 Latency Timer: 00 Cache Line Size: 10 0x0010: BAR mem 64bit addr: 0xf053/0x4000 0x0018: BAR empty () 0x001c: BAR empty () 0x0020: BAR empty () 0x0024: BAR empty () 0x0028: Cardbus CIS: 0x002c: Subsystem Vendor ID: 17aa Product ID: 220c 0x0030: Expansion ROM Base Address: 0x0038: 0x003c: Interrupt Pin: 01 Line: 0b Min Gnt: 00 Max Lat: 00 0x0050: Capability 0x01: Power Management 0x0060: Capability 0x05: Message Signaled Interrupts (MSI) 0x0070: Capability 0x10: PCI Express dmesg says no codecs on azalia0, which I think correspond to HDMI audio: azalia0 at pci0 dev 3 function 0 Intel Core 4G HD Audio rev 0x0b: msi azalia0: No codecs found Intel 8 Series xHCI rev 0x04 at pci0 dev 20 function 0 not configured Intel 8 Series MEI rev 0x04 at pci0 dev 22 function 0 not configured em0 at pci0 dev 25 function 0 Intel I218-LM rev 0x04: msi, address 28:d2:44:3f:e8:63 azalia1 at pci0 dev 27 function 0 Intel 8 Series HD Audio rev 0x04: msi azalia1: codecs: Realtek ALC292 audio0 at azalia1 I believe that a card with S/PDIF should work. There is no configuration/driver relation, it's just a hardware connection from your motherboard/soundcard S/PDIF output, to the graphic card S/PDIF input. But with a card with the internal mixer, things gets complicated. Although I am using OpenBSD for firewalls for more than a decade, I have just installed it onto my laptop for the first time. I've been using FreeBSD on laptops for years, and I have switched because FreeBSD does not support this video adapter (haswell) at all. So please excuse me if I sound a bit noobish, as I don't have experience with _using_ audio and video peripherals on OpenBSD, much less writing code for them. On FreeBSD I had multiple /dev/dspX devices. /dev/dsp4 was playing to internal speakers, and /dev/dsp1 to HDMI. I needed to change device manually in applications (VLC for video and clementine for audio). On OpenBSD, i have multiple /dev/audioX devices: pacija@efreet:/dev $ ls | grep audio audio audio0 audio1 audio2 audioctl audioctl0 audioctl1 audioctl2 I thought I would be able to output sound to HDMI (actually it is micro display port here) by setting different device in application, but it did not work. A little off topic, but on a related issue, I've always wanted to migrated my HTPC solution to OpenBSD. But there are lots of hiccups, and honestly, I don't even know if I have the knowledge to code what needs to be coded. Sorry, but I did not understand which is the final verdict. Does OpenBSD 5.5 has general ability to play sound over HDMI? If so, how can I check if my video adapter has the ability? And finaly, if it does, how do I instruct applications to play sound over HDMI instead to speakers? Thank you in advance, -- Marko Cupać
hang at syncing disks... done
) wsdisplay0: screen 1-5 added (std, vt100 emulation) azalia0 at pci0 dev 3 function 0 Intel Core 4G HD Audio rev 0x0b: msi azalia0: No codecs found Intel 8 Series xHCI rev 0x04 at pci0 dev 20 function 0 not configured Intel 8 Series MEI rev 0x04 at pci0 dev 22 function 0 not configured em0 at pci0 dev 25 function 0 Intel I218-LM rev 0x04: msi, address 28:d2:44:3f:e8:63 azalia1 at pci0 dev 27 function 0 Intel 8 Series HD Audio rev 0x04: msi azalia1: codecs: Realtek ALC292 audio0 at azalia1 ppb0 at pci0 dev 28 function 0 Intel 8 Series PCIE rev 0xe4: msi pci1 at ppb0 bus 2 Realtek RTS5227 Card Reader rev 0x01 at pci1 dev 0 function 0 not configured ehci0 at pci0 dev 29 function 0 Intel 8 Series USB rev 0x04: apic 2 int 23 usb0 at ehci0: USB revision 2.0 uhub0 at usb0 Intel EHCI root hub rev 2.00/1.00 addr 1 pcib0 at pci0 dev 31 function 0 Intel 8 Series LPC rev 0x04 ahci0 at pci0 dev 31 function 2 Intel 8 Series AHCI rev 0x04: msi, AHCI 1.3 scsibus0 at ahci0: 32 targets sd0 at scsibus0 targ 0 lun 0: ATA, KINGSTON SV300S3, 521A SCSI3 0/direct fixed naa.50026b72410ec74e sd0: 228936MB, 512 bytes/sector, 468862128 sectors, thin ichiic0 at pci0 dev 31 function 3 Intel 8 Series SMBus rev 0x04: apic 2 int 18 iic0 at ichiic0 spdmem0 at iic0 addr 0x50: 8GB DDR3 SDRAM PC3-12800 SO-DIMM isa0 at pcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pms0 at pckbc0 (aux slot) pckbc0: using irq 12 for aux slot wsmouse0 at pms0 mux 0 wsmouse1 at pms0 mux 0 pms0: Synaptics clickpad, firmware 8.1 pcppi0 at isa0 port 0x61 spkr0 at pcppi0 uhub1 at uhub0 port 1 Intel Rate Matching Hub rev 2.00/0.04 addr 2 uvideo0 at uhub1 port 8 configuration 1 interface 0 SunplusIT INC. Integrated Camera rev 2.00/0.03 addr 3 video0 at uvideo0 vscsi0 at root scsibus1 at vscsi0: 256 targets softraid0 at root scsibus2 at softraid0: 256 targets root on sd0a (37fcf9b2cef1da87.a) swap on sd0b dump on sd0b -- Marko Cupać
Re: hang at syncing disks... done
On Thu, 21 Aug 2014 14:45:42 + David Dahlberg david.dahlb...@fkie.fraunhofer.de wrote: Am Donnerstag, den 21.08.2014, 16:38 +0200 schrieb Marko Cupać: I have just installed OpenBSD 5.5 on my ThinkPad T440. At first glance everything seems to work OK, except for the fact that, when shutting down or restarting, system hangs at 'hang at syncing disks... done'. vi /etc/rc.shutdown -dd I changed the line, so now it reads: powerdown=YES # set to YES for powerdown However, laptop still does not power off. Any other ideas? -- Marko Cupać
Re: hang at syncing disks... done
On 21-08-2014 11:38, Marko Cupać wrote: I have just installed OpenBSD 5.5 on my ThinkPad T440. At first glance everything seems to work OK, except for the fact that, when shutting down or restarting, system hangs at 'hang at syncing disks... done'. This could be possibly due to my questionable decision not to create swap partition. Once I reinstalled, with swap partition this time, the problem went away. -- Marko Cupać
sound over hdmi?
Hi, I saw question about sound over hdmi on @misc from about a year ago, and the answer was negative. Are there any news? Is this being worked on? Regards, -- Marko Cupać
adc or nmdc client on openbsd
Hi, I'll be getting a new laptop these days, and I am considering switching to OpenBSD from FreeBSD. At first glance, all the programs I use are available on both of them, except for linuxdcpp. Does OpenBSD have some adc or nmdc client in packages? Thank you in advance. -- Marko Cupać
Re: adc or nmdc client on openbsd
On Wed, 25 Jun 2014 13:07:13 +0400 Kirill Bychkov ki...@linklevel.net wrote: Hi. net/valknut? Ignore this. It doesn't support ADC protocol. Thanks for the tip, Kirill. I've tried valknut, but as you said, it does not support ADC. However, this is not the main reason it is useless to me. It has not been updated for more than 5 years, and most of the hubs I am connecting to have requirements regarding client version. FreeBSD has two decent clients in ports: linuxdcpp and eiskaltdcpp-gtk. Any chance to port them to OpenBSD? -- Marko Cupać
ftp-proxy and multiple nat-to addresses
Hi, I have pf setup which includes NAT and ftp-proxy for accessing FTP servers on the Internet, and it works fine. I would like to add multiple addresses to NAT pool, instead of just one as in current setup, but I am not sure if this is going to play well with ftp-proxy. If I remember well, in order for ftp-proxy to enable outbound FTP connections from NAT clients to Internet FTP servers, its source adress (-a flag) needs to be the same as the public address to which NAT clients are translated. Thank you in advance, -- Marko Cupać
Re: pf icmp redirect question
On Fri, 30 May 2014 19:32:32 +0100 André Lucas an...@ae-35.com wrote: Or if you're concerned about the the ICMP messages related to PMTUd, they're automatically forwarded as part of the connection state tracking IIRC. -Andr__ That was my main concern, thanx for clarifying. -- Marko Cupać
Re: netflow srcip and dstip reversed for redirected traffic
Intel UHCI root hub rev 1.00/1.00 addr 1 isa0 at pcib0 isadma0 at isa0 com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo com1: probed fifo depth: 0 bytes pckbc0 at isa0 port 0x60/5 pms0 at pckbc0 (aux slot) pckbc0: using irq 12 for aux slot wsmouse0 at pms0 mux 0 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard pcppi0 at isa0 port 0x61 spkr0 at pcppi0 uhidev0 at uhub1 port 1 configuration 1 interface 0 HP Virtual Keyboard rev 1.10/0.02 addr 2 uhidev0: iclass 3/1 ukbd0 at uhidev0: 8 variable keys, 6 key codes, country code 33 wskbd1 at ukbd0 mux 1 uhidev1 at uhub1 port 1 configuration 1 interface 1 HP Virtual Keyboard rev 1.10/0.02 addr 2 uhidev1: iclass 3/1 ums0 at uhidev1: 3 buttons wsmouse1 at ums0 mux 0 uhidev2 at uhub4 port 1 configuration 1 interface 0 NOVATEK USB Keyboard rev 1.10/1.04 addr 2 uhidev2: iclass 3/1 ukbd1 at uhidev2: 8 variable keys, 6 key codes wskbd2 at ukbd1 mux 1 uhidev3 at uhub4 port 1 configuration 1 interface 1 NOVATEK USB Keyboard rev 1.10/1.04 addr 2 uhidev3: iclass 3/0, 2 report ids uhid0 at uhidev3 reportid 1: input=1, output=0, feature=0 uhid1 at uhidev3 reportid 2: input=3, output=0, feature=0 vscsi0 at root scsibus3 at vscsi0: 256 targets softraid0 at root scsibus4 at softraid0: 256 targets root on sd0a (ac6a2b6d6cc53aac.a) swap on sd0b dump on sd0b bnx0: address 00:22:64:a1:dd:e8 brgphy0 at bnx0 phy 1: BCM5708C 10/100/1000baseT PHY, rev. 6 bnx1: address 00:22:64:a1:dd:e6 brgphy1 at bnx1 phy 1: BCM5708C 10/100/1000baseT PHY, rev. 6 drm: initializing kernel modesetting (RV100 0x1002:0x515E 0x103C:0x31FB). radeondrm0: VRAM: 128M 0xD800 - 0xDFFF (32M used) radeondrm0: GTT: 512M 0xB800 - 0xD7FF drm: PCI GART of 512M enabled (table at 0x056A1000). drm: No TV DAC info found in BIOS radeondrm0: 1024x768 wsdisplay0 at radeondrm0 mux 1: console (std, vt100 emulation), using wskbd0 wskbd1: connecting to wsdisplay0 wskbd2: connecting to wsdisplay0 wsdisplay0: screen 1-5 added (std, vt100 emulation) carp1: state transition: BACKUP - MASTER carp2: state transition: BACKUP - MASTER Regards, -- Marko Cupać
netflow srcip and dstip reversed for redirected traffic
Hi,
I'm trying to understand and measure traffic on relatively large and
complicated pf firewall, and for this purpose I am exporting netflow
data with pflow to nfsen/nfdump.
For the time being, I have set pflow on external interface in outbound
direction:
pass out on $if_ext inet all keep state (pflow)
On collector (nfsen), I want to see interface numbers so i can create
interface filter:
% nfdump -R 2014 -s if/bytes
Top 10 In/Out If ordered by bytes:
If Flows(%) Packets(%) Bytes(%) pps bps bpp
519396(100.0) 300683(100.0) 186.7 M(100.0)316984 620
719109(98.5)299769(99.7)186.6 M(100.0)316976 622
0 287( 1.5) 914( 0.3)83170( 0.0) 0 33090
Another mailing list member told me I can find about interface numbers
with snmpwalk:
% snmpwalk -v2c -c community -On IP.ADD.RE.SS
.1.3.6.1.2.1.2.2.1.2.5 = STRING: bnx1
.1.3.6.1.2.1.2.2.1.2.7 = STRING: carp2
Ok, now I know interface 5 is bnx1 ($if_ext), and I want to know what
comes in:
% nfdump -R 2014 -s dstip/bytes 'in if 5'
Top 10 Dst IP Addr ordered by bytes:
Dst IP AddrFlows(%) Packets(%) Bytes(%)
10.20.0.1510754(62.9) 323834(52.9) 324.9 M(63.7)
10.20.4.99 462( 2.7)10496( 1.7)9.4 M( 1.8)
178.148.77.734( 0.0) 6681( 1.1)7.7 M( 1.5)
First two addresses really are on my internal network, and I know first
one is return web traffic to my proxy, and the second one return web
traffic to another internal host.
But the last address is not on my network. Let's see records for this
address:
nfdump -R 2014 -n 10 -s record/bytes 'in if 5' | grep 178.148.77.73
TCP 193.53.106.35:443 - 178.148.77.73:49193 56067.6 M
TCP 193.53.106.35:443 - 178.148.77.73:49191 31395342
TCP 193.53.106.35:443 - 178.148.77.73:49192 40418674
TCP 193.53.106.35:443 - 178.148.77.73:49190 35816798
Ok, these are redirected incoming requests to HTTPS server on my
internal network:
pass in on $if_ext inet proto tcp from any to $pub_web port { 80 443 } \
rdr-to $priv_web keep state
But source and destination IP adresses are reversed!
Here's what pf's state table shows:
$ sudo pfctl -ss | grep 178.148.77.73
all tcp 10.20.0.36:443 (193.53.106.35:443) - 178.148.77.73:49377
all tcp 178.148.77.73:49377 - 10.20.0.36:443
all tcp 10.20.0.36:443 (193.53.106.35:443) - 178.148.77.73:49378
all tcp 178.148.77.73:49378 - 10.20.0.36:443
all tcp 10.20.0.36:443 (193.53.106.35:443) - 178.148.77.73:49379
all tcp 178.148.77.73:49379 - 10.20.0.36:443
all tcp 10.20.0.36:443 (193.53.106.35:443) - 178.148.77.73:49380
all tcp 178.148.77.73:49380 - 10.20.0.36:443
How could this be corrected? Am I configuring pf incorrectly? Or is
there a problem with how pflow exports data? Or is pfdump parsing the
data incorrectly?
Thank you in advance,
--
Marko Cupać
pf icmp redirect question
Hi, let's say for example I have web server on internal network, and I have redirected tcp port 80 from firewall to it: pass in on $ext_if inet proto tcp from any to $pub_web port 80 \ rdr-to $priv_web Assuming that $pub_web ip address is used exclusively for web server access, and no other ports are redirected to other internal addresses, should I also redirect icmp: pass in on $ext_if inet proto icmp from any to $pub_web rdr-to $priv_web Thank you in advance, -- Marko Cupać
Re: 5.5 pf priority
On Wed, 28 May 2014 21:40:58 +0200 Henning Brauer lists-open...@bsws.de wrote: I'm pretty damn sure I added reset prio if queueing is on thing. yes, in IF_ENQUEUE - hfsc_enqueue m-m_pkthdr.pf.prio = IFQ_MAXPRIO; I would like to give priority to certain traffic, for example: prio 7: tcp acks prio 6: domain prio 5: ssh-mgmt, vnc, rdp prio 4: web prio 3: smtp, imap, pop prio 2: ftp, ssh-payload prio 1: default/other prio 0: p2p But I would also like to guarantee minimum bandwidth to low-priority traffic (in upper example I would like to avoid ftp coming to a grinding halt in moments when higher priority traffic eats up all the bandwidth). I thought I knew how to achieve this, but now I am not so sure. Is it possible with current pf? Any suggestions? Thank you in advance, -- Marko Cupać
pflow and interface numbers
Hi, I am exporting netflow data from OpenBSD 5.5 machine to another non-OpenBSD machine with nfsen installed, which is successfully receiving netflow data. I have the following in pf.conf: set state-defaults pflow And the following in hostname.pflow0: flowsrc IP.ADD.RE.SS flowdst IP.ADD:RE.SS:PORT pflowproto 10 I would like to parse netflow data with nfdump, in a way that traffic is separated by interface and direction. The following command gives me interface numbers: nfdump -R profiledir -n 0 -s if/flows With the following output (modified in order to avoid line wraps): IfFlows(%) Packets(%) Bytes(%) pps bps bpp 6 197277(49.9) 5.2 M(47.3)2.8 G(48.0)57243030 532 4 195221(49.4) 5.2 M(47.3)2.8 G(48.0)57242976 532 5 194677(49.2) 5.4 M(49.1)2.9 G(50.0)59253025 534 7 192506(48.7) 5.4 M(49.0)2.9 G(49.9)59252973 534 0 4217( 1.1)14827( 0.1)1.2 M( 0.0)2 1428 81 113232( 0.8)392170( 3.6) 118.0 M( 2.0) 4 10374300 8 134( 0.0) 3817( 0.0) 1.2 M( 0.0)0 818 320 Exporting machine has a bunch of interfaces: 3 physical: bnx0 bnx1 em0 2 tun (npppd and openvpn): tun0 tun1 2 carp: carp1 carp2 5 other: enc0 lo0 pflog0 pflow0 pfsync0 Is there a way to determine which interface is mapped to which if number in netflow? Thank you in advance, -- Marko Cupać
5.5 pf priority
Hi, I have a number of 5.4 firewalls which rely on ALTQ with HFSC for packet queueing. I'd like to upgrade to 5.5, but I'm confused with new queueing mechanism. If I understand well, in 5.5 order of queues has nothing to do with priority, only with bandwidth allocation (as opposed to ALTQ + HFSC on 5.4 where higher queue has higher prioritiy). If I want to change priority from default 3, on 5.5 I need to specify it on each filter rule, and there is no way to do it centrally? Thank you in advance, -- Marko Cupać
Re: 5.5 pf priority
On Wed, 28 May 2014 14:12:42 +0200 Henning Brauer lists-open...@bsws.de wrote: prio is ignored when bandwidth shaping is on. priority in ALTQ-HFSC was an illusion really. Hi Henning, knowing your role in pf development, I take your answer as authoritative. However, this would imply that pf.conf(5) has misleading line in QUEUEING section which suggests the following rule: pass out on em0 inet proto tcp from any to any port 22 \ set (queue(ssh_bulk, ssh_interactive), prio (3, 6)) Who should I trust? :) -- Marko Cupać
pipex and npppd syslog
Hi, I have relatively busy npppd pptp server, and it logs a lot of output into /var/log/messages. How can I move npppd and pipex log messages into separate file? Thank you in advance, -- Marko Cupać
hardware question: ASUS ET1612IUTS
Hi, does anyone have experience with ASUS ET1612IUTS? https://www.asus.com/AllinOne_PCs/ET1612IUTS/ Do touchscreen and network work on OpenBSD? Thank you in advance. -- Marko Cupać
Re: pf multiple match rules
Thank you for reply. I have been trying some trial and error tests, and I came to similar conclusion, but I would like to understand the design idea behind match rule. Who wins, the first or the last matching rule? Or do they all stick together? What if they are conflicting, like in this case? Thank you in advance, -- Marko Cupać
Re: pf multiple match rules
On Wed, 07 May 2014 12:23:12 +0200 Blaise Hizded bla...@ovh.fr wrote: As Henning Brauer said, the rewrite are applied immediately. So the first match rule will rewrite IP from the packet and the second match will be evaluated on the new IP rewritten. There is no win, the packet is passed thru all match rules and the action is applied directly if it match, from first to last. Oh, I understand now, thank you for your explanation. Second match rule would not trigger simply because source address of every request from 192.168.1.0/24 is already rewritten with the first match rule, so packet coming from 192.168.1.55 is actualy already counted as coming from translated public address X.X.X.X. -- Marko Cupać
Re: pftop and systat with new queueing
On Tue, 6 May 2014 13:09:25 -0600 Daniel Melameth dan...@melameth.com wrote: I believe this has been resolved in http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/systat/pftop.c.diff?r1=1.24;r2=1.25, but I have not yet confirmed. I have also noticed that output of 'systat queues' shows much larger number of PKTS for a queue than sum of all the PKTS from rules that match respective queue from output of 'systat rules'. -- Marko Cupać
pf multiple match rules
Hi, with the following two match lines: match out on $ext_if from 192.168.1.0/24 to any nat-to X.X.X.X match out on $ext_if from 192.168.1.55 to any nat-to Y.Y.Y.Y and the following pass line: pass in on $int_if inet proto tcp from 192.168.1.55 to any will the packets be translated to X.X.X.X or Y.Y.Y.Y? Regards, -- Marko Cupać
pftop and systat with new queueing
Hi, I have just upgraded (actually reinstalled from scratch) one of my firewalls to 5.5 release, and I have noticed that 'systat queues' no longer shows P/S and B/S values. pftop does not show queues at all. Was nice to see those values in real time. Are they gone for good, or developers need some time to adjust them for new queueing mechanism? -- Marko Cupać
queueing question
Hi, I have setup similar to this: BOX1 BOX2 Internet---($isp_if:::$dmz_if)--DMZ--($nat_if:::$int_if)---LAN $isp_if: 10Mbit/s $dmz_if: 1Gbit/s $nat_if: 1Gbit/s $int_if: 1Gbit/s I would like to queue traffic for some services in DMZ for both Internet and LAN clients ( web, ftp, dns, xmpp ), some services residing directly on BOX2 for Internet clients ( pptp, openvpn)and some services on LAN for Internet clients (redirected custom applications). Besides this, I would like to queue outgoing traffic from LAN (high priority dns, low priority p2p etc). Should I queue on all the interfaces? Should I declare 1Gbit on non-isp interfaces and 10Mbit on isp interface? Any other advices? Thank you in advance. -- Marko Cupać
xtsscale question
Hi, I have installed OpenBSD 5.4 on Advantech TPC-1261H-A1 Touch Panel. When sliding finger up/down on touchscreen, it goes left/right. When sliding left/right, it goes up/down. I guess both rotation and axes inversion should be done to fix this (when I rotate screen to the left with xrandr, X axis is OK, Y is inverted) Running xtsscale and touching crosses fixes everything, and I get mouse.scale value, which I add to /etc/wsconsctl.conf. However, after reboot, axes and rotation are not correct. What values besides mouse.scale does xtsscale set, and how can I keep settings for rotation after reboot? -- Marko Cupać
Re: obsd pf
On Tue, 18 Mar 2014 01:15:16 + (UTC)
Stuart Henderson s...@spacehopper.org wrote:
The ruleset is now traversed in order, changes made in match rules
are sticky and affect rules lower down in the ruleset. More
predictable, no more oh this 'nat pass' rule which you included
halfway down the ruleset actually takes effect before the
'block quick' rule right at the top... so besides allowing for
cleaner rulesets, you could say it's a security fix too.
I am using new syntax for years now, and although there are a lot of
improvements, there is also downside.
I have /24 public network, where I need to have one catch all NAT
rule, but also exceptions (smtp servers translate to other public IPs,
vpn clients to their own public IPs etc).
If I have a lot of subnets behind NAT firewall, I need to specify them
all for catch all NAT rule, listing exceptions (this is of course
shortened, actually I need to declare 100 or so networks and dozens of
exceptions):
table catchallnat { 10.20.69.0/24 10.43.26.0/22 \
!10.20.69.15 !10.43.26.29 }
smtp = { 10.20.69.15 }
vpn = { 10.43.26.29 }
...
match out on $ext_if inet from catchallnat to any nat-to $catchallnat
match out on $ext_if inet from $smtp to any nat-to $smtp-nat
match out on $ext_if inet from $vpn to any nat-to $vpn-nat
I don't know if there would be negative consequences for other pf
aspects, but for me it would be better if more specific match rules
overrided more general match rules. This way I would not have to
maintain catchallnat table with list of subnets and exceptions.
--
Marko Cupać
link in faq leads to inexisting page
Hi, I just noticed that link FTP Reviewed: http://www.pintday.org/whitepapers/ftp-review.shtml ...in More information on FTP section of PF: Issues with FTP: http://www.openbsd.org/faq/pf/ftp.html#info ...leads to inexisting page. Perhaps this could be fixed. -- Marko Cupać
Re: Missing A DNS record for openbsd.org ?
On Fri, 28 Feb 2014 10:48:13 -0500 Ted Unangst t...@tedunangst.com wrote: openbsd.org does not have an A record. This should not affect you. This is strange. I think I was able to access www.openbsd.org via http on openbsd.org as well. -- Marko Cupać
Re: nfsend, nfdump and flow-tools - file formats and statistics
On Fri, 28 Feb 2014 21:16:34 +0100 LEVAI Daniel l...@ecentrum.hu wrote: 1) Using nfdump seems pretty straightforward, but no matter how I try to shape my output, I always get '1970-01-01 01:00:00.000' as Date first seen time. Also, Duration is always 0.000 ... Any ideas why? I get nice results with: nfdump -R /usr/local/var/nfsen/profiles-data/live/location03/ -n 20 -s srcip/bytes ...on FreeBSD though, but that shouldn't matter. -- Marko Cupać
power failure resistance
Hi, I need to deploy a number of openbsd firewalls based on alix2d13 hardware. The goal is to separate industrial network from LAN, in order to protect unpatched systems on industrial network from potential malware on LAN, while providing some level of access (mostly low-traffic VNC from LAN to industrial and sql in the opposite direction). The problem is that we have very unstable power grid, resulting in unclean shutdnowns of devices. I cannot UPS them all. How can I configure firewalls so they are resistant to those power failures (ie do not need fsck)? How should I partition? Which partitions should be mount read-only? Which should be mount as memory disks? Which size shoud I allocate for memory disks (RAM is a constraint here as I have only 256Mb)? Any other advices? Thank you in advance, -- Marko Cupać
Re: Is my 5.4 CD ok?
As long as there are stickers inside I am satisfied :) -- Marko Cupać
failure to build nginx after errata 004_nginx.patch
On three of four of my 5.4's, after applying 004_nginx.patch, rebuilding and reinstalling nginx went fine. On one of them it is failing with the following message: objs/src/http/modules/ngx_http_ssl_module.o(.text+0xb36): In function `ngx_http_ssl_merge_srv_conf': src/http/modules/ngx_http_ssl_module.c:627: undefined reference to `ngx_ssl_stapling' objs/src/http/modules/ngx_http_ssl_module.o(.text +0xcb8): In function `ngx_http_ssl_init': src/http/modules/ngx_http_ssl_module.c:794: undefined reference to `ngx_ssl_stapling_resolver' collect2: ld returned 1 exit status *** Error 1 in obj (objs/Makefile:348 'objs/nginx') *** Error 1 in obj (Makefile:8 'build') *** Error 1 in /usr/src/usr.sbin/nginx (Makefile.bsd-wrapper:38 'all') This is 5.4-RELEASE, patched with erratta patches 001, 002 and 003: # uname -a OpenBSD nat1.kappastar.com 5.4 GENERIC#1 i386 Any help? -- Marko Cupać
Re: failure to build nginx after errata 004_nginx.patch
On Mon, 9 Dec 2013 13:55:13 +0100 Remco re...@d-compu.dyndns.org wrote: Possible previously compiled left-overs in your object directory ? If I'm not mistaken, cleaning out /usr/obj/ will help. rm -rf /usr/obj/* did the trick. Thanx! -- Marko Cupać
Re: For Google+ users: BSD community
I was hoping openbsd misc mailing list would remain free from ads but here we are :( -- Marko Cupać
update to errata
Is patching source followed by building and installing new binaries and/or kernel the only way to update to errata version? Is there something like errata snapshot which can be used to update the system? -- Marko Cupać
Re: update to errata
On Mon, 18 Nov 2013 08:00:48 -0500 josh Grosse j...@jggimi.homeip.net wrote: OpenBSD is source code maintained. There is the -stable branch, which includes errata and any patches against -release that are not published as errata. See FAQ 5.1 for a detailed description of this branch. Thank you for the clarification, Josh. M:Tier distributes the -stable branch in binary form, as a third party service. See http://stable.mtier.org for information. I would rather stick to direct contact with OpenBSD and avoid introducing third parties into the mix. I am not afraid of syncing and patching sources, and building and installing binaries :) -- Marko Cupać
another carp bgp and pf question
I have two routers in active/passive carp mode that share three pairs of carp interfaces: bge1 - DMZ em0 - ISP1 em1 - ISP2 They are also syncing pf states over syncdev bge0. Both routers are in BGP sessions with two upstream providers (via /29 networks), and I am achieving graceful failover by means of bgpd.conf: ... network MY.NET.WO.RK/24 set nexthop carp ip to isp1 network MY.NET.WO.RK/24 set nexthop carp ip to isp2 ... I noticed ssh login attempts to one of my DMZ servers even though this server is not in table of hosts for which ssh login is permitted: $pass in on $if_isp1 inet proto tcp from any to ssh port ssh \ modulate state \ ( max-src-conn-rate 5/60, overload badsshlogins flush global) \ set queue (isp1-run,isp1-ack) Question #1: How can I troubleshoot this? Is it possible that some ancient state is keeping ssh to that host possible (eg. if I enabled it in past, and later reloaded pf.conf but without flushing states)? I have source track rule which should drop all traffic with any host that fails to login 5 times over 60 seconds period by dynamically updating badsshlogins, as I have: block log quick from badsshlogins block log quick to badsshlogins ...early in the ruleset. Question #2: how come that, even though table badsshlogins is filling up over time, I see some host violating this in security logs of my DMZ servers but not being put in badsshlogins table Question #3: badsshlogins on 2nd firewall is empty. Can they be synced like states, or violators need to violate the rule on 2nd firewall in order to have all the traffic with them blocked? Question #4: Is there a better way of connecting to 2 upstream providers with graceful failover ability? Thank you in advance, -- Marko Cupać
slashdot rumours
I just read an article on slashdot which says that a piece of malware made Open BSD operating system (...) modify its settings and delete its data without explanation or prompting, and that malware is spreading over microphone and speakers. Is this just some kind of negative publicity on a day of OpenBSD 5.4 release, or there is something to it? -- Marko Cupać
Re: OpenBSD maintenance compared to FreeBSD
On Tue, 29 Oct 2013 21:44:46 -0500 David Noel david.i.n...@gmail.com wrote: But now that I'm administering 6 of them I'm really starting to get annoyed by the whole process: rebuild kernel... rebuild world... reboot, and then pray that it doesn't blow up in my face (as it often does). Perhaps you could try freebsd-update: http://www.freebsd.org/doc/handbook/updating-upgrading-freebsdupdate.html Does this mean that I could theoretically have gotten away with a year and a half uptime? You can theoretically get away with a decade of uptime if you do not do upgrades which require reboot for so long. What's the catch here? I'm sorry but I'm incredulous by how good it sounds so I have to ask. OpenBSD is released every 6 months, in between there are patches: http://www.openbsd.org/errata53.html It is up to you to decide if you are going to patch once a week or once a year, and if you are going to compile from source or do binary upgrades. Either way, I don't think there is a system which is secure after a year without updating. does it sound like OpenBSD could be the one for me? It definitely could, but not for the reasons you stated :) -- Marko Cupać
Re: Sorry OpenBSD people, been a bit busy
I don't see a reason why Twitter is given that much attention. It surely gets a lot of hype from all around, but I did not excpect it will get more from OpenBSD mailing lists. -- Marko Cupać
Re: OpenOSPFd and CARP Masters
I have setup where central cisco connects downstream to branch office
cisco routers and upstream to the Internet via pair of CARPed firewalls.
Cisco routers speak OSPF between themselves, and I keep them all in area
0 (I don't see any reason to complicate it with more areas). Central cisco
router also speaks OSPF to CARPed firewalls, but not in order to learn
the default route (as the only way to the Internet is through them I
have set it up statically on central cisco router so next-hop IP address
is CARP address), but in order for CARP firewalls to learn routes to
branch offices.
So, on master firewall I have:
router-priority 0
router-id 192.168.228.2
area 0.0.0.0 {
interface bnx0 { metric 100 }
}
On backup firewall I have:
router-priority 0
router-id 192.168.228.3
area 0.0.0.0 {
interface bnx0 { metric 200 }
}
Maybe google translate can help you with translation of my detailed
howto (in Serbian):
https://www.mimar.rs/openbsd-na-obodu-korporacijske-mreze/
--
Marko Cupać
carp and bgp question
I have two CARPed boxes that connect to upstream providers, and do BGP routing with them. CARP is configured in active/passive setup. Network between me and each provider is /29. Setup is described in detail here (although in Serbian, but schema in sidebar and conf files are universal): https://www.mimar.rs/openbsd-na-obodu-korporacijske-mreze/ I have BGP neighbors setup by help of local-address and demote carp, and in case of manual restart of master firewall i have graceful failover (internet radio stream does not even hiccup). After master reboots, it waits for bgp session to settle (demote carp), and after that it takes function of master. No hiccups here either. However, sometimes failover happens without any apparent reason, with both my boxes running. In that case, master never re-claims its master status automatically. Any comments? How can I see in logs why master became backup? And why doesn't it re-claim its master status even though it has BGP session active? -- Marko Cupać
Re: npppd sessions log
On Tue, 13 Aug 2013 14:24:49 +0200 Radek alee...@gmail.com wrote: Hi @misc, I can't find any way/option to log npppd sessions on a VPN gateway. What I need to log: - username - user's source_IP - user's VPN_internal_IP - session start_time - session end_time I do accounting, as well as authentication, by help of radius server. -- Marko Cupać
Re: poptop on OpenBSD 5.3
On Mon, 5 Aug 2013 14:46:20 -0600 Alvaro Mantilla Gimenez alv...@alvaromantilla.com wrote: Hi Wesley, Lo__c, Thanks for the advice. I didn't know about npppd. It seems an interesting option. I am going to try that. +1 for npppd, i wrote howto (in Serbian though) here: https://www.mimar.rs/npppd-novi-openbsd-ov-pptpl2tp-server/ Make sure to use latest snapshot, and not 5.3 release, as I experienced hangs: http://openbsd.7691.n7.nabble.com/Hang-possibly-related-to-pipex-td230816.html If you still want poptop for any reason, my working ppp.conf (with authentication from active directory implementation of radius) is as follows: loop: set timeout 0 set log phase chat connect lcp ipcp command TUN set device localhost:pptp set dial set login set mppe 128 stateful set ifaddr 192.168.131.1 192.168.131.10-192.168.131.250 255.255.255.255 set server /var/tmp/loop 0177 loop-in: set timeout 0 set log phase lcp ipcp command allow mode direct pptp: load loop disable pap disable chap enable mschapv2 set radius /etc/ppp/radius.conf disable deflate pred1 deny deflate pred1 disable ipv6cp disable ipv6 accept mppe enable proxy accept dns set dns 192.168.5.21 192.168.5.24 set device !/etc/ppp/secure You will also need file /etc/ppp/secure: #!/bin/sh exec /usr/sbin/ppp -direct loop-in Hope this helps. -- Marko Cupać
Re: Hang possibly related to pipex
On Mon, 8 Jul 2013 11:45:38 +0200 Marko Cupać marko.cu...@mimar.rs wrote: I have just upgraded to: OpenBSD 5.3-current (GENERIC.MP) #25: Sat Jul 6 17:01:33 MDT 2013 No hangs since upgrade. Thank you for your help. -- Marko Cupać
Re: CARP on Switch ports without port fast leading to double master-master problems
On Mon, 22 Jul 2013 12:12:30 +0100 Andy a...@brandwatch.com wrote: I.e. When a firewall boots up, the connected switch port starts STP and is initially blocked, causing the newly booting firewall to think it is master, the port then starts forwarding and I have double master. Why trying to solve problem on OpenBSD side and not on switch side? If I remember well, STP is protocol which blocks redundant paths to the same switch in order to avoid switching loops. As your two switch ports connect to a firewall you do not need STP there. -- Marko Cupać
Re: Hang possibly related to pipex
On Mon, 08 Jul 2013 14:57:25 +0900 (JST) YASUOKA Masahiko yasu...@yasuoka.net wrote: Can you try latest snapshot or below patch? I have just upgraded to: OpenBSD 5.3-current (GENERIC.MP) #25: Sat Jul 6 17:01:33 MDT 2013 Thank you for your help, let's see if it fixes the problem. -- Marko Cupać
Re: Why I abandoned OpenBSD, and why you should too...
I find it sad that it is now third day that noone responded to my call for help with system hang, at least something like ask on bugs list, while threads like this get 15 responses in a matter of hours :(
Re: PF sync doesn't not work very well
On Thu, 04 Jul 2013 21:30:56 +0200 Loïc BLOT loic.b...@unix-experience.fr wrote: Hello all, thanks for this interesting debate about pf syncing. To remember my initial question: pfsync seems to sync states but not correctly on my BGP+OSPF routers. Because each BGP router is master/standby to 2 neighbors (full meshed bgp) packets which are outgoing by one router can income by the other router, then if i want to use pf as a stateful firewall i must use pfsync to sync created states from router A to router B. If you tell me it's not possible, then i will use pf as a stateless firewall. If you speak Serbian, I have just documented my BGP / OSPF / CARP / PFSYNC setup: https://www.mimar.rs/openbsd-na-obodu-korporacijske-mreze/ Maybe google translate is good enough to make it understandable.
Hang possibly related to pipex
I have a machine that has been serving as NAT gateway and VPN server
(both pptp/poptop and openvpn) since 5.0 without problems.
On 5.2 I switched poptop to npppd compiled from sources and was very
happy with it. With release of 5.3 I added second machine as CARP
failover backup.
In last 10 days machine hanged twice. I do not have hang message from
the first time, but this time i read this:
uvm_fault(0xd8f5f680, 0x0, 0, 3) - e
kernel: page fault trap, code=0
Stopped at pipex_close_session+0xc4: movl %eax,0x6c(%exc)
ddb{3}
Below is my dmesg:
OpenBSD 5.3 (GENERIC.MP) #58: Tue Mar 12 18:43:53 MDT 2013
dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC.MP
cpu0: Intel(R) Xeon(R) CPU E5420 @ 2.50GHz (GenuineIntel 686-class) 2.51 GHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,LONG,SSE3,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,DCA,SSE4.1,LAHF,PERF
real mem = 2145267712 (2045MB)
avail mem = 2099216384 (2001MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 12/31/99, BIOS32 rev. 0 @ 0xf, SMBIOS
rev. 2.4 @ 0xee000 (68 entries)
bios0: vendor HP version P58 date 07/10/2009
bios0: HP ProLiant DL360 G5
acpi0 at bios0: rev 2
acpi0: sleep states S0 S4 S5
acpi0: tables DSDT FACP SPCR MCFG HPET SPMI ERST APIC BERT HEST SSDT
acpi0: wakeup devices PCI0(S5)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimcfg0 at acpi0 addr 0xe000, bus 0-255
acpihpet0 at acpi0: 14318179 Hz
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: apic clock running at 333MHz
cpu1 at mainbus0: apid 2 (application processor)
cpu1: Intel(R) Xeon(R) CPU E5420 @ 2.50GHz (GenuineIntel 686-class) 2.51 GHz
cpu1:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,LONG,SSE3,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,DCA,SSE4.1,LAHF,PERF
cpu2 at mainbus0: apid 1 (application processor)
cpu2: Intel(R) Xeon(R) CPU E5420 @ 2.50GHz (GenuineIntel 686-class) 2.51 GHz
cpu2:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,LONG,SSE3,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,DCA,SSE4.1,LAHF,PERF
cpu3 at mainbus0: apid 3 (application processor)
cpu3: Intel(R) Xeon(R) CPU E5420 @ 2.50GHz (GenuineIntel 686-class) 2.51 GHz
cpu3:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,LONG,SSE3,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,DCA,SSE4.1,LAHF,PERF
ioapic0 at mainbus0: apid 8 pa 0xfec0, version 20, 24 pins
ioapic1 at mainbus0: apid 9 pa 0xfec8, version 20, 24 pins
acpiprt0 at acpi0: bus 1 (IP2P)
acpiprt1 at acpi0: bus 11 (IPE1)
acpiprt2 at acpi0: bus 10 (IPE4)
acpiprt3 at acpi0: bus 16 (P2P2)
acpiprt4 at acpi0: bus 9 (PT02)
acpiprt5 at acpi0: bus 6 (PT03)
acpiprt6 at acpi0: bus 19 (PT04)
acpiprt7 at acpi0: bus 3 (NB01)
acpiprt8 at acpi0: bus 5 (NB02)
acpiprt9 at acpi0: bus 0 (PCI0)
acpicpu0 at acpi0: C3, C1
acpicpu1 at acpi0: C3, C1
acpicpu2 at acpi0: C3, C1
acpicpu3 at acpi0: C3, C1
acpitz0 at acpi0: critical temperature is 31 degC
bios0: ROM list: 0xc/0xb000 0xcc400/0x4000 0xe6000/0x2000!
ipmi at mainbus0 not configured
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 0 function 0 Intel 5000P Host rev 0xb1
ppb0 at pci0 dev 2 function 0 Intel 5000 PCIE rev 0xb1
pci1 at ppb0 bus 9
ppb1 at pci1 dev 0 function 0 Intel 6321ESB PCIE rev 0x01
pci2 at ppb1 bus 10
ppb2 at pci2 dev 0 function 0 Intel 6321ESB PCIE rev 0x01
pci3 at ppb2 bus 11
ppb3 at pci2 dev 1 function 0 Intel 6321ESB PCIE rev 0x01
pci4 at ppb3 bus 14
ppb4 at pci2 dev 2 function 0 Intel 6321ESB PCIE rev 0x01
pci5 at ppb4 bus 15
ppb5 at pci1 dev 0 function 3 Intel 6321ESB PCIE-PCIX rev 0x01
pci6 at ppb5 bus 16
ppb6 at pci0 dev 3 function 0 Intel 5000 PCIE rev 0xb1
pci7 at ppb6 bus 6
ciss0 at pci7 dev 0 function 0 Hewlett-Packard Smart Array rev 0x04: apic 8
int 16
ciss0: 1 LD, HW rev 4, FW 7.08/7.08, 64bit fifo
scsibus0 at ciss0: 1 targets
sd0 at scsibus0 targ 0 lun 0: HP, LOGICAL VOLUME, 7.08 SCSI3 0/direct fixed
sd0: 139979MB, 512 bytes/sector, 286677120 sectors
ppb7 at pci0 dev 4 function 0 Intel 5000 PCIE x8 rev 0xb1
pci8 at ppb7 bus 19
em0 at pci8 dev 0 function 0 Intel PRO/1000 MT (82574L) rev 0x00: msi,
address 2c:27:d7:15:20:67
ppb8 at pci0 dev 5 function 0 Intel 5000 PCIE rev 0xb1
pci9 at ppb8 bus 22
ppb9 at pci0 dev 6 function 0 Intel 5000 PCIE rev 0xb1
pci10 at ppb9 bus 2
ppb10 at pci10 dev 0 function 0 ServerWorks PCIE-PCIX rev 0xc3
pci11 at ppb10 bus 3
bnx0 at pci11 dev 0 function 0 Broadcom BCM5708 rev 0x12: apic 8 int 18
ppb11 at pci0 dev 7 function 0 Intel 5000 PCIE rev 0xb1
pci12 at ppb11 bus 4
ppb12 at pci12 dev 0 function 0 ServerWorks PCIE-PCIX rev 0xc3
pci13 at ppb12 bus 5
bnx1 at pci13 dev 0 function 0 Broadcom BCM5708 rev 0x12: apic 8
