Re: FTP login delay

2018-06-21 Thread Stuart Henderson 
On 2018-06-21, Maximilian Pichler  wrote:
> (1) Why does ftpd need to make a *forward* DNS lookup (assuming I'm
> reading the query correctly) of the machine name?

If there's no matching forward DNS for the name in reverse DNS, it can't
be trusted, so logging such a name would be misleading.

> (2) Generally, when setting the machine name with hostname(1), should
> it be suffixed with a domain name?

Generally that would be the usual way.

Re: Theo's BOF at BSDcan

2018-06-21 Thread Rupert Gallagher 
On Fri, Jun 22, 2018 at 07:10, Rupert Gallagher  wrote:

> There is a fact missing from the discussion: state-funded espionage companies 
> (NSA, Hacking Team, etc) and criminals they both purchase and profit from 
> bugs. My guess is that OpenBSD does not get first-hand information from Intel 
> because Intel knows that OpenBSD will patch it as if there is no tomorrow.

I mean that there is an ethical problem here. Intel ought to come clean first, 
make a public statement of intent and and welcome key actors in the industry 
who have an established reputation of being ethically clean themselves. Until 
then, nobody can trust Intel.

On a technical side, Intel Atom c3000 series have no Hyperthreading. They have 
a single thread per core. Perhaps they are easier to mantain.

Re: Theo's BOF at BSDcan

2018-06-21 Thread Rupert Gallagher 
There is a fact missing from the discussion: state-funded espionage companies 
(NSA, Hacking Team, etc) and criminals they both purchase and profit from bugs. 
My guess is that OpenBSD does not get first-hand information from Intel because 
Intel knows that OpenBSD will patch it as if there is no tomorrow.
@gmail.com>

Re: Theo's BOF at BSDcan

2018-06-21 Thread Roman Zolotarev 
> I think that this is the video under discussion:
> https://www.youtube.com/watch?v=UaQpvXSa4X8

A fragment with better sound:
https://www.youtube.com/watch?v=_E873DaCLN4

Roman

Re: Theo's BOF at BSDcan

2018-06-21 Thread Wiremu Demchick 
Kia ora Rudy,

I think that this is the video under discussion:
https://www.youtube.com/watch?v=UaQpvXSa4X8

Kind regards,

Wiremu

Re: Theo's BOF at BSDcan

2018-06-21 Thread Kevin Chadwick 
On Thu, 21 Jun 2018 13:07:23 -0600


> Kevin Chadwick  wrote:
> 
> > My point was that signing up in the first
> > place should be criticised, if anything.  
> 
> So you criticize our previous involvement in embargos where it was
> neccessary?

I think you had little choice because of an incorrect established
procedure.

In fact, the KRACK case showed that OpenBSD patched well before
many others and many phones are still unpatched.

The embargo did not help others patch before release or allow users
to avoid and warn about certain use cases of Bluetooth and WIfi as soon
as possible (many months).

embargos create the idea that testing is more important than security
with Lenovos purchase of Motorola they now say we promise oreo even
though you are missing 6 separate months of android security patches
and the newer phones have less security patches than the older ones.

Some people say I shall update later I just want to browse and it can
take a week for Windows to update because Windows don't want to get in
the way.

Some say don't patch on patch release day.

Others patch and avoid browsing until it is patched.

It should be upto us to do what we can as soon as possible and not hope
some bad guy won't pay for information or work things out quicker.

Would it be faster to patch in open source if everything was public and
are emails secure?

> 
> Even in the situations where it took > a week to write a fix?
> 

Yes especially when the plan was a month plus embargo and who knows how
many weeks earlier people could have been told.

Is it feasible that code could be run on cloud systems (patched early)
to search for OS differences and hints on secret fixes.

> Everyone can tell that you are wrong.  Adults will make those
> decisions on a case by case basis.
> 
> You really should just say sorry and drop it.

I can't if I disagree but I apologise for lack of clarity on the
embargo existence/honouring front.

Re: Theo's BOF at BSDcan

2018-06-21 Thread Theo de Raadt 
Kevin Chadwick  wrote:

> My point was that signing up in the first
> place should be criticised, if anything.

So you criticize our previous involvement in embargos where it was
neccessary?

Even in the situations where it took > a week to write a fix?

Everyone can tell that you are wrong.  Adults will make those
decisions on a case by case basis.

You really should just say sorry and drop it.

Re: Theo's BOF at BSDcan

2018-06-21 Thread Kevin Chadwick 
On Thu, 21 Jun 2018 12:09:00 -0600


> Wow, just look at that sentence.  OpenBSD did not break any embargos.
> This situation may have no relationship to embargo breaking rumours.
> However, false rumours about breaking embargos have to stop,
> especially when spread by people at other open source projects.
> 
> You imply that someone broke an embargo.

I thought it was widely understood by now that braking an embargo could
not be and was not the case by any third party either and I apologise
if I wasn't clear enough. My point was that signing up in the first
place should be criticised, if anything.

I am just surprised that so much talk about breaking/excluding from
embargos and the dangers of breaking them have been discussed and yet
the real risks involved in long embargos...not so much.

Atleast Microsoft have some justification for their monthly patch timing
even if that has been heavily criticised and the policy weakened now.

Re: How to copy n bytes from stdin to stdout?

2018-06-21 Thread Otto Moerbeek 
On Thu, Jun 21, 2018 at 08:06:46PM +0200, Vincent Legoll wrote:

> Hello,
> 
> The man page did not say bs has to be a power of 2.
> 
> On a very old macppc openbsd box:
> 
> vince@mini:~$ dd count=1 bs=123456789 < /dev/zero > zero.bin
> 1+0 records in
> 1+0 records out
> 123456789 bytes transferred in 9.833 secs (12554493 bytes/sec)
> 
> On a much more recent core i7 linux:
> 
> vince@dell:~$ dd count=1 bs=123456789 < /dev/zero > zero.bin
> 1+0 records in
> 1+0 records out
> 123456789 bytes (123 MB, 118 MiB) copied, 0,0703818 s, 1,8 GB/s
> 
> 
> This may not work with huge bs though...
> 
> 
> -- 
> Vincent Legoll

It was already mentioned that this does not work when short reads occur.

-Otto

Re: 20% package loss on CARP after upgrade to 6.3

2018-06-21 Thread Henrik Dige Semark 
I have now tried to change the carp netmask to /32 on the one interface
that shares subnet (management), changed advskew to 20 on master and 80
on slave. But ping loss still persist (see bottom of this mail).

I could try to set the carpdemote higher on the slave, but what then
when/if the master actually goes down?
>> CARP and nothing else.
>>> I have no idea about a possible specific reason for packet loss, though.
>>>
>> Snippet from: Robert Blacquiere 
>>> Just a quick thought as em devices are emulated on kvm did you try
>>> disableling hw offloading on the interfaces? I had some similair issue
>>> with a vps pings seem to work but other traffic had drops.
>> I haven't tried to disable HW offload, but do you think it could be a
>> problem, when it worked fin under older versions of OpenBSD?
>>
>> Med Venlig Hilsen / Best Regards
>> Henrik Dige Semark
>>
>>
>>
> I had some issues with vps with em interfaces and pseudo hw offloading.
> Now I never use offloading on vps and have not encountered these strange
> things like packet drop or  icmp work but tcp/udp fails and carp strange
> hickups. Also encountered issue with multicast on juniper in combination
> with numbered management vlan on the default vlan. Some where in juniper
> they got silenced. 
>
> Regards
>
> Robert 
>
@Robert: What exactly do you turn off, and how?

Information:

# ifconfig em0
em0: flags=8b43
mtu 1500
    lladdr a8:8d:35:55:7d:5f
        description: Management
    index 1 priority 0 llprio 3
    media: Ethernet autoselect (1000baseT full-duplex)
    status: active
    inet 192.168.245.2 netmask 0xff00 broadcast 192.168.245.255
    inet6 fe80::24e8:4c63:629c:3d53%em0 prefixlen 64 scopeid 0x1
    inet6 2001:470:1b6a:45::2 prefixlen 64

# ifconfig carp1
carp1: flags=8843 mtu 1500
    lladdr 00:00:5e:00:01:01
    description: Management
    index 5 priority 15 llprio 3
    carp: MASTER carpdev em0 vhid 1 advbase 1 advskew 20
    groups: carp lan
    status: master
    inet 192.168.245.1 netmask 0x
    inet6 fe80::3c71:a9ea:18d8:872%carp1 prefixlen 64 scopeid 0x5
    inet6 2001:470:1b6a:45::1 prefixlen 128



# ping -c 50 8.8.8.8 (From my laptop to Google DNS)
--- 8.8.8.8 ping statistics ---
50 packets transmitted, 40 received, +10 errors, 20% packet loss, time
49158ms
rtt min/avg/max/mdev = 7.046/7.370/10.165/0.517 ms

# ping -c 50 192.168.245.2 (From my laptop to Server 1 em0)
--- 192.168.245.2 ping statistics ---
50 packets transmitted, 50 received, 0% packet loss, time 49350ms
rtt min/avg/max/mdev = 0.658/1.169/4.643/0.682 ms

# ping -c 50 192.168.245.1 (From my laptop to carp1 (default gw))
PING 192.168.245.1 (192.168.245.1) 56(84) bytes of data.
64 bytes from 192.168.245.1: icmp_seq=1 ttl=255 time=0.766 ms
64 bytes from 192.168.245.1: icmp_seq=2 ttl=255 time=0.972 ms
64 bytes from 192.168.245.1: icmp_seq=3 ttl=255 time=1.18 ms
64 bytes from 192.168.245.1: icmp_seq=4 ttl=255 time=0.718 ms
64 bytes from 192.168.245.1: icmp_seq=5 ttl=255 time=0.816 ms
64 bytes from 192.168.245.1: icmp_seq=6 ttl=255 time=0.818 ms
64 bytes from 192.168.245.1: icmp_seq=7 ttl=255 time=0.964 ms
64 bytes from 192.168.245.1: icmp_seq=8 ttl=255 time=0.833 ms
64 bytes from 192.168.245.1: icmp_seq=9 ttl=255 time=0.839 ms
64 bytes from 192.168.245.1: icmp_seq=10 ttl=255 time=0.955 ms
64 bytes from 192.168.245.1: icmp_seq=11 ttl=255 time=1.62 ms
64 bytes from 192.168.245.1: icmp_seq=12 ttl=255 time=0.916 ms
64 bytes from 192.168.245.1: icmp_seq=13 ttl=255 time=0.785 ms
64 bytes from 192.168.245.1: icmp_seq=14 ttl=255 time=0.734 ms
64 bytes from 192.168.245.1: icmp_seq=15 ttl=255 time=1.99 ms
*64 bytes from 192.168.245.1: icmp_seq=16 ttl=255 time=36.8 ms*
64 bytes from 192.168.245.1: icmp_seq=17 ttl=255 time=0.853 ms
64 bytes from 192.168.245.1: icmp_seq=18 ttl=255 time=1.19 ms
64 bytes from 192.168.245.1: icmp_seq=19 ttl=255 time=0.744 ms
64 bytes from 192.168.245.1: icmp_seq=20 ttl=255 time=1.89 ms
64 bytes from 192.168.245.1: icmp_seq=21 ttl=255 time=0.853 ms
64 bytes from 192.168.245.1: icmp_seq=22 ttl=255 time=1.78 ms
64 bytes from 192.168.245.1: icmp_seq=23 ttl=255 time=0.861 ms
64 bytes from 192.168.245.1: icmp_seq=24 ttl=255 time=1.15 ms
64 bytes from 192.168.245.1: icmp_seq=25 ttl=255 time=0.731 ms
64 bytes from 192.168.245.1: icmp_seq=26 ttl=255 time=0.701 ms
64 bytes from 192.168.245.1: icmp_seq=27 ttl=255 time=2.07 ms
64 bytes from 192.168.245.1: icmp_seq=28 ttl=255 time=1.07 ms
*64 bytes from 192.168.245.1: icmp_seq=29 ttl=255 time=41.5 ms*
64 bytes from 192.168.245.1: icmp_seq=30 ttl=255 time=0.798 ms
64 bytes from 192.168.245.1: icmp_seq=31 ttl=255 time=1.65 ms
64 bytes from 192.168.245.1: icmp_seq=32 ttl=255 time=0.846 ms
64 bytes from 192.168.245.1: icmp_seq=33 ttl=255 time=0.782 ms
64 bytes from 192.168.245.1: icmp_seq=34 ttl=255 time=1.94 ms
64 bytes from 192.168.245.1: icmp_seq=35 ttl=255 time=0.841 ms
64 bytes from 192.168.245.1: icmp_seq=36 ttl=255 time=0.874 ms

Re: Theo's BOF at BSDcan

2018-06-21 Thread Theo de Raadt 
Kevin Chadwick  wrote:

> On Thu, 21 Jun 2018 08:34:55 -0700 (MST)
> 
> 
> > It was a good talk either way.. It's an issue that keeps getting
> > larger as time goes on. 
> 
> Whilst I can see but disagree with a point of view that Open Source
> will be locked out if they don't comply with embargos.

Wow, just look at that sentence.  OpenBSD did not break any embargos.
This situation may have no relationship to embargo breaking rumours.
However, false rumours about breaking embargos have to stop, especially
when spread by people at other open source projects.

You imply that someone broke an embargo.  Look at the sentence.  What
gives you that right?  Gossip much?  Can't write correct sentences?

I completely understand that people who kick dogs might write sentences
like that.

> I would not participate.

You are not involved in any of the decisions, you are just a mouth on a
mailing list.  Always fastinating to see such decisive decision making
from outsiders.  Such conviction!

Re: How to copy n bytes from stdin to stdout?

2018-06-21 Thread Vincent Legoll 
Hello,

The man page did not say bs has to be a power of 2.

On a very old macppc openbsd box:

vince@mini:~$ dd count=1 bs=123456789 < /dev/zero > zero.bin
1+0 records in
1+0 records out
123456789 bytes transferred in 9.833 secs (12554493 bytes/sec)

On a much more recent core i7 linux:

vince@dell:~$ dd count=1 bs=123456789 < /dev/zero > zero.bin
1+0 records in
1+0 records out
123456789 bytes (123 MB, 118 MiB) copied, 0,0703818 s, 1,8 GB/s


This may not work with huge bs though...


-- 
Vincent Legoll

Re: Theo's BOF at BSDcan

2018-06-21 Thread Kevin Chadwick 
On Thu, 21 Jun 2018 08:34:55 -0700 (MST)


> It was a good talk either way.. It's an issue that keeps getting
> larger as time goes on. 

Whilst I can see but disagree with a point of view that Open Source
will be locked out if they don't comply with embargos. I would not
participate.

After all, those that have important stuff to protect will patch sooner.
Are they supposed to sit on those patches for a month (after 3 weeks of
cloud provider notification?) to allow those who run blogs about flower
arrangements to patch at the same time. 

Who decided clouds are more important than Open Source. I'm sure there
are some exceptions, military/gov that pay to patch well in advance and
perhaps the cloud providers pay to be part of those programs, but it is
wrong. Do Intel profit from bugs?

They should have the resources to countermeasure or check and reset as
needed. Anything more than very short embargos surely just create
windows of opportunity for attackers. High assurance systems will
likely have extra defenses on top of Intel chips anyway.

We should want to send a clear message and be annoyed about *anyone*
signing upto embargos.

Or is it "playing the game"...I hate that term!

Re: Theo's BOF at BSDcan

2018-06-21 Thread Rudy Baker 
Anyone got a link to this video? Can't find it anywhere

On Thu, Jun 21, 2018, 11:52 AM anexit  wrote:

> It was a good talk either way.. It's an issue that keeps getting larger as
> time goes on.
>
>
>
> --
> Sent from:
> http://openbsd-archive.7691.n7.nabble.com/openbsd-user-misc-f3.html
>
>

Re: virtual colocation? Amazon/cloud?

2018-06-21 Thread Maximilian Pichler 
I've had a very good experience with the Netherlands-based transip.
Their pricing is competitive (especially for storage if you don't want
do deal with anything S3-like), they are reliable, and have also been
good at keeping up with new OpenBSD releases:
https://www.transip.eu/vps/openbsd/

On Thu, Jun 14, 2018 at 10:50 PM, Steve Fairhead  wrote:
> Yes, I have consulted the interwebs. But, forsooth, the interwebs have
> forsaken me...
>
> I've been running various colocated OpenBSD boxen for a long time (19
> years?). The hardware is mine; the phat pipe I pay for, in some aircon'ed
> warehouse somewhere in southern England... never been... (I'm in West
> Sussex/Surrey, but I doubt that matters these days.)
>
> Two of my machines are getting a little elderly, and need replacing... and
> my son-in-law (I quite like him) said "have you considered virtual
> hosting?". Hmmm.
>
> I would love to be able to do this - make the hardware someone else's
> problem - and maybe into the bargain pay less per month.
>
> I gather Amazon are not quite there yet re OpenBSD virtual machines. Can
> anyone here provide a cluebat as to prospects or alternatives? I don't want
> to move away from OpenBSD - it's my security blanket... and I love it *so*
> much...
>
> Steve
>

Re: Theo's BOF at BSDcan

2018-06-21 Thread anexit 
It was a good talk either way.. It's an issue that keeps getting larger as
time goes on. 



--
Sent from: http://openbsd-archive.7691.n7.nabble.com/openbsd-user-misc-f3.html

Re: New laptop recommendations

2018-06-21 Thread flipchan 
I got the x200 with libreboot and openbsd 

On June 19, 2018 10:47:24 AM UTC, Kaya Saman  wrote:
>I couldn't say for the compatibility with OpenBSD though I have read 
>other people running on them, but how about Lenovo??
>
>
>I've got an X220 which I run a Linux distro on which I'm really happy 
>with though the i7 CPU does seem to overheat for some reason, though I 
>seem to have this issue with all laptops I've gone through?? Must be me
>:-S
>
>- only system that never overheated was my old PowerBook G3 Firewire 
>running Mac OS 9
>
>
>I might be remembering wrong but I'm sure I've seen people on the list 
>running OBSD on X-series Lenovo's so it might be worth a shot unless 
>anyone else has better suggestions :-)
>
>
>Regards,
>
>
>Kaya
>
>
>On 06/19/18 11:37, Rupert Gallagher wrote:
>> I'm done with my 10 years old 1200EUR MacBookPro. It served me well,
>every day, but is now falling apart, finally.
>>
>> I would buy a new one if only Steve Jobs would be alive and keeping
>Apple inspired. The new models are meticulously designed to make you
>suffer: expensive, slow cpu, soldered ram, soldered disk, small disk,
>bad keyboard keys, wifi only, must pay extra for standard connectors.
>>
>> I have 1500EUR for a new laptop. What would you buy with it?

-- 
Take Care Sincerely flipchan layerprox dev

Re: Poor browser performance in OpenBSD

2018-06-21 Thread Dumitru Mișu Moldovan 

On 06/21/18 00:34, Chris Cappuccio wrote:


I notice some major slowdowns with the meltdown mitigation on Core 2 Duo
with inteldrm that make them almost unusable with modern browsers right now.
Not as bad on newer CPUs.


In my experience, a Core2Duo machine with inteldrm I still use as a 
backup option for work (HP Compaq 2510p) is still usable with SeaMonkey 
(uBlock origin and NoScript help).  Firefox was usable with its 2GB of 
RAM until Electrolysis was implemented sometime last year (was using ESR 
at the time).  Chromium has been unusable for way longer with more than 
a couple of tabs.


Haven't notice much of a slowdown with the Meltdown-related patches.



signature.asc
Description: OpenPGP digital signature

Re: How to copy n bytes from stdin to stdout?

2018-06-21 Thread Maximilian Pichler 
On Thu, Jun 21, 2018 at 3:15 PM, Daniel Hartmeier  wrote:
> I think they meant dd and just didn't care about efficiency:
>
>   http://austingroupbugs.net/bug_view_page.php?bug_id=407

Thanks for digging this out!

> Does ghead -c beat a simple buffer loop?

Your head-c.c seems to have the same performance as ghead -c,
presumably because they're doing the same thing. :)

Re: How to copy n bytes from stdin to stdout?

2018-06-21 Thread Otto Moerbeek 
On Thu, Jun 21, 2018 at 03:08:10PM +0200, Jan Stary wrote:

> On Jun 20 17:32:51, maxim.pich...@gmail.com wrote:
> > dd bs=1 count=1234567 will copy 1234567 bytes and then stop, but it's slow.
> 
> $ dd bs=1 count=1234567 < /dev/zero > /dev/null
> 1234567+0 records in
> 1234567+0 records out
> 1234567 bytes transferred in 4.507 secs (273886 bytes/sec)
> 
> $ dd count=1 bs=1234567 < /dev/zero > /dev/null   
> 1+0 records in
> 1+0 records out
> 1234567 bytes transferred in 0.001 secs (653970943 bytes/sec)

The latter will stop on a short read.

-Otto

Re: How to copy n bytes from stdin to stdout?

2018-06-21 Thread Daniel Hartmeier 
On Thu, Jun 21, 2018 at 03:08:10PM +0200, Jan Stary wrote:

> $ dd count=1 bs=1234567 < /dev/zero > /dev/null   
> 1+0 records in
> 1+0 records out
> 1234567 bytes transferred in 0.001 secs (653970943 bytes/sec)

That was my first hunch as well, but try

  $ printf "foo\nbar\n" | dd count=1 bs=1234567

and then

  $ (printf "foo\n"; printf "bar\n") | dd count=1 bs=1234567

Daniel

Re: How to copy n bytes from stdin to stdout?

2018-06-21 Thread Daniel Hartmeier 
On Thu, Jun 21, 2018 at 10:57:40AM +0200, Maximilian Pichler wrote:

> > dd ibs=1 count=n
> 
> Nice, this is about three time as fast as bs=1. Both are much slower
> than 'ghead -c'.

I think they meant dd and just didn't care about efficiency:

  http://austingroupbugs.net/bug_view_page.php?bug_id=407

Does ghead -c beat a simple buffer loop?

Daniel
#include 
#include 

#define BUFSIZE 65536

int main(int argc, char *argv[])
{
char buf[BUFSIZE];
size_t n, r;

if (argc != 2 || (n = atoi(argv[1])) < 1) {
fprintf(stderr, "usage: %s number\n", argv[0]);
return (1);
}
do {
r = fread(buf, 1, n > BUFSIZE ? BUFSIZE : n, stdin);
if (r > 0) {
fwrite(buf, 1, r, stdout);
n -= r;
}
} while (r > 0 && n > 0);
return (0);
}

Re: How to copy n bytes from stdin to stdout?

2018-06-21 Thread Jan Stary 
On Jun 20 17:32:51, maxim.pich...@gmail.com wrote:
> dd bs=1 count=1234567 will copy 1234567 bytes and then stop, but it's slow.

$ dd bs=1 count=1234567 < /dev/zero > /dev/null
1234567+0 records in
1234567+0 records out
1234567 bytes transferred in 4.507 secs (273886 bytes/sec)

$ dd count=1 bs=1234567 < /dev/zero > /dev/null   
1+0 records in
1+0 records out
1234567 bytes transferred in 0.001 secs (653970943 bytes/sec)

Re: New laptop recommendations

2018-06-21 Thread bytevolcano 
In his defense, you did exactly that which you are accusing him of, not
providing "technical" arguments. "Oh look at this laptop which I've
apparently never used but I'd recommend you look into anyway."

"I hear they're quite nice, and are running coreboot straight from the
factory." It sounds like pandering to ideology without technical merit.


As for my recommendation, I've had some decent success with Panasonic
Toughbooks (CF-30 and CF-31 so far). I'll see if I can bring up a dmesg
when I get a chance. They are physically sound units too.

Most stuff seems to work with 6.3 + syspatches on the CF-31 but I can't
work out how to disable the gestures (I don't seem to have a
"mouse.tp.tapping" variable when using wsconsctl(8)).


On Tue, 19 Jun 2018 13:19:55 -0700
Jordan Geoghegan  wrote:

> On 06/19/18 11:20, li...@wrant.com wrote:
> > Tue, 19 Jun 2018 09:59:45 -0700 Jordan Geoghegan   
> >> Have you considered one of the Librem laptops by Purism? I hear they're
> >> quite nice, and are running coreboot straight from the factory.  
> > The pinnacle of bullshit talk, utter nonsense, no technical value at all.
> >
> >  
> You don't have to be a snarky prick about things-- I don't hear you 
> making any suggestions or providing any "technical" arguments or giving 
> reasons for how/why my suggestion is "utter nonsense".
> You want a dmesg? You want the stats on the laptop? I'm not your 
> secretary, you know how to Google. Don't be aggressive just for the sake 
> of being aggressive.
> 
> Cheers,
> Jordan
>

Re: New laptop recommendations

2018-06-21 Thread Thomas Levine 
I spoke with Todd Weaver at LibrePlanet about running OpenBSD on Purism.
I suggested that the company install a bunch of operating systems and
post dmesg, but I don't think they have done that yet.

If I remember correctly, he also said he would be happy to provide
a refurbished laptop to a developer for the purpose of confirming that
the hardware works well on OpenBSD.

Re: Poor browser performance in OpenBSD

2018-06-21 Thread Максим 
Sorry for corrupted output.
I had to compose the email in a browser.
I will try to fix that.

-- 
Best regards.
Maksim Rodin

21.06.2018, 12:13, "Максим" :
> Here is the vmstat result. It can be seen clear when I start a youtube
> video in firefox. CPU usage jumps and falls, whenI close the tab with
> that video.I cannon imagine what can be a bottleneck in the system with
> core i3 cpu, 8 gb ram and ssd when the only "heavy" processis firefox
> with 10 open tabs, the rest is tmux with a few terminals and thunderbird.? I
> also tried setting machdep.allowaperture=2 to 0 following Thomas Frohwein's
> advice butI didn't see any changes after reboot. And I also remember that
> I didn't change that parameter by hand.I suppose it was set automatically
> by the system installer when I chose "Do you expect to run the X Window
> System? [yes]"And I don't see any hint in "man xf86" that it has anything
> to do with performance restrictions.? doas vmstat -w 5? procs? ? ?
> memory? ? ? ? ? ? page? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? disks? ? ?
> traps? ? ? ? ? ? ? ? ? cpu? r? ? s? ? avm? ? ? ? fre? flt? re?
> pi? po? fr? sr sd0 cd0? int? ? sys? ? cs us sy id? 3 293 1804M? ?
> 4266M? 897? ? 0? ? 0? ? 0? ? 0? ? 0? ? 2? ? 0? 102 13798 1903?
> 4? 2 94? 0 295 1799M? ? 4271M? 501? ? 0? ? 0? ? 0? ? 0? ? 0? ?
> 0? ? 0? 156? 8505 1347? 1? 1 98? 3 292 1799M? ? 4271M? ? 34? ?
> 0? ? 0? ? 0? ? 0? ? 0? ? 0? ? 0? 151? 6959 1113? 0? 0 100? 2
> 292 1760M? ? 4307M? 465? ? 0? ? 0? ? 0? ? 0? ? 0? ? 0? ? 0? 187
> 11689 1386? 2? 1 96? 1 295 1759M? ? 4308M 3519? ? 0? ? 0? ? 0? ?
> 0? ? 0? ? 0? ? 0? 248 27514 4037 11? 6 82? 3 298 1802M? ? 4234M
> 6631? ? 0? ? 0? ? 0? ? 0? ? 0? ? 1? ? 0? 296 64983 6072 26 11 61? 4
> 300 1837M? ? 4202M 8481? ? 0? ? 0? ? 0? ? 0? ? 0? 76? ? 0 350
> 62912 7460 30 12 57? 5 302 1929M? ? 4100M 16860? ? 0? ? 0? ? 0? ?
> 0? ? 0? ? 0? ? 0? 537 87017 9736 58 16 24? 2 305 1912M? ? 4082M
> 9525? ? 0? ? 0? ? 0? ? 0? ? 0? ? 0? ? 0? 210 42731 5417 40 11 47? 5
> 302 1911M? ? 4095M 9629? ? 0? ? 0? ? 0? ? 0? ? 0? ? 7? ? 0? 364
> 70279 9421 38 13 48? 2 311 1927M? ? 4038M 9220? ? 0? ? 0? ? 0? ?
> 0? ? 0? ? 0? ? 0? 590 77202 9896 35 13 49? 5 311 1970M? ? 4021M
> 10586? ? 0? ? 0? ? 0? ? 0? ? 0? ? 0? ? 0? 552 110548 17876 49 20
> 28? 3 311 2047M? ? 3900M 16934? ? 0? ? 0? ? 0? ? 0? ? 0? ? 0? ? 0
> 1491 105224 18734 55 31? 7? 8 305 2101M? ? 3832M 18703? ? 0? ? 0? ?
> 0? ? 0? ? 0? ? 0? ? 0 2149 85147 16381 55 37? 0? 7 306 2115M? ?
> 3794M 8234? ? 0? ? 0? ? 0? ? 0? ? 0? ? 0? ? 0? 626 68552 12057 43
> 23 30? 0 312 2079M? ? 3830M 7116? ? 0? ? 0? ? 0? ? 0? ? 0? ? 0? ?
> 0? 367 90852 12290 49 17 32? 2 306 2082M? ? 3847M 5519? ? 0? ? 0? ?
> 0? ? 0? ? 0? ? 0? ? 0? 322 65909 10800 34 14 51? 4 303 2061M? ?
> 3850M 6255? ? 0? ? 0? ? 0? ? 0? ? 0? ? 5? ? 0? 410 72349 11289 32
> 17 50? 7 300 2063M? ? 3863M 6900? ? 0? ? 0? ? 0? ? 0? ? 0? ? 0? ?
> 0? 435 78476 11630 49 21 28? 3 304 2064M? ? 3856M 4617? ? 0? ? 0? ?
> 0? ? 0? ? 0? ? 0? ? 0? 580 61415 9961 31 16 52? 3 305 2017M? ?
> 3934M 10344? ? 0? ? 0? ? 0? ? 0? ? 0? ? 0? ? 0? 545 73093 10099
> 38 16 44? 0 307 1945M? ? 4007M 1864? ? 0? ? 0? ? 0? ? 0? ? 0? ?
> 0? ? 0? 141 12998 1624? 3? 4 92? 3 305 1921M? ? 4026M? 897? ?
> 0? ? 0? ? 0? ? 0? ? 0? ? 0? ? 0? 148 13916 1589? 6? 2 92? 2 305
> 1921M? ? 4045M? 572? ? 0? ? 0? ? 0? ? 0? ? 0? 15? ? 0? 185
> 10068 1267? 2? 1 97? 1 306 1846M? ? 4120M 3488? ? 0? ? 0? ? 0? ?
> 0? ? 0? ? 0? ? 0? 179 14300 2274 19? 4 76? --? ? ? ? ? 20.06.2018,
> 16:04, "IL Ka" :
>
>   Have you tried vmstat to find bottleneck: is it CPU in userspace or
>   in kernel or storage?Which WM are you using? Could it be WM issue?Try
>   to use lower resolution? ? (I know that resolution is locked for
>   LCDs, but you can try just to make sure it is not the problem)

Re: How to copy n bytes from stdin to stdout?

2018-06-21 Thread Maximilian Pichler 
On Thu, Jun 21, 2018 at 11:05 AM, Abel Abraham Camarillo Ojeda
 wrote:
> $ cat file | perl -ne 'BEGIN { $/ = \1 } print if $. <= 5; exit 0 if $. == 5'

This is much slower than 'dd ibs=1'

Re: FTP login delay

2018-06-21 Thread Maximilian Pichler 
Thanks for the suggestion! ktracing reveals that it IS hanging on a DNS lookup.

 99982 ftpd CALL  connect(3,0xae7e11d72a0,16)
 99982 ftpd STRU  struct sockaddr { AF_INET, 192.168.1.1:53 }
 99982 ftpd RET   connect 0
 99982 ftpd CALL  sendto(3,0xae80477fa00,0x27,0,0,0)
 99982 ftpd GIO   fd 3 wrote 39 bytes
   "7\M^M\^A\0\0\^A\0\0\0\0\0\0\vzen-thought\^Bmy\^Fdomain\0\0\^A\0\^A"
 99982 ftpd RET   sendto 39/0x27
 99982 ftpd CALL  clock_gettime(CLOCK_MONOTONIC,0x7f7c51f0)
 99982 ftpd STRU  struct timespec { 47305.577400182 }
 99982 ftpd RET   clock_gettime 0
 99982 ftpd CALL  poll(0x7f7c5200,1,2)
<...hanging here for 20s...>
 99982 ftpd STRU  struct pollfd { fd=3, events=0x1, revents=0<> }
 99982 ftpd RET   poll 0
 99982 ftpd CALL  recvfrom(3,0xae80477a000,0x1000,0,0,0)
 99982 ftpd RET   recvfrom -1 errno 35 Resource temporarily unavailable

(It repeats this a few times with different timeouts: 5s + 10s + 20s +
40s = 75s)

I'm not familiar with the DNS protocol, but the query
"7\M^M\^A\0\0\^A\0\0\0\0\0\0\vzen-thought\^Bmy\^Fdomain\0\0\^A\0\^A"
contains a machine name, so it looks like a forward, not a reverse
lookup, right?

After adding 'zen-thought.my.domain' to /etc/hosts, the delay
disappears! Previously (after reading the FAQ) I had made entries only
for my naked machin name (zen-thought) and the machine name suffixed
with the ISP's domain, but not with 'my.domain'.

It also turns out that hostname(1) returned 'zen-thought.my.domain',
which is what ftpd seems to be looking up. After *setting* the
hostname to zen-thought only (without domain suffix) the delay
disappear as well, even when removing all entries from /etc/hosts
(except for the localhost ones of course).

My remaining questions are:

(1) Why does ftpd need to make a *forward* DNS lookup (assuming I'm
reading the query correctly) of the machine name?

(2) Generally, when setting the machine name with hostname(1), should
it be suffixed with a domain name?

Thanks again, your suggestion allowed me to get things working at least!


On Thu, Jun 21, 2018 at 10:09 AM, Janne Johansson  wrote:
>
>
> Den ons 20 juni 2018 kl 23:28 skrev Maximilian Pichler
> :
>>
>> I've enabled ftpd and am experiencing very long delays (consistently
>> 75 seconds) when logging in from localhost.
>>
>> Running nc reveals that the connection is accepted immediately, but
>> the server waits before spitting out the 'ready' line:
>>
>> $ nc -4v localhost 21
>> Connection to localhost 21 port [tcp/ftp] succeeded!
>> <<...75 seconds go by...>>
>> 220 zen-thought.my.domain FTP server ready.
>>
>> This smelled a lot like https://www.openbsd.org/faq/faq8.html#RevDNS,
>> but of course localhost is in /etc/hosts (and /etc/resolv.conf has
>> 'lookup file bind').
>
>
> Try running the ftpd under a ktrace and then use kdump to see what it does
> just before those 75 seconds?
> RevDNS was a good guess though. ;)
>
>
> --
> May the most significant bit of your life be positive.

Re: 20% package loss on CARP after upgrade to 6.3

2018-06-21 Thread Janne Johansson 
Den tors 21 juni 2018 kl 10:31 skrev Stefan Sperling :

> On Thu, Jun 21, 2018 at 10:07:06AM +0200, Janne Johansson wrote:
> > Den ons 20 juni 2018 kl 19:59 skrev Henrik Dige Semark :
> >
> > > Hey everybody,
> > >
> > > # Server 1
> > > My /etc/hostname.* for CARP's and pfsync + host adaptor:
> > > https://pastebin.com/vrtuPqnQ
> > > My /etc/pf.conf: https://pastebin.com/yhVkG4x4
> > >
> > > # Server 2
> > > My /etc/hostname.* for CARP's and pfsync + host adaptor:
> > > https://pastebin.com/a7fuM923
> > > My /etc/pf.conf: https://pastebin.com/xNr1TtZ7
> > >
> > > Any help or pointers would be fantastic.
> > > I have struggled with this for a week now and I'm running out of
> idears -
> > > the only solution I have right now is turning off the backup server.
> > >
> >
> > You should have different advskew on  expected master and slave carps,
> no?
>
> Looks to me like that is already the case (Server 1 is has advskew 0,
> Server 2 has advskew 100).
>

Oh damned, I might have looked at the same url twice. My bad.

-- 
May the most significant bit of your life be positive.

Re: Full Summary Of Research, Computer Sector Part. Now with Nyt Cloud BBS Intro oldskool style.

2018-06-21 Thread Ywe Cærlyn 

Den 6/19/2018 19:34, skrev Rudy Baker:

*grabs popcorn*

On Tue, Jun 19, 2018, 1:08 PM Ywe Cærlyn  wrote:

As mentioned earlier, I did 15 years of research on religion, that
gained me top 1% research on academia.edu .

The computer part is now also ready, and available on www.nyt.cloud BBS,
where we suggest what do to further, with the computer OS. Particulary
addressing the economic part, with monotheistic philosophy, and labour
party and work union politics, of fair pay.

Now also with oldskool intro:
https://www.youtube.com/watch?v=rGjwDdojO1k

Peace (Go With Théé)
Your Top Academic.
Ywe Cærlyn.



The greater research project, actually culiminated in a new word for 
God, Düüdh, which also the word deity, is related to, divinity, and theos.


There is no Iüdhü but Düüdh. And this is Enligthenment.
"Düüdh Is Bôss Of Heavwens And Ard. The Benign, The Gréat". (artist 
dialect), as I say on my artist page, testing philosophical principles 
in pop-culture, and a whole videoseries about realizing Düüdh.

,
https://www.youtube.com/watch?v=3-02jCKF1z4

After all, all noble principles are borrowed from monotheism.
Be enligthened, and worship Düüdh without giving him partners.

Peace (Go With Théé)
Ywe Cærlyn.

Re: 20% package loss on CARP after upgrade to 6.3

2018-06-21 Thread Robert Blacquiere 
On Thu, Jun 21, 2018 at 11:06:36AM +0200, Henrik Dige Semark wrote:
> On 21-06-2018 10:30, Stefan Sperling wrote:
> > On Thu, Jun 21, 2018 at 10:07:06AM +0200, Janne Johansson wrote:
> >> Den ons 20 juni 2018 kl 19:59 skrev Henrik Dige Semark :
> >>
> >>> Hey everybody,
> >>>
> >>> # Server 1
> >>> My /etc/hostname.* for CARP's and pfsync + host adaptor:
> >>> https://pastebin.com/vrtuPqnQ
> >>> My /etc/pf.conf: https://pastebin.com/yhVkG4x4
> >>>
> >>> # Server 2
> >>> My /etc/hostname.* for CARP's and pfsync + host adaptor:
> >>> https://pastebin.com/a7fuM923
> >>> My /etc/pf.conf: https://pastebin.com/xNr1TtZ7
> >>>
> >>> Any help or pointers would be fantastic.
> >>> I have struggled with this for a week now and I'm running out of idears -
> >>> the only solution I have right now is turning off the backup server.
> >>>
> >> You should have different advskew on  expected master and slave carps, no?
> > Looks to me like that is already the case (Server 1 is has advskew 0,
> > Server 2 has advskew 100).
> To be fair, I have just changed it to see if it makes a difference, but
> I still have the problem with package-loss - I'll try to change it to
> 20/80 later, it's a good idea if I want to change around easy between
> the servers.
> >> Also, we used to have something like 20 for master and 80 on slave so one
> >> can place slaves before master, or master after slave if you want to signal
> >> "I am still running but would like to hand over to the other if we can".
> > The carp demote counter is also relevant to failover and is sometimes
> > raised at run-time when interface output errors occur. The advskew value
> > only matters as long as the demote counter is equal on both sides.
> > See 'ifconfig -g carp' and the 'carpdemote' directives documented in
> > the INTERFACE GROUPS section of the ifconfig man page.
> Both servers have
> # ifconfig -g carp
> carp: carp demote count 0
> > To avoid potential routing issues, I would recommend setting netmasks
> > to /32 on all carp interfaces if they share a subnet with an Ethernet
> > interface.
> The only carp that is in the same subnet is carp1 and host interface em0
> so that I can connect to each server directly, but I have solved the
> routing with creating a different routing table, but it would be a good
> idea to change it to /32 so that it's only the default gw that is on the
> CARP and nothing else.
> > I have no idea about a possible specific reason for packet loss, though.
> >
> Snippet from: Robert Blacquiere 
> > Just a quick thought as em devices are emulated on kvm did you try
> > disableling hw offloading on the interfaces? I had some similair issue
> > with a vps pings seem to work but other traffic had drops.
> I haven't tried to disable HW offload, but do you think it could be a
> problem, when it worked fin under older versions of OpenBSD?
> 
> Med Venlig Hilsen / Best Regards
> Henrik Dige Semark
> 
> 
> 

I had some issues with vps with em interfaces and pseudo hw offloading.
Now I never use offloading on vps and have not encountered these strange
things like packet drop or  icmp work but tcp/udp fails and carp strange
hickups. Also encountered issue with multicast on juniper in combination
with numbered management vlan on the default vlan. Some where in juniper
they got silenced. 

Regards

Robert

Re: 20% package loss on CARP after upgrade to 6.3

2018-06-21 Thread Robert Blacquiere 
On Wed, Jun 20, 2018 at 07:57:17PM +0200, Henrik Dige Semark wrote:
> Hey everybody,
> 
> I'm experiencing problems with CARP after upgrading to 6.3, it was working
> fine between my two servers in 6.2 but after upgrading (first backup and
> then master) I have a ping package loss on about 20%.
> 
> It seem like the backup server tries to take the master, cause it's the
> only one changing the states. When it changes state the symptoms is:
> one package is dropped (ping), and it switches back to backup. I haven't
> changed anything, carp-config or PF, except the upgrade to 6.3.
> 
> It works if i shutdown the master, then Backup takes over fine and gives
> back to master when it gets up, but when it's just running in backup, it
> switches back and fourth.
> 
> I have tried tcpdumping and looking at my pfsync0 but I can't find the
> problem. I have tried to write my CARP settings again in hostname.carp*
> on both servers, check if pfsync0 is on the same interface and IP-range
> on both servers, checked my PF and everything, but can't find the problem...
> 
> It does it across all 6 CARP's, so it looks like it's missing a hardbeat
> or something once in a while.
> 
> I also tried switching from multicast to unicast, in case my ISP (running
> Juniper equipment) have activated something on the WAN side, but it didn't
> change my experience - but since it also happens on my LAN I didn't really
> expect this to be the problem.
> 
> # Server 1
> My /etc/hostname.* for CARP's and pfsync + host adaptor:
> https://pastebin.com/vrtuPqnQ
> My /etc/pf.conf: https://pastebin.com/yhVkG4x4
> 
> # Server 2
> My /etc/hostname.* for CARP's and pfsync + host adaptor:
> https://pastebin.com/a7fuM923
> My /etc/pf.conf: https://pastebin.com/xNr1TtZ7
> 
> Any help or pointers would be fantastic.
> I have struggled with this for a week now and I'm running out of idears -
> the only solution I have right now is turning off the backup server.
> 
> $ uname -a
> OpenBSD BSD-firewall01.static.semarkit.net 6.3 GENERIC.MP#107 amd64
> 
> Both servers is running on a KVM host running Debian Stretch with ZFS-for-
> Linux and they haven't been touched either since it got installed, neither
> before, under or after the problems started.
> 
> em0 is passed through the host and running all the VLAN and CARP things,
> while em1 (pfsync0) is a crossed connection between the two host servers
> not connected to the outside world or switch.
> 
> If you need any other information on anything in the setup, please feel
> free to ask, I'm really annoyed by this, since it has worked and now it
> don't, and I can't figure out why or what I have missed.
> 
> The only thing I haven't tried yet is to install a couple of new server
> and reproduce the problem.
> 
> Sorry for a really long post! 
> And to the people receiving this message for the second time, I'm really 
> sorry to, but had some problems with my DMARC settings.
> 
> -- Med Venlig Hilsen / Best Regards Henrik Dige Semark

> 

Just a quick thought as em devices are emulated on kvm did you try
disableling hw offloading on the interfaces? I had some similair issue
with a vps pings seem to work but other traffic had drops.

Regards

Robert

Re: Poor browser performance in OpenBSD

2018-06-21 Thread Максим 
Here is the vmstat result. It can be seen clear when I start a youtube
video in firefox. CPU usage jumps and falls, whenI close the tab with
that video.I cannon imagine what can be a bottleneck in the system with
core i3 cpu, 8 gb ram and ssd when the only "heavy" processis firefox
with 10 open tabs, the rest is tmux with a few terminals and thunderbird.� I
also tried setting machdep.allowaperture=2 to 0 following Thomas Frohwein's
advice butI didn't see any changes after reboot. And I also remember that
I didn't change that parameter by hand.I suppose it was set automatically
by the system installer when I chose "Do you expect to run the X Window
System? [yes]"And I don't see any hint in "man xf86" that it has anything
to do with performance restrictions.� doas vmstat -w 5� procs� � � 
memory� � � � � �  page� � � � � � � � � � � � � � � � � � �  disks� � � 
traps� � � � � � � � �  cpu� r� �  s� �  avm� � � �  fre�  flt�  re� 
pi�  po�  fr�  sr sd0 cd0�  int� �  sys� �  cs us sy id� 3 293 1804M� � 
4266M�  897� �  0� �  0� �  0� �  0� �  0� �  2� �  0�  102 13798 1903� 
4�  2 94� 0 295 1799M� �  4271M�  501� �  0� �  0� �  0� �  0� �  0� � 
0� �  0�  156�  8505 1347�  1�  1 98� 3 292 1799M� �  4271M� �  34� � 
0� �  0� �  0� �  0� �  0� �  0� �  0�  151�  6959 1113�  0�  0 100� 2
292 1760M� �  4307M�  465� �  0� �  0� �  0� �  0� �  0� �  0� �  0�  187
11689 1386�  2�  1 96� 1 295 1759M� �  4308M 3519� �  0� �  0� �  0� � 
0� �  0� �  0� �  0�  248 27514 4037 11�  6 82� 3 298 1802M� �  4234M
6631� �  0� �  0� �  0� �  0� �  0� �  1� �  0�  296 64983 6072 26 11 61� 4
300 1837M� �  4202M 8481� �  0� �  0� �  0� �  0� �  0�  76� �  0 350
62912 7460 30 12 57� 5 302 1929M� �  4100M 16860� �  0� �  0� �  0� � 
0� �  0� �  0� �  0�  537 87017 9736 58 16 24� 2 305 1912M� �  4082M
9525� �  0� �  0� �  0� �  0� �  0� �  0� �  0�  210 42731 5417 40 11 47� 5
302 1911M� �  4095M 9629� �  0� �  0� �  0� �  0� �  0� �  7� �  0�  364
70279 9421 38 13 48� 2 311 1927M� �  4038M 9220� �  0� �  0� �  0� � 
0� �  0� �  0� �  0�  590 77202 9896 35 13 49� 5 311 1970M� �  4021M
10586� �  0� �  0� �  0� �  0� �  0� �  0� �  0�  552 110548 17876 49 20
28� 3 311 2047M� �  3900M 16934� �  0� �  0� �  0� �  0� �  0� �  0� �  0
1491 105224 18734 55 31�  7� 8 305 2101M� �  3832M 18703� �  0� �  0� � 
0� �  0� �  0� �  0� �  0 2149 85147 16381 55 37�  0� 7 306 2115M� � 
3794M 8234� �  0� �  0� �  0� �  0� �  0� �  0� �  0�  626 68552 12057 43
23 30� 0 312 2079M� �  3830M 7116� �  0� �  0� �  0� �  0� �  0� �  0� � 
0�  367 90852 12290 49 17 32� 2 306 2082M� �  3847M 5519� �  0� �  0� � 
0� �  0� �  0� �  0� �  0�  322 65909 10800 34 14 51� 4 303 2061M� � 
3850M 6255� �  0� �  0� �  0� �  0� �  0� �  5� �  0�  410 72349 11289 32
17 50� 7 300 2063M� �  3863M 6900� �  0� �  0� �  0� �  0� �  0� �  0� � 
0�  435 78476 11630 49 21 28� 3 304 2064M� �  3856M 4617� �  0� �  0� � 
0� �  0� �  0� �  0� �  0�  580 61415 9961 31 16 52� 3 305 2017M� � 
3934M 10344� �  0� �  0� �  0� �  0� �  0� �  0� �  0�  545 73093 10099
38 16 44� 0 307 1945M� �  4007M 1864� �  0� �  0� �  0� �  0� �  0� � 
0� �  0�  141 12998 1624�  3�  4 92� 3 305 1921M� �  4026M�  897� � 
0� �  0� �  0� �  0� �  0� �  0� �  0�  148 13916 1589�  6�  2 92� 2 305
1921M� �  4045M�  572� �  0� �  0� �  0� �  0� �  0�  15� �  0�  185
10068 1267�  2�  1 97� 1 306 1846M� �  4120M 3488� �  0� �  0� �  0� � 
0� �  0� �  0� �  0�  179 14300 2274 19�  4 76� --� � � � � 20.06.2018,
16:04, "IL Ka" :

  Have you tried vmstat to find bottleneck: is it CPU in userspace or
  in kernel or storage?Which WM are you using? Could it be WM issue?Try
  to use lower resolution�  � (I know that resolution is locked for
  LCDs, but you can try just to make sure it is not the problem)

Re: 20% package loss on CARP after upgrade to 6.3

2018-06-21 Thread Henrik Dige Semark 
On 21-06-2018 10:30, Stefan Sperling wrote:
> On Thu, Jun 21, 2018 at 10:07:06AM +0200, Janne Johansson wrote:
>> Den ons 20 juni 2018 kl 19:59 skrev Henrik Dige Semark :
>>
>>> Hey everybody,
>>>
>>> # Server 1
>>> My /etc/hostname.* for CARP's and pfsync + host adaptor:
>>> https://pastebin.com/vrtuPqnQ
>>> My /etc/pf.conf: https://pastebin.com/yhVkG4x4
>>>
>>> # Server 2
>>> My /etc/hostname.* for CARP's and pfsync + host adaptor:
>>> https://pastebin.com/a7fuM923
>>> My /etc/pf.conf: https://pastebin.com/xNr1TtZ7
>>>
>>> Any help or pointers would be fantastic.
>>> I have struggled with this for a week now and I'm running out of idears -
>>> the only solution I have right now is turning off the backup server.
>>>
>> You should have different advskew on  expected master and slave carps, no?
> Looks to me like that is already the case (Server 1 is has advskew 0,
> Server 2 has advskew 100).
To be fair, I have just changed it to see if it makes a difference, but
I still have the problem with package-loss - I'll try to change it to
20/80 later, it's a good idea if I want to change around easy between
the servers.
>> Also, we used to have something like 20 for master and 80 on slave so one
>> can place slaves before master, or master after slave if you want to signal
>> "I am still running but would like to hand over to the other if we can".
> The carp demote counter is also relevant to failover and is sometimes
> raised at run-time when interface output errors occur. The advskew value
> only matters as long as the demote counter is equal on both sides.
> See 'ifconfig -g carp' and the 'carpdemote' directives documented in
> the INTERFACE GROUPS section of the ifconfig man page.
Both servers have
# ifconfig -g carp
carp: carp demote count 0
> To avoid potential routing issues, I would recommend setting netmasks
> to /32 on all carp interfaces if they share a subnet with an Ethernet
> interface.
The only carp that is in the same subnet is carp1 and host interface em0
so that I can connect to each server directly, but I have solved the
routing with creating a different routing table, but it would be a good
idea to change it to /32 so that it's only the default gw that is on the
CARP and nothing else.
> I have no idea about a possible specific reason for packet loss, though.
>
Snippet from: Robert Blacquiere 
> Just a quick thought as em devices are emulated on kvm did you try
> disableling hw offloading on the interfaces? I had some similair issue
> with a vps pings seem to work but other traffic had drops.
I haven't tried to disable HW offload, but do you think it could be a
problem, when it worked fin under older versions of OpenBSD?

Med Venlig Hilsen / Best Regards
Henrik Dige Semark

Re: How to copy n bytes from stdin to stdout?

2018-06-21 Thread Abel Abraham Camarillo Ojeda 
On Thu, Jun 21, 2018 at 3:57 AM, Maximilian Pichler
 wrote:
> On Thu, Jun 21, 2018 at 9:48 AM, Otto Moerbeek  wrote:
>>> On Thu, Jun 21, 2018 at 12:11:52AM +0200, Maximilian Pichler wrote:
>>> > I'm just wondering what these other utilities might be.
>>>
>>> hexdump -v -n 1234567 -e '"%c"'
>
> Speed-wise this is roughly on par with 'dd bs=1'.
>
>>> If the input doesn't contain backslashes (or something else, tr(1))
>>>
>>>   vis -aoF6 | head -n 1234567 | unvis
>
> Backslashes exist. :)
>
>> Variation that buffers the writes:
>>
>> dd ibs=1 count=n
>
> Nice, this is about three time as fast as bs=1. Both are much slower
> than 'ghead -c'.
>


Reads buffered the first 5 chars from file:

$ cat file | perl -ne 'BEGIN { $/ = \1 } print if $. <= 5; exit 0 if $. == 5'

maetel$ kdump  | grep read\(0
 43509 perl CALL  read(0,0xc9e9996f000,0x2000)
maetel$
maetel$ kdump  | grep write\(1
 43509 perl CALL  write(1,0xc9e0c6c5000,0x5)
maetel$

Re: How to copy n bytes from stdin to stdout?

2018-06-21 Thread Maximilian Pichler 
On Thu, Jun 21, 2018 at 9:48 AM, Otto Moerbeek  wrote:
>> On Thu, Jun 21, 2018 at 12:11:52AM +0200, Maximilian Pichler wrote:
>> > I'm just wondering what these other utilities might be.
>>
>> hexdump -v -n 1234567 -e '"%c"'

Speed-wise this is roughly on par with 'dd bs=1'.

>> If the input doesn't contain backslashes (or something else, tr(1))
>>
>>   vis -aoF6 | head -n 1234567 | unvis

Backslashes exist. :)

> Variation that buffers the writes:
>
> dd ibs=1 count=n

Nice, this is about three time as fast as bs=1. Both are much slower
than 'ghead -c'.

Re: 20% package loss on CARP after upgrade to 6.3

2018-06-21 Thread Stefan Sperling 
On Thu, Jun 21, 2018 at 10:07:06AM +0200, Janne Johansson wrote:
> Den ons 20 juni 2018 kl 19:59 skrev Henrik Dige Semark :
> 
> > Hey everybody,
> >
> > # Server 1
> > My /etc/hostname.* for CARP's and pfsync + host adaptor:
> > https://pastebin.com/vrtuPqnQ
> > My /etc/pf.conf: https://pastebin.com/yhVkG4x4
> >
> > # Server 2
> > My /etc/hostname.* for CARP's and pfsync + host adaptor:
> > https://pastebin.com/a7fuM923
> > My /etc/pf.conf: https://pastebin.com/xNr1TtZ7
> >
> > Any help or pointers would be fantastic.
> > I have struggled with this for a week now and I'm running out of idears -
> > the only solution I have right now is turning off the backup server.
> >
> 
> You should have different advskew on  expected master and slave carps, no?

Looks to me like that is already the case (Server 1 is has advskew 0,
Server 2 has advskew 100).

> Also, we used to have something like 20 for master and 80 on slave so one
> can place slaves before master, or master after slave if you want to signal
> "I am still running but would like to hand over to the other if we can".

The carp demote counter is also relevant to failover and is sometimes
raised at run-time when interface output errors occur. The advskew value
only matters as long as the demote counter is equal on both sides.
See 'ifconfig -g carp' and the 'carpdemote' directives documented in
the INTERFACE GROUPS section of the ifconfig man page.

To avoid potential routing issues, I would recommend setting netmasks
to /32 on all carp interfaces if they share a subnet with an Ethernet
interface.

I have no idea about a possible specific reason for packet loss, though.

Re: FTP login delay

2018-06-21 Thread Janne Johansson 
Den ons 20 juni 2018 kl 23:28 skrev Maximilian Pichler <
maxim.pich...@gmail.com>:

> I've enabled ftpd and am experiencing very long delays (consistently
> 75 seconds) when logging in from localhost.
>
> Running nc reveals that the connection is accepted immediately, but
> the server waits before spitting out the 'ready' line:
>
> $ nc -4v localhost 21
> Connection to localhost 21 port [tcp/ftp] succeeded!
> <<...75 seconds go by...>>
> 220 zen-thought.my.domain FTP server ready.
>
> This smelled a lot like https://www.openbsd.org/faq/faq8.html#RevDNS,
> but of course localhost is in /etc/hosts (and /etc/resolv.conf has
> 'lookup file bind').
>

Try running the ftpd under a ktrace and then use kdump to see what it does
just before those 75 seconds?
RevDNS was a good guess though. ;)


-- 
May the most significant bit of your life be positive.

Re: 20% package loss on CARP after upgrade to 6.3

2018-06-21 Thread Janne Johansson 
Den ons 20 juni 2018 kl 19:59 skrev Henrik Dige Semark :

> Hey everybody,
>
> # Server 1
> My /etc/hostname.* for CARP's and pfsync + host adaptor:
> https://pastebin.com/vrtuPqnQ
> My /etc/pf.conf: https://pastebin.com/yhVkG4x4
>
> # Server 2
> My /etc/hostname.* for CARP's and pfsync + host adaptor:
> https://pastebin.com/a7fuM923
> My /etc/pf.conf: https://pastebin.com/xNr1TtZ7
>
> Any help or pointers would be fantastic.
> I have struggled with this for a week now and I'm running out of idears -
> the only solution I have right now is turning off the backup server.
>

You should have different advskew on  expected master and slave carps, no?

Also, we used to have something like 20 for master and 80 on slave so one
can place slaves before master, or master after slave if you want to signal
"I am still running but would like to hand over to the other if we can".


-- 
May the most significant bit of your life be positive.

Re: How to copy n bytes from stdin to stdout?

2018-06-21 Thread Otto Moerbeek 
On Thu, Jun 21, 2018 at 07:38:49AM +0200, Daniel Hartmeier wrote:

> On Thu, Jun 21, 2018 at 12:11:52AM +0200, Maximilian Pichler wrote:
> 
> > I'm just wondering what these other utilities might be.
> 
> hexdump -v -n 1234567 -e '"%c"'
> 
> If the input doesn't contain backslashes (or something else, tr(1))
> 
>   vis -aoF6 | head -n 1234567 | unvis
> 
> Daniel

Variation that buffers the writes:

dd ibs=1 count=n

Reads are still unbuffered though,

-Otto