CARP-ed dns server ?
Hello! does anybody run dns server on CARP interface ? Cheers, Ilia Chipitsine
HSBC Account Access Alert
HSBC Internet Security Alert An attempt to access Online Banking was denied on: Sunday, 19 September 2010 at 07:04:26 BST Access was denied for one of two reasons: * Incorrect attempts to access and Login failures. * Signing on from a different location or device different from your location and your IP address. If you remember trying to access Online Banking on the above date and time, please select That was me. If you do not remember trying to access Online Banking on the above date and time, please select That was NOT me. You will then be prompted to safeguards your account. That was me That was not me periodically send you information about site changes and enhancements. Visit our Privacy Policy and User.
Re: CARP-ed dns server ?
On Sun, Sep 19, 2010 at 11:29 PM, PP;QQ P(P8P?P8QP8P= chipits...@gmail.com wrote: Hello! does anybody run dns server on CARP interface ? Yes.
Re: x11/xfce4/exo fails build on libnotify
On Mon, Sep 20, 2010 at 12:53 AM, Ted Roby ted.r...@gmail.com wrote: This is from most recent snapshot, and with infrastructure/libtool fix in past 24 hours, 16:45 PST. gmake[4]: /usr/ports/infrastructure/bin/libtool: Command not found And you think this is not meaningful enough ?
Licitaciones Públicas para PEMEX, 24 de Septiembre en México D.F.
Licitaciones PC:blicas para la Ley de PEMEX 24 de Septiembre / MC)xico, D.F. PMS CapacitaciC3n Efectiva de MC)xico B. le presenta este exclusivo Seminario-Taller, cuyo objetivo es analizar y explicar como se desarrollan los actos de los procedimientos de licitaciC3n pC:blica que llevan a cabo PetrC3leos Mexicanos y sus organismos subsidiarios, para contratar adquisiciones, arrendamientos, servicios y obras pC:blicas, relacionados con las actividades sustantivas de carC!cter productivo. Beneficios para usted: -Identificar los Puntos CrCticos de la Ley de PetrC3leos Mexicanos y su Reglamento. -Conocer Las Nuevas Disposiciones Administrativas de ContrataciC3n en Materia de Adquisiciones, Arrendamientos, Obras y Servicios de las Actividades Sustantivas de CarC!cter Productivo de PetrC3leos Mexicanos y Organismos Subsidiarios. Dirigido a: Contratistas, Servidores PC:blicos y personas relacionadas con cualquier Proceso de Contrataciones y Licitaciones de Adquisiciones, Arrendamientos y Servicios de PetrC3leos Mexicanos. Ventajas de asistir a nuestro seminario: Es la forma mC!s efectiva para mantenerse a la vanguardia, le brindara estrategias aplicables en su organizaciC3n, y una excelente retroalimentaciC3n con los asistentes de diferentes empresas. DuraciC3n: 10 Horas de entrenamiento. Presentado por nuestro experto consultor: Lic. Alberto Ledesma GonzC!lez B!Promociones Especiales para Grupos! Mayores informes responda este correo electrC3nico con los siguientes datos. Empresa: Nombre: TelC)fono: Email: NC:mero de Interesados: Y en breve le haremos llegar la informaciC3n completa del evento. O bien comunCquense a nuestros telC)fonos un ejecutivo con gusto le atenderC! Tels. (33) 8851-2365, (33)8851-2741. Copyright (C) 2010, PMS CapacitaciC3n Efectiva de MC)xico S.C. Derechos Reservados. PMS de MC)xico, El logo de PMS de MC)xico son marcas registradas. ADVERTENCIA PMS de MC)xico no cuenta con alianzas estratC)gicas de ningC:n tipo dentro de la Republica Mexicana. NO SE DEJE ENGACAR - DIGA NO A LA PIRATERIA. Todos los logotipos, marcas comerciales e imC!genes son propiedad de sus respectivas corporaciones y se utilizan con fines informativos solamente. Este Mensaje ha sido enviado a misc@openbsd.org como usuario de Pms de MC)xico o bien un usuario le refiriC3 para recibir este boletCn. Como usuario de Pms de MC)xico, en este acto autoriza de manera expresa que Pms de MC)xico le puede contactar vCa correo electrC3nico u otros medios. Si usted ha recibido este mensaje por error, haga caso omiso de el y reporte su cuenta respondiendo este correo con el subject BAJAPEMEX Unsubscribe to this mailing list, reply a blank message with the subject UNSUBSCRIBE BAJAPEMEX Tenga en cuenta que la gestiC3n de nuestras bases de datos es de suma importancia y no es intenciC3n de la empresa la inconformidad del receptor.
Re: CARP-ed dns server ?
* ??? chipits...@gmail.com [2010-09-20 08:35]: does anybody run dns server on CARP interface ? yup. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting
Re: CARP-ed dns server ?
hello! can you provide more details ? 1. what is dns software ? 2. how two copies of dns server (on master and backup) are replicated ? 3. any carp hooks on switching ? cheers, Ilia Chipitsine 2010/9/20 Henning Brauer lists-open...@bsws.de: * ??? chipits...@gmail.com [2010-09-20 08:35]: does anybody run dns server on CARP interface ? yup. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting
Re: hostapd deauthentication every 5 seconds
for wpa+ral, you should definitely run -current or 4.8. On 2010-09-18, Todd Carson t...@daybefore.net wrote: On Sat, Sep 18, 2010 at 01:01:43PM +0100, Joe Martel wrote: If you do 'ifconfig ral0 down; ifconfig ral0 up' on the hostap box it might temporarily fix things Yes it does, thanks. Have added a cron job to run this every 24hrs. I have a similar problem against which ifconfig down; up isn't effective. My card is an RT2561, and when I turn on ifconfig debug on both the client and AP, I see that the AP responds to the association request and sends the first packet of the 4-way handshake. The client receives the association response, fails to receive the handshake initiation, and receives a deauth after timing out. AP side: ral0: received assoc_req from xx:xx:xx:xx:xx:xx rssi 105 mode 11g ral0: sending assoc_resp to xx:xx:xx:xx:xx:xx on channel 6 mode 11g ral0: sending msg 1/4 of the 4-way handshake to xx:xx:xx:xx:xx:xx last message repeated 2 times ral0: station xx:xx:xx:xx:xx:xx deauthenticate (reason 15) ral0: sending deauth to xx:xx:xx:xx:xx:xx on channel 6 mode 11g client side: athn0: sending auth to yy:yy:yy:yy:yy:yy on channel 6 mode 11g athn0: received auth from yy:yy:yy:yy:yy:yy rssi 47 mode 11g athn0: sending assoc_req to yy:yy:yy:yy:yy:yy on channel 6 mode 11g athn0: received assoc_resp from yy:yy:yy:yy:yy:yy rssi 46 mode 11g athn0: associated with yy:yy:yy:yy:yy:yy (...) athn0: received deauth from yy:yy:yy:yy:yy:yy rssi 46 mode 11g Turning off WPA2 doesn't allow clients to use the network; it just fails differently, though I unfortunately don't have log captures of that at the moment. The only reliable way I've found to resurrect the AP is a cold power cycle. Is this also a known issue? Is there any more targeted tracing I could try compiling into my kernels besides RAL_DEBUG, ATHN_DEBUG, IEEE80211_DEBUG? I'm wondering if this has something to do with crypto parameters on the card not being reset in all cases, but I don't know enough about either the hardware or the 802.11 protocol to have any idea whether that makes sense.
Re: hostapd deauthentication every 5 seconds
On 2010-09-18, Joe Martel j...@joemartel.com wrote: Known problem (see PR 5958), no fix known but it may be connected with wireless stations using power-saving mode. Interesting, thanks for the info - should I post a new bug report as that one is closed? If you can repeat it on a -current snapshot, yes please. Afaik my stations are not using power-saving mode (they all have a power cord, so I assume they would not need to save power) power-saving with 802.11* is where the AP buffers frames for clients so they don't have to turn on their receiver so often (they turn it on at certain intervals so they can learn if they have to leave it on for longer to receive any buffered frames). There are a couple of different specs, an older one that many devices support, and a newer 802.11e WMM-PS one. It's not necessarily connected with whether or not a device is on battery power. * Macbook Pro * Cisco WVC2300 * Playstation 3 Other devices in the local area might do it too. (And some devices turn on power-saving mode without a way to disable it e.g. Blackberrys and I think some iPhones).
Spamd and window size
I noticed the -w option to spamd but couldn't find any info for an appropriate setting via google or the mailing lists. I imagine spamd needs a very small recv buffer and so this option is there for good reason. I hope I will never need this setting but having it set for more efficiency can't hurt. Is it already set low or to the system default? Can anyone suggest a good setting? Thanks, Kc
OpenBSD IPsec and RFC 3884
Hi, The background to this question is this thread I raised in January: http://marc.info/?t=12633023283r=1w=1 I didn't have chance to continue with it then, but I had a need to revisit this recently so I dug up my notes again. I'm not sure how much of RFC 3884 [1] is actually pertinent to what I'm asking, but I'm basically wondering if it's possible to do what Stuart Henderson suggested in his last message, i.e. getting isakmpd to negotiate tunnel mode but actually setting up a transport mode SA with a peer on my OpenBSD host so that along with the encapsulation performed by the gif interface, the packet format ends up being the same as what the peer with its tunnel mode SA will send me. This I believe should fix the problem I initially discovered. I did notice in gif(4) this bit in BUGS: For example, you cannot usually use gif to talk with IPsec devices that use IPsec tunnel mode. FSVO usually? If this isn't currently possible, where would one start modifying code given there's isakmpd(8), ipsecctl(8), and now iked(8) on the horizon? Thanks Matt [1] http://www.faqs.org/rfcs/rfc3884.html
USBs em SALDO...
|Quem Somos?| BeSmart(as marcas) | Pedidode cotacao| +Produtos...| Visualizar aqui| Remover |.
Re: x11/xfce4/exo fails build on libnotify
On Mon, Sep 20, 2010 at 1:11 AM, Landry Breuil landry.bre...@gmail.com wrote: On Mon, Sep 20, 2010 at 12:53 AM, Ted Roby ted.r...@gmail.com wrote: This is from most recent snapshot, and with infrastructure/libtool fix in past 24 hours, 16:45 PST. gmake[4]: /usr/ports/infrastructure/bin/libtool: Command not found And you think this is not meaningful enough ? I think it pretty much sums it up. The easy fix was to create a symlink from /usr/ports to /home/ports. The bigger question is why doesn't it recognize $PORTSDIR from /etc/mk.conf?
probleme sur votre derniere facture
Banque Postal: retour ? l'accueil Bonjour, Cet email a ete envoye pour vous informer que nous ne pouvions pas traiter votre paiement recent de facture. Ceci pourrait etre du a l une ou l autre des raisons suivantes: 1. Un changement recent de vos informations personnelles. (par exemple : adresse de facturation, telephone) 2. Soumission de l information incorrecte pendant le processus de paiement de facture. 3. Une incapacite de verifier exactement votre option choisie de paiement due a une erreur interne dans nos processeurs. En raison de ceci, pour s assurer que votre service n est pas interrompu, nous vous invitons a confirmer et mettre a jour votre information de facturation aujourd hui: Cliquer Ici Pour Une Resolution.. Merci de votre confiance.
Re: CARP-ed dns server ?
- Original Message From: PP;QQ P(P8P?P8QP8P= chipits...@gmail.com To: misc@openbsd.org Sent: Mon, September 20, 2010 2:04:18 AM Subject: Re: CARP-ed dns server ? hello! can you provide more details ? 1. what is dns software ? 2. how two copies of dns server (on master and backup) are replicated ? 3. any carp hooks on switching ? cheers, Ilia Chipitsine If BIND: read the documentation Get the book Pro DNS and BIND or the O'Rielly BIND book. If Unbound: Read the documentation If djbdns: Read the documentation There is nothing really special about running any of these on a CARP interface other than it is highly available. --- James A. Peltier james_a_pelt...@yahoo.ca
em(4) ierrs
Hi I have some odd packet loss on a openbsd based router (running -current as of the beginning of september) . The router has 6 physical interfaces (all em, Intel 82575EB), 4 of them have traffic (about 10-20 Mbps). We did some tuning (mostly with informations from: https://calomel.org/network_performance.html) and could improve the performance: Currently we use the following sysctl tweaks: sysctl kern.maxclusters=122880 sysctl net.inet.ip.ifq.maxlen=1536 sysctl net.inet.tcp.recvspace=262144 sysctl net.inet.tcp.sendspace=262144 sysctl net.inet.udp.recvspace=262144 sysctl net.inet.udp.sendspace=262144 But still we have about 1300 Ierrs per minute... When we run a simple ping, we can see that something is strange. Where the majority of packets have a rtt of 1ms or less about every tenth package shows a rtt of 250ms... I could really use a hint of what to try next (autoneg has been disabled on all interfaces for testing, now it has been enabled again...) Thank you for your inputs Andri Keller The switches on the other and of the device are both cisco 2960G with a lacp to two interfaces on the openbsd box: em0: flags=8b43UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST mtu 1500 lladdr 00:25:90:05:54:6c priority: 0 trunk: trunkdev trunk1 media: Ethernet autoselect (1000baseT full-duplex) status: active inet6 fe80::225:90ff:fe05:546c%em0 prefixlen 64 scopeid 0x1 em1: flags=8b43UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST mtu 1500 lladdr 00:25:90:05:54:6c priority: 0 trunk: trunkdev trunk1 media: Ethernet autoselect (1000baseT full-duplex) status: active inet6 fe80::225:90ff:fe05:546d%em1 prefixlen 64 scopeid 0x2 em2: flags=8b43UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST mtu 1500 lladdr 00:25:90:05:54:6e priority: 0 trunk: trunkdev trunk0 media: Ethernet 1000baseT full-duplex status: active inet6 fe80::225:90ff:fe05:546e%em2 prefixlen 64 scopeid 0x3 em3: flags=8b43UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST mtu 1500 lladdr 00:25:90:05:54:6e priority: 0 trunk: trunkdev trunk0 media: Ethernet autoselect (1000baseT full-duplex) status: active inet6 fe80::225:90ff:fe05:546f%em3 prefixlen 64 scopeid 0x4 trunk0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:25:90:05:54:6e priority: 0 trunk: trunkproto lacp trunk id: [(8000,00:25:90:05:54:6e,4054,,), (8000,18:ef:63:bf:d7:00,0002,,)] trunkport em3 active,collecting,distributing trunkport em2 active,collecting,distributing groups: trunk media: Ethernet autoselect status: active inet ADDRESS REMOVED inet6 fe80::225:90ff:fe05:546e%trunk0 prefixlen 64 scopeid 0xa inet6 ADDRESS REMOVED trunk1: flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST mtu 1500 lladdr 00:25:90:05:54:6c priority: 0 trunk: trunkproto lacp trunk id: [(8000,00:25:90:05:54:6c,405C,,), (8000,18:ef:63:bf:d7:00,0003,,)] trunkport em1 active,collecting,distributing trunkport em0 active,collecting,distributing groups: trunk media: Ethernet autoselect status: active inet6 fe80::225:90ff:fe05:546c%trunk1 prefixlen 64 scopeid 0xb vlan56: flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST mtu 1500 lladdr 00:25:90:05:54:6c priority: 0 vlan: 56 priority: 0 parent interface: trunk1 groups: vlan status: active inet6 fe80::225:90ff:fe05:546c%vlan56 prefixlen 64 scopeid 0x11 inet ADDRESS REMOVED netstat -m 9023 mbufs in use: 9003 mbufs allocated to data 11 mbufs allocated to packet headers 9 mbufs allocated to socket names and addresses 528/1970/512000 mbuf 2048 byte clusters in use (current/peak/max) 0/8/512000 mbuf 4096 byte clusters in use (current/peak/max) 0/8/512000 mbuf 8192 byte clusters in use (current/peak/max) 0/8/512000 mbuf 9216 byte clusters in use (current/peak/max) 0/8/512000 mbuf 12288 byte clusters in use (current/peak/max) 0/8/512000 mbuf 16384 byte clusters in use (current/peak/max) 0/8/512000 mbuf 65536 byte clusters in use (current/peak/max) 7060 Kbytes allocated to network (46% in use) 0 requests for memory denied 0 requests for memory delayed 0 calls to protocol drain routines netstat -i | grep em NameMtu Network Address Ipkts IerrsOpkts Oerrs Colls em0 1500 Link 00:25:90:05:54:6c 3543633259 463916 4229526062 0 0 em0 1500 fe80::%em0/ fe80::225:90ff:fe 3543633259 463916 4229526062 0 0 em1 1500 Link
Re: em(4) ierrs
- Original Message From: Andre Keller a...@list.ak.cx To: misc@openbsd.org Sent: Mon, September 20, 2010 10:15:58 AM Subject: em(4) ierrs Hi I have some odd packet loss on a openbsd based router (running -current as of the beginning of september) . The router has 6 physical interfaces (all em, Intel 82575EB), 4 of them have traffic (about 10-20 Mbps). We did some tuning (mostly with informations from: https://calomel.org/network_performance.html) and could improve the performance: Currently we use the following sysctl tweaks: sysctl kern.maxclusters=122880 sysctl net.inet.ip.ifq.maxlen=1536 sysctl net.inet.tcp.recvspace=262144 sysctl net.inet.tcp.sendspace=262144 sysctl net.inet.udp.recvspace=262144 sysctl net.inet.udp.sendspace=262144 But still we have about 1300 Ierrs per minute... When we run a simple ping, we can see that something is strange. Where the majority of packets have a rtt of 1ms or less about every tenth package shows a rtt of 250ms... I could really use a hint of what to try next (autoneg has been disabled on all interfaces for testing, now it has been enabled again...) Thank you for your inputs Andri Keller The switches on the other and of the device are both cisco 2960G with a lacp to two interfaces on the openbsd box: em0: flags=8b43UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST mtu 1500 lladdr 00:25:90:05:54:6c priority: 0 trunk: trunkdev trunk1 media: Ethernet autoselect (1000baseT full-duplex) status: active inet6 fe80::225:90ff:fe05:546c%em0 prefixlen 64 scopeid 0x1 em1: flags=8b43UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST mtu 1500 lladdr 00:25:90:05:54:6c priority: 0 trunk: trunkdev trunk1 media: Ethernet autoselect (1000baseT full-duplex) status: active inet6 fe80::225:90ff:fe05:546d%em1 prefixlen 64 scopeid 0x2 em2: flags=8b43UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST mtu 1500 lladdr 00:25:90:05:54:6e priority: 0 trunk: trunkdev trunk0 media: Ethernet 1000baseT full-duplex status: active inet6 fe80::225:90ff:fe05:546e%em2 prefixlen 64 scopeid 0x3 em3: flags=8b43UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST mtu 1500 lladdr 00:25:90:05:54:6e priority: 0 trunk: trunkdev trunk0 media: Ethernet autoselect (1000baseT full-duplex) status: active inet6 fe80::225:90ff:fe05:546f%em3 prefixlen 64 scopeid 0x4 trunk0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:25:90:05:54:6e priority: 0 trunk: trunkproto lacp trunk id: [(8000,00:25:90:05:54:6e,4054,,), (8000,18:ef:63:bf:d7:00,0002,,)] trunkport em3 active,collecting,distributing trunkport em2 active,collecting,distributing groups: trunk media: Ethernet autoselect status: active inet ADDRESS REMOVED inet6 fe80::225:90ff:fe05:546e%trunk0 prefixlen 64 scopeid 0xa inet6 ADDRESS REMOVED trunk1: flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST mtu 1500 lladdr 00:25:90:05:54:6c priority: 0 trunk: trunkproto lacp trunk id: [(8000,00:25:90:05:54:6c,405C,,), (8000,18:ef:63:bf:d7:00,0003,,)] trunkport em1 active,collecting,distributing trunkport em0 active,collecting,distributing groups: trunk media: Ethernet autoselect status: active inet6 fe80::225:90ff:fe05:546c%trunk1 prefixlen 64 scopeid 0xb vlan56: flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST mtu 1500 lladdr 00:25:90:05:54:6c priority: 0 vlan: 56 priority: 0 parent interface: trunk1 groups: vlan status: active inet6 fe80::225:90ff:fe05:546c%vlan56 prefixlen 64 scopeid 0x11 inet ADDRESS REMOVED netstat -m 9023 mbufs in use: 9003 mbufs allocated to data 11 mbufs allocated to packet headers 9 mbufs allocated to socket names and addresses 528/1970/512000 mbuf 2048 byte clusters in use (current/peak/max) 0/8/512000 mbuf 4096 byte clusters in use (current/peak/max) 0/8/512000 mbuf 8192 byte clusters in use (current/peak/max) 0/8/512000 mbuf 9216 byte clusters in use (current/peak/max) 0/8/512000 mbuf 12288 byte clusters in use (current/peak/max) 0/8/512000 mbuf 16384 byte clusters in use (current/peak/max) 0/8/512000 mbuf 65536 byte clusters in use (current/peak/max) 7060 Kbytes allocated to network (46% in use) 0
Re: Spamd and window size
Kevin Chadwick ma1l1i...@yahoo.co.uk writes: Can anyone suggest a good setting? My boxes have been running with -w 1 for a few years, doesn't seem to scare them off, unfortunately: pe...@skapet:~$ sudo spamdb | grep -c TRAPPED 23969 - Peter -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ Remember to set the evil bit on all malicious network traffic delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
que d'emotions !
La journie s'est vraiment bien passie et elle a rimi avec plaisirs ! Virages serris, PILOTAGE du vihicule, COURSES ENTRE LES PARTICIPANTS et ditente au bar ont rythmi cette sortie. Des imotions partagies par tous dans un esprit de dicontraction oy tout le monde s'est lachi en toute sicuriti ! La maitrise de la vitesse ainsi que celle du vihicule sont les clefs pour bien piloter et profiter pleinement de ce jeu grandeur nature. Grbce au plus grand complexe de karting aux portes de Paris avec 250 kartings et plus de 2 kilomhtres de pistes didiies aux entreprises, Comitis d'Entreprise mais aussi aux particuliers ! Animie par de vrais pros, on est informi, briefi et iquipi comme avant une vraie course automobile et les pistes sont rifirencies par la F.F.S.A (Fidiration Frangaise des Sports Automobiles) ! Pour les entreprises, il est possible d'organiser des siminaires allant de 10 ` 500 personnes, ce qui en fait l'endroit idial pour un ivinementiel. (lancement de produits, anniversaires de sociitis, riunions, siminaires) mais aussi pour allier travail et ditente ! R.K.C (Racing Kart de Cormeilles) est ` la pointe de la technologie dans le karting comme dans la communication et l'on peut retrouver toutes les infos sur NOTRE SITE et sur l'iPhone avec l'application R.K.C dont la sortie est privue courant octobre 2010 ! A bienttt sur nos pistes ...Informations, riservations : 01 30 73 28 00 Conformiment ` l'article 34 de la loi n078-17 du 6 janvier 1978 relative ` l'informatique, aux fichiers et aux libertis, vous disposez d'un droit d'acchs et de modification aux informations vous concernant. Si vous ne souhaitez plus recevoir de messages : cliquez sur ce lien [IMAGE]
Re: choosing outgoing interface based on process uid
Hi! Stuart Henderson wrote: On 2010-09-18, Imre Oolberg i...@auul.pri.ee wrote: 3. using route-to ($if_ext $if_ext_gw) construct on the pass out rule i can't change the interface the packet it getting out, its already decided, i can only choose the next hop gateway address with-in the network the $if_ext is in not correct, you can change the interface. pass out to 8.8.8.8 user fred route-to (lo0 127.0.0.1) Right, it actually goes out thru the specified interface, i obviously did something wrong, doing it or observing the outcome, unfortunately i dont have the exact line what i used when experimenting any more. But still i would like you to comment on a relevant observation (actually this experimenting was done on amd64 snapshot from around august 20 but also happens on i386 4.7 although it has many more rules). I have this setup for testing route-to rules ---|| | em1 192.168.1.195 _|_ 192.168.1.4 _|_ | | | ||___| |___| |10.0.0.4 | default gw: 192.168.10.254 | em0 192.168.10.195 --|---| _|_ 192.168.10.10 | | (has a 'route add 10.0.0.0/24 192.168.10.195' static route) |___| and pf has three rules for two different traffics # traffic passing thru firewall pass in quick log on em0 inet proto tcp to 10.0.0.0/24 port 22 route-to ( em1 192.168.1.4 ) tag TEST pass out quick log on em1 inet tagged TEST nat-to 192.168.1.195 # traffic originating from with-in firewall itself pass out quick log inet user fred route-to ( em1 192.168.1.4 ) nat-to 192.168.1.195 And the observations are following 1. traffic passes thru all right 2. traffic originating from firewall itself delays first syn packet for about 6 seconds, then continues normally 3. if 3rd rule is deprived of 'nat-to 192.168.1.195' part, syn packet gets out instantly i.e. with-out 6 second delay (but this nat-to needs to be done or it has 192.168.10.195 source address while leaving em1) I admit that this setup presented here does not practically make much sense but i tried to extract from my firewall the essential parts pertaining to my so to say route-to thing. Imre
Re: Spamd and window size
On Mon, 20 Sep 2010 21:45:00 +0200 pe...@bsdly.net (Peter N. M. Hansteen) wrote: My boxes have been running with -w 1 for a few years, doesn't seem to scare them off, unfortunately: I'll try -w 666 and see if that works. I'll report back soon p.s. Thanks
Re: hostapd deauthentication every 5 seconds
Interesting, thanks for the info - should I post a new bug report as that one is closed? If you can repeat it on a -current snapshot, yes please. I'm happy to help by upgrading to a -current snapshot. Have read FAQ 5 but, when 4.8 is released in November, can I upgrade from -current to 4.8Rel ? Afaik my stations are not using power-saving mode (they all have a power cord, so I assume they would not need to save power) power-saving with 802.11* is where the AP buffers frames for clients so they don't have to turn on their receiver so often (they turn it on at certain intervals so they can learn if they have to leave it on for longer to receive any buffered frames). There are a couple of different specs, an older one that many devices support, and a newer 802.11e WMM-PS one. It's not necessarily connected with whether or not a device is on battery power. Cheers for the info - I see from rt2860.c on -current, that a lot of work has gone into the driver (indeed, all the ral drivers) since 4.7.
Re: em(4) ierrs
On 2010-09-20, Andre Keller a...@list.ak.cx wrote: I have some odd packet loss on a openbsd based router (running -current as of the beginning of september) . The router has 6 physical interfaces (all em, Intel 82575EB), 4 of them have traffic (about 10-20 Mbps). We did some tuning (mostly with informations from: https://calomel.org/network_performance.html) and could improve the performance: grr, that page again. As a very general rule, using the on-board network card is going to be much slower than an add in PCI card A gigabit network controller built on board using the CPU will slow the entire system down. More than likely the system will not even be able to sustain 100MB speeds while also pegging the CPU at 100%. and people still use it for kernel tuning advice? Currently we use the following sysctl tweaks: sysctl kern.maxclusters=122880 how much?!! sysctl net.inet.ip.ifq.maxlen=1536 increasing this from the defaults can be useful if you see drops in net.inet.ip.ifq.drops, I'm surprised if you have to go that high for 4x10-20Mb. sysctl net.inet.tcp.recvspace=262144 sysctl net.inet.tcp.sendspace=262144 sysctl net.inet.udp.recvspace=262144 sysctl net.inet.udp.sendspace=262144 the net.inet.*space values HAVE NO EFFECT on routed packets. But still we have about 1300 Ierrs per minute... When we run a simple ping, we can see that something is strange. Where the majority of packets have a rtt of 1ms or less about every tenth package shows a rtt of 250ms... missing dmesg. but try disabling sensor devices or i2c controllers (boot -c, disable somedevice, quit).
Re: em(4) ierrs
Am 20.09.2010 19:54, schrieb James Peltier: I see you are using LACP as your trunk protocol. You might want to check that all the LACP settings are correct or that there aren't any links being dropped for some reason that might cause the errors to occur. Additionally, have you tried with only one link in the LACP pairs being active? Does it stop then? Just tried that. There is not much I can configure for LACP. On the switch I see no errors. I've now pulled one cable so that only on interface in the trunk is active. The problem is still existing. Ierrs on the interfaces (mostly em2) (btw. there are no ifq.drops) It seems to me that some buffers are running full. As now when there is low traffic there is only a small amount of errors (about 150 in 5minutes) Are there any other knobs I could try to tune? Regards Andri
Re: hostapd deauthentication every 5 seconds
On 2010-09-20, Joe Martel j...@joemartel.com wrote: Interesting, thanks for the info - should I post a new bug report as that one is closed? If you can repeat it on a -current snapshot, yes please. I'm happy to help by upgrading to a -current snapshot. Have read FAQ 5 but, when 4.8 is released in November, can I upgrade from -current to 4.8Rel ? That would be a downgrade (the tree was tagged in August; the gap between then and release is for testing, cd production, package building, etc). Downgrading might work, but it's not really supported, and you may get into a slight mess with shared libraries. Easier to stick with -current until 4.9 if you do that (or just stick with -current; I would suggest keeping an eye on at least plus48.html if not the source-changes list if running -current but it's not really difficult/scary).
Re: em(4) ierrs
Am 21.09.2010 00:43, schrieb Stuart Henderson: On 2010-09-20, Andre Keller a...@list.ak.cx wrote: I have some odd packet loss on a openbsd based router (running -current as of the beginning of september) . The router has 6 physical interfaces (all em, Intel 82575EB), 4 of them have traffic (about 10-20 Mbps). We did some tuning (mostly with informations from: https://calomel.org/network_performance.html) and could improve the performance: grr, that page again. As a very general rule, using the on-board network card is going to be much slower than an add in PCI card A gigabit network controller built on board using the CPU will slow the entire system down. More than likely the system will not even be able to sustain 100MB speeds while also pegging the CPU at 100%. and people still use it for kernel tuning advice? As we didn't find any other advices out there we thought it might be worth giving it a try Currently we use the following sysctl tweaks: sysctl kern.maxclusters=122880 how much?!! yes this might be a bit to much: [r...@rt01-rc: root]# netstat -m 9665 mbufs in use: 9642 mbufs allocated to data 14 mbufs allocated to packet headers 9 mbufs allocated to socket names and addresses 83/1970/122880 mbuf 2048 byte clusters in use (current/peak/max) 0/8/122880 mbuf 4096 byte clusters in use (current/peak/max) 0/8/122880 mbuf 8192 byte clusters in use (current/peak/max) 0/8/122880 mbuf 9216 byte clusters in use (current/peak/max) 0/8/122880 mbuf 12288 byte clusters in use (current/peak/max) 0/8/122880 mbuf 16384 byte clusters in use (current/peak/max) 0/8/122880 mbuf 65536 byte clusters in use (current/peak/max) 7288 Kbytes allocated to network (35% in use) 0 requests for memory denied 0 requests for memory delayed 0 calls to protocol drain routines sysctl net.inet.ip.ifq.maxlen=1536 increasing this from the defaults can be useful if you see drops in net.inet.ip.ifq.drops, I'm surprised if you have to go that high for 4x10-20Mb. yeah we had alot of ifq drops first and after setting this value they are gone... I read on multiple tuning tutorial setting this to 256*iface count makes sense sysctl net.inet.tcp.recvspace=262144 sysctl net.inet.tcp.sendspace=262144 sysctl net.inet.udp.recvspace=262144 sysctl net.inet.udp.sendspace=262144 the net.inet.*space values HAVE NO EFFECT on routed packets. OK good to know... But still we have about 1300 Ierrs per minute... When we run a simple ping, we can see that something is strange. Where the majority of packets have a rtt of 1ms or less about every tenth package shows a rtt of 250ms... missing dmesg. Not from the machine above but a machine with the exactly same hardware... OpenBSD 4.8 (GENERIC.MP) #3: Wed Aug 11 19:24:59 CEST 2010 r...@scaramanga.rbnetwork.biz:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 3486973952 (3325MB) avail mem = 3380334592 (3223MB) mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.5 @ 0xcfedf000 (39 entries) bios0: vendor Phoenix Technologies LTD version 1.3a date 11/03/2009 bios0: Supermicro X7SBi acpi0 at bios0: rev 2 acpi0: sleep states S0 S1 S4 S5 acpi0: tables DSDT FACP _MAR MCFG APIC BOOT SPCR ERST HEST BERT EINJ SLIC SSDT SSDT SSDT SSDT SSDT SSDT SSDT SSDT SSDT acpi0: wakeup devices PXHA(S5) PEX_(S5) LAN_(S5) USB4(S5) USB5(S5) USB7(S5) ESB2(S5) EXP1(S5) EXP5(S5) EXP6(S5) USB1(S5) USB2(S5) USB3(S5) USB6(S5) ESB1(S5) PCIB(S5) KBC0(S1) MSE0(S1) COM1(S5) COM2(S5) PWRB(S3) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Xeon(R) CPU X3220 @ 2.40GHz, 2400.43 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,NXE,LONG cpu0: 4MB 64b/line 16-way L2 cache cpu0: apic clock running at 266MHz cpu1 at mainbus0: apid 1 (application processor) cpu1: Intel(R) Xeon(R) CPU X3220 @ 2.40GHz, 2400.09 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,NXE,LONG cpu1: 4MB 64b/line 16-way L2 cache cpu2 at mainbus0: apid 2 (application processor) cpu2: Intel(R) Xeon(R) CPU X3220 @ 2.40GHz, 2400.09 MHz cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,NXE,LONG cpu2: 4MB 64b/line 16-way L2 cache cpu3 at mainbus0: apid 3 (application processor) cpu3: Intel(R) Xeon(R) CPU X3220 @ 2.40GHz, 2400.09 MHz cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,NXE,LONG cpu3: 4MB 64b/line 16-way
Re: em(4) ierrs
On 2010/09/21 01:07, Andre Keller wrote: ichiic0 at pci0 dev 31 function 3 Intel 82801I SMBus rev 0x02: apic 4 int 17 (irq 10) iic0 at ichiic0 lm1 at iic0 addr 0x2d: W83627HF wbng0 at iic0 addr 0x2f: w83793g but try disabling sensor devices or i2c controllers (boot -c, disable somedevice, quit). I'll try to find out what devices i could disable... I would try wbng first. Failing that, lm. I doubt you would need to disable ichiic but that would be the next step if there's no improvement. You can make permanent changes to an on-disk kernel with config(8). Thank you for your hints... Please follow-up and let us know how it goes.
Re: CARP-ed dns server ?
* ??? chipits...@gmail.com [2010-09-20 11:10]: can you provide more details ? maybe you should work on your questions instead of relying on people guessing what youre after 1. what is dns software ? my resolvers are bind right now, because i'm too lazy to run something else which isn't such a piece of shit 2. how two copies of dns server (on master and backup) are replicated ? not at all 3. any carp hooks on switching ? no -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting
Re: em(4) ierrs
* Stuart Henderson s...@spacehopper.org [2010-09-21 00:47]: On 2010-09-20, Andre Keller a...@list.ak.cx wrote: We did some tuning (mostly with informations from: https://calomel.org/network_performance.html) and could improve the performance: grr, that page again. As a very general rule, using the on-board network card is going to be much slower than an add in PCI card A gigabit network controller built on board using the CPU will slow the entire system down. More than likely the system will not even be able to sustain 100MB speeds while also pegging the CPU at 100%. and people still use it for kernel tuning advice? holy shit. that is indeed horribly wrong. in many cases it is the exact opposite of the truth these days. sysctl net.inet.tcp.recvspace=262144 sysctl net.inet.tcp.sendspace=262144 sysctl net.inet.udp.recvspace=262144 sysctl net.inet.udp.sendspace=262144 the net.inet.*space values HAVE NO EFFECT on routed packets. as said a gazillion times. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting
Re: em(4) ierrs
* Andre Keller a...@list.ak.cx [2010-09-21 01:10]: As we didn't find any other advices out there we thought it might be worth giving it a try ok, here's another advice that you migt wanna follow since you don't find another: to make your system run faster, donate all your belongings to openbsd, then dance naked around the computer and eat nothing but rice all day. after a few days throw the computer into the ocean. it'll be very fast (to sink). -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting
Ahora en México D.F., Taller para el Desarrollo de Asistentes Ejecutivas, Septiembre 27, Reserve Ya!
[IMAGE] !Promociones Especiales para Grupos! Mayores informes responda este correo electrsnico con los siguientes datos. Empresa: Nombre: Telifono: Email: Nzmero de Interesados: Y en breve le haremos llegar la informacisn completa del evento. O bien comunmquense a nuestros telifonos un ejecutivo con gusto le atendera Tels. (33) 8851-2365, (33)8851-2741. Copyright (C) 2010, PMS Capacitacisn Efectiva de Mixico S.C. Derechos Reservados. PMS de Mixico, El logo de PMS de Mixico son marcas registradas. ADVERTENCIA PMS de Mixico no cuenta con alianzas estratigicas de ningzn tipo dentro de la Republica Mexicana. NO SE DEJE ENGAQAR - DIGA NO A LA PIRATERIA. Todos los logotipos, marcas comerciales e imagenes son propiedad de sus respectivas corporaciones y se utilizan con fines informativos solamente. Este Mensaje ha sido enviado a misc@openbsd.org como usuario de Pms de Mixico o bien un usuario le refiris para recibir este boletmn. Como usuario de Pms de Mixico, en este acto autoriza de manera expresa que Pms de Mixico le puede contactar vma correo electrsnico u otros medios. Si usted ha recibido este mensaje por error, haga caso omiso de el y reporte su cuenta respondiendo este correo con el subject BAJAOBRAS Unsubscribe to this mailing list, reply a blank message with the subject UNSUBSCRIBE BAJAOBRAS Tenga en cuenta que la gestisn de nuestras bases de datos es de suma importancia y no es intencisn de la empresa la inconformidad del receptor. [demime 1.01d removed an attachment of type image/jpeg which had a name of asistentes.jpg]
Installing OpenBSD from Linux Xen VPS
Hello, I was wondering if anyone had installed OpenBSD from a Linux VPS running over a Xen hosting(like slicehost, linode, etc). So, someone tried it? -- stephano