CARP-ed dns server ?

[Илья Шипицин]

Hello!

does anybody run dns server on CARP interface ?

Cheers,
Ilia Chipitsine

HSBC Account Access Alert

[HSBC Internet Banking]

HSBC Internet Security Alert

An attempt to access Online Banking was denied on:



Sunday, 19 September 2010 at 07:04:26 BST

Access was denied for one of two reasons:

  * Incorrect attempts to access and Login failures.

  * Signing on from a different location or device different from your
location and your IP address.

If you remember trying to access Online Banking on the above date and
time, please select That was me.

If you do not remember trying to access Online Banking on the above date
and time, please select That was NOT me.
You will then be prompted to safeguards your account.

That was me

That was not me
periodically send you information
about site changes and enhancements. Visit our Privacy Policy and User.

Re: CARP-ed dns server ?

[Bryan Irvine]

On Sun, Sep 19, 2010 at 11:29 PM, PP;QQ P(P8P?P8QP8P=
chipits...@gmail.com wrote:
 Hello!

 does anybody run dns server on CARP interface ?

Yes.

Re: x11/xfce4/exo fails build on libnotify

[Landry Breuil]

On Mon, Sep 20, 2010 at 12:53 AM, Ted Roby ted.r...@gmail.com wrote:
 This is from most recent snapshot, and with infrastructure/libtool fix
 in past 24 hours, 16:45 PST.

 gmake[4]: /usr/ports/infrastructure/bin/libtool: Command not found

And you think this is not meaningful enough ?

Licitaciones Públicas para PEMEX, 24 de Septiembre en México D.F.

[Ing. Valeria Romo]

Licitaciones PC:blicas

para la Ley de PEMEX

24 de Septiembre / MC)xico, D.F.

PMS CapacitaciC3n Efectiva de MC)xico B. le presenta este exclusivo
Seminario-Taller, cuyo objetivo es analizar y explicar como se
desarrollan los actos de los procedimientos de licitaciC3n pC:blica que
llevan a cabo PetrC3leos Mexicanos y sus organismos subsidiarios, para
contratar adquisiciones, arrendamientos, servicios y obras pC:blicas,
relacionados con las actividades sustantivas de carC!cter productivo.

Beneficios para usted:

-Identificar los Puntos CrCticos de la Ley de PetrC3leos Mexicanos y su
Reglamento.

-Conocer Las Nuevas Disposiciones Administrativas de ContrataciC3n en
Materia de Adquisiciones, Arrendamientos, Obras y Servicios de las
Actividades Sustantivas de CarC!cter Productivo de PetrC3leos

Mexicanos y Organismos Subsidiarios.

Dirigido a:

Contratistas, Servidores PC:blicos y personas relacionadas con cualquier
Proceso de Contrataciones y Licitaciones de Adquisiciones, Arrendamientos
y Servicios de PetrC3leos Mexicanos.

Ventajas de asistir a nuestro seminario:
Es la forma mC!s efectiva para mantenerse a la vanguardia, le brindara
estrategias aplicables en su organizaciC3n, y una excelente
retroalimentaciC3n con los asistentes de diferentes empresas.

DuraciC3n: 10 Horas de entrenamiento.

Presentado por nuestro experto consultor: Lic. Alberto Ledesma GonzC!lez

B!Promociones Especiales para Grupos!

Mayores informes responda este correo electrC3nico con los siguientes
datos.
Empresa:
Nombre:
TelC)fono:
Email:
NC:mero de Interesados:
Y en breve le haremos llegar la informaciC3n completa del evento. 
O bien comunCquense a nuestros telC)fonos  un ejecutivo con gusto le
atenderC!
Tels. (33) 8851-2365, (33)8851-2741.

Copyright (C) 2010, PMS CapacitaciC3n Efectiva de MC)xico  S.C. Derechos
Reservados. PMS de MC)xico, El logo de PMS de MC)xico son marcas
registradas. ADVERTENCIA PMS de MC)xico no cuenta con alianzas
estratC)gicas de ningC:n tipo dentro de la Republica Mexicana. NO SE DEJE
ENGACAR - DIGA NO A LA PIRATERIA. Todos los logotipos, marcas
comerciales e imC!genes son propiedad de sus respectivas corporaciones y
se utilizan con fines informativos solamente.

Este Mensaje ha sido enviado a misc@openbsd.org  como usuario de Pms de
MC)xico o bien un usuario le refiriC3 para recibir este boletCn.
Como usuario de Pms de MC)xico, en este acto autoriza de manera expresa
que Pms de MC)xico le puede contactar vCa correo electrC3nico u otros
medios.
Si usted ha recibido este mensaje por error, haga caso omiso de el y
reporte su cuenta respondiendo este correo con el subject BAJAPEMEX

Unsubscribe to this mailing list, reply a blank message with the subject
UNSUBSCRIBE BAJAPEMEX
Tenga en cuenta que la gestiC3n de nuestras bases de datos es de suma
importancia y no es intenciC3n de la empresa la inconformidad del
receptor.

Re: CARP-ed dns server ?

[Henning Brauer]

*  ??? chipits...@gmail.com [2010-09-20 08:35]:
 does anybody run dns server on CARP interface ?

yup.

-- 
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting

Re: CARP-ed dns server ?

[Илья Шипицин]

hello!

can you provide more details ?

1. what is dns software ?
2. how two copies of dns server (on master and backup) are replicated ?
3. any carp hooks on switching ?

cheers,
Ilia Chipitsine

2010/9/20 Henning Brauer lists-open...@bsws.de:
 *  ??? chipits...@gmail.com [2010-09-20 08:35]:
 does anybody run dns server on CARP interface ?

 yup.

 --
 Henning Brauer, h...@bsws.de, henn...@openbsd.org
 BS Web Services, http://bsws.de
 Full-Service ISP - Secure Hosting, Mail and DNS Services
 Dedicated Servers, Rootservers, Application Hosting

Re: hostapd deauthentication every 5 seconds

[Stuart Henderson]

for wpa+ral, you should definitely run -current or 4.8.

On 2010-09-18, Todd Carson t...@daybefore.net wrote:
 On Sat, Sep 18, 2010 at 01:01:43PM +0100, Joe Martel wrote:
  If you do 'ifconfig ral0 down; ifconfig ral0 up' on the hostap
  box it might temporarily fix things
 
 Yes it does, thanks.
 Have added a cron job to run this every 24hrs.

 I have a similar problem against which ifconfig down; up isn't effective.
 My card is an RT2561, and when I turn on ifconfig debug on both the client
 and AP, I see that the AP responds to the association request and sends
 the first packet of the 4-way handshake. The client receives the
 association response, fails to receive the handshake initiation, and
 receives a deauth after timing out.

 AP side:
 ral0: received assoc_req from xx:xx:xx:xx:xx:xx rssi 105 mode 11g
 ral0: sending assoc_resp to xx:xx:xx:xx:xx:xx on channel 6 mode 11g
 ral0: sending msg 1/4 of the 4-way handshake to xx:xx:xx:xx:xx:xx
 last message repeated 2 times
 ral0: station xx:xx:xx:xx:xx:xx deauthenticate (reason 15)
 ral0: sending deauth to xx:xx:xx:xx:xx:xx on channel 6 mode 11g

 client side:
 athn0: sending auth to yy:yy:yy:yy:yy:yy on channel 6 mode 11g
 athn0: received auth from yy:yy:yy:yy:yy:yy rssi 47 mode 11g
 athn0: sending assoc_req to yy:yy:yy:yy:yy:yy on channel 6 mode 11g
 athn0: received assoc_resp from yy:yy:yy:yy:yy:yy rssi 46 mode 11g
 athn0: associated with yy:yy:yy:yy:yy:yy (...)
 athn0: received deauth from yy:yy:yy:yy:yy:yy rssi 46 mode 11g

 Turning off WPA2 doesn't allow clients to use the network; it just fails
 differently, though I unfortunately don't have log captures of that at the
 moment. The only reliable way I've found to resurrect the AP is a cold
 power cycle.

 Is this also a known issue? Is there any more targeted tracing I could
 try compiling into my kernels besides RAL_DEBUG, ATHN_DEBUG, 
 IEEE80211_DEBUG? I'm wondering if this has something to do with crypto
 parameters on the card not being reset in all cases, but I don't know
 enough about either the hardware or the 802.11 protocol to have any idea
 whether that makes sense.

Re: hostapd deauthentication every 5 seconds

[Stuart Henderson]

On 2010-09-18, Joe Martel j...@joemartel.com wrote:
 Known problem (see PR 5958), no fix known but it may be
 connected with wireless stations using power-saving mode.

 Interesting, thanks for the info - should I post a new bug report as that one
 is closed?

If you can repeat it on a -current snapshot, yes please.

 Afaik my stations are not using power-saving mode (they all have a power cord,
 so I assume they would not need to save power)

power-saving with 802.11* is where the AP buffers frames for clients
so they don't have to turn on their receiver so often (they turn it on at
certain intervals so they can learn if they have to leave it on for longer
to receive any buffered frames). There are a couple of different specs,
an older one that many devices support, and a newer 802.11e WMM-PS one.

It's not necessarily connected with whether or not a device is on battery
power.

  * Macbook Pro
  * Cisco WVC2300
  * Playstation 3

Other devices in the local area might do it too. (And some devices turn
on power-saving mode without a way to disable it e.g. Blackberrys and
I think some iPhones).

Spamd and window size

[Kevin Chadwick]

I noticed the -w option to spamd but couldn't find any info for an
appropriate setting via google or the mailing lists.

I imagine spamd needs a very small recv buffer and so this option is
there for good reason. I hope I will never need this setting but having
it set for more efficiency can't hurt.

Is it already set low or to the system default?

Can anyone suggest a good setting?

Thanks,

Kc

OpenBSD IPsec and RFC 3884

[Matt Dainty]

Hi,

The background to this question is this thread I raised in January:

http://marc.info/?t=12633023283r=1w=1

I didn't have chance to continue with it then, but I had a need to
revisit this recently so I dug up my notes again.

I'm not sure how much of RFC 3884 [1] is actually pertinent to what I'm
asking, but I'm basically wondering if it's possible to do what Stuart
Henderson suggested in his last message, i.e. getting isakmpd to
negotiate tunnel mode but actually setting up a transport mode SA
with a peer on my OpenBSD host so that along with the encapsulation
performed by the gif interface, the packet format ends up being the same
as what the peer with its tunnel mode SA will send me. This I believe
should fix the problem I initially discovered.

I did notice in gif(4) this bit in BUGS:

For example, you cannot usually use gif to talk with IPsec devices that
use IPsec tunnel mode.

FSVO usually?

If this isn't currently possible, where would one start modifying code
given there's isakmpd(8), ipsecctl(8), and now iked(8) on the horizon?

Thanks

Matt

[1] http://www.faqs.org/rfcs/rfc3884.html

USBs em SALDO...

[RotaDaBorboleta]

 |Quem Somos?|  BeSmart(as marcas) |  Pedidode cotacao| +Produtos...|
Visualizar aqui| Remover |.

Re: x11/xfce4/exo fails build on libnotify

[Ted Roby]

On Mon, Sep 20, 2010 at 1:11 AM, Landry Breuil landry.bre...@gmail.com wrote:
 On Mon, Sep 20, 2010 at 12:53 AM, Ted Roby ted.r...@gmail.com wrote:
 This is from most recent snapshot, and with infrastructure/libtool fix
 in past 24 hours, 16:45 PST.

 gmake[4]: /usr/ports/infrastructure/bin/libtool: Command not found

 And you think this is not meaningful enough ?


I think it pretty much sums it up.

The easy fix was to create a symlink from /usr/ports to /home/ports.

The bigger question is why doesn't it recognize $PORTSDIR from /etc/mk.conf?

probleme sur votre derniere facture

[Orange]

Banque Postal: retour ? 



l'accueil

Bonjour,

Cet email a ete envoye pour vous informer que nous ne pouvions pas
traiter votre paiement recent de facture.

Ceci pourrait etre du a l une ou l autre des raisons suivantes:

1. Un changement recent de vos informations personnelles. (par exemple :
adresse de facturation, telephone)

2. Soumission de l information incorrecte pendant le processus de
paiement de facture.

3. Une incapacite de verifier exactement votre option choisie de paiement
due a une erreur interne dans nos processeurs.

En raison de ceci, pour s assurer que votre service n est pas interrompu,
nous vous invitons a confirmer et mettre a jour votre information de
facturation aujourd hui:

Cliquer Ici Pour Une Resolution..

Merci de votre confiance.

Re: CARP-ed dns server ?

[James Peltier]

- Original Message 

 From: PP;QQ P(P8P?P8QP8P=
chipits...@gmail.com
 To: misc@openbsd.org
 Sent: Mon, September 20, 2010
2:04:18 AM
 Subject: Re: CARP-ed dns server ?
 
 hello!
 
 can you
provide more details ?
 
 1. what is dns software  ?
 2. how two copies of
dns server (on master and backup) are replicated  ?
 3. any carp hooks on
switching ?
 
 cheers,
 Ilia  Chipitsine
 

If BIND:
read the
documentation
Get the book Pro DNS and BIND or the O'Rielly BIND book.

If
Unbound:
Read the documentation

If djbdns:
Read the documentation

There is
nothing really special about running any of these on a CARP interface 
other
than it is highly available.

---
James A. Peltier
james_a_pelt...@yahoo.ca

em(4) ierrs

[Andre Keller]

Hi


I have some odd packet loss on a openbsd based router (running -current
as of the beginning of september) .

The router has 6 physical interfaces (all em, Intel 82575EB), 4 of them
have traffic (about 10-20 Mbps).


We did some tuning (mostly with informations from:
https://calomel.org/network_performance.html) and could improve the
performance:

Currently we use the following sysctl tweaks:
sysctl kern.maxclusters=122880
sysctl net.inet.ip.ifq.maxlen=1536
sysctl net.inet.tcp.recvspace=262144
sysctl net.inet.tcp.sendspace=262144
sysctl net.inet.udp.recvspace=262144
sysctl net.inet.udp.sendspace=262144


But still we have about 1300 Ierrs per minute...

When we run a simple ping, we can see that something is strange. Where
the majority of packets have a rtt of 1ms or less about every tenth
package shows a rtt of 250ms...


I could really use a hint of what to try next (autoneg has been disabled
on all interfaces for testing, now it has been enabled again...)



Thank you for your inputs


Andri Keller




The switches on the other and of the device are both cisco 2960G with a
lacp to two interfaces on the openbsd box:

em0: flags=8b43UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST
mtu 1500
lladdr 00:25:90:05:54:6c
priority: 0
trunk: trunkdev trunk1
media: Ethernet autoselect (1000baseT full-duplex)
status: active
inet6 fe80::225:90ff:fe05:546c%em0 prefixlen 64 scopeid 0x1
em1: flags=8b43UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST
mtu 1500
lladdr 00:25:90:05:54:6c
priority: 0
trunk: trunkdev trunk1
media: Ethernet autoselect (1000baseT full-duplex)
status: active
inet6 fe80::225:90ff:fe05:546d%em1 prefixlen 64 scopeid 0x2
em2: flags=8b43UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST
mtu 1500
lladdr 00:25:90:05:54:6e
priority: 0
trunk: trunkdev trunk0
media: Ethernet 1000baseT full-duplex
status: active
inet6 fe80::225:90ff:fe05:546e%em2 prefixlen 64 scopeid 0x3
em3: flags=8b43UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST
mtu 1500
lladdr 00:25:90:05:54:6e
priority: 0
trunk: trunkdev trunk0
media: Ethernet autoselect (1000baseT full-duplex)
status: active
inet6 fe80::225:90ff:fe05:546f%em3 prefixlen 64 scopeid 0x4

trunk0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
lladdr 00:25:90:05:54:6e
priority: 0
trunk: trunkproto lacp
trunk id: [(8000,00:25:90:05:54:6e,4054,,),
 (8000,18:ef:63:bf:d7:00,0002,,)]
trunkport em3 active,collecting,distributing
trunkport em2 active,collecting,distributing
groups: trunk
media: Ethernet autoselect
status: active
inet ADDRESS REMOVED
inet6 fe80::225:90ff:fe05:546e%trunk0 prefixlen 64 scopeid 0xa
inet6 ADDRESS REMOVED
trunk1: flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST mtu 1500
lladdr 00:25:90:05:54:6c
priority: 0
trunk: trunkproto lacp
trunk id: [(8000,00:25:90:05:54:6c,405C,,),
 (8000,18:ef:63:bf:d7:00,0003,,)]
trunkport em1 active,collecting,distributing
trunkport em0 active,collecting,distributing
groups: trunk
media: Ethernet autoselect
status: active
inet6 fe80::225:90ff:fe05:546c%trunk1 prefixlen 64 scopeid 0xb

vlan56: flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST mtu 1500
lladdr 00:25:90:05:54:6c
priority: 0
vlan: 56 priority: 0 parent interface: trunk1
groups: vlan
status: active
inet6 fe80::225:90ff:fe05:546c%vlan56 prefixlen 64 scopeid 0x11
inet ADDRESS REMOVED


 netstat
-m  
  

9023 mbufs in use:
9003 mbufs allocated to data
11 mbufs allocated to packet headers
9 mbufs allocated to socket names and addresses
528/1970/512000 mbuf 2048 byte clusters in use (current/peak/max)
0/8/512000 mbuf 4096 byte clusters in use (current/peak/max)
0/8/512000 mbuf 8192 byte clusters in use (current/peak/max)
0/8/512000 mbuf 9216 byte clusters in use (current/peak/max)
0/8/512000 mbuf 12288 byte clusters in use (current/peak/max)
0/8/512000 mbuf 16384 byte clusters in use (current/peak/max)
0/8/512000 mbuf 65536 byte clusters in use (current/peak/max)
7060 Kbytes allocated to network (46% in use)
0 requests for memory denied
0 requests for memory delayed
0 calls to protocol drain routines

 netstat -i | grep em
NameMtu   Network Address  Ipkts IerrsOpkts
Oerrs Colls
em0 1500  Link  00:25:90:05:54:6c 3543633259 463916
4229526062 0 0
em0 1500  fe80::%em0/ fe80::225:90ff:fe 3543633259 463916
4229526062 0 0
em1 1500  Link 

Re: em(4) ierrs

[James Peltier]

- Original Message 

 From: Andre Keller a...@list.ak.cx
 To: misc@openbsd.org
 Sent: Mon, September 20, 2010 10:15:58 AM
 Subject: em(4) ierrs
 
 Hi
 
 
 I have some odd packet loss on a openbsd based router (running  -current
 as of the beginning of september) .
 
 The router has 6  physical interfaces (all em, Intel 82575EB), 4 of them
 have traffic (about  10-20 Mbps).
 
 
 We did some tuning (mostly with informations from:
 https://calomel.org/network_performance.html) and could improve  the
 performance:
 
 Currently we use the following sysctl  tweaks:
 sysctl kern.maxclusters=122880
 sysctl  net.inet.ip.ifq.maxlen=1536
 sysctl net.inet.tcp.recvspace=262144
 sysctl  net.inet.tcp.sendspace=262144
 sysctl net.inet.udp.recvspace=262144
 sysctl  net.inet.udp.sendspace=262144
 
 
 But still we have about 1300 Ierrs per  minute...
 
 When we run a simple ping, we can see that something is  strange. Where
 the majority of packets have a rtt of 1ms or less about every  tenth
 package shows a rtt of 250ms...
 
 
 I could really use a  hint of what to try next (autoneg has been disabled
 on all interfaces for  testing, now it has been enabled again...)
 
 
 
 Thank you for your  inputs
 
 
 Andri Keller
 
 
 
 
 The switches on the other and  of the device are both cisco 2960G with a
 lacp to two interfaces on the  openbsd box:
 
 em0:  flags=8b43UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST
 mtu  1500
 lladdr 00:25:90:05:54:6c
  priority: 0
 trunk: trunkdev  trunk1
 media: Ethernet autoselect (1000baseT  full-duplex)
 status: active
  inet6 fe80::225:90ff:fe05:546c%em0 prefixlen 64 scopeid  0x1
 em1:  flags=8b43UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST
 mtu  1500
 lladdr 00:25:90:05:54:6c
  priority: 0
 trunk: trunkdev  trunk1
 media: Ethernet autoselect (1000baseT  full-duplex)
 status: active
  inet6 fe80::225:90ff:fe05:546d%em1 prefixlen 64 scopeid  0x2
 em2:  flags=8b43UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST
 mtu  1500
 lladdr 00:25:90:05:54:6e
  priority: 0
 trunk: trunkdev  trunk0
 media: Ethernet 1000baseT  full-duplex
 status: active
  inet6 fe80::225:90ff:fe05:546e%em2 prefixlen 64 scopeid  0x3
 em3:  flags=8b43UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST
 mtu  1500
 lladdr 00:25:90:05:54:6e
  priority: 0
 trunk: trunkdev  trunk0
 media: Ethernet autoselect (1000baseT  full-duplex)
 status: active
  inet6 fe80::225:90ff:fe05:546f%em3 prefixlen 64 scopeid  0x4
 
 trunk0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu  1500
 lladdr 00:25:90:05:54:6e
  priority: 0
 trunk: trunkproto  lacp
 trunk id:  [(8000,00:25:90:05:54:6e,4054,,),
   (8000,18:ef:63:bf:d7:00,0002,,)]
  trunkport em3  active,collecting,distributing
  trunkport em2 active,collecting,distributing
  groups: trunk
 media: Ethernet  autoselect
 status: active
  inet ADDRESS REMOVED
 inet6  fe80::225:90ff:fe05:546e%trunk0 prefixlen 64 scopeid 0xa
  inet6 ADDRESS REMOVED
 trunk1:  flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST mtu  1500
 lladdr 00:25:90:05:54:6c
  priority: 0
 trunk: trunkproto  lacp
 trunk id:  [(8000,00:25:90:05:54:6c,405C,,),
   (8000,18:ef:63:bf:d7:00,0003,,)]
  trunkport em1  active,collecting,distributing
  trunkport em0 active,collecting,distributing
  groups: trunk
 media: Ethernet  autoselect
 status: active
  inet6 fe80::225:90ff:fe05:546c%trunk1 prefixlen 64 scopeid  0xb
 
 vlan56:  flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST mtu  1500
 lladdr 00:25:90:05:54:6c
  priority: 0
 vlan: 56 priority: 0  parent interface: trunk1
 groups: vlan
  status: active
 inet6  fe80::225:90ff:fe05:546c%vlan56 prefixlen 64 scopeid 0x11
  inet ADDRESS REMOVED
 
 
  netstat
 -m
   
   

 
 9023 mbufs in use:
 9003 mbufs  allocated to data
 11 mbufs allocated to packet  headers
 9 mbufs allocated to socket names and  addresses
 528/1970/512000 mbuf 2048 byte clusters in use  (current/peak/max)
 0/8/512000 mbuf 4096 byte clusters in use  (current/peak/max)
 0/8/512000 mbuf 8192 byte clusters in use  (current/peak/max)
 0/8/512000 mbuf 9216 byte clusters in use  (current/peak/max)
 0/8/512000 mbuf 12288 byte clusters in use  (current/peak/max)
 0/8/512000 mbuf 16384 byte clusters in use  (current/peak/max)
 0/8/512000 mbuf 65536 byte clusters in use  (current/peak/max)
 7060 Kbytes allocated to network (46% in use)
 0  

Re: Spamd and window size

[Peter N. M. Hansteen]

Kevin Chadwick ma1l1i...@yahoo.co.uk writes:

 Can anyone suggest a good setting?

My boxes have been running with -w 1 for a few years, doesn't seem to
scare them off, unfortunately:

pe...@skapet:~$ sudo spamdb | grep -c TRAPPED
23969

- Peter
-- 
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
Remember to set the evil bit on all malicious network traffic
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.

que d'emotions !

[Jean Marie - RKC]

La journie s'est vraiment bien passie et elle a rimi avec plaisirs ! 

Virages serris,  PILOTAGE du vihicule, COURSES ENTRE LES PARTICIPANTS et
ditente au bar ont rythmi cette sortie.

Des imotions partagies par tous dans un esprit de dicontraction oy tout
le monde s'est lachi en toute sicuriti !

La maitrise de la vitesse ainsi que celle du vihicule sont les clefs pour
bien piloter et profiter pleinement de ce jeu grandeur nature.  

Grbce au plus grand complexe de karting aux portes de Paris avec 250
kartings et plus de 2 kilomhtres de pistes didiies aux entreprises,
Comitis d'Entreprise mais aussi aux particuliers !

Animie par de vrais pros, on est informi, briefi et iquipi comme avant
une vraie course automobile et les pistes sont rifirencies par la
F.F.S.A  (Fidiration Frangaise des Sports Automobiles) ! 

Pour les entreprises, il est possible d'organiser des siminaires
allant de 10 ` 500 personnes, ce qui en fait l'endroit idial pour un
ivinementiel. (lancement de produits, anniversaires de sociitis, riunions,
siminaires) mais aussi pour allier travail et ditente !

R.K.C (Racing Kart de Cormeilles) est ` la pointe de la technologie dans
le karting comme dans la communication
et l'on peut retrouver toutes les infos sur NOTRE SITE et sur l'iPhone
avec l'application R.K.C dont la sortie est privue courant octobre 2010 !

A bienttt sur nos pistes ...Informations, riservations : 01 30 73 28 00



Conformiment ` l'article 34 de la loi n078-17 du 6 janvier 1978 relative
` l'informatique, aux fichiers et aux libertis, vous disposez d'un droit
d'acchs et de modification aux informations vous concernant. Si vous ne
souhaitez plus recevoir de messages : cliquez sur ce lien

[IMAGE]

Re: choosing outgoing interface based on process uid

[Imre Oolberg]

Hi!

Stuart Henderson wrote:
 On 2010-09-18, Imre Oolberg i...@auul.pri.ee wrote:
   
 3. using route-to ($if_ext $if_ext_gw) construct on the pass out rule i
 can't change the interface the packet it getting out, its already
 decided, i can only choose the next hop gateway address with-in the
 network the  $if_ext is in
 

 not correct, you can change the interface.

 pass out to 8.8.8.8 user fred route-to (lo0 127.0.0.1)

   
Right, it actually goes out thru the specified interface, i obviously
did something wrong, doing it or observing the outcome, unfortunately i
dont have the exact line what i used when experimenting any more. 

But still i would like you to comment on a relevant observation
(actually this experimenting was done on amd64 snapshot from around
august 20 but also happens on i386 4.7 although it has many more rules).
I have this setup for testing route-to rules

 ---||
|   em1 192.168.1.195   _|_   192.168.1.4
   _|_ |   |
  |   ||___|
  |___|  |10.0.0.4
|   default gw: 192.168.10.254
|   em0  192.168.10.195
  --|---|
   _|_   192.168.10.10
  |   |  (has a 'route add 10.0.0.0/24
192.168.10.195' static route)
  |___|

and pf has three rules for two different traffics

# traffic passing thru firewall
pass in quick log on em0 inet proto tcp to 10.0.0.0/24 port 22 route-to
( em1 192.168.1.4 ) tag TEST
pass out quick log on em1 inet tagged TEST nat-to 192.168.1.195

# traffic originating from with-in firewall itself
pass out quick log inet user fred route-to ( em1 192.168.1.4 ) nat-to
192.168.1.195

And the observations are following

1. traffic passes thru all right
2. traffic originating from firewall itself delays first syn packet for
about 6 seconds, then continues normally
3. if 3rd rule is deprived of 'nat-to 192.168.1.195' part, syn packet
gets out instantly i.e. with-out 6 second delay (but this nat-to needs
to be done or it has 192.168.10.195 source address while leaving em1)

I admit that this setup presented here does not practically make much
sense but i tried to extract from my firewall the essential parts
pertaining to my so to say route-to thing.


Imre

Re: Spamd and window size

[Kevin Chadwick]

On Mon, 20 Sep 2010 21:45:00 +0200
pe...@bsdly.net (Peter N. M. Hansteen) wrote:

 My boxes have been running with -w 1 for a few years, doesn't seem to
 scare them off, unfortunately:

I'll try -w 666 and see if that works.

I'll report back soon

p.s. Thanks

Re: hostapd deauthentication every 5 seconds

[Joe Martel]

 Interesting, thanks for the info - should I post a new bug report as that
one
 is closed?

 If you can repeat it on a -current snapshot, yes please.

I'm happy to help by upgrading to a -current snapshot.

Have read FAQ 5 but,  when 4.8 is released in November, can I
upgrade from -current to 4.8Rel ?


 Afaik my stations are not using power-saving mode (they all have a power
cord,
 so I assume they would not need to save power)

 power-saving with 802.11* is where the AP buffers frames for clients
 so they don't have to turn on their receiver so often (they turn it on at
 certain intervals so they can learn if they have to leave it on for longer
 to receive any buffered frames). There are a couple of different specs,
 an older one that many devices support, and a newer 802.11e WMM-PS one.

 It's not necessarily connected with whether or not a device is on battery
 power.

Cheers for the info - I see from rt2860.c on -current, that a lot of work
has gone into the driver (indeed, all the ral drivers) since 4.7.

Re: em(4) ierrs

[Stuart Henderson]

On 2010-09-20, Andre Keller a...@list.ak.cx wrote:

 I have some odd packet loss on a openbsd based router (running -current
 as of the beginning of september) .

 The router has 6 physical interfaces (all em, Intel 82575EB), 4 of them
 have traffic (about 10-20 Mbps).


 We did some tuning (mostly with informations from:
 https://calomel.org/network_performance.html) and could improve the
 performance:

grr, that page again.

As a very general rule, using the on-board network card is going
to be much slower than an add in PCI card

A gigabit network controller built on board using the CPU will
slow the entire system down. More than likely the system will not
even be able to sustain 100MB speeds while also pegging the CPU at
100%.

and people still use it for kernel tuning advice?

 Currently we use the following sysctl tweaks:
 sysctl kern.maxclusters=122880

how much?!!

 sysctl net.inet.ip.ifq.maxlen=1536

increasing this from the defaults can be useful if you see drops in
net.inet.ip.ifq.drops, I'm surprised if you have to go that high for
4x10-20Mb.

 sysctl net.inet.tcp.recvspace=262144
 sysctl net.inet.tcp.sendspace=262144
 sysctl net.inet.udp.recvspace=262144
 sysctl net.inet.udp.sendspace=262144

the net.inet.*space values HAVE NO EFFECT on routed packets.

 But still we have about 1300 Ierrs per minute...

 When we run a simple ping, we can see that something is strange. Where
 the majority of packets have a rtt of 1ms or less about every tenth
 package shows a rtt of 250ms...

missing dmesg. but try disabling sensor devices or i2c controllers
(boot -c, disable somedevice, quit).

Re: em(4) ierrs

[Andre Keller]

Am 20.09.2010 19:54, schrieb James Peltier:
 I see you are using LACP as your trunk protocol.  You might want to check 
 that 
 all the LACP settings are correct or that there aren't any links being 
 dropped 
 for some reason that might cause the errors to occur.  Additionally, have you 
 tried with only one link in the LACP pairs being active?  Does it stop then?
   

Just tried that. There is not much I can configure for LACP. On the
switch I see no errors.

I've now pulled one cable so that only on interface in the trunk is
active. The problem is still existing. Ierrs on the interfaces (mostly
em2) (btw. there are no ifq.drops)
It seems to me that some buffers are running full. As now when there is
low traffic there is only a small amount of errors (about 150 in 5minutes)

Are there any other knobs I could try to tune?


Regards Andri

Re: hostapd deauthentication every 5 seconds

[Stuart Henderson]

On 2010-09-20, Joe Martel j...@joemartel.com wrote:
 Interesting, thanks for the info - should I post a new bug report as that
 one
 is closed?

 If you can repeat it on a -current snapshot, yes please.

 I'm happy to help by upgrading to a -current snapshot.

 Have read FAQ 5 but,  when 4.8 is released in November, can I
 upgrade from -current to 4.8Rel ?

That would be a downgrade (the tree was tagged in August; the gap
between then and release is for testing, cd production, package
building, etc).

Downgrading might work, but it's not really supported, and you may
get into a slight mess with shared libraries.

Easier to stick with -current until 4.9 if you do that (or just
stick with -current; I would suggest keeping an eye on at
least plus48.html if not the source-changes list if running -current
but it's not really difficult/scary).

Re: em(4) ierrs

[Andre Keller]

Am 21.09.2010 00:43, schrieb Stuart Henderson:
 On 2010-09-20, Andre Keller a...@list.ak.cx wrote:
   
 I have some odd packet loss on a openbsd based router (running -current
 as of the beginning of september) .

 The router has 6 physical interfaces (all em, Intel 82575EB), 4 of them
 have traffic (about 10-20 Mbps).


 We did some tuning (mostly with informations from:
 https://calomel.org/network_performance.html) and could improve the
 performance:
 
 grr, that page again.

 As a very general rule, using the on-board network card is going
 to be much slower than an add in PCI card

 A gigabit network controller built on board using the CPU will
 slow the entire system down. More than likely the system will not
 even be able to sustain 100MB speeds while also pegging the CPU at
 100%.

 and people still use it for kernel tuning advice?
   

As we didn't find any other advices out there we thought it might be
worth giving it a try

   
 Currently we use the following sysctl tweaks:
 sysctl kern.maxclusters=122880
 
 how much?!!
   

yes this might be a bit to much:
[r...@rt01-rc: root]# netstat
-m 
9665 mbufs in use:
9642 mbufs allocated to data
14 mbufs allocated to packet headers
9 mbufs allocated to socket names and addresses
83/1970/122880 mbuf 2048 byte clusters in use (current/peak/max)
0/8/122880 mbuf 4096 byte clusters in use (current/peak/max)
0/8/122880 mbuf 8192 byte clusters in use (current/peak/max)
0/8/122880 mbuf 9216 byte clusters in use (current/peak/max)
0/8/122880 mbuf 12288 byte clusters in use (current/peak/max)
0/8/122880 mbuf 16384 byte clusters in use (current/peak/max)
0/8/122880 mbuf 65536 byte clusters in use (current/peak/max)
7288 Kbytes allocated to network (35% in use)
0 requests for memory denied
0 requests for memory delayed
0 calls to protocol drain routines


 sysctl net.inet.ip.ifq.maxlen=1536
 
 increasing this from the defaults can be useful if you see drops in
 net.inet.ip.ifq.drops, I'm surprised if you have to go that high for
 4x10-20Mb.
   

yeah we had alot of ifq drops first and after setting this value they
are gone... I read on multiple tuning tutorial setting this to
256*iface count makes sense

 sysctl net.inet.tcp.recvspace=262144
 sysctl net.inet.tcp.sendspace=262144
 sysctl net.inet.udp.recvspace=262144
 sysctl net.inet.udp.sendspace=262144
 
 the net.inet.*space values HAVE NO EFFECT on routed packets.
   

OK good to know...

 But still we have about 1300 Ierrs per minute...

 When we run a simple ping, we can see that something is strange. Where
 the majority of packets have a rtt of 1ms or less about every tenth
 package shows a rtt of 250ms...
 
 missing dmesg.

Not from the machine above but a machine with the exactly same hardware...

OpenBSD 4.8 (GENERIC.MP) #3: Wed Aug 11 19:24:59 CEST 2010
r...@scaramanga.rbnetwork.biz:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 3486973952 (3325MB)
avail mem = 3380334592 (3223MB)
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.5 @ 0xcfedf000 (39 entries)
bios0: vendor Phoenix Technologies LTD version 1.3a date 11/03/2009
bios0: Supermicro X7SBi
acpi0 at bios0: rev 2
acpi0: sleep states S0 S1 S4 S5
acpi0: tables DSDT FACP _MAR MCFG APIC BOOT SPCR ERST HEST BERT EINJ
SLIC SSDT SSDT SSDT SSDT SSDT SSDT SSDT SSDT SSDT
acpi0: wakeup devices PXHA(S5) PEX_(S5) LAN_(S5) USB4(S5) USB5(S5)
USB7(S5) ESB2(S5) EXP1(S5) EXP5(S5) EXP6(S5) USB1(S5) USB2(S5) USB3(S5)
USB6(S5) ESB1(S5) PCIB(S5) KBC0(S1) MSE0(S1) COM1(S5) COM2(S5) PWRB(S3)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Xeon(R) CPU X3220 @ 2.40GHz, 2400.43 MHz
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,NXE,LONG
cpu0: 4MB 64b/line 16-way L2 cache
cpu0: apic clock running at 266MHz
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Intel(R) Xeon(R) CPU X3220 @ 2.40GHz, 2400.09 MHz
cpu1:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,NXE,LONG
cpu1: 4MB 64b/line 16-way L2 cache
cpu2 at mainbus0: apid 2 (application processor)
cpu2: Intel(R) Xeon(R) CPU X3220 @ 2.40GHz, 2400.09 MHz
cpu2:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,NXE,LONG
cpu2: 4MB 64b/line 16-way L2 cache
cpu3 at mainbus0: apid 3 (application processor)
cpu3: Intel(R) Xeon(R) CPU X3220 @ 2.40GHz, 2400.09 MHz
cpu3:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,NXE,LONG
cpu3: 4MB 64b/line 16-way 

Re: em(4) ierrs

[Stuart Henderson]

On 2010/09/21 01:07, Andre Keller wrote:
 ichiic0 at pci0 dev 31 function 3 Intel 82801I SMBus rev 0x02: apic 4 int 
 17 (irq 10)
 iic0 at ichiic0
 lm1 at iic0 addr 0x2d: W83627HF
 wbng0 at iic0 addr 0x2f: w83793g

   but try disabling sensor devices or i2c controllers
  (boot -c, disable somedevice, quit).

 
 I'll try to find out what devices i could disable...

I would try wbng first. Failing that, lm. I doubt you would
need to disable ichiic but that would be the next step if there's
no improvement. You can make permanent changes to an on-disk
kernel with config(8).

 Thank you for your hints...

Please follow-up and let us know how it goes.

Re: CARP-ed dns server ?

[Henning Brauer]

*  ??? chipits...@gmail.com [2010-09-20 11:10]:
 can you provide more details ?

maybe you should work on your questions instead of relying on people
guessing what youre after

 1. what is dns software ?

my resolvers are bind right now, because i'm too lazy to run something
else which isn't such a piece of shit

 2. how two copies of dns server (on master and backup) are replicated ?

not at all

 3. any carp hooks on switching ?

no

-- 
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting

Re: em(4) ierrs

[Henning Brauer]

* Stuart Henderson s...@spacehopper.org [2010-09-21 00:47]:
 On 2010-09-20, Andre Keller a...@list.ak.cx wrote:
  We did some tuning (mostly with informations from:
  https://calomel.org/network_performance.html) and could improve the
  performance:
 
 grr, that page again.
 
 As a very general rule, using the on-board network card is going
 to be much slower than an add in PCI card
 
 A gigabit network controller built on board using the CPU will
 slow the entire system down. More than likely the system will not
 even be able to sustain 100MB speeds while also pegging the CPU at
 100%.
 
 and people still use it for kernel tuning advice?

holy shit.
that is indeed horribly wrong. in many cases it is the exact opposite
of the truth these days.

  sysctl net.inet.tcp.recvspace=262144
  sysctl net.inet.tcp.sendspace=262144
  sysctl net.inet.udp.recvspace=262144
  sysctl net.inet.udp.sendspace=262144
 the net.inet.*space values HAVE NO EFFECT on routed packets.

as said a gazillion times.

-- 
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting

Re: em(4) ierrs

[Henning Brauer]

* Andre Keller a...@list.ak.cx [2010-09-21 01:10]:
 As we didn't find any other advices out there we thought it might be
 worth giving it a try

ok, here's another advice that you migt wanna follow since you don't
find another:
to make your system run faster, donate all your belongings to openbsd,
then dance naked around the computer and eat nothing but rice all day.
after a few days throw the computer into the ocean. it'll be very fast
(to sink).

-- 
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting

Ahora en México D.F., Taller para el Desarrollo de Asistentes Ejecutivas, Septiembre 27, Reserve Ya!

[Lic. Adriana Gonzalez]

[IMAGE]

!Promociones Especiales para Grupos!

Mayores informes responda este correo electrsnico con los siguientes
datos.

Empresa:

Nombre:

Telifono:

Email:

Nzmero de Interesados:

Y en breve le haremos llegar la informacisn completa del evento.

O bien comunmquense a nuestros telifonos un ejecutivo con gusto le
atendera
Tels. (33) 8851-2365, (33)8851-2741.

Copyright (C) 2010, PMS Capacitacisn Efectiva de Mixico S.C. Derechos
Reservados. PMS de Mixico, El logo de PMS de Mixico son marcas
registradas.

ADVERTENCIA PMS de Mixico no cuenta con alianzas estratigicas de ningzn
tipo dentro de la Republica Mexicana. NO SE DEJE ENGAQAR - DIGA NO A LA
PIRATERIA. Todos los logotipos, marcas comerciales e imagenes son
propiedad de sus respectivas corporaciones y se utilizan con fines
informativos solamente.

Este Mensaje ha sido enviado a misc@openbsd.org como usuario de Pms de
Mixico o bien un usuario le refiris para recibir este boletmn.

Como usuario de Pms de Mixico, en este acto autoriza de manera expresa
que Pms de Mixico le puede contactar vma correo electrsnico u otros
medios.

Si usted ha recibido este mensaje por error, haga caso omiso de el y
reporte su cuenta respondiendo este correo con el subject BAJAOBRAS

Unsubscribe to this mailing list, reply a blank message with the subject
UNSUBSCRIBE BAJAOBRAS Tenga en cuenta que la gestisn de nuestras bases de
datos es de suma importancia y no es intencisn de la empresa la
inconformidad del receptor.

[demime 1.01d removed an attachment of type image/jpeg which had a name of 
asistentes.jpg]

Installing OpenBSD from Linux Xen VPS

[Stephano Zanzin]

Hello,

I was wondering if anyone had installed OpenBSD from a Linux VPS running
over a Xen hosting(like slicehost, linode, etc). So, someone tried it?

-- 
stephano