Re: may 7 carp addresses be too much on 5.0/amd64 ?
2012/3/4 PP;QQ P(P8P?P8QP8P= chipits...@gmail.com: thank to Camiel Dobbelaar, carp log at 6 shown ip_output problem, which lead me to: pass quick proto carp no state Which doesn't match the PF FAQ which says: Since CARP is its own protocol it should have an explicit pass rule in filter rulesets: pass out on $carp_dev proto carp keep state I'll test the no state as soon as I can rig one of my previously failing boxes to not use my carppeer workaround. it did the job (I still do not understand how forewall passed 6 interfaces and blocked 7th, need to have a closer look, but after that rule everything became ok, pf stopped blocking carp announces) 2 MARTA 2012 G. 21:31 POLXZOWATELX favar 889...@gmail.com NAPISAL: hi list, we have same problem with carp. (with 45 ip addresses) and after reboot, host with advskew 200 became master, and with advskew 1 - slave. 2012/3/2 iLXQ {IPICIN chipits...@gmail.com: no, I copied hostname.carpXX, just added advskew 200 parameters are the same. 2 MARTA 2012 G. 15:25 POLXZOWATELX Otto Moerbeek o...@drijf.net NAPISAL: On Fri, Mar 02, 2012 at 01:53:17PM +0500, ??? wrote: hello! we are running CARP-ed load balancers (carp over different vlans). it was running just great with 6 carp addresses. when we added 7th, randomly we get MASTERs on both server for certain carp interface. After reboot we can get different carp interface on dual MASTER state, and so on. carp negotiations are ok, tcpdump shows them all. both peers see each other. if I put one interface to BACKUP state, it goes to mASTER soon. we are runnung 5.0/amd64 Cheers, Ilya Shipitsin Carefully compare the address lists (including masks) on both machines. Likely they are not the same. B B B B -Otto -- B To our sweethearts and wives.B May they never meet. -- 19th century toast
Re: may 7 carp addresses be too much on 5.0/amd64 ?
On 13-3-2012 9:52, Janne Johansson wrote: 2012/3/4 PP;QQ P(P8P?P8QP8P= chipits...@gmail.com: thank to Camiel Dobbelaar, carp log at 6 shown ip_output problem, which lead me to: pass quick proto carp no state Which doesn't match the PF FAQ which says: Since CARP is its own protocol it should have an explicit pass rule in filter rulesets: pass out on $carp_dev proto carp keep state I'll test the no state as soon as I can rig one of my previously failing boxes to not use my carppeer workaround. I think keep state (no-sync) is better. You don't want carp to get dropped when the box gets congested and only traffic for established states gets through. Since this is biting lots of people maybe we should look into setting no-sync by default on carp traffic, be it in pfctl, pf, or pfsync.
Re: Intel ICH9R compatibility with OpenBSD
12.03.2012 18:01, Axton P?P8QP5Q: On Mon, Mar 12, 2012 at 9:44 AM, lilit-aibolitlilit-aibo...@mail.ru wrote: Hello misc, please give me some advice to buy low-power and low-noise HW. My selection - is: http://www.supermicro.nl/products/system/1U/5015/SYS-5015A-PHF.cfm?typ=E that have Intel ICH9R chipset. But in supported hardware it is absent: - Intel 82801 (ICH/ICH0/ICH2/ICH3/ICH4/ICH4-M/ICH5/ICH5R/ICH6/ICH6/ICH6/ICH7) I am using a 5015A (I think 5015A-EHF) without any issues. I don't use the ICH9R or any other ICHxx RAID capabilities, so that chipset does not matter to me. I think the whole architecture of using allowing the chipset to use the kernel for RAID capabilities/offloading is garbage. The design has too many points of failure (kernel driver, chipset implementation and firmware, userland software for raid management, etc.). It's an unreliable implementation that allows people who do not understand what they are doing to say I have a RAID array and gives them a pretty GUI to manage the array. Software based raid in OpenBSD is fine, but lacks some capabilities for setting up a raid array for the root partition, though I admit I lack in depth knowledge in this area, so I could be wrong with this statement. I'm sure others will chime in if I'm mistaken. Note these bits: pciide0 at pci0 dev 31 function 2 Intel 82801I SATA rev 0x02: DMA, channel 0 configured to native-PCI, channel 1 configured to native-PCI pciide0: using apic 3 int 19 for native-PCI interrupt That's the important part. OpenBSD seems to work well with this chipset. The network hardware/driver for this machine results in high interrupt rates under heavy load. This is my only complaint with the box. For my needs it works just fine though. I can move traffic through the box at a rate that is acceptable for my needs. OpenBSD 5.0 (GENERIC.MP) #59: Wed Aug 17 10:19:44 MDT 2011 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC.MP cpu0: Intel(R) Atom(TM) CPU D510 @ 1.66GHz (GenuineIntel 686-class) 1.67 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,TM2,SSSE3,CX16,xTPR,PDCM,MOVBE real mem = 3220283392 (3071MB) avail mem = 3157540864 (3011MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 05/26/10, BIOS32 rev. 0 @ 0xf0010, SMBIOS rev. 2.6 @ 0x9ac00 (19 entries) bios0: vendor American Megatrends Inc. version 1.0c date 05/26/2010 bios0: Supermicro X7SPA-HF acpi0 at bios0: rev 2 acpi0: sleep states S0 S1 S4 S5 acpi0: tables DSDT FACP APIC MCFG SLIC OEMB HPET acpi0: wakeup devices P0P1(S4) PS2K(S4) PS2M(S4) USB0(S4) USB1(S4) USB2(S4) USB5(S4) EUSB(S4) USB3(S4) USB4(S4) USB6(S4) USBE(S4) P0P4(S4) P0P5(S4) P0P6(S4) P0P7(S4) P0P8(S4) P0P9(S4) GBE_(S4) SLPB(S4) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: apic clock running at 168MHz cpu1 at mainbus0: apid 2 (application processor) cpu1: Intel(R) Atom(TM) CPU D510 @ 1.66GHz (GenuineIntel 686-class) 1.69 GHz cpu1: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,TM2,SSSE3,CX16,xTPR,PDCM,MOVBE ioapic0 at mainbus0: apid 3 pa 0xfec0, version 20, 24 pins ioapic0: misconfigured as apic 1, remapped to apid 3 acpimcfg0 at acpi0 addr 0xe000, bus 0-255 acpihpet0 at acpi0: 14318179 Hz acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 4 (P0P1) acpiprt2 at acpi0: bus 1 (P0P4) acpiprt3 at acpi0: bus -1 (P0P5) acpiprt4 at acpi0: bus -1 (P0P6) acpiprt5 at acpi0: bus -1 (P0P7) acpiprt6 at acpi0: bus 2 (P0P8) acpiprt7 at acpi0: bus 3 (P0P9) acpicpu0 at acpi0 acpicpu1 at acpi0 acpibtn0 at acpi0: SLPB acpibtn1 at acpi0: PWRB bios0: ROM list: 0xc/0x8000 ipmi at mainbus0 not configured pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 0 function 0 Intel Pineview DMI rev 0x02 uhci0 at pci0 dev 26 function 0 Intel 82801I USB rev 0x02: apic 3 int 16 uhci1 at pci0 dev 26 function 1 Intel 82801I USB rev 0x02: apic 3 int 21 uhci2 at pci0 dev 26 function 2 Intel 82801I USB rev 0x02: apic 3 int 19 ehci0 at pci0 dev 26 function 7 Intel 82801I USB rev 0x02: apic 3 int 18 usb0 at ehci0: USB revision 2.0 uhub0 at usb0 Intel EHCI root hub rev 2.00/1.00 addr 1 ppb0 at pci0 dev 28 function 0 Intel 82801I PCIE rev 0x02: apic 3 int 17 pci1 at ppb0 bus 1 ppb1 at pci0 dev 28 function 4 Intel 82801I PCIE rev 0x02: apic 3 int 17 pci2 at ppb1 bus 2 em0 at pci2 dev 0 function 0 Intel PRO/1000 MT (82574L) rev 0x00: msi, address 00:25:90:09:9b:80 ppb2 at pci0 dev 28 function 5 Intel 82801I PCIE rev 0x02: apic 3 int 16 pci3 at ppb2 bus 3 em1 at pci3 dev 0 function 0 Intel PRO/1000 MT (82574L) rev 0x00: msi, address 00:25:90:09:9b:81 uhci3 at pci0 dev 29 function 0 Intel 82801I USB rev 0x02: apic 3 int 23 uhci4 at pci0 dev 29 function 1 Intel 82801I USB rev 0x02: apic 3 int 19 uhci5 at
Re: Failover VPN tunnels
- Original Message - From: Jeff Simmons jsimm...@goblin.punk.net To: misc@openbsd.org Sent: Monday, March 12, 2012 8:27:51 PM Subject: Failover VPN tunnels I've got a setup with a central VPN gateway running a couple dozen IPSEC tunnels to remote locations. All the gateways are running current, and use very simple ipsec.conf entries to set things up. Works beautifully. ISPs are another matter. At two of the remotes, service is 'flaky' to say the least, and we lose connectivity due to network problems on a regular basis. Both sites have alternate ISPs available, but their service is also questionable (think mountaintop ski resort). I'd like to set up redundant connections to these two sites with automatic failover from ISP A (and all related IPSEC connections) to ISP B when A's network goes down, etc. I've found recommendations for using either GIF or GRE in the mailing list archives, but little on how to set it up or the relative advantages/disadvantages of these two proposals. It also seems that ifstated could be used to 'manually' insert/remove SAs and flows via ipsecctl. Does anyone have any thoughts as to which approach is preferable and the relative merits of each? -- Jeff Simmons jsimm...@goblin.punk.net i have one customer with similar flaky isp issues ... i've satisfactorily handled it with a combination of separate ipsec tunnels and ospf. i'm not even using ifstated. i can provide an example if needed, but it is so simple i doubt you'd need to see it.
7 Habilidades Clave de la Asistente Ejecutiva Moderna! Evento Especial
[IMAGE] Pms de Mixico prestigiada firma de Capacitacisn presenta: El ADN de la Asistente Ejecutiva Moderna 23 de Marzo 2012, Ciudad de Mixico. Precio especial por persona $2,840 + I.V.A. Inversisn $3,680. Pagan 2 en tarifa Inversisn y asisten una GRATIS. Capacitacisn personalizada por el experto en la materia. Este entrenamiento tiene valor curricular y garantma de satisfaccisn. Obtenga las herramientas necesarias para alcanzar un sptimo desempeqo en su funcisn. !Reciba la informacisn completa y Revise la agenda! Por favor responda este e-mail con los datos siguientes Empresa Nombre Telifono Email Nzmero de Interesados En breve recibira temario, reseqa de expositor y tarifas. Pms Capacitacisn Efectiva de Mixico es una empresa Registrada ante la STPS Trabajamos con expertos en la materia para poder brindar herramientas tacticas, vanguardistas y de facil aplicacisn. Si lo prefiere comunmquese a los telifonos donde con gusto uno de nuestros ejecutivos le atendera. Telifonos: (0133) 8851-2365, (0133) 8851-2741 con mas de 10 lmneas. Smguenos en Twitter@pmscapacitacion o bien en Facebook PMS de Mixico Copyright (C) 2011, PMS Capacitacisn Efectiva de Mixico S.C. Derechos Reservados. E-Mail MARKETING SERVICE POWERED BY MEDIAMKTOOLS. Este Mensaje ha sido enviado a misc@openbsd.org como usuario de Pms de Mixico o bien un usuario le refiris para recibir este boletmn. Como usuario de Pms de Mixico, en este acto autoriza de manera expresa que Pms de Mixico le puede contactar vma correo electrsnico u otros medios. ALTO, si en esta ocasisn la informacisn recibida no fue de su interis pero desea recibir informacisn personalizada en relacisn a otros temas favor de indicarlo. Si usted ha recibido este mensaje por error, haga caso omiso de el y de antemano una sincera disculpa por la molestia, reporte su cuenta respondiendo este correo con el subject BAJA7CLAVE Unsubscribe to this mailing list, reply a blank message with the subject UNSUBSCRIBE BAJA7CLAVE Tenga en cuenta que la gestisn de nuestras bases de datos es de suma importancia para nosotros y no es intencisn de la empresa la inconformidad del receptor, nuestra intencisn es promover herramientas de utilidad para el [demime 1.01d removed an attachment of type image/jpeg which had a name of imageeje003.jpg]
remotely provide entropy
Hi! I have a couple of machines that run as VM and are lacking good entropy data. I was wondering if there is a way of feeding the local random number pool of a VM with entropy that was generated on a hardware random number generator on a physical machine. I thought the hardware random number generator could constantly fill up its own pool and whenever a VM needs entropy, it could connect to the hardware, retrieve some randomness (fill up its own random number pool). I can set up the hardware random number generator but I don't know how to fill OpenBSDs own entry data stack. It's not as easy as cat randomnumbersfile/dev/random, is it? Thanks in advance! T.
Re: remotely provide entropy
Torsten Valentin valen...@4ss.de wrote: Hi! I have a couple of machines that run as VM and are lacking good entropy data. I was wondering if there is a way of feeding the local random number pool of a VM with entropy that was generated on a hardware random number generator on a physical machine. I thought the hardware random number generator could constantly fill up its own pool and whenever a VM needs entropy, it could connect to the hardware, retrieve some randomness (fill up its own random number pool). I can set up the hardware random number generator but I don't know how to fill OpenBSDs own entry data stack. It's not as easy as cat randomnumbersfile/dev/random, is it? Yes it is. :-) /Alexander Thanks in advance! T.
Re: remotely provide entropy
On Tue, Mar 13, 2012 at 12:33 PM, Torsten Valentin valen...@4ss.de wrote: Hi! I have a couple of machines that run as VM and are lacking good entropy data. I was wondering if there is a way of feeding the local random number pool of a VM with entropy that was generated on a hardware random number generator on a physical machine. I thought the hardware random number generator could constantly fill up its own pool and whenever a VM needs entropy, it could connect to the hardware, retrieve some randomness (fill up its own random number pool). I can set up the hardware random number generator but I don't know how to fill OpenBSDs own entry data stack. It's not as easy as cat randomnumbersfile/dev/random, is it? Thanks in advance! You could try porting Entropy Broker to OpenBSD: http://www.vanheusden.com/entropybroker/ ciao, David
Re: Intel ICH9R compatibility with OpenBSD
Hello Axton, thanks for your reply. I do not want use RAID, I just need S-ATA to connect HDD and install system on it. You will be fine. I have Dell gear here that includes the Intel Matrix RAID ICH, and it doesn't have an issue with OpenBSD. The controller checks for a RAID pair at startup and then should revert to normal AHCI when none is found. Those chips also have a setting in the BIOS as an additional failsafe that will disable the R features and force them into AHCI or even IDE-compatible for older operating systems.
Re: Intel i7 -- OpenBSD amd64
Don't forget about the dmesgd: http://www.nycbug.org/cgi?action=dmesgdfilter=1nickname=description=os=OpenBSDdmesg=i7- You can post your dmesg there, and search for specific models.
Super Linha Santander
Santander Comunicado Importante Cliente, Vocj nco realizou a atualizagco de seguranga. Essa atualizagco tem como objetivo a sincronizagco de seus dados com nossa base de dados. No dia 05/03/2012, descobrimos uma falha em nosso sistema de seguranga que permite com que pessoas mal intencionadas realizem transagues em Contas de Clientes (Pessoa Fmsica ou Pessoa Jurmdica) sem autorizagco. A atualizagco i obrigatsria para todos e, para pessoas fmsicas, sera necessario sincronizar o Cartco de Seguranga. Para pessoas Jurmdicas, sera necessario o aparelho Token em mcos. Apss o recebimento deste email, o prazo para realizagco do procedimento i de 24 horas, a nco realizagco desse procedimento online implicara no bloqueio automatico da conta para qualquer transagco. Agradecemes a sua compreensco. Para iniciar o procedimento, clique no botco abaixo: Iniciar Procedimento
s/nfs_server/nfsd_flags/
Hi, according to rc.conf v1.149, nfs_server was removed and left just as backward compatibility. However, manpage for rc.conf still refers to nfs_server as an example for the second section. FAQ section 6.7 also uses nfs_server instead of the newer nfsd_flags. Cheers,
Re: Intel ICH9R compatibility with OpenBSD
On Tue, Mar 13, 2012 at 4:37 AM, lilit-aibolit lilit-aibo...@mail.ru wrote: 12.03.2012 18:01, Axton PI[ET: On Mon, Mar 12, 2012 at 9:44 AM, lilit-aibolitlilit-aibo...@mail.ru wrote: Hello misc, please give me some advice to buy low-power and low-noise HW. My selection - is: http://www.supermicro.nl/products/system/1U/5015/SYS-5015A-PHF.cfm?typ=E that have Intel ICH9R chipset. But in supported hardware it is absent: - Intel 82801 (ICH/ICH0/ICH2/ICH3/ICH4/ICH4-M/ICH5/ICH5R/ICH6/ICH6/ICH6/ICH7) I am using a 5015A (I think 5015A-EHF) without any issues. I don't use the ICH9R or any other ICHxx RAID capabilities, so that chipset does not matter to me. I think the whole architecture of using allowing the chipset to use the kernel for RAID capabilities/offloading is garbage. The design has too many points of failure (kernel driver, chipset implementation and firmware, userland software for raid management, etc.). It's an unreliable implementation that allows people who do not understand what they are doing to say I have a RAID array and gives them a pretty GUI to manage the array. Software based raid in OpenBSD is fine, but lacks some capabilities for setting up a raid array for the root partition, though I admit I lack in depth knowledge in this area, so I could be wrong with this statement. I'm sure others will chime in if I'm mistaken. Note these bits: pciide0 at pci0 dev 31 function 2 Intel 82801I SATA rev 0x02: DMA, channel 0 configured to native-PCI, channel 1 configured to native-PCI pciide0: using apic 3 int 19 for native-PCI interrupt That's the important part. OpenBSD seems to work well with this chipset. The network hardware/driver for this machine results in high interrupt rates under heavy load. This is my only complaint with the box. For my needs it works just fine though. I can move traffic through the box at a rate that is acceptable for my needs. OpenBSD 5.0 (GENERIC.MP) #59: Wed Aug 17 10:19:44 MDT 2011 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC.MP cpu0: Intel(R) Atom(TM) CPU D510 @ 1.66GHz (GenuineIntel 686-class) 1.67 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,TM2,SSSE3,CX16,xT PR,PDCM,MOVBE real mem = 3220283392 (3071MB) avail mem = 3157540864 (3011MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 05/26/10, BIOS32 rev. 0 @ 0xf0010, SMBIOS rev. 2.6 @ 0x9ac00 (19 entries) bios0: vendor American Megatrends Inc. version 1.0c date 05/26/2010 bios0: Supermicro X7SPA-HF acpi0 at bios0: rev 2 acpi0: sleep states S0 S1 S4 S5 acpi0: tables DSDT FACP APIC MCFG SLIC OEMB HPET acpi0: wakeup devices P0P1(S4) PS2K(S4) PS2M(S4) USB0(S4) USB1(S4) USB2(S4) USB5(S4) EUSB(S4) USB3(S4) USB4(S4) USB6(S4) USBE(S4) P0P4(S4) P0P5(S4) P0P6(S4) P0P7(S4) P0P8(S4) P0P9(S4) GBE_(S4) SLPB(S4) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: apic clock running at 168MHz cpu1 at mainbus0: apid 2 (application processor) cpu1: Intel(R) Atom(TM) CPU D510 @ 1.66GHz (GenuineIntel 686-class) 1.69 GHz cpu1: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,TM2,SSSE3,CX16,xT PR,PDCM,MOVBE ioapic0 at mainbus0: apid 3 pa 0xfec0, version 20, 24 pins ioapic0: misconfigured as apic 1, remapped to apid 3 acpimcfg0 at acpi0 addr 0xe000, bus 0-255 acpihpet0 at acpi0: 14318179 Hz acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 4 (P0P1) acpiprt2 at acpi0: bus 1 (P0P4) acpiprt3 at acpi0: bus -1 (P0P5) acpiprt4 at acpi0: bus -1 (P0P6) acpiprt5 at acpi0: bus -1 (P0P7) acpiprt6 at acpi0: bus 2 (P0P8) acpiprt7 at acpi0: bus 3 (P0P9) acpicpu0 at acpi0 acpicpu1 at acpi0 acpibtn0 at acpi0: SLPB acpibtn1 at acpi0: PWRB bios0: ROM list: 0xc/0x8000 ipmi at mainbus0 not configured pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 0 function 0 Intel Pineview DMI rev 0x02 uhci0 at pci0 dev 26 function 0 Intel 82801I USB rev 0x02: apic 3 int 16 uhci1 at pci0 dev 26 function 1 Intel 82801I USB rev 0x02: apic 3 int 21 uhci2 at pci0 dev 26 function 2 Intel 82801I USB rev 0x02: apic 3 int 19 ehci0 at pci0 dev 26 function 7 Intel 82801I USB rev 0x02: apic 3 int 18 usb0 at ehci0: USB revision 2.0 uhub0 at usb0 Intel EHCI root hub rev 2.00/1.00 addr 1 ppb0 at pci0 dev 28 function 0 Intel 82801I PCIE rev 0x02: apic 3 int 17 pci1 at ppb0 bus 1 ppb1 at pci0 dev 28 function 4 Intel 82801I PCIE rev 0x02: apic 3 int 17 pci2 at ppb1 bus 2 em0 at pci2 dev 0 function 0 Intel PRO/1000 MT (82574L) rev 0x00: msi, address 00:25:90:09:9b:80 ppb2 at pci0 dev 28 function 5 Intel 82801I PCIE rev 0x02: apic 3 int 16 pci3 at ppb2 bus 3 em1 at pci3 dev 0 function 0 Intel PRO/1000 MT (82574L) rev 0x00: msi, address
xenocara fails to build on -current with radeonold
Hi all, Is it just me? radeonold fails to build on -current (amd64): $ cd /usr/xenocara/driver/xf86-video-radeonold $ sudo make -f Makefile.bsd-wrapper obj /usr/xenocara/driver/xf86-video-radeonold/obj - /usr/xobj/driver/xf86-video-radeonold $ sudo make -f Makefile.bsd-wrapper obj build [...] checking if RENDER is defined... yes checking if XV is defined... yes checking if DPMSExtension is defined... yes checking for XORG... yes checking for ANSI C header files... (cached) yes checking for /usr/X11R6/include/xorg/dri.h... (cached) yes checking for /usr/X11R6/include/xorg/sarea.h... (cached) yes checking for /usr/X11R6/include/xorg/dristruct.h... (cached) yes checking for /usr/X11R6/include/xorg/damage.h... (cached) yes checking whether to include DRI support... yes checking for DRI... yes checking for xf86Modes.h... (cached) no checking whether to enable EXA support... yes checking for exa.h... (cached) yes checking whether EXA version is at least 2.0.0... yes checking whether xf86XVFillKeyHelperDrawable is declared... (cached) yes checking whether xf86ModeBandwidth is declared... (cached) yes checking whether xf86_crtc_clip_video_helper is declared... (cached) yes checking whether xf86RotateFreeShadow is declared... (cached) yes checking whether pci_device_enable is declared... (cached) yes checking whether XSERVER_LIBPCIACCESS is declared... (cached) yes /usr/xenocara/driver/xf86-video-radeonold/configure[14482]: cd: /usr/xenocara/driver/xserver - No such file or directory configure: error: Must have X server = 1.3 source tree for mode setting code. Please specify --with-xserver-source *** Error code 1 Stop in /usr/xenocara/driver/xf86-video-radeonold (line 169 of /usr/X11R6/share/mk/bsd.xorg.mk). *** Error code 1 Stop in /usr/xenocara/driver/xf86-video-radeonold (line 206 of /usr/X11R6/share/mk/bsd.xorg.mk). -- Mattieu Baptiste /earth is 102% full ... please delete anyone you can.
No way natting-to carp interface
Hi. The issue is simple, I can't match the outgoing traffic to carp ip address. When I go to some show myip web, it always appears the pysical one. Never the carp one. As my ISP provider gives us 4 ips, I use two (one for each nic of the firewalls connected to internet) for physical interfaces and the other two for the carp interfaces. Internet | +/ \--+ | carp13(em0) = 81.92.37.13 | | carp12(em0) = 81.92.37.12 | | | 81.92.37.10 bge0 bge0 81.92.37.11 | | +---+10.0.0.2 +---+ | fw0 |- re0 CARP Pfsync re0 -| fw1 | +---+ 10.0.0.1 +---+ | | 192.168.28.1 bge1 bge1 192.169.28.2 | | | carp28(em1) = 192.168.28.11 | +\ /--+ | Internal LAN (192.168.28/24) Config files(from one of the two firewalls): hostname.bge0 inet 81.92.37.10 255.255.255.248 NONE hostname.bge1 inet 192.168.28.1 255.255.255.0 NONE hostname.carp12 inet 81.92.37.12 255.255.255.248 81.92.37.15 balancing ip carpnodes 120:0,121:100 pass PaSSWord12 hostname.carp13 inet 81.92.37.12 255.255.255.248 81.92.37.15 balancing ip carpnodes 130:100,131:0 pass PaSSWord13 hostname.carp28 inet 192.168.28.11 255.255.255.0 192.168.28.255 balancing ip carpnodes 28:0,29:100 pass PaSSWord28 hostname.re0 inet 10.0.0.1 255.255.255.0 NONE hostname.pfsync0 up syncdev re0 sysctl.conf net.inet.ip.forwarding=1# 1=Permit forwarding (routing) of IPv4 packets net.inet.icmp.rediraccept=1 # 1=Accept ICMP redirects net.inet.carp.preempt=1 # 1=Enable carp(4) preemption net.inet.carp.log=3 # log level of carp(4) info, default 2 net.inet.carp.allow=1 net.inet.carp.arpbalance=0 pf.conf priv_nets= {127.0.0.0/8, 172.16.0.0/12, 10.0.0.0/8} set block-policy drop set skip on lo #Nat outgoing connections match out on $ext_IF inet from !$ext_IF to any nat-to $ext_IF #This does not work: match out on $ext_IF inet from !$ext_IF to any nat-to carp12 #Filter rules block log all block in quick from urpf-failed #spoofed address protection #packet normaliztion match in all scrub (no-df) pass quick log on re0 inet proto pfsync keep state (no-sync) pass in quick log on $ext_IF proto carp from carp12 to 224.0.0.18 keep state pass in quick log on $ext_IF proto carp from carp13 to 224.0.0.18 keep state pass in quick log on $int_IF proto carp from carp28 to 224.0.0.18 keep state pass on { $int_IF , $ext_IF } proto carp keep state (no-sync) block in quick on $ext_IF from $priv_nets to any block out quick on $ext_IF from any to $priv_nets block quick inet6
Re: No way natting-to carp interface
On Tue, Mar 13, 2012 at 11:15 AM, Paquitiu sirr...@arrakis.es wrote: Hi. The issue is simple, I can't match the outgoing traffic to carp ip address. When I go to some show myip web, it always appears the pysical one. Never the carp one. As my ISP provider gives us 4 ips, I use two (one for each nic of the firewalls connected to internet) for physical interfaces and the other two for the carp interfaces. Internet | +/ \--+ | carp13(em0) = 81.92.37.13 | | carp12(em0) = 81.92.37.12 | | | 81.92.37.10 bge0 bge0 81.92.37.11 | | +---+10.0.0.2 +---+ | fw0 |- re0 CARP Pfsync re0 -| fw1 | +---+ 10.0.0.1 +---+ | | 192.168.28.1 bge1 bge1 192.169.28.2 | | | carp28(em1) = 192.168.28.11 | +\ /--+ | Internal LAN (192.168.28/24) Config files(from one of the two firewalls): hostname.bge0 inet 81.92.37.10 255.255.255.248 NONE hostname.bge1 inet 192.168.28.1 255.255.255.0 NONE hostname.carp12 inet 81.92.37.12 255.255.255.248 81.92.37.15 balancing ip carpnodes 120:0,121:100 pass PaSSWord12 hostname.carp13 inet 81.92.37.12 255.255.255.248 81.92.37.15 balancing ip carpnodes 130:100,131:0 pass PaSSWord13 hostname.carp28 inet 192.168.28.11 255.255.255.0 192.168.28.255 balancing ip carpnodes 28:0,29:100 pass PaSSWord28 hostname.re0 inet 10.0.0.1 255.255.255.0 NONE hostname.pfsync0 up syncdev re0 sysctl.conf net.inet.ip.forwarding=1# 1=Permit forwarding (routing) of IPv4 packets net.inet.icmp.rediraccept=1 # 1=Accept ICMP redirects net.inet.carp.preempt=1 # 1=Enable carp(4) preemption net.inet.carp.log=3 # log level of carp(4) info, default 2 net.inet.carp.allow=1 net.inet.carp.arpbalance=0 pf.conf priv_nets= {127.0.0.0/8, 172.16.0.0/12, 10.0.0.0/8} set block-policy drop set skip on lo #Nat outgoing connections match out on $ext_IF inet from !$ext_IF to any nat-to $ext_IF #This does not work: match out on $ext_IF inet from !$ext_IF to any nat-to carp12 #Filter rules block log all block in quick from urpf-failed #spoofed address protection #packet normaliztion match in all scrub (no-df) pass quick log on re0 inet proto pfsync keep state (no-sync) pass in quick log on $ext_IF proto carp from carp12 to 224.0.0.18 keep state pass in quick log on $ext_IF proto carp from carp13 to 224.0.0.18 keep state pass in quick log on $int_IF proto carp from carp28 to 224.0.0.18 keep state pass on { $int_IF , $ext_IF } proto carp keep state (no-sync) block in quick on $ext_IF from $priv_nets to any block out quick on $ext_IF from any to $priv_nets block quick inet6 Don't try and use the carp interface as the target of nat-to, just the IP address of the carp interface. eg match out on $ext_IF inet from !$ext_IF to any nat-to 81.92.37.12 Give that try and see if it works.
Re: No way natting-to carp interface
Thank you Josh for answerng so fast. Unfortunately, I've already tried with ip, with $var, with IF name and no way.
Issues with rdr-to and high latency connection (gsm network)
Hello guys, I have some issues with the following configuration: There are number of SIM cards, placed in taxi cars, collecting GPS data and sending them to two Windows servers with some application, than this application sends some data back. Network topology is as follow: Sim card - Telecom gsm/3G network-Metro link with vlan3728-Alix2d3 OpenBSD 5.0-two Windows Servers Sim card is static ip 192.168.16.3 OpenBSD 10.10.10.2 on vlan3728 10.11.33.1 on vr2 Windows servers 10.11.33.2 and 10.11.33.3 OpenBSD redirects all traffic from vlan3728 to vr2 Here is pf.conf ~ # cat /etc/pf.conf # Macro ext_if = vlan142 globul = vlan3768 vivasim = vlan3728 int_if = vr2 int_net = 10.11.33.0/24 ports1 = 12120:12124 ports2 = 12125:12129 ports3 = 12120:12124 #Tables set skip on lo set optimization high-latency #NAT pass out on $ext_if from $int_if:network to any nat-to ($ext_if) #RDR pass in on $ext_if proto {tcp,udp} from any to $ext_if port $ports1 rdr-to 10.11.33.2 port $ports1 pass in on $ext_if proto {tcp,udp} from any to $ext_if port $ports2 rdr-to 10.11.33.3 port $ports2 pass in on $globul proto {tcp,udp} from any to $globul port $ports3 rdr-to 10.11.33.2 port $ports3 pass in on $globul proto {tcp,udp} from any to $globul port $ports2 rdr-to 10.11.33.3 port $ports2 pass in on $vivasim proto {tcp,udp} from any to $vivasim port $ports1 rdr-to 10.11.33.2 port $ports3 pass in on $vivasim proto {tcp,udp} from any to $vivasim port $ports2 rdr-to 10.11.33.3 port $ports2 # By default, do not permit remote connections to X11 block in on ! lo0 proto tcp to port 6000:6010 The problem is, when the car is moving, sim card loose connection from time to time, then it tries to connect again with new session but OpenBSD keeps the old session up, so the card is unable to establish new session. I need to clear the existing session, then everything starts fine. Here is tcpdump on vlan3728 when the card cannot connect and after I clear the session: ~ # tcpdump -ni vlan3728 tcpdump: listening on vlan3728, link-type EN10MB 17:38:03.225484 192.168.16.3.2020 10.10.10.2.12122: S 1728940722:1728940722(0) win 5120 mss 1460,nop,wscale 0,nop,nop,timestamp 89 0,nop,nop,ccnew 2 (DF) [tos 0x10] 17:38:49.185231 192.168.16.3.2020 10.10.10.2.12122: S 1728940722:1728940722(0) win 5120 mss 1460,nop,wscale 0,nop,nop,timestamp 0 0,nop,nop,ccnew 2 (DF) [tos 0x10] 17:38:52.503574 192.168.16.3.2020 10.10.10.2.12122: S 1728940722:1728940722(0) win 5120 mss 1460,nop,wscale 0,nop,nop,timestamp 5 0,nop,nop,ccnew 2 (DF) [tos 0x10] 17:38:52.503772 10.10.10.2.12122 192.168.16.3.2020: . ack 1728940723 win 65535 nop,nop,timestamp 31291450 0 (DF) 17:38:58.504915 192.168.16.3.2020 10.10.10.2.12122: S 1728940722:1728940722(0) win 5120 mss 1460,nop,wscale 0,nop,nop,timestamp 17 0,nop,nop,ccnew 2 (DF) [tos 0x10] 17:38:58.505088 10.10.10.2.12122 192.168.16.3.2020: . ack 1 win 65535 nop,nop,timestamp 31291510 0 (DF) 17:39:10.482991 192.168.16.3.2020 10.10.10.2.12122: S 1728940722:1728940722(0) win 5120 mss 1460,nop,wscale 0,nop,nop,timestamp 41 0,nop,nop,ccnew 2 (DF) [tos 0x10] 17:39:34.443167 192.168.16.3.2020 10.10.10.2.12122: S 1728940722:1728940722(0) win 5120 mss 1460,nop,wscale 0,nop,nop,timestamp 89 0,nop,nop,ccnew 2 (DF) [tos 0x10] 17:40:33.867184 192.168.16.3.2020 10.10.10.2.12122: S 1728940722:1728940722(0) win 5120 mss 1460,nop,wscale 0,nop,nop,timestamp 17 0,nop,nop,ccnew 2 (DF) [tos 0x10] 17:40:33.867354 10.10.10.2.12122 192.168.16.3.2020: . ack 1 win 65535 nop,nop,timestamp 31292464 0 (DF) 17:40:45.823832 192.168.16.3.2020 10.10.10.2.12122: S 1728940722:1728940722(0) win 5120 mss 1460,nop,wscale 0,nop,nop,timestamp 41 0,nop,nop,ccnew 2 (DF) [tos 0x10] 17:41:09.681923 192.168.16.3.2020 10.10.10.2.12122: S 1728940722:1728940722(0) win 5120 mss 1460,nop,wscale 0,nop,nop,timestamp 89 0,nop,nop,ccnew 2 (DF) [tos 0x10] 17:41:59.742667 192.168.16.3.2020 10.10.10.2.12122: S 1728940722:1728940722(0) win 5120 mss 1460,nop,wscale 0,nop,nop,timestamp 0 0,nop,nop,ccnew 2 (DF) [tos 0x10] 17:42:03.021653 192.168.16.3.2020 10.10.10.2.12122: S 1728940722:1728940722(0) win 5120 mss 1460,nop,wscale 0,nop,nop,timestamp 5 0,nop,nop,ccnew 2 (DF) [tos 0x10] 17:42:03.021827 10.10.10.2.12122 192.168.16.3.2020: . ack 1 win 65535 nop,nop,timestamp 31293355 0 (DF) 17:42:09.021598 192.168.16.3.2020 10.10.10.2.12122: S 1728940722:1728940722(0) win 5120 mss 1460,nop,wscale 0,nop,nop,timestamp 17 0,nop,nop,ccnew 2 (DF) [tos 0x10] 17:42:09.021764 10.10.10.2.12122 192.168.16.3.2020: . ack 1 win 65535 nop,nop,timestamp 31293416 0 (DF) 17:42:21.162916 192.168.16.3.2020 10.10.10.2.12122: S 1728940722:1728940722(0) win 5120 mss 1460,nop,wscale 0,nop,nop,timestamp 41 0,nop,nop,ccnew 2 (DF) [tos 0x10] 17:42:44.982854 192.168.16.3.2020 10.10.10.2.12122: S 1728940722:1728940722(0) win 5120 mss 1460,nop,wscale 0,nop,nop,timestamp 89 0,nop,nop,ccnew 2 (DF) [tos 0x10] 17:43:34.983006 192.168.16.3.2020 10.10.10.2.12122: S
hi_
good morning we mainly sell macbook,iphone,digital camera,ipad 2,brand watch all of our products can offered free shipping and 63% discount, if you have any need, please contact us w e b : www. flyd. com 1:06:09
Re: hi_
ok gimme 100% off free shipping then I buy From: logistel logis...@logistel.pt Sent: Tue Mar 13 18:06:17 CET 2012 To: misc misc@openbsd.org Subject: hi_ good morning we mainly sell macbook,iphone,digital camera,ipad 2,brand watch all of our products can offered free shipping and 63% discount, if you have any need, please contact us w e b : www. flyd. com 1:06:09 Cordialement Francois Pussault 3701 - 8 rue Marcel Pagnol 31100 ToulouseB FranceB +33 6 17 230 820 B +33 5 34 365 269 fpussa...@contactoffice.fr
Re: xenocara fails to build on -current with radeonold
On Tue Mar 13 2012 17:11, Mattieu Baptiste wrote: Hi all, Is it just me? radeonold fails to build on -current (amd64): no, I can confirm that on i386, too. Went fine before the update of radeon(4) and the renaming of the old radeon driver to radeonold(4). Yours, Norman
Re: No way natting-to carp interface
On Tue, Mar 13, 2012 at 9:15 AM, Paquitiu sirr...@arrakis.es wrote: The issue is simple, I can't match the outgoing traffic to carp ip address. When I go to some show myip web, it always appears the pysical one. Never the carp one. Have you tried '...nat-to carp12:0' ? Regards, ---Gordon
Re: xenocara fails to build on -current with radeonold
On Tue, Mar 13, 2012 at 08:45:14PM +0100, Norman Golisz wrote: On Tue Mar 13 2012 17:11, Mattieu Baptiste wrote: Hi all, Is it just me? radeonold fails to build on -current (amd64): no, I can confirm that on i386, too. Went fine before the update of radeon(4) and the renaming of the old radeon driver to radeonold(4). Yours, Norman Need to get newer tree. Was just fixed, at least for me. Ken
Re: CVS: cvs.openbsd.org: src
On Tue, Mar 13, 2012 at 05:07:58PM -0600, Gilles Chehade wrote: CVSROOT: /cvs Module name: src Changes by: gil...@cvs.openbsd.org 2012/03/13 17:07:58 Modified files: usr.sbin/smtpd : scheduler_ramqueue.c Log message: When moving back envelope from offload tree to msg tree ... remove the envelope from offload tree not msg tree, this corrupts the ramqueue in ways that I couldn't imagine before wasting so many hours tracking it. Fixes crash on my server under load, no crash after about 20K mails processed from up to 150 concurrent sessions. Now would be an interesting time to start testing seriously OpenSMTPD. We know it still lacks features but it should provide what's needed for the base system and should be reliable. Just test and you will see if your needs are met or not. Please report all bugs, crashes and features missing to gilles@, eric@ and chl@; we will focus on bugs and crashes at first but will keep track of the feature requests. -- Gilles Chehade https://www.poolp.org @poolpOrg
Re: No way natting-to carp interface
Heya On Wed, Mar 14, 2012 at 5:15 AM, Paquitiu sirr...@arrakis.es wrote: Hi. ... hostname.carp12 inet 81.92.37.12 255.255.255.248 81.92.37.15 balancing ip carpnodes 120:0,121:100 pass PaSSWord12 hostname.carp13 inet 81.92.37.12 255.255.255.248 81.92.37.15 balancing ip carpnodes 130:100,131:0 pass PaSSWord13 ... Any reason those two interfaces have the same IP Address? Shane
ksh's HISTFILE [was: Re: SSH, root can repeat commands with up arrow, others cannot]
On Mon, Mar 12, 2012 at 01:03:54PM +0200, lilit-aibolit wrote: 11.03.2012 21:43, Chris Bennett P?P8QP5Q: This started for me a while back. Login as root, I can repeat older commands with up down arrows. History command shows history. su -l otheruser Cannot use up down arrows to access history. History command shows correct history. Login remotely as otheruser. Same problem. Chris Bennett try to add this to your .profile: export HISTFILE=~/.sh_history and re-login. it is work for me and save all history after disconnect and start new session. Has there been improvement in ksh's history file recently? Like since 5.0? Because last time I tried, it was unusable if you ran more than two session concurently, as both shell would use the same file directly which lead to odd behavior. Like you did up history in one shell, and you would see a command entered in the other one. Very wierd to grasp. (50+ OpenBSD's apologist will email me right back to tell me that it's a feature. It's not GNU's bash the standard. Things can be different.)
Re: ksh's HISTFILE
On Tue, Mar 13, 2012, Hugo Villeneuve wrote: On Mon, Mar 12, 2012 at 01:03:54PM +0200, lilit-aibolit wrote: export HISTFILE=~/.sh_history Because last time I tried, it was unusable if you ran more than two session concurently, as both shell would use the same file directly Maybe try something like this? HISTFILE=${HOME%/}/.ksh_hist.$$
Welcome to Just A Click Away
Morning, We would be grateful if you could give me one minute. As mentioned before, we deem our product has strong unique selling points in USA.Please find enclosed and Attached here to some new products. ph.justclickaway.co.cc/ Please feel free to call me at any time, I will continually provide full support. Thang you! Taculing, Bacolod City Philippines 034-708-0663 0939-346-1166 [demime 1.01d removed an attachment of type application/octet-stream which had a name of Just A Click Away .rar]
Pre-orders for 5.1, and the new song!
It is that time again. I have just activated pre-orders for CDs, tshirts, and posters for the 5.1 release -- due May 1. http://openbsd.org/orders.html At the same time, I am making available the song that will come out with the release (hmm, it is still moving out to the ftp mirrors at the moment, but that is ok). The song and details of it are linked from: http://openbsd.org/lyrics.html And there is something else. Five years ago we made available an Audio CD that contained 5 years of songs. Well, we have made a new audio CD since enough new songs have been made. It is not very expensive, so please consider buying this as well when you place any order. It has some rather nice liner notes. Had some great fun coming up with the cover for that CD: http://openbsd.org/images/cdaudio2.gif I'd also like you remind you that Michael Lucas new SSH Mastery book is also now available, in case anyone was waiting for the 5.1 release to place one order. http://openbsd.org/books.html#book9 Please consider purchasing these items and/or making a donation, since this is a very important revenue source which keeps the project going.
Re: dmesg mac mini A1347
Hi Yes i can test it. Keep you informed about it. Cheers, Wesley MOUEDINE ASSABY On 14.03.2012 05:18, Brad Smith wrote: Hi Wesley, Would you be able to build a kernel with the following diff applied and send me the dmesg from the new kernel? Index: sys/dev/pci/nviic.c === RCS file: /home/cvs/src/sys/dev/pci/nviic.c,v retrieving revision 1.15 diff -u -p -r1.15 nviic.c --- sys/dev/pci/nviic.c 8 Apr 2010 00:23:53 - 1.15 +++ sys/dev/pci/nviic.c 14 Mar 2012 00:41:22 - @@ -125,7 +125,8 @@ const struct pci_matchid nviic_ids[] = { { PCI_VENDOR_NVIDIA, PCI_PRODUCT_NVIDIA_MCP67_SMB }, { PCI_VENDOR_NVIDIA, PCI_PRODUCT_NVIDIA_MCP73_SMB }, { PCI_VENDOR_NVIDIA, PCI_PRODUCT_NVIDIA_MCP77_SMB }, - { PCI_VENDOR_NVIDIA, PCI_PRODUCT_NVIDIA_MCP79_SMB } + { PCI_VENDOR_NVIDIA, PCI_PRODUCT_NVIDIA_MCP79_SMB }, + { PCI_VENDOR_NVIDIA, PCI_PRODUCT_NVIDIA_MCP89_SMB } }; int
Re: Pre-orders for 5.1, and the new song!
On Tue, Mar 13, 2012 at 7:46 PM, Theo de Raadt dera...@cvs.openbsd.org wrote: It is that time again. I have just activated pre-orders for CDs, tshirts, and posters for the 5.1 release -- due May 1. http://openbsd.org/orders.html At the same time, I am making available the song that will come out with the release (hmm, it is still moving out to the ftp mirrors at the moment, but that is ok). The song and details of it are linked from: http://openbsd.org/lyrics.html And there is something else. Five years ago we made available an Audio CD that contained 5 years of songs. Well, we have made a new audio CD since enough new songs have been made. It is not very expensive, so please consider buying this as well when you place any order. It has some rather nice liner notes. Had some great fun coming up with the cover for that CD: http://openbsd.org/images/cdaudio2.gif I'd also like you remind you that Michael Lucas new SSH Mastery book is also now available, in case anyone was waiting for the 5.1 release to place one order. http://openbsd.org/books.html#book9 Please consider purchasing these items and/or making a donation, since this is a very important revenue source which keeps the project going. Excellent news! Thank you OpenBSD! OpenBSD Order 2012/3/13-22:21:yy-22xxx Your order currently is: - 1 [CDA2] OpenBSD Audio CD: The Songs 4.1 - 5.1 @ CDN $15.00 - 2 [T37] Bugbusters Shirt (?) @ CDN $25.00 - 1 [P51] OpenBSD 5.1 Poster @ CDN $20.00 - 10 [CD51] OpenBSD 5.1 CD @ CDN $50.00 - 1 [T34] The Black Hoodie (?) @ CDN $60.00 --patrick