Re: spamd database breaks after time_t change
Op Tue, 20 Aug 2013 18:33:46 +0200 schreef Renaud Allard ren...@allard.it: I just found out that spamd database breaks after upgrading to a snapshot with the 64 bits time_t resulting in: Aug 20 16:04:18 pippin spamd[26092]: scan of /var/db/spamd failed Aug 20 16:05:18 pippin spamd[26092]: bogus entry in spamd database As for the utmp and lastlog, a clear of the database obviously solves the problem. Or if you value your white and spamtrap entries, do something like the following: Before upgrade: spamdb|grep '^WHITE|'|cut -d'|' -f2/var/db/spamd.white spamdb|grep '^SPAMTRAP|'|cut -d'|' -f2/var/db/spamd.spamtrap After upgrade: rm -f /var/db/spamd for a in `cat /var/db/spamd.white`; do spamdb -a $a; done for a in `cat /var/db/spamd.spamtrap`; do spamdb -Ta $a; done rm -f /var/db/spamd.{white,spamtrap} -- Gemaakt met Opera's revolutionaire e-mailprogramma: http://www.opera.com/mail/ (Remove the obvious prefix to reply privately.)
is it possible to block BT.UTP traffic in PF ?
Hello! I'm investigating whether it is possible to block certain UDP signatures ? Maybe, I'd like not to block them, but lower priority using ALTQ, for instance, this kind of traffic: http://www.wireshark.org/docs/dfref/b/bt-utp.html traffic signatures are known. Cheers, Ilya Shipitsin
USB problem after time_t change
Hi, I upgraded to a 64 bits time_t snapshots and can't connect my phone anymore. When I plug it in any usb port I have these errors: uhub3: port 1, set config at addr 4 failed uhub3: device problem, disabling port 1 I tried with an usb mouse and an usb stick, and everything is fine: uhidev0 at uhub3 port 4 configuration 1 interface 0 Logitech USB-PS/2 Optical Mouse rev 2.00/20.00 addr 3 uhidev0: iclass 3/1 ums0 at uhidev0: 3 buttons, Z dir wsmouse1 at ums0 mux 0 umass0 at uhub3 port 3 configuration 1 interface 0 Verbatim Store 'n' Go rev 2.00/1.00 addr 4 umass0: using SCSI over Bulk-Only scsibus3 at umass0: 2 targets, initiator 0 sd1 at scsibus3 targ 1 lun 0: VBTM, Store 'n' Go, 1.04 SCSI0 0/direct removable serial.08ec0008DB5160201949 sd1: 979MB, 512 bytes/sector, 2004992 sectors The device in question is a Android phone, a Xiaomi Mi 1s. Does anyhave this kind of trouble? dmesg: OpenBSD 5.4-current (GENERIC.MP) #1: Mon Aug 12 20:16:33 PDT 2013 r...@morgaine.smi.sendmail.com:/usr/src/sys/arch/amd64/compile/GENERIC.MP RTC BIOS diagnostic error 30config_unit,memory_size real mem = 4066766848 (3878MB) avail mem = 3950325760 (3767MB) mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.6 @ 0xf25e0 (66 entries) bios0: vendor Dell Inc. version A07 date 11/18/2010 bios0: Dell Inc. Latitude E5410 acpi0 at bios0: rev 2 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP APIC MCFG TCPA HPET BOOT SLIC SSDT acpi0: wakeup devices AGP_(S4) P0P1(S4) UAR1(S3) HDEF(S4) PXSX(S4) RP01(S4) PXSX(S4) RP02(S4) PXSX(S4) RP03(S4) PXSX(S4) RP04(S4) PXSX(S4) RP05(S4) PXSX(S4) RP06(S4) [...] acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Core(TM) i3 CPU M 370 @ 2.40GHz, 2394.41 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,POPCNT,NXE,LONG,LAHF,PERF,ITSC cpu0: 256KB 64b/line 8-way L2 cache cpu0: smt 0, core 0, package 0 cpu0: apic clock running at 133MHz cpu1 at mainbus0: apid 4 (application processor) cpu1: Intel(R) Core(TM) i3 CPU M 370 @ 2.40GHz, 2394.01 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,POPCNT,NXE,LONG,LAHF,PERF,ITSC cpu1: 256KB 64b/line 8-way L2 cache cpu1: smt 0, core 2, package 0 cpu2 at mainbus0: apid 1 (application processor) cpu2: Intel(R) Core(TM) i3 CPU M 370 @ 2.40GHz, 2394.01 MHz cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,POPCNT,NXE,LONG,LAHF,PERF,ITSC cpu2: 256KB 64b/line 8-way L2 cache cpu2: smt 1, core 0, package 0 cpu3 at mainbus0: apid 5 (application processor) cpu3: Intel(R) Core(TM) i3 CPU M 370 @ 2.40GHz, 2394.01 MHz cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,POPCNT,NXE,LONG,LAHF,PERF,ITSC cpu3: 256KB 64b/line 8-way L2 cache cpu3: smt 1, core 2, package 0 ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins acpimcfg0 at acpi0 addr 0xf800, bus 0-63 acpihpet0 at acpi0: 14318179 Hz acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus -1 (AGP_) acpiprt2 at acpi0: bus 12 (P0P1) acpiprt3 at acpi0: bus 1 (RP01) acpiprt4 at acpi0: bus 2 (RP02) acpiprt5 at acpi0: bus 3 (RP03) acpiprt6 at acpi0: bus 5 (RP04) acpiprt7 at acpi0: bus -1 (RP05) acpiprt8 at acpi0: bus 11 (RP06) acpiprt9 at acpi0: bus -1 (RP07) acpiprt10 at acpi0: bus -1 (RP08) acpiprt11 at acpi0: bus -1 (PEG3) acpiprt12 at acpi0: bus -1 (PEG5) acpiec0 at acpi0 acpicpu0 at acpi0: C3, C1, PSS acpicpu1 at acpi0: C3, C1, PSS acpicpu2 at acpi0: C3, C1, PSS acpicpu3 at acpi0: C3, C1, PSS acpibtn0 at acpi0: LID_ acpibtn1 at acpi0: PBTN acpibtn2 at acpi0: SBTN acpiac0 at acpi0: AC unit online acpibat0 at acpi0: BAT0 model DELL PW64011 serial 3460 type LION oem Sanyo acpibat1 at acpi0: BAT1 not present acpivideo0 at acpi0: VID_ acpivideo1 at acpi0: VID_ acpivout0 at acpivideo1: LCD_ cpu0: Enhanced SpeedStep 2394 MHz: speeds: 2399, 2266, 2133, 1999, 1866, 1733, 1599, 1466, 1333, 1199, 1066, 933 MHz pci0 at mainbus0 bus 0 vga1 at pci0 dev 2 function 0 Intel HD Graphics rev 0x02 intagp0 at vga1 agp0 at intagp0: aperture at 0xe000, size 0x1000 inteldrm0 at vga1 drm0 at inteldrm0 inteldrm0: 1440x900 wsdisplay0 at vga1 mux 1: console (std, vt100 emulation) wsdisplay0: screen 1-5 added (std, vt100 emulation) Intel 3400 MEI rev 0x06 at pci0 dev 22 function 0 not configured ehci0 at pci0 dev 26 function 0 Intel 3400 USB rev 0x05: apic 2 int 16 usb0 at ehci0: USB revision 2.0 uhub0 at usb0 Intel EHCI root
Re: is it possible to block BT.UTP traffic in PF ?
Илья Шипицин chipitsine at gmail.com writes: I'm investigating whether it is possible to block certain UDP signatures ? Maybe, I'd like not to block them, but lower priority using ALTQ, for instance, this kind of traffic: http://www.wireshark.org/docs/dfref/b/bt-utp.html traffic signatures are known. Long time ago I have had success with sort out known-needed-for-work traffic and put the rest into low priority queue policy. Signatures can change over time, regular users inside a network will be asking power users to setup proxies and so on. At some point, I ended up with a configuration where the rest was a torrents/skype. Much easier to maintain. skype people hating torrent people was not my problem, teach torrent people about respect and usage of limit knobs.
relayd crash
Hello, I'm experiencing a strange behavior of relayd. relayd is used for reverse-proxy an Apache[localhost] web server instance and ssl acceleration. relayd engine crashes with the following errors: $ cat /var/log/daemon Aug 21 04:41:47 www-apps-int relayd[1592]: pfe exiting, pid 1592 Aug 21 04:41:47 www-apps-int relayd[24962]: hce exiting, pid 24962 Aug 21 04:41:47 www-apps-int relayd[19232]: lost child: relay terminated; signal 11 Aug 21 04:41:47 www-apps-int relayd[19232]: parent terminating, pid 19232 Aug 21 04:41:47 www-apps-int relayd[17554]: relay exiting, pid 17554 ... It seems that the crash is associated with a scan from ip address ranges of Qualys. $ cat /var/www/logs/access_log ... [LAST ENTRY]: 64.39.111.34 - - [21/Aug/2013:04:41:47 +0300] GET /post-nuke/html/ HTTP/1.1 404 221 - - The crash happened in the same time with last entry access from Qualys. It is the last because relayd crashed. There is a total of 1010 connections from that ip, with a number of connections/second between 3 and 10. The machine is OpenBSD 5.3/amd64 GENERIC.MP $ sudo cat /etc/relayd.conf ext_addr=10.10.13.93 table webhosts { 127.0.0.1 } # # Relay and protocol for HTTP layer 7 loadbalancing and SSL acceleration # http protocol www_ssl_prot { header append $REMOTE_ADDR to X-Forwarded-For header append $SERVER_ADDR:$SERVER_PORT to X-Forwarded-By header change Connection to close # Various TCP performance options tcp { nodelay, sack, socket buffer 65536, backlog 128 } #ssl { ciphers RC4:HIGH:!AES256-SHA:!AES128-SHA:!DES-CBC3-SHA:!MD5:!aNULL:!EDH } ssl { ciphers HIGH } #ssl { no sslv2, sslv3, tlsv1, ciphers HIGH } ssl session cache disable } relay www_ssl { # Run as a SSL accelerator listen on $ext_addr port 443 ssl protocol www_ssl_prot # Forward to hosts in the webhosts table using a src/dst hash forward to webhosts port 8080 } In /etc/pf.conf I have the following rules (for www): ext_if=trunk0 www_ports_ext = {80, 443} altq on $ext_if cbq bandwidth 20Mb queue {std, interne, externe} queue std bandwidth 1000Kb cbq(default) queue externe bandwidth 5Mb {web, app, penalty} queue web bandwidth 94% priority 5 cbq(borrow red) queue app bandwidth 5% priority 7 cbq(borrow red) queue penalty bandwidth 6Kb priority 0 cbq queue interne bandwidth 14Mb {ssh, servicii} queue ssh bandwidth 8Mb cbq(borrow) {ssh_prio, ssh_bulk} queue ssh_prio bandwidth 20% priority 7 cbq(borrow) queue ssh_bulk bandwidth 80% priority 0 cbq(borrow) queue servicii bandwidth 6Mb priority 5 cbq(borrow red) pass in quick log on $ext_if inet proto tcp from www_bad_hosts to any port $www_ports_ext queue penalty # # WWW extern # table web_allowed contains some ip ranges for testing purposes; it will be replaced by keyword 'any' in production # pass in inet proto tcp from web_allowed to ($ext_if) port $www_ports_ext flags S/SA keep state\ (max-src-conn-rate 100/10, \ max-src-nodes 500, max-src-states 250, source-track rule, \ overload www_bad_hosts flush global) queue web $ sudo pfctl -t www_bad_hosts -T show $ Table www_bad_hosts is empty, so the thresholds in the rule above are not met. What could cause this behavior? From the logs seems that pfe child process triggers the crash, that is why I send the relevant www pf rules. Please if somebody could guide me in the right direction of fixing this. Thank you in advanced, Bogdan
Re: relayd crash
Bogdan Andu bog09 at yahoo.com writes: machine is OpenBSD 5.3/amd64 GENERIC.MP relayd on 5.3 is buggy. you either need newer version, or backport a fix.
Re: relayd crash
From: Alexey E. Suslikov alexey.susli...@gmail.com To: misc@openbsd.org Sent: Wednesday, August 21, 2013 11:40 AM Subject: Re: relayd crash Bogdan Andu bog09 at yahoo.com writes: machine is OpenBSD 5.3/amd64 GENERIC.MP relayd on 5.3 is buggy. you either need newer version, or backport a fix. so, between the following two options what is the best (given the fact the machine is OpenBSD 5.3)? 1. checkout in 5.3 from current, compile and install on 5.3; 2. checkout in 5.3 relayd with tag OPENBSD_5_2, compile and install in 5.3 Bogdan
Re: relayd crash
Bogdan Andu bog09 at yahoo.com writes: From: Alexey E. Suslikov alexey.suslikov at gmail.com To: misc at openbsd.org Sent: Wednesday, August 21, 2013 11:40 AM Subject: Re: relayd crash Bogdan Andu bog09 at yahoo.com writes: machine is OpenBSD 5.3/amd64 GENERIC.MP relayd on 5.3 is buggy. you either need newer version, or backport a fix. so, between the following two options what is the best (given the fact the machine is OpenBSD 5.3)? 1. checkout in 5.3 from current, compile and install on 5.3; -current is not directly compatible with older releases due to time_t switch. 2. checkout in 5.3 relayd with tag OPENBSD_5_2, compile and install in 5.3 haven't tried by myself, cause I follow -current in most cases. search archives for relayd crash, I remember people cherry picking the diff.
Re: relayd crash
On 2013 Aug 21 (Wed) at 02:16:32 -0700 (-0700), Bogdan Andu wrote: : : From: Alexey E. Suslikov alexey.susli...@gmail.com :To: misc@openbsd.org :Sent: Wednesday, August 21, 2013 11:40 AM :Subject: Re: relayd crash : : :Bogdan Andu bog09 at yahoo.com writes: : : machine is OpenBSD 5.3/amd64 GENERIC.MP : :relayd on 5.3 is buggy. you either need newer version, :or backport a fix. : :so, between the following two options what is the best (given the fact the machine is OpenBSD 5.3)? : :1. checkout in 5.3 from current, compile and install on 5.3; :2. checkout in 5.3 relayd with tag OPENBSD_5_2, compile and install in 5.3 : :Bogdan : Checkout the stable branch on OPENBSD_5_3 as it already has a fix for relayd. http://www.openbsd.org/stable.html -- A long-forgotten loved one will appear soon. Buy the negatives at any price.
Re: relayd crash
I tried relayd -current and crashed with the error: pwd: /usr/src/usr.sbin/relayd $ sudo ./relayd -f /etc/relayd.conf -d . A LOT OF LOGS relay www_ssl, session 1368 (1 active), 0, 64.39.111.90 - :0, SSL accept error relay www_ssl, session 1369 (1 active), 0, 64.39.111.90 - 127.0.0.1:8080, done pfe exiting, pid 8360 lost child: relay terminated; signal 11 hce exiting, pid 18726 parent terminating, pid 2704 now I am trying relayd from patch branch - OPENBSD_5_3 and see what happens relaunched the free qualys scan I let you know the results when the scan finishes From: Peter Hessler phess...@theapt.org To: Bogdan Andu bo...@yahoo.com Cc: Alexey E. Suslikov alexey.susli...@gmail.com; misc@openbsd.org misc@openbsd.org Sent: Wednesday, August 21, 2013 1:45 PM Subject: Re: relayd crash On 2013 Aug 21 (Wed) at 02:16:32 -0700 (-0700), Bogdan Andu wrote: : : From: Alexey E. Suslikov alexey.susli...@gmail.com :To: misc@openbsd.org :Sent: Wednesday, August 21, 2013 11:40 AM :Subject: Re: relayd crash : : :Bogdan Andu bog09 at yahoo.com writes: : : machine is OpenBSD 5.3/amd64 GENERIC.MP : :relayd on 5.3 is buggy. you either need newer version, :or backport a fix. : :so, between the following two options what is the best (given the fact the machine is OpenBSD 5.3)? : :1. checkout in 5.3 from current, compile and install on 5.3; :2. checkout in 5.3 relayd with tag OPENBSD_5_2, compile and install in 5.3 : :Bogdan : Checkout the stable branch on OPENBSD_5_3 as it already has a fix for relayd. http://www.openbsd.org/stable.html -- A long-forgotten loved one will appear soon. Buy the negatives at any price.
Re: relayd crash
On 2013-08-21, Bogdan Andu bo...@yahoo.com wrote: I tried relayd -current and crashed with the error: pwd: /usr/src/usr.sbin/relayd $ sudo ./relayd -f /etc/relayd.conf -d . A LOT OF LOGS relay www_ssl, session 1368 (1 active), 0, 64.39.111.90 - :0, SSL accept error relay www_ssl, session 1369 (1 active), 0, 64.39.111.90 - 127.0.0.1:8080, done pfe exiting, pid 8360 lost child: relay terminated; signal 11 hce exiting, pid 18726 parent terminating, pid 2704 Build it with debug symbols (make clean, make DEBUG=-g install) and re-run it, then you can attach gdb to the pfe process (use ps to find the correct pid and 'gdb /usr/sbin/relayd' and 'attach pid'. Now when you trigger the crash you should be able to get a backtrace.
Re: Updating past 5.4-current flag day w/ SSH only (amd64, maybe others)
On 2013-08-19, Paul de Weerd we...@weirdnet.nl wrote: | | 12. Re-add packages as per current.html: | | # pkg_add -z -l /root/pkg_list_manual | # pkg_add -za -l /root/pkg_list_full I don't really understand why you're doing the -za dance with the full pkg list. For all those dependencies that were required for the manually installed packages ? Or for all the dependencies of manually added packages that you've since deleted ? It maintains the auto-installed / manually-installed status of packages, rather than putting them all in as manually installed.
Re: relayd crash
ok, I checked out relayd -current, compiled with debug symbols, launched gdb and attached to pfe pid : pwd: /usr/src/usr.sbin/relayd $ sudo gdb ./relayd GNU gdb 6.3 Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type show copying to see the conditions. There is absolutely no warranty for GDB. Type show warranty for details. This GDB was configured as amd64-unknown-openbsd5.3... (gdb) attach 27726 Attaching to program: /usr/src/usr.sbin/relayd/relayd, process 27726 Loaded symbols for /usr/src/usr.sbin/relayd/relayd Reading symbols from /usr/lib/libevent.so.3.1...done. Loaded symbols for /usr/lib/libevent.so.3.1 Reading symbols from /usr/lib/libssl.so.19.0...done. Loaded symbols for /usr/lib/libssl.so.19.0 Reading symbols from /usr/lib/libcrypto.so.22.0...done. Loaded symbols for /usr/lib/libcrypto.so.22.0 Reading symbols from /usr/lib/libutil.so.11.4...done. Loaded symbols for /usr/lib/libutil.so.11.4 Reading symbols from /usr/lib/libc.so.66.2...done. Loaded symbols for /usr/lib/libc.so.66.2 Reading symbols from /usr/libexec/ld.so...done. Loaded symbols for /usr/libexec/ld.so [Switching to thread 1027726] 0x029e250da81a in kevent () at stdin:2 2 stdin: No such file or directory. in stdin Current language: auto; currently asm (gdb) launched qualys scan and now waiting for crash to occur - will take 2 hours. Unfortunately the relayd patch branch failed with the same error, and that is why I tried relayd -current I'll come back with crash results From: Stuart Henderson s...@spacehopper.org To: misc@openbsd.org Sent: Wednesday, August 21, 2013 3:51 PM Subject: Re: relayd crash On 2013-08-21, Bogdan Andu bo...@yahoo.com wrote: I tried relayd -current and crashed with the error: pwd: /usr/src/usr.sbin/relayd $ sudo ./relayd -f /etc/relayd.conf -d . A LOT OF LOGS relay www_ssl, session 1368 (1 active), 0, 64.39.111.90 - :0, SSL accept error relay www_ssl, session 1369 (1 active), 0, 64.39.111.90 - 127.0.0.1:8080, done pfe exiting, pid 8360 lost child: relay terminated; signal 11 hce exiting, pid 18726 parent terminating, pid 2704 Build it with debug symbols (make clean, make DEBUG=-g install) and re-run it, then you can attach gdb to the pfe process (use ps to find the correct pid and 'gdb /usr/sbin/relayd' and 'attach pid'. Now when you trigger the crash you should be able to get a backtrace.
Re: Updating past 5.4-current flag day w/ SSH only (amd64, maybe others)
On 08/20/2013 06:22 PM, Moritz Grimm wrote: Reverse the list of files and you won't need your /bin54/tar (and you can continue using gzip'ed tarballs). In fact, all you really need is to stick base54 at the end of the list. Yes, even though that deviates from the order the installer uses. The results are probably the same, but I would want to double-check that first. Also, the order is so engrained from years of typing them, I often try to include the misc set after comp ... We've been suggesting base last in the upgrade instructions since upgrade47.html It's been double checked for a number of releases over a number of years now. Please...don't invent new processes, enhance existing ones. We got 20 platforms now. Worked for me on this one is really not the direction we want to be going. The existing upgrade instructions for remote systems are built around exactly this type of concern, so that the process changes as little as possible from release to release. Most of the time, not an issue. Once in a while, it is. But we always tell people save the old reboot, un-tar baseXX.tgz last so things like this aren't as big of changes, and add version specific stuff as needed. Nick.
Re: ssh/sftp performance
On Wed, Aug 21, 2013 at 01:29:50AM -0300, Hugo Osvaldo Barrera wrote: [...] I noticed my CPU supports AES, but not AESNI, so at first, I though that that might be using up all my CPU, but that only accounts for for 48% of CPU usage. Is there anything else I can do to improve performance? Try one of the faster MACs (umac...@openssh.com is probably going to be the fastest one but you might want to try the others too). -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.
Re: relayd crash
On 2013/08/21 06:32, Bogdan Andu wrote: [Switching to thread 1027726] 0x029e250da81a in kevent () at stdin:2 2 stdin: No such file or directory. in stdin Current language: auto; currently asm (gdb) oh, I forgot, you will need to continue here ;) launched qualys scan and now waiting for crash to occur - will take 2 hours. Unfortunately the relayd patch branch failed with the same error, and that is why I tried relayd -current I'll come back with crash results ━━━ From: Stuart Henderson s...@spacehopper.org To: misc@openbsd.org Sent: Wednesday, August 21, 2013 3:51 PM Subject: Re: relayd crash On 2013-08-21, Bogdan Andu bo...@yahoo.com wrote: I tried relayd -current and crashed with the error: pwd: /usr/src/usr.sbin/relayd $ sudo ./relayd -f /etc/relayd.conf -d . A LOT OF LOGS relay www_ssl, session 1368 (1 active), 0, 64.39.111.90 - :0, SSL accept error relay www_ssl, session 1369 (1 active), 0, 64.39.111.90 - 127.0.0.1:8080, done pfe exiting, pid 8360 lost child: relay terminated; signal 11 hce exiting, pid 18726 parent terminating, pid 2704 Build it with debug symbols (make clean, make DEBUG=-g install) and re-run it, then you can attach gdb to the pfe process (use ps to find the correct pid and 'gdb /usr/sbin/relayd' and 'attach pid'. Now when you trigger the crash you should be able to get a backtrace.
Re: Updating past 5.4-current flag day w/ SSH only (amd64, maybe others)
On Wed, Aug 21, 2013 at 12:55:26PM +, Stuart Henderson wrote: | On 2013-08-19, Paul de Weerd we...@weirdnet.nl wrote: | | | | 12. Re-add packages as per current.html: | | | | # pkg_add -z -l /root/pkg_list_manual | | # pkg_add -za -l /root/pkg_list_full | | I don't really understand why you're doing the -za dance with the full | pkg list. For all those dependencies that were required for the | manually installed packages ? Or for all the dependencies of manually | added packages that you've since deleted ? | | It maintains the auto-installed / manually-installed status of packages, | rather than putting them all in as manually installed. Wouldn't all dependencies be automatically installed with the first command anyway ? Thereby maintaining the auto-installed / manually-installed status of packages as you suggest ? The only difference is that orphaned dependencies get reinstalled. If that is what you want (i.e. you want those dependencies installed), you should find out about them being marked as auto-installed by not having them after your upgrade and then manually install them. Paul 'WEiRD' de Weerd -- [++-]+++.+++[---].+++[+ +++-].++[-]+.--.[-] http://www.weirdnet.nl/
Re: ssh/sftp performance
Darren Tucker dtuc...@zip.com.au wrote: I noticed my CPU supports AES, but not AESNI, so at first, I though that that might be using up all my CPU, but that only accounts for for 48% of CPU usage. Is there anything else I can do to improve performance? Try one of the faster MACs (umac...@openssh.com is probably going to be the fastest one but you might want to try the others too). It's definitely the fastest. It's even the fastest if you have AESNI. (It might not be on 32-bit sparc.) -- Christian naddy Weisgerber na...@mips.inka.de
Re: Updating past 5.4-current flag day w/ SSH only (amd64, maybe others)
On 2013 Aug 21 (Wed) at 17:12:56 +0200 (+0200), Paul de Weerd wrote: :On Wed, Aug 21, 2013 at 12:55:26PM +, Stuart Henderson wrote: :| On 2013-08-19, Paul de Weerd we...@weirdnet.nl wrote: :| | :| | 12. Re-add packages as per current.html: :| | :| | # pkg_add -z -l /root/pkg_list_manual :| | # pkg_add -za -l /root/pkg_list_full :| :| I don't really understand why you're doing the -za dance with the full :| pkg list. For all those dependencies that were required for the :| manually installed packages ? Or for all the dependencies of manually :| added packages that you've since deleted ? :| :| It maintains the auto-installed / manually-installed status of packages, :| rather than putting them all in as manually installed. : :Wouldn't all dependencies be automatically installed with the first :command anyway ? Thereby maintaining the auto-installed / :manually-installed status of packages as you suggest ? : autoconf-* cmake etc, etc -- Isn't it interesting that the same people who laugh at science fiction listen to weather forecasts and economists? -- Kelvin Throop III
Re: ssh/sftp performance
On 2013-08-21 15:28, Christian Weisgerber wrote: Darren Tucker dtuc...@zip.com.au wrote: I noticed my CPU supports AES, but not AESNI, so at first, I though that that might be using up all my CPU, but that only accounts for for 48% of CPU usage. Is there anything else I can do to improve performance? Try one of the faster MACs (umac...@openssh.com is probably going to be the fastest one but you might want to try the others too). Yup, I've shifted the speed up to 13.6MBps, which is quite an improvement! I had somehow understood that the default was the fastest (my mistake). Thanks! It's definitely the fastest. It's even the fastest if you have AESNI. Sadly, my hardware doesn't support AESNI. Would something like a Soekris 1401(hifn) make up for that, or am I mixing stuff up? (It might not be on 32-bit sparc.) -- Christian naddy Weisgerber na...@mips.inka.de -- Hugo Osvaldo Barrera [demime 1.01d removed an attachment of type application/pgp-signature]
Re: relayd crash
yes. we waiting for tests to finish - I launched 3 concurrent tests. tomorrow I'll give you the results. From: Stuart Henderson s...@spacehopper.org To: Bogdan Andu bo...@yahoo.com Cc: misc@openbsd.org misc@openbsd.org Sent: Wednesday, August 21, 2013 6:06 PM Subject: Re: relayd crash On 2013/08/21 06:32, Bogdan Andu wrote: [Switching to thread 1027726] 0x029e250da81a in kevent () at stdin:2 2Â Â Â stdin: No such file or directory. Â Â Â Â in stdin Current language:Â auto; currently asm (gdb) oh, I forgot, you will need to continue here ;) launched qualys scan and now waiting for crash to occur - will take 2 hours. Unfortunately the relayd patch branch failed with the same error, and that is why I tried relayd -current I'll come back with crash results ââââââââââââââââââââââââââ ââââââââââââââââââââââââââ âââââââââââââââââââ From: Stuart Henderson s...@spacehopper.org To: misc@openbsd.org Sent: Wednesday, August 21, 2013 3:51 PM Subject: Re: relayd crash On 2013-08-21, Bogdan Andu bo...@yahoo.com wrote: I tried relayd -current and crashed with the error: pwd: /usr/src/usr.sbin/relayd $ sudo ./relayd -f /etc/relayd.conf -d . A LOT OF LOGS relay www_ssl, session 1368 (1 active), 0, 64.39.111.90 - :0, SSL accept error relay www_ssl, session 1369 (1 active), 0, 64.39.111.90 - 127.0.0.1:8080, done pfe exiting, pid 8360 lost child: relay terminated; signal 11 hce exiting, pid 18726 parent terminating, pid 2704 Build it with debug symbols (make clean, make DEBUG=-g install) and re-run it, then you can attach gdb to the pfe process (use ps to find the correct pid and 'gdb /usr/sbin/relayd' and 'attach pid'. Now when you trigger the crash you should be able to get a backtrace.
how to aggregate a single TCP connection, is posible?
Is there a way to duplicate the throughput of a single TCP connection using two servers having two gigabit NICs? I have tried using LACP but I cannot get more than 900MB of throughput... dmesg both servers are equal: OpenBSD 5.2 (GENERIC.MP) #368: Wed Aug 1 10:04:49 MDT 2012 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 2141519872 (2042MB) avail mem = 2062200832 (1966MB) mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.4 @ 0x7fb9c000 (64 entries) bios0: vendor Dell Inc. version 2.0.1 date 10/27/2007 bios0: Dell Inc. PowerEdge 2950 acpi0 at bios0: rev 2 acpi0: sleep states S0 S4 S5 acpi0: tables DSDT FACP APIC SPCR HPET MCFG WDAT SLIC ERST HEST BERT EINJ TCPA acpi0: wakeup devices PCI0(S5) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Xeon(R) CPU E5310 @ 1.60GHz, 1596.16 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,TM2,SSSE3,CX16,xTPR,PDCM,DCA,NXE,LONG,LAHF cpu0: 4MB 64b/line 16-way L2 cache cpu0: apic clock running at 265MHz cpu1 at mainbus0: apid 1 (application processor) cpu1: Intel(R) Xeon(R) CPU E5310 @ 1.60GHz, 1595.93 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,TM2,SSSE3,CX16,xTPR,PDCM,DCA,NXE,LONG,LAHF cpu1: 4MB 64b/line 16-way L2 cache cpu2 at mainbus0: apid 2 (application processor) cpu2: Intel(R) Xeon(R) CPU E5310 @ 1.60GHz, 1595.93 MHz cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,TM2,SSSE3,CX16,xTPR,PDCM,DCA,NXE,LONG,LAHF cpu2: 4MB 64b/line 16-way L2 cache cpu3 at mainbus0: apid 3 (application processor) cpu3: Intel(R) Xeon(R) CPU E5310 @ 1.60GHz, 1595.93 MHz cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,TM2,SSSE3,CX16,xTPR,PDCM,DCA,NXE,LONG,LAHF cpu3: 4MB 64b/line 16-way L2 cache ioapic0 at mainbus0: apid 4 pa 0xfec0, version 20, 24 pins ioapic0: misconfigured as apic 0, remapped to apid 4 ioapic1 at mainbus0: apid 5 pa 0xfec81000, version 20, 24 pins ioapic1: misconfigured as apic 0, remapped to apid 5 acpihpet0 at acpi0: 14318179 Hz acpimcfg0 at acpi0 addr 0xe000, bus 0-255 acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 6 (PEX2) acpiprt2 at acpi0: bus 7 (UPST) acpiprt3 at acpi0: bus 8 (DWN1) acpiprt4 at acpi0: bus 10 (DWN2) acpiprt5 at acpi0: bus 1 (PEX3) acpiprt6 at acpi0: bus 2 (PE2P) acpiprt7 at acpi0: bus 12 (PEX4) acpiprt8 at acpi0: bus 14 (PEX6) acpiprt9 at acpi0: bus 4 (SBEX) acpiprt10 at acpi0: bus 16 (COMP) acpicpu0 at acpi0: C3 acpicpu1 at acpi0: C3 acpicpu2 at acpi0: C3 acpicpu3 at acpi0: C3 ipmi at mainbus0 not configured pci0 at mainbus0 bus 0 pchb0 at pci0 dev 0 function 0 Intel 5000X Host rev 0x12 ppb0 at pci0 dev 2 function 0 Intel 5000 PCIE rev 0x12 pci1 at ppb0 bus 6 ppb1 at pci1 dev 0 function 0 Intel 6321ESB PCIE rev 0x01 pci2 at ppb1 bus 7 ppb2 at pci2 dev 0 function 0 Intel 6321ESB PCIE rev 0x01 pci3 at ppb2 bus 8 ppb3 at pci3 dev 0 function 0 ServerWorks PCIE-PCIX rev 0xc3 pci4 at ppb3 bus 9 bnx0 at pci4 dev 0 function 0 Broadcom BCM5708 rev 0x12: apic 4 int 16 ppb4 at pci2 dev 1 function 0 Intel 6321ESB PCIE rev 0x01: msi pci5 at ppb4 bus 10 ppb5 at pci1 dev 0 function 3 Intel 6321ESB PCIE-PCIX rev 0x01 pci6 at ppb5 bus 11 ppb6 at pci0 dev 3 function 0 Intel 5000 PCIE rev 0x12 pci7 at ppb6 bus 1 ppb7 at pci7 dev 0 function 0 Intel IOP333 PCIE-PCIX rev 0x00 pci8 at ppb7 bus 2 mfi0 at pci8 dev 14 function 0 Dell PERC 5 rev 0x00: apic 5 int 14, 0x1f031028 mfi0: logical drives 1, version 5.2.1-0067, 256MB RAM scsibus0 at mfi0: 1 targets sd0 at scsibus0 targ 0 lun 0: DELL, PERC 5/i, 1.03 SCSI3 0/direct fixed naa.6001c230daeb98001352781c17f970ff sd0: 278784MB, 512 bytes/sector, 570949632 sectors ppb8 at pci7 dev 0 function 2 Intel IOP333 PCIE-PCIX rev 0x00 pci9 at ppb8 bus 3 ppb9 at pci0 dev 4 function 0 Intel 5000 PCIE x8 rev 0x12: msi pci10 at ppb9 bus 12 ppb10 at pci0 dev 5 function 0 Intel 5000 PCIE rev 0x12 pci11 at ppb10 bus 13 ppb11 at pci0 dev 6 function 0 Intel 5000 PCIE x8 rev 0x12: msi pci12 at ppb11 bus 14 ppb12 at pci0 dev 7 function 0 Intel 5000 PCIE rev 0x12 pci13 at ppb12 bus 15 Intel I/OAT rev 0x12 at pci0 dev 8 function 0 not configured pchb1 at pci0 dev 16 function 0 Intel 5000 Error Reporting rev 0x12 pchb2 at pci0 dev 16 function 1 Intel 5000 Error Reporting rev 0x12 pchb3 at pci0 dev 16 function 2 Intel 5000 Error Reporting rev 0x12 pchb4 at pci0 dev 17 function 0 Intel 5000 Reserved rev 0x12 pchb5 at pci0 dev 19 function 0 Intel 5000 Reserved rev 0x12 pchb6 at pci0 dev 21 function 0 Intel 5000 FBD rev 0x12 pchb7 at pci0 dev 22 function 0 Intel 5000 FBD rev 0x12 ppb13 at pci0 dev 28