Re: A suggestion for snapshots
I think the issue is more about space than bandwidth. It's after all only the mirrors that would downloads both base snapshots. A normal snapshot user would only use one of the bases. On the opposite, it would save some bandwidth, as I'm probably not the only one that has been sometimes downloading the whole package and base folder during package freeze to have something in sync for new installs during the time when base might be out of sync for longer times. Original message From: Theo de Raadt dera...@cvs.openbsd.org Date: 07/09/2013 06:13 (GMT+02:00) To: Amit Kulkarni amitk...@gmail.com Cc: Lars Engblom lars.engb...@kimitotelefon.fi,misc misc@openbsd.org Subject: Re: A suggestion for snapshots On Fri, Sep 6, 2013 at 7:14 AM, Lars Engblom lars.engb...@kimitotelefon.fiwrote: Quite often the snapshot of the packages and the base system are out of sync, because naturally, the base has to be built before packages. For example in this moment, as I write this, Firefox can not be installed in a new system installed from snapshots, as the packages are compiled against an older snapshot (amd64) If there are just space on the ftp servers, I would suggest keeping two snapshots: one complete with both base and packages (always in sync) and one with just the newest base. This would make life easier for people following snapshots. Regards,  Lasse The problem with ports is that even with a build farm, the ports guy has to make sure dpb runs to the end. In the best case, a dpb run WITHOUT problems to the end takes atleast a day with a fast quad core machine. gcc4, JDK 1.6 + 1.7, GTK+2, GTK+3, Qt4, Webkit, Firefox are some of the worst ports in terms of build time and the largest offender Libreoffice which alone takes 4-6 hrs of all quad cores (Xeon E3-1230v2 3.3GHz). I might have missed some offenders, I just built a subset, experienced porters who handle the whole tree know better than me which ones are also worthy candidates. Finding and fixing port problems takes a minimum of 2 and I am guessing typically 4 days to pump out a wholly built ports tree, on a extremely fast arch like amd64. By which time the userland, kernel and xenocara have changed a lot underneath. Hence, you get these mismatches from time to time. It is not catastrophic, solution is to wait for the next snap. Even if the ports build machine untars userland, kernel, xenocara, running dpb again may force rebuilds or sometimes not. Anyone want to pay for a faster network link? Step up -- then we can solve this problem easily.
uaudio0: audio descriptors make no sense, with Schiit Bifrost USB DAC
Hi, I have a Schiit Bifrost USB DAC that includes an uaudio device for audio playback. When I plug the device in I'm getting uaudio0: audio descriptors make no sense, error=4. Any suggestions on how to make this work? Here are the relevant lines from usbdevs -v (debugging enabled for uaudio): Controller /dev/usb0: addr 1: high speed, self powered, config 1, EHCI root hub(0x), Intel(0x8086), rev 1.00 port 1 addr 2: high speed, power 100 mA, config 1, Schiit USB Audio Device(0x0319), Schiit(0x0d8c), rev 1.02 port 2 powered port 3 powered port 4 powered port 5 powered port 6 powered Here are the relevant lines from dmesg: uaudio0 at uhub0 port 1 configuration 1 interface 0 Schiit Schiit USB Audio Device rev 2.00/1.02 addr 2 uaudio_identify_ac: AC interface is 0 uaudio0: audio descriptors make no sense, error=4 uhidev0 at uhub0 port 1 configuration 1 interface 2 Schiit Schiit USB Audio Device rev 2.00/1.02 addr 2 uhidev0: iclass 3/0 uhid0 at uhidev0: input=16, output=16, feature=0 ugen0 at uhub0 port 1 configuration 1 Schiit Schiit USB Audio Device rev 2.00/1.02 addr 2 Here is the uname -a output: OpenBSD goofy.bunix.org 5.3 GENERIC#0 i386 Kind regards, Martijn Rijkeboer
Re: ISAKMPD NAT/Traversal
Von: owner-m...@openbsd.org [owner-m...@openbsd.org]quot; im Auftrag von quot;Stuart Henderson [s...@spacehopper.org] Gesendet: Samstag, 7. September 2013 00:11 An: misc@openbsd.org Betreff: Re: ISAKMPD NAT/Traversal On 2013-09-06, Christoph Leser le...@sup-logistik.de wrote: Hello, list, from a remark by Stuart Henderson on an older thread http://marc.info/?l=openbsd-miscm=134849 788026722w=2 back in September 2012,I understood that NAT-T support in openBSD was not complete at that time, especially the handling of the 'ENCAPSULATION_MODE' attribute in the phase 2 'TRANSFORM'. Sometimes this gets set to a value incompatible with other equipment ( cisco ). Can someone please point me to where I can find more information on this matter. Has anything changed in openBSD with regard to this, will openBSD follow RFC3947 with regard to the encapsulation modes ( or is RFC3947 deas, it seems to be a standard proposal since 2005 ). Mit freundlichen Gr��en Christoph Leser SP Computersysteme GmbH Zettachring 4 70567 Stuttgart Fasanenhof EMail: le...@sup-logistik.de You misunderstand. OpenBSD uses the proper assigned encapsulation mode values from the newer internet-drafts and the published RFC: http://tools.ietf.org/html/draft-ietf-ipsec-nat-t-ike-04#section-5.1 http://tools.ietf.org/html/rfc3947#section-5.1 It is Cisco who use the old encapsulation mode values from the early versions of the internet-draft (marked XXX CHANGE here): http://tools.ietf.org/html/draft-ietf-ipsec-nat-t-ike-03#section-5.1 thanks for the clarification. Does that mean that openBSD sends UDP-Encapsulated-Tunnel (=3) mode when it detects NAT? But the isakmpd.pcap still shows attribute ENCAPSULATION_MODE = TUNNEL in the TRANSFORM payload? I ask because I have problems with a SonicWall behind a Nat on the remote site, which claims that my openBSD TUNNEL(=1) instead of Encapsulated Tunnel(=3).
Help troubleshooting ehci_idone hang.
Since appx. November, 2012, I've had 2 amd64 systems hang while
spewing ehci_idone: ex=0x80.. is done! messages to the
serial console. The hangs are intermittent. The system is
unresponsive to the keyboard and doesn't respond to network ping. A
hardware reset is necessary to regain control.
In order to help troubleshoot, I patched /usr/src/sys/dev/usb/ehci.c
to panic when the forementioned message had occurred 9 times and then
built a custom kernel with EHCI_DEBUG defined. In the past day, the
new panic has occurred on the same machine with both an mp and sp
kernel and I have collected basic ddb information as well as crash
dumps.
Will the ddb results from my patch [below] help troubleshoot the hang?
If so, the largish console logs, usbdevs, pcidump and acpidump are
located at http://arp.thrush.com/openbsd/ehci_idone/x4/.
NB: ehcidebug=0 in the sp session, while ehcidebug=3 or 2 in the mp session.
Setting ehcidebug=3 seemed to hang but I was able to interrupt ddb, set
ehcidebug=2 and continue the ddb session.
I appreciate any help diagnosing this problem.
Thanks, Bob
Index: dev/usb/ehci.c
===
RCS file: /pub2/cvsroot/OpenBSD/src/sys/dev/usb/ehci.c,v
retrieving revision 1.134
diff -u -p -w -b -u -r1.134 ehci.c
--- dev/usb/ehci.c 12 Jun 2013 11:42:01 - 1.134
+++ dev/usb/ehci.c 12 Jun 2013 12:47:18 -
@@ -81,6 +81,8 @@ struct cfdriver ehci_cd = {
#define DPRINTF(x) do { if (ehcidebug) printf x; } while(0)
#define DPRINTFN(n,x) do { if (ehcidebug(n)) printf x; } while (0)
int ehcidebug = 0;
+int ehcicount = 0;
+int ehcicount_max = 10; /* panic - use ddb to gather more info before
restarting */
#define bitmask_snprintf(q,f,b,l) snprintf((b), (l), %b, (q), (f))
#else
#define DPRINTF(x)
@@ -808,12 +810,15 @@ ehci_idone(struct ehci_xfer *ex)
{
int s = splhigh();
if (ex-isdone) {
+ if ( ++ehcicount = ehcicount_max ) {
+ panic(ehci_idone: ex is done!\n);
+ }
splx(s);
#ifdef EHCI_DEBUG
- printf(ehci_idone: ex is done!\n );
+ printf(ehci_idone: ex is done!ehcicount=%d\n ,
ehcicount);
ehci_dump_exfer(ex);
#else
- printf(ehci_idone: ex=%p is done!\n, ex);
+ printf(ehci_idone: ex=%p is done!ehcicount=%d\n, ex,
ehcicount);
#endif
return;
}
nat-to static-port chooses random ports
Hi, as far as I understand pf, the following rules should behave exactly the same: pass out log on pppoe0 inet proto udp from mortimer-ipsec port 5061 nat-to (pppoe0) static-port and pass out log on pppoe0 inet proto udp from mortimer-ipsec port 5061 nat-to (pppoe0) port 5061 but they don't: rule 98/(match) pass out on pppoe0: 217.190.89.90.56487 88.215.213.26.5748: udp 2048 resp. rule 98/(match) pass out on pppoe0: 217.190.89.90.5061 62.138.116.3.5748: udp 2048 this is on an OPENBSD_5_4 kernel. -- http://gmerlin.de OpenPGP: http://gmerlin.de/christopher.pub 1917 680A 723C BF3D 2CA3 0E44 7E24 D19F 34B8 2A2A [demime 1.01d removed an attachment of type application/pgp-signature]
Exploits
Hi everyone, I have a feeling that I may get some strong opinions on this question, so please don't flame me or anything, I'm asking because I don't know. Does this document still hold any truth with current OpenBSD; https://www.blackhat.com/presentations/bh-usa-07/Ortega/Whitepaper/bh-usa-07-ortega-WP.pdf Cheers, Andy.
Re: Exploits
Does this document still hold any truth with current OpenBSD; Come on, really? http://www.openbsd.org/errata40.html On Sat, Sep 7, 2013 at 8:13 AM, andy a...@brandwatch.com wrote: Hi everyone, I have a feeling that I may get some strong opinions on this question, so please don't flame me or anything, I'm asking because I don't know. Does this document still hold any truth with current OpenBSD; https://www.blackhat.com/presentations/bh-usa-07/Ortega/Whitepaper/bh-usa-07-ortega-WP.pdf Cheers, Andy.
Re: Exploits
You could've searched the archives. http://www.openbsd.org/errata40.html#m_dup1
Join two overlapping subnets with two way NAT/BINAT
Hi Folks, I've been trying to wrap my head around a problem for a little while and I'm getting nowhere fast so thought I'd ask the experts: Due to a company take over I have two networks, NetA and NetB, that I need to link together for bi directional data sharing etc. Unfortunately both networks use the same IP addressing scheme i.e. 172.16.10.0/24 and neither can changed within the timespan available to me. So I need to setup a PF box which links to both networks and translates between the two. Conceptually I want to have it that from NetA's perspective NetB is 172.16.20.0/24 and from NetB's perspective NetA is 172.16.30.0/24 NetA NetB-NAT (172.16.20.0/24) - NIC1 (172.16.10.254/24) PF Firewall/Route NIC2 (172.16.10.254/24) NetA-NAT (172.16.30.0) - NetB I've read about bitmask on NAT/BITNAT etc and all this looks good the problem however is that this is done on the outgoing interface however given that both the outbound and inbound interfaces share an ip/subnet the packets never get to the outbound interface to be translated. I'm sure there's something completely obvious I'm missing, any help would be much appreciated. Simon
Re: A suggestion for snapshots
On 09/06/13 23:13, Theo de Raadt wrote: On Fri, Sep 6, 2013 at 7:14 AM, Lars Engblom lars.engb...@kimitotelefon.fiwrote: Quite often the snapshot of the packages and the base system are out of sync, because naturally, the base has to be built before packages. For example in this moment, as I write this, Firefox can not be installed in a new system installed from snapshots, as the packages are compiled against an older snapshot (amd64) If there are just space on the ftp servers, I would suggest keeping two snapshots: one complete with both base and packages (always in sync) and one with just the newest base. This would make life easier for people following snapshots. Regards, Lasse The problem with ports is that even with a build farm, the ports guy has to make sure dpb runs to the end. In the best case, a dpb run WITHOUT problems to the end takes atleast a day with a fast quad core machine. gcc4, JDK 1.6 + 1.7, GTK+2, GTK+3, Qt4, Webkit, Firefox are some of the worst ports in terms of build time and the largest offender Libreoffice which alone takes 4-6 hrs of all quad cores (Xeon E3-1230v2 3.3GHz). I might have missed some offenders, I just built a subset, experienced porters who handle the whole tree know better than me which ones are also worthy candidates. Finding and fixing port problems takes a minimum of 2 and I am guessing typically 4 days to pump out a wholly built ports tree, on a extremely fast arch like amd64. By which time the userland, kernel and xenocara have changed a lot underneath. Hence, you get these mismatches from time to time. It is not catastrophic, solution is to wait for the next snap. Even if the ports build machine untars userland, kernel, xenocara, running dpb again may force rebuilds or sometimes not. Anyone want to pay for a faster network link? Step up -- then we can solve this problem easily. OK. How much would it cost per month for faster access? Do you have several options for increased speeds? I smell a fundraiser here--paying for a year's costs in advance. Perhaps then others would come up with larger chunks for future costs. It would certainly be bad to not be able to come up with the funds for the future net costs. I think it should be thought of as another cost, just like new hardware. --STeve Andre'
ZTE USB modem MF110
Hello all, would like to ask if there is anyone on the list that has tried using ZTE 3g Modem on OpenBSD. the kernel (5.1) was able to detect the device: umsm0 at uhub0 port 1 configuration 1 interface 0 ZTE,Incorporated ZTE CDMA Technologies MSM rev 2.00/0.00 addr 2 umsm0 at uhub0 port 1 configuration 1 interface 0 ZTE,Incorporated ZTE CDMA Technologies MSM rev 2.00/0.00 addr 2 umsm1 at uhub0 port 1 configuration 1 interface 1 ZTE,Incorporated ZTE CDMA Technologies MSM rev 2.00/0.00 addr 2 umass0 at uhub0 port 1 configuration 1 interface 2 ZTE,Incorporated ZTE CDMA Technologies MSM rev 2.00/0.00 addr 2 sd0 at scsibus2 targ 1 lun 0: ZTE, MMC Storage, 2.31 SCSI2 0/direct removable serial.19d20031567890ABCDEF umsm2 at uhub0 port 1 configuration 1 interface 3 ZTE,Incorporated ZTE CDMA Technologies MSM rev 2.00/0.00 addr 2 there are some ZTE's on the umsm(4) man pages but not specifically MF110. i can't seem to make it to talk. ZTE AC2746 USB ZTE MF112USB ZTE MF190USB ZTE MF633USB ZTE MF637USB any suggestions or advice is awesomely appreciated. regards, -B -- () ascii ribbon campaign - against html e-mail /\ www.asciiribbon.org - against proprietary attachments Disclaimer: http://goldmark.org/jeff/stupid-disclaimers/
Re: ZTE USB modem MF110
Hello All! thanks if there are any people who would reply back. but I was able to get it to talk # cu -l cuaU1 Connected T OK AT OK thanks again. -B On Sat, Sep 7, 2013 at 3:33 PM, Beavis pfu...@gmail.com wrote: Hello all, would like to ask if there is anyone on the list that has tried using ZTE 3g Modem on OpenBSD. the kernel (5.1) was able to detect the device: umsm0 at uhub0 port 1 configuration 1 interface 0 ZTE,Incorporated ZTE CDMA Technologies MSM rev 2.00/0.00 addr 2 umsm0 at uhub0 port 1 configuration 1 interface 0 ZTE,Incorporated ZTE CDMA Technologies MSM rev 2.00/0.00 addr 2 umsm1 at uhub0 port 1 configuration 1 interface 1 ZTE,Incorporated ZTE CDMA Technologies MSM rev 2.00/0.00 addr 2 umass0 at uhub0 port 1 configuration 1 interface 2 ZTE,Incorporated ZTE CDMA Technologies MSM rev 2.00/0.00 addr 2 sd0 at scsibus2 targ 1 lun 0: ZTE, MMC Storage, 2.31 SCSI2 0/direct removable serial.19d20031567890ABCDEF umsm2 at uhub0 port 1 configuration 1 interface 3 ZTE,Incorporated ZTE CDMA Technologies MSM rev 2.00/0.00 addr 2 there are some ZTE's on the umsm(4) man pages but not specifically MF110. i can't seem to make it to talk. ZTE AC2746 USB ZTE MF112USB ZTE MF190USB ZTE MF633USB ZTE MF637USB any suggestions or advice is awesomely appreciated. regards, -B -- () ascii ribbon campaign - against html e-mail /\ www.asciiribbon.org - against proprietary attachments Disclaimer: http://goldmark.org/jeff/stupid-disclaimers/ -- () ascii ribbon campaign - against html e-mail /\ www.asciiribbon.org - against proprietary attachments Disclaimer: http://goldmark.org/jeff/stupid-disclaimers/
Re: Join two overlapping subnets with two way NAT/BINAT
On 09/07/13 21:32, Simon Slaytor wrote: Hi Folks, I've been trying to wrap my head around a problem for a little while and I'm getting nowhere fast so thought I'd ask the experts: Due to a company take over I have two networks, NetA and NetB, that I need to link together for bi directional data sharing etc. Unfortunately both networks use the same IP addressing scheme i.e. 172.16.10.0/24 and neither can changed within the timespan available to me. So I need to setup a PF box which links to both networks and translates between the two. Conceptually I want to have it that from NetA's perspective NetB is 172.16.20.0/24 and from NetB's perspective NetA is 172.16.30.0/24 NetA NetB-NAT (172.16.20.0/24) - NIC1 (172.16.10.254/24) PF Firewall/Route NIC2 (172.16.10.254/24) NetA-NAT (172.16.30.0) - NetB I've read about bitmask on NAT/BITNAT etc and all this looks good the problem however is that this is done on the outgoing interface however given that both the outbound and inbound interfaces share an ip/subnet the packets never get to the outbound interface to be translated. I'm sure there's something completely obvious I'm missing, any help would be much appreciated. Simon So you have 172.16.10.254 on two interfaces on the same box? I don't think that will end well. I would go with two firewalls, one nats NetA, the other nats NetB and put a link net in between.
EPAVLIS ΚΤΗΜΑ ΠΑΝΑΓΙΩΤΟΠΟΥΛΟΥ BEACH BAR AZUR
http://www.ktimapanagiotopoulou.gr/ http://www.ktimapanagiotopoulou.gr/ http://www.ktimapanagiotopoulou.gr/ ¸íáò ÷þñïò îå÷ùñéóôüò óôï åßäïò ôïõ áíáâéþíåé ýóôåñá áðü ðïëëÜ ÷ñüíéá áíÜìåóá óôï Áßãéï êáé ôçí ÐÜôñá, óôçí ôïðïèåóßá Ëáìðßñé. Óå Ýêôáóç 20 óôñåììÜôùí, áêñéâþò ìðñïóôÜ óôç èÜëáóóá, ç ìáãåõôéêÞ èÝá óôïí Êïñéíèéáêü, ç áéóèçôéêÞ ôçò éóôïñéêÞò Ýðáõëçò ôïõ http://el.wikipedia.org/wiki/%CE%91%CE%BD%CE%B4%CF%81%CE%AD%CE%B1%CF%82_%CE %A0%CE%B1%CE%BD%CE%B1%CE%B3%CE%B9%CF%89%CF%84%CF%8C%CF%80%CE%BF%CF%85%CE%BB% CE%BF%CF%82 ÁíäñÝá Ðáíáãéùôüðïõëïõ, êáôáóêåõÞò ôïõ 1846, ðëÞñùò áíáóêåõáóìÝíçò íá ëåéôïõñãåß êáé ôï ÷åéìþíá, ôï ìïíáäéêü ðåñéâÜëëïí ìå ôïõò åîùôéêïýò öïßíéêåò êáé ôá ÷áëáñùôéêÜ ãáëáæïðñÜóéíá íåñÜ óõíèÝôïõí Ýíá ðñáãìáôéêÜ ðáñáäåéóÝíéï óêçíéêü ïðïý êÜèå óáò éäéùôéêÞ åðßóêåøç Þ êïéíùíéêÞ - åðáããåëìáôéêÞ åêäÞëùóç ãßíåôáé ìïíáäéêÞ! Åðéóêåöôåßôå ìáò áðü êïíôÜ Þ óôï http://www.ktimapanagiotopoulou.gr/ ktimapanagiotopoulou.gr êáé åîåñåõíÞóôå ìáæß ìáò Ýíá ÷þñï äéáöïñåôéêü âãáëìÝíï óáí áðü ðáñáìýèé. Áõôü ôï ìÞíõìá ðëçñåß ôéò ðñïûðïèÝóåéò ôçò ÅõñùðáúêÞò íïìïèåóßáò ðåñß äéáöçìéóôéêþí ìçíõìÜôùí. ÊÜèå ìÞíõìá èá ðñÝðåé íá öÝñåé ôá ðëÞñç óôïé÷åßá ôïõ áðïóôïëÝá åõêñéíþò êáé èá ðñÝðåé íá äßíåé óôïí äÝêôç ôç äõíáôüôçôá äéáãñáöÞò. (Directiva 2002/31/CE) ôïõ Åõñùðáúêïý Êïéíïâïõëßïõ Relative as A5-270/2001 ôïõ Åõñùðáúêïý Êïéíïâïõëßïõ. ÅÜí äåí åðéèõìåßôå íá ëáìâÜíåôå email ãéá ôéò õðçñåóßåò ìáò, ðáñáêáëþ ãñÜøôå ÄÉÁÃÑÁÖÇ êáé áðïóôåßëåôå óôï info mailto:i...@ktimapanagiotopoulou.gr @ktimapanagiotopoulou.gr ATTENTION: The information above is for the sole use of the individual or entity to which it is intended. If you are not the intended recipient of this message, you are hereby notified that any dissemination, distribution or copying of this document is strictly prohibited. The integrity of this message cannot be guaranteed on the Internet. Ktima Panagiotopoulou shall in no way be liable for its content. Please destroy this message and notify the sender. [demime 1.01d removed an attachment of type image/gif which had a name of image001.gif] [demime 1.01d removed an attachment of type image/jpeg which had a name of image002.jpg] [demime 1.01d removed an attachment of type image/jpeg which had a name of image003.jpg]
Re: Join two overlapping subnets with two way NAT/BINAT
On 07/09/2013 23:22, Florian Obser wrote: On 09/07/13 21:32, Simon Slaytor wrote: Hi Folks, I've been trying to wrap my head around a problem for a little while and I'm getting nowhere fast so thought I'd ask the experts: Due to a company take over I have two networks, NetA and NetB, that I need to link together for bi directional data sharing etc. Unfortunately both networks use the same IP addressing scheme i.e. 172.16.10.0/24 and neither can changed within the timespan available to me. So I need to setup a PF box which links to both networks and translates between the two. Conceptually I want to have it that from NetA's perspective NetB is 172.16.20.0/24 and from NetB's perspective NetA is 172.16.30.0/24 NetA NetB-NAT (172.16.20.0/24) - NIC1 (172.16.10.254/24) PF Firewall/Route NIC2 (172.16.10.254/24) NetA-NAT (172.16.30.0) - NetB I've read about bitmask on NAT/BITNAT etc and all this looks good the problem however is that this is done on the outgoing interface however given that both the outbound and inbound interfaces share an ip/subnet the packets never get to the outbound interface to be translated. I'm sure there's something completely obvious I'm missing, any help would be much appreciated. Simon So you have 172.16.10.254 on two interfaces on the same box? I don't think that will end well. I would go with two firewalls, one nats NetA, the other nats NetB and put a link net in between. - No virus found in this message. Checked by AVG - www.avg.com Version: 2013.0.3392 / Virus Database: 3222/6645 - Release Date: 09/07/13 Cheers Florian, Yes I was thinking this myself, just wondering if I could do something with VRF's and PF's route to as a way to avoid this?
How does spam still come through on the list
On misc@, there was a spam that ended up on the list. As the MTA usually does a good enough job at picking spam on openbsd mail server, I have a trust setting that overlooks spam checks. But here is the question: The spam that ended up in yours and mine inbox spent 4796 minutes 21 seconds on shear.ucar.edu. Why was it then after being so long stuck, it was then sent to the list? Here is a screenshot of the headers - https://www.dropbox.com/s/hqkjac9eoyssghz/spamd-not-working-spam.png Bruno Delbono [https://s3.amazonaws.com/uploads.wisestamp.com/e3117d372ccf026c79da12d4e728414e/1377128285.png] | Cognitive Researcher - Human Behavioural Project | Real Sociedad Española De AntropologÃa | Royal Spanish Society Of Anthropology | â: +1 855 253 5436 â: +1 424 354 4700 | â: bruno.delb...@anthropology.eshttp://s.wisestamp.com/links?url=http%3A%2F%2Fs.wisestamp.com%2Flinks%3Furl%3Dmailto%253Abruno.delbono%2540anthropology.es | â: Anthropology.EShttp://s.wisestamp.com/links?url=http%3A%2F%2Fs.wisestamp.com%2Flinks%3Furl%3Dhttp%253A%252F%252FAnthropology.ES⨠| â: bruno.delb...@secure.afhttp://s.wisestamp.com/links?url=http%3A%2F%2Fs.wisestamp.com%2Flinks%3Furl%3Dmailto%253Abruno.delbono%2540Secure.AF | â: Secure.AFhttp://s.wisestamp.com/links?url=http%3A%2F%2Fs.wisestamp.com%2Flinks%3Furl%3Dhttps%253A%252F%252Fsecure.af%252F | â: Mail.AC http://s.wisestamp.com/links?url=http%3A%2F%2Fs.wisestamp.com%2Flinks%3Furl%3Dhttp%253A%252F%252Fwww.mail.ac%252F [demime 1.01d removed an attachment of type image/jpeg which had a name of image001.jpg]
Re: Join two overlapping subnets with two way NAT/BINAT
On Sun, Sep 08, 2013 at 12:47:28AM +0100, Simon Slaytor wrote: On 07/09/2013 23:22, Florian Obser wrote: So you have 172.16.10.254 on two interfaces on the same box? I don't think that will end well. I would go with two firewalls, one nats NetA, the other nats NetB and put a link net in between. Yes I was thinking this myself, just wondering if I could do something with VRF's and PF's route to as a way to avoid this? Of course, you can do this with rdomains and PF on OpenBSD. I attached an example below. The PF bits can probably be simplified, but I currently don't remember if there was a nicer way to do this. This example has some limitations when it comes to the gateway itself; you cannot reach the gateway address from the remote side (172.16.20.1 from NET_A). # ifconfig em0 rdomain 1 172.16.10.1/24 # ifconfig em1 rdomain 2 172.16.10.1/24 /etc/pf.conf: ---snip--- net_a_if=em0 net_b_if=em1 block in pass out pass in on rdomain 1 to 172.16.20.0/24 rdr-to 172.16.10.0/24 bitmask \ route-to $net_b_if tag NET_A rtable 2 pass out on rdomain 2 nat-to 172.16.30.0/24 static-port bitmask tagged NET_A pass in on rdomain 2 to 172.16.30.0/24 rdr-to 172.16.10.0/24 bitmask \ route-to $net_a_if tag NET_B rtable 1 pass out on rdomain 1 nat-to 172.16.20.0/24 static-port bitmask tagged NET_B ---snap--- Reyk
Re: Hard Freeze with Snapshots After Aug 19 on ThinkPad X1 Carbon
On 09/02, Gabriel Guzman wrote: On 08/30, Bryan Vyhmeister wrote: I'm running OpenBSD/amd64 5.4-current with GENERIC.MP from 2013/08/19 downloaded from the mirrors on a Levovo ThinkPad X1 Carbon. Both snapshots I have tried (2013/08/25 and 2013/08/29) after the 19th have resulted in hard system freezes every few hours. I don't have any logs or anything else that indicate a hard freeze but everything just hard freezes. I first noticed because I left the ThinkPad running overnight on my desk and when I came back to the system the next morning it was hard frozen. Several times during the day while I'm working I have also experienced the same thing. Anyone else seeing something similar? Bryan I'm seeing the same thing on my desktop (dmesg below). Random freezes, no debug output that I've seen in any logs, first time I noticed was after updating to aug24 snapshot, behavior is the same with aug29th. I followed instructions in current for upgrading, perhaps I'll try a fresh install (non upgrade) w/the latest snap to see if that helps. Completed a fresh install to the Sept 3rd snapshot and was still having the same problem, though much less frequently. Just upgraded to sept 7th snap this evening, and so far so good. dmesg and xorg logs attached for the record. I'll keep playing and updating and see if it happens again. Thanks for the hard work! gabe. OpenBSD 5.4-current (GENERIC.MP) #51: Fri Sep 6 11:44:23 MDT 2013 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 8031686656 (7659MB) avail mem = 7809789952 (7447MB) mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xeb2c0 (50 entries) bios0: vendor AMI version P01-B2 date 08/03/2011 bios0: Acer Aspire X1430 acpi0 at bios0: rev 2 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP APIC MCFG SLIC HPET SSDT SSDT acpi0: wakeup devices SBAZ(S4) PS2K(S3) PS2M(S3) P0PC(S4) GEC_(S4) PE20(S4) PE21(S4) PE22(S4) PE23(S4) UHC1(S3) UHC2(S3) USB3(S3) UHC4(S3) USB5(S3) UHC7(S3) UHC6(S3) [...] acpitimer0 at acpi0: 3579545 Hz, 32 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: AMD E-450 APU with Radeon(tm) HD Graphics, 1647.30 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,MWAIT,SSSE3,CX16,POPCNT,NXE,MMXX,FFXSR,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,IBS,SKINIT,ITSC cpu0: 32KB 64b/line 2-way I-cache, 32KB 64b/line 8-way D-cache, 512KB 64b/line 16-way L2 cache cpu0: 8 4MB entries fully associative cpu0: DTLB 40 4KB entries fully associative, 8 4MB entries fully associative cpu0: smt 0, core 0, package 0 cpu0: apic clock running at 199MHz cpu1 at mainbus0: apid 1 (application processor) cpu1: AMD E-450 APU with Radeon(tm) HD Graphics, 1646.50 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,MWAIT,SSSE3,CX16,POPCNT,NXE,MMXX,FFXSR,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,IBS,SKINIT,ITSC cpu1: 32KB 64b/line 2-way I-cache, 32KB 64b/line 8-way D-cache, 512KB 64b/line 16-way L2 cache cpu1: 8 4MB entries fully associative cpu1: DTLB 40 4KB entries fully associative, 8 4MB entries fully associative cpu1: smt 0, core 1, package 0 ioapic0 at mainbus0: apid 0 pa 0xfec0, version 21, 24 pins ioapic0: misconfigured as apic 3, remapped to apid 0 acpimcfg0 at acpi0 addr 0xe000, bus 0-255 acpihpet0 at acpi0: 14318180 Hz acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 3 (PE20) acpiprt2 at acpi0: bus -1 (PE21) acpiprt3 at acpi0: bus 6 (PE22) acpiprt4 at acpi0: bus -1 (PE23) acpiprt5 at acpi0: bus -1 (BR15) acpiprt6 at acpi0: bus -1 (PCE6) acpiprt7 at acpi0: bus -1 (PCE7) acpiprt8 at acpi0: bus -1 (PCE8) acpiprt9 at acpi0: bus 1 (BR14) acpicpu0 at acpi0: C2, PSS acpicpu1 at acpi0: C2, PSS acpibtn0 at acpi0: PWRB cpu0: 1647 MHz: speeds: 1650 1320 825 MHz pci0 at mainbus0 bus 0 pchb0 at pci0 dev 0 function 0 AMD AMD64 14h Host rev 0x00 radeondrm0 at pci0 dev 1 function 0 ATI Radeon HD 6320 rev 0x00: apic 0 int 18 drm0 at radeondrm0 azalia0 at pci0 dev 1 function 1 ATI Radeon HD 6310 HD Audio rev 0x00: msi azalia0: no supported codecs ppb0 at pci0 dev 4 function 0 AMD AMD64 14h PCIE rev 0x00: msi pci1 at ppb0 bus 1 ahci0 at pci0 dev 17 function 0 ATI SBx00 SATA rev 0x40: apic 0 int 19, AHCI 1.2 scsibus0 at ahci0: 32 targets sd0 at scsibus0 targ 0 lun 0: ATA, INTEL SSDSA2M080, 2CV1 SCSI3 0/direct fixed naa.5001517959405bba sd0: 76319MB, 512 bytes/sector, 156301488 sectors, thin sd1 at scsibus0 targ 1 lun 0: ATA, ST3500413AS, JC45 SCSI3 0/direct fixed naa.5000c500359a829f sd1: 476940MB, 512 bytes/sector, 976773168 sectors ohci0 at pci0 dev 18 function 0 ATI SB700 USB rev 0x00: apic 0 int 18, version 1.0, legacy support ehci0 at pci0 dev 18 function 2 ATI SB700 USB2 rev 0x00: apic 0 int 17 usb0 at ehci0: USB revision 2.0 uhub0 at usb0 ATI EHCI root hub rev 2.00/1.00 addr
