openbsd 5.5 sometimes trap after wake from suspend (apm -z)
Hello. Here is trace at ddb: http://i.imgur.com/MoPz405.jpg Help, please! Thanks! Here is dmesg: OpenBSD 5.5 (GENERIC.MP) #262: Wed Mar 5 10:06:29 MST 2014 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC.MP cpu0: Intel(R) Atom(TM) CPU N270 @ 1.60GHz (GenuineIntel 686-class) 1.61 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,NXE,SSE3,DTES64,MWAIT,DS-CPL,EST,TM2,SSSE3,xTPR,PDCM,MOVBE,LAHF,PERF real mem = 1062436864 (1013MB) avail mem = 1032744960 (984MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 04/14/08, SMBIOS rev. 2.4 @ 0x3f607010 (45 entries) bios0: vendor American Megatrends Inc. version 4.6.3 date 07/16/2008 bios0: MICRO-STAR INTERNATIONAL CO., LTD U-100 acpi0 at bios0: rev 2 acpi0: sleep states S0 S1 S3 S4 S5 acpi0: tables DSDT FACP APIC MCFG SLIC SSDT SSDT SSDT acpi0: wakeup devices P0P2(S4) PEGP(S4) USB0(S1) USB1(S1) USB2(S1) USB3(S1) EHCI(S1) MC97(S4) P0P1(S4) P0P4(S4) P0P5(S4) P0P6(S4) P0P7(S4) P0P8(S4) P0P9(S4) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges cpu0: apic clock running at 133MHz cpu0: mwait min=64, max=64, C-substates=0.2.2.0.2, IBE cpu1 at mainbus0: apid 1 (application processor) cpu1: Intel(R) Atom(TM) CPU N270 @ 1.60GHz (GenuineIntel 686-class) 1.60 GHz cpu1: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,NXE,SSE3,DTES64,MWAIT,DS-CPL,EST,TM2,SSSE3,xTPR,PDCM,MOVBE,LAHF,PERF ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins acpimcfg0 at acpi0 addr 0xe000, bus 0-255 acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus -1 (P0P2) acpiprt2 at acpi0: bus 1 (P0P4) acpiprt3 at acpi0: bus 2 (P0P5) acpiprt4 at acpi0: bus -1 (P0P6) acpiprt5 at acpi0: bus -1 (P0P7) acpiprt6 at acpi0: bus -1 (P0P8) acpiprt7 at acpi0: bus -1 (P0P9) acpiec0 at acpi0 acpicpu0 at acpi0: C3, C2, C1, PSS acpicpu1 at acpi0: C3, C2, C1, PSS acpitz0 at acpi0: critical temperature is 100 degC acpiac0 at acpi0: AC unit online acpibat0 at acpi0: BAT1 model MS-N011 serial type LION oem MSI Corp. acpibtn0 at acpi0: LID0 acpibtn1 at acpi0: PWRB acpibtn2 at acpi0: SLPB acpivideo0 at acpi0: IGD_ acpivout0 at acpivideo0: LCD_ bios0: ROM list: 0xc/0xea00! 0xcf000/0x1000 cpu0: Enhanced SpeedStep 1600 MHz: speeds: 1600, 1333, 1067, 800 MHz pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 0 function 0 Intel 82945GME Host rev 0x03 vga1 at pci0 dev 2 function 0 Intel 82945GME Video rev 0x03 intagp0 at vga1 agp0 at intagp0: aperture at 0xc000, size 0x1000 inteldrm0 at vga1 drm0 at inteldrm0 composite sync not supported composite sync not supported inteldrm0: 1024x600 wsdisplay0 at vga1 mux 1: console (std, vt100 emulation) wsdisplay0: screen 1-5 added (std, vt100 emulation) Intel 82945GM Video rev 0x03 at pci0 dev 2 function 1 not configured azalia0 at pci0 dev 27 function 0 Intel 82801GB HD Audio rev 0x02: msi azalia0: codecs: Realtek ALC888 audio0 at azalia0 ppb0 at pci0 dev 28 function 0 Intel 82801GB PCIE rev 0x02: apic 2 int 16 pci1 at ppb0 bus 1 re0 at pci1 dev 0 function 0 Realtek 8101E rev 0x02: RTL8102E (0x3480), msi, address 00:21:85:52:d5:ea rlphy0 at re0 phy 7: RTL8201L 10/100 PHY, rev. 1 ppb1 at pci0 dev 28 function 1 Intel 82801GB PCIE rev 0x02: apic 2 int 17 pci2 at ppb1 bus 2 iwn0 at pci2 dev 0 function 0 Intel Wireless WiFi Link 4965 rev 0x61: msi, MIMO 2T3R, MoW2, address 00:13:e8:7a:c3:7d uhci0 at pci0 dev 29 function 0 Intel 82801GB USB rev 0x02: apic 2 int 23 uhci1 at pci0 dev 29 function 1 Intel 82801GB USB rev 0x02: apic 2 int 19 uhci2 at pci0 dev 29 function 2 Intel 82801GB USB rev 0x02: apic 2 int 18 uhci3 at pci0 dev 29 function 3 Intel 82801GB USB rev 0x02: apic 2 int 16 ehci0 at pci0 dev 29 function 7 Intel 82801GB USB rev 0x02: apic 2 int 23 usb0 at ehci0: USB revision 2.0 uhub0 at usb0 Intel EHCI root hub rev 2.00/1.00 addr 1 ppb2 at pci0 dev 30 function 0 Intel 82801BAM Hub-to-PCI rev 0xe2 pci3 at ppb2 bus 3 ichpcib0 at pci0 dev 31 function 0 Intel 82801GBM LPC rev 0x02: PM disabled pciide0 at pci0 dev 31 function 2 Intel 82801GBM SATA rev 0x02: DMA, channel 0 wired to compatibility, channel 1 wired to compatibility wd0 at pciide0 channel 0 drive 0: TOSHIBA MQ01ABD100 wd0: 16-sector PIO, LBA48, 953869MB, 1953525168 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5 usb1 at uhci0: USB revision 1.0 uhub1 at usb1 Intel UHCI root hub rev 1.00/1.00 addr 1 usb2 at uhci1: USB revision 1.0 uhub2 at usb2 Intel UHCI root hub rev 1.00/1.00 addr 1 usb3 at uhci2: USB revision 1.0 uhub3 at usb3 Intel UHCI root hub rev 1.00/1.00 addr 1 usb4 at uhci3: USB revision 1.0 uhub4 at usb4 Intel UHCI root hub rev 1.00/1.00 addr 1 isa0 at ichpcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for
Re: openbsd 5.5 sometimes trap after wake from suspend (apm -z)
Next time this happens, try to get a picture of 'show registers' in addition to 'trace'. Thanks. -ml On Tue, Sep 16, 2014 at 10:31:13AM +0400, wrote: Hello. Here is trace at ddb: http://i.imgur.com/MoPz405.jpg Help, please! Thanks! Here is dmesg: OpenBSD 5.5 (GENERIC.MP) #262: Wed Mar 5 10:06:29 MST 2014 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC.MP cpu0: Intel(R) Atom(TM) CPU N270 @ 1.60GHz (GenuineIntel 686-class) 1.61 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,NXE,SSE3,DTES64,MWAIT,DS-CPL,EST,TM2,SSSE3,xTPR,PDCM,MOVBE,LAHF,PERF real mem = 1062436864 (1013MB) avail mem = 1032744960 (984MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 04/14/08, SMBIOS rev. 2.4 @ 0x3f607010 (45 entries) bios0: vendor American Megatrends Inc. version 4.6.3 date 07/16/2008 bios0: MICRO-STAR INTERNATIONAL CO., LTD U-100 acpi0 at bios0: rev 2 acpi0: sleep states S0 S1 S3 S4 S5 acpi0: tables DSDT FACP APIC MCFG SLIC SSDT SSDT SSDT acpi0: wakeup devices P0P2(S4) PEGP(S4) USB0(S1) USB1(S1) USB2(S1) USB3(S1) EHCI(S1) MC97(S4) P0P1(S4) P0P4(S4) P0P5(S4) P0P6(S4) P0P7(S4) P0P8(S4) P0P9(S4) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges cpu0: apic clock running at 133MHz cpu0: mwait min=64, max=64, C-substates=0.2.2.0.2, IBE cpu1 at mainbus0: apid 1 (application processor) cpu1: Intel(R) Atom(TM) CPU N270 @ 1.60GHz (GenuineIntel 686-class) 1.60 GHz cpu1: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,NXE,SSE3,DTES64,MWAIT,DS-CPL,EST,TM2,SSSE3,xTPR,PDCM,MOVBE,LAHF,PERF ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins acpimcfg0 at acpi0 addr 0xe000, bus 0-255 acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus -1 (P0P2) acpiprt2 at acpi0: bus 1 (P0P4) acpiprt3 at acpi0: bus 2 (P0P5) acpiprt4 at acpi0: bus -1 (P0P6) acpiprt5 at acpi0: bus -1 (P0P7) acpiprt6 at acpi0: bus -1 (P0P8) acpiprt7 at acpi0: bus -1 (P0P9) acpiec0 at acpi0 acpicpu0 at acpi0: C3, C2, C1, PSS acpicpu1 at acpi0: C3, C2, C1, PSS acpitz0 at acpi0: critical temperature is 100 degC acpiac0 at acpi0: AC unit online acpibat0 at acpi0: BAT1 model MS-N011 serial type LION oem MSI Corp. acpibtn0 at acpi0: LID0 acpibtn1 at acpi0: PWRB acpibtn2 at acpi0: SLPB acpivideo0 at acpi0: IGD_ acpivout0 at acpivideo0: LCD_ bios0: ROM list: 0xc/0xea00! 0xcf000/0x1000 cpu0: Enhanced SpeedStep 1600 MHz: speeds: 1600, 1333, 1067, 800 MHz pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 0 function 0 Intel 82945GME Host rev 0x03 vga1 at pci0 dev 2 function 0 Intel 82945GME Video rev 0x03 intagp0 at vga1 agp0 at intagp0: aperture at 0xc000, size 0x1000 inteldrm0 at vga1 drm0 at inteldrm0 composite sync not supported composite sync not supported inteldrm0: 1024x600 wsdisplay0 at vga1 mux 1: console (std, vt100 emulation) wsdisplay0: screen 1-5 added (std, vt100 emulation) Intel 82945GM Video rev 0x03 at pci0 dev 2 function 1 not configured azalia0 at pci0 dev 27 function 0 Intel 82801GB HD Audio rev 0x02: msi azalia0: codecs: Realtek ALC888 audio0 at azalia0 ppb0 at pci0 dev 28 function 0 Intel 82801GB PCIE rev 0x02: apic 2 int 16 pci1 at ppb0 bus 1 re0 at pci1 dev 0 function 0 Realtek 8101E rev 0x02: RTL8102E (0x3480), msi, address 00:21:85:52:d5:ea rlphy0 at re0 phy 7: RTL8201L 10/100 PHY, rev. 1 ppb1 at pci0 dev 28 function 1 Intel 82801GB PCIE rev 0x02: apic 2 int 17 pci2 at ppb1 bus 2 iwn0 at pci2 dev 0 function 0 Intel Wireless WiFi Link 4965 rev 0x61: msi, MIMO 2T3R, MoW2, address 00:13:e8:7a:c3:7d uhci0 at pci0 dev 29 function 0 Intel 82801GB USB rev 0x02: apic 2 int 23 uhci1 at pci0 dev 29 function 1 Intel 82801GB USB rev 0x02: apic 2 int 19 uhci2 at pci0 dev 29 function 2 Intel 82801GB USB rev 0x02: apic 2 int 18 uhci3 at pci0 dev 29 function 3 Intel 82801GB USB rev 0x02: apic 2 int 16 ehci0 at pci0 dev 29 function 7 Intel 82801GB USB rev 0x02: apic 2 int 23 usb0 at ehci0: USB revision 2.0 uhub0 at usb0 Intel EHCI root hub rev 2.00/1.00 addr 1 ppb2 at pci0 dev 30 function 0 Intel 82801BAM Hub-to-PCI rev 0xe2 pci3 at ppb2 bus 3 ichpcib0 at pci0 dev 31 function 0 Intel 82801GBM LPC rev 0x02: PM disabled pciide0 at pci0 dev 31 function 2 Intel 82801GBM SATA rev 0x02: DMA, channel 0 wired to compatibility, channel 1 wired to compatibility wd0 at pciide0 channel 0 drive 0: TOSHIBA MQ01ABD100 wd0: 16-sector PIO, LBA48, 953869MB, 1953525168 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5 usb1 at uhci0: USB revision 1.0 uhub1 at usb1 Intel UHCI root hub rev 1.00/1.00 addr 1 usb2 at uhci1: USB revision 1.0 uhub2 at usb2 Intel UHCI root hub rev 1.00/1.00 addr 1 usb3 at
pf queue max bug
Hi, I moved my old server to a better hardware and I installed amd64 -current (old one was i386 following -current) and made a drop in replacement of pf.conf. The problem is that when I set a queue MAX speed limit it didn't work as it should - for example b_bittor: pf.conf: queue rootq on $ExtIf bandwidth 100M max 100M queue inter parent rootq bandwidth 3M max 2950K queue i_ack parent inter bandwidth 2M, min 1M queue i_dns parent inter bandwidth 500K queue i_ntp parent inter bandwidth 300K queue i_web parent inter bandwidth 2M burst 2M for 1ms queue i_bulkparent inter bandwidth 170K queue i_bittor parent inter bandwidth 30K, max 1400K default queue bg parent rootq bandwidth 40M max 39M queue b_ack parent bg bandwidth 15M, min 10M queue b_dns parent bg bandwidth 1M, min 1M queue b_ntp parent bg bandwidth 4M, min 4M queue b_rdc parent bg bandwidth 4M, min 4M queue b_web parent bg bandwidth 15M, min 15M burst 40M for 5000ms, max 37M queue b_bulkparent bg bandwidth 8M, min 5M queue b_bittor parent bg bandwidth 2M, max 2M queue b_bittor parent bg on em0 bandwidth 2M, max 2M qlimit 50 [ pkts:1441771 bytes: 2064477928 dropped pkts: 0 bytes: 0 ] [ qlength: 0/ 50 ] [ measured: 2043.4 packets/s, 23.69Mb/s ] 1 usersLoad 0.41 0.40 0.43 Tue Sep 16 10:12:56 2014 QUEUE BW SCH PRIO PKTSBYTES DROP_P DROP_B QLEN BORROW SUSPEN P/S B/S rootq on em0100M 00 000 0 0 inter3M 00 000 0 0 i_ack 2M 8365 527486 44 23880 0 0 i_dns 500K 1333 142263 000 0 0 i_ntp 300K 1143 105017 000 1.0 89 i_web 2M 2328 742242 24 21970 0 0 i_bulk170K 1482 242112 000 0 0 i_bittor 30K 91768 9426828 000453024 bg 40M 00 000 0 0 b_ack 15M 23306 1428052 000 2 164 b_dns 1M 10044 4865285 00028 18672 b_ntp 4M 2819 256892 000 1 178 b_rdc 4M 00 000 0 0 b_web 15M800 203426 23105560 1.0 97 b_bulk 8M32823814 000 0 0 b_bittor2M1649850 2310255K 000 2610 3796423 dmesg: OpenBSD 5.6-current (GENERIC.MP) #374: Mon Sep 15 08:42:10 MDT 2014 t...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 6416760832 (6119MB) avail mem = 6237216768 (5948MB) ..
Re: How to disable the mouse cursor in FVWM?
Hello, I tried several CursorMove and CursorStyle configs, none of them work. I don't have xorg.conf.d. Many thanks! On 2014. 09. 15. at 3:52 PM, Piotr Isajew wrote:Dnia 12.09.2014 somelooser3...@hushmail.com napisaÅ/a: we are using OpenBSD 5.5 with FVWM. How can we disable the mouse cursor? To disable input events from pointing device you could add something like that in /etc/X11/xorg.conf.d: Section InputClass Identifier mouse-all MatchIsPointer on Option ignore yes EndSection This however will not hide the pointer. For that I would try to use CursorMove command in FVWM to get cursor off-screen and/or CursorStyle to set cursors to something that will not disturb.
Re: How to disable keyboard+mouse input in FVWM?
Hello, I also tried Style * NeverFocus in /usr/X11R6/lib/X11/fvwm/.fvwmrc but didn't worked :O Thanks! On 2014. 09. 13. at 1:03 PM, Thomas Adam wrote:On 12 September 2014 19:22, wrote: Still didn't found a way to disable the mouse and keyboard. Any hints please? I asked you before what you meant by this, and suggested: Style * NeverFocus Is that not what you're after? It's a pretty odd request. Are you trying to build some kind of kiosk? I've written about such things in the past. -- Thomas Adam
Re: packets logged by pf without log rule
On Tue, Sep 16, 2014 at 12:20 AM, Alexander Salmin alexan...@salmin.biz wrote: Did you see it in previous versions? I would compare the same ruleset with a fresh 5.5 and see if you experience the same and in that case continue compare the relevant sourcecode. The behaviour is the same as far back as 5.4 at least. I have another one. With the pass quick all rule-set. of I send: 09:34:28.490074 00:25:90:c1:f1:8c 01:00:5e:40:68:01 0800 1514: 10.69.48.14.5404 239.192.104.1.5405: udp 1473 (frag 49575:1480@0+) [ttl 1] twice within 60s (frag timer ?) I get: Sep 16 09:34:28.490095 rule def/(match) pass in on em0: 10.69.48.14.5404 239.192.104.1.5405: udp 1473 (frag 49575:1480@0+) [ttl 1] I see this a lot in our production and test environment, but there it is triggered without the duplicate packet. Example from live firewall. Traffic: pf0.swe1# tcpdump -n -i vlan57 host 10.69.48.14 and not tcp tcpdump: listening on vlan57, link-type EN10MB tcpdump: WARNING: compensating for unaligned libpcap packets 09:51:56.710780 10.69.48.14.5404 239.192.104.1.5405: udp 75 (DF) [ttl 1] 09:51:56.711161 10.69.48.14.5404 239.192.104.1.5405: udp 1473 (frag 27013:1480@0+) [ttl 1] 09:51:56.711163 10.69.48.14 239.192.104.1: (frag 27013:1@1480) [ttl 1] 09:51:56.711164 10.69.48.14.5404 239.192.104.1.5405: udp 1473 (frag 27014:1480@0+) [ttl 1] 09:51:56.711166 10.69.48.14 239.192.104.1: (frag 27014:1@1480) [ttl 1] 09:51:56.711167 10.69.48.14.5404 239.192.104.1.5405: udp 1473 (frag 27015:1480@0+) [ttl 1] 09:51:56.711168 10.69.48.14 239.192.104.1: (frag 27015:1@1480) [ttl 1] 09:51:56.711169 10.69.48.14.5404 239.192.104.1.5405: udp 1473 (frag 27016:1480@0+) [ttl 1] 09:51:56.711171 10.69.48.14 239.192.104.1: (frag 27016:1@1480) [ttl 1] 09:51:56.711172 10.69.48.14.5404 239.192.104.1.5405: udp 1473 (frag 27017:1480@0+) [ttl 1] 09:51:56.711173 10.69.48.14 239.192.104.1: (frag 27017:1@1480) [ttl 1] 09:51:56.711175 10.69.48.14.5404 239.192.104.1.5405: udp 617 (DF) [ttl 1] 09:51:56.713383 10.69.48.14.5404 239.192.104.1.5405: udp 753 (DF) [ttl 1] 09:51:56.724606 10.69.48.14.5404 239.192.104.1.5405: udp 1473 (frag 27018:1480@0+) [ttl 1] 09:51:56.724608 10.69.48.14 239.192.104.1: (frag 27018:1@1480) [ttl 1] 09:51:56.724609 10.69.48.14.5404 239.192.104.1.5405: udp 707 (DF) [ttl 1] 09:51:56.724986 10.69.48.14.5404 239.192.104.1.5405: udp 1412 (DF) [ttl 1] 09:51:56.730168 10.69.48.14.5404 239.192.104.1.5405: udp 650 (DF) [ttl 1] ^C Log: pf0.swe1# tcpdump -n -e -ttt -i pflog0 host 10.69.48.14 tcpdump: WARNING: snaplen raised from 116 to 160 tcpdump: listening on pflog0, link-type PFLOG Sep 16 09:51:56.711185 rule def/(match) pass in on vlan57: 10.69.48.14.5404 239.192.104.1.5405: udp 1473 (frag 27013:1480@0+) [ttl 1] tcpdump: WARNING: compensating for unaligned libpcap packets Sep 16 09:51:56.711190 rule def/(match) pass in on vlan57: 10.69.48.14.5404 239.192.104.1.5405: udp 1473 (frag 27014:1480@0+) [ttl 1] Sep 16 09:51:56.711194 rule def/(match) pass in on vlan57: 10.69.48.14.5404 239.192.104.1.5405: udp 1473 (frag 27015:1480@0+) [ttl 1] Sep 16 09:51:56.711198 rule def/(match) pass in on vlan57: 10.69.48.14.5404 239.192.104.1.5405: udp 1473 (frag 27016:1480@0+) [ttl 1] Sep 16 09:51:56.711202 rule def/(match) pass in on vlan57: 10.69.48.14.5404 239.192.104.1.5405: udp 1473 (frag 27017:1480@0+) [ttl 1] Sep 16 09:51:56.724622 rule def/(match) pass in on vlan57: 10.69.48.14.5404 239.192.104.1.5405: udp 1473 (frag 27018:1480@0+) [ttl 1] ^C 20 packets received by filter 0 packets dropped by kernel pf0.swe1# There is no rule that should log this in the live firewalls. Happens on 5.4 and 5.5, if memory serves me right I saw it on 5.3's also. Assistance with understanding this would be appreciated. I will use free time slots to look at the code, but due to limited knowledge and skills it is quite time consuming. Regards Tony
Re: pf queue max bug
On Tue, Sep 16, 2014 at 10:20:34AM +0300, Atanas Vladimirov wrote: Hi, I moved my old server to a better hardware and I installed amd64 -current (old one was i386 following -current) and made a drop in replacement of pf.conf. The problem is that when I set a queue MAX speed limit it didn't work as it should - for example b_bittor: pf.conf: queue rootq on $ExtIf bandwidth 100M max 100M queue inter parent rootq bandwidth 3M max 2950K queue i_ack parent inter bandwidth 2M, min 1M queue i_dns parent inter bandwidth 500K queue i_ntp parent inter bandwidth 300K queue i_web parent inter bandwidth 2M burst 2M for 1ms queue i_bulkparent inter bandwidth 170K queue i_bittor parent inter bandwidth 30K, max 1400K default queue bg parent rootq bandwidth 40M max 39M queue b_ack parent bg bandwidth 15M, min 10M queue b_dns parent bg bandwidth 1M, min 1M queue b_ntp parent bg bandwidth 4M, min 4M queue b_rdc parent bg bandwidth 4M, min 4M queue b_web parent bg bandwidth 15M, min 15M burst 40M for 5000ms, max 37M queue b_bulkparent bg bandwidth 8M, min 5M queue b_bittor parent bg bandwidth 2M, max 2M Why are some of your target bandwidths higher than the allowed maximum bandwidths?
Re: pf queue max bug
On Tue, Sep 16, 2014 at 10:36:21AM +0100, Zé Loff wrote: On Tue, Sep 16, 2014 at 10:20:34AM +0300, Atanas Vladimirov wrote: Hi, I moved my old server to a better hardware and I installed amd64 -current (old one was i386 following -current) and made a drop in replacement of pf.conf. The problem is that when I set a queue MAX speed limit it didn't work as it should - for example b_bittor: pf.conf: queue rootq on $ExtIf bandwidth 100M max 100M queue inter parent rootq bandwidth 3M max 2950K queue i_ack parent inter bandwidth 2M, min 1M queue i_dns parent inter bandwidth 500K queue i_ntp parent inter bandwidth 300K queue i_web parent inter bandwidth 2M burst 2M for 1ms queue i_bulkparent inter bandwidth 170K queue i_bittor parent inter bandwidth 30K, max 1400K default queue bg parent rootq bandwidth 40M max 39M queue b_ack parent bg bandwidth 15M, min 10M queue b_dns parent bg bandwidth 1M, min 1M queue b_ntp parent bg bandwidth 4M, min 4M queue b_rdc parent bg bandwidth 4M, min 4M queue b_web parent bg bandwidth 15M, min 15M burst 40M for 5000ms, max 37M queue b_bulkparent bg bandwidth 8M, min 5M queue b_bittor parent bg bandwidth 2M, max 2M Why are some of your target bandwidths higher than the allowed maximum bandwidths? Also, the sum of your min bandwidths on the bg subqueues sum up to 41M, whilst the max for the parent queue is 39M. --
recommendations for an ethernet card?
Hello, I'd like to know some recommendations for a well supported gigabit ethernet card for openbsd 5.5 amd64 a single port to use a PCI-E 2.0 x 1 slot preferably quite compact, impacting very little on airflow within the case. - douglas
Re: pf queue max bug
On 16.09.2014 12:36, Zé Loff wrote: On Tue, Sep 16, 2014 at 10:20:34AM +0300, Atanas Vladimirov wrote: Hi, I moved my old server to a better hardware and I installed amd64 -current (old one was i386 following -current) and made a drop in replacement of pf.conf. The problem is that when I set a queue MAX speed limit it didn't work as it should - for example b_bittor: pf.conf: queue rootq on $ExtIf bandwidth 100M max 100M queue inter parent rootq bandwidth 3M max 2950K queue i_ack parent inter bandwidth 2M, min 1M queue i_dns parent inter bandwidth 500K queue i_ntp parent inter bandwidth 300K queue i_web parent inter bandwidth 2M burst 2M for 1ms queue i_bulkparent inter bandwidth 170K queue i_bittor parent inter bandwidth 30K, max 1400K default queue bg parent rootq bandwidth 40M max 39M queue b_ack parent bg bandwidth 15M, min 10M queue b_dns parent bg bandwidth 1M, min 1M queue b_ntp parent bg bandwidth 4M, min 4M queue b_rdc parent bg bandwidth 4M, min 4M queue b_web parent bg bandwidth 15M, min 15M burst 40M for 5000ms, max 37M queue b_bulkparent bg bandwidth 8M, min 5M queue b_bittor parent bg bandwidth 2M, max 2M Why are some of your target bandwidths higher than the allowed maximum bandwidths? As I said this was my working pf.conf for new queueing system on i386. I think that the problem is elsewhere. When you set the queue max bandwidth it must not exceed that value.
Re: pf queue max bug
* Atanas Vladimirov vl...@bsdbg.net [2014-09-16 12:58]: As I said this was my working pf.conf for new queueing system on i386. I think that the problem is elsewhere. When you set the queue max bandwidth it must not exceed that value. if the sums of the target bandwidth exceed interface speed or min/target exceed max, all bets are off. fix your queue defs. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services GmbH, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS. Virtual Dedicated Servers, Root to Fully Managed Henning Brauer Consulting, http://henningbrauer.com/
Re: Pointers/reference
* Rodrigo Mosconi open...@mosconi.mat.br [2014-09-12 16:18]: I`m studying a discipline about Quality of service and traffic engineering, and I have to do a work about queuing disciplines on network devices. I need to choose a product and compare how there queuing policy is close enough to the Generalized Packet System. I would like to make this with OpenBSD, and I would like some pointers on where to look about the implementation to identify the model used. pf.conf(5) sys/net/hfsc.* sys/net/if.* sys/net/pf.c pf_ioctl.c sbin/pfctl/* -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services GmbH, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS. Virtual Dedicated Servers, Root to Fully Managed Henning Brauer Consulting, http://henningbrauer.com/
make update on /usr/ports has errors switch to -current
Hi, I thought [during the last stage of switching to -current] the Makefile's $PKG_PATH variable in /usr/ports had to be set the same as it is in ~/.profile. ie. PKG_PATH=ftp://mirror.aarnet.edu.au/pub /OpenBSD/5.5/packages/$(uname -m). But that gives me Broken dependency error. Without doing that, most of make update output gives me these errors: Your X11/system is not current (in archivers/ha) Your X11/system is not current (in archivers/ha) === archivers/hs-zlib Your X11/system is not current (in archivers/hs-zlib) Your X11/system is not current (in archivers/hs-zlib) Your X11/system is not current (in archivers/hs-zlib) Your X11/system is not current (in archivers/hs-zlib) Your X11/system is not current (in archivers/hs-zlib) === Looking for hs-zlib-0.5.4.1.tgz in $PKG_PATH - not found *** Error 1 in archivers/hs-zlib (/usr/ports/infrastructure/mk/bsd.port.mk:1949 '/usr/ports/packages/amd64/cache//hs-zlib-0.5.4.1.tgz': @if ...) Your X11/system is not current (in archivers/hs-zlib) Your X11/system is not current (in archivers/hs-zlib) Your X11/system is not current (in archivers/hs-zlib) === Checking files for hs-zlib-0.5.4.1 Your X11/system is not current (in archivers/hs-zlib) `/usr/ports/distfiles/ghc/zlib-0.5.4.1.tar.gz' is up to date. (SHA256) ghc/zlib-0.5.4.1.tar.gz: OK Your X11/system is not current (in lang/ghc) === hs-zlib-0.5.4.1 depends on: ghc-* - not found === Verifying install for ghc-* in lang/ghc Your X11/system is not current (in lang/ghc) Your X11/system is not current (in lang/ghc) Your X11/system is not current (in lang/ghc) Your X11/system is not current (in lang/ghc) Your X11/system is not current (in lang/ghc) === Installing ghc-7.6.3p1 from /usr/ports/packages/amd64/all/ Fatal error: Ustar [file:/usr/ports/packages/amd64/all/ghc-7.6.3p1.tgz][lib/ghc/base-4.6.0.1/libHSbase-4.6.0.1_p.a]: Premature end of archive Adjusting sha for /usr/local/lib/ghc/base-4.6.0.1/pkg.lNlmObbqeY from cmqTx/budUZwHU4e0oQJQYLCtDezN8C6rVUjLNlxnAc= to 18h5bSUiTB9gtLk6zh2x7FZzBt7ZQpZekoSXmTui8bg= Fatal error: Installation of ghc-7.6.3p1 failed, partial installation recorded as partial-ghc-7.6.3p1.6 at /usr/libdata/perl5/OpenBSD/PkgAdd.pm line 821. *** Error 22 in lang/ghc (/usr/ports/infrastructure/mk/bsd.port.mk:1980 '/var/db/pkg/ghc-7.6.3p1/+CONTENTS': @if /usr/sbin/pkg_info -e ghc-7...) *** Error 1 in lang/ghc (/usr/ports/infrastructure/mk/bsd.port.mk:2492 'install') *** Error 1 in archivers/hs-zlib (/usr/ports/infrastructure/mk/bsd.port.mk:2119 '/usr/ports/pobj/hs-zlib-0.5.4.1/.dep-lang-ghc') *** Error 1 in archivers/hs-zlib (/usr/ports/infrastructure/mk/bsd.port.mk:2575 '/usr/ports/pobj/hs-zlib-0.5.4.1/.extract_done') *** Error 1 in archivers/hs-zlib (/usr/ports/infrastructure/mk/bsd.port.mk:1959 '/usr/ports/packages/amd64/all/hs-zlib-0.5.4.1.tgz') *** Error 1 in archivers/hs-zlib (/usr/ports/infrastructure/mk/bsd.port.mk:1957 '/usr/ports/packages/amd64/all/hs-zlib-0.5.4.1.tgz') *** Error 1 in archivers/hs-zlib (/usr/ports/infrastructure/mk/bsd.port.mk:2512 '_internal-package') *** Error 1 in archivers/hs-zlib (/usr/ports/infrastructure/mk/bsd.port.mk:1985 '/usr/ports/update/amd64/hs-zlib-0.5.4.1') *** Error 1 in archivers/hs-zlib (/usr/ports/infrastructure/mk/bsd.port.mk:2492 'update') === Exiting archivers/hs-zlib with an error *** Error 1 in archivers (/usr/ports/infrastructure/mk/bsd.port.subdir.mk:147 'update') === Exiting archivers with an error *** Error 1 in /usr/ports (infrastructure/mk/bsd.port.subdir.mk:147 'update') (Sorry for not revealing all of it, I'm typing this email on lynx webmail as I can't get packages or ports to work.) Here is /var/log/messages: Sep 16 19:00:01 frog newsyslog[5450]: logfile turned over Sep 16 19:00:01 frog syslogd: restart Sep 16 19:03:04 frog pkg_add: Added unzip-6.0p4 Sep 16 19:03:05 frog pkg_add: Added iso8879-1986p0 Sep 16 19:03:10 frog pkg_add: Added docbook-dsssl-1.79 Sep 16 19:12:45 frog pkg_add: Added metaauto-1.0p1 Sep 16 19:13:26 frog pkg_add: Added gmake-4.0p0 Sep 16 19:13:27 frog pkg_add: Added help2man-1.41.1p0 Sep 16 19:13:28 frog pkg_add: Added autoconf-2.69p1 Sep 16 19:14:44 frog pkg_add: Added groff-1.22.2p4 Sep 16 19:15:37 frog pkg_add: Added autoconf-2.68p0 Sep 16 19:15:52 frog pkg_add: Added automake-1.14.1 Sep 16 19:16:36 frog pkg_add: Added autoconf-2.67p0 Sep 16 19:16:37 frog pkg_add: Added libltdl-2.4.2p0 Sep 16 19:16:38 frog pkg_add: Added libtool-2.4.2p0 Sep 16 19:17:03 frog pkg_add: Added libffi-3.0.13 Sep 16 19:17:55 frog pkg_add: Added gdbm-1.11 Sep 16 19:19:15 frog pkg_add: Added tcl-8.5.15p2 Sep 16 19:19:18 frog pkg_add: Added tk-8.5.15p1 Sep 16 19:21:05 frog pkg_add: Added db-4.6.21p0v0 Sep 16 19:26:37 frog pkg_add: Added python-2.7.8 Sep 16 19:30:06 frog pkg_add: Added libxml-2.9.1p1 Sep 16 19:30:08 frog pkg_add: Added docbook-4.5p1 Sep 16 19:33:21 frog pkg_add: Added libgpg-error-1.13p0 Sep 16 19:35:09 frog pkg_add: Added libgcrypt-1.6.2 Sep 16 19:35:11 frog pkg_add: Added py-libxml-2.9.1p1 Sep 16 19:35:13 frog
Help w/ masquerade feature now that sendmail[1] has been removed from base
sendmail's masquerade function is missing from OpenSMTPD. What are the plans for masquerade? Update OpenSMTPD or create a sendmail port or document the smtpd filter API or ??? I've previously asked for help on the opensmtpd-misc mailing list[2]. Searching the archives shows that work (on masquerade) was started but appears to have stopped. Apparently, masquerade functionality would be possible using the (undocumented) OpenSMTPD filter API. Here's some items from my search: o Gilles Chehade(2010) I have a diff somewhere which bring initial (and basic) support for masquerading, I need to dig it up and see if it still works [3] o Gilles Chehade(2012) However there is no masquerading at the envelope level yet [4] o poolpOrg(2013-06-12)[5] blockquote Not forgotten. @ericfaurot and I think that it should be implemented at the filters level. We do not require the FULL filter API to be ready to perform that, but at least the part of it that allows headers rewrite should be working reliably. Note that lack address rewrite / masquerade is a showstopper to many users, we definitely want it asap. ericfaurot(2014-02-28) i have a filter-masquerade which is basically working but needs polishing. It will be a nice test case for the filter framework. /blockquote [1]http://marc.info/?l=openbsd-cvsm=141081997917153w=2 [2]http://marc.info/?l=opensmtpd-miscm=140976334014992w=2 [3]http://marc.info/?l=openbsd-miscm=128625515631582w=2 [4]http://marc.info/?l=openbsd-miscm=133836297924207w=2 [5]https://github.com/OpenSMTPD/OpenSMTPD/issues/172
Re: Help w/ masquerade feature now that sendmail[1] has been removed from base
On Tue, Sep 16, 2014 at 09:41:20AM -0400, RD Thrush wrote: sendmail's masquerade function is missing from OpenSMTPD. What are the plans for masquerade? Update OpenSMTPD or create a sendmail port or document the smtpd filter API or ??? I've previously asked for help on the opensmtpd-misc mailing list[2]. That's the reason none of my mail servers have switched to smtpd. I intend to use the sendmail port that jca@ will import soon. -- Antoine
Huawei E3272 USB 4G LTE modem (no HiLink)
Hi, I bouth Huawei E3272 USB 4G LTE modem (with no HiLink - connecting using serial ports, no ethernet card) and it would be nice to connect to Internet from OpenBSD using this modem ;) technical specification - http://www.huawei.com/ecommunity/bbs/10188081.html dmesg: OpenBSD 5.5 (GENERIC.MP) #315: Wed Mar 5 09:37:46 MST 2014 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 1862074368 (1775MB) avail mem = 1803952128 (1720MB) mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.34 @ 0xfcde0 (43 entries) bios0: vendor American Megatrends Inc. version 786R6 v2.03 date 02/08/2011 bios0: Hewlett-Packard hp t5000 series acpi0 at bios0: rev 0 acpi0: sleep states S0 S5 acpi0: tables DSDT FACP APIC MCFG OEMB HPET SSDT acpi0: wakeup devices PCE2(S0) PCE3(S0) PCE4(S0) PCE5(S0) PCE6(S0) PCE7(S0) PCE9(S0) PCEA(S0) PCEB(S0) PCEC(S0) SBAZ(S0) PS2K(S0) PS2M(S0) P0PC(S0) UHC1(S0) UHC2(S0) [...] acpitimer0 at acpi0: 3579545 Hz, 32 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: AMD Turion(tm) X2 Ultra Dual-Core Mobile ZM-84, 2300.39 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,CX16,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,3DNOWP,OSVW,SKINIT,ITSC cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 1MB 64b/line 16-way L2 cache cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu0: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges cpu0: apic clock running at 200MHz cpu1 at mainbus0: apid 1 (application processor) cpu1: AMD Turion(tm) X2 Ultra Dual-Core Mobile ZM-84, 2300.13 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,CX16,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,3DNOWP,OSVW,SKINIT,ITSC cpu1: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 1MB 64b/line 16-way L2 cache cpu1: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu1: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu1: smt 0, core 1, package 0 ioapic0 at mainbus0: apid 2 pa 0xfec0, version 21, 24 pins acpimcfg0 at acpi0 addr 0xe000, bus 0-255 acpihpet0 at acpi0: 14318180 Hz acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 1 (P0P1) acpiprt2 at acpi0: bus -1 (PCE2) acpiprt3 at acpi0: bus -1 (PCE3) acpiprt4 at acpi0: bus 2 (PCE7) acpiprt5 at acpi0: bus -1 (PCEA) acpiprt6 at acpi0: bus 3 (P0PC) acpicpu0 at acpi0: PSS acpicpu1 at acpi0: PSS acpitz0 at acpi0: critical temperature is 120 degC acpibtn0 at acpi0: PWRB cpu0: 2300 MHz: speeds: 2300 1200 600 MHz pci0 at mainbus0 bus 0 pchb0 at pci0 dev 0 function 0 AMD RS780 Host rev 0x00 ppb0 at pci0 dev 1 function 0 AMD RS780 PCIE rev 0x00 pci1 at ppb0 bus 1 radeondrm0 at pci1 dev 5 function 0 ATI Radeon HD 3200 rev 0x00 drm0 at radeondrm0 radeondrm0: apic 2 int 18 ppb1 at pci0 dev 7 function 0 AMD RS780 PCIE rev 0x00: msi pci2 at ppb1 bus 2 bge0 at pci2 dev 0 function 0 Broadcom BCM5787M rev 0x02, BCM5754/5787 A2 (0xb002): msi, address 00:23:7d:cc:6b:94 brgphy0 at bge0 phy 1: BCM5787 10/100/1000baseT PHY, rev. 0 ohci0 at pci0 dev 18 function 0 ATI SB700 USB rev 0x00: apic 2 int 16, version 1.0, legacy support ohci1 at pci0 dev 18 function 1 ATI SB700 USB rev 0x00: apic 2 int 16, version 1.0, legacy support ehci0 at pci0 dev 18 function 2 ATI SB700 USB2 rev 0x00: apic 2 int 17 ehci0: halt timeout usb0 at ehci0: USB revision 2.0 uhub0 at usb0 ATI EHCI root hub rev 2.00/1.00 addr 1 ohci2 at pci0 dev 19 function 0 ATI SB700 USB rev 0x00: apic 2 int 18, version 1.0, legacy support ohci3 at pci0 dev 19 function 1 ATI SB700 USB rev 0x00: apic 2 int 18, version 1.0, legacy support ehci1 at pci0 dev 19 function 2 ATI SB700 USB2 rev 0x00: apic 2 int 19 usb1 at ehci1: USB revision 2.0 uhub1 at usb1 ATI EHCI root hub rev 2.00/1.00 addr 1 piixpm0 at pci0 dev 20 function 0 ATI SBx00 SMBus rev 0x3a: SMI iic0 at piixpm0 spdmem0 at iic0 addr 0x50: 1GB DDR2 SDRAM non-parity PC2-6400CL5 SO-DIMM spdmem1 at iic0 addr 0x51: 1GB DDR2 SDRAM non-parity PC2-6400CL5 SO-DIMM pciide0 at pci0 dev 20 function 1 ATI SB700 IDE rev 0x00: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility wd0 at pciide0 channel 0 drive 0: 1GB ATA Flash Disk wd0: 1-sector PIO, LBA, 977MB, 2001888 sectors wd0(pciide0:0:0): using PIO mode 4, DMA mode 2, Ultra-DMA mode 4 azalia0 at pci0 dev 20 function 2 ATI SBx00 HD Audio rev 0x00: apic 2 int 16 azalia0: codecs: Realtek ALC262 audio0 at azalia0 pcib0 at pci0 dev 20 function 3 ATI SB700 ISA rev 0x00 ppb2 at pci0 dev 20 function 4 ATI SB600 PCI rev 0x00 pci3 at ppb2 bus 3 pchb1 at pci0 dev 24 function 0 AMD AMD64 11h HyperTransport rev 0x40 pchb2 at pci0 dev 24 function 1 AMD AMD64 11h
Re: Help w/ masquerade feature now that sendmail[1] has been removed from base
On Tue, Sep 16, 2014 at 09:41:20AM -0400, RD Thrush wrote: sendmail's masquerade function is missing from OpenSMTPD. What are the plans for masquerade? Update OpenSMTPD or create a sendmail port or document the smtpd filter API or ??? I've previously asked for help on the opensmtpd-misc mailing list[2]. As I already told you very recently, the plan is to provide masquerading through a filter. As I also told you, the filter API is pretty much there and masquerade feature just needs eric and I to find time to complete it. Given that we're swamped until October, unless someone does it before we do, the masquerading feature will not be available before mid-October. If the feature is critical to you and you cannot wait until we complete it, then clearly the best thing to do is to install a package for another MTA... Searching the archives shows that work (on masquerade) was started but appears to have stopped. Apparently, masquerade functionality would be possible using the (undocumented) OpenSMTPD filter API. It has not stopped, it has paused because of summer vacations and daytime work. You have asked me many times about it and I have told you the current state many times. And YES, _again_, the API is not documented because while it is there and it is working, we have not decided that it is final and we don't want people to start assuming the interface is stable. It shouldn't prevent anyone aware of the possible interface change from writing filters, there are very few simple functions and some filters skeletons to work with for anyone knowing a bit of C. ericfaurot(2014-02-28) i have a filter-masquerade which is basically working but needs polishing. It will be a nice test case for the filter framework. /blockquote There you go. I know we don't work as fast as you'd like but things are moving forward and they do at our pace, asking again and again and again is not going to make a change in how fast we work. -- Gilles Chehade https://www.poolp.org @poolpOrg
Re: [Bulk] Re: random.seed and read only root
On Mon, 15 Sep 2014 21:22:55 -0700 Philip Guenther wrote: So I guess I am either missing something or should just wait for an actual release or two to see what's planned for ro root. Doesn't read-only root require additional hacks already to make device ownership work? You're kludging the system already; just add another line to the kludge for this... True (mfs /dev) and makes sense all things considered. Thanks, Kc
Re: pf queue max bug
On Tue, Sep 16, 2014 at 01:07:00PM +0200, Henning Brauer wrote: * Atanas Vladimirov vl...@bsdbg.net [2014-09-16 12:58]: As I said this was my working pf.conf for new queueing system on i386. I think that the problem is elsewhere. When you set the queue max bandwidth it must not exceed that value. if the sums of the target bandwidth exceed interface speed or min/target exceed max, all bets are off. fix your queue defs. I was looking at pf.conf's man page and noticed that in some examples the queue parameters appear separated by commas: queue ssh parent std bandwidth 10M, min 5M, max 25M and in some cases without commas: queue ssh_interactive parent ssh bandwidth 10M min 5M Does this make a difference? And if not, should pf.conf be fixed for consistency? Cheers Zé -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services GmbH, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS. Virtual Dedicated Servers, Root to Fully Managed Henning Brauer Consulting, http://henningbrauer.com/ --
Re: pf queue max bug
On 16.09.2014 19:32, Zé Loff wrote: On Tue, Sep 16, 2014 at 01:07:00PM +0200, Henning Brauer wrote: * Atanas Vladimirov vl...@bsdbg.net [2014-09-16 12:58]: As I said this was my working pf.conf for new queueing system on i386. I think that the problem is elsewhere. When you set the queue max bandwidth it must not exceed that value. if the sums of the target bandwidth exceed interface speed or min/target exceed max, all bets are off. fix your queue defs. I was looking at pf.conf's man page and noticed that in some examples the queue parameters appear separated by commas: queue ssh parent std bandwidth 10M, min 5M, max 25M and in some cases without commas: queue ssh_interactive parent ssh bandwidth 10M min 5M Does this make a difference? And if not, should pf.conf be fixed for consistency? Cheers Zé -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services GmbH, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS. Virtual Dedicated Servers, Root to Fully Managed Henning Brauer Consulting, http://henningbrauer.com/ Hi Henning, Thanks for your respond but can you give me an advice on how to solve this matter. I changed my queues definitions (the sums didn't exceed interface speed or min max) with no luck: queue rootq on $ExtIf bandwidth 100M max 100M queue inter parent rootq bandwidth 3M max 3M queue i_ack parent inter bandwidth 1M, min 1M queue i_dns parent inter bandwidth 500K queue i_ntp parent inter bandwidth 300K queue i_web parent inter bandwidth 1M burst 2M for 1ms queue i_bulkparent inter bandwidth 170K queue i_bittor parent inter bandwidth 30K, max 1400K default queue bg parent rootq bandwidth 40M max 40M queue b_ack parent bg bandwidth 15M, min 10M queue b_dns parent bg bandwidth 1M, min 1M queue b_ntp parent bg bandwidth 4M, min 4M queue b_rdc parent bg bandwidth 4M, min 4M queue b_web parent bg bandwidth 10M, min 9M burst 40M for 5000ms, max 37M queue b_bulkparent bg bandwidth 5M, min 4M queue b_bittor parent bg bandwidth 1M, max 2M queue b_bittor parent bg on em0 bandwidth 1M, max 2M qlimit 50 [ pkts: 54890 bytes: 79466769 dropped pkts: 0 bytes: 0 ] [ qlength: 0/ 50 ] [ measured: 2701.8 packets/s, 31.28Mb/s ] QUEUE BW SCH PRIO PKTSBYTES DROP_P DROP_B QLEN BORROW SUSPEN P/S B/S rootq on em0100M 00 000 0 0 inter3M 00 000 0 0 i_ack 1M 47177 3118394 000 215 14246 i_dns 500K35432191 00010 954 i_ntp 300K15113590 000 1.0 89 i_web 1M 1970 634138 000102810 i_bulk170K14328491 000 1.0 41 i_bittor 30K 19556 2837925 00060 18395 bg 40M 00 000 0 0 b_ack 15M 101160608 000 1.0 57 b_dns 1M 56 8423 000 0 0 b_ntp 4M43439016 000 1.0 89 b_rdc 4M 00 000 0 0 b_web 10M10714833 000 1.0 108 b_bulk 5M 32 2318 000 0 0 b_bittor1M 450367 636064K 000 2264 3245446
Re: OpenBSD 5.6 theme song?
On Monday, September 15, 2014 08:17:09 PM Philip Guenther wrote: -snip- Hmm, I should start thinking about what to put on lyrics.html for this release (that's the *final* chunk of work for the theme)... Philip Guenther My feelings are not hurt. Trust me. I couldn't care less either way, but only made the post because I was being hassled to do so. :) -- Chuck
Re: pf block return sends rst through wrong interface
On Fri, Sep 12, 2014 at 12:10 PM, Henning Brauer hb-open...@ml.bsws.de wrote: * Thomas Pfaff tpf...@tp76.info [2014-08-28 13:51]: I have a router with two external interfaces, ext_if1 and ext_if2, where everything gets routed through ext_if2 by default (gateway) except for a few daemons on ext_if1. pass in on $ext_if1 inet proto tcp from any to $ext_if1 \ port ssh reply-to ($ext_if1 $ext_gw1) This seems to work as expected, sending return traffic through ext_if1 rather than the default gateway. The problem is when a connection attempt is made on $ext_if1 to a blocked port (set block-policy return). RST is sent through ext_if2 rather than ext_if1, thus showing up at the destination with the wrong source address. I'm unable to find a rule that will get the router to send RST through the correct interface, so other than using block-policy drop to not send RST, is there a way to make it send through the correct interface (ext_if1 in this case)? pf-generated packets like these RSTs bypass the ruleset, thus never hit your reply-to. I'm not aware of a solution. (route-to and reply-to are stupid to begin with. Avoid at all cost.) Can you explain how you avoid this when having multiple default route ? -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services GmbH, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS. Virtual Dedicated Servers, Root to Fully Managed Henning Brauer Consulting, http://henningbrauer.com/ -- - () ascii ribbon campaign - against html e-mail /\
Re: OpenBSD 5.6 theme song?
On 09/16/14 05:17, Philip Guenther wrote: On Mon, Sep 15, 2014 at 6:43 PM, Chuck Burns brea...@gmail.com wrote: ... And now a bunch of people in the channel want this spoof to get finished and become the new theme song for the upcoming 5.6 release. Heh. I've been heavily involved in the theme and design of the last few releases, so I'll make just a few comments: Thanks for the explanations of how it works behind the scenes. I have often found that when there is a theme I persue the movie or book afterwards and find out new things about it, and the riddle of life. Just lately I found out an illuminati connection to BTTF, which was interesting. Had OpenBSD 5.5 not been this theme I would not have looked up the BTTF on youtube and would have never found this weird documentary, which I didn't fully watch either but what I saw was interesting. Sincerely, -peter 1) a theme is more than just a song: what's the art about? Who/what is puffy? Is the theme tying into something specific done in the release or more general? Will there be enough material for the booklet and song? 2) working with the artist and music director take *time*: you send some ideas, they think and send questions back, you ponder lyrics and how to map from the theme to a world with Puffy, you propose more stuff, much of it too abstract or complex to be presented in a DVD-case booklet and/or song, they ignore your insanity, you start to see sketches and character designs, perhaps a demo track. Lather, rinse, repeat. At some point draft layouts are sent back and you get concerned with smaller and finer details. The wording for the back cover is almost the last thing to go into the art. A fully mixed version of the song shows up. You worry about the exact installer text to appear in the booklet. A deadline is reached and it all gets sent off to the factory (and then the next day you find that last glitch in the wording that you read right over before and kick yourself repeatedly). That deadline was *LAST MONTH*. The 5.6 theme came out of a brief conversation while eating during a hackathon in *April*; I described it to the artist with written description of possible images on the 1st of May. 3) no insult, but committers have dibs on theme selection, in part because it's a privilege to exercise your creativity in a different way, but also because it takes both effort and commitment to get it all done both well and on time. The project needs to know that the person(s) working with the artist and music director on the theme is committed to getting it done. Hmm, I should start thinking about what to put on lyrics.html for this release (that's the *final* chunk of work for the theme)... Philip Guenther
Re: DNSSEC-query with DO-bit through libc ?
Am 16.09.2014 um 00:55 schrieb Stuart Henderson: On 2014-09-15, Marco Prause marco-obsdm...@prause.eu wrote: Looking at lib/libc/net/res_query.c Try libc/asr/res_query.c .. Thanks for the hint - I'd have a look at, but sadly it doesn't help me understanding, what's going on. Having a look at postfix-src I found a notice at /usr/ports/distfiles/postfix/postfix-2.11.0/srcdns/dns_lookup.c that says ... /* .IP RES_USE_DNSSEC /* Request DNSSEC validation. This flag is silently ignored /* when the system stub resolver API, resolver(3), does not /* implement DNSSEC. ... so far so good, but man resolver 3 looks also good to me : ... RES_USE_EDNS0 Attach an OPT pseudo-RR for the EDNS0 extension, as specified in RFC 2671. This informs DNS servers of a client's receive buffer size, allowing them to take advantage of a non-default receive buffer size, and thus to send larger replies. DNS query packets with the EDNS0 extension are not compatible with non-EDNS0 DNS servers. RES_USE_DNSSEC Request that the resolver uses Domain Name System Security Extensions (DNSSEC), as defined in RFCs 4033, 4034, and 4035. ... in include/resolv.h I also find global definitions for both : ... #define RES_USE_EDNS0 0x4000 /* use EDNS0 */ /* DNSSEC extensions: use higher bit to avoid conflict with ISC use */ #define RES_USE_DNSSEC 0x2000 /* use DNSSEC using OK bit in OPT */ ... but I can't see it anywhere beeing used at the query-parts at getrrsetbyname.c, res_mkquery.c, res_query.c - they are mentioned only at the responses, but in my opinion the DO-bit also have to be set in the query, to signal the usage of DNSSEC and this is, what I didn't see sniffing on the outgoing interface. Regards, Marco
Re: make update on /usr/ports has errors switch to -current
On Tue, 16 Sep 2014 23:40:47 +1000 vic...@pcug.org.au wrote: | Hi, | | I thought [during the last stage of switching to -current] the | Makefile's $PKG_PATH variable in /usr/ports had to be set the same | as it is in ~/.profile. ie. PKG_PATH=ftp://mirror.aarnet.edu.au/pub | /OpenBSD/5.5/packages/$(uname -m). But that gives me Broken dependency | error. Without doing that, most of make update output gives me these | errors: Hi Vicbus, Not sure if it is just the email that is unclear, but normally you would not switch to current. Follow http://www.openbsd.org/faq/faq5.html#Bld - first step is Install or Upgrade to closest available binary which means you should install a snapshot cd. If you are building ports it does not matter what your PKG_PATH is, only that your ports tree (and src and xenocara) are all up to date. Also if you are following current, your PKG_PATH above is wrong, yours should be something like http://mirror.aarnet.edu.au/pub/OpenBSD/snapshots/packages/$(uname -m) Cheers, Brett.
Re: npppd Ipsec L2TP mtu issues.
On Mon, 15 Sep 2014 20:22:25 +0200 Jens Hansen jensh...@gmail.com wrote: Thank you for your response. I've investegated a little further, I see the following in /var/log/messages on the l2tp npppd server: l2tpd ctrl=1 timeout waiting ack for hello packets. l2tpd ctrl=1 call=28732 logtype=PPPUnbind The client reports that the tunnel went down.. does this indidacte an mss/mtu issue? I've tried scrub on pppx and to set mru i npppd.conf ...no luck... That log message indicates L2TP keepalive is failed. The client didn't respond for long time. --yasuoka
Dansguardian not working after updating OBSD Current
Hi, I'm not sure what happened but after updating OpenBSD today, then updating the installed packages Dansguardian seems to not be working. My OpenBSD version is: 5.6 GENERIC.MP#376 amd64 as stated just been updated today. then used: pkg_add -vui to update the packages. Just checking one of the mirrors, it seems all packages were synced recently, so not sure if that actually refers to being updated. The version available seems to be 2.12.0.3, though checking the Sourceforge page: http://sourceforge.net/projects/dansguardian/files/ it seems that the code hasn't been updated since 2012 The only error in the logs that I can see is: dansguardian[11832]: Error polling child process sockets: Invalid argument dansguardian[11832]: Error polling child process sockets: Invalid argument Upon researching the error I found: http://comments.gmane.org/gmane.comp.web.dansguardian.general/1342 which is way out of date! Changing the settings stated using sysctl didn't help either: kern.shminfo.shmmni=512 kern.shminfo.shmseg=512 I also attempted to compile directly from source incase something went amiss somewhere with my setup. That also didn't seem to work. The port won't build as it throws this error: *** Error 1 in . (/usr/ports/infrastructure/mk/bsd.port.mk:1876 '/var/db/pkg/dansguardian-2.12.0.3/+CONTENTS': @ /usr/bin/env -i PKG_TMPDIR=...) *** Error 1 in /usr/ports/www/dansguardian (/usr/ports/infrastructure/mk/bsd.port.mk:2388 'install') Though checking around previously there was something about the port not being signed? Would anyone be able to suggest a fix or help out? Even an 'alternative' more upto date solution would be fine. I'm running it in conjunction with Squid, c-icap, and clamav. So as well as simply filtering websites it also hooks into clam with a virus scan and then the Squid proxy to get to the web. Thanks. Kaya 5.6 GENERIC.MP#376 amd64
Re: Dansguardian not working after updating OBSD Current
On Tue, Sep 16, 2014 at 4:27 PM, Kaya Saman kayasa...@gmail.com wrote: I'm not sure what happened but after updating OpenBSD today, then updating the installed packages Dansguardian seems to not be working. ... The only error in the logs that I can see is: dansguardian[11832]: Error polling child process sockets: Invalid argument dansguardian[11832]: Error polling child process sockets: Invalid argument So the error means that poll() is being passed an nfds argument too large, larger than the process could have open as fds. It looks like the code, for some reason I cannot understand, passes poll() a pollfd structure for each child process...with fd=-1, so that it will be ignored. Uh, why? Why is it passing pollfd structures to the kernel that it *wants* the kernel to ignore? It seems that the code could simply skip over allocating and filling in those pollfd structures and have the exact same effect. As for what changed, well, something changed the number of child processes you're experiencing (load?), or the process fd limit (RLIMIT_NOFILE) for dansguardian changed. Philip Guenther
Re: Dansguardian not working after updating OBSD Current
On 09/17/2014 03:55 AM, Philip Guenther wrote: On Tue, Sep 16, 2014 at 4:27 PM, Kaya Saman kayasa...@gmail.com wrote: I'm not sure what happened but after updating OpenBSD today, then updating the installed packages Dansguardian seems to not be working. ... The only error in the logs that I can see is: dansguardian[11832]: Error polling child process sockets: Invalid argument dansguardian[11832]: Error polling child process sockets: Invalid argument So the error means that poll() is being passed an nfds argument too large, larger than the process could have open as fds. It looks like the code, for some reason I cannot understand, passes poll() a pollfd structure for each child process...with fd=-1, so that it will be ignored. Uh, why? Why is it passing pollfd structures to the kernel that it *wants* the kernel to ignore? It seems that the code could simply skip over allocating and filling in those pollfd structures and have the exact same effect. As for what changed, well, something changed the number of child processes you're experiencing (load?), or the process fd limit (RLIMIT_NOFILE) for dansguardian changed. Philip Guenther Thanks Philip for the response. It wouldn't be load that's causing this issue as I'm monitoring the machine using multiple monitoring tools. As to the process limit, I've got infinity set for the daemon under login.conf though root user is at defaults. Since Dansguardian is being run as it's own user the root portion shouldn't apply. The kernel maxproc value is set to 1310 (default??). Outside of modifying the source code is there anything I can try within the system to allow Dansgaurdian to run? I'm not sure if the upgrade changed any default values that may have effected this as the last update went through fine?? Weird! Regards, Kaya