openbsd 5.5 sometimes trap after wake from suspend (apm -z)

[Кирилл]

Hello.
Here is trace at ddb:
http://i.imgur.com/MoPz405.jpg

Help, please!
Thanks!

Here is dmesg:
OpenBSD 5.5 (GENERIC.MP) #262: Wed Mar  5 10:06:29 MST 2014
dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC.MP
cpu0: Intel(R) Atom(TM) CPU N270 @ 1.60GHz (GenuineIntel 686-class) 1.61
GHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,NXE,SSE3,DTES64,MWAIT,DS-CPL,EST,TM2,SSSE3,xTPR,PDCM,MOVBE,LAHF,PERF
real mem  = 1062436864 (1013MB)
avail mem = 1032744960 (984MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 04/14/08, SMBIOS rev. 2.4 @
0x3f607010 (45 entries)
bios0: vendor American Megatrends Inc. version 4.6.3 date 07/16/2008
bios0: MICRO-STAR INTERNATIONAL CO., LTD U-100
acpi0 at bios0: rev 2
acpi0: sleep states S0 S1 S3 S4 S5
acpi0: tables DSDT FACP APIC MCFG SLIC SSDT SSDT SSDT
acpi0: wakeup devices P0P2(S4) PEGP(S4) USB0(S1) USB1(S1) USB2(S1) USB3(S1)
EHCI(S1) MC97(S4) P0P1(S4) P0P4(S4) P0P5(S4) P0P6(S4) P0P7(S4) P0P8(S4)
P0P9(S4)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 133MHz
cpu0: mwait min=64, max=64, C-substates=0.2.2.0.2, IBE
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Intel(R) Atom(TM) CPU N270 @ 1.60GHz (GenuineIntel 686-class) 1.60
GHz
cpu1:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,NXE,SSE3,DTES64,MWAIT,DS-CPL,EST,TM2,SSSE3,xTPR,PDCM,MOVBE,LAHF,PERF
ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins
acpimcfg0 at acpi0 addr 0xe000, bus 0-255
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus -1 (P0P2)
acpiprt2 at acpi0: bus 1 (P0P4)
acpiprt3 at acpi0: bus 2 (P0P5)
acpiprt4 at acpi0: bus -1 (P0P6)
acpiprt5 at acpi0: bus -1 (P0P7)
acpiprt6 at acpi0: bus -1 (P0P8)
acpiprt7 at acpi0: bus -1 (P0P9)
acpiec0 at acpi0
acpicpu0 at acpi0: C3, C2, C1, PSS
acpicpu1 at acpi0: C3, C2, C1, PSS
acpitz0 at acpi0: critical temperature is 100 degC
acpiac0 at acpi0: AC unit online
acpibat0 at acpi0: BAT1 model MS-N011
 serial
 type LION
 oem MSI Corp.

acpibtn0 at acpi0: LID0
acpibtn1 at acpi0: PWRB
acpibtn2 at acpi0: SLPB
acpivideo0 at acpi0: IGD_
acpivout0 at acpivideo0: LCD_
bios0: ROM list: 0xc/0xea00! 0xcf000/0x1000
cpu0: Enhanced SpeedStep 1600 MHz: speeds: 1600, 1333, 1067, 800 MHz
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 0 function 0 Intel 82945GME Host rev 0x03
vga1 at pci0 dev 2 function 0 Intel 82945GME Video rev 0x03
intagp0 at vga1
agp0 at intagp0: aperture at 0xc000, size 0x1000
inteldrm0 at vga1
drm0 at inteldrm0
composite sync not supported
composite sync not supported
inteldrm0: 1024x600
wsdisplay0 at vga1 mux 1: console (std, vt100 emulation)
wsdisplay0: screen 1-5 added (std, vt100 emulation)
Intel 82945GM Video rev 0x03 at pci0 dev 2 function 1 not configured
azalia0 at pci0 dev 27 function 0 Intel 82801GB HD Audio rev 0x02: msi
azalia0: codecs: Realtek ALC888
audio0 at azalia0
ppb0 at pci0 dev 28 function 0 Intel 82801GB PCIE rev 0x02: apic 2 int 16
pci1 at ppb0 bus 1
re0 at pci1 dev 0 function 0 Realtek 8101E rev 0x02: RTL8102E (0x3480),
msi, address 00:21:85:52:d5:ea
rlphy0 at re0 phy 7: RTL8201L 10/100 PHY, rev. 1
ppb1 at pci0 dev 28 function 1 Intel 82801GB PCIE rev 0x02: apic 2 int 17
pci2 at ppb1 bus 2
iwn0 at pci2 dev 0 function 0 Intel Wireless WiFi Link 4965 rev 0x61:
msi, MIMO 2T3R, MoW2, address 00:13:e8:7a:c3:7d
uhci0 at pci0 dev 29 function 0 Intel 82801GB USB rev 0x02: apic 2 int 23
uhci1 at pci0 dev 29 function 1 Intel 82801GB USB rev 0x02: apic 2 int 19
uhci2 at pci0 dev 29 function 2 Intel 82801GB USB rev 0x02: apic 2 int 18
uhci3 at pci0 dev 29 function 3 Intel 82801GB USB rev 0x02: apic 2 int 16
ehci0 at pci0 dev 29 function 7 Intel 82801GB USB rev 0x02: apic 2 int 23
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 Intel EHCI root hub rev 2.00/1.00 addr 1
ppb2 at pci0 dev 30 function 0 Intel 82801BAM Hub-to-PCI rev 0xe2
pci3 at ppb2 bus 3
ichpcib0 at pci0 dev 31 function 0 Intel 82801GBM LPC rev 0x02: PM
disabled
pciide0 at pci0 dev 31 function 2 Intel 82801GBM SATA rev 0x02: DMA,
channel 0 wired to compatibility, channel 1 wired to compatibility
wd0 at pciide0 channel 0 drive 0: TOSHIBA MQ01ABD100
wd0: 16-sector PIO, LBA48, 953869MB, 1953525168 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5
usb1 at uhci0: USB revision 1.0
uhub1 at usb1 Intel UHCI root hub rev 1.00/1.00 addr 1
usb2 at uhci1: USB revision 1.0
uhub2 at usb2 Intel UHCI root hub rev 1.00/1.00 addr 1
usb3 at uhci2: USB revision 1.0
uhub3 at usb3 Intel UHCI root hub rev 1.00/1.00 addr 1
usb4 at uhci3: USB revision 1.0
uhub4 at usb4 Intel UHCI root hub rev 1.00/1.00 addr 1
isa0 at ichpcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for 

Re: openbsd 5.5 sometimes trap after wake from suspend (apm -z)

[Mike Larkin]

Next time this happens, try to get a picture of 'show registers' in
addition to 'trace'.

Thanks.

-ml

On Tue, Sep 16, 2014 at 10:31:13AM +0400,   wrote:
 Hello.
 Here is trace at ddb:
 http://i.imgur.com/MoPz405.jpg
 
 Help, please!
 Thanks!
 
 Here is dmesg:
 OpenBSD 5.5 (GENERIC.MP) #262: Wed Mar  5 10:06:29 MST 2014
 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC.MP
 cpu0: Intel(R) Atom(TM) CPU N270 @ 1.60GHz (GenuineIntel 686-class) 1.61
 GHz
 cpu0:
 FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,NXE,SSE3,DTES64,MWAIT,DS-CPL,EST,TM2,SSSE3,xTPR,PDCM,MOVBE,LAHF,PERF
 real mem  = 1062436864 (1013MB)
 avail mem = 1032744960 (984MB)
 mainbus0 at root
 bios0 at mainbus0: AT/286+ BIOS, date 04/14/08, SMBIOS rev. 2.4 @
 0x3f607010 (45 entries)
 bios0: vendor American Megatrends Inc. version 4.6.3 date 07/16/2008
 bios0: MICRO-STAR INTERNATIONAL CO., LTD U-100
 acpi0 at bios0: rev 2
 acpi0: sleep states S0 S1 S3 S4 S5
 acpi0: tables DSDT FACP APIC MCFG SLIC SSDT SSDT SSDT
 acpi0: wakeup devices P0P2(S4) PEGP(S4) USB0(S1) USB1(S1) USB2(S1) USB3(S1)
 EHCI(S1) MC97(S4) P0P1(S4) P0P4(S4) P0P5(S4) P0P6(S4) P0P7(S4) P0P8(S4)
 P0P9(S4)
 acpitimer0 at acpi0: 3579545 Hz, 24 bits
 acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
 cpu0 at mainbus0: apid 0 (boot processor)
 mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
 cpu0: apic clock running at 133MHz
 cpu0: mwait min=64, max=64, C-substates=0.2.2.0.2, IBE
 cpu1 at mainbus0: apid 1 (application processor)
 cpu1: Intel(R) Atom(TM) CPU N270 @ 1.60GHz (GenuineIntel 686-class) 1.60
 GHz
 cpu1:
 FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,NXE,SSE3,DTES64,MWAIT,DS-CPL,EST,TM2,SSSE3,xTPR,PDCM,MOVBE,LAHF,PERF
 ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins
 acpimcfg0 at acpi0 addr 0xe000, bus 0-255
 acpiprt0 at acpi0: bus 0 (PCI0)
 acpiprt1 at acpi0: bus -1 (P0P2)
 acpiprt2 at acpi0: bus 1 (P0P4)
 acpiprt3 at acpi0: bus 2 (P0P5)
 acpiprt4 at acpi0: bus -1 (P0P6)
 acpiprt5 at acpi0: bus -1 (P0P7)
 acpiprt6 at acpi0: bus -1 (P0P8)
 acpiprt7 at acpi0: bus -1 (P0P9)
 acpiec0 at acpi0
 acpicpu0 at acpi0: C3, C2, C1, PSS
 acpicpu1 at acpi0: C3, C2, C1, PSS
 acpitz0 at acpi0: critical temperature is 100 degC
 acpiac0 at acpi0: AC unit online
 acpibat0 at acpi0: BAT1 model MS-N011
  serial
  type LION
  oem MSI Corp.
 
 acpibtn0 at acpi0: LID0
 acpibtn1 at acpi0: PWRB
 acpibtn2 at acpi0: SLPB
 acpivideo0 at acpi0: IGD_
 acpivout0 at acpivideo0: LCD_
 bios0: ROM list: 0xc/0xea00! 0xcf000/0x1000
 cpu0: Enhanced SpeedStep 1600 MHz: speeds: 1600, 1333, 1067, 800 MHz
 pci0 at mainbus0 bus 0: configuration mode 1 (bios)
 pchb0 at pci0 dev 0 function 0 Intel 82945GME Host rev 0x03
 vga1 at pci0 dev 2 function 0 Intel 82945GME Video rev 0x03
 intagp0 at vga1
 agp0 at intagp0: aperture at 0xc000, size 0x1000
 inteldrm0 at vga1
 drm0 at inteldrm0
 composite sync not supported
 composite sync not supported
 inteldrm0: 1024x600
 wsdisplay0 at vga1 mux 1: console (std, vt100 emulation)
 wsdisplay0: screen 1-5 added (std, vt100 emulation)
 Intel 82945GM Video rev 0x03 at pci0 dev 2 function 1 not configured
 azalia0 at pci0 dev 27 function 0 Intel 82801GB HD Audio rev 0x02: msi
 azalia0: codecs: Realtek ALC888
 audio0 at azalia0
 ppb0 at pci0 dev 28 function 0 Intel 82801GB PCIE rev 0x02: apic 2 int 16
 pci1 at ppb0 bus 1
 re0 at pci1 dev 0 function 0 Realtek 8101E rev 0x02: RTL8102E (0x3480),
 msi, address 00:21:85:52:d5:ea
 rlphy0 at re0 phy 7: RTL8201L 10/100 PHY, rev. 1
 ppb1 at pci0 dev 28 function 1 Intel 82801GB PCIE rev 0x02: apic 2 int 17
 pci2 at ppb1 bus 2
 iwn0 at pci2 dev 0 function 0 Intel Wireless WiFi Link 4965 rev 0x61:
 msi, MIMO 2T3R, MoW2, address 00:13:e8:7a:c3:7d
 uhci0 at pci0 dev 29 function 0 Intel 82801GB USB rev 0x02: apic 2 int 23
 uhci1 at pci0 dev 29 function 1 Intel 82801GB USB rev 0x02: apic 2 int 19
 uhci2 at pci0 dev 29 function 2 Intel 82801GB USB rev 0x02: apic 2 int 18
 uhci3 at pci0 dev 29 function 3 Intel 82801GB USB rev 0x02: apic 2 int 16
 ehci0 at pci0 dev 29 function 7 Intel 82801GB USB rev 0x02: apic 2 int 23
 usb0 at ehci0: USB revision 2.0
 uhub0 at usb0 Intel EHCI root hub rev 2.00/1.00 addr 1
 ppb2 at pci0 dev 30 function 0 Intel 82801BAM Hub-to-PCI rev 0xe2
 pci3 at ppb2 bus 3
 ichpcib0 at pci0 dev 31 function 0 Intel 82801GBM LPC rev 0x02: PM
 disabled
 pciide0 at pci0 dev 31 function 2 Intel 82801GBM SATA rev 0x02: DMA,
 channel 0 wired to compatibility, channel 1 wired to compatibility
 wd0 at pciide0 channel 0 drive 0: TOSHIBA MQ01ABD100
 wd0: 16-sector PIO, LBA48, 953869MB, 1953525168 sectors
 wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5
 usb1 at uhci0: USB revision 1.0
 uhub1 at usb1 Intel UHCI root hub rev 1.00/1.00 addr 1
 usb2 at uhci1: USB revision 1.0
 uhub2 at usb2 Intel UHCI root hub rev 1.00/1.00 addr 1
 usb3 at 

pf queue max bug

[Atanas Vladimirov]

Hi,
I moved my old server to a better hardware and I installed amd64 
-current (old one was i386 following -current) and made a drop in 
replacement of pf.conf.
The problem is that when I set a queue MAX speed limit it didn't work as 
it should - for example b_bittor:


pf.conf:

 queue rootq on $ExtIf bandwidth 100M max 100M
  queue inter parent rootq bandwidth 3M max 2950K
   queue i_ack parent inter bandwidth 2M, min 1M
   queue i_dns parent inter bandwidth 500K
   queue i_ntp parent inter bandwidth 300K
   queue i_web parent inter bandwidth 2M burst 2M for 1ms
   queue i_bulkparent inter bandwidth 170K
   queue i_bittor  parent inter bandwidth 30K, max 1400K default

  queue bg parent rootq bandwidth 40M max 39M
   queue b_ack parent bg bandwidth 15M, min 10M
   queue b_dns parent bg bandwidth 1M, min 1M
   queue b_ntp parent bg bandwidth 4M, min 4M
   queue b_rdc parent bg bandwidth 4M, min 4M
   queue b_web parent bg bandwidth 15M, min 15M burst 40M for 
5000ms, max 37M

   queue b_bulkparent bg bandwidth 8M, min 5M
   queue b_bittor  parent bg bandwidth 2M, max 2M

queue b_bittor parent bg on em0 bandwidth 2M, max 2M qlimit 50
  [ pkts:1441771  bytes: 2064477928  dropped pkts:  0 bytes: 
 0 ]

  [ qlength:   0/ 50 ]
  [ measured:  2043.4 packets/s, 23.69Mb/s ]

1 usersLoad 0.41 0.40 0.43 Tue Sep 16 
10:12:56 2014


QUEUE BW SCH  PRIO PKTSBYTES   
DROP_P   DROP_B QLEN BORROW SUSPEN P/S B/S
rootq on em0100M  00
000 0   0
 inter3M  00
000 0   0
  i_ack   2M   8365   527486   
44 23880 0   0
  i_dns 500K   1333   142263
000 0   0
  i_ntp 300K   1143   105017
000   1.0  89
  i_web   2M   2328   742242   
24 21970 0   0
  i_bulk170K   1482   242112
000 0   0
  i_bittor   30K  91768  9426828
000453024
 bg  40M  00
000 0   0
  b_ack  15M  23306  1428052
000 2 164
  b_dns   1M  10044  4865285
00028   18672
  b_ntp   4M   2819   256892
000 1 178
  b_rdc   4M  00
000 0   0
  b_web  15M800   203426   
23105560   1.0  97
  b_bulk  8M32823814
000 0   0
  b_bittor2M1649850 2310255K
000  2610 3796423


dmesg:
OpenBSD 5.6-current (GENERIC.MP) #374: Mon Sep 15 08:42:10 MDT 2014
t...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 6416760832 (6119MB)
avail mem = 6237216768 (5948MB)
..

Re: How to disable the mouse cursor in FVWM?

[somelooser3524]

Hello, 

I tried several CursorMove and CursorStyle configs, none of them work.


I don't have xorg.conf.d. 

Many thanks!

On 2014. 09. 15. at 3:52 PM, Piotr Isajew  wrote:Dnia 12.09.2014
somelooser3...@hushmail.com  napisał/a:

 we are using OpenBSD 5.5 with FVWM.

 How can we disable the mouse cursor?

To disable input events from pointing device you could add
something like that in /etc/X11/xorg.conf.d:

Section InputClass
Identifier mouse-all
MatchIsPointer on
Option ignore yes
EndSection

This however will not hide the pointer. For that I would try to
use
CursorMove command in FVWM to get cursor off-screen and/or
CursorStyle to set cursors to something that will not disturb.

Re: How to disable keyboard+mouse input in FVWM?

[somelooser3524]

Hello, 

I also tried Style * NeverFocus in /usr/X11R6/lib/X11/fvwm/.fvwmrc

but didn't worked :O

Thanks!

On 2014. 09. 13. at 1:03 PM, Thomas Adam  wrote:On 12 September 2014
19:22,   wrote:
 Still didn't found a way to disable the mouse and keyboard.

 Any hints please?

I asked you before what you meant by this, and suggested:

Style * NeverFocus

Is that not what you're after?  It's a pretty odd request.  Are you
trying to build some kind of kiosk?  I've written about such things in
the past.

-- Thomas Adam

Re: packets logged by pf without log rule

[Tony Sarendal]

On Tue, Sep 16, 2014 at 12:20 AM, Alexander Salmin alexan...@salmin.biz
wrote:

 Did you see it in previous versions?
 I would compare the same ruleset with a fresh 5.5 and see if you
 experience the same and in that case continue compare the relevant
 sourcecode.


The behaviour is the same as far back as 5.4 at least.

I have another one. With the pass quick all rule-set. of I send:
09:34:28.490074 00:25:90:c1:f1:8c 01:00:5e:40:68:01 0800 1514:
10.69.48.14.5404  239.192.104.1.5405: udp 1473 (frag 49575:1480@0+) [ttl 1]
twice within 60s (frag timer ?)

I get:
Sep 16 09:34:28.490095 rule def/(match) pass in on em0: 10.69.48.14.5404 
239.192.104.1.5405: udp 1473 (frag 49575:1480@0+) [ttl 1]

I see this a lot in our production and test environment, but there it is
triggered without the duplicate packet.

Example from live firewall. Traffic:
pf0.swe1# tcpdump -n -i vlan57 host 10.69.48.14 and not tcp
tcpdump: listening on vlan57, link-type EN10MB
tcpdump: WARNING: compensating for unaligned libpcap packets
09:51:56.710780 10.69.48.14.5404  239.192.104.1.5405: udp 75 (DF) [ttl 1]
09:51:56.711161 10.69.48.14.5404  239.192.104.1.5405: udp 1473 (frag
27013:1480@0+) [ttl 1]
09:51:56.711163 10.69.48.14  239.192.104.1: (frag 27013:1@1480) [ttl 1]
09:51:56.711164 10.69.48.14.5404  239.192.104.1.5405: udp 1473 (frag
27014:1480@0+) [ttl 1]
09:51:56.711166 10.69.48.14  239.192.104.1: (frag 27014:1@1480) [ttl 1]
09:51:56.711167 10.69.48.14.5404  239.192.104.1.5405: udp 1473 (frag
27015:1480@0+) [ttl 1]
09:51:56.711168 10.69.48.14  239.192.104.1: (frag 27015:1@1480) [ttl 1]
09:51:56.711169 10.69.48.14.5404  239.192.104.1.5405: udp 1473 (frag
27016:1480@0+) [ttl 1]
09:51:56.711171 10.69.48.14  239.192.104.1: (frag 27016:1@1480) [ttl 1]
09:51:56.711172 10.69.48.14.5404  239.192.104.1.5405: udp 1473 (frag
27017:1480@0+) [ttl 1]
09:51:56.711173 10.69.48.14  239.192.104.1: (frag 27017:1@1480) [ttl 1]
09:51:56.711175 10.69.48.14.5404  239.192.104.1.5405: udp 617 (DF) [ttl 1]
09:51:56.713383 10.69.48.14.5404  239.192.104.1.5405: udp 753 (DF) [ttl 1]
09:51:56.724606 10.69.48.14.5404  239.192.104.1.5405: udp 1473 (frag
27018:1480@0+) [ttl 1]
09:51:56.724608 10.69.48.14  239.192.104.1: (frag 27018:1@1480) [ttl 1]
09:51:56.724609 10.69.48.14.5404  239.192.104.1.5405: udp 707 (DF) [ttl 1]
09:51:56.724986 10.69.48.14.5404  239.192.104.1.5405: udp 1412 (DF) [ttl 1]
09:51:56.730168 10.69.48.14.5404  239.192.104.1.5405: udp 650 (DF) [ttl 1]
^C


Log:
pf0.swe1# tcpdump -n -e -ttt -i pflog0 host 10.69.48.14
tcpdump: WARNING: snaplen raised from 116 to 160
tcpdump: listening on pflog0, link-type PFLOG
Sep 16 09:51:56.711185 rule def/(match) pass in on vlan57: 10.69.48.14.5404
 239.192.104.1.5405: udp 1473 (frag 27013:1480@0+) [ttl 1]
tcpdump: WARNING: compensating for unaligned libpcap packets
Sep 16 09:51:56.711190 rule def/(match) pass in on vlan57: 10.69.48.14.5404
 239.192.104.1.5405: udp 1473 (frag 27014:1480@0+) [ttl 1]
Sep 16 09:51:56.711194 rule def/(match) pass in on vlan57: 10.69.48.14.5404
 239.192.104.1.5405: udp 1473 (frag 27015:1480@0+) [ttl 1]
Sep 16 09:51:56.711198 rule def/(match) pass in on vlan57: 10.69.48.14.5404
 239.192.104.1.5405: udp 1473 (frag 27016:1480@0+) [ttl 1]
Sep 16 09:51:56.711202 rule def/(match) pass in on vlan57: 10.69.48.14.5404
 239.192.104.1.5405: udp 1473 (frag 27017:1480@0+) [ttl 1]
Sep 16 09:51:56.724622 rule def/(match) pass in on vlan57: 10.69.48.14.5404
 239.192.104.1.5405: udp 1473 (frag 27018:1480@0+) [ttl 1]
^C
20 packets received by filter
0 packets dropped by kernel
pf0.swe1#

There is no rule that should log this in the live firewalls.
Happens on 5.4 and 5.5, if memory serves me right I saw it on 5.3's also.

Assistance with understanding this would be appreciated.
I will use free time slots to look at the code, but due to limited
knowledge and skills it is quite time consuming.

Regards Tony

Re: pf queue max bug

[Zé Loff]

On Tue, Sep 16, 2014 at 10:20:34AM +0300, Atanas Vladimirov wrote:
 Hi,
 I moved my old server to a better hardware and I installed amd64 -current
 (old one was i386 following -current) and made a drop in replacement of
 pf.conf.
 The problem is that when I set a queue MAX speed limit it didn't work as it
 should - for example b_bittor:
 
 pf.conf:
 
  queue rootq on $ExtIf bandwidth 100M max 100M
   queue inter parent rootq bandwidth 3M max 2950K
queue i_ack parent inter bandwidth 2M, min 1M
queue i_dns parent inter bandwidth 500K
queue i_ntp parent inter bandwidth 300K
queue i_web parent inter bandwidth 2M burst 2M for 1ms
queue i_bulkparent inter bandwidth 170K
queue i_bittor  parent inter bandwidth 30K, max 1400K default
 
   queue bg parent rootq bandwidth 40M max 39M
queue b_ack parent bg bandwidth 15M, min 10M
queue b_dns parent bg bandwidth 1M, min 1M
queue b_ntp parent bg bandwidth 4M, min 4M
queue b_rdc parent bg bandwidth 4M, min 4M
queue b_web parent bg bandwidth 15M, min 15M burst 40M for 5000ms,
 max 37M
queue b_bulkparent bg bandwidth 8M, min 5M
queue b_bittor  parent bg bandwidth 2M, max 2M

Why are some of your target bandwidths higher than the allowed maximum
bandwidths?

Re: pf queue max bug

[Zé Loff]

On Tue, Sep 16, 2014 at 10:36:21AM +0100, Zé Loff wrote:
 On Tue, Sep 16, 2014 at 10:20:34AM +0300, Atanas Vladimirov wrote:
  Hi,
  I moved my old server to a better hardware and I installed amd64 -current
  (old one was i386 following -current) and made a drop in replacement of
  pf.conf.
  The problem is that when I set a queue MAX speed limit it didn't work as it
  should - for example b_bittor:
  
  pf.conf:
  
   queue rootq on $ExtIf bandwidth 100M max 100M
queue inter parent rootq bandwidth 3M max 2950K
 queue i_ack parent inter bandwidth 2M, min 1M
 queue i_dns parent inter bandwidth 500K
 queue i_ntp parent inter bandwidth 300K
 queue i_web parent inter bandwidth 2M burst 2M for 1ms
 queue i_bulkparent inter bandwidth 170K
 queue i_bittor  parent inter bandwidth 30K, max 1400K default
  
queue bg parent rootq bandwidth 40M max 39M
 queue b_ack parent bg bandwidth 15M, min 10M
 queue b_dns parent bg bandwidth 1M, min 1M
 queue b_ntp parent bg bandwidth 4M, min 4M
 queue b_rdc parent bg bandwidth 4M, min 4M
 queue b_web parent bg bandwidth 15M, min 15M burst 40M for 5000ms,
  max 37M
 queue b_bulkparent bg bandwidth 8M, min 5M
 queue b_bittor  parent bg bandwidth 2M, max 2M
 
 Why are some of your target bandwidths higher than the allowed maximum
 bandwidths?
 

Also, the sum of your min bandwidths on the bg subqueues sum up to
41M, whilst the max for the parent queue is 39M.

-- 

recommendations for an ethernet card?

[doug]

Hello,


I'd like to know some recommendations for a well supported gigabit 
ethernet card



for openbsd 5.5 amd64

a single port

to use a PCI-E 2.0 x 1 slot

preferably quite compact, impacting very little on airflow within the 
case.



- douglas

Re: pf queue max bug

[Atanas Vladimirov]

On 16.09.2014 12:36, Zé Loff wrote:

On Tue, Sep 16, 2014 at 10:20:34AM +0300, Atanas Vladimirov wrote:

Hi,
I moved my old server to a better hardware and I installed amd64 
-current
(old one was i386 following -current) and made a drop in replacement 
of

pf.conf.
The problem is that when I set a queue MAX speed limit it didn't work 
as it

should - for example b_bittor:

pf.conf:

 queue rootq on $ExtIf bandwidth 100M max 100M
  queue inter parent rootq bandwidth 3M max 2950K
   queue i_ack parent inter bandwidth 2M, min 1M
   queue i_dns parent inter bandwidth 500K
   queue i_ntp parent inter bandwidth 300K
   queue i_web parent inter bandwidth 2M burst 2M for 1ms
   queue i_bulkparent inter bandwidth 170K
   queue i_bittor  parent inter bandwidth 30K, max 1400K default

  queue bg parent rootq bandwidth 40M max 39M
   queue b_ack parent bg bandwidth 15M, min 10M
   queue b_dns parent bg bandwidth 1M, min 1M
   queue b_ntp parent bg bandwidth 4M, min 4M
   queue b_rdc parent bg bandwidth 4M, min 4M
   queue b_web parent bg bandwidth 15M, min 15M burst 40M for 
5000ms,

max 37M
   queue b_bulkparent bg bandwidth 8M, min 5M
   queue b_bittor  parent bg bandwidth 2M, max 2M


Why are some of your target bandwidths higher than the allowed maximum
bandwidths?

As I said this was my working pf.conf for new queueing system on i386.
I think that the problem is elsewhere. When you set the queue max 
bandwidth it must not exceed that value.

Re: pf queue max bug

[Henning Brauer]

* Atanas Vladimirov vl...@bsdbg.net [2014-09-16 12:58]:
 As I said this was my working pf.conf for new queueing system on i386.
 I think that the problem is elsewhere. When you set the queue max bandwidth
 it must not exceed that value.

if the sums of the target bandwidth exceed interface speed or
min/target exceed max, all bets are off. fix your queue defs.

-- 
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services GmbH, http://bsws.de, Full-Service ISP
Secure Hosting, Mail and DNS. Virtual  Dedicated Servers, Root to Fully Managed
Henning Brauer Consulting, http://henningbrauer.com/

Re: Pointers/reference

[Henning Brauer]

* Rodrigo Mosconi open...@mosconi.mat.br [2014-09-12 16:18]:
 I`m studying a discipline about Quality of service and traffic engineering,
 and I have to do a work about queuing disciplines on network devices.  I
 need to choose a product and compare how there queuing policy is close
 enough to the Generalized Packet System.
 
 I would like to make this with OpenBSD, and I would like some pointers on
 where to look about the implementation to identify the model used.

pf.conf(5)

sys/net/hfsc.*
sys/net/if.*
sys/net/pf.c  pf_ioctl.c
sbin/pfctl/*

-- 
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services GmbH, http://bsws.de, Full-Service ISP
Secure Hosting, Mail and DNS. Virtual  Dedicated Servers, Root to Fully Managed
Henning Brauer Consulting, http://henningbrauer.com/

make update on /usr/ports has errors switch to -current

[vicbus]

Hi,

I thought [during the last stage of switching to -current] the
Makefile's $PKG_PATH variable in /usr/ports had to be set the same
as it is in ~/.profile. ie. PKG_PATH=ftp://mirror.aarnet.edu.au/pub
/OpenBSD/5.5/packages/$(uname -m). But that gives me Broken dependency
error. Without doing that, most of make update output gives me these
errors:
Your X11/system is not current (in archivers/ha)
Your X11/system is not current (in archivers/ha)
=== archivers/hs-zlib
Your X11/system is not current (in archivers/hs-zlib)
Your X11/system is not current (in archivers/hs-zlib)
Your X11/system is not current (in archivers/hs-zlib)
Your X11/system is not current (in archivers/hs-zlib)
Your X11/system is not current (in archivers/hs-zlib)
===  Looking for hs-zlib-0.5.4.1.tgz in $PKG_PATH - not found
*** Error 1 in archivers/hs-zlib
(/usr/ports/infrastructure/mk/bsd.port.mk:1949
'/usr/ports/packages/amd64/cache//hs-zlib-0.5.4.1.tgz': @if ...)
Your X11/system is not current (in archivers/hs-zlib)
Your X11/system is not current (in archivers/hs-zlib)
Your X11/system is not current (in archivers/hs-zlib)
===  Checking files for hs-zlib-0.5.4.1
Your X11/system is not current (in archivers/hs-zlib)
`/usr/ports/distfiles/ghc/zlib-0.5.4.1.tar.gz' is up to date.
 (SHA256) ghc/zlib-0.5.4.1.tar.gz: OK
Your X11/system is not current (in lang/ghc)
=== hs-zlib-0.5.4.1 depends on: ghc-* - not found
===  Verifying install for ghc-* in lang/ghc
Your X11/system is not current (in lang/ghc)
Your X11/system is not current (in lang/ghc)
Your X11/system is not current (in lang/ghc)
Your X11/system is not current (in lang/ghc)
Your X11/system is not current (in lang/ghc)
===  Installing ghc-7.6.3p1 from /usr/ports/packages/amd64/all/
Fatal error: Ustar
[file:/usr/ports/packages/amd64/all/ghc-7.6.3p1.tgz][lib/ghc/base-4.6.0.1/libHSbase-4.6.0.1_p.a]:
Premature end of archive
Adjusting sha for /usr/local/lib/ghc/base-4.6.0.1/pkg.lNlmObbqeY from
cmqTx/budUZwHU4e0oQJQYLCtDezN8C6rVUjLNlxnAc= to
18h5bSUiTB9gtLk6zh2x7FZzBt7ZQpZekoSXmTui8bg=
Fatal error: Installation of ghc-7.6.3p1 failed, partial installation
recorded as partial-ghc-7.6.3p1.6
 at /usr/libdata/perl5/OpenBSD/PkgAdd.pm line 821.
*** Error 22 in lang/ghc (/usr/ports/infrastructure/mk/bsd.port.mk:1980
'/var/db/pkg/ghc-7.6.3p1/+CONTENTS': @if /usr/sbin/pkg_info -e ghc-7...)
*** Error 1 in lang/ghc (/usr/ports/infrastructure/mk/bsd.port.mk:2492
'install')
*** Error 1 in archivers/hs-zlib
(/usr/ports/infrastructure/mk/bsd.port.mk:2119
'/usr/ports/pobj/hs-zlib-0.5.4.1/.dep-lang-ghc')
*** Error 1 in archivers/hs-zlib
(/usr/ports/infrastructure/mk/bsd.port.mk:2575
'/usr/ports/pobj/hs-zlib-0.5.4.1/.extract_done')
*** Error 1 in archivers/hs-zlib
(/usr/ports/infrastructure/mk/bsd.port.mk:1959
'/usr/ports/packages/amd64/all/hs-zlib-0.5.4.1.tgz')
*** Error 1 in archivers/hs-zlib
(/usr/ports/infrastructure/mk/bsd.port.mk:1957
'/usr/ports/packages/amd64/all/hs-zlib-0.5.4.1.tgz')
*** Error 1 in archivers/hs-zlib
(/usr/ports/infrastructure/mk/bsd.port.mk:2512 '_internal-package') ***
Error 1 in archivers/hs-zlib
(/usr/ports/infrastructure/mk/bsd.port.mk:1985
'/usr/ports/update/amd64/hs-zlib-0.5.4.1')
*** Error 1 in archivers/hs-zlib
(/usr/ports/infrastructure/mk/bsd.port.mk:2492 'update')
=== Exiting archivers/hs-zlib with an error
*** Error 1 in archivers
(/usr/ports/infrastructure/mk/bsd.port.subdir.mk:147 'update')
=== Exiting archivers with an error
*** Error 1 in /usr/ports (infrastructure/mk/bsd.port.subdir.mk:147 'update')

(Sorry for not revealing all of it, I'm typing this email on lynx webmail
as I can't get packages or ports to work.)
Here is /var/log/messages:

Sep 16 19:00:01 frog newsyslog[5450]: logfile turned over
Sep 16 19:00:01 frog syslogd: restart
Sep 16 19:03:04 frog pkg_add: Added unzip-6.0p4
Sep 16 19:03:05 frog pkg_add: Added iso8879-1986p0
Sep 16 19:03:10 frog pkg_add: Added docbook-dsssl-1.79
Sep 16 19:12:45 frog pkg_add: Added metaauto-1.0p1
Sep 16 19:13:26 frog pkg_add: Added gmake-4.0p0
Sep 16 19:13:27 frog pkg_add: Added help2man-1.41.1p0
Sep 16 19:13:28 frog pkg_add: Added autoconf-2.69p1
Sep 16 19:14:44 frog pkg_add: Added groff-1.22.2p4
Sep 16 19:15:37 frog pkg_add: Added autoconf-2.68p0
Sep 16 19:15:52 frog pkg_add: Added automake-1.14.1
Sep 16 19:16:36 frog pkg_add: Added autoconf-2.67p0
Sep 16 19:16:37 frog pkg_add: Added libltdl-2.4.2p0
Sep 16 19:16:38 frog pkg_add: Added libtool-2.4.2p0
Sep 16 19:17:03 frog pkg_add: Added libffi-3.0.13
Sep 16 19:17:55 frog pkg_add: Added gdbm-1.11
Sep 16 19:19:15 frog pkg_add: Added tcl-8.5.15p2
Sep 16 19:19:18 frog pkg_add: Added tk-8.5.15p1
Sep 16 19:21:05 frog pkg_add: Added db-4.6.21p0v0
Sep 16 19:26:37 frog pkg_add: Added python-2.7.8
Sep 16 19:30:06 frog pkg_add: Added libxml-2.9.1p1
Sep 16 19:30:08 frog pkg_add: Added docbook-4.5p1
Sep 16 19:33:21 frog pkg_add: Added libgpg-error-1.13p0
Sep 16 19:35:09 frog pkg_add: Added libgcrypt-1.6.2
Sep 16 19:35:11 frog pkg_add: Added py-libxml-2.9.1p1
Sep 16 19:35:13 frog 

Help w/ masquerade feature now that sendmail[1] has been removed from base

[RD Thrush]

sendmail's masquerade function is missing from OpenSMTPD.  What are the plans 
for masquerade?  Update OpenSMTPD or create a sendmail port or document the 
smtpd filter API or ???  I've previously asked for help on the opensmtpd-misc 
mailing list[2].

Searching the archives shows that work (on masquerade) was started but appears 
to have stopped.  Apparently, masquerade functionality would be possible using 
the (undocumented) OpenSMTPD filter API.

Here's some items from my search:

o Gilles Chehade(2010) I have a diff somewhere which bring initial (and basic) 
support for masquerading, I need to dig it up and see if it still works [3]

o Gilles Chehade(2012) However there is no masquerading at the envelope level 
yet [4]

o poolpOrg(2013-06-12)[5]
blockquote
Not forgotten.

@ericfaurot and I think that it should be implemented at the filters level. We 
do not require the FULL filter API to be ready to perform that, but at least 
the part of it that allows headers rewrite should be working reliably.

Note that lack address rewrite / masquerade is a showstopper to many users, we 
definitely want it asap.

ericfaurot(2014-02-28) i have a filter-masquerade which is basically working 
but needs polishing.
It will be a nice test case for the filter framework.
/blockquote

[1]http://marc.info/?l=openbsd-cvsm=141081997917153w=2
[2]http://marc.info/?l=opensmtpd-miscm=140976334014992w=2
[3]http://marc.info/?l=openbsd-miscm=128625515631582w=2
[4]http://marc.info/?l=openbsd-miscm=133836297924207w=2
[5]https://github.com/OpenSMTPD/OpenSMTPD/issues/172

Re: Help w/ masquerade feature now that sendmail[1] has been removed from base

[Antoine Jacoutot]

On Tue, Sep 16, 2014 at 09:41:20AM -0400, RD Thrush wrote:
 sendmail's masquerade function is missing from OpenSMTPD.  What are the plans 
 for masquerade?  Update OpenSMTPD or create a sendmail port or document the 
 smtpd filter API or ???  I've previously asked for help on the opensmtpd-misc 
 mailing list[2].

That's the reason none of my mail servers have switched to smtpd.
I intend to use the sendmail port that jca@ will import soon.

-- 
Antoine

Huawei E3272 USB 4G LTE modem (no HiLink)

[Michal Lesniewski]

Hi,
I bouth Huawei E3272 USB 4G LTE modem (with no HiLink - connecting using 
serial ports, no ethernet card) and it would be nice to connect to 
Internet from OpenBSD using this modem ;)


technical specification - http://www.huawei.com/ecommunity/bbs/10188081.html

dmesg:

OpenBSD 5.5 (GENERIC.MP) #315: Wed Mar  5 09:37:46 MST 2014
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 1862074368 (1775MB)
avail mem = 1803952128 (1720MB)
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.34 @ 0xfcde0 (43 entries)
bios0: vendor American Megatrends Inc. version 786R6 v2.03 date 02/08/2011
bios0: Hewlett-Packard hp t5000 series
acpi0 at bios0: rev 0
acpi0: sleep states S0 S5
acpi0: tables DSDT FACP APIC MCFG OEMB HPET SSDT
acpi0: wakeup devices PCE2(S0) PCE3(S0) PCE4(S0) PCE5(S0) PCE6(S0) 
PCE7(S0) PCE9(S0) PCEA(S0) PCEB(S0) PCEC(S0) SBAZ(S0) PS2K(S0) PS2M(S0) 
P0PC(S0) UHC1(S0) UHC2(S0) [...]

acpitimer0 at acpi0: 3579545 Hz, 32 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: AMD Turion(tm) X2 Ultra Dual-Core Mobile ZM-84, 2300.39 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,CX16,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,3DNOWP,OSVW,SKINIT,ITSC
cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 1MB 
64b/line 16-way L2 cache

cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative
cpu0: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 200MHz
cpu1 at mainbus0: apid 1 (application processor)
cpu1: AMD Turion(tm) X2 Ultra Dual-Core Mobile ZM-84, 2300.13 MHz
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,CX16,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,3DNOWP,OSVW,SKINIT,ITSC
cpu1: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 1MB 
64b/line 16-way L2 cache

cpu1: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative
cpu1: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative
cpu1: smt 0, core 1, package 0
ioapic0 at mainbus0: apid 2 pa 0xfec0, version 21, 24 pins
acpimcfg0 at acpi0 addr 0xe000, bus 0-255
acpihpet0 at acpi0: 14318180 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 1 (P0P1)
acpiprt2 at acpi0: bus -1 (PCE2)
acpiprt3 at acpi0: bus -1 (PCE3)
acpiprt4 at acpi0: bus 2 (PCE7)
acpiprt5 at acpi0: bus -1 (PCEA)
acpiprt6 at acpi0: bus 3 (P0PC)
acpicpu0 at acpi0: PSS
acpicpu1 at acpi0: PSS
acpitz0 at acpi0: critical temperature is 120 degC
acpibtn0 at acpi0: PWRB
cpu0: 2300 MHz: speeds: 2300 1200 600 MHz
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 AMD RS780 Host rev 0x00
ppb0 at pci0 dev 1 function 0 AMD RS780 PCIE rev 0x00
pci1 at ppb0 bus 1
radeondrm0 at pci1 dev 5 function 0 ATI Radeon HD 3200 rev 0x00
drm0 at radeondrm0
radeondrm0: apic 2 int 18
ppb1 at pci0 dev 7 function 0 AMD RS780 PCIE rev 0x00: msi
pci2 at ppb1 bus 2
bge0 at pci2 dev 0 function 0 Broadcom BCM5787M rev 0x02, BCM5754/5787 
A2 (0xb002): msi, address 00:23:7d:cc:6b:94

brgphy0 at bge0 phy 1: BCM5787 10/100/1000baseT PHY, rev. 0
ohci0 at pci0 dev 18 function 0 ATI SB700 USB rev 0x00: apic 2 int 16, 
version 1.0, legacy support
ohci1 at pci0 dev 18 function 1 ATI SB700 USB rev 0x00: apic 2 int 16, 
version 1.0, legacy support

ehci0 at pci0 dev 18 function 2 ATI SB700 USB2 rev 0x00: apic 2 int 17
ehci0: halt timeout
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 ATI EHCI root hub rev 2.00/1.00 addr 1
ohci2 at pci0 dev 19 function 0 ATI SB700 USB rev 0x00: apic 2 int 18, 
version 1.0, legacy support
ohci3 at pci0 dev 19 function 1 ATI SB700 USB rev 0x00: apic 2 int 18, 
version 1.0, legacy support

ehci1 at pci0 dev 19 function 2 ATI SB700 USB2 rev 0x00: apic 2 int 19
usb1 at ehci1: USB revision 2.0
uhub1 at usb1 ATI EHCI root hub rev 2.00/1.00 addr 1
piixpm0 at pci0 dev 20 function 0 ATI SBx00 SMBus rev 0x3a: SMI
iic0 at piixpm0
spdmem0 at iic0 addr 0x50: 1GB DDR2 SDRAM non-parity PC2-6400CL5 SO-DIMM
spdmem1 at iic0 addr 0x51: 1GB DDR2 SDRAM non-parity PC2-6400CL5 SO-DIMM
pciide0 at pci0 dev 20 function 1 ATI SB700 IDE rev 0x00: DMA, channel 
0 configured to compatibility, channel 1 configured to compatibility

wd0 at pciide0 channel 0 drive 0: 1GB ATA Flash Disk
wd0: 1-sector PIO, LBA, 977MB, 2001888 sectors
wd0(pciide0:0:0): using PIO mode 4, DMA mode 2, Ultra-DMA mode 4
azalia0 at pci0 dev 20 function 2 ATI SBx00 HD Audio rev 0x00: apic 2 
int 16

azalia0: codecs: Realtek ALC262
audio0 at azalia0
pcib0 at pci0 dev 20 function 3 ATI SB700 ISA rev 0x00
ppb2 at pci0 dev 20 function 4 ATI SB600 PCI rev 0x00
pci3 at ppb2 bus 3
pchb1 at pci0 dev 24 function 0 AMD AMD64 11h HyperTransport rev 0x40
pchb2 at pci0 dev 24 function 1 AMD AMD64 11h 

Re: Help w/ masquerade feature now that sendmail[1] has been removed from base

[Gilles Chehade]

On Tue, Sep 16, 2014 at 09:41:20AM -0400, RD Thrush wrote:
 sendmail's masquerade function is missing from OpenSMTPD.
 What are the plans for masquerade?
 Update OpenSMTPD or create a sendmail port or document the smtpd filter API 
 or ???
 I've previously asked for help on the opensmtpd-misc mailing list[2].


As I already told you very recently, the plan is to provide masquerading through
a filter. As I also told you, the filter API is pretty much there and masquerade
feature just needs eric and I to find time to complete it.

Given that we're swamped until October, unless someone does it before we do, the
masquerading feature will not be available before mid-October.

If the feature is critical to you and you cannot wait until we complete it, then
clearly the best thing to do is to install a package for another MTA...


 Searching the archives shows that work (on masquerade) was started but 
 appears to have stopped.
 Apparently, masquerade functionality would be possible using the 
 (undocumented) OpenSMTPD filter API.


It has not stopped, it has paused because of summer vacations and daytime work.
You have asked me many times about it and I have told you the current state 
many times.

And YES, _again_, the API is not documented because while it is there and it is
working, we have not decided that it is final and we don't want people to start
assuming the interface is stable.

It shouldn't prevent anyone aware of the possible interface change from writing
filters, there are very few simple functions and some filters skeletons to work
with for anyone knowing a bit of C.


 ericfaurot(2014-02-28) i have a filter-masquerade which is basically working 
 but needs polishing.
 It will be a nice test case for the filter framework.
 /blockquote


There you go.

I know we don't work as fast as you'd like but things are moving forward and
they do at our pace, asking again and again and again is not going to make a
change in how fast we work.

-- 
Gilles Chehade

https://www.poolp.org  @poolpOrg

Re: [Bulk] Re: random.seed and read only root

[Kevin Chadwick]

On Mon, 15 Sep 2014 21:22:55 -0700
Philip Guenther wrote:

  So I guess I am either missing something or should just wait for an
  actual release or two to see what's planned for ro root.  
 
 Doesn't read-only root require additional hacks already to make device
 ownership work?  You're kludging the system already; just add another
 line to the kludge for this...

True (mfs /dev) and makes sense all things considered.

Thanks, Kc

Re: pf queue max bug

[Zé Loff]

On Tue, Sep 16, 2014 at 01:07:00PM +0200, Henning Brauer wrote:
 * Atanas Vladimirov vl...@bsdbg.net [2014-09-16 12:58]:
  As I said this was my working pf.conf for new queueing system on i386.
  I think that the problem is elsewhere. When you set the queue max bandwidth
  it must not exceed that value.
 
 if the sums of the target bandwidth exceed interface speed or
 min/target exceed max, all bets are off. fix your queue defs.

I was looking at pf.conf's man page and noticed that in some examples
the queue parameters appear separated by commas:

  queue ssh parent std bandwidth 10M, min 5M, max 25M

and in some cases without commas:

  queue  ssh_interactive parent ssh bandwidth 10M min 5M

Does this make a difference? And if not, should pf.conf be fixed for
consistency? 

Cheers
Zé

 -- 
 Henning Brauer, h...@bsws.de, henn...@openbsd.org
 BS Web Services GmbH, http://bsws.de, Full-Service ISP
 Secure Hosting, Mail and DNS. Virtual  Dedicated Servers, Root to Fully 
 Managed
 Henning Brauer Consulting, http://henningbrauer.com/
 

-- 

Re: pf queue max bug

[Atanas Vladimirov]

On 16.09.2014 19:32, Zé Loff wrote:

On Tue, Sep 16, 2014 at 01:07:00PM +0200, Henning Brauer wrote:

* Atanas Vladimirov vl...@bsdbg.net [2014-09-16 12:58]:
 As I said this was my working pf.conf for new queueing system on i386.
 I think that the problem is elsewhere. When you set the queue max bandwidth
 it must not exceed that value.

if the sums of the target bandwidth exceed interface speed or
min/target exceed max, all bets are off. fix your queue defs.


I was looking at pf.conf's man page and noticed that in some examples
the queue parameters appear separated by commas:

  queue ssh parent std bandwidth 10M, min 5M, max 25M

and in some cases without commas:

  queue  ssh_interactive parent ssh bandwidth 10M min 5M

Does this make a difference? And if not, should pf.conf be fixed for
consistency?

Cheers
Zé


--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services GmbH, http://bsws.de, Full-Service ISP
Secure Hosting, Mail and DNS. Virtual  Dedicated Servers, Root to 
Fully Managed

Henning Brauer Consulting, http://henningbrauer.com/



Hi Henning,
Thanks for your respond but can you give me an advice on how to solve 
this matter.
I changed my queues definitions (the sums didn't exceed interface speed 
or min  max) with no luck:


 queue rootq on $ExtIf bandwidth 100M max 100M
  queue inter parent rootq bandwidth 3M max 3M
   queue i_ack parent inter bandwidth 1M, min 1M
   queue i_dns parent inter bandwidth 500K
   queue i_ntp parent inter bandwidth 300K
   queue i_web parent inter bandwidth 1M burst 2M for 1ms
   queue i_bulkparent inter bandwidth 170K
   queue i_bittor  parent inter bandwidth 30K, max 1400K default

  queue bg parent rootq bandwidth 40M max 40M
   queue b_ack parent bg bandwidth 15M, min 10M
   queue b_dns parent bg bandwidth 1M, min 1M
   queue b_ntp parent bg bandwidth 4M, min 4M
   queue b_rdc parent bg bandwidth 4M, min 4M
   queue b_web parent bg bandwidth 10M, min 9M burst 40M for 5000ms, 
max 37M

   queue b_bulkparent bg bandwidth 5M, min 4M
   queue b_bittor  parent bg bandwidth 1M, max 2M

queue b_bittor parent bg on em0 bandwidth 1M, max 2M qlimit 50
  [ pkts:  54890  bytes:   79466769  dropped pkts:  0 bytes: 
 0 ]

  [ qlength:   0/ 50 ]
  [ measured:  2701.8 packets/s, 31.28Mb/s ]

QUEUE BW SCH  PRIO PKTSBYTES   
DROP_P   DROP_B QLEN BORROW SUSPEN P/S B/S
rootq on em0100M  00
000 0   0
 inter3M  00
000 0   0
  i_ack   1M  47177  3118394
000   215   14246
  i_dns 500K35432191
00010 954
  i_ntp 300K15113590
000   1.0  89
  i_web   1M   1970   634138
000102810
  i_bulk170K14328491
000   1.0  41
  i_bittor   30K  19556  2837925
00060   18395
 bg  40M  00
000 0   0
  b_ack  15M   101160608
000   1.0  57
  b_dns   1M 56 8423
000 0   0
  b_ntp   4M43439016
000   1.0  89
  b_rdc   4M  00
000 0   0
  b_web  10M10714833
000   1.0 108
  b_bulk  5M 32 2318
000 0   0
  b_bittor1M 450367  636064K
000  2264 3245446

Re: OpenBSD 5.6 theme song?

[Chuck Burns]

On Monday, September 15, 2014 08:17:09 PM Philip Guenther wrote:
-snip-
 
 Hmm, I should start thinking about what to put on lyrics.html for this
 release (that's the *final* chunk of work for the theme)...
 
 
 Philip Guenther

My feelings are not hurt.  Trust me. I couldn't care less either way, but 
only made the post because I was being hassled to do so.  :)

-- 
Chuck

Re: pf block return sends rst through wrong interface

[sven falempin]

On Fri, Sep 12, 2014 at 12:10 PM, Henning Brauer hb-open...@ml.bsws.de wrote:
 * Thomas Pfaff tpf...@tp76.info [2014-08-28 13:51]:
 I have a router with two external interfaces, ext_if1 and ext_if2,
 where everything gets routed through ext_if2 by default (gateway)
 except for a few daemons on ext_if1.

pass in on $ext_if1 inet proto tcp from any to $ext_if1 \
   port ssh reply-to ($ext_if1 $ext_gw1)

 This seems to work as expected, sending return traffic through
 ext_if1 rather than the default gateway.

 The problem is when a connection attempt is made on $ext_if1 to
 a blocked port (set block-policy return).  RST is sent through
 ext_if2 rather than ext_if1, thus showing up at the destination
 with the wrong source address.

 I'm unable to find a rule that will get the router to send RST
 through the correct interface, so other than using block-policy
 drop to not send RST, is there a way to make it send through
 the correct interface (ext_if1 in this case)?

 pf-generated packets like these RSTs bypass the ruleset, thus never
 hit your reply-to.

 I'm not aware of a solution.

 (route-to and reply-to are stupid to begin with. Avoid at all cost.)

Can you explain how you avoid this when having multiple default route ?



 --
 Henning Brauer, h...@bsws.de, henn...@openbsd.org
 BS Web Services GmbH, http://bsws.de, Full-Service ISP
 Secure Hosting, Mail and DNS. Virtual  Dedicated Servers, Root to Fully 
 Managed
 Henning Brauer Consulting, http://henningbrauer.com/




-- 
-
() ascii ribbon campaign - against html e-mail
/\

Re: OpenBSD 5.6 theme song?

[Peter J. Philipp]

On 09/16/14 05:17, Philip Guenther wrote:
 On Mon, Sep 15, 2014 at 6:43 PM, Chuck Burns brea...@gmail.com wrote:
 ...
 And now a bunch of people in the channel want this spoof to get finished
 and become the new theme song for the upcoming 5.6 release.
 
 Heh.  I've been heavily involved in the theme and design of the last
 few releases, so I'll make just a few comments:

Thanks for the explanations of how it works behind the scenes.  I have
often found that when there is a theme I persue the movie or book
afterwards and find out new things about it, and the riddle of life.

Just lately I found out an illuminati connection to BTTF, which was
interesting.  Had OpenBSD 5.5 not been this theme I would not have
looked up the BTTF on youtube and would have never found this weird
documentary, which I didn't fully watch either but what I saw was
interesting.

Sincerely,

-peter



 1) a theme is more than just a song: what's the art about?  Who/what
 is puffy?  Is the theme tying into something specific done in the
 release or more general?  Will there be enough material for the
 booklet and song?
 
 2) working with the artist and music director take *time*: you send
 some ideas, they think and send questions back, you ponder lyrics and
 how to map from the theme to a world with Puffy, you propose more
 stuff, much of it too abstract or complex to be presented in a
 DVD-case booklet and/or song, they ignore your insanity, you start to
 see sketches and character designs, perhaps a demo track.  Lather,
 rinse, repeat.  At some point draft layouts are sent back and you get
 concerned with smaller and finer details.  The wording for the back
 cover is almost the last thing to go into the art.  A fully mixed
 version of the song shows up.  You worry about the exact installer
 text to appear in the booklet.  A deadline is reached and it all gets
 sent off to the factory (and then the next day you find that last
 glitch in the wording that you read right over before and kick
 yourself repeatedly).  That deadline was *LAST MONTH*.  The 5.6 theme
 came out of a brief conversation while eating during a hackathon in
 *April*; I described it to the artist with written description of
 possible images on the 1st of May.
 
 3) no insult, but committers have dibs on theme selection, in part
 because it's a privilege to exercise your creativity in a different
 way, but also because it takes both effort and commitment to get it
 all done both well and on time.  The project needs to know that the
 person(s) working with the artist and music director on the theme is
 committed to getting it done.
 
 
 Hmm, I should start thinking about what to put on lyrics.html for this
 release (that's the *final* chunk of work for the theme)...
 
 
 Philip Guenther

Re: DNSSEC-query with DO-bit through libc ?

[Marco Prause]

Am 16.09.2014 um 00:55 schrieb Stuart Henderson:
 On 2014-09-15, Marco Prause marco-obsdm...@prause.eu wrote:
 Looking at  lib/libc/net/res_query.c
 
 Try libc/asr/res_query.c ..

Thanks for the hint - I'd have a look at, but sadly it doesn't help me
understanding, what's going on.


Having a look at postfix-src I found a notice at

/usr/ports/distfiles/postfix/postfix-2.11.0/srcdns/dns_lookup.c

that says
...
/* .IP RES_USE_DNSSEC
/*  Request DNSSEC validation. This flag is silently ignored
/*  when the system stub resolver API, resolver(3), does not
/*  implement DNSSEC.
...


so far so good, but man resolver 3 looks also good to me :
...
RES_USE_EDNS0  Attach an OPT pseudo-RR for the EDNS0 extension, as
   specified in RFC 2671.  This informs DNS servers of a
   client's receive buffer size, allowing them to take
   advantage of a non-default receive buffer size, and thus
   to send larger replies.  DNS query packets with the EDNS0
   extension are not compatible with non-EDNS0 DNS servers.

RES_USE_DNSSEC  Request that the resolver uses Domain Name System
Security Extensions (DNSSEC), as defined in RFCs 4033,
4034, and 4035.
...



in include/resolv.h I also find global definitions for both :
...
#define RES_USE_EDNS0   0x4000  /* use EDNS0 */
/* DNSSEC extensions: use higher bit to avoid conflict with ISC use */
#define RES_USE_DNSSEC  0x2000  /* use DNSSEC using OK bit in OPT */
...


but I  can't see it anywhere beeing used at the query-parts at
getrrsetbyname.c, res_mkquery.c, res_query.c - they are mentioned only
at the responses, but in my opinion the DO-bit also have to be set in
the query, to signal the usage of DNSSEC and this is, what I didn't see
sniffing on the outgoing interface.


Regards,
Marco

Re: make update on /usr/ports has errors switch to -current

[Brett Mahar]

On Tue, 16 Sep 2014 23:40:47 +1000
vic...@pcug.org.au wrote:

| Hi,
| 
| I thought [during the last stage of switching to -current] the
| Makefile's $PKG_PATH variable in /usr/ports had to be set the same
| as it is in ~/.profile. ie. PKG_PATH=ftp://mirror.aarnet.edu.au/pub
| /OpenBSD/5.5/packages/$(uname -m). But that gives me Broken dependency
| error. Without doing that, most of make update output gives me these
| errors:

Hi Vicbus,

Not sure if it is just the email that is unclear, but normally you would not 
switch to current. Follow http://www.openbsd.org/faq/faq5.html#Bld - first 
step is Install or Upgrade to closest available binary which means you should 
install a snapshot cd.

If you are building ports it does not matter what your PKG_PATH is, only that 
your ports tree (and src and xenocara) are all up to date.

Also if you are following current, your PKG_PATH above is wrong, yours should 
be something like 
http://mirror.aarnet.edu.au/pub/OpenBSD/snapshots/packages/$(uname -m)

Cheers,
Brett.

Re: npppd Ipsec L2TP mtu issues.

[YASUOKA Masahiko]

On Mon, 15 Sep 2014 20:22:25 +0200
Jens Hansen jensh...@gmail.com wrote:
 Thank you for your response. I've investegated a little further, I see the
 following in /var/log/messages on the l2tp npppd server:
 l2tpd ctrl=1 timeout waiting ack for hello packets.
 l2tpd ctrl=1 call=28732 logtype=PPPUnbind
 
 The client reports that the tunnel went down.. does this indidacte an
 mss/mtu issue? I've tried scrub on pppx and to set mru i npppd.conf ...no
 luck...

That log message indicates L2TP keepalive is failed.  The client
didn't respond for long time.

--yasuoka

Dansguardian not working after updating OBSD Current

[Kaya Saman]

Hi,

I'm not sure what happened but after updating OpenBSD today, then 
updating the installed packages Dansguardian seems to not be working.

My OpenBSD version is: 5.6 GENERIC.MP#376 amd64

as stated just been updated today.

then used: pkg_add -vui

to update the packages.

Just checking one of the mirrors, it seems all packages were synced 
recently, so not sure if that actually refers to being updated.


The version available seems to be 2.12.0.3, though checking the 
Sourceforge page:
http://sourceforge.net/projects/dansguardian/files/

it seems that the code hasn't been updated since 2012

The only error in the logs that I can see is:

dansguardian[11832]: Error polling child process sockets: Invalid argument

dansguardian[11832]: Error polling child process sockets: Invalid argument

Upon researching the error I found:

http://comments.gmane.org/gmane.comp.web.dansguardian.general/1342

which is way out of date! Changing the settings stated using sysctl 
didn't help either:

kern.shminfo.shmmni=512
kern.shminfo.shmseg=512

I also attempted to compile directly from source incase something went 
amiss somewhere with my setup. That also didn't seem to work.


The port won't build as it throws this error:

  *** Error 1 in . (/usr/ports/infrastructure/mk/bsd.port.mk:1876 
'/var/db/pkg/dansguardian-2.12.0.3/+CONTENTS': @ /usr/bin/env -i 
PKG_TMPDIR=...)
*** Error 1 in /usr/ports/www/dansguardian 
(/usr/ports/infrastructure/mk/bsd.port.mk:2388 'install')


Though checking around previously there was something about the port not 
being signed?


Would anyone be able to suggest a fix or help out?

Even an 'alternative' more upto date solution would be fine.

I'm running it in conjunction with Squid, c-icap, and clamav. So as well 
as simply filtering websites it also hooks into clam with a virus scan 
and then the Squid proxy to get to the web.


Thanks.


Kaya

5.6 GENERIC.MP#376 amd64

Re: Dansguardian not working after updating OBSD Current

[Philip Guenther]

On Tue, Sep 16, 2014 at 4:27 PM, Kaya Saman kayasa...@gmail.com wrote:
 I'm not sure what happened but after updating OpenBSD today, then
 updating the installed packages Dansguardian seems to not be working.
...
 The only error in the logs that I can see is:

 dansguardian[11832]: Error polling child process sockets: Invalid argument
 dansguardian[11832]: Error polling child process sockets: Invalid argument

So the error means that poll() is being passed an nfds argument too
large, larger than the process could have open as fds.  It looks like
the code, for some reason I cannot understand, passes poll() a pollfd
structure for each child process...with fd=-1, so that it will be
ignored.  Uh, why?  Why is it passing pollfd structures to the kernel
that it *wants* the kernel to ignore?  It seems that the code could
simply skip over allocating and filling in those pollfd structures and
have the exact same effect.

As for what changed, well, something changed the number of child
processes you're experiencing (load?), or the process fd limit
(RLIMIT_NOFILE) for dansguardian changed.


Philip Guenther

Re: Dansguardian not working after updating OBSD Current

[Kaya Saman]

On 09/17/2014 03:55 AM, Philip Guenther wrote:

On Tue, Sep 16, 2014 at 4:27 PM, Kaya Saman kayasa...@gmail.com wrote:

I'm not sure what happened but after updating OpenBSD today, then
updating the installed packages Dansguardian seems to not be working.

...

The only error in the logs that I can see is:

dansguardian[11832]: Error polling child process sockets: Invalid argument
dansguardian[11832]: Error polling child process sockets: Invalid argument

So the error means that poll() is being passed an nfds argument too
large, larger than the process could have open as fds.  It looks like
the code, for some reason I cannot understand, passes poll() a pollfd
structure for each child process...with fd=-1, so that it will be
ignored.  Uh, why?  Why is it passing pollfd structures to the kernel
that it *wants* the kernel to ignore?  It seems that the code could
simply skip over allocating and filling in those pollfd structures and
have the exact same effect.

As for what changed, well, something changed the number of child
processes you're experiencing (load?), or the process fd limit
(RLIMIT_NOFILE) for dansguardian changed.


Philip Guenther


Thanks Philip for the response.

It wouldn't be load that's causing this issue as I'm monitoring the 
machine using multiple monitoring tools.


As to the process limit, I've got infinity set for the daemon under 
login.conf though root user is at defaults.


Since Dansguardian is being run as it's own user the root portion 
shouldn't apply.


The kernel maxproc value is set to 1310 (default??).

Outside of modifying the source code is there anything I can try within 
the system to allow Dansgaurdian to run?



I'm not sure if the upgrade changed any default values that may have 
effected this as the last update went through fine??


Weird!


Regards,


Kaya