howto use route-to with pf and carp
hi i have two firewalls running pf and carp, i have apcupsd and ntp running on the firewalls, both connect to apcupsd and ntp servers on my lan , the firewalls also send mail to my internal mail server at regular intervals, the firewall when in slave mode loses all connectivity through the carp interface, should i use a route-to rule to send it via the lan interface ? if yes can someone show me an example of how the route-to rule would be written, if no what would be the best way to go about this. thanks shadrock
Re: LibreSSL on old OpenBSD
On Sat, Aug 13, 2016, at 01:36 PM, Roderick wrote: > On Sat, 13 Aug 2016, Theo de Raadt wrote: > > > We prefer creating a world that is simpler. That is the practice > > we follow with our bodies of code. > > > > You prefer backwards compat. Fine, that is your choice. You can > > apply that principle in your own code. > > > > Are we finished here? > > It is not so simple. Of course I like simplicity, perhaps more than > you. And more standards than backward compatibility: that is why > I wondered that till now there is no standard. But programming > is always ponderation, in many dimensions. You must decide for example > between (run) time or space (memory), between security, performance > or simplicity. Sure, with absolute goals there is no much to decide and > no > much discussion, and we are finished. When are you going to realize that there are no such things as standards? They are and always have been a moving target. What is standard today almost certainly will not be in the future.
Re: LibreSSL on old OpenBSD
> But programming > is always ponderation, in many dimensions. You must decide for example > between (run) time or space (memory), between security, performance > or simplicity. Sure, with absolute goals there is no much to decide and no > much discussion, and we are finished. > Rodrigo. Total bullshit! I have seen this kind of statements to some of my teachers in university: 100% bad theory and 0% good practice. Are you able to decide "between security"? I think you are either saying a joke or you have no idea about what you are talking about. For your information, I think OpenBSD "decided" to have all together: fast running, low memory footprint, secure, performant and simple. And the authors of the code "decided" to offer this code to the rest of the mortals. They also spent their time to package it and make it simple to install for the ... same mortals, us. And so on. They have no obligation for the rest of us, users of their code. The situation is so free, that you can stop using their code and leave for something different. The question is, will you do it? Bye.
Re: arm on pandaboard fails
I think it is better to use openbsd-arm@ list. Thank you.
Re: arm on pandaboard fails
thanks for advice of Juan and Jonathan . i try snapshots. *now 8/13/2016* it can not reach the step of entrance of install . so i try 5.8 by shell script ./comment-out.bat get_and_burn-panda_XY.bat wget ftp://mirror.yandex.ru/pub/OpenBSD/$1.$2/armv7/miniroot-panda-$1$2.fs echo '---get---' ls *panda*.fs dd if=./miniroot-panda-$1$2.fs of=/dev/rsd0c echo '---burned---' but rebooting also fals . -> ddb> trace panic+0x18 scp=0xc03bf9bc rlv=0xc03bd000 (pool_do_get+0x260) rsp=0xcc4cad58 rfp=0xcc4cad90 pool_do_get+0xc scp=0xc03bcdac rlv=0xc03bc948 (pool_get+0x90) rsp=0xcc4cad94 rfp=0xcc4cade4 r7=0xb81a6000 r6=0x0002 r5=0xc0708094 r4=0x0002 pool_get+0x10 scp=0xc03bc8c8 rlv=0xc0537a58 (pmap_enter+0x484) rsp=0xcc4cade8 rfp=0xcc4cae34 r8=0xb81a600e r7=0xb81a6000 r6=0x0001 r5=0xca59f838 r4=0x0002 pmap_enter+0xc scp=0xc05375e0 rlv=0xc04e100c (uvm_fault+0x9fc) rsp=0xcc4cae38 rfp=0xcc4caf58 r10=0x0001 r9=0xcc4cae84 r8=0x r7=0x r6=0xca58b2ac r5=0xca58b2ac r4=0xc5214634 uvm_fault+0xc scp=0xc04e061c rlv=0xc05333e4 (data_abort_handler+0x248) rsp=0xcc4caf5c rfp=0xcc4cafb0 r10=0xcc4cafb4 r9=0xcc4c9000 r8=0x0001 r7=0xca5a0118 r6=0x0001 r5=0xca592a14 r4=0x4838 data_abort_handler+0xc scp=0xc05331a8 rlv=0xc0532bb0 (address_exception_entry+0x50) rsp=0xcc4cafb4 rfp=0xb2a0 r10=0x r9=0xb2a8 r8=0x r7=0x4cd6e388 r6=0x4cd6ec88 r5=0x0001 r4=0x ddb> panic+0x18 scp=0xc03bf9bc rlv=0xc03bd000 (pool_do_get+0x260) rsp=0xcc4cad58 rfp=0xcc4cad90 ddb> ps PID PPID PGRPUID S FLAGS WAIT COMMAND *29031 27053 27053 0 7 0x1sh 27053 1 27053 0 30x8b pause sh 25014 0 0 0 3 0x14200 pgzerozerothread 6099 0 0 0 3 0x14200 aiodoned aiodoned 27203 0 0 0 3 0x14200 syncerupdate 12059 0 0 0 3 0x14200 cleaner cleaner 864 0 0 0 3 0x14200 reaperreaper 29025 0 0 0 3 0x14200 pgdaemon pagedaemon 13319 0 0 0 3 0x14200 bored crypto 15627 0 0 0 3 0x14200 pftm pfpurge 10623 0 0 0 3 0x14200 usbtskusbtask 23133 0 0 0 3 0x14200 usbatsk usbatsk 18513 0 0 0 3 0x14200 mmctsksdmmc0 19715 0 0 0 3 0x14200 bored softnet 25386 0 0 0 3 0x14200 bored systqmp 24708 0 0 0 3 0x14200 bored systq 5111 0 0 0 3 0x40014200idle0 20329 0 0 0 3 0x14200 kmalloc kmthread 1 0 1 0 30x82 wait init 0 -1 0 0 3 0x10200 scheduler swapper <--- i should wait for the next snapshot . --- regards
Re: LibreSSL on old OpenBSD
On Sat, 13 Aug 2016, Theo de Raadt wrote: We prefer creating a world that is simpler. That is the practice we follow with our bodies of code. You prefer backwards compat. Fine, that is your choice. You can apply that principle in your own code. Are we finished here? It is not so simple. Of course I like simplicity, perhaps more than you. And more standards than backward compatibility: that is why I wondered that till now there is no standard. But programming is always ponderation, in many dimensions. You must decide for example between (run) time or space (memory), between security, performance or simplicity. Sure, with absolute goals there is no much to decide and no much discussion, and we are finished. Rodrigo.
Re: LibreSSL on old OpenBSD
> And if the whole is a technical progress, is a more complicated > thing. I preffer to take a constant from sys/params.h at > compile time than getting it with a call of sysconf() at run time. > The older standards arose perhaps from considerations that > today are forgotten or play no role anymore. Later one will have different > prefferences and new standards. As Ted said: standards change. > And we will always be "porting" software. We prefer creating a world that is simpler. That is the practice we follow with our bodies of code. You prefer backwards compat. Fine, that is your choice. You can apply that principle in your own code. Are we finished here?
Re: LibreSSL on old OpenBSD
I thank you, you got what I wanted to know. I also thank Peter Hansteen, Stuart Henderson, Ted Unangst and Alex Bochmann for their polite and serious answers. Also Theo for his polite recomendation for my happyness: I will think about it. On Fri, 12 Aug 2016, Philip Guenther wrote: Yes, the previous situation with and was confusing (code was including the wrong header and not getting the Well, it was necessary to substitute with , and to include types.h before including socket.h or uio.h. What is necessary and the changes can be recognised by comparing the man pages of byteorder, socket and readv in the many versions of OpenBSD, as well of 4.4BSD and of FreeBSD. It seems there is till now no standard, LibreSSL will not compile in FreeBSD 10.3 out of the box (according to the man pages). It seems that you see the progress in that there is now a de jure POSIX standard that OpenBSD will follow acribically, instead of a de facto BSD standard (if there is such). And if the whole is a technical progress, is a more complicated thing. I preffer to take a constant from sys/params.h at compile time than getting it with a call of sysconf() at run time. The older standards arose perhaps from considerations that today are forgotten or play no role anymore. Later one will have different prefferences and new standards. As Ted said: standards change. And we will always be "porting" software. In any case, this was not a problem (a problem is for example the Flag AI_ADDRCONFIG for getaddrinfo() in tls/tls_client.c or a lot of warnings in compiling in tls directory). Rodrigo.
Re: System broken? - No, kbd key stuck (try other hw first)
Fri, 12 Aug 2016 21:01:23 +0200 Stefan Wollny[...] > Maybe it is a hardware issue, likely not OpenBSD-related... > Since the night before last my system writes "q"s where ever possible... Hi Stefan, It must be a hardware issue as already advised -- misplaced support call. Most probably you dropped something on this key some time ago, it is very frequently used, or simply the first one to malfunction. This looks like a keyboard problem, most probably you have the key stuck. I've seen this before, on laptop keyboards mostly. The solution would be to detach this internal keyboard's flat ribbon cable from the system main board, order a new one and use an external USB keyboard in the meantime. Or, take it to a service repair (shop, if under warranty) where these steps will be done for you at a premium cost. If you can, take out & clone the storage disk prior to going for repair and put it back in place. When out of warranty take the system for repair without storage disk, or you'll get data lost. I'd recommend you rely on machines that are not tightly packed, for work. Or even better have a spare one, sync there your data & continue happily. For future such sessions call hardware/vendor support, and get some rest. OpenBSD FAQ1 - Introduction to OpenBSD (Platforms: Selecting hardware) [http://www.openbsd.org/faq/faq1.html#Platforms] Kind regards, Anton > Startup is not possible because at the "boot: " prompt very fast "q"s > are printed that would be taken as input if is hit. (BIOS, > not UEFI) > [...] > > Unless s.o. has an idea about how to solve this issue I will have to > send this laptop to the manufacturer as I still have guarantee. It is > just that since today I urgently need particularly this machine. Very > frustrated... (I use a Linux box instead with an awfully bad screen). > > > Any hint is welcome. > > > TIA. > > > Best, > STEFAN
Re: 5.9: vmx0: device timeout
Hey, it would be nice to define “network load”. I have several VMs running 5.8-stable/5.9-stable/current without seeing this. //mxb > On 11 aug. 2016, at 21:44, Kurt Mosiejczukwrote: > > I've noticed that for 5.9, any VMs (in VMware) using vmx(4), end up putting > "vmx0: device timeout" into the dmesg a bunch when under network load. > > I switched one of the VMs to vic(4) and the messages stop. Another VM that > I haven't gotten to upgrading from 5.8 to 5.9 yet doesn't show this in its > dmesg and it's our reasonably busy web server. > > Anyone else see this? I noticed there were a bunch of changes to vmx(4) > after 5.8 as part of the network mpsafe work. > > dmesg below. > > --Kurt > > > OpenBSD 5.9 (GENERIC) #8: Thu Jul 14 20:12:37 CEST 2016 > jas...@stable-59-amd64.mtier.org:/binpatchng/work-binpatch59-amd64/src/sys/ar ch/amd64/compile/GENERIC > real mem = 1056899072 (1007MB) > avail mem = 1020764160 (973MB) > mpath0 at root > scsibus0 at mpath0: 256 targets > mainbus0 at root > bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xe0010 (364 entries) > bios0: vendor Phoenix Technologies LTD version "6.00" date 09/17/2015 > bios0: VMware, Inc. VMware Virtual Platform > acpi0 at bios0: rev 2 > acpi0: sleep states S0 S1 S4 S5 > acpi0: tables DSDT FACP BOOT APIC MCFG SRAT HPET WAET > acpi0: wakeup devices PCI0(S3) USB_(S1) P2P0(S3) S1F0(S3) S2F0(S3) S3F0(S3) S4F0(S3) S5F0(S3) S6F0(S3) S7F0(S3) S8F0(S3) S9F0(S3) S10F(S3) S11F(S3) S12F(S3) S13F(S3) [...] > acpitimer0 at acpi0: 3579545 Hz, 24 bits > acpimadt0 at acpi0 addr 0xfee0: PC-AT compat > cpu0 at mainbus0: apid 0 (boot processor) > cpu0: Intel(R) Core(TM) i5-2400 CPU @ 3.10GHz, 3093.38 MHz > cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS H,DS,MMX,FXSR,SSE,SSE2,SS,SSE3,PCLMUL,SSSE3,CX16,PCID,SSE4.1,SSE4.2,x2APIC,PO PCNT,AES,XSAVE,AVX,HV,NXE,LONG,LAHF,PERF,ITSC,SENSOR,ARAT > cpu0: 256KB 64b/line 8-way L2 cache > cpu0: smt 0, core 0, package 0 > mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges > cpu0: apic clock running at 65MHz > ioapic0 at mainbus0: apid 1 pa 0xfec0, version 11, 24 pins > acpimcfg0 at acpi0 addr 0xf000, bus 0-127 > acpihpet0 at acpi0: 14318179 Hz > acpiprt0 at acpi0: bus 0 (PCI0) > acpicpu0 at acpi0: C1(@1 halt!) > acpibat0 at acpi0: BAT1 not present > acpibat1 at acpi0: BAT2 not present > acpiac0 at acpi0: AC unit online > acpibtn0 at acpi0: SLPB > acpibtn1 at acpi0: LID_ > pvbus0 at mainbus0: VMware > vmt0 at pvbus0 > pci0 at mainbus0 bus 0 > pchb0 at pci0 dev 0 function 0 "Intel 82443BX AGP" rev 0x01 > ppb0 at pci0 dev 1 function 0 "Intel 82443BX AGP" rev 0x01 > pci1 at ppb0 bus 1 > pcib0 at pci0 dev 7 function 0 "Intel 82371AB PIIX4 ISA" rev 0x08 > pciide0 at pci0 dev 7 function 1 "Intel 82371AB IDE" rev 0x01: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility > pciide0: channel 0 disabled (no drives) > atapiscsi0 at pciide0 channel 1 drive 0 > scsibus1 at atapiscsi0: 2 targets > cd0 at scsibus1 targ 0 lun 0: ATAPI 5/cdrom removable > cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2 > piixpm0 at pci0 dev 7 function 3 "Intel 82371AB Power" rev 0x08: SMBus disabled > "VMware VMCI" rev 0x10 at pci0 dev 7 function 7 not configured > vga1 at pci0 dev 15 function 0 "VMware SVGA II" rev 0x00 > wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) > wsdisplay0: screen 1-5 added (80x25, vt100 emulation) > mpi0 at pci0 dev 16 function 0 "Symbios Logic 53c1030" rev 0x01: apic 1 int 17 > mpi0: 0, firmware 1.3.41.32 > scsibus2 at mpi0: 16 targets, initiator 7 > sd0 at scsibus2 targ 0 lun 0: SCSI2 0/direct fixed > sd0: 20480MB, 512 bytes/sector, 41943040 sectors > mpi0: target 0 Sync at 160MHz width 16bit offset 127 QAS 1 DT 1 IU 1 > ppb1 at pci0 dev 17 function 0 "VMware PCI" rev 0x02 > pci2 at ppb1 bus 2 > ppb2 at pci0 dev 21 function 0 "VMware PCIE" rev 0x01 > pci3 at ppb2 bus 3 > vmx0 at pci3 dev 0 function 0 "VMware VMXNET3" rev 0x01: apic 1 int 18, address 00:50:56:8c:71:d1 > ppb3 at pci0 dev 21 function 1 "VMware PCIE" rev 0x01 > pci4 at ppb3 bus 4 > ppb4 at pci0 dev 21 function 2 "VMware PCIE" rev 0x01 > pci5 at ppb4 bus 5 > ppb5 at pci0 dev 21 function 3 "VMware PCIE" rev 0x01 > pci6 at ppb5 bus 6 > ppb6 at pci0 dev 21 function 4 "VMware PCIE" rev 0x01 > pci7 at ppb6 bus 7 > ppb7 at pci0 dev 21 function 5 "VMware PCIE" rev 0x01 > pci8 at ppb7 bus 8 > ppb8 at pci0 dev 21 function 6 "VMware PCIE" rev 0x01 > pci9 at ppb8 bus 9 > ppb9 at pci0 dev 21 function 7 "VMware PCIE" rev 0x01 > pci10 at ppb9 bus 10 > ppb10 at pci0 dev 22 function 0 "VMware PCIE" rev 0x01 > pci11 at ppb10 bus 11 > ppb11 at pci0 dev 22 function 1 "VMware PCIE" rev 0x01 > pci12 at ppb11 bus 12 > ppb12 at pci0 dev 22 function 2 "VMware PCIE" rev 0x01 > pci13 at ppb12 bus 13 > ppb13 at pci0 dev 22 function 3 "VMware PCIE" rev 0x01 > pci14 at ppb13 bus 14 > ppb14 at pci0 dev 22 function 4
Re: LibreSSL on old OpenBSD
2016-08-12 23:28 GMT+02:00 Philip Guenther: > Yes, the previous situation with and > was confusing (code was including the wrong header and not getting the Thanks. Finally an answer after days of shouting. Best Martin
Re: arm on pandaboard fails
On Fri, Aug 12, 2016 at 05:02:49PM +0200, Juan Francisco Cantero Hurtado wrote: > On Fri, Aug 12, 2016 at 08:59:51PM +0900, Tuyosi Takesima wrote: > > Hi all . > > i report this . > > > > i take photos . > > > > they are on > > http://akita-arm.blogspot.jp/2016/08/pandaboard-openbsd.html > > > > i am looking forward to meet openbsd 60 's armv7 . > > Don't waste your time with old releases on arm boards. Use -current, the > arm support is quite better now. When released 6.0 should be fine on pandaboard but the -current snapshot built on the 10th of August isn't. Wait for the next snapshot which will have http://marc.info/?l=openbsd-cvs=147088043212134=2 which is required due to ampintc now attaching to fdt.
Re: cvsweb: headers of revision files are shown in plain text
On Sat, Aug 13, 2016 at 12:43 AM, Alessandro DE LAURENZISwrote: ... > Actually, my trial on -current was too quick; maybe there was something in > the browser's cache... Anyhow, I confirm that cvsweb works flawlessly in > -current. > > Now: any chance to have this working on the 5.9 machine? I tried to upgrade > httpd(8) only (compiling from -current source), but i still see the > misbehaviour; > maybe some other libs involved? "To have it working on the 5.9 machine, upgrade the 5.9 machine to run 6.0" (Figuring out which fix in the last 6 months fixed this would take *someone's* brain power. If it matters to you, why aren't you contributing that research to the OpenBSD community instead of asking someone else to do that work? It's simple: just take your 5.9 box and walk it forward diff by diff until you find the change that fixed things! If you had been tracking -current on a regular basis then this wouldn't hard to answer..but now you're basically asking people to try to remember something from up to 6 months ago. Do you remember the *side-effects* of stuff you dealt with 3 months ago? 4 months ago? 5 months ago?)
Re: X "si" keyboard layout changes in recent snapshots
On 13 August 2016 at 03:05, Walter Alejandro Iglesiaswrote: > Probably what you're experiencing is a side effect of that changes. Yes! Great find. I reverted the patch in that message, and it started working. There are no additional errors. We're apparently using the head git version, not the 1.3.1 tag, as this change hasn't made it into a release yet. I reported this in the discussion on their bugzilla[0]. [0]: https://bugs.freedesktop.org/show_bug.cgi?id=57242#c36
Re: cvsweb: headers of revision files are shown in plain text
Hello naddy, On Fri, 12 Aug 2016 19:20:12 + (UTC) Christian Weisgerberwrote: > On 2016-08-12, Alessandro DE LAURENZIS > wrote: > > > Out of idea. > > I have no idea either. I run cvsweb on a local machine. It just > works. /etc/rc.conf.local: Actually, my trial on -current was too quick; maybe there was something in the browser's cache... Anyhow, I confirm that cvsweb works flawlessly in -current. Now: any chance to have this working on the 5.9 machine? I tried to upgrade httpd(8) only (compiling from -current source), but i still see the misbehaviour; maybe some other libs involved? -- Alessandro DE LAURENZIS [mailto:jus...@atlantide.t28.net] LinkedIn: http://it.linkedin.com/in/delaurenzis