Re: Problem with CARP interfaces not responding until VHID is changed.
Hey, Welcome to the OpenBSD community mailing list. I'm also using CARP for lots of HA-setups and yes, I will be gentle. I have never had issues like yours but my setup seems very different. The virtual host id (vhid) and its ip adress becomes a carp-group, so changing the vhid back and forth is not something I understand why you are doing. - Try to isolate this to 2 simple test machines with as simple setup as possible. Be simple. - Make those machines either run the release version or current. State which. - Then continue; - Post your interfaces configurations. - Post your dmesg - Post your pf.conf - Post your tcpdump (where you observed this, make it as small as possible) - Also some information about why you are changing vhid would be interesting. - vhid needs to be the same on all hosts participating in the same carp interface. - if you change vhid, the other host(s) on the other side also needs to change. - Are you using a carp on top of any other non-hardware interface? Like a vlan, with carpdev? - Also, many people forget this, but if you type "man 4 carp" you will find a lot of good stuff to be read about carp, vhids, carpdev and such. Best of luck, Alexander On 01/21/2016 11:02 PM, rizz2pro . wrote: Hello, This is my first time posting here so be gentle. It seems that random CARP interfaces on our systems will just die, stop replying to any requests OR only 1 request out of ~50 will make it through, slowly. tcpdump also shows no traffic reach the interface. Only when that 1 request makes it through, we will see traffic arrive to the system. We've tried everything we could think of to bring the carp interface back to life such as reboot, run sh /etc/netstart and even going as far as rebuilding the system server from scratch with maven and dropping the site55.tgz file in there but none of these things fix the issue. When we change the VHID to anything else and restart the interface, it fixes everything and the interface is smoking fast again. When we change the VHID back to what it originally was, we're dead in the water. Again, change it back to any random VHID and the issue goes away. So I have narrowed it down to VHID. Whenever we run into this problem I just tell people to change it to anything else. I know the CARP interface's MAC address is generated by the VHID so I am sort of leaning towards it be an ARP issue and possibly not an issue with the OBSD system. But I am hoping for some hints or ideas from you guys. Thanks in advance for any help! RZ
Re: WLAN Card frustration
On 2015-12-03 19:25, bluesun08 wrote: Hi, in the meantime i had tested many miniPCIe-WLAN-Cards (ar9271, ar9280, ar9285, ar9287, ...) with OpenBSD in HostAP-mode. But no one of them works reliable, stable and fast. No i'm frustrated. I'm fed up with ordering, testing and sending back several cards. Can someone recommend me a *very well proven* miniPCIe-WLAN-Card which work stable and fast on OpenBSD in HostAP-mode and have a good range? Please recommend me not only a chipset but also a concrete miniPCIe-WLAN-Card. Which is the most used/recommended card? This is not an easy question. Not because OpenBSD but because drivers for wifi cards frequently change due to manufacturer decisions. Are you looking for an integrated WLAN module, which is placed inside a laptop? Or, are you looking for a mini form factor wlan card which is pci express?
Re: whats wrong with me?
On 2015-12-01 21:51, Krzysztof Strzeszewski wrote: Sorry, I'm beginner. I konow, my message was not logical. uname -a: # OpenBSD hostname 5.8 GENERIC#0 i386 # virtual server in httpd.conf: # server "hostname" { listen on * port 80 listen on * tls port 443 log { access "access.log", error "error.log" } tls { certificate "/etc/ssl/server.crt" key "/etc/ssl/private/server.key" } root "/htdocs/hostname" } # port 80 end 443 is open: # netstat -a |grep http # tcp 0 0 localhost.https *.* LISTEN tcp 0 0 *.https *.* LISTEN # in firefox: # Secure Connection Falied An error occurred during a connection to my_domain. Cannot communicate securely whih peer: no common encryption algorithm(s). (Error code: ssl_error_no_cypher_overlap) # in log from httpd: # httpd: could not parse macro definition SSL httpd[21336]: server_tls_init: failed to configure TLS - failed to read private key: Operation not supported by device # Check the following; 1) Does private key match certificate? Verify this like so (should result in two exact same sha512 strings); # openssl x509 -noout -modulus -in server.pem | openssl sha512 # openssl rsa -noout -modulus -in server.key | openssl sha512 2) Is httpd allowed to read key file? # ls -lhart /etc/ssl/server.crt # ls -lhart /etc/ssl/private/server.key 3) Check with browser random x on random other operating system y.
Re: ansible openbsd_rcctl module
On 2015-12-01 09:54, Sarevok Anchev wrote: Hello, Recently I submitted openbsd_rcctl to ansible. In order to speed up the process of having it included by default, I'm asking the community to review/test the module and drop a comment at https://github.com/ansible/ansible-modules-extras/pull/1296 Let me know if there are other OpenBSD-specific modules you'd like to see for ansible. p.s: not subscribed to the list, cc me Hey again, Much appreciated as I said already. I left my computer and instantly remembered a few more things. Hope it is OK. My second wish; vlandev for vlan-interfaces and carpdev for carp-interfaces. See below. Third wish, I'd like description from all interfaces visible. See below for vlan example but same for all. Fourth wish; I'd like carp demote counters, advbase and advskew visible for carp. Fifth wish; vhid for carp I am very grateful for carp status however, it is already implemented. Alexander ## TEST OPENBSD MACHINE # uname -a OpenBSD test46.local.lan 5.8 GENERIC#1534 amd64 # ifconfig vlan34 create vlandev bge0 # ifconfig vlan34 vlan34: flags=8843mtu 1500 lladdr 00:24:81:eb:1f:14 priority: 0 vlan: 34 parent interface: bge0 groups: vlan status: active ## LAPTOP WITH ANSIBLE (no vlandev is visible) # ansible -m setup test46.local.lan -a 'filter=ansible_vlan34' test46.local.lan | success >> { "ansible_facts": { "ansible_vlan34": { "device": "vlan34", "flags": [ "UP", "BROADCAST", "RUNNING", "SIMPLEX", "MULTICAST" ], "ipv4": [], "ipv6": [], "macaddress": "00:24:81:eb:1f:14", "mtu": "1500", "status": "active", "type": "unknown" } }, "changed": false }
Re: ansible openbsd_rcctl module
On 2015-12-01 09:54, Sarevok Anchev wrote: Hello, Recently I submitted openbsd_rcctl to ansible. In order to speed up the process of having it included by default, I'm asking the community to review/test the module and drop a comment at https://github.com/ansible/ansible-modules-extras/pull/1296 Let me know if there are other OpenBSD-specific modules you'd like to see for ansible. p.s: not subscribed to the list, cc me Hey Sarevok, Much appreciated. If you have the time I'd really like improved gre interface support for the tunnel configuration. See below example. Thanks for asking and for offer your help. ## TEST OPENBSD MACHINE # uname -a OpenBSD test46.local.lan 5.8 GENERIC#1534 amd64 # ifconfig gre0 create 1.2.3.4 5.6.7.8 tunnel 11.22.33.44 55.66.77.88 # ifconfig gre0 gre0: flags=9011mtu 1476 priority: 0 groups: gre tunnel: inet 11.22.33.44 -> 55.66.77.88 inet 1.2.3.4 --> 5.6.7.8 netmask 0xff00 ## LAPTOP WITH ANSIBLE # ansible -m setup test46.local.lan -a 'filter=ansible_gre0' test46.local.lan | success >> { "ansible_facts": { "ansible_gre0": { "device": "gre0", "flags": [ "UP", "POINTOPOINT", "LINK0", "MULTICAST" ], "ipv4": [ { "address": "1.2.3.4", "broadcast": "0xff00", "netmask": "5.6.7.8", "network": "1.2.3.0" } ], "ipv6": [], "macaddress": "unknown", "mtu": "1476", "type": "unknown" } }, "changed": false }
Re: whats wrong with me?
On 2015-11-30 20:52, Krzysztof Strzeszewski wrote: Hi, whats wrong?: httpd: could not parse macro definition SSL httpd[21336]: server_tls_init: failed to configure TLS - failed to read private key: Operation not supported by device Krzysztof Strzeszewski Hey Krzysztof, Two reasons why you did not receive much feedback on this. - You did not supply OpenBSD version (uname -a) so we can't replicate with same version. - You did not provide httpd.conf(8) so we can't replicate your exact setup. A key to good free online OpenBSD support is to; "Always provide as much information as possible. Try to pin-point the exact problem. Give clear instructions on how to reproduce the problem. Try to describe the problem with as much accuracy and non-confusing terminology as possible, especially if it is not easy to reproduce." // http://www.openbsd.org/report.html Continue to fail this and the world will just lead to sadness and despair. Alexander
Re: Meaning of '+', '*' in disk: hd0+ hd1+* hd2*
The '+' character after the "hd0" indicates that the BIOS has told /boot that this disk can be accessed via LBA. When doing a first-time install, you will sometimes see a '*' after a hard disk -- this indicates a disk that does not seem to have a valid OpenBSD disk label on it. http://www.openbsd.org/faq/faq14.html#Boot386 On 2015-11-30 19:28, edward wandasiewicz wrote: If I have the following showing after a probe during biosboot disk: hd0+ hd1+* h2* What is the meaning of '+', '+*' and '*' next to each disk? Edward.
Re: Wireless PCI hardware
On 2015-11-27 05:13, li...@wrant.com wrote: For USB I am using the run(4) driver for Ralink 802.11n product Netsys98N but my head hurts a bit while using it. You're most probably imagining the headache part or you have some sort of astigmatism (or another eye focus related condition you're unaware of), go "see" an optician who can also fix your wireless power rating psychosomatic (look and) feel. It is possible that you are right, I'll start use my tinfoil hat and be safe. http://www.dx.com/p/netsys-98n-2-4ghz-4200mw-high-power-802-11b-g-n-150mbps-usb-wi-fi-wireless-network-adapter-93722#.Vled1noy30M This is very likely false rating as the USB 2.0 port is rated 500 mA at 5 V DC (which usually drops to 4.75 V under full load) delivering up to 2500 mW at maximum power drain. Probably would be interesting to actually ask the maker what's this stupid lie and see what they come up with. Also with these phoney devices, the 9 dBi antennas are usually just 5 dBi in a longer plastic casing, an incredibly brain damaged trick. https://en.wikipedia.org/wiki/USB Thanks for the explanation. Using the run(4) driver for this is OK since I only use it as client when I need *extreme* range and not for hostap mode purposes.
Re: Wireless PCI hardware
On 2015-11-27 08:48, Tati Chevron wrote: - TP-Link TL-WN851ND Works on OpenBSD. On 2015-11-27 08:52, Jason McIntyre wrote: anyway i currently have a tp-link tl-wn881nd (so close!). it's an athn and has worked perfectly. it was very cheap, though i don;t remember the price. jmc Bought and tested both TP-Link WN881ND and TP-Link TL-WN851ND. Confirmed that both works very well. Thanks.
Re: Wireless PCI hardware
On 2015-11-27 08:48, Tati Chevron wrote: On Fri, Nov 27, 2015 at 12:08:37AM +0100, Alexander Salmin wrote: I want OpenBSD in hostap mode with PCI or PCIe ath / athn driver. Be aware that hostap mode is not particularly reliable, usable, or with good peformance at the moment. That's OK, my purpose is not production. - TP-Link TL-WN851ND Works on OpenBSD. I also got information off-list that also TP-Link TL-WN881ND works well. I found a store which has both of them, so I'll go buy these today and see. Thanks everyone. Alexander
Wireless PCI hardware
Hey friends, I want OpenBSD in hostap mode with PCI or PCIe ath / athn driver. I am not interested in USB Wifi which has recently been discussed on this list, already have a good usb wifi that works well for its purpose (thanks!). Instead I have been checking out the ath(4) and athn(4) driver manuals for compatible pci or pcie cards. I would love to go haywire and buy more cards in my local store and test them, but once I open the seal; I can't return them. Yes, I tried, this is not an option anymore, spent too much money on it. :-| If you recently bought a PCI or PCIe wireless card with atheros chipset that works for OpenBSD, please report which name/model/manufacturer and preferably ~buydate so we know if its recently or might been replaced by new version. Or, if you are running a computer store or similar or have a friend that does, maybe you can help with testing(?). Cards I have not yet tested which I'm thinking of buying, any advise on these? Both are quite cheap. - TP-Link TL-WN851ND - TP-Link TL-WDN4800 Alexander
Re: Wireless PCI hardware
Don't know about PCI but could get cardbus adaptor for d-link DWA-652 that works well for me or look up it's chip. What usb are you using as the ones i tried a while back weren't much good though there have been changes to the drivers since so probably worth trying again. http://www.ebay.co.uk/itm/D-Link-DWA-652-Xtreme-N-Wireless-Notebook-Adapter-Draft-/400461073245?hash=item5d3d570b5d:g:HdsAAOxyrP9RZur0 For USB I am using the run(4) driver for Ralink 802.11n product Netsys98N but my head hurts a bit while using it. Not so good for long-term use. :-) Works extremely well though, very long-range. But still, looking for PCI/PCIe. http://www.dx.com/p/netsys-98n-2-4ghz-4200mw-high-power-802-11b-g-n-150mbps-usb-wi-fi-wireless-network-adapter-93722#.Vled1noy30M
Re: WLAN Card AP feature
If the system identified your wlan-card, write this. # ifconfig | grep -1 -B3 wlan | grep -o -E -e "^([a-z]{1,3})" | xargs man On 2015-11-25 19:03, bluesun08 wrote: Please, can you give me a link of the manual for the 802.11 drivers? -- View this message in context: http://openbsd-archive.7691.n7.nabble.com/WLAN-Card-AP-feature-tp283685p283756.html Sent from the openbsd user - misc mailing list archive at Nabble.com.
Re: OBSD 5.8 and console
I have a similar setup. Kill your screen, and connect again, usually works for me. On 2015-11-22 17:13, Alessandro Baggi wrote: set tty com0
Re: rdomain with BGP dynamic route
Hey, man 5 bgpd.conf See section Routing Domain Configuration and parameters export-target and import-target. I suspect that is what you want. Alexander Salmin On 2015-07-24 13:47, XU, YANG (YANG) wrote: Let me describe it in another way. Can I create a new rdomain as a VRF and use the rdomain to import/export customer's prefix through BGP? I will greatly appreciate it if you can provide any information. I have seen some information online, but prefix is either from static configuration or connected network. In my case, I need to support dynamic routes from BGP in VRF. Thanks, -Yang From: owner-m...@openbsd.org [owner-m...@openbsd.org] On Behalf Of XU, YANG (YANG) Sent: 23 July 2015 08:06 To: misc@openbsd.org Subject: rdomain with BGP dynamic route Hi all, I am configuring OpenBSD bgpd so that it can relay the routes learned from customer BGP servers to a route reflector (RR). Customer BGP servers only speak IPv4 BGP, so my OpenBSD bgpd needs to add different route-distinguisher and route-target to the dynamic routes learned from each customer BGP neighbor before forwarding to RR. As I understand, I should be able to use rdomain to implement this. What I really need conceptually is to attach a BGP neighbor to a rdomain, so that dynamic routes learned from that BGP neighbor are added to the specified rdomain. But I failed to find a way to do this in OpenBSD. Does anyone know if this is possible and give me an BGP configure example? Many thanks in advance, -Yang
Re: Regarding the default /usr partitioning
Hi, Read up on the Automatic disk allocation chapter in the disklabel manual as mentioned by Raf. Basically partitions are dynamically allocated based on total disk-space with a few exceptions - the following paths have their own partitions on disks larger than 7G (so you are mistaken about the /usr/src part, as Raf said). Maybe you should use make clean after your jobs? What exactly is using all your disk space? I suggest reading 15.3.6 - Cleaning up after a build at http://www.openbsd.org/faq/faq15.html 2G /usr/src 2G /usr/obj 10G /usr/local 1G /usr/X11R6 Alexander On 2015-06-29 00:42, Raf Czlonka wrote: On Sun, Jun 28, 2015 at 11:15:20PM BST, Carlos Fenollosa wrote: Hi, Hi Carlos, I’m a new OpenBSD user, so please forgive me if this topic has been discussed thoroughly already. I installed a new box using the default partitioning (2GB for /usr) and I found that it’s a bit insufficient since /usr/ports, /usr/xenocara and /usr/src hang from there on the same partition, and eat up most of those 2GB. I’ve searched online and some users also found the same problem Do you think it would be a good idea to increase that number to about 5GB? I could try to write a simple patch for it. It all depends on the size of your disk but most likely you are mistaken. man 8 disklabel Raf
Re: alternative places to buy the CDs in US are needed
Download, buy media yourself, and donate. Download docs online, print them, donate. Iterate every release, or more often. Don't understand how this can be so hard? Donations = close to zero effort. Printing CDs = more than zero effort for the project. On 2015-06-26 16:58, Boris Goldberg wrote: Hello misc, I've looked (and registered) at openbsdstore.com (USA site) - don't like it (a lot). Use to buy OpenBSD stuff from a US book store, but can't find it (there was a link to it on the openbsd.org, but not any more). Are there alternative (local) options to buy the OpenBSD CDs in the US?
Re: Puppet and OpenBSD. Any examples/experience for unattended provisioning?
Are you looking into running a puppet server or puppet client on OpenBSD? For the server, the requirements are many, and even if it's possible, it can be a bit hard to get everything right. As for the puppet client, it works as intended. Unless you are aiming for bare-metal (with foreman or something similar) and if you are open to suggestions I'd say try ansible. I'm using it on some 30+ OpenBSD servers which works great. It's really easy to learn. Both package managment and sysctl configuration is of high quality as well as templates with jinja2-syntax. But as always, use what works best for you. Maybe if you explain more about what parts of the OpenBSD system you want to automate the list can help you with some suitable automation options. Alexander Salmin On 2015-06-21 15:00, Kirill Peskov wrote: Hi All, Looks like there is no comprehensive guide/howto in the Net for $subj... Googling gives some discussions and presentations regarding running puppet server on OpenBSD, which is not so interesting. My task is to automate provisioning of bunch of OpenBSD servers across several LANs and puppet would be a good helper here (OK, maybe Saltstack could be an alternative solution, but there is even less info about such a combination out there). Thanx in advance, Kirill
Re: IPSec and Cisco peers
Hey, Based on my experience you could try three things: - Provide us with the Cisco configuration on that side. - Use packet-tracer from the cisco device, it's really helpful in these situations. - Verify every little bit of configuration on both sides so that they are exactly the same. Alexander Salmin On 2015-04-07 16:28:00, jean-yves boisiaud wrote: hello, I'm using IPSec with OpenBSD. I cannot connect with some Cisco appliances, a Cisco Asa and a Cisco 2951. For these two Cisco gw, I can see in the log the same messages : Apr 7 16:10:00 billy isakmpd[31908]: isakmpd: phase 1 done: initiator id X, responder id Y, src: X dst: Y Apr 7 16:10:00 billy isakmpd[31908]: isakmpd: Peer Y made us delete live SA peer-Y-local-X for proto 1, initiator id: X, responder id: Y As the remote IT engineers wanted me to enable DPD, I changed the ipsec configuration from active to dynamic, but nothing changes. Is there something wrong in my configuration ? ike dynamic esp from 192.168.36.0/24 to 10.0.0.0/8 \ local X peer Y \ main auth hmac-md5 enc 3des group grp2 lifetime 28800 \ quick auth hmac-sha1 enc 3des group grp2 lifetime 28800 \ srcid X dstid Y \ psk z -- Jean-Yves Boisiaud - Alcor Consulting 24, rue de la Glycine 49250 Saint Remy la Varenne mobile : +33 6 63 71 73 46 fixe : +33 9 72 41 19 35
Re: CPU criteria for OpenBSD firewall
Good luck, when you have time I also recommend that you read this. https://calomel.org/network_performance.html On 2015-02-19 08:05:54, ML mail wrote: Thanks to all of you for this interesting discussion. My OpenBSD firewall will only be doing PF as I totally agree that a firewall should have the least userland application running as possible of course if your budget permits it. So far I have around 340 rules (as the number of lines in the output of a pf -sr) and a state table of around 12-20k entries depending the time of the day. As per your recommendations I will go with a higher CPU frequency and less cores as packet filtering still only takes place on one single core. I might also experiment if I should use bsd.mp or the standard non SMP bsd. I also agree with Nick that CPU is of course not the only criteria but the rest I have luckily already sorted out :) For example by using nice and modern Intel 10 Gbit/s NICs, CompactFlash industrial grade flash storage, redundant setup with 2 firewalls and CARP, etc. OpenBSD does a great job here, I don't even want to imagine the price of such a setup with C***o hardware. Cheers
Re: Help needed: pkg_add dropps connections
Have you also tried without the proxy? On 2015-02-18 13:47:26, Marc Espie wrote: On Tue, Feb 17, 2015 at 03:15:14PM +0100, Stefan Wollny wrote: Hello! I'd like to pick up an issue that is bugging me for some time now: Whenever I run 'pkg_add -ui' my connection gets terminated soon, reliably at the latest once packages starting with g are checked. I suspect it is in my pf.conf but it is not obvious to me. My system: Lenovo T60 running amd64-current. Below I provide the obligatory dmesg, pf.conf, rc.conf.local and sysctl.conf. Checking what is going on with 'pftop' I noticed that 'pkg_add' opens up hundreds of connections, all with state 'TIME_WAIT:TIME_WAIT' or 'FIN_WAIT_2:FIN_WAIT_2'. Once around 100 such states are established the connection will be dropped soon. I've tried ftp.hostserver.de, openbsd.cs.fau.de and ftp.openbsd.org - all show the same behaviour. E.g. PKG_PATH is set in my .profile like so: PKG_PATH=http://ftp.hostserver.de/pub/OpenBSD/snapshots/packages/amd64/ All those connections get closed by pkg_add. If you don't see them closing in your pf log, you need to figure out why.
Re: OpenBSD firefox useragent Facebook
Not using facebook but have you checked on another computer? Feels like this is not related to OpenBSD. Anyway, your best choice is using developer-tools and trying to identify which requests works and which does not. Maybe you have like me, local DNS-server which blocks famous ad-providers IPs or similar in your hosts-file? On 2015-02-18 15:32:41, Erling Westenvik wrote: Not sure if this belongs in @misc or @ports - if any! - but I'll give the former a shot. All below applies to amd64/current-installations of mine. The last few months, I've been unable to tag other people when commenting on Facebook. I've tried resetting Firefox, disabling add-ons, deleting old profiles, reinstalling the browser, and even doing a fresh install of Firefox on a new OpenBSD installation. All to now avail. I suspect the user agent setting to be the culprit and have tried experimenting with various strings. Some of them enables me to tag other people, but messes up other things. Would anyone using Facebook be so kind as to provide me with a working user agent string for Firefox (35.0) ? Thanks, Erling PS. Just checked and neither Seamonkey nor Chrome will let me tag people in comments. This is getting weird...
Re: CPU criteria for OpenBSD firewall
I might start a flame now but the higher freq and less core model is the better choice unless your firewall will do other things than packetfiltering and routing. On 2015-02-18 22:30:31, ML mail wrote: Hi, Stupid question but if you would have to choose between two different Intel CPUs for an OpenBSD firewall using 4 to 6 Intel NICs with all /24 networks behind and around 50-60 Mbit/s average traffic would you rather choose the CPU with higher Frequency and less cores or for a CPU with lower frequency but more cores? For example: - E5-2630Lv3, 20M Cache, 1.80 GHz, 8 cores: http://ark.intel.com/products/83357/Intel-Xeon-Processor-E5-2630L-v3-20M-Cache-1_80-GHz - E5-2637v3, 15M Cache, 3.50 GHz, 4 cores: http://ark.intel.com/products/83358/Intel-Xeon-Processor-E5-2637-v3-15M-Cache-3_50-GHz Or asked differently, which are the importants criteria to look at first for a CPU intended to be used in an OpenBSD firewall? Regards ML
Re: Mutt Sidebar not working properly
Hi, I'd say its way easier to help you and debug it with your .muttrc-file. I'm using sidebar with mutt and have no issues with it. Send both mutt -v output and .muttrc Cheers, Alexander On 2015-02-12 20:19:05, Dutch Ingraham wrote: Hello all: I installed the binary mutt last week with the compressed, sasl, and sidebar flavors. I also used my standard .muttrc from other systems. Everything worked fine except the sidebar. While all folders are present, and I can scroll to any folder, no folder will open. The folders do seem to be in sync, though. As an exercise, I deleted the package and compiled the port with the gpgme, sasl, and sidebar flavors; there was no difference as to the sidebar issue. My current system is OpenBSD 5.7 GENERIC.MP#834 amd64 -current to Feb. 2. I am using IMAP. Any hints as to where the issue may lie are appreciated. If my .muttrc, dmesg or anything else is needed, please let me know. Thanks.
Re: packets logged by pf without log rule
Did you see it in previous versions? I would compare the same ruleset with a fresh 5.5 and see if you experience the same and in that case continue compare the relevant sourcecode. Regards, Alexander Salmin On 2014-09-15 16:18:26, Tony Sarendal wrote: I'm currently looking into some logging strangeness in we are seeing. Does anyone know why this is logged ? obc3.rad# cat /etc/pf.conf pass quick all obc3.rad# pfctl -sr pass quick all flags S/SA obc3.rad# tcpdump -n -e -ttt -i pflog0 tcpdump: WARNING: snaplen raised from 116 to 160 tcpdump: listening on pflog0, link-type PFLOG Sep 15 16:07:31.276913 rule 0/(match) pass in on em0: 10.69.48.14 239.192.104.1: igmp nreport 239.192.104.1 (DF) [tos 0xc0] [ttl 1] Sep 15 16:07:31.278020 rule 0/(match) pass in on em0: 10.69.48.14 239.192.104.1: igmp nreport 239.192.104.1 (DF) [tos 0xc0] [ttl 1] obc3.rad# tcpdump -n -i em0 igmp tcpdump: listening on em0, link-type EN10MB tcpdump: WARNING: compensating for unaligned libpcap packets 16:07:31.276905 10.69.48.14 239.192.104.1: igmp nreport 239.192.104.1 (DF) [tos 0xc0] [ttl 1] 16:07:31.278014 10.69.48.14 239.192.104.1: igmp nreport 239.192.104.1 (DF) [tos 0xc0] [ttl 1] Regards Tony OpenBSD 5.6-current (GENERIC.MP) #0: Wed Sep 10 13:39:02 CEST 2014 r...@obc3.rad.unibet.com:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 8545173504 (8149MB) avail mem = 8308969472 (7924MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xeb4c0 (54 entries) bios0: vendor American Megatrends Inc. version 2.0a date 06/08/2012 bios0: Supermicro X9SCD acpi0 at bios0: rev 2 acpi0: sleep states S0 S1 S4 S5 acpi0: tables DSDT FACP APIC FPDT MCFG HPET SSDT PRAD SPMI SSDT SPCR EINJ ERST HEST BERT BGRT acpi0: wakeup devices PS2K(S4) PS2M(S4) UAR1(S4) P0P1(S4) USB1(S4) USB2(S4) USB3(S4) USB4(S4) USB5(S4) USB6(S4) USB7(S4) PXSX(S4) RP01(S4) PXSX(S4) RP02(S4) PXSX(S4) [...] acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Xeon(R) CPU E3-1270 V2 @ 3.50GHz, 3500.49 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX ,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,A ES,XSAVE,AVX,F16C,RDRAND,NXE,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS cpu0: 256KB 64b/line 8-way L2 cache cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges cpu0: apic clock running at 100MHz cpu0: mwait min=64, max=64, C-substates=0.2.1.1.0, IBE cpu1 at mainbus0: apid 2 (application processor) cpu1: Intel(R) Xeon(R) CPU E3-1270 V2 @ 3.50GHz, 3500.02 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX ,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,A ES,XSAVE,AVX,F16C,RDRAND,NXE,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS cpu1: 256KB 64b/line 8-way L2 cache cpu1: smt 0, core 1, package 0 cpu2 at mainbus0: apid 4 (application processor) cpu2: Intel(R) Xeon(R) CPU E3-1270 V2 @ 3.50GHz, 3500.02 MHz cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX ,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,A ES,XSAVE,AVX,F16C,RDRAND,NXE,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS cpu2: 256KB 64b/line 8-way L2 cache cpu2: smt 0, core 2, package 0 cpu3 at mainbus0: apid 6 (application processor) cpu3: Intel(R) Xeon(R) CPU E3-1270 V2 @ 3.50GHz, 3500.02 MHz cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX ,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,A ES,XSAVE,AVX,F16C,RDRAND,NXE,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS cpu3: 256KB 64b/line 8-way L2 cache cpu3: smt 0, core 3, package 0 cpu4 at mainbus0: apid 1 (application processor) cpu4: Intel(R) Xeon(R) CPU E3-1270 V2 @ 3.50GHz, 3500.02 MHz cpu4: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX ,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,A ES,XSAVE,AVX,F16C,RDRAND,NXE,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS cpu4: 256KB 64b/line 8-way L2 cache cpu4: smt 1, core 0, package 0 cpu5 at mainbus0: apid 3 (application processor) cpu5: Intel(R) Xeon(R) CPU E3-1270 V2 @ 3.50GHz, 3500.02 MHz cpu5: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX ,SMX,EST,TM2,SSSE3,CX16,xTPR