Re: open bsd 5.7 and 5.8 cd ordering questions

2015-08-22 Thread Christopher Barry 
On Sat, 22 Aug 2015 22:28:48 +0100
Fred  wrote:

>Although the truly paranoid can check the signify key printed on
>their disks with the one on the OpenBSD website.

...unless of course they've poisoned your dns and are sending you to
an alternate site for just such an event... Maybe you should just drive
up to Calgary and get them in person. But yeah, they'll probably just
swap the cds in your car while they're strip searching you when you're
trying to get back in... *sigh*

Re: weird carp failover behavior

2015-08-20 Thread Christopher Barry 
 packet from FW-B, and then
>>   start seeing the ping request/reply pairs coming in from C (as
>> expected)
>> - upon killing and restarting C's ping to Carp2, I no longer see the
>>   response on C, but I'm seeing both the request and response in
>> FW-B's tcpdump.  On C, I see only the echo response. (NOT expected)
>> 
>> Does this last bit point the finger at SW2 being the culprit (perhaps
>> not routing packets to the appropriate NIC port), even though power
>> cycling SW2 isn't sufficient to fix the problem?
>> 
>> Any other thoughts?
>> 
>> Devin
>

if logistically possible, and it might not be, temporarily remove sw2
from the equation, and plug ISP2 and FW-B into SW1. both ISPs will come
into the same unprotected switch, and both firewalls will transmit
through that switch.

still gags? it might be the CPE of ISP2, or might be some other subtle
config issue on the firewalls.
no gag? starting to look like it might be sw2

additionally, it might be informative to reverse it to try all traffic
through sw2 to see if that works as expected.

to me, it kinda smells like STP might be involved here somewhere.

--
Regards,
Christopher Barry

Random geeky fortune:
"I never let my schooling get in the way of my education."
-- Mark Twain

Re: OpenBSD Tablet-ish

2015-02-19 Thread Christopher Barry 
On Thu, 19 Feb 2015 13:23:47 -0600
Luis Coronado  wrote:

>sharp zaurus?
>
>Sent from my iPad not running obsd :)
>
>> On 19/2/2015, at 13:15, Jack Woehr  wrote:
>> 
>> What's the smallest, most tablet-ish device I can put OpenBSD on?
>> Want to travel and stay connected.
>> 
>> -- 
>> Jack Woehr   # "There's too much emphasis on things
>> Box 51, Golden CO 80402  #  like pawn structure in modern chess.
>> http://www.softwoehr.com #  Checkmate ends the game." - N. Shor
>

AFAICT, only the BI-L10 does networking, according to wikipedia.

--
Regards,
Christopher Barry

Random geeky fortune:
Slowly and surely the unix crept up on the Nintendo user ...

Re: root partition full; /dev taking up all the space?

2015-02-13 Thread Christopher Barry 
>acpibtn0 at acpi0: LID_
>acpibtn1 at acpi0: SLPB
>acpibat0 at acpi0: BAT0 model "45N1079" serial 28341 type LION oem
>"LGC" acpibat1 at acpi0: BAT1 not present
>acpiac0 at acpi0: AC unit online
>acpithinkpad0 at acpi0
>acpidock0 at acpi0: GDCK not docked (0)
>cpu0: Enhanced SpeedStep 2594 MHz: speeds: 2601, 2600, 2500, 2400,
>2300, 220 0, 2100, 2000, 1900, 1800, 1700, 1600, 1500, 1400, 1300,
>1200 MHz pci0 at mainbus0 bus 0
>pchb0 at pci0 dev 0 function 0 "Intel Core 3G Host" rev 0x09
>vga1 at pci0 dev 2 function 0 "Intel HD Graphics 4000" rev 0x09
>intagp at vga1 not configured
>inteldrm0 at vga1
>drm0 at inteldrm0
>drm: Memory usable by graphics device = 2048M
>inteldrm0: 1366x768
>wsdisplay0 at vga1 mux 1: console (std, vt100 emulation)
>wsdisplay0: screen 1-5 added (std, vt100 emulation)
>"Intel 7 Series xHCI" rev 0x04 at pci0 dev 20 function 0 not configured
>"Intel 7 Series MEI" rev 0x04 at pci0 dev 22 function 0 not configured
>em0 at pci0 dev 25 function 0 "Intel 82579LM" rev 0x04: msi, address
>3c:97:0 e:10:4a:12
>ehci0 at pci0 dev 26 function 0 "Intel 7 Series USB" rev 0x04: apic 2
>int 16 usb0 at ehci0: USB revision 2.0
>uhub0 at usb0 "Intel EHCI root hub" rev 2.00/1.00 addr 1
>azalia0 at pci0 dev 27 function 0 "Intel 7 Series HD Audio" rev 0x04:
>msi azalia0: codecs: Realtek ALC269, Intel/0x2806, using Realtek ALC269
>audio0 at azalia0
>ppb0 at pci0 dev 28 function 0 "Intel 7 Series PCIE" rev 0xc4: msi
>pci1 at ppb0 bus 2
>sdhc0 at pci1 dev 0 function 0 "Ricoh 5U822 SD/MMC" rev 0x07: apic 2
>int 16 sdmmc0 at sdhc0
>ppb1 at pci0 dev 28 function 1 "Intel 7 Series PCIE" rev 0xc4: msi
>pci2 at ppb1 bus 3
>iwn0 at pci2 dev 0 function 0 "Intel Centrino Advanced-N 6205" rev
>0x34: msi , MIMO 2T2R, MoW, address 08:11:96:f9:81:9c
>ppb2 at pci0 dev 28 function 2 "Intel 7 Series PCIE" rev 0xc4: msi
>pci3 at ppb2 bus 4
>ehci1 at pci0 dev 29 function 0 "Intel 7 Series USB" rev 0x04: apic 2
>int 23 usb1 at ehci1: USB revision 2.0
>uhub1 at usb1 "Intel EHCI root hub" rev 2.00/1.00 addr 1
>pcib0 at pci0 dev 31 function 0 "Intel QM77 LPC" rev 0x04
>ahci0 at pci0 dev 31 function 2 "Intel 7 Series AHCI" rev 0x04: msi,
>AHCI 1. 3
>scsibus1 at ahci0: 32 targets
>sd0 at scsibus1 targ 0 lun 0:  SCSI3
>0/direct f ixed t10.ATA_SAMSUNG_MZ7PC128HAFU-000L1_S0U8NSAC614650_
>sd0: 122104MB, 512 bytes/sector, 250069680 sectors, thin
>sd1 at scsibus1 targ 2 lun 0:  SCSI3
>0/direct f ixed naa.1200
>sd1: 114473MB, 512 bytes/sector, 234441648 sectors, thin
>ichiic0 at pci0 dev 31 function 3 "Intel 7 Series SMBus" rev 0x04:
>apic 2 in t 18
>iic0 at ichiic0
>spdmem0 at iic0 addr 0x50: 4GB DDR3 SDRAM PC3-12800 SO-DIMM
>isa0 at pcib0
>isadma0 at isa0
>pckbc0 at isa0 port 0x60/5
>pckbdprobe: reset response 0x0
>pms0 at pckbc0 (aux slot)
>pckbc0: using irq 12 for aux slot
>wsmouse0 at pms0 mux 0
>wsmouse1 at pms0 mux 0
>pms0: Synaptics clickpad, firmware 8.1
>pckbd0 at pckbc0 (kbd slot)
>pckbc0: using irq 1 for kbd slot
>wskbd0 at pckbd0: console keyboard, using wsdisplay0
>pcppi0 at isa0 port 0x61
>spkr0 at pcppi0
>uhub2 at uhub0 port 1 "Intel Rate Matching Hub" rev 2.00/0.00 addr 2
>uvideo0 at uhub2 port 6 configuration 1 interface 0 "Ricoh Company
>Ltd. Inte grated Camera" rev 2.00/0.11 addr 3
>video0 at uvideo0
>uhub3 at uhub1 port 1 "Intel Rate Matching Hub" rev 2.00/0.00 addr 2
>uhidev0 at uhub3 port 5 configuration 1 interface 0 "Tablet ISD-V4"
>rev 1.10 /1.39 addr 3
>uhidev0: iclass 3/0, 17 report ids
>ums0 at uhidev0 reportid 2: 3 buttons, tip, barrel, eraser
>wsmouse2 at ums0 mux 0
>uhid0 at uhidev0 reportid 17: input=7, output=0, feature=3
>uhidev1 at uhub3 port 5 configuration 1 interface 1 "Tablet ISD-V4"
>rev 1.10 /1.39 addr 3
>uhidev1: iclass 3/0, 16 report ids
>uhid1 at uhidev1 reportid 2: input=0, output=0, feature=1
>uhid2 at uhidev1 reportid 3: input=0, output=0, feature=3
>uhid3 at uhidev1 reportid 5: input=0, output=0, feature=8
>uhid4 at uhidev1 reportid 6: input=0, output=0, feature=8
>ums1 at uhidev1 reportid 12: 1 button, tip
>wsmouse3 at ums1 mux 0
>uhid5 at uhidev1 reportid 13: input=13, output=0, feature=0
>uhid6 at uhidev1 reportid 14: input=0, output=0, feature=2
>ums2 at uhidev1 reportid 15: 2 buttons
>wsmouse4 at ums2 mux 0
>ums3 at uhidev1 reportid 16: 1 button, tip
>wsmouse5 at ums3 mux 0
>vscsi0 at root
>scsibus2 at vscsi0: 256 targets
>softraid0 at root
>scsibus3 at softraid0: 256 targets
>root on sd1a (95618125f155d4b4.a) swap on sd1b dump on sd1b
>iwn0: radio is disabled by hardware switch
>

the files in dev are typically either directories, character device
files, block device files, or symlinks.  These are really just handles
to devices, and don't take up much room.

sounds like you've been writing to a regular file there. Search for it.


--
Regards,
Christopher Barry

Random geeky fortune:
The right half of the brain controls the left half of the body.  This
means that only left handed people are in their right mind.

Re: root partition full; /dev taking up all the space?

2015-02-13 Thread Christopher Barry 
>acpibtn0 at acpi0: LID_
>acpibtn1 at acpi0: SLPB
>acpibat0 at acpi0: BAT0 model "45N1079" serial 28341 type LION oem
>"LGC" acpibat1 at acpi0: BAT1 not present
>acpiac0 at acpi0: AC unit online
>acpithinkpad0 at acpi0
>acpidock0 at acpi0: GDCK not docked (0)
>cpu0: Enhanced SpeedStep 2594 MHz: speeds: 2601, 2600, 2500, 2400,
>2300, 220 0, 2100, 2000, 1900, 1800, 1700, 1600, 1500, 1400, 1300,
>1200 MHz pci0 at mainbus0 bus 0
>pchb0 at pci0 dev 0 function 0 "Intel Core 3G Host" rev 0x09
>vga1 at pci0 dev 2 function 0 "Intel HD Graphics 4000" rev 0x09
>intagp at vga1 not configured
>inteldrm0 at vga1
>drm0 at inteldrm0
>drm: Memory usable by graphics device = 2048M
>inteldrm0: 1366x768
>wsdisplay0 at vga1 mux 1: console (std, vt100 emulation)
>wsdisplay0: screen 1-5 added (std, vt100 emulation)
>"Intel 7 Series xHCI" rev 0x04 at pci0 dev 20 function 0 not configured
>"Intel 7 Series MEI" rev 0x04 at pci0 dev 22 function 0 not configured
>em0 at pci0 dev 25 function 0 "Intel 82579LM" rev 0x04: msi, address
>3c:97:0 e:10:4a:12
>ehci0 at pci0 dev 26 function 0 "Intel 7 Series USB" rev 0x04: apic 2
>int 16 usb0 at ehci0: USB revision 2.0
>uhub0 at usb0 "Intel EHCI root hub" rev 2.00/1.00 addr 1
>azalia0 at pci0 dev 27 function 0 "Intel 7 Series HD Audio" rev 0x04:
>msi azalia0: codecs: Realtek ALC269, Intel/0x2806, using Realtek ALC269
>audio0 at azalia0
>ppb0 at pci0 dev 28 function 0 "Intel 7 Series PCIE" rev 0xc4: msi
>pci1 at ppb0 bus 2
>sdhc0 at pci1 dev 0 function 0 "Ricoh 5U822 SD/MMC" rev 0x07: apic 2
>int 16 sdmmc0 at sdhc0
>ppb1 at pci0 dev 28 function 1 "Intel 7 Series PCIE" rev 0xc4: msi
>pci2 at ppb1 bus 3
>iwn0 at pci2 dev 0 function 0 "Intel Centrino Advanced-N 6205" rev
>0x34: msi , MIMO 2T2R, MoW, address 08:11:96:f9:81:9c
>ppb2 at pci0 dev 28 function 2 "Intel 7 Series PCIE" rev 0xc4: msi
>pci3 at ppb2 bus 4
>ehci1 at pci0 dev 29 function 0 "Intel 7 Series USB" rev 0x04: apic 2
>int 23 usb1 at ehci1: USB revision 2.0
>uhub1 at usb1 "Intel EHCI root hub" rev 2.00/1.00 addr 1
>pcib0 at pci0 dev 31 function 0 "Intel QM77 LPC" rev 0x04
>ahci0 at pci0 dev 31 function 2 "Intel 7 Series AHCI" rev 0x04: msi,
>AHCI 1. 3
>scsibus1 at ahci0: 32 targets
>sd0 at scsibus1 targ 0 lun 0:  SCSI3
>0/direct f ixed t10.ATA_SAMSUNG_MZ7PC128HAFU-000L1_S0U8NSAC614650_
>sd0: 122104MB, 512 bytes/sector, 250069680 sectors, thin
>sd1 at scsibus1 targ 2 lun 0:  SCSI3
>0/direct f ixed naa.1200
>sd1: 114473MB, 512 bytes/sector, 234441648 sectors, thin
>ichiic0 at pci0 dev 31 function 3 "Intel 7 Series SMBus" rev 0x04:
>apic 2 in t 18
>iic0 at ichiic0
>spdmem0 at iic0 addr 0x50: 4GB DDR3 SDRAM PC3-12800 SO-DIMM
>isa0 at pcib0
>isadma0 at isa0
>pckbc0 at isa0 port 0x60/5
>pckbdprobe: reset response 0x0
>pms0 at pckbc0 (aux slot)
>pckbc0: using irq 12 for aux slot
>wsmouse0 at pms0 mux 0
>wsmouse1 at pms0 mux 0
>pms0: Synaptics clickpad, firmware 8.1
>pckbd0 at pckbc0 (kbd slot)
>pckbc0: using irq 1 for kbd slot
>wskbd0 at pckbd0: console keyboard, using wsdisplay0
>pcppi0 at isa0 port 0x61
>spkr0 at pcppi0
>uhub2 at uhub0 port 1 "Intel Rate Matching Hub" rev 2.00/0.00 addr 2
>uvideo0 at uhub2 port 6 configuration 1 interface 0 "Ricoh Company
>Ltd. Inte grated Camera" rev 2.00/0.11 addr 3
>video0 at uvideo0
>uhub3 at uhub1 port 1 "Intel Rate Matching Hub" rev 2.00/0.00 addr 2
>uhidev0 at uhub3 port 5 configuration 1 interface 0 "Tablet ISD-V4"
>rev 1.10 /1.39 addr 3
>uhidev0: iclass 3/0, 17 report ids
>ums0 at uhidev0 reportid 2: 3 buttons, tip, barrel, eraser
>wsmouse2 at ums0 mux 0
>uhid0 at uhidev0 reportid 17: input=7, output=0, feature=3
>uhidev1 at uhub3 port 5 configuration 1 interface 1 "Tablet ISD-V4"
>rev 1.10 /1.39 addr 3
>uhidev1: iclass 3/0, 16 report ids
>uhid1 at uhidev1 reportid 2: input=0, output=0, feature=1
>uhid2 at uhidev1 reportid 3: input=0, output=0, feature=3
>uhid3 at uhidev1 reportid 5: input=0, output=0, feature=8
>uhid4 at uhidev1 reportid 6: input=0, output=0, feature=8
>ums1 at uhidev1 reportid 12: 1 button, tip
>wsmouse3 at ums1 mux 0
>uhid5 at uhidev1 reportid 13: input=13, output=0, feature=0
>uhid6 at uhidev1 reportid 14: input=0, output=0, feature=2
>ums2 at uhidev1 reportid 15: 2 buttons
>wsmouse4 at ums2 mux 0
>ums3 at uhidev1 reportid 16: 1 button, tip
>wsmouse5 at ums3 mux 0
>vscsi0 at root
>scsibus2 at vscsi0: 256 targets
>softraid0 at root
>scsibus3 at softraid0: 256 targets
>root on sd1a (95618125f155d4b4.a) swap on sd1b dump on sd1b
>iwn0: radio is disabled by hardware switch
>

just try:
# find /dev/ -type f

--
Regards,
Christopher Barry

Random geeky fortune:
Let me do my TRIBUTE to FISHNET STOCKINGS ...

Re: Munich BSD meetup

2015-02-07 Thread Christopher Barry 
On Sat, 7 Feb 2015 19:11:55 -0500
Alan McKay  wrote:

>Na und?   Wie war das Bier?  Das wolle man mal wissen!
>
>Etwas Dunkles ausgetrunken?
>

Curious. What doth the Germans think about the beer renaissance
happening in the Americas these days? Lot's of great breweries
popping up. Stone, Southern Teir, Dogfish Head, Avery, Founders, and
even the venerable Torpedo - way too many good beers to count (or drink,
hic, but I'm doin my besht, hic). I think this side of the pond might
finally be getting it's beer shit together. Could the mantle silently
be passed to the escapees in the New World? I mean, you guys did buy
Budweiser, just sayin...

Cheers 

--
Regards,
Christopher Barry

Random geeky fortune:
The most disagreeable thing that your worst enemy says to your face does
not approach what your best friends say behind your back.
-- Alfred De Musset

Re: Openbsd broke my hard drive twice! Getting frustrated

2015-02-07 Thread Christopher Barry 
On Sun, 8 Feb 2015 00:21:27 -0500
Daniel Dickman  wrote:

>On Thu, Feb 5, 2015 at 3:22 AM, Daniel Dickman 
>wrote:
>>
>>
>> On Monday, December 22, 2014, Ted Unangst 
>> wrote:
>>>
>>> On Tue, Dec 23, 2014 at 00:53, Henrique Lengler wrote:
>>> > On 2014-12-23 00:50, Edgar Pettijohn III wrote:
>>> >> Have you tried installing something other than OpenBSD since you
>>> >> ran into this issue?
>>> >
>>> > Since I ran into this issue I can't even access my bios with the
>>> > HDD sata connected.
>>>
>>> That can only be a problem with your BIOS. Update it? Get a better
>>> one? I don't know. But if your BIOS doesn't work with some drive
>>> attached, your BIOS is broken.
>>
>>
>> I just bought a system with what seems like the same problem as in
>> this thread (dell laptop). I upgraded the drive to an ssd. the
>> laptop firmware and the ssd firmware were both upgraded to the
>> latest versions.
>>
>> with windows installed I can press F2 and get into the firmware menu
>> just fine. with openbsd I just get a black screen when I press F2 at
>> boot.
>>
>> I did a test. after i installed openbsd, I overwrote the mbr with all
>> zeroes. when I rebooted I could access the bios menu via F2 again.
>>
>> does seem like a firmware bug based on the contents of the mbr. will
>> see if I can diagnose further.
>
>After some more digging. It's not the MBR itself that's the problem.
>
>The firmware on my laptop reads all the partitions in the MBR except
>ones marked as type EE (EFI). It then seems to try to read into those
>partitions for something else. If there is even 1 OpenBSD partition,
>it chokes on something in it. No idea why the firmware is reading past
>the MBR and into the actual disk partitions, seems strange.
>
>Dunno if this helps anyone else with a similar problem, but at least
>for my system I know for sure it's a firmware bug.
>

I have no clue here, but I'm interested about this. Is it possible the
BIOS is trying to identify the filesystem type, so it's save bios to
harddrive, or restore from harddrive, or other functionality that may
require disk access can work? they likely never tested on *bsd, so
the borken error path never got taken before? just throwing that out
there as it came to mind as a possibility. assumptions happen(TM)


--
Regards,
Christopher Barry

Random geeky fortune:
Protect from light.

Re: Wouldn't `daemon_enable=YES` make more sense than `daemon_flags=""` in rc.conf.local?

2015-01-30 Thread Christopher Barry 
On Thu, 29 Jan 2015 07:53:13 -0500
Nick Holland  wrote:

>rsyncd_flags=""
>slowcgi_flags=
>unbound_flags=""

am I understanding correctly that in the snippet above, slowcgi will not
be started, while the other two (will|may) start with default flags?

--
Regards,
Christopher Barry

Random geeky fortune:
A chicken is an egg's way of producing more eggs.

Re: carp failover problem

2015-01-30 Thread Christopher Barry 
On Fri, 30 Jan 2015 17:18:07 -0500
"Leclerc, Sebastien"  wrote:

>> Rebooted fw2 at 3h02, fw1 kept master state, but had downtime until
>> 3h12 Rebooted fw1 at 3h15, got downtime until 4h10, fw1 got master
>> state at 3h16, fw2 got backup state at the same time
>> 
>
>Inspecting further my logs, I see that smtp services were functioning
>between wan and dmz during the downtime period.  Our monitoring is
>done from the lan, so I suspect the 5300xl is causing the problem...
>Any thoughts?
>
>Thanks
>
>Sebastien
>

the issue I had with Procurve switches was related to it's STP
implementation. strange things were happening while trying to PXE
boot a large number of Linux cluster nodes using gpxe. Swapping out the
switch with a different brand solved the problem, and I never revisited
it.

if you can do a quick test on a different switch, that would at least
rule that out as your issue. if not, try disabling STP and retest.

-C

Re: sudo nohup tcpdump at startup

2015-01-29 Thread Christopher Barry 
On Thu, 29 Jan 2015 20:56:50 +0100
fRANz  wrote:

>Hello guys,
>I implemented this config:
>
>http://home.nuug.no/~peter/pf/newest/log2syslog.html
>
>in order to stream pf logs to a remote machine.
>If I add the command:
>
>sudo nohup tcpdump -n -v -l -q -n -e -ttt -i pflog0 action block |
>logger -t pf -p local2.info &
>
>to the /etc/rc.local file and reboot the box, it works for the boot
>time but then tcpdump process disappear (I'm sure the file is
>processed because previous commands are committed successfully), like
>something kills the process.
>
>Just for test I move the command from /etc/rc.local to /etc/rc:
>tcpdump still works perfectly, also after boot time, for every reboot.
>
>What are differences between rc.local and rc executions? Could you
>please help me to understand?
>It's not a problem for me remove the command from rc.local and put it
>in rc file but I'm curious to find the reason.
>
>On this platform (OpenBSD 5.6 amd64 on PcEngines APU) rc.local is
>invoked like this:
>
>[ -f /etc/rc.local ] && sh /etc/rc.local
>
>Thank you for any tip.
>-f
>


what happens if you source /etc/rc.local instead?
as in:
[ -f /etc/rc.local ] && . /etc/rc.local

Re: carp failover problem

2015-01-27 Thread Christopher Barry 
On Tue, 27 Jan 2015 12:01:37 -0500
"Leclerc, Sebastien"  wrote:

>Hi,
>
>I have two firewalls in a carp failover setup, but the failover does
>not work as expected... The problem happens when I reboot the backup
>firewall (while in backup state). Just after the reboot, I have these
>entries in dmesg :
>
>carp0: state transition: BACKUP -> MASTER
>carp1: state transition: BACKUP -> MASTER
>carp0: state transition: MASTER -> BACKUP
>carp1: state transition: MASTER -> BACKUP
>
>Why would there be no mention of carp2?
>And no corresponding entries on the master?
>
>States are consistent (all backup on backup, and all master on
>master), but forwarded connections hang, until I force back the master
>with this :
> sudo ifconfig -g carp carpdemote 128
> sudo ifconfig -g carp -carpdemote 128
>Between these two commands, on the backup firewall, I see traffic
>coming from WAN and DMZ, but almost nothing from LAN, so it may be
>related to the LAN switch. I cannot see what the problem is though...
>
>Here is the setup :
>
>On both firewalls :
> - em0 is connected to WAN
> - em1 is connected to LAN
> - em2 is connected to DMZ
> - em3 is interconnected with a crossover cable, used for pfsync and
> rdist
>
>WAN and DMZ connections are on the same switch, but on different
>untagged VLANs (Procurve 2524) LAN is on a separate layer 3 switch
>(Procurve 5300xl)
>
>Another strange behavior :
>With tcpdump, on the backup, I can see this traffic :
> - on em1 and em2, I see only carp advertisements to the configured
> unicast IP address and physical MAC address
> - on em3, I see only pfsync packets
> - but on em0, I see carp advertisements, but also a lot of traffic
> from the ISP router's MAC, to the virtual MAC (00:00:5e:00:01:01)
>Which situation is normal? (em0 with lots of packets, or em1/em2 with
>only carp advertisements) The only difference I see :
> - on em0, both firewalls and the ISP router are connected to the
> switch
> - on em1, both firewalls are connected to the L3 switch, which is
> also the router
> - on em2, there is no router, the firewalls communicate directly with
> hosts connected on the switch
>
>
>Common configuration (public addresses anonymized, but the network
>sizes are correct) :
>
>/etc/mygate
>192.0.2.1
>
>/etc/sysctl.conf
>net.inet.carp.preempt=1
>net.inet.ip.forwarding=1
>
>/etc/pf.conf (excerpt only)
>ext_if  = "em0"
>ext_if_carp = "carp0"
>int_if  = "em1"
>int_if_carp = "carp1"
>dmz_if  = "em2"
>dmz_if_carp = "carp2"
>sync_if = "em3"
>set skip on lo
>set skip on $sync_if
>pass quick on { $int_if, $ext_if, $dmz_if } inet proto carp keep state
>(no-sync)
>
>
>Firewall A (expected to be always master) :
>OpenBSD 5.5 (GENERIC.MP) #315: Wed Mar  5 09:37:46 MST 2014
>dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
>
>/etc/hostname.em0
>inet 192.168.3.9/30
>
>/etc/hostname.em1
>inet 192.168.3.1/29
>!route add 192.168.0.0/16 192.168.3.5
>!route add 172.16.0.0/12 192.168.3.5
>
>/etc/hostname.em2
>inet 192.168.3.13/30
>
>/etc/hostname.em3
>inet 192.168.3.17 255.255.255.252
>
>/etc/hostname.carp0
>advskew 0 carpdev em0 carppeer 192.168.3.10 pass secret1 state master
>vhid 1 inet 192.0.2.2/28
>alias 192.0.2.3/32
>alias 192.0.2.4/32
>alias 192.0.2.5/32
>
>/etc/hostname.carp1
>advskew 0 carpdev em1 carppeer 192.168.3.4 pass secret2 state master
>vhid 2 inet 192.168.3.6/32
>
>/etc/hostname.carp2
>advskew 0 carpdev em2 carppeer 192.168.3.14 pass secret3 state master
>vhid 3 inet 192.0.2.17/28
>alias 192.0.2.29/32
>
>/etc/hostname.pfsync0
>up
>syncdev em3
>syncpeer 192.168.3.18
>
>
>Firewall B (expected to be always backup) :
>OpenBSD 5.6 (GENERIC.MP) #5: Thu Dec 11 09:51:08 CET 2014
>
> r...@stable-56-amd64.mtier.org:/binpatchng/work-binpatch56-amd64/src/sys/arch/amd64/compile/GENERIC.MP
>
>/etc/hostname.em0
>inet 192.168.3.10/30
>
>/etc/hostname.em1
>inet 192.168.3.4/29
>!route add 192.168.0.0/16 192.168.3.5
>!route add 172.16.0.0/12 192.168.3.5
>
>/etc/hostname.em2
>inet 192.168.3.14/30
>
>/etc/hostname.em3
>inet 192.168.3.18/30
>
>/etc/hostname.carp0
>advskew 200 carpdev em0 carppeer 192.168.3.9 pass secret1 state backup
>vhid 1 inet 192.0.2.2/28
>alias 192.0.2.3/32
>alias 192.0.2.4/32
>alias 192.0.2.5/32
>
>/etc/hostname.carp1
>advskew 200 carpdev em1 carppeer 192.168.3.1 pass secret2 state backup
>vhid 2 inet 192.168.3.6/32
>
>/etc/hostname.carp2
>advskew 200 carpdev em2 carppeer 192.168.3.13 pass secret3 state
>backup vhid 3 inet 192.0.2.17/28
>alias 192.0.2.29/32
>
>/etc/hostname.pfsync0
>up
>syncdev em3
>syncpeer 192.168.3.17
>
>
>This message is already long, but if any other information would be
>helpful, I would be glad to provide it. Any help or suggestion is
>appreciated. Thank you!
>
>Sebastien
>

Sebastien,

Well, it's been many years since I ran carp, so I cannot actually help
with the carp config, but I can absolutely say that I have experienced a
lot of unexplainable weirdness with ProCurve switches, so I can
appreciate your suspicions there. I'll

good router/firewall sbc?

2015-01-17 Thread Christopher Barry 
Greetings,

Looking for recommendations for a good small device with the following:

* 4GbE interfaces
* external USB
* external serial port
* can run obsd well

I've checked out the Soekris stuff, but wondering what else people use
and like.

--
Regards,
-C

Re: YP Alternative

2015-01-02 Thread Christopher Barry 
On Fri, 2 Jan 2015 18:36:38 +
skin...@britvault.co.uk (Craig Skinner) wrote:

>On 2015-01-02 Fri 13:06 PM |, Christopher Barry wrote:
>> #!/bin/bash
>> 
>
>OpenBSD has much better ksh(1)
>
>A simple rdist(1) cronjob might do it.
>
>e.g: http://www.benedikt-stockebrand.de/rdist-intro_en.html
>

Hi Craig,

I can't speak to ksh being 'better', but it may well be. I have 20
years experience with bash, so I default to it. If I was going to craft
something today to solve this problem, I think I would probably use
rsync over shh though, and not scp. My example was simply to show that
it can be a not-very-complicated hammer and still work reasonably well.

--
-C

Re: YP Alternative

2015-01-02 Thread Christopher Barry 
On Fri, 2 Jan 2015 13:44:36 +0100
Ingo Schwarze  wrote:

>Hi Brian,
>
>Brian Empson wrote on Fri, Jan 02, 2015 at 06:52:40AM -0500:
>
>> I'm looking into a way to sync up group and user information across
>> a network of OpenBSD machines. I like YP, except that I don't need
>> the password hashes transferred across the network. I like that it's
>> built right into the base install, are there better ways to handle
>> synchronizing login details across multiple machines that is built
>> into the base install? Preferably written by the OpenBSD team, too?
>
>http://www.openbsd.org/faq/faq10.html#Dir
>
>Yours,
>  Ingo
>

With ssh keys for root setup between the 'master' box and the rest of
your machines, something as simple as this can be fairly effective in a
small environment. All changes to users and passwords will need to
happen on the master though, and this will need to be run afterward to
sync them.

CUT==
#!/bin/bash

list=( /etc/passwd /etc/group /etc/shadow /etc/gshadow )

while read host; do
  (
for (( i = 0; i < ${#list[*]}; i++ )); do
  scp ${list[$i]} ${host}:${list[$i]} || {
  echo "scp ${list[$i]} ${host}:${list[$i]} failed" }
done &
  ) &
done < list-of-additional-hosts.txt

CUT==

This reads a list of hosts, one host per line (could use /etc/hosts
with some parsing), then for each host spawns a subprocess in parallel,
and scp's all the files to each host in parallel.

disclaimer - I just typed this and didn't actually test it, but I've
done similar in small linux cluster configurations. You'll write
a more complete and robust one of course, but you can see the idea here.

You may want to consider automounting everyone's $HOME from a network
location as well, so everyone's stuff is available everywhere. Doing
that securely is a matter for additional debate though.


--
Regards,
Christopher Barry

Random geeky fortune:
Fourth Law of Thermodynamics:
If the probability of success is not almost one, it is damn
near zero. -- David Ellis

Re: leaving linux - questions about capabilities

2014-12-30 Thread Christopher Barry 
On Mon, 29 Dec 2014 20:19:12 -0800
Rusty  wrote:

>On 12/29/14 08:17, Christopher Barry wrote:
>> Greetings All,
>>
>> I've used OpenBSD in the past to build redundant routers and
>> firewalls and it was fantastic, but it's been quite a few years
>> since I've played with it. I've also never used it as my default
>> workstation. Yet.
>>
>> I've always used Debian GNU/Linux on my workstations in the past,
>> but with jessie/sid (and practically all other linux distros) the
>> direction the linux userspace has taken is a serious turn for the
>> worst IMO. I am simply philosophically at odds with systemd, and I
>> would like to stop relying on linux altogether if possible. My
>> problem is I have specific needs, and it's not clear if I can meet
>> them running OpenBSD. I'm hoping I can, and someone can share their
>> experiences with making a similar setup work.
>>
>> Firstly, I'm running an i7 960 with a PCI-e ATI Radeon 7850 in a
>> three monitor configuration (2 direct DVI and 1 active HDMI-to-DVI
>> dongle) using the OpenSource Radeon linux driver @1920x1200 on each
>> monitor. I'm using enlightenment 17.6 as my window manager. I use
>> and rely on blender <http://www.blender.org> a /lot/ with hardware
>> accelerated OpenGL, and having three monitors is important for my
>> graphics work.
>>
>> Is anyone running OpenBSD with three monitors? With blender, hw-accel
>> OpenGL, and/or E1{7,8,9}?
>>
>>
>> Your thoughts, knowledge, and possibly links to more info would be
>> very greatly appreciated.
>>
>> Thank You.
>>
>> --
>> -C
>>
>As this is a "getting to know you" thread.
>
>I use OpenBSD in a "desktop" role.
>snapshots on an Intel i5 with a radeon 6950, two screens(my card
>chokes on the third screen but I think that is hardware)
>
>I like the "one dimensional desktop" style setup, that is, spectrwm
>and lots of xterms. For what its worth spectrwm has the best
>multiscreen support I have seen
>
>I don't use blender every day, but I do find it handy from time to
>time (for me 3d printing stuff) The maintainer tends to keep it nicly
>up to date, which I appreciate as it looks like it is a bitch and a
>half to build.
>
>I update the snapshots every couple weeks when I want to try what ever 
>new stuff comes out of the pipe(*cough*, and libc bumps, *cough*).
>
>One thing I would recommend is to look at login.conf(5) and set the 
>memory limits to something gratuitous, many of the "desktop" 
>applications like to use a lot of memory.
>
>And as far as overall experience, I think obsd is a little "slower"
>than linux(whatever that means) but the simplicity and correctness of
>the system(obsd was the first/only system where I feel I understand
>how the whole thing works) means I enjoy using it quite a bit more.
>
>So good luck, and I hope it works out for you as well as it did for me.
>

Very encouraging. Thanks. It seems I'll need to downgrade my video card
somewhat to get hw-accel, but found one refurbed for $145US, so I think
I'll go for it.

--
-C

Re: leaving linux - questions about capabilities

2014-12-30 Thread Christopher Barry 
On Mon, 29 Dec 2014 20:57:15 +
Fred  wrote:

>On 12/29/14 17:45, Christopher Barry wrote:
>> On Mon, 29 Dec 2014 09:29:15 -0800
>> Ryan Freeman  wrote:
>>
>>> On Mon, Dec 29, 2014 at 11:17:55AM -0500, Christopher Barry wrote:
>>>> Greetings All,
>>>>
>>>> I've used OpenBSD in the past to build redundant routers and
>>>> firewalls and it was fantastic, but it's been quite a few years
>>>> since I've played with it. I've also never used it as my default
>>>> workstation. Yet.
>>>>
>>>> I've always used Debian GNU/Linux on my workstations in the past,
>>>> but with jessie/sid (and practically all other linux distros) the
>>>> direction the linux userspace has taken is a serious turn for the
>>>> worst IMO. I am simply philosophically at odds with systemd, and I
>>>> would like to stop relying on linux altogether if possible. My
>>>> problem is I have specific needs, and it's not clear if I can meet
>>>> them running OpenBSD. I'm hoping I can, and someone can share their
>>>> experiences with making a similar setup work.
>>>>
>>>> Firstly, I'm running an i7 960 with a PCI-e ATI Radeon 7850 in a
>>>> three monitor configuration (2 direct DVI and 1 active HDMI-to-DVI
>>>> dongle) using the OpenSource Radeon linux driver @1920x1200 on each
>>>> monitor.
>>>
>>> Hey, not 100% the same but similar setup on a workstation at work:
>>> Radeon HD4550 using radeondrm and two 1920x1080 monitors:
>>> DisplayPort-0 connected 1920x1080+1920+0
>>> DVI-0 connected 1920x1080+0+0
>>>
>>> Also have used multiple monitors on my i5-powered laptop, using its
>>> integrated intelHD video.
>>>
>>>> I'm using enlightenment 17.6 as my window manager. I use and rely
>>>> on
>>>
>>> I use openbox myself but enlightenment 0.17.5 is an available
>>> package.
>>>
>>>> blender <http://www.blender.org> a /lot/ with hardware accelerated
>>>> OpenGL, and having three monitors is important for my graphics
>>>> work.
>>>
>>> blender is available in packages as well, though I have never used
>>> it.
>>>
>>>> Is anyone running OpenBSD with three monitors? With blender,
>>>> hw-accel OpenGL, and/or E1{7,8,9}?
>>>
>>> I'm sure three monitors would work just as well as two :)  E17 does
>>> work, I have used it in the past.  I play with OpenGL stuff quite
>>> regularly and it is my opinion that the recent drivers for intel and
>>> radeon video devices respectively perform roughly the same here as
>>> they do on freebsd or linux.  No formal tests have been done by
>>> myself, strictly subjective experience.
>>>
>>>> Your thoughts, knowledge, and possibly links to more info would be
>>>> very greatly appreciated.
>>>>
>>>> Thank You.
>>>
>>> I would like to point out that I do follow current, both on my own
>>> workstations and my work workstation :)
>>>
>>> The FAQ on http://www.openbsd.org/ is always a good read.
>>>
>>> Cheers!
>>>
>>> --ryan
>>
>> Hey Ryan,
>>
>> Thanks for the thoughtful response. The move looks promising then.
>> I'll definitely read the FAQ - thanks for the reminder.
>>
>> RE: OpenGL:
>> It's great that it works, but is it taking advantage of the hw, or do
>> you know if it is sw only? Some posts I've read seem less positive
>> about that.
>>
>>
>> Anyone else have any experiences to share?
>>
>> Thanks again,
>>
>> --
>> -C
>>
>
>I currently have three monitors connected to my laptop but if I try to 
>enable X on the third one I'm getting the following error:
>
>port:fred ~> xrandr --output VGA1 --auto
>xrandr: cannot find crtc for output VGA1

Thanks Fred.
what happens when you disconnect HDMI1? Does VGA1 light up? I'm
thinking the mobile gpu has 2 active outputs, the LCD built-in, plus
one additional monitor of VGA or HDMI type.

>
>But blender 2.72 is running fine (I wish I new how to use it properly).

It's huge, and the learning curve is steep. I've been using it daily
for a year and still don't know squat...

>
>Output of xrandr and dmesg below if interested.
>
>hth
>
>Fred
>
>PS twitter pic of two monitors: 
>https://twitter.com/fcbsd/status/549669313268170752
>

Re: leaving linux - questions about capabilities

2014-12-29 Thread Christopher Barry 
On Mon, 29 Dec 2014 09:29:15 -0800
Ryan Freeman  wrote:

>On Mon, Dec 29, 2014 at 11:17:55AM -0500, Christopher Barry wrote:
>> Greetings All,
>> 
>> I've used OpenBSD in the past to build redundant routers and
>> firewalls and it was fantastic, but it's been quite a few years
>> since I've played with it. I've also never used it as my default
>> workstation. Yet.
>> 
>> I've always used Debian GNU/Linux on my workstations in the past,
>> but with jessie/sid (and practically all other linux distros) the
>> direction the linux userspace has taken is a serious turn for the
>> worst IMO. I am simply philosophically at odds with systemd, and I
>> would like to stop relying on linux altogether if possible. My
>> problem is I have specific needs, and it's not clear if I can meet
>> them running OpenBSD. I'm hoping I can, and someone can share their
>> experiences with making a similar setup work.
>> 
>> Firstly, I'm running an i7 960 with a PCI-e ATI Radeon 7850 in a
>> three monitor configuration (2 direct DVI and 1 active HDMI-to-DVI
>> dongle) using the OpenSource Radeon linux driver @1920x1200 on each
>> monitor.
>
>Hey, not 100% the same but similar setup on a workstation at work:
>Radeon HD4550 using radeondrm and two 1920x1080 monitors:
>DisplayPort-0 connected 1920x1080+1920+0
>DVI-0 connected 1920x1080+0+0
>
>Also have used multiple monitors on my i5-powered laptop, using its
>integrated intelHD video.
>
>> I'm using enlightenment 17.6 as my window manager. I use and rely on
>
>I use openbox myself but enlightenment 0.17.5 is an available package.
>
>> blender <http://www.blender.org> a /lot/ with hardware accelerated
>> OpenGL, and having three monitors is important for my graphics work.
>
>blender is available in packages as well, though I have never used it.
>
>> Is anyone running OpenBSD with three monitors? With blender, hw-accel
>> OpenGL, and/or E1{7,8,9}?
>
>I'm sure three monitors would work just as well as two :)  E17 does
>work, I have used it in the past.  I play with OpenGL stuff quite
>regularly and it is my opinion that the recent drivers for intel and
>radeon video devices respectively perform roughly the same here as
>they do on freebsd or linux.  No formal tests have been done by
>myself, strictly subjective experience.
>
>> Your thoughts, knowledge, and possibly links to more info would be
>> very greatly appreciated.
>> 
>> Thank You.
>
>I would like to point out that I do follow current, both on my own
>workstations and my work workstation :)
>
>The FAQ on http://www.openbsd.org/ is always a good read.
>
>Cheers!
>
>--ryan

Hey Ryan,

Thanks for the thoughtful response. The move looks promising then. I'll
definitely read the FAQ - thanks for the reminder.

RE: OpenGL:
It's great that it works, but is it taking advantage of the hw, or do
you know if it is sw only? Some posts I've read seem less positive
about that.


Anyone else have any experiences to share?

Thanks again,

--
-C

leaving linux - questions about capabilities

2014-12-29 Thread Christopher Barry 
Greetings All,

I've used OpenBSD in the past to build redundant routers and firewalls
and it was fantastic, but it's been quite a few years since I've played
with it. I've also never used it as my default workstation. Yet.

I've always used Debian GNU/Linux on my workstations in the past,
but with jessie/sid (and practically all other linux distros) the
direction the linux userspace has taken is a serious turn for the worst
IMO. I am simply philosophically at odds with systemd, and I would like
to stop relying on linux altogether if possible. My problem is I have
specific needs, and it's not clear if I can meet them running OpenBSD.
I'm hoping I can, and someone can share their experiences with making a
similar setup work.

Firstly, I'm running an i7 960 with a PCI-e ATI Radeon 7850 in a three
monitor configuration (2 direct DVI and 1 active HDMI-to-DVI dongle)
using the OpenSource Radeon linux driver @1920x1200 on each monitor.
I'm using enlightenment 17.6 as my window manager. I use and rely on
blender  a /lot/ with hardware accelerated
OpenGL, and having three monitors is important for my graphics work.

Is anyone running OpenBSD with three monitors? With blender, hw-accel
OpenGL, and/or E1{7,8,9}?


Your thoughts, knowledge, and possibly links to more info would be
very greatly appreciated.

Thank You.

--
-C