Re: MinnowBoard MAX
On 2014-07-27, Chris Cappuccio wrote: > emigrant [emig...@gmail.com] wrote: >> new toy for OpenBSD? ;) -> http://www.minnowboard.org/meet-minnowboard-max/ > > The 2core/2GB model looks similar in spec and price to the PC Engines APU, > albiet with less LAN ports and possibly a better CPU. It's quite a bit smaller (99x74 vs 152x152) and has video out, though. > If they only support UEFI that will be a problem for OpenBSD. Yes.
Re: unbound on ~ last 2-3 snapshots - i386
On 2014-07-26, Sebastian Reitenbach wrote: > On Saturday, July 26, 2014 10:04 CEST, Todd Zimmermann > wrote: > >> Have name resolution failure after an upgrade ( rebooting into the the >> new system) on my crusty i386 server. A # kill -9 'unbound pid' plus >> starting unbound from rc.d after and everything is fine. Might have >> been going on for awhile, but usually it works itself out. >> >> -- Z >> > > > I had sent message about unbound (subject unbound reverse DNS problem to > local stub zone) > on May 17, also on i386. > But I have only problems with reverse DNS lookups on a local zone, hosted by > nsd on the same host. Restarting unbound, makes the lookup work again for a > given > IP, but then might make reverse lookup fail for others :( > > This is still the case for me with more recent snapshots, the last I have > running > on that box is from June 15. Didn't this go away when you changed to the correct zone names? "In unbound, I only had the 10.in-addr.arpa and in nsd I have 0.0.10.in-addr.arpa. I only had to change unbound configuration as suggested, which up to now seems to work reliable.""
Re: Broadcom BCM5709 and BCM57711 driver features
On 2014-07-26, def wrote: > Change in max_std_mtu of if_bnxreg to 9000 (and appropriate max > eth mtu to 9018, etc) didnt make mtu to be allowed higher than 1500 > via ifconfig (invalid argument error). Moreover max hw mtu is still > displayed as 1500 in ifconfig bnx hwfeatures. It needs more changes than that. Old diff at http://archives.neohapsis.com/archives/openbsd/2011-11/1299.html but IIRC it didn't quite work for me (and may no longer apply).
Re: MinnowBoard MAX
On Mon, Jul 28, 2014 at 10:38:04AM +, Stuart Henderson wrote: > On 2014-07-27, Chris Cappuccio wrote: > > emigrant [emig...@gmail.com] wrote: > >> new toy for OpenBSD? ;) -> > >> http://www.minnowboard.org/meet-minnowboard-max/ > > > > The 2core/2GB model looks similar in spec and price to the PC Engines APU, > > albiet with less LAN ports and possibly a better CPU. > > It's quite a bit smaller (99x74 vs 152x152) and has video out, though. Be aware that there is no 2d/3d acceleration for valleyview/Bay Trail on OpenBSD currently, as that requires drm from linux >= 3.11 where as our version of drm is currently based on 3.8.13.26 which only has preliminary valleyview code that is disabled.
Re: unbound on ~ last 2-3 snapshots - i386
On Monday, July 28, 2014 12:46 CEST, Stuart Henderson wrote: > On 2014-07-26, Sebastian Reitenbach wrote: > > On Saturday, July 26, 2014 10:04 CEST, Todd Zimmermann > > wrote: > > > >> Have name resolution failure after an upgrade ( rebooting into the the > >> new system) on my crusty i386 server. A # kill -9 'unbound pid' plus > >> starting unbound from rc.d after and everything is fine. Might have > >> been going on for awhile, but usually it works itself out. > >> > >> -- Z > >> > > > > > > I had sent message about unbound (subject unbound reverse DNS problem to > > local stub zone) > > on May 17, also on i386. > > But I have only problems with reverse DNS lookups on a local zone, hosted by > > nsd on the same host. Restarting unbound, makes the lookup work again for a > > given > > IP, but then might make reverse lookup fail for others :( > > > > This is still the case for me with more recent snapshots, the last I have > > running > > on that box is from June 15. > > Didn't this go away when you changed to the correct zone names? > >"In unbound, I only had the 10.in-addr.arpa and in nsd I have >0.0.10.in-addr.arpa. I only had to change unbound configuration as >suggested, which up to now seems to work reliable."" > That comment was from me, with the problem I had. Sebastian
Re: unbound on ~ last 2-3 snapshots - i386
On 2014/07/28 13:14, Sebastian Reitenbach wrote:
>
> On Monday, July 28, 2014 12:46 CEST, Stuart Henderson
> wrote:
>
> > On 2014-07-26, Sebastian Reitenbach wrote:
> > > On Saturday, July 26, 2014 10:04 CEST, Todd Zimmermann
> > > wrote:
> > >
> > >> Have name resolution failure after an upgrade ( rebooting into the the
> > >> new system) on my crusty i386 server. A # kill -9 'unbound pid' plus
> > >> starting unbound from rc.d after and everything is fine. Might have
> > >> been going on for awhile, but usually it works itself out.
> > >>
> > >> -- Z
> > >>
> > >
> > >
> > > I had sent message about unbound (subject unbound reverse DNS problem to
> > > local stub zone)
> > > on May 17, also on i386.
> > > But I have only problems with reverse DNS lookups on a local zone, hosted
> > > by
> > > nsd on the same host. Restarting unbound, makes the lookup work again for
> > > a given
> > > IP, but then might make reverse lookup fail for others :(
> > >
> > > This is still the case for me with more recent snapshots, the last I have
> > > running
> > > on that box is from June 15.
> >
> > Didn't this go away when you changed to the correct zone names?
> >
> >"In unbound, I only had the 10.in-addr.arpa and in nsd I have
> >0.0.10.in-addr.arpa. I only had to change unbound configuration as
> >suggested, which up to now seems to work reliable.""
> >
>
> That comment was from me, with the problem I had.
>
> Sebastian
>
>
>
Yes the comment was from you and said that "you only had to change
unbound configuration .. which up to now seems to work reliable".
I read that as "you changed the configuration and that fixed it".
If that didn't fix it I would suggest serving a 10.in-addr.arpa.
zone with NS pointing in the right place to override the external
NS blackhole-{1,2}.iana.org.
If this still doesn't help, maybe turn on query logging or use
tcpdump and work out what it's actually doing..
Re: CARP without IP on the physical interfaces of carp group?
Hi again, just to "close" this case I'd like to mention that my problems with this setup were caused by some faulty pf.conf rules, which had not been adapted to the cluster config beforehand, i.e. it works now. :) Regards Christoph >Physical NIC -> trunk interface -> vlan interface = physical interface of the >carpdev -> carpdev -> virtual IP (no IP on the vlan interface) > >I tested this setup and experienced unpredictable transitions from and to >master/backup state on different carp groups configured that way and also >unstable connections with >50% packet loss. I strictly followed the carp/pfsync >configuration guidance in respect of advskew, sysctl.conf options and so on. >So I wondered if this may have been caused by the "no IP" configuration. -- Christoph Peus Universität Witten/Herdecke Bereich Informationstechnologie Tel: +49 2302 926-212 Fax: +49 2302 926-44857 mailto:christoph.p...@uni-wh.de Private Universität Witten/Herdecke gGmbH Alfred-Herrhausen-Straße 50 D - 58448 Witten Homepage: http://www.uni-wh.de Twitter: http://twitter.com/UniWH Facebook: http://www.facebook.com/UniWH Geschäftsführung: Prof. Dr. Martin Butzlaff (Präsident), Dipl. oec. Jan Peter Nonnenkamp (Kanzler) Sitz der Gesellschaft: Witten Handelsregister des Amtsgerichts Bochum Nr. HRB 8671
CARP cluster: howto keep pf.conf in sync?
Hi all, is there a standard or recommended way to keep the pf.conf on the CARP cluster members in sync? Thanks! Regards Christoph -- Christoph Peus Universität Witten/Herdecke Bereich Informationstechnologie Tel: +49 2302 926-212 Fax: +49 2302 926-44857 mailto:christoph.p...@uni-wh.de Private Universität Witten/Herdecke gGmbH Alfred-Herrhausen-Straße 50 D - 58448 Witten Homepage: http://www.uni-wh.de Twitter: http://twitter.com/UniWH Facebook: http://www.facebook.com/UniWH Geschäftsführung: Prof. Dr. Martin Butzlaff (Präsident), Dipl. oec. Jan Peter Nonnenkamp (Kanzler) Sitz der Gesellschaft: Witten Handelsregister des Amtsgerichts Bochum Nr. HRB 8671
Re: CARP cluster: howto keep pf.conf in sync?
Hi Christoph, here is my script to sync via rsync. Please note i split pf.conf into 3 files because each router has local specificies (some macros). /etc/pf.conf: not synced /etc/pf.sync.conf: filter rules /etc/pf-nat.sync.conf: nat rules = #! /bin/sh # VARS SYNCTRACE_FILE="/tmp/pf.sync.trace" # CODE /usr/local/bin/rsync -Hauro minir...@odyssee.institutoptique.fr:/etc/pf.sync.conf /etc/ SYNCTRACE=$(/bin/sha256 < /etc/pf.sync.conf) OLDTRACE="" if [ -f $SYNCTRACE_FILE ]; then OLDTRACE=$(/bin/cat $SYNCTRACE_FILE) fi if [ "$SYNCTRACE" != "$OLDTRACE" ]; then echo "/etc/pf.sync.conf modified" /sbin/pfctl -nf /etc/pf.conf if [ "$?" -eq "0" ]; then /sbin/pfctl -f /etc/pf.conf echo "PF Reloaded" echo $SYNCTRACE > $SYNCTRACE_FILE fi else echo "No PF modification" fi # NAT check # VARS SYNCTRACE_FILE="/tmp/pf-nat.sync.trace" # CODE /usr/local/bin/rsync -Hauro th...@secondrouter2.lan:/etc/pf-nat.sync.conf /etc/ SYNCTRACE=$(/bin/sha256 < /etc/pf-nat.sync.conf) OLDTRACE="" if [ -f $SYNCTRACE_FILE ]; then OLDTRACE=$(/bin/cat $SYNCTRACE_FILE) fi if [ "$SYNCTRACE" != "$OLDTRACE" ]; then echo "/etc/pf-nat.sync.conf modified" /sbin/pfctl -nf /etc/pf.conf if [ "$?" -eq "0" ]; then /sbin/pfctl -f /etc/pf.conf echo "PF Reloaded" echo $SYNCTRACE > $SYNCTRACE_FILE fi else echo "No PF modification" fi === -- Best regards, Loïc BLOT, Engineering UNIX Systems, Security and Network Engineer http://www.unix-experience.fr Le lundi 28 juillet 2014 à 13:50 +0200, Peus, Christoph a écrit : > Hi all, > > > > is there a standard or recommended way to keep the pf.conf on the CARP cluster > members in sync? > > Thanks! > > Regards > Christoph > > -- > Christoph Peus > Universitt Witten/Herdecke > Bereich Informationstechnologie > Tel: +49 2302 926-212 > Fax: +49 2302 926-44857 > mailto:christoph.p...@uni-wh.de > > > > > > > > > > > > Private Universitt Witten/Herdecke gGmbH > Alfred-Herrhausen-Strae 50 > D - 58448 Witten > > Homepage: http://www.uni-wh.de > Twitter: http://twitter.com/UniWH > Facebook: http://www.facebook.com/UniWH > > Geschftsfhrung: Prof. Dr. Martin Butzlaff (Prsident), Dipl. oec. Jan Peter > Nonnenkamp (Kanzler) > > Sitz der Gesellschaft: Witten > Handelsregister des Amtsgerichts Bochum Nr. HRB 8671
Re: l2tp / ipsec follow up
I suggested to re-configure your cable modem as a bridge, so your OpenBSD-box gets public IP and not private (as you have it now). On old days then I had a cable modem, I done exactly like this. This WILL make your life easier. Trust me. As you dont really have any control of OS(Linux) inside your cable modem. Nor services (ex. dhcpd) running inside. And then you get connection problems, youll look for a problem and will end up in resetting/rebooting several devices(modem, openbsd-box). //mxb On 27 jul 2014, at 22:58, Gordon Turner wrote: > The OpenBSD ip (192.168.2.232) is statically assigned by the dhcp server.
Re: openbsd and chromebooks
On Sat, Jul 26, 2014 at 01:59:45PM +0200, frantisek holop wrote: > hmm, on Fri, Jul 25, 2014 at 02:11:00PM -0400, Mike Burns said that > > > Anybody know of any small laptops (not necessarily chromebooks) that run > > > OpenBSD well? > > > > Thinkpad X1 Carbon. -current works well: wifi, keyboard, mouse, > > touchscreen, suspend, resume, USB, headphones. See my recent thread "zzz > > + /dev/wsmouse" if you run into suspend/resume issues, or if you want to > > see a dmesg. > > i am afraid this is a wholly different price category > than the chromebooks. Moreover, the entire line Thinkpads turned into complete shit after the purchase of the Chinese Lenovo. > > anyone tried anyo of the HP ones? > > -f > -- > good words cost no more than bad.
Re: CARP cluster: howto keep pf.conf in sync?
Hi, > here is my script to sync via rsync. > Couldn't rdist(1) help ? Denis
Re: openbsd and chromebooks
> On Sat, Jul 26, 2014 at 01:59:45PM +0200, frantisek holop wrote: > > hmm, on Fri, Jul 25, 2014 at 02:11:00PM -0400, Mike Burns said that > > > > Anybody know of any small laptops (not necessarily chromebooks) that run > > > > OpenBSD well? > > > > > > Thinkpad X1 Carbon. -current works well: wifi, keyboard, mouse, > > > touchscreen, suspend, resume, USB, headphones. See my recent thread "zzz > > > + /dev/wsmouse" if you run into suspend/resume issues, or if you want to > > > see a dmesg. > > > > i am afraid this is a wholly different price category > > than the chromebooks. > > Moreover, the entire line Thinkpads turned into complete shit after the > purchase of the Chinese Lenovo. Please, not again. There may be forums for discussing that matter, but this is not the place.
Working ThinkPads? (Was: Re: openbsd and chromebooks)
So to get back on topic a bit, I know most of the devs use ThinkPads... My x201t is showing its age (already! *sigh*) as a Windows machine, but since much of the hardware (notably the serial Wacom touch-screen, rotation, fingerprint sensor) is nonfunctional under OpenBSD, I'm not sure that's what I want as my primary OpenBSD laptop. What's the most current X-series that more or less completely works with OpenBSD? By more or less completely, I include all the USB ports, internal WiFi & Bluetooth & Ethernet... ...preferably all under 5.6-Stable, too, as I don't update my machines very often. Opinions? I see the X1 Carbon mostly works, what about other current models? -Adam -- Sent from my Android device with K-9 Mail. Please excuse my brevity.
Re: CARP cluster: howto keep pf.conf in sync?
On Mon, Jul 28, 2014 at 1:44 PM, Denis Fondras wrote: > Hi, > >> here is my script to sync via rsync. >> > > Couldn't rdist(1) help ? > > Denis > it should ;) << The special command is used to specify sh(1) commands that are to be executed on the remote host after the file in name list is updated or installed. >> -- - () ascii ribbon campaign - against html e-mail /\
openbsd and chromebooks
Hi Johan, dmesg (seems i lied little bit, got 4gb ram) OpenBSD 5.5-current (GENERIC.MP) #250: Tue Jul 8 12:13:47 MDT 2014 t...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 4062691328 (3874MB) avail mem = 3945762816 (3762MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.6 @ 0xe0010 (78 entries) bios0: vendor LENOVO version "6QET70WW (1.40 )" date 10/11/2012 bios0: LENOVO 3323REG acpi0 at bios0: rev 2 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP SSDT ECDT APIC MCFG HPET ASF! SLIC BOOT SSDT TCPA DMAR SSDT SSDT SSDT acpi0: wakeup devices LID_(S3) SLPB(S3) IGBE(S4) EXP1(S4) EXP2(S4) EXP3(S4) EXP4(S4) EXP5(S4) EHC1(S3) EHC2(S3) HDEF(S4) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpiec0 at acpi0 acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Core(TM) i5 CPU M 520 @ 2.40GHz, 2660.50 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,POPCNT,AES,NXE,LONG,LAHF,PERF,ITSC cpu0: 256KB 64b/line 8-way L2 cache cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges cpu0: apic clock running at 133MHz cpu0: mwait min=64, max=64, C-substates=0.2.1.1.0, IBE cpu1 at mainbus0: apid 1 (application processor) cpu1: Intel(R) Core(TM) i5 CPU M 520 @ 2.40GHz, 2660.01 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,POPCNT,AES,NXE,LONG,LAHF,PERF,ITSC cpu1: 256KB 64b/line 8-way L2 cache cpu1: smt 1, core 0, package 0 cpu2 at mainbus0: apid 4 (application processor) cpu2: Intel(R) Core(TM) i5 CPU M 520 @ 2.40GHz, 2660.01 MHz cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,POPCNT,AES,NXE,LONG,LAHF,PERF,ITSC cpu2: 256KB 64b/line 8-way L2 cache cpu2: smt 0, core 2, package 0 cpu3 at mainbus0: apid 5 (application processor) cpu3: Intel(R) Core(TM) i5 CPU M 520 @ 2.40GHz, 2660.01 MHz cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,POPCNT,AES,NXE,LONG,LAHF,PERF,ITSC cpu3: 256KB 64b/line 8-way L2 cache cpu3: smt 1, core 2, package 0 ioapic0 at mainbus0: apid 1 pa 0xfec0, version 20, 24 pins ioapic0: misconfigured as apic 2, remapped to apid 1 acpimcfg0 at acpi0 addr 0xe000, bus 0-255 acpihpet0 at acpi0: 14318179 Hz acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus -1 (PEG_) acpiprt2 at acpi0: bus 13 (EXP1) acpiprt3 at acpi0: bus -1 (EXP2) acpiprt4 at acpi0: bus -1 (EXP3) acpiprt5 at acpi0: bus 5 (EXP4) acpiprt6 at acpi0: bus 2 (EXP5) acpicpu0 at acpi0: C3, C1, PSS acpicpu1 at acpi0: C3, C1, PSS acpicpu2 at acpi0: C3, C1, PSS acpicpu3 at acpi0: C3, C1, PSS acpipwrres0 at acpi0: PUBS, resource for EHC1, EHC2 acpitz0 at acpi0: critical temperature is 100 degC acpibtn0 at acpi0: LID_ acpibtn1 at acpi0: SLPB acpibat0 at acpi0: BAT0 model "42T4696" serial 8337 type LION oem "Panasonic" acpibat1 at acpi0: BAT1 not present acpiac0 at acpi0: AC unit online acpithinkpad0 at acpi0 acpidock0 at acpi0: GDCK docked (15) cpu0: Enhanced SpeedStep 2660 MHz: speeds: 2400, 2399, 2266, 2133, 1999, 1866, 1733, 1599, 1466, 1333, 1199 MHz pci0 at mainbus0 bus 0 pchb0 at pci0 dev 0 function 0 "Intel Core Host" rev 0x02 vga1 at pci0 dev 2 function 0 "Intel HD Graphics" rev 0x02 intagp0 at vga1 agp0 at intagp0: aperture at 0xd000, size 0x1000 inteldrm0 at vga1 drm0 at inteldrm0 inteldrm0: 1280x800 wsdisplay0 at vga1 mux 1: console (std, vt100 emulation) wsdisplay0: screen 1-5 added (std, vt100 emulation) "Intel 3400 MEI" rev 0x06 at pci0 dev 22 function 0 not configured puc0 at pci0 dev 22 function 3 "Intel 3400 KT" rev 0x06: ports: 1 com com4 at puc0 port 0 apic 1 int 17: ns16550a, 16 byte fifo com4: probed fifo depth: 0 bytes em0 at pci0 dev 25 function 0 "Intel 82577LM" rev 0x06: msi, address f0:de:f1:11:80:ca ehci0 at pci0 dev 26 function 0 "Intel 3400 USB" rev 0x06: apic 1 int 23 usb0 at ehci0: USB revision 2.0 uhub0 at usb0 "Intel EHCI root hub" rev 2.00/1.00 addr 1 azalia0 at pci0 dev 27 function 0 "Intel 3400 HD Audio" rev 0x06: msi azalia0: codecs: Conexant/0x5069, Intel/0x2804, using Conexant/0x5069 audio0 at azalia0 ppb0 at pci0 dev 28 function 0 "Intel 3400 PCIE" rev 0x06: msi pci1 at ppb0 bus 13 ppb1 at pci0 dev 28 function 3 "Intel 3400 PCIE" rev 0x06: msi pci2 at ppb1 bus 5 ppb2 at pci0 dev 28 function 4 "Intel 3400 PCIE" rev 0x06: msi pci3 at ppb2 bus 2 iwn0 at pci3 dev 0 function 0 "Inte
Re: CARP cluster: howto keep pf.conf in sync?
On 2014-07-28, Peus, Christoph wrote: > Hi all, > > > > is there a standard or recommended way to keep the pf.conf on the CARP cluster > members in sync? I scp files from a "config master" box where I have a bunch of config files checked in to subversion. It's pretty straightforward and works well for me. Others may use rdist, rsync, cfengine, etc for this sort of thing.
Re: MinnowBoard MAX
> On Jul 28, 2014, at 5:38 AM, Stuart Henderson wrote: > >> On 2014-07-27, Chris Cappuccio wrote: >> emigrant [emig...@gmail.com] wrote: >>> new toy for OpenBSD? ;) -> http://www.minnowboard.org/meet-minnowboard-max/ >> >> The 2core/2GB model looks similar in spec and price to the PC Engines APU, >> albiet with less LAN ports and possibly a better CPU. > > It's quite a bit smaller (99x74 vs 152x152) and has video out, though. > >> If they only support UEFI that will be a problem for OpenBSD. > > Yes. > A fellow from Intel told me they are coming out with Coreboot firmware for the Minnowboard max, no ETA other than "soon", and he didn't know if any of the BSD's would work with it. He said the forthcoming FreeBSD 11 almost boots with the Minnowboard max as is. Maybe OpenBSD will run on the PC Engines APU.1C Stan
http post from base
Hello, i got a silly question, how to post data to a server with base tools ? i could nc $DEST << EOT POST /a/b HTTP/1.0 [..] EOT Is there others way ? Finally (the real question), doing this with a website that require cookie auth ? Have a good week. -- - () ascii ribbon campaign - against html e-mail /\
Re: http post from base
You can use the base ftp client to do http, and there is a flag for cookies handling. What I'm not sure about is how far you'd get trying to do POST specifically. Many sites will handle POST or GET so you might try changing your approach to use GET instead? On Mon, Jul 28, 2014 at 8:33 PM, sven falempin wrote: > Hello, > > i got a silly question, how to post data to a server with base tools ? > > i could nc $DEST << EOT > POST /a/b HTTP/1.0 > [..] > EOT > > Is there others way ? > > Finally (the real question), doing this with a website that require > cookie auth ? > > Have a good week. > > -- > > - > () ascii ribbon campaign - against html e-mail > /\
Re: MinnowBoard MAX
Stan Gammons [s_gamm...@charter.net] wrote: > > A fellow from Intel told me they are coming out with Coreboot firmware for > the Minnowboard max, no ETA other than "soon", and he didn't know if any of > the BSD's would work with it. He said the forthcoming FreeBSD 11 almost > boots with the Minnowboard max as is. > That's good > Maybe OpenBSD will run on the PC Engines APU.1C > It does, quite well (OpenBSD fixed the Coreboot ACPI definitions for it to work, to everyone's benefit)
Re: http post from base
On Mon, Jul 28, 2014 at 9:47 PM, Stefan Johnson wrote: > You can use the base ftp client to do http, and there is a flag for cookies > handling. What I'm not sure about is how far you'd get trying to do POST > specifically. Many sites will handle POST or GET so you might try changing > your approach to use GET instead? > i do not see how i could post a file this way. > > On Mon, Jul 28, 2014 at 8:33 PM, sven falempin > wrote: >> >> Hello, >> >> i got a silly question, how to post data to a server with base tools ? >> >> i could nc $DEST << EOT >> POST /a/b HTTP/1.0 >> [..] >> EOT >> >> Is there others way ? >> >> Finally (the real question), doing this with a website that require >> cookie auth ? >> >> Have a good week. >> >> -- >> >> - >> () ascii ribbon campaign - against html e-mail >> /\ >> > -- - () ascii ribbon campaign - against html e-mail /\
Re: CARP cluster: howto keep pf.conf in sync?
On 07/28/14 07:50, Peus, Christoph wrote: > Hi all, > > > > is there a standard or recommended way to keep the pf.conf on the CARP cluster > members in sync? > > Thanks! No one standard or recommended way, but lots of ideas, as you can see. Here's mine, but for the moment, I'll leave you to develop the script. My design philosophy: 1) No additional hw, other than the two firewalls. 2) EITHER machine should be able to act as master. 3) EITHER machine should be able to provide all the info to rebuild the failed machine. 4) Change control is good, just not how managers usually like to implement it. 5) uses no other packages (rsync to move pf.conf around? I don't think that's needed) So... I wrote a relatively simple little script which * Figures out which the "other" machine is * does a "diff -u" of the changes between the local machine and the "other" machine (assuming the "other" machine is the old config) * Displays the diff to the user, and asks you to explain the change. * records the diff and your explanation to a file with a date and time stamp as a file name into a change log directory. * copies the pf.conf and the change log file to the corresponding directory in the "other" machine. * pfctl -f /etc/pf.conf's the other machine. So...you make a change on one box (EITHER!), test it, when satisified, you run the sync script. It compares the changed file to the other system, shows you the diff, and you can: 1) comment it and save it to both 2) Realize you made a typo, and deleted something you didn't intend to or fat-fingered something you didn't intend to, fix. 3) Realize that you made some other changes that weren't sync'd on either machine 4) etc. The script is identical between machines, so if you lose EITHER firewall, the other can be used to rebuild the missing system, including the history. If something goes horribly wrong, you just dig out the history file, and revert the change. If something goes horribly wrong before you sync it, log into the "other" firewall, and push the changes back. Wonder why a rule is in the firewall? Look back through the change log and read the comments. I've done the same thing with DNS zone files and config files, (in my opinion) better than the BIND "master/slave" model -- set up each node as a master, and sync the data through scripts like this. Nick.
Re: CARP cluster: howto keep pf.conf in sync?
Maybe puppet? Regards El jul 29, 2014 12:08 a.m., "Nick Holland" escribió: > On 07/28/14 07:50, Peus, Christoph wrote: > > Hi all, > > > > > > > > is there a standard or recommended way to keep the pf.conf on the CARP > cluster > > members in sync? > > > > Thanks! > > No one standard or recommended way, but lots of ideas, as you can see. > > Here's mine, but for the moment, I'll leave you to develop the script. > > My design philosophy: > 1) No additional hw, other than the two firewalls. > 2) EITHER machine should be able to act as master. > 3) EITHER machine should be able to provide all the info to rebuild the > failed machine. > 4) Change control is good, just not how managers usually like to > implement it. > 5) uses no other packages (rsync to move pf.conf around? I don't think > that's needed) > > So... I wrote a relatively simple little script which > * Figures out which the "other" machine is > * does a "diff -u" of the changes between the local machine and the > "other" machine (assuming the "other" machine is the old config) > * Displays the diff to the user, and asks you to explain the change. > * records the diff and your explanation to a file with a date and time > stamp as a file name into a change log directory. > * copies the pf.conf and the change log file to the corresponding > directory in the "other" machine. > * pfctl -f /etc/pf.conf's the other machine. > > So...you make a change on one box (EITHER!), test it, when satisified, > you run the sync script. It compares the changed file to the other > system, shows you the diff, and you can: > 1) comment it and save it to both > 2) Realize you made a typo, and deleted something you didn't intend to > or fat-fingered something you didn't intend to, fix. > 3) Realize that you made some other changes that weren't sync'd on > either machine > 4) etc. > > The script is identical between machines, so if you lose EITHER > firewall, the other can be used to rebuild the missing system, including > the history. > > If something goes horribly wrong, you just dig out the history file, and > revert the change. If something goes horribly wrong before you sync it, > log into the "other" firewall, and push the changes back. > > Wonder why a rule is in the firewall? Look back through the change log > and read the comments. > > I've done the same thing with DNS zone files and config files, (in my > opinion) better than the BIND "master/slave" model -- set up each node > as a master, and sync the data through scripts like this. > > Nick.
Re: MinnowBoard MAX
> On Jul 28, 2014, at 6:10 AM, Jonathan Gray wrote: > >> On Mon, Jul 28, 2014 at 10:38:04AM +, Stuart Henderson wrote: >>> On 2014-07-27, Chris Cappuccio wrote: >>> emigrant [emig...@gmail.com] wrote: new toy for OpenBSD? ;) -> http://www.minnowboard.org/meet-minnowboard-max/ >>> >>> The 2core/2GB model looks similar in spec and price to the PC Engines APU, >>> albiet with less LAN ports and possibly a better CPU. >> >> It's quite a bit smaller (99x74 vs 152x152) and has video out, though. > Anyone running OpenBSD on the PC Engines APU.1C ? Stan
Re: MinnowBoard MAX
> On Jul 28, 2014, at 8:49 PM, Chris Cappuccio wrote: > > Stan Gammons [s_gamm...@charter.net] wrote: >> >> A fellow from Intel told me they are coming out with Coreboot firmware for >> the Minnowboard max, no ETA other than "soon", and he didn't know if any of >> the BSD's would work with it. He said the forthcoming FreeBSD 11 almost >> boots with the Minnowboard max as is. > > That's good Yes, just not sure how long it will be. He also told me CircuitCo is in the process of releasing some lure's so one has additional Ethernet port options. One lure maybe as soon as late August. > >> Maybe OpenBSD will run on the PC Engines APU.1C > > It does, quite well (OpenBSD fixed the Coreboot ACPI definitions for it to > work, to everyone's benefit) That's great. I may get one of those instead of waiting on the Minnowboard and CircuitCo option. Thanks! Stan
Re: CARP cluster: howto keep pf.conf in sync?
On Mon, Jul 28, 2014 at 11:19 PM, Leonardo Santagostini wrote: > Maybe puppet? > > Regards > El jul 29, 2014 12:08 a.m., "Nick Holland" > escribió: > >> On 07/28/14 07:50, Peus, Christoph wrote: >> > Hi all, >> > >> > >> > >> > is there a standard or recommended way to keep the pf.conf on the CARP >> cluster >> > members in sync? >> > >> > Thanks! >> >> No one standard or recommended way, but lots of ideas, as you can see. >> >> Here's mine, but for the moment, I'll leave you to develop the script. >> >> My design philosophy: >> 1) No additional hw, other than the two firewalls. >> 2) EITHER machine should be able to act as master. >> 3) EITHER machine should be able to provide all the info to rebuild the >> failed machine. >> 4) Change control is good, just not how managers usually like to >> implement it. >> 5) uses no other packages (rsync to move pf.conf around? I don't think >> that's needed) >> >> So... I wrote a relatively simple little script which >> * Figures out which the "other" machine is >> * does a "diff -u" of the changes between the local machine and the >> "other" machine (assuming the "other" machine is the old config) >> * Displays the diff to the user, and asks you to explain the change. >> * records the diff and your explanation to a file with a date and time >> stamp as a file name into a change log directory. >> * copies the pf.conf and the change log file to the corresponding >> directory in the "other" machine. >> * pfctl -f /etc/pf.conf's the other machine. >> >> So...you make a change on one box (EITHER!), test it, when satisified, >> you run the sync script. It compares the changed file to the other >> system, shows you the diff, and you can: >> 1) comment it and save it to both >> 2) Realize you made a typo, and deleted something you didn't intend to >> or fat-fingered something you didn't intend to, fix. >> 3) Realize that you made some other changes that weren't sync'd on >> either machine >> 4) etc. >> >> The script is identical between machines, so if you lose EITHER >> firewall, the other can be used to rebuild the missing system, including >> the history. >> >> If something goes horribly wrong, you just dig out the history file, and >> revert the change. If something goes horribly wrong before you sync it, >> log into the "other" firewall, and push the changes back. >> >> Wonder why a rule is in the firewall? Look back through the change log >> and read the comments. >> >> I've done the same thing with DNS zone files and config files, (in my >> opinion) better than the BIND "master/slave" model -- set up each node >> as a master, and sync the data through scripts like this. >> >> Nick. > where are you storing the change history ? -- - () ascii ribbon campaign - against html e-mail /\
Re: http post from base
On Mon, Jul 28, 2014 at 21:33, sven falempin wrote: > Hello, > > i got a silly question, how to post data to a server with base tools ? Install curl? What's the fascination with base tools only?
Re: Re: Re[3]: Broadcom BCM5709 and BCM57711 driver features
While waiting for your help, i found and apply the patch to my rev.1.103 (the patch from old mailing lists which Brad Smith tested on BCM 5708 with rev.1.96). I leave my mii/brgphy.c original rev.1.104 (5.5 base) as it already includes the changes from patch. Now It is possible to set my BCM5709 hardmtu to jumbo size as needed. But something goes wrong with patch and dhclient on my bnx interfaces does not work (and i found that someone has posted that issue with high packet loss on a patched bnx already year ago with patch applied to rev.1.100 on BCM5709). DHCP REQ-ACK cant negotiate (seems that REQ transmition failed by bnx). So i can only setup the interface as static IP, but even ARP (mac address) not resolved for directly connected hosts. Rolled back to original if_bnx. > Сбт 26 Июл 2014 11:27:41 +0400, def написал: > > Change in max_std_mtu of if_bnxreg to 9000 (and appropriate max eth mtu to > > 9018, etc) > didnt make mtu to be allowed higher than 1500 via ifconfig (invalid argument > error). > Moreover max hw mtu is still displayed as 1500 in ifconfig bnx hwfeatures. > > > > Maybe i missed something? > > > > Птн 25 Июл 2014 14:43:30 +0400, def написал: > > > ok doing 'make' for bnx mtu right now. > > > I knew that its configurable via rebuild, but if standard max value was > > > not set by 5.5, does it mean that it can be turn on safely for kernel or > > > for hw tx/rx rings, memory pages, etc..? > > > > > > I have some time before install the box to production, so i can try 57711 > > > a little. > > > As i understood it will be done in 5.6 as stable driver? > > > > > > Птн 25 Июл 2014 10:53:34 +0400, David Gwynne написал: > > > > On 24 Jul 2014, at 19:37, def wrote: > > > > > > > > > Hi! > > > > > > > > > > Currently using 5.5-stable and It seems (as per hwfeatures) that > > > > > driver for BCM 5709 (1GE dual port adapter) > > > > > doesnt support jumbo frames at all which is critical for activation > > > > > mpls on bnx. > > > > > The card supports jumbo itself. > > > > > Return invalid argument when trying to setup jumbo via ifconfig. > > > > > is there an way to reach the high mtu values? > > > > > > > > yes. from memory it just required the use of vi and make. > > > > > > > > > Also, simple question - is the driver for Broadcom 10GE dual port > > > > > adapter BCM 57711 availiable ? > > > > > Cant see detected card in dmesg, but googled that someone seen that. > > > > > > > > i started working on that and got distracted. > > > > > > > > ill see if i can dig the bnx jumbo diff out. it wont make 5.6 but you > > > > can try it out if you want. > > > > > > -- > > > > > > > -- > > -- --
Re: MinnowBoard MAX
On 28 July 2014 19:14, Stan Gammons wrote: >> On Jul 28, 2014, at 6:10 AM, Jonathan Gray wrote: >> >>> On Mon, Jul 28, 2014 at 10:38:04AM +, Stuart Henderson wrote: On 2014-07-27, Chris Cappuccio wrote: emigrant [emig...@gmail.com] wrote: > new toy for OpenBSD? ;) -> > http://www.minnowboard.org/meet-minnowboard-max/ The 2core/2GB model looks similar in spec and price to the PC Engines APU, albiet with less LAN ports and possibly a better CPU. >>> >>> It's quite a bit smaller (99x74 vs 152x152) and has video out, though. >> > > Anyone running OpenBSD on the PC Engines APU.1C ? Yes i have installed and tried to run a router on it for a 100Mbit home internet connection. I got high numbers of `sysctl kern.netlivelocks`, few thousands in 4-5 days uptime, and fragment counter in `pfctl -s all` was rising. I can't say if thats really bad because it was my first experience with OpenBSD as a gateway but i was told that should not happen. Also could be a problem with my pf.conf which i didn't investigate further. One port had random hangs on the WAN line, that was the main problem. Hardware wise everything is recognized in dmesg. The only complain people had was that it runs at around 60-70deg Celsius.
Re: MinnowBoard MAX
> > Anyone running OpenBSD on the PC Engines APU.1C ? > > Yes i have installed and tried to run a router on it for a 100Mbit > home internet connection. > I got high numbers of `sysctl kern.netlivelocks`, few thousands in 4-5 > days uptime, and > fragment counter in `pfctl -s all` was rising. I can't say if thats > really bad because it was > my first experience with OpenBSD as a gateway but i was told that > should not happen. > Also could be a problem with my pf.conf which i didn't investigate > further. One port had > random hangs on the WAN line, that was the main problem. Home internet connection? Unlikely, or it sounds like an early BIOS with interrupt mapping issues. Alternatively you are waiting for improvements in the MCLGETI stuff to as the MP locking situation changes over time. It is an interesting machine, highly economical without the ARM complexity. Hope it keeps improving, or that good hardware of the same variety comes from other vendors. Love it or hate it, some platforms are better supported. This is the new vax. If you hate it, write code for the new platforms or shuttup. There is always some sort of status quo... > Hardware wise everything is recognized in dmesg. The only complain > people had was that it runs at around 60-70deg Celsius. They run hot, but seem stable. Laptops don't run at 30C like they did 10 years ago -- thermal envelope expanded and pants became more insulating because people wanted more speed. Noone knows which way the future goes.
Re: MinnowBoard MAX
On 29 July 2014 07:44, Theo de Raadt wrote: >> > Anyone running OpenBSD on the PC Engines APU.1C ? >> >> Yes i have installed and tried to run a router on it for a 100Mbit >> home internet connection. >> I got high numbers of `sysctl kern.netlivelocks`, few thousands in 4-5 >> days uptime, and >> fragment counter in `pfctl -s all` was rising. I can't say if thats >> really bad because it was >> my first experience with OpenBSD as a gateway but i was told that >> should not happen. >> Also could be a problem with my pf.conf which i didn't investigate >> further. One port had >> random hangs on the WAN line, that was the main problem. > > Home internet connection? Unlikely, or it sounds like an early BIOS > with interrupt mapping issues. Alternatively you are waiting for > improvements in the MCLGETI stuff to as the MP locking situation > changes over time. I used the newest BIOS available from the PC-Engines website. As i said i think its my incompetence for configuring it right. > It is an interesting machine, highly economical without the ARM > complexity. Hope it keeps improving, or that good hardware of the > same variety comes from other vendors. Love it or hate it, some > platforms are better supported. This is the new vax. If you hate it, > write code for the new platforms or shuttup. There is always some > sort of status quo... I didn't want to say something bad about the hardware/vendor. The hardware runs perfectly fine and with a preconfigured image like pfSense i had zero issues. >> Hardware wise everything is recognized in dmesg. The only complain >> people had was that it runs at around 60-70deg Celsius. > > They run hot, but seem stable. Laptops don't run at 30C like they did > 10 years ago -- thermal envelope expanded and pants became more > insulating because people wanted more speed. Noone knows which way > the future goes. Keeping in mind the passive cooling solution it's a respectable temperature and even in the warm summer days, as of now i had no problems with "too much" heat.
