6.4 doas gives "command not found" if no #!/bin/sh up top
Just upgraded from 6.3 to 6.4 and the doas behaviour seems to have changed. I finally solved it, but just posting here in case anyone has this problem. I had a few little shell scripts in /usr/local/sbin/ - intended to be run by doas : one-liners like bioctl mounting a USB stick or whatever. After upgrading to OpenBSD 6.4, all of them returned a "command not found" error. I tried moving them to different paths in $PATH, but no luck. Yet they'd work if I was root - just not via doas. Adding a "#!/bin/sh" at the top of the scripts made them all work again. Just FYI. - Derek
AuthPF removing all the states created from an IP
Hi list, I'm using authpf to allow external users to access to certain restricted services within our network. This network hosts public services as well, this is services which are open to all internet. The thing is that after some tests I realized that a client who has an authpf session opened and uses both, the autpf-protected service and the public service, gets disconnected of all services when he/she closes the authpf session. Looking a little bit closer I can see that all the states created by an IP address are removed when the user from that IP closes the authpf session so the states created by the authpf rules but also the ones created by the "regular" pf.conf rules disappear from the table. I guess that this is because there is only one states table and it could be difficult to know which states are genereated by which rules. The question is, is there any plan to label or mark the states so will be possible in the future for the non-authpf states to survive the authpf session? Thank you all. Derek.
Re: AuthPF removing all the states created from an IP
Hello, Seeing that nobody is answering to the question below I'd add: Is there anybody who uses authpf in the same scenario? Does it behave like in my case? Any suggestion to keep the states for the user after he/she closes the session? Thank you. On Wed, Dec 17, 2008 at 1:46 PM, Derek wrote: > Hi list, > > I'm using authpf to allow external users to access to certain restricted > services within our network. This network hosts public services as well, > this is services which are open to all internet. > > The thing is that after some tests I realized that a client who has an > authpf session opened and uses both, the autpf-protected service and the > public service, gets disconnected of all services when he/she closes the > authpf session. > > Looking a little bit closer I can see that all the states created by an IP > address are removed when the user from that IP closes the authpf session so > the states created by the authpf rules but also the ones created by the > "regular" pf.conf rules disappear from the table. > > I guess that this is because there is only one states table and it could be > difficult to know which states are genereated by which rules. > > The question is, is there any plan to label or mark the states so will be > possible in the future for the non-authpf states to survive the authpf > session? > > Thank you all. > > Derek.
Re: AuthPF removing all the states created from an IP
Hi, Seeing the answer to my question I'm afraid I wasn't clear enough about the purpose of it. I'm aware that authpf/pf is behaving as intended, I was just wondering if any change on that is planned because I'm guessing that I'm not the only one who would find useful to be able to keep the non authpf related states for an IP address after logoff authpf. My second question was more oriented to administrators who might want to share their thoughts about the question like Johan did (I'm going to have to test that one, thanks Johan). Sadly "System administrator" here seems to be willing to act in representation of all members of this list when he says: [...] do not expect anyone on this list to do your research for you. [...]. If everyone thought like him I think that the open source initiatives wouldn't exist anymore, anyway I don't want to start a discussion about this subject but keep it to the technical question which has been already asked, so if you are not "System Administrator" you can most likely ignore the coming lines on this email. On Tue, Dec 23, 2008 at 8:36 PM, System Administrator wrote: > This list tends to favor those who do at least some basic homework > before asking redundant questions. Completely agree with you, there is nothing more annoying that those purpose less messages which doesn't ask properly and/or doesn't really answer something. > Had you read the authpf man page or searched the list archives That's right, I knew I should have read some documentation. What lucky that my system is up and running by merely crazy guessing the content of the config files! >, you would have certainly realized that what you are describing is EXACTLY the intended > behavior, in other words, your system is working exactly as it was designed. Oh, really? Because I was just thinking that there was a problem in authpf No, wait, I haven''t said that, stop confusing me! > > Regarding your follow-up question: OpenBSD pf is a very powerful > firewall sub-system and supports a number of viable work-arounds to > accomplish what you want. However, unless you are offering to pay > market-rate consulting fees, do not expect anyone on this list to do > your research for you. Now is when I should send you a private message with my credit card number on it? > > > On 23 Dec 2008 at 8:12, Derek wrote: > >> Hello, >> >> Seeing that nobody is answering to the question below I'd add: Is there >> anybody who uses authpf in the same scenario? Does it behave like in my >> case? Any suggestion to keep the states for the user after he/she closes the >> session? >> >> Thank you. >> >> On Wed, Dec 17, 2008 at 1:46 PM, Derek wrote: >> >> > Hi list, >> > >> > I'm using authpf to allow external users to access to certain restricted >> > services within our network. This network hosts public services as well, >> > this is services which are open to all internet. >> > >> > The thing is that after some tests I realized that a client who has an >> > authpf session opened and uses both, the autpf-protected service and the >> > public service, gets disconnected of all services when he/she closes the >> > authpf session. >> > >> > Looking a little bit closer I can see that all the states created by an IP >> > address are removed when the user from that IP closes the authpf session so >> > the states created by the authpf rules but also the ones created by the >> > "regular" pf.conf rules disappear from the table. >> > >> > I guess that this is because there is only one states table and it could be >> > difficult to know which states are genereated by which rules. >> > >> > The question is, is there any plan to label or mark the states so will be >> > possible in the future for the non-authpf states to survive the authpf >> > session? >> > >> > Thank you all. >> > >> > Derek. >> >> > > > On Tue, Dec 23, 2008 at 8:36 PM, System Administrator wrote: > This list tends to favor those who do at least some basic homework > before asking redundant questions. Had you read the authpf man page or > searched the list archives, you would have certainly realized that what > you are describing is EXACTLY the intended behavior, in other words, > your system is working exactly as it was designed. > > Regarding your follow-up question: OpenBSD pf is a very powerful > firewall sub-system and supports a number of viable work-arounds to > accomplish what you want. However, unless you are offering to pay > market-rate consulting fees, do
Firefox or Xenocara? key bindings
Could someone knowledgable with Firefox or Xenocara help explain this? OpenBSD (amd64) has been my primary desktop OS for 20 years now. Always -RELEASE. In Firefox, to select the contents of the current form field, you used to hit Ctrl-a. Last year, it became Alt-a. I don't know if this was a Xenocara or Firefox change. This week, with 7.1, neither Ctrl-a nor Alt-a works for selecting the contents of the current form field. I can't figure out any key combination that does it. I always do a fresh OS install and fresh Firefox install with default settings, keeping no old configs. So I'm talking about default behavior. Is this key mapping inside Firefox? Where does it get assigned? Can I change it? Thank you, and sorry for the basic boring user question. - Derek
new 6.2-beta error: intel_uncore_check_errors Unclaimed register before interrupt
Hardware : Lenovo Thinkpad T440S This error used to happen only once each time I'd boot up: "error: [drm:pid46210:intel_uncore_check_errors] *ERROR* Unclaimed register before interrupt" It's never been a problem from OpenBSD 5.9 through 6.1. But now in 6.2-beta it's a problem. It goes on for hundreds of lines, and takes about a minute to finish all of its warnings. Happy to take any suggestions, test again, and report again. The dmesg: OpenBSD 6.2-beta (GENERIC.MP) #29: Mon Aug 21 10:03:48 MDT 2017 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 8246124544 (7864MB) avail mem = 7989186560 (7619MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xdcd3d000 (61 entries) bios0: vendor LENOVO version "GJET67WW (2.17 )" date 12/10/2013 bios0: LENOVO 20AQCTO1WW acpi0 at bios0: rev 2 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP SLIC DBGP ECDT HPET APIC MCFG SSDT SSDT SSDT SSDT SSDT SSDT SSDT SSDT PCCT SSDT UEFI POAT ASF! BATB FPDT UEFI SSDT DMAR acpi0: wakeup devices LID_(S4) SLPB(S3) IGBE(S4) EXP2(S4) XHCI(S3) EHC1(S3) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpiec0 at acpi0 acpihpet0 at acpi0: 14318179 Hz acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Core(TM) i7-4600U CPU @ 2.10GHz, 2694.23 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,PAGE1GB,RDTSCP,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,SENSOR,ARAT cpu0: 256KB 64b/line 8-way L2 cache cpu0: TSC frequency 2694228920 Hz cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges cpu0: apic clock running at 99MHz cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4.1.1.1, IBE cpu1 at mainbus0: apid 1 (application processor) cpu1: Intel(R) Core(TM) i7-4600U CPU @ 2.10GHz, 2693.77 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,PAGE1GB,RDTSCP,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,SENSOR,ARAT cpu1: 256KB 64b/line 8-way L2 cache cpu1: smt 1, core 0, package 0 cpu2 at mainbus0: apid 2 (application processor) cpu2: Intel(R) Core(TM) i7-4600U CPU @ 2.10GHz, 2693.77 MHz cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,PAGE1GB,RDTSCP,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,SENSOR,ARAT cpu2: 256KB 64b/line 8-way L2 cache cpu2: smt 0, core 1, package 0 cpu3 at mainbus0: apid 3 (application processor) cpu3: Intel(R) Core(TM) i7-4600U CPU @ 2.10GHz, 2693.77 MHz cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,PAGE1GB,RDTSCP,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,SENSOR,ARAT cpu3: 256KB 64b/line 8-way L2 cache cpu3: smt 1, core 1, package 0 ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 40 pins acpimcfg0 at acpi0 addr 0xf800, bus 0-63 acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus -1 (PEG_) acpiprt2 at acpi0: bus 2 (EXP1) acpiprt3 at acpi0: bus 3 (EXP2) acpiprt4 at acpi0: bus -1 (EXP3) acpicpu0 at acpi0: C3(200@506 mwait.1@0x60), C2(200@148 mwait.1@0x33), C1(1000@1 mwait.1), PSS acpicpu1 at acpi0: C3(200@506 mwait.1@0x60), C2(200@148 mwait.1@0x33), C1(1000@1 mwait.1), PSS acpicpu2 at acpi0: C3(200@506 mwait.1@0x60), C2(200@148 mwait.1@0x33), C1(1000@1 mwait.1), PSS acpicpu3 at acpi0: C3(200@506 mwait.1@0x60), C2(200@148 mwait.1@0x33), C1(1000@1 mwait.1), PSS acpipwrres0 at acpi0: PUBS, resource for XHCI, EHC1 acpipwrres1 at acpi0: NVP3, resource for PEG_ acpipwrres2 at acpi0: NVP2, resource for PEG_ acpitz0 at acpi0: critical temperature is 200 degC acpibtn0 at acpi0: LID_ acpibtn1 at acpi0: SLPB "LEN0071" at acpi0 not configured "LEN0036" at acpi0 not configured acpibat0 at acpi0: BAT0 model "45N1773" serial 32828 type LION oem "SANYO" acpibat1 at acpi0: BAT1 model "45N1775" serial 7444 type LION oem "SANYO" acpiac0 at acpi0: AC unit online acpithinkpad0 at acpi0 "PNP0C14" at acpi0 not configured "PNP0C14" at acpi0 not configured "PNP0C14" at acpi0 not configured "INT340F" at acpi0 not configured "INT33A0"
how to find reason for computer pausing often?
This past month or so, my Lenovo T440s laptop has started doing strange 2-second pauses at random intervals, sometimes a few times per minute. How would you look for the source of this trouble? There's nothing in /var/log showing when it happens. No log entries added there. Where else would you look? The easiest way to spot it in action is with a simple ls : cd /tmp mkdir a b c time ls a 0m00.00s real 0m00.00s user 0m00.01s system time ls b 0m03.22s real 0m00.00s user 0m00.01s system # there is the random pause time ls c 0m00.00s real 0m00.00s user 0m00.00s system time ls b 0m00.00s real 0m00.00s user 0m00.00s system I've tried it running OpenBSD 6.3 RELEASE, STABLE, and CURRENT. Happens with all. I wiped the entire drive (dd if=/dev/zero) then re-installed from scratch, and it still happens. It happens whether running X or just in the initial raw console without startx. I know it isn't an OpenBSD problem, but any suggestions where you'd look if it was you? Thank you. - Derek
Re: how to find reason for computer pausing often?
On Wed, Aug 08, 2018 at 08:59:40AM +0200, Solene Rapenne wrote: > Derek Sivers wrote: > > This past month or so, my Lenovo T440s laptop has started doing strange > > 2-second pauses at random intervals, sometimes a few times per minute. > > > > How would you look for the source of this trouble? There's nothing in > > /var/log showing when it happens. No log entries added there. Where else > > would you look? > > > > The easiest way to spot it in action is with a simple ls : > > > > cd /tmp > > mkdir a b c > > time ls a > > 0m00.00s real 0m00.00s user 0m00.01s system > > time ls b > > 0m03.22s real 0m00.00s user 0m00.01s system # there is the > > random pause > > time ls c > > 0m00.00s real 0m00.00s user 0m00.00s system > > time ls b > > 0m00.00s real 0m00.00s user 0m00.00s system > > > > I've tried it running OpenBSD 6.3 RELEASE, STABLE, and CURRENT. Happens > > with all. > > > > I wiped the entire drive (dd if=/dev/zero) then re-installed from scratch, > > and it still happens. > > > > It happens whether running X or just in the initial raw console without > > startx. > > > > I know it isn't an OpenBSD problem, but any suggestions where you'd look if > > it was you? > > > > Thank you. > > > > - Derek > > Hi Derek > > I think that your hard drive is failing. Is it a SSD? If no, it's > typical of an old failing hard disk. > > Could you try to mount a mfs filesystem and see if your example makes a > pause? That should not trigger any disk read as it's an in-memory > filesystem, if it doesn't block that mean that the hard disk is failing. Thanks for the reply and suggestion. It's an SSD - https://www.cnet.com/products/adata-premier-sp600ns34-solid-state-drive-128-gb-sata-6gb-s/specs/ - but I'll try the MFS thing, too.
6.7-BETA on Thinkpad P1 with two drives : (won't boot)
6.7-BETA (today's snapshot). Lenovo ThinkPad P1 2nd gen with two NVMe inside. Windows on /dev/sd1 Installed OpenBSD on /dev/sd0 (a 1TB Samsung 970 pro) /dev/sd0 has had FreeBSD and Arch Linux on it successfully. Installed via USB just fine. Fresh [W]hole disk install. Just default install, no encryption or RAID. BIOS has sd0 as the preferred startup device. But after reboot, Windows comes up. Hmm… I reboot with manual boot override to select sd0/OpenBSD. Nope. Won't. Just instantly goes back to menu. So I installed same 6.7-BETA on an external SSD via USB-eSATA. Same thing. Installed fine. But laptop won't let it boot from that drive. In BIOS: "secure boot" and "memory protection" all off. And FWIW, settings haven't changed since FreeBSD was running successfully on this laptop yesterday. Any suggestions on what else I could try to make it boot? Thank you.
Re: 6.7-BETA on Thinkpad P1 with two drives : (FIXED)
On Thu, Apr 09, 2020 at 02:25:49PM +0200, Otto Moerbeek wrote: > You did not tell if you were using EFI or MBR boot. You couldn try the > other one. I never got my X1 6th gen booting with EFI boot. Thank you Otto, and sorry everyone else. I thought I had tried all of the BIOS settings. You're right, when set to "Legacy Only", it works. > > 6.7-BETA (today's snapshot). > > > > Lenovo ThinkPad P1 2nd gen with two NVMe inside. > > > > Windows on /dev/sd1 > > Installed OpenBSD on /dev/sd0 (a 1TB Samsung 970 pro) > > /dev/sd0 has had FreeBSD and Arch Linux on it successfully. > > > > Installed via USB just fine. Fresh [W]hole disk install. > > Just default install, no encryption or RAID. > > > > BIOS has sd0 as the preferred startup device. But after reboot, Windows > > comes up. Hmm… > > > > I reboot with manual boot override to select sd0/OpenBSD. Nope. Won't. > > Just instantly goes back to menu. > > > > So I installed same 6.7-BETA on an external SSD via USB-eSATA. > > Same thing. Installed fine. But laptop won't let it boot from that drive. > > > > In BIOS: "secure boot" and "memory protection" all off. And FWIW, settings > > haven't changed since FreeBSD was running successfully on this laptop > > yesterday. > > > > Any suggestions on what else I could try to make it boot?
Relayd
I've been experimenting some with using relayd to load balance incoming smtp, pop3 and imap and it seems to work wonderfully with relays, unfortunately I cannot use redirects since I need to direct to different server pools depending on the originating source IP. The only thing preventing me from deploying this is I need the connections to be transparent. OpenBSD 4.4 introduced a transparent key word, but for the life of me I cannot get this to work. If configured as outlined in the man page, relayd fails to start complaining about an interface missing from the configuration. If an interface is specified, relayd starts but connections time out immediately: relay maildelivery, session 4 (1 active), 0, 66.159.122.2 -> 10.10.19.4:25, connect timeout When I trace the packets, I can see the connection being made to 10.10.19.4, and a reply issued, but the time out still happens, so I'm at a complete loss. Has anyone been able to get transparent relays configured? I'd appreciate any help anyone can provide. On another note. One thing that would be nice to see in relayd is the ability to specify a source ip or table in the redirect definition as that would eliminate the need for a relay for this configuration. Thanks. -- Regards, Derek Buttineau Internet Systems Developer Compu-SOLVE Internet Services Compu-SOLVE Technologies, Inc Phone: 705-725-1212 x255 E-Mail: de...@csolve.net
Re: Relayd
porting" rev 0xb1 pchb2 at pci0 dev 16 function 1 "Intel 5000 Error Reporting" rev 0xb1 pchb3 at pci0 dev 16 function 2 "Intel 5000 Error Reporting" rev 0xb1 pchb4 at pci0 dev 17 function 0 "Intel 5000 Reserved" rev 0xb1 pchb5 at pci0 dev 19 function 0 "Intel 5000 Reserved" rev 0xb1 pchb6 at pci0 dev 21 function 0 "Intel 5000 FBD" rev 0xb1 pchb7 at pci0 dev 22 function 0 "Intel 5000 FBD" rev 0xb1 uhci0 at pci0 dev 29 function 0 "Intel 6321ESB USB" rev 0x09: apic 8 int 16 (irq 5) uhci1 at pci0 dev 29 function 1 "Intel 6321ESB USB" rev 0x09: apic 8 int 17 (irq 7) uhci2 at pci0 dev 29 function 2 "Intel 6321ESB USB" rev 0x09: apic 8 int 18 (irq 10) uhci3 at pci0 dev 29 function 3 "Intel 6321ESB USB" rev 0x09: apic 8 int 19 (irq 10) ehci0 at pci0 dev 29 function 7 "Intel 6321ESB USB" rev 0x09: apic 8 int 16 (irq 5) usb0 at ehci0: USB revision 2.0 uhub0 at usb0 "Intel EHCI root hub" rev 2.00/1.00 addr 1 ppb13 at pci0 dev 30 function 0 "Intel 82801BA Hub-to-PCI" rev 0xd9 pci14 at ppb13 bus 1 vga1 at pci14 dev 3 function 0 "ATI ES1000" rev 0x02 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) drm at vga1 unsupported "Compaq iLO" rev 0x03 at pci14 dev 4 function 0 not configured "Compaq iLO" rev 0x03 at pci14 dev 4 function 2 not configured uhci4 at pci14 dev 4 function 4 "Hewlett-Packard USB" rev 0x00: apic 8 int 22 (irq 10) "Hewlett-Packard IPMI" rev 0x00 at pci14 dev 4 function 6 not configured usb1 at uhci4: USB revision 1.0 uhub1 at usb1 "Hewlett-Packard UHCI root hub" rev 1.00/1.00 addr 1 pcib0 at pci0 dev 31 function 0 "Intel 6321ESB LPC" rev 0x09 pciide0 at pci0 dev 31 function 1 "Intel 6321ESB IDE" rev 0x09: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility atapiscsi0 at pciide0 channel 0 drive 0 scsibus1 at atapiscsi0: 2 targets, initiator 7 cd0 at scsibus1 targ 0 lun 0: ATAPI 5/cdrom removable cd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2 pciide0: channel 1 disabled (no drives) usb2 at uhci0: USB revision 1.0 uhub2 at usb2 "Intel UHCI root hub" rev 1.00/1.00 addr 1 usb3 at uhci1: USB revision 1.0 uhub3 at usb3 "Intel UHCI root hub" rev 1.00/1.00 addr 1 usb4 at uhci2: USB revision 1.0 uhub4 at usb4 "Intel UHCI root hub" rev 1.00/1.00 addr 1 usb5 at uhci3: USB revision 1.0 uhub5 at usb5 "Intel UHCI root hub" rev 1.00/1.00 addr 1 isa0 at pcib0 isadma0 at isa0 com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo com1: probed fifo depth: 0 bytes pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pcppi0 at isa0 port 0x61 midi0 at pcppi0: spkr0 at pcppi0 mtrr: Pentium Pro MTRR support uhidev0 at uhub1 port 1 configuration 1 interface 0 "HP Virtual Keyboard" rev 1.10/0.02 addr 2 uhidev0: iclass 3/1 ukbd0 at uhidev0: 8 modifier keys, 6 key codes, country code 33 wskbd1 at ukbd0 mux 1 wskbd1: connecting to wsdisplay0 uhidev1 at uhub1 port 1 configuration 1 interface 1 "HP Virtual Keyboard" rev 1.10/0.02 addr 2 uhidev1: iclass 3/1 ums0 at uhidev1: 3 buttons wsmouse0 at ums0 mux 0 uhub6 at uhub1 port 2 "HP Virtual Hub" rev 1.10/0.01 addr 3 softraid0 at root root on sd0a swap on sd0b dump on sd0b bnx1: address 00:1f:29:63:d5:1e brgphy0 at bnx1 phy 1: BCM5708C 10/100/1000baseT PHY, rev. 6 bnx0: address 00:1f:29:63:d5:18 brgphy1 at bnx0 phy 1: BCM5708C 10/100/1000baseT PHY, rev. 6 Thanks -- Regards, Derek Buttineau Internet Systems Developer Compu-SOLVE Internet Services Compu-SOLVE Technologies, Inc Phone: 705-725-1212 x255 E-Mail: de...@csolve.net
Odd spamd-white update issues
Good Day, We have an OpenBSD 4.3 machine that is acting as a firewall for our scanning service and has spamd employed (which we've been using ever since hearing Bob talk about it at BSDCan 2005). Yesterday though, we had our first issue with it, for some reason about 4pm yesterday all of our entries in the spamd-white table disappeared? I suspected that it may have had something to do with the sync as I had spamd running with the -Y and -y flags, yet there is currently no other host on the network for it to sync with (though a redundant machine is in the works to be deployed very soon). When we uncovered the issue this morning, I removed the -Y and -y flags and restarted the machine and it is now working correctly again, however I'm a little puzzled as to the source of this problem as I've scoured our log files and do not see any errors or alerts that I can attribute to this situation. Any suggestions or advice would be greatly appreciated. Our spamd_flags were as follows (It is currently running without the - Y and -y): -h 'scanner.netguardsolutions.net' -n 'netGUARD: Mail Protection Service' -G 15:4:864 -Y em0 -y em0 -M 66.159.122.14 Thank you -- Regards, Derek Buttineau Internet Systems Developer Compu-SOLVE Internet Services Compu-SOLVE Technologies, Inc Phone: 705-725-1212 x255 E-Mail: [EMAIL PROTECTED]
Transparent Reverse Proxy with relayd
I'm attempting to setup a reverse proxy using relayd using the
transparent forward to configuration (non-transparent works fine)
under OpenBSD 4.4.
My configuration is as follows:
===
#
# Macros
#
relayd_addr="127.0.0.1"
elrond="10.10.19.4"
celebrian="10.10.19.5"
#
# Global Options
#
interval 10
timeout 200
prefork 10
log updates
#
# Each table will be mapped to a pf table.
#
table { $elrond $celebrian }
protocol "tcp_service" {
tcp { nodelay, socket buffer 65536 }
}
relay maildelivery {
listen on $relayd_addr port 2525
protocol "tcp_service"
transparent forward to port smtp check tcp
interface bnx1
}
===
Related PF configuration is:
===
ext_if="bnx0"
elrond = "10.10.19.4"
netguard = "66.159.122.2"
pop3_servers = "{" $elrond "}"
rdr on $ext_if proto tcp from $netguard to 66.159.112.123 port smtp ->
lo0 port 2525
pass in proto tcp from $netguard to $pop3_servers port smtp
pass in proto tcp from $netguard to lo0 port 2525
===
I'm unsure if I'm using the correct interface in the transparent
forward to line as it's not clear in the man page that an interface is
even required (though if left out it says missing interface).
When started, forwarding looks correct, but times out immediately:
relay maildelivery, session 4 (1 active), 0, 66.159.122.2 ->
10.10.19.4:25, connect timeout
relay maildelivery, session 5 (1 active), 0, 66.159.122.2 ->
10.10.19.4:25, connect timeout
relay maildelivery, session 6 (1 active), 0, 66.159.122.2 ->
10.10.19.4:25, connect timeout
relay maildelivery, session 7 (1 active), 0, 66.159.122.2 ->
10.10.19.4:25, connect timeout
If I monitor the interface on 10.10.19.4 as well as the outbound
interface on the firewall I can see the request go out to 10.10.19.4,
and the response from 10.10.19.4 return, but it still times out
immediately.
I'm sure I'm just missing something in my configuration, if anyone can
point me in the correct direction, I'd be much obliged.
Thank you.
--
Regards,
Derek Buttineau
Internet Systems Developer
Compu-SOLVE Internet Services
Compu-SOLVE Technologies, Inc
Phone: 705-725-1212 x255
E-Mail: [EMAIL PROTECTED]
Re: Problem with relayctl - OBSD 4.4
On 2008-Nov-11, at 10:13 AM, Stuart Henderson wrote: I should probably have also mentioned to mark the point where relayctl reload is run.. Right before "^Chost check engine exiting" When relayctl returns command failed. nothing appears in the debugging output. Derek
Re: Problem with relayctl - OBSD 4.4
g relay imap adding 2 hosts from table pop3_servers:110 init_filter: filter init done init_tables: created 0 tables relay_launch: running relay pop3 relay_launch: running relay pop3s relay_launch: running relay imap relay_launch: running relay imaps relay_launch: running relay maildelivery relay_launch: running relay imaps relay_launch: running relay pop3 relay_launch: running relay pop3s relay_launch: running relay imap relay_launch: running relay imaps relay_launch: running relay maildelivery adding 2 hosts from table pop3_servers:995 adding 2 hosts from table pop3_servers:143 adding 2 hosts from table pop3_servers:993 adding 2 hosts from table pop3_servers:25 relay_launch: running relay maildelivery relay_init: max open files 1024 adding 2 hosts from table pop3_servers:110 adding 2 hosts from table pop3_servers:995 adding 2 hosts from table pop3_servers:143 adding 2 hosts from table pop3_servers:993 adding 2 hosts from table pop3_servers:25 relay_init: max open files 1024 relay_launch: running relay pop3 relay_launch: running relay pop3s relay_launch: running relay imap relay_launch: running relay imaps relay_launch: running relay maildelivery relay_launch: running relay pop3 adding 2 hosts from table pop3_servers:110 relay_launch: running relay pop3s relay_launch: running relay imap relay_launch: running relay imaps relay_launch: running relay maildelivery adding 2 hosts from table pop3_servers:995 adding 2 hosts from table pop3_servers:143 adding 2 hosts from table pop3_servers:993 adding 2 hosts from table pop3_servers:25 relay_launch: running relay pop3 relay_launch: running relay pop3s relay_launch: running relay imap relay_launch: running relay imaps relay_launch: running relay maildelivery pfe_dispatch_imsg: state 1 for host 1 10.10.19.4 pfe_dispatch_imsg: state 1 for host 2 10.10.19.5 pfe_dispatch_imsg: state 1 for host 3 10.10.19.4 pfe_dispatch_imsg: state 1 for host 4 10.10.19.5 pfe_dispatch_imsg: state 1 for host 5 10.10.19.4 pfe_dispatch_imsg: state 1 for host 6 10.10.19.5 pfe_dispatch_imsg: state 1 for host 7 10.10.19.4 pfe_dispatch_imsg: state 1 for host 8 10.10.19.5 pfe_dispatch_imsg: state 1 for host 9 10.10.19.4 pfe_dispatch_imsg: state 1 for host 10 10.10.19.5 hce_notify_done: 10.10.19.4 (tcp_host_up: connect successful) hce_notify_done: 10.10.19.5 (tcp_host_up: connect successful) hce_notify_done: 10.10.19.4 (tcp_host_up: connect successful) hce_notify_done: 10.10.19.5 (tcp_host_up: connect successful) hce_notify_done: 10.10.19.4 (tcp_host_up: connect successful) hce_notify_done: 10.10.19.4 (tcp_host_up: connect successful) hce_notify_done: 10.10.19.5 (tcp_host_up: connect successful) hce_notify_done: 10.10.19.5 (tcp_host_up: connect successful) hce_notify_done: 10.10.19.5 (tcp_host_up: connect successful) hce_notify_done: 10.10.19.4 (tcp_host_up: connect successful) ^Chost check engine exiting kill_tables: deleted 0 tables flush_rulesets: flushed rules pf update engine exiting socket relay engine exiting socket relay engine exiting socket relay engine exiting socket relay engine exiting socket relay engine exiting socket relay engine exiting socket relay engine exiting socket relay engine exiting socket relay engine exiting socket relay engine exiting = Thanks, Derek
ISC DHCPD Oddity
Just swapped drives from one Compaq DL360 to another DL360 and now whenever I try to run the ISC DHCPD, which was working perfectly fine on the other box, it complains that it can't find the interface. The only difference, network wise, between the two boxes is that the old one had interfaces fxp0, fxp1 and bge0 and the new one has fxp0, fxp1 and em0 (I have modified the configuration to reflect this) Everything else is working fine (PF, Networking, etc), except that I currently can't hand out dhcp leases. :) I've bundled dmesg, ifconfig -A, dhcpd.conf dhcpd.interfaces, hostname.em0, hostname.fxp0, hostname,fxp1 and ktrace.out here: http://users.csolve.net/~derek/stuff/dhcpdinfo.tar.gz <http://users.csolve.net/%7Ederek/stuff/dhcpdinfo.tar.gz> Any help or suggestions would be greatly appreciated. I'm assuming it's something simple I've missed. Thanks in advance. Derek
Re: ISC DHCPD Oddity
Okay, I've uncovered "what" is causing the problem, just not sure "how" to fix it (I've sent it off to the ISC dhcp list too, hopefully someone can figure it out :) ) The source of the problem seems to be the # of IPs assigned to fxp0 (currently 65). I removed about 40 of those, just to see if it would make any difference, and it did. After reducing the IPs, ISC dhcpd started without issue: Aug 31 13:37:36 smaug dhcpd: Internet Systems Consortium DHCP Server V3.0.2 Aug 31 13:37:36 smaug dhcpd: Copyright 2004 Internet Systems Consortium. Aug 31 13:37:36 smaug dhcpd: All rights reserved. Aug 31 13:37:36 smaug dhcpd: For info, please visit http://www.isc.org/sw/dhcp/ Aug 31 13:37:36 smaug dhcpd: Wrote 0 deleted host decls to leases file. Aug 31 13:37:36 smaug dhcpd: Wrote 0 new dynamic host decls to leases file. Aug 31 13:37:36 smaug dhcpd: Wrote 0 leases to leases file. Aug 31 13:37:36 smaug dhcpd: Listening on BPF/em0/00:02:a5:48:b4:ba/INTERNAL Aug 31 13:37:36 smaug dhcpd: Sending on BPF/em0/00:02:a5:48:b4:ba/INTERNAL Aug 31 13:37:36 smaug dhcpd: Listening on BPF/fxp1/00:50:8b:e0:7a:eb/DMZ Aug 31 13:37:36 smaug dhcpd: Sending on BPF/fxp1/00:50:8b:e0:7a:eb/DMZ Aug 31 13:37:36 smaug dhcpd: Sending on Socket/fallback/fallback-net My "guess" is that the number of IPs is causing the interface detection in ISC's DHCPD to break (though it doesn't spit out any errors to indicate this). I'll do some further testing tomorrow morning to see if I can determine at what threshold it breaks. In the meantime, I can work around the problem by not assigning the IPs to fxp0 until dhcpd has started. Derek On 8/31/05, Derek Buttineau <[EMAIL PROTECTED]> wrote: > > Just swapped drives from one Compaq DL360 to another DL360 and now > whenever I try to run the ISC DHCPD, which was working perfectly fine on > the other box, it complains that it can't find the interface. The only > > difference, network wise, between the two boxes is that the old one had > interfaces fxp0, fxp1 and bge0 and the new one has fxp0, fxp1 and em0 (I > have modified the configuration to reflect this) > > Everything else is working fine (PF, Networking, etc), except that I > > currently can't hand out dhcp leases. :) > > I've bundled dmesg, ifconfig -A, dhcpd.conf dhcpd.interfaces, > hostname.em0, hostname.fxp0, hostname,fxp1 and ktrace.out > here: > > http://users.csolve.net/~derek/stuff/dhcpdinfo.tar.gz <http://users.csolve.net/%7Ederek/stuff/dhcpdinfo.tar.gz> > > Any help or suggestions would be greatly appreciated. I'm assuming it's > > something simple I've missed. > > Thanks in advance. > > Derek
Re: OpenBSD Desktop Document
I have to agree, Gentoo's install docs are some of the best out there and will allow just about anybody to install OpenBSD. On 11/12/05, bofh <[EMAIL PROTECTED]> wrote: > > On 11/8/05, Joe S <[EMAIL PROTECTED]> wrote: > > > > In general, this is a good start. One more piece of advice, try not to > > make the document too narrative, but rather just put in what the user > > needs to know to get a desktop working. > > > > One piece of advice, take a look at gentoo's install docs. Just enough > handholding, but with enough background explanation so that a user knows > what's going on. > > -Tai > > -- - Derek Tracy [EMAIL PROTECTED] -
Re: OpenBSD Desktop Document
Now that I would have to see. Could you do up a quick sketch in ascii? On 11/13/05, Robert Szasz <[EMAIL PROTECTED]> wrote: > > Add a cutout disk partitioning sliderule! Ok, perhaps not, but now that I > think about it, that would be a nice geeky tool to have. If anyone else is > interested, I might just make one up. > > On 11/12/05, Derek Tracy <[EMAIL PROTECTED]> wrote: > > > > I have to agree, Gentoo's install docs are some of the best out there > > and > > will allow just about anybody to install OpenBSD. > > > > On 11/12/05, bofh <[EMAIL PROTECTED]> wrote: > > > > > > On 11/8/05, Joe S <[EMAIL PROTECTED]> wrote: > > > > > > > > In general, this is a good start. One more piece of advice, try not > > to > > > > make the document too narrative, but rather just put in what the > > user > > > > needs to know to get a desktop working. > > > > > > > > > > > > One piece of advice, take a look at gentoo's install docs. Just enough > > > handholding, but with enough background explanation so that a user > > knows > > > what's going on. > > > > > > -Tai > > > > > > > > > > > > -- > > - > > Derek Tracy > > [EMAIL PROTECTED] > > - > > > > > -- - Derek Tracy [EMAIL PROTECTED] -
Odd CARP issue with 4.6
I'm having a really odd issue, and not sure quite how best to explain it. As far as I know my setup was working fine with 4.5, and the failover itself still works without a hitch, it just doesn't seem to want to fail back anymore. If the master goes down (say for a reboot), CARP fails over to the secondary machine as normal, but when the master is back it doesn't fail back to it. If I force the carp interface down on the backup machine, it fails back over, but then as soon as I bring those interfaces back up, the BACKUP becomes master again. I find this strange since the BACKUP still has a much higher advskew. I end up rebooting the backup, which seems to put everything in its place. Very odd issue. Has anyone else encountered this? Master interface ifconfig: carp1: flags=8843 mtu 1500 lladdr 00:00:5e:00:01:02 priority: 0 carp: MASTER carpdev bnx0 vhid 2 advbase 1 advskew 0 groups: carp Backup interface ifconfig: carp1: flags=8843 mtu 1500 lladdr 00:00:5e:00:01:02 priority: 0 carp: BACKUP carpdev em0 vhid 2 advbase 1 advskew 100 groups: carp -- Regards, Derek Buttineau Internet Systems Developer Compu-SOLVE Internet Services Compu-SOLVE Technologies, Inc Phone: 705-725-1212 x255 E-Mail: de...@csolve.net
Re: Odd CARP issue with 4.6
On 2009-11-25, at 6:08 PM, Bryan Irvine wrote: > did you by chance upgrade your sysctl.conf? Make sure preempt is > still turned on. > > -B I did upgrade sysctl.conf, but preempt is still turned on. Odd. -- Regards, Derek Buttineau Internet Systems Developer Compu-SOLVE Internet Services Compu-SOLVE Technologies, Inc Phone: 705-725-1212 x255 E-Mail: de...@csolve.net
Re: Odd CARP issue with 4.6
On 2009-11-25, at 6:23 PM, Henning Brauer wrote: > check ifconfig -g carp on both Right now both are at: carp: carp demote count 0 However, I did check that before I rebooted the backup unit and the master was set to carp: carp demote count 1 At first I thought that maybe pfsync was keeping the master from reverting while it synced state, but even after 24 hours the master hadn't taken back over from the slave. -- Regards, Derek Buttineau Internet Systems Developer Compu-SOLVE Internet Services Compu-SOLVE Technologies, Inc Phone: 705-725-1212 x255 E-Mail: de...@csolve.net
Re: Odd CARP issue with 4.6
On 2009-11-26, at 10:40 AM, Marco Pfatschbacher wrote:
> It might help to set
> sysctl net.inet.carp.log=6
>
> carp does logging about who demoted it:
>
>CARP_LOG(LOG_INFO, nil, ("%s demoted group %s to %d",
ifp->if_xname,
>ifgl->ifgl_group->ifg_group, *dm));
Thanks, have set that. Will check next time it happens and see if I can tell
what's demoting it.
--
Regards,
Derek Buttineau
Internet Systems Developer
Compu-SOLVE Internet Services
Compu-SOLVE Technologies, Inc
Phone: 705-725-1212 x255
E-Mail: de...@csolve.net
Re: ProLiant DL360 G3 - bge won't work
On 2009-12-11, at 10:43 AM, Peter Huncar wrote: > Could you help me please with: > > I'm trying to install 4.6 on a ProLiant DL260 G3. > The install from cd went just fine, but I discovered later that both integrated broadcom bge* do not work. > Well, they accept IP and settings, but won't transmit a bit. Dhclient, tcpdump, ping - not a packet. > I tried to change OS settings in Bios (Linux/Other) and MPS Table mode from 'auto' both to 'Full Table APIC' and 'Full Table Mapped'. > > I guess I didn't check all the possible combinations of APIC/OS :) Once I managed to crash to ddb while OS Setting was to Windows :) > > Nevertheless, they don't work neither with bsd nor bsd.mp kernel. Ran into this on Wednesday upgrading a DL360 G1 to a DL360 G3, it would find the bge0 and bge1 interface but neither would transmit. I ended up trying a suggestion from IRC to update to 4.6-current, which corrected the issue with the bge interfaces. -- Regards, Derek Buttineau Internet Systems Developer Compu-SOLVE Internet Services Compu-SOLVE Technologies, Inc Phone: 705-725-1212 x255 E-Mail: de...@csolve.net
Re: HP DL360 Fan Control
I have seen the issue, we have 1 DL360 G3 server in particular where the fan stays at full throttle at all times. We've even gone so far as replacing the fan pack to try and resolve it, but the problem seems to be something more internal. We suspect the mother board. Other than that G3 though, we haven't had any problems with fans (regardless of OS) on the DL360s. On 2009-10-01, at 3:15 PM, Mauro Rezzonico wrote: Mikel Lindsaar wrote: > HP DL360 G3 I have an HP DL360 G4 and it doesn't do that: it starts "full throttle", but after 15-20 seconds it settles to just "very noisy" and stays like that... I did not had the chance to put the machine under heavy load (yet), but I suspect that is NOT the room getting warm, it's the machines making so much heat that the room warms up :-) -- Mauro Rezzonico , Como, Italia "Maybe this world is another planet's hell" - H.Huxley -- Regards, Derek Buttineau Internet Systems Developer Compu-SOLVE Internet Services Compu-SOLVE Technologies, Inc Phone: 705-725-1212 x255 E-Mail: de...@csolve.net
Hosted CI with OpenBSD targets
Hi! Wondering if anyone has experience with hosted CI services that support OpenBSD targets for building + tests. I haven't been successful finding any. Looking to add native OpenBSD support to a project's CI, hoping to draw on the community's experience. Would also prefer to run a service, rather than self-host. Thanks! Derek
