On Thu, Jun 05, 2014 at 08:02:58PM +, Miod Vallat wrote:
>
> If you can't trust people to apply one-liner fixes correctly, can you
> trust them for anything serious?
I really don't like to point fingers, but...
It is done by the same people that introduced
the Debian random number bug back
On Sun, Jan 26, 2014 at 03:44:14PM -0500, ido...@gmail.com wrote:
> Hi misc@,
> From http://marc.info/?l=openbsd-cvs&m=133217901415880&w=2
>
> "The ``sleep until we have a writer'' behaviour of an open() on a fifo
> does so with the file descriptor table locked, so if we are waiting for
> another
On Wed, Jul 25, 2012 at 12:07:25PM +0200, Henning Brauer wrote:
> * Lee Verberne [2012-07-19 23:46]:
> > A power supply failed in my 2-node OpenBSD 5.1 unicast CARP cluster
> > recently. After the failure I noticed that the carp demote counter was
> > being increased by output errors:
> >
> > ca
On Fri, Mar 02, 2012 at 09:23:38AM +0100, Marios Makassikis wrote:
>
> The demotion counter is decremented when you lose connectivity (ip_output
> errors for instance), but shouldn't it be reincremented when you regain
> connectivity?
Well, that's a chicken and egg problem there.
It won't send o
Hi,
so far, the 82579LM em(4) was only working by luck.
This should be fixed in -current.
On Fri, Oct 14, 2011 at 08:38:50AM +0200, Maxim Bourmistrov wrote:
> Hi,
>
> I'm getting "em1 watchdog timeout" from bsd.rd while tried to snapshot
> already -current box.
> However, manually moving in bsd
On Tue, Jul 26, 2011 at 10:00:48AM +0200, Marcus M|lb|sch wrote:
> Hello all,
>
>Since I added another physical and carp interface to our firewalls, I
> get strange error messages, and strange behaviour for carp failover.
>
>> Jul 25 15:00:03 fw2 /bsd: carp32: ip_output failed: 64
>> Jul 25 15
On Sat, Apr 23, 2011 at 09:15:51PM +, Stuart Henderson wrote:
> On 2011-04-21, ??? wrote:
> > Dear Sirs,
> >
> > I need to configure ipv6 over carp interface. It seems that carp doesn't
> > like things in one line
> >
> >
> > ifconfig carp470 vhid 70 pass xxx carpdev vlan470 advskew 2
On Tue, Dec 21, 2010 at 09:34:01AM +0100, David Coppa wrote:
> On Tue, Dec 21, 2010 at 2:23 AM, Fernando Quintero
> wrote:
> > some comment?
> >
> > http://seclists.org/bugtraq/2010/Dec/200
>
> I'm not able to provide a solution, but this is of course a bug that
> needs to be fixed.
If you look
On Tue, Apr 13, 2010 at 04:32:12PM +0900, william dunand wrote:
> Dear list,
>
> I am currently setting up two 4.6 boxed to act as carp'ed firewalls.
[...]
> Even though I got to quite satisfying results, I am confused about the
> net.inet.carp.preempt definition given in the carp(4) man page:
On Thu, Nov 26, 2009 at 03:56:37PM +0100, Henning Brauer wrote:
> * Derek Buttineau [2009-11-26 15:07]:
> > On 2009-11-25, at 6:23 PM, Henning Brauer wrote:
> >
> > > check ifconfig -g carp on both
> >
> >
> > Right now both are at:
> >
> > carp: carp demote count 0
> >
> > However, I did che
On Tue, Oct 20, 2009 at 01:30:01AM -0600, Anathae E. Townsend wrote:
> Off topic, I know, but I'm hoping some USB programming smart readers
> might know the answer to my question.
>
> Are there available usb interface chips that an OEM can program the
> PID, VID, and Serial Number without having t
On Tue, Oct 06, 2009 at 11:22:11PM +0300, Imre Oolberg wrote:
> Hallo!
>
> I have used carp ip-stealth balancing for only pass and block rules with
> two openbsd 4.5 firewalls and https server quite successfully, like this
Hi,
finally someone who got IP balancing to work :)
>
>to
On Tue, Aug 04, 2009 at 03:15:25PM +0200, Federico wrote:
> Rosen Iliev wrote:
> > Hi Federico,
> >
> > Did you try to change the balancing mode to ip-unicast or ip-stealth?
> >
> > from man carp(4)
>
> I just tried with ip-unicast, but both machines stop working.
> Do I have to think it's a swi
On Mon, Jul 27, 2009 at 04:01:39PM +0200, Vadim Korschok wrote:
> >>> Marco Pfatschbacher 27.07.2009 11:35 >>>
> >Hmm,
>
> >are you sure this is happening with OpenBSD?
> >We solved that problem almost two years ago.
> >Dunno if Fre
Hmm,
are you sure this is happening with OpenBSD?
We solved that problem almost two years ago.
Dunno if FreeBSD merged any of these changes...
http://www.openbsd.org/cgi-bin/cvsweb/src/sys/netinet/ip_carp.c?f=h#rev1.152
On Mon, Jul 27, 2009 at 09:09:27AM +0200, Vadim Korschok wrote:
> The maili
On Thu, Nov 13, 2008 at 05:51:49PM -0800, Vivek Ayer wrote:
> Yay! I got ssh and http to work on the CARP interface. Thanks.
>
> However, the httpd redirect is not working just yet on the CARP
> interface for one of the computers. Does IP balancing mess up
> redirect?
Well, that depends.
IP balan
On Wed, Nov 12, 2008 at 11:40:36AM -0800, Vivek Ayer wrote:
> i don't think I understand. Clarify. you mean carpdev is like your
> physical interface..eth0, re0, etc.?
say you have a carp configured like:
carp0: flags=8843 mtu 1500
lladdr 00:00:5e:00:01:04
carp: MASTER carpdev em0
On Tue, Nov 11, 2008 at 03:53:54PM -0800, Vivek Ayer wrote:
[...]
> # macros
[...]
> carpdevs = "{ carp0 , carp1 }"
[...]
> # pass rules
[...]
> pass in on $carpdevs inet proto tcp from any to ($ext_if) \
>port $tcp_services flags S/SA keep state # Allow SSH Access from Outside
just from a qu
On Sat, Nov 24, 2007 at 05:14:04PM +0700, Insan Praja SW wrote:
> The ifconfig:
> Machine A#
[...]
> vlan2: flags=8943 mtu 1500
> lladdr 00:15:17:25:0a:9e
> vlan: 2 priority: 0 parent interface: em2
> groups: vlan
> inet6 fe80::215:17ff:fe25:a9e%vlan2 prefixlen 64 sc
On Sun, Nov 04, 2007 at 01:17:19PM +0100, [EMAIL PROTECTED] wrote:
>
> but we check our switches ( HP 2824 ) and my networker says that we have old
> revision of firmware inside.
> we will update this at monday and that we test it again.
I don't think that's necessary. It's not a bug in the swit
On Fri, Nov 02, 2007 at 09:53:46AM +0100, [EMAIL PROTECTED] wrote:
> hi
>
> yes the em0 ist member of the /22 network and the carpdev opion ist an old
> setting from the start of this cluster
> where i setup no ip on the interface.
>
> should i try this ip balancing whitout this option ?
No, it
On Wed, Oct 31, 2007 at 11:26:48AM +0100, holger glaess wrote:
> hi
>
> i did the carp ip loadbalancing setup as describe at the man page.
>
> i did it on an full funktional carp cluster that means that carp an pf is ok.
>
> host A:
>
> inet 10.100.0.254 255.255.252.0 10.100.3.255 carpdev em0 v
On Tue, Oct 23, 2007 at 11:10:32AM +0200, Heinrich Rebehn wrote:
>
> Googling showed up quite a few posts of people having problems with CARP
> and the "incorrect hash" message, but none really helped me.
the most common reason for "incorrect hash" messages is
that your configuration isn't in syn
On Tue, Sep 25, 2007 at 08:57:19AM -0700, dane johansen wrote:
> I went to colo, and checked what happened, as soon as a type:
> ifconfig carp0 10.10.10.110 netmask 255.255.248.0 vhid 7 advskew 100
> I get:
> ifconfig carp0 10.10.10.110 netmask 255.255.248.0 vhid 7 advskew 100
> uvm_fault(0xd6a0752
On Wed, Sep 19, 2007 at 09:07:52PM -0700, dane johansen wrote:
> Hi,
>
> I'm trying CARP ip balancing on openbsd 4.2 (-current). I have 3 boxes (host
> A, host B and host C) so I started configuring carp interfaces according
> manual:
>
> A# ifconfig carp0 10.10.10.100 netmask 255.255.248.0 vhid
On Sun, Mar 25, 2007 at 08:23:25PM +0200, Jeremie Le Hen wrote:
> > Btw, you might consider using ifstated(8)
> > instead of scripting sth w/ ifconfig(8).
>
> I don't understand what you are saying here. I explicitely showed
> the commands which can lead to my setup. They are usually handled
> b
On Fri, Mar 23, 2007 at 12:38:44PM +1200, Nigel Roberts wrote:
[...]
> You can see when the state change happens. The backup host advertises
> with advskew of 100, advbase of 2 and promptly decides it's the master
> until the next advertisment arrives from the machine that really
> should be the ma
On Fri, Mar 23, 2007 at 04:35:31PM +0100, Jeremie Le Hen wrote:
[...]
> - We are using stock OpenBSD 4.0 for our test.
[...]
> Without running ifconfig(8) too often, the convergence time is a
> few seconds but we managed to increase the delay up to 2 minutes
> with this trick.
This is fixed in 4.
On Sun, Feb 25, 2007 at 06:10:43PM +0100, Stefan Kell wrote:
> Hallo list,
>
> I want to use this machine as a dual-boot system together with windows. It
> is connected to a standard PS2-KVM, no USB-mouse or keyboard. Installation
> of both Windows and OpenBSD 4.0 from CDs worked without any pro
On Fri, Sep 15, 2006 at 12:49:20PM -0700, Tom Bombadil wrote:
> Greetings all... This was probably discussed before, but I couldn't
> really find anything in the archives.
>
> 1) We have a carp0 interface with a few aliases in it, and carp works
> fine between master (SERVER-A) and backup (SERVER-
On Fri, Jul 21, 2006 at 02:50:04PM +1000, Alex Strawman wrote:
> I'm experiencing some weird carp issues - it is working ok, however my
> logs are being filled with this:
>
> the systems are in an environment with ciscowned vrrp traffic - is
> that the cause?
Likely,
though per default carp shoul
On Thu, Apr 20, 2006 at 05:42:20PM +0200, Otto Moerbeek wrote:
>
> On Thu, 20 Apr 2006, Lars Weste wrote:
>
> > Hi,
> >
> > yes, i am running 3.8 -stable, and the backup has a higher advbase than
>
> err, for preemption to work, the advskew should be higher on the backup.
> At least, that is w
Hi,
did you remember to configure the backup machine
with a higher advskew / advbase?
Are you running -stable?
I'm not aware of any other problems in 3.8 that might cause this.
On Wed, Apr 19, 2006 at 08:59:01AM +0200, Lars Weste wrote:
> Hi,
>
> I have some problems with carp and vlans, at le
On Wed, Apr 05, 2006 at 03:16:04PM -0700, Gustavo A. Baratto wrote:
> Greetings all...
>
> We were trying to upgrade a couple of boxes (fw1 and fw2) running 3.6 to
> 3.8, but we came across an interesting problem with carp...
>
> First we installed 3.8 from scratch on just fw2, and kept fw1 in
>
On Fri, Jan 27, 2006 at 02:18:10PM +0100, Alexander Hall wrote:
> Hi!
>
> I just noticed (the hard way) a strange behaviour of ifconfig. In short,
> if I supply a netmask when removing an alias with ``-alias '',
> it is not, as one would expect, ignored, but rather used as the netmask
> for the
On Sun, Jan 01, 2006 at 10:52:43PM +, Karl O. Pinc wrote:
> On 01/01/2006 03:09:03 PM, Marco Pfatschbacher wrote:
> >On Sun, Jan 01, 2006 at 12:28:42AM +, Karl O. Pinc wrote:
> >[...]
> >> Suppose I have 2 firewalls, one failing over to the
> >> other with
On Sun, Jan 01, 2006 at 12:28:42AM +, Karl O. Pinc wrote:
[...]
> Suppose I have 2 firewalls, one failing over to the
> other with carp. (net.inet.carp.preempt=1 on
> both firewalls.) Each has 3 interfaces, internet,
> lan, and dmz. The dmz has, say, a webserver.
> Now to connect the 2 firew
On Sun, Jan 01, 2006 at 01:50:58AM +, Karl O. Pinc wrote:
> man 5 ifstated.conf says:
>
> "The init block is used
> to initialise the state and is executed each time the
> state is entered."
>
> But this does not seem to be true if you use 'init-state'
> to enter the state. Or maybe there's
On Sat, Jun 11, 2005 at 02:12:55AM -0400, Michael Erdely wrote:
[...]
> $ sudo ifconfig xl0 inet alias 192.168.25.49 \
> netmask 255.255.255.255 broadcast 192.168.25.49
[...]
> $ sudo ifconfig xl0 inet -alias 192.168.25.49 \
> netmask 255.255.255.255 broadcast 192.168.25.49
[...]
>
> Then,
39 matches
Mail list logo
