Shared memory / SQL
Hello - I need to build a server that will run PostgreSQL 8, handling up to 150 connections. The current database size is roughly 2GB now with 2.8 million rows in it's biggest table. This is expected to continue to grow steadily over time. The hardware I have to work with is a single 3Ghz p4 processor, 1GB RAM, and 2 36.7GB SCSI drives with a Dell Perc for doing RAID. How is OpenBSD's shared memory performance? Could it handle this type of load well? Many people suggest I go with FreeBSD instead because they say FreeBSD's shared memory performance is superior, something about a sysctl called kern.ipc.shm_use_phys to stop shared memory from swapping out and to use the physical ram instead, among a few other reasons. If OpenBSD would work just as well, I am sure I will have to increase the SHM* options in the kernel. Does OpenBSD have any barriers when it comes to that? Thanks for any help. David
carp on vlan's
Hello - I have vlan0 mapped on to fxp0 I have vlan1 mapped on to fxp0 as well. I have carp0 mapped on to vlan0 I have carp1 mapped on to vlan1 I have carp2 mapped on to fxp1 (internal) If I unplug the cable on fxp1, everything works. If I unplug the cable on fxp0, the second box changes to MASTER, but the first box stays MASTER too and things get screwed up. Is it possible to have fxp0 flag vlan0, then vlan0 flag carp0 that the link is down? Or make ifconfig carp0 carpdev vlan0 monitordev fxp0 so that it sends traffic out vlan0, but watches fxp0 for changes? - David
Re: carp on vlan's
On Tue, Aug 23, 2005 at 11:41:10PM +0100, Stuart Henderson wrote: --On 23 August 2005 18:26 -0400, David Hill wrote: Is it possible to have fxp0 flag vlan0, then vlan0 flag carp0 that the link is down? yes, in -current. plus.html says: Make vlan(4) aware of the underlying link state, and report that up to other interfaces layered on top. Beautiful, thanks!
sendfile()
Hello - Are there plans to add sendfile()/zero-copy to OpenBSD to improve web server performance? Thanks David
openbgpd server hardware
Hello - We are planning to build an OpenBSD server to be our edge router. We are terminating 5 DS3's into two Cisco routers and using bridge-groups and vlans to separate the connections. This works very well in our test setup. We plan on building two servers and using carp for redundancy. Our initial setup includes AMD Opterons with 1GB RAM. We will need PCI-X, or at least PCI/66Mhz NIC's for this project. I have been told SysKonnect is the way to go, but to wait on support for their new SK-9SXX series cards. We need 2 dual-port gigabit cards. The time is approaching where we need to implement this. Do any of the developers know the status of the support for the SysKonnect SK-9SXX series? What gigabit chipsets should be my second choice? Thanks David
wireless support
Hello - My neighbor has a Linksys WAP11 access point. We would like to join networks.Both our networks are in our basements. The distance is about 70ft. Would I get better signal/performance buying something similar to my neighbor, or purchasing a wireless PCI card for my OpenBSD box? If the PCI card would be the better solution, which chipset should I look into getting? Thanks David
Re: wireless support
On Tue, Jun 28, 2005 at 08:53:13AM -0400, Josh Grosse wrote: On Mon, Jun 27, 2005 at 11:46:42PM -0700, Bruce Bauer wrote: ..Get another WAP11($40-$60), make sure they have the same firmware version and configure them as a wireless bridge. They can be configured so they will only talk to each other. Of course, that means that if you still need an access point to connect to you will need another access point for that purpose. Very true. But it's more than just firmware, the hardware versions should also match. There have been several different hardware products called WAP11 by Linksys: The original WAP11, then Version 2.2, Version 2.6 and Version 2.8. Each of these has different firmware, too. Why would you choose a Linksys AP over a PCI card though?
Re: PF does not work,why?
On Mon, Jul 11, 2005 at 10:49:09PM +0800, jking1 wrote: #/etc/pf.conf # ext_if=\fxp0\ int_if=\rl0\ web_server=\192.168.0.1\ pcanywhere_port=\5631\ sql=\1433\ #table spamd persist #table spamd-white persist scrub in rdr pass on $ext_if proto tcp from any to port www - $web_server port www rdr pass on $ext_if proto tcp from any to port $pcanywhere_port - \\ $web_server port $pcanywhere_port rdr pass on $ext_if proto tcp from any to port $sql - $web_server port $sql rdr pass on $ext_if proto tcp from any to port 21 - $web_server port 21 rdr pass on $ext_if proto udp from any to port 53 - $web_server port 53 nat on $ext_if from !($ext_if) - ($ext_if:0) block return pass quick on { lo $int_if } antispoof quick for { lo $int_if } pass in log on $ext_if inet proto tcp to $ext_if port ssh flags S/SA keep state pass in log on $ext_if inet proto tcp to $web_server port 21 flags S/SA synproxy state pass in log on $ext_if inet proto tcp to $web_server port $sql flags S/SA synproxy state pass in log on $ext_if inet proto tcp to $web_server port 1434 flags S/SA synproxy state pass in on $ext_if inet proto tcp to $web_server port { www, $pcanywhere_port} \\ flags S/SA synproxy state pass in on $ext_if inet proto { tcp, udp } to $web_server port 53 flags S/SA \\ keep state pass out on $ext_if proto { tcp, udp, icmp } from any to any modulate state #/etc/hostname.fxp0# inet XXX.XXX.XX.245 255.255.255.192 NONE #/etc/hostname.rl0 # inet 192.168.0.254 255.255.255.0 NONE #/etc/mygate # XXX.XX.X.193 #show nat # haocb# pfctl -v -sn nat on fxp0 from ! (fxp0) to any - (fxp0:0) [ Evaluations: 1232 Packets: 0 Bytes: 0 States: 0 ] rdr pass on fxp0 inet proto tcp from any to any port = www - 192.168.0.1 port 80 [ Evaluations: 1575 Packets: 1897 Bytes: 1425567 States: 29 ] rdr pass on fxp0 inet proto tcp from any to any port = 5631 - 192.168.0.1 port 5631 [ Evaluations: 80Packets: 0 Bytes: 0 States: 0 ] rdr pass on fxp0 inet proto tcp from any to any port = 1433 - 192.168.0.1 port 1433 [ Evaluations: 80Packets: 742 Bytes: 56328 States: 47 ] rdr pass on fxp0 inet proto tcp from any to any port = ftp - 192.168.0.1 port 21 [ Evaluations: 11Packets: 0 Bytes: 0 States: 0 ] rdr pass on fxp0 inet proto udp from any to any port = domain - 192.168.0.1 port 53 [ Evaluations: 11Packets: 0 Bytes: 0 States: 0 ] #show rules# haocb# pfctl -v -sn scrub in all fragment reassemble [ Evaluations: 12151 Packets: 6124 Bytes: 0 States: 0 ] block return all [ Evaluations: 2933 Packets: 14Bytes: 688 States: 0 ] pass quick on lo all [ Evaluations: 2933 Packets: 0 Bytes: 0 States: 0 ] pass quick on rl0 all [ Evaluations: 2933 Packets: 2919 Bytes: 1503906 States: 0 ] block drop in quick on ! lo inet from 127.0.0.0/8 to any [ Evaluations: 14Packets: 0 Bytes: 0 States: 0 ] block drop in quick on ! lo inet6 from ::1 to any [ Evaluations: 14Packets: 0 Bytes: 0 States: 0 ] block drop in quick inet from 127.0.0.1 to any [ Evaluations: 14Packets: 0 Bytes: 0 States: 0 ] block drop in quick inet6 from ::1 to any [ Evaluations: 14Packets: 0 Bytes: 0 States: 0 ] block drop in quick on lo0 inet6 from fe80::1 to any [ Evaluations: 0 Packets: 0 Bytes: 0 States: 0 ] block drop in quick on ! rl0 inet from 192.168.0.0/24 to any [ Evaluations: 14Packets: 0 Bytes: 0 States: 0 ] block drop in quick inet from 192.168.0.254 to any [ Evaluations: 14Packets: 0 Bytes: 0 States: 0 ] block drop in quick on rl0 inet6 from fe80::211:d8ff:fe79:d52b to any [ Evaluations: 14Packets: 0 Bytes: 0 States: 0 ] pass in log on fxp0 inet proto tcp from any to 219.153.7.245 port = ssh flags S/SA keep state [ Evaluations: 43Packets: 93Bytes: 14185 States: 1 ] pass in log on fxp0 inet proto tcp from any to 192.168.0.1 port = ftp flags S/SA synproxy state [ Evaluations: 14Packets: 0 Bytes: 0
Re: uh oh, accidently deleted /usr/bin
On Sun, Nov 13, 2005 at 02:16:07PM -0800, b h wrote: Hi Okay, I feel really stupid, but that's beside the point. I need to be able to recover this machine. It's running current built from src as of November 7. I was brilliantly removing my src directory with a rm -rf * to get a completely fresh tree, when I realized I was a directory too high, running that command from /usr after immediately stopping it, I noticed the bin directory gone (and I figure there is some missing from the dest directory too -- this is all presuming that rm -rf goes alphabetically)... what is my best bet here? The system is still up and running. I presume it is to get some of the install sets and unpack them -- I would rather *not* like to do a reinstall. Which install sets do I need (presuming from the most recent snapshot, following instructions from 4.10 of FAQ). I figure I need comp38.tgz base38.tgz misc38.tgz Maybe I don't need all three of these? Anything else or other gotchas I should look out for? Can I safely reboot after untarring the above? Then after that I presume I can safely build from a newly checked out src again (being more careful)? much thanks b __ Start your day with Yahoo! - Make it your home page! http://www.yahoo.com/r/hs You will also need the newer bsd kernel as well making sure you keep the kernel and userland in sync.
Re: 3.8 boot floppy stops at pcmcia
On Sat, Nov 19, 2005 at 06:24:49AM +1300, Fletch wrote: Greets Started to install 3.8 on my laptop (Compaq Presario 2100(2133AP)) this morning, but ran into a small issue. Make the floppy38.fs, boot off it fine, starts doing all its kernel driver loading stuff, but then stops at -- snip -- fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 pcic0 at isa0 port 0x3e0/6 iomem 0xd/16384 pcic0 controller 0: Intel 82365L rev 2 has sockets A and B pcmcia0 at pcic0 controller 0 socket 0 pcmcia1 at pcic0 controller 0 socket 1 -- end -- And thats about it. Keyboard is non functional for cttl-alt-del, caps-lock doesn't flick the light on-off. Just stopped. Have had 3.7 running on this laptop before, but was having some issues with getting X.org running. Was going to upgrade to the latest version before asking about it thou. Thanks in advance for any help on this. Fletch Here is my dmesg from 3.7 OpenBSD 3.7 (GENERIC) #50: Sun Mar 20 00:01:57 MST 2005 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: mobile AMD Athlon(tm) XP 1800+ (AuthenticAMD 686-class) 1.53 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE real mem = 526950400 (514600K) avail mem = 473886720 (462780K) using 4278 buffers containing 26451968 bytes (25832K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(65) BIOS, date 12/17/02, BIOS32 rev. 0 @ 0xfd730 pcibios0 at bios0: rev 2.1 @ 0xfd730/0x8d0 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdf10/208 (11 entries) pcibios0: PCI Interrupt Router at 000:07:0 (Acer Labs M1533 ISA rev 0x00) pcibios0: PCI bus #2 is the last bus bios0: ROM list: 0xc/0xf000 0xcf000/0x800 0xdf000/0x1000! 0xe/0x4000! cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 ATI RS100 AGP rev 0x13 ppb0 at pci0 dev 1 function 0 ATI RS100 PCI rev 0x01 pci1 at ppb0 bus 1 vga1 at pci1 dev 5 function 0 ATI Radeon IGP 320M rev 0x00 wsdisplay0 at vga1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) ohci0 at pci0 dev 2 function 0 Acer Labs M5237 USB rev 0x03: irq 9, version 1.0, legacy support ohci0: SMM does not respond, resetting usb0 at ohci0: USB revision 1.0 uhub0 at usb0 uhub0: Acer Labs OHCI root hub, class 9/0, rev 1.00/1.00, addr 1 uhub0: 4 ports with 4 removable, self powered autri0 at pci0 dev 6 function 0 Acer Labs M5451 Audio rev 0x02: irq 5 ac97: codec id 0x43585429 (Conexant CX20468 rev 1) ac97: codec features reserved, headphone, 18 bit DAC, 18 bit ADC, No 3D Stereo audio0 at autri0 midi0 at autri0: 4DWAVE MIDI UART pcib0 at pci0 dev 7 function 0 Acer Labs M1533 ISA rev 0x00 vendor Acer Labs, unknown product 0x5457 (class communications subclass modem, rev 0x00) at pci0 dev 8 function 0 not configured cbb0 at pci0 dev 10 function 0 O2 Micro OZ69[17]2 CardBus rev 0x00: irq 5 pciide0 at pci0 dev 16 function 0 Acer Labs M5229 UDMA IDE rev 0xc4: DMA, channel 0 wired to compatibility, channel 1 wired to compatibility wd0 at pciide0 channel 0 drive 0: ST960822A wd0: 16-sector PIO, LBA48, 57231MB, 117210240 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5 atapiscsi0 at pciide0 channel 1 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: QSI, DVD-ROM SDR-083, MX13 SCSI0 5/cdrom removable cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2 Acer Labs M7101 Power Mgmt rev 0x00 at pci0 dev 17 function 0 not configured sis0 at pci0 dev 18 function 0 NS DP83815 10/100 rev 0x00: DP83816A, irq 11, address 00:0b:cd:18:7a:ae nsphyter0 at sis0 phy 0: DP83815 10/100 PHY, rev. 1 isa0 at pcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0 (mux 1 ignored for console): console keyboard, using wsdisplay0 pmsi0 at pckbc0 (aux slot) pckbc0: using irq 12 for aux slot wsmouse0 at pmsi0 mux 0 pcppi0 at isa0 port 0x61 midi1 at pcppi0: PC speaker sysbeep0 at pcppi0 lpt0 at isa0 port 0x378/4 irq 7 npx0 at isa0 port 0xf0/16: using exception 16 pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec cardslot0 at cbb0 slot 0 flags 0 cardbus0 at cardslot0: bus 2 device 0 cacheline 0x0, lattimer 0x20 pcmcia0 at cardslot0 biomask e76d netmask ef6d ttymask ffef pctr: user-level cycle counter enabled mtrr: Pentium Pro MTRR support dkcsum: wd0 matched BIOS disk 80 root on wd0a rootdev=0x0 rrootdev=0x300 rawdev=0x302 http://www.openbsd.org/faq/faq4.html#MkInsMedia Use floppyC38.fs for laptops.
Re: for those following -current
On Fri, Jan 13, 2006 at 02:43:21PM -0500, Michael Steinfeld wrote: On 1/13/06, Todd C. Miller [EMAIL PROTECTED] wrote: Due to some just-committed types changes you will have to build install gcc before a make build will succeed. New snapshots will be available in the next few days. Thanks for the heads up, Can you tell me the time of these commits? I updated my tree aprox. 2 hours ago. my build world has been going smooth for about an hour+ on a 1.5ghz mac mini 512ram 5400rpm drive If you're following -current, you should also be following source changes. David
Re: strange ipv6 routing issue
On Sat, Feb 18, 2006 at 12:57:05PM +0100, Olivier Mehani wrote: Hello list, I'm playing with IPv6 in 3.8 and came up to this strange problem. My IPv6 connectivity is given by a broker (xs26.net) and I have set up a gif interface to use it (gif0): /etc/hostname.gif0 contains: tunnel SIS0IPv4 BROKERIPv4 inet6 IPv6PREFIX::1 !route add -inet6 default IPv6PREFIX::1 gif0: flags=8151UP,POINTOPOINT,RUNNING,PROMISC,MULTICAST mtu 1500 groups: gif physical address inet SIS0IPv4 -- BROKERIPv4 inet6 fe80::202:6fff:fe21:ea79%gif0 - prefixlen 64 scopeid 0x8 inet6 IPv6PREFIX::1 - prefixlen 64 The funny thing is that I _can_ ping a given machine. [EMAIL PROTECTED]:~$ ping6 DISTANTHOSTNAME PING6(56=40+8+8 bytes) IPv6PREFIX::1 -- DISTANTHOSTIPv6 16 bytes from DISTANTHOSTIPv6, icmp_seq=0 hlim=53 time=207.974 ms 16 bytes from DISTANTHOSTIPv6, icmp_seq=1 hlim=53 time=176.176 ms 16 bytes from DISTANTHOSTIPv6, icmp_seq=2 hlim=53 time=241.964 ms 16 bytes from DISTANTHOSTIPv6, icmp_seq=3 hlim=53 time=253.56 ms ^C --- zorglub.ssji.net ping6 statistics --- 4 packets transmitted, 4 packets received, 0.0% packet loss round-trip min/avg/max/std-dev = 176.176/219.918/253.560/30.306 ms but I get a no route to host when trying to ssh to it [EMAIL PROTECTED]:~$ ssh -v6 DISTANTHOSTNAME OpenSSH_4.1, OpenSSL 0.9.7g 11 Apr 2005 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Connecting to DISTANTHOSTNAME [DISTANTHOSTIPv6] port 22. debug1: connect to address DISTANTHOSTIPv6 port 22: No route to host ssh: connect to host DISTANTHOSTNAME port 22: No route to host (/etc/ssh/ssh_config reads $OpenBSD: ssh_config,v 1.20 2005/01/28 09:45:53 dtucker Exp $ and has not been modified) To be even weirder, the machines behind the router, which get IPv6 in the same prefix manage to ssh to the very same host using IPv6 through the router. Does somebody have some ideas/solutions about this problem ? Useful information (note the illegal prefix len in the output of route for ::/4, which seems to be what default resolves to when route -add'ing) [EMAIL PROTECTED]:~$ uname -a OpenBSD mudrublic.narf.ssji.net 3.8 GENERIC#224 i386 [EMAIL PROTECTED]:~$ route -n show -inet6 Routing tables Internet6: DestinationGatewayFlags Refs UseMtu Interface route: illegal prefixlen ::/4 IPv6PREFIX::1 UGS 0 1591 - gif0 ::1::1UH 0 0 33224 lo0 IPv6PREFIX::/64link#8 UC 0 0 - gif0 IPv6PREFIX::1 link#8 UHLc0 12 - lo0 IPv6PREFIX:100::/64link#3 UC 0 0 - sis1 IPv6PREFIX:100::1 00:00:24:c4:22:5d UHLc0 0 - lo0 IPv6PREFIX:101::/64link#1 UC 0 0 - ath0 IPv6PREFIX:101::1 00:02:6f:21:ea:79 UHLc0 0 - lo0 IPv6PREFIX:101:211:95ff:febb:812f 00:11:95:bb:81:2f UHLc 0 1857 - ath0 IPv6PREFIX:101:230:65ff:fe0f:2795 00:30:65:0f:27:95 UHLc 02 - ath0 fe80::%ath0/64 link#1 UC 0 0 - ath0 fe80::202:6fff:fe21:ea79%ath0 00:02:6f:21:ea:79 UHLc 0 0 - lo0 fe80::211:95ff:febb:812f%ath0 00:11:95:bb:81:2f UHLc 0 109 - ath0 fe80::230:65ff:fe0f:2795%ath0 00:30:65:0f:27:95 UHLc 0 4 - ath0 fe80::%sis0/64 link#2 UC 0 0 - sis0 fe80::%sis1/64 link#3 UC 0 0 - sis1 fe80::%lo0/64 fe80::1%lo0U0 0 - lo0 fe80::%gif0link#8 UHLc 0 0 - gif0 fe80::%gif0/64 link#8 UC 0 0 - gif0 fe80::202:6fff:fe21:ea79%gif0 link#8 UHLc 0 0 - lo0 fe80::260:8ff:fe34:275f%gif0 link#8 UHLc 0 606 - gif0 ff01::/32 ::1UC 0 0 - lo0 ff02::%ath0/32 link#1 UC 0 0 - ath0 ff02::%sis0/32 link#2 UC 0 0 - sis0 ff02::%sis1/32 link#3 UC 0 0 - sis1 ff02::%lo0/32 ::1UC 0 0 - lo0 ff02::%gif0/32
Re: Intel SRCU42L
On Mon, Feb 20, 2006 at 10:34:03PM +0200, Edgars wrote: So, nobody knows? :( Hello! I want to know about this RAID controller, is it supported or no? On hw page i didn't find him, but in google and monkey.org i found that somebody tried it with OpenBSD 3.4 http://www.intel.com/design/servers/raid/srcu42l/index.htm Why not just install OpenBSD and see? If you are considering buying it, I would consider otherwise. Buy something known to be supported. David
Re: lastlog(8)
On Tue, Feb 21, 2006 at 05:17:24PM +0100, Martin Schrvder wrote: Hi, is there something like lastlog(8) for openbsd? Or has someone ported the shadow-utils? Best Martin -- http://www.tm.oneiros.de man 1 last
Re: FTP Issues
On Fri, Mar 24, 2006 at 10:38:13AM -0300, Hutger H. wrote: Hi all, I've got a problem running ftp through my PF firewall. That is the issue: - I installed a new firewall (OpenBSD 3.9) in my network to connect some users to the Internet through a new link. The users need to connect via FTP to a server located externally (Internet), so the connections must to pass by the PF firewall. - The firewall is working fine, except when some of the users try to establish a FTP connection to the outside. As soon as they connect and try to list the directories, after a long wait, they get disconnected. My firewall rules are showed at the end of the message. - Analysing the firewall's traffic, I could notice that the problem happens when the FTP server try to make a new connection back to the client using I high port. I got some tutorials explaining how to solve this problem using ftp-proxy and some PF rules/rdr, but none of the them seem to work for me. Does anyone here has an idea *how I can solve this question? *Ps: Sorry if the question is basic ... I consider myself a PF newbie since a I've worked until now only with Linux based firewalls. Thanks in advance, Hutger. --- #--- Rules begin here ext_if=pcn0 int_if=pcn1 ext_ip=172.21.28.20/32 int_ip=192.168.1.254/32 int_net=192.168.1.0/24 set skip on lo set state-policy if-bound scrub in all nat on $ext_if from $int_net - $ext_ip rdr pass on $int_if proto tcp from any to any port ftp - 127.0.0.1 port 8021 block in all block out all antispoof log quick for {$ext_if,$dmz_if,$int_if} inet # Permitindo acesso ao firewall pass in quick on $ext_if inet proto tcp from any to $ext_ip port ssh keep state flags S/SA # Acessos a partir da rede local p/ Internet pass in quick on $int_if inet proto tcp from $int_net to any modulate state pass in quick on $int_if inet proto {udp,icmp} from $int_net to any keep state # Permitindo a saida de pacotes nas interfaces pass out quick on {$ext_if,$int_if} inet proto {tcp,udp,icmp} all keep state # FTP Proxy Inbound pass in on $ext_if inet proto tcp from port ftp-data to ($ext_if) \ user proxy flags S/SA keep state #--- Rules end here man 8 ftp-proxy - David
Re: problem installing OpenBSD on LSI MegaRAID
On Tue, Apr 04, 2006 at 05:01:21PM -0700, Smith wrote: I bought a new 1U server with an Intel SE7221BK-1E Entry Server Board, a LSI MegaRAID Sata 150-4D SER523 REV B2 card, and two Seagate Barracuda 400 GBytes hard drives. Problem: When I install OpenBSD 3.8, and I get to the part that says: Proceed with install? [no] I type y and I get: No disks found Is there anything I can do at this point? Below is my dmesg: OpenBSD 3.8 (RAMDISK_CD) #794: Sat Sep 10 15:58:32 MDT 2005 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/RAMDISK_CD cpu0: Intel(R) Pentium(R) 4 CPU 3.00GHz (GenuineIntel 686-class) 3 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,EST,CNXT-ID real mem = 1064824832 (1039868K) avail mem = 966029312 (943388K) using 4278 buffers containing 53342208 bytes (52092K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(00) BIOS, date 04/19/05, BIOS32 rev. 0 @ 0xf0010 pcibios0 at bios0: rev 2.1 @ 0xf/0x1 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf54a0/240 (13 entries) pcibios0: no compatible PCI ICU found: ICU vendor 0x8086 product 0x2640 pcibios0: Warning, unable to fix up PCI interrupt routing pcibios0: PCI bus #2 is the last bus bios0: ROM list: 0xc/0x9400! 0xc9800/0x1000 0xca800/0x2200 0xcd000/0x1000 0xce000/0x1000 cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 Intel E7221 MCH Host rev 0x05 vga1 at pci0 dev 2 function 0 Intel E7221 Video rev 0x05 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) ppb0 at pci0 dev 28 function 0 Intel 82801FB PCIE rev 0x03 pci1 at ppb0 bus 1 ppb1 at pci1 dev 0 function 0 Intel PCIE-PCIE rev 0x09 pci2 at ppb1 bus 4 ppb2 at pci1 dev 0 function 2 Intel PCIE-PCIE rev 0x09 pci3 at ppb2 bus 3 uhci0 at pci0 dev 29 function 0 Intel 82801FB USB rev 0x03: irq 5 usb0 at uhci0: USB revision 1.0 uhub0 at usb0 uhub0: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered uhci1 at pci0 dev 29 function 1 Intel 82801FB USB rev 0x03: irq 11 usb1 at uhci1: USB revision 1.0 uhub1 at usb1 uhub1: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub1: 2 ports with 2 removable, self powered uhci2 at pci0 dev 29 function 2 Intel 82801FB USB rev 0x03: irq 3 usb2 at uhci2: USB revision 1.0 uhub2 at usb2 uhub2: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub2: 2 ports with 2 removable, self powered ehci0 at pci0 dev 29 function 7 Intel 82801FB USB rev 0x03: irq 5 ehci0: timed out waiting for BIOS usb3 at ehci0: USB revision 2.0 uhub3 at usb3 uhub3: Intel EHCI root hub, rev 2.00/1.00, addr 1 uhub3: 6 ports with 6 removable, self powered ppb3 at pci0 dev 30 function 0 Intel 82801BA AGP rev 0xd3 pci4 at ppb3 bus 2 em0 at pci4 dev 3 function 0 Intel PRO/1000MT (82541GI) rev 0x05: irq 3, address: 00:0e:0c:4b:73:ea ichpcib0 at pci0 dev 31 function 0 Intel 82801FB LPC rev 0x03: PM disabled pciide0 at pci0 dev 31 function 1 Intel 82801FB IDE rev 0x03: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility atapiscsi0 at pciide0 channel 0 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: LITE-ON, DVD SOHD-16P9SV, F$01 SCSI0 5/cdrom removable cd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2 pciide0: channel 1 disabled (no drives) pciide1 at pci0 dev 31 function 2 Intel 82801FR SATA rev 0x03: DMA, channel 0 wired to native-PCI, channel 1 wired to compatibility pciide1: using irq 11 for native-PCI interrupt pciide1: couldn't map channel 1 cmd regs Intel 82801FB SMBus rev 0x03 at pci0 dev 31 function 3 not configured isa0 at ichpcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 npx0 at isa0 port 0xf0/16: using exception 16 pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec biomask ffed netmask ffed ttymask ffef rd0: fixed, 3800 blocks root on rd0a rootdev=0x1100 rrootdev=0x2f00 rawdev=0x2f02 fd0: timeout (st0 20seek_cmplt cyl 0) fd0a: soft error reading fsbn 0 Are you using floppyB, which supports RAID controllers? http://www.openbsd.org/faq/faq4.html#MkInsMedia - David
Re: problem installing OpenBSD on LSI MegaRAID
On Wed, Apr 05, 2006 at 01:44:22AM +0100, Stuart Henderson wrote: On 2006/04/04 20:21, David Hill wrote: Are you using floppyB, which supports RAID controllers? http://www.openbsd.org/faq/faq4.html#MkInsMedia OpenBSD 3.8 (RAMDISK_CD) #794: Sat Sep 10 15:58:32 MDT 2005 So does the CD - the controller would appear as an unsupported device if this was the case anyway, and it's not listed at all. Unsupported bridge somewhere perhaps? Try a snapshot... Ahh, true. I didn't look close enough.
Re: Spamd, gmail and aol...
On Fri, Apr 07, 2006 at 09:41:56AM -0600, Jeff Ross wrote: Hi all, I've had several users reporting that mail to them from gmail and aol accounts has been bouncing. I finally got my hands on the bounce messages from one of the gmail messages. Two were Delivery Status Notifications like this: Delivery to the following recipient has been delayed: [EMAIL PROTECTED] Message will be retried for 1 more day(s) Technical details of temporary failure: TEMP_FAILURE: Could not initiate SMTP conversation with any hosts: [ a.mx.openvistas.net. (0): Connection dropped] culminating in the failure notice of: This is an automatically generated Delivery Status Notification Delivery to the following recipient failed permanently: [EMAIL PROTECTED] Technical details of permanent failure: TEMP_FAILURE: Probe failed: Server Too Busy I have the following gmail servers whitelisted in my /etc/whitelist #gmail 64.233.162.192/28 # zproxy gmail 64.233.170.192/28 # rproxy gmail 64.233.182.192/28 # nproxy gmail 64.233.184.192/28 # wproxy gmail 66.249.82.192/28 # xproxy gmail 66.249.92.192/28 # uproxy gmail 216.239.56.240/28 # mproxy gmail and, indeed, I don't see _any_ legitimate gmail addresses in spamdb. Right now there are two separate IP addresses allegedly from gmail accounts, but imagine my surprise that both resolve to something else entirely. spamdb is running with the system defaults with the exception of the port /usr/libexec/spamd -v -p 8024 -G 25:4:864 -g spamd.conf is using the China, Korea, Bob Beck's trapped list, and my own personal whitelist and blacklist. My next debugging attempt will be to have someone with a gmail account send mail while I'm running tcpdump on port 25. Has anyone else running spamd seen this? From my qmail logs, I see mail from gmail servers through March 23, but none since then. Thanks, Jeff spamd's whitelist is really a non-blacklist. If gmail changes what server IP the mail is coming from each time it retries the email, which is bad for greylisting. If you truly want to whitelist them, try something like this: # pf.conf table mail-white persist file /var/mail/whitelist.txt # put before !spamd-white rdr rdr on $ext inet proto tcp from mail-white to $ext:0 \ port smtp - $ext:0 port smtp
Re: Spamd, gmail and aol...
On Fri, Apr 07, 2006 at 10:49:06AM -0600, Jeff Ross wrote: On Fri, 7 Apr 2006, David Hill wrote: On Fri, Apr 07, 2006 at 09:41:56AM -0600, Jeff Ross wrote: Hi all, I've had several users reporting that mail to them from gmail and aol accounts has been bouncing. I finally got my hands on the bounce messages from one of the gmail messages. Two were Delivery Status Notifications like this: Delivery to the following recipient has been delayed: [EMAIL PROTECTED] Message will be retried for 1 more day(s) Technical details of temporary failure: TEMP_FAILURE: Could not initiate SMTP conversation with any hosts: [ a.mx.openvistas.net. (0): Connection dropped] culminating in the failure notice of: This is an automatically generated Delivery Status Notification Delivery to the following recipient failed permanently: [EMAIL PROTECTED] Technical details of permanent failure: TEMP_FAILURE: Probe failed: Server Too Busy I have the following gmail servers whitelisted in my /etc/whitelist #gmail 64.233.162.192/28 # zproxy gmail 64.233.170.192/28 # rproxy gmail 64.233.182.192/28 # nproxy gmail 64.233.184.192/28 # wproxy gmail 66.249.82.192/28 # xproxy gmail 66.249.92.192/28 # uproxy gmail 216.239.56.240/28 # mproxy gmail and, indeed, I don't see _any_ legitimate gmail addresses in spamdb. Right now there are two separate IP addresses allegedly from gmail accounts, but imagine my surprise that both resolve to something else entirely. spamdb is running with the system defaults with the exception of the port /usr/libexec/spamd -v -p 8024 -G 25:4:864 -g spamd.conf is using the China, Korea, Bob Beck's trapped list, and my own personal whitelist and blacklist. My next debugging attempt will be to have someone with a gmail account send mail while I'm running tcpdump on port 25. Has anyone else running spamd seen this? From my qmail logs, I see mail from gmail servers through March 23, but none since then. Thanks, Jeff spamd's whitelist is really a non-blacklist. If gmail changes what server IP the mail is coming from each time it retries the email, which is bad for greylisting. If you truly want to whitelist them, try something like this: # pf.conf table mail-white persist file /var/mail/whitelist.txt # put before !spamd-white rdr rdr on $ext inet proto tcp from mail-white to $ext:0 \ port smtp - $ext:0 port smtp Right, I forgot to add that to my mail. I'm doing just that. table spamd persist table spamd-white persist table whitelist persist file /etc/whitelist table zombies persist #scrub rules scrub in on $if_ext all scrub out on $if_ext all no rdr on { lo0, lo1 } from any to any rdr pass on $if_ext proto tcp from whitelist to port smtp \ - ($if_ext) port 25 rdr pass on $if_ext proto tcp from !spamd-white to port smtp \ - 127.0.0.1 port 8024 #rdr on $if_ext inet proto tcp from port 8025 - 127.0.0.1 port 465 rdr pass on $if_ext proto tcp from any to any port 8025 - 127.0.0.1 \ port 465 Thanks for the reply! Jeff Since you are passing -v to spamd, have you grep -i'd /var/log/daemon for gmail? David
Re: Spamd, gmail and aol...
On Fri, Apr 07, 2006 at 02:41:17PM -0600, Jeff Ross wrote: On Fri, 7 Apr 2006, Darrin Chandler wrote: Jeff Ross wrote: Delivery to the following recipient has been delayed: [EMAIL PROTECTED] Message will be retried for 1 more day(s) Technical details of temporary failure: TEMP_FAILURE: Could not initiate SMTP conversation with any hosts: [ a.mx.openvistas.net. (0): Connection dropped] culminating in the failure notice of: This is an automatically generated Delivery Status Notification Delivery to the following recipient failed permanently: [EMAIL PROTECTED] Technical details of permanent failure: TEMP_FAILURE: Probe failed: Server Too Busy Is it possible you're hitting spamd's max connection limit? I don't think so. This is a moderately busy e-mail server, and 800 connections seems like a lot. Is there a tool out there I don't know about that can figure out the number of active connections? netstat -f inet -p tcp -n | grep 8025 | wc -l or netstat -f inet -p tcp -n | grep 8025 | grep ESTABLISHED | wc -l spamd.conf is using the China, Korea, Bob Beck's trapped list, and my own personal whitelist and blacklist. My next debugging attempt will be to have someone with a gmail account send mail while I'm running tcpdump on port 25. Has anyone else running spamd seen this? From my qmail logs, I see mail from gmail servers through March 23, but none since then. Never had any trouble with gmail once the various servers were whitelisted. Are you putting your whitelist after Bob Beck's list in spamd.conf? After your own blacklist? From my spamd.conf all:\ :china:korea:blacklist:beck:whitelist -- Darrin Chandler| Phoenix BSD Users Group [EMAIL PROTECTED] | http://bsd.phoenix.az.us/ http://www.stilyagin.com/ | Jeff
Re: sendmail causing high load
On Fri, Jun 02, 2006 at 02:32:26PM +0200, Jasper Bal wrote: Jasper Bal schreef: Hi all, My isp blocks traffic on port 25. So i decided to experiment on adding a listening port for sendmail. I added port 53, because this is never blocked. I added the following line in sendmail.cf: OOPort=53. I killed -1 sendmail. And then all my connections timed out. Ping gives a 80% loss. Are there that many wild dns requests? The box doesn't run his own dns-server, nor is it registered as one. I'm running OpenBSD 3.7 on this one. Any thoughts? After my colocator fixed the switch, I was able to watch statistics on data traffic. There was minimal traffic, so no DOS attack ;-) Requested a reboot and everything was fine again. Port 53 didn't work properly so i used 26 instead. Now it works fine. Probably a dangling bit somewhere. Kind regards, Jasper Why not use the standard port of 587? - David
Re: sendmail Maildir
On Thu, Jul 10, 2008 at 04:56:07PM +0200, GVG GVG wrote: Dear List, having a 4.3 and sendmail installation, the default locations where the mails go is /var/mail/$USER. How can I change that and point to a Maildir formatted location? Thanks George Hi George - You need to use a mail delivery agent (MDA), such as procmail, maildrop, or dovecot's deliver. - David
Re: tcpdump -X
On Tue, Jul 15, 2008 at 03:42:58PM +0200, GVG GVG wrote: Dear list, was going through the OpenBSD tcpdump version and couldn't identify anything like the '-A' flag in order to capture full web sites etc. Tried optin '-X' but didn't work! Should I use '-s snaplen' but what snaplen value do I have to define. Tried few combinations with no success! Thanks for your help George Use the size of your MTU, which can be found my using ifconfig. -- David Hill
Re: relayd problems
What are the spaces in the IP addresses? On Tue, Aug 16, 2011 at 11:46:26AM -0500, James Flom wrote: :Hi all, : :Using a snapshot from Aug 1st I can't get more than one of these relays to run :at the same time with the fallback forward to in there, but up to 3 at once :with that line removed from each relay, with 4 relays though it always fails. :Any idea if this is a bug or configuration issue? : :Thanks, :-James : :Relayd.conf :# Macros :http_port=80 :https_port=443 : :# Define server/service macros :include /etc/relays/hosts.conf : :# Global Configuration :interval 20 :timeout 200 :prefork 10 :log updates : :# failover table :table fallback disable { 10.1.0.20 retry 2 } : :include /etc/relays/relays.conf :# END : : :hosts.conf (/etc/relays/hosts.conf) :# www_a :www_a_ext=10. 0.0.193 :www_a_01_int=172.20.30.137 :table www_a { $www_a_01_int } : :# www_b :www_b_ext=10.0.0.194 :www_b_01_int=172.20.30.133 :table www_b { $www_b_01_int } : :# www_c :www_c_ext=10. 0.0.200 :www_c_01_int=172.20.30.140 :table www_c { $www_c_01_int } : :# www_d :www_d_ext=10. 0.0.195 :www_d_01_int=172.20.30.142 :table www_d { $www_d_01_int } :# END : : :relays.conf (/etc/relays/relays.conf) :# www_a :relay www_a_com { :listen on $www_a_ext port 80 :forward to www_a port 80 check http / code 200 :forward to fallback port 80 timeout 300 check tcp :} : :# www_b :relay www_b_com { :listen on $www_b_ext port 80 :forward to www_b port 80 check http / code 200 :forward to fallback port 80 timeout 300 check tcp :} : :# www_c :relay www_c_com { :listen on $www_c_ext port 80 :forward to www_c port 80 check http / code 200 :forward to fallback port 80 timeout 300 check tcp :} : :# www_d :relay www_d_com { :listen on $www_d_ext port 80 :forward to www_d port 80 check http / code 200 :forward to fallback port 80 timeout 300 check tcp :} :# END : : : :# relayd -vvd :startup :socket_rlimit: max open files 1024 :socket_rlimit: max open files 1024 :socket_rlimit: max open files 1024 :warning: macro 'http_port' not used :socket_rlimit: max open files 1024 :warning: macro 'https_port' not used :socket_rlimit: max open files 1024 :socket_rlimit: max open files 1024 :relay_privinit: adding relay www_a_com :protocol -1: name default :flags: used, relay flags: :type: tcp :relay_privinit: adding relay www_b_com :protocol -1: name default :flags: used, relay flags: :type: tcp :relay_privinit: adding relay www_c_com :protocol -1: name default :flags: used, relay flags: :type: tcp :relay_privinit: adding relay www_d_com :protocol -1: name default :flags: used, relay flags: :type: tcp :adding 1 hosts from table www_a:80 :relay_launch: running relay www_a_com :adding 1 hosts from table www_b:80 :relay_launch: running relay www_b_com :adding 1 hosts from table www_c:80 :adding 1 hosts from table www_a:80 :relay_launch: running relay www_c_com :adding 1 hosts from table www_d:80 :relay_launch: running relay www_d_com :relay_launch: running relay www_a_com :adding 1 hosts from table www_b:80 :relay_launch: running relay www_b_com :adding 1 hosts from table www_c:80 :relay_launch: running relay www_c_com :adding 1 hosts from table www_d:80 :relay_launch: running relay www_d_com :adding 1 hosts from table www_a:80 :relay_launch: running relay www_a_com :adding 1 hosts from table www_b:80 :adding 1 hosts from table www_a:80 :relay_launch: running relay www_b_com :relay_launch: running relay www_a_com :adding 1 hosts from table www_b:80 :adding 1 hosts from table www_c:80 :relay_launch: running relay www_c_com :relay_launch: running relay www_b_com :adding 1 hosts from table www_d:80 :adding 1 hosts from table www_c:80 :relay_launch: running relay www_d_com :relay_launch: running relay www_c_com :adding 1 hosts from table www_d:80 :relay_launch: running relay www_d_com :adding 1 hosts from table www_a:80 :relay_launch: running relay www_a_com :adding 1 hosts from table www_b:80 :relay_launch: running relay www_b_com :adding 1 hosts from table www_c:80 :relay_launch: running relay www_c_com :adding 1 hosts from table www_d:80 :relay_launch: running relay www_d_com :hce_notify_done: 172.20.30.133 (http code ok) :host 172.20.30.133, check http code (2ms), state unknown - up, availability :100.00% :hce_notify_done: 172.20.30.137 (http code ok) :host 172.20.30.137, check http code (2ms), state unknown - up, availability :100.00% :hce_notify_done: 172.20.30.142 (http code ok) :host 172.20.30.142, check http code (2ms), state unknown - up, availability :100.00% :fatal: pfe_dispatch_imsg: invalid host id :hce exiting, pid 28386 :lost child: hce exited okay :lost child: pfe exited abnormally :relay exiting, pid 672 :relay exiting, pid 13247 :relay exiting, pid 30099 :relay exiting, pid 11566 :relay exiting, pid 16851 :parent terminating, pid 28820 : -- Everyone is a genius. It's just that
Re: iwi annoyance when changing AP
On Wed, Jul 22, 2009 at 03:06:25PM -0400, Jeremy Chase wrote: Hi Guys, My iwi interface works very well if I set it up with /etc/hostname.iwi0, but if I change access points I can usually not get onto a new network. For example, consider this scenario: At location 1 with open AP 'dlink' available: # echo dhcp nwid dlink /etc/hostname.iwi0 (reboot), and all is well. OK I move to a new location without rebooting, and I want to get onto a new AP, for example 'attwifi', so I try: # ifconfig nwid attwifi(However this will almost never result in 'status active', sometimes it does work, randomly.) # sh /etc/netstart iwi0 (rarely works because it says no link) This will reset your nwid to 'dlink', which is what you have in /etc/hostname.iwi0 I have tried to reset it to defaults with the man page example, but this doesn't work either.. I'll try something like this: ifconfig iwi0 -bssid -chan media autoselect nwid -nwkey -wpa -wpapsk ifconfig iwi0 nwid attwifi ifconfig iwi0 up sh /etc/netstart iwi0 (However this usually does not work either) Again, this resets your nwid to 'dlink'. I think instead of sh /etc/netstart iwi0, you want /sbin/dhclient iwi0 So I am often forced to reboot just to change AP's, and that is rather annoying. Any thoughts? I am running -current but have had this issue since 4.5-release The machine is an IBM T42p $ pkg_info | grep iwi iwi-firmware-3.1Firmware binary image for iwi driver OpenBSD 4.6-current (GENERIC) #62: Wed Jul 15 17:27:21 MDT 2009 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel(R) Pentium(R) M processor 2.00GHz (GenuineIntel 686-class) 599 MHz cpu0: FPU,V86,DE,PSE,TSC,MSR,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,TM,SBF,EST,TM2 real mem = 1072656384 (1022MB) avail mem = 1028411392 (980MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 06/18/07, BIOS32 rev. 0 @ 0xfd750, SMBIOS rev. 2.33 @ 0xe0010 (61 entries) bios0: vendor IBM version 1RETDRWW (3.23 ) date 06/18/2007 bios0: IBM 2373KUU apm0 at bios0: Power Management spec V1.2 apm0: battery life expectancy 29% apm0: AC off, battery charge high, estimated 0:24 hours acpi at bios0 function 0x0 not configured pcibios0 at bios0: rev 2.1 @ 0xfd6e0/0x920 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdea0/272 (15 entries) pcibios0: PCI Interrupt Router at 000:31:0 (Intel 82371FB ISA rev 0x00) pcibios0: PCI bus #6 is the last bus bios0: ROM list: 0xc/0x1 0xd/0x1000 0xd1000/0x1000 0xdc000/0x4000! 0xe/0x1 cpu0 at mainbus0: (uniprocessor) cpu0: Enhanced SpeedStep 599 MHz: speeds: 2000, 1800, 1600, 1400, 1200, 1000, 800, 600 MHz pci0 at mainbus0 bus 0: configuration mode 1 (bios) io address conflict 0x5800/0x8 io address conflict 0x5808/0x4 io address conflict 0x5810/0x8 io address conflict 0x580c/0x4 pchb0 at pci0 dev 0 function 0 Intel 82855PM Host rev 0x03 intelagp0 at pchb0 agp0 at intelagp0: aperture at 0xd000, size 0x1000 ppb0 at pci0 dev 1 function 0 Intel 82855PM AGP rev 0x03 pci1 at ppb0 bus 1 vga1 at pci1 dev 0 function 0 ATI Radeon Mobility M10 rev 0x80 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) radeondrm0 at vga1: irq 11 drm0 at radeondrm0 uhci0 at pci0 dev 29 function 0 Intel 82801DB USB rev 0x01: irq 11 uhci1 at pci0 dev 29 function 1 Intel 82801DB USB rev 0x01: irq 11 uhci2 at pci0 dev 29 function 2 Intel 82801DB USB rev 0x01: irq 11 ehci0 at pci0 dev 29 function 7 Intel 82801DB USB rev 0x01: irq 11 usb0 at ehci0: USB revision 2.0 uhub0 at usb0 Intel EHCI root hub rev 2.00/1.00 addr 1 ppb1 at pci0 dev 30 function 0 Intel 82801BAM Hub-to-PCI rev 0x81 pci2 at ppb1 bus 2 mem address conflict 0xb000/0x1000 mem address conflict 0xb100/0x1000 cbb0 at pci2 dev 0 function 0 TI PCI4520 CardBus rev 0x01: irq 11 cbb1 at pci2 dev 0 function 1 TI PCI4520 CardBus rev 0x01: irq 11 em0 at pci2 dev 1 function 0 Intel PRO/1000MT (82540EP) rev 0x03: irq 11, address 00:0d:60:79:a8:3c iwi0 at pci2 dev 2 function 0 Intel PRO/Wireless 2200BG rev 0x05: irq 11, address 00:0e:35:7b:29:23 cardslot0 at cbb0 slot 0 flags 0 cardbus0 at cardslot0: bus 3 device 0 cacheline 0x8, lattimer 0xb0 pcmcia0 at cardslot0 cardslot1 at cbb1 slot 1 flags 0 cardbus1 at cardslot1: bus 6 device 0 cacheline 0x8, lattimer 0xb0 pcmcia1 at cardslot1 ichpcib0 at pci0 dev 31 function 0 Intel 82801DBM LPC rev 0x01: 24-bit timer at 3579545Hz pciide0 at pci0 dev 31 function 1 Intel 82801DBM IDE rev 0x01: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility wd0 at pciide0 channel 0 drive 0: HTS726060M9AT00 wd0: 16-sector PIO, LBA, 57231MB, 117210240 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5 atapiscsi0 at pciide0 channel 1 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: HL-DT-ST, RW/DVD GCC-4242N, 0201
Re: Same shit all over again
This email comes from kd85.com. contact-hdl: CCOM-138654 person: Wim Vandeputte organization: KD85.com bvba email:w...@kd85.com address: Kasteeldreef 85 city: Lovendegem postal-code: 9920 country: BE phone:+32.478217355 On 08/13/10 13:46, disgrun tled-developers wrote: Just to keep the mortals in the loop, This date to day, on Tuesday the 13th of August 2002, Theo had another fit and kicked out all the OpenBSD developers for a couple of days or so: Subject: Re: dealing with security issues when Theo is away Date: Tue, 13 Aug 2002 10:25:08 -0600 From: Theo de Raadt dera...@cvs.openbsd.org None of this that you posted changes a single thing. I DID say who was responsible. Those people were not contacted. It seems you still don't understand the level of not caring that happened. I am taking a holiday next week. For that time, I think cvs will be turned off. Good god, reading even further, you are so fucking out of touch. There are only 3 machines on at my house at the moment, and you start talking about OTHER machines? NOONE PHONED ME. And: Subject: And Date: Wed, 14 Aug 2002 17:35:30 -0600 From: Theo de Raadt dera...@cvs.openbsd.org If I don't get answers from the evasive developers soon, I am going to take this to misc, and I will be very open with naming names. This is now days of people trying to hide from what happened. -- snip snip So Theo shut down all machines in his basement and none of the developers had any access to the work they doing. I'd like to remind people that at this point we lost valuable developers like Niels Provos which turns out the be one of the few who fully understood crypto and the security improvements like separation of privileges. Not to forget Hugh, Aaron and a few others Others had their account re-enabled after groveling. And all that over a misunderstanding that is to blame to the fact that Theo had no written procedures on how to deal with 'issues'. When Theo is away, you just 'wing it'. Today, we see the same shit all over again... Theo just announced the following: - snip snip To: hack...@cvs.openbsd.org Subject: Tree locked Date: Fri, 13 Aug 2010 10:03:05 -0600 From: Theo de Raadt dera...@cvs.openbsd.org I am locking all the trees until the development community decides how future releases will be done. Yes, we all have to do our part. We write code, and some people go further by building, and some people go even further by building during the release cycle. But everyone also has to test, or we will ship crap. Yet on random releases this process totally falls over, and we end up shipping crap. Three architectures did not have one of their boot methods checked -- yes, they are listed in the TESTS file! -- and the bugs were found very very late in the process. Basically 1 week after the TEST file went up. pkg_add turns out to have a major bug which would have been spotted if just a few other people had tested another line item in the TESTS file. That is ridiculous. I cannot accept all this pressure being on me; I want recognition that all the people who thus far have accused me for not being clear are wrong. we have developers in the group who cannot by themselves recognize -- even ANTICIPATE -- that we are going into the same 6-month release cycle, EVERY feb/march, and EVERY august/sept, and then participate to identify the 10 last stupid bugs that we should fix. Is there that little desire to ship a good release? It will not be fixed by sending more mails out. I did send out mails and they were ignored. Communication coming from me is not the problem; it is clear that developers are NOT LISTENING. The problem is not new developers either. Anyone accusing them has got it all wrong. New developers are supposed to learn the ropes from old developers, and it is the old developers who are not doing their part. Yes, that means you. 31 people tested, meaning 140 people did not. Any suggestions for people who have idled out and don't want to be involved any more? When we ship a crap release, it is not my fault. It is YOUR fault. So tell me how we are going to fix this. Don't reply just to me. As I said, I will not accept responsibility for what went wrong here. And if anyone wants their account disabled, please accuse me just once more. - snip snip And he picks on a few individuals: - snip snip To: hack...@cvs.openbsd.org Subject: Testing Date: Fri, 13 Aug 2010 09:39:12 -0600 From: Theo de Raadt dera...@cvs.openbsd.org I would like to see some tests for the upcoming release from Henning. I hope this communication is clear enough. - snip snip To: henn...@cvs.openbsd.org cc: hack...@cvs.openbsd.org Subject: Apology Date: Fri, 13 Aug 2010 09:44:45 -0600 From: Theo de Raadt dera...@cvs.openbsd.org I
Re: Same shit all over again
On 08/15/10 22:22, David Hill wrote: This email comes from kd85.com. contact-hdl: CCOM-138654 person: Wim Vandeputte organization: KD85.com bvba email:w...@kd85.com address: Kasteeldreef 85 city: Lovendegem postal-code: 9920 country: BE phone:+32.478217355 And for those who wish to know how I came up with this: here is an email response from the culprit: email Nope, nothing to do with that... we all still have our commit bit and in two weeks we'll be committing to the tree again... just like you... unless of course you did not do your testing home work On Sun, Aug 15, 2010 at 7:25 PM, David Hill dh...@openbsd.org wrote: So, do you start this troll thread too? http://tinyurl.com/2uhlqpy (trollaxer) /email -- SNIP SNIP SNIP I CAN SNIP TOO -- Well, tinyurl redirects to my box which redirects to trollaxer. Here is the culprit log for falling for such a silly trick. 83.101.24.229 - - [15/Aug/2010:19:13:12 -0400] GET /why.html HTTP/1.1 200 136 - Mozilla/5.0 (X11; U; OpenBSD i386; en-US; rv:1.9.0.11) Gecko/2009070118 Firefox/3.0.11 # host kd85.com kd85.com has address 83.101.24.229 # cat why.html html head meta http-equiv=refresh content=0;url=http://www.trollaxor.com/2010/06/why-i-left-openbsd.html; / /head /html On 08/13/10 13:46, disgrun tled-developers wrote: Just to keep the mortals in the loop, This date to day, on Tuesday the 13th of August 2002, Theo had another fit and kicked out all the OpenBSD developers for a couple of days or so: Subject: Re: dealing with security issues when Theo is away Date: Tue, 13 Aug 2002 10:25:08 -0600 From: Theo de Raadt dera...@cvs.openbsd.org None of this that you posted changes a single thing. I DID say who was responsible. Those people were not contacted. It seems you still don't understand the level of not caring that happened. I am taking a holiday next week. For that time, I think cvs will be turned off. Good god, reading even further, you are so fucking out of touch. There are only 3 machines on at my house at the moment, and you start talking about OTHER machines? NOONE PHONED ME. And: Subject: And Date: Wed, 14 Aug 2002 17:35:30 -0600 From: Theo de Raadt dera...@cvs.openbsd.org If I don't get answers from the evasive developers soon, I am going to take this to misc, and I will be very open with naming names. This is now days of people trying to hide from what happened. -- snip snip So Theo shut down all machines in his basement and none of the developers had any access to the work they doing. I'd like to remind people that at this point we lost valuable developers like Niels Provos which turns out the be one of the few who fully understood crypto and the security improvements like separation of privileges. Not to forget Hugh, Aaron and a few others Others had their account re-enabled after groveling. And all that over a misunderstanding that is to blame to the fact that Theo had no written procedures on how to deal with 'issues'. When Theo is away, you just 'wing it'. Today, we see the same shit all over again... Theo just announced the following: - snip snip To: hack...@cvs.openbsd.org Subject: Tree locked Date: Fri, 13 Aug 2010 10:03:05 -0600 From: Theo de Raadt dera...@cvs.openbsd.org I am locking all the trees until the development community decides how future releases will be done. Yes, we all have to do our part. We write code, and some people go further by building, and some people go even further by building during the release cycle. But everyone also has to test, or we will ship crap. Yet on random releases this process totally falls over, and we end up shipping crap. Three architectures did not have one of their boot methods checked -- yes, they are listed in the TESTS file! -- and the bugs were found very very late in the process. Basically 1 week after the TEST file went up. pkg_add turns out to have a major bug which would have been spotted if just a few other people had tested another line item in the TESTS file. That is ridiculous. I cannot accept all this pressure being on me; I want recognition that all the people who thus far have accused me for not being clear are wrong. we have developers in the group who cannot by themselves recognize -- even ANTICIPATE -- that we are going into the same 6-month release cycle, EVERY feb/march, and EVERY august/sept, and then participate to identify the 10 last stupid bugs that we should fix. Is there that little desire to ship a good release? It will not be fixed by sending more mails out. I did send out mails and they were ignored. Communication coming from me is not the problem; it is clear that developers are NOT LISTENING. The problem is not new developers either. Anyone accusing them has got it all wrong. New developers are supposed to learn the ropes from old developers
Re: PF 'traceroute -I host' 'tracert host' problem
This has been fixed 4.8 On Thu, Aug 19, 2010 at 03:08:23AM +0300, ?? ?? wrote: Hi I move from 4.6 to 4.7, rewrite my pf.conf rules to match new style. Everything works fine, but when I try to traceroute a host with -I flag (force to use icmp) on my obsd fw I got Request time out on all hops exclude the last one, which I was my target to traceroute. Here is an example: [ns]~$ traceroute -I data.bg traceroute to data.bg (195.149.248.130), 64 hops max, 60 byte packets 1 * * * 2 * * * 3 * * * 4 web.data.bg (195.149.248.130) 0.740 ms 0.707 ms 0.733 ms As you can see only the last hop is present. Example without -I flag (using udp); [ns]~$ traceroute data.bg traceroute to data.bg (195.149.248.130), 64 hops max, 40 byte packets 1 gw.tbc.bg (94.26.7.33) 0.591 ms 0.462 ms 0.443 ms 2 peer.tbc.bg (94.26.50.2) 0.961 ms 1.317 ms 1.965 ms 3 85.91.141.65 (85.91.141.65) 0.866 ms 0.905 ms 1.93 ms 4 web.data.bg (195.149.248.130) 0.847 ms 0.732 ms 0.712 ms When I use 'tracert host' on MS Windows box behind my obsd fw, I got a same behavior C:\Users\Administratortracert data.bg Tracing route to data.bg [195.149.248.130] over a maximum of 30 hops: 11 ms1 ms1 ms ns.bsdbg.net [192.168.1.1] 2 *** Request timed out. 3 *** Request timed out. 4 *** Request timed out. 51 ms 1 ms 1 ms web.data.bg [195.149.248.130] Trace complete. Here first hop is my obsd fw. I use tcpdump to see what actually happens: [ns]~# tcpdump -nettti pflog0 host vlado and icmp tcpdump: listening on pflog0, link-type PFLOG Aug 19 02:29:32.165656 rule 85/(match) pass in on em1: 192.168.1.2 195.149.248.130: icmp: echo request [ttl 1] Aug 19 02:29:33.168104 rule 120/(match) pass out on em0: 192.168.1.2 195.149.248.130: icmp: echo request [ttl 1] Aug 19 02:29:33.168117 rule 17/(match) match out on em0: 192.168.1.2 195.149.248.130: icmp: echo request [ttl 1] Aug 19 02:29:33.168128 rule 16/(match) match out on em0: 192.168.1.2 195.149.248.130: icmp: echo request [ttl 1] Aug 19 02:29:33.168593 rule 120/(match) pass in on em0: 94.26.7.33 192.168.1.2: icmp: time exceeded in-transit [tos 0xc0] Aug 19 02:29:33.168613 rule 14/(match) block out on em1: 94.26.7.33 192.168.1.2: icmp: time exceeded in-transit [tos 0xc0] Aug 19 02:29:36.960715 rule 120/(match) pass in on em0: 94.26.7.33 192.168.1.2: icmp: time exceeded in-transit [tos 0xc0] Aug 19 02:29:40.960831 rule 120/(match) pass in on em0: 94.26.7.33 192.168.1.2: icmp: time exceeded in-transit [tos 0xc0] Aug 19 02:29:44.962196 rule 120/(match) pass in on em0: 94.26.50.2 192.168.1.2: icmp: time exceeded in-transit [tos 0xc0] Aug 19 02:29:48.961438 rule 120/(match) pass in on em0: 94.26.50.2 192.168.1.2: icmp: time exceeded in-transit [tos 0xc0] Aug 19 02:29:52.961678 rule 120/(match) pass in on em0: 94.26.50.2 192.168.1.2: icmp: time exceeded in-transit [tos 0xc0] Aug 19 02:29:56.960795 rule 120/(match) pass in on em0: 85.91.141.65 192.168.1.2: icmp: time exceeded in-transit Aug 19 02:30:00.960785 rule 120/(match) pass in on em0: 85.91.141.65 192.168.1.2: icmp: time exceeded in-transit Aug 19 02:30:05.002249 rule 120/(match) pass in on em0: 85.91.141.65 192.168.1.2: icmp: time exceeded in-transit Aug 19 02:30:08.960640 rule 120/(match) pass in on em0: 195.149.248.130 192.168.1.2: icmp: echo reply Aug 19 02:30:08.961639 rule 120/(match) pass in on em0: 195.149.248.130 192.168.1.2: icmp: echo reply Aug 19 02:30:08.962888 rule 120/(match) pass in on em0: 195.149.248.130 192.168.1.2: icmp: echo reply When I turn off pf (pfctl -d) 'traceroute -I' work as it should. I really don't know what happen. Thanks in advance, Atanas Here is my pf.conf ## pf.conf ## Macros ## ### Interfaces ### ExtIf =em0 IntIf =em1 ### Hosts ### vl=192.168.1.2 jl=192.168.1.3 ve=192.168.1.4 ntp=192.168.1.5 ### Queues, States and Types ### IcmpType =icmp-type 8 code 0 SynState =flags S/SAFR synproxy state TcpState =flags S/SAFR modulate state UdpState =keep state ### Ports ### # Squid squid=2020 # Remote Desktop Connection rdc_int=3389 rdc_ext=4000 # Skype vl_skype=30001 jl_skype=30002 ve_skype=30003 # uTorrent vl_torrent=30004 jl_torrent=30005 ve_torrent=30006 urange=30004:30006 # HFS vl_hfs=8080 # VsFTP ftprange=55000:6 FtpPort =8021 # Symux symux=2100 # Battle.net bnet=6112 # Ssh ssh_ext=443 ### Stateful Tracking Options (STO) ### ExtIfSTO =(max 9000, source-track rule, max-src-conn 2000, max-src-nodes 254) IntIfSTO =(max 250, source-track rule, max-src-conn 100, max-src-nodes 254, max-src-conn-rate 75/20) PostfxSTO =(max 100, source-track rule, max-src-states 5, max-src-nodes 30, max-src-conn-rate 10/300, overload
Re: set nano as deafult when editing crontab
On Thu, Dec 23, 2010 at 03:48:49PM -0600, Orestes Leal R. wrote: :I want to edit the crontab with nano but by default vi it's invoked :when I do 'crontab -e' : -eEdit the current crontab using the editor specified by the VISUAL or EDITOR environment variables. After you exit from the editor, the modified crontab(5) will be installed automatically. env EDITOR=nano crontab -e
Re: bwi0
, using wsdisplay0 pms0 at pckbc0 (aux slot) pckbc0: using irq 12 for aux slot wsmouse0 at pms0 mux 0 pcppi0 at isa0 port 0x61 midi0 at pcppi0: PC speaker spkr0 at pcppi0 npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 usb1 at ohci0: USB revision 1.0 uhub1 at usb1 SiS OHCI root hub rev 1.00/1.00 addr 1 usb2 at ohci1: USB revision 1.0 uhub2 at usb2 SiS OHCI root hub rev 1.00/1.00 addr 1 cardslot0 at cbb0 slot 0 flags 0 cardbus0 at cardslot0: bus 2 device 0 cacheline 0x0, lattimer 0x20 pcmcia0 at cardslot0 biomask efcd netmask efdd ttymask ffdf mtrr: Pentium Pro MTRR support softraid0 at root root on wd0a swap on wd0b dump on wd0b umass0 at uhub0 port 4 configuration 1 interface 0 Memorex Flashdrive 601B rev 2.00/1.00 addr 2 umass0: using SCSI over Bulk-Only scsibus1 at umass0: 2 targets, initiator 0 sd0 at scsibus1 targ 1 lun 0: Memorex, Flashdrive 601B, PMAP SCSI0 0/direct removable sd0: 477MB, 60 cyl, 255 head, 63 sec, 512 bytes/sec, 977664 sec total I hope this is enough info. Thanks. Mike -- David Hill