throttling cpu in C0 state patch
while browsing latest modification I see the throttle written function was not used yet so for curiosity I've tried to use it for throttling cpu in C0 state. I've made some test (md5) sweeping the whole throttle range (hw.throttle=1..2^dutywidth) and it seems to work giovanni diff -ru sys.orig/arch/i386/conf/GENERIC sys/arch/i386/conf/GENERIC --- sys.orig/arch/i386/conf/GENERIC Fri Jun 1 08:53:17 2007 +++ sys/arch/i386/conf/GENERIC Sat Jun 2 21:46:39 2007 @@ -58,19 +58,19 @@ pci* at mainbus0 #optionACPIVERBOSE -#optionACPI_ENABLE +option ACPI_ENABLE -acpi0 at mainbus? disable -#acpitimer*at acpi? +acpi0 at mainbus? +acpitimer* at acpi? #acpihpet* at acpi? -#acpiac* at acpi? -#acpibat* at acpi? -#acpibtn* at acpi? -#acpicpu* at acpi? +acpiac*at acpi? +acpibat* at acpi? +acpibtn* at acpi? +acpicpu* at acpi? #acpidock* at acpi? -acpiec*at acpi?disable +acpiec*at acpi? acpiprt* at acpi? -#acpitz* at acpi? +acpitz*at acpi? option PCIVERBOSE option EISAVERBOSE diff -ru sys.orig/dev/acpi/acpicpu.c sys/dev/acpi/acpicpu.c --- sys.orig/dev/acpi/acpicpu.c Fri Jun 1 08:53:31 2007 +++ sys/dev/acpi/acpicpu.c Sun Jun 3 08:40:38 2007 @@ -56,7 +56,8 @@ #define CPU_THT_EN (1L 4) #define CPU_MAXSTATE(sc) (1L (sc)-sc_duty_wid) -#define CPU_STATE(sc,pct) ((pct * CPU_MAXSTATE(sc) / 100) (sc)-sc_duty_off) +#define CPU_DUTYWIDTH(sc) ((sc)-sc_duty_wid) +#define CPU_STATE(sc,pct) (pct (sc)-sc_duty_off) #define CPU_STATEMASK(sc) ((CPU_MAXSTATE(sc) - 1) (sc)-sc_duty_off) #define ACPI_MAX_C2_LATENCY 100 @@ -106,7 +107,7 @@ void(*sc_notify)(struct acpicpu_pss *, int); }; -voidacpicpu_set_throttle(struct acpicpu_softc *, int); +voidacpicpu_set_throttle(int *); voidacpicpu_add_cstatepkg(struct aml_value *, void *); intacpicpu_getpct(struct acpicpu_softc *); intacpicpu_getpss(struct acpicpu_softc *); @@ -122,6 +123,7 @@ }; extern int setperf_prio; +extern int throttle_lv; #ifdef __i386__ struct acpicpu_softc *acpicpu_sc[I386_MAXPROCS]; @@ -130,22 +132,27 @@ #endif void -acpicpu_set_throttle(struct acpicpu_softc *sc, int level) +acpicpu_set_throttle(int* level) { - uint32_t pbval; + uint32_tpbval; + struct acpicpu_softc*sc; + sc = acpicpu_sc[cpu_number()]; + if (sc-sc_flags FLAGS_NOTHROTTLE) return; /* Disable throttling control */ pbval = inl(sc-sc_pblk_addr); outl(sc-sc_pblk_addr, pbval ~CPU_THT_EN); - if (level 100) { - pbval = ~CPU_STATEMASK(sc); - pbval |= CPU_STATE(sc, level); - outl(sc-sc_pblk_addr, pbval ~CPU_THT_EN); - outl(sc-sc_pblk_addr, pbval | CPU_THT_EN); - } + + *level = min(((1 CPU_DUTYWIDTH(sc)) - 1), *level); + *level = max(1, *level); + + pbval = ~CPU_STATEMASK(sc); + pbval |= CPU_STATE(sc, *level); + outl(sc-sc_pblk_addr, pbval ~CPU_THT_EN); + outl(sc-sc_pblk_addr, pbval | CPU_THT_EN); } struct acpi_cstate * @@ -259,6 +266,12 @@ sc-sc_duty_wid = sc-sc_acpi-sc_fadt-duty_width; if (!valid_throttle(sc-sc_duty_off, sc-sc_duty_wid, sc-sc_pblk_addr)) sc-sc_flags |= FLAGS_NOTHROTTLE; + else { + if (cpu_throttle == NULL) { + throttle_lv = (1 CPU_DUTYWIDTH(sc)) - 1; + cpu_throttle = acpicpu_set_throttle; + } + } #ifdef ACPI_DEBUG printf(: %s: , sc-sc_devnode-name); diff -ru sys.orig/kern/kern_sysctl.c sys/kern/kern_sysctl.c --- sys.orig/kern/kern_sysctl.c Tue May 29 08:39:40 2007 +++ sys/kern/kern_sysctl.c Sat Jun 2 22:13:00 2007 @@ -105,7 +105,9 @@ int (*cpu_cpuspeed)(int *); void (*cpu_setperf)(int); +void (*cpu_throttle)(int *); int perflevel = 100; +int throttle_lv = 0; /* * Lock to avoid too many processes vslocking a large amount of memory @@ -614,6 +616,15 @@ perflevel = 0; if (newp) cpu_setperf(perflevel); + return (0); + case HW_THROTTLE: + if (!cpu_throttle) + return (EOPNOTSUPP); + err = sysctl_int(oldp, oldlenp, newp, newlen, throttle_lv); + if (err) + return err; + if (newp) + cpu_throttle(throttle_lv); return (0); case HW_VENDOR: if (hw_vendor) diff -ru sys.orig/sys/sysctl.h sys/sys/sysctl.h --- sys.orig/sys/sysctl.h Fri Apr 27 10:47:11 2007 +++ sys/sys/sysctl.hSat Jun 2 21:52:39 2007 @@ -552,7 +552,8 @@ #defineHW_VERSION 16 /* string:
Re: c2k7 hackathon is over
On Sat, 02 Jun 2007 16:40:49 -0600 Theo de Raadt [EMAIL PROTECTED] wrote: Hope you guys out there enjoy the changes that we've made. You can't imagine how much i enjoyed reading through commit logs. Amazing. Thank you! -- Massimo.run(); : is not an identifier
Re: support for Sun Fire
On 2007/06/03 14:09, Sam Vaughan wrote: if anyone has a working PXE bios-flash setup for these and wouldn't mind sharing how, please drop me a line, when I try the system hangs after memdisk loads the bios-flash image. I'd be interested to know about this too. Since my x4100s have no CD/DVD ROM drive (I've got the four-SAS-disk config) I can't use Sun's BIOS CD image. I couldn't even mount the ISO to get at the necessary files. I don't have one but it looks like X4100 is much easier, it appears that the BIOS update is done with the ILOM firmware via the service processor using an .ima file from http://www.sun.com/download/products.xml?id=45b94409 Have you had any success with IPMI SoL? Whilst the Java app works fine for remote access, I'd much rather not have to launch it when all I really want is access to the console. I only have X2100 and I didn't want to lose the decent NIC, I got as far as power control via ipmitool but didn't look at SoL, I'm just using good old-fashioned serial console and masterswitch.
Re: ath(4) testers needed: AR2413, AR5413, AR5424 and AR5212 11a mode
My new miniPCI with AR2413 in 11b mode is recognized under -current on a WRAP, but it fails to associate and sometimes locks up the entire system, as implictly warned by Reyk in his commit for src/sys/dev/ic/ath.con 19 Sept 2006. This ath(4) device is a wlm54g23 Compex WLM54G 200mW Atheros 802.11b/g miniPCI wireless card from PCEngines. Please find some debug output below, as suggested by Reyk. I am happy to provide more information, and to test patches against -current, in the hope to assist getting these newer ath chip sets to transmit also in 11b mode. Thanks, Rolf [EMAIL PROTECTED] root]# ifconfig ath0 up [EMAIL PROTECTED] root]# ifconfig ath0 ath0: flags=8863UP,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:80:48:7e:b4:e5 groups: wlan media: IEEE802.11 autoselect (DS1 mode 11b) status: no network ieee80211: nwid FON_crosscom chan 3 bssid 00:18:84:10:62:1d 92% inet6 fe80::280:48ff:fe7e:b4e5%ath0 prefixlen 64 scopeid 0x1 [EMAIL PROTECTED] root]# ifconfig ath0 ath0: flags=8863UP,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:80:48:7e:b4:e5 groups: wlan media: IEEE802.11 autoselect (DS1) status: no network ieee80211: nwid inet6 fe80::280:48ff:fe7e:b4e5%ath0 prefixlen 64 scopeid 0x1 [EMAIL PROTECTED] root]# [EMAIL PROTECTED] root]# ifconfig -M ath0 ath0: flags=8863UP,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:80:48:7e:b4:e5 groups: wlan media: IEEE802.11 autoselect (DS1) status: no network ieee80211: nwid nwid FON_crosscom chan 3 bssid 00:18:84:10:62:1d 87% 54M short_preamble,short_slottime inet6 fe80::280:48ff:fe7e:b4e5%ath0 prefixlen 64 scopeid 0x1 [EMAIL PROTECTED] root]# ifconfig -M ath0 [EMAIL PROTECTED] root]# dmesg OpenBSD 4.1-current (WRAP12) #0: Sun Jun 3 11:15:57 CEST 2007 [EMAIL PROTECTED]:/home/rs/downloads/OpenBSD/flashboot/flashboot/obj/WRAP12 RTC BIOS diagnostic error 80clock_battery cpu0: Geode(TM) Integrated Processor by National Semi (Geode by NSC 586-class) 267 MHz cpu0: FPU,TSC,MSR,CX8,CMOV,MMX cpu0: TSC disabled real mem = 133791744 (127MB) avail mem = 109572096 (104MB) RTC BIOS diagnostic error 80clock_battery mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 11/08/05, BIOS32 rev. 0 @ 0xfc622 pcibios0 at bios0: rev 2.1 @ 0xf/0x1 pcibios0: pcibios_get_intr_routing - function not supported pcibios0: PCI IRQ Routing information unavailable. pcibios0: PCI bus #0 is the last bus bios0: ROM list: 0xe/0x8000 cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 0 function 0 Cyrix GXm PCI rev 0x00 ath0 at pci0 dev 13 function 0 Atheros AR2413 rev 0x01: irq 12 ath0: AR2413 7.8 phy 4.5 rf 5.6, FCC2A*, address 00:80:48:7e:b4:e5 sis0 at pci0 dev 14 function 0 NS DP83815 10/100 rev 0x00, DP83816A: irq 10, address 00:0d:b9:01:a0:a0 nsphyter0 at sis0 phy 0: DP83815 10/100 PHY, rev. 1 sis1 at pci0 dev 15 function 0 NS DP83815 10/100 rev 0x00, DP83816A: irq 9, address 00:0d:b9:01:a0:a1 nsphyter1 at sis1 phy 0: DP83815 10/100 PHY, rev. 1 sis2 at pci0 dev 16 function 0 NS DP83815 10/100 rev 0x00, DP83816A: irq 11, address 00:0d:b9:01:a0:a2 nsphyter2 at sis2 phy 0: DP83815 10/100 PHY, rev. 1 gscpcib0 at pci0 dev 18 function 0 NS SC1100 ISA rev 0x00 gpio0 at gscpcib0: 64 pins NS SC1100 SMI rev 0x00 at pci0 dev 18 function 1 not configured pciide0 at pci0 dev 18 function 2 NS SCx200 IDE rev 0x01: DMA, channel 0 wired to compatibility, channel 1 wired to compatibility wd0 at pciide0 channel 0 drive 0: CF 128MB wd0: 1-sector PIO, LBA, 125MB, 256512 sectors wd0(pciide0:0:0): using PIO mode 4 NS SCx200 AUDIO rev 0x00 at pci0 dev 18 function 3 not configured geodesc0 at pci0 dev 18 function 5 NS SC1100 X-Bus rev 0x00: iid 6 revision 3 wdstatus 0 isa0 at gscpcib0 pcppi0 at isa0 port 0x61 spkr0 at pcppi0 midi0 at pcppi0: PC speaker gscsio0 at isa0 port 0x2e/2: SC1100 SIO rev 1: ACB1 ACB2 iic0 at gscsio0 iic1 at gscsio0 lmtemp0 at iic1 addr 0x48: lm77 npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo pccom0: console biomask e1ef netmask ffef ttymask ffef rd0: fixed, 30720 blocks dkcsum: wd0 matches BIOS drive 0x80 root on rd0a swap on rd0b dump on rd0b clock: unknown CMOS layout WARNING: clock time much less than file system time WARNING: using file system time WARNING: CHECK AND RESET THE DATE! [EMAIL PROTECTED] root]# Filtered output to avoid dumping other WLAN traffic than the two MACs of interest. ':b4:e5' is my ath0, ':62:1d' is my public FONera access point, see output of 'ifconfig -M ath0' above: [EMAIL PROTECTED] root]# tcpdump -y ieee802_11_radio -eni ath0 | grep -e ':b4:e5' -e ':62:1d' tcpdump: listening on ath0, link-type IEEE802_11_RADIO 10:02:43.791541 0:18:84:10:62:1d ff:ff:ff:ff:ff:ff, bssid 0:18:84:10:62:1d: 802.11: beacon[|802.11], radiotap v0, chan 3,
Addition to list of supported ral mini-pci cards
The list of mini-pci cards that work with ral does not include one I obtained recently. It is an MSI MP54G5 and it seems to work well as an AP. More testing coming up and I'll send an alert if I see any problems. It shows up in dmesg as: ral0 at pci0 dev 20 function 0 Ralink RT2560 rev 0x01: irq 11, address 00:13:d3:6a:5f:96 ral0: MAC/BBP RT2560 (rev 0x04), RF RT2525 About $AUD35+GST for the benefit of Aussies and nearby denizens. Thanks to damien@ and others who helped. Rod/ A consultant is someone who's called in when someone has painted himself into a corner. He's expected to levitate his client out of that corner. -The Sayings of Chairman Morrow. 1984.
Re: postfix mailq command mixup on OpenBSD
On Fri, Jun 01, 2007 at 05:05:38PM +0200, Marian Hettwer wrote: What [Timo Schoeler]'s pointing out is, that /etc/mailer.conf should probably point to /usr/local/sbin/mailq Although this seems to make no sense, either: ls -l /usr/local/sbin/mailq lrwxr-xr-x 1 root wheel 32 Jan 5 17:56 /usr/local/sbin/mailq - ../../../usr/local/sbin/sendmail Pointing it to /usr/local/sbin/postqueue makes no sense either, because running postqueue would need the parameter -p to get the same output as running mailq. So it would break POLA. Postqueue gives different output when invoked as mailq, so this works just fine. Joachim -- TFMotD: udsbr (4) - D-Link DSB-R100 USB radio device
fdisk - print units
Hi, sometimes I'm simply looking for the size (e.g. in GB) of the slices of an i386 Harddisk. I can get it using the fdisk(8) inline editor with 'p g' but I haven't found how do get it without starting the editor, so I've pached fdisk. Maybe someone is interested in the patch or have a comment on it, so here it is. (The patch applies for OpenBSD 4.1) Regards Dag sbin/fdisk//fdisk.8.orig -- sbin/fdisk//fdisk.8 --- sbin/fdisk//fdisk.8.origWed Feb 14 19:06:53 2007 +++ sbin/fdisk//fdisk.8 Sun Jun 3 13:24:46 2007 @@ -38,6 +38,7 @@ .Fl s Ar sectors .Oc .Op Fl f Ar mbrfile +.Op Fl p Ar unit .Ar device .Sh DESCRIPTION On the i386 and other architectures, sector 0 of a bootable hard disk @@ -106,6 +107,19 @@ MBR partition spanning from cylinder 0, head 1, sector 1, and extending to the end of the disk. This mode is designed to initialize the MBR the very first time. +.It Fl p Ar unit +Specifies the unit in which the size of slices should be shown. Legal +values are +.Ql \b +(Bytes) +.Ql \K +(Kilobytes) +.Ql \M +(Megabytes) and +.Ql \G +(Gigabytes). If +.Fl p +is omitted the everything is printet in Sectors. .It Fl u Update MBR bootcode, preserving existing MBR partition table. The MBR bootcode extends from offset 0x000 to the start of the MBR partition table sbin/fdisk//fdisk.c.orig -- sbin/fdisk//fdisk.c --- sbin/fdisk//fdisk.c.origMon Nov 20 09:18:21 2006 +++ sbin/fdisk//fdisk.c Sun Jun 3 13:27:07 2007 @@ -56,6 +56,7 @@ \t-e: edit MBRs on disk interactively\n \t-f: specify non-standard MBR template\n \t-chs: specify disk geometry\n +\t-p: specify units\n \t-y: do not ask questions\n `disk' may be of the forms: sd0 or /dev/rsd0c.\n, __progname); @@ -79,8 +80,9 @@ #endif mbr_t mbr; char mbr_buf[DEV_BSIZE]; + char *unit=NULL; - while ((ch = getopt(argc, argv, ieuf:c:h:s:y)) != -1) { + while ((ch = getopt(argc, argv, ieuf:c:h:s:p:)) != -1) { const char *errstr; switch(ch) { @@ -115,6 +117,9 @@ case 'y': y_flag = 1; break; + case 'p': + unit = optarg; + break; default: usage(); } @@ -151,7 +156,7 @@ /* Print out current MBRs on disk */ if ((i_flag + u_flag + m_flag) == 0) - exit(USER_print_disk(disk)); + exit(USER_print_disk(disk, unit)); /* Parse mbr template, to pass on later */ if (mbrfile != NULL (fd = open(mbrfile, O_RDONLY)) == -1) { sbin/fdisk//user.c.orig -- sbin/fdisk//user.c --- sbin/fdisk//user.c.orig Tue Aug 1 12:12:35 2006 +++ sbin/fdisk//user.c Sun Jun 3 13:24:46 2007 @@ -191,7 +191,7 @@ } int -USER_print_disk(disk_t *disk) +USER_print_disk(disk_t *disk, char *unit) { int fd, offset, firstoff, i; char mbr_buf[DEV_BSIZE]; @@ -200,14 +200,14 @@ fd = DISK_open(disk-name, O_RDONLY); offset = firstoff = 0; - DISK_printmetrics(disk, NULL); + DISK_printmetrics(disk, unit); do { MBR_read(fd, (off_t)offset, mbr_buf); MBR_parse(disk, mbr_buf, offset, firstoff, mbr); printf(Offset: %d\t, (int)offset); - MBR_print(mbr, NULL); + MBR_print(mbr, unit); /* Print out extended partitions too */ for (offset = i = 0; i 4; i++) sbin/fdisk//user.h.orig -- sbin/fdisk//user.h --- sbin/fdisk//user.h.orig Tue Jun 3 03:13:19 2003 +++ sbin/fdisk//user.h Sun Jun 3 13:24:46 2007 @@ -34,7 +34,7 @@ /* Prototypes */ int USER_init(disk_t *, mbr_t *, int); int USER_modify(disk_t *, mbr_t *, off_t, off_t); -int USER_print_disk(disk_t *); +int USER_print_disk(disk_t *, char *); #endif /* _USER_H */
pcmcia malo(4) can't load firmware
I have a pcmcia malo(4) card that I would like to use, and when I plug it in it gives me malo0: timeout at boot firmware load!. The card is a NetGear WG511 v2, and yes, I did pkg_add the firmware. dmesg with acpi and MALO_DEBUG/CMALO_DEBUG defined below. -- On a paper submitted by a physicist colleague: This isn't right. This isn't even wrong. -- Wolfgang Pauli OpenBSD 4.1-current (ACPI) #3: Sat Jun 2 19:40:48 PDT 2007 [EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/ACPI real mem = 2012672000 (1919MB) avail mem = 1931935744 (1842MB) mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.3 @ 0xfc68f (23 entries) bios0: Hewlett-Packard HP Compaq nx6125 (PZ895UA#ABA) acpi0 at mainbus0: rev 0 acpi0: tables DSDT FACP APIC MCFG SSDT acpitimer0 at acpi0: 3579545 Hz, 32 bits acpimadt0 at acpi0 addr 0xfec01000: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: AMD Turion(tm) 64 Mobile ML-37 , 1995.33 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SSE3,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 1MB 64b/line 16-way L2 cache cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu0: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu0: AMD erratum 89 present, BIOS upgrade may be required cpu0: apic clock running at 199MHz ioapic0 at mainbus0 apid 1 pa 0xfec0, version 21, 24 pins ioapic0: misconfigured as apic 0, remapped to apid 1 acpiprt0 at acpi0: bus 1 (C048) acpiprt1 at acpi0: bus 2 (C0AB) acpiprt2 at acpi0: bus 0 (C047) acpiec0 at acpi0: C111 acpicpu at acpi0 not configured acpitz0 at acpi0, critical temperature: 94 degC acpitz1 at acpi0, critical temperature: 100 degC acpitz2 at acpi0, critical temperature: 100 degC acpibat0 at acpi0: C179: not present acpibat1 at acpi0: C178: not present acpiac0 at acpi0: AC unit online acpibtn0 at acpi0: C1F0 acpibtn1 at acpi0: C1F1 couldnt fetch acpicpu_softc cpu0: PowerNow! K8 1995 MHz: speeds: 2000 1800 1600 800 MHz pci0 at mainbus0 bus 0: configuration mode 1 pchb0 at pci0 dev 0 function 0 ATI RS480 Host rev 0x01 ppb0 at pci0 dev 1 function 0 ATI RS480 PCIE rev 0x00 pci1 at ppb0 bus 1 vga1 at pci1 dev 5 function 0 ATI Radeon XPRESS 200M rev 0x00 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) ppb1 at pci0 dev 4 function 0 ATI RS480 PCIE rev 0x00 pci2 at ppb1 bus 16 ppb2 at pci0 dev 5 function 0 ATI RS480 PCIE rev 0x00 pci3 at ppb2 bus 32 ohci0 at pci0 dev 19 function 0 ATI IXP400 USB rev 0x00: apic 1 int 19 (irq 10), version 1.0, legacy support ohci1 at pci0 dev 19 function 1 ATI IXP400 USB rev 0x00: apic 1 int 19 (irq 10), version 1.0, legacy support ehci0 at pci0 dev 19 function 2 ATI IXP400 USB2 rev 0x00: apic 1 int 19 (irq 10) usb0 at ehci0: USB revision 2.0 uhub0 at usb0 uhub0: ATI EHCI root hub, rev 2.00/1.00, addr 1 uhub0: 8 ports with 8 removable, self powered piixpm0 at pci0 dev 20 function 0 ATI IXP400 SMBus rev 0x11: SMI iic0 at piixpm0 admtemp0 at iic0 addr 0x4c: adm1032 pciide0 at pci0 dev 20 function 1 ATI IXP400 IDE rev 0x00: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility wd0 at pciide0 channel 0 drive 0: FUJITSU MHV2060AH wd0: 16-sector PIO, LBA, 57231MB, 117210240 sectors wd0(pciide0:0:0): using PIO mode 4, DMA mode 2, Ultra-DMA mode 5 atapiscsi0 at pciide0 channel 1 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: MATSHITA, UJ-840D, 1.02 SCSI0 5/cdrom removable cd0(pciide0:1:0): using PIO mode 4, DMA mode 2 pcib0 at pci0 dev 20 function 3 ATI IXP400 ISA rev 0x00 ppb3 at pci0 dev 20 function 4 ATI IXP400 PCI rev 0x00 pci4 at ppb3 bus 2 bge0 at pci4 dev 1 function 0 Broadcom BCM5788 rev 0x03, BCM5705 A3 (0x3003): apic 1 int 23 (irq 10), address 00:0f:b0:f6:46:19 brgphy0 at bge0 phy 1: BCM5705 10/100/1000baseT PHY, rev. 2 Broadcom BCM4319 rev 0x02 at pci4 dev 2 function 0 not configured cbb0 at pci4 dev 4 function 0 TI PCI7XX1 CardBus rev 0x00: apic 1 int 20 (irq 11) TI PCI7XX1 FireWire rev 0x00 at pci4 dev 4 function 2 not configured TI PCI7XX1 Flash rev 0x00 at pci4 dev 4 function 3 not configured sdhc0 at pci4 dev 4 function 4 TI PCI7XX1 Secure Data rev 0x00: apic 1 int 21 (irq 9) sdmmc0 at sdhc0 sdmmc1 at sdhc0 sdmmc2 at sdhc0 cardslot0 at cbb0 slot 0 flags 0 cardbus0 at cardslot0: bus 3 device 0 cacheline 0x10, lattimer 0x20 pcmcia0 at cardslot0 auixp0 at pci0 dev 20 function 5 ATI IXP400 AC97 rev 0x02: apic 1 int 17 (irq 5) auixp0: soft resetting aclink ATI IXP400 Modem rev 0x02 at pci0 dev 20 function 6 not configured pchb1 at pci0 dev 24 function 0 AMD AMD64 HyperTransport rev 0x00 pchb2 at pci0 dev 24 function 1 AMD AMD64 Address Map rev 0x00 pchb3 at pci0 dev 24 function 2 AMD AMD64 DRAM Cfg rev 0x00 pchb4 at pci0 dev 24 function 3 AMD AMD64 Misc Cfg rev 0x00 usb1 at ohci0: USB revision 1.0 uhub1 at usb1
Reclaim mounted space
I have just changed from 1 harddrive into having a root, and a home harddrive. its now working but i had several gigs in the old home that i would like to clear off, how can i clear the old home dir with out unmounting the new home -- -Lawrence
Re: Reclaim mounted space
On Sun, Jun 03, 2007 at 09:10:34AM -0700, Lawrence Horvath wrote: I have just changed from 1 harddrive into having a root, and a home harddrive. its now working but i had several gigs in the old home that i would like to clear off, how can i clear the old home dir with out unmounting the new home # mount /dev/old /mnt where old is whatever your old home directory was. Perhaps wd0h. Then it'll be available under /mnt/* -- Darrin Chandler| Phoenix BSD User Group | MetaBUG [EMAIL PROTECTED] | http://phxbug.org/ | http://metabug.org/ http://www.stilyagin.com/ | Daemons in the Desert | Global BUG Federation
Re: Reclaim mounted space
Well my old set up was to have just one harddrive, so my old home is part of the root drive, and since my root drive is in use as root, how would i mount just that part of it? On 03/06/07, Darrin Chandler [EMAIL PROTECTED] wrote: On Sun, Jun 03, 2007 at 09:10:34AM -0700, Lawrence Horvath wrote: I have just changed from 1 harddrive into having a root, and a home harddrive. its now working but i had several gigs in the old home that i would like to clear off, how can i clear the old home dir with out unmounting the new home # mount /dev/old /mnt where old is whatever your old home directory was. Perhaps wd0h. Then it'll be available under /mnt/* -- Darrin Chandler| Phoenix BSD User Group | MetaBUG [EMAIL PROTECTED] | http://phxbug.org/ | http://metabug.org/ http://www.stilyagin.com/ | Daemons in the Desert | Global BUG Federation -- -Lawrence -Student ID 1028219 -CCNA
Re: Reclaim mounted space
On Sun, Jun 03, 2007 at 09:45:46AM -0700, Lawrence Horvath wrote: Well my old set up was to have just one harddrive, so my old home is part of the root drive, and since my root drive is in use as root, how would i mount just that part of it? Ah. Log in as root, then umount /home. With that partition unmounted, the old /home stuff will be visible again. When you are done cleaning you can mount /home, log out, and log in as your normal user. Be very careful when zapping whole subtrees logged in as root. It's too easy to make a mistake. Measure twice, cut once. -- Darrin Chandler| Phoenix BSD User Group | MetaBUG [EMAIL PROTECTED] | http://phxbug.org/ | http://metabug.org/ http://www.stilyagin.com/ | Daemons in the Desert | Global BUG Federation
Re: Reclaim mounted space
On 6/3/07, Darrin Chandler [EMAIL PROTECTED] wrote: On Sun, Jun 03, 2007 at 09:10:34AM -0700, Lawrence Horvath wrote: I have just changed from 1 harddrive into having a root, and a home harddrive. its now working but i had several gigs in the old home that i would like to clear off, how can i clear the old home dir with out unmounting the new home # mount /dev/old /mnt where old is whatever your old home directory was. Perhaps wd0h. Then it'll be available under /mnt/* That's what I was thinking but from reading his initial post I think he just had one filesystem on his original harddrive. Greg
Re: Reclaim mounted space
On 6/3/07, Lawrence Horvath [EMAIL PROTECTED] wrote: Well my old set up was to have just one harddrive, so my old home is part of the root drive, and since my root drive is in use as root, how would i mount just that part of it? When you added your new drive and mounted it as /home, did you do anything to the old disk (repartition, reformat?) if not, then you've probably got your new disk and its data mounted at /home. If you unmount /home, you should be able to uncover your old /home on the old drive and clean it up. Then remount the new drive on its /home mountpoint. DS On 03/06/07, Darrin Chandler [EMAIL PROTECTED] wrote: On Sun, Jun 03, 2007 at 09:10:34AM -0700, Lawrence Horvath wrote: I have just changed from 1 harddrive into having a root, and a home harddrive. its now working but i had several gigs in the old home that i would like to clear off, how can i clear the old home dir with out unmounting the new home # mount /dev/old /mnt where old is whatever your old home directory was. Perhaps wd0h. Then it'll be available under /mnt/* -- Darrin Chandler| Phoenix BSD User Group | MetaBUG [EMAIL PROTECTED] | http://phxbug.org/ | http://metabug.org/ http://www.stilyagin.com/ | Daemons in the Desert | Global BUG Federation -- -Lawrence -Student ID 1028219 -CCNA -- Darren Spruell [EMAIL PROTECTED]
Re: Reclaim mounted space
Export / with NFS, mount it somewhere and you will see the old contents.
Re: Reclaim mounted space
unmounted the new home, rm'd the old home, and remounted the new home, all is working well I was just hoping there was some kind of cleanup i could use to clear unused space on a hd with out having to unmount anything On 03/06/07, Darren Spruell [EMAIL PROTECTED] wrote: On 6/3/07, Lawrence Horvath [EMAIL PROTECTED] wrote: Well my old set up was to have just one harddrive, so my old home is part of the root drive, and since my root drive is in use as root, how would i mount just that part of it? When you added your new drive and mounted it as /home, did you do anything to the old disk (repartition, reformat?) if not, then you've probably got your new disk and its data mounted at /home. If you unmount /home, you should be able to uncover your old /home on the old drive and clean it up. Then remount the new drive on its /home mountpoint. DS On 03/06/07, Darrin Chandler [EMAIL PROTECTED] wrote: On Sun, Jun 03, 2007 at 09:10:34AM -0700, Lawrence Horvath wrote: I have just changed from 1 harddrive into having a root, and a home harddrive. its now working but i had several gigs in the old home that i would like to clear off, how can i clear the old home dir with out unmounting the new home # mount /dev/old /mnt where old is whatever your old home directory was. Perhaps wd0h. Then it'll be available under /mnt/* -- Darrin Chandler| Phoenix BSD User Group | MetaBUG [EMAIL PROTECTED] | http://phxbug.org/ | http://metabug.org/ http://www.stilyagin.com/ | Daemons in the Desert | Global BUG Federation -- -Lawrence -Student ID 1028219 -CCNA -- Darren Spruell [EMAIL PROTECTED] -- -Lawrence -Student ID 1028219 -CCNA
Building a Centralized Authentication Server
Hi all, I need to develop a secure way for our staff/outside contractors to be able to securely connect (via SSH - rdesktop/vnc in the future) to our internal and customer systems. We do need heterogeneous client system support (BSD, Linux, Solaris, Windows, etc..?) with whatever solution is deployed. The more time I have spent with this the more I believe that we need some sort of SSO (Single Sign On) solution (something that supports a hardware key token like RSA would be great). This is complicated by the perceived requirement to install software on our customer's systems to support this kind of integration. As a stop gap I have been thinking about creating a dedicated user account on a centralized server, creating SSH keys and pushing the public key out to the remote systems for passwordless logins. Internal users would connect to this system, sudo to the other account and then SSH (with the added feature of being able to execute script and log the session). The goal behind all of this of course is to provide secure connectivity to remote systems in such a way that passwords to the remote systems are not being disseminated to our internal users - so if a user's employment status changes we don't have to run through the crazy password change scramble. I pose this question to this list because of all places on the Internet I know OpenBSD users to be the most paranoid with security and simple/elegant solutions which is exactly what I need here. Am I over thinking this problem? What would you recommend. Thanks in advance, Max
Re: Building a Centralized Authentication Server
Max Clark wrote: Hi all, I need to develop a secure way for our staff/outside contractors to be able to securely connect (via SSH - rdesktop/vnc in the future) to our internal and customer systems. We do need heterogeneous client system support (BSD, Linux, Solaris, Windows, etc..?) with whatever solution is deployed. The more time I have spent with this the more I believe that we need some sort of SSO (Single Sign On) solution (something that supports a hardware key token like RSA would be great). This is complicated by the perceived requirement to install software on our customer's systems to support this kind of integration. Google for, amongst others: Radius, Diameter, TACACS+ etc etc... A single portal indeed might be a useful method. Do not forget to create a failover system though, as when your main box dies you can't access anything else anymore. The goal behind all of this of course is to provide secure connectivity to remote systems in such a way that passwords to the remote systems are not being disseminated to our internal users - so if a user's employment status changes we don't have to run through the crazy password change scramble. And then the evil user simply drops a backdoor binary on one of the machines. Greets, Jeroen [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Re: Building a Centralized Authentication Server
On 6/3/07, Jeroen Massar [EMAIL PROTECTED] wrote: And then the evil user simply drops a backdoor binary on one of the machines. Sure there is only so much you can do. We have to give some level of trust to the user, this of course has to be balanced by an appropriate level of prudence on our part. I am just looking for a solution for the 95-99% of the users - that last 1-5% has to be dealt with in a different manner (i.e. the FBI if they are that stupid). -Max
ipsec.conf order
Hello, I have a gateway running 4.1-current with an ipsec configuration like this one: ike passive esp from 172.20.0.0/24 to 172.16.22.0/24 srcid eriador.org dstid erathia.be ike passive esp from 172.20.0.0/24 to 192.168.0.0/24 srcid eriador.org dstid gaye.be Both remote peers have dynamic IPs When I run with this configuration, only gaye.be works, erathia.be does not. If I swap the lines in the conf, erathia.be works. Both remote ends have a config like this one: ike esp from 192.168.0.0/24 to 172.20.0.0/24 srcid gaye.be dstid eriador.org peer eriador.org I would expect both to work together, but it does not. Am I missing something?
Re: ipsec.conf order
Renaud Allard wrote: Hello, I have a gateway running 4.1-current with an ipsec configuration like this one: ike passive esp from 172.20.0.0/24 to 172.16.22.0/24 srcid eriador.org dstid erathia.be ike passive esp from 172.20.0.0/24 to 192.168.0.0/24 srcid eriador.org dstid gaye.be Both remote peers have dynamic IPs When I run with this configuration, only gaye.be works, erathia.be does not. If I swap the lines in the conf, erathia.be works. Both remote ends have a config like this one: ike esp from 192.168.0.0/24 to 172.20.0.0/24 srcid gaye.be dstid eriador.org peer eriador.org I would expect both to work together, but it does not. Am I missing something? I forgot to mention that in the first config, my logs showed: isakmpd[9065]: ike_phase_1_recv_ID: received remote ID other than expected gaye.be and with the lines swapped: isakmpd[29480]: ike_phase_1_recv_ID: received remote ID other than expected erathia.be
Re: ipsec.conf order
Renaud Allard wrote: Renaud Allard wrote: Hello, I have a gateway running 4.1-current with an ipsec configuration like this one: ike passive esp from 172.20.0.0/24 to 172.16.22.0/24 srcid eriador.org dstid erathia.be ike passive esp from 172.20.0.0/24 to 192.168.0.0/24 srcid eriador.org dstid gaye.be Both remote peers have dynamic IPs When I run with this configuration, only gaye.be works, erathia.be does not. If I swap the lines in the conf, erathia.be works. Both remote ends have a config like this one: ike esp from 192.168.0.0/24 to 172.20.0.0/24 srcid gaye.be dstid eriador.org peer eriador.org I would expect both to work together, but it does not. Am I missing something? I forgot to mention that in the first config, my logs showed: isakmpd[9065]: ike_phase_1_recv_ID: received remote ID other than expected gaye.be and with the lines swapped: isakmpd[29480]: ike_phase_1_recv_ID: received remote ID other than expected erathia.be Removing the dstid part makes the config work. However, it's somewhat an hole for me to allow everyone with a key to route the range he wants as long as it is listed.
Re: ipsec.conf order
On 2007/06/03 22:51, Renaud Allard wrote: Hello, I have a gateway running 4.1-current with an ipsec configuration like this one: ike passive esp from 172.20.0.0/24 to 172.16.22.0/24 srcid eriador.org dstid erathia.be ike passive esp from 172.20.0.0/24 to 192.168.0.0/24 srcid eriador.org dstid gaye.be Both remote peers have dynamic IPs When I run with this configuration, only gaye.be works, erathia.be does not. If I swap the lines in the conf, erathia.be works. Both remote ends have a config like this one: ike esp from 192.168.0.0/24 to 172.20.0.0/24 srcid gaye.be dstid eriador.org peer eriador.org I would expect both to work together, but it does not. Am I missing something? Yes. You can only have one 'fallback' rule (i.e. one which doesn't have a fixed peer IP address). With your example the second overwrites the first. Look at the config sections generated: [EMAIL PROTECTED]:12762$ ipsecctl -nvf - ike passive esp from 172.20.0.0/24 to 172.16.22.0/24 srcid eriador.org dstid erathia.be C set [Phase 1]:Default=peer-default force C set [peer-default]:Phase=1 force C set [peer-default]:Configuration=mm-default force C set [mm-default]:EXCHANGE_TYPE=ID_PROT force C add [mm-default]:Transforms=AES-SHA-RSA_SIG force C set [peer-default]:ID=eriador.org-ID force C set [eriador.org-ID]:ID-type=FQDN force C set [eriador.org-ID]:Name=eriador.org force C set [peer-default]:Remote-ID=default-ID force C set [default-ID]:ID-type=FQDN force C set [default-ID]:Name=erathia.be force C set [IPsec-172.20.0.0/24-172.16.22.0/24]:Phase=2 force C set [IPsec-172.20.0.0/24-172.16.22.0/24]:ISAKMP-peer=peer-default force C set [IPsec-172.20.0.0/24-172.16.22.0/24]:Configuration=qm-172.20.0.0/24-172.16.22.0/24 force C set [IPsec-172.20.0.0/24-172.16.22.0/24]:Local-ID=lid-172.20.0.0/24 force C set [IPsec-172.20.0.0/24-172.16.22.0/24]:Remote-ID=rid-172.16.22.0/24 force C set [qm-172.20.0.0/24-172.16.22.0/24]:EXCHANGE_TYPE=QUICK_MODE force C set [qm-172.20.0.0/24-172.16.22.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force C set [lid-172.20.0.0/24]:ID-type=IPV4_ADDR_SUBNET force C set [lid-172.20.0.0/24]:Network=172.20.0.0 force C set [lid-172.20.0.0/24]:Netmask=255.255.255.0 force C set [rid-172.16.22.0/24]:ID-type=IPV4_ADDR_SUBNET force C set [rid-172.16.22.0/24]:Network=172.16.22.0 force C set [rid-172.16.22.0/24]:Netmask=255.255.255.0 force C add [Phase 2]:Passive-Connections=IPsec-172.20.0.0/24-172.16.22.0/24 ike passive esp from 172.20.0.0/24 to 192.168.0.0/24 srcid eriador.org dstid gaye.be C set [Phase 1]:Default=peer-default force C set [peer-default]:Phase=1 force C set [peer-default]:Configuration=mm-default force C set [mm-default]:EXCHANGE_TYPE=ID_PROT force C add [mm-default]:Transforms=AES-SHA-RSA_SIG force C set [peer-default]:ID=eriador.org-ID force C set [eriador.org-ID]:ID-type=FQDN force C set [eriador.org-ID]:Name=eriador.org force C set [peer-default]:Remote-ID=default-ID force C set [default-ID]:ID-type=FQDN force C set [default-ID]:Name=gaye.be force C set [IPsec-172.20.0.0/24-192.168.0.0/24]:Phase=2 force C set [IPsec-172.20.0.0/24-192.168.0.0/24]:ISAKMP-peer=peer-default force C set [IPsec-172.20.0.0/24-192.168.0.0/24]:Configuration=qm-172.20.0.0/24-192.168.0.0/24 force C set [IPsec-172.20.0.0/24-192.168.0.0/24]:Local-ID=lid-172.20.0.0/24 force C set [IPsec-172.20.0.0/24-192.168.0.0/24]:Remote-ID=rid-192.168.0.0/24 force C set [qm-172.20.0.0/24-192.168.0.0/24]:EXCHANGE_TYPE=QUICK_MODE force C set [qm-172.20.0.0/24-192.168.0.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE force C set [lid-172.20.0.0/24]:ID-type=IPV4_ADDR_SUBNET force C set [lid-172.20.0.0/24]:Network=172.20.0.0 force C set [lid-172.20.0.0/24]:Netmask=255.255.255.0 force C set [rid-192.168.0.0/24]:ID-type=IPV4_ADDR_SUBNET force C set [rid-192.168.0.0/24]:Network=192.168.0.0 force C set [rid-192.168.0.0/24]:Netmask=255.255.255.0 force C add [Phase 2]:Passive-Connections=IPsec-172.20.0.0/24-192.168.0.0/24 Two peer-default, two default-ID,...second overwrites the first. Try something like this instead: ike passive esp from 172.20.0.0/24 to any Unless I'm mistaken you can't set srcid without setting dstid with ipsec.conf (which you don't want to do when you use 'any') so you will have to go with IP addresses at the central site.
gmplayer locks up Fvwm
OpenBSD 4.1 GENERIC#0 i386 Hi: Don't know if any one else experienced this. When gmplayer is activated from Fvwm's menu then it locks up fvwm. To reproduce: 1) Put: +GMplayer Exec exec gmplayer in the RootMenu section, of the .fvwmrc 2) Restart Fvwm 3) Click on GMplayer in the Fvwm menu. 4) Fvwm locks up and requires ALT-CTL-Backspace The fix is show here: http://www.mail-archive.com/[EMAIL PROTECTED]/msg08129.html Namely make the menu entry as so: + GMplayerExec exec xterm -iconic -e gmplayer -- Kind regards, Jonathan
SSH-login is slow to connect with remote computer
Hello; I'm experiencing some network trouble. Two problems exist and they are as thus; My DNS server, which has the ip 192.168.1.2, which is translated through my router to 64.142.102.10, cannot connect to the internet. And, whenever puTTY attempts to remote control the server, the login process is very slow between inputting the user name then password. My gut tells me the problems may be related. My pf rules on my router are as such: # $OpenBSD: pf.conf,v 1.31 2006/01/30 12:20:31 camield Exp $ # # See pf.conf(5) and /usr/share/pf for syntax and examples. # Remember to set net.inet.ip.forwarding=1 and/or net.inet6.ip6.forwarding=1 # in /etc/sysctl.conf if packets are to be forwarded between interfaces. #Macros ext_ip=64.142.102.8 local_int_ip=192.168.0.1 local_int_block=192.168.0.0/24 dmz_ip=192.168.1.1 dmz_block={ 192.168.1.1, 192.168.1.2, 192.168.1.3, 192.168.1.4, 192.168.1.5 } dmz_www_ip=64.142.102.9 local_www_ip=192.168.1.4 #DNS Server dmz_scarlett_ip=64.142.102.10 dmz_shelly_ip=64.142.102.11 local_scarlett_ip=192.168.1.2 local_shelly_ip=192.168.1.3 dmz_qmail_ip=64.142.102.12 local_qmail_ip=192.168.1.4 tcp_services= ( ssh, smtp, domain, www, pop3 ) udp_services= ( domain ) #normalizing #scrub in all #NAT and Binat nat on rl0 from $local_int_block to any - $ext_ip binat on rl0 from $local_www_ip to any - $dmz_www_ip binat on rl0 from $local_scarlett_ip to any - $dmz_scarlett_ip binat on rl0 from $local_shelly_ip to any - $dmz_shelly_ip binat on rl0 from $local_qmail_ip to any - $dmz_qmail_ip #Default block policy #block all #Anti-spoofing #block in quick from urpf-failed #Traffic passing through pass in all pass out all #External interfaces #pass in on rl0 inet proto { tcp, udp } all modulate state #pass out on rl0 proto { tcp, udp, icmp } all modulate state The block and external interface rules are commented for troubleshooting operations as I've been working with this problem to try and resolve it.
Re: SSH-login is slow to connect with remote computer
On 6/3/07, Bray Mailloux [EMAIL PROTECTED] wrote: Hello; I'm experiencing some network trouble. Two problems exist and they are as thus; My DNS server, which has the ip 192.168.1.2, which is translated through my router to 64.142.102.10, cannot connect to the internet. And, whenever puTTY attempts to remote control the server, the login process is very slow between inputting the user name then password. My gut tells me the problems may be related. You might try uncomment: #UseDNS yes and change it to: UseDNS no More info here: http://openssh.org/faq.html#3.3
Re: Embedded system - which ?
What about using the EFIKA board? (http://www.pegasosppc.com/efika.php). Seems like it would meet all the requirements that Uwe was looking for. Oh and it's a PPC system on a chip. Not x86. I believe it works with NetBSD.
Re: Embedded system - which ?
On Sun, 3 Jun 2007, Devin Smith wrote: What about using the EFIKA board? (http://www.pegasosppc.com/efika.php). Seems like it would meet all the requirements that Uwe was looking for. Oh and it's a PPC system on a chip. Not x86. I believe it works with NetBSD. With history in mind I doubt this card will be supported in OpenBSD. I wouldn't buy anything from that company. -moj
pf, carp, pfsync, and bridging
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Thanks in advance for guidelines on using pf with carp and pfsync boxes that bridge rather than route. I found this guide: http://www.seattlecentral.edu/~dmartin/docs/bridge.html but it says carp doesn't work with bridging and to use spanning tree instead. That was on OBSD 3.5 and I don't see anything about bridging in more recent manpages for carp. Has anything changed? As for why I'm bridging: I have an application that NAT breaks. Currently I have another pair of pf boxes running carp/pfsync and routing to NAT'd space. That works fine but the new application requires routable addresses (I've tried rdr to the NAT'd addresses, but no joy). So, instead I plan to set things up like this: Net - 2 pf bridges - new app - 2 pf routers - NAT space There's no redundancy in the net connection, just one IP from the ISP. Thanks again for any clues on setting this up. dn iD8DBQFGY28/yPxGVjntI4IRAiIKAJ95QbjJVjTT9WSmfGjTc+oewImn/ACg9Y5o KKSIYsl5nSzBhEhY9lfmAUU= =y63T -END PGP SIGNATURE-
Re: SSH-login is slow to connect with remote computer
Bray Mailloux wrote: Hello; I'm experiencing some network trouble. Two problems exist and they are as thus; My DNS server, which has the ip 192.168.1.2, which is translated through my router to 64.142.102.10, cannot connect to the internet. And, whenever puTTY attempts to remote control the server, the login process is very slow between inputting the user name then password. My gut tells me the problems may be related. My pf rules on my router are as such: # $OpenBSD: pf.conf,v 1.31 2006/01/30 12:20:31 camield Exp $ # # See pf.conf(5) and /usr/share/pf for syntax and examples. # Remember to set net.inet.ip.forwarding=1 and/or net.inet6.ip6.forwarding=1 # in /etc/sysctl.conf if packets are to be forwarded between interfaces. #Macros ext_ip=64.142.102.8 local_int_ip=192.168.0.1 local_int_block=192.168.0.0/24 dmz_ip=192.168.1.1 dmz_block={ 192.168.1.1, 192.168.1.2, 192.168.1.3, 192.168.1.4, 192.168.1.5 } dmz_www_ip=64.142.102.9 local_www_ip=192.168.1.4 #DNS Server dmz_scarlett_ip=64.142.102.10 dmz_shelly_ip=64.142.102.11 local_scarlett_ip=192.168.1.2 local_shelly_ip=192.168.1.3 dmz_qmail_ip=64.142.102.12 local_qmail_ip=192.168.1.4 tcp_services= ( ssh, smtp, domain, www, pop3 ) udp_services= ( domain ) #normalizing #scrub in all #NAT and Binat nat on rl0 from $local_int_block to any - $ext_ip binat on rl0 from $local_www_ip to any - $dmz_www_ip binat on rl0 from $local_scarlett_ip to any - $dmz_scarlett_ip binat on rl0 from $local_shelly_ip to any - $dmz_shelly_ip binat on rl0 from $local_qmail_ip to any - $dmz_qmail_ip #Default block policy #block all #Anti-spoofing #block in quick from urpf-failed #Traffic passing through pass in all pass out all #External interfaces #pass in on rl0 inet proto { tcp, udp } all modulate state #pass out on rl0 proto { tcp, udp, icmp } all modulate state The block and external interface rules are commented for troubleshooting operations as I've been working with this problem to try and resolve it. DNS resolution does seem probably, neither DNS computers nor my WWW computer can ping their respective name servers, but the ssh connection that exists between my computer and the servers is still shaky besides the long response time. For instance, the servers sometimes unexpectedly close the connections. Do you have any other ideas?
Re: SSH-login is slow to connect with remote computer
Bray Mailloux wrote: Bray Mailloux wrote: Hello; I'm experiencing some network trouble. Two problems exist and they are as thus; My DNS server, which has the ip 192.168.1.2, which is translated through my router to 64.142.102.10, cannot connect to the internet. And, whenever puTTY attempts to remote control the server, the login process is very slow between inputting the user name then password. My gut tells me the problems may be related. My pf rules on my router are as such: # $OpenBSD: pf.conf,v 1.31 2006/01/30 12:20:31 camield Exp $ # # See pf.conf(5) and /usr/share/pf for syntax and examples. # Remember to set net.inet.ip.forwarding=1 and/or net.inet6.ip6.forwarding=1 # in /etc/sysctl.conf if packets are to be forwarded between interfaces. #Macros ext_ip=64.142.102.8 local_int_ip=192.168.0.1 local_int_block=192.168.0.0/24 dmz_ip=192.168.1.1 dmz_block={ 192.168.1.1, 192.168.1.2, 192.168.1.3, 192.168.1.4, 192.168.1.5 } dmz_www_ip=64.142.102.9 local_www_ip=192.168.1.4 #DNS Server dmz_scarlett_ip=64.142.102.10 dmz_shelly_ip=64.142.102.11 local_scarlett_ip=192.168.1.2 local_shelly_ip=192.168.1.3 dmz_qmail_ip=64.142.102.12 local_qmail_ip=192.168.1.4 tcp_services= ( ssh, smtp, domain, www, pop3 ) udp_services= ( domain ) #normalizing #scrub in all #NAT and Binat nat on rl0 from $local_int_block to any - $ext_ip binat on rl0 from $local_www_ip to any - $dmz_www_ip binat on rl0 from $local_scarlett_ip to any - $dmz_scarlett_ip binat on rl0 from $local_shelly_ip to any - $dmz_shelly_ip binat on rl0 from $local_qmail_ip to any - $dmz_qmail_ip i have a similar ruleset. you need to only nat on rl0 from elements in { $local_int_block - $dmz_ips }, do this with a table using the not (!) operator, see the pf.conf manpage. then you will be binat-ing properly and get expected behavior. DNS resolution does seem probably, neither DNS computers nor my WWW computer can ping their respective name servers, but the ssh connection that exists between my computer and the servers is still shaky besides the long response time. For instance, the servers sometimes unexpectedly close the connections. Do you have any other ideas?
amd64 pcmcia/cardbus wackyness (was Re: pcmcia malo(4) can't load firmware)
I assume its related, but when I plug in a CF-PCMCIA adapter, it attaches as com(4). This is a known good card that attaches properly on macppc pcmcia. on amd64: com2 at pcmcia0 function 0: can't allocate i/o space ppc: wdc3 at pcmcia0 function 0 LEXAR ATA FLASH CARD, ATA FLASH, port 0x0/16 wd1 at wdc3 channel 0 drive 0: LEXAR ATA FLASH wd1: 1-sector PIO, LBA, 3915MB, 8018640 sectors wd1(wdc3:0:0): using BIOS timings On 2007 Jun 03 (Sun) at 08:32:31 -0700 (-0700), Peter Hessler wrote: :I have a pcmcia malo(4) card that I would like to use, and when I plug :it in it gives me malo0: timeout at boot firmware load!. The card is :a NetGear WG511 v2, and yes, I did pkg_add the firmware. dmesg with :acpi and MALO_DEBUG/CMALO_DEBUG defined below. : : : : :-- :On a paper submitted by a physicist colleague: : :This isn't right. This isn't even wrong. : -- Wolfgang Pauli : : :OpenBSD 4.1-current (ACPI) #3: Sat Jun 2 19:40:48 PDT 2007 :[EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/ACPI :real mem = 2012672000 (1919MB) :avail mem = 1931935744 (1842MB) :mainbus0 at root :bios0 at mainbus0: SMBIOS rev. 2.3 @ 0xfc68f (23 entries) :bios0: Hewlett-Packard HP Compaq nx6125 (PZ895UA#ABA) :acpi0 at mainbus0: rev 0 :acpi0: tables DSDT FACP APIC MCFG SSDT :acpitimer0 at acpi0: 3579545 Hz, 32 bits :acpimadt0 at acpi0 addr 0xfec01000: PC-AT compat :cpu0 at mainbus0: apid 0 (boot processor) :cpu0: AMD Turion(tm) 64 Mobile ML-37 , 1995.33 MHz :cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SSE3,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW :cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 1MB :64b/line 16-way L2 cache :cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully :associative :cpu0: DTLB 32 4KB entries fully associative, 8 4MB entries fully :associative :cpu0: AMD erratum 89 present, BIOS upgrade may be required :cpu0: apic clock running at 199MHz :ioapic0 at mainbus0 apid 1 pa 0xfec0, version 21, 24 pins :ioapic0: misconfigured as apic 0, remapped to apid 1 :acpiprt0 at acpi0: bus 1 (C048) :acpiprt1 at acpi0: bus 2 (C0AB) :acpiprt2 at acpi0: bus 0 (C047) :acpiec0 at acpi0: C111 :acpicpu at acpi0 not configured :acpitz0 at acpi0, critical temperature: 94 degC :acpitz1 at acpi0, critical temperature: 100 degC :acpitz2 at acpi0, critical temperature: 100 degC :acpibat0 at acpi0: C179: not present :acpibat1 at acpi0: C178: not present :acpiac0 at acpi0: AC unit online :acpibtn0 at acpi0: C1F0 :acpibtn1 at acpi0: C1F1 :couldnt fetch acpicpu_softc :cpu0: PowerNow! K8 1995 MHz: speeds: 2000 1800 1600 800 MHz :pci0 at mainbus0 bus 0: configuration mode 1 :pchb0 at pci0 dev 0 function 0 ATI RS480 Host rev 0x01 :ppb0 at pci0 dev 1 function 0 ATI RS480 PCIE rev 0x00 :pci1 at ppb0 bus 1 :vga1 at pci1 dev 5 function 0 ATI Radeon XPRESS 200M rev 0x00 :wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) :wsdisplay0: screen 1-5 added (80x25, vt100 emulation) :ppb1 at pci0 dev 4 function 0 ATI RS480 PCIE rev 0x00 :pci2 at ppb1 bus 16 :ppb2 at pci0 dev 5 function 0 ATI RS480 PCIE rev 0x00 :pci3 at ppb2 bus 32 :ohci0 at pci0 dev 19 function 0 ATI IXP400 USB rev 0x00: apic 1 int :19 (irq 10), version 1.0, legacy support :ohci1 at pci0 dev 19 function 1 ATI IXP400 USB rev 0x00: apic 1 int :19 (irq 10), version 1.0, legacy support :ehci0 at pci0 dev 19 function 2 ATI IXP400 USB2 rev 0x00: apic 1 int :19 (irq 10) :usb0 at ehci0: USB revision 2.0 :uhub0 at usb0 :uhub0: ATI EHCI root hub, rev 2.00/1.00, addr 1 :uhub0: 8 ports with 8 removable, self powered :piixpm0 at pci0 dev 20 function 0 ATI IXP400 SMBus rev 0x11: SMI :iic0 at piixpm0 :admtemp0 at iic0 addr 0x4c: adm1032 :pciide0 at pci0 dev 20 function 1 ATI IXP400 IDE rev 0x00: DMA, :channel 0 configured to compatibility, channel 1 configured to :compatibility :wd0 at pciide0 channel 0 drive 0: FUJITSU MHV2060AH :wd0: 16-sector PIO, LBA, 57231MB, 117210240 sectors :wd0(pciide0:0:0): using PIO mode 4, DMA mode 2, Ultra-DMA mode 5 :atapiscsi0 at pciide0 channel 1 drive 0 :scsibus0 at atapiscsi0: 2 targets :cd0 at scsibus0 targ 0 lun 0: MATSHITA, UJ-840D, 1.02 SCSI0 5/cdrom :removable :cd0(pciide0:1:0): using PIO mode 4, DMA mode 2 :pcib0 at pci0 dev 20 function 3 ATI IXP400 ISA rev 0x00 :ppb3 at pci0 dev 20 function 4 ATI IXP400 PCI rev 0x00 :pci4 at ppb3 bus 2 :bge0 at pci4 dev 1 function 0 Broadcom BCM5788 rev 0x03, BCM5705 A3 :(0x3003): apic 1 int 23 (irq 10), address 00:0f:b0:f6:46:19 :brgphy0 at bge0 phy 1: BCM5705 10/100/1000baseT PHY, rev. 2 :Broadcom BCM4319 rev 0x02 at pci4 dev 2 function 0 not configured :cbb0 at pci4 dev 4 function 0 TI PCI7XX1 CardBus rev 0x00: apic 1 int :20 (irq 11) :TI PCI7XX1 FireWire rev 0x00 at pci4 dev 4 function 2 not configured :TI PCI7XX1 Flash rev 0x00 at pci4 dev 4 function 3 not configured :sdhc0 at pci4 dev 4 function 4 TI PCI7XX1 Secure Data rev 0x00: apic :1 int 21 (irq 9) :sdmmc0 at sdhc0 :sdmmc1 at sdhc0 :sdmmc2 at
type 2 or 3 pcmcia wireless card
I am working with a ThinkPad 365X that i am installing obsd on and would like wireless access on. it supports 2 type II or 1 type III PCMCIA, I wanted a ral card however those only appear to come at the lowest as a CB which i dont believe my thinkpad will support. Any suggestions on a card i could use in this laptop? thanks -- -Lawrence