Re: pf queue monitoring
On 22/08/06, Michal Soltys [EMAIL PROTECTED] wrote: Lawrence Horvath wrote: Is there a way to monitor how much traffic is passing through a queue in bps? I wrote a script to generate graphs for the queues using python and rrdtool a while back when I needed it, although it only works with CBQ. http://www.prefixmaster.com/eyeonpf.php /Tony S -- Tony Sarendal - [EMAIL PROTECTED] IP/Unix -= The scorpion replied, I couldn't help it, it's my nature =-
Re: MegaRAID SCSI 320-2 bad write performance
On Aug 22, 2006, at 2:17 AM, Robert Urban wrote: Hi Folks, using a simple test program to write sequential blocks to a file, optionally opening with O_SYNC, I've tested write performance to a MegaRAID logical drive consisting of a RAID-5 set of 4 72GB HP Ultra320 disks and to a RAID-0 drive consisting of a single 300GB HP Ultra320 disk. The controller has 128MB of cache, but I do not have a battery, so cache write policy is write-through. The kernel is the bsd, and not bsd.mp, but it makes no difference. I've tried both. Had the same kind of low performance on a Dell server with an entry level RAID adapter. I took the risk to force cache write policy to write-back, even without a battery. Performance is as it should be for a RAID-0, I'm just sweating a bit more... Next time, will add a few bucks and buy a real controller. Regards.
[help] route static and metric
Hello, do you know how configure a route static with a metric XX (for exemple 200) on openBSD ? Thanks
Route does not time out
Hi! Recently I just had a look at netstat -nrf inet and saw an IP not even in the network. Two days later I realized it was my friend's PC (he visisted me here with his PC) because he had the same IP again on a second visit with his PC. But then I wondered why it was still in the routing table. After the second visit, the same happened again: He wasn't even here anymore and 24h later, the IP was still in the routing table. The problem is only with my friend's box. All other machines here get removed from the routing table after they are off for a while. The line always remaining in the routing table is this: 192.168.1.44 link#2 UHLc1 261582 - rl0 Looking for link#2: 192.168.1/24 link#2 UC 40 - rl0 That's why I'm wondering: Are there any reasons why a route does NOT timeout? Can a machine request to get not removed from the routing table in some way? The only thing I know about his machine is that he uses Windows XP (*sigh*) without any SP. The quoted lines from netstat -nrf inet are from my router, running OpenBSD 4.0-beta. I can't test how it is on the other OpenBSD boxes here, since none of them runs for 24h or longer. If you need more information, just tell me what you need. PS: Removing it manually from the routing table works. But if I don't do this, the route doesn't timeout and is kept forever. -- Jonathan
Re: New Marvell/SysKonnect Gigabit driver
On Fri, Aug 18, 2006 at 01:02:13PM +0200, Andreas Bihlmaier wrote: On Thu, Aug 17, 2006 at 09:04:05PM +0200, Mark Kettenis wrote: Last night I checked in a driver, msk(4), for the previously unsupported Marvell and SysKonnect Gigabit NICs. The driver works pretty well for me on the new Mac mini, but could really use some more testing, especially on different hardware. If you have such hardware please compile yourself a fresh kernel (or fetch tourself today's snapshot) and send me the dmesg, and a short report how well the driver works for you. Thanks, Mark Thanks for all the effort to support these NICs. Well I got an onboard chip on an ASUS A8V-E DELUXE motherboard. I installed the latest i386 snapshot (see dmesg below), but things are not quite working. The interface gets attached (as msk0) and I can configure it with ifconfig. The problem is as soon as I up/assign ip/change media on msk0 I get 99.9% interrupt load, rendering the system pretty much unuseable until I reboot. No change whether cable is plugged in or isn't. Weird thing is that the interrupts don't show up in: systat -w 1 vmstat 1 usersLoad 1.79 1.04 0.48 Fri Aug 18 12:56:55 2006 memory totals (in KB)PAGING SWAPPING Interrupts real virtual free in out in out 228 total Active 162908162908 1529564 opsmskc0 All 529040529040 5723848 pages fxp0 pciide0 Proc:r d s wCsw Trp Sys Int Sof Flt 1 forks uhci0 2104537 245 5963728 37 1 fkppw ehci0 fksvm pckbc0 91.5%Int 0.7%Sys 2.1%Usr 0.0%Nic 5.7%Idle pwait 100 clock ||||||||||| relck 128 rtc || rlkok noram Namei Sys-cacheProc-cacheNo-cache 3 ndcpy Calls hits%hits %miss % fltcp zfod 1 cow Disks wd0 cd0 cd1 fd0 128 fmin seeks 170 ftarg xfers itarg Kbyte 148 wired sec pdfre pdscn pzidle 23 kmapent Dmesg: OpenBSD 4.0-beta (GENERIC) #1072: Thu Aug 17 12:55:53 MDT 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: AMD Athlon(tm) 64 Processor 3000+ (AuthenticAMD 686-class, 512KB L2 cache) 1.81 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SSE3 cpu0: Cool`n'Quiet K8 1801 Mhz: speeds: 1800 1000 Mhz real mem = 2145873920 (2095580K) avail mem = 1777840128 (1736172K) using 4256 buffers containing 278921216 bytes (272384K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(24) BIOS, date 01/25/06, BIOS32 rev. 0 @ 0xf1e40, SMBIOS rev. 2.3 @ 0xf (69 entries) bios0: ASUSTek Computer INC. A8V-E DELUXE apm0 at bios0: Power Management spec V1.2 apm0: AC on, battery charge unknown apm0: flags 70102 dobusy 1 doidle 1 pcibios0 at bios0: rev 3.0 @ 0xf/0xdf84 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfde40/320 (18 entries) pcibios0: PCI Exclusive IRQs: 3 5 11 pcibios0: PCI Interrupt Router at 000:17:0 (VIA VT82C596A ISA rev 0x00) pcibios0: PCI bus #6 is the last bus bios0: ROM list: 0xc/0xd000 0xd/0x1000 cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 VIA K8T890 Host rev 0x00 pchb1 at pci0 dev 0 function 1 VIA K8T890 Host rev 0x00 pchb2 at pci0 dev 0 function 2 VIA K8T890 Host rev 0x00 pchb3 at pci0 dev 0 function 3 VIA K8T890 Host rev 0x00 pchb4 at pci0 dev 0 function 4 VIA K8T890 Host rev 0x00 VIA K8T890 IOAPIC rev 0x00 at pci0 dev 0 function 5 not configured pchb5 at pci0 dev 0 function 7 VIA K8T890 Host rev 0x00 ppb0 at pci0 dev 1 function 0 VIA K8HTB AGP rev 0x00 pci1 at ppb0 bus 1 ppb1 at pci0 dev 2 function 0 VIA K8T890 PCI-PCI rev 0x00 pci2 at ppb1 bus 2 vga1 at pci2 dev 0 function 0 ATI Radeon X600 (RV380) rev 0x00 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) ATI Radeon X600 (RV380) Sec rev 0x00 at pci2 dev 0 function 1 not configured ppb2 at pci0 dev 3
Re: Experience with isakmpd/ipsec in production?
On Mon, 2006-08-21 at 15:43 +0200, Sven Ingebrigt Ulland wrote: How long have you been running openbsd isakmpd/ipsec (in production)? We've been using them since 3.9 and got small quirks mostly due to our misunderstanding of protocols and implementations, a little also due to the initial lack of openbsd-standard-level documentation :) Any issue was resolved with a small search on code or mailing list archive or as a last resource asking directly to [EMAIL PROTECTED] Now we got a 10 node VPN lan based totally on -current as of mid of August with more the 70 tunnels in it. I will add 8 more peers during September. So far very happy with reliability and maintenance facility. A small side note, I'm waiting the 'fix' for totally take advantage of Via C3/C7 crypto features and hope they will be in for 4.0 or just a little after :) even if my users are very happy with the current performance. Regards -- Massimo.run();
Questions about cfs
Hello, searches the web but couldn't find and usefull information and/or it didn't answer my questions. I am looking for some software to encrypt some large folders containing personal stuff. It should be possible to decrypt it on BSD and Linux systems. I found cfs in the ports tree but since it just got 3-key TDES and I am not sure about using blowfish and don't even know the others I am wondering how secure it is compared to other implementations like cryptsetup for Linux which can use AES. Since I a total beginner when it comes to programming I am wondering how hard it would be to enable aes in cfs and if 3-key TDES is still safe. Safe means, for me, that it needs too much time for decryption to even try. Also, if I understood correctly, it is possible to pipe a key into cmkdir when creating a folder and same when using cattach. Would it be possible to pipe the content of, lets say, a small image or a file filles from /dev/random or some other file as a key? Minimum key length is 16, whats the maximum key length? I am asking since I would like to use a floppy or USB stick to unlock the encrypted folders. Michael
OpenBSD-current (Changelog): Disable Speedstep and p4tcc setperf mechanisms on SMP systems
Forgive me if I should have posted this question to the SMP mailing list. I was reviewing the changelog for OpenBSD-current and came across the following: Disable Speedstep and p4tcc setperf mechanisms on SMP systems. Not knowing exactly what Speedstep was, I did some research and discovered it was an Intel technology for dynamic adjustment of processor speed. This seems like an excellent feature for systems requiring low power consumption (laptops, large scale server farms--Google, etc.). What I don't understand is why it would be disabled for SMP. Is this specific to OpenBSD? Is this something a developer should look into fixing (i.e. I'm a developer, I might want to fix it for the experience)? Brian
Re: G5 panic on boot from install media
I tried with -current (22/08) this morning and it does not panic. It hangs after this message: WARNING: unable to get date/time -- CHECK AND RESET THE DATE! Just after the rootdev= line. Also for Miod, It show the same message 'uhub0: device problem, disabling port 2'. I tried other ports as well as other usb keyboards (all apple though) and still no luck. Also, maybe worth mentioning: someone made that appropriate remark that the PowerMac G5 Dual-cores are marked as unsupported in the hardware compatibility pages (In the INSTALL file it says PowerMac G5 are supported, but I assume that's for the other models.) I am willing to work toward support for this machine so if any developper has something they want to test on it, send it to me.
Re: Route does not time out
On Tue, Aug 22, 2006 at 01:25:17PM +0200, Jonathan Schleifer wrote: Hi! Recently I just had a look at netstat -nrf inet and saw an IP not even in the network. Two days later I realized it was my friend's PC (he visisted me here with his PC) because he had the same IP again on a second visit with his PC. But then I wondered why it was still in the routing table. After the second visit, the same happened again: He wasn't even here anymore and 24h later, the IP was still in the routing table. The problem is only with my friend's box. All other machines here get removed from the routing table after they are off for a while. The line always remaining in the routing table is this: 192.168.1.44 link#2 UHLc1 261582 - rl0 Looking for link#2: 192.168.1/24 link#2 UC 40 - rl0 That's why I'm wondering: Are there any reasons why a route does NOT timeout? Can a machine request to get not removed from the routing table in some way? The only thing I know about his machine is that he uses Windows XP (*sigh*) without any SP. More than a *sigh* is in order here. What's he doing on your network, and where's the cluebat? The quoted lines from netstat -nrf inet are from my router, running OpenBSD 4.0-beta. I can't test how it is on the other OpenBSD boxes here, since none of them runs for 24h or longer. If you need more information, just tell me what you need. PS: Removing it manually from the routing table works. But if I don't do this, the route doesn't timeout and is kept forever. There's a reference, so something seems to be holding open a connection (or at least trying to; this is according to my reading of man netstat | grep -A3 [Rr]ef). netstat(8) may be useful in finding this connection, and tcpdrop(8) in dealing with it. Joachim
Multilink PPPoE
Just had a quick search through the misc@ archives came up with this: http://marc.theaimsgroup.com/?l=openbsd-miscm=98020447629037w=2 Is this still the way to setup a mlppp connection or has it been superceeded by something else?? Regards Sevan / Venture37 -- The truth, the half-truth, and nothing like the truth. - Mark Brandon Read
Re: Route does not time out
Joachim Schipper [EMAIL PROTECTED] wrote: More than a *sigh* is in order here. What's he doing on your network, and where's the cluebat? He only used the gateway to surf the web. Oh, and not to forget: He's a user on the jabber server (jabberd2) running on my router, so he connected it. There's a reference, so something seems to be holding open a connection (or at least trying to; this is according to my reading of man netstat | grep -A3 [Rr]ef). netstat(8) may be useful in finding this connection, and tcpdrop(8) in dealing with it. According to netstat, there is no open connection? And what's strange: If I remove it manually and he restarts his machine, it's in the routing table again - as expected. But if he turns his PC off then the route won't timeout again. I think he's got some malware on his PC - that would be just typical for a Windows box (*sigh* Why are there still people using Windows seriously?). But how would that malware be able to keep the route even if the machine is off and there's no open connection? -- Jonathan [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Re: Route does not time out
On Tue, Aug 22, 2006 at 05:05:08PM +0200, Jonathan Schleifer wrote: Joachim Schipper [EMAIL PROTECTED] wrote: More than a *sigh* is in order here. What's he doing on your network, and where's the cluebat? He only used the gateway to surf the web. Oh, and not to forget: He's a user on the jabber server (jabberd2) running on my router, so he connected it. There's a reference, so something seems to be holding open a connection (or at least trying to; this is according to my reading of man netstat | grep -A3 [Rr]ef). netstat(8) may be useful in finding this connection, and tcpdrop(8) in dealing with it. According to netstat, there is no open connection? And what's strange: If I remove it manually and he restarts his machine, it's in the routing table again - as expected. But if he turns his PC off then the route won't timeout again. I think he's got some malware on his PC - that would be just typical for a Windows box (*sigh* Why are there still people using Windows seriously?). But how would that malware be able to keep the route even if the machine is off and there's no open connection? Please send the output of route -n get IP -- the route timeout should be included this output. Do other machines on the LAN timeout normaly? -- :wq Claudio
Re: OpenBSD-current (Changelog): Disable Speedstep and p4tcc setperf mechanisms on SMP systems
On Tue, 2006-08-22 at 10:23 -0400, Brian Curtis wrote: Not knowing exactly what Speedstep was, I did some research and discovered it was an Intel technology for dynamic adjustment of processor speed. This seems like an excellent feature for systems requiring low power consumption (laptops, large scale server farms--Google, etc.). What I don't understand is why it would be disabled for SMP. Is this specific to OpenBSD? Is this something a developer should look into fixing (i.e. I'm a developer, I might want to fix it for the experience)? In my experience, dynamic frequency scaling has been somewhat unstable on SMP systems, including other OS that have had SMP longer (like Linux), not just OpenBSD. Specifically, my experience deals with frequency scaling on SMP systems under heavy load tend to lock up. Not sure if this is the reason that the devs disabled it, but it wouldn't suprise me if it were. later. ryanc -- Ryan Corder [EMAIL PROTECTED] Systems Engineer, NovaSys Health LLC. 501-219- ext. 646 [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Re: Questions about cfs
On 8/22/06, Michael [EMAIL PROTECTED] wrote: Hello, searches the web but couldn't find and usefull information and/or it didn't answer my questions. I am looking for some software to encrypt some large folders containing personal stuff. It should be possible to decrypt it on BSD and Linux systems. I found cfs in the ports tree but since it just got 3-key TDES and I am not sure about using blowfish and don't even know the others I am wondering how secure it is compared to other implementations like cryptsetup for Linux which can use AES. I have never used cfs and it looks like it hasn't been maintained lately. Someone recently vouched for it on here though. However, the typical solution to this problem is to make an encrypted vnd disk using vnconfig(8) and then newfs that disk. It's not as flexible as the cfs method, which can encrypt each folder separately, but if you don't have too many things to encrypt separately you can make it work (you have 13 or so partitions you can fit into the disklabel). I'm not sure if this could work from Linux though. Also, if I understood correctly, it is possible to pipe a key into cmkdir when creating a folder and same when using cattach. Would it be possible to pipe the content of, lets say, a small image or a file filles from /dev/random or some other file as a key? Minimum key length is 16, whats the maximum key length? I am asking since I would like to use a floppy or USB stick to unlock the encrypted folders. Seems like there would be no reason why not... you might want to make it a two-factor encryption method, then, by having a script take your key from the thumbdrive and concat it to a password you type in. Using /dev/urandom (not random) to generate the thumbdrive half is a good idea. -Nick
Re: Questions about cfs
On 8/22/06, Nick Guenther [EMAIL PROTECTED] wrote: On 8/22/06, Michael [EMAIL PROTECTED] wrote: [ . . . ] (you have 13 or so partitions you can fit into the disklabel). What am I saying? vnd disks are not connected to wd disks. There should be no arbitrary restriction. -Nick
Re: Kernel never loads completely
Success with the snapshot of today. With today's floppy I don't need to do any workarounds. With a snapshot floppy from 8/19 it would panic during boot but this morning I grabbed the latest floppy40.fs and this system boots without me having to manually choose the boot device. I'll be upgrading from 3.9 to the snapshot tonight. Greg On 8/21/06, Greg Thomas [EMAIL PROTECTED] wrote: On 8/20/06, Nick Holland [EMAIL PROTECTED] wrote: Greg Thomas wrote: I have an old, unused since OpenBSD 3.4 Athlon XP 1800+ that I just replaced the mobo on because the previous mobo wouldn't boot with a LSI MegaRAID 150-6 installed. I haven't yet tried other OSes but so far with the 3.4 system on the harddrive and any OpenBSD boot floppy it hangs here: booting hd0a:/bsd: 4466772 That's not booting from the floppy. If that's what you are getting, your system isn't trying to boot from the floppy, it keeps going to the HD. Bad floppy, bad cable, bad setting ... (I could also read unstated things into what you are saying, but that's not at all wise) Any ideas? Bad memory? With the mobo I received new Kingston memory but have no other DDR stuff to test with at the moment. 3.4 had the old boot loader that didn't like changing disk geometries. Changing the MoBo could cause issues, though I don't recall that exact symptom. Could also be a HD damaged in handling... If the floppy is really trying to boot and it is hanging at that point, I'd be suspicious of a hardware problem. That's so early in the boot process, the only thing running is the boot loader. The 3.4 boot loader and the 3.9/4.0 boot loader have very little in common, so if BOTH are failing in the same way, you got either a really odd piece of HW or a broken piece of HW. Hah, I found a workaround. If I set only one boot device in the BIOS or if I use the BIOS' boot menu and select the device I want to boot from OpenBSD will boot from floppy, CD, or harddrive. If I let it search through the boot devices set up in the BIOS, whether the working boot device is first, 2nd or third, it hangs as mentioned above. That's an easy enough workaround so I'm fine with that. I was about to give up but since other OSes installed and booted fine I figured I'd keep poking around. I can get a dmesg later if anyone is interested. Greg
Re: Experience with isakmpd/ipsec in production?
On Tue, Aug 22, 2006 at 04:10:22PM +0200, Massimo Lusetti wrote: On Mon, 2006-08-21 at 15:43 +0200, Sven Ingebrigt Ulland wrote: snip I'm making heavy usage of VPN to mount NFS over (so there are huge amounts of traffic going over the tunnel at maximum speed the CPUs can handle) and IPSEC itself works very reliable (at least compared to openvpn, which I never had real luck with). The only issue, which remains: I have to reboot ALL clients, which have an active NFS mount after the server went down. But that has nothing to do with IPSEC, thus I shut up about it at this point. A small side note, I'm waiting the 'fix' for totally take advantage of Via C3/C7 crypto features and hope they will be in for 4.0 or just a little after :) even if my users are very happy with the current performance. Is there development going on with the VIA issue? Would be great I'm eager for near-line-speed (100mbit) @25W :) Regards, ahb
ATTENTION BEA Partners (BEA, WEBSPHERE, CRM, GREAT PLAINS, EXCHANGE, SQL CUSTOMER LISTS)
I'd like to introduce our company, Repharm Technologies, to you. We are a knowledge base company, and we sell contact lists. We have a variety of lists available, from hardware, software, to technology companies, with on average 10 executive contacts per organization. Our lists are continuously maintained to ensure the highest level of accuracy and completeness. We have hundreds of industry leaders as customers today - many who's names you would recognize. If you'd be interested, we could send you a sample of one of our lists complete with summary information, so that you could evaluate our content. I see from your website that you are an Alliance Partner of BEA and wondered if you'd be interested in acquiring a copy of their customer list? Or, if you'd be interested in finding out about the various lists we have available, in preparation for any sales or marketing campaigns that your organization may be considering in future, we'd love to hear from you. Or, perhaps you'd be interested in acquiring your competitors' customer lists? If you'd like more information, please contact Mike Gordon at our Repharm office at (905) 728-6708, or email [EMAIL PROTECTED] Thank you in advance for your consideration, and we look forward to hearing from you. Regards, Margaret Moore Business Development Representative Repharm Technologies *** If you would prefer not to receive communications from us in future, please reply to this email with remove in the subject line.
ftp-proxy
Hi ! I'm using the exact pf ruleset that is in: http://www.openbsd.org/faq/pf/example1.html#allrules and my problem is that clients can't access ftp servers, I noticed this pf.conf doesn't have any rules for ftp-proxy, shouldn't there be a rule for this? Or any ideas where should i start looking for the problem? Thanks Der
Re: ftp-proxy
Hello, You won't get a useful answer if you don't provide useful information. 1) What version of obsd are you using? 2) Post your pf.conf? 3) Post some tcpdump -nettti pflog0 output to see what is blocked? Are you sure that you have all the required anchors (required for ftp-proxy) in your pf, check twice? (The pf rules are automatically generated and load/unloaded with the anchors) Kind regards, Didier - Original Message - From: Der Engel Date: Tuesday, August 22, 2006 20:07 Subject: ftp-proxy To: misc@openbsd.org Hi ! I'm using the exact pf ruleset that is in: http://www.openbsd.org/faq/pf/example1.html#allrules and my problem is that clients can't access ftp servers, I noticed this pf.conf doesn't have any rules for ftp-proxy, shouldn't there be a rule for this? Or any ideas where should i start looking for the problem? Thanks Der
Re: ftp-proxy
Its obsd 3.9, i just found the proble, ftp-proxy is manage through rc.conf now, the ftp-proxy man page doesn't say anything about this. Thanks Der On 8/22/06, Didier Wiroth [EMAIL PROTECTED] wrote: Hello, You won't get a useful answer if you don't provide useful information. 1) What version of obsd are you using? 2) Post your pf.conf? 3) Post some tcpdump -nettti pflog0 output to see what is blocked? Are you sure that you have all the required anchors (required for ftp-proxy) in your pf, check twice? (The pf rules are automatically generated and load/unloaded with the anchors) Kind regards, Didier - Original Message - From: Der Engel Date: Tuesday, August 22, 2006 20:07 Subject: ftp-proxy To: misc@openbsd.org Hi ! I'm using the exact pf ruleset that is in: http://www.openbsd.org/faq/pf/example1.html#allrules and my problem is that clients can't access ftp servers, I noticed this pf.conf doesn't have any rules for ftp-proxy, shouldn't there be a rule for this? Or any ideas where should i start looking for the problem? Thanks Der
Re: Installing Tor on OBSD3.8
On 8/22/06, joe_schmoe [EMAIL PROTECTED] wrote: Greetings I am contemplating buying the OBSD3.8 CDs and just wanted to double check something first before proceeding. I have heard about a program called Tor which I think stands for The Onion Router - which basically anonymizes one's Internet activity (is that correct?). I would like to install that on the OBSD3.8 dedicated firewall, so just a couple of quick questions: 1. What is involved in installing Tor - any special proceedures or any gotchas? http://tor.eff.org Tor does not play nice with something on OpenBSD. something to do with gethostbyname_r(), which OpenBSD doesn't even have. 2. Does it have any effect on overall performance? Yes. It redirects traffic bouncing it all over the internet. 3. Is my understanding of the function of Tor accurate and will it actually anonymize all machines behind the firewall? Would this extend to blocking IP addresses, or does it merely mangle the packet headers? No, not entirely. They make this quite clear at http://tor.eff.org -Nick
Re: Route does not time out
Claudio Jeker [EMAIL PROTECTED] wrote: Please send the output of route -n get IP -- the route timeout should be included this output. Do other machines on the LAN timeout normaly? $ route -n get 192.168.1.44 route to: 192.168.1.44 destination: 192.168.1.44 interface: rl0 if address: 192.168.1.1 flags: UP,HOST,DONE,LLINFO,CLONED use hopcount mtuexpire 264256 0 0-15355 And yes, all other machines on the LAN timeout as expected. -- Jonathan
Re: Installing Tor on OBSD3.8
On Tuesday, 22 August 2006 at 14:44:04 -0400, Nick Guenther wrote: 1. What is involved in installing Tor - any special proceedures or any gotchas? gethostbyname_r(), which OpenBSD doesn't even have. I got Tor compiled and ran OK on OBSD-3.8 without any changes. Here are what I did: - download the latest port from the the latest snapshot. Note this is not official supported because the snapshot is not for OBSD-3.8. - move the port tor to /usr/ports/net/ - make; make install. I even modified the Makefile to install the the latest tor via port. Again, this is not official supported. 2. Does it have any effect on overall performance? Yes. It redirects traffic bouncing it all over the internet. It is slower. I use only ftp, ssh and http(s). 3. Is my understanding of the function of Tor accurate and will it actually anonymize all machines behind the firewall? Would this extend to blocking IP addresses, or does it merely mangle the packet headers? No, not entirely. They make this quite clear at http://tor.eff.org I installed tor on a firewall (OBSD-3.8) so all my boxes behind the firewall are anonymized. I don't think it has any effect on PF. HTH, Zoong
OpenBSD 3.9 couldn't detect the Intel Core2Duo system, yet?
Hi, I'm a young man who living in Busan, Corea. Some days ago, I've got a whole new powerfull system. That's a Intel's new platform Core2Duo, E6300 exactly. But boot message won't be far, stoped stuck in the middle at these blue letters. So as I thought, It's impossible yet, to setup OpenBSD at the Core2Duo system. Someone who know the answer, please tell me more about this situation. And does it will be possible on a next version of OpenBSD? (that may be come out at this November) Thanks, from BaSHian -- View this message in context: http://www.nabble.com/OpenBSD-3.9-couldn%27t-detect-the-Intel-Core2Duo-system%2C-yet--tf2149423.html#a5935573 Sent from the openbsd user - misc forum at Nabble.com.
running -current sendmail on 3.9-stable.
Hi, It seems I've been bitten by one of the bugs that exist in sendmail 8.13.4 that ships with obsd3.9 This particular bug was fixed in 8.13.5: When a server responds with 421 to the STARTTLS command then treat it as a temporary error, not as protocol error. Problem noted by Andrey J. Melnikoff. I know that this won't be officially supported by the obsd developers, but is the idea to update just the sendmail component to -current (sendmail 8.13.8) on 3.9-stable a reasonable one, or am I being completely stupid. I've got a lot of boxes on obsd 3.9-stable, and although I will update them to 4.0 when it comes out, I was hoping to fix this sendmail problem in a quicker way than updating them all to 4.0-beta, then updating them all again to 4.0 when it comes out. ( as I am still a newbie, I prefer -stable to -current on production boxes ) Thanks, Craig.
Re: OpenBSD 3.9 couldn't detect the Intel Core2Duo system, yet?
On 8/22/06, BaSHian [EMAIL PROTECTED] wrote: Hi, I'm a young man who living in Busan, Corea. Some days ago, I've got a whole new powerfull system. That's a Intel's new platform Core2Duo, E6300 exactly. But boot message won't be far, stoped stuck in the middle at these blue letters. So as I thought, It's impossible yet, to setup OpenBSD at the Core2Duo system. Someone who know the answer, please tell me more about this situation. And does it will be possible on a next version of OpenBSD? (that may be come out at this November) Thanks, from BaSHian If you are unable to post a complete dmesg, please post, at a minimum, what the blue letters say (-: aaron.glenn
Re: OpenBSD 3.9 couldn't detect the Intel Core2Duo system, yet?
Aaron Glenn wrote: On 8/22/06, BaSHian [EMAIL PROTECTED] wrote: Hi, I'm a young man who living in Busan, Corea. Some days ago, I've got a whole new powerfull system. That's a Intel's new platform Core2Duo, E6300 exactly. But boot message won't be far, stoped stuck in the middle at these blue letters. So as I thought, It's impossible yet, to setup OpenBSD at the Core2Duo system. Someone who know the answer, please tell me more about this situation. And does it will be possible on a next version of OpenBSD? (that may be come out at this November) Thanks, from BaSHian If you are unable to post a complete dmesg, please post, at a minimum, what the blue letters say (-: aaron.glenn Yes, I wrote on papers these last messages on only monitor. these are... uhub1 at usb1 uhub1: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub1: 2ports with 2removable, self powered ehci0 at pci0 dev 26 function 7 vendor Intel, unknown product 0x283a rev 0x02: irq 15 usb2 at ehci0: USB revision 2.0 uhub2 at usb2 uhub2: Intel EHCI root hub, rev 2.00/1.00, addr 1 uhub2: 4ports with 4removable, self powered vendor Intel, unknown product 0x284b (class multimedia unknown subclass 0x03, rev 0x02) at pci0 dev 27 function 0 not configured ppb1 at pci0 dev 28 function 0 vendor Intel, unknown product 0x283f rev 0x02 pci2 at ppb1 bus 2 ppb2 at pci0 dev 28 function 3 vendor Intel, unknown product 0x2845 rev 0x02 pci3 at ppb2 bus 3 vendor Realtek, unknown product 0x8168 (class network sub class ethernet, rev 0x01) at pci3 dev 0 function 0 not configured ppb3 at pci0 dev 28 function 4 vendor Intel, unknown product 0x2847 rev 0x02 pci4 at ppb3 hub 4 pciide0 at pci4 dev 0 function 0 vendor JMicron, unknown product 0x2363 rev 0x02: DMA (un supportted), channel 0 wired to native-PCI, channel 1 wired to native-PCIj pciide0: using irq 11 for native-PCI interrupt pciide0: channel 0 ignored (not responding, disabled or no drivers?) atapiscsi0 at pciide0 these are the last messages that saw. -- View this message in context: http://www.nabble.com/OpenBSD-3.9-couldn%27t-detect-the-Intel-Core2Duo-system%2C-yet--tf2149423.html#a5936161 Sent from the openbsd user - misc forum at Nabble.com.
Re: OpenBSD 3.9 couldn't detect the Intel Core2Duo system, yet?
On Tue, Aug 22, 2006 at 04:20:44PM -0700, BaSHian wrote: Hi, I'm a young man who living in Busan, Corea. Some days ago, I've got a whole new powerfull system. That's a Intel's new platform Core2Duo, E6300 exactly. But boot message won't be far, stoped stuck in the middle at these blue letters. So as I thought, It's impossible yet, to setup OpenBSD at the Core2Duo system. Someone who know the answer, please tell me more about this situation. And does it will be possible on a next version of OpenBSD? (that may be come out at this November) Thanks, from BaSHian Try a snapshot.
Re: MegaRAID SCSI 320-2 bad write performance
below are the results of my tests with the LSI MegaRAID SCSI 320-2 controller on 3.9-release and 4.0-beta (snapshot pulled on Aug 22, 2006). I tested writing to both a RAID-5 and a RAID-0 logical drive. The RAID-0 drive consists of a single drive, what I'd call a JBOD. While the test program was running, I had iostat running, and I noted the results next to each test. The iostat values moved around a lot, so I took a figure close to the peak value. Naturally all the async tests were influenced by the buffer cache to a certain extent. I'm a little confused as to why writing sequential blocks with O_SYNC should be so slow... Rob Urban #== # 3.9 #== RAID-0 drive: write-test: -- Sync -- 1 proc: 1.7MB/s iostat: 1.8MB/s 2 procs: 1MB/s and 1MB/s iostat: 2MB/s Async -- 1 proc: 8.7MB/s iostat: 5MB/s 2 procs: 11MB/s and 5.6MB/s iostat: 4.8MB/s dd if=/dev/zero of=testfile bs=64k count=4096 -- took 28.26 seconds, bw: 9MB/s iostat reported: 4.6MB/s RAID-5 drive: write-test: -- Sync -- 1 proc: 1.1MB/s iostat: 1.2MB/s 2 procs: 0.7MB/s and 0.7MB/s iostat: 1.6MB/s Async -- 1 proc: 10MB/s iostat: 3.2MB/s 2 procs: 5.2MB/s and 5.2MB/s iostat: 5MB/s dd if=/dev/zero of=testfile bs=64k count=4096 -- took 39.1 seconds, bw: 6.5MB/s iostat reported: 3.3MB/s #== # 4.0-beta #== RAID-0 drive: write-test: -- Sync -- 1 proc: 1.5MB/s iostat: 3MB/s 2 procs: 0.76MB/s and 0.76MB/s iostat: 3.4MB/s Async -- 1 proc: 15MB/s iostat: 10MB/s 2 procs: 8.2MB/s and 5.8MB/s iostat: 10MB/s dd if=/dev/zero of=testfile bs=64k count=4096 -- took 21.8 seconds, bw: 11.7MB/s iostat reported: 10MB/s RAID-5 drive: write-test: -- Sync -- 1 proc: 1.02MB/s iostat: 2.5MB/s 2 procs: 0.62MB/s and 0.62MB/s iostat: 2.9MB/s Async -- 1 proc: 9MB/s iostat: 6.3MB/s 2 procs: 4.1MB/s and 3.8MB/s iostat: 6.5MB/s dd if=/dev/zero of=testfile bs=64k count=4096 -- took 35 seconds, bw: 7.3MB/s iostat reported: 7MB/s
Re: MegaRAID SCSI 320-2 bad write performance
On 8/21/06, Robert Urban [EMAIL PROTECTED] wrote: using a simple test program to write sequential blocks to a file, optionally opening with O_SYNC, I've tested write performance to a MegaRAID logical drive . . . All tests performed with O_SYNC, to avoid bufcache interaction. The performance, at least to my perhaps naive eyes, seems abysmal. I'm getting 1.2MB/sec on the RAID-5 logical drive. Have you tried your test on any other controller? Do you have bonnie++ results for this controller? I have a pair of Dell 2850 servers with PERC 4e/Di, if these are similar enough I can run tests (RAID0 and RAID1). Kevin
Re: running -current sendmail on 3.9-stable.
On Tuesday 22 August 2006 19:37, Craig Hammond wrote: Hi, It seems I've been bitten by one of the bugs that exist in sendmail 8.13.4 that ships with obsd3.9 This particular bug was fixed in 8.13.5: When a server responds with 421 to the STARTTLS command then treat it as a temporary error, not as protocol error. Problem noted by Andrey J. Melnikoff. I know that this won't be officially supported by the obsd developers, but is the idea to update just the sendmail component to -current (sendmail 8.13.8) on 3.9-stable a reasonable one, or am I being completely stupid. I've got a lot of boxes on obsd 3.9-stable, and although I will update them to 4.0 when it comes out, I was hoping to fix this sendmail problem in a quicker way than updating them all to 4.0-beta, then updating them all again to 4.0 when it comes out. ( as I am still a newbie, I prefer -stable to -current on production boxes ) Thanks, Craig. You are free to run whatever software you want to on your OpenBSD boxes. Rather than taking the sendmail from 3.9-stable, why not go to sendmail.org and grab the latest version and compile that? If you enouter errors you can look to the OpenBSD files to look for anything like patches. Me, I'd create another 3.9-stable box and try this before doing it on a system you use. You shouldn't have many problems. --STeve Andre'
Re: MegaRAID SCSI 320-2 bad write performance
Hi Kevin, Kevin wrote: On 8/21/06, Robert Urban [EMAIL PROTECTED] wrote: using a simple test program to write sequential blocks to a file, optionally opening with O_SYNC, I've tested write performance to a MegaRAID logical drive . . . All tests performed with O_SYNC, to avoid bufcache interaction. The performance, at least to my perhaps naive eyes, seems abysmal. I'm getting 1.2MB/sec on the RAID-5 logical drive. Have you tried your test on any other controller? no. I could run them on the onboard Smart Array 5i controller. I will try to get some results for this controller, maybe tomorrow. Do you have bonnie++ results for this controller? No, but I've just copied the sources :) Will post. In order to get a baseline, I could plug in an AHA-3960D (dual channel U160) and connect a disk to it, just to see what the disk can do with no raid controller in between... I have a pair of Dell 2850 servers with PERC 4e/Di, if these are similar enough I can run tests (RAID0 and RAID1). with cache battery back up? Rob Urban
Re: MegaRAID SCSI 320-2 bad write performance
Due to the battery missing every IO the host sends has to complete before the next one goes down. So the sequence of events is: 1. Send host io through driver 2. Firmware accepts it 3. Firmware creates 1 or more IOs and shoots those off to the disk 4. Firmware waits until IOs complete 5. Firmware raises interrupt to inform host that IO completed 6. ami(4) driver now completes the IO on the host 7. goto 1 Also if you want to test read/write performance you have to use the raw device. A dd test should use for example /dev/rsd0c instead of a file. Why don't you have a battery for that thing? On a separate note; i do believe that LSI does have some firmware that'll allow to enable write back cache without a battery. I am not 100% sure about though. On Wed, Aug 23, 2006 at 04:01:10AM +0200, Robert Urban wrote: below are the results of my tests with the LSI MegaRAID SCSI 320-2 controller on 3.9-release and 4.0-beta (snapshot pulled on Aug 22, 2006). I tested writing to both a RAID-5 and a RAID-0 logical drive. The RAID-0 drive consists of a single drive, what I'd call a JBOD. While the test program was running, I had iostat running, and I noted the results next to each test. The iostat values moved around a lot, so I took a figure close to the peak value. Naturally all the async tests were influenced by the buffer cache to a certain extent. I'm a little confused as to why writing sequential blocks with O_SYNC should be so slow... Rob Urban #== # 3.9 #== RAID-0 drive: write-test: -- Sync -- 1 proc: 1.7MB/s iostat: 1.8MB/s 2 procs: 1MB/s and 1MB/s iostat: 2MB/s Async -- 1 proc: 8.7MB/s iostat: 5MB/s 2 procs: 11MB/s and 5.6MB/s iostat: 4.8MB/s dd if=/dev/zero of=testfile bs=64k count=4096 -- took 28.26 seconds, bw: 9MB/s iostat reported: 4.6MB/s RAID-5 drive: write-test: -- Sync -- 1 proc: 1.1MB/s iostat: 1.2MB/s 2 procs: 0.7MB/s and 0.7MB/s iostat: 1.6MB/s Async -- 1 proc: 10MB/s iostat: 3.2MB/s 2 procs: 5.2MB/s and 5.2MB/s iostat: 5MB/s dd if=/dev/zero of=testfile bs=64k count=4096 -- took 39.1 seconds, bw: 6.5MB/s iostat reported: 3.3MB/s #== # 4.0-beta #== RAID-0 drive: write-test: -- Sync -- 1 proc: 1.5MB/s iostat: 3MB/s 2 procs: 0.76MB/s and 0.76MB/s iostat: 3.4MB/s Async -- 1 proc: 15MB/s iostat: 10MB/s 2 procs: 8.2MB/s and 5.8MB/s iostat: 10MB/s dd if=/dev/zero of=testfile bs=64k count=4096 -- took 21.8 seconds, bw: 11.7MB/s iostat reported: 10MB/s RAID-5 drive: write-test: -- Sync -- 1 proc: 1.02MB/s iostat: 2.5MB/s 2 procs: 0.62MB/s and 0.62MB/s iostat: 2.9MB/s Async -- 1 proc: 9MB/s iostat: 6.3MB/s 2 procs: 4.1MB/s and 3.8MB/s iostat: 6.5MB/s dd if=/dev/zero of=testfile bs=64k count=4096 -- took 35 seconds, bw: 7.3MB/s iostat reported: 7MB/s
Re: pf queue monitoring
tony sarendal wrote on 22/08/2006 08:32: I wrote a script to generate graphs for the queues using python and rrdtool a while back when I needed it, although it only works with CBQ. http://www.prefixmaster.com/eyeonpf.php awesome tool. i try it yesterday evening and it is really simple to make it work. two questions: - is it possible or plan to make it work on a remote system: maybe generate data on a host and graph only on other ? - is there a way to debug label graph. some don't work for me (no graph; labels are correctly listed) some other errors, are for label with [] characters (if tftp_stuff:$dstaddr and dst_addr is a table or with ports like xw) other has nothing special in label name like string:port thanks a lot for this great script Regards Julien
