Re: Sun x4100 amd64 dies with NMI under heavy network load

[Srebrenko Sehic]

I have deployed several X4200 on 3.9 (with mpi(4) backported from
4.0). AFAIK, X4200 == X4100. It just has some more PCI slots.


When booting, RTC BIOS diagnostic error 2 is displayed, I'm not sure if
that's relevant.


You might want to investigate that. Not sure, but I don't remember
seeing that error on the X4200 boxes I had tested. BIOS update might
be relevant. Perhaps it's also caused by bad hardware.

I have not seen any stability problems with my X4200 deployments. They
are not running as network firewalls, but as application level
proxies, so the error you are seeing could be due to higher pps count.
Unlike you, I didn't put anything non-stock in the box. 4 built-in
NICs where enough for my purposes.


After the NMI, the system is at the ddb prompt, but the virtual console is
unresponsive and I can't type anything at it. So far I haven't been able to
get the serial console working, so I'm not sure if the unresponsiveness is
due to the USB virtual console, or if the system is just plain hung up.


USB layer doesn't work in ddb so you'll need the serial working to
get useful debug data.

hardware: IBM x3455 test reports

[Srebrenko Sehic]

IBM changed their entire (almost) lineup of X-series servers. It seems
that most of the SCSI/SAS variants now have ServeRAID/Adaptec chips,
which makes them unusable on OpenBSD. X3455, oddly, has an LSI1064 SAS
and should work fine.

Anyways, I got my hands on one with SATA. And it just works. Even IPMI
works (previous IBM boxes had quirks).

As always, more info on http://www.armorlogic.com/oscl

OpenBSD 4.0 (GENERIC.MP) #967: Sat Sep 16 20:38:15 MDT 2006
   [EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 3488210944 (3406456K)
avail mem = 2990272512 (2920188K)
using 22937 buffers containing 349028352 bytes (340848K) of memory
mainbus0 (root)
bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xcff6c000 (51 entries)
bios0: IBM IBM System x3455-[798452Y]-
ipmi0 at mainbus0: version 2.0 interface KCS iobase 0xca8/8 spacing 4
mainbus0: Intel MP Specification (Version 1.4) (BRCM EXPLOSION   )
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Dual-Core AMD Opteron(tm) Processor 2218, 2593.84 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW
cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 1MB
64b/line 16-way L2 cache
cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative
cpu0: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative
cpu0: apic clock running at 199MHz
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Dual-Core AMD Opteron(tm) Processor 2218, 2593.50 MHz
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW
cpu1: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 1MB
64b/line 16-way L2 cache
cpu1: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative
cpu1: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative
cpu2 at mainbus0: apid 2 (application processor)
cpu2: Dual-Core AMD Opteron(tm) Processor 2218, 2593.50 MHz
cpu2: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW
cpu2: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 1MB
64b/line 16-way L2 cache
cpu2: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative
cpu2: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative
cpu3 at mainbus0: apid 3 (application processor)
cpu3: Dual-Core AMD Opteron(tm) Processor 2218, 2593.50 MHz
cpu3: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW
cpu3: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 1MB
64b/line 16-way L2 cache
cpu3: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative
cpu3: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative
mpbios: bus 0 is type PCI
mpbios: bus 1 is type PCI
mpbios: bus 2 is type PCI
mpbios: bus 3 is type ISA
ioapic0 at mainbus0 apid 4 pa 0xfec0, version 11, 16 pins
ioapic1 at mainbus0 apid 5 pa 0xfec01000, version 11, 16 pins
ioapic2 at mainbus0 apid 6 pa 0xfec02000, version 11, 16 pins
pci0 at mainbus0 bus 0: configuration mode 1
ppb0 at pci0 dev 1 function 0 ServerWorks HT-1000 PCI rev 0x00
pci1 at ppb0 bus 1
ppb1 at pci1 dev 13 function 0 ServerWorks HT-1000 PCIX rev 0xc0
pci2 at ppb1 bus 2
bge0 at pci2 dev 1 function 0 Broadcom BCM5704C rev 0x10, BCM5704 B0
(0x2100): apic 5 int 2 (irq 11), address 00:14:5e:55:13:7f
brgphy0 at bge0 phy 1: BCM5704 10/100/1000baseT PHY, rev. 0
bge1 at pci2 dev 1 function 1 Broadcom BCM5704C rev 0x10, BCM5704 B0
(0x2100): apic 5 int 1 (irq 5), address 00:14:5e:55:13:80
brgphy1 at bge1 phy 1: BCM5704 10/100/1000baseT PHY, rev. 0
pciide0 at pci1 dev 14 function 0 ServerWorks HT-1000 SATA rev 0x00: DMA
pciide0: using apic 4 int 7 (irq 7) for native-PCI interrupt
pciide0: port 0: device present, speed: 1.5Gb/s
wd0 at pciide0 channel 0 drive 0: WDC WD800JD-23LSA0
wd0: 16-sector PIO, LBA48, 76324MB, 156312576 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5
pciide0: port 1: PHY offline
pciide0: port 2: PHY offline
pciide0: port 3: PHY offline
piixpm0 at pci0 dev 2 function 0 ServerWorks HT-1000 rev 0x00: polling
iic0 at piixpm0: disabled to avoid ipmi0 interactions
pciide1 at pci0 dev 2 function 1 ServerWorks HT-1000 IDE rev 0x00: DMA
pcib0 at pci0 dev 2 function 2 ServerWorks HT-1000 LPC rev 0x00
ohci0 at pci0 dev 3 function 0 ServerWorks HT-1000 USB rev 0x01:
apic 4 int 10 (irq 10), version 1.0, legacy support
usb0 at ohci0: USB revision 1.0
uhub0 at usb0
uhub0: ServerWorks OHCI root hub, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
ohci1 at pci0 dev 3 function 1 ServerWorks HT-1000 USB rev 0x01:
apic 4 int 10 (irq 10), version 1.0, legacy support
usb1 at ohci1: USB revision 1.0
uhub1 at usb1
uhub1: ServerWorks OHCI root hub, rev 1.00/1.00, 

Re: hardware: IBM x3455 test reports

[Srebrenko Sehic]

IBM changed their entire (almost) lineup of X-series servers. It seems
that most of the SCSI/SAS variants now have ServeRAID/Adaptec chips,
which makes them unusable on OpenBSD. X3455, oddly, has an LSI1064 SAS
and should work fine.


Just to correct myself. x3200 and x3250 (both available with either
Penitum D and XEON) also come with LSI1064e SAS/SATA controllers.

The rest of boxes have either Adaptec AIC-9580W or AIC-9410.

All the gory details at
http://www-03.ibm.com/servers/eserver/education/cust/xseries/xref/usxref.pdf

Linking errors of size mismatch

[Federico Giannici]

I'm trying to compile version 3 of milter-greylist. Unfortunately in 
packages there is only version 2 and I NEED the new DNSBL feature.


As it appears that OpenBSD 4.0 resolver library is not thread-safe, I'm 
trying to link the program with libbind. To be sure I installed libbind 
from the official packages.


It compiles cleansy but when I run milter-greylist it exits with the 
following errors:


./milter-greylist:/usr/lib/libc.so.39.3: /usr/local/lib/libbind.so.2.0 : 
WARNING: symbol(__p_class_syms) size mismatch, relink your program
./milter-greylist:/usr/lib/libc.so.39.3: /usr/local/lib/libbind.so.2.0 : 
WARNING: symbol(_res) size mismatch, relink your program
./milter-greylist:/usr/lib/libc.so.39.3: /usr/local/lib/libbind.so.2.0 : 
WARNING: symbol(__p_type_syms) size mismatch, relink your program


Probably I made a really stupid error as the autoconfig doesn't works 
for OpenBSD and so I modified the Makefile by myself.


Somebody can give me an hint of what I made wrong?


Thanks.

--
___
__
   |-  [EMAIL PROTECTED]
   |ederico Giannici  http://www.neomedia.it
___

Re: AMD dual core, deciding factors for a platform?

[Marc Peters]

Tonnerre LOMBARD schrieb:

Salut,

On Thu, Nov 16, 2006 at 05:38:58PM +0200, turha turha wrote:

I'm about to build a new box, and thought I'd ask first if there's any
experience with AMD's dual core processors (AM2 or s939). From what I've
read both socket types work as amd64, with bsd and bsd.mp, right?

Any thoughts on which works more stable and faster, i386 vs amd64 arch, and
the benefits of using bsd.mp? What chipsets/MoBos work well?

So mainly I'm interested in comments from people who have tested these, to
see if it's worth the trouble (money) to get dual core for openbsd, is

there

much of an improvement, etc.


I tried 3.9 on a Sun Fire X2100 with a dual core Opteron 146 a while ago,
but OpenBSD only worked every other boot. On some boots, it would just
crash and on the next boot it would do a fsck and then crash and one more
reboot later, it would come up with a corrupt boot sector. :/

Tonnerre



here it is working fine on sunfire X2100, but it's only one processor 
machines, but working fine and fast with amd64 and 4.0


regards,
marc

Re: UKC only disable ohci1 and leave ohci0

[Christian M. Bernard]

 (UKC, config) I tried to disable ohci* and added a new device ohci0
 instead, but that doesn't seem to work:
 part of dmesg (rest see below):
 ohci0 at pci1 dev 24 function 0 Apple USB rev 0x00: irq 27, version
 1.0
 usb at ohci0 not configured
 Apple USB rev 0x00 at pci1 dev 25 function 0 not configured

 What do I have to enter at the UKC?

 The simplest way would be to have ohci only attach to pci ``dev 24'':

 UKC change ohci
  72 ohci* at pci* dev -1 function -1 flags 0x0
 change [n] y
 dev [-1] ? 24
 function [-1] ?
 flags [0] ?
  72 ohci* changed
  72 ohci* at pci* dev 0x18 function -1 flags 0x0
  73 ohci* at cardbus* dev -1 function -1 flags 0x0
 change [n]
 UKC

 Miod


good sulution, but somehow, the 'change' command in UKC doesn't work for
me (OpenBSD4.0, cd40.iso, macppc arch)

the bsd.rd kernel just prints this:
UKC change ohci
 56 ohci* at pci* dev -1 function -1 flags 0x0
change (y/n) ?
_

(after typing 'y' it just hangs. But the 'disable' command works ok)

Also, the /bsd kernel after installing, just doesn't read my 'y' when in
UKC, it just reprints the
change y/n) ?
line again and sometimes prints 'out of memory'

I haven't read about any limitation of the change command in UKC on bsd.rd
or other kernels...

salut
cmb

Re: raidctl: ioctl (RAIDFRAME_CONFIGURE) failed on 4.0 amd64 for RAID 1 (mirroring)

[Siju George]

On 11/15/06, Vijay Sankar [EMAIL PROTECTED] wrote:

Good day,

Hope this helps,



Yup some final confusions :-(

The raid seems to be working fine. But how do I access the RAID partitions?
it seems I have 3 copies of the OpenBSD system on wd0a and wd1a
and also raid0a
and how do I run on the OpenBSD system that is on raid0
I 'l explain.

1) I can boot both from wd0a and wd01
2) I am running the RAID kernel

==

# uname -a
OpenBSD backupserver.hifxchn2.local 4.0 GENERIC.RAID#0 amd64
#
=

3) The raid is working fine :-)

=
# raidctl -sv raid0
raid0 Components:
 /dev/wd0d: optimal
 /dev/wd1d: optimal
No spares.
Component label for /dev/wd0d:
 Row: 0, Column: 0, Num Rows: 1, Num Columns: 2
 Version: 2, Serial Number: 200611160, Mod Counter: 139
 Clean: No, Status: 0
 sectPerSU: 128, SUsPerPU: 1, SUsPerRU: 1
 Queue size: 100, blocksize: 512, numBlocks: 229218048
 RAID Level: 1
 Autoconfig: Yes
 Root partition: Yes
 Last configured as: raid0
Component label for /dev/wd1d:
 Row: 0, Column: 1, Num Rows: 1, Num Columns: 2
 Version: 2, Serial Number: 200611160, Mod Counter: 139
 Clean: No, Status: 0
 sectPerSU: 128, SUsPerPU: 1, SUsPerRU: 1
 Queue size: 100, blocksize: 512, numBlocks: 229218048
 RAID Level: 1
 Autoconfig: Yes
 Root partition: Yes
 Last configured as: raid0
Parity status: clean
Reconstruction is 100% complete.
Parity Re-write is 100% complete.
Copyback is 100% complete.
==

but
# mount
/dev/wd0a on / type ffs (local)
# df -h
Filesystem SizeUsed   Avail Capacity  Mounted on
/dev/wd0a  2.0G649M1.2G34%/
#
# disklabel raid0
# /dev/rraid0c:
type: RAID
disk: raid
label: fictitious
flags:
bytes/sector: 512
sectors/track: 128
tracks/cylinder: 8
sectors/cylinder: 1024
cylinders: 223845
total sectors: 229218048
rpm: 3600
interleave: 1
trackskew: 0
cylinderskew: 0
headswitch: 0   # microseconds
track-to-track seek: 0  # microseconds
drivedata: 0

16 partitions:
# sizeoffset  fstype [fsize bsize  cpg]
 a:   2097152 0  4.2BSD   2048 16384  323 # Cyl 0 -  2047
 b:   8388608   2097152swap   # Cyl  2048 - 10239
 c: 229218048 0  unused  0 0  # Cyl 0 -223845*
 d:   4194304  10485760  4.2BSD   2048 16384  323 # Cyl 10240 - 14335
 e:   2097152  14680064  4.2BSD   2048 16384  323 # Cyl 14336 - 16383
 f:   8388608  16777216  4.2BSD   2048 16384  323 # Cyl 16384 - 24575
 g: 125829120  25165824  4.2BSD   2048 16384  323 # Cyl 24576 -147455
 h:  78223104 150994944  4.2BSD   2048 16384  323 # Cyl 147456 -223845*
 i:   2031616   2097152  unused  0 0  # Cyl  2048 -  4031
 j:   2031616   2097152  unused  0 0  # Cyl  2048 -  4031
 k:   2031616   2097152  unused  0 0  # Cyl  2048 -  4031
 l:   2031616   2097152  unused  0 0  # Cyl  2048 -  4031
#

# mount /dev/raid0a /mnt
# cat /mnt/etc/fstab
/dev/raid0a / ffs rw 1 1
/dev/raid0b none swap 00
/dev/raid0d /tmp ffs rw,nodev,nosuid,softdep 1 2
/dev/raid0e /home ffs rw,nodev,nosuid,softdep 1 2
/dev/raid0f /usr ffs rw,nodev,softdep 1 2
/dev/raid0g /var ffs rw,nodev,nosuid,softdep 1 2
/dev/raid0h /Backup ffs rw,nodev,nosuid,softdep 1 2
#

How do I access the wd0d partitions that are Raided?

Do I need to mount them manually under /

Just a bit confused :-)

Thank you so much

Kind Regards

Siju

Re: BSD laptop

[z0mbix]

On 16/11/06, Rick Kelly [EMAIL PROTECTED] wrote:

David Chapman said:

I am looking at perhaps a A31 or R51 or R52, T30 perhaps.  I have been
looking at http://laptopcloseout.ca/canada/store.html in their IBM
section.

Stay away from the T30. They have a lot of motherboard and disk
failures.



Yes, I can confirm this too. My company had two of these, both had
motherboard failures.

Cheers z0mbix

Re: router wont stop sending icmp redirects

[Camiel Dobbelaar]

On Thu, 16 Nov 2006, Andrew Smith wrote:

 net.inet.ip.redirect = 0 
 
 Means that the machine will not honour redirects.
 
 The value is used to ignore redirects sent by routers not to disable sending
 of redirects if you happen to be running as a router.

No, you're talking about net.inet.icmp.rediraccept

net.inet.ip.redirect should be the right button to control the sending of 
icmp redirects.

Unconfigure Raid

[Julian Labuschagne]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hi everyone

I created a Raid setup on OpenBSD 4.0

And it worked fine... 2 disks striped together...

But now I want to add 2 more disks to the array but it seems I cant
because I already gave the Raid device a serial number.

raidctl -I 2006111501

Can I undo the previous command?

And is it really necessary to fill all the drives with zero's again?
Examle:
dd if=/dev/zero of=/dev/rwd1c bs=1024000
dd if=/dev/zero of=/dev/rwd2c bs=1024000
dd if=/dev/zero of=/dev/rwd3c bs=1024000
dd if=/dev/zero of=/dev/rwd4c bs=1024000

This is my first time I have worked with Raidframe so I'm still a bit
confused... But the man page is slowly starting to make sense after each
read.

Any help would be appreciated.

Kind Regards Julian
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFXYvMVSamsEgSQcMRAs8UAJ0bfbGTjjAdphf4NB+hO7/7zh0WlwCfQ2p1
Exaq593pcvBRY/FCKRVkDBY=
=aDlS
-END PGP SIGNATURE-

Failover with carp and pfsync issue

[Dominique Goncalves]

Hi folks !

I actually trying to set up a failover firewall using carp and pfsync
and I have some troubles to make it work.


Both fw use OpenBSD 4.0/i386

+| WAN/Internet |+
| |  |
|  switch100Mb/s|
| |  |
  fxp0| carp0   |fxp0
 +-+   +-+
 | fw1 |-vr1--vr1-| fw2 |
 +-+   +-+
vr0| carp1   |vr0
| |  |
|  switch100Mb/s|
| |  |
 --+---Shared LAN--+---

ISSUE:

To test the failover between both fw I tried to shutdown iface carp0
then iface carp1 on the master during a download from LAN using FTP:

-step 1: ifconfig carp0 down on fw1, fw2.carp0 become master and
download still goes on.

-step 2: ifconfig carp1 down on fw1, fw2.carp1 become master but download abort.

As both carp interfaces are configured exactly the same way i dont
understand why the test works in one case and not in the other.


CONFIG:

fw1:
pf.conf:
scrub in all
nat on fxp0 from !(fxp0) to any - (fxp0)
pass quick on vr0 proto pfsync
pass quick on { fxp0 , vr1 } proto carp
pass all keep state

hostname.fxp0:
inet 172.17.200.1 255.255.0.0 172.17.255.255

hostname.vr0:
inet 10.0.0.1 255.0.0.0 10.255.255.255

hostname.vr1:
inet 172.16.0.1 255.255.0.0 172.16.255.255

hostname.carp0:
inet 172.17.200.3 255.255.0.0 172.17.255.255 vhid 1 pass root carpdev fxp0

hostname.carp1:
inet 10.0.0.3 255.0.0.0 10.255.255.255 vhid 2 pass toor carpdev vr0

hostname.pfsync0:
syncdev vr1 syncpeer 172.16.0.2 up

ifconfig:
lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST mtu 33224
groups: lo
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x7
inet 127.0.0.1 netmask 0xff00
fxp0: flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST mtu 1500
lladdr 00:08:c7:0f:5a:19
groups: egress
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet6 fe80::208:c7ff:fe0f:5a19%fxp0 prefixlen 64 scopeid 0x1
inet 172.17.200.1 netmask 0x broadcast 172.17.255.255
vr0: flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST mtu 1500
lladdr 00:05:5d:5f:f1:64
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet6 fe80::205:5dff:fe5f:f164%vr0 prefixlen 64 scopeid 0x2
inet 10.0.0.1 netmask 0xff00 broadcast 10.255.255.255
vr1: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
lladdr 00:05:5d:5f:ef:a2
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet6 fe80::205:5dff:fe5f:efa2%vr1 prefixlen 64 scopeid 0x3
inet 172.16.0.1 netmask 0x broadcast 172.16.255.255
pflog0: flags=141UP,RUNNING,PROMISC mtu 33224
pfsync0: flags=41UP,RUNNING mtu 1460
pfsync: syncdev: vr1 syncpeer: 172.16.0.2 maxupd: 128
groups: carp
enc0: flags=0 mtu 1536
carp0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
lladdr 00:00:5e:00:01:01
carp: MASTER carpdev fxp0 vhid 1 advbase 1 advskew 0
groups: carp
inet6 fe80::200:5eff:fe00:101%carp0 prefixlen 64 scopeid 0x8
inet 172.17.200.3 netmask 0x broadcast 172.17.255.255
carp1: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
lladdr 00:00:5e:00:01:02
carp: MASTER carpdev vr0 vhid 2 advbase 1 advskew 0
groups: carp
inet6 fe80::200:5eff:fe00:102%carp1 prefixlen 64 scopeid 0x9
inet 10.0.0.3 netmask 0xff00 broadcast 10.255.255.255




fw2:
pf.conf:
(same as fw1)

hostname.fxp0:
inet 172.17.200.2 255.255.0.0 172.17.255.255

hostname.vr0:
inet 10.0.0.2 255.0.0.0 10.255.255.255

hostname.vr1:
inet 172.16.0.2 255.255.0.0 172.16.255.255

hostname.carp0:
inet 172.20.200.3 255.255.0.0 172.20.255.255 vhid 1 pass root carpdev
fxp0 advskew 100

hostname.carp1:
inet 10.0.0.3 255.0.0.0 10.255.255.255 vhid 2 pass toor carpdev vr0 advskew 150

hostname.pfsync0:
syncdev vr1 syncpeer 172.16.0.1 up

ifconfig:
lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST mtu 33224
groups: lo
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x7
inet 127.0.0.1 netmask 0xff00
fxp0: flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST mtu 1500
lladdr 00:50:8b:90:4c:70
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet6 fe80::250:8bff:fe90:4c70%fxp0 prefixlen 64 scopeid 0x1
inet 172.17.200.2 netmask 0x broadcast 172.17.255.255
vr0: flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST mtu 1500
lladdr 00:05:5d:5f:f1:31
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet6 fe80::205:5dff:fe5f:f131%vr0 

Re: Failover with carp and pfsync issue

[Camiel Dobbelaar]

I see one possible flaw in your setup:

On Fri, 17 Nov 2006, Dominique Goncalves wrote:
 fw1:
 pf.conf:
 scrub in all
 nat on fxp0 from !(fxp0) to any - (fxp0)
 pass quick on vr0 proto pfsync

Your pfsync interface is vr1, not vr0.  I tend to use set skip for the 
pfsync interface.

 pass quick on { fxp0 , vr1 } proto carp

So here vr1 should be vr0.

 pass all keep state

But you pass everything anyway, so I'm not sure it will fix your problem.


--
Cam

eSafe Alert:: file.zip\file.zip\file.doc .exe Infected with Win32.Mydoom.m

[eSafe]

*** eSafe detected a hostile content in this email. ***


Time: 17 Nov 2006 04:25:51
Scan result: Mail modified to remove malicious content
Protocol: SMTP in
File Name\Mail Subject:  Status
Source: 89.190.198.36
Destination: 
Mail Sender: misc@openbsd.org
Mail Recipients: [EMAIL PROTECTED]
Details: file.zip\file.zip\file.doc 
 .exe  Infected with Win32.Mydoom.m, Blocked

Re: Failover with carp and pfsync issue

[Dominique Goncalves]

Hi

On 11/17/06, Camiel Dobbelaar [EMAIL PROTECTED] wrote:


I see one possible flaw in your setup:

On Fri, 17 Nov 2006, Dominique Goncalves wrote:
 fw1:
 pf.conf:
 scrub in all
 nat on fxp0 from !(fxp0) to any - (fxp0)
 pass quick on vr0 proto pfsync

Your pfsync interface is vr1, not vr0.  I tend to use set skip for the
pfsync interface.

Yes you are correct it was my mystake

I made these changes:
set skip on vr1
#pass quick on vr1 proto pfsync
pass quick on { fxp0, vr0 } proto carp
pass all keep state

on both firewall, but it still don't keep state when carp1 on the
master is down


 pass quick on { fxp0 , vr1 } proto carp

So here vr1 should be vr0.

 pass all keep state


By the way, a ping from my laptop from LAN don't stop or time out when
carp1 on fw1 is down.


But you pass everything anyway, so I'm not sure it will fix your problem.


I appreciate your help



--
Cam



Regards.

--
There's this old saying: Give a man a fish, feed him for a day. Teach
a man to fish, feed him for life.

Re: Failover with carp and pfsync issue

[Nelson Murilo]

Hi,

There are IP on Pfsync interface? 
What do you see with tcpdump -i pfsync0 ? 


./nelson -murilo

On Fri, Nov 17, 2006 at 01:23:56PM +0100, Dominique Goncalves wrote:
 
 I made these changes:
 set skip on vr1
 #pass quick on vr1 proto pfsync
 pass quick on { fxp0, vr0 } proto carp
 pass all keep state
 
 on both firewall, but it still don't keep state when carp1 on the
 master is down

Re: Problems with java

[marc]

Quoting jared r r spiegel [EMAIL PROTECTED]:


On Thu, Nov 16, 2006 at 09:35:56PM -0500, ICMan wrote:


Thank you everyone.  I discovered that ulimit -d 20 works on my
system.  I don't really know what that means, and I have yet to figure
out how to set this for all users (so they can use java), but that's
stuff I can puzzle out.


  login.conf(5).

  / for '-cur' and then scroll up a bit.

  'datasize-*' relates to ulimit -d.

  for a test, i've got a user in the 'staff' group on this box;
  just changed the 512M to 511M and re-logged in, ulimit -d stock output
  went from 524288 to 523264.

--

  jared




or, you can add the following line to /etc/profile

ulimit -S -d 20

Marc

Re: Linking errors of size mismatch

[Federico Giannici]

After a lot of attempts and experimenting... I have just realized that 
those errors actually are simply warnings: the program correctly 
executes (it silently deamonize so I didn't noticed it)!


Apart the fact that I cannot understand why there is this 
incompatibility between two system libraries (libc from official release 
and libbind from official ports), anyway I'd like to know if there can 
be some problem due to those warnings.


Thanks.



Federico Giannici wrote:
I'm trying to compile version 3 of milter-greylist. Unfortunately in 
packages there is only version 2 and I NEED the new DNSBL feature.


As it appears that OpenBSD 4.0 resolver library is not thread-safe, I'm 
trying to link the program with libbind. To be sure I installed libbind 
from the official packages.


It compiles cleansy but when I run milter-greylist it exits with the 
following errors:


./milter-greylist:/usr/lib/libc.so.39.3: /usr/local/lib/libbind.so.2.0 : 
WARNING: symbol(__p_class_syms) size mismatch, relink your program
./milter-greylist:/usr/lib/libc.so.39.3: /usr/local/lib/libbind.so.2.0 : 
WARNING: symbol(_res) size mismatch, relink your program
./milter-greylist:/usr/lib/libc.so.39.3: /usr/local/lib/libbind.so.2.0 : 
WARNING: symbol(__p_type_syms) size mismatch, relink your program


Probably I made a really stupid error as the autoconfig doesn't works 
for OpenBSD and so I modified the Makefile by myself.


Somebody can give me an hint of what I made wrong?


Thanks.




--
___
__
   |-  [EMAIL PROTECTED]
   |ederico Giannici  http://www.neomedia.it
___

acpi/apm and battery lifetime explanation

[giovanni]

hello,
I'm using -current and with the recent commits now acpi works on my
laptop. by reading the cvs commit logs I've seen that it is possible
to use apmd via acpi (apmd -f /dev/acpi) for retrieving power
information w/ apm command.  however apm output shows me a wrong
minutes life estimate value i.e  it is always 100 when battery charge
state is in between 50-100% and always 0 when charge is in between
0-50%. browsing the acpi.c code I've seen in the acpiioctl routine the
following calculation is performed

---8---
if (pi-ac_state == APM_AC_ON || rate == 0)
pi-minutes_left = (unsigned int)-1;
else
pi-minutes_left = minutes / rate * 100;
---8---

Now by reading the ACPI spec. I read that

Remaining Battery Life [h] = Battery Remaining Capacity/Battery Present Rate

my question is:

should
pi-minutes_left = minutes / rate * 100
be rewritten as
pi-minutes_left = (100*minutes) / rate?

and then why 100? if the previous formula show me [h]our we should
multiply it by 60...

thank you for any explanation,
giovanni

Re: Failover with carp and pfsync issue

[Dominique Goncalves]

On 11/17/06, Nelson Murilo [EMAIL PROTECTED] wrote:

Hi,

There are IP on Pfsync interface?


There is no IP address on my pfsync0 interface.


What do you see with tcpdump -i pfsync0 ?


I will try to provide tcpdump on pfsync0 on both firewall.

Thanks.




./nelson -murilo

On Fri, Nov 17, 2006 at 01:23:56PM +0100, Dominique Goncalves wrote:

 I made these changes:
 set skip on vr1
 #pass quick on vr1 proto pfsync
 pass quick on { fxp0, vr0 } proto carp
 pass all keep state

 on both firewall, but it still don't keep state when carp1 on the
 master is down





--
There's this old saying: Give a man a fish, feed him for a day. Teach
a man to fish, feed him for life.

Re: Unconfigure Raid

[Jeff Quast]

On 11/17/06, Julian Labuschagne [EMAIL PROTECTED] wrote:

Hi everyone

I created a Raid setup on OpenBSD 4.0

And it worked fine... 2 disks striped together...

But now I want to add 2 more disks to the array but it seems I cant
because I already gave the Raid device a serial number.


raidframe does not have the ability to grow columns of a raid level 0.

For a redundant raid level such as 5, you can use raidctl -a to add
disks as hot spares. This still would not grow the size, it just
gives raidframe some extra spares for reconstruction.



raidctl -I 2006111501

Can I undo the previous command?


You could re-label them with the serial number it used to be. That
would 'undo' this much. What did you do? Is your raid unusable? Did
you break it with -I, and now you want it back?


And is it really necessary to fill all the drives with zero's again?
Examle:
dd if=/dev/zero of=/dev/rwd1c bs=1024000
dd if=/dev/zero of=/dev/rwd2c bs=1024000
dd if=/dev/zero of=/dev/rwd3c bs=1024000
dd if=/dev/zero of=/dev/rwd4c bs=1024000


Well now you're really not getting it back..


This is my first time I have worked with Raidframe so I'm still a bit
confused... But the man page is slowly starting to make sense after each
read.


I highly recommend that if you use raid for redundancy, take out some
drives and do some pretend failure runs.  Recovering from a failure is
a bad time to learn how to use raidctl.


Any help would be appreciated.

Kind Regards Julian


To make it easy:

mv /etc/raid0.conf to raid0.conf.disabled, and reboot. This will
unconfigure your current raid, if it is configured at all. raidctl -u
does this as well but what the hell.

Change the number of columns in raid0.conf.disabled from 2 to 4, add
the two new disks under the 'START disks' section, rename it to
raid0.conf.

Configure this raid:

raidctl -C /etc/raid0.conf raid0

Give all of the disks a serial number:

raidctl -I 123456 raid0

Initialize it:

raidctl -iv raid0

Then restore your media onto your new striped raid from backup.

This is a stripe raid, expect it completely fail at ANY TIME.

I hope this answers your question.

Re: Unconfigure Raid

[David Newman]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Julian Labuschagne wrote:

 raidctl -I 2006111501

 Can I undo the previous command?

raidctl -u name of raid device

dn
iD8DBQFFXdZZyPxGVjntI4IRAsPXAJ9pFX5zMUoLJotq3OOQDp2mBF5EXgCeJB2n
jNkDUSu/sLB0ePljIQWzkh4=
=qhZ9
-END PGP SIGNATURE-

Re: failedlogin

[Ryan Corder]

On Thu, 2006-11-16 at 23:15 -0800, patrick ~ wrote:
 Noticed that /var/log/failedlogin grew from 0
 bytes to 304304 bytes.

it's a binary log, mine is the exact same size on 4.0.

 I couldn't find much about the file. Some googling
 brings some AIX related pages.  One reference to
 3.7 COLUG[0] post.

it is read on login and displays to you whether there were any login
failures since your last successful one.  there is no tool that I know
of to read it directly

 ttyC0
  X]E

probably they last TTY you logged in on.

later.
ryanc

--
Ryan Corder [EMAIL PROTECTED]
Systems Engineer, NovaSys Health LLC.
501-219- ext. 646

[demime 1.01d removed an attachment of type application/pgp-signature which had 
a name of signature.asc]

-stable buggy or hardware flaky?

[Marc Peters]

hi folks,

since yesterday i try to build stable out of the cvs-sources from 
anoncvs.de.openbsd.org without success. it crashes every now and then 
during the userland build-process (never during the kernel-build). i 
checked the ram with memtest86 and it showed no errors. i changed the 
harddisk, but the new one shows the same odd behaviour.


cc -O2 -pipe -g -DLIBC_SCCS -DSYSLIBC_SCCS -I/usr/src/lib/libc/include 
-DAPIWARN -DYP -I/usr/src/lib/libc/yp -D__DBINTERFACE_PRIVATE 
-I/usr/src/lib/libc -DRESOLVSORT -DPOSIX_MISTAKE -DFLOATING_POINT -DNLS 
  -c -p /usr/src/lib/libc/gen/_sys_siglist.c -o _sys_siglist.po

cc: Internal error: Segmentation fault (program as)
Please submit a full bug report.
See URL:http://gcc.gnu.org/bugs.html for instructions.
*** Error code 1

Stop in /usr/src/lib/libc.
*** Error code 1

Stop in /usr/src/lib.
*** Error code 1

Stop in /usr/src (line 73 of Makefile).

this time i did a complete checkout from this morning. it stopped with 
segfaults during some libs yesterday, and this morning i even had an 
syntax error during building of the libc.


is the cpu flaky? anything else?

anyone, who can point me in the right direction?

tia,
marc

Re: -stable buggy or hardware flaky?

[Marc Peters]

sorry for answering myself, but i forgot the dmesg:

~ $ dmesg
OpenBSD 4.0-current (GENERIC) #1: Wed Nov  8 19:19:54 CET 2006
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel Pentium III (GenuineIntel 686-class) 743 MHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE

real mem  = 266870784 (260616K)
avail mem = 235651072 (230128K)
using 3288 buffers containing 13467648 bytes (13152K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(b4) BIOS, date 10/04/00, BIOS32 rev. 0 @ 
0xf0b90, SMBIOS rev. 2.3 @ 0xf28f0 (45 entries)

bios0: ASUSTeK Computer INC. CUSL2
apm0 at bios0: Power Management spec V1.2 (BIOS mgmt disabled)
apm0: APM power management enable: unrecognized device ID (9)
apm0: APM engage (device 1): power management disabled (1)
apm0: AC on, battery charge unknown
apm0: flags b0102 dobusy 0 doidle 1
pcibios0 at bios0: rev 2.1 @ 0xf/0x13c2
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf1300/192 (10 entries)
pcibios0: PCI Interrupt Router at 000:31:0 (Intel 82371FB ISA rev 0x00)
pcibios0: PCI bus #1 is the last bus
bios0: ROM list: 0xc/0xa000 0xcc000/0x4000!
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 Intel 82815 Hub rev 0x02: rng active, 
8Kb/sec
vga1 at pci0 dev 2 function 0 Intel 82815 Graphics rev 0x02: aperture 
at 0xf800, size 0x400

wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
ppb0 at pci0 dev 30 function 0 Intel 82801BA AGP rev 0x01
pci1 at ppb0 bus 1
xl0 at pci1 dev 9 function 0 3Com 3c905 100Base-TX rev 0x00: irq 5, 
address 00:60:08:2d:35:9e

nsphy0 at xl0 phy 24: DP83840 10/100 PHY, rev. 1
ichpcib0 at pci0 dev 31 function 0 Intel 82801BA LPC rev 0x01
pciide0 at pci0 dev 31 function 1 Intel 82801BA IDE rev 0x01: DMA, 
channel 0 wired to compatibility, channel 1 wired to compatibility

wd0 at pciide0 channel 0 drive 0: Maxtor 6L080P0
wd0: 16-sector PIO, LBA, 78167MB, 160086528 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5
atapiscsi0 at pciide0 channel 1 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0: PIONEER, DVD-ROM DVD-120S, 1.01 SCSI0 
5/cdrom removable

cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 4
uhci0 at pci0 dev 31 function 2 Intel 82801BA USB rev 0x01: irq 7
usb0 at uhci0: USB revision 1.0
uhub0 at usb0
uhub0: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
ichiic0 at pci0 dev 31 function 3 Intel 82801BA SMBus rev 0x01: irq 10
iic0 at ichiic0
lm1 at iic0 addr 0x2d: AS99127F
uhci1 at pci0 dev 31 function 4 Intel 82801BA USB rev 0x01: irq 6
usb1 at uhci1: USB revision 1.0
uhub1 at usb1
uhub1: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub1: 2 ports with 2 removable, self powered
isa0 at ichpcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pcppi0 at isa0 port 0x61
midi0 at pcppi0: PC speaker
spkr0 at pcppi0
npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
biomask ffcd netmask ffed ttymask ffef
pctr: 686-class user-level performance counters enabled
mtrr: Pentium Pro MTRR support
uhub2 at uhub1 port 2
uhub2: ALCOR Generic USB Hub, rev 1.10/1.00, addr 2
uhub2: 4 ports with 4 removable, self powered
uhidev0 at uhub0 port 2 configuration 1 interface 0
uhidev0: Microsoft Internet Keyboard Pro, rev 1.10/1.14, addr 2, iclass 3/1
ukbd0 at uhidev0: 8 modifier keys, 6 key codes
wskbd1 at ukbd0 mux 1
wskbd1: connecting to wsdisplay0
uhidev1 at uhub0 port 2 configuration 1 interface 1
uhidev1: Microsoft Internet Keyboard Pro, rev 1.10/1.14, addr 2, iclass 3/0
uhidev1: 2 report ids
uhid0 at uhidev1 reportid 1: input=2, output=0, feature=0
uhid1 at uhidev1 reportid 2: input=1, output=0, feature=0
uhidev2 at uhub0 port 2 configuration 1 interface 2
uhidev2: Microsoft Internet Keyboard Pro, rev 1.10/1.14, addr 2, iclass 3/1
ums0 at uhidev2: 5 buttons and Z dir.
wsmouse0 at ums0 mux 0
dkcsum: wd0 matches BIOS drive 0x80
root on wd0a
rootdev=0x0 rrootdev=0x300 rawdev=0x302

Marc Peters schrieb:

hi folks,

since yesterday i try to build stable out of the cvs-sources from 
anoncvs.de.openbsd.org without success. it crashes every now and then 
during the userland build-process (never during the kernel-build). i 
checked the ram with memtest86 and it showed no errors. i changed the 
harddisk, but the new one shows the same odd behaviour.


cc -O2 -pipe -g -DLIBC_SCCS -DSYSLIBC_SCCS -I/usr/src/lib/libc/include 
-DAPIWARN -DYP -I/usr/src/lib/libc/yp -D__DBINTERFACE_PRIVATE 
-I/usr/src/lib/libc -DRESOLVSORT -DPOSIX_MISTAKE -DFLOATING_POINT -DNLS 
  -c -p /usr/src/lib/libc/gen/_sys_siglist.c -o _sys_siglist.po

cc: Internal error: Segmentation fault (program as)
Please submit a full bug report.
See URL:http://gcc.gnu.org/bugs.html for 

OBSD 4.0, IPsec gateway, failure to route packets beyond the GW (Long)

[Shawn Nock]

(Real information to follow summary)

$ uname -a
OpenBSD hivpn3snip 4.0 GENERIC.MP#967 amd64

Gateway: 2 IPsec gateways running OpenBSD 4.0 using carp on the public 
interface (fail-over w/ preempt), sasyncd, and pfsync.


Clients: Road-warrior type clients (Mac OS X using the VPN Tracker 
software bu equinux) who need access to an internal class C network. The 
clients are configured to authenticate using x509 certs and use mode 
config for ip addr assignment.


On the one hand, everything works amazingly well. Phases 1 and 2 
complete successfully and the clients are assigned the proper IP 
address. From the gateway I can ping the remote client and ssh into it. 
The client can do the same for the gateway.


I am experiencing an issue that none of the clients can talk to any 
other machines on the private network. tcpdump-ing the gateway's enc0 
shows all the packets arriving from the mode-config assigned addresses. 
No response packets are returned over the tunnel. tcpdump-ing the bge1 
(interface to the internal net) shows the packets leaving on their way 
to the right host. It appears that no arp requests are being answered by 
the remote client (or perhaps by proxy the gateway?, see output below).


Disabling mode-config gives the same results.

How is this supposed to work? It seems like all documentation on this 
subject ignores packet routing nuances entirely.


Perhaps if I assign remote clients addresses in a different address 
space and force the target network to use the gw box as the known route 
to that network? I haven't seen this scenario in any of the 
documentation (or google hits). Most users seem to experience that this 
just works.


I reduced the test scenario to ease troubleshooting to a single gateway 
 (no carp, sasyncd or pfsync) and I am experiencing the same problem.


Things that I know:

-Packet forwarding is enabled (net.inet.ip.forwarding=1)

-Gateway's routes (.21 is gateway, .100 is a server on the internal, 
bge1 is the correct default route for the 192.168.3/24:


192.168.3/24  link#2 UC  20  -   bge1
192.168.3.21  link#2 UHLc1 1257  -   bge1
192.168.3.100 00:a0:d1:e4:f7:85  UHLc0  824  -   bge1

-tcpdump enc0 (on gateway during an attempt to ping server .10 from a 
remote client):


10:40:24.792241 (authentic,confidential): SPI 0xaab2bb0f: 192.168.3.201 
 192.168.3.100: icmp: echo request (encap)


-tcpdump bge1 (interface associated with internal .3/24 net on gw):

10:42:42.820051 192.168.3.201  192.168.3.100: icmp: echo request
10:42:42.825013 arp who-has 192.168.3.201 tell 192.168.3.100
(no arp response from client or gw)

-netstat -rnf encap
Routing tables

Encap:
Source Port  DestinationPort  Proto 
SA(Address/Proto/Type/Direction)
192.168.3.201/32   0 192.168.3/24   0 0 
150.135.23.12/esp/use/in
192.168.3/24   0 192.168.3.201/32   0 0 
150.135.23.12/esp/require/out


-ipsecctl -s all
flow esp in from 192.168.3.201 to 192.168.3.0/24 peer 150.135.23.12 
srcid ext. if ip/32 dstid [EMAIL PROTECTED] type use
flow esp out from 192.168.3.0/24 to 192.168.3.201 peer 150.135.23.12 
srcid ext. if ip/32 dstid [EMAIL PROTECTED] type require



-isakmpd.conf (shouldn't matter since remote hosts seem to make it 
through keying, but for reference):


# cat /etc/isakmpd/isakmpd.conf 


[General]
Listen-on=  snip, was ip addr of external interface
Policy-file=/etc/isakmpd/isakmpd.policy

[X509-Certificates]
Ca-directory=   /etc/isakmpd/ca/
Cert-directory= /etc/isakmpd/certs/
Private-key=/etc/isakmpd/priv-key.pem

[Phase 1]
Default=Default-peer

[Phase 2]
Passive-connections=Default-connection

[Default-peer]
Phase=  1


[Default-connection]
Configuration=  Default-ipsec-config
ISAKMP-peer=Default-peer
Phase=  2
Local-ID=   Local-net
Remote-ID=  Default-remote-ID

[Default-ipsec-config]
EXCHANGE_TYPE=  QUICK_MODE
Suites= QM-ESP-AES-SHA-PFS-SUITE

[Local-net]
ID-type=IPV4_ADDR_SUBNET
Network=192.168.3.0
Netmask=255.255.255.0

[Default-remote-ID]
ID-type=IPV4_ADDR
Address=0.0.0.0

# Client Mode-Config Section
[ufqdn/[EMAIL PROTECTED]
Address=192.168.3.201
Netmask=255.255.255.0



--
Shawn Nock
Systems Programmer, Senior
CCIT; University of Arizona
nock 'at' arizona 'dot' edu

Re: Best motherboard for OpenBSD - light duty firewall

[Joe]

Steve Williams wrote:

Hi,

I have an opportunity to build a system for someone that wants an 
OpenBSD firewall.  Historically, I have just installed it on whatever PC 
people have had hanging around, but I put a big caveat on my proposal 
that I might have to buy nic's and controller cards if the hardware they 
provided didn't work.  So, now they want me to supply the hardware :-).


This is a light duty firewall, going on a DSL line (2.5 M).  I will be 
running spamd and perhaps squid (transparant caching web proxy), so the 
demands will not be much on the hardware.


I'd like a (modern) motherboard that just works.  Audio/video is 
completely irrelevant (it will be running headless).  It seems like most 
motherboards come with onboard ethernet, and it would be nice if that 
worked.


I am processor agnostic.  We have a mix of Intel  AMD (and one sparc64) 
at work.


What is a solid motherboard where the onboard ethernet will just work, 
with a disk controller that will just work.  I don't really need RAID, 
but if it had it  I could use it, I likely would.


Thanks for any input.

Cheers,
Steve Williams




VIA ITX boards work great.
The ones with the C7 CPU are great, fast, and low power.

laptop mini-pci wifi card replacement rec.

[bsdlist]

hi,

My laptop bit the dust so am looking at replacements.
The one I'm thinking of getting has an unsupported
broadcom wireless device.  It appears that I am able
to add a mini-pci card to replace what is already in
the laptop (correct me if i'm wrong its been a while
since I bought a laptop).

I am almost always on a 'b' network so would like to
ask the list for recommendations on the most likely
to work out of the box / least problematic replacement
card (or the chipset). Normally I buy from Newegg and
only see 5 choices there from novatech, msi, intel and
asus but of course would buy from whereever if those are
no good.

TIA for your help in limiting my pain :)

beezle

[demime 1.01d removed an attachment of type application/pgp-signature which had 
a name of signature.asc]

Re: laptop mini-pci wifi card replacement rec.

[Rick Aliwalas]

On Fri, 17 Nov 2006, [EMAIL PROTECTED] wrote:


hi,

My laptop bit the dust so am looking at replacements.
The one I'm thinking of getting has an unsupported
broadcom wireless device.  It appears that I am able
to add a mini-pci card to replace what is already in
the laptop (correct me if i'm wrong its been a while
since I bought a laptop).

I am almost always on a 'b' network so would like to
ask the list for recommendations on the most likely
to work out of the box / least problematic replacement
card (or the chipset). Normally I buy from Newegg and
only see 5 choices there from novatech, msi, intel and
asus but of course would buy from whereever if those are
no good.

TIA for your help in limiting my pain :)


I use a Netgate mini-pci (2511 MP) in my Soekris and also Netgate
PCMCIA card (2511CD PLUS EXT2) in a laptop.  Both are 802.11b and
both work wonderfully.  More costly than the ones at newegg but
they just work.  See http://www.netgate.com/

-rick



beezle

[demime 1.01d removed an attachment of type application/pgp-signature which had 
a name of signature.asc]

Re: laptop mini-pci wifi card replacement rec.

[Jeff Quast]

On 11/17/06, Rick Aliwalas [EMAIL PROTECTED] wrote:


 broadcom wireless device.  It appears that I am able
 to add a mini-pci card to replace what is already in
 the laptop (correct me if i'm wrong its been a while
 since I bought a laptop).

 I am almost always on a 'b' network so would like to
 ask the list for recommendations on the most likely
 to work out of the box / least problematic replacement

I use a Netgate mini-pci (2511 MP) in my Soekris and also Netgate
PCMCIA card (2511CD PLUS EXT2) in a laptop.  Both are 802.11b and
both work wonderfully.  More costly than the ones at newegg but
they just work.  See http://www.netgate.com/



I second this. This is the best wifi card I have ever used. I also got
mine from netgate. For this type of card (wi(4)), you need to make
sure the firmware is 2.5, but not 3.0, or not 2.0, etc. netgate
ensures this, other resellers do not always specify this.

Re: Problem with Intel PRO/1000GT (82541GI) adaptors

[Damian Wiest]

On Wed, Nov 15, 2006 at 09:25:38AM -0800, Kian Mohageri wrote:
 On 11/14/06, Brian Keefer [EMAIL PROTECTED] wrote:
 
 
  FWIW I was having very similar problems with em(4) in OpenBSD 4.0-
  release under VMware (amd64 SMP).  It would cease to recognize ARP
  replies and just flood the network with ARP requests endlessly.  It
  was enough to bring VMware to it's knees and totally swamp my cheap
  switch.
 
 
 The same card too?
 
 -- 
 Kian Mohageri

I'm pretty sure it was the same card, but my info was second-hand and I
don't have a part number for you in the event that Intel is now using a
different revision of the chipset.  Have you tried using a more recent 
version of the em(4) driver?

-Damian

Re: java on openbsd

[Damian Wiest]

On Wed, Nov 15, 2006 at 11:31:21AM +0800, Lars Hansson wrote:
 On Tue, 14 Nov 2006 10:53:54 -0500
 Josh Grosse [EMAIL PROTECTED] wrote:
 
  Per FAQ 8.3, Java 1.5 or 1.4 must be built from source.  An overnight 
  download  have an
  of the files should not be a huge problem, considering how much time, 
  computing, memory, and storage resource is needed to build it.
 
 Except that you need to navigate the Sun download pages mess, click thru
 license agreements and have an account (I think). Then you need to
 install X number of Linux JDK's, wich pulls in all the Linux emulation
 packages and then you have to actually compile it and hope you enough
 disk and ram. Wouldnt it be possible for someone other then the OpenBSD
 project to legally share their built packages?
 
 ---
 Lars Hansson

I don't suppose it's possible to enable Solaris emulation and just rip 
the necessary bits from their x86 Java packages?

-Damian

Re: RAID, SCSI, and sparc64

[Joachim Schipper]

On Thu, Nov 16, 2006 at 06:33:48AM -0800, David Newman wrote:
 OpenBSD 4.0 on UltraSparc II, two 18G SCSI drives
 
 I am trying to set up software RAID disk mirroring. There are many fine
 howtos out there, including:
 
 http://www.monkey.org/openbsd/archive/misc/0203/msg00803.html
 http://www.eclectica.ca/howto/openbsd-software-raid-howto.php
 http://os.newsforge.com/os/06/03/08/1646257.shtml?tid=8
 
 However, all of these are for x86 and only the first is SCSI-specific.

The SCSI part shouldn't really matter, as long as you are working with
block devices that are available early enough. Just replace `wd' with
`sd' as appropriate.

 Some steps, like fdisk and copying some files from mdec, don't apply on
 sparc64. For example these commands don't work:
 
 mount /dev/sd1a /mnt
 cp /bsd /usr/mdec/boot /mnt
 /usr/mdec/installboot -v /mnt/boot /usr/mdec/biosboot sd1
 umount /mnt
 
 There is no /usr/mdec/boot or biosboot in sparc64.

Take a look at boot_sparc64(8) and whatever that references, I suppose.
I don't have, and never had, a working Sparc system.

 I've gotten as far as building a RAID kernel and setting up RAID using
 raidctl -C but not surprisingly the parity bit is dirty and cannot be
 set clean.

`Not surprisingly'? You don't need a valid boot block to be able to get
RAIDFrame working... (at least, not a block that actually boots; you do
need a valid partition table on i386-ish machines, and so on).

 The raid1.conf, disklabel contents, and dmesg.boot output are below.
 
 Please let me know what I need to do to get RAID mirroring working on
 this system.

 - 
 # raidctl -s raid1
 raid1 Components:
/dev/sd1d: optimal
/dev/sd2d: failed

Remember the `sd2'.

 No spares.
 Parity status: DIRTY
 Reconstruction is 100% complete.
 Parity Re-write is 100% complete.
 Copyback is 100% complete.
 
 - 
 raid1.conf:

 - 
 # disklabel sd0
 # sizeoffset  fstype [fsize bsize  cpg]
   a:   8389044 0  4.2BSD   2048 16384   16 # Cyl 0 -
  7025
   b:   1048332   8389044swap   # Cyl  7026 -
  7903
   c:  35879700 0  unused  0 0  # Cyl 0 -
 30049
 - 
 # disklabel sd1
 # sizeoffset  fstype [fsize bsize  cpg]
   a:205368 0  4.2BSD   2048 16384   16 # Cyl 0 -
   171
   c:  35879700 0  unused  0 0  # Cyl 0 -
 30049
   d:  35674332205368  4.2BSD   2048 16384   16 # Cyl   172 -
 30049
 ((note: set partition d to type RAID when using disklabel -- not sure
 why it says 4.2BSD now))

That bears investigating, methinks.

 - 
 from dmesg.boot:
 console is /[EMAIL PROTECTED],0/[EMAIL PROTECTED],1/[EMAIL PROTECTED]/[EMAIL 
 PROTECTED],40:a
 Copyright (c) 1982, 1986, 1989, 1991, 1993
   The Regents of the University of California.  All rights reserved.
 Copyright (c) 1995-2006 OpenBSD. All rights reserved.
 http://www.OpenBSD.org
 
 OpenBSD 4.0 (GENERIC_RAID) #0: Mon Nov 13 23:14:58 PST 2006
 
 [EMAIL PROTECTED]:/usr/src/sys/arch/sparc64/compile/GENERIC_RAID

 sd0 at scsibus0 targ 0 lun 0: FUJITSU, MAN3184MP, 0108 SCSI3 0/direct
 fixed
 sd0: 17522MB, 30050 cyl, 2 head, 597 sec, 512 bytes/sec, 35885448 sec total
 sd1 at scsibus0 targ 1 lun 0: FUJITSU, MAN3184MP, 0108 SCSI3 0/direct
 fixed
 sd1: 17522MB, 30050 cyl, 2 head, 597 sec, 512 bytes/sec, 35885448 sec total

 Kernelized RAIDframe activated

 root on sd0a
 rootdev=0x700 rrootdev=0x1100 rawdev=0x1102
 raidlookup on device: /dev/sd2d failed !
 Hosed component: /dev/sd2d.
 Hosed component: /dev/sd2d.
 raid1: Component /dev/sd1d being configured at row: 0 col: 0
  Row: 0 Column: 0 Num Rows: 1 Num Columns: 2
  Version: 2 Serial Number: 112341 Mod Counter: 88
  Clean: No Status: 0
 /dev/sd1d is not clean !
 raid1: Ignoring /dev/sd2d.
 raid1 (root)raid1: no disk label
 raid1: Error re-writing parity!

Note the lack of `sd2'. You'd at least be able to get status to `clean'
if you used two block devices the system actually has. The kernel is
pretty much right in telling you that /dev/sd2d is hosed. ;-)

As to being able to boot from sd2, that's another problem, likely to be
sufficiently addressed by the man pages (but for some reason, there's
no boot_sparc64(8) on this (i386) box - perhaps it would be a good idea
to install them anyway?).

Joachim

Re: Best motherboard for OpenBSD - light duty firewall

[Stuart Henderson]

On 2006/11/17 10:20, Joe wrote:
 VIA ITX boards work great.

one of mine doesn't, it has leaky caps.

Re: java on openbsd

[Damian Wiest]

On Tue, Nov 14, 2006 at 11:27:36PM +0100, Matthias Kilian wrote:

[snip]

 It does not run on arm/OpenBSD. It does not run on powerpc/OpenBSD.
 It does not run on vax/OpenBSD. Heck, it even behaves differently
 in on i386/Linux, i386/Windows, sparc/Solaris and pSeries/Linux,
 and to this platform diversity the vendor diversity (Sun vs. IBM)
 yet adds more subtile differences, especially if it comes to threads
 or GC behaviour.
 
 Believe it or not: Java is *not* platform independent, at least not
 in so-called enterprise environments.

[snip]

 Ciao,
   Kili, making a life with Java since about 1998.

Java, the language, is an open specification that can be implemented by
anyone.  Java, the brand, requires the implementor to license Sun's
test suite (for like $10,000 if memory serves me) and pass the tests
in order to use their logos, etc.  The Java Virtual Machine is also an
open specification that can be implemented by anyone.  Not every part
of the system is defined and various implementors have done certain 
things differently.  Also, the JVM must run on top of an operating 
system, so bugs in the OS may impact its performance.  The bytecode 
should be portable assuming that the JVM works as advertised.

I agree that Sun makes it a pain in the ass for people not running 
certain operating systems to use their Java tools.  Whatever.  Either 
deal with it, don't use it, work on one of the non-commercial JVMs or 
use a different OS for your Java environment.  That being said, I've 
run Blackdown's JVM and class libraries for Java2 rev. 1.4.X on BSD 
without issue.  Actually, that's not true I did run into some issues
with cryptographic classes (license validation), but it was easy enough 
to work around that problem.

Java may make certain classes of applications extremely easy to develop,
but it's not going to replace something like C.  Indeed, some Java 
classes in the standard class library require callouts to C routines via 
JNI.  Also, remember that Java was initially called Oak and was 
targetting the embedded space.  I'm not surprised there have been issues
in the non-embedded space.

http://ei.cs.vt.edu/book/chap1/java_hist.html

-Damian

Re: routing pubblic IPs through tunnel

[Joachim Schipper]

On Fri, Nov 17, 2006 at 12:42:48AM +0100, Mitja wrote:
 Hello,
 
 I just need another look on this project.
 
 
 ISP router (x.x.12.153)
  ^
  |
  v
   bge0 (x.x.12.154)
  |
 [OpenBSD router1] --- bge1 (172.16.15.6)
   | t   |
  em1u   172.16.15.5
   | n   |- ISPs MPLS
   | n172.16.16.5
   | e   |   (not same office location)
 allocated public IPsl  bge1 (172.16.16.6) --- [OpenBSD router2]
 x.x.180.192/27  |
   em1 (2 addresses from
   public IPs)

Please format for 80 or, preferably, 72 columns in the future.

 Theory:
 1.Build a tunnel
 ROUTER1:
 cat /etc/hostname.gif0
  tunnel 172.16.15.6 172.16.16.6
  up
 
 ROUTER2:
 cat /etc/hostname.gif0
  tunnel 172.16.16.6 172.16.15.6
  up

I'd go with IPsec, and have no experience with gif, but this could work.

 2.Build a bridge between tunnels
 ROUTER1:
 cat /etc/bridgename.bridge0
   add gif0
   add em1
   up
 
 ROUTER2:
 cat /etc/bridgename.bridge0
   add gif0
   add em1
   up

Why? Nothing is on the same subnet, so why a bridge?

 3.Secure the tunnel (after I have a working bridge)

Security should be step 0. (I.e., depending on whether or not the
network is actually trusted, gif tunnels never will be secure.)

 4.Set net.inet.ip.forwarding=1
   net.inet.etherip.allow=1
 4 reboot
 
 In theory this should work, but obviusly I forgot something. If I
 assign an IP address from allocated public addresses to both em1 nics
 should see some kind of traffic? How should I set routes on this type
 of configuration?

Call me an ipsecctl fanboy, but I can see an easier solution. You get a
lot of security features for free, too - something like

ike esp from x.x.180.192/27 to x.x.x.x peer 172.16.16.16

(in /etc/ipsec.conf) comes to mind.

Joachim

Re: AMD dual core, deciding factors for a platform?

[Damian Wiest]

On Thu, Nov 16, 2006 at 07:56:03PM +0200, turha turha wrote:
 I haven't got the final specs yet, probably a MoBo with a nVidia chipset,
 since those are the only ones I've seen with enough SATA controller, I'd
 prefe eight, but so far all I've found has been six.

If you like working devices I'd advise against buying a system board 
with an nVidia chipset.  I picked up an Asus K8N-E some time ago, but 
my on-board audio, gig ethernet, video and some other miscellaneous 
devices didn't work under OpenBSD 3.8.  I have yet to try a current 
release; maybe this weekend.

 Was the problems with seagates OBSD related, or general to the HDDs? I've
 had nothing but good experience with seagates so far, quiet, fast and cheap.
 The newest I have is in 24/7 use, and has been for the past year or so...

ISTR there being some bad runs of Seagate drives a few years ago, maybe that
was the problem?  I have a small Seagate drive from maybe 2000 that's worked
without issue.  I've been buying Maxtor SATA drives these days.

 The first thing I'd need to know is there any real gain from dual core's on
 OBSD (I think they do work, but how well?), if there's a real performance
 gain using dual cores then I'm probably going with dual cores and need to
 find out if there are some chipsets that work better, or more importantly if
 there are chipsets that don't work at all. Also I'd like to know if there's
 improvement on amd's 64bit vs 32bit.

I think this is really going to depend on your application.  If none of 
your processes are threaded, you're probably not going to see a big 
performance gain by going multi-proc.  Likewise, a 64-bit CPU will give
you more memory bandwidth, but if you're not using it what's the point?
If you use any binary device drivers, you'll want to check that they're
available for your specific platform.

 And of course if there's some knowledge about running software RAID (SATA)
 on OBSD, how much it takes CPU, what kinda speeds people have gotten with
 it, etc.
 
 Btw, better to keep these thru the misc mailing list, in case somebody else
 needs similar info.
 
 - turha

-Damian

Re: Best motherboard for OpenBSD - light duty firewall

[Rod.. Whitworth]

On Fri, 17 Nov 2006 22:27:24 +, Stuart Henderson wrote:

On 2006/11/17 10:20, Joe wrote:
 VIA ITX boards work great.

one of mine doesn't, it has leaky caps.


Whip over here and I'll replace them for you. I have a vacuum desol
station and a supply of the commonest badcap replacements.

Maybe tossing the board is cheaper if you don't live near Sydney, of
course. ~|^

From the land down under: Australia.
Do we look umop apisdn from up over?

Do NOT CC me - I am subscribed to the list.
Replies to the sender address will fail except from the list-server.
Your IP address will also be greytrapped for 24 hours after any attempt. 
I am continually amazed by the people who run OpenBSD who don't take this 
advice. I always expected a smarter class. I guess not.

Re: raidctl: ioctl (RAIDFRAME_CONFIGURE) failed on 4.0 amd64 for RAID 1 (mirroring)

[Joachim Schipper]

On Fri, Nov 17, 2006 at 02:57:46PM +0530, Siju George wrote:
 On 11/15/06, Vijay Sankar [EMAIL PROTECTED] wrote:
 Good day,
 
 Hope this helps,
 
 
 Yup some final confusions :-(
 
 The raid seems to be working fine. But how do I access the RAID partitions?
 it seems I have 3 copies of the OpenBSD system on wd0a and wd1a
 and also raid0a
 and how do I run on the OpenBSD system that is on raid0
 I 'l explain.
 
 1) I can boot both from wd0a and wd01
 2) I am running the RAID kernel
 3) The raid is working fine :-)
 
 =
 # raidctl -sv raid0
 raid0 Components:
  /dev/wd0d: optimal
  /dev/wd1d: optimal
 No spares.
 Component label for /dev/wd0d:

  Autoconfig: Yes
  Root partition: Yes
  Last configured as: raid0
 Component label for /dev/wd1d:

  Autoconfig: Yes
  Root partition: Yes
  Last configured as: raid0

 ==
 
 but
 # mount
 /dev/wd0a on / type ffs (local)
 # df -h
 Filesystem SizeUsed   Avail Capacity  Mounted on
 /dev/wd0a  2.0G649M1.2G34%/
 #
 # disklabel raid0

 # mount /dev/raid0a /mnt
 # cat /mnt/etc/fstab
 /dev/raid0a / ffs rw 1 1

 How do I access the wd0d partitions that are Raided?

Not at all, I hope. RAIDFrame is doing it's thing on wd0d, better leave
it to it.

 Do I need to mount them manually under /

No, mount /dev/raid0a or somesuch. In fact, with the configuration you
have, /dev/raid0a should be mounted *on* /.

At least, if you enabled 'option RAID_AUTOCONFIG' when you compiled your
kernel. dmesg will tell you whether or not this is the case - raidX will
be configured before you see 'root on XXX' if it is.

Note that you should not use /etc/raidX.conf in this case.

Joachim

Re: -stable buggy or hardware flaky?

[Joachim Schipper]

On Fri, Nov 17, 2006 at 04:28:16PM +0100, Marc Peters wrote:
 hi folks,
 
 since yesterday i try to build stable out of the cvs-sources from 
 anoncvs.de.openbsd.org without success. it crashes every now and then 
 during the userland build-process (never during the kernel-build). i 
 checked the ram with memtest86 and it showed no errors. i changed the 
 harddisk, but the new one shows the same odd behaviour.

 this time i did a complete checkout from this morning. it stopped with 
 segfaults during some libs yesterday, and this morning i even had an 
 syntax error during building of the libc.
 
 is the cpu flaky? anything else?
 
 anyone, who can point me in the right direction?

I presume some bad component - gcc is amazingly good at tickling those.
For all the scorn heaped on Gentoo here, it is quite good at testing
hardware. ;-)

Exactly what component might be in error is difficult to guess, but
memory is always a good guess. I've had at least one box do exactly what
you describe (gcc fails, memtest86 is happy).

Joachim

Re: Sun x4100 amd64 dies with NMI under heavy network load

[Paul B. Henson]

On Thu, 16 Nov 2006, Srebrenko Sehic wrote:

  When booting, RTC BIOS diagnostic error 2 is displayed, I'm not sure if
  that's relevant.

 You might want to investigate that. Not sure, but I don't remember
 seeing that error on the X4200 boxes I had tested. BIOS update might
 be relevant. Perhaps it's also caused by bad hardware.

I just installed on an identical system, which gives the same error during
boot :(. They both have the latest bios installed.

 I have not seen any stability problems with my X4200 deployments. They
 are not running as network firewalls, but as application level
 proxies, so the error you are seeing could be due to higher pps count.
 Unlike you, I didn't put anything non-stock in the box. 4 built-in
 NICs where enough for my purposes.

The system seems to run stable until I put load on the multiport fiber
adapter. I recompiled the entire operating system with no issues.

 USB layer doesn't work in ddb so you'll need the serial working to
 get useful debug data.

Did you get serial working on your x4200 boxes? I tried not configuring the
OpenBSD serial console and using BIOS redirection, that didn't work. I also
tried disabling BIOS redirection and configuring explicit OpenBSD serial
console support, but still nothing showed up when I connected to the remote
management console interface. The only thing I haven't tried is physically
connecting to the local serial port on the hardware itself.


-- 
Paul B. Henson  |  (909) 979-6361  |  http://www.csupomona.edu/~henson/
Operating Systems and Network Analyst  |  [EMAIL PROTECTED]
California State Polytechnic University  |  Pomona CA 91768

openbsd 4.0 installation on soekris box: i am desperated.

[Gustavo Rios]

I am trying to get openbsd installed in my net4801 box. I can pxeboot
it, and get bsd.rd readed from my tftp server.

But, the problem is that when i choose installtion by means of ftp. It
is too slow to download them, in the order of 4 to 5 KB/s. In order
order, to simply download bsd file from the ftp server it takes about
1200 seconds.

Have anybody already faced such scenario ?

thanks in advance.

MUA Config [Was: Best motherboard for OpenBSD - light duty firewall]

[Darrin Chandler]

On Sat, Nov 18, 2006 at 10:08:59AM +1100, Rod.. Whitworth wrote:
 Do NOT CC me - I am subscribed to the list.
 Replies to the sender address will fail except from the list-server.
 Your IP address will also be greytrapped for 24 hours after any attempt. 
 I am continually amazed by the people who run OpenBSD who don't take this 
 advice. I always expected a smarter class. I guess not.

The really amazing thing is that you expect the world at large to change
behavior in a public forum to accomodate you. That's not reasonable.
Have you considered configuring your MUA to add a Mail-Followup-To
header? While that won't be 100% effective I suspect it'd get you a lot
further than odd demands and whining in your signature.

-- 
Darrin Chandler|  Phoenix BSD Users Group
[EMAIL PROTECTED]   |  http://bsd.phoenix.az.us/
http://www.stilyagin.com/  |

USB MIDI fun - OpenBSD beats Windoze

[Olaf Schreck]

Hi,

I'm a hobbyist musician, and I recently bought this cheap keyboard (with 
MIDI) and a USB-MIDI adapter.  I wanted to use some MS-Windoze software, but 
I had zero success to get that USB-MIDI adapter recognized by my notebook's 
WinXP Home (-current).  Some googling told me several people had the same 
problem with this device.  Ok, crap, return to store.

Before returning it, and just for kicks, I decided to see what OpenBSD 
4.0-stable thinks of this device.  In a nutshell: it just works.

The device is branded Swissonic MIDI-USB 1x1.  Here's a dmesg snippage 
(full dmesg below):

midi0 at pcppi0: PC speaker
umidi0 at uhub2 port 2 configuration 1 interface 0
umidi0: ? product 0x0011, rev 1.10/0.01, addr 2
umidi0: (genuine USB-MIDI)
umidi0: out=1, in=1
midi1 at umidi0: USB MIDI I/F

apropos midi told me about midiplay(1) in the core OS.  midiplay seems 
to recognize the USB device:

$ midiplay -l  
0: PC speaker
1: USB MIDI I/F

Looks promising.  I plugged the (WinXP-notwork) MIDI-jacks into the 
keyboard, and sure enough, it would play:

$ midiplay -d 1 Another_One_Bites_the_Dust.mid  
^C

Wow, that rocks :)  It just works(tm) in OpenBSD.  And the documentation 
is correct and to the point.  My hat is off to you..


ciao,
chakl

full dmesg: [Toshiba Satellite A50 notebook]

OpenBSD 4.0 (GENERIC) #0: Thu Oct 19 14:43:36 CEST 2006
[EMAIL PROTECTED]:/share/src40/sys/arch/i386/compile/GENERIC
cpu0: Intel(R) Pentium(R) M processor 1.60GHz (GenuineIntel 686-class) 1.60 
GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,TM,SBF,EST,TM2
cpu0: Enhanced SpeedStep 1600 MHz (1340 mV): speeds: 1600, 1400, 1200, 1000, 
800, 600 MHz
real mem  = 518877184 (506716K)
avail mem = 465342464 (454436K)
using 4256 buffers containing 26046464 bytes (25436K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(63) BIOS, date 04/28/04, BIOS32 rev. 0 @ 0xfc123, 
SMBIOS rev. 2.3 @ 0xec000 (39 entries)
bios0: TOSHIBA Satellite A50
apm0 at bios0: Power Management spec V1.2
apm0: battery life expectancy 100%
apm0: AC on, battery charge high, estimated 2:05 hours
apm0: flags 20102 dobusy 0 doidle 1
pcibios0 at bios0: rev 2.1 @ 0xf/0x1
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf01b0/144 (7 entries)
pcibios0: PCI Interrupt Router at 000:31:0 (Intel 82371FB ISA rev 0x00)
pcibios0: PCI bus #3 is the last bus
bios0: ROM list: 0xc/0x1 0xe/0x1!
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 Intel 82852GM Hub-PCI rev 0x02
Intel 82852GM Memory rev 0x02 at pci0 dev 0 function 1 not configured
Intel 82852GM Configuration rev 0x02 at pci0 dev 0 function 3 not configured
vga1 at pci0 dev 2 function 0 Intel 82852GM AGP rev 0x02: aperture at 
0xd800, size 0x800
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
Intel 82852GM AGP rev 0x02 at pci0 dev 2 function 1 not configured
uhci0 at pci0 dev 29 function 0 Intel 82801DB USB rev 0x03: irq 10
usb0 at uhci0: USB revision 1.0
uhub0 at usb0
uhub0: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
uhci1 at pci0 dev 29 function 1 Intel 82801DB USB rev 0x03: irq 11
usb1 at uhci1: USB revision 1.0
uhub1 at usb1
uhub1: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub1: 2 ports with 2 removable, self powered
uhci2 at pci0 dev 29 function 2 Intel 82801DB USB rev 0x03: irq 11
usb2 at uhci2: USB revision 1.0
uhub2 at usb2
uhub2: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub2: 2 ports with 2 removable, self powered
ehci0 at pci0 dev 29 function 7 Intel 82801DB USB rev 0x03: irq 11
usb3 at ehci0: USB revision 2.0
uhub3 at usb3
uhub3: Intel EHCI root hub, rev 2.00/1.00, addr 1
uhub3: 6 ports with 6 removable, self powered
ppb0 at pci0 dev 30 function 0 Intel 82801BAM Hub-to-PCI rev 0x83
pci1 at ppb0 bus 1
iwi0 at pci1 dev 5 function 0 Intel PRO/Wireless 2200BG rev 0x05: irq 11, 
address 00:0e:35:6b:2b:7b
TI TSB43AB21 FireWire rev 0x00 at pci1 dev 7 function 0 not configured
fxp0 at pci1 dev 8 function 0 Intel PRO/100 VE rev 0x83, i82562: irq 11, 
address 00:0e:7b:e8:0b:1c
inphy0 at fxp0 phy 1: i82562ET 10/100 PHY, rev. 0
cbb0 at pci1 dev 11 function 0 Toshiba ToPIC100 CardBus rev 0x33: irq 11
cardslot0 at cbb0 slot 0 flags 0
cardbus0 at cardslot0: bus 3 device 0 cacheline 0x0, lattimer 0x0
pcmcia0 at cardslot0
ichpcib0 at pci0 dev 31 function 0 Intel 82801DBM LPC rev 0x03
pciide0 at pci0 dev 31 function 1 Intel 82801DBM IDE rev 0x03: DMA, channel 0 
configured to compatibility, channel 1 configured to compatibility
wd0 at pciide0 channel 0 drive 0: FUJITSU MHT2060AT
wd0: 16-sector PIO, LBA, 57231MB, 117210240 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5
atapiscsi0 at pciide0 channel 1 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0: MATSHITA, DVD-RAM UJ-820S, 1.00 SCSI0 5/cdrom 
removable

FTP stalls over vlans on switch

[Jacob Yocom-Piatt]

while setting up vlans on a linksys SRW2024 gig-E switch, i am encountering
stalling FTP transfers from one vlan to another. the topology is as follows:


# SRW2024 switch   #
###TT##U2###U3##
   ||  ||
   ||  ||
 GW#1--GW#2 ftpsvr ftpclient

where U2 denotes a port that is untagged w/ vlan ID 2, U3 = untagged with w/
vlan ID 3, GW machines are CARPed and their ports are tagged on vlan 2 and 3,
and   the GW machines route both vlan 2 and 3 (i.e. clients on vlans 2 and 3
have the GW CARP IPs listed as their gateway IPs).

since the GW machines are the gateway between the vlans, a connection to ftpsvr
from ftpclient passes through the GW machines. the PF rules for GW are totally
open, with only

pass on vlan0 keep state
pass on vlan1 keep state

in place for testing. ftpclient can successfully ping, connect to ftpsvr, and
list files, but when a transfer begins it stalls after moving ~66 KB of data.
FTP works fine between hosts on the same vlan using untagged ports.

i'm confident others must have encountered this same problem when setting up
vlans. clues are appreciated.

cheers,
jake

CARP on interface without proto112 broadcasts?

[Allen Pomeroy]

I'm running a dual i386 3.7-current setup for a pair of firewalls with 
pf and pfsync.  All works very well, except I'm looking to see if there 
is a way to use CARP by only broadcasting on the internal or internal 
and DMZ network segments, but not the external network segment.  I have 
an ISP which is getting edgy about seeing what they think is VRRP (proto 
112) traffic every second on my WAN connection.


I think carp needs to see the advertisements in order to know when to 
initiate the failover process (elect a new master) - but is there a way 
to have that election process happen based on broadcasts over a subset 
of all the physical interfaces which have CARP interfaces established on?


Thanks,
AP

Re: BSD laptop

[STeve Andre']

On Friday 17 November 2006 02:20, Zoong PHAM wrote:
 On Thursday, 16 November 2006 at 16:17:16 -0700, Rick Kelly wrote:
  Stay away from the T30. They have a lot of motherboard and disk
  failures.

 Oops, I am about to buy a 2nd hand T30 to run OBSD-4.0.
 I currently have a X24 and it works beautifully with 3.8
 But the X24 lacks of a serial port so I am thinking of getting a T30.
 So should I stick with the X24 and buy a USB or PCMCIA serial card? Can
 someone recommend one?

 TIA,
 Zoong

Not all T30's are bad.  In fact, few of them are, but compared to the
other Thinkpad's the T30's had a higher rate of failure.  Would I 
get a T30 if the price was right for its configuration? Probably.  I
really like Thinkpads.  If in fact the T30 does die on you, spare parts
are obtainable.

--STeve Andre'

Re: -stable buggy or hardware flaky?

[Nick Holland]

Marc Peters wrote:
 sorry for answering myself, but i forgot the dmesg:

Yep.  Ever so important... if for no other reason:

 ~ $ dmesg
 OpenBSD 4.0-current (GENERIC) #1: Wed Nov  8 19:19:54 CET 2006
  ^^^
  [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC

...
 Marc Peters schrieb:
 hi folks,
 
 since yesterday i try to build stable out of the cvs-sources from 
  ^^
...
 anyone, who can point me in the right direction?

Well, you may have a HW problem, but you DEFINITELY have a procedural
problem:  You normally can't build -stable from -current, which is what
you are trying to do.  I'm not at all sure that is your problem, but it
surely isn't helping anything.

Do it right, and see if you are still having problems.  Either
wipe/reload the system with -release, then build -stable, or live with
-current (and then, just stick to snapshots, unless you have a REAL
reason to build your own..though in your case, testing the HW might be
appropriate).

Nick

Re: laptop mini-pci wifi card replacement rec.

[Melameth, Daniel D.]

[EMAIL PROTECTED] wrote:
 My laptop bit the dust so am looking at replacements.
 The one I'm thinking of getting has an unsupported
 broadcom wireless device.  It appears that I am able
 to add a mini-pci card to replace what is already in
 the laptop (correct me if i'm wrong its been a while
 since I bought a laptop).

FWIW, many laptop manufacturers have a *lovely* white list of acceptable
wireless mini-PCI cards programmed into the laptop--and the machines
will refuse to boot if your card is not on this list--so beware.

Rexx on openBSD

[Patrick Cummings]

Hi misc,

I would like to know if I can use the Rexx programming language on openBSD, 
and if yes, how.


Thanks

_
Ne perdez pas de temps dans les files dattente magasinez en ligne.  
http://magasiner.sympatico.msn.ca

Re: Rexx on openBSD

[Nick Guenther]

On 11/18/06, Patrick Cummings [EMAIL PROTECTED] wrote:

Hi misc,

I would like to know if I can use the Rexx programming language on openBSD,
and if yes, how.



Well, three seconds on google found me: http://regina-rexx.sourceforge.net/

I don't think there's a package for it, but it says it runs on FreeBSD
so it shouldn't be too hard to get working. You'll probably get lucky
and it will compile out-of-the-tgz

But really, google is your friend dammit.

-Nick

Re: openbsd 4.0 installation on soekris box: i am desperated.

[Michael Hernandez]

On Nov 17, 2006, at 6:22 PM, Gustavo Rios wrote:


I am trying to get openbsd installed in my net4801 box. I can pxeboot
it, and get bsd.rd readed from my tftp server.

But, the problem is that when i choose installtion by means of ftp. It
is too slow to download them, in the order of 4 to 5 KB/s. In order
order, to simply download bsd file from the ftp server it takes about
1200 seconds.

Have anybody already faced such scenario ?

thanks in advance.



Great reason to buy a cd set. The 4801 uses i386, which comes on the  
cd's.


Or you could download the sets over time and keep them handy and  
install from a local machine.


Buying cd's is probably the best way to go ;)

Mike