Re: OT? Is this bad news?

[Han Boetes]

Darren Spruell wrote:
 On 2/13/07, Han Boetes [EMAIL PROTECTED] wrote:
  Darren Spruell wrote:
   Instead we end up with a GPL driver that has to be reverse
   engineered and we end up with the same problems we already have.
 
  Since when is the GPL a close source license?

 Who said it was?

 If you mean what I said about the same problems we already have,
 I mean that we don't have specifications and documentation from
 which a reliable driver can be written. Problems with magic
 numbers and unclear implementation details have been pointed out
 in the past.  Reverse engineering can only take you so far, no?

Oh right, the Greg KH stuff. I think he should not take half the
deal. They should refuse to sign NDA, just like RMS insists.

Even if the driver was BSD licensed it wouldn't help you since a
linux driver is incompatible with a BSD driver.

This is not a BSD v GPL issue at all. This is about some stupid
developer accepting a deal when he should fight on.

Hardware specifications must be available to all people. Anything
else is immoral.



# Han

Re: Free Linux Driver Development!

[Stephan A. Rickauer]

Greg KH wrote:
 On Wed, Feb 14, 2007 at 08:39:36AM +0100, Stephan A. Rickauer wrote:
 On the subject of http://www.kroah.com/log/linux/free_drivers.html

 Now these companies have a great excuse to keep specs locked up tight
 under NDA, while pretending to be open.

 The OpenBSD project has been made clear more than once how this will
 hurt Free Software in the long run. Signing NDA's ensures that Linux
 gets a working driver, sure, but the internals are indistinguishable
 from magic. It is a source code version of a blob.
 
 I'm guessing that you did not read the followup FAQ about the program
 at:
   http://www.kroah.com/log/linux/free_drivers_faq.html
 
 Please see the final question and answer on that page.

I did read your FAQ but I can't see how it rebuts what has just been
said. You seem to be happy with signing NDAs. If the result is a
readable and understandable GPL'ed driver, companies will be even less
motivated to release programming documentation. This will lead to a
GPL-lock-in since you simply replace the vendor not willing to share
specifications with an NDA'ed GPL developer not willing to share those,
but GPL code only.

This is not about freedom but about prostitution.

All other projects will have to continue to reverse engineer GPL
drivers. A very short sighted strategy of yours, but that's just my
opinion. I am just disappointed how easily prominent people like you
give up freedom, accompanied by clever-sounding excuses. The price of
freedom is eternal vigilance...

-- 

 Stephan A. Rickauer

 ---
 Institute of Neuroinformatics Tel  +41 44 635 30 50
 University / ETH Zurich   Sec  +41 44 635 30 52
 Winterthurerstrasse 190   Fax  +41 44 635 30 53
 CH-8057 ZurichWeb  www.ini.unizh.ch

 RSA public key:  https://www.ini.uzh.ch/~stephan/pubkey.asc
 ---

Re: Free Linux Driver Development!

[Greg KH]

On Wed, Feb 14, 2007 at 08:39:36AM +0100, Stephan A. Rickauer wrote:
 On the subject of http://www.kroah.com/log/linux/free_drivers.html
 
 Now these companies have a great excuse to keep specs locked up tight
 under NDA, while pretending to be open.
 
 The OpenBSD project has been made clear more than once how this will
 hurt Free Software in the long run. Signing NDA's ensures that Linux
 gets a working driver, sure, but the internals are indistinguishable
 from magic. It is a source code version of a blob.

I'm guessing that you did not read the followup FAQ about the program
at:
http://www.kroah.com/log/linux/free_drivers_faq.html

Please see the final question and answer on that page.

thanks,

greg k-h

Re: Free Linux Driver Development!

[Greg KH]

On Wed, Feb 14, 2007 at 10:06:36AM +0100, Stephan A. Rickauer wrote:
 Greg KH wrote:
  On Wed, Feb 14, 2007 at 08:39:36AM +0100, Stephan A. Rickauer wrote:
  On the subject of http://www.kroah.com/log/linux/free_drivers.html
 
  Now these companies have a great excuse to keep specs locked up tight
  under NDA, while pretending to be open.
 
  The OpenBSD project has been made clear more than once how this will
  hurt Free Software in the long run. Signing NDA's ensures that Linux
  gets a working driver, sure, but the internals are indistinguishable
  from magic. It is a source code version of a blob.
  
  I'm guessing that you did not read the followup FAQ about the program
  at:
  http://www.kroah.com/log/linux/free_drivers_faq.html
  
  Please see the final question and answer on that page.
 
 I did read your FAQ but I can't see how it rebuts what has just been
 said.

You seem to have missed:
Q: What about the BSDs?

A: What about them? They are free to do whatever they wish, I
   have no input into their development at all, sorry.

 You seem to be happy with signing NDAs. If the result is a
 readable and understandable GPL'ed driver, companies will be even less
 motivated to release programming documentation. This will lead to a
 GPL-lock-in since you simply replace the vendor not willing to share
 specifications with an NDA'ed GPL developer not willing to share those,
 but GPL code only.

Well, as my goal is to have a GPL driver for everything, I don't see how
this can hurt :)

Now others can have different goals, and that's great and fine.  I'm not
saying you can't work on something if you wish to do so.

But for you to try to tell me that I shouldn't work to achive my goal,
as it somehow conflicts with your goals, is pretty rude, don't you
think?

There is no reason you can not extend the same kind of offer to
companies to help your project achieve success.

 This is not about freedom but about prostitution.

I'm sorry you feel this way.

*plonk*

Re: OT? Is this bad news?

[Artur Grabowski]

Steven [EMAIL PROTECTED] writes:

 Which brings me back to the question, what can an OpenBSD/open
 source/free software user do about it?

Sue Linux for anti-competitive behavior?

//art

Re: Free Linux Driver Development!

[Artur Grabowski]

Stephan A. Rickauer [EMAIL PROTECTED] writes:

 I did read your FAQ but I can't see how it rebuts what has just been
 said. You seem to be happy with signing NDAs. If the result is a
 readable and understandable GPL'ed driver, companies will be even less
 motivated to release programming documentation. This will lead to a
 GPL-lock-in since you simply replace the vendor not willing to share
 specifications with an NDA'ed GPL developer not willing to share those,
 but GPL code only.

Which is exactly what the GPL people want since that's the whole point
of the license. Otherwise they wouldn't be using the GPL. Duh.

//art

named doesn't bind to IP

[atstake atstake]

My named doesn't bind to my private IP and only binds to localhost.

starting BIND 9.3.2-P1
command channel listening on 127.0.0.1#953
command channel listening on ::1#953

I already have the listen-on option in /var/named/etc/named.conf file
pointed to my private IP.

options {
listen-on { 192.168.25.5; };
allow-recursion { clients; };
};

If I do a named -c /var/named/etc/named.conf it gives error -

none:0: open: /var/named/etc/named.conf: file not found
loading configuration: file not found

But the file is there and all files under /var/named are root:named.

My /var/named/etc/named.conf symlinks to /etc/named.conf. And if I
start bind typing named it starts on 127.0.0.1 by reading
/etc/named.conf by default.

Also, if I do named -c /etc/named.conf -g it actually listens on my
private IP along with localhost. Netstat output -

192.168.25.5.domain *.*

Any help would be appreciated.

Re: named doesn't bind to IP

[Paul de Weerd]

On Wed, Feb 14, 2007 at 09:50:07PM +1100, atstake atstake wrote:
| My named doesn't bind to my private IP and only binds to localhost.
|
| starting BIND 9.3.2-P1
| command channel listening on 127.0.0.1#953
| command channel listening on ::1#953
|
| I already have the listen-on option in /var/named/etc/named.conf file
| pointed to my private IP.
|
| options {
| listen-on { 192.168.25.5; };
| allow-recursion { clients; };
| };
|
| If I do a named -c /var/named/etc/named.conf it gives error -
|
| none:0: open: /var/named/etc/named.conf: file not found
| loading configuration: file not found
|
| But the file is there and all files under /var/named are root:named.
|
| My /var/named/etc/named.conf symlinks to /etc/named.conf. And if I
| start bind typing named it starts on 127.0.0.1 by reading
| /etc/named.conf by default.
|
| Also, if I do named -c /etc/named.conf -g it actually listens on my
| private IP along with localhost. Netstat output -
|
| 192.168.25.5.domain *.*
|
| Any help would be appreciated.

Named is chrooting to /var/named by default. You could try named -t /
-c /var/named/etc/named.conf, but I think you already found the
solution yourself. Just use named -c /etc/named.conf. Check your
'regular' /etc, I doubt there's a named.conf in there.

Read named(8), especially the parts that talk about chroot'ing.

Cheers,

Paul 'WEiRD' de Weerd

--
[++-]+++.+++[---].+++[+
+++-].++[-]+.--.[-]
 http://www.weirdnet.nl/

[demime 1.01d removed an attachment of type application/pgp-signature]

Re: mediawiki on chroot

[Stuart Henderson]

On 2007/02/14 21:55, atstake atstake wrote:
 I'm getting this error  I understand that I need to symlink some file
 inside the chroot (/var/www) area but I'm not sure which file to be
 exact. I search previous misc@ archive but they seem a bit confusing.

You probably didn't do the 'phpxs' after installing php5-mysql

Re: Free Linux Driver Development!

[Han Boetes]

Artur Grabowski wrote:
 Stephan A. Rickauer [EMAIL PROTECTED] writes:
  I did read your FAQ but I can't see how it rebuts what has
  just been said. You seem to be happy with signing NDAs. If the
  result is a readable and understandable GPL'ed driver,
  companies will be even less motivated to release programming
  documentation. This will lead to a GPL-lock-in since you
  simply replace the vendor not willing to share specifications
  with an NDA'ed GPL developer not willing to share those, but
  GPL code only.

 Which is exactly what the GPL people want since that's the whole
 point of the license. Otherwise they wouldn't be using the
 GPL. Duh.

Nah, RMS doesn't want this. A lot of `GPL people' don't want this
at all.

This deal is meant to divide.



# Han

Re: OT? Is this bad news?

[Han Boetes]

Artur Grabowski wrote:
 Steven [EMAIL PROTECTED] writes:
  Which brings me back to the question, what can an OpenBSD/open
  source/free software user do about it?

 Sue Linux for anti-competitive behavior?

Nah. You can't sue `linux,' complain to Greg Kroah Hartmann. Most
GPL fans don't want this deal at all. Explain Greg this is
unethical. Just like when you email a manifacturer of hardware
requesting documentation.



# Han

slow io operations on xSeries 336

[Jose Fragoso]

Hi,

I just installed OpenBSD 4.0 on an IBM xSeries 336. I have noticed that, for
some reason,
I/O operations are not carried out as fast as one would expect for a machine
with SCSI
disks. For instance, the creation of a 50GB partion took a really long time.
The command
4tar xzvf ports.tar.gz4 took more than 14 minutes to finish. Something must be
wrong,
but I have no idea nor the knowledge to discover. I took a suggestion from a
old message
in the list and tried to run the .MP kernel, but it did not make any
difference.

I also noticed that, at boot time, the process stops for quite a while at the
line:

ipmi0 at mainbus0:

I would be very thankful if someone could help me to isolate and solve this
problem.

Thanks in advance.

Regards,

Jose

ps. below is the output of dmesg.



OpenBSD 4.0 (GENERIC.MP) #936: Sat Sep 16 19:27:28 MDT 2006
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC.MP
cpu0: Intel(R) Xeon(TM) CPU 3.20GHz (GenuineIntel 686-class) 3.21 GHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,
DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,CNXT-ID,CX16
real mem  = 1073094656 (1047944K)
avail mem = 970813440 (948060K)
using 4256 buffers containing 53755904 bytes (52496K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(00) BIOS, date 01/17/05, BIOS32 rev. 0 @ 0xfd721,
SMBIOS rev. 2.3 @ 0xf602c (50 entries)
bios0: IBM eserver xSeries 336 -[883721U]-
pcibios0 at bios0: rev 2.1 @ 0xf/0x
pcibios0: PCI BIOS has 11 Interrupt Routing table entries
pcibios0: PCI Exclusive IRQs: 9 10 11 15
pcibios0: PCI Interrupt Router at 000:31:0 (Intel 82801EB/ER LPC rev 0x00)
pcibios0: PCI bus #7 is the last bus
bios0: ROM list: 0xc/0xb000 0xcb000/0x4000
ipmi0 at mainbus0: version 1.5 interface KCS iobase 0xca8/8 spacing 4
mainbus0: Intel MP Specification (Version 1.4) (IBM ENSW X336 SMP)
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: apic clock running at 200 MHz
mainbus0: bus 0 is type PCI
mainbus0: bus 1 is type PCI
mainbus0: bus 2 is type PCI
mainbus0: bus 3 is type PCI
mainbus0: bus 4 is type PCI
mainbus0: bus 5 is type PCI
mainbus0: bus 6 is type PCI
mainbus0: bus 7 is type PCI
mainbus0: bus 8 is type ISA
ioapic0 at mainbus0: apid 14 pa 0xfec0, version 20, 24 pins
ioapic1 at mainbus0: apid 13 pa 0xfec82000, version 20, 24 pins
ioapic2 at mainbus0: apid 12 pa 0xfec82400, version 20, 24 pins
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 Intel E7520 MCH rev 0x0a
Intel E7520 MCH ERR rev 0x0a at pci0 dev 0 function 1 not configured
ppb0 at pci0 dev 2 function 0 Intel MCH PCIE rev 0x0a
pci1 at ppb0 bus 2
ppb1 at pci0 dev 4 function 0 Intel MCH PCIE rev 0x0a
pci2 at ppb1 bus 3
ppb2 at pci2 dev 0 function 0 Intel PCIE-PCIE rev 0x09
pci3 at ppb2 bus 4
mpi0 at pci3 dev 1 function 0 Symbios Logic 53c1030 rev 0x08: apic 13 int 4
(irq 11)
scsibus0 at mpi0: 16 targets
sd0 at scsibus0 targ 0 lun 0: IBM-ESXS, MAW3300NC FN, C206 SCSI2 0/direct
fixed
sd0: 286102MB, 78753 cyl, 8 head, 930 sec, 512 bytes/sec, 585937500 sec total
safte0 at scsibus0 targ 8 lun 0: IBM, 25P3495a S320 1, 1 SCSI2 3/processor
fixed
mpi0: target 0 Sync at 160MHz width 16bit offset 127 QAS 0 DT 1 IU 1
ppb3 at pci2 dev 0 function 2 Intel PCIE-PCIE rev 0x09
pci4 at ppb3 bus 5
ppb4 at pci0 dev 6 function 0 Intel MCH PCIE rev 0x0a
pci5 at ppb4 bus 6
bge0 at pci5 dev 0 function 0 Broadcom BCM5721 rev 0x01, BCM5750 A1
(0x4001):
apic 14 int 16 (irq 11), address 00:0d:60:99:a3:b2
brgphy0 at bge0 phy 1: BCM5750 10/100/1000baseT PHY, rev. 0
ppb5 at pci0 dev 7 function 0 Intel MCH PCIE rev 0x0a
pci6 at ppb5 bus 7
bge1 at pci6 dev 0 function 0 Broadcom BCM5721 rev 0x01, BCM5750 A1
(0x4001):
apic 14 int 16 (irq 11), address 00:0d:60:99:a3:b3
brgphy1 at bge1 phy 1: BCM5750 10/100/1000baseT PHY, rev. 0
Intel E7525 MCH Configuration rev 0x0a at pci0 dev 8 function 0 not
configured
uhci0 at pci0 dev 29 function 0 Intel 82801EB/ER USB rev 0x02: apic 14 int
16 (irq 11)
usb0 at uhci0: USB revision 1.0
uhub0 at usb0
uhub0: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
uhci1 at pci0 dev 29 function 1 Intel 82801EB/ER USB rev 0x02: apic 14 int
19 (irq 3)
usb1 at uhci1: USB revision 1.0
uhub1 at usb1
uhub1: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub1: 2 ports with 2 removable, self powered
ehci0 at pci0 dev 29 function 7 Intel 82801EB/ER USB2 rev 0x02: apic 14 int
23 (irq 5)
usb2 at ehci0: USB revision 2.0
uhub2 at usb2
uhub2: Intel EHCI root hub, rev 2.00/1.00, addr 1
uhub2: 4 ports with 4 removable, self powered
ppb6 at pci0 dev 30 function 0 Intel 82801BA AGP rev 0xc2
pci7 at ppb6 bus 1
vga1 at pci7 dev 1 function 0 ATI Radeon VE QY rev 0x00
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
ichpcib0 at pci0 dev 31 function 0 Intel 82801EB/ER LPC rev 0x02
pciide0 at pci0 dev 31 function 2 Intel 82801EB SATA rev 0x02: DMA, channel
0 configured 

I386: Real Mode vs. Protected Mode

[Markus Ritzer]

Hello!

I would  like to know when the CPU is switched into protected mode on i386?

Before or after executing init386() ?
Or does the bootloader / or the BIOS do this?

Markus

Performance problems with bge under OpenBSD4.0/i386

[Pete Vickers]

Hi,

I'm trying to track down the cause of poor network performance under  
OpenBSD4.0/i386 on HP Proliants (DL380-G4 and DL360-G4p), which seems  
to be concerning ethernet 802.3x flow control on the bge NICs.



Test topology is:

HP DL380-G4
  int bge0 (BCM5704C auto at 1000baseT full-duplex)
|
|
  int Gig 13/6  (auto at 1000baseT full-duplex)
Cisco 6513 chassis + WS-X6548-GE-TX + WS-X6748-GE-TX
  int Gig 12/47 (auto at 1000baseT full-duplex)
|
|
  int bge0 (BCM5704C auto at 1000baseT full-duplex)
HP DL360-G4p


Test traffic is generated with:

On Source:  dd if=/dev/zero bs=1k count=1 | nc _peer_ 1234
On Sink:nc -l 1234  /dev/null



With 4.0-release kernel (GENERIC#1107), the bge driver does not  
negotiate flowcontrol with the switch:


switch# show interfaces flowcontrol | inc Port|admin|Gi12/47|Gi13/6
PortSend FlowControl  Receive FlowControl  RxPause TxPause
adminoper adminoper
Gi12/47 desired  off  desired  off 0   0
Gi13/6  desired  off  desired  off 0   0


Network traffic is very slow and the receiving host reports  
significant 'Input errors' on the NIC interface after transfer:


source~ netstat -i -I bge0 | grep -e Name -e Link
NameMtu   Network Address  Ipkts IerrsOpkts  
Oerrs Colls
bge01500  Link  00:18:fe:32:2e:4a 1050 0  
1276 0 0

source~ dd if=/dev/zero bs=1k count=10 | nc _peer_ 1234
10+0 records in
10+0 records out
10240 bytes transferred in 13.219 secs (7746244 bytes/sec)
source~ netstat -i -I bge0 | grep -e Name -e Link
NameMtu   Network Address  Ipkts IerrsOpkts  
Oerrs Colls
bge01500  Link  00:18:fe:32:2e:4a52684 0 
73166 0 0


sink~ netstat -i -I bge0 | grep -e Name -e Link
NameMtu   Network Address  Ipkts IerrsOpkts  
Oerrs Colls
bge01500  Link  00:17:a4:45:f5:25   79 0   
106 0 0

sink~ nc -l 1234  /dev/null
sink~ netstat -i -I bge0 | grep -e Name -e Link
NameMtu   Network Address  Ipkts IerrsOpkts  
Oerrs Colls
bge01500  Link  00:17:a4:45:f5:257084111 
50894 0 0





With 4.0-snapshot kernel (GENERIC#1362), the bge driver now  
negotiates flow control:


switch# show interfaces flowcontrol | inc Port|admin|Gi12/47|Gi13/6
PortSend FlowControl  Receive FlowControl  RxPause TxPause
adminoper adminoper
Gi12/47 desired  on   desired  on  0   0
Gi13/6  desired  on   desired  on  0   0

However, the transfer is still very slow, and the receiving host  
still reports significant 'Input errors' on the NIC interface after  
transfer:


source~ netstat -i -I bge0 | grep -e Name -e Link
NameMtu   Network Address  Ipkts IerrsOpkts  
Oerrs Colls
bge01500  Link  00:18:fe:32:2e:4a 1459 0  
1762 0 0

source~ dd if=/dev/zero bs=1k count=10 | nc _peer_ 1234
10+0 records in
10+0 records out
10240 bytes transferred in 14.120 secs (7251650 bytes/sec)
source ~netstat -i -I bge0 | grep -e Name -e Link
NameMtu   Network Address  Ipkts IerrsOpkts  
Oerrs Colls
bge01500  Link  00:18:fe:32:2e:4a53240 0 
73457 0 0



sink~ netstat -i -I bge0 | grep -e Name -e Link
NameMtu   Network Address  Ipkts IerrsOpkts  
Oerrs Colls
bge01500  Link  00:17:a4:45:f5:25   89 0
98 0 0

sink~  nc -l 1234  /dev/null
sink~ netstat -i -I bge0 | grep -e Name -e Link
NameMtu   Network Address  Ipkts IerrsOpkts  
Oerrs Colls
bge01500  Link  00:17:a4:45:f5:2570849 9 
51186 0 0




To summarise, it seems as though flow-control is negotiated for both  
TX  RX in the recent bge driver, but is only functional for TX (if  
at all). The only relevant source change I can find is:


http://www.openbsd.org/cgi-bin/cvsweb/src/sys/dev/pci/if_bge.c.diff? 
r1=1.202r2=1.203f=h
Flow control support for bge(4)/brgphy(4).  From brad@ based on code  
fromNetBSD

with includes the comment /* We can do both TXPAUSE and RXPAUSE. */

Setting 'ifconfig bge0 debug' provides no additional output. I have  
also repeated the tests with serveral differnet servers, NICs (all  
bge) and cables and switches to remove faulty device issues.



Has anyone an ideas on fixes for this, or how to debug the issue  
further ?


Dmesg below


/Pete



# dmesg
OpenBSD 4.0-current (GENERIC) #1362: Fri Feb  9 14:26:43 MST 2007
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel(R) Xeon(TM) CPU 3.40GHz (GenuineIntel 686-class) 3.41 GHz
cpu0:  
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36, 
CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS- 
CPL,EST,CNXT-ID,CX16

real mem  = 1073258496 (1048104K)
avail mem = 970895360 

Re: Free Linux Driver Development!

[Paul de Weerd]

On Wed, Feb 14, 2007 at 12:18:16PM +, Jeff Rollin wrote:
| On 14/02/07, Han Boetes [EMAIL PROTECTED] wrote:
| 
|  Artur Grabowski wrote:
|   Stephan A. Rickauer [EMAIL PROTECTED] writes:
|I did read your FAQ but I can't see how it rebuts what has
|just been said. You seem to be happy with signing NDAs. If the
|result is a readable and understandable GPL'ed driver,
|companies will be even less motivated to release programming
|documentation. This will lead to a GPL-lock-in since you
|simply replace the vendor not willing to share specifications
|with an NDA'ed GPL developer not willing to share those, but
|GPL code only.
|  
|   Which is exactly what the GPL people want since that's the whole
|   point of the license. Otherwise they wouldn't be using the
|   GPL. Duh.
| 
|  Nah, RMS doesn't want this. A lot of `GPL people' don't want this
|  at all.
| 
|  This deal is meant to divide.
| 
|
| And this discussion isn't?  There are already plenty of divisions within
the
| FOSS world - between the F and OS of FOSS, between Linux and BSD, between
| the various BSDs. It's not as if TdR started OpenBSD to continue
| contributing to NetBSD, is it?
|
| And yet when a driver is released under the BSD licence, which conflicts
| with the GPL, when do we hear the bitching about it on the BSD side? Wait,
| what's that? Oh, we don't?

When vendors open up their docs, all profit. When one signs an NDA, in
the end, no one profits.

Besides, what is keeping Linux from including BSD licensed drivers ? I
was under the impression that they have done this in the past. How
does a BSD licensed driver conflict with the GPL ? I've heard that the
two-clause BSD license should be compatbile with the GPL...

Cheers,

Paul 'WEiRD' de Weerd

--
[++-]+++.+++[---].+++[+
+++-].++[-]+.--.[-]
 http://www.weirdnet.nl/

[demime 1.01d removed an attachment of type application/pgp-signature]

Re: Free Linux Driver Development!

[Martin Schröder]

2007/2/14, Jeff Rollin [EMAIL PROTECTED]:

And yet when a driver is released under the BSD licence, which conflicts
with the GPL


It doesn't. It simply doesn't work under Linux.

Best
  Martin

Re: slow io operations on xSeries 336

[David Gwynne]

On 14/02/2007, at 9:59 PM, Jose Fragoso wrote:


Hi,

I just installed OpenBSD 4.0 on an IBM xSeries 336. I have noticed  
that, for

some reason,
I/O operations are not carried out as fast as one would expect for  
a machine

with SCSI
disks. For instance, the creation of a 50GB partion took a really  
long time.


thats very... vague...

where are you creating this 50G partitiong? in the installer, or in  
the installed operating system? what command did you use?


how long did it actually take? a really long time could be 5  
seconds if you're expectations are too high.



The command
4tar xzvf ports.tar.gz4 took more than 14 minutes to finish.  
Something must be

wrong,
but I have no idea nor the knowledge to discover. I took a  
suggestion from a

old message
in the list and tried to run the .MP kernel, but it did not make any
difference.


that does seem excessive. can you watch the interrupt rates in the  
top right of systat vm 1 and let me know what numbers you're seeing?




I also noticed that, at boot time, the process stops for quite a  
while at the

line:

ipmi0 at mainbus0:


the driver is doing a lot of probing to find what sensors are  
available via ipmi, the pause is normal.




I would be very thankful if someone could help me to isolate and  
solve this

problem.

Thanks in advance.

Regards,

Jose

ps. below is the output of dmesg.



OpenBSD 4.0 (GENERIC.MP) #936: Sat Sep 16 19:27:28 MDT 2006
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC.MP
cpu0: Intel(R) Xeon(TM) CPU 3.20GHz (GenuineIntel 686-class) 3.21  
GHz

cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE3 
6,CFLUS

H,
DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,CNXT-ID,CX16
real mem  = 1073094656 (1047944K)
avail mem = 970813440 (948060K)
using 4256 buffers containing 53755904 bytes (52496K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(00) BIOS, date 01/17/05, BIOS32 rev. 0 @  
0xfd721,

SMBIOS rev. 2.3 @ 0xf602c (50 entries)
bios0: IBM eserver xSeries 336 -[883721U]-
pcibios0 at bios0: rev 2.1 @ 0xf/0x
pcibios0: PCI BIOS has 11 Interrupt Routing table entries
pcibios0: PCI Exclusive IRQs: 9 10 11 15
pcibios0: PCI Interrupt Router at 000:31:0 (Intel 82801EB/ER LPC  
rev 0x00)

pcibios0: PCI bus #7 is the last bus
bios0: ROM list: 0xc/0xb000 0xcb000/0x4000
ipmi0 at mainbus0: version 1.5 interface KCS iobase 0xca8/8 spacing 4
mainbus0: Intel MP Specification (Version 1.4) (IBM ENSW X336 SMP)
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: apic clock running at 200 MHz
mainbus0: bus 0 is type PCI
mainbus0: bus 1 is type PCI
mainbus0: bus 2 is type PCI
mainbus0: bus 3 is type PCI
mainbus0: bus 4 is type PCI
mainbus0: bus 5 is type PCI
mainbus0: bus 6 is type PCI
mainbus0: bus 7 is type PCI
mainbus0: bus 8 is type ISA
ioapic0 at mainbus0: apid 14 pa 0xfec0, version 20, 24 pins
ioapic1 at mainbus0: apid 13 pa 0xfec82000, version 20, 24 pins
ioapic2 at mainbus0: apid 12 pa 0xfec82400, version 20, 24 pins
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 Intel E7520 MCH rev 0x0a
Intel E7520 MCH ERR rev 0x0a at pci0 dev 0 function 1 not configured
ppb0 at pci0 dev 2 function 0 Intel MCH PCIE rev 0x0a
pci1 at ppb0 bus 2
ppb1 at pci0 dev 4 function 0 Intel MCH PCIE rev 0x0a
pci2 at ppb1 bus 3
ppb2 at pci2 dev 0 function 0 Intel PCIE-PCIE rev 0x09
pci3 at ppb2 bus 4
mpi0 at pci3 dev 1 function 0 Symbios Logic 53c1030 rev 0x08:  
apic 13 int 4

(irq 11)
scsibus0 at mpi0: 16 targets
sd0 at scsibus0 targ 0 lun 0: IBM-ESXS, MAW3300NC FN, C206 SCSI2  
0/direct

fixed
sd0: 286102MB, 78753 cyl, 8 head, 930 sec, 512 bytes/sec, 585937500  
sec total
safte0 at scsibus0 targ 8 lun 0: IBM, 25P3495a S320 1, 1 SCSI2 3/ 
processor

fixed
mpi0: target 0 Sync at 160MHz width 16bit offset 127 QAS 0 DT 1 IU 1
ppb3 at pci2 dev 0 function 2 Intel PCIE-PCIE rev 0x09
pci4 at ppb3 bus 5
ppb4 at pci0 dev 6 function 0 Intel MCH PCIE rev 0x0a
pci5 at ppb4 bus 6
bge0 at pci5 dev 0 function 0 Broadcom BCM5721 rev 0x01, BCM5750 A1
(0x4001):
apic 14 int 16 (irq 11), address 00:0d:60:99:a3:b2
brgphy0 at bge0 phy 1: BCM5750 10/100/1000baseT PHY, rev. 0
ppb5 at pci0 dev 7 function 0 Intel MCH PCIE rev 0x0a
pci6 at ppb5 bus 7
bge1 at pci6 dev 0 function 0 Broadcom BCM5721 rev 0x01, BCM5750 A1
(0x4001):
apic 14 int 16 (irq 11), address 00:0d:60:99:a3:b3
brgphy1 at bge1 phy 1: BCM5750 10/100/1000baseT PHY, rev. 0
Intel E7525 MCH Configuration rev 0x0a at pci0 dev 8 function 0 not
configured
uhci0 at pci0 dev 29 function 0 Intel 82801EB/ER USB rev 0x02:  
apic 14 int

16 (irq 11)
usb0 at uhci0: USB revision 1.0
uhub0 at usb0
uhub0: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
uhci1 at pci0 dev 29 function 1 Intel 82801EB/ER USB rev 0x02:  
apic 14 int

19 (irq 3)
usb1 at uhci1: USB revision 1.0
uhub1 at usb1
uhub1: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub1: 2 ports with 2 removable, self powered
ehci0 at 

Re: Free Linux Driver Development!

[mickey]

On Wed, Feb 14, 2007 at 01:45:06PM +0100, Paul de Weerd wrote:
 On Wed, Feb 14, 2007 at 12:18:16PM +, Jeff Rollin wrote:
 | On 14/02/07, Han Boetes [EMAIL PROTECTED] wrote:
 | 
 |  Artur Grabowski wrote:
 |   Stephan A. Rickauer [EMAIL PROTECTED] writes:
 |I did read your FAQ but I can't see how it rebuts what has
 |just been said. You seem to be happy with signing NDAs. If the
 |result is a readable and understandable GPL'ed driver,
 |companies will be even less motivated to release programming
 |documentation. This will lead to a GPL-lock-in since you
 |simply replace the vendor not willing to share specifications
 |with an NDA'ed GPL developer not willing to share those, but
 |GPL code only.
 |  
 |   Which is exactly what the GPL people want since that's the whole
 |   point of the license. Otherwise they wouldn't be using the
 |   GPL. Duh.
 | 
 |  Nah, RMS doesn't want this. A lot of `GPL people' don't want this
 |  at all.
 | 
 |  This deal is meant to divide.
 | 
 |
 | And this discussion isn't?  There are already plenty of divisions within
 the
 | FOSS world - between the F and OS of FOSS, between Linux and BSD, between
 | the various BSDs. It's not as if TdR started OpenBSD to continue
 | contributing to NetBSD, is it?
 |
 | And yet when a driver is released under the BSD licence, which conflicts
 | with the GPL, when do we hear the bitching about it on the BSD side? Wait,
 | what's that? Oh, we don't?
 
 When vendors open up their docs, all profit. When one signs an NDA, in
 the end, no one profits.
 
 Besides, what is keeping Linux from including BSD licensed drivers ? I
 was under the impression that they have done this in the past. How
 does a BSD licensed driver conflict with the GPL ? I've heard that the
 two-clause BSD license should be compatbile with the GPL...

oh come fucking on!
do not start this bsd vs gpl crap again!
cu
-- 
paranoic mickey   (my employers have changed but, the name has remained)

Re: Performance problems with bge under OpenBSD4.0/i386

[Ronnie Garcia]

Pete Vickers a icrit :
I'm trying to track down the cause of poor network performance under 
OpenBSD4.0/i386 on HP Proliants (DL380-G4 and DL360-G4p), which seems to 
be concerning ethernet 802.3x flow control on the bge NICs.


Test topology is:

HP DL380-G4
  int bge0 (BCM5704C auto at 1000baseT full-duplex)
|
|
  int Gig 13/6  (auto at 1000baseT full-duplex)
Cisco 6513 chassis + WS-X6548-GE-TX + WS-X6748-GE-TX
  int Gig 12/47 (auto at 1000baseT full-duplex)
|
|
  int bge0 (BCM5704C auto at 1000baseT full-duplex)
HP DL360-G4p


[...]


Has anyone an ideas on fixes for this, or how to debug the issue further ?


Did you tweek kernel parameters, like net.inet.ip.ifq.maxlen ?
What is the CPU usage during the transfer ?
Did you try with autonegotiation off, and with speed fixed at 1000base-T 
FD on each port ?


--
Ronnie Garcia r.garcia at ovea dot com

Re: Free Linux Driver Development!

[Han Boetes]

mickey wrote:
 oh come fucking on!
 do not start this bsd vs gpl crap again!

On the contrary, this is BSD united with GPL crap. :-) 



# Han

Re: I386: Real Mode vs. Protected Mode

[Hannah Schroeter]

Hello!

On Wed, Feb 14, 2007 at 01:19:04PM +0100, Markus Ritzer wrote:
Hello!

I would  like to know when the CPU is switched into protected mode on i386?

Before or after executing init386() ?
Or does the bootloader / or the BIOS do this?

/usr/src/sys/arch/i386/stand/boot/srt0.S, around line 60:
popl %edx
cli
pushl   %cs
popl%ds
addr32 data32 lgdt  (Gdtr - LINKADDR)
movl%cr0, %eax
orl $CR0_PE, %eax
data32 movl %eax, %cr0
data32 ljmp $8, $1f
1:
.code32

Markus

Kind regards,

Hannah.
-- 
  Hannah SchrvterEntwicklung   [EMAIL PROTECTED]
  Bei Schlund + Partner AG   Brauerstra_e 48   D-76135 Karlsruhe
Our software isn't released - it escapes, leaving a trail of bloody testers
in its wake. We relish the wailing and gnashing of our customers' teeth!

Re: Free Linux Driver Development!

[Artur Grabowski]

Han Boetes [EMAIL PROTECTED] writes:

  Which is exactly what the GPL people want since that's the whole
  point of the license. Otherwise they wouldn't be using the
  GPL. Duh.
 
 Nah, RMS doesn't want this. A lot of `GPL people' don't want this
 at all.

I quoted too much. The part I meant was: This will lead to a
GPL-lock-in. Yeah, big news.

I think people pay too much attention to this. Some clown made a
bombastic statement about how things have been working for ages. And
by that I mean that people write drivers when they get documentation
and that Linux is the Microsoft of free software and they don't give a
fuck about neither freedom nor quality of their software and will
happily sign an NDA just to add another product to their feature
sheet. None of this is new, none of this is surprising. Why give him
more than his 15 minutes of fame by spreading his I will bend over
for documentation bullshit even further?

And if you like conspiracy theories, notice that he's working for
Novell and this NDA is good, give us more NDA stance is consistent
with the still fresh Novell-Microsoft deal that was (in short):
patents are good, give us more patents.

//art

Annoying problem with dnsmasq

[Manuel Ravasio]

Hello all.
I'm trying to set up a firewall/web-proxy/dns-proxy/dhcp-server box at
home, using a quite old i386-based pc (AMD k6-2 300, 256mb RAM, 2x10G
IDE disks) and OpenBSD 4.0.

OS installation, disk management, additional software installation and
configuration... everything went fine.
Problems started in configuring dnsmasq: I managed to make dns
forwarding work ( I really don't need anything more than standard
behaviour), then I created a DHCP range entry:

expand-hosts
domain=manuel.test
dhcp-range=192.168.2.100,192.168.2.200,255.255.255.0,1h

I chose to activate dnsmasq on the internal intercace only:

interface=pcn1

pcn1,'s IP address is fixed and compatible with the range specified:

# ifconfig pcn1
pcn1: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
   lladdr 00:0c:29:af:4f:47
   media: Ethernet autoselect (autoselect)
   inet 192.168.2.11 netmask 0xff00 broadcast 192.168.2.255
   inet6 fe80::20c:29ff:feaf:4f47%pcn1 prefixlen 64 scopeid 0x2

I read that creating a dhcp-range entry in /etc/dnsmasq.conf makes
dnsmasq start the dhcp service automatically, but alas DHCP server
apparently doesn't work: linux and windows clients can't grab IP
addresses and other IP information, and netstat doesn't show anything
listening on port 67/68.

# ps -aux | grep dns
nobody   16166  0.0  0.3   520   648 ??  S 12:58PM0:00.00 dnsmasq

# netstat -an | grep tcp | grep -v tcp6
tcp0  0  127.0.0.1.53   *.*LISTEN
tcp0  0  192.168.2.11.53*.*LISTEN
tcp0  0  127.0.0.1.6010 *.*LISTEN
tcp0  0  192.168.2.11.22192.168.2.1.48605  ESTABLISHED
tcp0  0  *.22   *.*LISTEN


What am I missing?

Thank you everybody for your kind help.

Byee,
Manuel

Re: Free Linux Driver Development!

[ericfurman]

On Wed, 14 Feb 2007 13:58:00 +0100, mickey [EMAIL PROTECTED] said:
 On Wed, Feb 14, 2007 at 01:45:06PM +0100, Paul de Weerd wrote:
  On Wed, Feb 14, 2007 at 12:18:16PM +, Jeff Rollin wrote:
  | On 14/02/07, Han Boetes [EMAIL PROTECTED] wrote:
  | 
  |  Artur Grabowski wrote:
  |   Stephan A. Rickauer [EMAIL PROTECTED] writes:
  |I did read your FAQ but I can't see how it rebuts what has
  |just been said. You seem to be happy with signing NDAs. If the
  |result is a readable and understandable GPL'ed driver,
  |companies will be even less motivated to release programming
  |documentation. This will lead to a GPL-lock-in since you
  |simply replace the vendor not willing to share specifications
  |with an NDA'ed GPL developer not willing to share those, but
  |GPL code only.
  |  
  |   Which is exactly what the GPL people want since that's the whole
  |   point of the license. Otherwise they wouldn't be using the
  |   GPL. Duh.
  | 
  |  Nah, RMS doesn't want this. A lot of `GPL people' don't want this
  |  at all.
  | 
  |  This deal is meant to divide.
  | 
  |
  | And this discussion isn't?  There are already plenty of divisions within
  the
  | FOSS world - between the F and OS of FOSS, between Linux and BSD, between
  | the various BSDs. It's not as if TdR started OpenBSD to continue
  | contributing to NetBSD, is it?
  |
  | And yet when a driver is released under the BSD licence, which conflicts
  | with the GPL, when do we hear the bitching about it on the BSD side? Wait,
  | what's that? Oh, we don't?
  
  When vendors open up their docs, all profit. When one signs an NDA, in
  the end, no one profits.
  
  Besides, what is keeping Linux from including BSD licensed drivers ? I
  was under the impression that they have done this in the past. How
  does a BSD licensed driver conflict with the GPL ? I've heard that the
  two-clause BSD license should be compatbile with the GPL...
 
 oh come fucking on!
 do not start this bsd vs gpl crap again!

How long have you people been reading these lists?
When are people going to realize that Han is just a troll.

driver maintenance problems

[Ingo Schwarze]

Hi Greg,

if i understand correctly, you are advocating the program
described on http://www.kroah.com/log/linux/free_drivers.html
in order to enable one open source operating system to
support as much hardware as possible, which is certainly
a useful goal.  In fact, i am using Linux myself for one
of my servers (the others are running OpenBSD) and for
the majority of the workstations i maintain.

Yet i am concerned about questions of maintainability of
driver code.  As far as i understand, the main point about
open source software (irrespective of its particular license)
is that anybody can read the source code in order to evaluate
its functionality, correctness and security, and anybody with
the required skills can fix any bugs that might have slipped -
or adapt the code to any particular needs.

Let me put the problem i feel in the following pointed way,
which is all the same not intended to be disrespectful, but
only intended to make the point clear, which is, in my humble
opinion, not at all a point of Linux vs. BSD.

If an immortal being who is at the same time utterly incapable
of committing any software bugs  writes an open source driver
for an operating system which is guaranteed to be absolutely
bug free, too, and which is guaranteed to never need any changes
to its kernel-driver interfaces, this might be quite useful -
provided that the immortal being either commits itself to
indefinitely support the driver or that it can foresee any
potential uses anybody could have for the hardware device in
question.  And provided that the operating system in question
can fulfill any potential needs any future computer users could
ever develop.

If a skilled, but mortal programmer carefully writes a driver
for a real-world operating system, even if it's a very good OS,
it is *much* less useful under NDA than starting from free
documentation, irrespective of the particular operating system
and irrespective of any licensing issues.

Reading source-changes mailing lists, i often see commit
messages of the style fixing FOOBAR bug in FOO driver with
respect to misuse of BAR firmware (or hardware) interface,
thanks to [EMAIL PROTECTED] for
pointing this out to me.  Shouldn't you try very hard to
avoid ruining your chances to profit from such help?
To give more examples, how do you guard against developers
dropping projects and manufacturers not trusting their
successors?  Wouldn't you be forced to drop driver support?
That would be bad: In the first place, you told Linux users
that the device would be supported.  Do you deem it fair
claiming a device to be supported when a third party you
cannot control may in effect force you to drop support?
How do you make sure that manufactures do not back out of some
of their NDA agreements, effectively rendering the drivers
for part of their hardware unmaintainable for future kernel
versions?  Some manufactures even do such things on purpose
in order to motivate customers to buy new products - MS Windows
does come to mind here, doesn't it?

So if your goal is to get as many GNU/Linux drivers as possible,
if your goal is at the same time to get them as correct, as
maintainable and as useful as possible, and if your definition
of supported includes will also be supported in the future,
i really think you should make a stronger point about the
importance of open documentation in the GNU/Linux context.

In my humble opinion, it would also be fair to tell manufacturers
up front and at a prominent place that releasing hardware
documentation to the general public will result in better and
more flexible drivers, more effective bug squashing and better
overall driver maintenance, so in the end of the day, in
customers being able to make better use of their device and
in getting a better impression of their company.

Currently, all i can find in
  http://www.kroah.com/log/linux/free_drivers.html
is this:
  If your company is worried about NDA issues surrounding your
  device's specifications, we have arranged a program...
I think, at that point, you ought to clearly tell manufacturers
that participating in that kind of program will render the
resulting driver much less useful than opening documentation.
You also ought to seriously urge them in each single case not
to take that route.  In my humble opinion, even according to your
own goals (as far as i understand them) you should seriously
reconsider whether writing open source code under NDA is actually
useful enough to warrant the effort, in particular given that
the offer to do so can motivate manufacturers *not* to release
documentation to the public, thereby also harming other GNU/Linux
developers and the GNU/Linux community in general and thereby
rendering Linux less useful than it could be, regarding the
grand total.

Additionally, you might consider to supplement your FAQ in the
following respects:

[EMAIL PROTECTED] $ grep -i maintenance free_drivers*.html  
 
[EMAIL PROTECTED] $ grep -i bug 

Re: Free Linux Driver Development!

[Mic J]

On 2/14/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:


How long have you people been reading these lists?
When are people going to realize that Han is just a troll.


I've been here since 2004 and i never noticed!
However i noticed that Han is sometimes bearer
of apparently unpopular opinions

So you think he is subscribed just to troll?


cognacc

Re: Free Linux Driver Development!

[Marco Peereboom]

Man I *love* unforeseen consequences!

  I did read your FAQ but I can't see how it rebuts what has just been
  said.
 
 You seem to have missed:
   Q: What about the BSDs?
 
   A: What about them? They are free to do whatever they wish, I
  have no input into their development at all, sorry.

This is awesome, you protect the vendors by pretending to provide free
code.  This is so funny that I have tears in my eyes.

The GPL has become the new safe harbor for companies who don't want to
play in the open source world.  Do you really think Sun is GPLing Java
because they think it is the right thing to do?  The answer might
surprise you; they are doing it under pressure from investors because
they are not making money.  Now how do you give something away but not
really?  Exactly, Copyrights + GPL.  What a fantastic combination!  You
get inherent patent protection because no one can use your code and
copyrights take care of the rest.  

Now Sun gets to shut up the open source world; hey we gave you (some)
of our code now didn't we?  And they get to pretend to be open source
friendly to boot!  The GPL hippies are beat at their own game :-)

The GPL being used to protect companies and IP!  Oh the irony makes me tingle.

 
  You seem to be happy with signing NDAs. If the result is a
  readable and understandable GPL'ed driver, companies will be even less
  motivated to release programming documentation. This will lead to a
  GPL-lock-in since you simply replace the vendor not willing to share
  specifications with an NDA'ed GPL developer not willing to share those,
  but GPL code only.
 
 Well, as my goal is to have a GPL driver for everything, I don't see how
 this can hurt :)

Sounds like shortsightedness to me.  Works for me!
Didn't your mommy, or government, tell you to share with others?

 
 Now others can have different goals, and that's great and fine.  I'm not
 saying you can't work on something if you wish to do so.
 
 But for you to try to tell me that I shouldn't work to achive my goal,
 as it somehow conflicts with your goals, is pretty rude, don't you
 think?

I am pretty sure your goals are very much the same.  Do a s/GPL/BSD/g

 
 There is no reason you can not extend the same kind of offer to
 companies to help your project achieve success.

I can't.  I am not for sale for some shinny pebbles.

 
  This is not about freedom but about prostitution.
 
 I'm sorry you feel this way.

I am sorry you don't see the damage you are causing.  It does illustrate
the linux mentality and standards.

 
 *plonk*

More appropriate would be dee dee dee

Re: OT? Is this bad news?

[Matthew R. Dempsky]

On Wed, Feb 14, 2007 at 12:51:36PM +0100, Han Boetes wrote:
 Most GPL fans don't want this deal at all.

Real GPL fans appear to be an increasingly diminishing subset of Linux
users today though.  They're being supplanted by users who want snazzy
3D desktops and simply embrace ``Free Software'' because it's free of
cost.

Re: OT? Is this bad news?

[Steven]

* Han Boetes [EMAIL PROTECTED] [070213 23:00]:

Darren Spruell wrote:

Instead we end up with a GPL driver that has to be reverse
engineered and we end up with the same problems we already have.


Since when is the GPL a close source license?


GPL isn't, but a NDA would require that the documentation, or
specifications used to write the driver not be shared.  So despite
assurances, how could they _not_ obfuscate details in the code if
they're to abide by the terms of the NDA?  At the same time, how can
they obfuscate the code if it's written in terms of the GPL?

It seems a little lame to write code under a license like the GPL if
you have to sign a NDA to do so.  I mean, what takes precedence, and
who decides?  Does the Linux Driver Development team lack courage to
demand open documentation for their drivers so that they can release
them properly under the terms of the GPL, or are they actually that
deluded that they think that this can work?

The problems would be similar if one signed a NDA, and then released
code with a BSD license.  GPL, however, _requires_ that the code be
shared, and so I imagine it will be more problematic.  Seriously,
how do you resolve the dilemma ethically?

Thankfully, there are people like Theo, and the OpenBSD developers,
who see this problem more clearly than most.  Keep up the good work,
and fighting the good fight.

In the meantime, I'm going to work on an e-mail to send to Greg
Kroah-Hartman expressing my concerns regarding the Linux Driver
Development team's recent decision.

--
W. Steven Schneider  [EMAIL PROTECTED]

Re: Free Linux Driver Development!

[Han Boetes]

Artur Grabowski wrote:
 Han Boetes [EMAIL PROTECTED] writes:
   Which is exactly what the GPL people want since that's the whole
   point of the license. Otherwise they wouldn't be using the
   GPL. Duh.
 
  Nah, RMS doesn't want this. A lot of `GPL people' don't want this
  at all.

 I quoted too much. The part I meant was: This will lead to a
 GPL-lock-in. Yeah, big news.

 I think people pay too much attention to this. Some clown made a
 bombastic statement about how things have been working for
 ages. And by that I mean that people write drivers when they get
 documentation and that Linux is the Microsoft of free software
 and they don't give a fuck about neither freedom nor quality of
 their software and will happily sign an NDA just to add another
 product to their feature sheet.

Now you are making a broad generalisation. It's like saying all
muslims are terrorists or all USA people support Bush. I prefer if
you keep a neutral stance on the group and reserve your critisism
for Greg Kroah Hartmann.

For instance Linus Torvalds is firmly against NDA
(http://lkml.org/lkml/2005/1/12/361)

If you wouldn't say stuff like this I wouldn't even bother
replying.


 None of this is new, none of this is surprising. Why give him
 more than his 15 minutes of fame by spreading his I will bend
 over for documentation bullshit even further?

 And if you like conspiracy theories, notice that he's working
 for Novell and this NDA is good, give us more NDA stance is
 consistent with the still fresh Novell-Microsoft deal that was
 (in short):  patents are good, give us more patents.

I think he's quite evil indeed.



# Han

Re: Free Linux Driver Development!

[Han Boetes]

Greg KH wrote:
 On Wed, Feb 14, 2007 at 10:06:36AM +0100, Stephan A. Rickauer wrote:
  You seem to be happy with signing NDAs. If the result is a
  readable and understandable GPL'ed driver, companies will be
  even less motivated to release programming documentation. This
  will lead to a GPL-lock-in since you simply replace the vendor
  not willing to share specifications with an NDA'ed GPL
  developer not willing to share those, but GPL code only.

 Well, as my goal is to have a GPL driver for everything, I don't
 see how this can hurt :)

 Now others can have different goals, and that's great and fine.
 I'm not saying you can't work on something if you wish to do so.

 But for you to try to tell me that I shouldn't work to achive my
 goal, as it somehow conflicts with your goals, is pretty rude,
 don't you think?

 There is no reason you can not extend the same kind of offer to
 companies to help your project achieve success.

Why do you pursue your goal in this way even though Linus and RMS
and many other firmly oppose signing NDA's for very good reasons?

You are helping Vendors to keep a lock on the documentation. This
is unethical! Everyone should have full specifications to a piece
of hardware they have purchased!

The GPL was written by RMS because he refused to sign an NDA!



# Han

Re: OT? Is this bad news?

[Nick !]

On 2/14/07, Steven [EMAIL PROTECTED] wrote:

* Han Boetes [EMAIL PROTECTED] [070213 23:00]:
Darren Spruell wrote:
 Instead we end up with a GPL driver that has to be reverse
 engineered and we end up with the same problems we already have.

Since when is the GPL a close source license?

GPL isn't, but a NDA would require that the documentation, or
specifications used to write the driver not be shared.  So despite
assurances, how could they _not_ obfuscate details in the code if
they're to abide by the terms of the NDA?  At the same time, how can
they obfuscate the code if it's written in terms of the GPL?

It seems a little lame to write code under a license like the GPL if
you have to sign a NDA to do so.  I mean, what takes precedence, and
who decides?  Does the Linux Driver Development team lack courage to
demand open documentation for their drivers so that they can release
them properly under the terms of the GPL, or are they actually that
deluded that they think that this can work?

The problems would be similar if one signed a NDA, and then released
code with a BSD license.  GPL, however, _requires_ that the code be
shared, and so I imagine it will be more problematic.  Seriously,
how do you resolve the dilemma ethically?


We haven't actually seen what will happen in this situation (unless we
have, before my time, but I don't see anyone linking examples). Maybe
instead of paranoia we should give the benefit of the doubt. From the
FAQ:
   [NDAs] are usually signed either to keep information about the
device private until it is
   announced at a specific date, or to just keep the actual
specification documents from
   being released to the public directly. All code created by this
NDA program is to be
   released under the GPL for inclusion in the main kernel tree,
nothing will be obfuscated
   at all.
He might *actually* be telling the truth. Maybe not all NDAs are
conspiracies against us, but are just marketers trying to keep things
quiet, and beyond that the companies don't care. That code might
actually be readable!
--then again it might not. We'll see.

Also, please educate me: couldn't a BSD driver be created by using the
cleanroom approach? One person reads the GPL code, writes specs,
another implements them? Or is this covered when people say reverse
engineer?

-Nick

Kernel panic in 4.1-beta

[Mark Zimmerman]

Greetings:

I will not have time for a proper bug report until this evening when I
get home, but I thought I would throw this out there for now.

This issue is reproducible, and it occurred in the previous snapshot
as well. Briefly, here is how it happens:

I have net.inet.ip.forwarding=1, and two interfaces: re0 is on my
internal LAN which is routed to the internet through another box
running 4.0-stable. vr0 is connected to an ibook, also running
4.0-stable, through a switch. The box that panics (vtest) is pretty
much idle except for forwarding packets. pf is disabled. To produce
the panic, I just generate a lot of traffic from the ibook (a cvs
update of /usr/src is generally sufficient).

dmesg and ddb output follow. vtest is still sitting at the ddb prompt
in case someone can suggest additional information I might gather.


 OpenBSD/i386 BOOT 2.13
boot 
booting hd0a:/bsd:
entry point at 0x200120
[ using 550188 bytes of bsd ELF symbol table ]
Copyright (c) 1982, 1986, 1989, 1991, 1993
The Regents of the University of California.  All rights reserved.
Copyright (c) 1995-2007 OpenBSD. All rights reserved.  http://www.OpenBSD.org

OpenBSD 4.1-beta (GENERIC) #1367: Tue Feb 13 14:05:15 MST 2007
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: VIA Esther processor 1200MHz (CentaurHauls 686-class) 1.21 GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,APIC,SEP,MTRR,PGE,CMOV,PAT,CFLUSH,ACPI,MMX,FXSR,SSE,SSE2,TM,SBF,SSE3,EST,TM2
cpu0: RNG AES AES-CTR SHA1 SHA256 RSA
real mem  = 1005023232 (981468K)
avail mem = 908505088 (887212K)
using 4256 buffers containing 50376704 bytes (49196K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+ BIOS, date 07/18/06, BIOS32 rev. 0 @ 0xfb570, SMBIOS 
rev. 2.3 @ 0xf (34 entries)
apm0 at bios0: Power Management spec V1.2
apm0: AC on, battery charge unknown
apm0: flags 70102 dobusy 1 doidle 1
pcibios0 at bios0: rev 2.1 @ 0xf/0xdc84
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdbb0/208 (11 entries)
pcibios0: bad IRQ table checksum
pcibios0: PCI BIOS has 11 Interrupt Routing table entries
pcibios0: PCI Exclusive IRQs: 5 10 11
pcibios0: PCI Interrupt Router at 000:17:0 (VIA VT8237 ISA rev 0x00)
pcibios0: PCI bus #1 is the last bus
bios0: ROM list: 0xc/0xfc00
acpi at mainbus0 not configured
cpu0 at mainbus0
cpu0: Enhanced SpeedStep 1200 MHz (860 mV): speeds: 1200, 1000, 800, 600, 400 
MHz
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 VIA CN700 Host rev 0x00
pchb1 at pci0 dev 0 function 1 VIA CN700 Host rev 0x00
pchb2 at pci0 dev 0 function 2 VIA CN700 Host rev 0x00
pchb3 at pci0 dev 0 function 3 VIA PT890 Host rev 0x00
pchb4 at pci0 dev 0 function 4 VIA CN700 Host rev 0x00
pchb5 at pci0 dev 0 function 7 VIA CN700 Host rev 0x00
ppb0 at pci0 dev 1 function 0 VIA VT8377 AGP rev 0x00
pci1 at ppb0 bus 1
vga1 at pci1 dev 0 function 0 VIA S3 Unichrome PRO IGP rev 0x01: aperture at 
0xf400, size 0x1000
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
VIA VT6306 FireWire rev 0x80 at pci0 dev 10 function 0 not configured
re0 at pci0 dev 11 function 0 Realtek 8169 rev 0x10, RTL8169/8110SC (0x1800): 
irq 5, address 00:30:18:a8:10:78
rgephy0 at re0 phy 7: RTL8169S/8110S PHY, rev. 2
pciide0 at pci0 dev 15 function 0 VIA VT6420 SATA rev 0x80: DMA
pciide0: using irq 11 for native-PCI interrupt
pciide1 at pci0 dev 15 function 1 VIA VT82C571 IDE rev 0x06: ATA133, channel 
0 configured to compatibility, channel 1 configured to compatibility
wd0 at pciide1 channel 0 drive 0: Maxtor 90680U2
wd0: 16-sector PIO, LBA, 6490MB, 13293504 sectors
wd0(pciide1:0:0): using PIO mode 4, Ultra-DMA mode 4
pciide1: channel 1 disabled (no drives)
uhci0 at pci0 dev 16 function 0 VIA VT83C572 USB rev 0x81: irq 10
usb0 at uhci0: USB revision 1.0
uhub0 at usb0
uhub0: VIA UHCI root hub, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
uhci1 at pci0 dev 16 function 1 VIA VT83C572 USB rev 0x81: irq 10
usb1 at uhci1: USB revision 1.0
uhub1 at usb1
uhub1: VIA UHCI root hub, rev 1.00/1.00, addr 1
uhub1: 2 ports with 2 removable, self powered
uhci2 at pci0 dev 16 function 2 VIA VT83C572 USB rev 0x81: irq 11
usb2 at uhci2: USB revision 1.0
uhub2 at usb2
uhub2: VIA UHCI root hub, rev 1.00/1.00, addr 1
uhub2: 2 ports with 2 removable, self powered
uhci3 at pci0 dev 16 function 3 VIA VT83C572 USB rev 0x81: irq 11
usb3 at uhci3: USB revision 1.0
uhub3 at usb3
uhub3: VIA UHCI root hub, rev 1.00/1.00, addr 1
uhub3: 2 ports with 2 removable, self powered
ehci0 at pci0 dev 16 function 4 VIA VT6202 USB rev 0x86: irq 11
ehci0: timed out waiting for BIOS
usb4 at ehci0: USB revision 2.0
uhub4 at usb4
uhub4: VIA EHCI root hub, rev 2.00/1.00, addr 1
uhub4: 8 ports with 8 removable, self powered
viapm0 at pci0 dev 17 function 0 VIA VT8237 ISA rev 0x00
iic0 at viapm0
auvia0 at pci0 dev 17 function 5 VIA VT8233 AC97 rev 0x60: irq 11
ac97: codec id 0x56494170 (VIA Technologies 70)
ac97: 

Re: OT? Is this bad news?

[Neil Joseph Schelly]

 He might *actually* be telling the truth. Maybe not all NDAs are
 conspiracies against us, but are just marketers trying to keep things
 quiet, and beyond that the companies don't care. That code might
 actually be readable!
 --then again it might not. We'll see.

As an optimist, I tend to agree with you.  He hasn't really started something 
new - he's really just making it public knowledge with an open letter to 
hardware makers how FOSS drivers get made.  A lot of shops must avoid the 
FOSS world because they don't want to take on another platform for support, 
no knowing that the community will.

Realistically, while a company may require an NDA while they want to keep 
things secret, I expect having an unobfuscated driver out there will negate 
any need to enforce it longer than necessitated by marketing departments.  I 
also expect that any drivers written in this manner will be discluded from 
the mainline linux kernel tree unless they are absolutely clearly written to 
a degree that the top deciders in Linux will accept it regardless of NDAs.  

Manufacturers who continue to be troublesome will see their drivers go away or 
require more work at least for users. If I can choose between two SCSI cards 
in Linux where one is supported by generic kernels, but the other requires 
either binary blobs or firmware loaders, or patching my own kernel with their 
code, I'll pick the easy one hands down.  I think manufacturers will see 
that.

 Also, please educate me: couldn't a BSD driver be created by using the
 cleanroom approach? One person reads the GPL code, writes specs,
 another implements them? Or is this covered when people say reverse
 engineer?

I imagine that's the best case scenario here, but that certainly does make 
things harder and everyone's a little more likely to lose something in 
translation.  It's one of those situations where it *can* work, but no one 
wants to do it that way.  It's not as bad as reverse engineering without a 
working model, but it is still reverse engineering because you're building 
your own specifications based on something that isn't the specifications.

-- 
Regards,
Neil Schelly
Senior Systems Administrator

W: 978-667-5115 x213
M: 508-410-4776

OASIS Open http://www.oasis-open.org
Advancing E-Business Standards Since 1993

Re: OT? Is this bad news?

[Hannah Schroeter]

Hello!

On Wed, Feb 14, 2007 at 10:42:43AM -0500, Nick ! wrote:
[...]

Also, please educate me: couldn't a BSD driver be created by using the
cleanroom approach? One person reads the GPL code, writes specs,
another implements them? Or is this covered when people say reverse
engineer?

That's exactly what was meant by reverse engineer. Then, by reading
the GPL code w/o hardware docs, you see only *that* the GPL driver is
doing thisorthat, but not *why* exactly it's doing thisorthat at a
specific point.

And if thisorthat (e.g. peeking and poking around magical I/O addresses,
using magical values/bit masks) doesn't work as it should, you don't
know exactly in what way it deviates from the hardware spec, as you
don't have access to it.

I.e. difficult debugging, troubleshooting, maintenance.

And the point of Theo  co is that it'd be much easier with open
documentation.

And you could identify points where things are done in an unnecessarily
twisted/dirty/... way using the docs and eliminate them, even if you
used a GPL driver as *additional* reference, together with docs.

-Nick

Kind regards,

Hannah.

Re: OT? Is this bad news?

[Darren Spruell]

On 2/14/07, Nick ! [EMAIL PROTECTED] wrote:

On 2/14/07, Steven [EMAIL PROTECTED] wrote:
 The problems would be similar if one signed a NDA, and then released
 code with a BSD license.  GPL, however, _requires_ that the code be
 shared, and so I imagine it will be more problematic.  Seriously,
 how do you resolve the dilemma ethically?

We haven't actually seen what will happen in this situation (unless we
have, before my time, but I don't see anyone linking examples). Maybe
instead of paranoia we should give the benefit of the doubt. From the
FAQ:


We have seen this happen in the past. A couple of examples have
already been given, such as when one particular BSD project went under
NDA with one particular storage adapter manufacturer and came out with
crap drivers for the community. This has also been an item of HUGE
debate over the last couple of years in this project's community.
Search archives and Undeadly for specifics. I'm providing a couple of
resources in this posting.


[NDAs] are usually signed either to keep information about the
device private until it is
announced at a specific date, or to just keep the actual
specification documents from
being released to the public directly. All code created by this
NDA program is to be
released under the GPL for inclusion in the main kernel tree,


Read: the _created code_ is to be released. Not the _docs_ and
_specifications_ that led to the code.

What do you think helps keep driver code maintainable and improved as
time goes on? Code itself, or documentation and specifications?


nothing will be obfuscated
at all.


This statement is wrong and just plain idiotic. Something is
obfuscated; the original specifications from which working,
maintainable drivers can be written. The code itself *is* obfuscation.

This is the reason our community doesn't petition hardware
manufacturers to give us driver source code; it's nearly useless.


He might *actually* be telling the truth. Maybe not all NDAs are
conspiracies against us, but are just marketers trying to keep things
quiet, and beyond that the companies don't care. That code might
actually be readable!


Don't make excuses for the project guy (as well intentioned as he may
be), and certainly don't make excuses for the hardware vendors who
screw their customer base. The code will be readable to some degree,
without a doubt, but it will *not* accurately provide implementation
documentation so that a working, maintainable driver can be authored
by other open source projects. Driver code can be filled with magic
numbers, meaningless constants, and inadequate commenting that results
in a working implementation for the Linux kernel source tree but
insufficient information for reverse engineering that crap for any
other implementation.

In short, it's next to useless.


Also, please educate me: couldn't a BSD driver be created by using the
cleanroom approach? One person reads the GPL code, writes specs,
another implements them? Or is this covered when people say reverse
engineer?


That *has* been the approach in many cases. And it sucks.

http://www.openbsd.org/papers/opencon06-docs/index.html
http://kerneltrap.org/node/6550
http://kerneltrap.org/node/7184
http://kerneltrap.org/node/6497

DS

Re: OT? Is this bad news?

[Darren Spruell]

On 2/14/07, Neil Joseph Schelly [EMAIL PROTECTED] wrote:

 Also, please educate me: couldn't a BSD driver be created by using the
 cleanroom approach? One person reads the GPL code, writes specs,
 another implements them? Or is this covered when people say reverse
 engineer?

I imagine that's the best case scenario here,


No, the best case scenario is that the good intentions of the Linux
driver project would be focused on getting vendors to provide open
documentation from which any OSS project, including Linux, can produce
good drivers. People say it can't happen, but the OpenBSD project has
shown on more than a few occasions that it can and does work.

The only difference here is one project has a pair of big brass balls
hanging between their legs and the other doesn't.

DS

Re: OT? Is this bad news?

[Marius ROMAN]

Programming documentation is restricted also because the hardware is
full of bugs and like Theo said there is no errata for a lot of
hardware.

On 2/14/07, Rod Dorman [EMAIL PROTECTED] wrote:

On Wednesday, February 14, 2007, 10:42:43, Nick ! wrote:
   ...
 Also, please educate me: couldn't a BSD driver be created by using the
 cleanroom approach? One person reads the GPL code, writes specs,
 another implements them?   ...

And what, you get a new chunk of code that replicates misinterpretations
of the hardware specs?

An  often  quoted  open  source  adage Many eyes make all bugs shallow
fails  when  the  number of eyes being permitted to look at the hardware
documentation is restricted.

--
[EMAIL PROTECTED] The avalanche has already started, it is too
Rod Dorman  late for the pebbles to vote. - Ambassador Kosh

Re: slow io operations on xSeries 336

[Jose Fragoso]

 thats very... vague...

Sorry. I agree.

 where are you creating this 50G partitiong? in the installer, or in
 the installed operating system? what command did you use?

In the installer.

 how long did it actually take? a really long time could be 5
 seconds if you're expectations are too high.

More than 2 minutes, for sure!. Perhaps, more.

 that does seem excessive. can you watch the interrupt rates in the
 top right of systat vm 1 and let me know what numbers you're
 seeing?

I did run the same command again. Only this time I used

tar xzf ports.tar.gz

Look at the times:

# date;tar xzf ports.tar.gz;date
Wed Feb 14 10:59:34 BRT 2007
Wed Feb 14 11:11:04 BRT 2007

The total number of interrupts ranged from 270 to 850, most of it
being mpi0 (170 out of 271 and 747 out of 850). It always showed
100 for clock. If you feel it is important, I can send you the
print screen of the moment these values were shown (off the list
if you prefer).

Thanks a lot in advance.

Regards,

Jose

=
Nantucket Summer Vacation Rentals
Award-winning island homes in charming Nantucket village. Beautifully
furnished. Roses, shell path, white picket fence. Tennis, pool. Contact us for
reservations and more information.
http://a8-asy.a8ww.net/a8-ads/adftrclick?redirectid=51054f4dd849962e7cce9ae18
5bfd186

ftp though ftp-proxy timeouts

[Ryan Corder]

Since upgrading a couple firewalls this weekend from 3.8 to 4.0, I've
noticed a large increase in passive-mode FTP transfer timeouts.  Before
the upgrade, I had no issues...but now there are a number of client's
FTP servers that I have to transfer files to and from that transfers
simply fail on.  I can log in just fine, but the data connections hang
at random.  Sometimes they work, but often they don't.

I've increased the debugging on ftp-proxy and it isn't telling me
anything relevant.

my ftpproxy_flags are -r

relevant lines from my pf.conf:
---

nat-anchor ftp-proxy/*
rdr-anchor ftp-proxy/*
rdr on $int_if inet proto tcp from any to any port 21 - 127.0.0.1 8021

anchor ftp-proxy/*
pass out on $ext_if proto tcp from ($ext_if) to any port 21 keep state
---

is anyone else experiencing anything similar?

TIA.
ryanc

--
Ryan Corder [EMAIL PROTECTED]
Systems Engineer, NovaSys Health LLC.
501-219- ext. 646

[demime 1.01d removed an attachment of type application/pgp-signature which had 
a name of signature.asc]

Re: Annoying problem with dnsmasq

[Darren Spruell]

On 2/14/07, Manuel Ravasio [EMAIL PROTECTED] wrote:

I read that creating a dhcp-range entry in /etc/dnsmasq.conf makes
dnsmasq start the dhcp service automatically, but alas DHCP server
apparently doesn't work: linux and windows clients can't grab IP
addresses and other IP information, and netstat doesn't show anything
listening on port 67/68.

# ps -aux | grep dns
nobody   16166  0.0  0.3   520   648 ??  S 12:58PM0:00.00 dnsmasq

# netstat -an | grep tcp | grep -v tcp6
tcp0  0  127.0.0.1.53   *.*LISTEN
tcp0  0  192.168.2.11.53*.*LISTEN
tcp0  0  127.0.0.1.6010 *.*LISTEN
tcp0  0  192.168.2.11.22192.168.2.1.48605  ESTABLISHED
tcp0  0  *.22   *.*LISTEN


What am I missing?


Not sure about anything else you might be missing, but DHCP uses UDP, not TCP.

See if PF is currently blocking traffic to your service(s) also.

DS

Re: Annoying problem with dnsmasq

[The Rogue Fugu]

On my OpenWRT router, dnsmasq needs to be told that it is
authoritative on dhcp requests with the ``dhcp-authoritative'' keyword
in dnsmasq.conf

On 2/14/07, Manuel Ravasio [EMAIL PROTECTED] wrote:

Hello all.
I'm trying to set up a firewall/web-proxy/dns-proxy/dhcp-server box at
home, using a quite old i386-based pc (AMD k6-2 300, 256mb RAM, 2x10G
IDE disks) and OpenBSD 4.0.

OS installation, disk management, additional software installation and
configuration... everything went fine.
Problems started in configuring dnsmasq: I managed to make dns
forwarding work ( I really don't need anything more than standard
behaviour), then I created a DHCP range entry:

expand-hosts
domain=manuel.test
dhcp-range=192.168.2.100,192.168.2.200,255.255.255.0,1h

I chose to activate dnsmasq on the internal intercace only:

interface=pcn1

pcn1,'s IP address is fixed and compatible with the range specified:

# ifconfig pcn1
pcn1: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
lladdr 00:0c:29:af:4f:47
media: Ethernet autoselect (autoselect)
inet 192.168.2.11 netmask 0xff00 broadcast 192.168.2.255
inet6 fe80::20c:29ff:feaf:4f47%pcn1 prefixlen 64 scopeid 0x2

I read that creating a dhcp-range entry in /etc/dnsmasq.conf makes
dnsmasq start the dhcp service automatically, but alas DHCP server
apparently doesn't work: linux and windows clients can't grab IP
addresses and other IP information, and netstat doesn't show anything
listening on port 67/68.

# ps -aux | grep dns
nobody   16166  0.0  0.3   520   648 ??  S 12:58PM0:00.00 dnsmasq

# netstat -an | grep tcp | grep -v tcp6
tcp0  0  127.0.0.1.53   *.*LISTEN
tcp0  0  192.168.2.11.53*.*LISTEN
tcp0  0  127.0.0.1.6010 *.*LISTEN
tcp0  0  192.168.2.11.22192.168.2.1.48605  ESTABLISHED
tcp0  0  *.22   *.*LISTEN


What am I missing?

Thank you everybody for your kind help.

Byee,
Manuel





--

ID: AF133028
fp:9D6B DC0F CCDA 53FA 3F04  A551 BC23 374D AF13 3028

Re: Annoying problem with dnsmasq

[Giancarlo Razzolini]

Darren Spruell escreveu:
 On 2/14/07, Manuel Ravasio [EMAIL PROTECTED] wrote:
 I read that creating a dhcp-range entry in /etc/dnsmasq.conf makes
 dnsmasq start the dhcp service automatically, but alas DHCP server
 apparently doesn't work: linux and windows clients can't grab IP
 addresses and other IP information, and netstat doesn't show anything
 listening on port 67/68.

 # ps -aux | grep dns
 nobody   16166  0.0  0.3   520   648 ??  S 12:58PM0:00.00 dnsmasq

 # netstat -an | grep tcp | grep -v tcp6
 tcp0  0  127.0.0.1.53   *.*LISTEN
 tcp0  0  192.168.2.11.53*.*LISTEN
 tcp0  0  127.0.0.1.6010 *.*LISTEN
 tcp0  0  192.168.2.11.22192.168.2.1.48605
 ESTABLISHED
 tcp0  0  *.22   *.*LISTEN


 What am I missing?

 Not sure about anything else you might be missing, but DHCP uses UDP,
 not TCP.

 See if PF is currently blocking traffic to your service(s) also.

 DS



Don't know why you would prefer dnsmasq when the default installation of
OpenBSD already have both ISC dhcpd and bind daemons. I use then, rather
then having to install a package and configure it. Also, if you want a
caching nameserver only, simply putting named_flags= on
/etc/rc.conf.local and opening requests to your internal net only, on
both TCP and UDP port 53, will give a fully functional recursive dns.
And the configuration of /etc/dhcpd.conf is the same as ISC dhcpd. There
is even an example provided. Also, from the ISC dhcpd readme,
http://www.isc.org/sw/dhcp/dhcpv3-README.php#firewall, you must let
traffic coming from 0.0.0.0 port 68 udp to 255.255.255.255 port 67 for
dhcp queries and also from your internal net port 68 udp to your
firewall internal ip port 68 udp for dhcp renews. Try opening up these
ports on your internal interface.

My regards,
--
Giancarlo Razzolini
Linux User 172199
Red Hat Certified Engineer no:804006389722501
Moleque Sem Conteudo Numero #002
Slackware Current
OpenBSD Stable
Ubuntu 6.10 Edgy Eft
Snike Tecnologia em Informatica
4386 2A6F FFD4 4D5F 5842  6EA0 7ABE BBAB 9C0E 6B85

[demime 1.01d removed an attachment of type application/pgp-signature which had 
a name of signature.asc]

PF drops tcp packets from a machine with Gentoo linux kernel 2.6.18

[Tim Kuhlman]

I have pf running on an OpenBSD 4.0 (patches 1-5, 7) router and I have one 
user with two Gentoo Linux machines with kernel 2.6.18 who is having 
troubles. Everyone else is having no problem at all. This user is having any 
tcp connection he makes dropped by the firewall. The state shows up when I 
run pfctl -ss but a sniff on both ends of the router shows that it is 
dropping the packets. If I set the debug level to loud I get the following 
output.

Gentoo and OpenBSD talking to each other

Feb 13 15:35:41 titanium /bsd: pf: BAD state: TCP 10.10.10.224:22 
10.10.10.224:22 10.8.0.6:14625 [lo=1438155416 high=1438171799 win=181 
modulator=0] [lo=3399502493 high=3399502674 win=16384 modulator=0] 7:4 FPA 
seq=3399502493 ack=1438155416 len=776 ackskew=0 pkts=14:3 dir=in,rev
Feb 13 15:35:41 titanium /bsd: pf: State failure on: 1   |
Feb 13 15:35:43 titanium /bsd: pf: BAD state: TCP 10.10.10.224:22 
10.10.10.224:22 10.8.0.6:11431 [lo=1182669220 high=1182684868 win=181 
modulator=0] [lo=2952473521 high=2952473702 win=16384 modulator=0] 4:4 PA 
seq=2952473521 ack=1182668484 len=752 ackskew=736 pkts=4:2 dir=in,rev
Feb 13 15:35:43 titanium /bsd: pf: State failure on: 1   |
Feb 13 15:35:43 titanium /bsd: pf: BAD state: TCP 10.10.10.224:22 
10.10.10.224:22 10.8.0.6:11431 [lo=1182669220 high=1182684868 win=181 
modulator=0] [lo=2952473521 high=2952473702 win=16384 modulator=0] 4:4 PA 
seq=2952474273 ack=1182669220 len=24 ackskew=0 pkts=5:2 dir=in,rev  
   
Feb 13 15:35:43 titanium /bsd: pf: State failure on: 1   |   
Feb 13 15:35:44 titanium /bsd: pf: BAD state: TCP 10.10.10.224:22 
10.10.10.224:22 10.8.0.6:11431 [lo=1182669220 high=1182685604 win=181 
modulator=0] [lo=2952473521 high=2952473702 win=16384 modulator=0] 4:4 PA 
seq=2952473521 ack=1182669220 len=776 ackskew=0 pkts=5:3 dir=in,rev 
   
Feb 13 15:35:44 titanium /bsd: pf: State failure on: 1   |
Feb 13 15:35:47 titanium /bsd: pf: BAD state: TCP 10.10.10.224:22 
10.10.10.224:22 10.8.0.6:11431 [lo=1182669220 high=1182685604 win=181 
modulator=0] [lo=2952473521 high=2952473702 win=16384 modulator=0] 4:4 PA 
seq=2952473521 ack=1182669220 len=776 ackskew=0 pkts=5:3 dir=in,rev
Feb 13 15:35:47 titanium /bsd: pf: State failure on: 1   |

The two gentoo machines trying to talk to each other

Feb 13 14:55:42 titanium /bsd: pf: BAD state: TCP 10.10.10.224:22 
10.10.10.224:22 10.8.0.98:54077 [lo=1806113440 high=1806113623 win=181 
modulator=0] [lo=159381924 high=159382105 win=183 modulator=0] 4:4 PA 
seq=1806113440 ack=159381924 len=736 ackskew=0 pkts=3:3 dir=out,fwd
Feb 13 14:55:42 titanium /bsd: pf: State failure on: 1   |
Feb 13 14:55:42 titanium /bsd: pf: BAD state: TCP 10.10.10.224:22 
10.10.10.224:22 10.8.0.98:54077 [lo=1806113440 high=1806113623 win=181 
modulator=0] [lo=159381924 high=159382105 win=183 modulator=0] 4:4 PA 
seq=159381924 ack=1806113440 len=752 ackskew=0 pkts=3:3 dir=in,rev
Feb 13 14:55:42 titanium /bsd: pf: State failure on: 1   |
Feb 13 14:55:43 titanium /bsd: pf: BAD state: TCP 10.10.10.224:22 
10.10.10.224:22 10.8.0.98:54077 [lo=1806113440 high=1806113623 win=181 
modulator=0] [lo=159381924 high=159382105 win=183 modulator=0] 4:4 PA 
seq=1806113440 ack=159381924 len=736 ackskew=0 pkts=3:3 dir=out,fwd
Feb 13 14:55:43 titanium /bsd: pf: State failure on: 1   |
Feb 13 14:55:43 titanium /bsd: pf: BAD state: TCP 10.10.10.224:22 
10.10.10.224:22 10.8.0.98:54077 [lo=1806113440 high=1806113623 win=181 
modulator=0] [lo=159381924 high=159382105 win=183 modulator=0] 4:4 PA 
seq=159381924 ack=1806113440 len=752 ackskew=0 pkts=3:3 dir=in,rev
Feb 13 14:55:43 titanium /bsd: pf: State failure on: 1   |
Feb 13 14:55:43 titanium /bsd: pf: BAD state: TCP 10.10.10.224:22 
10.10.10.224:22 10.8.0.98:54077 [lo=1806113440 high=1806113623 win=181 
modulator=0] [lo=159381924 high=159382105 win=183 modulator=0] 4:4 PA 
seq=1806113440 ack=159381924 len=736 ackskew=0 pkts=3:3 dir=out,fwd
Feb 13 14:55:43 titanium /bsd: pf: State failure on: 1   |
Feb 13 14:55:43 titanium /bsd: pf: BAD state: TCP 10.10.10.224:22 
10.10.10.224:22 10.8.0.98:54077 [lo=1806113440 high=1806113623 win=181 
modulator=0] [lo=159381924 high=159382105 win=183 modulator=0] 4:4 PA 
seq=159381924 ack=1806113440 len=752 ackskew=0 pkts=3:3 dir=in,rev
Feb 13 14:55:43 titanium /bsd: pf: State failure on: 1   |
Feb 13 14:55:44 titanium /bsd: pf: BAD state: TCP 10.10.10.224:22 
10.10.10.224:22 10.8.0.98:54077 [lo=1806113440 high=1806113623 win=181 
modulator=0] [lo=159381924 high=159382105 win=183 modulator=0] 4:4 PA 
seq=1806113440 ack=159381924 len=736 ackskew=0 pkts=3:3 dir=out,fwd
Feb 13 14:55:44 titanium /bsd: pf: State failure on: 1   |


I am not quite sure exactly how to interpret this but it seemed to be an issue 
with tcp windows so I had him turn off these two settings on his linux box 
/proc/sys/net/ipv4/tcp_window_scaling
/proc/sys/net/ipv4/tcp_sack
After this it started working but seemed slow to him. Checking the pf 

Re: OT? Is this bad news?

[Darren Spruell]

On 2/14/07, L. V. Lammert [EMAIL PROTECTED] wrote:

At 10:24 AM 2/14/2007 -0700, you wrote:
No, the best case scenario is that the good intentions of the Linux
driver project would be focused on getting vendors to provide open
documentation from which any OSS project, including Linux, can produce
good drivers. People say it can't happen, but the OpenBSD project has
shown on more than a few occasions that it can and does work.

The only difference here is one project has a pair of big brass balls
hanging between their legs and the other doesn't.

DS

Unfortunately, Theo's might not even be big enough - many of the h/w
venders are now writing drivers with cough, cough DRM included - which
will never be OS'd. Windmills anyone?

Maybe we need some input from developers (if they get a minute to spare) -
what are the probabiliites that we can maintain current drivers now that
Vista is driving the market? Can we do anything to help?


In general, the developers have already given that advice. Boycott
uncooperative vendors' products, give your money to those that provide
documentation.

No, the OpenBSD community will not put a dent in the picture when
compared with the market share of the rest of the customer base.
However, even tiny hits to the bottom line become large issues to
address when shareholders realize that the company's bottom line isn't
where it _could be_. Small though it be, such action can make a
difference, especially if the right people feel the pain in the right
way.

The FOSS community has to realize that this approach will *never*
happen if everyone just rolls over and gives up on it (or in to it.)

DS

Re: PF drops tcp packets from a machine with Gentoo linux kernel 2.6.18

[Darren Spruell]

On 2/14/07, Tim Kuhlman [EMAIL PROTECTED] wrote:

I have pf running on an OpenBSD 4.0 (patches 1-5, 7) router and I have one
user with two Gentoo Linux machines with kernel 2.6.18 who is having
troubles. Everyone else is having no problem at all. This user is having any
tcp connection he makes dropped by the firewall. The state shows up when I
run pfctl -ss but a sniff on both ends of the router shows that it is
dropping the packets. If I set the debug level to loud I get the following
output.


[snip]


One other point I needs some clarification on, in my searching around I did
find an article saying that you need the flags S/SA everytime you use keep
state for tcp connections in your firewall rules. This didn't seem right to
me but I tried it anyway just to see and it had no affect. What is the final
word on this, should you always use flags S/SA?


This kind of thing has happened to me in the past; likely you're doing
something wrong with your state building in the first place so that
you're getting state built one direction one interface and checked on
a different one, or similar.

If you simplify your ruleset as a temporary test, you'll probably find
things magically work. If so you'll know it's not the Linux boxen or
firewall itself but your policy. Gradually add components back into
the ruleset and you'll likely narrow down where you've b0rked it.


A couple of other points, I have tried various combinations of scrubing in my
pf rules including turning it off with no luck. Also all other machines
including other linux boxes work fine with this. If any more information is
needed let me know. Thanks for the help!


Yeah, when I went through it scrub rules had nothing to do with it.
All state, period. (Note that in -current the default is now to
implicitly build rules with both 'keep state' and 'S/SA' without
having to specify; default stateful behavior makes these boo-boos less
likely.)

When I had the same problem, it was very erratic and seemed isolated
to a Linux box at first too. I don't know if there's something in the
TCP stack that reacts more adversely to this, but my fix in that case
was a refactoring of my state model. YMMV.

DS

Re: Free Linux Driver Development!

[Marc Ravensbergen]

On Wednesday 14 February 2007 10:18 am, you wrote:
 On 2/14/07, Jeff Rollin [EMAIL PROTECTED] wrote:
   Nah, RMS doesn't want this. A lot of `GPL people' don't want this
   at all.
  
   This deal is meant to divide.
 
  And this discussion isn't?  There are already plenty of divisions within
  the FOSS world - between the F and OS of FOSS, between Linux and BSD,
  between the various BSDs. It's not as if TdR started OpenBSD to continue
  contributing to NetBSD, is it?
 
  And yet when a driver is released under the BSD licence, which conflicts
  with the GPL, when do we hear the bitching about it on the BSD side?
  Wait, what's that? Oh, we don't?

 Why does everyone want to turn this into a GPL vs. BSD license
 discussion? It's not the license that is up for debate; rather it's
 the fact that a driver was (will be?) produced under NDA and bridges
 are now being burned.

 It's not a matter of license; if a BSD licensed driver was produced
 from docs acquired under NDA, the problem would be the same. The Linux
 camp would have to reverse engineer our driver and we don't like that
 having to be the only option for anyone.

 The problem is that drivers are / will be produced *without open
 disclosure of  docs*. It's not that a BSD-licensed driver is better
 for the community; it's the fact that a driver produced under open
 docs _makes the docs available to the community for their own driver
 implementations__. This is something no one should argue about. The
 problem is the NDA, and the shortsightedness; not the license.

 DS
I think you hit the nail on the head... I am sure even RMS is not in favour of 
this as it goes against the _spirit_ of the GPL. Perhaps he can update v3 to 
prevent this?

Re: PF drops tcp packets from a machine with Gentoo linux kernel 2.6.18

[Otto Moerbeek]

On Wed, 14 Feb 2007, Tim Kuhlman wrote:

[snip]

 So what is happening? It seems to me that either pf is broken or his linux 
 kernel is broken and pf is catching it. Any ideas as to which is the cause? 
 
 One other point I needs some clarification on, in my searching around I did 
 find an article saying that you need the flags S/SA everytime you use keep 
 state for tcp connections in your firewall rules. This didn't seem right to 
 me but I tried it anyway just to see and it had no affect. What is the final 
 word on this, should you always use flags S/SA?

Not always, but very often. The main rule is to make sure that the
packet creating the state is not a packet of an already established
connection, but a packet creating the connection. Creating the state
from the beginning allows pf to get the info about the window scaling
and other tcp options used. 

Using flags S/SA keep state is the easiest way to achieve that. Note
that on current, this is the default.

-Otto

Re: Free Linux Driver Development!

[Jack J. Woehr]

On Feb 14, 2007, at 11:48 AM, Marc Ravensbergen wrote:

 On Wednesday 14 February 2007 10:18 am, you wrote:
 On 2/14/07, Jeff Rollin [EMAIL PROTECTED] wrote:

This is becoming one of those topics which goes on way to long,
and in which all the modalities applicable to OpenBSD have been
exhausted much earlier in the discussion.

NDA's bad. Freedom good. Blobs suck. This is policy enforced by
the owner of the name OpenBSD. Linux, Gnu and other subjects
have their own mailing lists.

-- 
Jack J. Woehr
Director of Development
Absolute Performance, Inc.
[EMAIL PROTECTED]
303-443-7000 ext. 527

dmesg for supermicro x7dvl-e

[RedShift]

Hello

I've got a new toy today, here's the dmesg:

What does this server contain?
* Intel Xeon 5130
* SuperMicro X7DVL-E 
(http://www.supermicro.com/products/motherboard/Xeon1333/5000V/X7DVL-E.cfm)

No other specialities.

The keyboard is connected via USB, works. Disks are attached to the SATA 
controller, detected. Fully functional it appears.


Made using cd40.iso from amd64.


OpenBSD 4.0 (RAMDISK_CD) #883: Sat Sep 16 20:46:50 MDT 2006
[EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/RAMDISK_CD
real mem = 2146426880 (2096120K)
avail mem = 1836118016 (1793084K)
using 22937 buffers containing 214851584 bytes (209816K) of memory
mainbus0 (root)
cpu0 at mainbus0: (uniprocessor)
cpu0: Intel(R) Xeon(R) CPU 5130 @ 2.00GHz, 2000.31 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,NXE,LONG

cpu0: 4MB 64b/line 16-way L2 cache
pci0 at mainbus0 bus 0: configuration mode 1
pchb0 at pci0 dev 0 function 0 vendor Intel, unknown product 0x25d4 
rev 0xb1
ppb0 at pci0 dev 2 function 0 vendor Intel, unknown product 0x25f7 rev 
0xb1

pci1 at ppb0 bus 1
ppb1 at pci1 dev 0 function 0 Intel 6321ESB PCIE rev 0x01
pci2 at ppb1 bus 2
ppb2 at pci2 dev 0 function 0 Intel 6321ESB PCIE rev 0x01
pci3 at ppb2 bus 3
ppb3 at pci2 dev 2 function 0 vendor Intel, unknown product 0x3518 rev 
0x01

pci4 at ppb3 bus 4
em0 at pci4 dev 0 function 0 Intel PRO/1000 PT (80003ES2) rev 0x01: 
irq 11, address 00:30:48:8b:58:b0
em1 at pci4 dev 0 function 1 Intel PRO/1000 PT (80003ES2) rev 0x01: 
irq 10, address 00:30:48:8b:58:b1

ppb4 at pci1 dev 0 function 3 Intel 6321ESB PCIE-PCIX rev 0x01
pci5 at ppb4 bus 5
vendor Intel, unknown product 0x1a38 (class system subclass 
miscellaneous, rev 0xb1) at pci0 dev 8 function 0 not configured

pchb1 at pci0 dev 16 function 0 Intel 5000 Error Reporting rev 0xb1
pchb2 at pci0 dev 16 function 1 Intel 5000 Error Reporting rev 0xb1
pchb3 at pci0 dev 16 function 2 Intel 5000 Error Reporting rev 0xb1
pchb4 at pci0 dev 17 function 0 Intel 5000 Reserved rev 0xb1
pchb5 at pci0 dev 19 function 0 Intel 5000 Reserved rev 0xb1
pchb6 at pci0 dev 21 function 0 Intel 5000 FBD rev 0xb1
pchb7 at pci0 dev 22 function 0 Intel 5000 FBD rev 0xb1
ppb5 at pci0 dev 28 function 0 Intel 6321ESB PCIE rev 0x09
pci6 at ppb5 bus 6
uhci0 at pci0 dev 29 function 0 Intel 6321ESB USB rev 0x09: irq 5
usb0 at uhci0: USB revision 1.0
uhub0 at usb0
uhub0: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
uhci1 at pci0 dev 29 function 1 Intel 6321ESB USB rev 0x09: irq 10
usb1 at uhci1: USB revision 1.0
uhub1 at usb1
uhub1: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub1: 2 ports with 2 removable, self powered
uhci2 at pci0 dev 29 function 2 Intel 6321ESB USB rev 0x09: irq 11
usb2 at uhci2: USB revision 1.0
uhub2 at usb2
uhub2: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub2: 2 ports with 2 removable, self powered
uhci3 at pci0 dev 29 function 3 Intel 6321ESB USB rev 0x09: irq 7
usb3 at uhci3: USB revision 1.0
uhub3 at usb3
uhub3: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub3: 2 ports with 2 removable, self powered
ehci0 at pci0 dev 29 function 7 Intel 6321ESB USB rev 0x09: irq 5
ehci0: timed out waiting for BIOS
usb4 at ehci0: USB revision 2.0
uhub4 at usb4
uhub4: Intel EHCI root hub, rev 2.00/1.00, addr 1
uhub4: 8 ports with 8 removable, self powered
ppb6 at pci0 dev 30 function 0 Intel 82801BA AGP rev 0xd9
pci7 at ppb6 bus 7
vga1 at pci7 dev 1 function 0 ATI ES1000 rev 0x02
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
Intel 6321ESB LPC rev 0x09 at pci0 dev 31 function 0 not configured
pciide0 at pci0 dev 31 function 1 Intel 6321ESB IDE rev 0x09: DMA, 
channel 0 configured to compatibility, channel 1 configured to compatibility

atapiscsi0 at pciide0 channel 0 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0: TEAC, CD-224E, 1.9A SCSI0 5/cdrom removable
cd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2
pciide0: channel 1 ignored (disabled)
pciide1 at pci0 dev 31 function 2 Intel 6321ESB SATA rev 0x09: DMA, 
channel 0 configured to native-PCI, channel 1 configured to native-PCI

pciide1: using irq 10 for native-PCI interrupt
wd0 at pciide1 channel 0 drive 0: WDC WD1500ADFD-00NLR1
wd0: 16-sector PIO, LBA48, 143089MB, 293046768 sectors
wd0(pciide1:0:0): using PIO mode 4, Ultra-DMA mode 5
wd1 at pciide1 channel 1 drive 0: WDC WD1500ADFD-00NLR1
wd1: 16-sector PIO, LBA48, 143089MB, 293046768 sectors
wd1(pciide1:1:0): using PIO mode 4, Ultra-DMA mode 5
Intel 6321ESB SMBus rev 0x09 at pci0 dev 31 function 3 not configured
isa0 at mainbus0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
rd0: fixed, 3584 blocks
uhidev0 at uhub0 port 2 configuration 1 interface 0
uhidev0: BTC USB Multimedia Keyboard, rev 1.10/1.20, addr 2, iclass 3/1
ukbd0 at uhidev0
wskbd1 at ukbd0 mux 1
wskbd1: connecting to 

Re: SIP on OpenBSD

[Soner Tari]

On Tue, 2007-02-13 at 11:09 +0100, Claudio Jeker wrote:
 The only problem is that we don't support zaptel. It is an incredible ugly
 interface that only works with the digium cards that are not supported.

Head of the ftp://ftp.sangoma.com/OpenBSD/current_wanpipe/README reads:

Future release: Wanpipe version
--
o Support Asterisk interface.

Nov 23, 2006: wanpipe version - 1.6.5-8 (wanpipe-1.6.5-8.tgz)
--
[...]
o Support OpenBSD-4.0 kernel

Therefore, I am hoping to have Asterisk+Sangoma cards running on OpenBSD
sooner than most people are expecting. (Meaning that we won't need
zaptel/libpri drivers.)

FYI.

Re: OT? Is this bad news?

[Neil Joseph Schelly]

On Wednesday 14 February 2007 12:24 pm, Darren Spruell wrote:
 On 2/14/07, Neil Joseph Schelly [EMAIL PROTECTED] wrote:
   Also, please educate me: couldn't a BSD driver be created by using the
   cleanroom approach? One person reads the GPL code, writes specs,
   another implements them? Or is this covered when people say reverse
   engineer?
 
  I imagine that's the best case scenario here,

 No, the best case scenario is that the good intentions of the Linux
 driver project would be focused on getting vendors to provide open

My statement wasn't an opinion, so please don't say I'm wrong.  His question 
was about how this project could lead to drivers for BSD.  And it ~could~ be 
that cleanroom implementations of the driver code developed for GPL projects 
get reliable enough under BSD here.  That is the best case scenario here - 
that drivers are written well enough that reliable specs can be drawn up from 
them and be useful.

I didn't in my email suggest I thought this was the best way to make drivers.  
I just answered the question he asked about creating BSD drivers based on 
GPL'd drivers without the original specs.  Please don't correct my statements 
out of context.

-- 
Regards,
Neil Schelly
Senior Systems Administrator

W: 978-667-5115 x213
M: 508-410-4776

OASIS Open http://www.oasis-open.org
Advancing E-Business Standards Since 1993

Re: PF drops tcp packets from a machine with Gentoo linux kernel 2.6.18

[Tim Kuhlman]

On Wednesday 14 February 2007 12:11 pm, Darren Spruell wrote:
 On 2/14/07, Tim Kuhlman [EMAIL PROTECTED] wrote:
  I have pf running on an OpenBSD 4.0 (patches 1-5, 7) router and I have
  one user with two Gentoo Linux machines with kernel 2.6.18 who is having
  troubles. Everyone else is having no problem at all. This user is having
  any tcp connection he makes dropped by the firewall. The state shows up
  when I run pfctl -ss but a sniff on both ends of the router shows that
  it is dropping the packets. If I set the debug level to loud I get the
  following output.

 [snip]

  One other point I needs some clarification on, in my searching around I
  did find an article saying that you need the flags S/SA everytime you
  use keep state for tcp connections in your firewall rules. This didn't
  seem right to me but I tried it anyway just to see and it had no affect.
  What is the final word on this, should you always use flags S/SA?

 This kind of thing has happened to me in the past; likely you're doing
 something wrong with your state building in the first place so that
 you're getting state built one direction one interface and checked on
 a different one, or similar.

 If you simplify your ruleset as a temporary test, you'll probably find
 things magically work. If so you'll know it's not the Linux boxen or
 firewall itself but your policy. Gradually add components back into
 the ruleset and you'll likely narrow down where you've b0rked it.

  A couple of other points, I have tried various combinations of scrubing
  in my pf rules including turning it off with no luck. Also all other
  machines including other linux boxes work fine with this. If any more
  information is needed let me know. Thanks for the help!

 Yeah, when I went through it scrub rules had nothing to do with it.
 All state, period. (Note that in -current the default is now to
 implicitly build rules with both 'keep state' and 'S/SA' without
 having to specify; default stateful behavior makes these boo-boos less
 likely.)

 When I had the same problem, it was very erratic and seemed isolated
 to a Linux box at first too. I don't know if there's something in the
 TCP stack that reacts more adversely to this, but my fix in that case
 was a refactoring of my state model. YMMV.

 DS

You think it is an issue with my state table rules even though running an 
pfctl -ss shows that the state is established? 

I keep state on my outgoing connection and don't do any on the incoming 
connection except for some ssh connections which I rate limit. These ssh 
connections haven't been the issue anyway. 

The basic outgoing rule is relatively simple it is
pass out on { $int_if $vpn_if $ext_if $dsl_if $DMZ_production_if $DMZ_proto_if 
} proto {tcp udp icmp} modulate state

After that I do some queuing but most of the test connections should have just 
gone into the default queue. Here are the rules,

pass out on $ext_if proto udp from $ext_ip port $vpn_port to $vpn_tungsten keep 
state queue vpn
pass out on $ext_if proto udp from $ext_ip port domain to any keep state queue 
vpn
pass out on $ext_if from DMZ_production_boxes to any modulate state queue dmz

The problem has occurred between pretty much any combination of those 
interfaces except the ext_if and dsl_if which I haven't tested. I will try and 
simplify things a bit but unfortunately the box is in production and has a lot 
of traffic moving through it right now so I can't do anything too drastic right 
away. One thing I will do right away is add the flag S/SA to all of these 
entries, I don't see any reason why that will break anything on the live 
machine.

Any other specific suggestions?

Whoops I was just grepping for state in my rules and I missed one though it 
shouldn't have applied to any of these connections
pass in on $int_if route-to ($dsl_if $dsl_gw) from non-servers to Internet 
keep state

Thanks for the help.

-- 
Tim Kuhlman
Network Administrator
ColoradoVnet.com

Re: PF drops tcp packets from a machine with Gentoo linux kernel 2.6.18

[Stuart Henderson]

On 2007/02/14 11:47, Tim Kuhlman wrote:
 So what is happening? It seems to me that either pf is broken or his linux 
 kernel is broken and pf is catching it. Any ideas as to which is the cause? 

Ruleset more likely. If you post it, people can make suggestions.
Might be useful to capture a SYN with tcpdump and post any state entries
relating to it, too (the relevant parts of pfctl -ss -v).

Re: SIP on OpenBSD

[Stuart Henderson]

On 2007/02/14 22:14, Soner Tari wrote:
 Therefore, I am hoping to have Asterisk+Sangoma cards running on OpenBSD
 sooner than most people are expecting. (Meaning that we won't need
 zaptel/libpri drivers.)

The Sangoma cards work with their own drivers with zaptel loaded on top
http://www.voip-info.org/wiki/view/Sangoma

btw, asterisk-bsd is probably a better venue for this.

Re: PF drops tcp packets from a machine with Gentoo linux kernel 2.6.18

[Stuart Henderson]

On 2007/02/14 12:11, Darren Spruell wrote:
 
 Yeah, when I went through it scrub rules had nothing to do with it.
 All state, period. (Note that in -current the default is now to
 implicitly build rules with both 'keep state' and 'S/SA' without
 having to specify; default stateful behavior makes these boo-boos less
 likely.)

 When I had the same problem, it was very erratic and seemed isolated
 to a Linux box at first too. I don't know if there's something in the
 TCP stack that reacts more adversely to this, but my fix in that case
 was a refactoring of my state model. YMMV.

New linux kernels (and Windows) set the window size such that wscale0
by default (if you want to test this from an OpenBSD box, increase
net.inet.tcp.recvspace).

As tcpdump will show you, the wscale value is *only* in SYN packets.
This is multiplied by the window size in the TCP headers of subsequent
packets to find the actual window size (see RFC1323 paragraph 1.1 on
'window size limit' and paragraph 2).

If the state was created from a packet other than the SYN, it won't have
wscale information (if it was collected, it's shown in pfctl -ss -v).
Without this the range of permitted sequence numbers is incorrect and
state failures can occur (especially in those cases where the unscaled
window size, shown by 'win' in tcpdump, works out to a small value).

(People who are intentionally using stateless filtering will have to
adjust their ruleset when they upgrade to 4.1; from the mailing list
posts about it, the number of people who will be affected negatively
by this change is much smaller than the number who will be affected
positively).

Re: Free Linux Driver Development!

[Jack J. Woehr]

On Feb 14, 2007, at 1:29 PM, Darren Spruell wrote:


On 2/14/07, Jack J. Woehr [EMAIL PROTECTED] wrote:

 Linux, Gnu and other subjects
have their own mailing lists.


Only if you operate under the assumption that the actions of these
other groups don't undermine the efforts of your own.


No, I'm operating under the three (3) assumptions that:
a) All us OBSD loyalists have already heard this message.
b) All us OBSD loyalists who are going to do something about it
   have already decided what to do.
c) There are no new ideas in the second/third day of a Misc thrash.

:-) :-) :-)

--
Jack J. Woehr
Director of Development
Absolute Performance, Inc.
[EMAIL PROTECTED]
303-443-7000 ext. 527

Re: Free Linux Driver Development!

[Darren Spruell]

On 2/14/07, Jack J. Woehr [EMAIL PROTECTED] wrote:

On Feb 14, 2007, at 11:48 AM, Marc Ravensbergen wrote:

 On Wednesday 14 February 2007 10:18 am, you wrote:
 On 2/14/07, Jeff Rollin [EMAIL PROTECTED] wrote:

This is becoming one of those topics which goes on way to long,
and in which all the modalities applicable to OpenBSD have been
exhausted much earlier in the discussion.

NDA's bad. Freedom good. Blobs suck. This is policy enforced by
the owner of the name OpenBSD. Linux, Gnu and other subjects
have their own mailing lists.


Only if you operate under the assumption that the actions of these
other groups don't undermine the efforts of your own. What this Linux
driver project is doing can seriously impact our ability to get the
vendors to release open docs.

Look down the road a few years when suddenly the amount of new
hardware supported under OpenBSD is at a lesser standard of quality
(or reduced). All it takese is for hardware vendors to be led into the
comforting knowledge that they don't *have* to release docs since the
most popular open source operating system grovels at their feet under
NDA.

DS

Re: Free Linux Driver Development!

[Jack J. Woehr]

On Feb 14, 2007, at 1:38 PM, Darren Spruell wrote:


My alternative is to go blare my mouth on Slashdot, but I'm more than
a little outnumbered there.


Actually, someone should (has already?) start one of those projects/ 
campaigns like
browse anywhere (http://www.anybrowser.org/campaign/) and create a  
website and a cute downloadable

URL snippet-cum-icon and get people to put it all over the cyberverse.

Open Hardware Specs, no blobs, no NDA's.

--
Jack J. Woehr
Director of Development
Absolute Performance, Inc.
[EMAIL PROTECTED]
303-443-7000 ext. 527

PF + rsync trouble

[Chris C.]

Hi

I'm having issues with rsyncing ftp.rfc-editor.org through a PF firewall, 
other connections (also other rsync connections) work well.

rsync -avz --delete ftp.rfc-editor.org::rfcs-text-only my-rfc-mirror
receiving file list ... done
./
rfc-index.xml
...
rfc1591.txt
rfc1592.txt
nothing is going to happen... will timeout in a few minutes


my setup is LAN -- OBSDGW2 - PPPOE - Internet

fxp1: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
lladdr 00:50:8b:95:a4:d3
description: WLan uplink
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet6 fe80::250:8bff:fe95:a4d3%fxp1 prefixlen 64 scopeid 0x3
inet 10.1.16.1 netmask 0xfffc broadcast 10.1.16.3

pppoe0: flags=8851UP,POINTOPOINT,RUNNING,SIMPLEX,MULTICAST mtu 1492
dev: rl0 state: session
sid: 0xe682 PADI retries: 49 PADR retries: 0 time: 09:51:14

I've played with scrub (out on pppoe0 max-mss 1440, +no-df, + fragment 
reassemble, ...) but doesnt solve my problem.
I'm using nat on pppoe0 (nat on $extif from localips to any - (pppoe0))
I would provide a full tcpdump, but that would make my message a bit big...

Currently my pf.conf looks as follows:

set block-policy return
set skip on { lo, enc0 }
#scrub in all no-df random-id fragment reassemble
#scrub out on pppoe0 max-mss 1492 no-df
scrub out on pppoe0 max-mss 1440
nat on $extif from localips to any - (pppoe0)
nat-anchor ftp-proxy/*
rdr-anchor ftp-proxy/*
rdr on $allif   inet proto tcp from localips 
to !norouteips port ftp - 127.0.0.1 port 8021
rdr on $extif   inet proto tcp from any to ($extif) 

port http - 10.0.0.200 port 80
#rdron $extif   inet proto tcp from any to ($extif) 

port ftp - 10.0.0.200 port ftp
#rdron $extif   inet proto tcp from any to any  

port 49152:65535 - 10.0.0.200 port 49152:65535
 norouteips and allow local traffic on trusted interfaces
antispoof   quick   for { $extif, $wlanif }
block   in  all
passout all keep state flags S/SA
block   in  quick   on $extif   inet from norouteips to any
block   return  out quick   on $extif inet proto icmp from any to 
norouteips
block   dropout quick   on $extif inet from any to norouteips
passin  quick   on $allif   inet from localips to !firewall 

keep state
passin  quick   inet proto icmp from any to { ($extif) 
firewall } icmp-type echoreq code 0
passin  quick   inet proto tcp from any to { ($extif) 
firewall } port ssh keep state
[some rules for other subnets]
passin  on $wlanif  inet   from 10.1.16.200 to any  

keep state flags S/SA



18:28:07.899188 128.9.176.20.rsync  10.1.16.200.1701: . 9777343:9778583(1240) 
ack 100609 win 0 nop,nop,timestamp 1443728300 1809939 (DF)
18:28:07.901084 10.1.16.200.1701  128.9.176.20.rsync: . ack 9778583 win 23552 
nop,nop,timestamp 1810010 1443728300 (DF)
18:28:07.902910 128.9.176.20.rsync  10.1.16.200.1701: . 9778583:9780011(1428) 
ack 100609 win 0 nop,nop,timestamp 1443728300 1809939 (DF)
18:28:07.906844 128.9.176.20.rsync  10.1.16.200.1701: . 9780011:9781439(1428) 
ack 100609 win 0 nop,nop,timestamp 1443728300 1809939 (DF)
18:28:07.908805 10.1.16.200.1701  128.9.176.20.rsync: . ack 9781439 win 23552 
nop,nop,timestamp 1810012 1443728300 (DF)
18:28:07.910276 128.9.176.20.rsync  10.1.16.200.1701: . 9781439:9782679(1240) 
ack 100609 win 0 nop,nop,timestamp 1443728300 1809939 (DF)
18:28:07.913469 10.1.16.200.1701  128.9.176.20.rsync: . ack 9782679 win 23552 
nop,nop,timestamp 1810013 1443728300 (DF)
18:28:07.914486 128.9.176.20.rsync  10.1.16.200.1701: . 9782679:9784107(1428) 
ack 100609 win 0 nop,nop,timestamp 1443728300 1809939 (DF)
18:28:07.918422 128.9.176.20.rsync  10.1.16.200.1701: . 9784107:9785535(1428) 
ack 100609 win 0 nop,nop,timestamp 1443728302 1809944 (DF)
18:28:07.920355 10.1.16.200.1701  128.9.176.20.rsync: . ack 9785535 win 23552 
nop,nop,timestamp 1810015 1443728300 (DF)
18:28:07.921610 128.9.176.20.rsync  10.1.16.200.1701: . 9785535:9786775(1240) 
ack 100609 win 0 nop,nop,timestamp 1443728302 1809944 (DF)
18:28:07.923453 10.1.16.200.1701  128.9.176.20.rsync: . ack 9786775 win 23552 
nop,nop,timestamp 1810016 1443728302 (DF)
18:28:07.925819 128.9.176.20.rsync  10.1.16.200.1701: . 9786775:9788203(1428) 
ack 100609 win 0 nop,nop,timestamp 1443728302 1809944 (DF)
18:28:07.929512 128.9.176.20.rsync  10.1.16.200.1701: . 9788203:9789631(1428) 
ack 100609 win 0 nop,nop,timestamp 1443728302 1809944 (DF)
18:28:07.931435 10.1.16.200.1701  128.9.176.20.rsync: . ack 9789631 win 23552 
nop,nop,timestamp 1810018 1443728302 (DF)
18:28:07.933195 128.9.176.20.rsync  10.1.16.200.1701: . 9789631:9790871(1240) 
ack 100609 win 0 nop,nop,timestamp 1443728302 1809944 (DF)
18:28:07.936777 10.1.16.200.1701  

Nagios plugin for checking OpenBGPd-Peers

[Falk Brockerhoff - smartTERRA GmbH]

Hello,

has anybody wrote a nagios plugin to check the presence of some 
specified bgp-peers set up with openbgpd? In the past I used check_bgp 
in combination with cisco routers, which checks the peer-state via snmp.


Regards,

Falk

Re: slow io operations on xSeries 336

[David Gwynne]

can i see a dmesg as well? if you're running the machine as an amd64,  
can you try it again as an i386?


dlg

On 15/02/2007, at 3:38 AM, Jose Fragoso wrote:


thats very... vague...


Sorry. I agree.


where are you creating this 50G partitiong? in the installer, or in
the installed operating system? what command did you use?


In the installer.


how long did it actually take? a really long time could be 5
seconds if you're expectations are too high.


More than 2 minutes, for sure!. Perhaps, more.


that does seem excessive. can you watch the interrupt rates in the
top right of systat vm 1 and let me know what numbers you're
seeing?


I did run the same command again. Only this time I used

tar xzf ports.tar.gz

Look at the times:

# date;tar xzf ports.tar.gz;date
Wed Feb 14 10:59:34 BRT 2007
Wed Feb 14 11:11:04 BRT 2007

The total number of interrupts ranged from 270 to 850, most of it
being mpi0 (170 out of 271 and 747 out of 850). It always showed
100 for clock. If you feel it is important, I can send you the
print screen of the moment these values were shown (off the list
if you prefer).

Thanks a lot in advance.

Regards,

Jose

=
Nantucket Summer Vacation Rentals
Award-winning island homes in charming Nantucket village. Beautifully
furnished. Roses, shell path, white picket fence. Tennis, pool.  
Contact us for

reservations and more information.
http://a8-asy.a8ww.net/a8-ads/adftrclick? 
redirectid=51054f4dd849962e7cce9ae18

5bfd186

Re: Performance problems with bge under OpenBSD4.0/i386

[Mark Kettenis]

 From: Pete Vickers [EMAIL PROTECTED]
 Date: Wed, 14 Feb 2007 13:33:25 +0100
 
 # ifconfig bge0
 bge0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
  lladdr 00:17:a4:45:f5:25
  groups: egress
  media: Ethernet autoselect (1000baseT full-duplex)
  status: active
  inet6 fe80::217:a4ff:fe45:f525%bge0 prefixlen 64 scopeid 0x1
  inet x.x.x.x netmask 0xff00 broadcast x.x.x.x

This suggests flow control has *not* been negotiated.  With msk(4), I
get:

borodin$ ifconfig msk0
msk0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
lladdr 00:16:cb:a2:87:67
groups: egress
media: Ethernet autoselect (1000baseT full-duplex,rxpause,txpause)
status: active
inet6 fe80::216:cbff:fea2:8767%msk0 prefixlen 64 scopeid 0x1
inet 192.168.0.17 netmask 0xff00 broadcast 192.168.0.255

Re: PF + rsync trouble

[Chris C.]

On Wednesday 14 February 2007 21:59, Chris C. wrote:
 Hi

 I'm having issues with rsyncing ftp.rfc-editor.org through a PF firewall,
 other connections (also other rsync connections) work well.

 rsync -avz --delete ftp.rfc-editor.org::rfcs-text-only my-rfc-mirror
 receiving file list ... done
 ./
 rfc-index.xml
 ...
 rfc1591.txt
 rfc1592.txt
 nothing is going to happen... will timeout in a few minutes


 my setup is LAN -- OBSDGW2 - PPPOE - Internet

 fxp1: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
 lladdr 00:50:8b:95:a4:d3
 description: WLan uplink
 media: Ethernet autoselect (100baseTX full-duplex)
 status: active
 inet6 fe80::250:8bff:fe95:a4d3%fxp1 prefixlen 64 scopeid 0x3
 inet 10.1.16.1 netmask 0xfffc broadcast 10.1.16.3

 pppoe0: flags=8851UP,POINTOPOINT,RUNNING,SIMPLEX,MULTICAST mtu 1492
 dev: rl0 state: session
 sid: 0xe682 PADI retries: 49 PADR retries: 0 time: 09:51:14

 I've played with scrub (out on pppoe0 max-mss 1440, +no-df, + fragment
 reassemble, ...) but doesnt solve my problem.
 I'm using nat on pppoe0 (nat on $extif from localips to any - (pppoe0))
 I would provide a full tcpdump, but that would make my message a bit big...

 Currently my pf.conf looks as follows:

 set block-policy return
 set skip on { lo, enc0 }
 #scrub in all no-df random-id fragment reassemble
 #scrub out on pppoe0 max-mss 1492 no-df
 scrub out on pppoe0 max-mss 1440
 nat on $extif from localips to any - (pppoe0)
 nat-anchor ftp-proxy/*
 rdr-anchor ftp-proxy/*
 rdr on $allif   inet proto tcp from localips
 to !norouteips port ftp - 127.0.0.1 port 8021
 rdr on $extif   inet proto tcp from any to ($extif)
 port http - 10.0.0.200 port 80
 #rdron $extif   inet proto tcp from any to ($extif)
 port ftp - 10.0.0.200 port ftp
 #rdron $extif   inet proto tcp from any to any
 port 49152:65535 - 10.0.0.200 port 49152:65535
  norouteips and allow local traffic on trusted interfaces
 antispoof   quick   for { $extif, $wlanif }
 block   in  all
 passout all keep state flags S/SA
 block   in  quick   on $extif   inet from norouteips to any
 block   return  out quick   on $extif inet proto icmp from any to
 norouteips
 block   dropout quick   on $extif inet from any to norouteips
 passin  quick   on $allif   inet from localips to !firewall
 keep state
 passin  quick   inet proto icmp from any to {
 ($extif) firewall } icmp-type echoreq code 0
 passin  quick   inet proto tcp from any to {
 ($extif) firewall } port ssh keep state
 [some rules for other subnets]
 passin  on $wlanif  inet   from 10.1.16.200 to
 any keep state flags S/SA



 [tcpdump]

 any suggestions? thanks!

Have to reply to my own post...
The rsync process completes on the gateway itself, but not on any device 
behind it.

Re: Problems with routing

[Jamie Penman-Smithson]

On 13/02/07, Martin Schrvder [EMAIL PROTECTED] wrote:

2007/2/14, Jamie Penman-Smithson [EMAIL PROTECTED]:
 Any hints?

afterboot(8) has a section on routing.

Best
   Martin


I read afterboot(8) but I didn't see anything related to the issue
that I'm experiencing.

Time to go back to Linux I suppose..

--
-Jamie L. Penman-Smithson [EMAIL PROTECTED]

Tunnel, VPN, NAT

[Mitja]

I've managed to solve a problem that was bodering me for some time now.
I decided to put this solution to the list just in case someday somebody
will be in similar situation.

How to solve the problem described on this picture:

193.x.x.x/27 193.y.y.y/27
   |  192.168.1.0/24   | 192.168.2.0/24
   ||  ||
   ||  ||
   Host A  tunnel  Host D -Internet
172.16.16.6   172.16.15.6
   \/
+-- Host B -- Host C --+
   172.16.16.5172.16.15.5


In short, I have two distant locations, connected with fiber, only one
has access to internet. The client requested to have on both locations
public addressable IP space and private addressable IP space. Host A and
Host D are connected by a fiber provider, who connected both locations
with a PTP (Host B  Host C are providers routers).

The solution I came to (with the help of Dag Richards) is to build a gre
tunnel from host A to Host D. Firstly I managed to access internet using
ipsec. Dag pointed out that I should be doing NAT before ipsec.

Explanation:
packet enters
routing decision is made - packet encrypted if matches quickmode route

egress iface chosen
NAT applied

So on the same router that can't be done in OBSD. So I left out
encryption for this part of the project, because I don't need encryption
for traffic going to internet. The task now is to build a gre tunnel
between Host A  Host D.

Building up gre tunnel and setting up routes:

Enable on both routers:
sysctl net.inet.gre.allow=1

Host A
# cat /etc/hostname.gre0
193.x.x.x 193.z.z.z netmask 0x link1 up
tunnel 172.16.16.6 172.16.15.6
!route -qn delete default
!route -qn add -host default 193.z.z.z


Host D
# cat /etc/hostname.gre0
193.z.z.z 193.x.x.x netmask 0x link1 up
tunnel 172.16.15.6 172.16.16.6
!route add 192.168.1.0/24 193.x.x.x
!route add 193.x.x.x/27 193.x.x.x

I had to add those routes just to tell the router where to send packets
that have been natted and to route other public addressable IP space
through the tunnel.

Now I have a working tunnel, Host A can access the internet. Let's allow
others to access internet from private addressable IP space on Host A.
As Dag pointed out I should be doing NAT for request coming from
192.168.1.0/24 on the end of gre tunnel, on Host D. This should look
something like this:

nat on bge0 from 192.168.1.0/24 - 193.x.x.x, where bge0 stands for my
external_if on Host D. Be careful to allow gre proto in both pf.conf.
After that I just had to connect two LANs together with ipsec:

On host D:
ike esp from 192.168.2.0/24 to 192.168.1.0/24 peer 172.16.16.6

On Host A:
ike esp from 192.168.1.0/24 to 192.168.2.0/24 peer 172.16.15.6


Mitja

Re: Problems with routing

[Martin Schröder]

2007/2/14, Jamie Penman-Smithson [EMAIL PROTECTED]:

I read afterboot(8) but I didn't see anything related to the issue
that I'm experiencing.


--
If you wish to route packets between interfaces, add one or both of the
following directives (depending on whether IPv4 or IPv6 routing is re-
quired) to /etc/sysctl.conf:

  net.inet.ip.forwarding=1
  net.inet6.ip6.forwarding=1

Packets are not forwarded by default, due to RFC requirements.
--


Time to go back to Linux I suppose..


We won't miss you.

Best
  Martin

Re: external usb disk freezing machine

[frantisek holop]

hmm, on Wed, Feb 07, 2007 at 08:42:19PM +0100, frantisek holop said that
 here i go again, describing usb problems.  i am really not sure now
 if it is a) my external disk, b) openbsd, c) bios/motherboard/usb port
 that is giving me the headache...

none of them.
it seems that it was acpi after all,
and acpi.c,v 1.78 solves this issue.

-f
-- 
friends are people you can be quiet with.

Re: external usb disk freezing machine

[Marco Peereboom]

Cool :-)

On Thu, Feb 15, 2007 at 12:08:11AM +0100, frantisek holop wrote:
 hmm, on Wed, Feb 07, 2007 at 08:42:19PM +0100, frantisek holop said that
  here i go again, describing usb problems.  i am really not sure now
  if it is a) my external disk, b) openbsd, c) bios/motherboard/usb port
  that is giving me the headache...
 
 none of them.
 it seems that it was acpi after all,
 and acpi.c,v 1.78 solves this issue.
 
 -f
 -- 
 friends are people you can be quiet with.

Re: PF + rsync trouble

[Darren Spruell]

On 2/14/07, Chris C. [EMAIL PROTECTED] wrote:

On Wednesday 14 February 2007 21:59, Chris C. wrote:
 Hi

 I'm having issues with rsyncing ftp.rfc-editor.org through a PF firewall,
 other connections (also other rsync connections) work well.

 rsync -avz --delete ftp.rfc-editor.org::rfcs-text-only my-rfc-mirror
 receiving file list ... done
 ./
 rfc-index.xml
 ...
 rfc1591.txt
 rfc1592.txt
 nothing is going to happen... will timeout in a few minutes
 any suggestions? thanks!

Have to reply to my own post...
The rsync process completes on the gateway itself, but not on any device
behind it.


Enable debugging in PF and see if you get any error conditions in your
kernel logs.

# pfctl -x loud

(set back to normal with 'pfctl -x urgent')

--
Darren Spruell
[EMAIL PROTECTED]

Re: Problems with routing

[Jamie Penman-Smithson]

On 14/02/07, Martin Schrvder [EMAIL PROTECTED] wrote:

2007/2/14, Jamie Penman-Smithson [EMAIL PROTECTED]:
 I read afterboot(8) but I didn't see anything related to the issue
 that I'm experiencing.

 If you wish to route packets between interfaces, add one or both of

the

 following directives (depending on whether IPv4 or IPv6 routing is re-
 quired) to /etc/sysctl.conf:

   net.inet.ip.forwarding=1
   net.inet6.ip6.forwarding=1


I already did this, to no effect.

--
-Jamie L. Penman-Smithson [EMAIL PROTECTED]

Re: Problems with routing

[Stuart Henderson]

 I'm attempting to setup openbsd 4.0 as a router, the system has two
 interfaces, rl0 and rl1. It looks something like this (apologies if
 this looks really odd):
 
 router [x.x.58.129] --- router2: rl0 [x.x.58.130]
router2: rl1 [x.x.58.140] ---

Not so much odd as lacking information. Post ifconfig output instead.
Presumably the OpenBSD box is 'router2', though you don't actually say.

If I had to guess, I'd say you're probably trying to overlap networks
and not doing it right, but you won't get good answers if you make people
guess. Which box are you talking about anyway? (I'd guess router2, but
you don't actually say).

 DMZ subnet x.x.58/28

I don't see any x.x.58.0 networks in your diagram, is that what you
actually meant to write?

 route add -net x.x.58.128 -netmask 255.255.255.240 -iface x.x.58.140
 route add -host x.x.58.129 -iface x.x.58.130

Directly connected networks already appear in the routing table, you
don't add static routes for them.

 Under Linux I just had:
...

irrelevant, this is not Linux.

is there an install packages file list?

[Bryan Irvine]

I'm going to be installing on a soekris box (probably on flash media),
and I'm trying to figure out what the bare minimum I need to install.

Is there somewhere I can see what files are included in the
base40.tgz, etc40.tgz etc... so I know what don't fill up the flash
card at the start?

They are going to be a pf firewall, and ipsec vpn (with one of them
running poptop for roadwarriors).

Any pitfalls I should watch out for on this? fstab options etc..?

--Bryan

Re: Problems with routing

[Jamie Penman-Smithson]

On 15/02/07, Stuart Henderson [EMAIL PROTECTED] wrote:

 I'm attempting to setup openbsd 4.0 as a router, the system has two
 interfaces, rl0 and rl1. It looks something like this (apologies if
 this looks really odd):

 router [x.x.58.129] --- router2: rl0 [x.x.58.130]
router2: rl1 [x.x.58.140] ---

Not so much odd as lacking information. Post ifconfig output instead.
Presumably the OpenBSD box is 'router2', though you don't actually say.


Yes, router2 is the OpenBSD box.

rl0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
   lladdr 00:50:fc:a0:c9:ae
   groups: egress
   media: Ethernet autoselect (100baseTX full-duplex)
   status: active
   inet 82.133.58.130 netmask 0xfff0 broadcast 82.133.58.143
   inet6 fe80::250:fcff:fea0:c9ae%rl0 prefixlen 64 scopeid 0x2
rl1: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
   lladdr 00:50:fc:a0:c9:b0
   media: Ethernet autoselect (100baseTX full-duplex)
   status: active
   inet 82.133.58.140 netmask 0xfff0 broadcast 82.133.58.143
   inet6 fe80::250:fcff:fea0:c9b0%rl1 prefixlen 64 scopeid 0x3


If I had to guess, I'd say you're probably trying to overlap networks
and not doing it right, but you won't get good answers if you make people
guess. Which box are you talking about anyway? (I'd guess router2, but
you don't actually say).


router2

Thanks,

--
-Jamie L. Penman-Smithson [EMAIL PROTECTED]

Re: is there an install packages file list?

[Nick !]

On 2/14/07, Bryan Irvine [EMAIL PROTECTED] wrote:

I'm going to be installing on a soekris box (probably on flash media),
and I'm trying to figure out what the bare minimum I need to install.

Is there somewhere I can see what files are included in the
base40.tgz, etc40.tgz etc... so I know what don't fill up the flash
card at the start?


They're just .tgz files. Just
$tar -tzvf *40.tgz


They are going to be a pf firewall, and ipsec vpn (with one of them
running poptop for roadwarriors).

Any pitfalls I should watch out for on this? fstab options etc..?


This has come up before lots. Trying searching the archives at
http://marc.theaimsgroup.com?l=openbsd-misc

and good luck
-Nick

Re: is there an install packages file list?

[RW]

On Wed, 14 Feb 2007 17:00:55 -0800, Bryan Irvine wrote:

I'm going to be installing on a soekris box (probably on flash media),
and I'm trying to figure out what the bare minimum I need to install.

Is there somewhere I can see what files are included in the
base40.tgz, etc40.tgz etc... so I know what don't fill up the flash
card at the start?

They are going to be a pf firewall, and ipsec vpn (with one of them
running poptop for roadwarriors).

Any pitfalls I should watch out for on this? fstab options etc..?


Don't even consider reducing the base install. There is no reason to.

On a Soekris 4801 here I have been running OpenBSD 3.9 and 4.0 for more
that a year (3.9 beta was running before release) on a Apacer
PhotoSteno CF card with verbose spamd logging (until a month ago  when
I moved spamd onto our new MTA).

I do pxe boot installs and I leave out all the X sets and the comp set.
Xis not needed for anything on that host and compiling is best done on
a build host we keep here with lots more RAM and grunt in the CPU.

The CF is 512MB but any new boxes will have 1024MB simply because they
are now cheaper than the 512 was when I bought it and also the
wear-levelling is better on larger CFs. Pretty soon we won't see
smaller cards easily bought.

I don't run httpd or use sendmail for anything except the
daily/weekly/monthly/security reports but it is more work trimming
stuff than the benefit of smaller filesystems when I'm not short of
space anyway.
Here is the end of disklabel followed by mount and df -h.
Note that I have an unused 68.9 MB partition and that /usr has ALL the
manpages loaded and space for any packages I may need to add.

Swap is never used. I just tossed a bit in because (1) it stops the
system whinging about it not being there and (2) I don't need the
space, as you can see.

16 partitions:
# sizeoffset  fstype [fsize bsize  cpg]
  a: 60.0M  0.0M  4.2BSD   2048 16384  122 # Cyl
0*-   121
  b:  9.8M 60.0Mswap   # Cyl   122
-   141
  c:488.7M  0.0M  unused  0 0  # Cyl 0
-   992
  d: 99.9M 69.9M  4.2BSD   2048 16384  204 # Cyl   142
-   344
  e:250.0M169.8M  4.2BSD   2048 16384  328 # Cyl   345
-   852
  f: 68.9M419.8M  4.2BSD   2048 16384   16 # Cyl   853
-   992
[puffy:/var/log]
$ mount
/dev/wd0a on / type ffs (local, noatime, softdep)
/dev/wd0e on /usr type ffs (local, noatime, nodev, read-only, softdep)
/dev/wd0d on /var type ffs (local, noatime, nodev, nosuid, softdep)
[puffy:/var/log]
$ df -h
Filesystem SizeUsed   Avail Capacity  Mounted on
/dev/wd0a 59.0M   27.3M   28.8M49%/
/dev/wd0e  245M163M   69.6M70%/usr
/dev/wd0d 98.3M6.6M   86.8M 7%/var

Any questions?

Rod/

From the land down under: Australia.
Do we look umop apisdn from up over?

Re: is there an install packages file list?

[Greg Thomas]

On 2/14/07, Bryan Irvine [EMAIL PROTECTED] wrote:

I'm going to be installing on a soekris box (probably on flash media),
and I'm trying to figure out what the bare minimum I need to install.

Is there somewhere I can see what files are included in the
base40.tgz, etc40.tgz etc... so I know what don't fill up the flash
card at the start?

They are going to be a pf firewall, and ipsec vpn (with one of them
running poptop for roadwarriors).

Any pitfalls I should watch out for on this? fstab options etc..?



After reading many posts on misc about the reliability of CF and since
1 GB compact flash is cheap these days I didn't bother with any of the
above and just did an install picking the sets that I needed, avoiding
x*, comp, and game:

[EMAIL PROTECTED]:/home/ethant# df -k
Filesystem  1K-blocks  Used Avail Capacity  Mounted on
/dev/wd0a  74254050650219891272%/
mfs:24827   15855 1 15062 0%/tmp

[EMAIL PROTECTED]:/home/ethant# cat /etc/fstab
/dev/wd0a / ffs rw,noatime 1 1
swap /tmp mfs rw,-s=32768,nodev,nosuid,noexec 0 0

Nothing fancy.  noatime is the only thing different from a normal
install for me other than the fact that I split the filesystem into /,
/usr, /tmp, /var, and /home on larger disks.

Greg

Re: Problems with routing

[RW]

On Thu, 15 Feb 2007 01:08:28 +, Jamie Penman-Smithson wrote:

On 15/02/07, Stuart Henderson [EMAIL PROTECTED] wrote:
  I'm attempting to setup openbsd 4.0 as a router, the system has two
  interfaces, rl0 and rl1. It looks something like this (apologies if
  this looks really odd):
 
  router [x.x.58.129] --- router2: rl0 [x.x.58.130]
 router2: rl1 [x.x.58.140] ---

 Not so much odd as lacking information. Post ifconfig output instead.
 Presumably the OpenBSD box is 'router2', though you don't actually say.

Yes, router2 is the OpenBSD box.

That ain't gonna work.

Your configuration of the two nics on router2 is wrong.

My guess is that you have a routed subnet supplied by your ISP and that
you have taken the first usable one (xx.xx.58.129) and used it on the
LAN i/f of your (ADSL?) modem.

Router 2 now gets .130 on its rl0 and that's fine but you have applied
.140 to rl1 and both interfaces are in the same network:
xx.xx.58.128/28. You cannot do that and expect routing to work in r2.

2 ways (maybe more possible but I don't have all day 8-) ) to get
around it.

1 alias ALL of your IPs except .129 onto rl0 and then use RFC1918
addrs on rl1 and its attached hosts. You can then rdr or binat them to
the correct addresses on rl0.

2 You can use a pair of RFC1918 IPs on the modem and rl0, static route
the /28 to rl0, configure rl1 to use .129 and hang all (up to 13) hosts
on a LAN there.

Case 2 requires tricky NATting and pf rules but I have done it several
times and it just works but your original post makes me think you'd
need a few more clues first. 
So go with #1 for an easier life.

Any replies/questions on list please. Offlist replies /dev/null
Rod/

From the land down under: Australia.
Do we look umop apisdn from up over?

Re: is there an install packages file list?

[Greg Thomas]

On 2/14/07, Greg Thomas [EMAIL PROTECTED] wrote:

On 2/14/07, Bryan Irvine [EMAIL PROTECTED] wrote:
 I'm going to be installing on a soekris box (probably on flash media),
 and I'm trying to figure out what the bare minimum I need to install.

 Is there somewhere I can see what files are included in the
 base40.tgz, etc40.tgz etc... so I know what don't fill up the flash
 card at the start?

 They are going to be a pf firewall, and ipsec vpn (with one of them
 running poptop for roadwarriors).

 Any pitfalls I should watch out for on this? fstab options etc..?


After reading many posts on misc about the reliability of CF and since
1 GB compact flash is cheap these days I didn't bother with any of the
above and just did an install picking the sets that I needed, avoiding
x*, comp, and game:

[EMAIL PROTECTED]:/home/ethant# df -k
Filesystem  1K-blocks  Used Avail Capacity  Mounted on
/dev/wd0a  74254050650219891272%/
mfs:24827   15855 1 15062 0%/tmp

[EMAIL PROTECTED]:/home/ethant# cat /etc/fstab
/dev/wd0a / ffs rw,noatime 1 1
swap /tmp mfs rw,-s=32768,nodev,nosuid,noexec 0 0

Nothing fancy.  noatime is the only thing different from a normal
install for me other than the fact that I split the filesystem into /,
/usr, /tmp, /var, and /home on larger disks.



Oh, yeah:

[EMAIL PROTECTED]:/var# du -hs www
82.1M   www

And I don't know why my /usr is so much larger than Rod's:

[EMAIL PROTECTED]:/# sudo du -hs /usr
369M/usr

Greg

Re: OT? Is this bad news?

[Nick !]

On 2/14/07, Marco S Hyman [EMAIL PROTECTED] wrote:

  Also, please educate me: couldn't a BSD driver be created by using the
  cleanroom approach? One person reads the GPL code, writes specs,
  another implements them? Or is this covered when people say reverse
  engineer?
[...]


Thanks for clearing that up Hannah, Neil, Rod, Darren, and Marco.

I always see the bitching on here (usually leading to a license war)
and never was entirely sure what the big deal was.

-Nick

Presentacion - Consulta

[Alejandro - Dimarcomp]

El motivo de esta carta es la presentacisn de DIMARCOMP como posible
proveedor de Hardware; avalan nuestra empresa mas de 10 aqos de experiencia en
el rubro de la Informatica en sus diferentes aspectos.

Representa marcas reconocidas como LG, Intel, Kingston, Genius,
Codegen, SMC, Noganet, Energit, Asus, nos encontramos entre los Microsoft
System Builders.

Dimarcomp se desempeqa como Importador y tambiin Distribuidor Mayorista 
de
Equipamiento para empresas, gremio y afines (Hardware y accesorios para PC).

Si se encuentra interesado en conocernos azn mas (listas de precios, 
ofertas
y consultas varias), quedo a su entera disposicisn.



ATENCION: Como este mail es znicamente a modo de presentacisn llegara
solamente UNA VEZ, si Ud. necesita recibir informacisn periodicamente responda
este mail solicitandolo. Si por el contrario llega mas de una vez, por favor
notificarlo y disculparme ante todo por la molestia que pudo haberle
ocasionado.



Los saluda Atte.



Ventas - DIMARCOMP
Alejandro Pavilaitis
msn: [EMAIL PROTECTED]
mail: [EMAIL PROTECTED]
tel: 4554 2800  - Int: 111

arpresolve: can't allocate llinfo

[Cory Albrecht]

Hello all,

My OpenBSD firewall is still randomly stopping routing packets and I 
still can't figure out why. :-(


I made the suggested patch to if_ether.c, ut now I just get the 
following line in /var log messages:


Feb 14 18:08:41 bytor /bsd: arpresolve: can't allocate llinfo for 
192.168.1.1:no link address



Symptoms: Firewall can ping the wifi router (to which ADSL modem is 
attached), but pinging anything beyond it fails. If I try to traceroute 
to some place beyond the router, it doesn't show the router as the first 
hop. (If it can ping the router, shouldn't it show up a the first hop on 
a traceroute?). Even though the firewall can ping the router, it cannot 
ping my laptop, even though the route to both goes out ral0. The laptop 
cannot ping the firewall either. I know the router is still working 
because my laptop can still access the internet through it once I reset 
the default gateway to the router instead of the firewall. IPv6 ssh 
connections form the laptop to the firewall stay active.


Things is, arp -a and route -n show -inet show extactly the same 
thing whether the problem is currently in progress or everything is 
working perfectly. No NICs accidentally have addresses on the wrong segment.


I had routed running, but stopping it has made no difference.

Anybody have any ideas?

[EMAIL PROTECTED] 1:03:58 [9]/etc arp -a
bytor (192.168.0.1) at 00:0e:0c:bc:38:9d on em1 static
xanadu (192.168.0.2) at 00:0e:0c:b9:4d:ed on em1
heechee.wireless (192.168.1.1) at 00:13:10:0e:0b:08 on ral0
snowdog.wireless (192.168.1.3) at 00:12:17:60:fe:40 on ral0
redbarchetta.wireless.fenris.cjb.net (192.168.1.191) at 
00:18:de:20:4f:2e on ral0

bytor (192.168.16.1) at 00:0e:0c:b9:50:74 on em0 static
snowdog (192.168.16.2) at 00:15:f2:e8:7f:51 on em0

[EMAIL PROTECTED] 1:04:03 [10]/etc route -n show -inet
Routing tables

Internet:
Destination   GatewayFlagsRefs  UseMtu  Interface
default   192.168.1.1UGS16   188916  -   ral0
127.0.0.1 127.0.0.1  UH  2 6049  33224   lo0
192.168.0/24  link#3 UC  20  -   em1
192.168.0.1   00:0e:0c:bc:38:9d  UHLc9   996889  -   lo0
192.168.0.2   00:0e:0c:b9:4d:ed  UHLc156064  -   em1
192.168.1/24  link#4 UC  30  -   ral0
192.168.1.1   00:13:10:0e:0b:08  UHLc2 3272  -   ral0
192.168.1.3   00:12:17:60:fe:40  UHLc0  483  -   ral0
192.168.1.191 00:18:de:20:4f:2e  UHLc0 4587  -   ral0
192.168.2/24  link#1 UC  00  -   fxp0
192.168.16/24 link#2 UC  20  -   em0
192.168.16.1  00:0e:0c:b9:50:74  UHLc0   50  -   lo0
192.168.16.2  00:15:f2:e8:7f:51  UHLc5   392664  -   em0

[EMAIL PROTECTED] 1:04:13 [11]/etc cat hostname.ral0
inet 192.168.1.2 255.255.255.0 192.168.1.255 nwid fenris nwkey
 0x0A18135EB54723927B64AB65BC
inet6 alias 2001:05c0:92cf:1::c0a8:0102 64

[EMAIL PROTECTED] 1:06:08 [12]/etc cat hostname.em0
inet 192.168.16.1 255.255.255.0 192.168.16.255
inet6 alias 2001:05c0:92cf:10::c0a8:1001 64

[EMAIL PROTECTED] 1:06:18 [13]/etc cat hostname.em1
inet 192.168.0.1 255.255.255.0 192.168.0.255
inet6 alias 2001:05c0:92cf:0::c0a8:0001 64

[EMAIL PROTECTED] 1:06:33 [14]/etc cat hostname.fxp0
inet 192.168.2.1 255.255.255.0 192.168.2.255
inet6 alias 2001:5c0:92cf:2::c0a8:0201 64

Re: mediawiki on chroot

[atstake atstake]

On 2/14/07, Stuart Henderson [EMAIL PROTECTED] wrote:

On 2007/02/14 21:55, atstake atstake wrote:
 I'm getting this error  I understand that I need to symlink some file
 inside the chroot (/var/www) area but I'm not sure which file to be
 exact. I search previous misc@ archive but they seem a bit confusing.

You probably didn't do the 'phpxs' after installing php5-mysql



Mediawiki is working now. But this time there's a different kind of
error. When I type http://mysite.com/mediawiki; it takes me to
http://www/mediawiki/index.php/Main_Page;
I need to type http://mysite.com/mediawiki/index.php/Main_Page; to
get to my mediawiki and when I log in to mediawiki, create a file and
try to _save_ it, it takes me to
http://www/mediawiki/index.php/OpenBSD;. But eventually it _does_
save the file.

Apache error_log shows:

[error] PHP Warning:  Unknown:
open(/tmp//sess_gmmltgdpemd3sutt31mrivba34, O_RDWR) failed: Permission
denied (13) in Unknown on line 0

[error] PHP Warning:  Unknown: Failed to write session data (files).
Please verify that the current setting of session.save_path is correct
() in Unknown on line

Any kind of help would be appreciated.