Re: is there [EMAIL PROTECTED] archive?
On 2/17/07, Otto Moerbeek [EMAIL PROTECTED] wrote: On Sat, 17 Feb 2007, [EMAIL PROTECTED] wrote: i'm looking for new mobos (both embedded normal) wondered if there's any way to search through sumbitted [EMAIL PROTECTED] (you do all send in your dmesg don't you?) to see what people ran into previously. gmane marc have proved reasonably light on the only thing i found was http://www.nycbug.org/?NAV=dmesgd;f_bsd=OpenBSD which was not extensive enough - but a nice interface! The dmesgs submitted to [EMAIL PROTECTED] are not publicly accessible. At some point in time this was discussed, but we can't do that, since we never told people that they would be published. So they remain accessible to developers only. They are consulted very often, so keep them coming in! -Otto It's understandable that old dmesg can't be shown but isn't it possible to start on a new archive and inform user that all dmesg they will send in from this point will be accesible online for everybody? I have also thought the idea to have it public before and it would be great. Then the old archive could still be used by dev's but a new archive could easily be built up. Just an idea. Thanks. BR Dunceor
Re: SIP on OpenBSD
On Fri, Feb 16, 2007 at 06:01:53PM +, Stuart Henderson wrote: On 2007/02/16 17:07, Karel Kulhavy wrote: WARNING[32174]: chan_oss.c:470 soundcard_init: Unable to open /dev/dsp: No such file or directory This was an excerpt from the book - not an actual error message I got. I found in the OpenBSD installation, chan_oss.so is completely missing. Consequently, Asterisk cannot work with the console under OpenBSD :( CL
Re: is there [EMAIL PROTECTED] archive?
On Sat, 17 Feb 2007, Dunceor wrote: The dmesgs submitted to [EMAIL PROTECTED] are not publicly accessible. At some point in time this was discussed, but we can't do that, since we never told people that they would be published. So they remain accessible to developers only. They are consulted very often, so keep them coming in! -Otto It's understandable that old dmesg can't be shown but isn't it possible to start on a new archive and inform user that all dmesg they will send in from this point will be accesible online for everybody? I have also thought the idea to have it public before and it would be great. Then the old archive could still be used by dev's but a new archive could easily be built up. On the other hand, we'd hate it (and the project would suffer) if people would become reluctant to send in their dmesg. Publishing dmesgs could mean less dmesgs would be submitted. -Otto
Re: is there [EMAIL PROTECTED] archive?
On 2/17/07, Otto Moerbeek [EMAIL PROTECTED] wrote: On Sat, 17 Feb 2007, Dunceor wrote: The dmesgs submitted to [EMAIL PROTECTED] are not publicly accessible. At some point in time this was discussed, but we can't do that, since we never told people that they would be published. So they remain accessible to developers only. They are consulted very often, so keep them coming in! -Otto It's understandable that old dmesg can't be shown but isn't it possible to start on a new archive and inform user that all dmesg they will send in from this point will be accesible online for everybody? I have also thought the idea to have it public before and it would be great. Then the old archive could still be used by dev's but a new archive could easily be built up. On the other hand, we'd hate it (and the project would suffer) if people would become reluctant to send in their dmesg. Publishing dmesgs could mean less dmesgs would be submitted. -Otto Sorry, only sent private... If that would be the case, yes then there is no reason for it. But I don't see the reason why people would be more reluctant to send in their dmesg? It does not provide any private information. Well it was just an idea, maybe i'll just hack together a online dmesg tool and let the people who wants to send it be able to send it. BR Dunceor
sftp logins
Hello misc@ Is there a way to quickly show current and historical sftp logins in a format like the command 'last'? I've looked at ac (doesn't record sftp) and sa (way too much data, and the wrong sort) so far. cheers -- John
Re: PowerEdge 2950 sd0: not queued: error 5
On 2/17/07, Alejandro [EMAIL PROTECTED] wrote: UPDATE: It might not have any relation, one of our PowerEdges 2850 on the US (the 2950 one was in... Argentina) just went kaboom almost the same way... It stopped accesing the disk, it was responsive but you couldnt do anything, the console (IP KVM) showed: ami0: timeout ccb several times. This is an older system with other LSI card and OpenBSD 3.9 with RAID10. This one went even further with the problem, on reboot (IP PowerStrips :P), during the RAID card initialization it said TBBU cache data is invalid and then: Hi Alejandro, About three months ago, a friend of mine had problems with a SAS disk on a PE2950. Dell said there was a critical update of the firmware disks to apply. Unfortunately his server runs Windows and I don't know if this can be related. I eventually updated my 2950 with the dell upgrade. It's a cdrom iso you can download on a dell ftp site. You should ask Dell for the exact location. Hope this can help. Mattieu DRAM/NVRAM cfg match Disks have good cfg but they do not match DRAM cfg Firmware cannot flush cache After resaving RAID configuration it started OK and everything seems nominal... Nothing on the logs. It was very alike to the other problem, but both could have been crappy Dell hardware, just mentioning this for if anyone gets any idea... Something funny to mention, this machine was carped but it was sending advertises over the carp interface, even thought it had no disk, so the other never took the MASTER Thanks, Alejandro. dmesg: OpenBSD 3.9-stable (GENERIC) #5: Thu Jan 4 19:36:23 GMT 2007 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel(R) Xeon(TM) CPU 2.80GHz (GenuineIntel 686-class) 2.80 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,CNXT-ID real mem = 2146807808 (2096492K) avail mem = 1952804864 (1907036K) using 4278 buffers containing 107442176 bytes (104924K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(00) BIOS, date 01/09/06, BIOS32 rev. 0 @ 0xffe90 pcibios0 at bios0: rev 2.1 @ 0xf/0x1 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfb600/320 (18 entries) pcibios0: PCI Interrupt Router at 000:31:0 (Intel 82801EB/ER LPC rev 0x00) pcibios0: PCI bus #9 is the last bus bios0: ROM list: 0xc/0xb000! 0xcb000/0x1000 0xcc000/0x800 0xcc800/0x1000 0xcd800/0x2600 0xec000/0x4000! ipmi0 at mainbus0: version 1.5 interface KCS iobase 0xca8/8 spacing 4 cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 Intel E7520 MCH rev 0x09 ppb0 at pci0 dev 2 function 0 Intel MCH PCIE rev 0x09 pci1 at ppb0 bus 1 ppb1 at pci1 dev 0 function 0 Intel IOP331 Channel 0 rev 0x06 pci2 at ppb1 bus 2 mpt0 at pci2 dev 5 function 0 Symbios Logic 53c1030 rev 0x08: irq 7 scsibus0 at mpt0: 16 targets mpt1 at pci2 dev 5 function 1 Symbios Logic 53c1030 rev 0x08: irq 3 scsibus1 at mpt1: 16 targets ppb2 at pci1 dev 0 function 2 Intel IOP331 Channel 1 rev 0x06 pci3 at ppb2 bus 3 ami0 at pci3 dev 11 function 0 Symbios Logic MegaRAID rev 0x01: irq 3 Dell 518 64b/lhc ami0: FW 352A, BIOS v1.10, 128MB RAM ami0: 2 channels, 0 FC loops, 1 logical drives scsibus2 at ami0: 40 targets sd0 at scsibus2 targ 0 lun 0: AMI, Host drive #00, SCSI2 0/direct fixed sd0: 279800MB, 279800 cyl, 64 head, 32 sec, 512 bytes/sec, 573030400 sec total scsibus3 at ami0: 16 targets safte0 at scsibus3 targ 6 lun 0: PE/PV, 1x6 SCSI BP, 1.0 SCSI2 3/processor fixed scsibus4 at ami0: 16 targets ppb3 at pci0 dev 4 function 0 Intel MCH PCIE rev 0x09 pci4 at ppb3 bus 4 ppb4 at pci0 dev 5 function 0 Intel MCH PCIE rev 0x09 pci5 at ppb4 bus 5 ppb5 at pci5 dev 0 function 0 Intel PCIE-PCIE rev 0x09 pci6 at ppb5 bus 6 em0 at pci6 dev 7 function 0 Intel PRO/1000MT (82541GI) rev 0x05: irq 11, address 00:18:8b:34:86:bd ppb6 at pci5 dev 0 function 2 Intel PCIE-PCIE rev 0x09 pci7 at ppb6 bus 7 em1 at pci7 dev 8 function 0 Intel PRO/1000MT (82541GI) rev 0x05: irq 3, address 00:18:8b:34:86:be ppb7 at pci0 dev 6 function 0 Intel MCH PCIE rev 0x09 pci8 at ppb7 bus 8 uhci0 at pci0 dev 29 function 0 Intel 82801EB/ER USB rev 0x02: irq 11 usb0 at uhci0: USB revision 1.0 uhub0 at usb0 uhub0: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered uhci1 at pci0 dev 29 function 1 Intel 82801EB/ER USB rev 0x02: irq 10 usb1 at uhci1: USB revision 1.0 uhub1 at usb1 uhub1: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub1: 2 ports with 2 removable, self powered uhci2 at pci0 dev 29 function 2 Intel 82801EB/ER USB rev 0x02: irq 7 usb2 at uhci2: USB revision 1.0 uhub2 at usb2 uhub2: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub2: 2 ports with 2 removable, self powered ehci0 at pci0 dev 29 function 7 Intel 82801EB/ER USB2 rev 0x02: irq 5 usb3 at ehci0: USB revision 2.0 uhub3 at usb3 uhub3: Intel EHCI root hub, rev 2.00/1.00, addr 1 uhub3: 6 ports with 6 removable, self powered ppb8 at pci0 dev 30 function 0
Re: ftp-proxy problem using active ftp
Camiel, Thanks for all your help. It looks like it is something upstream, because all your hints check out. Today I tried to ssh externally to the OpenBSD firewall and what do you think; no packets arrive at the external interface. So it must be that damn IAS modem that is blocking everything. How on earth can they setup something like that? Cost me a day to find out (partially my fault of course). Thanks again. Nils -Original Message- From: Camiel Dobbelaar [mailto:[EMAIL PROTECTED] Sent: vrijdag 16 februari 2007 19:24 To: Reuvers, Nils Cc: misc@openbsd.org Subject: Re: ftp-proxy problem using active ftp On Fri, 16 Feb 2007, [EMAIL PROTECTED] wrote: #1 client: PORT 192,168,1,56,9,96\r\n #1 proxy: PORT 193,172,163,50,235,99\r\n 193.172.163.50 is the correct external IP ? Does the firewall have more then one external IP? #1 server: 200 PORT command successful - not using PASV eh?\r\n #1 active: server to client port 2400 via port 60259 #1 client: NLST\r\n This looks fine. At the point where it says active it has inserted the rules. You can check those like this: # pfctl -sA -v ftp-proxy ftp-proxy/27568.13 # pfctl -a ftp-proxy/27568.13 -sr pass in quick inet proto tcp from 129.128.5.191 to 192.168.28.28 port = 58202 flags S/SA keep state (max 1) rtable 0 pass out quick inet proto tcp from 129.128.5.191 to 192.168.28.28 port = 58202 flags S/SA keep state (max 1) rtable 0 and with -sn for the nat rules. Do those look correct? My PF log isn't showing anything useful regarding ftp. Make sure all the rules have the log option set, especially the block rules. You can also try tcpdump on the external interface to check if the SYN packets of the active connection are coming in. If nothing comes in, someone upstream may be blocking. -- Cam = A disclaimer applies to this email and any attachments. Refer to http://www.sparkholland.com/emaildisclaimer for the full text of this disclaimer.
OpenBGPd won't receive prefix
Hello,
I just set up two identical machines to make some tests with vlan, carp
and openbgpd to replace my cisco routers in the next couple of months.
VLAN- and carp-configuratin is quite easy, it works out of the box and
without any problems. OpenBGPd runs fine, too. Err, nearly fine.
I named my two boxes Pinky and Brain :) On both I configured the same
VLAN and CARP - this should be the local gateways for the other boxes
connected using a normale cisco switch. I pasted the output of the
ifconfig command to the bottom of this mail.
To reach some kind of redundancy I set up an iBGP-Session between Pinky
and Brain. It is a very simple configuration and has only minor
differences - you can find the complete configuration file at the bottom
of the mail:
router-id 194.9.86.1
router-id 194.9.86.2
neighbor 194.9.86.2 {
neighbor 194.9.86.1 {
local-address 194.9.86.1
local-address 194.9.86.2
I expect to receive the specifed network-prefix from Pinky on Brain via
iBGP and vice versa. But on Brain I can't find any advertised prefix
from Pinky:
Pinky# bgpctl sh
Neighbor ASMsgRcvdMsgSentOutQ Up/Down
State/PrefixRcvd
Brain35548 8 7 0 00:04:23 0
The other side works fine, Brain is receiving the prefix from Pinky.
Brain# bgpctl sh
Neighbor ASMsgRcvdMsgSentOutQ Up/Down
State/PrefixRcvd
Pinky35548 6 7 0 00:03:11 1
Both sides advertises the prefix, I can't find any misconfiguration on
this. Brain advertises the prefix as you can see here:
Brain# bgpctl sh rib
flags: * = Valid, = Selected, I = via IBGP, A = Announced
origin: i = IGP, e = EGP, ? = Incomplete
flags destination gateway lpref med aspath origin
I* 195.140.212.0/23194.9.86.1 100 0 i
AI* 195.140.212.0/230.0.0.0100 0 i
But I don't received it on Pinky (as you can see above):
Pinky# bgpctl sh rib
flags: * = Valid, = Selected, I = via IBGP, A = Announced
origin: i = IGP, e = EGP, ? = Incomplete
flags destination gateway lpref med aspath origin
AI* 195.140.212.0/230.0.0.0100 0 i
Does anybody has an explanation for this behaviour? I tried without any
vlan and carp interface only with normal configured interfaces - the
same. I'm at a loss. You are my last hope :-))
Regards,
Falk
--snipp--
Output of the ifconfig command:
##Pinky:
vlan212: flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST mtu 1500
lladdr 00:06:5b:ec:48:c5
vlan: 212 priority: 0 parent interface: em1
groups: vlan
inet6 fe80::206:5bff:feec:48c5%vlan212 prefixlen 64 scopeid 0x9
inet 195.140.212.2 netmask 0x broadcast 195.140.212.2
carp212: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
lladdr 00:00:5e:00:01:d4
carp: MASTER carpdev vlan212 vhid 212 advbase 1 advskew 0
groups: carp
inet6 fe80::200:5eff:fe00:1d4%carp212 prefixlen 64 scopeid 0xe
inet 195.140.212.1 netmask 0xff00 broadcast 195.140.212.255
##Brain:
vlan212: flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST mtu 1500
lladdr 00:0f:1f:66:3f:d3
vlan: 212 priority: 0 parent interface: em1
groups: vlan
inet6 fe80::20f:1fff:fe66:3fd3%vlan212 prefixlen 64 scopeid 0x9
inet 195.140.212.3 netmask 0x broadcast 195.140.212.3
carp212: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
lladdr 00:00:5e:00:01:d4
carp: BACKUP carpdev vlan212 vhid 212 advbase 1 advskew 0
groups: carp
inet6 fe80::200:5eff:fe00:1d4%carp212 prefixlen 64 scopeid 0xf
inet 195.140.212.1 netmask 0xff00 broadcast 195.140.212.255
--snipp--
The complete configuration file:
##Pinky:
# global configuration
AS 35548
router-id 194.9.86.1
network 195.140.212.0/23
holdtime180
holdtime min3
neighbor 194.9.86.2 {
remote-as 35548
descr Brain
local-address 194.9.86.1
announceall
tcp md5sig key foobar
}
# filter out prefixes longer than 24 or shorter than 8 bits
deny from any
allow from any prefixlen 8 - 24
# do not accept a default route
deny from any prefix 0.0.0.0/0
# filter bogus networks
deny from any prefix 10.0.0.0/8 prefixlen = 8
deny from any prefix 172.16.0.0/12 prefixlen = 12
deny from any prefix 192.168.0.0/16 prefixlen = 16
deny from any prefix 169.254.0.0/16 prefixlen = 16
deny from any prefix 192.0.2.0/24 prefixlen = 24
deny from any prefix 224.0.0.0/4 prefixlen = 4
deny from any prefix 240.0.0.0/4 prefixlen = 4
##Brain:
# global configuration
AS 35548
router-id 194.9.86.2
network 195.140.212.0/23
holdtime180
holdtime min3
neighbor 194.9.86.1 {
Re: is there [EMAIL PROTECTED] archive?
On Sat, Feb 17, 2007 at 09:35:19AM +0100, Dunceor wrote: Well it was just an idea, maybe i'll just hack together a online dmesg tool and let the people who wants to send it be able to send it. Or just use the one at nycbug[1], which already has dmesgs, is already coded up, and has a nice interface. The more dmesgs in one place, the better. Another alternative for the project would be to have public-dmesg@ in addition to [EMAIL PROTECTED] Everything sent to public-dmesg@ would get processed the same as dmesg@, plus it would be made available publicly. dmesg@ would be the same as always... [1] http://www.nycbug.org/?NAV=dmesgd -- Darrin Chandler | Phoenix BSD Users Group [EMAIL PROTECTED] | http://bsd.phoenix.az.us/ http://www.stilyagin.com/darrin/ |
Emergency outage at ualberta.ca - may impact ftp and www
Hi everyone. We have an emergency outage this weekend starting at 1700h GMT - main power to the building where ftp.openbsd.org and www.openbsd.org live is being cut for a four hours. We do have UPSes and I'm told the backup generator will keep everything going, but just in case we go off the air for a while, it's because of our outage. Sorry for the short notice. CK -- GDB has a 'break' feature; why doesn't it have 'fix' too?
Re: OpenBGPd won't receive prefix
On Sat, Feb 17, 2007 at 04:02:22PM +0100, Falk Brockerhoff - smartTERRA GmbH
wrote:
Hello,
I just set up two identical machines to make some tests with vlan, carp
and openbgpd to replace my cisco routers in the next couple of months.
VLAN- and carp-configuratin is quite easy, it works out of the box and
without any problems. OpenBGPd runs fine, too. Err, nearly fine.
I named my two boxes Pinky and Brain :) On both I configured the same
VLAN and CARP - this should be the local gateways for the other boxes
connected using a normale cisco switch. I pasted the output of the
ifconfig command to the bottom of this mail.
To reach some kind of redundancy I set up an iBGP-Session between Pinky
and Brain. It is a very simple configuration and has only minor
differences - you can find the complete configuration file at the bottom
of the mail:
router-id 194.9.86.1
router-id 194.9.86.2
neighbor 194.9.86.2 {
neighbor 194.9.86.1 {
local-address 194.9.86.1
local-address 194.9.86.2
I expect to receive the specifed network-prefix from Pinky on Brain via
iBGP and vice versa. But on Brain I can't find any advertised prefix
from Pinky:
Pinky# bgpctl sh
Neighbor ASMsgRcvdMsgSentOutQ Up/Down
State/PrefixRcvd
Brain35548 8 7 0 00:04:23 0
The other side works fine, Brain is receiving the prefix from Pinky.
Brain# bgpctl sh
Neighbor ASMsgRcvdMsgSentOutQ Up/Down
State/PrefixRcvd
Pinky35548 6 7 0 00:03:11 1
Both sides advertises the prefix, I can't find any misconfiguration on
this. Brain advertises the prefix as you can see here:
Brain# bgpctl sh rib
flags: * = Valid, = Selected, I = via IBGP, A = Announced
origin: i = IGP, e = EGP, ? = Incomplete
flags destination gateway lpref med aspath origin
I* 195.140.212.0/23194.9.86.1 100 0 i
AI* 195.140.212.0/230.0.0.0100 0 i
But I don't received it on Pinky (as you can see above):
Pinky# bgpctl sh rib
flags: * = Valid, = Selected, I = via IBGP, A = Announced
origin: i = IGP, e = EGP, ? = Incomplete
flags destination gateway lpref med aspath origin
AI* 195.140.212.0/230.0.0.0100 0 i
Does anybody has an explanation for this behaviour? I tried without any
vlan and carp interface only with normal configured interfaces - the
same. I'm at a loss. You are my last hope :-))
bgpd only sends the selected routes to the neighbors and the announced
network from 194.9.86.1 has higher precedence and so only 194.9.86.2 has
both networks in the table. If you remove the network on 194.9.86.1,
194.9.86.2 would announce the network to 194.9.86.1.
You can play with network 195.140.212.0/23 set localpref x to see this
effect in both directions.
Regards,
Falk
--snipp--
Output of the ifconfig command:
##Pinky:
vlan212: flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST mtu 1500
lladdr 00:06:5b:ec:48:c5
vlan: 212 priority: 0 parent interface: em1
groups: vlan
inet6 fe80::206:5bff:feec:48c5%vlan212 prefixlen 64 scopeid 0x9
inet 195.140.212.2 netmask 0x broadcast 195.140.212.2
carp212: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
lladdr 00:00:5e:00:01:d4
carp: MASTER carpdev vlan212 vhid 212 advbase 1 advskew 0
groups: carp
inet6 fe80::200:5eff:fe00:1d4%carp212 prefixlen 64 scopeid 0xe
inet 195.140.212.1 netmask 0xff00 broadcast 195.140.212.255
##Brain:
vlan212: flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST mtu 1500
lladdr 00:0f:1f:66:3f:d3
vlan: 212 priority: 0 parent interface: em1
groups: vlan
inet6 fe80::20f:1fff:fe66:3fd3%vlan212 prefixlen 64 scopeid 0x9
inet 195.140.212.3 netmask 0x broadcast 195.140.212.3
carp212: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
lladdr 00:00:5e:00:01:d4
carp: BACKUP carpdev vlan212 vhid 212 advbase 1 advskew 0
groups: carp
inet6 fe80::200:5eff:fe00:1d4%carp212 prefixlen 64 scopeid 0xf
inet 195.140.212.1 netmask 0xff00 broadcast 195.140.212.255
--snipp--
The complete configuration file:
##Pinky:
# global configuration
AS 35548
router-id 194.9.86.1
network 195.140.212.0/23
holdtime180
holdtime min3
neighbor 194.9.86.2 {
remote-as 35548
descr Brain
local-address 194.9.86.1
announceall
tcp md5sig key foobar
}
# filter out prefixes longer than 24 or shorter than 8 bits
deny from any
allow from any prefixlen 8 - 24
# do not accept a default route
deny from any prefix
OpenBSD speed on desktops
Hello, I am using OpenBSD on server since few years now, and I am very happy with it's easy maintenance and it's stability. I want to try on desktop, and I am having trouble. Everything is much slower than existing Linux system. For example, Firefox takes 3-5 seconds to start on Linux but ~10 seconds on OpenBSD on same machine! I tried compiler optimizations but those didn't help. Any suggestions? Please cc replies to me also as I am not on misc. Thanks. Fumione (Note: please do not tell me change to lighter window manager. I would like to use same environment or stay with Linux. Thanks.)
Re: OpenBSD speed on desktops
On 2/17/07, R. Fumione [EMAIL PROTECTED] wrote: Hello, I am using OpenBSD on server since few years now, and I am very happy with it's easy maintenance and it's stability. I want to try on desktop, and I am having trouble. Everything is much slower than existing Linux system. For example, Firefox takes 3-5 seconds to start on Linux but ~10 seconds on OpenBSD on same machine! I tried compiler optimizations but those didn't help. Any suggestions? Please cc replies to me also as I am not on misc. Thanks. Fumione (Note: please do not tell me change to lighter window manager. I would like to use same environment or stay with Linux. Thanks.) You can just stay with linux. Really, we won't mind. Take care, jdq
Is atheros AR5213 fully supported on OpenBSD 4.0?
Hi, I got a wireless NIC to play with for a few days. Hope to learn OpenBSD wireless networking techniques in that time :-) It is a D-Link DWL-AG530 Wireless 108AG Desktop Adapter. I fixed it in one of the PCI slots of my OpenBSD 4.0 on amd64. It appears in the dmesg as the following. === $ dmesg |grep ath ath0 at pci3 dev 8 function 0 Atheros AR5212 rev 0x01: irq 11 ath0: AR5213 5.9 phy 4.3 rf5112a 3.6, FCC2A*, address 00:13:46:9a:27:31 ath0 at pci3 dev 8 function 0 Atheros AR5212 rev 0x01: irq 11 ath0: AR5213 5.9 phy 4.3 rf5112a 3.6, FCC2A*, address 00:13:46:9a:27:31 ath0 at pci3 dev 8 function 0 Atheros AR5212 rev 0x01: irq 11 ath0: AR5213 5.9 phy 4.3 rf5112a 3.6, FCC2A*, address 00:13:46:9a:27:31 = full dmesg is at the end of the mail. how ever the man page ath(4) only lists The ath driver provides support for wireless network devices based on the Atheros AR5210, AR5211, and AR5212 chips. and not AR5213. I did configure it in with the file. $ cat /etc/hostname.ath0 inet 192.168.5.5 255.255.255.0 NONE media autoselect mediaopt hostap mode 11g nwid my_secure_wlan chan 11 and it appears in the ifconfig as === ath0: flags=8863UP,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:13:46:9a:27:31 media: IEEE802.11 autoselect mode 11g hostap status: active ieee80211: nwid my_secure_wlan chan 11 bssid 00:13:46:9a:27:31 inet 192.168.5.5 netmask 0xff00 broadcast 192.168.5.255 inet6 fe80::213:46ff:fe9a:2731%ath0 prefixlen 64 scopeid 0x2 === The status is active :-) is this suffucient to know if it will work right? I am a bit apprehensive since it is not listed on the man page. Are there people out there successfully using this model? Please let me know :-) Thankyou so much Kind Regards Siju
pf three-legged vpn pass through question(s)
Qick backgroud to solicit examples: I am building a three-legged firewall to protect a Windoze based network. This is my first three-legged race. Sitting in my DMZ is a Windows VPN server, which needs to send/receive PPTP and GRE traffic. I am working through the pf-faq.pdf right now. I'm either starting to understand the way the flow of pf works - or I'm totally lost. In the pf-faq, under the Packet Tagging section (Policy Filtering), there is an example which passes traffic onto a DMZ network. However, If I am starting to understand this, it would seem that the example is missing an rdr statement to redirect the web and mail into the DMZ. There are pass statements for the web and mail - but I don't think that they would actually take care of getting that traffic to the specified servers. Am I wrong? The other thing that sort of confuses me right now is that there appear to be tags in use before they are assigned. This is probably the way it works, but it seems counter intuitive to me. I'm not understanding the program flow - I guess I would have to put my C hat on and dive into the code to really understand it (or thoroughly confuse myself). But in short - I think my question regarding that would be: is it ok to have a tagged line in the pf.conf prior to having a matching tag created? thanks to anyone who assists me with this - example pf.conf files of similar three-legged or VPN pass through configurations are very welcome! -- 010101010101010101010101010101010 010101010101010101010101010101010 0101010101 Meta Junkie 101010101010 010101010101010101010101010101010 010101010101010101010101010100101
Re: Is atheros AR5213 fully supported on OpenBSD 4.0?
On 2/18/07, Siju George [EMAIL PROTECTED] wrote: full dmesg is at the end of the mail. sorry it is here :-) == OpenBSD 4.0 (GENERIC) #690: Sat Sep 16 20:26:25 MDT 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/GENERIC real mem = 469037056 (458044K) avail mem = 389718016 (380584K) using 11502 buffers containing 47112192 bytes (46008K) of memory mainbus0 (root) bios0 at mainbus0: SMBIOS rev. 2.3 @ 0xf0730 (54 entries) bios0: ASUSTeK Computer INC. A8V-VM cpu0 at mainbus0: (uniprocessor) cpu0: AMD Athlon(tm) 64 Processor 3500+, 2200.40 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SSE3,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 64b/line 16-way L2 cache cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu0: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative pci0 at mainbus0 bus 0: configuration mode 1 pchb0 at pci0 dev 0 function 0 vendor VIA, unknown product 0x0336 rev 0x00 pchb1 at pci0 dev 0 function 1 vendor VIA, unknown product 0x1336 rev 0x00 pchb2 at pci0 dev 0 function 2 vendor VIA, unknown product 0x2336 rev 0x00 pchb3 at pci0 dev 0 function 3 vendor VIA, unknown product 0x3336 rev 0x00 pchb4 at pci0 dev 0 function 4 vendor VIA, unknown product 0x4336 rev 0x00 vendor VIA, unknown product 0x5336 (class system subclass interrupt, rev 0x00) at pci0 dev 0 function 5 not configured pchb5 at pci0 dev 0 function 6 vendor VIA, unknown product 0x6290 rev 0x00 pchb6 at pci0 dev 0 function 7 vendor VIA, unknown product 0x7336 rev 0x00 ppb0 at pci0 dev 1 function 0 VIA K8HTB AGP rev 0x00 pci1 at ppb0 bus 1 vga1 at pci1 dev 0 function 0 vendor VIA, unknown product 0x3230 rev 0x01 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) pciide0 at pci0 dev 15 function 0 VIA VT8251 SATA rev 0x00: DMA pciide0: using irq 5 for native-PCI interrupt pciide1 at pci0 dev 15 function 1 VIA VT82C571 IDE rev 0x07: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility wd0 at pciide1 channel 0 drive 0: ST340014A wd0: 16-sector PIO, LBA48, 38166MB, 78165360 sectors wd0(pciide1:0:0): using PIO mode 4, DMA mode 2 atapiscsi0 at pciide1 channel 1 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: SONY, DVD RW DRU-830A, SS20 SCSI0 5/cdrom removable cd0(pciide1:1:0): using PIO mode 4, DMA mode 2 uhci0 at pci0 dev 16 function 0 VIA VT83C572 USB rev 0x90: irq 11 usb0 at uhci0: USB revision 1.0 uhub0 at usb0 uhub0: VIA UHCI root hub, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered uhci1 at pci0 dev 16 function 1 VIA VT83C572 USB rev 0x90: irq 4 usb1 at uhci1: USB revision 1.0 uhub1 at usb1 uhub1: VIA UHCI root hub, rev 1.00/1.00, addr 1 uhub1: 2 ports with 2 removable, self powered uhci2 at pci0 dev 16 function 2 VIA VT83C572 USB rev 0x90: irq 5 usb2 at uhci2: USB revision 1.0 uhub2 at usb2 uhub2: VIA UHCI root hub, rev 1.00/1.00, addr 1 uhub2: 2 ports with 2 removable, self powered uhci3 at pci0 dev 16 function 3 VIA VT83C572 USB rev 0x90: irq 5 usb3 at uhci3: USB revision 1.0 uhub3 at usb3 uhub3: VIA UHCI root hub, rev 1.00/1.00, addr 1 uhub3: 2 ports with 2 removable, self powered ehci0 at pci0 dev 16 function 4 VIA VT6202 USB rev 0x90: irq 4 usb4 at ehci0: USB revision 2.0 uhub4 at usb4 uhub4: VIA EHCI root hub, rev 2.00/1.00, addr 1 uhub4: 8 ports with 8 removable, self powered pcib0 at pci0 dev 17 function 0 VIA VT8251 ISA rev 0x00 pchb7 at pci0 dev 17 function 7 VIA VT8251 VLINK rev 0x00 vr0 at pci0 dev 18 function 0 VIA RhineII-2 rev 0x7c: irq 11, address 00:18:f3:a7:74:73 rlphy0 at vr0 phy 1: RTL8201L 10/100 PHY, rev. 1 ppb1 at pci0 dev 19 function 0 VIA VT8251 PCIE rev 0x00 pci2 at ppb1 bus 4 azalia0 at pci2 dev 1 function 0 VIA HD Audio rev 0x00: irq 5 azalia0: host: High Definition Audio rev. 1.0 azalia0: codec: 0x04x/0x11d4 (rev. 5.0), HDA version 1.0 audio0 at azalia0 ppb2 at pci0 dev 19 function 1 VIA VT8251 PCI rev 0x00 pci3 at ppb2 bus 5 ath0 at pci3 dev 8 function 0 Atheros AR5212 rev 0x01: irq 11 ath0: AR5213 5.9 phy 4.3 rf5112a 3.6, FCC2A*, address 00:13:46:9a:27:31 skc0 at pci3 dev 9 function 0 D-Link Systems DGE-530T A1 rev 0x11, Marvell Yukon (0x1): irq 5 sk0 at skc0 port A, address 00:0f:3d:f4:89:61 eephy0 at sk0 phy 0: Marvell 88E1011 Gigabit PHY, rev. 3 pchb8 at pci0 dev 24 function 0 AMD AMD64 HyperTransport rev 0x00 pchb9 at pci0 dev 24 function 1 AMD AMD64 Address Map rev 0x00 pchb10 at pci0 dev 24 function 2 AMD AMD64 DRAM Cfg rev 0x00 pchb11 at pci0 dev 24 function 3 AMD AMD64 Misc Cfg rev 0x00 isa0 at pcib0 isadma0 at isa0 com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pmsi0 at
Re: pf three-legged vpn pass through question(s)
On 2/17/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: I am building a three-legged firewall to protect a Windoze based network. This is my first three-legged race. Easy stuff, don't sweat it. In the pf-faq, under the Packet Tagging section (Policy Filtering), there is an example which passes traffic onto a DMZ network. However, If I am starting to understand this, it would seem that the example is missing an rdr statement to redirect the web and mail into the DMZ. There are pass statements for the web and mail - but I don't think that they would actually take care of getting that traffic to the specified servers. Am I wrong? Depends on if the DMZ address space can be routed to directly from the Internet (as many/most DMZs are, on their only publicly-routable addresses). If you've got them sitting on RFC1918 address space behind the firewall, you'd need to rdr traffic accordingly. The other thing that sort of confuses me right now is that there appear to be tags in use before they are assigned. This is probably the way it works, but it seems counter intuitive to me. I'm not understanding the program flow - I guess I would have to put my C hat on and dive into the code to really understand it (or thoroughly confuse myself). But in short - I think my question regarding that would be: is it ok to have a tagged line in the pf.conf prior to having a matching tag created? There's no mention anywhere I can find of having to predeclare tags first. If a rule matches, it gets the tag you specify. Don't overcomplicate it. ;) DS
Re: OpenBSD speed on desktops
On 17/02/07, Jeff Quast [EMAIL PROTECTED] wrote: On 2/17/07, Jeff Rollin [EMAIL PROTECTED] wrote: On 17/02/07, Jeff Quast [EMAIL PROTECTED] wrote: On 2/17/07, R. Fumione [EMAIL PROTECTED] wrote: Hello, I am using OpenBSD on server since few years now, and I am very happy with it's easy maintenance and it's stability. I want to try on desktop, and I am having trouble. Everything is much slower than existing Linux system. For example, Firefox takes 3-5 seconds to start on Linux but ~10 seconds on OpenBSD on same machine! I tried compiler optimizations but those didn't help. Any suggestions? Please cc replies to me also as I am not on misc. Thanks. Fumione (Note: please do not tell me change to lighter window manager. I would like to use same environment or stay with Linux. Thanks.) You can just stay with linux. Really, we won't mind. Why not try optimizing OBSD for desktop use? Jeff I am porting x86-linux games to work on more architectures and more operating systems: http://www.flickr.com/photos/jquast/335431160/in/set-72157594443198409/ what are you doing? this person clearly didn't care to take the time(1) to back his opinion, or provide any sort of information that we could help him on. He just wanted to complain, and threaten us that he'll move to linux unless we help him find a mysterious magical fine-tuning knob that will make his firefox load faster? Strange, you had the time to explain that to me, but not to him? For all we know he's no longer using his accellerated binary nvidia driver. I havn't got the fucking time. fuck him, let him use linux. Agreed. It's not the lawsuit that makes people use Linux instead of the BSD's; it's the holier-than-thou, fuck-'em-if-they-dare-question-our-judgement attitude. Jeff
Re: OpenBSD speed on desktops
Agreed. It's not the lawsuit that makes people use Linux instead of the BSD's; it's the holier-than-thou, fuck-'em-if-they-dare-question-our-judgement attitude. Jeff indeed... actually, I was curious to see what answers fumione would get Mine is: I have been using GNU/Linux for years and I have also noticed that o'bsd is a _bit_ slower on the desktop, sometimes. But no that slower. In any case, I'd recommend you that you try to think in a different way. Don't try to make OpenBSD be like your linux, because it isn't (it's much better ;) ) Look for other possibilities. For instance: Have you tried to go back to mozilla? In my case firefox was behaving very buggy and consuming too much cpu. It's supposed to be a light-weight version of mozilla but I find that mozilla itself is much faster than firefox and doesn't consume almost anything (and the fonts are looking better too) Let us (at least me) know Cheers, Pau
Re: OpenBSD speed on desktops
On 17/02/07, Jeff Quast [EMAIL PROTECTED] wrote: On 2/17/07, Jeff Rollin [EMAIL PROTECTED] wrote: On 17/02/07, Jeff Quast [EMAIL PROTECTED] wrote: On 2/17/07, Jeff Rollin [EMAIL PROTECTED] wrote: On 17/02/07, Jeff Quast [EMAIL PROTECTED] wrote: On 2/17/07, R. Fumione [EMAIL PROTECTED] wrote: Hello, I am using OpenBSD on server since few years now, and I am very happy with it's easy maintenance and it's stability. I want to try on desktop, and I am having trouble. Everything is much slower than existing Linux system. For example, Firefox takes 3-5 seconds to start on Linux but ~10 seconds on OpenBSD on same machine! I tried compiler optimizations but those didn't help. Any suggestions? Please cc replies to me also as I am not on misc. Thanks. Fumione (Note: please do not tell me change to lighter window manager. I would like to use same environment or stay with Linux. Thanks.) You can just stay with linux. Really, we won't mind. Why not try optimizing OBSD for desktop use? Jeff I am porting x86-linux games to work on more architectures and more operating systems: http://www.flickr.com/photos/jquast/335431160/in/set-72157594443198409/ what are you doing? this person clearly didn't care to take the time(1) to back his opinion, or provide any sort of information that we could help him on. He just wanted to complain, and threaten us that he'll move to linux unless we help him find a mysterious magical fine-tuning knob that will make his firefox load faster? Strange, you had the time to explain that to me, but not to him? For all we know he's no longer using his accellerated binary nvidia driver. I havn't got the fucking time. fuck him, let him use linux. Agreed. It's not the lawsuit that makes people use Linux instead of the BSD's; it's the holier-than-thou, fuck-'em-if-they-dare-question-our-judgement attitude. This sentance doesn't make any sense. What lawsuits? question my judgement? Who questioned my judgement? Jeff Is it or is it not the case that some people feel the ATT vs USL lawsuit is what scares people off BSD? And as to questioning your judgement, why couldn't you give the user who started this thread the information you gave me? Why bother writing good documentation when we can just complain about our experiences and help each other out instead? You are more than welcome to hold that user's hand. I won't stop you. What's stopping YOU? And even if something is stopping you, why do you feel it necessary or wise to tell that user to use Linux instead of working to improve OBSD and/or help him with his problem? Jeff
Re: OpenBSD speed on desktops
On 17/02/07, Joachim Schipper [EMAIL PROTECTED] wrote:
On Sat, Feb 17, 2007 at 12:36:00PM -0500, R. Fumione wrote:
Hello,
I am using OpenBSD on server since few years now, and I am very happy
with it's easy maintenance and it's stability. I want to try on
desktop, and I am having trouble.
Everything is much slower than existing Linux system. For example,
Firefox takes 3-5 seconds to start on Linux but ~10 seconds on
OpenBSD on same machine!
I tried compiler optimizations but those didn't help. Any suggestions?
Please cc replies to me also as I am not on misc. Thanks.
Fumione
(Note: please do not tell me change to lighter window manager. I
would like to use same environment or stay with Linux. Thanks.)
I believe the standard response to any comparison use Linux if you're
happy with it. Since you've already received that, here is an attempt
to do the question a little more justice. (However, it boils down to 'it
doesn't matter if FF loads a little slower, as long as it runs equally
fast').
Most modern Linux distributions optimize dynamic library load using
prelinking; 4.0 and later have a comparable idea implemented
('prebind'), but in a way that does not interfere with OpenBSD's
security features. This is not enabled by default (I'm not sure why not,
and would be very grateful if anybody would tell me, BTW), but can be
enabled using `ldconfig -P /usr/bin /usr/sbin /usr/local/bin
/usr/local/sbin /usr/X11R6/bin'. This should result in a noticeable
speed increase, especially on programs with lots of loaded libraries -
and look in /usr/local/mozilla-firefox to see that FF does have 'lots of
loaded libraries'!
Of course, it would be a good idea to know why it's not the default
first. Also note that, if I remember correctly, prebind won't help if
you use a nonstandard LD_LIBRARY_PATH, as FF does... so the command
listed before is likely to work for just about every *other* program.
Another aspect is that Linux is much more aggressive in caching data
from disk; if the amount of data read, the amount of work done in
between, and the amount of RAM is such that Linux can get most data from
its memory cache while OpenBSD has to read most of it from disk, Linux
will be a *lot* faster. Of course, you would only see this effect if you
started Firefox twice without doing much in between.
Both of those could explain why FF loads slower. If either of those is
the big culprit, though, FF should run just as fast (slow) as it ever
did, and since you're not likely to start it that often, I'd be inclined
to say it isn't that big an issue.
If a comparable slowdown is found in running FF, that would be a
problem. There are many variables there, of course... a dmesg might be
helpful, for instance.
Aggressive compiler optimizations are not generally a good idea. The
developers believe they are an unnecessary source of bugs, and since
many optimizations are not enabled by default, there is not quite as
much opportunity to find bugs in them. Plus, no amount of fiddling is
likely to double speed.
Since you didn't mention what you are using at the moment, I can't very
well tell you to switch to a lighter window manager, can I? Ion *is*
nice, though... ;-)
Joachim
Now that's what I call a helpful answer
Jeff
Re: OpenBGPd won't receive prefix
Claudio Jeker wrote: bgpd only sends the selected routes to the neighbors and the announced network from 194.9.86.1 has higher precedence and so only 194.9.86.2 has both networks in the table. If you remove the network on 194.9.86.1, 194.9.86.2 would announce the network to 194.9.86.1. Ah, ok. I follow this behavior; I just take down the carp- and vlan interfaces on 194.9.86.1 and it works as you described it. I will play with localpref later, but before I want to ask if my planned setup is the right solution for my needs. I want to run two bgp-routers and connect several eBGP sessions to the two routers. To the inside I want to provide a failover-tolerant default gateway for my vlans, that's why I'm using carp. If some or all eBGP sessions on one router fails I would like to route the packets over the other one, that's why I think iBGP is a fine way to do this. Ok, for this iBGP should redistribute the via eBGP learned routes. But I want to do this for the internal networks, too. If a link to my local switch fails, is this the right way to route the incoming packet over to the other router, which has a functional link to the local switch? I hope my explanation is not to confusing :-) Regards, Falk
Re: OpenBSD speed on desktops
On 2/17/07, Jeff Rollin [EMAIL PROTECTED] wrote: What's stopping YOU? And even if something is stopping you, why do you feel it necessary or wise to tell that user to use Linux instead of working to improve OBSD and/or help him with his problem? Because in general it's a waste of time to help a user to get his OpenBSD install to work just like his Linux install, performance-wise, looks-wise, functionality-wise, etc. If the guy had given any concrete info beyond oooh, Firefox is slow to start up on OpenBSD he would probably receive some good suggestions on figuring out what the problem is, if any. Personally my attitude is he can stick with Linux, not because he's looking for a similar experience on OpenBSD but because he doesn't seem to be able to formulate a reasonable request for help. Greg
Re: OpenBGPd won't receive prefix
On 2007/02/17 23:41, Falk Brockerhoff wrote:
I will play with localpref later, but before I want to ask if my planned
setup is the right solution for my needs. I want to run two bgp-routers
and connect several eBGP sessions to the two routers.
To the inside I want to provide a failover-tolerant default gateway for
my vlans, that's why I'm using carp.
If you run PF on the same routers as well, take care with stateful rules,
stateless is the easy way, or arrange so that the CARP master is a better
route (maybe prepend on the backup). you are unlikely to get states sync'd
quickly enough to avoid problems if you have things too asymmetric.
want to do this for the internal networks, too.
I would normally use OSPF for this, using iBGP to carry internal routes
is possible but I think mostly something done on larger networks.
ospfd has a nice feature; when you use interface carpXX { passive },
the network is only announced via OSPF when CARP is master. This works
really well.
Re: OpenBSD speed on desktops
Most modern Linux distributions optimize dynamic library load using
prelinking; 4.0 and later have a comparable idea implemented
('prebind'), but in a way that does not interfere with OpenBSD's
security features. This is not enabled by default (I'm not sure why not,
and would be very grateful if anybody would tell me, BTW),
The pkg tree is not yet ready to do the right thing for this, heck,
even the base is not fully prepared for this to be on by default.
Prebind appends an information block to the end of libraries, and
there are some more details which need to be considered, and handled.
Furthermore, anytime you did a 'make build' of your system, the prebind
information changes in that information block, and when any of it is
invalid, it ignored, and you are right back in the un-optimized mode.
That's safe, and fine, but there are issues.
Like everything else in OpenBSD, we make it available early, and then
we turn it on when we are confident. You don't even need to know the
above details -- just trust we are making the right decisions.
Re: OpenBSD speed on desktops
On 2/17/07, Jeff Rollin [EMAIL PROTECTED] wrote: On 17/02/07, Greg Thomas [EMAIL PROTECTED] wrote: On 2/17/07, Jeff Rollin [EMAIL PROTECTED] wrote: What's stopping YOU? And even if something is stopping you, why do you feel it necessary or wise to tell that user to use Linux instead of working to improve OBSD and/or help him with his problem? Because in general it's a waste of time to help a user to get his OpenBSD install to work just like his Linux install, performance-wise, looks-wise, functionality-wise, etc. If the guy had given any concrete info beyond oooh, Firefox is slow to start up on OpenBSD he would probably receive some good suggestions on figuring out what the problem is, if any. Personally my attitude is he can stick with Linux, not because he's looking for a similar experience on OpenBSD but because he doesn't seem to be able to formulate a reasonable request for help. Greg None of you seem the slightest bit interested in telling him HOW to formulate a reasonable request for help. Damn, you're right. I forgot how hard it is to see this: http://www.openbsd.org/mail.html when looking for the mailing lists. But, here, I'll cc him with this message since it appears he didn't read the above: Do your homework before you post If you have an installation question, make sure that you have read the relevant documents such as the INSTALL.* text files in the FTP installation directories, the FAQ and the relevant man pages (start with afterboot(8)), and check the mailing list archives. We want to help, but we wouldn't want to deprive you of a valuable learning experience, and no one wants to see the same question on the lists for the fifth time in a month. Include important information Don't waste everyone's time with a hopelessly incomplete question. No one other than you has the information needed to resolve your problem, it is better to provide more information than needed than one detail too little. Any question should include at least the version of OpenBSD (i.e., 3.2-stable, 3.3-current as of July 20, 2003). Any hardware related questions should mention the platform (i.e., sparc, alpha, etc.), and provide a full dmesg(8). Hardware model numbers, unfortunately, don't indicate much about the actual content of a particular machine or accessory, and are useless to anyone who doesn't have that exact machine sitting where they can easily recognize it. The dmesg(8) tells us exactly what is IN your machine, not what stickers are on the outside. HTH, Greg
Re: missing isakmpd.fifo
Hello, I am experiencing the same problem. I am testing it to see if I can find what is causing it. I am running OpenBSD 4.0-stable and I went to add a new tunnel today and was greeted with a message the isakmpd.fifo did not exist. I have isakmpd enabled in /etc/rc.conf with flags -K. Even though I do not specify a location on the command line of isakmpd for the fifo to occur, it does exist in fact when the process is launched and sometime later dies off. This is what I found today: # echo ike esp from 172.31.33.0/24 to 10.9.9.0/24 peer aaa.bbb.ccc.ddd psk | ipsecctl -f - ipsecctl: ike_ipsec_establish: open(/var/run/isakmpd.fifo): No such file or directory Where as before the exact same command has worked fine. Thanks, -Matt- On Wed, 7 Feb 2007, Dag Richards wrote: Toni Mueller wrote: Hi Dag, On Thu, 01.02.2007 at 08:37:01 -0800, Dag Richards [EMAIL PROTECTED] wrote: locations. Yesterday I needed to add a tunnel, there was no /var/run/isakmpd.fifo ... odd says I. isakmpd had been running since mid The fifo was recreated, I could use it to control isakmpd. OK. Today I look for isakmpd.fifo, it has disappeared again. and nothing I do not expect to see. I am not running out of disk space ... anybody seen this before? please check again using -i in order to find out whether you have enough disk space. Best, --Toni++ hsdcert0:root:/root #df -i Filesystem 1K-blocks Used Avail Capacity iused ifree %iused Mounted on /dev/sd0a 4126462 35180 3884960 1%2204 533602 0% / /dev/sd0e 103030244978744 0% 16 144238 0% /home /dev/sd0d 1030302 2978786 0% 1 144253 0% /tmp /dev/sd0f10318830391228 9411662 4% 13887 1305023 1% /usr /dev/sd0g16423486 1080606 14521706 7%3564 2077842 0% /var Nope plenty inodes too.
Re: OpenBSD speed on desktops
On Sat, Feb 17, 2007 at 05:09:26PM -0700, Theo de Raadt wrote:
Most modern Linux distributions optimize dynamic library load using
prelinking; 4.0 and later have a comparable idea implemented
('prebind'), but in a way that does not interfere with OpenBSD's
security features. This is not enabled by default (I'm not sure why not,
and would be very grateful if anybody would tell me, BTW),
The pkg tree is not yet ready to do the right thing for this, heck,
even the base is not fully prepared for this to be on by default.
Prebind appends an information block to the end of libraries, and
there are some more details which need to be considered, and handled.
Furthermore, anytime you did a 'make build' of your system, the prebind
information changes in that information block, and when any of it is
invalid, it ignored, and you are right back in the un-optimized mode.
That's safe, and fine, but there are issues.
Like everything else in OpenBSD, we make it available early, and then
we turn it on when we are confident. You don't even need to know the
above details -- just trust we are making the right decisions.
Okay, that's about what I expected. Thanks!
And, frankly, if I didn't have a lot of confidence in you guys making
the right decisions, I wouldn't be running OpenBSD. I *do* like
understanding how stuff works, though.
Joachim
Resume of Steve Snow : Database SQL Applications Programmer
Please forward this resume to your Database and software development, MIS/IT/Software Department for review. -- Resume of Steve Snow -- Phone: 970-300-4770 -- [EMAIL PROTECTED] -- Work Experience: * 20 Years Database and Software Application developer * References available on request. * Create/Fix/Change/Convert Databases. * Display your data on your website, any number of pages in html/PHP/ASP. * Graphs, Maps, Charts, Diagrams, Pictures, Photos, and Graphics in Database and Reports. * Mail Merge of Databases/Information/Spreadsheets/Programs. * Create reports from Data such as PDF, Spreadsheet or HTML. * Sales leads for clients using Internet Resources. * Solving almost any job any data from any program source. * Fill out Website Forms automatically, or gather intelligence from them. * Exchange data from any number of programs, including websites. * Create inter office communication between cities/locations using Internet. * Inventory, Sales Lead, Accounting, Statistical Database Creation. * Meetings with employees to understand their needs/solution they wanted. * Training of personnel in all above systems. * Write software to perform the above jobs. * Problem solve any data question/problem you may have. * Transfer data between any number of unrelated programs, including websites. * Merge Data from unrelated programs and databases. * Test your entire website for errors by automatically filling in all your webforms on all your webpages. * Screenscrape, Webscraping, and Datamining from the internet straight to your custom databases. * Chief Developer and programmer for above with 30 years experience. -- Skills: * All VB/VBA,COM/ActiveX,DOM,SOAP, .NET * All SQL programming, Oracle (incl. PL/SQL),MS Access,SQL Server,Sybase * XML,HTML * All database access methods, ADO (ActiveX Data Objects),DAO (Data Access Objects),Microsoft Jet, ODBC * Operating systems, Windows NT 4.0 / 2000 / XP,Windows 95 / 98,ndows 3.1 / 3.11 -- Availability: * By the job or task/requirement (bid). * Contract or Independent Consultant * Full or part time Employee. * Can fly in and be available for Live meetings on short notice. * Remote desktop (anywhere in the world, using XP Pro and above). -- Bondable/References * SECRET Clearance (US Government) * Fully bondable * Non-disclosure/Confidentiality Agreements. -- Education * US Military, includes SECRET Clearance, University, Trade Schools and Certifications. -- Citizenship * Us Citizen. -- Vehicle/License * Class A License -- Special Mention * Can sign a waiver to not use your Company's Medical Insurance Policy (Already covered by US Veteran's Administration Medical Insurance)
Re: missing isakmpd.fifo
Anyone know if there would be a negative affect on isakmpd if the immutable flag was set on the file /var/run/isakmpd.fifo ? On Sat, 17 Feb 2007, Matthew Closson wrote: Hello, I am experiencing the same problem. I am testing it to see if I can find what is causing it. I am running OpenBSD 4.0-stable and I went to add a new tunnel today and was greeted with a message the isakmpd.fifo did not exist. I have isakmpd enabled in /etc/rc.conf with flags -K. Even though I do not specify a location on the command line of isakmpd for the fifo to occur, it does exist in fact when the process is launched and sometime later dies off. This is what I found today: # echo ike esp from 172.31.33.0/24 to 10.9.9.0/24 peer aaa.bbb.ccc.ddd psk | ipsecctl -f - ipsecctl: ike_ipsec_establish: open(/var/run/isakmpd.fifo): No such file or directory Where as before the exact same command has worked fine. Thanks, -Matt- On Wed, 7 Feb 2007, Dag Richards wrote: Toni Mueller wrote: Hi Dag, On Thu, 01.02.2007 at 08:37:01 -0800, Dag Richards [EMAIL PROTECTED] wrote: locations. Yesterday I needed to add a tunnel, there was no /var/run/isakmpd.fifo ... odd says I. isakmpd had been running since mid The fifo was recreated, I could use it to control isakmpd. OK. Today I look for isakmpd.fifo, it has disappeared again. and nothing I do not expect to see. I am not running out of disk space ... anybody seen this before? please check again using -i in order to find out whether you have enough disk space. Best, --Toni++ hsdcert0:root:/root #df -i Filesystem 1K-blocks Used Avail Capacity iused ifree %iused Mounted on /dev/sd0a 4126462 35180 3884960 1%2204 533602 0% / /dev/sd0e 103030244978744 0% 16 144238 0% /home /dev/sd0d 1030302 2978786 0% 1 144253 0% /tmp /dev/sd0f10318830391228 9411662 4% 13887 1305023 1% /usr /dev/sd0g16423486 1080606 14521706 7%3564 2077842 0% /var Nope plenty inodes too.
Serial console not working for IBM Aptiva
Greetings, I've installed OBSD 3.9 on an old (circa 2000) IBM Aptiva successfully, but I'm having trouble configuring a serial console for it. Firstly, selecting a serial console at installation produced an incorrect boot.conf as follows: # cat /etc/boot.conf stty com 9600 set tty com Unsurprisingly this didn't boot with boot(8) reporting the device com was not a proper console device. boot(8) did find pc0, com0 and com1 however, so I changed boot.conf: # cat /etc/boot.conf stty com0 9600 set tty com0 After connecting a known working null modem cable to COM2 [yes, COM2 not COM1] on the Aptiva we make progress attempting to connect a serial console from another OBSD 3.9 machine and then booting the Aptiva, but not much: # tip tty00 connected boot 10 boting hd0a:10: open hd0a:10: No such file or directory failed(2). will try /obsd boot boot boot boot boot boot boot boot boot boot boot boot boot boot boot boot boot boot boot boot boot boot boot boot boot boot boot boot boot boot boot boot boot boot boot boot boot boot boot boot boot boot boot boot boot boot boot boot boot boot boot boot boot
rsyncing -current packages -- pattern matching problems
hi,
i am rsyncing -current packages taking advantage of rsync's pattern
matching to avoid specifying the package versions, to make a local
repository for upgrades.
there are several packages that i _don't_ want to retrieve flavours for,
e.g. cyrus-sasl as an example. but i haven't been able to force just the
base package, without specifying identically the filename - which
defeats the purpose of what i was trying to achieve.
here's my current go, trimmed to show the specific problem:
$ cat snapshot.inc
# include file for rsync
cvsync-*
cyrus-sasl-*
- cyrus-sasl-*db*
- cyrus-sasl-*mysql*
- cyrus-sasl-*ldap*
db-4*
- *.tgz
$ rsync -thrivz --stats --del -n
rsync://rsync.de.openbsd.org/OpenBSD/snapshots/packages/i386
/var/tmp/packages/ --include-from=snapshot.inc
[...]
f+++ i386/cvsync-0.24.19.tgz
f+++ i386/cyrus-sasl-2.1.21p2-db4.tgz
f+++ i386/cyrus-sasl-2.1.21p2-ldap.tgz
f+++ i386/cyrus-sasl-2.1.21p2-mysql.tgz
f+++ i386/cyrus-sasl-2.1.21p2.tgz
f+++ i386/db-4.2.52p11.tgz
f+++ i386/index.txt
[...]
but I _don't_ want to retrieve all the{db4,ldap,mysql} flavors - just
the base one. can anybody help?
a+
scorch
out of the frying pan into the fire
Re: missing isakmpd.fifo
On 2/17/07, Matthew Closson [EMAIL PROTECTED] wrote: Anyone know if there would be a negative affect on isakmpd if the immutable flag was set on the file /var/run/isakmpd.fifo ? You mean, other than making isakmpd fail during startup? It removes and recreates the fifo when it starts. It also removes it when it exits. Leaving the fifo there when there's no process listening on it does not help things at all. You need to figure out why isakmpd is exitting and fix that and the fifo will take care of itself. ... I have isakmpd enabled in /etc/rc.conf with flags -K. Even though I do not specify a location on the command line of isakmpd for the fifo to occur, it does exist in fact when the process is launched and sometime later dies off. What is isakmpd logging when it sometime later dies off? Philip Guenther
Re: rsyncing -current packages -- pattern matching problems
On Sun, 18 Feb 2007 16:30:36 +1300, [EMAIL PROTECTED] wrote:
hi,
i am rsyncing -current packages taking advantage of rsync's pattern
matching to avoid specifying the package versions, to make a local
repository for upgrades.
there are several packages that i _don't_ want to retrieve flavours for,
e.g. cyrus-sasl as an example. but i haven't been able to force just the
base package, without specifying identically the filename - which
defeats the purpose of what i was trying to achieve.
here's my current go, trimmed to show the specific problem:
$ cat snapshot.inc
# include file for rsync
cvsync-*
cyrus-sasl-*
- cyrus-sasl-*db*
- cyrus-sasl-*mysql*
- cyrus-sasl-*ldap*
db-4*
- *.tgz
$ rsync -thrivz --stats --del -n
rsync://rsync.de.openbsd.org/OpenBSD/snapshots/packages/i386
/var/tmp/packages/ --include-from=snapshot.inc
[...]
f+++ i386/cvsync-0.24.19.tgz
f+++ i386/cyrus-sasl-2.1.21p2-db4.tgz
f+++ i386/cyrus-sasl-2.1.21p2-ldap.tgz
f+++ i386/cyrus-sasl-2.1.21p2-mysql.tgz
f+++ i386/cyrus-sasl-2.1.21p2.tgz
f+++ i386/db-4.2.52p11.tgz
f+++ i386/index.txt
[...]
but I _don't_ want to retrieve all the{db4,ldap,mysql} flavors - just
the base one. can anybody help?
I don't have a chance to check (no rsync file or man page to check)
but:
Maybe in the rules you constructed first match wins. Once a match
happens no further rules are evaluated?
Otherwise you might go ask on an rsync list - I'd guess the folk there
wouldn't have to go look at the manpages It really is OT here.
Please reply to the list only. Due to the nicely open list (which I
heartily approve of) being archived with unmasked addresses, all mail
to the sender address is /dev/null
In the beginning was The Word
and The Word was Content-type: text/plain
The Word of Rod.
SOLVED Re: rsyncing -current packages -- pattern matching problems
RW wrote:
thanks - that was it - natch the order of rsync includes/excludes is
mentioned in the cryptic man page. so, you need to:
exclude the more specific entry, and then finally include the required
one last as a generic entry:
- cyrus-sasl-*mysql*
- cyrus-sasl-*db4*
- cyrus-sasl-*postgres*
- cyrus-sasl-*ldap*
cyrus-sasl-*
achieves the required result.
yes it was a bit off topic but i was hoping to see how others did this.
a+
scorch
i am rsyncing -current packages taking advantage of rsync's pattern
matching to avoid specifying the package versions, to make a local
repository for upgrades.
there are several packages that i _don't_ want to retrieve flavours for,
e.g. cyrus-sasl as an example. but i haven't been able to force just the
base package, without specifying identically the filename - which
defeats the purpose of what i was trying to achieve.
here's my current go, trimmed to show the specific problem:
$ cat snapshot.inc
# include file for rsync
cvsync-*
cyrus-sasl-*
- cyrus-sasl-*db*
- cyrus-sasl-*mysql*
- cyrus-sasl-*ldap*
db-4*
- *.tgz
$ rsync -thrivz --stats --del -n
rsync://rsync.de.openbsd.org/OpenBSD/snapshots/packages/i386
/var/tmp/packages/ --include-from=snapshot.inc
[...]
f+++ i386/cvsync-0.24.19.tgz
f+++ i386/cyrus-sasl-2.1.21p2-db4.tgz
f+++ i386/cyrus-sasl-2.1.21p2-ldap.tgz
f+++ i386/cyrus-sasl-2.1.21p2-mysql.tgz
f+++ i386/cyrus-sasl-2.1.21p2.tgz
f+++ i386/db-4.2.52p11.tgz
f+++ i386/index.txt
[...]
but I _don't_ want to retrieve all the{db4,ldap,mysql} flavors - just
the base one. can anybody help?
I don't have a chance to check (no rsync file or man page to check)
but:
Maybe in the rules you constructed first match wins. Once a match
happens no further rules are evaluated?
Otherwise you might go ask on an rsync list - I'd guess the folk there
wouldn't have to go look at the manpages It really is OT here.
