Re: micro atx motherboard recommendations?
Hi, Just looking for a recommendation on a good/cheap (but not necessarily fast) microatx motherboard. Or possibly, one of those via motherboards, but needs to fit in an atx case. You might also look into the Jetway J7F4 series mini-itx boards. Dual onboard re nics. HTH... Nico
Re: Routing on one NIC?
Hi Guys, I am fairly new to OpenBSD, so I just being learning from all of you. This subject I can help out a bit. VLANs was design to separate broadcast domains, not be a security feature. It is more of a side effect and companies tout that it can be used for security. Newer codes are much better like Jason said. Lachian, hopefully you have a manageable switch that can create VLANs. You will have to create a VLAN for each of your subnets and add the appropriate ports into those VLANs. I would suggest that you use something other than VLAN 1 (default VLAN) for your two VLANs. On the port that is going to connect to your OpenBSD box, the port will be a member of both VLANs and turn on VLAN tagging (802.1Q) on the switch. If it is a Cisco switch using dot1q not ISL. You will have to turn on IP Forwarding, configure the VLANs, and enable VLAN tagging on the OpenBSD box. Look up ifconfig(8). Hopefully, this is only a temporary solution. Network traffic on that NIC will see twice as much as normal, since it receives and sends it out the same NIC. If you do not use VLANs, you will see broadcast coming from both of your subnets. If you bring up a sniffer, you should see them. Also, if the employees are clever they can just change their IP Address to become part of the new network and by pass any firewalling you might be doing on your OpenBSD box. :( bofh, I feel sorry for network. Meet too many of those guys in the networking field, but most of them never had any certs though. I really doubt that he had a CCNP unless he memorized some kind of brain dump to get it. People like that devalue the certs in our industry. rc On 3/25/07, J.C. Roberts [EMAIL PROTECTED] wrote: On Sunday 25 March 2007 11:09, Jason Dixon wrote: (Hark! -I think I hear the infamous wooshing sound of a quickly approaching clue stick) I'm not sure of the date of this article, but it seems to cover all of your questions. http://www.cisco.com/en/US/products/hw/switches/ps708/ products_white_paper09186a008013159f.shtml Excellent! Thanks Jason. Since you know real world usage of VLANs far better than most (and certainly better than me), your insights on using OpenBSD to properly secure VLANs seem totally MetaBUGable! VLANs really aren't the black magic most folks seem to think. Even Gillian Anderson has mastered the art of packet switching. http://www.routergod.com/gilliananderson/ http://www.routergod.com/gilliananderson/part2.html Now that was *really* unfair -you know I'm a sucker for redheads. :-) jcr
Re: any site or doc about openbsd kernel configuration, info or tweak?
On 3/25/07, Jay Jesus Amorin [EMAIL PROTECTED] wrote: any site or doc about openbsd kernel configuration, info or tweak aside from man page? thanks http://www.openbsd.org/faq/faq5.html#Why Q: 5.6 - Why do I need a custom kernel? A: Actually, you probably don't. That said, http://www.openbsd.org/faq/faq5.html#Options -- Kian Mohageri
Re: VPN
Is the VPN using IPsec or SSL? -Lars Lars NoodC)n ([EMAIL PROTECTED]) Ensure access to your data now and in the future http://opendocumentfellowship.org/about_us/contribute
Re: VPN
You need to provide more info. Are you using NAT? Are you running IPSEC, PPTP, L2TP, or SSL based VPN? On 3/26/07, Appie [EMAIL PROTECTED] wrote: Hi, Been using OpenBSD 4.0 w/ PF for a quite a while now, everything is running perfectly smooth, our setup is to block all incoming packets while allow all for outbound packets as long as connections are initiated from within our local lan. The only problem we encountered was that we can't connect simultaneous vpn connections to via windows XP vpn connectivity to our branch server. We can connect one at a time. Is there something I need to configure? We Tested it with another firewall setup (ipcop firewall) and it works. Hoping for your help. Thanks much. -- View this message in context: http://www.nabble.com/VPN-tf3465334.html#a9668331 Sent from the openbsd user - misc mailing list archive at Nabble.com.
Re: Routing on one NIC?
Lachian, hopefully you have a manageable switch that can create VLANs. You will have to create a VLAN for each of your subnets and add the appropriate ports into those VLANs. I would suggest that you use something other than VLAN 1 (default VLAN) for your two VLANs. On the port that is going to connect to your OpenBSD box, the port will be a member of both VLANs and turn on VLAN tagging (802.1Q) on the switch. If it is a Cisco switch using dot1q not ISL. You will have to turn on IP Forwarding, configure the VLANs, and enable VLAN tagging on the OpenBSD box. I'm only a home user, I don't have anything fancy. Thanks for your advice, though. Hopefully, this is only a temporary solution. Network traffic on that NIC will see twice as much as normal, since it receives and sends it out the same NIC. As I said before, I'm only a home user; I could probably use 10BASE-T without having performance problems. If you do not use VLANs, you will see broadcast coming from both of your subnets. If you bring up a sniffer, you should see them. Also, if the employees are clever they can just change their IP Address to become part of the new network and by pass any firewalling you might be doing on your OpenBSD box. :( This is only a NAT box. It is not intended to provide any extra security, I am only using this type of setup for convenience (ie. anything to avoid using a consumer router interface without buying new hardware) and educational purposes. -- Thanks, Lachlan
Re: Symbols in a .so
On Mon, Mar 19, 2007 at 04:48:23AM +0100, Ingo Schwarze wrote: Don't blame the missing man page on the GNU. It is being built, but it is not being installed. Index: gnu/usr.bin/binutils/Makefile.bsd-wrapper === RCS file: /cvs/src/gnu/usr.bin/binutils/Makefile.bsd-wrapper,v retrieving revision 1.67 diff -u -r1.67 Makefile.bsd-wrapper --- gnu/usr.bin/binutils/Makefile.bsd-wrapper 6 Oct 2006 20:58:17 - 1.67 +++ gnu/usr.bin/binutils/Makefile.bsd-wrapper 19 Mar 2007 03:34:43 - @@ -40,8 +40,8 @@ SUBDIRS+=binutils ld gas CONF_SUBDIRS+= binutils ld gas INST_SUBDIRS+= binutils ld gas -MAN+=binutils/ar.1 binutils/ranlib.1 \ - binutils/objcopy.1 \ +MAN+=binutils/addr2line.1 binutils/ar.1 binutils/ranlib.1 \ + binutils/objcopy.1 binutils/readelf.1 \ binutils/strings.1 binutils/strip.1 \ gas/doc/as.1 ld/ld.1 . else it's all fixed now. thanks for the mail. jmc
Re: Routing on one NIC?
On 3/26/07, J.C. Roberts [EMAIL PROTECTED] wrote: http://www.routergod.com/gilliananderson/ http://www.routergod.com/gilliananderson/part2.html Now that was *really* unfair -you know I'm a sucker for redheads. :-) I just went to that website. Surprising to know know that most actress are tech savyys and nto networking :-) Kind Regards Siju
Re: VPN
On 3/26/07, Appie [EMAIL PROTECTED] wrote: Hi, Been using OpenBSD 4.0 w/ PF for a quite a while now, everything is running perfectly smooth, our setup is to block all incoming packets while allow all for outbound packets as long as connections are initiated from within our local lan. The only problem we encountered was that we can't connect simultaneous vpn connections to via windows XP vpn connectivity to our branch server. We can connect one at a time. Is there something I need to configure? We Tested it with another firewall setup (ipcop firewall) and it works. Hoping for your help. Thanks much. -- Most probably you are sufferring from the PPTP problem with OpenBSD and PF. This is an excerpt from his website === NAT relies on the uniqueness of the source and destination IP addresses and ports of each TCP and UDP packet. Whereas PPTP is a protocol over IP and it uses neither TCP nor UDP for encapsulation. Instead it uses GRE which is a protocol over IP. PPTP has a control phase in which it negotiates parameters over a control connection. This happens over destination TCP port 1723. You know that the destination TCP port of HTTP is 80. This is exactly like that. However, once the PPTP control negotiation is over, the VPN tunnel packets go over GRE which has no concept of port numbers. So the only way a router identifies different GRE tunnels are by looking at the destination IP address. Since NAT hides multiple destination IP addresses behind a single global IP address, the NAT device has very good reason to get confused as to which private IP address a particular GRE packet corresponds to. PPTP fortunately has a concept of callid for multiplexing simultaneous PPTP sessions. Even here we have a difficulty. Usually with TCP or IP, the source and destination port numbers are sent in the header of each packet. Whereas in the case of PPTP, only the destination callid is present in each packet. So incoming packets have the callid of the PPTP client and outgoing PPTP packets have the callid of the PPTP server. How does the NAT machine determine the internal IP address the callid corresponds to? To make things worse, as is to be expected from Micro$oft products, the incoming callid is always 0 for PPTP clients. So this makes it technically infeasibly to multiplex. = The last time i talked with him he said he is writing a PPTP proxy for OpenBSD and PF just like the FTP-Proxy. So it should be available soon :-) Kind Regards Siju
Re: micro atx motherboard recommendations?
hi, On Mon, Mar 26, 2007 at 09:02:56AM +0200, Nico Meijer wrote: Just looking for a recommendation on a good/cheap (but not necessarily fast) microatx motherboard. Or possibly, one of those via motherboards, but needs to fit in an atx case. You might also look into the Jetway J7F4 series mini-itx boards. Dual onboard re nics. i got me one of those. works like a charm. i'm still having a weird issue with the nics not properly initializing somehow after a powerdown though. maybe it needs a bios-upgrade, but as i don't usually powerdown (reboot is ok) i haven't really investigated it. -- CUL8R, Peter.
Logistique et equipement : Votre devis en 48 Heures
Ce message est au format HTML. Si vous ne parvenez pas ` le lire, cliquez ici. [IMAGE] GESTION D'ENTREPRISE MARKETING ET COMMUNICATION NOUVELLES TECHNOLOGIES GESTION DU PERSONNEL LOGISTIQUE ET EQUIPEMENT VEHICULES ET UTILITAIRES BOUTIQUE EN LIGNE [IMAGE] [IMAGE] A LA RECHERCHE D'UN PRESTATAIRE POUR VOTRE ALARME, VOTRE STOCKAGE, VOTRE LOGISTIQUE, L'ENTRETIEN DE VOS BUREAUX, VOTRE VIDEO SURVEILLANCE ... TROUVEZ LE BON PRESTATAIRE EN QUELQUES CLICS AVEC LE GUIDE DES PRESTATAIRES. POUR TOUS VOS PROJETS D'ACHATS, D'IQUIPEMENTS OU DE CHOIX STRATIGIQUES DANS LA GESTION DE VOTRE ENTREPRISE. NE PERDEZ PLUS DE TEMPS @ RECHERCHER UN PRESTATAIRE OU UN FOURNISSEUR ! RECEVEZ VOTRE DEVIS GRATUITEMENT EN 48 HEURES. NOS CONSEILLERS SONT A VOTRE DISPOSITION DU LUNDI AU VENDREDI DE 09H A 18 H POUR VOUS RENSEIGNER ET VOUS ORIENTER DANS LE CHOIX DE VOS PRESTATAIRES. PLUS DE 200 PRESTATAIRES SUR 55 SERVICES 24H/24 - 7J/7 VISITEZ LE SITE DU GUIDE DES PRESTATAIRES : www.guidedesprestataires.com Vous aussi, vous jtes ` la recherche de lead, de contacts de qualitis, vous avez plus d'un an sur votre marchi alors rejoignez le Guide Des Prestataires en vous inscrivant dhs maintenant. Pour en savoir plus Cliquez IcI. Notre catalogue complet sortira fin MARS 2007, inscrivez-vous dhs maintenant pour le recevoir en prioriti. Pour recevoir votre catalogue C liquez ICI. Silectionnez parmi nos prestataires labellisis en cochant dans les annonces ci-dessous Protigez votre entreprise du soleil et des regards extirieurs avec des stores sur mesures ! Stores vinitiens, stores ` bandes, stores bateau, stores de cloison. Pour embellir et pour protiger vos locaux, vos magasins, vos commerces du soleil n'hisitez pas ` faire appel ` notre prestataire TRIDECO. Photocopieur, tilicopieur, Imprimante neufs et occasions. Econimisez sur votre budget impression ! FRANCE BUREAUTIQUE concessionnaire des marques PANASONIC et SHARP vous propose toute une gamme de copieurs, multifonctions, fax, imprimantes, copieurs. Binificiez d'un pack de demarrage gratuit ! ACTIFLIP le spicialiste de l\'aminagement et de vos rangements. Dicouvrez les rayonnages mitalliques pour l'aminagement de vos stocks, vos magasins, vos entreptts ou vos salles d'archives. ACTIFLIP vous propose des solutions adapties ` tous vos besoins. PSORLOG le partenaire de votre logistique. Vous souhaitez crier ou reprendre une entreprise, ou vous souhaitez simplement un accompagnement pur le diveloppement de votre organisation logistique! PSORLOG Consultants vous conseillent grbce ` une iquipe de consultants expirimentis. ALPES MICROGRAPHIE: Le spicialiste de la gestion de vos relations Dicouvrez toutes les solutions pour la gestion de vos documents informatiques de votre entreprise. Vous souhaitez disposer d'un gestionnaire de tbches, d'une sauvegarde de logiciels, de messagerie instantannie... MONDIAL NET services le spicialiste de l\'entretien de vos locaux MONDIAL NET services vous propose de s'occuper du nettoyage de vos bureaux. GUIDON EXPRESS, la solution ` vos courses rapides! Au dipart du Val d'Oise, toutes vos livraisons ou transports express! MA VISION : Le spicialiste de la vidio IP Gardez un oeil sur votre activiti avec la Vidio sur IP La solution idiale pour vos installations ilectriques Recevez un devis gratuit sur tous vos travaux d'ilectriciti MEDIA ALARME : la sicuriti de vos locaux Pour la protection de vos locaux , faites confiance ` MEDIA ALARME ! Montez et dimontez votre stand en 5 minutes! LOVART EXPO vous propose vos stands pliables, modulables et portables pour vos expositions. Montez votre tente d\'extirieur en 60 secondes chrono! QUALYtent vous propose des tentes d'exposition pliables et portables LES INCONTOURNABLES Silectionnez parmi nos prestataires labellisis en cochant dans les annonces ci-dessous Vous disirez accider aux donnies de votre entreprise de n\'importe oy? C\'est possible avec nos solutions NOMADE ! Etes-vous contraint de rester au bureau pour accider aux donnies de votre entreprise? Pas du tout ! Que vous soyez en diplacement, chez vous ou en dimonstration chez un client vous pouvez accider aux donnies de l'entreprise 24 h/24 et 7j/7 en toute sicuriti. La tili-assistance pour une meilleure gestion de votre parc informatique Avec la multiplication des virus, des problhmes de messagerie, de Spam et autres, vous jtes tous les jours confrontis ` divers problhmes informatiques. La tili-assistance permet de prendre le contrtle de votre parc informatique et de risoudre votre problhme en moins de 5 MN ! Economisez jusqu\'` 30 % sur l\'achat de votre vihicule Choisissez votre vihicule et faites des iconomies sur les plus grandes marques
Re: micro atx motherboard recommendations?
Hi Peter, i got me one of those. works like a charm. And it's quiet! :-) My Travla C147 with 2 of those babies makes way less noise than my not-too-noisy workstation. i'm still having a weird issue with the nics not properly initializing somehow after a powerdown though. maybe it needs a bios-upgrade, but as i don't usually powerdown (reboot is ok) i haven't really investigated it. I've had that issue, but have hardcoded the media options in hostname.re and my problems have disappeared. See hostname.if(5). I'm interested to see if that helps you aswell... Nico
Re: OpenNTPD reliability
On Sun, 2007-03-25 at 14:26 -0700, Darrin Chandler wrote: Have you measured the time from ntpd startup until it logs `clock is now synced' in the log? On the same machine, I see anywhere from 10 minutes to about 1 hour. In normal cases, machines acting as time servers are always on. If it takes less than an hour for ntpd to sync, and then it's up for months at a time then there's little problem. I left OpenNTPd running over the weekend and it wasn't synced this morning. Today I've manually changed time 30 minutes in the past and then run ntpd -s. Now It seems to report it is synced to the clients. If you want to turn on a computer and have it fetch some times from the network and report that it's synced... well, that's not accurate. A big, full-blown, complex thing like xntpd won't do it, either. If you don't really care what time it is, but want all your local computers to have the same time (or very, very close) there are other ways such as timed(8). Then you can have a computer using ntpd, and synced or not it can be a timed master for your network. No, I'd like the clock to be synced and as accurate as possible. But not being able to sync at all is quite bad.
Re: Request for links to BSD adminstration docs
J.C. Roberts wrote on Fri, Mar 23, 2007 at 06:36:34AM -0700: On Thursday 22 March 2007 22:08, Darrin Chandler wrote: On Fri, Mar 23, 2007 at 12:40:48AM -0400, Douglas Allan Tutty wrote: Do you run the rebuild niced? I don't. I want it to be done as soon as possible. This makes very little sense to me. Nice is not designed for wasting CPU cycles or something. As long as no other processes are competing for cpu time, nice does little harm, as far as i know. If you want your build done as soon as possible, then you would use nice(1) as root to have the build process run at a higher priority and hence receive more processing time. # nice -n -20 make build Is building at maximum priority, or even higher priority, a smart thing to do? -I don't know. I think that's a bad idea. Sometimes, you need to log in during the build, checking top(1), systat(1), tail(1)ing logs and the like. You want good interactive system response for that. If you want to finish the build quickly, just refrain from running bloatware like kde and openoffice and firefox and thunderbird while you are about it, in particular in case you are short on memory. But do not try to make time longer or generate additional cpu cycles or whatever. It won't work, not even by negative nice(1) incantations. Besides, remember that the default settings tend to be sane for standard applications. Fiddling with random knobs is not recommended unless you have very special needs.
Re: OpenBGPD MIB
* Pierre-Yves Ritschard [EMAIL PROTECTED] [2007-03-26 09:26]: This allows to write really simple programs (ask me for a skeleton), you'd just have to write more code to open /var/log/bgpd.sock and gather the information needed to answer for the OIDs. that is the wrong approach. consider bgpctl to be the API. -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg Amsterdam
x86 hardware for router system
Dear OpenBSD users, I plan to build a pair of OpenBSD firewalls to implement bandwidth limiting using bridged interfaces. I'd like to find some hardware to perform this task. I can't find anything small enough to be cost effective. So I'm looking into building my own system. The main item I wish to get right is the system mainboard. Has anybody used a D945GNTLKR Intel mainboard? It has (column 2 from) http://www.intel.com/design/motherbd/nt/nt_available.htm Nevertheless, the spec says. Gigabit (10/100/1000 Mbits/sec) LAN subsystem using the Intel. 82573E/82573V/82574V Gigabit Ethernet Controller I notice that the 4V variety is not listed in the em driver. Could anybody clarify a possible issue with this. Does the 4V version have supported drivers? Cheers Rob I also need to find a rack case to fit it all in For the interested, here's my current ebuyer.co.uk shopping basket. (for a pair BTW) 2 x Boxd945gntlkr Atx 945g Lga775 Ddr2 1066fsb Sata 10/100/1000 Lan Vga Audio Firewire Retail Boxed 122037 #62.49 #124.98 4 x Seagate 80GB Barracuda SATAII 7200RPM 8MB Cache - OEM 113697 #25.48 #101.92 2 x Intel Celeron D 331 (2.66Ghz) Socket 775 FSB533 256kb Cache Emt 64 Retail Boxed Processor 93116 #18.71 #37.42 2 x Speeze Quadroflow VII Socket 775 Processor Cooler 125065 #4.00 #8.00 2 x Crucial 512MB 240-Pin DIMM Unbuffered DDR2 PC 4200 533MHz CL4 63615 #20.42 #40.84 total GBP 379.96 ex case -- Rob Shepherd BEng PhD | Computer and Network Engineer | CAST Ltd Technium CAST | LL57 4HJ | http://www.techniumcast.com [EMAIL PROTECTED] | 01248 675024 | 077988 72480
Re: OpenNTPD reliability
On Mon, 26 Mar 2007, Luca Corti wrote: On Sun, 2007-03-25 at 14:26 -0700, Darrin Chandler wrote: Have you measured the time from ntpd startup until it logs `clock is now synced' in the log? On the same machine, I see anywhere from 10 minutes to about 1 hour. In normal cases, machines acting as time servers are always on. If it takes less than an hour for ntpd to sync, and then it's up for months at a time then there's little problem. I left OpenNTPd running over the weekend and it wasn't synced this morning. Today I've manually changed time 30 minutes in the past and then run ntpd -s. Now It seems to report it is synced to the clients. If you want to turn on a computer and have it fetch some times from the network and report that it's synced... well, that's not accurate. A big, full-blown, complex thing like xntpd won't do it, either. If you don't really care what time it is, but want all your local computers to have the same time (or very, very close) there are other ways such as timed(8). Then you can have a computer using ntpd, and synced or not it can be a timed master for your network. No, I'd like the clock to be synced and as accurate as possible. But not being able to sync at all is quite bad. Could you run put the clock ahead 5min and run again with ntpd -d, (don't forget to kill any existing ntpd process), let it run for some hours, saving the log. Then apply the diff below and repeat. Then send me both logs. The diff fixes a potential problem that won't surface on OpenBSD, but might on other systems. -Otto Index: util.c === RCS file: /cvs/src/usr.sbin/ntpd/util.c,v retrieving revision 1.12 diff -u -p -r1.12 util.c --- util.c 27 Oct 2006 12:22:41 - 1.12 +++ util.c 26 Mar 2007 07:53:43 - @@ -64,6 +64,10 @@ d_to_tv(double d, struct timeval *tv) { tv-tv_sec = (long)d; tv-tv_usec = (d - tv-tv_sec) * 100; + while (tv-tv_usec 0) { + tv-tv_usec += 100; + tv-tv_sec -= 1; + } } double
Re: Installing Skype
On 2007/03/26 08:32, Adam Hawes wrote: so you can use any SIP-compatible soft or hard-phone. if you know of a SIP soft-phone that's not designed-for-linux unportable junk, I'd be interested.
Re: Where to download cvsup-16.1h-no_x11.tgz for amd64
Hi Christian, Tks for your advice. I did not receive your reply until searching following site and found this thread; http://article.gmane.org/gmane.os.openbsd.misc/120640 http://thread.gmane.org/gmane.os.openbsd.misc/120636/focus=120640 To my surprise I even did not receive my original mail posted. Just resubribed the list [EMAIL PROTECTED] The reply was I having subscribed this list. only i386 available. Exactly. If you want to mirror the repository, consider using cvsync. If you want to use checkout mode from a CVSup server, consider using csup. Now I have csup running on OpenBSD 4.0 # which csup /usr/local/bin/csup man csup doesn't provide much info and examples running this package. Where can I find such info. TIA It further mentioned csup only supports checkout mode. CVSUP supports both CVS and checkout mode B.R. Stephen Liu Send instant messages to your online friends http://uk.messenger.yahoo.com
Re: adding routing obsd 3.9 running ospfd
Thanks all, I had tested 4.0, and I don't have any problem. Thanks and best regards, Riwan At 11:27 AM 3/22/2007 +0800, Lars Hansson wrote: [EMAIL PROTECTED] wrote: Hai All, I have two OpenBSD 3.9 box, both running OSPFD default on OBSD 3.9. I add static route on OBSD1 and found that the whole ospf rib disappear. Any clue? I had a somewhat similar problem with 3.9-RELEASE but for me it only happened with /32 routes. There was a patch for stable so you should try 3.9-stable or better yet, 4.0. --- Lars Hansson
php4 and php5
Dear All, I don't know if this is the forum to ask such question: How do I install php4 and php5 on the same OSBD 4.0? Somehow I need both for some software that I am running. I can do that with python2.4 and python2.3 Thanks and best regards, Riwan
two default route
Hi All, I am sorry if I didn't get the answer searching the mailing list and man route. I have two ISP, and wondering how should I setup the default route to the ISP. I am wondering if I have two gateway going to the same route can I use metric? route add 0.0.0.0/0 192.168.6.1 10 route add 0.0.0.0/0 192.168.6.2 100 I can used OpenOSPFD or OpenBGPD. Thanks and best regards, Riwan
Re: Cardbus EHCI issues on Tecra 520CDT
Sorry to keep hassling people over this, but does anyone have *any* idea as to why my USB2 card's not working? The USB1 part of the card works fine, it's just the EHCI controller won't start up. Without USB2 support my box is largely useless due to having a very small hard disk, and while it's all working fine with USB1 I'm only getting 250kB/sec off it... OpenBSD 4.0-stable (GENERIC) #0: Sun Mar 18 17:09:20 GMT 2007 [EMAIL PROTECTED]:/vol/src/sys/arch/i386/compile/GENERIC cpu0: Intel Pentium/MMX (GenuineIntel 586-class) 166 MHz cpu0: FPU,V86,DE,PSE,TSC,MSR,MCE,CX8,MMX cpu0: F00F bug workaround installed real mem = 50032640 (48860K) avail mem = 37126144 (36256K) using 636 buffers containing 2605056 bytes (2544K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(63) BIOS, date 11/01/99, BIOS32 rev. 0 @ 0xfe95b apm0 at bios0: Power Management spec V1.2 apm0: battery life expectancy 98% apm0: AC on, battery charge high, charging, estimated 1:44 hours apm0: flags 20102 dobusy 0 doidle 1 pcibios0 at bios0: rev 2.1 @ 0xf/0x1 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf9980/80 (3 entries) pcibios0: no compatible PCI ICU found: ICU vendor 0x product 0x pcibios0: Warning, unable to fix up PCI interrupt routing pcibios0: PCI bus #21 is the last bus WARNING: can't reserve area for I/O APIC. WARNING: can't reserve area for Local APIC. bios0: ROM list: 0xe4000/0x9800 cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 Toshiba PCI rev 0x26 cbb0 at pci0 dev 2 function 0 Toshiba ToPIC95B CardBus rev 0x07: irq 11 cbb1 at pci0 dev 2 function 1 Toshiba ToPIC95B CardBus rev 0x07: irq 11 vga1 at pci0 dev 4 function 0 Chips and Technologies 6 rev 0xc3 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) ohci0 at pci0 dev 11 function 0 NEC USB rev 0x01: irq 11, version 1.0 usb0 at ohci0: USB revision 1.0 uhub0 at usb0 uhub0: NEC OHCI root hub, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered cardslot0 at cbb0 slot 0 flags 0 cardbus0 at cardslot0: bus 20 device 0 cacheline 0x0, lattimer 0x0 pcmcia0 at cardslot0 cardslot1 at cbb1 slot 1 flags 0 cardbus1 at cardslot1: bus 21 device 0 cacheline 0x0, lattimer 0x0 pcmcia1 at cardslot1 isa0 at mainbus0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pms0 at pckbc0 (aux slot) pckbc0: using irq 12 for aux slot wsmouse0 at pms0 mux 0 wdc0 at isa0 port 0x1f0/8 irq 14 wd0 at wdc0 channel 0 drive 0: TOSHIBA MK2103MAV wd0: 16-sector PIO, LBA, 2067MB, 4233600 sectors wd0(wdc0:0:0): using BIOS timings sb0 at isa0 port 0x220/24 irq 5 drq 1: dsp v3.01 midi0 at sb0: SB MIDI UART audio0 at sb0 opl0 at sb0: model OPL3 midi1 at opl0: SB Yamaha OPL3 wss0 at isa0 port 0x530/8 irq 10 drq 0: CS4231 or AD1845 (vers 4) audio1 at wss0 pcppi0 at isa0 port 0x61 midi2 at pcppi0: PC speaker spkr0 at pcppi0 lpt0 at isa0 port 0x378/4 irq 7 npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 biomask eb4d netmask eb4d ttymask fbcf pctr: 586-class performance counters and user-level cycle counter enabled rtw0 at cardbus0 dev 0 function 0 Realtek, Rtl8180 irq 11 rtw0: ver RTL8180D, radio SA2400A, amp SA2411, address 00:50:fc:f1:82:14 ohci1 at cardbus1 dev 0 function 0 Acer Labs M5237 USB rev 0x03: irq 11, version 1.0, legacy support usb1 at ohci1: USB revision 1.0 uhub1 at usb1 uhub1: Acer Labs OHCI root hub, rev 1.00/1.00, addr 1 uhub1: 2 ports with 2 removable, self powered ohci2 at cardbus1 dev 0 function 1 Acer Labs M5237 USB rev 0x03: irq 11, version 1.0, legacy support dkcsum: wd0 matches BIOS drive 0x80 root on wd0a rootdev=0x0 rrootdev=0x300 rawdev=0x302 usb2 at ohci2: USB revision 1.0 uhub2 at usb2 uhub2: Acer Labs OHCI root hub, rev 1.00/1.00, addr 1 uhub2: 2 ports with 2 removable, self powered ohci3 at cardbus1 dev 0 function 2 Acer Labs M5237 USB rev 0x03: irq 11, version 1.0, legacy support usb3 at ohci3: USB revision 1.0 uhub3 at usb3 uhub3: Acer Labs OHCI root hub, rev 1.00/1.00, addr 1 uhub3: 2 ports with 2 removable, self powered ehci0 at cardbus1 dev 0 function 3 Acer Labs M5239 USB2 rev 0x01: irq 11 ehci0: reset timeout ehci0: init failed, error=13 vendor Acer Labs, unknown product 0x5253 (class serial bus subclass Firewire, rev 0x00) at cardbus1 dev 0 function 4 not configured umass0 at uhub1 port 1 configuration 1 interface 0 umass0: Cypress Semiconductor USB2.0 Storage Device, rev 2.00/0.01, addr 2 umass0: using SCSI over Bulk-Only scsibus0 at umass0: 2 targets sd0 at scsibus0 targ 1 lun 0: Maxtor 6, Y080L0, SCSI0 0/direct fixed sd0: 78167MB, 78167 cyl, 64 head, 32 sec, 512 bytes/sec, 160086528 sec total -- b
Re: two default route
On 2007/03/26 20:33, riwanlky wrote: I have two ISP, and wondering how should I setup the default route to the ISP. you need to give a lot more information about what you're trying to do to get a useful answer. how are you connecting to them? how do they know how to route packets to you? do you have your own address space or are you using your space from your providers? if you're using provider address space, will they allow you to send them packets with somebody else's source address? I am wondering if I have two gateway going to the same route can I use metric? route add 0.0.0.0/0 192.168.6.1 10 route add 0.0.0.0/0 192.168.6.2 100 OpenBSD doesn't use metrics like this in the routing table, you can do something similar with PF load-balancing or 'probability' There is equal-cost multipath support but unless I missed something, it's not supported by the routing daemons yet, you can use it with static routes using -mpath, see route(8) I can used OpenOSPFD or OpenBGPD. will your ISPs listen to your announcements? realistically, I think if you are going to be able to handle running BGP with your providers, you probably wouldn't be asking this question.
Re: two default route
On Mon, Mar 26, 2007 at 08:33:25PM +0700, riwanlky wrote: Hi All, I am sorry if I didn't get the answer searching the mailing list and man route. I have two ISP, and wondering how should I setup the default route to the ISP. I am wondering if I have two gateway going to the same route can I use metric? route add 0.0.0.0/0 192.168.6.1 10 route add 0.0.0.0/0 192.168.6.2 100 The kernel routing table is strictly equal cost. So if you add two default routes the multipath code will try to balance it 50/50. I can used OpenOSPFD or OpenBGPD. Neither ospfd nor bgpd have multipath support (yet). I started with ospfd support but it is far from finished. -- :wq Claudio
Problem on installing new packages
Hi folks, I tried the whole day without a breakthrough. following is only one of the examples tried on my test, I suspect whether the packages on following site are suitable for my application. Follow is only an example of the tests I tried. # uname -a OpenBSD home.openbsd101 4.0 GENERIC#690 amd64 # pkg_add -v ftp://ftp.it.net.au/mirrors/OpenBSD/4.0/packages/amd64/nano-1.2.5.tgz Can't find ftp://ftp.it.net.au/mirrors/OpenBSD/4.0/packages/amd64/nano-1.2.5.tgz /usr/sbin/pkg_add: ftp://ftp.it.net.au/mirrors/OpenBSD/4.0/packages/amd64/nano-1.2.5.tgz:Fatal error # export PKG_PATH=ftp.it.net.au/mirrors/OpenBSD/4.0/packages/amd64/ (no complaint) # pkg_add -v nano-1.2.5tgz Can't find nano-1.2.5.tgz /usr/sbin/pkg_add: nano-1.2.5.tgz:Fatal error # export PKG_PATH=ftp://ftp.it.net.au/mirrors/OpenBSD/4.0/packages/amd64/ (no complaint) # pkg_add -v nano-1.2.5.tgz same result nano-1.2.5.tgz is on; ftp://ftp.it.net.au/mirrors/OpenBSD/4.0/packages/amd64/ Pls help. TIA B.R. Stephen Liu -- View this message in context: http://www.nabble.com/Problem-on-installing-new-packages-tf3467396.html#a9674493 Sent from the openbsd user - misc mailing list archive at Nabble.com.
Re: Problem on installing new packages
On 2007/03/26 07:34, satimis wrote: I suspect whether the packages on following site are suitable for my application. Follow is only an example of the tests I tried. Is your network working, can you connect to the site with ftp? [EMAIL PROTECTED]:29$ ftp ftp://ftp.it.net.au/mirrors/OpenBSD/4.0/packages/amd64/ Connected to poledra.it.net.au. 220 ProFTPD 1.2.10 Server (Informed Technology FTP Server) [203.8.116.111] 331 Anonymous login ok, send your complete email address as your password. 230- 230-INFORMED TECHNOLOGY FTP SERVER ... ... 230 Anonymous access granted, restrictions apply. Remote system type is UNIX. Using binary mode to transfer files. 200 Type set to I 250 CWD command successful ftp ls nano* 150 Opening ASCII mode data connection for file list -r--r--r-- 1 ftpadm staff 260283 Sep 23 2006 nano-1.2.5-slang.tgz -r--r--r-- 1 ftpadm staff 261388 Sep 23 2006 nano-1.2.5.tgz 226 Transfer complete. ftp bye 221 Goodbye.
Re: Where to download cvsup-16.1h-no_x11.tgz for amd64
Stephen Liu [EMAIL PROTECTED] wrote: man csup doesn't provide much info and examples running this package. Where can I find such info. TIA csup purposely uses the same configuration syntax as cvsup. See http://www.openbsd.org/cvsup.html It further mentioned csup only supports checkout mode. CVSUP supports both CVS and checkout mode Yes. -- Christian naddy Weisgerber [EMAIL PROTECTED]
Re: Problem on installing new packages
Hi Stuart, Is your network working, can you connect to the site with ftp? Yes, I can ping yahoo.com/google.com, etc. without problem [EMAIL PROTECTED]:29$ ftp ftp://ftp.it.net.au/mirrors/OpenBSD/4.0/packages/amd64/ # ftp ftp://ftp.it.net.au/mirrors/OpenBSD/4.0/packages/amd64/ Connected to poledra.it.net.au 220 ProFTPD 1.2.10 Server (Informed Technoloty FTP Server) [203.8.116.111] 331 Anonymous loginod, send your completed email address as your password ... 230 Anonymous access granted, restrictions apply. Remote system type is UNIX. Using binary mode to transfer files 200 Type set to I 250 CWD command successful ftp exit 221 Goodbye B.R. Stephen Liu Send instant messages to your online friends http://uk.messenger.yahoo.com
Re: iwi0: XXX too many rates (count=13, last=108)
can anyone please give me some knowledge on this: # dmesg iwi0: XXX too many rates (count=13, last=108) snip I've had nothing but problems with my iwi card: iwi0 at pci2 dev 3 function 0 Intel PRO/Wireless 2200BG rev 0x05: irq 11, addr ess 00:0e:35:53:ed:56 cardslot0 at cbb0 slot 0 flags 0 cardbus0 at cardslot0: bus 3 device 0 cacheline 0x8, lattimer 0x20 pcmcia0 at cardslot0 When I've got the card enabled, and are around ap's that have auth/encryption, the card freaks out. dmesg is slowly filled with authentication and firmware errors. I ended simply picking up an orinoco pcmcia card for cheap.. uses the madwifi driver in linux, wi in BSD..works wonderfully. Cheers, Jason
Re: Problem on installing new packages
On 2007/03/26 23:14, Stephen Liu wrote: 250 CWD command successful ftp exit 221 Goodbye try 'ls' too; it will open a data channel. certain firewall/nat-related problems will allow the command channel to open but not the data channel. (in general, there doesn't seem to be anything wrong with the site, I tried installing nano from it on an amd64 box and it worked ok)
Re: Problem on installing new packages
Stephen Liu wrote: Hi Stuart, Is your network working, can you connect to the site with ftp? Yes, I can ping yahoo.com/google.com, etc. without problem [EMAIL PROTECTED]:29$ ftp ftp://ftp.it.net.au/mirrors/OpenBSD/4.0/packages/amd64/ # ftp ftp://ftp.it.net.au/mirrors/OpenBSD/4.0/packages/amd64/ Connected to poledra.it.net.au 220 ProFTPD 1.2.10 Server (Informed Technoloty FTP Server) [203.8.116.111] 331 Anonymous loginod, send your completed email address as your password ... 230 Anonymous access granted, restrictions apply. Remote system type is UNIX. Using binary mode to transfer files 200 Type set to I 250 CWD command successful ftp exit 221 Goodbye B.R. Stephen Liu This is very weird. Try putting the PKG_PATH on the same line as the pkg_add command: PKG_PATH=ftp://ftp.it.net.au/mirrors/OpenBSD/4.0/packages/amd64 \ pkg_add -v nano-1.2.5.tgz Lawrence -- Lawrence Teo Calyptix Security http://www.calyptix.com/
Re: Problem on installing new packages
On Mon, Mar 26, 2007 at 07:34:27AM -0700, satimis wrote: Hi folks, I tried the whole day without a breakthrough. following is only one of the examples tried on my test, I suspect whether the packages on following site are suitable for my application. Follow is only an example of the tests I tried. # uname -a OpenBSD home.openbsd101 4.0 GENERIC#690 amd64 # pkg_add -v ftp://ftp.it.net.au/mirrors/OpenBSD/4.0/packages/amd64/nano-1.2.5.tgz Can't find ftp://ftp.it.net.au/mirrors/OpenBSD/4.0/packages/amd64/nano-1.2.5.tgz /usr/sbin/pkg_add: ftp://ftp.it.net.au/mirrors/OpenBSD/4.0/packages/amd64/nano-1.2.5.tgz:Fatal error # export PKG_PATH=ftp.it.net.au/mirrors/OpenBSD/4.0/packages/amd64/ ^^^ That isn't going to work (add ftp://). (no complaint) # pkg_add -v nano-1.2.5tgz Can't find nano-1.2.5.tgz /usr/sbin/pkg_add: nano-1.2.5.tgz:Fatal error # export PKG_PATH=ftp://ftp.it.net.au/mirrors/OpenBSD/4.0/packages/amd64/ (no complaint) Did you perhaps forget to add ftp:// again? That would give the error you noted... # pkg_add -v nano-1.2.5.tgz same result nano-1.2.5.tgz is on; ftp://ftp.it.net.au/mirrors/OpenBSD/4.0/packages/amd64/ Joachim
Re: Problem on installing new packages
On 3/26/07, Lawrence Teo [EMAIL PROTECTED] wrote: PKG_PATH=ftp://ftp.it.net.au/mirrors/OpenBSD/4.0/packages/amd64 \ pkg_add -v nano-1.2.5.tgz Make sure to add a trailing / PKG_PATH=ftp://ftp.it.net.au/mirrors/OpenBSD/4.0/packages/amd64/ \ pkg_add -v nano-1.2.5.tgz This has gotten me more than once, documented in pkg_add(1) Since a few URL schemes contain colons, pkg_add relies on each directory ending in a / to split the path correctly.
Re: Problem on installing new packages
Hi Stuart, On 2007/03/26 23:14, Stephen Liu wrote: 250 CWD command successful ftp exit 221 Goodbye try 'ls' too; it will open a data channel. certain firewall/nat-related problems will allow the command channel to open but not the data channel. # ls .Xauthority .cshrc .klogin .login .profile .ssh Other noted wit tks. B.R. Stephen Send instant messages to your online friends http://uk.messenger.yahoo.com
Trouble assigning traffic to queue
The traffic matches my rule as seen by 1750 packets for rule 4. But these never make it into the game_out queue. What's going on here. This is on the 3-22 i386 snapshot. # pfctl -vsr block drop in log on fxp0 all [ Evaluations: 6914 Packets: 5 Bytes: 890 States: 0 ] [ Inserted: uid 0 pid 22423 ] pass out from (fxp0) to any flags S/SA keep state queue(std_out, ack_out) [ Evaluations: 6914 Packets: 3583 Bytes: 662059 States: 1714 ] [ Inserted: uid 0 pid 22423 ] pass in on fxp1 inet from 10.10.77.0/24 to any flags S/SA keep state queue(std_out, ack_out) [ Evaluations: 6914 Packets: 1833 Bytes: 341339 States: 874 ] [ Inserted: uid 0 pid 22423 ] pass in log quick on fxp1 inet proto udp from 10.10.77.0/24 to any port = 27960 keep state queue game_out [ Evaluations: 3828 Packets: 1750 Bytes: 320720 States: 840 ] [ Inserted: uid 0 pid 22423 ] pass in log on fxp0 inet proto tcp from any to 10.10.77.5 port = 26167 flags S/SA keep state queue(std_out, ack_out) [ Evaluations: 4748 Packets: 19Bytes: 1775States: 2 ] [ Inserted: uid 0 pid 22423 ] # pfctl -vsq queue std_out on fxp0 qlimit 125 priq( default ) [ pkts: 5123 bytes:4107499 dropped pkts: 0 bytes: 0 ] [ qlength: 10/125 ] queue game_out on fxp0 priority 8 [ pkts: 0 bytes: 0 dropped pkts: 0 bytes: 0 ] [ qlength: 0/ 50 ] queue ack_out on fxp0 priority 7 [ pkts:308 bytes: 16848 dropped pkts: 0 bytes: 0 ] [ qlength: 0/ 50 ]
Are Atheros AR5005G Wifi Network Adapter and Marvell Yukon 88E8038 PCI-E Fast Ethernet Controller supported?
Greetings! I need to know if Atheros AR5005G Wifi Network Adapter and Marvell Yukon 88E8038 PCI-E Fast Ethernet Controller are already supported in OBSD 4.0 or will be in the next release. I bought me a laptop built-in with these and I'd love to have OpenBSD on it rather than any other OS. Thanks!
SMP causing uvm_fault
Hi Im having a very similar problem as the one reported in Bug Query 5374. Im trying to solve the problem but Im finding it very hard to even get started. Is there somewhere besides the code that I can start to try and understand how SMP is being handled? http://cvs.openbsd.org/cgi-bin/query-pr-wrapper?full=yesnumbers=5374 I can usually duplicate the crash by running the follwing script several times concurrently. #!/usr/bin/perl system(tcpdump -i em1 -w /var/crashTest1.pcap); system(tcpdump -i em1 -w /var/crashTest2.pcap); system(tcpdump -i em1 -w /var/crashTest3.pcap); system(tcpdump -i em1 -w /var/crashTest4.pcap); system(tcpdump -i em1 -w /var/crashTest5.pcap); system(tcpdump -i em1 -w /var/crashTest6.pcap); system(tcpdump -i em1 -w /var/crashTest7.pcap); while (1) { system(nmap 192.168.66.90); } Then after about an hour, when you try and reboot, I get an error: uvm_fault(0x..., 0x..., 0, 1) - e kernel: page fault trap, code = 0 stopped at pmap_page_remove_86+0x114: 0(%eax, %edx, 4), %eax The trace output is: pmap_page_remove_86(d0d31420,c0,e9b57e2c,d04adeb9,e99f) at pmap_page_remove_86+0x114 uvm_vnp_terminate(d8034e04,0,0,0,0,14,0,d7e95004) at uvm_vnpterminate+0x31f uvm_attach(d8034e04,0,2,0,d7f38378) at uvn_attach+0x2b5 uvm_unmap_detach(d7e959a4,0,d7f3841c,1) at uvm_unmap_detach+-x62 uvmspace_free(d7f38378,6,d08120e0) at uvmspace_free+0xfd uvm_exit(d7fbb868,14,8,286) at uvm_exit+0x19 reaper(d80df430) at reaper+0x90 Bad frame pointer: 0xd0913eb8 A couple times the error has also occured on its own without saying 'reboot' when running a ton of nmaps and tcpdumps at the same time. This trace is remarkably similar to the one in Bug Query 5374. Additionally I am using the same processor as he is. There is an unkown core statement in my dmesg but both cores seem to be working correctly. Here is my dmesg: OpenBSD 4.0 (GENERIC.MP) #936: Sat Sep 16 19:27:28 MDT 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC.MP cpu0: Intel(R) Core(TM)2 CPU 6400 @ 2.13GHz (GenuineIntel 686-class) 2.13 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CF LUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,CX16 real mem = 2145869824 (2095576K) avail mem = 1949290496 (1903604K) using 4256 buffers containing 107397120 bytes (104880K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(e6) BIOS, date 10/30/06, BIOS32 rev. 0 @ 0xfd470, SMB IOS rev. 2.51 @ 0x7feea000 (33 entries) bios0: Supermicro PDSMi pcibios0 at bios0: rev 2.1 @ 0xfd470/0xb90 pcibios0: PCI BIOS has 20 Interrupt Routing table entries pcibios0: PCI Interrupt Router at 000:31:0 (Intel 82801GB LPC rev 0x00) pcibios0: PCI bus #15 is the last bus bios0: ROM list: 0xc/0xb000 0xcb000/0x1000 0xcc000/0x1000 0xcd000/0x1000 ipmi at mainbus0 not configured mainbus0: Intel MP Specification (Version 1.4) (INTELMUKILTEO) cpu0 at mainbus0: apid 0 (boot processor) cpu0: unknown Core FSB_FREQ value 0 (0x4208) cpu0: apic clock running at 266 MHz cpu1 at mainbus0: apid 1 (application processor) cpu1: Intel(R) Core(TM)2 CPU 6400 @ 2.13GHz (GenuineIntel 686-class) 2.13 GHz cpu1: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CF LUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,CX16 mainbus0: bus 0 is type PCI mainbus0: bus 9 is type PCI mainbus0: bus 10 is type PCI mainbus0: bus 13 is type PCI mainbus0: bus 14 is type PCI mainbus0: bus 15 is type PCI mainbus0: bus 16 is type ISA ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins ioapic1 at mainbus0: apid 3 pa 0xfec1, version 20, 24 pins pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 Intel E7230 MCH rev 0xc0 ppb0 at pci0 dev 1 function 0 Intel E7230 PCIE rev 0xc0 pci1 at ppb0 bus 1 ppb1 at pci0 dev 28 function 0 Intel 82801GB PCIE rev 0x01 pci2 at ppb1 bus 9 ppb2 at pci2 dev 0 function 0 Intel PCIE-PCIE rev 0x09 pci3 at ppb2 bus 10 em0 at pci3 dev 1 function 0 Intel PRO/1000GT (82541GI) rev 0x05: apic 3 int 0 (irq 11), address 00:0e:0c:b6:80:9e Intel IOxAPIC rev 0x09 at pci2 dev 0 function 1 not configured ppb3 at pci0 dev 28 function 4 Intel 82801G PCIE rev 0x01 pci4 at ppb3 bus 13 em1 at pci4 dev 0 function 0 Intel PRO/1000MT (82573E) rev 0x03: apic 2 int 16 (irq 11), address 00:30:48:8a:ca:f8 ppb4 at pci0 dev 28 function 5 Intel 82801G PCIE rev 0x01 pci5 at ppb4 bus 14 em2 at pci5 dev 0 function 0 Intel PRO/1000MT (82573L) rev 0x00: apic 2 int 17 (irq 11), address 00:30:48:8a:ca:f9 uhci0 at pci0 dev 29 function 0 Intel 82801GB USB rev 0x01: apic 2 int 23 (irq 10) usb0 at uhci0: USB revision 1.0 uhub0 at usb0 uhub0: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered uhci1 at pci0 dev 29 function 1 Intel 82801GB USB rev 0x01: apic 2 int 19 (irq 11) usb1 at uhci1: USB revision 1.0 uhub1 at usb1 uhub1: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub1: 2 ports with 2 removable,
Re: Problem on installing new packages
On Mon, Mar 26, 2007 at 11:31:56PM +0800, Stephen Liu wrote: On 2007/03/26 23:14, Stephen Liu wrote: 250 CWD command successful ftp exit 221 Goodbye try 'ls' too; it will open a data channel. certain firewall/nat-related problems will allow the command channel to open but not the data channel. # ls .Xauthority .cshrc .klogin .login .profile .ssh Other noted wit tks. Is that in a shell? or during your FTP session? Simply running /bin/ls in your shell isn't helpful. Stuart wanted you to use FTP's data channel to make sure that you could fully communicate with the server. I doubt he cares what files you have in your home directory. -- o--{ Will Maier }--o | web:...http://www.lfod.us/ | [EMAIL PROTECTED] | *--[ BSD Unix: Live Free or Die ]--*
Re: maxcluster errors
Hello again, Unfortunately the 'quick' keyword in my pf.conf file didn't seem to fix the issue. The situation lies as such: I can increase mbufs indefinitely (until I run out of memory I suppose). When I disable pf (pfctl -d) the mbufs are immediately released and the usage count drops to ~ 200. As soon as I enable pf the usage count goes up again until it finally maxes out. This is the hardware I'm using: soekris net4801 3x sis ethernet 1x ral wireless ethernet. Does anyone know of any reason that this might be happening? I was suspecting that the soekris isn't fast enough to handle the packet filtering but that seems a little unlikely. There are about 100 rules all with keep state and all using the quick keyword. I can post a copy of my pf.conf if anyone thinks that might help
Re: Are Atheros AR5005G Wifi Network Adapter and Marvell Yukon 88E8038 PCI-E Fast Ethernet Controller supported?
On 3/26/07, Tito Mari Francis Escaqo [EMAIL PROTECTED] wrote: Greetings! I need to know if Atheros AR5005G Wifi Network Adapter and Marvell Yukon 88E8038 PCI-E Fast Ethernet Controller are already supported in OBSD 4.0 or will be in the next release. Have you checked the hardware compatibility page? http://www.openbsd.org/i386.html#hardware I bought me a laptop built-in with these and I'd love to have OpenBSD on it rather than any other OS. ::yay::
sshd.config and AllowUsers
I have a few seperate users on my server, one user for which I want to dissallow ssh login. Now I've read the man page for sshd and I've read a lot of the documentation on this, but I'm still not clear one one point. By default, /etc/ssh/sshd.config shows all entries are commented out. I want to add something like this: AllowUsers user1, user2, user3 I added that in but also with an # in front like all the other entries. Now I find that I can still ssh to the box with a user acct that I didn't include in the entry. Should it be in there without the #? And if so, do I also then have to uncomment all the other entries?? Thanks
Re: Problem on installing new packages-Firefox found
Hi folks, Re: firefox. I found it which is named; mozilla-firefox-1.5.0.5.tgz B.R. Stephen Send instant messages to your online friends http://uk.messenger.yahoo.com
Re: Problem on installing new packages
Hi Jeff and Lawrence, Your advice worked here. Tks. On 3/26/07, Lawrence Teo [EMAIL PROTECTED] wrote: PKG_PATH=ftp://ftp.it.net.au/mirrors/OpenBSD/4.0/packages/amd64 \ pkg_add -v nano-1.2.5.tgz Make sure to add a trailing / PKG_PATH=ftp://ftp.it.net.au/mirrors/OpenBSD/4.0/packages/amd64/ \ pkg_add -v nano-1.2.5.tgz # PKG_PATH=ftp://ftp.it.net.au/mirrors/OpenBSD/4.0/packages/amd64/ \ # pkg_add -v nano-1.2.5.tgz parsing nano-1.2.5 .. . nano-1.2.5:parsing expat-2.0.0 nano-1.2.5:expat-2.0.0: complete nano-1.2.5:gettext-0.14.5p1: complete nano-1.2.5: complete looks like groupinstall with export omitted # which nano /usr/local/bin/nano Other noted with tks. How to install Firefox? On; ftp://ftp.it.net.au/mirrors/OpenBSD/4.0/packages/amd64/ only those packages found such as; firefox-i18n-ar-1.5.0.10p0.tgz firefox-i18n-ar-1.5.0.5.tgz firefox-i18n-ar-1.5.0.7.tgz firefox-i18n-ar-1.5.0.8.tgz firefox-i18n-ar-1.5.0.9.tgz firefox-i18n-ar-1.5.0.9p0.tgz firefox-i18n-bg-1.5.0.10p0.tgz firefox-i18n-bg-1.5.0.5.tgz firefox-i18n-bg-1.5.0.7.tgz firefox-i18n-bg-1.5.0.8.tgz firefox-i18n-bg-1.5.0.9.tgz firefox-i18n-bg-1.5.0.9p0.tgz firefox-i18n-ca-1.5.0.10p0.tgz ... etc. Tks B.R. Stephen Send instant messages to your online friends http://uk.messenger.yahoo.com
Re: sshd.config and AllowUsers
Hello, everything is commented because these are the default settings. If you want to change a setting you'll have to uncomment and change it. Regards Hagen Volpers -Urspr|ngliche Nachricht- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von Jerome Santos Gesendet: Montag, 26. Mdrz 2007 19:33 An: misc@openbsd.org Betreff: sshd.config and AllowUsers I have a few seperate users on my server, one user for which I want to dissallow ssh login. Now I've read the man page for sshd and I've read a lot of the documentation on this, but I'm still not clear one one point. By default, /etc/ssh/sshd.config shows all entries are commented out. I want to add something like this: AllowUsers user1, user2, user3 I added that in but also with an # in front like all the other entries. Now I find that I can still ssh to the box with a user acct that I didn't include in the entry. Should it be in there without the #? And if so, do I also then have to uncomment all the other entries?? Thanks
Re: sshd.config and AllowUsers
On Monday 26 March 2007 11:33 am, Jerome Santos wrote: I have a few seperate users on my server, one user for which I want to dissallow ssh login. Now I've read the man page for sshd and I've read a lot of the documentation on this, but I'm still not clear one one point. By default, /etc/ssh/sshd.config shows all entries are commented out. I want to add something like this: AllowUsers user1, user2, user3 I added that in but also with an # in front like all the other entries. Now I find that I can still ssh to the box with a user acct that I didn't include in the entry. Should it be in there without the #? And if so, do I also then have to uncomment all the other entries?? man sshd_config In the first paragraph you will find the line Lines starting with `#' and empty lines are interpreted as comments. The default config file is full of examples that are commented out which are the lines you see. -- Tim Kuhlman Network Administrator ColoradoVnet.com
Re: Problem on installing new packages
# ls.Xauthority .cshrc .klogin .login .profile .ssh Stuart meant to try ls within ftp session, not from the commandprompt. ftp ls . . -r--r--r-- 1 ftpadm staff 49650 Sep 23 2006 zsh-zftp-4.2.6.tgz 226 Transfer complete ftp ls | more 229 Entering Extended Passive Mode (|||41410|) 150 Opening ASCII mode data connection for file list 226 Transfer complete. ftp ls | less 229 Entering Extended Passive Mode (|||33305|) 150 Opening ASCII mode data connection for file list 226 Transfer complete. ftp Stephen Send instant messages to your online friends http://uk.messenger.yahoo.com
code analysis tools
Hi, I wonder if the OpenBSD developers have a favored set of tools for C code analysis. E.g. the kind of stuff listed at http://www.spinroot.com/static/. Esp. stuff like http://spinroot.com/uno/. Are such tools used in OpenBSD code audits? Also, what about automatic code documentation tools (for lack of a better term)? This kind of stuff: http://en.wikipedia.org/wiki/Comparison_of_documentation_generators. I'm interested because I think OpenBSD is a terrific development platform, number one, and number two, I'd like to follow the code development practices of OpenBSD. Thanks, Gregg
Re: sshd.config and AllowUsers
At 01:33 PM 3/26/2007 -0400, Jerome Santos wrote: I have a few seperate users on my server, one user for which I want to dissallow ssh login. Now I've read the man page for sshd and I've read a lot of the documentation on this, but I'm still not clear one one point. By default, /etc/ssh/sshd.config shows all entries are commented out. I want to add something like this: AllowUsers user1, user2, user3 I added that in but also with an # in front like all the other entries. Now I find that I can still ssh to the box with a user acct that I didn't include in the entry. Should it be in there without the #? And if so, do I also then have to uncomment all the other entries?? Thanks # is a comment line - they are all examples for you to see. Lee
Re: sshd.config and AllowUsers
On Mon, Mar 26, 2007 at 01:33:17PM -0400, Jerome Santos wrote: I want to add something like this: AllowUsers user1, user2, user3 I added that in but also with an # in front like all the other entries. Now I find that I can still ssh to the box with a user acct that I didn't include in the entry. Should it be in there without the #? Yes. sshd_config(5) And if so, do I also then have to uncomment all the other entries?? No, they're the default settings. -- o--{ Will Maier }--o | web:...http://www.lfod.us/ | [EMAIL PROTECTED] | *--[ BSD Unix: Live Free or Die ]--*
Re: sshd.config and AllowUsers
Hello, On Mon, Mar 26, 2007 at 01:33:17PM -0400, Jerome Santos wrote: [...] I want to add something like this: AllowUsers user1, user2, user3 AllowUsers is a list of user name patterns, separated by _spaces_. Also take a look at the AllowGroups parameter. -- Serge
interface order with multiple cards of same type
apologies if this has been covered in the past, I searched on this and couldn't find anything, although i'm sure it's the wording i'm using. My question is. I have OBSD 4.0 running on an Asus p3b-F with 6 pci slots that i'm wanting to use as a router/firewall. I have 5 fxp interfaces in the machine inserted starting from the bottom pci slot up. When the machine boots up it finds them just fine, but I never know what order the cards are in. (i.e. fxp0 was in the third slot as opposed to the first or last slot populated with a card, as i would have expected). Is there a way to hard code this into the hostname.fxpN file, as to assign the number of the interface based on the hardware address as opposed to the ordering of the cards in the machine? I looked in the man page for hostname.if but saw no way mentioned. A second related question, in the above example, how exactly does OBSD choose the interface number? I was under the impression it used the slot to assign the interface number which is why i was so surprised to see that fxp0 the third slot, fxp2 was in the top (occupied) slot and fxp4 was in the bottom. I have all of the pci slots set to auto in the bios if that makes any difference. Thanks in advance. Aaron
Re: maxcluster errors
On 3/26/07, mail-lists [EMAIL PROTECTED] wrote: Hello again, Unfortunately the 'quick' keyword in my pf.conf file didn't seem to fix the issue. The situation lies as such: I can increase mbufs indefinitely (until I run out of memory I suppose). When I disable pf (pfctl -d) the mbufs are immediately released and the usage count drops to ~ 200. As soon as I enable pf the usage count goes up again until it finally maxes out. This is the hardware I'm using: soekris net4801 3x sis ethernet 1x ral wireless ethernet. Does anyone know of any reason that this might be happening? I was suspecting that the soekris isn't fast enough to handle the packet filtering but that seems a little unlikely. There are about 100 rules all with keep state and all using the quick keyword. I can post a copy of my pf.conf if anyone thinks that might help It might help to see your pf.conf, a netstat -m output, log file, and dmesg. Are you still running an aggressive ping test? I'm not the most qualified, but I'll be happy to look to see if I can see anything wrong. rc
iwi0: XXX too many rates (count=13, last=108)
hi gurus, can anyone please give me some knowledge on this: # dmesg iwi0: XXX too many rates (count=13, last=108) has this something to do with my iwi0 configuration? /etc/hostname.iwi0 dhcp inet NONE NONE description wifi nwid mathwifi_02 btw. im running openbsd 4.1-current thanks --jay--
FUSE support (File-system in USErspace)
is there any work on porting FUSE ? it seems support increase in Free/Net http://fuse4bsd.creo.hu/(ports) http://www.netbsd.org/Changes/#puffs+refuse (-current) would allow a lot of filesystem without kernel-dangerous code, no ? (as macfuse states: sshfs, ntfs-3g, ftpfs, wdfs, cryptofs, encfs, beaglefs, ) thanks Regards Julien
Re: code analysis tools
Clarification: I'm mostly interested in source browser tools (e.g. cscope, e/t/gtags, global, etc.) or whatever can help a developer understand unfamiliar source code in the shortest possible time. Is there a preferred tool among OpenBSD developers? On 3/26/07, Gregg Reynolds [EMAIL PROTECTED] wrote: Hi, I wonder if the OpenBSD developers have a favored set of tools for C code analysis. E.g. the kind of stuff listed at http://www.spinroot.com/static/. Esp. stuff like http://spinroot.com/uno/. Are such tools used in OpenBSD code audits? Also, what about automatic code documentation tools (for lack of a better term)? This kind of stuff: http://en.wikipedia.org/wiki/Comparison_of_documentation_generators. I'm interested because I think OpenBSD is a terrific development platform, number one, and number two, I'd like to follow the code development practices of OpenBSD. Thanks, Gregg
Re: code analysis tools
On Mon, Mar 26, 2007 at 01:27:46PM -0500, Gregg Reynolds wrote: Hi, I wonder if the OpenBSD developers have a favored set of tools for C code analysis. E.g. the kind of stuff listed at http://www.spinroot.com/static/. Esp. stuff like http://spinroot.com/uno/. Are such tools used in OpenBSD code audits? lint(1), gcc-local(1) Also, what about automatic code documentation tools (for lack of a better term)? This kind of stuff: http://en.wikipedia.org/wiki/Comparison_of_documentation_generators. no I'm interested because I think OpenBSD is a terrific development platform, number one, and number two, I'd like to follow the code development practices of OpenBSD. use brain and then pick one of these: ed(1), vi(1), mg(1), vim(1) or the emacs operating system (be sure to enable vi mode for a good editor). style(7) may be worth reading... Thanks, Gregg
encrypted svnd and disk throughput
have done a bit of testing with bonnie++ on encrypted svnd devices and obtained some, IMO, surprising results: # /usr/local/sbin/bonnie++ -d /b/bonnie++ -u 1005:2000 Using uid:1005, gid:2000. Writing with putc()...done Writing intelligently...done Rewriting...done Reading with getc()...done Reading intelligently...done start 'em...done...done...done... Create files in sequential order...done. Stat files in sequential order...done. Delete files in sequential order...done. Create files in random order...done. Stat files in random order...done. Delete files in random order...done. Version 1.03 --Sequential Output-- --Sequential Input- --Random- -Per Chr- --Block-- -Rewrite- -Per Chr- --Block-- --Seeks-- MachineSize K/sec %CP K/sec %CP K/sec %CP K/sec %CP K/sec %CP /sec %CP databank.x 300M 18877 91 22440 71 11985 77 20317 75 30745 68 197.0 6 --Sequential Create-- Random Create -Create-- --Read--- -Delete-- -Create-- --Read--- -Delete-- files /sec %CP /sec %CP /sec %CP /sec %CP /sec %CP /sec %CP 16 780 95 + +++ 1454 95 776 94 + +++ 1310 88 databank.x,300M,18877,91,22440,71,11985,77,20317,75,30745,68,197.0,6,16,780,95,+,+++,1454,95,776,94,+,+++,1310,88 # /usr/local/sbin/bonnie++ -d /d/bonnie++ -u 1005:2000 Using uid:1005, gid:2000. Writing with putc()...done Writing intelligently...done Rewriting...done Reading with getc()...done Reading intelligently...done start 'em...done...done...done... Create files in sequential order...done. Stat files in sequential order...done. Delete files in sequential order...done. Create files in random order...done. Stat files in random order...done. Delete files in random order...done. Version 1.03 --Sequential Output-- --Sequential Input- --Random- -Per Chr- --Block-- -Rewrite- -Per Chr- --Block-- --Seeks-- MachineSize K/sec %CP K/sec %CP K/sec %CP K/sec %CP K/sec %CP /sec %CP databank.x 300M 99309 90 97426 14 27452 3 40240 64 57858 5 217.0 0 --Sequential Create-- Random Create -Create-- --Read--- -Delete-- -Create-- --Read--- -Delete-- files /sec %CP /sec %CP /sec %CP /sec %CP /sec %CP /sec %CP 16 2342 3 + +++ 4517 6 2379 3 + +++ 4512 3 databank.x,300M,99309,90,97426,14,27452,3,40240,64,57858,5,217.0,0,16,2342,3,+,+++,4517,6,2379,3,+,+++,4512,3 where the /b drive is on an encrypted svnd and the /d drive is unencrypted. there is a speed difference of ~4x with the encrypted disk getting ~25 MB / s and the unencrypted getting ~100 MB / s. this was done using a LSI MegaRAID SATA 300-8x adapter with backup battery, write back, caching I/O and adaptive read-ahead, with a 1.6 GHz sempron processor and 1 GB of 400 MHz DDR2 RAM on i386 4.0-release. the dmesg is posted at the end. oh, and both of these are RAID5 logical drives. the processor gets up to ~70% utilization when writing and reading the encrypted drive. if i got a faster processor would it up the maximum write and read speeds or only drop the % CPU utilization? does RAM speed make a difference here? maybe running amd64 on it instead of i386? these drives are connected to a SAF-TE backplane which connects to the controller. if the drives and the controller are SATAII, could there be a bottleneck with the backplane and/or SATA cabling? if anyone else has gotten similar performance results i'd like to see them. the unencrypted RAID1 had notably different bonnie++ results: # /usr/local/sbin/bonnie++ -d /o/bonnie++ -u 1005:2000 Using uid:1005, gid:2000. Writing with putc()...done Writing intelligently...done Rewriting...done Reading with getc()...done Reading intelligently...done start 'em...done...done...done... Create files in sequential order...done. Stat files in sequential order...done. Delete files in sequential order...done. Create files in random order...done. Stat files in random order...done. Delete files in random order...done. Version 1.03 --Sequential Output-- --Sequential Input- --Random- -Per Chr- --Block-- -Rewrite- -Per Chr- --Block-- --Seeks-- MachineSize K/sec %CP K/sec %CP K/sec %CP K/sec %CP K/sec %CP /sec %CP databank.x 300M 22612 21 58930 7 6795 1 39394 63 57890 6 131.3 0 --Sequential Create-- Random Create -Create-- --Read--- -Delete-- -Create-- --Read--- -Delete-- files /sec %CP /sec %CP /sec %CP /sec %CP /sec %CP /sec %CP 16 496 0 + +++ 4019 3 1166 1 + +++ 1357 0 databank.x,300M,22612,21,58930,7,6795,1,39394,63,57890,6,131.3,0,16,496,0,+,+++,4019,3,1166,1,+,+++,1357,0 if there is anything further that i can do
Re: i386 kernel: Identifying unconfigured devices
On 3/26/07, JT Croteau [EMAIL PROTECTED] wrote: unknown vendor 0x12de product 0x0204 (class crypto subclass network/computing, rev 0x00) at pci1 dev 2 function 0 not configured Ok, thanks to PCIdatabase.com, I have identified the vendor on this one. It's some type of Rainbow Technologies crypto device.. probably an SSL accelerator. -- JT Croteau, N1ESE - Manchester, NH http://n1ese.qrpradio.com
Re: interface order with multiple cards of same type
On 3/26/07, Aaron Martinez [EMAIL PROTECTED] wrote: My question is. I have OBSD 4.0 running on an Asus p3b-F with 6 pci slots that i'm wanting to use as a router/firewall. I have 5 fxp interfaces in the machine inserted starting from the bottom pci slot up. A second related question, in the above example, how exactly does OBSD choose the interface number? I was under the impression it used the slot to assign the interface number which is why i was so surprised to see that fxp0 the third slot, fxp2 was in the top (occupied) slot and fxp4 was in the bottom. I have all of the pci slots set to auto in the bios if that makes any difference. They are enumerated in the order they are located on the bus. The Asus P3B-F motherboard has (IIRC) 4 master and 2 slave PCI slots, where the slave slots are actually wired the same as a corresponding master. I believe the last 2 (furthest from the CPU) are the slaves, but you'd have to check the motherboard manual. Forcing the PCI slots in the BIOS, instead of leaving them set at auto, should at least get them up in the same order every time. Otherwise, the BIOS could randomly shuffle the actual interrupt routed to the A,B,C,D pins on every boot. At least, that's my experience, based on messing with nearly the same setup a few years ago. (Read: I'm not a PCI expert, but it worked for me) -- Jon
i386 kernel: Identifying unconfigured devices
I have two machines configured identically, one is following 4.0-release and the other -current. Both have two, reported in dmesg, unconfigured devices that I'd like to figure out what they are. Here are some dmesg snips: This is obviously some type of crypto device but I didn't think I had anything installed in these machines. I may just have to pop the cover and see. unknown vendor 0x12de product 0x0204 (class crypto subclass network/computing, r ev 0x00) at pci1 dev 2 function 0 not configured This is a bit more puzzling: piixpm0 at pci0 dev 15 function 0 ServerWorks OSB4 rev 0x50: polling iic0 at piixpm0 mtp008 at iic0 addr 0x2c not configured iic0: addr 0x2c 00=2c 01=ac 02=ac 03=ac 04=ac 05=ac 06=ac 07=ac 08=ac 09=ac 0a=a c 0b=ac 0c=ac 0d=ac 0e=ac 0f=ac 10=ac 11=ac 12=ac 13=ac 14=ac 15=ac 16=2c 17=ac 18=ac 19=ac 1a=ac 1b=ac 1c=ac 1d=ac 1e=ac 1f=ac 20=e2 21=48 22=18 23=53 24=1d 25 =c2 26=b6 27=69 28=18 29=1a 2a=49 2b=9f 2c=28 2d=18 2e=88 2f=1f 30=12 32=1a 33=c 0 34=7a 35=1d 36=72 37=70 38=1b 39=29 3a=64 3b=6b 3c=50 3d=6a 3e=1a 3f=1d 40=08 47=56 48=2c 49=01 4a=2c 4b=01 4c=01 4d=01 4e=1a 4f=2c 52=80 56=50 58=ac a0=e2 a1 =48 a2=18 a3=53 a4=1d a5=c2 a6=b6 a7=69 a8=18 a9=1a aa=49 ab=9f ac=28 ad=18 ae=8 8 af=1f b0=12 b2=1a b3=c0 b4=7a b5=1d b6=72 b7=70 b8=1b b9=29 ba=64 bb=6b bc=50 bd=6a be=1a bf=1d c0=08 c7=56 c8=2c c9=01 ca=01 cb=01 cc=01 cd=01 ce=01 cf=01 d2 =80 d6=50 d8=ac d9=ac da=ac db=ac dc=ac dd=ac de=ac df=ac e0=ac e1=ac e2=ac e3=a c e4=ac e5=ac e6=ac e7=ac e8=ac e9=ac ea=ac eb=ac ec=ac ed=ac ee=ac ef=ac f0=ac f1=ac f2=ac f3=ac f4=ac f5=ac f6=ac f7=ac f8=ac f9=ac fa=ac fb=ac fc=ac fd=ac fe =1a ff=ac: mtp008 mtp008 at iic0 addr 0x2e not configured iic0: addr 0x2e 00=2e 01=ac 02=ac 03=ac 04=2e 05=ac 06=ac 07=ac 08=ac 09=ac 0a=a c 0b=ac 0c=ac 0d=ac 0e=ac 0f=ac 10=ac 11=ac 12=ac 13=ac 14=ac 15=ac 16=2e 17=ac 18=ac 19=ac 1a=ac 1b=ac 1c=ac 1d=ac 1e=ac 1f=ac 20=12 21=0c 22=04 23=ea 25=58 26 =8c 27=0d 28=90 29=60 2a=d8 2b=8e 2c=48 2d=69 2e=12 2f=02 30=62 32=69 33=8b 34=3 2 35=ca 36=12 37=78 38=14 39=52 3a=4d 3b=19 3c=15 3d=68 3e=96 3f=b2 40=08 47=56 48=2e 49=01 4a=2e 4b=01 4c=01 4d=01 4e=96 4f=2e 52=80 56=50 58=ac a0=12 a1=0c a2 =04 a3=ea a5=58 a6=8c a7=0d a8=90 a9=60 aa=d8 ab=8e ac=48 ad=69 ae=12 af=02 b0=6 2 b2=69 b3=8b b4=32 b5=ca b6=12 b7=78 b8=14 b9=52 ba=4d bb=19 bc=15 bd=68 be=96 bf=b2 c0=08 c7=56 c8=2e c9=01 ca=01 cb=01 cc=01 cd=01 ce=01 cf=01 d2=80 d6=50 d8 =ac d9=ac da=ac db=ac dc=ac dd=ac de=ac df=ac e0=ac e1=ac e2=ac e3=ac e4=ac e5=a c e6=ac e7=ac e8=ac e9=ac ea=ac eb=ac ec=ac ed=ac ee=ac ef=ac f0=ac f1=ac f2=ac f3=ac f4=ac f5=ac f6=ac f7=ac f8=ac f9=ac fa=ac fb=ac fc=ac fd=ac fe=96 ff=ac: m tp008 Any input would be greatly appreciated. Thanks -- JT Croteau, N1ESE - Manchester, NH http://n1ese.qrpradio.com
Re: micro atx motherboard recommendations?
Just looking for a recommendation on a good/cheap (but not necessarily fast) microatx motherboard. Or possibly, one of those via motherboards, but needs to fit in an atx case. I _think_ the mini-itx form factor of the VIA EPIA motherboards will fit in ATX cases, but I've never tried it. That said, I've had good luck running OpenBSD on the two EPIA systems I have, the ML6000EA (fanless 600mhz) and the PD1 (1ghz, dual vr-based NICs). Dmesgs if yer interested: http://www.damnskippy.org/openbsd/dmesg.ml6000ea http://www.damnskippy.org/openbsd/dmesg.pd1000 cheers, Matt
Re: interface order with multiple cards of same type
My question is. I have OBSD 4.0 running on an Asus p3b-F with 6 pci slots that i'm wanting to use as a router/firewall. I have 5 fxp interfaces in the machine inserted starting from the bottom pci slot up. I have a very similar setup here at home - however I deliberately used a different make/model of card for the external interface than the internal interfaces so that I could distinguish them: external: xl0 internal: rl0, rl1, rl2 wireless: ral0 PCI cards are detected in the order they appear in the bus, which has absolutely no relationship to their physical positions. -- ach
Re: interface order with multiple cards of same type
* Aaron Martinez [EMAIL PROTECTED] [2007-03-26 21:54]: My question is. I have OBSD 4.0 running on an Asus p3b-F with 6 pci slots that i'm wanting to use as a router/firewall. I have 5 fxp interfaces in the machine inserted starting from the bottom pci slot up. When the machine boots up it finds them just fine, but I never know what order the cards are in. (i.e. fxp0 was in the third slot as opposed to the first or last slot populated with a card, as i would have expected). Is there a way to hard code this into the hostname.fxpN there is a way to hardcode the device name on the card,using a paper label or the like ;) -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg Amsterdam
Re: maxcluster errors
Thanks for your reply. I'm really about at my wits end with this. I think I'm going add a generic wireless router to my switch and have everyone access through that. Is it possible that there's something wrong with the ral driver? I've heard though that this is a very reliable driver under openbsd. I'm noticing that when I do a 'top' my interrupt usage stays at aroudn 30%. Again - I have to think that this is a hardware limitation on the soekris. Here is my pf.conf ext_if=sis0 dmz_if=sis1 int_if=sis2 wii_if=ral0 wired_lan= 192.168.4.0/24 wireless_lan=192.168.5.0/24 VOIP_PORTS = {4520, 4569, 5060, 5061, 5062, 1:6} VOIP_SERVERS = {IP OF VOIP SERVER} ADMIN_PORTS = {80,22,2812, 4445} ADMIN_HOSTS = {A BUNCH OF IPS} VOIP_GATEWAYS = {74.52.15.138} OUTGOING_PORTS = {80, 53} set block-policy return #scrub in all #scrub out all altq on $ext_if priq bandwidth 500Kb queue {std_out, voip_out} queue std_out priq(default) queue voip_out priority 10 altq on $wii_if priq bandwidth 40Mb queue {wii_std, wii_voip} queue wii_std priq(default) queue wii_voip priority 10 set skip on {lo0 sis1 ral0 sis2 } ###NAT nat on $ext_if from $wired_lan to any - ($ext_if) nat on $ext_if from $wireless_lan to any - ($ext_if) block log all pass quick on $ext_if proto tcp from $ADMIN_HOSTS to any port 22 keep state pass quick on $ext_if proto {tcp udp} from $ADMIN_HOSTS to any port $ADMIN_PORTS keep state pass quick on $ext_if proto {tcp udp} from $ADMIN_HOSTS to any port $VOIP_PORTS keep state pass quick on $ext_if proto {icmp} from $ADMIN_HOSTS to any pass in quick on $wii_if from $wireless_lan to $VOIP_SERVERS keep state pass in quick on $int_if from $VOIP_SERVERS to $wireless_lan keep state pass in quick on $ext_if from $VOIP_GATEWAYS to $VOIP_SERVERS pass quick on $int_if from any to any pass out quick on $ext_if from any to any keep state pass out quick from $VOIP_SERVERS to any keep state pass out quick on {$ext_if} from $VOIP_SERVERS to any keep state # Here is my netstat -m out: 9720 mbufs in use: 9670 mbufs allocated to data 47 mbufs allocated to packet headers 3 mbufs allocated to socket names and addresses 9661/9674/3 mbuf clusters in use (current/peak/max) 21784 Kbytes allocated to network (-92% in use) 0 requests for memory denied 0 requests for memory delayed 0 calls to protocol drain routines
Re: interface order with multiple cards of same type
Aaron Martinez wrote: apologies if this has been covered in the past, I searched on this and couldn't find anything, although i'm sure it's the wording i'm using. My question is. I have OBSD 4.0 running on an Asus p3b-F with 6 pci slots that i'm wanting to use as a router/firewall. I have 5 fxp interfaces in the machine inserted starting from the bottom pci slot up. When the machine boots up it finds them just fine, but I never know what order the cards are in. (i.e. fxp0 was in the third slot as opposed to the first or last slot populated with a card, as i would have expected). Is there a way to hard code this into the hostname.fxpN file, as to assign the number of the interface based on the hardware address as opposed to the ordering of the cards in the machine? I looked in the man page for hostname.if but saw no way mentioned. A second related question, in the above example, how exactly does OBSD choose the interface number? I was under the impression it used the slot to assign the interface number which is why i was so surprised to see that fxp0 the third slot, fxp2 was in the top (occupied) slot and fxp4 was in the bottom. I have all of the pci slots set to auto in the bios if that makes any difference. Someone else probably knows more than I, but here is my tiny bit of insight. First of all, according to the networking section of the faq: Combine the short alphabetical device name (such as fxp) with a number assigned by the kernel and you have an interface name (such as fxp0). The number is assigned based on various criteria, depending upon the card and other details of the system. Some cards are assigned by the order they are found during bus probing. Others may be by hardware resource settings or MAC address. Where this can cause a problem is newer boards with multiple PCI buses. Usually it is something like one pair of slots are full PCI-X up to 133MHz and another pair is put aside for slower 66MHz cards or to allow you to split the bandwidth. Board manufacturers do this because many buses (including older pci) will run at the clock of the slowest card on the bus, so giving you a separate bus allows you to have a slower card in the system without slowing down the slots your faster cards are plugged into. Unfortunately these multiple pci buses are not always set up to be probed in a simple left-to-right order when looking at the board. If you look at dmesg output you will probably see you have multiple pci buses. I may be wrong about this but these are my thoughts on the matter, someone else feel free to correct me if I am wrong. Best, Chris
Re: sshd.config and AllowUsers
Thanks for pointing me in the right direction, got it working properly now; found out the hard way to separate users by whitespace only, NOT commas. thanks On 3/26/07, Serge Basterot [EMAIL PROTECTED] wrote: Hello, On Mon, Mar 26, 2007 at 01:33:17PM -0400, Jerome Santos wrote: [...] I want to add something like this: AllowUsers user1, user2, user3 AllowUsers is a list of user name patterns, separated by _spaces_. Also take a look at the AllowGroups parameter. -- Serge
Re: Convergence time with carp(4)
On Sun, Mar 25, 2007 at 08:23:25PM +0200, Jeremie Le Hen wrote: Btw, you might consider using ifstated(8) instead of scripting sth w/ ifconfig(8). I don't understand what you are saying here. I explicitely showed the commands which can lead to my setup. They are usually handled by netstart(8) and hostname.if(5). Yes, that's just fine. I assumed you were running some sort of monitoring script.
Re: maxcluster errors
One other thing: I have discovered that when I'm not connected to the wireless network with my laptop (which has a belkin pcmcia card), the soekris seems to stay up indefinitely (mbufs keep accumulating though). This sort of leads me to believe I have some sort of setting incorrect pertaining to my wireless interface. Also, I see a LOT (over 50%) of crc errors on the workstations connected wirelessly. Not transmitting but receiving. my ral0 interface is configured thusly: ral0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:08:a1:a7:8f:d7 media: IEEE802.11 autoselect mode 11g hostap status: active ieee80211: nwid ACG_COMM chan 2 bssid 00:08:a1:a7:8f:d7 nwkey xxx 100dBm inet 192.168.5.1 netmask 0xff00 broadcast 192.168.5.255 inet6 fe80::208:a1ff:fea7:8fd7%ral0 prefixlen 64 scopeid 0x4
Re: code analysis tools
On 3/26/07, Gregg Reynolds [EMAIL PROTECTED] wrote: Hi, I wonder if the OpenBSD developers have a favored set of tools for C code analysis. E.g. the kind of stuff listed at http://www.spinroot.com/static/. Esp. stuff like http://spinroot.com/uno/. Are such tools used in OpenBSD code audits? Also, what about automatic code documentation tools (for lack of a better term)? This kind of stuff: http://en.wikipedia.org/wiki/Comparison_of_documentation_generators. I'm interested because I think OpenBSD is a terrific development platform, number one, and number two, I'd like to follow the code development practices of OpenBSD. OpenBSD... does not work like that. What made you decide it is a terrific development platform? You do not even understand it's philosophy. OpenBSD is developed with commitment and care, not automation. By the way, regarding: http://mobileink.com/mesh/, you should take a look at http://www.well.com/~doctorow/metacrap.htm. That's also an issue of care vs. automation. The world should not be saved by tech! -Nick
Re: maxcluster errors
On 2007/03/26 16:41, mail-lists wrote: I'm noticing that when I do a 'top' my interrupt usage stays at aroudn 30%. Again - I have to think that this is a hardware limitation on the soekris. soekris is not a fast i/o machine, it is a low-power machine. altq on $wii_if priq bandwidth 40Mb queue {wii_std, wii_voip} it definitely won't push 40Mb/s of data (nor will 802.11 wireless, for that matter). pass in quick on $wii_if from $wireless_lan to $VOIP_SERVERS keep state pass in quick on $int_if from $VOIP_SERVERS to $wireless_lan keep state pass in quick on $ext_if from $VOIP_GATEWAYS to $VOIP_SERVERS small packets too, that won't help. try at least a via-based machine if you want something low-powered...
umsm(4) SprintPCS users -- Merlin PC720 anyone?
I've been happily using a umsm(4) sierra wireless aircard 580[1]. It literally took less than 5 minutes to get this card moving in OpenBSD with the ppp.conf example in umsm(4). Highly recommend this card, its about $60 on ebay these days. EVDO rev a was deployed to my area, and I was happy with the sierra model (though not ecstatic over the latency), so I purchased a 'Sierra wireless aircard 595' [2]. Somebody reported success in linux[3] with this card, and umsm(4) listed this device as a maybe. I forked out the $262, and Unfortunately this was not the 5-minute success story as I had hoped for. Although it attached to ucom0, if I used cu -l /dev/cuaU0 -s 230400, I was not able to input an at (and receive OK, such as on the 580). I wondered if the 168Mhz laptop I was using it with was too old (pcmcia type II? what? it fit...), so I built a fresh 1.2Ghz i386 and used a pci-pcmcia card with similar deadlock serial. This also failed the same way on macppc. There is a 30 day return limit on these, so I've re-activated the 580 (effectively disabling the new card) and returned this product. So my question: I am using sprintpcs as my provider. Can anybody report success with the 'Merlin PC720' [4]? 1. http://www.sierrawireless.com/product/ac580.aspx 2. http://www.sierrawireless.com/product/ac595.aspx 3. http://www.pbandjelly.org/2006/12/sierra-wireless-aircard-595-configuration-sprintpcs/ 4. http://www.novatelwireless.com/products/merlin/merlin-pc720.html Thanks, jdq
Re: Serial console not working for IBM Aptiva
On 3/13/07, Damon McMahon [EMAIL PROTECTED] wrote: For the archives, the Aptiva BIOS had incorrect IRQ/address values for Serial Port 1 and Serial Port 2. A BIOS flash to the latest available version (perhaps unnecessary) and then setting these to match the values specified in pccom(4) resolved the issue. Just for the record: the same works here. OpenBSD 4.1-current (GENERIC) #1445: Thu Mar 22 11:06:59 MDT 2007 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel Pentium (P54C) (GenuineIntel 586-class) 150 MHz cpu0: FPU,V86,DE,PSE,TSC,MSR,MCE,CX8 cpu0: F00F bug workaround installed real mem = 48852992 (47708K) avail mem = 35954688 (35112K) using 627 buffers containing 2568192 bytes (2508K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+ BIOS, date 11/23/96, BIOS32 rev. 0 @ 0xfd981 pcibios0 at bios0: rev 2.1 @ 0xf/0x1 pcibios0: PCI BIOS has 6 Interrupt Routing table entries pcibios0: PCI Interrupt Router at 000:01:0 (SiS 85C503 System rev 0x00) pcibios0: PCI bus #0 is the last bus bios0: ROM list: 0xc/0x8000 0xc8000/0x1000 cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 0 function 0 SiS 5511 rev 0x00 pcib0 at pci0 dev 1 function 0 SiS 85C503 System rev 0x01 pciide0 at pci0 dev 1 function 1 SiS 5513 EIDE rev 0x08: 5597/5598: DMA, chann el 0 configured to compatibility, channel 1 configured to compatibility wd0 at pciide0 channel 0 drive 0: QUANTUM FIREBALL540A wd0: 8-sector PIO, LBA, 519MB, 1064448 sectors wd0(pciide0:0:0): using PIO mode 4, DMA mode 2 pciide0: channel 1 disabled (no drives) rl0 at pci0 dev 7 function 0 Realtek 8139 rev 0x10: irq 12, address 00:20:18:c 0:84:d1 rlphy0 at rl0 phy 0: RTL internal PHY siop0 at pci0 dev 11 function 0 Symbios Logic 53c815 rev 0x04: irq 11 scsibus0 at siop0: 8 targets sd0 at scsibus0 targ 6 lun 0: NEC, D3825, 5F14 SCSI2 0/direct fixed sd0: 696MB, 1416 cyl, 16 head, 63 sec, 512 bytes/sec, 1427328 sec total vga1 at pci0 dev 20 function 0 SiS 86C205 rev 0xd3: aperture at 0x2000, si ze 0x40 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) isa0 at pcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pcppi0 at isa0 port 0x61 midi0 at pcppi0: PC speaker spkr0 at pcppi0 lpt0 at isa0 port 0x378/4 irq 7 npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo pccom0: console fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 biomask ef6d netmask ff6d ttymask ffef pctr: 586-class performance counters and user-level cycle counter enabled dkcsum: wd0 matches BIOS drive 0x80 siop0: target 6 now using 8 bit 10.0 MHz 8 REQ/ACK offset xfers dkcsum: sd0 matches BIOS drive 0x81 root on wd0a rootdev=0x0 rrootdev=0x300 rawdev=0x302
squid occasionally exits
I've been getting this error periodically when squid terminates: Mar 26 14:49:21 fire squid[22218]: Squid Parent: child process 2358 started Mar 26 14:49:21 fire squid[22218]: Squid Parent: child process 2358 exited due to signal 6 Mar 26 14:49:24 fire squid[22218]: Squid Parent: child process 23951 started Mar 26 14:49:33 fire squid[22218]: Squid Parent: child process 23951 exited due to signal 6 Mar 26 14:49:36 fire squid[22218]: Squid Parent: child process 11292 started Mar 26 14:49:36 fire squid[22218]: Squid Parent: child process 11292 exited due to signal 6 Mar 26 14:49:39 fire squid[22218]: Squid Parent: child process 5758 started Mar 26 14:49:40 fire squid[22218]: Squid Parent: child process 5758 exited due to signal 6 Mar 26 14:49:40 fire squid[22218]: Exiting due to repeated, frequent failures partial cache.log file: this first line is repeated several hundred times 2007/03/26 14:48:20| parseHttpRequest: PF open failed: (13) Permission denied FATAL: Received Segment Violation...dying. 2007/03/26 14:49:14| storeDirWriteCleanLogs: Starting... 2007/03/26 14:49:14| WARNING: Closing open FD 12 2007/03/26 14:49:14| Finished. Wrote 9679 entries. 2007/03/26 14:49:14| Took 0.0 seconds (1063275.8 entries/sec). CPU Usage: 267.953 seconds = 139.500 user + 128.453 sys Maximum Resident Size: 0 KB Page faults with physical i/o: 4 2007/03/26 14:49:17| Starting Squid Cache version 2.5.STABLE13 for i386-unknown-openbsd4.0... 2007/03/26 14:49:17| Process ID 25658 2007/03/26 14:49:17| With 1024 file descriptors available 2007/03/26 14:49:17| Performing DNS Tests... 2007/03/26 14:49:17| Successful DNS name lookup tests... 2007/03/26 14:49:17| DNS Socket created at 0.0.0.0, port 3295, FD 5 2007/03/26 14:49:17| Adding nameserver 64.1.201.134 from /etc/resolv.conf 2007/03/26 14:49:17| Adding nameserver 64.1.201.135 from /etc/resolv.conf 2007/03/26 14:49:17| Adding nameserver 127.0.0.1 from /etc/resolv.conf 2007/03/26 14:49:17| Unlinkd pipe opened on FD 10 2007/03/26 14:49:17| Swap maxSize 102400 KB, estimated 7876 objects 2007/03/26 14:49:17| Target number of buckets: 393 2007/03/26 14:49:17| Using 8192 Store buckets 2007/03/26 14:49:17| Max Mem size: 8192 KB 2007/03/26 14:49:17| Max Swap size: 102400 KB 2007/03/26 14:49:17| Rebuilding storage in /var/squid/cache (CLEAN) 2007/03/26 14:49:17| Using Least Load store dir selection 2007/03/26 14:49:17| Set Current Directory to /var/squid/cache 2007/03/26 14:49:17| Loaded Icons. 2007/03/26 14:49:17| Accepting HTTP connections at 127.0.0.1, port 3128, FD 12. 2007/03/26 14:49:17| Accepting ICP messages at 0.0.0.0, port 3130, FD 13. 2007/03/26 14:49:17| WCCP Disabled. 2007/03/26 14:49:17| Ready to serve requests. 2007/03/26 14:49:17| Store rebuilding is 42.3% complete 2007/03/26 14:49:17| parseHttpRequest: PF open failed: (13) Permission denied 2007/03/26 14:49:17| Done reading /var/squid/cache swaplog (9679 entries) 2007/03/26 14:49:17| Finished rebuilding storage from disk. 2007/03/26 14:49:17| 9679 Entries scanned 2007/03/26 14:49:17| 0 Invalid entries. 2007/03/26 14:49:17| 0 With invalid flags. 2007/03/26 14:49:17| 9679 Objects loaded. 2007/03/26 14:49:17| 0 Objects expired. 2007/03/26 14:49:17| 0 Objects cancelled. 2007/03/26 14:49:17| 0 Duplicate URLs purged. 2007/03/26 14:49:17| 0 Swapfile clashes avoided. 2007/03/26 14:49:17| Took 0.6 seconds (17272.0 objects/sec). 2007/03/26 14:49:17| Beginning Validation Procedure 2007/03/26 14:49:17| Completed Validation Procedure 2007/03/26 14:49:17| Validated 9679 Entries 2007/03/26 14:49:17| store_swap_size = 92240k FATAL: Received Segment Violation...dying. 2007/03/26 14:49:18| storeDirWriteCleanLogs: Starting... 2007/03/26 14:49:18| Finished. Wrote 9679 entries. 2007/03/26 14:49:18| Took 0.0 seconds (2094568.3 entries/sec). CPU Usage: 0.125 seconds = 0.062 user + 0.062 sys Maximum Resident Size: 0 KB Page faults with physical i/o: 0 2007/03/26 14:49:21| Starting Squid Cache version 2.5.STABLE13 for i386-unknown-openbsd4.0... 2007/03/26 14:49:21| Process ID 2358 2007/03/26 14:49:21| With 1024 file descriptors available 2007/03/26 14:49:21| Performing DNS Tests... 2007/03/26 14:49:21| Successful DNS name lookup tests... 2007/03/26 14:49:21| DNS Socket created at 0.0.0.0, port 10601, FD 5 2007/03/26 14:49:21| Adding nameserver 64.1.201.134 from /etc/resolv.conf 2007/03/26 14:49:21| Adding nameserver 64.1.201.135 from /etc/resolv.conf 2007/03/26 14:49:21| Adding nameserver 127.0.0.1 from /etc/resolv.conf 2007/03/26 14:49:21| Unlinkd pipe opened on FD 10 2007/03/26 14:49:21| Swap maxSize 102400 KB, estimated 7876 objects 2007/03/26 14:49:21| Target number of buckets: 393 2007/03/26 14:49:21| Using 8192 Store buckets 2007/03/26 14:49:21| Max Mem size: 8192 KB 2007/03/26 14:49:21| Max Swap size: 102400 KB 2007/03/26 14:49:21| Rebuilding storage in /var/squid/cache (CLEAN)
Re: code analysis tools
ectags ctags cscope All work fine within emacsOS and vim. http://fxr.watson.org/ is invaluable too. On Mon, Mar 26, 2007 at 02:16:49PM -0500, Gregg Reynolds wrote: Clarification: I'm mostly interested in source browser tools (e.g. cscope, e/t/gtags, global, etc.) or whatever can help a developer understand unfamiliar source code in the shortest possible time. Is there a preferred tool among OpenBSD developers? On 3/26/07, Gregg Reynolds [EMAIL PROTECTED] wrote: Hi, I wonder if the OpenBSD developers have a favored set of tools for C code analysis. E.g. the kind of stuff listed at http://www.spinroot.com/static/. Esp. stuff like http://spinroot.com/uno/. Are such tools used in OpenBSD code audits? Also, what about automatic code documentation tools (for lack of a better term)? This kind of stuff: http://en.wikipedia.org/wiki/Comparison_of_documentation_generators. I'm interested because I think OpenBSD is a terrific development platform, number one, and number two, I'd like to follow the code development practices of OpenBSD. Thanks, Gregg
Re: maxcluster errors
Your pf.conf looks okay. If there is a lot of IPs on your VOIP Servers and ADMIN_HOSTS you may want to consider using tables. How many users do you have on your network? After business hours do you notice your mbuf clusters go down? As Stuart said soekris is not meant for high performance. If you are seeing 50% of CRC errors on the wireless network, you might want to try a different wireless access point to see if it makes any difference in the CRC errors. CRC can be hardware issues. rc On 3/26/07, mail-lists [EMAIL PROTECTED] wrote: One other thing: I have discovered that when I'm not connected to the wireless network with my laptop (which has a belkin pcmcia card), the soekris seems to stay up indefinitely (mbufs keep accumulating though). This sort of leads me to believe I have some sort of setting incorrect pertaining to my wireless interface. Also, I see a LOT (over 50%) of crc errors on the workstations connected wirelessly. Not transmitting but receiving. my ral0 interface is configured thusly: ral0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:08:a1:a7:8f:d7 media: IEEE802.11 autoselect mode 11g hostap status: active ieee80211: nwid ACG_COMM chan 2 bssid 00:08:a1:a7:8f:d7 nwkey xxx 100dBm inet 192.168.5.1 netmask 0xff00 broadcast 192.168.5.255 inet6 fe80::208:a1ff:fea7:8fd7%ral0 prefixlen 64 scopeid 0x4
Re: VPN
On 26/03/2007, at 6:22 PM, Siju George wrote: Most probably you are sufferring from the PPTP problem with OpenBSD and PF. This is an excerpt from his website The last time i talked with him he said he is writing a PPTP proxy for OpenBSD and PF just like the FTP-Proxy. So it should be available soon :-) Frickin works for me on OpenBSD 4.0... http://frickin.sourceforge.net/ Shane J Pearson shanejp netspace net au
Re: code analysis tools
On Monday 26 March 2007 17:24, Marco Peereboom wrote: ectags ctags cscope All work fine within emacsOS and vim. Marco, are you running emacsOS on the SIMH PDP-8 emulator or did you go buy one of the original machines?
Re: code analysis tools
On 3/26/07, Nick ! [EMAIL PROTECTED] wrote: OpenBSD... does not work like that. What made you decide it is a terrific development platform? You do not even understand it's philosophy. I understand the Standard Response to that would be RTFM. But that would be unhelpful, and even worse, rude. So please see item one (and most of the others) at http://www.openbsd.org/goals.html, and once you've mastered that, see http://www.openbsd.org/papers/asiabsdcon07-development/index.html. Thanks very much for your helpful pointers. Please do not feel obligated to respond.
Re: VPN
Hi, Thanks for the brief explanation about vpn going through NAT and vpn based on pptp, so the solution right now is to wait for the pptp-proxy to be created. How about linux ipcop, how come it works, we didn't configure anything regarding vpn, we just followed the steps on setting up the firewall and thats it. Does linux already have a solution for this (vpn going thru NAT)? Kind regards, Appie Siju George wrote: On 3/26/07, Appie [EMAIL PROTECTED] wrote: Hi, Been using OpenBSD 4.0 w/ PF for a quite a while now, everything is running perfectly smooth, our setup is to block all incoming packets while allow all for outbound packets as long as connections are initiated from within our local lan. The only problem we encountered was that we can't connect simultaneous vpn connections to via windows XP vpn connectivity to our branch server. We can connect one at a time. Is there something I need to configure? We Tested it with another firewall setup (ipcop firewall) and it works. Hoping for your help. Thanks much. -- Most probably you are sufferring from the PPTP problem with OpenBSD and PF. This is an excerpt from his website === NAT relies on the uniqueness of the source and destination IP addresses and ports of each TCP and UDP packet. Whereas PPTP is a protocol over IP and it uses neither TCP nor UDP for encapsulation. Instead it uses GRE which is a protocol over IP. PPTP has a control phase in which it negotiates parameters over a control connection. This happens over destination TCP port 1723. You know that the destination TCP port of HTTP is 80. This is exactly like that. However, once the PPTP control negotiation is over, the VPN tunnel packets go over GRE which has no concept of port numbers. So the only way a router identifies different GRE tunnels are by looking at the destination IP address. Since NAT hides multiple destination IP addresses behind a single global IP address, the NAT device has very good reason to get confused as to which private IP address a particular GRE packet corresponds to. PPTP fortunately has a concept of callid for multiplexing simultaneous PPTP sessions. Even here we have a difficulty. Usually with TCP or IP, the source and destination port numbers are sent in the header of each packet. Whereas in the case of PPTP, only the destination callid is present in each packet. So incoming packets have the callid of the PPTP client and outgoing PPTP packets have the callid of the PPTP server. How does the NAT machine determine the internal IP address the callid corresponds to? To make things worse, as is to be expected from Micro$oft products, the incoming callid is always 0 for PPTP clients. So this makes it technically infeasibly to multiplex. = The last time i talked with him he said he is writing a PPTP proxy for OpenBSD and PF just like the FTP-Proxy. So it should be available soon :-) Kind Regards Siju -- View this message in context: http://www.nabble.com/VPN-tf3465334.html#a9684762 Sent from the openbsd user - misc mailing list archive at Nabble.com.
Re: code analysis tools
On 3/26/07, Tobias Ulmer [EMAIL PROTECTED] wrote: lint(1), gcc-local(1) style(7) may be worth reading... Thank you; I didn't know about those man pages; I'll have to dig around and find what other similar pages are there. OpenBSD's documentation is pretty amazing. -gregg
Re: code analysis tools
Nope, I am a vim whore! On Mon, Mar 26, 2007 at 05:55:48PM -0700, J.C. Roberts wrote: On Monday 26 March 2007 17:24, Marco Peereboom wrote: ectags ctags cscope All work fine within emacsOS and vim. Marco, are you running emacsOS on the SIMH PDP-8 emulator or did you go buy one of the original machines?
Re: code analysis tools
On 3/26/07, Marco Peereboom [EMAIL PROTECTED] wrote: ectags ctags cscope All work fine within emacsOS and vim. http://fxr.watson.org/ is invaluable too. I see GNU Global does something similar: http://www.tamacom.com/tour.html. Ever looked at it? BTW I plan to write up a paper or guide on tools and resources for development on OpenBSD with this info. Thanks, -gregg
enlarge the drive
Hi All, I had a problem, I do as been told by the OpenBSD cover on installation of the drive. 80m for / 300m for swap 80m for /tmp 80m for /var 2g for /usr all the other for /home however it seem that my /var allocated more than 70%, I will like to enlarge it. I use all my partition in the hardisk for OpenBSD. Can I enlarge it without effecting the /home contain. I want to reduce the /home size. Best regards and Thanks Riwan
Re: maxcluster errors
On 3/26/07, Stuart Henderson [EMAIL PROTECTED] wrote: On 2007/03/26 16:41, mail-lists wrote: I'm noticing that when I do a 'top' my interrupt usage stays at aroudn 30%. Again - I have to think that this is a hardware limitation on the soekris. soekris is not a fast i/o machine, it is a low-power machine. altq on $wii_if priq bandwidth 40Mb queue {wii_std, wii_voip} it definitely won't push 40Mb/s of data (nor will 802.11 wireless, for that matter). No, I don't imagine it would. Those queues aren't actually being used though. I'd say maybe 10Mb/s at most right now pass in quick on $wii_if from $wireless_lan to $VOIP_SERVERS keep state pass in quick on $int_if from $VOIP_SERVERS to $wireless_lan keep state pass in quick on $ext_if from $VOIP_GATEWAYS to $VOIP_SERVERS small packets too, that won't help. Yeah, I was afraid of that. However, another soekris I have seems to do fine with ~ 30Mb/s peaks, also handling a fair amount of VOIP traffic. The difference is that it's not serving as a wireless AP
Re: enlarge the drive
On 3/26/07, riwanlky [EMAIL PROTECTED] wrote: Hi All, I had a problem, I do as been told by the OpenBSD cover on installation of the drive. 80m for / 300m for swap 80m for /tmp 80m for /var 2g for /usr all the other for /home It actually says that's an example only ;) however it seem that my /var allocated more than 70%, I will like to enlarge it. I use all my partition in the hardisk for OpenBSD. Can I enlarge it without effecting the /home contain. I want to reduce the /home size. Short answer: no. Give up now and reinstall now that you know what you need. Long answer: Yes, the FAQ which you sound like you've read does imply that this is possible. However, this is pretty low-level stuff so it's really tricky. All the filesystems right now are packed together (or probably are at least; you can check your disklabel to see, with some graphing paper and patience, exactly where they are positioned). If you've left unused space at the end, and /var is the lastmost partition, it will be possible to grow it. See growfs(8) and read it very carefully. But you would probably be better off doing a clean install. Good luck, -Nick
Re: two default route
Hai Mr. Stuart Henderson, Thanks for the hint on -mpath. I am just trying to get the internal to external. I had two ISP, and when I try to route add default at the second time I got route: writing to routing socket: File exists add net default: gateway 10.10.10.2: File exists So I am wondering how do I send out traffic to the ISP if I don't have routing. I know that I can use PF to route the internal to external traffic. I thought that I need routing in order to use PF. I mean to say that I can't use OpenOSPFD and OpenBGPD. My mistake. Sorry for the inconvenience. The ISP will not support it, the only can support static route from us and from them to us. Best regards and thanks. Riwan At 03:24 PM 3/26/2007 +0100, Stuart Henderson wrote: On 2007/03/26 20:33, riwanlky wrote: I have two ISP, and wondering how should I setup the default route to the ISP. you need to give a lot more information about what you're trying to do to get a useful answer. how are you connecting to them? how do they know how to route packets to you? do you have your own address space or are you using your space from your providers? if you're using provider address space, will they allow you to send them packets with somebody else's source address? I am wondering if I have two gateway going to the same route can I use metric? route add 0.0.0.0/0 192.168.6.1 10 route add 0.0.0.0/0 192.168.6.2 100 OpenBSD doesn't use metrics like this in the routing table, you can do something similar with PF load-balancing or 'probability' There is equal-cost multipath support but unless I missed something, it's not supported by the routing daemons yet, you can use it with static routes using -mpath, see route(8) I can used OpenOSPFD or OpenBGPD. will your ISPs listen to your announcements? realistically, I think if you are going to be able to handle running BGP with your providers, you probably wouldn't be asking this question.
Re: enlarge the drive
On Mon, Mar 26, 2007 at 11:43:51PM -0400, Nick ! wrote: Short answer: no. Give up now and reinstall now that you know what you need. Long answer: Yes, the FAQ which you sound like you've read does imply that this is possible. However, this is pretty low-level stuff so it's really tricky. All the filesystems right now are packed together (or probably are at least; you can check your disklabel to see, with some graphing paper and patience, exactly where they are positioned). If you've left unused space at the end, and /var is the lastmost partition, it will be possible to grow it. See growfs(8) and read it very carefully. But you would probably be better off doing a clean install. Reinstall may be the easiest and cleanest. There's also another alternative that you left out, which I have done before. If you have unused space at the end, you can add a slice and newfs for a new /var, then reboot single user and copy everything over, edit fstab, etc. Not *too* tricky at all, if the space is there to begin with. -- Darrin Chandler| Phoenix BSD User Group | MetaBUG [EMAIL PROTECTED] | http://phxbug.org/ | http://metabug.org/ http://www.stilyagin.com/ | Daemons in the Desert | Global BUG Federation
no incoming message for sendmail
Today I upgraded my mail server from OpenBSD 3.7 to 4.0 (patches 2 thru 10 applied) and even though ps -aux shows sendmail: accepting connections (sendmail) I'm not getting any incoming messages. I tried several times to send myself messages and had others send me messages from various services but noting is coming in. To create my sendmail.cf file I started with openbsd-proto.mc and filled in my domain information. My my.mc file is (minus the dnl lines: divert(-1) divert(0)dnl VERSIONID(`@(#)openbsd-proto.mc $Revision: 1.11 $')dnl OSTYPE(openbsd)dnl define(`confPRIVACY_FLAGS', `authwarnings,needmailhelo,noexpn,novrfy,nobodyreturn')dnl define(`confCW_FILE', `-o MAIL_SETTINGS_DIR`'local-host-names')dnl define(`confCT_FILE', `-o MAIL_SETTINGS_DIR`'trusted-users')dnl define(`confLOG_LEVEL',`15')dnl FEATURE(nouucp, `reject')dnl FEATURE(`access_db', `hash -o -TTMPF /etc/mail/access')dnl FEATURE(`blacklist_recipients')dnl FEATURE(`use_cw_file')dnl FEATURE(`mailertable', `hash -o /etc/mail/mailertable')dnl FEATURE(`use_ct_file')dnl FEATURE(`virtusertable', `hash -o /etc/mail/virtusertable')dnl FEATURE(genericstable, `hash -o /etc/mail/genericstable')dnl FEATURE(always_add_domain)dnl FEATURE(redirect)dnl FEATURE(`no_default_msa')dnl DAEMON_OPTIONS(`Family=inet, Address=0.0.0.0, Name=MTA')dnl DAEMON_OPTIONS(`Family=inet6, Address=::, Name=MTA6, M=O')dnl DAEMON_OPTIONS(`Family=inet, Address=0.0.0.0, Port=587, Name=MSA, M=E')dnl DAEMON_OPTIONS(`Family=inet6, Address=::, Port=587, Name=MSA6, M=O, M=E')dnl CLIENT_OPTIONS(`Family=inet, Address=0.0.0.0')dnl CLIENT_OPTIONS(`Family=inet6, Address=::')dnl define(`confBIND_OPTS', `WorkAroundBroken')dnl MASQUERADE_AS(`my-company.com')dnl FEATURE(masquerade_envelope)dnl FEATURE(masquerade_entire_domain)dnl MAILER(local)dnl MAILER(smtp)dnl LOCAL_RULESETS HMessage-Id: $CheckMessageId SCheckMessageId R $+ @ $+ $@ OK R$* $#error $: 553 Header Error I've removed the STARTTLS and CLAMAV settings I was using. I copied the /etc/mail files from my previous installation: - relay-domains (contains my domain) - local-host-names (contains various names for my server) - aliases (aliases.db created using: newaliases) - access (access.db created using: makemap hash /etc/mail/access /etc/mail/access) - all other /etc/mail files are unchanged I also set the confLOG_LEVEL to 15 so that I can see more information on the incoming and outgoing messages thinking that would help. I see nothing for incoming message but lots of information on outgoing messages. sendmail.cf was created and sendmail was started using: cd /usr/share/sendmail/cf m4 /usr/share/sendmail/m4/cf.m4 my.mc my.cf mv my.cf /etc/mail/sendmail.cf kill `head -1 /var/run/sendmail.pid` /usr/sbin/sendmail -L sm-mta -C/etc/mail/sendmail.cf -bd -q30m These lines from pf.conf in my firewall redirect incoming traffic to my mail server. This worked before I upgraded. ext_if = xl2 myAddress = 192.168.0.1 mailServer = 192.168.2.2 rdr on $ext_if proto tcp from any to $myAddress port 25 - $mailServer port 25 My ISP supplies a router/DSL modem (Cayman Model 3346 DSL Ethernet Switch) and I've redirected all it's incoming traffic to my firewall. I don't know what might have changed from OpenBSD 3.7 to 4.0 in sendmail. Does anyone have suggestions for what might be the problem with sendmail? I wouldn't think my ISP would block my incoming messages.
Re: VPN
Sori , my mistake , we did put a check mark (enabled) vpn and assign a local vpn hostname / IP on IPcop's global VPN settings. Regards, Rafael Appie wrote: Hi, Thanks for the brief explanation about vpn going through NAT and vpn based on pptp, so the solution right now is to wait for the pptp-proxy to be created. How about linux ipcop, how come it works, we didn't configure anything regarding vpn, we just followed the steps on setting up the firewall and thats it. Does linux already have a solution for this (vpn going thru NAT)? Kind regards, Appie Siju George wrote: On 3/26/07, Appie [EMAIL PROTECTED] wrote: Hi, Been using OpenBSD 4.0 w/ PF for a quite a while now, everything is running perfectly smooth, our setup is to block all incoming packets while allow all for outbound packets as long as connections are initiated from within our local lan. The only problem we encountered was that we can't connect simultaneous vpn connections to via windows XP vpn connectivity to our branch server. We can connect one at a time. Is there something I need to configure? We Tested it with another firewall setup (ipcop firewall) and it works. Hoping for your help. Thanks much. -- Most probably you are sufferring from the PPTP problem with OpenBSD and PF. This is an excerpt from his website === NAT relies on the uniqueness of the source and destination IP addresses and ports of each TCP and UDP packet. Whereas PPTP is a protocol over IP and it uses neither TCP nor UDP for encapsulation. Instead it uses GRE which is a protocol over IP. PPTP has a control phase in which it negotiates parameters over a control connection. This happens over destination TCP port 1723. You know that the destination TCP port of HTTP is 80. This is exactly like that. However, once the PPTP control negotiation is over, the VPN tunnel packets go over GRE which has no concept of port numbers. So the only way a router identifies different GRE tunnels are by looking at the destination IP address. Since NAT hides multiple destination IP addresses behind a single global IP address, the NAT device has very good reason to get confused as to which private IP address a particular GRE packet corresponds to. PPTP fortunately has a concept of callid for multiplexing simultaneous PPTP sessions. Even here we have a difficulty. Usually with TCP or IP, the source and destination port numbers are sent in the header of each packet. Whereas in the case of PPTP, only the destination callid is present in each packet. So incoming packets have the callid of the PPTP client and outgoing PPTP packets have the callid of the PPTP server. How does the NAT machine determine the internal IP address the callid corresponds to? To make things worse, as is to be expected from Micro$oft products, the incoming callid is always 0 for PPTP clients. So this makes it technically infeasibly to multiplex. = The last time i talked with him he said he is writing a PPTP proxy for OpenBSD and PF just like the FTP-Proxy. So it should be available soon :-) Kind Regards Siju -- View this message in context: http://www.nabble.com/VPN-tf3465334.html#a9686323 Sent from the openbsd user - misc mailing list archive at Nabble.com.
Re: sshd.config and AllowUsers
Others have mentioned the correct syntax already. One suggestion which helps administration is to assign or revoke access (or other privileges) based on groups rather than individual users. In otherwords, make the users members of a group and grant that group access. It helps scalability, maintenance, and testing. Regards, -Lars Lars NoodC)n ([EMAIL PROTECTED]) Ensure access to your data now and in the future http://opendocumentfellowship.org/about_us/contribute
Re: VPN
It may not be the wisest thing to be trying PPTP. In addition to the technical problems you are encountering, there seem to be some grave issues with the protocol itself, http://www.schneier.com/pptp-faq.html which are apparently not resolved entirely even in later versions. IPsec and SSL are both standards and, as such, supported even by legacy platforms. It might be useful to phase out PPTP in favor of IPsec. -Lars Lars NoodC)n ([EMAIL PROTECTED]) Ensure access to your data now and in the future http://opendocumentfellowship.org/about_us/contribute
Re: VPN
It may not be the wisest thing to be trying PPTP. In addition to the technical problems you are encountering, there seem to be some grave issues with the protocol itself, http://www.schneier.com/pptp-faq.html which are apparently not resolved entirely even in later versions. PPTP sucks, but if you have some models of Palm device it's all you get to use - they just don't do anything more secure. Sure, it's all software but i have yet to see an IPSec or SSL-based VPN client for my Palm. It's useless wireless won't even do WPA (ok, so I got it before WPA was around, but there isn't even a software upgrade). IPsec and SSL are both standards and, as such, supported even by legacy platforms. It might be useful to phase out PPTP in favor of IPsec. IPSec can be confusing to configure the first time round - it took me a little while to come to terms with it. It has the advantage the newer version of Winblows support it out of the box, so your average L-user will have no trouble getting on your VPN. (s/no trobule/minimal trouble/). OpenVPN is ssl-based and seems to work quite well. It's also able to be easily tunneled over HTTP proxies if you need to access the VPN from behind a restrictive firewall. I've used OpenVPN on Linux servers, clients and Windows boxes. Never had a hiccup with it. I don't know how well it works in OpenBSD though. If you're stuck with PPTP just be sure to know its limits. Read the web page posted before and probably keep it on a separate box with different usernames/passwords to your main machines. You might consider allowing access to only certain services via the VPN too, just to limit the damage that can occur due to PPTP's inherrent insecurity. I found that the free servers were really painfully slow too - I don't know whether that's an artificial limitation or not because the server was never very heavily loaded and PPTP wouldn't do more than a couple of megabits a second over a solid wireless connection. Cheers, A
Re: code analysis tools
From: Gregg Reynolds [EMAIL PROTECTED] On 3/26/07, Marco Peereboom [EMAIL PROTECTED] wrote: ectags ctags cscope All work fine within emacsOS and vim. http://fxr.watson.org/ is invaluable too. I see GNU Global does something similar: Has anyone played with OpenGrok yet? http://www.opensolaris.org/os/project/opengrok/
Re: code analysis tools
On Tue, Mar 27, 2007 at 05:10:48AM +, [EMAIL PROTECTED] wrote: Has anyone played with OpenGrok yet? http://opengrok.creo.hu/openbsd/