Why is pf blocking some port 80 traffic??
Hello.. I just added a rule to allow port 80 traffic into my server and started noticing some odd blocks occuring. It seems that some web connections are losing their state and sending an R or F flag which gets blocked. I am not sure of the time but I think once I was refreshing the page and it seemed to hang for a good 20 seconds before I could get my page. Here are some lines from the pflog where the issue shows up.. May 06 18:07:06.149898 rule 8/(match) pass in on fxp0: 67.8.88.172.62876 10.1.1.100.80: S 2727135807:2727135807(0) win 65535 mss 1460,nop,nop,sackOK (DF) May 06 18:16:26.957972 rule 0/(match) block in on fxp0: 67.8.88.172.62960 10.1.1.100.80: F 2727136588:2727136588(0) ack 623850661 win 65535 (DF) May 06 18:16:26.958424 rule 8/(match) pass in on fxp0: 67.8.88.172.62961 10.1.1.100.80: S 1091526713:1091526713(0) win 65535 mss 1460,nop,nop,sackOK (DF) May 06 18:16:28.804891 rule 0/(match) block in on fxp0: 67.8.88.172.62960 10.1.1.100.80: F 0:0(0) ack 1 win 65535 (DF) May 06 18:16:32.633583 rule 0/(match) block in on fxp0: 67.8.88.172.62960 10.1.1.100.80: F 0:0(0) ack 1 win 65535 (DF) May 06 18:16:40.289950 rule 0/(match) block in on fxp0: 67.8.88.172.62960 10.1.1.100.80: F 0:0(0) ack 1 win 65535 (DF) May 06 18:16:55.493370 rule 0/(match) block in on fxp0: 67.8.88.172.62960 10.1.1.100.80: F 0:0(0) ack 1 win 65535 (DF) also.. here is another section.. May 06 18:24:41.324639 rule 8/(match) pass in on fxp0: 67.8.88.172.62984 10.1.1.100.80: S 2030330019:2030330019(0) win 65535 mss 1460,nop,nop,sackOK (DF) May 06 19:35:07.332356 rule 8/(match) pass in on fxp0: 67.8.241.41.3674 10.1.1.100.80: S 2875074564:2875074564(0) win 64240 mss 1460,nop,nop,sackOK (DF) May 06 19:35:07.374344 rule 8/(match) pass in on fxp0: 67.8.241.41.3676 10.1.1.100.80: S 2875172601:2875172601(0) win 64240 mss 1460,nop,nop,sackOK (DF) May 06 19:35:07.424298 rule 8/(match) pass in on fxp0: 67.8.241.41.3677 10.1.1.100.80: S 2875257357:2875257357(0) win 64240 mss 1460,nop,nop,sackOK (DF) May 06 19:35:38.350378 rule 8/(match) pass in on fxp0: 67.8.241.41.3735 10.1.1.100.80: S 2885203952:2885203952(0) win 64240 mss 1460,nop,nop,sackOK (DF) May 06 21:21:45.029460 rule 8/(match) pass in on fxp0: 67.8.88.172.63891 10.1.1.100.80: S 2683364380:2683364380(0) win 65535 mss 1460,nop,nop,sackOK (DF) May 06 21:22:26.591912 rule 6/(match) pass in on fxp0: 10.1.1.200.15282 10.1.1.100.42849: S 4082795711:4082795711(0) win 65535 mss 1460,nop,nop,sackOK (DF) May 06 21:23:21.436194 rule 8/(match) pass in on fxp0: 67.8.88.172.63893 10.1.1.100.80: S 1713087682:1713087682(0) win 65535 mss 1460,nop,nop,sackOK (DF) May 06 21:23:49.446089 rule 8/(match) pass in on fxp0: 67.8.88.172.63894 10.1.1.100.80: S 1117169177:1117169177(0) win 65535 mss 1460,nop,nop,sackOK (DF) May 06 21:24:00.538759 rule 0/(match) block in on fxp0: 67.8.241.41.3735 10.1.1.100.80: R 2885205581:2885205581(0) win 0 (DF) Here are my pf rules scrub in all fragment reassemble block drop in log on fxp0 all block out log on fxp0 all pass out on fxp0 inet proto tcp from 10.1.1.100 to 10.1.1.1 port = domain flags S/SA keep state (if-bound) pass out on fxp0 inet proto udp from 10.1.1.100 to 10.1.1.1 port = domain keep state (if-bound) pass out on fxp0 inet proto udp from 10.1.1.100 to any port = ntp keep state (if-bound) pass out on fxp0 inet proto tcp from 10.1.1.100 to any port = smtp flags S/SA keep state (if-bound) pass in log on fxp0 inet proto tcp from 10.1.1.200 to 10.1.1.100 port = 42849 flags S/SA synproxy state (if-bound) pass in log on fxp0 inet proto tcp from USAddrs to 10.1.1.100 port = 42849 flags S/SA synproxy state (if-bound) pass in log on fxp0 inet proto tcp from any to 10.1.1.100 port = www flags S/SA synproxy state (if-bound) I feel like it is something I am doing wrong... or maybe some web clients will do odd things after a period of time. Anyone seen this before? Thanks
Re: Really stuck and help needed of resources depletions on web servers.
OK, I have some update on this one. It's not fix, but I was finally able to isolate how that problem is trigger. May be fix now, I don't know, but I am passing the informations in case it's useful and also if someone could tell me if there was a logic behind it and if yes it would not happen in newer release. What happen is so far 5 times I have the server crash, or I should say, freeze and sometime with the display showing extend_alloc_supregion: can't allocated region Spelling may be wrong a bit as it was from a voice mail I give myself as I didn't have a pen to right down with and there wasn't anyway to access the keyboard, or console. All was frozen and no key was doing anyway. This is on 3.9 and the dmesg was send before on this thread. Now what's going on is the server stop responding, no access, no console, no keyboard, only reset will bring it back. But the broadcom network cards still answer to ping, so it didn't allow my CARP setup to kick in sadly here. Now I did put in place a few trap and logs to try to see what's causing this as I had some ideas before, but wasn't sure to pass that along. However now I am. Each time, all 5, it was cause when I have a script that run well for 4 years, but as traffic grow on this web server so does the logs as well. Every time, I process the logs with webalizer, no problem what so ever. Then a few customers wants the awstats version. So, I process that as well, however it's also processing multiple logs, but when the awstats PERL stuff kicks in, it does get the resources to the roof and badly so, that so far it had the impact of freezing the server as a results of this. Now, why PERL would do this, I have no clue, but it does anyway in the usage done by awstats. So far I reproduce this 5 times, so it's pretty consistent. What may cause this, I do not know more, but look like when PERL needs to process huge amount of data, it end up affecting the server in ways to make it crash/freeze. No,w that I was able to isolate the cause I will proceed the upgrades to 4.0 as I still don't have my CD for 4.1 yet, so I can't do that. It was order a long time ago, but with a book as well that was taken out now. So, I expect that to be the cause of the delay. Anyway, any feedback as to how PERL may cause this and what may be done to avoid this? Hope this is useful to some and if not, then sorry for the noise. Best, Daniel
Re: Error building 4.1-stable kernel from source on sparc64
On Wed, 2007-05-02 at 14:11 -0400, Josh Grosse wrote: Just a wild guess, but did you forget to include comp41.tgz in your install/upgrade? No. I've just reextracted it just to be sure, but I still get the same error. ciao Luca
Re: OpenBSD 4.1 Torrents
2007/5/7, Adam Hawes [EMAIL PROTECTED]: MD5 is proven weak. It's possible to take almost any file and its MD5 then create an identically sized file with the same hash in a reasonable time. This can be used to pass out an arbitrary CD image that completely trashes the contents of your hard disk. It doesn't even need to be OpenBSD on the CD. Your mixing collision and preimage attacks. The former are possible, the latter not. Still, it's certainly time to switch to something better. PGP comes to mind... Best Martin
Re: ACPI question and status request
Gordon Willem Klok wrote: On Sat, May 05, 2007 at 02:32:17AM +0200, Alexander Hall wrote: acpicpu0 at acpi0: CPU0: 866, 667 MHz apmd -C is your friend, without acpi this is done in SMM by the bios at least it was on my lattitude before it kicked the bucket. $ pgrep -fl apmd 214 /usr/sbin/apmd -C Thanks, but that was not really the issue. I was rather worried about fscking up the cooling of the machine or risking to damage something else by disabling the built-in routines and instead using something that might not fully handle everything. However, if I do not get any more answers, I will assume that things more or less just works, as I am used to with this OS. :-) /Alexander
master volume problem
I have an ASUS notebook that uses the azalia driver for the sound. The problem is that I can not adjust the volume with applicaions' volume control. That includes xfce and xmms too. In xfce's Sound setting panel there is only one mixer (mixer0) that is set, in xmms there is no mixer in the dropdown list. The only way I can do that is mixerctl outputs.mix0c=x,x which is not the most comfortable way. What I noticed is that there is no outputs.master that I think all the applications want to control. What should I do to fix that problem? thank you bdz flea$ mixerctl -a outputs.adc07.source=unknown18 record.adc07.mute=off record.adc07=123,123 outputs.adc08.source=unknown1a record.adc08.mute=off record.adc08=123,123 outputs.adc09.source=unknown1c record.adc09.mute=off record.adc09=123,123 inputs.mix0b.unknown18=off inputs.mix0b.unknown19=off inputs.mix0b.unknown1a=off inputs.mix0b.unknown1b=off inputs.mix0b.unknown1c=off inputs.mix0b.unknown1d=off inputs.mix0b.unknown14=off inputs.mix0b.unknown15=off inputs.mix0b.unknown18=125,125 inputs.mix0b.unknown19=125,125 inputs.mix0b.unknown1a=125,125 inputs.mix0b.unknown1b=125,125 inputs.mix0b.unknown1c=125,125 inputs.mix0b.unknown1d=125 inputs.mix0b.unknown14=125,125 inputs.mix0b.unknown15=125,125 outputs.mix0c=123,123 inputs.mix0c.dac02.mut=off inputs.mix0c.mix0b.mut=off outputs.mix0d=123,123 inputs.mix0d.dac03.mut=off inputs.mix0d.mix0b.mut=off outputs.mix0e=123,123 inputs.mix0e.dac04.mut=off inputs.mix0e.mix0b.mut=off outputs.mix0f=123,123 inputs.mix0f.dac05.mut=off inputs.mix0f.mix0b.mut=off inputs.sel10.source=mix0c inputs.sel11.source=mix0c inputs.sel12.source=mix0c inputs.sel13.source=mix0c outputs.unknown14.mute=off outputs.unknown14.dir=output outputs.unknown14.boost=off outputs.unknown15.mute=off outputs.unknown15.dir=output outputs.unknown15.boost=off outputs.unknown16.mute=off outputs.unknown16.dir=output outputs.unknown16.boost=off outputs.unknown17.mute=off outputs.unknown17.dir=output outputs.unknown17.boost=off outputs.unknown18.mute=off outputs.unknown18.dir=output outputs.unknown18.boost=off outputs.unknown19.mute=off outputs.unknown19.dir=output outputs.unknown19.boost=off outputs.unknown1a.mute=off outputs.unknown1a.dir=output outputs.unknown1a.boost=off outputs.unknown1b.mute=off outputs.unknown1b.dir=output outputs.unknown1b.boost=off inputs.usingdac=02030405 record.usingadc=0809 flea$ dmesg OpenBSD 4.1 (GENERIC) #1435: Sat Mar 10 19:07:45 MST 2007 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel(R) Pentium(R) M processor 1.73GHz (GenuineIntel 686-class) 1.73 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,TM,SBF,EST,TM2 real mem = 1073049600 (1047900K) avail mem = 971714560 (948940K) using 4278 buffers containing 53776384 bytes (52516K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+ BIOS, date 06/08/05, BIOS32 rev. 0 @ 0xf0010, SMBIOS rev. 2.3 @ 0xf8dd0 (36 entries) bios0: ASUSTeK Computer Inc. M6V pcibios0 at bios0: rev 2.1 @ 0xf/0x1 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf4750/272 (15 entries) pcibios0: PCI Interrupt Router at 000:31:0 (Intel 82801FB LPC rev 0x00) pcibios0: PCI bus #3 is the last bus bios0: ROM list: 0xc/0x1 acpi at mainbus0 not configured cpu0 at mainbus0 cpu0: unknown Enhanced SpeedStep CPU, msr 0x06120d2606000d26 cpu0: using only highest and lowest power states cpu0: Enhanced SpeedStep 1733 MHz (1308 mV): speeds: 1733, 800 MHz pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 Intel 82915GM/PM/GMS Host rev 0x03 ppb0 at pci0 dev 1 function 0 Intel 82915PM/GM PCIE rev 0x03 pci1 at ppb0 bus 3 vga1 at pci1 dev 0 function 0 ATI Radeon Mobility X600 rev 0x00 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) azalia0 at pci0 dev 27 function 0 Intel 82801FB HD Audio rev 0x04: irq 5 azalia0: host: High Definition Audio rev. 1.0 azalia0: codec: Realtek ALC880 (rev. 5.0), HDA version 0.9 azalia0: codec: 0x04x/0x14f1 (rev. 0.0), HDA version 0.9 azalia0: codec[1]: No support for modem function groups azalia0: codec[1]: No audio function groups audio0 at azalia0 uhci0 at pci0 dev 29 function 0 Intel 82801FB USB rev 0x04: irq 4 usb0 at uhci0: USB revision 1.0 uhub0 at usb0 uhub0: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered uhci1 at pci0 dev 29 function 1 Intel 82801FB USB rev 0x04: irq 5 usb1 at uhci1: USB revision 1.0 uhub1 at usb1 uhub1: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub1: 2 ports with 2 removable, self powered uhci2 at pci0 dev 29 function 2 Intel 82801FB USB rev 0x04: irq 6 usb2 at uhci2: USB revision 1.0 uhub2 at usb2 uhub2: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub2: 2 ports with 2 removable, self powered uhci3 at pci0 dev 29 function 3 Intel 82801FB USB rev 0x04: irq 5 usb3 at uhci3: USB revision 1.0 uhub3 at usb3 uhub3: Intel UHCI root hub,
Re: OpenBSD 4.1 Torrents
On Mon, May 07, 2007 at 11:57:50AM +0200, Martin Schr?der wrote: 2007/5/7, Adam Hawes [EMAIL PROTECTED]: MD5 is proven weak. It's possible to take almost any file and its MD5 then create an identically sized file with the same hash in a reasonable time. This can be used to pass out an arbitrary CD image that completely trashes the contents of your hard disk. It doesn't even need to be OpenBSD on the CD. Your mixing collision and preimage attacks. The former are possible, the latter not. Still, it's certainly time to switch to something better. PGP comes to mind... Best Martin Not specifically to you, Martin.. - Instead of writing silly emails about theoretical md5 attacks and wasting everyones time, how about sending a damn patch to tech@ that 'fixes' it? MD5 sums are meant to be used for verification of a downloaded file in case of transmit errors. If you own ftp.openbsd.org and upload trojaned binaries, how hard is it to update the damn checksums file? It's like rocket sience, yes!! Really hard! But, but, but, i'm clever, i will use checksums from another server!!1! Yes, of course, the only problem is that these other servers rsync in 2-8 hour intervals, which is a very tiny window to detect anything. Even if you do, it's highly questionable that you will be clever enough to ask yourself why they updated the filesets and run a bindiff on them to check if it is trojaned or a legitimate update. When was the last commit to any of these projects from you guys: http://netbsd-soc.sourceforge.net/projects/bpg/TODO http://openpgp.nominet.org.uk/cgi-bin/trac.cgi hmm? Btw, pgp requires a working web of trust, it's not secure just because you can sign something. Joe Cracker can easily generate a key with Theo de Raadt [EMAIL PROTECTED] and provides you with signed filesets. Who steps up to organise key signing parties, worldwide? SCNR, Tobias
Re: Really stuck and help needed of resources depletions on web servers.
On Monday, May 7, 2007 at 03:11:41 -0400, Daniel Ouellet wrote: Every time, I process the logs with webalizer, no problem what so ever. Then a few customers wants the awstats version. So, I process that as well, however it's also processing multiple logs, but when the awstats PERL stuff kicks in, it does get the resources to the roof and badly so, that so far it had the impact of freezing the server as a results of this. Now, why PERL would do this, I have no clue, but it does anyway in the usage done by awstats. So far I reproduce this 5 times, so it's pretty consistent. What may cause this, I do not know more, but look like when PERL needs to process huge amount of data, it end up affecting the server in ways to make it crash/freeze. I don't think that Perl is the problem. Other programs would probably also be able to crash the machine, if the load is high enough. It could be a bug in the sparc64 port or bad RAM or some other hardware related problem. I've seen some strange behaviour [1] with sparc64 as well, but I'm not sure wether this is due to a bug. No,w that I was able to isolate the cause I will proceed the upgrades to 4.0 as I still don't have my CD for 4.1 yet, so I can't do that. It was You can use the 4.1-release from the FTP-servers (or even 4.1-stable from ftp://ftp.su.se/pub/mirrors/openbsd_stable/ ). Maurice [1] 'make build' fails somewhere in gnu/usr.bin/binutils/ with missing header files when /usr/obj is NFS-mounted. It works fine when /usr/obj is on a local FS.
Re: Error building 4.1-stable kernel from source on sparc64
Hi, Luca Corti schrieb: No. I've just reextracted it just to be sure, but I still get the same error. I got a sparc64 (Sun Ultra 5) running here which I upgraded from 4.0-stable to 4.1-stable. Just recompiled the kernel without any problems. Michael OpenBSD 4.1-stable (GENERIC) #1: Mon May 7 14:19:21 CEST 2007 [EMAIL PROTECTED]:/usr/src/sys/arch/sparc64/compile/GENERIC total memory = 268435456 avail memory = 234446848 using 1638 buffers containing 13418496 bytes of memory bootpath: /[EMAIL PROTECTED],0/[EMAIL PROTECTED],1/[EMAIL PROTECTED],0/[EMAIL PROTECTED],0 mainbus0 (root): Sun Ultra 5/10 UPA/PCI (UltraSPARC-IIi 400MHz) cpu0 at mainbus0: SUNW,UltraSPARC-IIi (rev 9.1) @ 400 MHz, version 0 FPU cpu0: physical 16K instruction (32 b/l), 16K data (32 b/l), 2048K external (64 b/l) psycho0 at mainbus0 addr 0xfffc4000: SUNW,sabre, impl 0, version 0, ign 7c0 psycho0: bus range 0-2, PCI bus 0 psycho0: dvma map c000-dfff, iotdb 11364000-113e4000 pci0 at psycho0 ppb0 at pci0 dev 1 function 1 Sun Simba PCI-PCI rev 0x13 pci1 at ppb0 bus 1 ebus0 at pci1 dev 1 function 0 Sun PCIO EBus2 rev 0x01 auxio0 at ebus0 addr 726000-726003, 728000-728003, 72a000-72a003, 72c000-72c003, 72f000-72f003 power0 at ebus0 addr 724000-724003 ipl 37 SUNW,pll at ebus0 addr 504000-504002 not configured sab0 at ebus0 addr 40-40007f ipl 43: rev 3.2 sabtty0 at sab0 port 0 sabtty1 at sab0 port 1 comkbd0 at ebus0 addr 3083f8-3083ff ipl 41: layout 37 wskbd0 at comkbd0: console keyboard com0 at ebus0 addr 3062f8-3062ff ipl 42: mouse: ns16550a, 16 byte fifo lpt0 at ebus0 addr 3043bc-3043cb, 30015c-30015d, 70-7f ipl 34: polled fdthree at ebus0 addr 3023f0-3023f7, 706000-70600f, 72-720003 ipl 39 not configured clock1 at ebus0 addr 0-1fff: mk48t59 flashprom at ebus0 addr 0-f not configured audioce0 at ebus0 addr 20-2000ff, 702000-70200f, 704000-70400f, 722000-722003 ipl 35 ipl 36: nvaddrs 0 audio0 at audioce0 hme0 at pci1 dev 1 function 1 Sun HME rev 0x01: ivec 0x7e1, address 08:00:20:f9:10:f6 nsphy0 at hme0 phy 1: DP83840 10/100 PHY, rev. 1 vgafb0 at pci1 dev 2 function 0 ATI Mach64 GP rev 0x5c wsdisplay0 at vgafb0: console (std, sun emulation), using wskbd0 pciide0 at pci1 dev 3 function 0 CMD Technology PCI0646 rev 0x03: DMA, channel 0 configured to native-PCI, channel 1 configured to native-PCI pciide0: using ivec 0x7e0 for native-PCI interrupt wd0 at pciide0 channel 0 drive 0: ST320420A wd0: 16-sector PIO, LBA, 19458MB, 39851760 sectors wd0(pciide0:0:0): using PIO mode 4, DMA mode 2 atapiscsi0 at pciide0 channel 1 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: LG, CD-ROM CRD-8483B, 1.00 SCSI0 5/cdrom removable cd0(pciide0:1:0): using PIO mode 4, DMA mode 2 ppb1 at pci0 dev 1 function 0 Sun Simba PCI-PCI rev 0x13 pci2 at ppb1 bus 2 pcons at mainbus0 not configured No counter-timer -- using %tick at 400MHz as system clock. root on wd0a rootdev=0xc00 rrootdev=0x1a00 rawdev=0x1a02
Re: acpi vaio lcd brightness driver
Cool. What I am not sure about is if we want to have a bunch of little
vendor drivers or a big driver that does all the vendor stuff. I need
to think this through. Any comments?
giovanni wrote:
hello,
because I could not change the excessive lcd brightness of my laptop
under openbsd I started searching for... this article
http://www.linux.it/~malattia/wiki/index.php/Sony-laptop
was the inspiration and I wrote this humble basic driver.
here it works well and I think it should also work for others
vaio laptops (or at least for vaios that have SBRT/GBRT acpi methods.
...
acpidock at acpi0 not configured
acpisnc0 at acpi0: SNC_
...
usage:
sysctl -w hw.brightness=0..8
giovanni
diff -ruN sys.orig/arch/i386/conf/GENERIC sys/arch/i386/conf/GENERIC
--- sys.orig/arch/i386/conf/GENERICFri Apr 27 11:03:35 2007
+++ sys/arch/i386/conf/GENERICSat Apr 28 09:22:37 2007
@@ -59,7 +59,7 @@
pci*at mainbus0
#optionACPIVERBOSE
-#optionACPI_ENABLE
+optionACPI_ENABLE
acpi0at mainbus?disable
#acpitimer*at acpi?
@@ -72,6 +72,7 @@
acpiec*at acpi?disable
acpiprt*at acpi?
#acpitz*at acpi?
+acpisnc* at acpi?# sony notebook controller
optionPCIVERBOSE
optionEISAVERBOSE
diff -ruN sys.orig/dev/acpi/acpi.c sys/dev/acpi/acpi.c
--- sys.orig/dev/acpi/acpi.cFri Apr 27 10:46:22 2007
+++ sys/dev/acpi/acpi.cSat Apr 28 08:57:53 2007
@@ -65,6 +65,7 @@
voidacpi_foundec(struct aml_node *, void *);
voidacpi_foundtmp(struct aml_node *, void *);
voidacpi_inidev(struct aml_node *, void *);
+void acpi_foundsnc(struct aml_node *, void *);
intacpi_loadtables(struct acpi_softc *, struct acpi_rsdp *);
voidacpi_load_table(paddr_t, size_t, acpi_qhead_t *);
@@ -573,6 +574,9 @@
/* attach docks */
aml_find_node(aml_root.child, _DCK, acpi_founddock, sc);
+ /* attach sony notebook control */
+ aml_find_node(aml_root.child, GBRT, acpi_foundsnc, sc);
+
/* create list of devices we want to query when APM come in */
SLIST_INIT(sc-sc_ac);
SLIST_INIT(sc-sc_bat);
@@ -1718,4 +1722,24 @@
config_found(self, aaa, acpi_print);
}
+
+void
+acpi_foundsnc(struct aml_node *node, void *arg)
+{
+struct acpi_softc *sc = (struct acpi_softc *)arg;
+struct device *self = (struct device *)arg;
+const char*dev;
+struct acpi_attach_args aaa;
+
+dnprintf(10, found snc entry: %s\n, node-parent-name);
+memset(aaa, 0, sizeof(aaa));
+aaa.aaa_iot = sc-sc_iot;
+aaa.aaa_memt = sc-sc_memt;
+aaa.aaa_node = node-parent;
+aaa.aaa_dev = dev;
+aaa.aaa_name = acpisnc;
+
+config_found(self, aaa, acpi_print);
+}
+
#endif /* SMALL_KERNEL */
diff -ruN sys.orig/dev/acpi/acpidev.h sys/dev/acpi/acpidev.h
--- sys.orig/dev/acpi/acpidev.hFri Apr 27 10:46:22 2007
+++ sys/dev/acpi/acpidev.hSat Apr 28 07:33:48 2007
@@ -311,5 +311,14 @@
#define ACPIDOCK_EVENT_INSERT0
#defineACPIDOCK_EVENT_EJECT3
+struct acpisnc_softc {
+struct device sc_dev;
+
+bus_space_tag_t sc_iot;
+bus_space_handle_tsc_ioh;
+
+struct acpi_softc *sc_acpi;
+struct aml_node *sc_devnode;
+};
#endif /* __DEV_ACPI_ACPIDEV_H__ */
diff -ruN sys.orig/dev/acpi/acpisnc.c sys/dev/acpi/acpisnc.c
--- sys.orig/dev/acpi/acpisnc.cThu Jan 1 01:00:00 1970
+++ sys/dev/acpi/acpisnc.cSat Apr 28 15:14:59 2007
@@ -0,0 +1,89 @@
+#include sys/param.h
+#include sys/systm.h
+#include sys/device.h
+#include sys/malloc.h
+#include sys/sysctl.h
+
+#include machine/bus.h
+
+#include dev/acpi/acpireg.h
+#include dev/acpi/acpivar.h
+#include dev/acpi/acpidev.h
+#include dev/acpi/amltypes.h
+#include dev/acpi/dsdt.h
+
+extern int brtlevel;
+
+intacpisnc_match(struct device *, void *, void *);
+void acpisnc_attach(struct device *, struct device *, void *);
+void brightness(int*);
+
+static struct acpisnc_softc*sc;
+
+struct cfattach acpisnc_ca = {
+sizeof(struct acpisnc_softc), acpisnc_match, acpisnc_attach
+};
+
+struct cfdriver acpisnc_cd = {
+NULL, acpisnc, DV_DULL
+};
+
+int
+acpisnc_match(struct device *parent, void *match, void *aux)
+{
+struct acpi_attach_args *aaa = aux;
+struct cfdata *cf = match;
+
+/* sanity */
+if (aaa-aaa_name == NULL ||
+strcmp(aaa-aaa_name, cf-cf_driver-cd_name) != 0 ||
+aaa-aaa_table != NULL)
+return (0);
+
+return (1);
+}
+
+void
+acpisnc_attach(struct device *parent, struct device *self, void *aux)
+{
+sc = (struct acpisnc_softc *)self;
+struct acpi_attach_args *aa = aux;
+struct aml_valueres;
+
+sc-sc_acpi = (struct acpi_softc *)parent;
+sc-sc_devnode = aa-aaa_node-child;
+
+printf(: %s\n, sc-sc_devnode-parent-name);
+
+/* read GBRT i.e default stored brighteness level */
+if (aml_evalname(sc-sc_acpi, sc-sc_devnode, GBRT, 0, NULL,
res)) {
+dnprintf(10, %s:
Re: OpenBSD 4.1 Torrents
On 5/7/07, Tobias Ulmer [EMAIL PROTECTED] wrote: Btw, pgp requires a working web of trust, it's not secure just because you can sign something. Joe Cracker can easily generate a key with Theo de Raadt [EMAIL PROTECTED] and provides you with signed filesets. Who steps up to organise key signing parties, worldwide? Easy enough, distributed on the CDROM you buy at release time. :) DS
GIS Weekly Review : May 07, 2007
GIS Weekly Review May 07, 2007 From: GISCafe Previous Issues NAVTEQ Review Article eMail Article Print Article Susan Smith - Managing Editor Google My Maps for the Non-Technical User April 30 - May 4, 2007 by Susan Smith A weekly summary of recently published GIS product and company news, featured downloads, customer wins, and coming events. Brought to you by GISCafi. Each week GISWeekly Review delivers to its readers news concerning the latest developments in the GIS industry, along with a selection of other articles that we feel you might find interesting. If we missed a story that you feel deserved to be included, please contact us! Questions? Feedback? Click here. Thank-you! ADVERTISEMENT ESRI Welcome to GISWeekly! GISWeekly examines select top news each week, picks out worthwhile reading from around the web, and special interest items you might not find elsewhere. This issue will feature Industry News, Top News of the Week, Acquisitions/Alliances/Agreements, Announcements, Training, People, New Products, Around the Web and Events Calendar. GISWeekly welcomes letters and feedback from readers, so let us know what you think. Send your comments to me at [EMAIL PROTECTED] Best wishes, Susan Smith, Managing Editor Industry News Google My Maps for the Non-Technical User by Susan Smith Although Google My Maps is aimed at the non-technical user, the announcement made significant waves in the GIS press in early April. On April 2, Google announced their new initiative of Google Maps, justly named Google My Maps. With My Maps average users with no technical skills can create their own custom maps and include text or photos or even embedded videos. Users will be able to directly contribute to Google Mapsâ search results with their custom maps, which is probably a large part of why Google has created this feature. Available for GIS users and IT professionals, are KML for developers and also Google Maps API. For Maps API, a user definitely must be a developer, and must know JavaScript and some programming. There is a Google Maps for the Enterprise that allows big companies to use Maps API. In contrast, the My Maps feature provides âa simple drag and drop interface that lets the non technical user create maps that are just as cool and interesting as those created by developers,â explained My Maps product manager, Jessica Lee. If this is the case, My Maps may ultimately make some software services unnecessary. With My Maps, you can choose to make your map public or unlisted. if you choose public, then it will be included in Google search results and anyone can search and find them, so millions of Google users will be able to look at your map and see the content youâve created . If you choose to make it unlisted, itâs like an unlisted phone number, the url is still public so all the maps automatically have a public url and it wonât be included in search. The only people who will know about your map are the people you tell about it. There is not yet a way to embed My Maps into your website. Currently thereâs no way to do a bulk import of data, thatâs something to which KML is more suited, said Lee. âIf you have a large amount of data, you could turn that into a KML file, which you can also display on Google Maps.â Users have asked for this feature. In order to use My Maps, go to Maps.Google.com, where youâll need to set up a Google account. You can drop a placemark on the map, draw a line, draw shapes, just like in regular Google Maps. When you click on one of these markers, or lines or shapes and it pops open a little balloon with more information inside it, and inside the balloon you could put any sort of text, add photos or embed YouTube/Google videos. If youâre a power user and know how to use html, you can use the full power of html to customize that balloon to whatever you want. Can you link to the balloons people have already put up there? âAll maps have a public url, so if you find a map you want to send to someone you can send them the link,â replied Lee. Can you copy a map that someone else started and add your own text and photos, etc. and create your own thing? âCurrently there is no easy way to do that although people have requested it.â Lee did add that you can copy things from Google search results pretty easily. If you do search for a business, or come across someone elseâs content in search results, thereâs a link that says âsave to my Mapsâ and that will let you save it to your own maps. 1 | 2 | 3 | 4 Next Page ; You can find the full GISCafe event calendar here. To read more news, click here. -- Susan Smith, GISCafe.com Managing Editor.
Your GIS subscription
A subscription change or cancellation request for your email address misc@openbsd.org was just received on GISCafe. This message is to inform you of this action and to provide you with a personalized URL that you can use to make such modifications now or at any time in the future. If you did not request a change or cancellation of your subscription to any of our GIS publications or you have changed your mind, you don't need to take any further action. We hope you continue to take advantage of our service, providing you with pertinent, up-to-date information about the GIS industry delivered right to your desktop. Please note that if you ever want to change or cancel your subscription, you can do this any time by following the link at the bottom of each issue. But, for your convenience you may follow this link to edit your profile , or we are now providing you a personalized URL which may be used to change or cancel your subscription as requested: http://www10.giscafe.com/nl/newsletter_subscribe.php?enc_email=bWlzY0BvcGVuYnNkLm9yZw==action=Editsubscriber_key=34ace50c249e603a5fdeedba398efad9 You may want to retain this email for your records or even add a bookmark for the personalized URL if you have exclusive access to your PC. Remember that if you have subscribed through more than one of our industry-focussed portals, this URL only pertains to a single site (GISCafe). If the URL provided above does not work, please cut and paste into your browser. GISCafe Administration IBSystems, Inc.
Re: master volume problem
bdz writes: I have an ASUS notebook that uses the azalia driver for the sound. The problem is that I can not adjust the volume with applicaions' volume control. That includes xfce and xmms too. In xfce's Sound setting panel there is only one mixer (mixer0) that is set, in xmms there is no mixer in the dropdown list. The only way I can do that is mixerctl outputs.mix0c=x,x which is not the most comfortable way. What I noticed is that there is no outputs.master that I think all the applications want to control. What should I do to fix that problem? The support for your codec is incomplete. You could build a kernel with option AZALIA_DEBUG and send a dmesg to [EMAIL PROTECTED] That might speed up the process.
Re: Really stuck and help needed of resources depletions on web servers.
Maurice Janssen wrote: On Monday, May 7, 2007 at 03:11:41 -0400, Daniel Ouellet wrote: Every time, I process the logs with webalizer, no problem what so ever. Then a few customers wants the awstats version. So, I process that as well, however it's also processing multiple logs, but when the awstats PERL stuff kicks in, it does get the resources to the roof and badly so, that so far it had the impact of freezing the server as a results of this. Now, why PERL would do this, I have no clue, but it does anyway in the usage done by awstats. So far I reproduce this 5 times, so it's pretty consistent. What may cause this, I do not know more, but look like when PERL needs to process huge amount of data, it end up affecting the server in ways to make it crash/freeze. I don't think that Perl is the problem. Other programs would probably also be able to crash the machine, if the load is high enough. So far 5x it's always happen with PERL kicking in and starting the load. It could be a bug in the sparc64 port or bad RAM or some other hardware related problem. I've seen some strange behaviour [1] with sparc64 as well, but I'm not sure wether this is due to a bug. This is AMD64 and the RAM, I already replaced it 4 days ago to be sure with brand new one out of the box that I order last week.
Re: FREEZE UPS! (I'M STILL HERE WOLF!)
On Sat, May 05, 2007 at 09:38:02AM +0200, Little Red Riding Hood marching through the forest wrote: Not sent to bugs@ because I'm not sure it could do much there. I'm hoping someone may be able to give hints on what to check, so I can resolve this small issue. Why would you wanna do that?!!! can't you follow the precedure? WHY DO YOU THINK YOU'RE SPECIAL!??? I have a directory with 8000 .jpg's. I run ImageMagick over these to cut out a certain section in order to later make an .avi out of them. Yet my kernel freezes up. Observed in X and in console. [1]No drop to DDB because the USB keyboard is disabled from dropping into DDB (I do not have a serial console device). Here is the script: --- #!/bin/sh for i in 1*jpg; do convert -resize 1024x768 -extract 1200x1000+300+0 $i AA$i done -- You're a loser! I've not experienced any freezeups on the previous kernel from a month ago, so it may (or not) be from something that's changed since. Here is what I've done to cross-check what the problem may be: * I checked source trees for anything that went in the last 5 weeks but did not find anything that may be the culprit at first glance. * I've booted the kernel with boot -d in order to set break points (mainly wd and ata stuff) because on my USB keyboard I cannot enter into DDB from console. This is to debug. It didn't show anything when I stabbed into it. * I've disabled nviic and other i2c stuff and that wasn't it. * I've removed the only hardware card in the system in order to make sure it's not the ahc driver. * disabling apmd because of changes to hw_setperf code still froze the kernel. All finger pointings and penetrations into finding the problem have resulted in a NO-GO and I still get Kernel FREEZE UPS! (Infinite loops?) see reference [1] (can't drop to DDB). There are no messages in the logs about any bad hardware. You know.. no matter what you say, you make no sense! I've been watching you, loser! And what I saw was that you restored the kernel and userland from last month! Ah yeah! And you were mumbling to yourself saying the deraadt(!) doesn't want you to go back (revert). Yet you broke that rule as well! DO YOU NEVER LEARN!?! Anyhow! watching you for a day now.. and your computer hasn't frozen up yet meaning perhaps that there is any new code for the last 30 days that causes the freeze ups!!! GET A LIFE PETER! SERIOUSLY! US SNOOPING DOGS DON'T HAVE TIME TO WATCH YOU LIKE THIS! -p dmesg of current kernel OpenBSD 4.1-current (GENERIC) #970: Thu May 3 02:01:25 MDT 2007 [EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/GENERIC real mem = 1073278976 (1048124K) avail mem = 907788288 (886512K) using 22937 buffers containing 107536384 bytes (105016K) of memory mainbus0 (root) bios0 at mainbus0: SMBIOS rev. 2.3 @ 0xf (39 entries) bios0: MICRO-STAR INTERNATIONAL CO., LTD MS-7125 acpi at mainbus0 not configured cpu0 at mainbus0: (uniprocessor) cpu0: AMD Athlon(tm) 64 Processor 3500+, 2211.57 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,NXE,MMXX,LONG,3DNOW2,3DNOW cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 64b/line 16-way L2 cache cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu0: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu0: Cool'n'Quiet K8 2211 MHz: speeds: 2200 2000 1800 1000 MHz cpu0: AMD errata 86, 89, 97, 104 present, BIOS upgrade may be required pci0 at mainbus0 bus 0: configuration mode 1 NVIDIA nForce4 DDR rev 0xa3 at pci0 dev 0 function 0 not configured pcib0 at pci0 dev 1 function 0 NVIDIA nForce4 ISA rev 0xa3 nviic0 at pci0 dev 1 function 1 NVIDIA nForce4 SMBus rev 0xa2 iic0 at nviic0 iic1 at nviic0 iic1: addr 0x2f 00=84 01=0f 02=10 03=00 04=07 05=20 06=18 07=00 08=00 14=14 15=62 16=02 17=05 ohci0 at pci0 dev 2 function 0 NVIDIA nForce4 USB rev 0xa2: irq 10, version 1.0, legacy support ehci0 at pci0 dev 2 function 1 NVIDIA nForce4 USB rev 0xa3: irq 11 usb0 at ehci0: USB revision 2.0 uhub0 at usb0 uhub0: NVIDIA EHCI root hub, rev 2.00/1.00, addr 1 uhub0: 10 ports with 10 removable, self powered auich0 at pci0 dev 4 function 0 NVIDIA nForce4 AC97 rev 0xa2: irq 5, nForce4 AC97 ac97: codec id 0x414c4790 (Avance Logic ALC850 rev 0) audio0 at auich0 pciide0 at pci0 dev 6 function 0 NVIDIA nForce4 IDE rev 0xa2: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility pciide0: channel 0 disabled (no drives) atapiscsi0 at pciide0 channel 1 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: E-IDE, CD-ROM 40X/AKU, F02 SCSI0 5/cdrom removable cd0(pciide0:1:0): using PIO mode 4, DMA mode 2 pciide1 at pci0 dev 7 function 0 NVIDIA nForce4 SATA rev 0xa3: DMA pciide1: using irq 10 for native-PCI interrupt wd0 at pciide1 channel 0 drive 0: SAMSUNG HD080HJ wd0:
OT: GUI programming languages
have been coding touchscreen-driven applications using visual basic lately and am sick of VB. i would much rather be using openbsd with another programming language that allows me to accomplish the same sort of stuff. i have no formal CS background so am at a loss for good candidates. the applications in question are click here, prints something in a text box, etc ones that are not very complex. a language that allows me to generate GUIs quickly and securely would be nice. if you feel the reply is not relevant to the list, please respond to me directly. cheers, jake
Re: new openbsd 4.0 server, panic on ufsdirhash
I have yet to receive any response to the panics I have been experiencing. Is there something else I need to provide that will get me pointed in the right direction? Are there tools available to test the connection to the hard drive, or to test the hard drive itself? I used format when administering a sun box, which did a halfway decent job of running through the whole disk in analysis mode, which could test without destrying data, and could test while destroying data. What is available for openbsd? Or, can I just use something like the ultimate boot cd and run tests on the hard disks? Thanks in advance! JohnM On Fri, 04 May 2007, John Mendenhall wrote: Does this indicate I have a bad drive? Or, does it just need fsck run on it? I just installed openbsd 4.0 on this box a few days ago. It rebuilt the file systems from scratch. Do I need to redo everything? Or, do I need to start looking at hardware problems with the drive or the motherboard? Please let me know the next step to run that will help me get to a stable system. I tried viewing the file in error. I could run ls, but not ls -l. I went into single user mode and fscked the file system. I removed the file. I did not get the inode or anything else before removing it. I tried running the copy source command. cd /usr/src; tar xzf /mnt/src.tar.gz Another panic. panic #3: - mode = 0100644, inum = 106368, fs = /usr panic: ffs_valloc: dup alloc Stopped at Debugger+0x4: leave RUN AT LEAST 'trace' AND 'ps' AND INCLUDE OUTPUT WHEN REPORTING THIS PANIC! DO NOT EVEN BOTHER REPORTING THIS WITHOUT INCLUDING THAT INFORMATION! ddb Debugger(d0716864,5080,e9e21b40,d6bb671c,d1265000) at Debugger+0x4 panic(d06736fc,81a4,19f80,d12650d4,d1267e00) at panic+0x63 ffs_inode_alloc(d6ab69dc,81a4,d6c141e0,e9e21b94) at ffs_inode_alloc+0x11b ufs_makeinode(81a4,d6ab8ea0,e9e21e28,e9e21e3c) at ufs_makeinode+0x78 ufs_create(e9e21d08,d6ab8ea0,d6b33710,d6c141e0,d07171c0) at ufs_create+0x26 VOP_CREATE(d6ab8ea0,e9e21e28,e9e21e3c,e9e21d58) at VOP_CREATE+0x34 vn_open(e9e21e18,e02,1a4,d6b33710) at vn_open+0xdf sys_open(d6b33710,e9e21f68,e9e21f58,0,0) at sys_open+0xdb syscall() at syscall+0x2ea --- syscall (number 5) --- 0x1c00e3e1: ddb PID PPID PGRPUID S FLAGS WAIT COMMAND 15475 20392 20392 0 3 0x4086 pipewr gzip *20392 2075 20392 0 7 0x4006 tar 20997 15943 20997 1000 3 0x4086 ttyin csh 15943 9609 9609 1000 3 0x184 select sshd 9609 14206 9609 0 3 0x4084 netio sshd 14658 1 14658 0 3 0x4086 ttyin getty 4737 1 4737 0 3 0x4086 ttyin getty 13556 1 13556 0 3 0x4086 ttyin getty 30631 1 30631 0 3 0x4086 ttyin getty 2075 1 2075 1000 3 0x4086 pause csh 6223 1 6223 0 30x84 select cron 14206 1 14206 0 30x84 select sshd 14369 24346 24346 83 3 0x184 poll ntpd 24346 1 24346 0 30x84 poll ntpd 1115 7685 7685 73 2 0x184 syslogd 7685 1 7685 0 30x8c netio syslogd 13 0 0 0 30x100204 crypto_wa crypto 12 0 0 0 30x100204 aiodoned aiodoned 11 0 0 0 30x100204 syncer update 10 0 0 0 30x100204 cleanercleaner 9 0 0 0 30x100204 reaper reaper 8 0 0 0 30x100204 pgdaemon pagedaemon 7 0 0 0 30x100204 pftm pfpurge 6 0 0 0 30x100204 wait wskbd_hotkey 5 0 0 0 30x100204 usbtsk usbtask 4 0 0 0 30x100204 usbevt usb0 3 0 0 0 30x100204 apmev apm0 2 0 0 0 30x100204 kmallockmthread 1 0 1 0 3 0x4084 wait init 0 -1 0 0 3 0x80204 scheduler swapper ddb - So, back to my real question. Does this indicate a bad drive? Does this indicate a bad cable? Do I need to start swapping out parts to see where the problem is? Or, is there somewhere else I should be looking? Thanks in advance for any pointers. JohnM panic #1: - panic: kernel diagnostic assertion (dirblock dh-dh_nblk dh-dh_blkfree[dirblock] = (((slotneeded) + ((4) - 1)) / (4))) failed: file
question about multiple pflog interfaces on openbsd 4.1
Hi all,
I have tried to setup a new pflog interface to monitor ipsec traffic and it
works ok. Afterwards I have setup another pflogd daemon to store logs on another
pcap file under /var/log. But I have one question: how do i to configure
newsyslog.conf entry for this new pflogd daemon? If I put /var/run/pflogd.pid
under newsyslog.conf configuration, this only affects to primary pflogd daemon
and I need to rotate this new log file avery midnight. I have search under man
pages but i don't see any param to assign another pid file ...
Thanks.
--
CL Martinez
carlopmart {at} gmail {d0t} com
Re: new openbsd 4.0 server, panic on ufsdirhash
Artur, Have you done forced fsck of the partitions? This sounds like a problem with the data you have on disk. It would be even nicer if you could update to a newer fsck because it has been updated to deal with many new strange corner cases we've been seeing. Although, that might or might not require a fully -current system, I'm not fully aware of everything that has been going in fsck, but some of the ffs2 support might have messed things up. We've seen one of those panics recently on an important OpenBSD infrastructure machine and that led to a lot of fsck work (since fsck didn't catch the particular problem). But on production machines we deal with filesystem corruption by simply dumping the filesystem and restoring it from scratch. You might want to try that as well. We have done a forced fsck on the partition with the error. The problem is, there is no data other than the openbsd install. All I was trying to do was load the source from the openbsd cd into /usr/src. I don't need to restore since this is a new machine. I have not done anything to it. I'll just reinstall the entire thing. Unless someone wants me to try something else. Thanks! JohnM -- john mendenhall [EMAIL PROTECTED] surf utopia internet services
Re: acpi vaio lcd brightness driver
On 5/7/07, Marco Peereboom [EMAIL PROTECTED] wrote: Cool. What I am not sure about is if we want to have a bunch of little vendor drivers or a big driver that does all the vendor stuff. I need to think this through. Any comments? this could all be taken care of by button, no? even if they are not buttons? there's not much advantage to adding 99 differenent devices for every laptop made. original file needs a license too, btw.
Re: Really stuck and help needed of resources depletions on web servers.
Maurice Janssen wrote: Now, why PERL would do this, I have no clue, but it does anyway in the usage done by awstats. So far I reproduce this 5 times, so it's pretty consistent. What may cause this, I do not know more, but look like when PERL needs to process huge amount of data, it end up affecting the server in ways to make it crash/freeze. I don't think that Perl is the problem. Other programs would probably also be able to crash the machine, if the load is high enough. So far 5x it's always happen with PERL kicking in and starting the load. Does it survive 'make build' or orther disk/cpu/mem intensive task? Yes no problem there. I did that test, rebuilt kernel and full userland. No problem. I also have the same problem with the same version on an IBM e326 as well that run PERL a lots and the box freeze and need hard reset. That IBM only run MySQL and nothing else as a cnam server ofr VoIP, but PERL is use for the handling of the connection for VoIP SIP from the outside. Crash three time so far. Different boxes, different applications, but common point is PERL so far. That's really all I have, but both will be wiped out soon and 4.1 put in place and will see. Just find it weird that PREL is the only common point on AMD64 and both are running OpenBSD 3.9 (GENERIC.MP) if that have anything to do with it.
4.0 locked up over the weekend
This system has been running flawlessly since mid-March with GENERIC plus the 010 patch. dmesg below This morning I found it totally unresponsive both through network and at the console. Had to use the power switch to recover. Where do I start trying to track this down? The system is running sshd and openvpn only DMESG: OpenBSD 4.0 (GENERICp) #0: Fri Mar 16 19:07:33 MST 2007 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERICp cpu0: AMD Sempron(tm) Processor 3000+ (AuthenticAMD 686-class, 256KB L2 cache) 1.61 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SSE3,CX16 real mem = 501706752 (489948K) avail mem = 449642496 (439104K) using 4256 buffers containing 25186304 bytes (24596K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(f0) BIOS, date 02/27/07, BIOS32 rev. 0 @ 0xfa820, SMBIOS rev. 2.4 @ 0xf (41 entries) apm0 at bios0: Power Management spec V1.2 apm0: AC on, battery charge unknown apm0: flags 70102 dobusy 1 doidle 1 pcibios0 at bios0: rev 3.0 @ 0xf/0xcfd4 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfcee0/240 (13 entries) pcibios0: bad IRQ table checksum pcibios0: PCI BIOS has 13 Interrupt Routing table entries pcibios0: PCI Exclusive IRQs: 5 10 11 pcibios0: no compatible PCI ICU found pcibios0: Warning, unable to fix up PCI interrupt routing pcibios0: PCI bus #3 is the last bus bios0: ROM list: 0xc/0xde00 0xd/0x1800 cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) NVIDIA C51 Host rev 0xa2 at pci0 dev 0 function 0 not configured NVIDIA C51 Memory rev 0xa2 at pci0 dev 0 function 1 not configured NVIDIA C51 Memory rev 0xa2 at pci0 dev 0 function 2 not configured NVIDIA C51 Memory rev 0xa2 at pci0 dev 0 function 3 not configured NVIDIA C51 Memory rev 0xa2 at pci0 dev 0 function 4 not configured NVIDIA C51 Memory rev 0xa2 at pci0 dev 0 function 5 not configured NVIDIA C51 Memory rev 0xa2 at pci0 dev 0 function 6 not configured NVIDIA C51 Memory rev 0xa2 at pci0 dev 0 function 7 not configured ppb0 at pci0 dev 3 function 0 NVIDIA C51 PCIE rev 0xa1 pci1 at ppb0 bus 1 ppb1 at pci0 dev 4 function 0 NVIDIA C51 PCIE rev 0xa1 pci2 at ppb1 bus 2 vga1 at pci0 dev 5 function 0 NVIDIA GeForce 6100 rev 0xa2 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) NVIDIA MCP51 Host rev 0xa2 at pci0 dev 9 function 0 not configured pcib0 at pci0 dev 10 function 0 vendor NVIDIA, unknown product 0x0261 rev 0xa3 nviic0 at pci0 dev 10 function 1 NVIDIA MCP51 SMBus rev 0xa3 iic0 at nviic0 iic1 at nviic0 NVIDIA MCP51 Memory rev 0xa3 at pci0 dev 10 function 2 not configured ohci0 at pci0 dev 11 function 0 NVIDIA MCP51 USB rev 0xa3: irq 10, version 1.0, legacy support usb0 at ohci0: USB revision 1.0 uhub0 at usb0 uhub0: NVIDIA OHCI root hub, rev 1.00/1.00, addr 1 uhub0: 8 ports with 8 removable, self powered ehci0 at pci0 dev 11 function 1 NVIDIA MCP51 USB rev 0xa3: irq 11 usb1 at ehci0: USB revision 2.0 uhub1 at usb1 uhub1: NVIDIA EHCI root hub, rev 2.00/1.00, addr 1 uhub1: 8 ports with 8 removable, self powered pciide0 at pci0 dev 13 function 0 NVIDIA MCP51 IDE rev 0xa1: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility pciide0: channel 0 disabled (no drives) atapiscsi0 at pciide0 channel 1 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: Lite-On, LTN486 48x Max, YD01 SCSI0 5/cdrom removable cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2 pciide1 at pci0 dev 14 function 0 NVIDIA MCP51 SATA rev 0xa1: DMA pciide1: using irq 11 for native-PCI interrupt wd0 at pciide1 channel 0 drive 0: WDC WD800JD-00MSA1 wd0: 16-sector PIO, LBA48, 76319MB, 156301488 sectors wd0(pciide1:0:0): using PIO mode 4, Ultra-DMA mode 5 ppb2 at pci0 dev 16 function 0 NVIDIA MCP51 PCI-PCI rev 0xa2 pci3 at ppb2 bus 3 auich0 at pci0 dev 16 function 2 NVIDIA MCP51 AC97 rev 0xa2: irq 11, MCP51 AC97 ac97: codec id 0x414c4760 (Avance Logic ALC655 rev 0) audio0 at auich0 nfe0 at pci0 dev 20 function 0 NVIDIA MCP51 LAN rev 0xa3: irq 10, address 00:19:21:33:1d:93 ukphy0 at nfe0 phy 1: Generic IEEE 802.3u media interface, rev. 1: OUI 0x0050ef, model 0x0007 pchb0 at pci0 dev 24 function 0 AMD AMD64 HyperTransport rev 0x00 pchb1 at pci0 dev 24 function 1 AMD AMD64 Address Map rev 0x00 pchb2 at pci0 dev 24 function 2 AMD AMD64 DRAM Cfg rev 0x00 pchb3 at pci0 dev 24 function 3 AMD AMD64 Misc Cfg rev 0x00 isa0 at pcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pms0 at pckbc0 (aux slot) pckbc0: using irq 12 for aux slot wsmouse0 at pms0 mux 0 pcppi0 at isa0 port 0x61 midi0 at pcppi0: PC speaker spkr0 at pcppi0 lpt0 at isa0 port 0x378/4 irq 7 it0 at isa0 port 0x290/8: IT87 npx0 at isa0 port 0xf0/16: using exception 16 pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 biomask ef6d
Re: Error building 4.1-stable kernel from source on sparc64
On Mon, 2007-05-07 at 14:42 +0200, Michael wrote: I got a sparc64 (Sun Ultra 5) running here which I upgraded from 4.0-stable to 4.1-stable. Just recompiled the kernel without any problems. I've got an Ultra 5 too. I'll retry a fresh source checkout from CVS. thanks Luca
Re: Thecus N2100 and RAID 1
On 5/7/07, Bryan Vyhmeister [EMAIL PROTECTED] wrote: I was just wondering about whether the Thecus N2100 running OpenBSD/ armish can operate in RAID 1 mode. Maybe this is a stupid question but I couldn't find anything about it and I am interested to know. Obviously I would not be running the firmware from Thecus and I am guessing that this precludes having any RAID functionality. If RAID 1 is not possible with hardware (or firmware or whatever) is using ccd (4) for RAID 1 possible? I am interesting in using this box for a light duty mail server for a test but it is important that I can have a RAID 1 setup. Any other comments about this are appreciated as well. Thank you. I'm using a thecus 2100 with raidframe to do raid 1. A bit slow, but with 512MB RAM it's acceptable.
Re: 4.0 locked up over the weekend
On May 7, 2007, at 12:20 PM, Bruce Bauer wrote: This system has been running flawlessly since mid-March with GENERIC plus the 010 patch. dmesg below This morning I found it totally unresponsive both through network and at the console. Had to use the power switch to recover. Where do I start trying to track this down? Open the box and check your power supply and blow it out with air if it's full of dust. Number one cause of mysterious lockups in my personal experience. Next, run a memory test. Only then start trying to debug software, e.g., OpenBSD. -- Jack J. Woehr Director of Development Absolute Performance, Inc. [EMAIL PROTECTED] 303-443-7000 ext. 527
Re: 4.0 locked up over the weekend
On Mon, May 07, 2007 at 11:20:00AM -0700, Bruce Bauer wrote: This system has been running flawlessly since mid-March with GENERIC plus the 010 patch. dmesg below This morning I found it totally unresponsive both through network and at the console. Had to use the power switch to recover. Where do I start trying to track this down? If it happens again, try to see if there are any messages on the console. Otherwise, look at what was last written to the log files; that might or might not contain a clue. (The kernel screaming at you about something or other would be a solid clue, for instance.) Joachim
Re: 4.0 locked up over the weekend
On 5/7/07, Jack J. Woehr [EMAIL PROTECTED] wrote: On May 7, 2007, at 12:20 PM, Bruce Bauer wrote: This system has been running flawlessly since mid-March with GENERIC plus the 010 patch. dmesg below This morning I found it totally unresponsive both through network and at the console. Had to use the power switch to recover. Where do I start trying to track this down? Open the box and check your power supply and blow it out with air if it's full of dust. Number one cause of mysterious lockups in my personal experience. Next, run a memory test. Only then start trying to debug software, e.g., OpenBSD. -- Jack J. Woehr Director of Development Absolute Performance, Inc. [EMAIL PROTECTED] 303-443-7000 ext. 527 Thanks for the response. OK, maybe a little less basic than that. The system is sitting in a restricted access server room. Not a clean room, but very little dust. Nice and cool.. The system still looks brand new, inside and out. The purpose of this system is to receive streaming video data over the VPN from IP webcams. It doesn't do anything with the data except pass it on to a DVR system over the local network. Plans are to add another network card so the VPN and the local network will be on separate channels. But, for now, it all goes through one card. It has worked in this configuration for over a month with video from 2 cameras coming in. Oops! Message from Joachim Schipper just came in: There were no console messages The authlog does show that someone is trying to brute force an ssh login. I think I'll turn off sshd for now...
Problem with lockups after upgrade from 3.8
* * A recent post and a router blowout today has sparked me to report this * * Hey all, We've had a router running openbsd for a while now. A few months ago we upgraded from 3.8 to 4.0 (upgrade technically was 3.8 - 3.9 - 4.0) and it seemed to go as smooth as possible. Then we started having bi-weekly crashes. The system will just simply freeze. The first happened within a day of the upgrade. There is nothing in the logs prior to the crash of note... the only thing for hours previous to that is stuff like: May 7 11:46:28 core /bsd: arplookup: unable to enter address for 0.0.0.0 and the occasional syslogd restart. When the fixes for the mbuf stuff came out for 4.0 I was hopeful that may have been the issue... we have been running 4.0 with all the patches up through 010 through two lockups. There is no pattern I can detect to the lockups - only once has it happened during heavy traffic hours. I am also in the process of building a 4.1 box and compiling it to stable. Once the packages page is up I can try that on the router also if someone would think it would help. This thing was running fine till we went up to 4.0. If anyone thinks it is worth it, we can drop back to 3.8 or 3.9 to get the stability back... Problem is that this router is serving about 5 segments, so it going down is immediately noticeable. The other OpenBSD boxes are running perfectly (but they handle a fraction of the traffic these do). I noticed another post about 4.0 and a suggestion to blow out the P/S which I will do also. This is the item in question: OpenBSD 4.0-stable (GENERIC) #3: Thu Mar 22 07:49:14 EDT 2007 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel(R) Pentium(R) 4 CPU 2.80GHz (GenuineIntel 686-class) 2.81 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,CNXT-ID real mem = 536375296 (523804K) avail mem = 481329152 (470048K) using 4256 buffers containing 26923008 bytes (26292K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(00) BIOS, date 10/21/04, BIOS32 rev. 0 @ 0xf0010, SMBIOS rev. 2.3 @ 0xf96b0 (58 entries) bios0: Quanta Computer Inc. S20A apm0 at bios0: Power Management spec V1.2 apm0: AC on, battery charge unknown apm0: flags 30102 dobusy 0 doidle 1 pcibios0 at bios0: rev 2.1 @ 0xf/0x1 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf4630/160 (8 entries) pcibios0: PCI Interrupt Router at 000:31:0 (Intel 6300ESB LPC rev 0x00) pcibios0: PCI bus #4 is the last bus bios0: ROM list: 0xc/0x8000 0xc8000/0x1000 0xc9000/0x1000 0xca000/0x1000 cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 Intel 82875P Host rev 0x02 ppb0 at pci0 dev 3 function 0 Intel 82875P PCI-CSA rev 0x02 pci1 at ppb0 bus 1 em0 at pci1 dev 1 function 0 Intel PRO/1000CT (82547GI) rev 0x00: irq 5, address 00:c0:9f:41:a2:14 ppb1 at pci0 dev 28 function 0 Intel 6300ESB PCIX rev 0x02 pci2 at ppb1 bus 2 ppb2 at pci2 dev 1 function 0 IBM 133 PCIX-PCIX rev 0x02 pci3 at ppb2 bus 3 em1 at pci3 dev 4 function 0 Intel PRO/1000MT QP (82546EB) rev 0x01: irq 9, address 00:04:23:bc:1c:4c em2 at pci3 dev 4 function 1 Intel PRO/1000MT QP (82546EB) rev 0x01: irq 9, address 00:04:23:bc:1c:4d em3 at pci3 dev 6 function 0 Intel PRO/1000MT QP (82546EB) rev 0x01: irq 9, address 00:04:23:bc:1c:4e em4 at pci3 dev 6 function 1 Intel PRO/1000MT QP (82546EB) rev 0x01: irq 9, address 00:04:23:bc:1c:4f uhci0 at pci0 dev 29 function 0 Intel 6300ESB USB rev 0x02: irq 9 usb0 at uhci0: USB revision 1.0 uhub0 at usb0 uhub0: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered uhci1 at pci0 dev 29 function 1 Intel 6300ESB USB rev 0x02: irq 11 usb1 at uhci1: USB revision 1.0 uhub1 at usb1 uhub1: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub1: 2 ports with 2 removable, self powered Intel 6300ESB WDT rev 0x02 at pci0 dev 29 function 4 not configured Intel 6300ESB APIC rev 0x02 at pci0 dev 29 function 5 not configured ehci0 at pci0 dev 29 function 7 Intel 6300ESB USB rev 0x02: irq 10 ehci0: timed out waiting for BIOS usb2 at ehci0: USB revision 2.0 uhub2 at usb2 uhub2: Intel EHCI root hub, rev 2.00/1.00, addr 1 uhub2: 4 ports with 4 removable, self powered ppb3 at pci0 dev 30 function 0 Intel 82801BA AGP rev 0x0a pci4 at ppb3 bus 4 em5 at pci4 dev 2 function 0 Intel PRO/1000MT (82541GI) rev 0x00: irq 3, address 00:c0:9f:41:a2:15 em6 at pci4 dev 3 function 0 Intel PRO/1000MT (82546GB) rev 0x03: irq 7, address 00:04:23:bd:97:18 em7 at pci4 dev 3 function 1 Intel PRO/1000MT (82546GB) rev 0x03: irq 3, address 00:04:23:bd:97:19 vga1 at pci4 dev 14 function 0 ATI Rage XL rev 0x27 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) ichpcib0 at pci0 dev 31 function 0 Intel 6300ESB LPC rev 0x02 pciide0 at pci0 dev 31 function 2 Intel 6300ESB SATA rev 0x02: DMA, channel 0 configured to
Re: OT: GUI programming languages
* Jacob Yocom-Piatt wrote: have been coding touchscreen-driven applications using visual basic lately and am sick of VB. i would much rather be using openbsd with another programming language that allows me to accomplish the same sort of stuff. i have no formal CS background so am at a loss for good candidates. the applications in question are click here, prints something in a text box, etc ones that are not very complex. a language that allows me to generate GUIs quickly and securely would be nice. if you feel the reply is not relevant to the list, please respond to me directly. I recommend to use python and wxPython. Both are in ports and you find more information at www.python.org and www.wxpython.org.
booteasy fate?
Hello, I have found references to: /pub/OpenBSD/3.6/tools/booteasy suggesting that it was part of the distribution but I do not see it listed for 3.7 and newer. I do not see a 3.7 changelist entry for it and I the online man pages to not seem to refer to it. From the looks however, it was an official OpenBSD boot manager. I fold! What was it and what happend to it? Thanks, Michael.
Re: Thecus N2100 and RAID 1
On May 7, 2007, at 11:56 AM, Matthieu Herrb wrote: I'm using a thecus 2100 with raidframe to do raid 1. A bit slow, but with 512MB RAM it's acceptable. Would ccd(4) be any faster? Also, what sort of RAM does it take? Thanks for your response. Bryan
Re: booteasy fate?
On Mon, 07 May 2007 15:09:34 -0500, Michael Dexter [EMAIL PROTECTED] wrote: I have found references to: /pub/OpenBSD/3.6/tools/booteasy suggesting that it was part of the distribution but I do not see it listed for 3.7 and newer. I do not see a 3.7 changelist entry for it and I the online man pages to not seem to refer to it. From the looks however, it was an official OpenBSD boot manager. I fold! What was it and what happend to it? It is a boot manager. :-) I used to use it around the 3.6 era. However, I haven't used it for some time, and I'm not sure if it is still around. I haven't searched for it. Hrm, a quick search reveals that it, at least, is not in the tools directory anymore, though os-bs still is. os-bs is a boot manager that I have been using when necessary since 3.8 I think. -- Aaron Hsu [EMAIL PROTECTED] No one could make a greater mistake than he who did nothing because he could do only a little. - Edmund Burke
Re: Dual-port Gigabit SX NICs?
Am I the only one having a difficult time keeping track of which cards on the Supported hardware list are merely tolerated, and which vendors/chipsets are truly supported and cooperative? On 5/5/07, Henning Brauer [EMAIL PROTECTED] wrote: On 5/4/07, K K [EMAIL PROTECTED] wrote: This would be our first foray into Fiber NICs on OpenBSD, looking for recommendations for on affordable, reliable dual 1000baseSX NICs with good OpenBSD support. . . . the intels are not a bad choice; also there are bges I think. you can find hp branded dual-port em well as bge, and intel-branded em, on ebay at reasonable rates. Thanks -- We'll probably end up paying street price for new Intel SX fiber gigabit NICs. Is there a reason I should avoid the very cheap SK-9844 refurbs I see at various sites, these are a fraction of the eBay price for the dual port Intel (PWLA8492MF)?. Kevin
Re: booteasy fate?
Don't beat a dead horse. This should do whatever you need: http://gag.sourceforge.net/ On 5/7/07, Aaron Hsu [EMAIL PROTECTED] wrote: On Mon, 07 May 2007 15:09:34 -0500, Michael Dexter [EMAIL PROTECTED] wrote: I have found references to: /pub/OpenBSD/3.6/tools/booteasy suggesting that it was part of the distribution but I do not see it listed for 3.7 and newer. I do not see a 3.7 changelist entry for it and I the online man pages to not seem to refer to it. From the looks however, it was an official OpenBSD boot manager. I fold! What was it and what happend to it? It is a boot manager. :-) I used to use it around the 3.6 era. However, I haven't used it for some time, and I'm not sure if it is still around. I haven't searched for it. Hrm, a quick search reveals that it, at least, is not in the tools directory anymore, though os-bs still is. os-bs is a boot manager that I have been using when necessary since 3.8 I think. -- Aaron Hsu [EMAIL PROTECTED] No one could make a greater mistake than he who did nothing because he could do only a little. - Edmund Burke
question about delayed ACKs on OpenBSD
Hello I've noticed a bit different behaviour with regard to delayed acks on OBSD. Some other systems (2 linux distros, win2k/xp) I tested, pretty much acted as I've always seen it - 1 ack per max. 2 segments, but no bigger delay than some arbitrary value (looking at rfc, no more than 500ms, but usually less), thus in reality - 1 ack every 2 segments assuming latency is low enough. For my ridiculously asymmetric line - 24:1 (6144/256) - at single full download, that's roughly 2/3+ upload used for acks only, partially due to hefty adsl overhead (and after looking at pppoa rfc, 2 atm cells used for just 1 ack). On OpenBSD though, the result was generally perfect 66% segments acked. Looking at tcpdump output, the acks on receiving side were sent precisely after receiving : 1,2,1,2,1,2... segments. The test was made on lan between two obsd 4.0 boxes (generic kernel), limiting the speed with one queue (and none as well) on sending host, as needed. Speed didn't seem to matter though - behaviour was the same with 256kbit as it was with 100mbit. Assuming it's intended behaviour - what are the reasons for implementing it in this way ?
Re: Dual-port Gigabit SX NICs?
* K K [EMAIL PROTECTED] [2007-05-07 23:52]: Am I the only one having a difficult time keeping track of which cards on the Supported hardware list are merely tolerated, and which vendors/chipsets are truly supported and cooperative? On 5/5/07, Henning Brauer [EMAIL PROTECTED] wrote: On 5/4/07, K K [EMAIL PROTECTED] wrote: This would be our first foray into Fiber NICs on OpenBSD, looking for recommendations for on affordable, reliable dual 1000baseSX NICs with good OpenBSD support. . . . the intels are not a bad choice; also there are bges I think. you can find hp branded dual-port em well as bge, and intel-branded em, on ebay at reasonable rates. Thanks -- We'll probably end up paying street price for new Intel SX fiber gigabit NICs. Is there a reason I should avoid the very cheap SK-9844 refurbs I see at various sites, these are a fraction of the eBay price for the dual port Intel (PWLA8492MF)?. not at all. they are a good choice, pbly even better than the others. -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg Amsterdam
Re: 4.0 locked up over the weekend
On Mon, May 07, 2007 at 12:42:55PM -0700, Bruce Bauer wrote: On 5/7/07, Jack J. Woehr [EMAIL PROTECTED] wrote: On May 7, 2007, at 12:20 PM, Bruce Bauer wrote: This system has been running flawlessly since mid-March with GENERIC plus the 010 patch. dmesg below This morning I found it totally unresponsive both through network and at the console. Had to use the power switch to recover. Where do I start trying to track this down? Open the box and check your power supply and blow it out with air if it's full of dust. Number one cause of mysterious lockups in my personal experience. Next, run a memory test. Only then start trying to debug software, e.g., OpenBSD. Thanks for the response. OK, maybe a little less basic than that. The system is sitting in a restricted access server room. Not a clean room, but very little dust. Nice and cool.. The system still looks brand new, inside and out. The purpose of this system is to receive streaming video data over the VPN from IP webcams. It doesn't do anything with the data except pass it on to a DVR system over the local network. Plans are to add another network card so the VPN and the local network will be on separate channels. But, for now, it all goes through one card. It has worked in this configuration for over a month with video from 2 cameras coming in. Oops! Message from Joachim Schipper just came in: There were no console messages The authlog does show that someone is trying to brute force an ssh login. I think I'll turn off sshd for now... Nah, script kiddies trying to bruteforce SSH logins are so common that I just tuned them out of the log parser altogether. Just use public keys, or good passwords. That said, Jack might be right to suspect some random hardware failure. If this is the case, how about some proper stress testing (compiling the whole system is fairly good in exercising CPU and memory, something like bonnie++ might help you to test the disk?). If that doesn't work, the software might be problematic... Joachim -- TFMotD: piconv (1) - iconv(1), reinvented in perl
Re: Thecus N2100 and RAID 1
On Mon, May 07, 2007 at 02:02:19PM -0700, Bryan Vyhmeister wrote: On May 7, 2007, at 11:56 AM, Matthieu Herrb wrote: I'm using a thecus 2100 with raidframe to do raid 1. A bit slow, but with 512MB RAM it's acceptable. Would ccd(4) be any faster? Also, what sort of RAM does it take? Thanks for your response. ccd is likely to be slightly faster, but it *will* eat your data. Just stick with RAIDframe, or hardware RAID, or the upcoming softraid (like RAIDframe, but newer and shinier; I presume it'll be announced on undeadly.org one of these days). Worrying about ccd/RAIDframe memory usage really isn't necessary; both don't use memory on a scale that you will notice with that amount of memory in the box. Joachim -- TFMotD: named.conf (5) - configuration file for named
Re: Dual-port Gigabit SX NICs?
On Mon, May 07, 2007 at 04:23:00PM -0500, K K wrote: Am I the only one having a difficult time keeping track of which cards on the Supported hardware list are merely tolerated, and which vendors/chipsets are truly supported and cooperative? No, that's why http://www.vendorwatch.org exists. Or rather, used to: it doesn't seem to resolve right now... I CC'ed the maintainer. Joachim -- TFMotD: sv (4) - S3 SonicVibes audio device
Re: BGP + Multiple Providers + Redundant Firewalls
On 5/5/07, Henning Brauer [EMAIL PROTECTED] wrote:
* [EMAIL PROTECTED] [EMAIL PROTECTED] [2007-05-03 20:58]:
Any recommendations on running BGP on redundant firewalls to multiple
providers advertising the same network thru both links, and talking iBGP
with the other firewall?
that is what I am doing here as well as at multiple customer sites.
Just asking because I ran into a problem with this
scenario when traffic would enter 1 host, traverse the iBGP crossover
link
and then exit the 2nd host, and return traffic would come back in thru
the
1st host. There was a mismatch of the states that seemed to cause my
problems.
not seen that.
you could suffer from the carp route screwup issue I just committed a
fix for in -current. I'll attach it, it'llapply for 4.1 too.
in general, bgpctl sh nexthop is your friend to debug this.
can you elaborate a little more on the carp route issue. i had been
working with the 2 firewall/2 provider/ibgp/pf/pfsync setup about 3 months
ago and hit a wall when traffic flowed a certain direction - so i moved to
the 2 router + 2 firewall setup that cleared it up, so my memories a little
foggy about the exact issue. but I'm willing to try the 2 firewall setup
again as this will cost us so much less when we clone this configuration
from our office to our data center. thanks.
--
Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED]
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting - Hamburg Amsterdam
Index: ip_carp.c
===
RCS file: /cvs/src/sys/netinet/ip_carp.c,v
retrieving revision 1.135
diff -u -p -r1.135 ip_carp.c
--- ip_carp.c 27 Mar 2007 21:58:16 - 1.135
+++ ip_carp.c 28 Mar 2007 23:18:51 -
@@ -368,15 +368,18 @@ carp_setroute(struct carp_softc *sc, int
struct ifaddr *ifa;
int s;
+ /* XXX this mess needs fixing */
+
s = splsoftnet();
TAILQ_FOREACH(ifa, sc-sc_if.if_addrlist, ifa_list) {
switch (ifa-ifa_addr-sa_family) {
case AF_INET: {
- int count = 0;
+ int count = 0, error;
struct sockaddr sa;
struct rtentry *rt;
struct radix_node_head *rnh;
struct radix_node *rn;
+ struct rt_addrinfo info;
int hr_otherif, nr_ourif;
/*
@@ -395,9 +398,15 @@ carp_setroute(struct carp_softc *sc, int
}
/* Remove the existing host route, if any */
- rtrequest(RTM_DELETE, ifa-ifa_addr,
- ifa-ifa_addr, ifa-ifa_netmask,
- RTF_HOST, NULL, 0);
+ bzero(info, sizeof(info));
+ info.rti_info[RTAX_DST] = ifa-ifa_addr;
+ info.rti_info[RTAX_GATEWAY] = ifa-ifa_addr;
+ info.rti_info[RTAX_NETMASK] = ifa-ifa_netmask;
+ info.rti_flags = RTF_HOST;
+ error = rtrequest1(RTM_DELETE, info, NULL, 0);
+ rt_missmsg(RTM_DELETE, info, info.rti_flags,
NULL,
+ error, 0);
+
/* Check for our address on another interface */
/* XXX cries for proper API */
@@ -420,26 +429,39 @@ carp_setroute(struct carp_softc *sc, int
if (hr_otherif) {
ifa-ifa_rtrequest = NULL;
ifa-ifa_flags = ~RTF_CLONING;
-
- rtrequest(RTM_ADD, ifa-ifa_addr,
- ifa-ifa_addr,
ifa-ifa_netmask,
- RTF_UP | RTF_HOST, NULL, 0);
+ bzero(info, sizeof(info));
+ info.rti_info[RTAX_DST] =
ifa-ifa_addr;
+ info.rti_info[RTAX_GATEWAY] =
ifa-ifa_addr;
+ info.rti_info[RTAX_NETMASK] =
ifa-ifa_netmask;
+ info.rti_flags = RTF_UP |
RTF_HOST;
+ error = rtrequest1(RTM_ADD, info,
NULL, 0);
+ rt_missmsg(RTM_ADD, info,
info.rti_flags, NULL,
+ error, 0);
}
if (!hr_otherif || nr_ourif || !rt) {
if (nr_ourif !(rt-rt_flags
- RTF_CLONING))
- rtrequest(RTM_DELETE, sa,
-
Re: BGP + Multiple Providers + Redundant Firewalls
when i do a bgpctl show fib i see the two routes, 1 thru connected provider, 1 to other router's crossover interface - which is connected then to 2nd provider, so why would i need to redistribute my routes when its already in the fib? maybe im confused but I dont think i necessarily need ospf in my scenario. can anyone else clarify this? if one provider fails, iBGP should update the fib and forward traffic across the crossover link, so i dont see an issue there with using static routes. i did come across that paper and set up the 2 routers 2 firewalls with ospf but the only advantage i seen in our scenario was having the firewalls themselves make the routing decision instead of the routers and just sending to the physical interface of the decided route instead of the carp interface on the routers, which we decided we dont want our firewalls to be involved in the routing decision and opted to not use ospf. im still learning this stuff myself. thanks for the input, it helps. On 5/5/07, Ivo Chutkin [EMAIL PROTECTED] wrote: Hi, As far as I know you need OSPF to redistribute routes when you run IBGP between your border routers inside your AS. I do not have sophisticated explanation why but IBGP do not work without OSPF. I am still learning. And in your case with tow upstream providers you definitely need IBGP between routers connected to upstreams. I do not know what will happen if you do not run IBGP between the border routers. I guess, if one provider fails, whit static routes you will continue to send traffic to it, not knowing that it is dead. This is a good paper: http://www.openbsd.org/papers/linuxtag06-network/index.html also in pdf: http://www.openbsd.org/papers/linuxtag06-network.pdf I hope it help you somehow. Best regarsd, Ivo [EMAIL PROTECTED] wrote: This may be a naive question but why the need for ospf? Couldnt you just use carp and static routes? I had configured the ospfd but didnt see the need for it in my enviornment. If someone can point out the benefits of using openbgp + ospf instead of just openbgpd + static routes - carp0. What am I missing? We do not have any downstream customers so maybe it is just an architecture thing? On 5/4/07, *Ivo Chutkin* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Hello, I am also trying to achieve maximum redundancy. I am trying the following configuration in my test lab: http://tania.be.linux.org/zebra/msg00338.html http://tania.be.linux.org/zebra/msg00338.html I translated it to OpenBGP/OpenOSPF language ant it seems to work fine, though it is only test lab, I did not try it in production environment yet. I hope it will give you some idea and we could share some experience. I am beginner with OpenBSD so my opinion may be incorrect. Best regards, Ivo [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Any recommendations on running BGP on redundant firewalls to multiple providers advertising the same network thru both links, and talking iBGP with the other firewall? Just asking because I ran into a problem with this scenario when traffic would enter 1 host, traverse the iBGP crossover link and then exit the 2nd host, and return traffic would come back in thru the 1st host. There was a mismatch of the states that seemed to cause my problems. Heres how i was set up. Problem Scenario: box-a --- Provider-A / | carp0 | \ box-b-Provider-B Solution: Box-A Box-B are my redundant firewalls running pfsync between the dedicated link. Box-C Box-D are just T1 routers running BGP. The routers route to carp1 on the firewalls and the firewalls route to carp0 on the routers. Box-C and Box-D run iBGP between there dedicated link to share routes to external networks. The multiple providers are for both redundancy and aggregate bandwidth. Running BGP in an active/backup scenarios based on who has the carp0 interface isnt an option because of the necessity of the aggregate bandwidth.This solution works fine for us but we really wanted to run on two boxes. I believe the only problem we have now is with BGP Convergence. If anyone has any tips on how to minimize this when I reboot box-c or box-d I that would be great. If anyone has comments, recommendations, adjustments, tips on our setup please do share. box-a switchbox-c- Provider-A / |\ | /| carp0 |carp1 | carp0 | \ |/ | \| box-b
Re: BGP + Multiple Providers + Redundant Firewalls
On 2007/05/07 16:31, [EMAIL PROTECTED] wrote: when i do a bgpctl show fib i see the two routes, 1 thru connected provider, 1 to other router's crossover interface - which is connected then to 2nd provider, so why would i need to redistribute my routes when its already in the fib? maybe im confused but I dont think i necessarily need ospf in my scenario. can anyone else clarify this? check 'bgpctl sh nex' to make sure your nexthops are valid. if they are, you have this working ok. there are various ways to do this, some with ospf, some without.
Re: Prevent circumventing dansguardian with pf
From: Sebastian Benoit [EMAIL PROTECTED] If you want deny users the possiblility to smuggle data outside of their workplace (or whatever) then don't connect them to the internet. No, no, no. You must go one step beyond this if you want to prevent employees from smuggling data. To do this properly, copy machines should be remove! Pen, pencils and papers removed! Employees should be searched for thumb drives, zip drive, floppy drives, tape recorders, papers, cd's, dvd's, and burners. It's better to strip search them just to be sure. As a matter of fact, because humans are so innovative, all materials should be removed from the office because I'm sure someone will come up with some way to write something down. Oh, don't forget to remove phones, faxes and cell phones, and cameras. You should only hire people who don't know how to read or write to reduce the work load of preventing others from smuggling data. It's probably best that they don't know how to receive or transmit any form of language/communication either.
Re: BGP + Multiple Providers + Redundant Firewalls
yah theyre valid, there was a point when i first set this up i remember one of the nexthops being invalid but this hasnt been the case for sometime. cool, i think ill stick to the without ospf for now until it becomes a necessity. thanks. On 5/7/07, Stuart Henderson [EMAIL PROTECTED] wrote: On 2007/05/07 16:31, [EMAIL PROTECTED] wrote: when i do a bgpctl show fib i see the two routes, 1 thru connected provider, 1 to other router's crossover interface - which is connected then to 2nd provider, so why would i need to redistribute my routes when its already in the fib? maybe im confused but I dont think i necessarily need ospf in my scenario. can anyone else clarify this? check 'bgpctl sh nex' to make sure your nexthops are valid. if they are, you have this working ok. there are various ways to do this, some with ospf, some without.
Re: OpenBSD 4.1 Torrents
Guys if you realy care about security why does nobody asks about using gzsig. Even useable for the packages... Kind regards, Sebastian
Re: booteasy fate?
On Mon, 07 May 2007 16:51:32 -0500, Bruce Bauer [EMAIL PROTECTED] wrote: Don't beat a dead horse. This should do whatever you need: http://gag.sourceforge.net/ Aaah, yes, I remember someone recommending this to me before. It does work well. -- Aaron Hsu [EMAIL PROTECTED] No one could make a greater mistake than he who did nothing because he could do only a little. - Edmund Burke
Re: Prevent circumventing dansguardian with pf
On 4/25/07, Allen Theobald [EMAIL PROTECTED] wrote: Greetings! Included below is my pf.conf set up to use dansguardian (proxyport 3128, filterport 8080) and tinyproxy (listen port 3128) as a transparent proxy. What changes do I need to make to keep someone on int_if/int_net from circumventing dansguardian by changing their browser to point to 3128? By blocking all outbound ports, and redirecting those they need to the firewall itself. Ie. run a DNS server on the firewall so they can resolve (alternatively only pass traffic to your ISP's DNS), use port forwarding to redirect all www traffic to your filter etc... Don't leave any port unblocked is the only way. I remember I was once dared to get on napster (yeah it was awhile ago :-) at an old job by one of the admins. They had recently gone through a whole seminar-thing on how to block these kinds of things. So I set up a socks proxy on my home computer running on port 80, and proceeded to fill up my work HD with mp3's. They didn't filter web traffic so it just looked like web traffic as far as the firewall was concerned. Took me about 5 minutes to waste their thousands of dollars on training. I also used the same 'trick' to get around a filtering internet provider. I think that time was by using port 53. Any open port would be subject to the same. So close them. All of them. --Bryan
wi pcmcia card configuration Problem
Greetings All. I will start with my dmesg: See below--- I have tried many ways to get the 300mw Z-COM WLAN PC Card, RP-MMCX, 802.11b Higher Power card to work with the system. I am trying to setup the first Wlan (wi0) as an access point and the second (wi1) as a bridge/link to a distant server that will also have the same setup but on the second (wi1) card it will be channel 11. Also below you will find the configuration files for wi0 and wi1. In addition I will be using dchpd on each of the wi(0) cards but for now am only using it on wi0. I am trying to get these to work before turning to the second box, *DMESG:* OpenBSD 4.0 (GENERIC) #0: Sat Apr 28 21:23:45 PDT 2007 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel(R) Pentium(R) 4 CPU 2.80GHz (GenuineIntel 686-class) 2.80 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,CNXT-ID real mem = 1073246208 (1048092K) avail mem = 971010048 (948252K) using 4256 buffers containing 53764096 bytes (52504K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(c7) BIOS, date 12/17/03, BIOS32 rev. 0 @ 0xfb0b0, SMBIOS rev. 2.2 @ 0xf0800 (37 entries) bios0: TYAN Computer S2099 apm0 at bios0: Power Management spec V1.2 apm0: AC on, battery charge unknown apm0: flags 70102 dobusy 1 doidle 1 pcibios0 at bios0: rev 2.1 @ 0xf/0xdf84 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfde90/240 (13 entries) pcibios0: PCI Exclusive IRQs: 5 9 10 11 pcibios0: PCI Interrupt Router at 000:31:0 (Intel 82371SB ISA rev 0x00) pcibios0: PCI bus #4 is the last bus bios0: ROM list: 0xc/0x8000 0xc8000/0x8000! 0xd/0x1000 0xd1000/0x1000 cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 Intel 82845 Host rev 0x11 ppb0 at pci0 dev 1 function 0 Intel 82845 AGP rev 0x11 pci1 at ppb0 bus 1 uhci0 at pci0 dev 29 function 0 Intel 82801DB USB rev 0x02: irq 10 usb0 at uhci0: USB revision 1.0 uhub0 at usb0 uhub0: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered uhci1 at pci0 dev 29 function 1 Intel 82801DB USB rev 0x02: irq 5 usb1 at uhci1: USB revision 1.0 uhub1 at usb1 uhub1: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub1: 2 ports with 2 removable, self powered uhci2 at pci0 dev 29 function 2 Intel 82801DB USB rev 0x02: irq 5 usb2 at uhci2: USB revision 1.0 uhub2 at usb2 uhub2: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub2: 2 ports with 2 removable, self powered ehci0 at pci0 dev 29 function 7 Intel 82801DB USB rev 0x02: irq 10 usb3 at ehci0: USB revision 2.0 uhub3 at usb3 uhub3: Intel EHCI root hub, rev 2.00/1.00, addr 1 uhub3: 6 ports with 6 removable, self powered ppb1 at pci0 dev 30 function 0 Intel 82801BA AGP rev 0x82 pci2 at ppb1 bus 2 vga1 at pci2 dev 1 function 0 ATI Rage XL rev 0x27 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) cbb0 at pci2 dev 4 function 0 ENE CB-1410 CardBus rev 0x01: irq 11 fxp0 at pci2 dev 8 function 0 Intel PRO/100 VE rev 0x82, i82562: irq 11, address 00:e0:81:65:f2:bd inphy0 at fxp0 phy 1: i82562EM 10/100 PHY, rev. 0 cbb1 at pci2 dev 9 function 0 ENE CB-1410 CardBus rev 0x01: irq 9 em0 at pci2 dev 10 function 0 Intel PRO/1000MT (82540EM) rev 0x02: irq 10, address 00:e0:81:65:f2:bc cardslot0 at cbb0 slot 0 flags 0 cardbus0 at cardslot0: bus 3 device 0 cacheline 0x8, lattimer 0x20 pcmcia0 at cardslot0 cardslot1 at cbb1 slot 1 flags 0 cardbus1 at cardslot1: bus 4 device 0 cacheline 0x8, lattimer 0x20 pcmcia1 at cardslot1 ichpcib0 at pci0 dev 31 function 0 Intel 82801DB LPC rev 0x02 pciide0 at pci0 dev 31 function 1 Intel 82801DB IDE rev 0x02: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility wd0 at pciide0 channel 0 drive 0: WDC WD1600BB-22RDA0 wd0: 16-sector PIO, LBA48, 152627MB, 312581808 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5 atapiscsi0 at pciide0 channel 1 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: SONY, CD-ROM CDU5225, NYS4 SCSI0 5/cdrom removable cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2 ichiic0 at pci0 dev 31 function 3 Intel 82801DB SMBus rev 0x02: irq 11 iic0 at ichiic0 isa0 at ichpcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pmsi0 at pckbc0 (aux slot) pckbc0: using irq 12 for aux slot wsmouse0 at pmsi0 mux 0 pcppi0 at isa0 port 0x61 midi0 at pcppi0: PC speaker spkr0 at pcppi0 lpt0 at isa0 port 0x378/4 irq 7 lm0 at isa0 port 0x290/8: W83627HF npx0 at isa0 port 0xf0/16: using exception 16 pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo pccom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 secbiomask ef65 netmask ef65 ttymask ffe7 pctr: user-level cycle
Re: wi pcmcia card configuration Problem (added the errors)
Bret wrote: Greetings All. I will start with my dmesg: See below--- I have tried many ways to get the 300mw Z-COM WLAN PC Card, RP-MMCX, 802.11b Higher Power card to work with the system. I am trying to setup the first Wlan (wi0) as an access point and the second (wi1) as a bridge/link to a distant server that will also have the same setup but on the second (wi1) card it will be channel 11. Also below you will find the configuration files for wi0 and wi1. In addition I will be using dchpd on each of the wi(0) cards but for now am only using it on wi0. I am trying to get these to work before turning to the second box, *DMESG:* OpenBSD 4.0 (GENERIC) #0: Sat Apr 28 21:23:45 PDT 2007 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel(R) Pentium(R) 4 CPU 2.80GHz (GenuineIntel 686-class) 2.80 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,CNXT-ID real mem = 1073246208 (1048092K) avail mem = 971010048 (948252K) using 4256 buffers containing 53764096 bytes (52504K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(c7) BIOS, date 12/17/03, BIOS32 rev. 0 @ 0xfb0b0, SMBIOS rev. 2.2 @ 0xf0800 (37 entries) bios0: TYAN Computer S2099 apm0 at bios0: Power Management spec V1.2 apm0: AC on, battery charge unknown apm0: flags 70102 dobusy 1 doidle 1 pcibios0 at bios0: rev 2.1 @ 0xf/0xdf84 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfde90/240 (13 entries) pcibios0: PCI Exclusive IRQs: 5 9 10 11 pcibios0: PCI Interrupt Router at 000:31:0 (Intel 82371SB ISA rev 0x00) pcibios0: PCI bus #4 is the last bus bios0: ROM list: 0xc/0x8000 0xc8000/0x8000! 0xd/0x1000 0xd1000/0x1000 cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 Intel 82845 Host rev 0x11 ppb0 at pci0 dev 1 function 0 Intel 82845 AGP rev 0x11 pci1 at ppb0 bus 1 uhci0 at pci0 dev 29 function 0 Intel 82801DB USB rev 0x02: irq 10 usb0 at uhci0: USB revision 1.0 uhub0 at usb0 uhub0: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered uhci1 at pci0 dev 29 function 1 Intel 82801DB USB rev 0x02: irq 5 usb1 at uhci1: USB revision 1.0 uhub1 at usb1 uhub1: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub1: 2 ports with 2 removable, self powered uhci2 at pci0 dev 29 function 2 Intel 82801DB USB rev 0x02: irq 5 usb2 at uhci2: USB revision 1.0 uhub2 at usb2 uhub2: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub2: 2 ports with 2 removable, self powered ehci0 at pci0 dev 29 function 7 Intel 82801DB USB rev 0x02: irq 10 usb3 at ehci0: USB revision 2.0 uhub3 at usb3 uhub3: Intel EHCI root hub, rev 2.00/1.00, addr 1 uhub3: 6 ports with 6 removable, self powered ppb1 at pci0 dev 30 function 0 Intel 82801BA AGP rev 0x82 pci2 at ppb1 bus 2 vga1 at pci2 dev 1 function 0 ATI Rage XL rev 0x27 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) cbb0 at pci2 dev 4 function 0 ENE CB-1410 CardBus rev 0x01: irq 11 fxp0 at pci2 dev 8 function 0 Intel PRO/100 VE rev 0x82, i82562: irq 11, address 00:e0:81:65:f2:bd inphy0 at fxp0 phy 1: i82562EM 10/100 PHY, rev. 0 cbb1 at pci2 dev 9 function 0 ENE CB-1410 CardBus rev 0x01: irq 9 em0 at pci2 dev 10 function 0 Intel PRO/1000MT (82540EM) rev 0x02: irq 10, address 00:e0:81:65:f2:bc cardslot0 at cbb0 slot 0 flags 0 cardbus0 at cardslot0: bus 3 device 0 cacheline 0x8, lattimer 0x20 pcmcia0 at cardslot0 cardslot1 at cbb1 slot 1 flags 0 cardbus1 at cardslot1: bus 4 device 0 cacheline 0x8, lattimer 0x20 pcmcia1 at cardslot1 ichpcib0 at pci0 dev 31 function 0 Intel 82801DB LPC rev 0x02 pciide0 at pci0 dev 31 function 1 Intel 82801DB IDE rev 0x02: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility wd0 at pciide0 channel 0 drive 0: WDC WD1600BB-22RDA0 wd0: 16-sector PIO, LBA48, 152627MB, 312581808 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5 atapiscsi0 at pciide0 channel 1 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: SONY, CD-ROM CDU5225, NYS4 SCSI0 5/cdrom removable cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2 ichiic0 at pci0 dev 31 function 3 Intel 82801DB SMBus rev 0x02: irq 11 iic0 at ichiic0 isa0 at ichpcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pmsi0 at pckbc0 (aux slot) pckbc0: using irq 12 for aux slot wsmouse0 at pmsi0 mux 0 pcppi0 at isa0 port 0x61 midi0 at pcppi0: PC speaker spkr0 at pcppi0 lpt0 at isa0 port 0x378/4 irq 7 lm0 at isa0 port 0x290/8: W83627HF npx0 at isa0 port 0xf0/16: using exception 16 pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo pccom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 secbiomask ef65 netmask ef65 ttymask ffe7 pctr:
OpenBSD CD(4.1) T-Shirts arrivaled at China(Shenzhen).
Hi all, OpenBSD CD(4.1 -release) and T-Shirts arrivaled at China(Shenzhen) this morning, It looks really nice. Thanks to all OpenBSD developers for the hard work, thanks to Wim for the patience. ^_^ MB 2007.05.08 -- OpenBSD Store in China Mainland: http://shop34421310.taobao.com/
Re: booteasy fate?
Michael Dexter wrote: Hello, I have found references to: /pub/OpenBSD/3.6/tools/booteasy suggesting that it was part of the distribution but I do not see it listed for 3.7 and newer. I do not see a 3.7 changelist entry for it and I the online man pages to not seem to refer to it. From the looks however, it was an official OpenBSD boot manager. I fold! What was it and what happend to it? wrap your lines... It was a third-party boot manager, included for convenience of the users. It was most certainly not an official OpenBSD boot manager. It was never in the CVS tree, it was never maintained by OpenBSD developers, it was just slapped in for people in case they needed it. It seems they don't. However, from memory and a little superficial checking, 1) It wasn't LBA capable (OpenBSD newly was then) 2) License was uncertain/non-existent 3) It was relatively unmaintained 4) there are lots of other boot managers out there Since it was removed, I think you are the first person to notice its absence. Heck, it took you this long to notice! If developers had been testing or maintaining it, that would have been wasted effort. If developers hadn't been testing and maintaining it, it would be unmaintained junk we were shipping. Neither is good. Haven't found much use for a boot manager myself. But then, there are over 20 computers in this room, and this isn't the storage area...multibooting is a complete waste of time for me. :) (argh. just counted, without getting out of my chair, more like 30 computers...probably more. At least eight different platforms. I need help.) Nick.
Re: Prevent circumventing dansguardian with pf
On 5/7/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: From: Sebastian Benoit [EMAIL PROTECTED] If you want deny users the possiblility to smuggle data outside of their workplace (or whatever) then don't connect them to the internet. No, no, no. You must go one step beyond this if you want to prevent employees from smuggling data. To do this properly, copy machines should be remove! Pen, pencils and papers removed! Employees should be searched for thumb drives, zip drive, floppy drives, tape recorders, papers, cd's, dvd's, and burners. It's better to strip search them just to be sure. As a matter of fact, because humans are so innovative, all materials should be removed from the office because I'm sure someone will come up with some way to write something down. Oh, don't forget to remove phones, faxes and cell phones, and cameras. You should only hire people who don't know how to read or write to reduce the work load of preventing others from smuggling data. It's probably best that they don't know how to receive or transmit any form of language/communication either. Also, make the whole building a large faraday cage to prevent them from using radio communication. And have automatic direction-finding recievers to triangulate the location of (l)users who attempt to use radio. In fact, there is a much cheaper method: don't hire humans. _Every_ compromise of security or instance of data exfiltration has been traced back to a human action. If you don't have humans, you don't have problems.
Re: malo driver
On Sun, 2007-05-06 at 11:14 +0200, Henning Brauer wrote: * Default User [EMAIL PROTECTED] [2007-05-05 05:03]: cbb0 at pci1 dev 4 function 0 ENE CB-1410 CardBus rev 0x01pci_intr_map: no mapping for pin A : couldn't map interrupt there's your problem, your cardbus slot is not working Ouch! Bad news. Well, I guess that explains it. It never occurred to me that there would be a problem with the computer itself. Anyway, Thanks for the info.
Re: Thecus N2100 and RAID 1
On May 7, 2007, at 4:11 PM, Joachim Schipper wrote: On Mon, May 07, 2007 at 02:02:19PM -0700, Bryan Vyhmeister wrote: On May 7, 2007, at 11:56 AM, Matthieu Herrb wrote: I'm using a thecus 2100 with raidframe to do raid 1. A bit slow, but with 512MB RAM it's acceptable. Would ccd(4) be any faster? Also, what sort of RAM does it take? Thanks for your response. ccd is likely to be slightly faster, but it *will* eat your data. Just stick with RAIDframe, or hardware RAID, or the upcoming softraid (like RAIDframe, but newer and shinier; I presume it'll be announced on undeadly.org one of these days). Worrying about ccd/RAIDframe memory usage really isn't necessary; both don't use memory on a scale that you will notice with that amount of memory in the box. So you are saying that ccd(4) has reliability problems? I actually meant to ask what type of physical memory does the box take. Thanks for your response. Bryan
Re: Routing to host over IPsec
--- Quoting RW on 2007/04/30 at 16:52 +1000: Existing setup: Head Office: WAN IP=165.x.y.z LAN = 172.22.22.0/24 Extranet gateway = 10.x.y.1 Branch Office: WAN IP=150.x.y.z LAN= 172.22.23.0/24 IPsec endpoints are OpenBSD firewalls and LAN to LAN connectivity is fine. My challenge is to get traffic to pass from a host on the Branch LAN over the IPsec tunnel to a host on the Extranet via gateway 10.x.y.1. If I could add a route entry that used the LAN IP of the H/O firewall life would be easy but of course addresses the are only visible through IPsec don't appear in the routing table to be used as the next hop. Is there a way to do this using either route or pf or ipsec itself? Some other method? I have to be able to get traffic to several hosts on the extranet (and get the replies back!) and they are only reachable via the extranet gateway on the head office firewall. Cluestick, anybody? Setup your flows appropriately on the branch ipsec gateway to get traffic over the tunnel and to the head office. On the HO endpoint, setup a normal route to push the traffic to the extranet gateway. .joel
Re: Routing to host over IPsec
On Mon, 7 May 2007 23:01:15 -0600, Joel Knight wrote: --- Quoting RW on 2007/04/30 at 16:52 +1000: Existing setup: Head Office: WAN IP=165.x.y.z LAN = 172.22.22.0/24 Extranet gateway = 10.x.y.1 Branch Office: WAN IP=150.x.y.z LAN= 172.22.23.0/24 IPsec endpoints are OpenBSD firewalls and LAN to LAN connectivity is fine. My challenge is to get traffic to pass from a host on the Branch LAN over the IPsec tunnel to a host on the Extranet via gateway 10.x.y.1. If I could add a route entry that used the LAN IP of the H/O firewall life would be easy but of course addresses the are only visible through IPsec don't appear in the routing table to be used as the next hop. Is there a way to do this using either route or pf or ipsec itself? Some other method? I have to be able to get traffic to several hosts on the extranet (and get the replies back!) and they are only reachable via the extranet gateway on the head office firewall. Cluestick, anybody? Setup your flows appropriately on the branch ipsec gateway to get traffic over the tunnel and to the head office. On the HO endpoint, setup a normal route to push the traffic to the extranet gateway. Thanx for replying. For the record: All the flows needed to do FW-FW + LAN-FW + FW-LAN + LAN-LAN were already setup and working just fine. A route doesn't need to be added at HO to find the extranet as it terminates on the firewall just as the tunnel did. What solved it for me was to add a flow from the branch LAN to the extranet IP on the f/wall and vice versa. That is probably bleedin' obvious to IPsec gurus (which I ain't) but intuition said that I should be able to do it with some routing entries alone. Not so, it seems. Rod/ Write a wise saying and your name will live on forever. - Anonymous
Preventing man-in-the-middle attack on authpf?
Suppose I setup a wireless network and use authpf to restrict access to some resource (e.g., Internet access) to registered users. It seems there's a fairly simple man-in-the-middle attack: An attacker sets up a system with two wireless NICs: one associated to my network and another configured as an access point pretending to be an access point for my network. He runs a DHCP server on the AP interface and NATs traffic to my network. (I can imagine a sufficiently clever bridge setup that would be even harder to detect, but I don't know for certain if it could work.) A legitimate user (e.g., a university student) sits down somewhere in range of the fake AP but outside of range of any legit APs (in a part of campus not yet with wifi access, or where the signal is low, or where the attacker has unplugged the APs), and connects his laptop to my network via the attacker's fake network. The user ssh's to authpf.mydomain.com, but his connection is NAT'd via the attacker's system, and so my gateway now assumes all traffic from the attacker's IP belongs to the duped user. Is there anything I'm forgetting that makes this attack infeasible? If not, is there anything that can be done to prevent it?
