throttling cpu in C0 state patch

[giovanni]

while browsing latest modification I see the throttle written function
was not used yet so for curiosity I've tried to use it for throttling
cpu in C0 state. I've made some test (md5) sweeping the whole throttle
range (hw.throttle=1..2^dutywidth) and it seems to work

giovanni

diff -ru sys.orig/arch/i386/conf/GENERIC sys/arch/i386/conf/GENERIC
--- sys.orig/arch/i386/conf/GENERIC Fri Jun  1 08:53:17 2007
+++ sys/arch/i386/conf/GENERIC  Sat Jun  2 21:46:39 2007
@@ -58,19 +58,19 @@
 pci*   at mainbus0

 #optionACPIVERBOSE
-#optionACPI_ENABLE
+option ACPI_ENABLE

-acpi0  at mainbus? disable
-#acpitimer*at acpi?
+acpi0  at mainbus?
+acpitimer* at acpi?
 #acpihpet* at acpi?
-#acpiac*   at acpi?
-#acpibat*  at acpi?
-#acpibtn*  at acpi?
-#acpicpu*  at acpi?
+acpiac*at acpi?
+acpibat*   at acpi?
+acpibtn*   at acpi?
+acpicpu*   at acpi?
 #acpidock* at acpi?
-acpiec*at acpi?disable
+acpiec*at acpi?
 acpiprt*   at acpi?
-#acpitz*   at acpi?
+acpitz*at acpi?

 option PCIVERBOSE
 option EISAVERBOSE
diff -ru sys.orig/dev/acpi/acpicpu.c sys/dev/acpi/acpicpu.c
--- sys.orig/dev/acpi/acpicpu.c Fri Jun  1 08:53:31 2007
+++ sys/dev/acpi/acpicpu.c  Sun Jun  3 08:40:38 2007
@@ -56,7 +56,8 @@

 #define CPU_THT_EN (1L  4)
 #define CPU_MAXSTATE(sc)   (1L  (sc)-sc_duty_wid)
-#define CPU_STATE(sc,pct)  ((pct * CPU_MAXSTATE(sc) / 100)  
(sc)-sc_duty_off)
+#define CPU_DUTYWIDTH(sc)  ((sc)-sc_duty_wid)
+#define CPU_STATE(sc,pct)  (pct  (sc)-sc_duty_off)
 #define CPU_STATEMASK(sc)   ((CPU_MAXSTATE(sc) - 1)  (sc)-sc_duty_off)

 #define ACPI_MAX_C2_LATENCY 100
@@ -106,7 +107,7 @@
void(*sc_notify)(struct acpicpu_pss *, int);
 };

-voidacpicpu_set_throttle(struct acpicpu_softc *, int);
+voidacpicpu_set_throttle(int *);
 voidacpicpu_add_cstatepkg(struct aml_value *, void *);
 intacpicpu_getpct(struct acpicpu_softc *);
 intacpicpu_getpss(struct acpicpu_softc *);
@@ -122,6 +123,7 @@
 };

 extern int setperf_prio;
+extern int throttle_lv;

 #ifdef __i386__
 struct acpicpu_softc *acpicpu_sc[I386_MAXPROCS];
@@ -130,22 +132,27 @@
 #endif

 void
-acpicpu_set_throttle(struct acpicpu_softc *sc, int level)
+acpicpu_set_throttle(int* level)
 {
-   uint32_t pbval;
+   uint32_tpbval;
+   struct acpicpu_softc*sc;

+   sc = acpicpu_sc[cpu_number()];
+
if (sc-sc_flags  FLAGS_NOTHROTTLE)
return;

/* Disable throttling control */
pbval = inl(sc-sc_pblk_addr);
outl(sc-sc_pblk_addr, pbval  ~CPU_THT_EN);
-   if (level  100) {
-   pbval = ~CPU_STATEMASK(sc);
-   pbval |= CPU_STATE(sc, level);
-   outl(sc-sc_pblk_addr, pbval  ~CPU_THT_EN);
-   outl(sc-sc_pblk_addr, pbval | CPU_THT_EN);
-   }
+   
+   *level = min(((1  CPU_DUTYWIDTH(sc)) - 1), *level);
+   *level = max(1, *level);
+   
+   pbval = ~CPU_STATEMASK(sc);
+   pbval |= CPU_STATE(sc, *level);
+   outl(sc-sc_pblk_addr, pbval  ~CPU_THT_EN);
+   outl(sc-sc_pblk_addr, pbval | CPU_THT_EN);
 }

 struct acpi_cstate *
@@ -259,6 +266,12 @@
sc-sc_duty_wid = sc-sc_acpi-sc_fadt-duty_width;
if (!valid_throttle(sc-sc_duty_off, sc-sc_duty_wid, sc-sc_pblk_addr))
sc-sc_flags |= FLAGS_NOTHROTTLE;
+   else {
+   if (cpu_throttle == NULL) {
+   throttle_lv = (1  CPU_DUTYWIDTH(sc)) - 1;
+   cpu_throttle = acpicpu_set_throttle;
+   }
+   }

 #ifdef ACPI_DEBUG
printf(: %s: , sc-sc_devnode-name);
diff -ru sys.orig/kern/kern_sysctl.c sys/kern/kern_sysctl.c
--- sys.orig/kern/kern_sysctl.c Tue May 29 08:39:40 2007
+++ sys/kern/kern_sysctl.c  Sat Jun  2 22:13:00 2007
@@ -105,7 +105,9 @@

 int (*cpu_cpuspeed)(int *);
 void (*cpu_setperf)(int);
+void (*cpu_throttle)(int *);
 int perflevel = 100;
+int throttle_lv = 0;

 /*
  * Lock to avoid too many processes vslocking a large amount of memory
@@ -614,6 +616,15 @@
perflevel = 0;
if (newp)
cpu_setperf(perflevel);
+   return (0);
+   case HW_THROTTLE:
+   if (!cpu_throttle)
+   return (EOPNOTSUPP);
+   err = sysctl_int(oldp, oldlenp, newp, newlen, throttle_lv);
+   if (err)
+   return err;
+   if (newp)
+   cpu_throttle(throttle_lv);
return (0);
case HW_VENDOR:
if (hw_vendor)
diff -ru sys.orig/sys/sysctl.h sys/sys/sysctl.h
--- sys.orig/sys/sysctl.h   Fri Apr 27 10:47:11 2007
+++ sys/sys/sysctl.hSat Jun  2 21:52:39 2007
@@ -552,7 +552,8 @@
 #defineHW_VERSION  16  /* string: 

Re: c2k7 hackathon is over

[Massimo Lusetti]

On Sat, 02 Jun 2007 16:40:49 -0600
Theo de Raadt [EMAIL PROTECTED] wrote:

 Hope you guys out there enjoy the changes that we've made.

You can't imagine how much i enjoyed reading through commit logs.
Amazing. Thank you!

-- 
Massimo.run();
: is not an identifier

Re: support for Sun Fire

[Stuart Henderson]

On 2007/06/03 14:09, Sam Vaughan wrote:

 if anyone has a working PXE bios-flash setup for these and wouldn't
 mind sharing how, please drop me a line, when I try the system hangs
 after memdisk loads the bios-flash image.

 I'd be interested to know about this too.  Since my x4100s have no CD/DVD 
 ROM drive (I've got the four-SAS-disk config) I can't use Sun's BIOS CD 
 image.  I couldn't even mount the ISO to get at the necessary files.

I don't have one but it looks like X4100 is much easier, it appears that
the BIOS update is done with the ILOM firmware via the service processor
using an .ima file from http://www.sun.com/download/products.xml?id=45b94409

 Have you had any success with IPMI SoL?  Whilst the Java app works fine for 
 remote access, I'd much rather not have to launch it when all I really want 
 is access to the console.

I only have X2100 and I didn't want to lose the decent NIC, I got as far
as power control via ipmitool but didn't look at SoL, I'm just using good
old-fashioned serial console and masterswitch.

Re: ath(4) testers needed: AR2413, AR5413, AR5424 and AR5212 11a mode

[Rolf Sommerhalder]

My new miniPCI with AR2413 in 11b mode is recognized under  -current
on a WRAP, but it fails to associate and sometimes locks up the entire
system, as implictly warned by Reyk in his commit for
src/sys/dev/ic/ath.con 19 Sept 2006.

This ath(4) device is a  wlm54g23  Compex WLM54G 200mW Atheros
802.11b/g miniPCI wireless card from PCEngines.

Please find some debug output below, as suggested by Reyk. I am happy
to provide more information, and to test patches against -current, in
the hope to assist getting these newer ath chip sets to transmit also
in 11b mode.

Thanks,
Rolf


[EMAIL PROTECTED] root]# ifconfig ath0 up
[EMAIL PROTECTED] root]# ifconfig ath0
ath0: flags=8863UP,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,MULTICAST mtu 1500
   lladdr 00:80:48:7e:b4:e5
   groups: wlan
   media: IEEE802.11 autoselect (DS1 mode 11b)
   status: no network
   ieee80211: nwid FON_crosscom chan 3 bssid 00:18:84:10:62:1d 92%
   inet6 fe80::280:48ff:fe7e:b4e5%ath0 prefixlen 64 scopeid 0x1
[EMAIL PROTECTED] root]# ifconfig ath0
ath0: flags=8863UP,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,MULTICAST mtu 1500
   lladdr 00:80:48:7e:b4:e5
   groups: wlan
   media: IEEE802.11 autoselect (DS1)
   status: no network
   ieee80211: nwid 
   inet6 fe80::280:48ff:fe7e:b4e5%ath0 prefixlen 64 scopeid 0x1
[EMAIL PROTECTED] root]#


[EMAIL PROTECTED] root]# ifconfig -M ath0
ath0: flags=8863UP,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,MULTICAST mtu 1500
   lladdr 00:80:48:7e:b4:e5
   groups: wlan
   media: IEEE802.11 autoselect (DS1)
   status: no network
   ieee80211: nwid 
   nwid FON_crosscom chan 3 bssid 00:18:84:10:62:1d 87%
54M short_preamble,short_slottime
   inet6 fe80::280:48ff:fe7e:b4e5%ath0 prefixlen 64 scopeid 0x1
[EMAIL PROTECTED] root]# ifconfig -M ath0


[EMAIL PROTECTED] root]# dmesg
OpenBSD 4.1-current (WRAP12) #0: Sun Jun  3 11:15:57 CEST 2007
   [EMAIL PROTECTED]:/home/rs/downloads/OpenBSD/flashboot/flashboot/obj/WRAP12
RTC BIOS diagnostic error 80clock_battery
cpu0: Geode(TM) Integrated Processor by National Semi (Geode by NSC
586-class) 267 MHz
cpu0: FPU,TSC,MSR,CX8,CMOV,MMX
cpu0: TSC disabled
real mem  = 133791744 (127MB)
avail mem = 109572096 (104MB)
RTC BIOS diagnostic error 80clock_battery
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 11/08/05, BIOS32 rev. 0 @ 0xfc622
pcibios0 at bios0: rev 2.1 @ 0xf/0x1
pcibios0: pcibios_get_intr_routing - function not supported
pcibios0: PCI IRQ Routing information unavailable.
pcibios0: PCI bus #0 is the last bus
bios0: ROM list: 0xe/0x8000
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 0 function 0 Cyrix GXm PCI rev 0x00
ath0 at pci0 dev 13 function 0 Atheros AR2413 rev 0x01: irq 12
ath0: AR2413 7.8 phy 4.5 rf 5.6, FCC2A*, address 00:80:48:7e:b4:e5
sis0 at pci0 dev 14 function 0 NS DP83815 10/100 rev 0x00, DP83816A:
irq 10, address 00:0d:b9:01:a0:a0
nsphyter0 at sis0 phy 0: DP83815 10/100 PHY, rev. 1
sis1 at pci0 dev 15 function 0 NS DP83815 10/100 rev 0x00, DP83816A:
irq 9, address 00:0d:b9:01:a0:a1
nsphyter1 at sis1 phy 0: DP83815 10/100 PHY, rev. 1
sis2 at pci0 dev 16 function 0 NS DP83815 10/100 rev 0x00, DP83816A:
irq 11, address 00:0d:b9:01:a0:a2
nsphyter2 at sis2 phy 0: DP83815 10/100 PHY, rev. 1
gscpcib0 at pci0 dev 18 function 0 NS SC1100 ISA rev 0x00
gpio0 at gscpcib0: 64 pins
NS SC1100 SMI rev 0x00 at pci0 dev 18 function 1 not configured
pciide0 at pci0 dev 18 function 2 NS SCx200 IDE rev 0x01: DMA,
channel 0 wired to compatibility, channel 1 wired to compatibility
wd0 at pciide0 channel 0 drive 0: CF 128MB
wd0: 1-sector PIO, LBA, 125MB, 256512 sectors
wd0(pciide0:0:0): using PIO mode 4
NS SCx200 AUDIO rev 0x00 at pci0 dev 18 function 3 not configured
geodesc0 at pci0 dev 18 function 5 NS SC1100 X-Bus rev 0x00: iid 6
revision 3 wdstatus 0
isa0 at gscpcib0
pcppi0 at isa0 port 0x61
spkr0 at pcppi0
midi0 at pcppi0: PC speaker
gscsio0 at isa0 port 0x2e/2: SC1100 SIO rev 1: ACB1 ACB2
iic0 at gscsio0
iic1 at gscsio0
lmtemp0 at iic1 addr 0x48: lm77
npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
pccom0: console
biomask e1ef netmask ffef ttymask ffef
rd0: fixed, 30720 blocks
dkcsum: wd0 matches BIOS drive 0x80
root on rd0a swap on rd0b dump on rd0b
clock: unknown CMOS layout
WARNING: clock time much less than file system time
WARNING: using file system time
WARNING: CHECK AND RESET THE DATE!
[EMAIL PROTECTED] root]#


Filtered output to avoid dumping other WLAN traffic than the two MACs
of interest.  ':b4:e5' is my ath0, ':62:1d' is my public FONera access
point, see output of 'ifconfig -M ath0' above:

[EMAIL PROTECTED] root]#  tcpdump -y ieee802_11_radio -eni ath0 | grep -e
':b4:e5' -e ':62:1d'
tcpdump: listening on ath0, link-type IEEE802_11_RADIO
10:02:43.791541 0:18:84:10:62:1d  ff:ff:ff:ff:ff:ff, bssid
0:18:84:10:62:1d: 802.11: beacon[|802.11], radiotap v0, chan 3, 

Addition to list of supported ral mini-pci cards

[RW]

The list of mini-pci cards that work with ral does not include one I
obtained recently.

It is an MSI  MP54G5 and it seems to work well as an AP. More testing
coming up and I'll send an alert if I see any problems.

It shows up in dmesg as:
ral0 at pci0 dev 20 function 0 Ralink RT2560 rev 0x01: irq 11,
address 00:13:d3:6a:5f:96
ral0: MAC/BBP RT2560 (rev 0x04), RF RT2525

About $AUD35+GST for the benefit of Aussies and nearby denizens.

Thanks to damien@ and others who helped.


Rod/
A consultant is someone who's called in when someone has painted himself into a 
corner.  He's expected to levitate his client out of that corner.

-The Sayings of Chairman Morrow. 1984.

Re: postfix mailq command mixup on OpenBSD

[Joachim Schipper]

On Fri, Jun 01, 2007 at 05:05:38PM +0200, Marian Hettwer wrote:
 What [Timo Schoeler]'s pointing out is, that /etc/mailer.conf should
 probably point to /usr/local/sbin/mailq Although this seems to make no
 sense, either:
 
 ls -l /usr/local/sbin/mailq 
 lrwxr-xr-x  1 root  wheel  32 Jan  5 17:56 /usr/local/sbin/mailq - 
 ../../../usr/local/sbin/sendmail
 
 Pointing it to /usr/local/sbin/postqueue makes no sense either,
 because running postqueue would need the parameter -p to get the same
 output as running mailq. So it would break POLA.

Postqueue gives different output when invoked as mailq, so this works
just fine.

Joachim

-- 
TFMotD: udsbr (4) - D-Link DSB-R100 USB radio device

fdisk - print units

[Dag Leine]

Hi,

sometimes I'm simply looking for the size (e.g. in GB) of the slices of
an i386 Harddisk. 
I can get it using the fdisk(8) inline editor with 'p g' but I haven't
found how do get it without starting the editor, so I've pached fdisk.

Maybe someone is interested in the patch or have a comment on it, so
here it is.
(The patch applies for OpenBSD 4.1)

Regards
   Dag
sbin/fdisk//fdisk.8.orig -- sbin/fdisk//fdisk.8
--- sbin/fdisk//fdisk.8.origWed Feb 14 19:06:53 2007
+++ sbin/fdisk//fdisk.8 Sun Jun  3 13:24:46 2007
@@ -38,6 +38,7 @@
 .Fl s Ar sectors
 .Oc
 .Op Fl f Ar mbrfile
+.Op Fl p Ar unit
 .Ar device
 .Sh DESCRIPTION
 On the i386 and other architectures, sector 0 of a bootable hard disk
@@ -106,6 +107,19 @@
 MBR partition spanning from cylinder 0, head 1, sector 1, and extending
 to the end of the disk.
 This mode is designed to initialize the MBR the very first time.
+.It Fl p Ar unit
+Specifies the unit in which the size of slices should be shown. Legal
+values are 
+.Ql \b
+(Bytes)
+.Ql \K
+(Kilobytes)
+.Ql \M
+(Megabytes) and
+.Ql \G
+(Gigabytes). If 
+.Fl p
+is omitted the everything is printet in Sectors.
 .It Fl u
 Update MBR bootcode, preserving existing MBR partition table.
 The MBR bootcode extends from offset 0x000 to the start of the MBR partition 
table
sbin/fdisk//fdisk.c.orig -- sbin/fdisk//fdisk.c
--- sbin/fdisk//fdisk.c.origMon Nov 20 09:18:21 2006
+++ sbin/fdisk//fdisk.c Sun Jun  3 13:27:07 2007
@@ -56,6 +56,7 @@
\t-e: edit MBRs on disk interactively\n
\t-f: specify non-standard MBR template\n
\t-chs: specify disk geometry\n
+\t-p: specify units\n
\t-y: do not ask questions\n
`disk' may be of the forms: sd0 or /dev/rsd0c.\n,
__progname);
@@ -79,8 +80,9 @@
 #endif
mbr_t mbr;
char mbr_buf[DEV_BSIZE];
+   char *unit=NULL;
 
-   while ((ch = getopt(argc, argv, ieuf:c:h:s:y)) != -1) {
+   while ((ch = getopt(argc, argv, ieuf:c:h:s:p:)) != -1) {
const char *errstr;
 
switch(ch) {
@@ -115,6 +117,9 @@
case 'y':
y_flag = 1;
break;
+   case 'p':
+   unit = optarg;
+   break;
default:
usage();
}
@@ -151,7 +156,7 @@
 
/* Print out current MBRs on disk */
if ((i_flag + u_flag + m_flag) == 0)
-   exit(USER_print_disk(disk));
+   exit(USER_print_disk(disk, unit));
 
/* Parse mbr template, to pass on later */
if (mbrfile != NULL  (fd = open(mbrfile, O_RDONLY)) == -1) {
sbin/fdisk//user.c.orig -- sbin/fdisk//user.c
--- sbin/fdisk//user.c.orig Tue Aug  1 12:12:35 2006
+++ sbin/fdisk//user.c  Sun Jun  3 13:24:46 2007
@@ -191,7 +191,7 @@
 }
 
 int
-USER_print_disk(disk_t *disk)
+USER_print_disk(disk_t *disk,  char *unit)
 {
int fd, offset, firstoff, i;
char mbr_buf[DEV_BSIZE];
@@ -200,14 +200,14 @@
fd = DISK_open(disk-name, O_RDONLY);
offset = firstoff = 0;
 
-   DISK_printmetrics(disk, NULL);
+   DISK_printmetrics(disk, unit);
 
do {
MBR_read(fd, (off_t)offset, mbr_buf);
MBR_parse(disk, mbr_buf, offset, firstoff, mbr);
 
printf(Offset: %d\t, (int)offset);
-   MBR_print(mbr, NULL);
+   MBR_print(mbr, unit);
 
/* Print out extended partitions too */
for (offset = i = 0; i  4; i++)
sbin/fdisk//user.h.orig -- sbin/fdisk//user.h
--- sbin/fdisk//user.h.orig Tue Jun  3 03:13:19 2003
+++ sbin/fdisk//user.h  Sun Jun  3 13:24:46 2007
@@ -34,7 +34,7 @@
 /* Prototypes */
 int USER_init(disk_t *, mbr_t *, int);
 int USER_modify(disk_t *, mbr_t *, off_t, off_t);
-int USER_print_disk(disk_t *);
+int USER_print_disk(disk_t *, char *);
 
 #endif /* _USER_H */

pcmcia malo(4) can't load firmware

[Peter Hessler]

I have a pcmcia malo(4) card that I would like to use, and when I plug 
it in it gives me malo0: timeout at boot firmware load!.  The card is 
a NetGear WG511 v2, and yes, I did pkg_add the firmware.  dmesg with 
acpi and MALO_DEBUG/CMALO_DEBUG defined below.




-- 
On a paper submitted by a physicist colleague:

This isn't right.  This isn't even wrong.
-- Wolfgang Pauli


OpenBSD 4.1-current (ACPI) #3: Sat Jun  2 19:40:48 PDT 2007
[EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/ACPI
real mem = 2012672000 (1919MB)
avail mem = 1931935744 (1842MB)
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.3 @ 0xfc68f (23 entries)
bios0: Hewlett-Packard HP Compaq nx6125 (PZ895UA#ABA)
acpi0 at mainbus0: rev 0
acpi0: tables DSDT FACP APIC MCFG SSDT 
acpitimer0 at acpi0: 3579545 Hz, 32 bits
acpimadt0 at acpi0 addr 0xfec01000: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: AMD Turion(tm) 64 Mobile ML-37 , 1995.33 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SSE3,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW
cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 1MB 
64b/line 16-way L2 cache
cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully 
associative
cpu0: DTLB 32 4KB entries fully associative, 8 4MB entries fully 
associative
cpu0: AMD erratum 89 present, BIOS upgrade may be required
cpu0: apic clock running at 199MHz
ioapic0 at mainbus0 apid 1 pa 0xfec0, version 21, 24 pins
ioapic0: misconfigured as apic 0, remapped to apid 1
acpiprt0 at acpi0: bus 1 (C048)
acpiprt1 at acpi0: bus 2 (C0AB)
acpiprt2 at acpi0: bus 0 (C047)
acpiec0 at acpi0: C111
acpicpu at acpi0 not configured
acpitz0 at acpi0, critical temperature: 94 degC
acpitz1 at acpi0, critical temperature: 100 degC
acpitz2 at acpi0, critical temperature: 100 degC
acpibat0 at acpi0: C179: not present
acpibat1 at acpi0: C178: not present
acpiac0 at acpi0: AC unit online
acpibtn0 at acpi0: C1F0
acpibtn1 at acpi0: C1F1
couldnt fetch acpicpu_softc
cpu0: PowerNow! K8 1995 MHz: speeds: 2000 1800 1600 800 MHz
pci0 at mainbus0 bus 0: configuration mode 1
pchb0 at pci0 dev 0 function 0 ATI RS480 Host rev 0x01
ppb0 at pci0 dev 1 function 0 ATI RS480 PCIE rev 0x00
pci1 at ppb0 bus 1
vga1 at pci1 dev 5 function 0 ATI Radeon XPRESS 200M rev 0x00
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
ppb1 at pci0 dev 4 function 0 ATI RS480 PCIE rev 0x00
pci2 at ppb1 bus 16
ppb2 at pci0 dev 5 function 0 ATI RS480 PCIE rev 0x00
pci3 at ppb2 bus 32
ohci0 at pci0 dev 19 function 0 ATI IXP400 USB rev 0x00: apic 1 int 
19 (irq 10), version 1.0, legacy support
ohci1 at pci0 dev 19 function 1 ATI IXP400 USB rev 0x00: apic 1 int 
19 (irq 10), version 1.0, legacy support
ehci0 at pci0 dev 19 function 2 ATI IXP400 USB2 rev 0x00: apic 1 int 
19 (irq 10)
usb0 at ehci0: USB revision 2.0
uhub0 at usb0
uhub0: ATI EHCI root hub, rev 2.00/1.00, addr 1
uhub0: 8 ports with 8 removable, self powered
piixpm0 at pci0 dev 20 function 0 ATI IXP400 SMBus rev 0x11: SMI
iic0 at piixpm0
admtemp0 at iic0 addr 0x4c: adm1032
pciide0 at pci0 dev 20 function 1 ATI IXP400 IDE rev 0x00: DMA, 
channel 0 configured to compatibility, channel 1 configured to 
compatibility
wd0 at pciide0 channel 0 drive 0: FUJITSU MHV2060AH
wd0: 16-sector PIO, LBA, 57231MB, 117210240 sectors
wd0(pciide0:0:0): using PIO mode 4, DMA mode 2, Ultra-DMA mode 5
atapiscsi0 at pciide0 channel 1 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0: MATSHITA, UJ-840D, 1.02 SCSI0 5/cdrom 
removable
cd0(pciide0:1:0): using PIO mode 4, DMA mode 2
pcib0 at pci0 dev 20 function 3 ATI IXP400 ISA rev 0x00
ppb3 at pci0 dev 20 function 4 ATI IXP400 PCI rev 0x00
pci4 at ppb3 bus 2
bge0 at pci4 dev 1 function 0 Broadcom BCM5788 rev 0x03, BCM5705 A3 
(0x3003): apic 1 int 23 (irq 10), address 00:0f:b0:f6:46:19
brgphy0 at bge0 phy 1: BCM5705 10/100/1000baseT PHY, rev. 2
Broadcom BCM4319 rev 0x02 at pci4 dev 2 function 0 not configured
cbb0 at pci4 dev 4 function 0 TI PCI7XX1 CardBus rev 0x00: apic 1 int 
20 (irq 11)
TI PCI7XX1 FireWire rev 0x00 at pci4 dev 4 function 2 not configured
TI PCI7XX1 Flash rev 0x00 at pci4 dev 4 function 3 not configured
sdhc0 at pci4 dev 4 function 4 TI PCI7XX1 Secure Data rev 0x00: apic 
1 int 21 (irq 9)
sdmmc0 at sdhc0
sdmmc1 at sdhc0
sdmmc2 at sdhc0
cardslot0 at cbb0 slot 0 flags 0
cardbus0 at cardslot0: bus 3 device 0 cacheline 0x10, lattimer 0x20
pcmcia0 at cardslot0
auixp0 at pci0 dev 20 function 5 ATI IXP400 AC97 rev 0x02: apic 1 int 
17 (irq 5)
auixp0: soft resetting aclink
ATI IXP400 Modem rev 0x02 at pci0 dev 20 function 6 not configured
pchb1 at pci0 dev 24 function 0 AMD AMD64 HyperTransport rev 0x00
pchb2 at pci0 dev 24 function 1 AMD AMD64 Address Map rev 0x00
pchb3 at pci0 dev 24 function 2 AMD AMD64 DRAM Cfg rev 0x00
pchb4 at pci0 dev 24 function 3 AMD AMD64 Misc Cfg rev 0x00
usb1 at ohci0: USB revision 1.0
uhub1 at usb1

Reclaim mounted space

[Lawrence Horvath]

I have just changed from 1 harddrive into having a root, and a home harddrive.
its now working but i had several gigs in the old home that i would
like to clear off, how can i clear the old home dir with out
unmounting the new home



--
-Lawrence

Re: Reclaim mounted space

[Darrin Chandler]

On Sun, Jun 03, 2007 at 09:10:34AM -0700, Lawrence Horvath wrote:
 I have just changed from 1 harddrive into having a root, and a home 
 harddrive.
 its now working but i had several gigs in the old home that i would
 like to clear off, how can i clear the old home dir with out
 unmounting the new home

# mount /dev/old /mnt

where old is whatever your old home directory was. Perhaps wd0h. Then
it'll be available under /mnt/*

-- 
Darrin Chandler|  Phoenix BSD User Group  |  MetaBUG
[EMAIL PROTECTED]   |  http://phxbug.org/  |  http://metabug.org/
http://www.stilyagin.com/  |  Daemons in the Desert   |  Global BUG Federation

Re: Reclaim mounted space

[Lawrence Horvath]

Well my old set up was to have just one harddrive, so my old home is
part of the root drive, and since my root drive is in use as root, how
would i mount just that part of it?

On 03/06/07, Darrin Chandler [EMAIL PROTECTED] wrote:

On Sun, Jun 03, 2007 at 09:10:34AM -0700, Lawrence Horvath wrote:
 I have just changed from 1 harddrive into having a root, and a home
 harddrive.
 its now working but i had several gigs in the old home that i would
 like to clear off, how can i clear the old home dir with out
 unmounting the new home

# mount /dev/old /mnt

where old is whatever your old home directory was. Perhaps wd0h. Then
it'll be available under /mnt/*

--
Darrin Chandler|  Phoenix BSD User Group  |  MetaBUG
[EMAIL PROTECTED]   |  http://phxbug.org/  |  http://metabug.org/
http://www.stilyagin.com/  |  Daemons in the Desert   |  Global BUG Federation




--
-Lawrence
-Student ID 1028219
-CCNA

Re: Reclaim mounted space

[Darrin Chandler]

On Sun, Jun 03, 2007 at 09:45:46AM -0700, Lawrence Horvath wrote:
 Well my old set up was to have just one harddrive, so my old home is
 part of the root drive, and since my root drive is in use as root, how
 would i mount just that part of it?

Ah. Log in as root, then umount /home. With that partition unmounted,
the old /home stuff will be visible again. When you are done cleaning
you can mount /home, log out, and log in as your normal user.

Be very careful when zapping whole subtrees logged in as root. It's too
easy to make a mistake. Measure twice, cut once.

-- 
Darrin Chandler|  Phoenix BSD User Group  |  MetaBUG
[EMAIL PROTECTED]   |  http://phxbug.org/  |  http://metabug.org/
http://www.stilyagin.com/  |  Daemons in the Desert   |  Global BUG Federation

Re: Reclaim mounted space

[Greg Thomas]

On 6/3/07, Darrin Chandler [EMAIL PROTECTED] wrote:

On Sun, Jun 03, 2007 at 09:10:34AM -0700, Lawrence Horvath wrote:
 I have just changed from 1 harddrive into having a root, and a home
 harddrive.
 its now working but i had several gigs in the old home that i would
 like to clear off, how can i clear the old home dir with out
 unmounting the new home

# mount /dev/old /mnt

where old is whatever your old home directory was. Perhaps wd0h. Then
it'll be available under /mnt/*



That's what I was thinking but from reading his initial post I think
he just had one filesystem on his original harddrive.

Greg

Re: Reclaim mounted space

[Darren Spruell]

On 6/3/07, Lawrence Horvath [EMAIL PROTECTED] wrote:

Well my old set up was to have just one harddrive, so my old home is
part of the root drive, and since my root drive is in use as root, how
would i mount just that part of it?


When  you added your new drive and mounted it as /home, did you do
anything to the old disk (repartition, reformat?) if not, then you've
probably got your new disk and its data mounted at /home. If you
unmount /home, you should be able to uncover your old /home on the
old drive and clean it up. Then remount the new drive on its /home
mountpoint.

DS


On 03/06/07, Darrin Chandler [EMAIL PROTECTED] wrote:
 On Sun, Jun 03, 2007 at 09:10:34AM -0700, Lawrence Horvath wrote:
  I have just changed from 1 harddrive into having a root, and a home
  harddrive.
  its now working but i had several gigs in the old home that i would
  like to clear off, how can i clear the old home dir with out
  unmounting the new home

 # mount /dev/old /mnt

 where old is whatever your old home directory was. Perhaps wd0h. Then
 it'll be available under /mnt/*

 --
 Darrin Chandler|  Phoenix BSD User Group  |  MetaBUG
 [EMAIL PROTECTED]   |  http://phxbug.org/  |  http://metabug.org/
 http://www.stilyagin.com/  |  Daemons in the Desert   |  Global BUG Federation



--
-Lawrence
-Student ID 1028219
-CCNA





--
Darren Spruell
[EMAIL PROTECTED]

Re: Reclaim mounted space

[Jussi Peltola]

Export / with NFS, mount it somewhere and you will see the old contents.

Re: Reclaim mounted space

[Lawrence Horvath]

unmounted the new home, rm'd the old home, and remounted the new home,
all is working well

I was just hoping there was some kind of cleanup i could use to clear
unused space on a hd with out having to unmount anything

On 03/06/07, Darren Spruell [EMAIL PROTECTED] wrote:

On 6/3/07, Lawrence Horvath [EMAIL PROTECTED] wrote:
 Well my old set up was to have just one harddrive, so my old home is
 part of the root drive, and since my root drive is in use as root, how
 would i mount just that part of it?

When  you added your new drive and mounted it as /home, did you do
anything to the old disk (repartition, reformat?) if not, then you've
probably got your new disk and its data mounted at /home. If you
unmount /home, you should be able to uncover your old /home on the
old drive and clean it up. Then remount the new drive on its /home
mountpoint.

DS

 On 03/06/07, Darrin Chandler [EMAIL PROTECTED] wrote:
  On Sun, Jun 03, 2007 at 09:10:34AM -0700, Lawrence Horvath wrote:
   I have just changed from 1 harddrive into having a root, and a home
   harddrive.
   its now working but i had several gigs in the old home that i would
   like to clear off, how can i clear the old home dir with out
   unmounting the new home
 
  # mount /dev/old /mnt
 
  where old is whatever your old home directory was. Perhaps wd0h. Then
  it'll be available under /mnt/*
 
  --
  Darrin Chandler|  Phoenix BSD User Group  |  MetaBUG
  [EMAIL PROTECTED]   |  http://phxbug.org/  |  http://metabug.org/
  http://www.stilyagin.com/  |  Daemons in the Desert   |  Global BUG 
Federation
 


 --
 -Lawrence
 -Student ID 1028219
 -CCNA




--
Darren Spruell
[EMAIL PROTECTED]





--
-Lawrence
-Student ID 1028219
-CCNA

Building a Centralized Authentication Server

[Max Clark]

Hi all,

I need to develop a secure way for our staff/outside contractors to be able
to securely connect (via SSH - rdesktop/vnc in the future) to our internal
and customer systems. We do need heterogeneous client system support (BSD,
Linux, Solaris, Windows, etc..?) with whatever solution is deployed.

The more time I have spent with this the more I believe that we need some
sort of SSO (Single Sign On) solution (something that supports a hardware
key token like RSA would be great). This is complicated by the perceived
requirement to install software on our customer's systems to support this
kind of integration.

As a stop gap I have been thinking about creating a dedicated user account
on a centralized server, creating SSH keys and pushing the public key out to
the remote systems for passwordless logins. Internal users would connect to
this system, sudo to the other account and then SSH (with the added feature
of being able to execute script and log the session).

The goal behind all of this of course is to provide secure connectivity to
remote systems in such a way that passwords to the remote systems are not
being disseminated to our internal users - so if a user's employment status
changes we don't have to run through the crazy password change scramble.

I pose this question to this list because of all places on the Internet I
know OpenBSD users to be the most paranoid with security and simple/elegant
solutions which is exactly what I need here. Am I over thinking this
problem? What would you recommend.

Thanks in advance,
Max

Re: Building a Centralized Authentication Server

[Jeroen Massar]

Max Clark wrote:
 Hi all,

 I need to develop a secure way for our staff/outside contractors to be able
 to securely connect (via SSH - rdesktop/vnc in the future) to our internal
 and customer systems. We do need heterogeneous client system support (BSD,
 Linux, Solaris, Windows, etc..?) with whatever solution is deployed.

 The more time I have spent with this the more I believe that we need some
 sort of SSO (Single Sign On) solution (something that supports a hardware
 key token like RSA would be great). This is complicated by the perceived
 requirement to install software on our customer's systems to support this
 kind of integration.

Google for, amongst others: Radius, Diameter, TACACS+ etc etc...

A single portal indeed might be a useful method. Do not forget to
create a failover system though, as when your main box dies you can't
access anything else anymore.

 The goal behind all of this of course is to provide secure connectivity to
 remote systems in such a way that passwords to the remote systems are not
 being disseminated to our internal users - so if a user's employment status
 changes we don't have to run through the crazy password change scramble.

And then the evil user simply drops a backdoor binary on one of the
machines.

Greets,
 Jeroen

[demime 1.01d removed an attachment of type application/pgp-signature which had 
a name of signature.asc]

Re: Building a Centralized Authentication Server

[Max Clark]

On 6/3/07, Jeroen Massar [EMAIL PROTECTED] wrote:


 And then the evil user simply drops a backdoor binary on one of the
 machines.


Sure there is only so much you can do. We have to give some level of trust
to the user, this of course has to be balanced by an appropriate level of
prudence on our part. I am just looking for a solution for the 95-99% of the
users - that last 1-5% has to be dealt with in a different manner (i.e. the
FBI if they are that stupid).

-Max

ipsec.conf order

[Renaud Allard]

Hello,

I have a gateway running 4.1-current with an ipsec configuration like 
this one:


ike passive esp from 172.20.0.0/24 to 172.16.22.0/24 srcid eriador.org 
dstid erathia.be
ike passive esp from 172.20.0.0/24 to 192.168.0.0/24 srcid eriador.org 
dstid gaye.be


Both remote peers have dynamic IPs
When I run with this configuration, only gaye.be works, erathia.be does not.
If I swap the lines in the conf, erathia.be works.
Both remote ends have a config like this one:
ike esp from 192.168.0.0/24 to 172.20.0.0/24 srcid gaye.be dstid 
eriador.org peer eriador.org


I would expect both to work together, but it does not. Am I missing 
something?

Re: ipsec.conf order

[Renaud Allard]

Renaud Allard wrote:

Hello,

I have a gateway running 4.1-current with an ipsec configuration like 
this one:


ike passive esp from 172.20.0.0/24 to 172.16.22.0/24 srcid eriador.org 
dstid erathia.be
ike passive esp from 172.20.0.0/24 to 192.168.0.0/24 srcid eriador.org 
dstid gaye.be


Both remote peers have dynamic IPs
When I run with this configuration, only gaye.be works, erathia.be does 
not.

If I swap the lines in the conf, erathia.be works.
Both remote ends have a config like this one:
ike esp from 192.168.0.0/24 to 172.20.0.0/24 srcid gaye.be dstid 
eriador.org peer eriador.org


I would expect both to work together, but it does not. Am I missing 
something?





I forgot to mention that in the first config, my logs showed:
isakmpd[9065]: ike_phase_1_recv_ID: received remote ID other than 
expected gaye.be


and with the lines swapped:
isakmpd[29480]: ike_phase_1_recv_ID: received remote ID other than 
expected erathia.be

Re: ipsec.conf order

[Renaud Allard]

Renaud Allard wrote:

Renaud Allard wrote:

Hello,

I have a gateway running 4.1-current with an ipsec configuration like 
this one:


ike passive esp from 172.20.0.0/24 to 172.16.22.0/24 srcid eriador.org 
dstid erathia.be
ike passive esp from 172.20.0.0/24 to 192.168.0.0/24 srcid eriador.org 
dstid gaye.be


Both remote peers have dynamic IPs
When I run with this configuration, only gaye.be works, erathia.be 
does not.

If I swap the lines in the conf, erathia.be works.
Both remote ends have a config like this one:
ike esp from 192.168.0.0/24 to 172.20.0.0/24 srcid gaye.be dstid 
eriador.org peer eriador.org


I would expect both to work together, but it does not. Am I missing 
something?





I forgot to mention that in the first config, my logs showed:
isakmpd[9065]: ike_phase_1_recv_ID: received remote ID other than 
expected gaye.be


and with the lines swapped:
isakmpd[29480]: ike_phase_1_recv_ID: received remote ID other than 
expected erathia.be





Removing the dstid part makes the config work. However, it's somewhat an 
hole for me to allow everyone with a key to route the range he wants as 
long as it is listed.

Re: ipsec.conf order

[Stuart Henderson]

On 2007/06/03 22:51, Renaud Allard wrote:
  Hello,
 
  I have a gateway running 4.1-current with an ipsec configuration like this 
 one:
 
  ike passive esp from 172.20.0.0/24 to 172.16.22.0/24 srcid eriador.org dstid 
 erathia.be
  ike passive esp from 172.20.0.0/24 to 192.168.0.0/24 srcid eriador.org dstid 
 gaye.be
 
  Both remote peers have dynamic IPs
  When I run with this configuration, only gaye.be works, erathia.be does not.
  If I swap the lines in the conf, erathia.be works.
  Both remote ends have a config like this one:
  ike esp from 192.168.0.0/24 to 172.20.0.0/24 srcid gaye.be dstid eriador.org 
 peer eriador.org
 
  I would expect both to work together, but it does not. Am I missing 
 something?

Yes. You can only have one 'fallback' rule (i.e. one which doesn't have
a fixed peer IP address). With your example the second overwrites the
first. Look at the config sections generated:

[EMAIL PROTECTED]:12762$ ipsecctl -nvf -
ike passive esp from 172.20.0.0/24 to 172.16.22.0/24 srcid eriador.org dstid 
erathia.be
C set [Phase 1]:Default=peer-default force
C set [peer-default]:Phase=1 force
C set [peer-default]:Configuration=mm-default force
C set [mm-default]:EXCHANGE_TYPE=ID_PROT force
C add [mm-default]:Transforms=AES-SHA-RSA_SIG force
C set [peer-default]:ID=eriador.org-ID force
C set [eriador.org-ID]:ID-type=FQDN force
C set [eriador.org-ID]:Name=eriador.org force
C set [peer-default]:Remote-ID=default-ID force
C set [default-ID]:ID-type=FQDN force
C set [default-ID]:Name=erathia.be force
C set [IPsec-172.20.0.0/24-172.16.22.0/24]:Phase=2 force
C set [IPsec-172.20.0.0/24-172.16.22.0/24]:ISAKMP-peer=peer-default force
C set 
[IPsec-172.20.0.0/24-172.16.22.0/24]:Configuration=qm-172.20.0.0/24-172.16.22.0/24
 force
C set [IPsec-172.20.0.0/24-172.16.22.0/24]:Local-ID=lid-172.20.0.0/24 force
C set [IPsec-172.20.0.0/24-172.16.22.0/24]:Remote-ID=rid-172.16.22.0/24 force
C set [qm-172.20.0.0/24-172.16.22.0/24]:EXCHANGE_TYPE=QUICK_MODE force
C set [qm-172.20.0.0/24-172.16.22.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE 
force
C set [lid-172.20.0.0/24]:ID-type=IPV4_ADDR_SUBNET force
C set [lid-172.20.0.0/24]:Network=172.20.0.0 force
C set [lid-172.20.0.0/24]:Netmask=255.255.255.0 force
C set [rid-172.16.22.0/24]:ID-type=IPV4_ADDR_SUBNET force
C set [rid-172.16.22.0/24]:Network=172.16.22.0 force
C set [rid-172.16.22.0/24]:Netmask=255.255.255.0 force
C add [Phase 2]:Passive-Connections=IPsec-172.20.0.0/24-172.16.22.0/24
ike passive esp from 172.20.0.0/24 to 192.168.0.0/24 srcid eriador.org dstid 
gaye.be
C set [Phase 1]:Default=peer-default force
C set [peer-default]:Phase=1 force
C set [peer-default]:Configuration=mm-default force
C set [mm-default]:EXCHANGE_TYPE=ID_PROT force
C add [mm-default]:Transforms=AES-SHA-RSA_SIG force
C set [peer-default]:ID=eriador.org-ID force
C set [eriador.org-ID]:ID-type=FQDN force
C set [eriador.org-ID]:Name=eriador.org force
C set [peer-default]:Remote-ID=default-ID force
C set [default-ID]:ID-type=FQDN force
C set [default-ID]:Name=gaye.be force
C set [IPsec-172.20.0.0/24-192.168.0.0/24]:Phase=2 force
C set [IPsec-172.20.0.0/24-192.168.0.0/24]:ISAKMP-peer=peer-default force
C set 
[IPsec-172.20.0.0/24-192.168.0.0/24]:Configuration=qm-172.20.0.0/24-192.168.0.0/24
 force
C set [IPsec-172.20.0.0/24-192.168.0.0/24]:Local-ID=lid-172.20.0.0/24 force
C set [IPsec-172.20.0.0/24-192.168.0.0/24]:Remote-ID=rid-192.168.0.0/24 force
C set [qm-172.20.0.0/24-192.168.0.0/24]:EXCHANGE_TYPE=QUICK_MODE force
C set [qm-172.20.0.0/24-192.168.0.0/24]:Suites=QM-ESP-AES-SHA2-256-PFS-SUITE 
force
C set [lid-172.20.0.0/24]:ID-type=IPV4_ADDR_SUBNET force
C set [lid-172.20.0.0/24]:Network=172.20.0.0 force
C set [lid-172.20.0.0/24]:Netmask=255.255.255.0 force
C set [rid-192.168.0.0/24]:ID-type=IPV4_ADDR_SUBNET force
C set [rid-192.168.0.0/24]:Network=192.168.0.0 force
C set [rid-192.168.0.0/24]:Netmask=255.255.255.0 force
C add [Phase 2]:Passive-Connections=IPsec-172.20.0.0/24-192.168.0.0/24

Two peer-default, two default-ID,...second overwrites the first. Try something
like this instead:

ike passive esp from 172.20.0.0/24 to any

Unless I'm mistaken you can't set srcid without setting dstid with ipsec.conf
(which you don't want to do when you use 'any') so you will have to go with IP
addresses at the central site.

gmplayer locks up Fvwm

[Jon Drews]

OpenBSD 4.1 GENERIC#0 i386

Hi:

 Don't know if any one else experienced this. When gmplayer is
activated from Fvwm's menu then it locks up fvwm.

To reproduce:
1) Put:
+GMplayer  Exec exec gmplayer
in the RootMenu section, of the .fvwmrc
2) Restart Fvwm
3) Click on GMplayer in the Fvwm menu.
4) Fvwm locks up and requires ALT-CTL-Backspace

The fix is show here:
http://www.mail-archive.com/[EMAIL PROTECTED]/msg08129.html

Namely make the menu entry as so:
+   GMplayerExec exec xterm -iconic -e gmplayer


--
Kind regards,
Jonathan

SSH-login is slow to connect with remote computer

[Bray Mailloux]

Hello;

I'm experiencing some network trouble. Two problems exist and they are 
as thus; My DNS server, which has the ip 192.168.1.2, which is 
translated through my router to 64.142.102.10, cannot connect to the 
internet. And, whenever puTTY attempts to remote control the server, the 
login process is very slow between inputting the user name then password.

My gut tells me the problems may be related.

My pf rules on my router are as such:
#   $OpenBSD: pf.conf,v 1.31 2006/01/30 12:20:31 camield Exp $
#
# See pf.conf(5) and /usr/share/pf for syntax and examples.
# Remember to set net.inet.ip.forwarding=1 and/or net.inet6.ip6.forwarding=1
# in /etc/sysctl.conf if packets are to be forwarded between interfaces.

#Macros
ext_ip=64.142.102.8
local_int_ip=192.168.0.1
local_int_block=192.168.0.0/24
dmz_ip=192.168.1.1
dmz_block={ 192.168.1.1, 192.168.1.2, 192.168.1.3, 192.168.1.4, 
192.168.1.5 }

dmz_www_ip=64.142.102.9
local_www_ip=192.168.1.4
#DNS Server
dmz_scarlett_ip=64.142.102.10
dmz_shelly_ip=64.142.102.11
local_scarlett_ip=192.168.1.2
local_shelly_ip=192.168.1.3
dmz_qmail_ip=64.142.102.12
local_qmail_ip=192.168.1.4
tcp_services= ( ssh, smtp, domain, www, pop3 )
udp_services= ( domain )

#normalizing
#scrub in all

#NAT and Binat
nat on rl0 from $local_int_block to any - $ext_ip
binat on rl0 from $local_www_ip to any - $dmz_www_ip
binat on rl0 from $local_scarlett_ip to any - $dmz_scarlett_ip
binat on rl0 from $local_shelly_ip to any - $dmz_shelly_ip
binat on rl0 from $local_qmail_ip to any - $dmz_qmail_ip

#Default block policy
#block all

#Anti-spoofing
#block in quick from urpf-failed

#Traffic passing through
pass in all
pass out all


#External interfaces
#pass in on rl0 inet proto { tcp, udp } all modulate state
#pass out on rl0 proto { tcp, udp, icmp } all modulate state

The block and external interface rules are commented for troubleshooting 
operations as I've been working with this problem to try and resolve it.

Re: SSH-login is slow to connect with remote computer

[djgoku]

On 6/3/07, Bray Mailloux [EMAIL PROTECTED] wrote:

Hello;

I'm experiencing some network trouble. Two problems exist and they are
as thus; My DNS server, which has the ip 192.168.1.2, which is
translated through my router to 64.142.102.10, cannot connect to the
internet. And, whenever puTTY attempts to remote control the server, the
login process is very slow between inputting the user name then password.
My gut tells me the problems may be related.


You might try uncomment:

#UseDNS yes

and change it to:

UseDNS no

More info here: http://openssh.org/faq.html#3.3

Re: Embedded system - which ?

[Devin Smith]

What about using the EFIKA board? (http://www.pegasosppc.com/efika.php).
Seems like it would meet all the requirements that Uwe was looking for. Oh
and it's a PPC system on a chip. Not x86. I believe it works with NetBSD.

Re: Embedded system - which ?

[Mats O Jansson]

On Sun, 3 Jun 2007, Devin Smith wrote:

 What about using the EFIKA board? (http://www.pegasosppc.com/efika.php).
 Seems like it would meet all the requirements that Uwe was looking for. Oh
 and it's a PPC system on a chip. Not x86. I believe it works with NetBSD.
 
 
With history in mind I doubt this card will be supported in OpenBSD.

I wouldn't buy anything from that company.

-moj

pf, carp, pfsync, and bridging

[David Newman]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Thanks in advance for guidelines on using pf with carp and pfsync boxes
that bridge rather than route.

I found this guide:

http://www.seattlecentral.edu/~dmartin/docs/bridge.html

but it says carp doesn't work with bridging and to use spanning tree
instead. That was on OBSD 3.5 and I don't see anything about bridging in
more recent manpages for carp. Has anything changed?

As for why I'm bridging: I have an application that NAT breaks.
Currently I have another pair of pf boxes running carp/pfsync and
routing to NAT'd space. That works fine but the new application requires
routable addresses (I've tried rdr to the NAT'd addresses, but no joy).

So, instead I plan to set things up like this:

Net - 2 pf bridges - new app - 2 pf routers - NAT space

There's no redundancy in the net connection, just one IP from the ISP.

Thanks again for any clues on setting this up.

dn
iD8DBQFGY28/yPxGVjntI4IRAiIKAJ95QbjJVjTT9WSmfGjTc+oewImn/ACg9Y5o
KKSIYsl5nSzBhEhY9lfmAUU=
=y63T
-END PGP SIGNATURE-

Re: SSH-login is slow to connect with remote computer

[Bray Mailloux]

Bray Mailloux wrote:

Hello;

I'm experiencing some network trouble. Two problems exist and they are 
as thus; My DNS server, which has the ip 192.168.1.2, which is 
translated through my router to 64.142.102.10, cannot connect to the 
internet. And, whenever puTTY attempts to remote control the server, 
the login process is very slow between inputting the user name then 
password.

My gut tells me the problems may be related.

My pf rules on my router are as such:
#   $OpenBSD: pf.conf,v 1.31 2006/01/30 12:20:31 camield Exp $
#
# See pf.conf(5) and /usr/share/pf for syntax and examples.
# Remember to set net.inet.ip.forwarding=1 and/or 
net.inet6.ip6.forwarding=1

# in /etc/sysctl.conf if packets are to be forwarded between interfaces.

#Macros
ext_ip=64.142.102.8
local_int_ip=192.168.0.1
local_int_block=192.168.0.0/24
dmz_ip=192.168.1.1
dmz_block={ 192.168.1.1, 192.168.1.2, 192.168.1.3, 192.168.1.4, 
192.168.1.5 }

dmz_www_ip=64.142.102.9
local_www_ip=192.168.1.4
#DNS Server
dmz_scarlett_ip=64.142.102.10
dmz_shelly_ip=64.142.102.11
local_scarlett_ip=192.168.1.2
local_shelly_ip=192.168.1.3
dmz_qmail_ip=64.142.102.12
local_qmail_ip=192.168.1.4
tcp_services= ( ssh, smtp, domain, www, pop3 )
udp_services= ( domain )

#normalizing
#scrub in all

#NAT and Binat
nat on rl0 from $local_int_block to any - $ext_ip
binat on rl0 from $local_www_ip to any - $dmz_www_ip
binat on rl0 from $local_scarlett_ip to any - $dmz_scarlett_ip
binat on rl0 from $local_shelly_ip to any - $dmz_shelly_ip
binat on rl0 from $local_qmail_ip to any - $dmz_qmail_ip

#Default block policy
#block all

#Anti-spoofing
#block in quick from urpf-failed

#Traffic passing through
pass in all
pass out all


#External interfaces
#pass in on rl0 inet proto { tcp, udp } all modulate state
#pass out on rl0 proto { tcp, udp, icmp } all modulate state

The block and external interface rules are commented for 
troubleshooting operations as I've been working with this problem to 
try and resolve it.




DNS resolution does seem probably, neither DNS computers nor my WWW 
computer can ping their respective name servers, but the ssh connection 
that exists between my computer and the servers is still shaky besides 
the long response time. For instance, the servers sometimes unexpectedly 
close the connections. Do you have any other ideas?

Re: SSH-login is slow to connect with remote computer

[Jacob Yocom-Piatt]

Bray Mailloux wrote:

Bray Mailloux wrote:

Hello;

I'm experiencing some network trouble. Two problems exist and they 
are as thus; My DNS server, which has the ip 192.168.1.2, which is 
translated through my router to 64.142.102.10, cannot connect to the 
internet. And, whenever puTTY attempts to remote control the server, 
the login process is very slow between inputting the user name then 
password.

My gut tells me the problems may be related.

My pf rules on my router are as such:
#   $OpenBSD: pf.conf,v 1.31 2006/01/30 12:20:31 camield Exp $
#
# See pf.conf(5) and /usr/share/pf for syntax and examples.
# Remember to set net.inet.ip.forwarding=1 and/or 
net.inet6.ip6.forwarding=1

# in /etc/sysctl.conf if packets are to be forwarded between interfaces.

#Macros
ext_ip=64.142.102.8
local_int_ip=192.168.0.1
local_int_block=192.168.0.0/24
dmz_ip=192.168.1.1
dmz_block={ 192.168.1.1, 192.168.1.2, 192.168.1.3, 192.168.1.4, 
192.168.1.5 }

dmz_www_ip=64.142.102.9
local_www_ip=192.168.1.4
#DNS Server
dmz_scarlett_ip=64.142.102.10
dmz_shelly_ip=64.142.102.11
local_scarlett_ip=192.168.1.2
local_shelly_ip=192.168.1.3
dmz_qmail_ip=64.142.102.12
local_qmail_ip=192.168.1.4
tcp_services= ( ssh, smtp, domain, www, pop3 )
udp_services= ( domain )

#normalizing
#scrub in all

#NAT and Binat
nat on rl0 from $local_int_block to any - $ext_ip
binat on rl0 from $local_www_ip to any - $dmz_www_ip
binat on rl0 from $local_scarlett_ip to any - $dmz_scarlett_ip
binat on rl0 from $local_shelly_ip to any - $dmz_shelly_ip
binat on rl0 from $local_qmail_ip to any - $dmz_qmail_ip



i have a similar ruleset. you need to only nat on rl0 from elements in { 
$local_int_block - $dmz_ips }, do this with a table using the not (!) 
operator, see the pf.conf manpage. then you will be binat-ing properly 
and get expected behavior.




DNS resolution does seem probably, neither DNS computers nor my WWW 
computer can ping their respective name servers, but the ssh 
connection that exists between my computer and the servers is still 
shaky besides the long response time. For instance, the servers 
sometimes unexpectedly close the connections. Do you have any other 
ideas?

amd64 pcmcia/cardbus wackyness (was Re: pcmcia malo(4) can't load firmware)

[Peter Hessler]

I assume its related, but when I plug in a CF-PCMCIA adapter, it 
attaches as com(4).  This is a known good card that attaches properly 
on macppc pcmcia.

on amd64:
com2 at pcmcia0 function 0: can't allocate i/o space

ppc:
wdc3 at pcmcia0 function 0 LEXAR ATA FLASH CARD, ATA FLASH,  port 0x0/16
wd1 at wdc3 channel 0 drive 0: LEXAR ATA FLASH
wd1: 1-sector PIO, LBA, 3915MB, 8018640 sectors
wd1(wdc3:0:0): using BIOS timings


On 2007 Jun 03 (Sun) at 08:32:31 -0700 (-0700), Peter Hessler wrote:
:I have a pcmcia malo(4) card that I would like to use, and when I plug 
:it in it gives me malo0: timeout at boot firmware load!.  The card is 
:a NetGear WG511 v2, and yes, I did pkg_add the firmware.  dmesg with 
:acpi and MALO_DEBUG/CMALO_DEBUG defined below.
:
:
:
:
:-- 
:On a paper submitted by a physicist colleague:
:
:This isn't right.  This isn't even wrong.
:   -- Wolfgang Pauli
:
:
:OpenBSD 4.1-current (ACPI) #3: Sat Jun  2 19:40:48 PDT 2007
:[EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/ACPI
:real mem = 2012672000 (1919MB)
:avail mem = 1931935744 (1842MB)
:mainbus0 at root
:bios0 at mainbus0: SMBIOS rev. 2.3 @ 0xfc68f (23 entries)
:bios0: Hewlett-Packard HP Compaq nx6125 (PZ895UA#ABA)
:acpi0 at mainbus0: rev 0
:acpi0: tables DSDT FACP APIC MCFG SSDT 
:acpitimer0 at acpi0: 3579545 Hz, 32 bits
:acpimadt0 at acpi0 addr 0xfec01000: PC-AT compat
:cpu0 at mainbus0: apid 0 (boot processor)
:cpu0: AMD Turion(tm) 64 Mobile ML-37 , 1995.33 MHz
:cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SSE3,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW
:cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 1MB 
:64b/line 16-way L2 cache
:cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully 
:associative
:cpu0: DTLB 32 4KB entries fully associative, 8 4MB entries fully 
:associative
:cpu0: AMD erratum 89 present, BIOS upgrade may be required
:cpu0: apic clock running at 199MHz
:ioapic0 at mainbus0 apid 1 pa 0xfec0, version 21, 24 pins
:ioapic0: misconfigured as apic 0, remapped to apid 1
:acpiprt0 at acpi0: bus 1 (C048)
:acpiprt1 at acpi0: bus 2 (C0AB)
:acpiprt2 at acpi0: bus 0 (C047)
:acpiec0 at acpi0: C111
:acpicpu at acpi0 not configured
:acpitz0 at acpi0, critical temperature: 94 degC
:acpitz1 at acpi0, critical temperature: 100 degC
:acpitz2 at acpi0, critical temperature: 100 degC
:acpibat0 at acpi0: C179: not present
:acpibat1 at acpi0: C178: not present
:acpiac0 at acpi0: AC unit online
:acpibtn0 at acpi0: C1F0
:acpibtn1 at acpi0: C1F1
:couldnt fetch acpicpu_softc
:cpu0: PowerNow! K8 1995 MHz: speeds: 2000 1800 1600 800 MHz
:pci0 at mainbus0 bus 0: configuration mode 1
:pchb0 at pci0 dev 0 function 0 ATI RS480 Host rev 0x01
:ppb0 at pci0 dev 1 function 0 ATI RS480 PCIE rev 0x00
:pci1 at ppb0 bus 1
:vga1 at pci1 dev 5 function 0 ATI Radeon XPRESS 200M rev 0x00
:wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
:wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
:ppb1 at pci0 dev 4 function 0 ATI RS480 PCIE rev 0x00
:pci2 at ppb1 bus 16
:ppb2 at pci0 dev 5 function 0 ATI RS480 PCIE rev 0x00
:pci3 at ppb2 bus 32
:ohci0 at pci0 dev 19 function 0 ATI IXP400 USB rev 0x00: apic 1 int 
:19 (irq 10), version 1.0, legacy support
:ohci1 at pci0 dev 19 function 1 ATI IXP400 USB rev 0x00: apic 1 int 
:19 (irq 10), version 1.0, legacy support
:ehci0 at pci0 dev 19 function 2 ATI IXP400 USB2 rev 0x00: apic 1 int 
:19 (irq 10)
:usb0 at ehci0: USB revision 2.0
:uhub0 at usb0
:uhub0: ATI EHCI root hub, rev 2.00/1.00, addr 1
:uhub0: 8 ports with 8 removable, self powered
:piixpm0 at pci0 dev 20 function 0 ATI IXP400 SMBus rev 0x11: SMI
:iic0 at piixpm0
:admtemp0 at iic0 addr 0x4c: adm1032
:pciide0 at pci0 dev 20 function 1 ATI IXP400 IDE rev 0x00: DMA, 
:channel 0 configured to compatibility, channel 1 configured to 
:compatibility
:wd0 at pciide0 channel 0 drive 0: FUJITSU MHV2060AH
:wd0: 16-sector PIO, LBA, 57231MB, 117210240 sectors
:wd0(pciide0:0:0): using PIO mode 4, DMA mode 2, Ultra-DMA mode 5
:atapiscsi0 at pciide0 channel 1 drive 0
:scsibus0 at atapiscsi0: 2 targets
:cd0 at scsibus0 targ 0 lun 0: MATSHITA, UJ-840D, 1.02 SCSI0 5/cdrom 
:removable
:cd0(pciide0:1:0): using PIO mode 4, DMA mode 2
:pcib0 at pci0 dev 20 function 3 ATI IXP400 ISA rev 0x00
:ppb3 at pci0 dev 20 function 4 ATI IXP400 PCI rev 0x00
:pci4 at ppb3 bus 2
:bge0 at pci4 dev 1 function 0 Broadcom BCM5788 rev 0x03, BCM5705 A3 
:(0x3003): apic 1 int 23 (irq 10), address 00:0f:b0:f6:46:19
:brgphy0 at bge0 phy 1: BCM5705 10/100/1000baseT PHY, rev. 2
:Broadcom BCM4319 rev 0x02 at pci4 dev 2 function 0 not configured
:cbb0 at pci4 dev 4 function 0 TI PCI7XX1 CardBus rev 0x00: apic 1 int 
:20 (irq 11)
:TI PCI7XX1 FireWire rev 0x00 at pci4 dev 4 function 2 not configured
:TI PCI7XX1 Flash rev 0x00 at pci4 dev 4 function 3 not configured
:sdhc0 at pci4 dev 4 function 4 TI PCI7XX1 Secure Data rev 0x00: apic 
:1 int 21 (irq 9)
:sdmmc0 at sdhc0
:sdmmc1 at sdhc0
:sdmmc2 at 

type 2 or 3 pcmcia wireless card

[Lawrence Horvath]

I am working with a ThinkPad 365X that i am installing obsd on and
would like wireless access on. it supports 2 type II or 1 type III
PCMCIA, I wanted a ral card however those only appear to come at the
lowest as a CB which i dont believe my thinkpad will support.

Any suggestions on a card i could use in this laptop?

thanks

--
-Lawrence