Re: Xbox port of OpenBSD
On Fri, 6 Jul 2007, Markus Ritzer wrote: Hello! My name is Markus Ritzer, and I have ported OpenBSD to the Microsoft Xbox. I have done this as a project for university, and this project is finished on July 18th. It is not an official port until now, and I don't think it will become one. I don't have enough time to be a maintainer of my port. But it would be great if you could mention the project on www.openbsd.org/plat.html . Every information about the project can be found at http://tobias.schroepf.de/doku/doku.php?id=xbox:porting_openbsd_to_the_xbox X-Original-Status: System is booting, there is output on the screen, rootfs gets mounted, users can log in (multi-user support), network and sound are working. Please mention the port on the OpenBSD homepage (It's ok for me if you mention it as unstable, unofficial, untested by the official developers and so on. Thanks a lot, Markus [moving to misc@, so more people will see this] Nice! While I personally do not have any interest in the xbox, it's always nice to see somebody embarking on a project and *finishing* it. I'm sure you learned a lot, and I hope the skills and knowledge you gained will benefit you and maybe even OpenBSD. I do not know if we have a policy regarding mentioning your port in plat.html. So far only ports that are in CVS or that are being worked on by developers are mentioned. -Otto
Re: : Formatting MS-DOS drive
Disk: sd0 geometry: 3935/64/32 [8060926 Sectors] Offset: 0 Signature: 0xAA55 Starting Ending LBA Info: #: idC H S -C H S [ start: size ] 0: 0B0 1 32 - 3935 63 17 [ 63: 8060850 ] Win95 FAT-32 1: 000 0 0 -0 0 0 [ 0: 0 ] unused 2: 000 0 0 -0 0 0 [ 0: 0 ] unused 3: 000 0 0 -0 0 0 [ 0: 0 ] unused Ah, I now understand. Windows is assuming that each track has 63 sectors, and apparently requires that each partition fills an integer number of tracks. The ending CHS values are chosen so that the maximum number of 63-sector tracks are filled. So, to create the appropriate MBR partition for a drive, type the following (I assume that the drive is device sd0): # fdisk -i -e sd0 fdisk: sysctl(machdep.bios.diskinfo): Device not configured - -- ATTENTION - UPDATING MASTER BOOT RECORD -- - Do you wish to write new MBR and partition table? [n] y Enter 'help' for information fdisk: 1 print Disk: sd0 geometry: 3935/64/32 [8060926 Sectors] Offset: 0 Signature: 0xAA55 Starting Ending LBA Info: #: idC H S -C H S [ start: size ] 0: 000 0 0 -0 0 0 [ 0: 0 ] unused 1: 000 0 0 -0 0 0 [ 0: 0 ] unused 2: 000 0 0 -0 0 0 [ 0: 0 ] unused *3: A60 1 1 - 3934 63 32 [ 32: 8058848 ] OpenBSD Take careful note of the total number of sectors (8060926 in this case). Let NUM be the number of sectors divided by 63, rounded down to the nearest integer. Then, let SIZE be 63*(NUM - 1) In this example, NUM is 127951 and SIZE is 8060850. Continue as follows: fdisk: 1 edit 3 Starting Ending LBA Info: #: idC H S -C H S [ start: size ] *3: A60 1 1 - 3934 63 32 [ 32: 8058848 ] OpenBSD Partition id ('0' to disable) [0 - FF]: [A6] (? for help) 0 Partition 3 is disabled. fdisk:*1 edit 0 Starting Ending LBA Info: #: idC H S -C H S [ start: size ] 0: 000 0 0 -0 0 0 [ 0: 0 ] unused Partition id ('0' to disable) [0 - FF]: [0] (? for help) 0B Do you wish to edit in CHS mode? [n] n offset: [0] 63 At the next prompt, enter the number SIZE that we had previously calculated. size: [0] 8060850 fdisk:*1 print Disk: sd0 geometry: 3935/64/32 [8060926 Sectors] Offset: 0 Signature: 0xAA55 Starting Ending LBA Info: #: idC H S -C H S [ start: size ] 0: 0B0 1 32 - 3935 63 17 [ 63: 8060850 ] Win95 FAT-32 1: 000 0 0 -0 0 0 [ 0: 0 ] unused 2: 000 0 0 -0 0 0 [ 0: 0 ] unused 3: 000 0 0 -0 0 0 [ 0: 0 ] unused fdisk:*1 quit Writing current MBR to disk. And notice that the 3935 that I could not explain is immediately accounted for. The problem is solved!
Re: IDE or SCSI virtual disks for VMWare image?
On 7/6/07, Srebrenko Sehic [EMAIL PROTECTED] wrote: Both work just fine. I myself, always run SCSI via mpi(4). Works like a charm and performs quite well. I confirm. I have several OpenBSD 4.1 VM in VMWare 6. Some use IDE, some SCSI. No difference from what I can tell.
Re: 4.0 - 4.1 broke ipsec
pf is probably the problem, 'keep state' is assumed unless explicitelly stated otherwise. On 7/6/07, Heinrich Rebehn [EMAIL PROTECTED] wrote: Hello list, after using ipsec for some years now, i never experienced an upgrade breaking it. But after after moving to 4.1 (new install) i can not get it to work anymore. I have copied the complete /etc/isakmpd directory from the 4.0 installation to the new one and also copied /etc/imakmpd/private/local.pub to /etc/isakmpd Below is a snippet from the output of isakmpd -d -DA=70 on my gateway: The peer antbook3 is trying to establish a connection, but the local isakmpd cannot validate antbook3's cert. antbook3's installation has not changed at all. I have never seen the message unable to get local issuer certificate before. 111621.667743 Mesg 50 message_parse_payloads: offset 28 payload ID 111621.667812 Mesg 50 message_parse_payloads: offset 62 payload CERT 111621.667852 Mesg 50 message_parse_payloads: offset 799 payload SIG 111621.667924 Mesg 60 message_validate_payloads: payload ID at 0x8810241c of message 0x88f39500 111621.668011 Mesg 70 TYPE: 2 111621.668052 Mesg 70 DOI_DATA: 00 111621.668128 Mesg 70 DATA: 111621.668210 Mesg 40 ipsec_validate_id_information: proto 0 port 0 type 2 111621.668251 Mesg 60 message_validate_payloads: payload CERT at 0x8810243e of message 0x88f39500 111621.668313 Mesg 70 ENCODING: X509_SIG 111621.668348 Mesg 70 DATA: 111621.668431 Mesg 60 message_validate_payloads: payload SIG at 0x8810271f of message 0x88f39500 111621.668503 Mesg 70 DATA: 111621.668542 Trpt 70 transport_release: freeing 0x813c5c40 111621.668617 Misc 30 ipsec_responder: phase 1 exchange 2 step 4 111621.668707 Negt 40 ike_phase_1_recv_ID: FQDN: 111621.668755 Negt 40 616e7462 6f6f6b33 2e616e74 2e756e69 2d627265 6d656e2e 6465 111621.668827 Cryp 70 x509_hash_find: no certificate matched query 111621.669061 Default x509_cert_validate: unable to get local issuer certificate 111621.669224 Default rsa_sig_decode_hash: received CERT can't be validated 111621.672638 Negt 50 get_raw_key_from_file: file /etc/isakmpd/pubkeys//fqdn/antbook3.ant.uni-bremen.de not found 111621.672685 Default rsa_sig_decode_hash: no public key found 111621.672731 Default dropped message from 172.21.113.59 port 500 due to notification type INVALID_ID_INFORMATION Verifying the cert by hand: [EMAIL PROTECTED] [/etc/isakmpd/certs] # openssl verify -CAfile ../ca/ca.crt antbook3.crt antbook3.crt: OK [EMAIL PROTECTED] [/etc/isakmpd/certs] # md5 ../ca/ca.crt MD5 (../ca/ca.crt) = e83c31211832100dcd79ae6f4612cf00 Making sure that the gateway uses the same ca crt: [EMAIL PROTECTED] [~] # md5 /etc/isakmpd/ca/ca.crt MD5 (/etc/isakmpd/ca/ca.crt) = e83c31211832100dcd79ae6f4612cf00 I will happily post more information if needed, but i am unsure if i can post the output of openssl x509 -text ... of a cert. Would this enable someone else to use it? Thanks for any hints Heinrich -- Heinrich Rebehn University of Bremen Physics / Electrical and Electronics Engineering - Department of Telecommunications - Phone : +49/421/218-4664 Fax :-3341 -- almir
Re: 4.0 - 4.1 broke ipsec
Almir Karic wrote: pf is probably the problem, 'keep state' is assumed unless explicitelly stated otherwise. On 7/6/07, Heinrich Rebehn [EMAIL PROTECTED] wrote: Hello list, after using ipsec for some years now, i never experienced an upgrade breaking it. But after after moving to 4.1 (new install) i can not get it to work anymore. I have copied the complete /etc/isakmpd directory from the 4.0 installation to the new one and also copied /etc/imakmpd/private/local.pub to /etc/isakmpd Below is a snippet from the output of isakmpd -d -DA=70 on my gateway: The peer antbook3 is trying to establish a connection, but the local isakmpd cannot validate antbook3's cert. antbook3's installation has not changed at all. I have never seen the message unable to get local issuer certificate before. 111621.667743 Mesg 50 message_parse_payloads: offset 28 payload ID 111621.667812 Mesg 50 message_parse_payloads: offset 62 payload CERT 111621.667852 Mesg 50 message_parse_payloads: offset 799 payload SIG 111621.667924 Mesg 60 message_validate_payloads: payload ID at 0x8810241c of message 0x88f39500 111621.668011 Mesg 70 TYPE: 2 111621.668052 Mesg 70 DOI_DATA: 00 111621.668128 Mesg 70 DATA: 111621.668210 Mesg 40 ipsec_validate_id_information: proto 0 port 0 type 2 111621.668251 Mesg 60 message_validate_payloads: payload CERT at 0x8810243e of message 0x88f39500 111621.668313 Mesg 70 ENCODING: X509_SIG 111621.668348 Mesg 70 DATA: 111621.668431 Mesg 60 message_validate_payloads: payload SIG at 0x8810271f of message 0x88f39500 111621.668503 Mesg 70 DATA: 111621.668542 Trpt 70 transport_release: freeing 0x813c5c40 111621.668617 Misc 30 ipsec_responder: phase 1 exchange 2 step 4 111621.668707 Negt 40 ike_phase_1_recv_ID: FQDN: 111621.668755 Negt 40 616e7462 6f6f6b33 2e616e74 2e756e69 2d627265 6d656e2e 6465 111621.668827 Cryp 70 x509_hash_find: no certificate matched query 111621.669061 Default x509_cert_validate: unable to get local issuer certificate 111621.669224 Default rsa_sig_decode_hash: received CERT can't be validated 111621.672638 Negt 50 get_raw_key_from_file: file /etc/isakmpd/pubkeys//fqdn/antbook3.ant.uni-bremen.de not found 111621.672685 Default rsa_sig_decode_hash: no public key found 111621.672731 Default dropped message from 172.21.113.59 port 500 due to notification type INVALID_ID_INFORMATION Verifying the cert by hand: [EMAIL PROTECTED] [/etc/isakmpd/certs] # openssl verify -CAfile ../ca/ca.crt antbook3.crt antbook3.crt: OK [EMAIL PROTECTED] [/etc/isakmpd/certs] # md5 ../ca/ca.crt MD5 (../ca/ca.crt) = e83c31211832100dcd79ae6f4612cf00 Making sure that the gateway uses the same ca crt: [EMAIL PROTECTED] [~] # md5 /etc/isakmpd/ca/ca.crt MD5 (/etc/isakmpd/ca/ca.crt) = e83c31211832100dcd79ae6f4612cf00 I will happily post more information if needed, but i am unsure if i can post the output of openssl x509 -text ... of a cert. Would this enable someone else to use it? Thanks for any hints Heinrich -- Heinrich Rebehn University of Bremen Physics / Electrical and Electronics Engineering - Department of Telecommunications - Phone : +49/421/218-4664 Fax :-3341 But how should keep state be harmfull for ipsec? Why would it cause verification of the certs to fail? Just tried passing port 500 and 4500 with no state. Does not help. --Heinrich
Re: Running out of RAM -- for the archives
Karl O. Pinc wrote: On 07/06/2007 06:46:26 PM, Chris Smith wrote: I assume the problem is not enough RAM because when I add more RAM everything works fine. Repeatable? Sure you've ruled out a seating problem? Yes, repeatable. yep, I'd believe that. Some time back (3.6?), when I stuffed five 4-port dc(4) cards into a Dell GX1 (late PII system), I found it panicked early in the boot process if I had only 16M RAM in the thing (yes, I actually have some 16M DIMMs I was able to stuff in the machine!). After a bit of discussion with developers who know more than I (which is pretty close to all of them), it was explained that each NIC requires some buffer space, so the more NICs you have, the more RAM you better have for the kernel. If you don't have enough RAM for the kernel, it goes boom. Sounds like I need to do some more small RAM testing again. I am actually somewhat surprised (but not shocked) that 32M is not enough for three NICs, but things have grown since the 3.6 days. It's getting hard to get down to the 16M-32M range anymore on systems that aren't painful to ssh into. :) Nick.
Re: IDE or SCSI virtual disks for VMWare image?
Todd Pytel wrote: ...If it matters, this is going to be lightweight, home server kind of stuff. There's the answer to your question: For your app, it just won't matter. You've spent more time asking, and others (including myself) have spent more time answering your question than you will ever personally benefit (i.e., more work done at the end of the day/week/month). Optimizing for a 1% or even a 20% performance difference is rarely worth the effort for end-of-day productivity (major exception: when it is part of a number of other 20% optimizations. Another major exception is when you are really close to the limit for something, but then, you generally need to be working out a better strategy, not getting just barely getting by a little longer). If you honestly believe you will benefit from such an optimization, you can and need to do your own benchmarks. There are just too many variables in your question to be asked and answered in the way you asked it. For example: * VMware version * VMware host hardware * Other system load * OpenBSD load * etc... Practically speaking, if you are worried about performance, you probably don't want to be in a virtualization environment. If you are trying to optimize for the sake of optimizing, there are probably a lot better ways of spending your (and our!) time. Nick.
Re: IDE or SCSI virtual disks for VMWare image?
On Sat, 2007-07-07 at 10:44 -0400, Nick Holland wrote: There's the answer to your question: For your app, it just won't matter. You've spent more time asking, and others (including myself) have spent more time answering your question than you will ever personally benefit (i.e., more work done at the end of the day/week/month). I'm sorry for wasting your time. I thought it was a fairly simple question - more like Is one of the options drastically better or more stable than the other?, not How can I can get an extra 1% on a synthetic benchmark? Since there's not exactly a tremendous amount of detailed information on OpenBSD in VMWare beyond just setting it up, I asked here because I figured some people had more experience and could answer the question quickly, as they did - the disk type doesn't matter. That answers my question just fine. Thank you all for your responses and your time. --Todd
Re: Thecus N2100 question
On Mon, 4 Jun 2007, Bryan Vyhmeister wrote: The later versions of the firmware (which I got) apparently do not allow automated boot. I was very disappointed to find this out. I can't comment on I'm actually one click away of buying a N2100. Is this automated boot problem still true? -- Antoine
How to update Xorg?
Is there a easy way to update OpenBSD's Xorg to latest cvs release of it. This because of the added 'avivo' driver for my ATI Mobility Radeon X1400 graphics card. Timo
Re: Thecus N2100 question
On Sat, 7 Jul 2007, Antoine Jacoutot wrote: On Mon, 4 Jun 2007, Bryan Vyhmeister wrote: The later versions of the firmware (which I got) apparently do not allow automated boot. I was very disappointed to find this out. I can't comment on I'm actually one click away of buying a N2100. Is this automated boot problem still true? -- Antoine I have not heard any further news, either good or bad, regarding automated boot. You might also ask on the [EMAIL PROTECTED] list. diana
Re: How to update Xorg?
On 7/7/07, Timo Myyra [EMAIL PROTECTED] wrote: Is there a easy way to update OpenBSD's Xorg to latest cvs release of it. This because of the added 'avivo' driver for my ATI Mobility Radeon X1400 graphics card. Like from release to stable? If so then I would you anoncvs and checkout Xs most current releases using cvs. Then use the below link to build X. Here is how to build X: http://openbsd.org/faq/faq5.html#Xbld If this isn't what you need you might consider reading the FAQ on -current.
route change differs from route delete / route add? openbgpd session drops
Hello, I don't know, if this is a bug, but I can recognize a strange thing. Im setting up a redundant pair of routers and run some tests with carp for the failover on the lan side. Because of the bug refreshing the kernel routing table when changing carp-state I use ifstated with an route delete / route add statement. You can read more about this here: http://marc.info/?l=openbsd-miscm=118368434807925w=2 Everything works fine and I want to optimize my config. I tried to use route change instead of route delete + route add. But when I was running tests on the failover (disabling the link on switch side) a strange thing happened: my bgp session to the rest of the world died. Jul 7 23:25:48 pinky ifstated[24699]: changing state to primary213 Jul 7 23:25:48 pinky ifstated[24699]: running route change -inet 195.140.213.0/24 -interface 195.140.213.1 Jul 7 23:27:56 pinky bgpd[18893]: neighbor 217.79.210.25 (IXEurope Link 2): received notification: HoldTimer expired, unknown subcode 0 Jul 7 23:27:56 pinky bgpd[18893]: neighbor 194.9.86.8 (iBGP AS35548): received notification: HoldTimer expired, unknown subcode 0 Jul 7 23:27:56 pinky ifstated[24699]: changing state to backup213 When enabling the link from switch side again, the session came back. Isn't route change the smartest way to configure the routing in my case? Or is there a bug in OpenBGPd or the kernel routing table update code? Regards, Falk
Re: How to update Xorg?
On Sat, 7 Jul 2007, djgoku wrote: On 7/7/07, Timo Myyra [EMAIL PROTECTED] wrote: Is there a easy way to update OpenBSD's Xorg to latest cvs release of it. This because of the added 'avivo' driver for my ATI Mobility Radeon X1400 graphics card. Like from release to stable? If so then I would you anoncvs and checkout Xs most current releases using cvs. Then use the below link to build X. I think he means how to build latest version from *X.org's* CVS. Timo: how about getting the source and following X.org's documentation? -- Antti Harri
Re: : Formatting MS-DOS drive
OK, to format a usb flash drive with an MS-DOS (FAT32) file system, I am using the following procedure. First, I run fdisk # fdisk -i -e sd0 and edit the MBR partition table as described in the previous message. Then I run newfs_msdos # newfs_msdos -F 32 -u 63 /dev/rsd0i (Is the -u 63 option necessary? I am just guessing that it is, since the number of sectors in the MBR partition was chosen to be an integer multiple of 63.) This seems to work, but with one caveat. If I run fsck_msdos on the new file system, it detects some problems. # fsck_msdos -n /dev/sd0i ** /dev/sd0i ** Phase 1 - Read and Compare FATs ** Phase 2 - Check Cluster Chains ** Phase 3 - Check Directories ** Phase 4 - Check for Lost Files Free space in FSInfo block (-1) not correct (125686) fix? no Next free cluster in FSInfo block (2) not free fix? no 1 files, 502744 free (125686 clusters) Am I doing something wrong? Is this a bug in newfs_msdos or fsck_msdos?
dovecot 4.1 port won't fork
Dovecot on a new 4.1 cvs install with 4.1 dovecot port will not fork any ideas.. here is kdump [...] 3918 dovecot RET sigprocmask -65793/0xfffefeff 3918 dovecot CALL dup2(0x4,0) 3918 dovecot RET dup2 0 3918 dovecot CALL dup2(0x4,0x1) 3918 dovecot RET dup2 1 3918 dovecot CALL sigprocmask(0x1,0x) 3918 dovecot RET sigprocmask 0 3918 dovecot CALL mprotect(0x3c007000,0x1000,0x3) 3918 dovecot RET mprotect 0 3918 dovecot CALL mprotect(0x3c007000,0x1000,0x1) 3918 dovecot RET mprotect 0 3918 dovecot CALL sigprocmask(0x3,0) 3918 dovecot RET sigprocmask -65793/0xfffefeff 3918 dovecot CALL fork() 3918 dovecot RET fork 14942/0x3a5e 3918 dovecot CALL sigprocmask(0x1,0x) 3918 dovecot RET sigprocmask 0 3918 dovecot CALL mprotect(0x3c007000,0x1000,0x3) 3918 dovecot RET mprotect 0 3918 dovecot CALL mprotect(0x3c007000,0x1000,0x1) 3918 dovecot RET mprotect 0 3918 dovecot CALL sigprocmask(0x3,0) 3918 dovecot RET sigprocmask -65793/0xfffefeff 3918 dovecot CALL exit(0)
iwi configuration?
I've installed iwi-firmware-3.0.tgz per the iwi manpage, adjusted the group associated with the four installed files to match that of everything else in the directory: $ ls -al /etc/firmware/iwi* -rw-r--r-- 1 root bin 191142 Mar 26 2006 /etc/firmware/iwi-bss -rw-r--r-- 1 root bin 185660 Mar 26 2006 /etc/firmware/iwi-ibss -rw-r--r-- 1 root bin 12007 Mar 26 2006 /etc/firmware/iwi-license -rw-r--r-- 1 root bin 187836 Mar 26 2006 /etc/firmware/iwi-monitor $ The wireless device appears to be recognized correctly in dmesg: $ dmesg | grep iwi0 iwi0 at pci3 dev 2 function 0 Intel PRO/Wireless 2915ABG rev 0x05: irq 11, address 00:0e:35:e2:af:6f $ However, at boot I'm receiving these errors at the console: iwi0: fatal firmware error iwi0: device configuration failed I'm running the 24 June snapshot of -current: $ sysctl kern.version kern.version=OpenBSD 4.1-current (GENERIC) #309: Sun Jun 24 00:56:12 MDT 2007 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC $ So, have I missed something to correctly configure this device? Thanks.
Re: dovecot 4.1 port won't fork
On 7/6/07, dreamwvr [EMAIL PROTECTED] wrote: Dovecot on a new 4.1 cvs install with 4.1 dovecot port will not fork any ideas.. here is kdump ... 3918 dovecot CALL fork() 3918 dovecot RET fork 14942/0x3a5e That shows that fork() was successful and that the pid of the child was 14942. If you want to see what the child is doing after the fork then you'll need to pass ktrace the -i option so that the child inherit the tracing. Philip Guenther