Re: : ThinkPad T41p suspend is fine from console, hangs from X

[Raimo Niskanen]

I have a related problem. But it is with a ThinkPad T23, S3 graphics.

Phoenix BIOS suspend to disk works fine while X is running but only
if I have a text console active. And it does not matter if I use
the 'savage' or the 'vesa' Xorg driver.

If the X screen is active, the suspend hangs.

Any clues, anyone?



On Tue, Jul 10, 2007 at 05:45:40AM +0200, Jonathan Thornburg wrote:
 In message http://marc.info/?l=openbsd-miscm=118157353605570w=1
 I described how I couldn't get suspend-to-RAM to work on an IBM/Lenovo
 Thinkpad T41p running OpenBSD 4.1-stable.  (See that message for more
 details, including my dmesg.)
 
 In http://marc.info/?l=openbsd-miscm=118163499228268w=1
 I added the additional information that
 | Since X is so tied up in this, I should also note that I do *not* have
 | an 'xorg.conf' -- the system is using some sort of internally-generated
 | default X configuration, which works fine (which is why I never bothered
 | to set up my own 'xorg.conf'.
 
 I'd like to thank all the people who responded, both privately and on
 the mailing list.  The problem is now completely solved, thanks to a
 suggestion from Erik Mugele ejm at REMOVESPAMBLOCKteuton dot org,
 who wrote:
  What I eventually discovered was that the problem was the video driver
  that I was loading in the Xorg.conf file.  Even if you don't use a
  custom xorg.conf file, the automatic version will load the ati driver.
  [[...]]
  I switched to using the vesa driver in Xorg.conf.  This completely
  solved the problem.  I know this isn't the optimal driver for the ATI
  card under X but it works just fine.  I don't care about 3D
  acceleration, etc.  I do get good colors, full 1600x1200 resolution and
  ALL of the suspend functions work (to RAM and to disk).  They work from
  the Fn+buttons as well as from the zzz command.
  
  I wrote up my experiences about this here:
  http://www.teuton.org/~ejm/t42p
 
 My experience was identical, and switching to the vesa driver completely
 solved my problem.  (I don't have the XVideo extension any more, but
 mplayer works fine with software video, so I don't care.)
 
 Again, my thanks to all who responded to my query -- suspend is *very*
 valuable when travelling with a laptop.  My apologies for the long delay
 in this followup (too much travelling, and two much WPA-only wireless
 in hotel rooms).
 
 For the record, here is the /etc/X11/xorg.conf I am now using:
 --- begin /etc/X11/xorg.conf ---
 Section ServerLayout
   Identifier X.org Configured
   Screen  0  Screen0 0 0
   InputDeviceMouse0 CorePointer
   InputDeviceKeyboard0 CoreKeyboard
 EndSection
 
 Section Files
   RgbPath  /usr/X11R6/lib/X11/rgb
   ModulePath   /usr/X11R6/lib/modules
   FontPath /usr/X11R6/lib/X11/fonts/misc/
   FontPath /usr/X11R6/lib/X11/fonts/75dpi/:unscaled
   FontPath /usr/X11R6/lib/X11/fonts/100dpi/:unscaled
   FontPath /usr/local/lib/X11/fonts/ghostscript/
   FontPath /usr/X11R6/lib/X11/fonts/TTF/
   FontPath /usr/X11R6/lib/X11/fonts/Type1/
 ##FontPath /usr/X11R6/lib/X11/fonts/CID/
 EndSection
 
 Section Module
 ##Load  dbe
 ##Load  extmod
   Load  glx
 ##Load  record
 ##Load  xtrap
 ##Load  dri
   Load  freetype
   Load  type1
 EndSection
 
 Section InputDevice
   Identifier  Keyboard0
   Driver  kbd
 ##  Option  XkbOptions  ctrl:swapcaps
 EndSection
 
 Section InputDevice
   Identifier  Mouse0
   Driver  mouse
   Option  Protocol wsmouse
   Option  Device /dev/wsmouse
 ##Option  ZAxisMapping 4 5 6 7
 EndSection
 
 Section Monitor
   Identifier   Monitor0
   VendorName   Monitor Vendor
   ModelNameMonitor Model
 EndSection
 
 Section Device
 ### Available Driver options are:-
 ### Values: i: integer, f: float, bool: True/False,
 ### string: String, freq: f Hz/kHz/MHz
 ### [arg]: arg optional
 #Option NoAccel # [bool]
 #Option SWcursor# [bool]
 #Option Dac6Bit # [bool]
 #Option Dac8Bit # [bool]
 #Option BusType # [str]
 #Option CPPIOMode   # [bool]
 #Option CPusecTimeout   # i
 #Option AGPMode # i
 #Option AGPFastWrite# [bool]
 #Option AGPSize # i
 #Option GARTSize# i
 #Option RingSize# i
 #Option BufferSize  # i
 #Option EnableDepthMoves# [bool]
 #Option EnablePageFlip  # [bool]
 #Option NoBackBuffer# [bool]
 #Option PanelOff# [bool]
 #Option DDCMode # [bool]
 #Option MonitorLayout   # [str]
 

Re: Is there any bug with bnx which would cause vlans fail?

[Rui Miguel Silva Seabra]

On Thu, Jul 05, 2007 at 12:28:51PM +0100, Rui Miguel Silva Seabra wrote:
 In the switch:
 interface GigabitEthernet0/3
  switchport trunk encapsulation dot1q
  switchport trunk allowed vlan 1,101,1280
  switchport mode trunk
  no ip address
 
 interface GigabitEthernet0/6
  switchport access vlan 101
  no ip address

I am now fairly certain the problem is on OpenBSD's side (either my
configuration is wrong, or there is a bug!). I'm this certain because
merely defining the same on a GNU/Linux box, it worked on the first try:

ifconfig eth1 up
vconfig add eth1 101
ifconfig eth1.101 192.168.0.1 netmask  255.255.255.240

Machine A pinged machine B and vice-versa, traffic flowed through the
vlan virtual interface.

Can anyone share some profound insight, please? :)

 In machine A:
 cat /etc/hostname.bnx0
 up
 cat /etc/hostname.bnx1
 up
 cat /etc/hostname.trunk0
 trunkproto failover trunkport bnx0 trunkport bnx1
 cat /etc/hostname.vlan101
 vlan 101 vlandev trunk0
 inet 192.168.0.1 255.255.255.240 NONE
 
 In machine B:
 cat /etc/hostname.bnx0
 inet 192.168.0.7 255.255.255.240 NONE
 
 
 Machine A is connected to GigabitEthernet0/3
 Machine B is connected to GigabitEthernet0/6
 
 They can't ping each other.
 I don't see any traffic (not even arps) when I use
 tcpdump -pni vlan101
 
 Here comes dmesg on the HPDL360G5 machines:
 
 OpenBSD 4.1 (GENERIC) #1435: Sat Mar 10 19:07:45 MST 2007
 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
 cpu0: Intel(R) Xeon(R) CPU 5160 @ 3.00GHz (GenuineIntel 686-class) 3.01 GHz
 cpu0: 
 FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,CX16,xTPR
 real mem  = 2145316864 (2095036K)
 avail mem = 1950748672 (1905028K)
 using 4278 buffers containing 107388928 bytes (104872K) of memory
 mainbus0 (root)
 bios0 at mainbus0: AT/286+ BIOS, date 12/31/99, BIOS32 rev. 0 @ 0xf, 
 SMBIOS rev. 2.3 @ 0xee000 (67 entries)
 bios0: HP ProLiant DL360 G5
 pcibios0 at bios0: rev 3.0 @ 0xf/0x2000
 pcibios0: PCI BIOS has 9 Interrupt Routing table entries
 pcibios0: PCI Interrupt Router at 000:31:0 (Intel 6321ESB LPC rev 0x00)
 pcibios0: PCI bus #22 is the last bus
 bios0: ROM list: 0xc/0xb000 0xcc400/0x4000! 0xd0400/0x1800 0xe6000/0x2000!
 acpi at mainbus0 not configured
 ipmi0 at mainbus0: version 2.0 interface KCS iobase 0xca2/2 spacing 1
 cpu0 at mainbus0
 pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
 pchb0 at pci0 dev 0 function 0 vendor Intel, unknown product 0x25d8 rev 0xb1
 ppb0 at pci0 dev 2 function 0 Intel 5000 PCIE rev 0xb1
 pci1 at ppb0 bus 9
 ppb1 at pci1 dev 0 function 0 Intel 6321ESB PCIE rev 0x01
 pci2 at ppb1 bus 10
 ppb2 at pci2 dev 0 function 0 Intel 6321ESB PCIE rev 0x01
 pci3 at ppb2 bus 11
 ppb3 at pci2 dev 1 function 0 Intel 6321ESB PCIE rev 0x01
 pci4 at ppb3 bus 14
 ppb4 at pci2 dev 2 function 0 Intel 6321ESB PCIE rev 0x01
 pci5 at ppb4 bus 15
 ppb5 at pci1 dev 0 function 3 Intel 6321ESB PCIE-PCIX rev 0x01
 pci6 at ppb5 bus 16
 ppb6 at pci0 dev 3 function 0 Intel 5000 PCIE rev 0xb1
 pci7 at ppb6 bus 6
 ciss0 at pci7 dev 0 function 0 Hewlett-Packard Smart Array rev 0x01: irq 5
 ciss0: 1 LD, HW rev 1, FW 2.08/2.08
 scsibus0 at ciss0: 1 targets
 sd0 at scsibus0 targ 0 lun 0: HP, LOGICAL VOLUME, 2.08 SCSI3 0/direct fixed
 sd0: 69973MB, 69973 cyl, 64 head, 32 sec, 512 bytes/sec, 143305920 sec total
 ppb7 at pci0 dev 4 function 0 Intel 5000 PCIE rev 0xb1
 pci8 at ppb7 bus 19
 ppb8 at pci0 dev 5 function 0 Intel 5000 PCIE rev 0xb1
 pci9 at ppb8 bus 22
 ppb9 at pci0 dev 6 function 0 vendor Intel, unknown product 0x25e6 rev 0xb1
 pci10 at ppb9 bus 2
 ppb10 at pci10 dev 0 function 0 ServerWorks PCIE-PCIX rev 0xc3
 pci11 at ppb10 bus 3
 bnx0 at pci11 dev 0 function 0 Broadcom BCM5708 rev 0x12: irq 10
 ppb11 at pci0 dev 7 function 0 Intel 5000 PCIE rev 0xb1
 pci12 at ppb11 bus 4
 ppb12 at pci12 dev 0 function 0 ServerWorks PCIE-PCIX rev 0xc3
 pci13 at ppb12 bus 5
 bnx1 at pci13 dev 0 function 0 Broadcom BCM5708 rev 0x12: irq 10
 pchb1 at pci0 dev 16 function 0 Intel 5000 Error Reporting rev 0xb1
 pchb2 at pci0 dev 16 function 1 Intel 5000 Error Reporting rev 0xb1
 pchb3 at pci0 dev 16 function 2 Intel 5000 Error Reporting rev 0xb1
 pchb4 at pci0 dev 17 function 0 Intel 5000 Reserved rev 0xb1
 pchb5 at pci0 dev 19 function 0 Intel 5000 Reserved rev 0xb1
 pchb6 at pci0 dev 21 function 0 Intel 5000 FBD rev 0xb1
 pchb7 at pci0 dev 22 function 0 Intel 5000 FBD rev 0xb1
 uhci0 at pci0 dev 29 function 0 Intel 6321ESB USB rev 0x09: irq 5
 usb0 at uhci0: USB revision 1.0
 uhub0 at usb0
 uhub0: Intel UHCI root hub, rev 1.00/1.00, addr 1
 uhub0: 2 ports with 2 removable, self powered
 uhci1 at pci0 dev 29 function 1 Intel 6321ESB USB rev 0x09: irq 7
 usb1 at uhci1: USB revision 1.0
 uhub1 at usb1
 uhub1: Intel UHCI root hub, rev 1.00/1.00, addr 1
 uhub1: 2 ports with 2 removable, self powered
 uhci2 at pci0 dev 29 function 2 Intel 6321ESB USB rev 

Re: : ThinkPad T41p suspend is fine from console, hangs from X

[Matthieu Herrb]

On 7/10/07, Raimo Niskanen [EMAIL PROTECTED] wrote:

I have a related problem. But it is with a ThinkPad T23, S3 graphics.

Phoenix BIOS suspend to disk works fine while X is running but only
if I have a text console active. And it does not matter if I use
the 'savage' or the 'vesa' Xorg driver.

If the X screen is active, the suspend hangs.

Any clues, anyone?



Generally suspend/resume with APM works either by having the APM BIOS
handle the graphics card in the back of the OS, or by counting on the
OS to do the rignt thing. In the latter case, the kernel may need some
work too.

If Linux (or another BSD) manages to handle suspend/resume with X
running, then it''s an OpenBSD bug. If other OSs fail too, then it's
an X.Org driver problem, or a more general problem (BIOS bug, lack of
documentation...).

Re: Is there any bug with bnx which would cause vlans fail?

[Stuart Henderson]

Have you tried a -current snapshot at all?
sys/dev/pci/if_bnx.c 1.49 may be relevant.

description:

revision 1.49
date: 2007/05/21 10:05:03;  author: reyk;  state: Exp;  lines: +4 -3
fix bnx vlan tagging in the rx path; do not attach the vlan tag twice
if the firmware has been told to keep it and copy the tag in network
byte order in the other case.

ok mcbride@ dlg@
=

ADVERT: C12G

[Robin Carey]

Ultra-Secure Communications:

C12-GAMMA; a free software product for FreeBSD/Linux:

http://www.leopard.uk.com/cion

Sincerely,
R Carey.

Re: Is there any bug with bnx which would cause vlans fail?

[Rui Miguel Silva Seabra]

On Tue, Jul 10, 2007 at 09:50:31AM +0100, Stuart Henderson wrote:
 Have you tried a -current snapshot at all?
 sys/dev/pci/if_bnx.c 1.49 may be relevant.
 
 description:
 
 revision 1.49
 date: 2007/05/21 10:05:03;  author: reyk;  state: Exp;  lines: +4 -3
 fix bnx vlan tagging in the rx path; do not attach the vlan tag twice
 if the firmware has been told to keep it and copy the tag in network
 byte order in the other case.
 
 ok mcbride@ dlg@
 =

ooo... I thought I could be hitting a bug, damn, I hate compiling under
qemu and that's the close I can do with a network access :|

Rui

-- 
P'tang!
Today is Sweetmorn, the 45th day of Confusion in the YOLD 3173
+ No matter how much you do, you never do enough -- unknown
+ Whatever you do will be insignificant,
| but it is very important that you do it -- Gandhi
+ So let's do it...?

Re: Is there any bug with bnx which would cause vlans fail?

[Stuart Henderson]

On 2007/07/10 10:12, Rui Miguel Silva Seabra wrote:
 On Tue, Jul 10, 2007 at 09:50:31AM +0100, Stuart Henderson wrote:
  Have you tried a -current snapshot at all?
  sys/dev/pci/if_bnx.c 1.49 may be relevant.
  
  description:
  
  revision 1.49
  date: 2007/05/21 10:05:03;  author: reyk;  state: Exp;  lines: +4 -3
  fix bnx vlan tagging in the rx path; do not attach the vlan tag twice
  if the firmware has been told to keep it and copy the tag in network
  byte order in the other case.
  
  ok mcbride@ dlg@
  =
 
 ooo... I thought I could be hitting a bug, damn, I hate compiling under
 qemu and that's the close I can do with a network access :|

Can't you download a snapshot kernel on some other box and transfer
it some way that doesn't involve vlans on bnx? (USB memory stick,
USB nic, change the switch port to untagged, crossover-cable, etc..)

Re: VA space question

[Constantine Kousoulos]

In file src/sys/arch/amd64/include/pmap.h:

 * The x86_64 pmap module closely resembles the i386 one. It uses
 * the same recursive entry scheme, and the same alternate area
 * trick for accessing non-current pmaps. See the i386 pmap.h
 * for a description. The obvious difference is that 3 extra
 * levels of page table need to be dealt with. The level 1 page
 * table pages are at:
 *
 * l1: 0x7f80 - 0x7fff (39 bits, needs PML4 
entry)

 *
 * The alternate space is at:
 *
 * l1: 0xff80 - 0x (39 bits, needs PML4 
entry)

 *
 * The rest is kept as physical pages in 3 UVM objects, and is
 * temporarily mapped for virtual access when needed.


Which one level 1 ptp do we keep at the recursive area? Does OpenBSD 
keep the last used level 1 ptp cached at that area? Please clarify.


Thanks,
Constantine

Re: trying to be multi-homed, impossible without routing daemon?

[riwanlky]

hai,

i have same problem. however reading the mailing list i found the solution.

use pf, ddclient (for dhcp ip listing to the internet with zoneedit) is the 
answer.
route add default adsl
route add default dhcp ip -mpath

then in the pf.conf
pass in on adsl inet proto icmp keep state
pass in on adsl inet proto tcp from any to adsl port ssh keep state

pass in on cable_moden reply-to {cable_modem cable_modem_def_gateway} inet 
proto icmp keep state
pass in on cable_moden reply-to {cable_modem cable_modem_def_gateway} inet 
proto tcp from any to cable_modem port ssh keep state

you do not need bgp, rip, or ospf. because you need your isp to provide this.
mine work with three provider.

brgds,
riwan

At 02:20 AM 7/9/2007 -0700, Bohdan Tashchuk wrote:
I'm running OpenBSD 4.1 release.

I've had a DSL connection, just added a cable modem. DSL has static IP, 
cable modem IP assigned by DHCP (which becomes default route).

Now, when I receive ICMP echo request on DSL the ICMP echo reply goes back 
via cable modem (and has cable modem source address, not DSL source 
address). Of course incoming services such as SSH on DSL interface have 
same problem, outgoing reply packets go to cable modem instead.

I can't convince OpenBSD to return an echo reply via the interface the 
request arrived at. Is this just not possible? I've Googled for so many 
variations of multihomed, same interface, reply packets, but can't 
find anything definitive.

Is there any way for the machine to learn what interface a packet arrived 
at and send replies there? I can't run anything like BGP or even RIP since 
my ISPs don't speak those with me. Is there a program that can watch 
incoming packets and update routing table accordingly so outgoing packet 
go out the right interface?

Things work great for incoming requests if I delete the default route, but 
that makes outgoing requests pretty worthless since most packets have 
nowhere to go.

Is this just how routing works? Is OpenBSD more restricted than other OSes 
for this issue? Can anyone recommend a good book? I've read TCP 
Illustrated vol 1 but Stevens doesn't disuss this much, he says it would 
take a book to cover.

Having multiple interfaces to the Internet just seems useless for a 
typical small network. It seems like this should be an FAQ but maybe 
people are just smarter than I am and either figure out the answer or 
decide it is impossible.

Thanks for any help or advice.
--- End of Forwarded Message ---


--
Open WebMail Project (http://openwebmail.org)

Re: VA space question

[Artur Grabowski]

Constantine Kousoulos [EMAIL PROTECTED] writes:

 Which one level 1 ptp do we keep at the recursive area? Does OpenBSD
 keep the last used level 1 ptp cached at that area? Please clarify.

Huh? That question, no parse.

The recursive map is simply the top level page table that we enter into
itself (check pmap_create to find whichever slot it might be) to have
easy access to the page tables.

//art

Re: Is there any bug with bnx which would cause vlans fail?

[Rui Miguel Silva Seabra]

On Tue, Jul 10, 2007 at 11:04:29AM +0100, Stuart Henderson wrote:
 On 2007/07/10 10:12, Rui Miguel Silva Seabra wrote:
  On Tue, Jul 10, 2007 at 09:50:31AM +0100, Stuart Henderson wrote:
   Have you tried a -current snapshot at all?
   sys/dev/pci/if_bnx.c 1.49 may be relevant.
   
   description:
   
   revision 1.49
   date: 2007/05/21 10:05:03;  author: reyk;  state: Exp;  lines: +4 -3
   fix bnx vlan tagging in the rx path; do not attach the vlan tag twice
   if the firmware has been told to keep it and copy the tag in network
   byte order in the other case.
   
   ok mcbride@ dlg@
   =
  
  ooo... I thought I could be hitting a bug, damn, I hate compiling under
  qemu and that's the close I can do with a network access :|
 
 Can't you download a snapshot kernel on some other box and transfer
 it some way that doesn't involve vlans on bnx? (USB memory stick,
 USB nic, change the switch port to untagged, crossover-cable, etc..)

I didn't know that. Thanks, I'll try it first.

Rui

-- 
Or not.
Today is Sweetmorn, the 45th day of Confusion in the YOLD 3173
+ No matter how much you do, you never do enough -- unknown
+ Whatever you do will be insignificant,
| but it is very important that you do it -- Gandhi
+ So let's do it...?

Re: trying to be multi-homed, impossible without routing daemon?

[Die Gestalt]

nat on $cif from !($cif) - ($cif:0)


The problem is that !($cif) includes $dif


nat on $dif from !($dif) - ($dif:0)


and !($dif) includes $cif.


XX I NEED TO CHANGE TO SOMETHING LIKE THIS X

nat on $cif from ($iif:network) - ($cif:0)
nat on $dif from ($iif:network) - ($dif:0)


Exactly although the :0 is not mandatory.

Re: VA space question

[Constantine Kousoulos]

Artur Grabowski wrote:

Constantine Kousoulos [EMAIL PROTECTED] writes:


Which one level 1 ptp do we keep at the recursive area? Does OpenBSD
keep the last used level 1 ptp cached at that area? Please clarify.


Huh? That question, no parse.



The top level page table in the amd64 architecture (meaning the first 
page table that we reference to get to the physical pages) is called 
PML4 (Page Map Level 4) or just level 4 page table. Through that page 
table we have access to 3 or 4 (depending on the page size) page tables 
to get to the physical pages.


If that is the page table that the comments refer to in 
src/sys/arch/amd64/include/pmap.h, then they should change from


[...] The obvious difference is that 3 extra
 * levels of page table need to be dealt with. The level 1 page
 * table pages are at: [...]

to

[...] The obvious difference is that 3 extra
 * levels of page table need to be dealt with. The level 4 page
 * table pages are at: [...]

If the comments truly refer to the level 1 page table (last page table 
before getting physical address pages), then i am asking *which* level 1 
page table does OpenBSD recursively maps of all the available? There's 
not only one level 1 page table although there is only one level 4 page 
table.



The recursive map is simply the top level page table that we enter into
itself (check pmap_create to find whichever slot it might be) to have
easy access to the page tables.



A second thing is that recursive mapping works well when we have 2-level 
page tables (as in the i386 architecture). When we have 3 or more page 
tables, the recursive mapping just points to another page table and not 
to the physical address of a page. I think that is why The rest (of the 
page tables) is kept as physical pages in 3 UVM objects, and is 
temporarily mapped for virtual access when needed. Do these UVM objects 
work like a cache that save the last page tables used?

GSSAPI logins into OpenSSH combined with auto-obtaining AFS tokens

[Rogier Krieger]

Dear list,

While fiddling around to move my home directories onto AFS, I notice a
bit of interesting behaviour. At a first glance, everything seems just
fine. When logging in through the Krb5 mechanism (as defined in
login.conf), OpenSSH nicely obtains an AFS token for me. Use case:
Windows SSH client entering a username/password upon connecting.

The following scenario, however, does not get me AFS tickets in my
shell: obtaining Krb5 credentials on the client and logging into
OpenSSH through GSSAPI. Although logging in seems to have nicely
transfered my Krb5 ticket, OpenSSH does not obtain an AFS token for
me. Running afslog manually fixes this, but I would greatly prefer to
have afslog run automatically.

Browsing the archives, I gather GSSAPI and Kerberos are treated
differently, but I cannot distill a solution from the results. Is
there any? I'm presently thinking of ways to get 'afslog' to run after
the GSSAPI login is completed. Would the 'approve' stanza in
login.conf and a small work for this purpose?

Reading the manual, I do get the feeling approve wasn't meant for this
sort of thing, but I figured to best ask here for some good advice.
Insight or a good cluebat are most appreciated.

I'm thinking along the lines of:
(in /etc/login.conf)
:approve=/usr/local/bin/auto-afslog:\
:approve-ftp=/usr/local/bin/auto-afslog:\


(for the script)
#!/bin/sh
AFSLOG=/usr/bin/afslog
${AFSLOG} -p ${HOME}

For a ${HOME} based in AFS filespace. If ${HOME} were to be outside
AFS file space, I wouldn't mind the login to fail, since that would be
a worthwhile incident to investigate.

Cheers,

Rogier

--
If you don't know where you're going, any road will get you there.

Re: Is there any bug with bnx which would cause vlans fail?

[Rui Miguel Silva Seabra]

On Tue, Jul 10, 2007 at 02:36:57PM +0100, Rui Miguel Silva Seabra wrote:
 On Tue, Jul 10, 2007 at 11:04:29AM +0100, Stuart Henderson wrote:
  On 2007/07/10 10:12, Rui Miguel Silva Seabra wrote:
   On Tue, Jul 10, 2007 at 09:50:31AM +0100, Stuart Henderson wrote:
Have you tried a -current snapshot at all?
sys/dev/pci/if_bnx.c 1.49 may be relevant.

description:

revision 1.49
date: 2007/05/21 10:05:03;  author: reyk;  state: Exp;  lines: +4 -3
fix bnx vlan tagging in the rx path; do not attach the vlan tag twice
if the firmware has been told to keep it and copy the tag in network
byte order in the other case.

ok mcbride@ dlg@
=
   
   ooo... I thought I could be hitting a bug, damn, I hate compiling under
   qemu and that's the close I can do with a network access :|
  
  Can't you download a snapshot kernel on some other box and transfer
  it some way that doesn't involve vlans on bnx? (USB memory stick,
  USB nic, change the switch port to untagged, crossover-cable, etc..)
 
 I didn't know that. Thanks, I'll try it first.

yay! it seems to have worked as advertised on TV ;)

Thank you, Stuart!

-- 
You are what you see.
Today is Sweetmorn, the 45th day of Confusion in the YOLD 3173
+ No matter how much you do, you never do enough -- unknown
+ Whatever you do will be insignificant,
| but it is very important that you do it -- Gandhi
+ So let's do it...?

Re: GSSAPI logins into OpenSSH combined with auto-obtaining AFS tokens

[Darren Tucker]

Rogier Krieger wrote:

While fiddling around to move my home directories onto AFS, I notice a
bit of interesting behaviour. At a first glance, everything seems just
fine. When logging in through the Krb5 mechanism (as defined in
login.conf), OpenSSH nicely obtains an AFS token for me. Use case:
Windows SSH client entering a username/password upon connecting.

The following scenario, however, does not get me AFS tickets in my
shell: obtaining Krb5 credentials on the client and logging into
OpenSSH through GSSAPI. Although logging in seems to have nicely
transfered my Krb5 ticket, OpenSSH does not obtain an AFS token for
me. Running afslog manually fixes this, but I would greatly prefer to
have afslog run automatically.


Do you have KerberosGetAFSToken yes in sshd_config?

 KerberosGetAFSToken
  If AFS is active and the user has a Kerberos 5 TGT, attempt to
  acquire an AFS token before accessing the user's home directory.
  The default is ``no''.

--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

123

[Matiss Miglans]

123

Re: VA space question

[Artur Grabowski]

Constantine Kousoulos [EMAIL PROTECTED] writes:

 A second thing is that recursive mapping works well when we have
 2-level page tables (as in the i386 architecture).

Try a few more levels of recursion. It works fine.

 When we have 3 or
 more page tables, the recursive mapping just points to another page
 table and not to the physical address of a page. I think that is why
 The rest (of the page tables) is kept as physical pages in 3 UVM
 objects, and is temporarily mapped for virtual access when needed. Do
 these UVM objects work like a cache that save the last page tables
 used?

Erm. no. they are used to keep track of the page table pages. If you'd
ask me, they are not really necessary to have there, other than to
speed up certain operations by a tiniest fraction (so that we can do
(obj,offset)-vm_page lookups instead of va-pa-vm_page lookups that
are more expensive).

I wouldn't trust those comments. Unfortunately, the common trait of
most pmap comments is that they are written in a very early stage
of pmap development and by the time the pmap is almost working, the
author stops updating the comments (which is something you do mostly
just to collect your thoughts).

//art

Re: GSSAPI logins into OpenSSH combined with auto-obtaining AFS tokens

[Rogier Krieger]

As someone kind made me realise in an off-list reply, I should have
included my sshd_config on the machine in question. I should further
note that it is a 3.9-stable machine (although I did not spot changes
relating to the OpenSSH behaviour regarding GSSAPI for the versions
included with 4.0/4.1).

The following parameters differ from the stock sshd_config (the
complete file is at the bottom of this message):
KerberosAuthentication yes
KerberosGetAFSToken yes
GSSAPIAuthentication yes
X11Forwarding yes

The above lines allow me to enter a username/password combination to
login (after which OpenSSH properly obtains the AFS tokens for me). As
I said, this bit works nicely.

If my clients (MIT KfW, SecureCRT) attempt GSSAPI authentication,
OpenSSH properly obtains the Krb5 TGT (with the same end time as the
one listed in my MIT KfW) and lets me login. In the GSSAPI case,
however, OpenSSH does not obtain any AFS token, forcing me to run
afslog manually.

Hence my original question: can/should I use login.conf(5)'s 'approve'
stanza and a special script to run the afslog for me to get my AFS
tokens in order for the GSSAPI case?

Cheers,

Rogier


# cat /etc/ssh/sshd_config
#   $OpenBSD: sshd_config,v 1.73 2005/12/06 22:38:28 reyk Exp $

# This is the sshd server system-wide configuration file.  See
# sshd_config(5) for more information.

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options change a
# default value.

#Port 22
#Protocol 2,1
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key

# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 768

# Logging
# obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
#LogLevel INFO

# Authentication:

#LoginGraceTime 2m
#PermitRootLogin yes
PermitRootLogin without-password
#StrictModes yes
#MaxAuthTries 6

#RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile .ssh/authorized_keys

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no

# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
KerberosAuthentication yes
#KerberosOrLocalPasswd no
KerberosGetAFSToken yes

# GSSAPI options
GSSAPIAuthentication yes
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes

#AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS yes
#PidFile /var/run/sshd.pid
#MaxStartups 10
#PermitTunnel no

# no default banner path
#Banner /some/path

# override default of no subsystems
Subsystem   sftp/usr/libexec/sftp-server

--
If you don't know where you're going, any road will get you there.

Immobilier d'entreprise

[Christophe Maintot]

Bonjour,

Nous nous permettons de vous faire parvenir ce courriel,

Afin de vous annoncer louverture du site www.immob ilier-entreprise.fr.

Si vous souhaitez cider ou acquirir un bien immobilier pour votre
entreprise,
intigrer gratuitement votre annonce de cession ou dachat de bureaux,
locaux commerciaux, boutiques, bbtiment industriel 

Dans lattente de votre visite,
Veuillez agrier lexpression de nos sinchres salutations.

Immobilier Entreprise
www.immob ilier-entreprise.fr

 br/

Offre riservie exclusivement aux entreprises.

Conformiment ` la Loi Informatique et Libertis parue au Journal Officiel
du 6 janvier 1978, vous disposez d'un droit d'acchs, de rectification, et
d'opposition aux donnies personnelles vous concernant. Pour ne plus
recevoir d'informations de notre part, Cliquez ici

Linux emulation fedora/base or redhat/base

[Pieter Verberne]

Hi,

http://www.openbsd.org/faq/faq9.html#Interact says I should
use fedora_base for Linux emulation but compat_linux(8)
says I should use redhat_base. What is your advice?

Pieter Verberne

Re: : ThinkPad T41p suspend is fine from console, hangs from X

[Maxim Belooussov]

Hi,


If Linux (or another BSD) manages to handle suspend/resume with X
running, then it''s an OpenBSD bug. If other OSs fail too, then it's
an X.Org driver problem, or a more general problem (BIOS bug, lack of
documentation...).



T42 (with ATI graphics), Linux FC6 fails to handle suspend/resume with
X running.

Maxim

wpi(4) changes require firmware upgrade

[Damien Bergamini]

Recent changes in wpi(4) require an upgrade of the wpi-firmware
package to revision 2.14.4.
As usual, you can find a prepackaged version of the firmware at:
http://damien.bergamini.free.fr/packages/openbsd/wpi-firmware-2.14.4.tgz

or you can download it directly from:
http://www.intellinuxwireless.org/
and copy it to /etc/firmware/wpi-3945abg

The driver will stop working if you don't upgrade the package.

Damien

Re: Linux emulation fedora/base or redhat/base

[Dimitry Andric]

Pieter Verberne wrote:
 http://www.openbsd.org/faq/faq9.html#Interact says I should
 use fedora_base for Linux emulation but compat_linux(8)
 says I should use redhat_base. What is your advice?

Use fedora_base, it contains much newer linux components than the
redhat_base package.

Re: SiS900 datasheet

[Andrey Shuvikov]

On 7/10/07, Maxim Bourmistrov [EMAIL PROTECTED] wrote:

Hello!
I'v been googling for some time now without any success in finding
subject.
not even sis.com/sis.com.tw can give me what I need.

can any one mail it to me or put in on the web?

//maxim




Isn't SiS900 part of SiS630? At least SiS630 datasheet
(http://datasheet4u.com/html/S/I/S/SIS630_SIS.pdf.html) describes some
Ethernet registers

Re: wpi(4) changes require firmware upgrade

[Damien Bergamini]

Of course, this is only for people following -current.
*DO NOT* update your wpi-firmware package if you're running 4.1!
Users running 4.1 must use rev. 1.13 of the package as indicated
in the wpi(4) man page.
Older revisions of the firmware are available under:
http://damien.bergamini.free.fr/packages/openbsd/

Damien

| Recent changes in wpi(4) require an upgrade of the wpi-firmware
| package to revision 2.14.4.
| As usual, you can find a prepackaged version of the firmware at:
| http://damien.bergamini.free.fr/packages/openbsd/wpi-firmware-2.14.4.tgz
| 
| or you can download it directly from:
| http://www.intellinuxwireless.org/
| and copy it to /etc/firmware/wpi-3945abg
| 
| The driver will stop working if you don't upgrade the package.
| 
| Damien

Re: Live Earth - Power management

[f.janczuk]

My motherboard (Mini-itx) is running with a fanless processor VIA C3.

Do you know tools who give estimation of watt consummation ?

2007/7/10, Brian Candler [EMAIL PROTECTED]:

   I'm trying to make a small router/firewall running with OpenBSD but
 before
   setting up this I want to know her electric consummation.
  
   I have recently discover a linux software whose name is: powertop.
 
  I don't think there's a powertop port for OpenBSD just yet, but for
  the application you are talking about here, there are a number of
  options for running with less power hungry hardware such as the units
  from soekris or other modest clock speed units.  In general, for a
  routerish unit you could cut significantly on power requirements by
  throwing out the parts you don't need, eg going for serial console
  instead of that graphics card with its own cooling, aiming for lower
  power CPUs and so on.

 Seconded.

 Look for systems which are passively cooled - i.e. have no fan. This
 generally means they don't generate much heat in the first place. For
 example, there are VIA processors which only consume a few watts. Some of
 these have crypto accelerators and hardware random number generators built
 in, which is an extra bonus :-)

 As well as the really tiny systems like the Soekris, you could look at
 mini-ITX motherboards from the likes of Epia. My home desktop system is an
 Epia M-1 in a fanless case. I've not measured its power consumption,
 but
 I think it's pretty low.

 Regards,

 Brian.




-- 
Can you correct my english !!??!!  ^_^

Re: books.html out of date?

[Chris Cappuccio]

Alexander Hall [EMAIL PROTECTED] wrote:
 Is books.html falling behind?

Yes

 ... or is the OpenBSD/amazon association for specific ISBN's?

No

If you can update the URLs, or have other books to add, you should email
a diff -u to [EMAIL PROTECTED]

-- 
The lessons of history teach us - if they teach us anything - that nobody
learns the lessons that history teaches us. - Paul Robinson

Re: Live Earth - Power management

[Steve Shockley]

f.janczuk wrote:

My motherboard (Mini-itx) is running with a fanless processor VIA C3.

Do you know tools who give estimation of watt consummation ?


http://www.amazon.com/dp/B9MDBU/openbsdA/

pfsync doesn't get peer address from /etc/hostname.pfsync0

[John N. Brahy]

I have two firewalls that I'm trying to sync. When one boots up the
interface shows up correctly, both are running OpenBSD 4.1 and have been
upgraded from previous versions of OpenBSD.



Server A

$ ifconfig pfsync0

pfsync0: flags=0 mtu 1460

groups: carp pfsync



Server A after sh /etc/netstart pfsync0

$ ifconfig pfsync0

pfsync0: flags=41UP,RUNNING mtu 1460

pfsync: syncdev: em0 syncpeer: 64.93.69.53 maxupd: 128

groups: carp pfsync



Server B after boot

$ ifconfig pfsync0

pfsync0: flags=41UP,RUNNING mtu 1460

pfsync: syncdev: rl0 syncpeer: 64.93.69.36 maxupd: 128

groups: carp pfsync



Server A /etc/hostname.pfsync0

$ cat /etc/hostname.pfsync0

up syncpeer magic.ad2.com syncdev em0



Server B /etc/hostname.pfsync0

$ cat /etc/hostname.pfsync0

up syncpeer canada.ad2.com syncdev rl0



Server A dmesg

OpenBSD 4.1 (GENERIC) #1435: Sat Mar 10 19:07:45 MST 2007

[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC

cpu0: Intel(R) Xeon(TM) CPU 3.00GHz (GenuineIntel 686-class) 3 GHz

cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,
CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,CNXT-ID
,CX16,xTPR

real mem  = 2146795520 (2096480K)

avail mem = 1952096256 (1906344K)

using 4278 buffers containing 107462656 bytes (104944K) of memory

mainbus0 (root)

bios0 at mainbus0: AT/286+ BIOS, date 01/09/06, BIOS32 rev. 0 @ 0xffe90,
SMBIOS rev. 2.3 @ 0xf9920 (87 entries)

bios0: Dell Computer Corporation PowerEdge 1850

pcibios0 at bios0: rev 2.1 @ 0xf/0x1

pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfb140/272 (15 entries)

pcibios0: PCI Interrupt Router at 000:31:0 (Intel 82801EB/ER LPC rev
0x00)

pcibios0: PCI bus #9 is the last bus

bios0: ROM list: 0xc/0xb000! 0xcb000/0x1000 0xcc000/0x1000
0xcd000/0x2200 0xec000/0x4000!

acpi at mainbus0 not configured

ipmi0 at mainbus0: version 1.5 interface KCS iobase 0xca8/8 spacing 4

cpu0 at mainbus0

pci0 at mainbus0 bus 0: configuration mode 1 (no bios)

pchb0 at pci0 dev 0 function 0 Intel E7520 MCH rev 0x09

ppb0 at pci0 dev 2 function 0 Intel MCH PCIE rev 0x09

pci1 at ppb0 bus 1

ppb1 at pci1 dev 0 function 0 Intel IOP332 PCIE-PCIX rev 0x06

pci2 at ppb1 bus 2

ami0 at pci2 dev 14 function 0 Dell PERC 4e/Di rev 0x06: irq 7

ami0: Dell 16c, 32b, FW 521X, BIOS vH430, 256MB RAM

ami0: 1 channels, 0 FC loops, 1 logical drives

scsibus0 at ami0: 40 targets

sd0 at scsibus0 targ 0 lun 0: AMI, Host drive #00,  SCSI2 0/direct
fixed

sd0: 139900MB, 139900 cyl, 64 head, 32 sec, 512 bytes/sec, 286515200 sec
total

scsibus1 at ami0: 16 targets

safte0 at scsibus1 targ 6 lun 0: PE/PV, 1x2 SCSI BP, 1.0 SCSI2
3/processor fixed

ppb2 at pci1 dev 0 function 2 Intel IOP332 PCIE-PCIX rev 0x06

pci3 at ppb2 bus 3

san0 at pci3 dev 11 function 0 Sangoma A10x rev 0x00 irq 3

ppb3 at pci0 dev 4 function 0 Intel MCH PCIE rev 0x09

pci4 at ppb3 bus 4

ppb4 at pci0 dev 5 function 0 Intel MCH PCIE rev 0x09

pci5 at ppb4 bus 5

ppb5 at pci5 dev 0 function 0 Intel PCIE-PCIE rev 0x09

pci6 at ppb5 bus 6

em0 at pci6 dev 7 function 0 Intel PRO/1000MT (82541GI) rev 0x05: irq
11, address 00:13:72:57:05:8e

ppb6 at pci5 dev 0 function 2 Intel PCIE-PCIE rev 0x09

pci7 at ppb6 bus 7

em1 at pci7 dev 8 function 0 Intel PRO/1000MT (82541GI) rev 0x05: irq
3, address 00:13:72:57:05:8f

ppb7 at pci0 dev 6 function 0 Intel MCH PCIE rev 0x09

pci8 at ppb7 bus 8

uhci0 at pci0 dev 29 function 0 Intel 82801EB/ER USB rev 0x02: irq 11

usb0 at uhci0: USB revision 1.0

uhub0 at usb0

uhub0: Intel UHCI root hub, rev 1.00/1.00, addr 1

uhub0: 2 ports with 2 removable, self powered

uhci1 at pci0 dev 29 function 1 Intel 82801EB/ER USB rev 0x02: irq 10

usb1 at uhci1: USB revision 1.0

uhub1 at usb1

uhub1: Intel UHCI root hub, rev 1.00/1.00, addr 1

uhub1: 2 ports with 2 removable, self powered

uhci2 at pci0 dev 29 function 2 Intel 82801EB/ER USB rev 0x02: irq 7

usb2 at uhci2: USB revision 1.0

uhub2 at usb2

uhub2: Intel UHCI root hub, rev 1.00/1.00, addr 1

uhub2: 2 ports with 2 removable, self powered

ehci0 at pci0 dev 29 function 7 Intel 82801EB/ER USB2 rev 0x02: irq 5

usb3 at ehci0: USB revision 2.0

uhub3 at usb3

uhub3: Intel EHCI root hub, rev 2.00/1.00, addr 1

uhub3: 6 ports with 6 removable, self powered

ppb8 at pci0 dev 30 function 0 Intel 82801BA AGP rev 0xc2

pci9 at ppb8 bus 9

vga1 at pci9 dev 13 function 0 ATI Radeon VE QY rev 0x00

wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)

wsdisplay0: screen 1-5 added (80x25, vt100 emulation)

ichpcib0 at pci0 dev 31 function 0 Intel 82801EB/ER LPC rev 0x02

pciide0 at pci0 dev 31 function 1 Intel 82801EB/ER IDE rev 0x02: DMA,
channel 0 configured to compatibility, channel 1 configured to
compatibility

atapiscsi0 at pciide0 channel 0 drive 0

scsibus2 at atapiscsi0: 2 targets

cd0 at scsibus2 targ 0 lun 0: HL-DT-ST, CD-ROM GCR-8240N, 1.10 SCSI0
5/cdrom removable

cd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2

pciide0: 

Bug in pdksh when trapping EXIT ERR

[Clint Pachl]

I wanted to know if others thought pdksh v5.2.14's behavior is incorrect 
when trapping the EXIT and ERR. I wrote four tests to demonstrate. 
TEST_1 fails in my opinion. I believe it should output the following:

ERR
EXIT


# TEST_1
trap 'echo EXIT' EXIT
trap 'echo ERR' ERR
set -e
cd /X 2/dev/null
echo DONE
exit 0
=OUTPUT=(BAD)
EXIT


# TEST_2
trap 'echo EXIT' EXIT
trap 'echo ERR' ERR
#set -e
cd /X 2/dev/null
echo DONE
exit 0
=OUTPUT=(GOOD)
ERR
DONE
EXIT


# TEST_3
#trap 'echo EXIT' EXIT
trap 'echo ERR' ERR
set -e
cd /X 2/dev/null
echo DONE
exit 0
=OUTPUT=(GOOD)
ERR


# TEST_4
trap 'echo EXIT' EXIT
#trap 'echo ERR' ERR
set -e
cd /X 2/dev/null
echo DONE
exit 0
=OUTPUT=(GOOD)
EXIT


I also tried the tests in att ksh93. For TEST_[234], the output is the 
same as above. For TEST_1, it correctly outputs:

ERR
EXIT


After a quick grep through /usr/src/bin/ksh for EXIT and ERR I made a 
quick change to main.c. I also found the comment interesting.


--- main.c  Tue Jul 10 18:43:22 2007
+++ /usr/src/bin/ksh/main.c Tue May 15 18:56:46 2007
@@ -582,12 +582,12 @@
unwind(int i)
{
   /* ordering for EXIT vs ERR is a bit odd (this is what att ksh 
does) */

-   if (Flag(FERREXIT)  (i == LERROR || i == LINTR)) {
-   runtrap(sigtraps[SIGERR_]);
-   i = LLEAVE;
-   } else if (i == LEXIT || (Flag(FERREXIT)  (i == LERROR || i == 
LINTR) 

+   if (i == LEXIT || (Flag(FERREXIT)  (i == LERROR || i == LINTR) 
   sigtraps[SIGEXIT_].trap)) {
   runtrap(sigtraps[SIGEXIT_]);
+   i = LLEAVE;
+   } else if (Flag(FERREXIT)  (i == LERROR || i == LINTR)) {
+   runtrap(sigtraps[SIGERR_]);
   i = LLEAVE;
   }
   while (1) {


After applying the patch above, TEST_1 outputs ERR instead of EXIT. 
This seems closer, just need to comeback and run the EXIT trap. If 
people think this is a bug I will investigate further.


Also, according to OBSD's ksh(1) man page, TEST_1 hints at a possible bug.

set command
...
-e | errexit Exit (after executing the ERR trap) as soon as
 an error occurs or a command fails (i.e. exits
 with a non-zero status).  This does not apply to
 commands whose exit status is explicitly tested
 by a shell construct such as if, until, while,
 , or || statements.

-pachl

Re: ADVERT: C12G

[Jeremy Huiskamp]

This is probably not the right place for your software.  OpenBSD may  
be used to drop bombs on Australia, which likely counts as terrorism  
and conflicts with your licensing goals.


On 10-Jul-07, at 4:02 AM, Robin Carey wrote:


Ultra-Secure Communications:

C12-GAMMA; a free software product for FreeBSD/Linux:

http://www.leopard.uk.com/cion

Sincerely,
R Carey.

ALTQ on multi-WAN with pf pools

[Mahabub Basha]

Hi all,

I have a multi-WAN setup using pf pools and want to use
simple QoS using ALTQ.  I don't know how to use priq in
combination with multi-wan.

My stripped pf.conf looks like this

pf.conf
==
altq on $wan priq queue { idle_1, normal_1, high_1}
queue idle_1 priq(default)
queue normal_1 priority 2
queue high_1 priority 3

altq on $wan2 priq queue { idle_2, normal_2, high_2 }
queue idle_2 priq(default)
queue normal_2 priority 2
queue high_2 priority 3

# User NAT Rules
nat on $wan from any  to any- ($wan)
nat on $wan2 from any  to any- ($wan2)

pass in quick on $lan route-to { ($wan $wan_gw), ($wan2 $wan2_gw) } \
round-robin inet from ($lan:network) to any flags S/SA keep state
==


How can I assign select traffic (eg. ssh) going out on either $wan or
$wan2 to the high_x queues?

Thanks for reading!

- Mahabub Basha. S