Re: : ThinkPad T41p suspend is fine from console, hangs from X
I have a related problem. But it is with a ThinkPad T23, S3 graphics. Phoenix BIOS suspend to disk works fine while X is running but only if I have a text console active. And it does not matter if I use the 'savage' or the 'vesa' Xorg driver. If the X screen is active, the suspend hangs. Any clues, anyone? On Tue, Jul 10, 2007 at 05:45:40AM +0200, Jonathan Thornburg wrote: In message http://marc.info/?l=openbsd-miscm=118157353605570w=1 I described how I couldn't get suspend-to-RAM to work on an IBM/Lenovo Thinkpad T41p running OpenBSD 4.1-stable. (See that message for more details, including my dmesg.) In http://marc.info/?l=openbsd-miscm=118163499228268w=1 I added the additional information that | Since X is so tied up in this, I should also note that I do *not* have | an 'xorg.conf' -- the system is using some sort of internally-generated | default X configuration, which works fine (which is why I never bothered | to set up my own 'xorg.conf'. I'd like to thank all the people who responded, both privately and on the mailing list. The problem is now completely solved, thanks to a suggestion from Erik Mugele ejm at REMOVESPAMBLOCKteuton dot org, who wrote: What I eventually discovered was that the problem was the video driver that I was loading in the Xorg.conf file. Even if you don't use a custom xorg.conf file, the automatic version will load the ati driver. [[...]] I switched to using the vesa driver in Xorg.conf. This completely solved the problem. I know this isn't the optimal driver for the ATI card under X but it works just fine. I don't care about 3D acceleration, etc. I do get good colors, full 1600x1200 resolution and ALL of the suspend functions work (to RAM and to disk). They work from the Fn+buttons as well as from the zzz command. I wrote up my experiences about this here: http://www.teuton.org/~ejm/t42p My experience was identical, and switching to the vesa driver completely solved my problem. (I don't have the XVideo extension any more, but mplayer works fine with software video, so I don't care.) Again, my thanks to all who responded to my query -- suspend is *very* valuable when travelling with a laptop. My apologies for the long delay in this followup (too much travelling, and two much WPA-only wireless in hotel rooms). For the record, here is the /etc/X11/xorg.conf I am now using: --- begin /etc/X11/xorg.conf --- Section ServerLayout Identifier X.org Configured Screen 0 Screen0 0 0 InputDeviceMouse0 CorePointer InputDeviceKeyboard0 CoreKeyboard EndSection Section Files RgbPath /usr/X11R6/lib/X11/rgb ModulePath /usr/X11R6/lib/modules FontPath /usr/X11R6/lib/X11/fonts/misc/ FontPath /usr/X11R6/lib/X11/fonts/75dpi/:unscaled FontPath /usr/X11R6/lib/X11/fonts/100dpi/:unscaled FontPath /usr/local/lib/X11/fonts/ghostscript/ FontPath /usr/X11R6/lib/X11/fonts/TTF/ FontPath /usr/X11R6/lib/X11/fonts/Type1/ ##FontPath /usr/X11R6/lib/X11/fonts/CID/ EndSection Section Module ##Load dbe ##Load extmod Load glx ##Load record ##Load xtrap ##Load dri Load freetype Load type1 EndSection Section InputDevice Identifier Keyboard0 Driver kbd ## Option XkbOptions ctrl:swapcaps EndSection Section InputDevice Identifier Mouse0 Driver mouse Option Protocol wsmouse Option Device /dev/wsmouse ##Option ZAxisMapping 4 5 6 7 EndSection Section Monitor Identifier Monitor0 VendorName Monitor Vendor ModelNameMonitor Model EndSection Section Device ### Available Driver options are:- ### Values: i: integer, f: float, bool: True/False, ### string: String, freq: f Hz/kHz/MHz ### [arg]: arg optional #Option NoAccel # [bool] #Option SWcursor# [bool] #Option Dac6Bit # [bool] #Option Dac8Bit # [bool] #Option BusType # [str] #Option CPPIOMode # [bool] #Option CPusecTimeout # i #Option AGPMode # i #Option AGPFastWrite# [bool] #Option AGPSize # i #Option GARTSize# i #Option RingSize# i #Option BufferSize # i #Option EnableDepthMoves# [bool] #Option EnablePageFlip # [bool] #Option NoBackBuffer# [bool] #Option PanelOff# [bool] #Option DDCMode # [bool] #Option MonitorLayout # [str]
Re: Is there any bug with bnx which would cause vlans fail?
On Thu, Jul 05, 2007 at 12:28:51PM +0100, Rui Miguel Silva Seabra wrote: In the switch: interface GigabitEthernet0/3 switchport trunk encapsulation dot1q switchport trunk allowed vlan 1,101,1280 switchport mode trunk no ip address interface GigabitEthernet0/6 switchport access vlan 101 no ip address I am now fairly certain the problem is on OpenBSD's side (either my configuration is wrong, or there is a bug!). I'm this certain because merely defining the same on a GNU/Linux box, it worked on the first try: ifconfig eth1 up vconfig add eth1 101 ifconfig eth1.101 192.168.0.1 netmask 255.255.255.240 Machine A pinged machine B and vice-versa, traffic flowed through the vlan virtual interface. Can anyone share some profound insight, please? :) In machine A: cat /etc/hostname.bnx0 up cat /etc/hostname.bnx1 up cat /etc/hostname.trunk0 trunkproto failover trunkport bnx0 trunkport bnx1 cat /etc/hostname.vlan101 vlan 101 vlandev trunk0 inet 192.168.0.1 255.255.255.240 NONE In machine B: cat /etc/hostname.bnx0 inet 192.168.0.7 255.255.255.240 NONE Machine A is connected to GigabitEthernet0/3 Machine B is connected to GigabitEthernet0/6 They can't ping each other. I don't see any traffic (not even arps) when I use tcpdump -pni vlan101 Here comes dmesg on the HPDL360G5 machines: OpenBSD 4.1 (GENERIC) #1435: Sat Mar 10 19:07:45 MST 2007 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel(R) Xeon(R) CPU 5160 @ 3.00GHz (GenuineIntel 686-class) 3.01 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,CX16,xTPR real mem = 2145316864 (2095036K) avail mem = 1950748672 (1905028K) using 4278 buffers containing 107388928 bytes (104872K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+ BIOS, date 12/31/99, BIOS32 rev. 0 @ 0xf, SMBIOS rev. 2.3 @ 0xee000 (67 entries) bios0: HP ProLiant DL360 G5 pcibios0 at bios0: rev 3.0 @ 0xf/0x2000 pcibios0: PCI BIOS has 9 Interrupt Routing table entries pcibios0: PCI Interrupt Router at 000:31:0 (Intel 6321ESB LPC rev 0x00) pcibios0: PCI bus #22 is the last bus bios0: ROM list: 0xc/0xb000 0xcc400/0x4000! 0xd0400/0x1800 0xe6000/0x2000! acpi at mainbus0 not configured ipmi0 at mainbus0: version 2.0 interface KCS iobase 0xca2/2 spacing 1 cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 vendor Intel, unknown product 0x25d8 rev 0xb1 ppb0 at pci0 dev 2 function 0 Intel 5000 PCIE rev 0xb1 pci1 at ppb0 bus 9 ppb1 at pci1 dev 0 function 0 Intel 6321ESB PCIE rev 0x01 pci2 at ppb1 bus 10 ppb2 at pci2 dev 0 function 0 Intel 6321ESB PCIE rev 0x01 pci3 at ppb2 bus 11 ppb3 at pci2 dev 1 function 0 Intel 6321ESB PCIE rev 0x01 pci4 at ppb3 bus 14 ppb4 at pci2 dev 2 function 0 Intel 6321ESB PCIE rev 0x01 pci5 at ppb4 bus 15 ppb5 at pci1 dev 0 function 3 Intel 6321ESB PCIE-PCIX rev 0x01 pci6 at ppb5 bus 16 ppb6 at pci0 dev 3 function 0 Intel 5000 PCIE rev 0xb1 pci7 at ppb6 bus 6 ciss0 at pci7 dev 0 function 0 Hewlett-Packard Smart Array rev 0x01: irq 5 ciss0: 1 LD, HW rev 1, FW 2.08/2.08 scsibus0 at ciss0: 1 targets sd0 at scsibus0 targ 0 lun 0: HP, LOGICAL VOLUME, 2.08 SCSI3 0/direct fixed sd0: 69973MB, 69973 cyl, 64 head, 32 sec, 512 bytes/sec, 143305920 sec total ppb7 at pci0 dev 4 function 0 Intel 5000 PCIE rev 0xb1 pci8 at ppb7 bus 19 ppb8 at pci0 dev 5 function 0 Intel 5000 PCIE rev 0xb1 pci9 at ppb8 bus 22 ppb9 at pci0 dev 6 function 0 vendor Intel, unknown product 0x25e6 rev 0xb1 pci10 at ppb9 bus 2 ppb10 at pci10 dev 0 function 0 ServerWorks PCIE-PCIX rev 0xc3 pci11 at ppb10 bus 3 bnx0 at pci11 dev 0 function 0 Broadcom BCM5708 rev 0x12: irq 10 ppb11 at pci0 dev 7 function 0 Intel 5000 PCIE rev 0xb1 pci12 at ppb11 bus 4 ppb12 at pci12 dev 0 function 0 ServerWorks PCIE-PCIX rev 0xc3 pci13 at ppb12 bus 5 bnx1 at pci13 dev 0 function 0 Broadcom BCM5708 rev 0x12: irq 10 pchb1 at pci0 dev 16 function 0 Intel 5000 Error Reporting rev 0xb1 pchb2 at pci0 dev 16 function 1 Intel 5000 Error Reporting rev 0xb1 pchb3 at pci0 dev 16 function 2 Intel 5000 Error Reporting rev 0xb1 pchb4 at pci0 dev 17 function 0 Intel 5000 Reserved rev 0xb1 pchb5 at pci0 dev 19 function 0 Intel 5000 Reserved rev 0xb1 pchb6 at pci0 dev 21 function 0 Intel 5000 FBD rev 0xb1 pchb7 at pci0 dev 22 function 0 Intel 5000 FBD rev 0xb1 uhci0 at pci0 dev 29 function 0 Intel 6321ESB USB rev 0x09: irq 5 usb0 at uhci0: USB revision 1.0 uhub0 at usb0 uhub0: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered uhci1 at pci0 dev 29 function 1 Intel 6321ESB USB rev 0x09: irq 7 usb1 at uhci1: USB revision 1.0 uhub1 at usb1 uhub1: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub1: 2 ports with 2 removable, self powered uhci2 at pci0 dev 29 function 2 Intel 6321ESB USB rev
Re: : ThinkPad T41p suspend is fine from console, hangs from X
On 7/10/07, Raimo Niskanen [EMAIL PROTECTED] wrote: I have a related problem. But it is with a ThinkPad T23, S3 graphics. Phoenix BIOS suspend to disk works fine while X is running but only if I have a text console active. And it does not matter if I use the 'savage' or the 'vesa' Xorg driver. If the X screen is active, the suspend hangs. Any clues, anyone? Generally suspend/resume with APM works either by having the APM BIOS handle the graphics card in the back of the OS, or by counting on the OS to do the rignt thing. In the latter case, the kernel may need some work too. If Linux (or another BSD) manages to handle suspend/resume with X running, then it''s an OpenBSD bug. If other OSs fail too, then it's an X.Org driver problem, or a more general problem (BIOS bug, lack of documentation...).
Re: Is there any bug with bnx which would cause vlans fail?
Have you tried a -current snapshot at all? sys/dev/pci/if_bnx.c 1.49 may be relevant. description: revision 1.49 date: 2007/05/21 10:05:03; author: reyk; state: Exp; lines: +4 -3 fix bnx vlan tagging in the rx path; do not attach the vlan tag twice if the firmware has been told to keep it and copy the tag in network byte order in the other case. ok mcbride@ dlg@ =
ADVERT: C12G
Ultra-Secure Communications: C12-GAMMA; a free software product for FreeBSD/Linux: http://www.leopard.uk.com/cion Sincerely, R Carey.
Re: Is there any bug with bnx which would cause vlans fail?
On Tue, Jul 10, 2007 at 09:50:31AM +0100, Stuart Henderson wrote: Have you tried a -current snapshot at all? sys/dev/pci/if_bnx.c 1.49 may be relevant. description: revision 1.49 date: 2007/05/21 10:05:03; author: reyk; state: Exp; lines: +4 -3 fix bnx vlan tagging in the rx path; do not attach the vlan tag twice if the firmware has been told to keep it and copy the tag in network byte order in the other case. ok mcbride@ dlg@ = ooo... I thought I could be hitting a bug, damn, I hate compiling under qemu and that's the close I can do with a network access :| Rui -- P'tang! Today is Sweetmorn, the 45th day of Confusion in the YOLD 3173 + No matter how much you do, you never do enough -- unknown + Whatever you do will be insignificant, | but it is very important that you do it -- Gandhi + So let's do it...?
Re: Is there any bug with bnx which would cause vlans fail?
On 2007/07/10 10:12, Rui Miguel Silva Seabra wrote: On Tue, Jul 10, 2007 at 09:50:31AM +0100, Stuart Henderson wrote: Have you tried a -current snapshot at all? sys/dev/pci/if_bnx.c 1.49 may be relevant. description: revision 1.49 date: 2007/05/21 10:05:03; author: reyk; state: Exp; lines: +4 -3 fix bnx vlan tagging in the rx path; do not attach the vlan tag twice if the firmware has been told to keep it and copy the tag in network byte order in the other case. ok mcbride@ dlg@ = ooo... I thought I could be hitting a bug, damn, I hate compiling under qemu and that's the close I can do with a network access :| Can't you download a snapshot kernel on some other box and transfer it some way that doesn't involve vlans on bnx? (USB memory stick, USB nic, change the switch port to untagged, crossover-cable, etc..)
Re: VA space question
In file src/sys/arch/amd64/include/pmap.h: * The x86_64 pmap module closely resembles the i386 one. It uses * the same recursive entry scheme, and the same alternate area * trick for accessing non-current pmaps. See the i386 pmap.h * for a description. The obvious difference is that 3 extra * levels of page table need to be dealt with. The level 1 page * table pages are at: * * l1: 0x7f80 - 0x7fff (39 bits, needs PML4 entry) * * The alternate space is at: * * l1: 0xff80 - 0x (39 bits, needs PML4 entry) * * The rest is kept as physical pages in 3 UVM objects, and is * temporarily mapped for virtual access when needed. Which one level 1 ptp do we keep at the recursive area? Does OpenBSD keep the last used level 1 ptp cached at that area? Please clarify. Thanks, Constantine
Re: trying to be multi-homed, impossible without routing daemon?
hai, i have same problem. however reading the mailing list i found the solution. use pf, ddclient (for dhcp ip listing to the internet with zoneedit) is the answer. route add default adsl route add default dhcp ip -mpath then in the pf.conf pass in on adsl inet proto icmp keep state pass in on adsl inet proto tcp from any to adsl port ssh keep state pass in on cable_moden reply-to {cable_modem cable_modem_def_gateway} inet proto icmp keep state pass in on cable_moden reply-to {cable_modem cable_modem_def_gateway} inet proto tcp from any to cable_modem port ssh keep state you do not need bgp, rip, or ospf. because you need your isp to provide this. mine work with three provider. brgds, riwan At 02:20 AM 7/9/2007 -0700, Bohdan Tashchuk wrote: I'm running OpenBSD 4.1 release. I've had a DSL connection, just added a cable modem. DSL has static IP, cable modem IP assigned by DHCP (which becomes default route). Now, when I receive ICMP echo request on DSL the ICMP echo reply goes back via cable modem (and has cable modem source address, not DSL source address). Of course incoming services such as SSH on DSL interface have same problem, outgoing reply packets go to cable modem instead. I can't convince OpenBSD to return an echo reply via the interface the request arrived at. Is this just not possible? I've Googled for so many variations of multihomed, same interface, reply packets, but can't find anything definitive. Is there any way for the machine to learn what interface a packet arrived at and send replies there? I can't run anything like BGP or even RIP since my ISPs don't speak those with me. Is there a program that can watch incoming packets and update routing table accordingly so outgoing packet go out the right interface? Things work great for incoming requests if I delete the default route, but that makes outgoing requests pretty worthless since most packets have nowhere to go. Is this just how routing works? Is OpenBSD more restricted than other OSes for this issue? Can anyone recommend a good book? I've read TCP Illustrated vol 1 but Stevens doesn't disuss this much, he says it would take a book to cover. Having multiple interfaces to the Internet just seems useless for a typical small network. It seems like this should be an FAQ but maybe people are just smarter than I am and either figure out the answer or decide it is impossible. Thanks for any help or advice. --- End of Forwarded Message --- -- Open WebMail Project (http://openwebmail.org)
Re: VA space question
Constantine Kousoulos [EMAIL PROTECTED] writes: Which one level 1 ptp do we keep at the recursive area? Does OpenBSD keep the last used level 1 ptp cached at that area? Please clarify. Huh? That question, no parse. The recursive map is simply the top level page table that we enter into itself (check pmap_create to find whichever slot it might be) to have easy access to the page tables. //art
Re: Is there any bug with bnx which would cause vlans fail?
On Tue, Jul 10, 2007 at 11:04:29AM +0100, Stuart Henderson wrote: On 2007/07/10 10:12, Rui Miguel Silva Seabra wrote: On Tue, Jul 10, 2007 at 09:50:31AM +0100, Stuart Henderson wrote: Have you tried a -current snapshot at all? sys/dev/pci/if_bnx.c 1.49 may be relevant. description: revision 1.49 date: 2007/05/21 10:05:03; author: reyk; state: Exp; lines: +4 -3 fix bnx vlan tagging in the rx path; do not attach the vlan tag twice if the firmware has been told to keep it and copy the tag in network byte order in the other case. ok mcbride@ dlg@ = ooo... I thought I could be hitting a bug, damn, I hate compiling under qemu and that's the close I can do with a network access :| Can't you download a snapshot kernel on some other box and transfer it some way that doesn't involve vlans on bnx? (USB memory stick, USB nic, change the switch port to untagged, crossover-cable, etc..) I didn't know that. Thanks, I'll try it first. Rui -- Or not. Today is Sweetmorn, the 45th day of Confusion in the YOLD 3173 + No matter how much you do, you never do enough -- unknown + Whatever you do will be insignificant, | but it is very important that you do it -- Gandhi + So let's do it...?
Re: trying to be multi-homed, impossible without routing daemon?
nat on $cif from !($cif) - ($cif:0) The problem is that !($cif) includes $dif nat on $dif from !($dif) - ($dif:0) and !($dif) includes $cif. XX I NEED TO CHANGE TO SOMETHING LIKE THIS X nat on $cif from ($iif:network) - ($cif:0) nat on $dif from ($iif:network) - ($dif:0) Exactly although the :0 is not mandatory.
Re: VA space question
Artur Grabowski wrote: Constantine Kousoulos [EMAIL PROTECTED] writes: Which one level 1 ptp do we keep at the recursive area? Does OpenBSD keep the last used level 1 ptp cached at that area? Please clarify. Huh? That question, no parse. The top level page table in the amd64 architecture (meaning the first page table that we reference to get to the physical pages) is called PML4 (Page Map Level 4) or just level 4 page table. Through that page table we have access to 3 or 4 (depending on the page size) page tables to get to the physical pages. If that is the page table that the comments refer to in src/sys/arch/amd64/include/pmap.h, then they should change from [...] The obvious difference is that 3 extra * levels of page table need to be dealt with. The level 1 page * table pages are at: [...] to [...] The obvious difference is that 3 extra * levels of page table need to be dealt with. The level 4 page * table pages are at: [...] If the comments truly refer to the level 1 page table (last page table before getting physical address pages), then i am asking *which* level 1 page table does OpenBSD recursively maps of all the available? There's not only one level 1 page table although there is only one level 4 page table. The recursive map is simply the top level page table that we enter into itself (check pmap_create to find whichever slot it might be) to have easy access to the page tables. A second thing is that recursive mapping works well when we have 2-level page tables (as in the i386 architecture). When we have 3 or more page tables, the recursive mapping just points to another page table and not to the physical address of a page. I think that is why The rest (of the page tables) is kept as physical pages in 3 UVM objects, and is temporarily mapped for virtual access when needed. Do these UVM objects work like a cache that save the last page tables used?
GSSAPI logins into OpenSSH combined with auto-obtaining AFS tokens
Dear list, While fiddling around to move my home directories onto AFS, I notice a bit of interesting behaviour. At a first glance, everything seems just fine. When logging in through the Krb5 mechanism (as defined in login.conf), OpenSSH nicely obtains an AFS token for me. Use case: Windows SSH client entering a username/password upon connecting. The following scenario, however, does not get me AFS tickets in my shell: obtaining Krb5 credentials on the client and logging into OpenSSH through GSSAPI. Although logging in seems to have nicely transfered my Krb5 ticket, OpenSSH does not obtain an AFS token for me. Running afslog manually fixes this, but I would greatly prefer to have afslog run automatically. Browsing the archives, I gather GSSAPI and Kerberos are treated differently, but I cannot distill a solution from the results. Is there any? I'm presently thinking of ways to get 'afslog' to run after the GSSAPI login is completed. Would the 'approve' stanza in login.conf and a small work for this purpose? Reading the manual, I do get the feeling approve wasn't meant for this sort of thing, but I figured to best ask here for some good advice. Insight or a good cluebat are most appreciated. I'm thinking along the lines of: (in /etc/login.conf) :approve=/usr/local/bin/auto-afslog:\ :approve-ftp=/usr/local/bin/auto-afslog:\ (for the script) #!/bin/sh AFSLOG=/usr/bin/afslog ${AFSLOG} -p ${HOME} For a ${HOME} based in AFS filespace. If ${HOME} were to be outside AFS file space, I wouldn't mind the login to fail, since that would be a worthwhile incident to investigate. Cheers, Rogier -- If you don't know where you're going, any road will get you there.
Re: Is there any bug with bnx which would cause vlans fail?
On Tue, Jul 10, 2007 at 02:36:57PM +0100, Rui Miguel Silva Seabra wrote: On Tue, Jul 10, 2007 at 11:04:29AM +0100, Stuart Henderson wrote: On 2007/07/10 10:12, Rui Miguel Silva Seabra wrote: On Tue, Jul 10, 2007 at 09:50:31AM +0100, Stuart Henderson wrote: Have you tried a -current snapshot at all? sys/dev/pci/if_bnx.c 1.49 may be relevant. description: revision 1.49 date: 2007/05/21 10:05:03; author: reyk; state: Exp; lines: +4 -3 fix bnx vlan tagging in the rx path; do not attach the vlan tag twice if the firmware has been told to keep it and copy the tag in network byte order in the other case. ok mcbride@ dlg@ = ooo... I thought I could be hitting a bug, damn, I hate compiling under qemu and that's the close I can do with a network access :| Can't you download a snapshot kernel on some other box and transfer it some way that doesn't involve vlans on bnx? (USB memory stick, USB nic, change the switch port to untagged, crossover-cable, etc..) I didn't know that. Thanks, I'll try it first. yay! it seems to have worked as advertised on TV ;) Thank you, Stuart! -- You are what you see. Today is Sweetmorn, the 45th day of Confusion in the YOLD 3173 + No matter how much you do, you never do enough -- unknown + Whatever you do will be insignificant, | but it is very important that you do it -- Gandhi + So let's do it...?
Re: GSSAPI logins into OpenSSH combined with auto-obtaining AFS tokens
Rogier Krieger wrote: While fiddling around to move my home directories onto AFS, I notice a bit of interesting behaviour. At a first glance, everything seems just fine. When logging in through the Krb5 mechanism (as defined in login.conf), OpenSSH nicely obtains an AFS token for me. Use case: Windows SSH client entering a username/password upon connecting. The following scenario, however, does not get me AFS tickets in my shell: obtaining Krb5 credentials on the client and logging into OpenSSH through GSSAPI. Although logging in seems to have nicely transfered my Krb5 ticket, OpenSSH does not obtain an AFS token for me. Running afslog manually fixes this, but I would greatly prefer to have afslog run automatically. Do you have KerberosGetAFSToken yes in sshd_config? KerberosGetAFSToken If AFS is active and the user has a Kerberos 5 TGT, attempt to acquire an AFS token before accessing the user's home directory. The default is ``no''. -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.
123
123
Re: VA space question
Constantine Kousoulos [EMAIL PROTECTED] writes: A second thing is that recursive mapping works well when we have 2-level page tables (as in the i386 architecture). Try a few more levels of recursion. It works fine. When we have 3 or more page tables, the recursive mapping just points to another page table and not to the physical address of a page. I think that is why The rest (of the page tables) is kept as physical pages in 3 UVM objects, and is temporarily mapped for virtual access when needed. Do these UVM objects work like a cache that save the last page tables used? Erm. no. they are used to keep track of the page table pages. If you'd ask me, they are not really necessary to have there, other than to speed up certain operations by a tiniest fraction (so that we can do (obj,offset)-vm_page lookups instead of va-pa-vm_page lookups that are more expensive). I wouldn't trust those comments. Unfortunately, the common trait of most pmap comments is that they are written in a very early stage of pmap development and by the time the pmap is almost working, the author stops updating the comments (which is something you do mostly just to collect your thoughts). //art
Re: GSSAPI logins into OpenSSH combined with auto-obtaining AFS tokens
As someone kind made me realise in an off-list reply, I should have included my sshd_config on the machine in question. I should further note that it is a 3.9-stable machine (although I did not spot changes relating to the OpenSSH behaviour regarding GSSAPI for the versions included with 4.0/4.1). The following parameters differ from the stock sshd_config (the complete file is at the bottom of this message): KerberosAuthentication yes KerberosGetAFSToken yes GSSAPIAuthentication yes X11Forwarding yes The above lines allow me to enter a username/password combination to login (after which OpenSSH properly obtains the AFS tokens for me). As I said, this bit works nicely. If my clients (MIT KfW, SecureCRT) attempt GSSAPI authentication, OpenSSH properly obtains the Krb5 TGT (with the same end time as the one listed in my MIT KfW) and lets me login. In the GSSAPI case, however, OpenSSH does not obtain any AFS token, forcing me to run afslog manually. Hence my original question: can/should I use login.conf(5)'s 'approve' stanza and a special script to run the afslog for me to get my AFS tokens in order for the GSSAPI case? Cheers, Rogier # cat /etc/ssh/sshd_config # $OpenBSD: sshd_config,v 1.73 2005/12/06 22:38:28 reyk Exp $ # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. # The strategy used for options in the default sshd_config shipped with # OpenSSH is to specify options with their default value where # possible, but leave them commented. Uncommented options change a # default value. #Port 22 #Protocol 2,1 #AddressFamily any #ListenAddress 0.0.0.0 #ListenAddress :: # HostKey for protocol version 1 #HostKey /etc/ssh/ssh_host_key # HostKeys for protocol version 2 #HostKey /etc/ssh/ssh_host_rsa_key #HostKey /etc/ssh/ssh_host_dsa_key # Lifetime and size of ephemeral version 1 server key #KeyRegenerationInterval 1h #ServerKeyBits 768 # Logging # obsoletes QuietMode and FascistLogging #SyslogFacility AUTH #LogLevel INFO # Authentication: #LoginGraceTime 2m #PermitRootLogin yes PermitRootLogin without-password #StrictModes yes #MaxAuthTries 6 #RSAAuthentication yes #PubkeyAuthentication yes #AuthorizedKeysFile .ssh/authorized_keys # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts #RhostsRSAAuthentication no # similar for protocol version 2 #HostbasedAuthentication no # Change to yes if you don't trust ~/.ssh/known_hosts for # RhostsRSAAuthentication and HostbasedAuthentication #IgnoreUserKnownHosts no # Don't read the user's ~/.rhosts and ~/.shosts files #IgnoreRhosts yes # To disable tunneled clear text passwords, change to no here! #PasswordAuthentication yes #PermitEmptyPasswords no # Change to no to disable s/key passwords #ChallengeResponseAuthentication yes # Kerberos options #KerberosAuthentication no #KerberosOrLocalPasswd yes #KerberosTicketCleanup yes #KerberosGetAFSToken no KerberosAuthentication yes #KerberosOrLocalPasswd no KerberosGetAFSToken yes # GSSAPI options GSSAPIAuthentication yes #GSSAPIAuthentication no #GSSAPICleanupCredentials yes #AllowTcpForwarding yes #GatewayPorts no #X11Forwarding no X11Forwarding yes #X11DisplayOffset 10 #X11UseLocalhost yes #PrintMotd yes #PrintLastLog yes #TCPKeepAlive yes #UseLogin no #UsePrivilegeSeparation yes #PermitUserEnvironment no #Compression delayed #ClientAliveInterval 0 #ClientAliveCountMax 3 #UseDNS yes #PidFile /var/run/sshd.pid #MaxStartups 10 #PermitTunnel no # no default banner path #Banner /some/path # override default of no subsystems Subsystem sftp/usr/libexec/sftp-server -- If you don't know where you're going, any road will get you there.
Immobilier d'entreprise
Bonjour, Nous nous permettons de vous faire parvenir ce courriel, Afin de vous annoncer louverture du site www.immob ilier-entreprise.fr. Si vous souhaitez cider ou acquirir un bien immobilier pour votre entreprise, intigrer gratuitement votre annonce de cession ou dachat de bureaux, locaux commerciaux, boutiques, bbtiment industriel Dans lattente de votre visite, Veuillez agrier lexpression de nos sinchres salutations. Immobilier Entreprise www.immob ilier-entreprise.fr br/ Offre riservie exclusivement aux entreprises. Conformiment ` la Loi Informatique et Libertis parue au Journal Officiel du 6 janvier 1978, vous disposez d'un droit d'acchs, de rectification, et d'opposition aux donnies personnelles vous concernant. Pour ne plus recevoir d'informations de notre part, Cliquez ici
Linux emulation fedora/base or redhat/base
Hi, http://www.openbsd.org/faq/faq9.html#Interact says I should use fedora_base for Linux emulation but compat_linux(8) says I should use redhat_base. What is your advice? Pieter Verberne
Re: : ThinkPad T41p suspend is fine from console, hangs from X
Hi, If Linux (or another BSD) manages to handle suspend/resume with X running, then it''s an OpenBSD bug. If other OSs fail too, then it's an X.Org driver problem, or a more general problem (BIOS bug, lack of documentation...). T42 (with ATI graphics), Linux FC6 fails to handle suspend/resume with X running. Maxim
wpi(4) changes require firmware upgrade
Recent changes in wpi(4) require an upgrade of the wpi-firmware package to revision 2.14.4. As usual, you can find a prepackaged version of the firmware at: http://damien.bergamini.free.fr/packages/openbsd/wpi-firmware-2.14.4.tgz or you can download it directly from: http://www.intellinuxwireless.org/ and copy it to /etc/firmware/wpi-3945abg The driver will stop working if you don't upgrade the package. Damien
Re: Linux emulation fedora/base or redhat/base
Pieter Verberne wrote: http://www.openbsd.org/faq/faq9.html#Interact says I should use fedora_base for Linux emulation but compat_linux(8) says I should use redhat_base. What is your advice? Use fedora_base, it contains much newer linux components than the redhat_base package.
Re: SiS900 datasheet
On 7/10/07, Maxim Bourmistrov [EMAIL PROTECTED] wrote: Hello! I'v been googling for some time now without any success in finding subject. not even sis.com/sis.com.tw can give me what I need. can any one mail it to me or put in on the web? //maxim Isn't SiS900 part of SiS630? At least SiS630 datasheet (http://datasheet4u.com/html/S/I/S/SIS630_SIS.pdf.html) describes some Ethernet registers
Re: wpi(4) changes require firmware upgrade
Of course, this is only for people following -current. *DO NOT* update your wpi-firmware package if you're running 4.1! Users running 4.1 must use rev. 1.13 of the package as indicated in the wpi(4) man page. Older revisions of the firmware are available under: http://damien.bergamini.free.fr/packages/openbsd/ Damien | Recent changes in wpi(4) require an upgrade of the wpi-firmware | package to revision 2.14.4. | As usual, you can find a prepackaged version of the firmware at: | http://damien.bergamini.free.fr/packages/openbsd/wpi-firmware-2.14.4.tgz | | or you can download it directly from: | http://www.intellinuxwireless.org/ | and copy it to /etc/firmware/wpi-3945abg | | The driver will stop working if you don't upgrade the package. | | Damien
Re: Live Earth - Power management
My motherboard (Mini-itx) is running with a fanless processor VIA C3. Do you know tools who give estimation of watt consummation ? 2007/7/10, Brian Candler [EMAIL PROTECTED]: I'm trying to make a small router/firewall running with OpenBSD but before setting up this I want to know her electric consummation. I have recently discover a linux software whose name is: powertop. I don't think there's a powertop port for OpenBSD just yet, but for the application you are talking about here, there are a number of options for running with less power hungry hardware such as the units from soekris or other modest clock speed units. In general, for a routerish unit you could cut significantly on power requirements by throwing out the parts you don't need, eg going for serial console instead of that graphics card with its own cooling, aiming for lower power CPUs and so on. Seconded. Look for systems which are passively cooled - i.e. have no fan. This generally means they don't generate much heat in the first place. For example, there are VIA processors which only consume a few watts. Some of these have crypto accelerators and hardware random number generators built in, which is an extra bonus :-) As well as the really tiny systems like the Soekris, you could look at mini-ITX motherboards from the likes of Epia. My home desktop system is an Epia M-1 in a fanless case. I've not measured its power consumption, but I think it's pretty low. Regards, Brian. -- Can you correct my english !!??!! ^_^
Re: books.html out of date?
Alexander Hall [EMAIL PROTECTED] wrote: Is books.html falling behind? Yes ... or is the OpenBSD/amazon association for specific ISBN's? No If you can update the URLs, or have other books to add, you should email a diff -u to [EMAIL PROTECTED] -- The lessons of history teach us - if they teach us anything - that nobody learns the lessons that history teaches us. - Paul Robinson
Re: Live Earth - Power management
f.janczuk wrote: My motherboard (Mini-itx) is running with a fanless processor VIA C3. Do you know tools who give estimation of watt consummation ? http://www.amazon.com/dp/B9MDBU/openbsdA/
pfsync doesn't get peer address from /etc/hostname.pfsync0
I have two firewalls that I'm trying to sync. When one boots up the interface shows up correctly, both are running OpenBSD 4.1 and have been upgraded from previous versions of OpenBSD. Server A $ ifconfig pfsync0 pfsync0: flags=0 mtu 1460 groups: carp pfsync Server A after sh /etc/netstart pfsync0 $ ifconfig pfsync0 pfsync0: flags=41UP,RUNNING mtu 1460 pfsync: syncdev: em0 syncpeer: 64.93.69.53 maxupd: 128 groups: carp pfsync Server B after boot $ ifconfig pfsync0 pfsync0: flags=41UP,RUNNING mtu 1460 pfsync: syncdev: rl0 syncpeer: 64.93.69.36 maxupd: 128 groups: carp pfsync Server A /etc/hostname.pfsync0 $ cat /etc/hostname.pfsync0 up syncpeer magic.ad2.com syncdev em0 Server B /etc/hostname.pfsync0 $ cat /etc/hostname.pfsync0 up syncpeer canada.ad2.com syncdev rl0 Server A dmesg OpenBSD 4.1 (GENERIC) #1435: Sat Mar 10 19:07:45 MST 2007 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel(R) Xeon(TM) CPU 3.00GHz (GenuineIntel 686-class) 3 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36, CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,CNXT-ID ,CX16,xTPR real mem = 2146795520 (2096480K) avail mem = 1952096256 (1906344K) using 4278 buffers containing 107462656 bytes (104944K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+ BIOS, date 01/09/06, BIOS32 rev. 0 @ 0xffe90, SMBIOS rev. 2.3 @ 0xf9920 (87 entries) bios0: Dell Computer Corporation PowerEdge 1850 pcibios0 at bios0: rev 2.1 @ 0xf/0x1 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfb140/272 (15 entries) pcibios0: PCI Interrupt Router at 000:31:0 (Intel 82801EB/ER LPC rev 0x00) pcibios0: PCI bus #9 is the last bus bios0: ROM list: 0xc/0xb000! 0xcb000/0x1000 0xcc000/0x1000 0xcd000/0x2200 0xec000/0x4000! acpi at mainbus0 not configured ipmi0 at mainbus0: version 1.5 interface KCS iobase 0xca8/8 spacing 4 cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 Intel E7520 MCH rev 0x09 ppb0 at pci0 dev 2 function 0 Intel MCH PCIE rev 0x09 pci1 at ppb0 bus 1 ppb1 at pci1 dev 0 function 0 Intel IOP332 PCIE-PCIX rev 0x06 pci2 at ppb1 bus 2 ami0 at pci2 dev 14 function 0 Dell PERC 4e/Di rev 0x06: irq 7 ami0: Dell 16c, 32b, FW 521X, BIOS vH430, 256MB RAM ami0: 1 channels, 0 FC loops, 1 logical drives scsibus0 at ami0: 40 targets sd0 at scsibus0 targ 0 lun 0: AMI, Host drive #00, SCSI2 0/direct fixed sd0: 139900MB, 139900 cyl, 64 head, 32 sec, 512 bytes/sec, 286515200 sec total scsibus1 at ami0: 16 targets safte0 at scsibus1 targ 6 lun 0: PE/PV, 1x2 SCSI BP, 1.0 SCSI2 3/processor fixed ppb2 at pci1 dev 0 function 2 Intel IOP332 PCIE-PCIX rev 0x06 pci3 at ppb2 bus 3 san0 at pci3 dev 11 function 0 Sangoma A10x rev 0x00 irq 3 ppb3 at pci0 dev 4 function 0 Intel MCH PCIE rev 0x09 pci4 at ppb3 bus 4 ppb4 at pci0 dev 5 function 0 Intel MCH PCIE rev 0x09 pci5 at ppb4 bus 5 ppb5 at pci5 dev 0 function 0 Intel PCIE-PCIE rev 0x09 pci6 at ppb5 bus 6 em0 at pci6 dev 7 function 0 Intel PRO/1000MT (82541GI) rev 0x05: irq 11, address 00:13:72:57:05:8e ppb6 at pci5 dev 0 function 2 Intel PCIE-PCIE rev 0x09 pci7 at ppb6 bus 7 em1 at pci7 dev 8 function 0 Intel PRO/1000MT (82541GI) rev 0x05: irq 3, address 00:13:72:57:05:8f ppb7 at pci0 dev 6 function 0 Intel MCH PCIE rev 0x09 pci8 at ppb7 bus 8 uhci0 at pci0 dev 29 function 0 Intel 82801EB/ER USB rev 0x02: irq 11 usb0 at uhci0: USB revision 1.0 uhub0 at usb0 uhub0: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered uhci1 at pci0 dev 29 function 1 Intel 82801EB/ER USB rev 0x02: irq 10 usb1 at uhci1: USB revision 1.0 uhub1 at usb1 uhub1: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub1: 2 ports with 2 removable, self powered uhci2 at pci0 dev 29 function 2 Intel 82801EB/ER USB rev 0x02: irq 7 usb2 at uhci2: USB revision 1.0 uhub2 at usb2 uhub2: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub2: 2 ports with 2 removable, self powered ehci0 at pci0 dev 29 function 7 Intel 82801EB/ER USB2 rev 0x02: irq 5 usb3 at ehci0: USB revision 2.0 uhub3 at usb3 uhub3: Intel EHCI root hub, rev 2.00/1.00, addr 1 uhub3: 6 ports with 6 removable, self powered ppb8 at pci0 dev 30 function 0 Intel 82801BA AGP rev 0xc2 pci9 at ppb8 bus 9 vga1 at pci9 dev 13 function 0 ATI Radeon VE QY rev 0x00 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) ichpcib0 at pci0 dev 31 function 0 Intel 82801EB/ER LPC rev 0x02 pciide0 at pci0 dev 31 function 1 Intel 82801EB/ER IDE rev 0x02: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility atapiscsi0 at pciide0 channel 0 drive 0 scsibus2 at atapiscsi0: 2 targets cd0 at scsibus2 targ 0 lun 0: HL-DT-ST, CD-ROM GCR-8240N, 1.10 SCSI0 5/cdrom removable cd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2 pciide0:
Bug in pdksh when trapping EXIT ERR
I wanted to know if others thought pdksh v5.2.14's behavior is incorrect when trapping the EXIT and ERR. I wrote four tests to demonstrate. TEST_1 fails in my opinion. I believe it should output the following: ERR EXIT # TEST_1 trap 'echo EXIT' EXIT trap 'echo ERR' ERR set -e cd /X 2/dev/null echo DONE exit 0 =OUTPUT=(BAD) EXIT # TEST_2 trap 'echo EXIT' EXIT trap 'echo ERR' ERR #set -e cd /X 2/dev/null echo DONE exit 0 =OUTPUT=(GOOD) ERR DONE EXIT # TEST_3 #trap 'echo EXIT' EXIT trap 'echo ERR' ERR set -e cd /X 2/dev/null echo DONE exit 0 =OUTPUT=(GOOD) ERR # TEST_4 trap 'echo EXIT' EXIT #trap 'echo ERR' ERR set -e cd /X 2/dev/null echo DONE exit 0 =OUTPUT=(GOOD) EXIT I also tried the tests in att ksh93. For TEST_[234], the output is the same as above. For TEST_1, it correctly outputs: ERR EXIT After a quick grep through /usr/src/bin/ksh for EXIT and ERR I made a quick change to main.c. I also found the comment interesting. --- main.c Tue Jul 10 18:43:22 2007 +++ /usr/src/bin/ksh/main.c Tue May 15 18:56:46 2007 @@ -582,12 +582,12 @@ unwind(int i) { /* ordering for EXIT vs ERR is a bit odd (this is what att ksh does) */ - if (Flag(FERREXIT) (i == LERROR || i == LINTR)) { - runtrap(sigtraps[SIGERR_]); - i = LLEAVE; - } else if (i == LEXIT || (Flag(FERREXIT) (i == LERROR || i == LINTR) + if (i == LEXIT || (Flag(FERREXIT) (i == LERROR || i == LINTR) sigtraps[SIGEXIT_].trap)) { runtrap(sigtraps[SIGEXIT_]); + i = LLEAVE; + } else if (Flag(FERREXIT) (i == LERROR || i == LINTR)) { + runtrap(sigtraps[SIGERR_]); i = LLEAVE; } while (1) { After applying the patch above, TEST_1 outputs ERR instead of EXIT. This seems closer, just need to comeback and run the EXIT trap. If people think this is a bug I will investigate further. Also, according to OBSD's ksh(1) man page, TEST_1 hints at a possible bug. set command ... -e | errexit Exit (after executing the ERR trap) as soon as an error occurs or a command fails (i.e. exits with a non-zero status). This does not apply to commands whose exit status is explicitly tested by a shell construct such as if, until, while, , or || statements. -pachl
Re: ADVERT: C12G
This is probably not the right place for your software. OpenBSD may be used to drop bombs on Australia, which likely counts as terrorism and conflicts with your licensing goals. On 10-Jul-07, at 4:02 AM, Robin Carey wrote: Ultra-Secure Communications: C12-GAMMA; a free software product for FreeBSD/Linux: http://www.leopard.uk.com/cion Sincerely, R Carey.
ALTQ on multi-WAN with pf pools
Hi all, I have a multi-WAN setup using pf pools and want to use simple QoS using ALTQ. I don't know how to use priq in combination with multi-wan. My stripped pf.conf looks like this pf.conf == altq on $wan priq queue { idle_1, normal_1, high_1} queue idle_1 priq(default) queue normal_1 priority 2 queue high_1 priority 3 altq on $wan2 priq queue { idle_2, normal_2, high_2 } queue idle_2 priq(default) queue normal_2 priority 2 queue high_2 priority 3 # User NAT Rules nat on $wan from any to any- ($wan) nat on $wan2 from any to any- ($wan2) pass in quick on $lan route-to { ($wan $wan_gw), ($wan2 $wan2_gw) } \ round-robin inet from ($lan:network) to any flags S/SA keep state == How can I assign select traffic (eg. ssh) going out on either $wan or $wan2 to the high_x queues? Thanks for reading! - Mahabub Basha. S