Re: Speed Problems
What have you looked at? are you running pf? what kind of ruleset? Tried simplifying it? --Bryan On 9/25/07, rezidue [EMAIL PROTECTED] wrote: I've been having problems with throughput on a box I'm using as an edge gateway. I can't seem to get it to push out more than 150Mb/sec at about 20k pps. It's a Tyan Thunder K8SR (S2881) board that has two gig broadcom interfaces on a shared pci-x bus. It's on the bcm5704c chipset and I'm running OpenBSD 4.0. The machine has two dual core amd opteron chips and two gigs of ram. Barley any resources are being used when we are peaking during the day. When we hit around 140+Mb/sec I start seeing packet loss and when I copy a file from this machine via scp to another host over the gig lan I can see that it directly affects throughput. I've spent all day trying to find the problem but I've had no luck. Any ideas? Any info I can provide?
Re: Speed Problems
On Tue, Sep 25, 2007 at 11:57:37PM -0500, rezidue wrote: I've been having problems with throughput on a box I'm using as an edge gateway. I can't seem to get it to push out more than 150Mb/sec at about 20k pps. It's a Tyan Thunder K8SR (S2881) board that has two gig broadcom interfaces on a shared pci-x bus. It's on the bcm5704c chipset and I'm running OpenBSD 4.0. The machine has two dual core amd opteron chips and two gigs of ram. Barley any resources are being used when we are peaking during the day. When we hit around 140+Mb/sec I start seeing packet loss and when I copy a file from this machine via scp to another host over the gig lan I can see that it directly affects throughput. I've spent all day trying to find the problem but I've had no luck. Any ideas? Any info I can provide? Order a 4.2 CD and install it as soon as you get it. 4.2 removed many bottlenecks in the network stack. In the meanwhile check out for the ip ifq len: # sysctl net.inet.ip.ifq net.inet.ip.ifq.len=0 net.inet.ip.ifq.maxlen=256 net.inet.ip.ifq.drops=0 I bet your drops are non 0 and the maxlen is to small (256 is a better value for gigabit firewalls/routers). -- :wq Claudio
Re: SMTP flood + spamdb
Chris Smith wrote: On Tuesday 25 September 2007, Craig Skinner wrote: If you are using postfix: /etc/postfix/main.cf: .. .. smtpd_recipient_restrictions = reject_non_fqdn_hostname reject_invalid_hostname reject_non_fqdn_sender reject_non_fqdn_recipient reject_unlisted_recipient -- this one Isn't this actually a postfix default? As smtpd_reject_unlisted_recipient defaults to yes. Absolutely correct, but by poking it in smtpd_recipient_restrictions you can choose when to invoke it. Probably makes little difference either way in the real world.
Re: spamd shows up as an open relay
Rob wrote: You're right, then. If I explicitly block inbound connections to the outbound mail server (instead of redirecting them), that might fix the problem ... depending on just what kind of check the recipient's mail server is doing. A sending MTA is not required to accept SMTP connections, only those listed with DNS MX records should do so. I guess the superfluous redirect is causing the trouble. The outbound server must TCP block inbound connections with pf or the OS, do not use the MTA to 55x reject the connection. Slightly off topic; but as you know, sender verification schemes work by looking up the sender's domain's MX records and attempting to send a mail to that sender. Should not matter which IP the mail is coming from. Compare gmail's vast array of outbound MTA ip address blocks, they are not listed in the MX records. I'm a little concerned about just blocking those connections per your suggestion, though. Sounds like the right thing to do to me. It might end up just changing the affected recipients; if someone's dumb enough not to correctly check for an open relay, someone else is certainly dumb enough to reject mail if they can't connect back to the inbound IP. But you said that they are connecting to the outbound IP and that you are redirecting them to the inbound IP, so this is not an issue if you reject the connection instead of redirecting it. Best you can do is give it a go and send them a mail while watching the logs! Its only mail, not as if gold bullion is getting lost.
Re: SMTP flood + spamdb
RW wrote: What I was getting looked like backscatter and smelled like backscatter it is just that some of the IPs sending it didn't check out as MTAs. i.e. they were not listed MXs for the domain they came from AND the domain was not likely someone with separate outbound senders. They all retried too and when I had them as TRAPPED entries the logged data included typical failed-to-deliver messages. 'bots getting smart eh? Bugger! If that is the trend, greylisting starts to lose its value as spammers adapt to the RFCs. Set up a pf queue of dialup speed for windows boxes connecting to port 25? Should slow them down a bit, but still let the odd legit extrange sent mail in.
9GB Wide SCSI HDDs useful?
Hi, we have here six 9GB Wide SCSI HDDs (68 pin), which are of no use to us anymore. Each has been surface-scanned, so (at the moment) they are working well. Details: 4 IBM DDRS-39130 manufactured in October 1998 2 Quantum Atlas IV (should also be from the last century) *If* someone from the OpenBSD developer community can use them, I would ship them anywhere in the EU, preferrably in Germany. greetings, knitti
man strnlen mistake?
In doing this, strnlen() looks only at the first maxlen characters at s and never beyond s+maxlen. Shouldn't it be never beyond s+maxlen-1? CL
Re: SMTP flood + spamdb
Craig Skinner [EMAIL PROTECTED] writes: 'bots getting smart eh? Bugger! If that is the trend, greylisting starts to lose its value as spammers adapt to the RFCs. If they adapt to greylisting and start following relevant RFCs, we've succeeded in making spamming more expensive. I don't see that happening much, though. The spam that reaches content filtering here has managed to get itself into the queue on real mail servers which for some reason allows them. On the 'spamd looks like an open relay' issue, it would make sense to use a relay checker which actually checks for mail received, not just the status codes. On the other hand I actually like that part of spamd the way it is. Spammers who apparently think every IP address in our range is an open relay occasionally swell our greylists quite a bit. None of it ever gets delivered, of course, but we see the attempts quite often these days. -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.datadok.no/ http://www.nuug.no/ Remember to set the evil bit on all malicious network traffic delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Cannot fork
Hi all, Yesterday my workstation started doing this: [EMAIL PROTECTED]:eddlocal ifconfig ksh: cannot fork - try again It usually only lasts a couple of minutes, but during which time the machine is pretty useless. Top tells me that I have 500MB of RAM free, and that the OS has not even started swapping. I am going to try upgrading my snapshot to see if that fixes this, but I thought I should report it incase. OpenBSD 4.2-current (GENERIC) #2: Tue Sep 11 14:16:04 BST 2007 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel(R) Pentium(R) 4 CPU 3.00GHz (GenuineIntel 686-class) 3 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,CNXT-ID,xTPR real mem = 1055678464 (1006MB) avail mem = 1013071872 (966MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 04/05/04, BIOS32 rev. 0 @ 0xf0010, SMBIOS rev. 2.3 @ 0xfbe40 (76 entries) bios0: vendor Intel Corp. version BF86510A.86A.0058.P15.0404050012 date 04/05/2004 bios0: Intel Corporation D865GLC apm0 at bios0: Power Management spec V1.2 apm0: AC on, battery charge unknown apm0: flags 30102 dobusy 0 doidle 1 pcibios0 at bios0: rev 2.1 @ 0xf/0x1 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf3d00/224 (12 entries) pcibios0: PCI Interrupt Router at 000:31:0 (Intel 82801EB/ER LPC rev 0x00) pcibios0: PCI bus #2 is the last bus bios0: ROM list: 0xc/0xa200! 0xca800/0x1000 0xcb800/0x1000 cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 Intel 82865G/PE/P CPU-I/0-1 rev 0x02 vga1 at pci0 dev 2 function 0 Intel 82865G Video rev 0x02: aperture at 0xf000, size 0x800 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) ppb0 at pci0 dev 3 function 0 Intel 82865G/PE/P CPU-CSA rev 0x02 pci1 at ppb0 bus 1 em0 at pci1 dev 1 function 0 Intel PRO/1000CT (82547EI) rev 0x00: irq 10, address 00:0c:f1:f5:13:41 uhci0 at pci0 dev 29 function 0 Intel 82801EB/ER USB rev 0x02: irq 11 uhci1 at pci0 dev 29 function 1 Intel 82801EB/ER USB rev 0x02: irq 5 uhci2 at pci0 dev 29 function 2 Intel 82801EB/ER USB rev 0x02: irq 10 uhci3 at pci0 dev 29 function 3 Intel 82801EB/ER USB rev 0x02: irq 11 ehci0 at pci0 dev 29 function 7 Intel 82801EB/ER USB2 rev 0x02: irq 9 usb0 at ehci0: USB revision 2.0 uhub0 at usb0: Intel EHCI root hub, rev 2.00/1.00, addr 1 ppb1 at pci0 dev 30 function 0 Intel 82801BA AGP rev 0xc2 pci2 at ppb1 bus 2 ichpcib0 at pci0 dev 31 function 0 Intel 82801EB/ER LPC rev 0x02: 24-bit timer at 3579545Hz pciide0 at pci0 dev 31 function 1 Intel 82801EB/ER IDE rev 0x02: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility pciide0: channel 0 disabled (no drives) pciide0: channel 1 disabled (no drives) pciide1 at pci0 dev 31 function 2 Intel 82801EB SATA rev 0x02: DMA, channel 0 configured to native-PCI, channel 1 configured to native-PCI pciide1: using irq 10 for native-PCI interrupt wd0 at pciide1 channel 0 drive 0: WDC WD800JD-00MSA1 wd0: 16-sector PIO, LBA48, 76319MB, 156301488 sectors wd0(pciide1:0:0): using PIO mode 4, Ultra-DMA mode 5 ichiic0 at pci0 dev 31 function 3 Intel 82801EB/ER SMBus rev 0x02: irq 3 iic0 at ichiic0 adt0 at iic0 addr 0x2e: emc6d100 rev 0x65 auich0 at pci0 dev 31 function 5 Intel 82801EB/ER AC97 rev 0x02: irq 3, ICH5 AC97 ac97: codec id 0x41445375 (Analog Devices AD1985) ac97: codec features headphone, 20 bit DAC, No 3D Stereo audio0 at auich0 usb1 at uhci0: USB revision 1.0 uhub1 at usb1: Intel UHCI root hub, rev 1.00/1.00, addr 1 usb2 at uhci1: USB revision 1.0 uhub2 at usb2: Intel UHCI root hub, rev 1.00/1.00, addr 1 usb3 at uhci2: USB revision 1.0 uhub3 at usb3: Intel UHCI root hub, rev 1.00/1.00, addr 1 usb4 at uhci3: USB revision 1.0 uhub4 at usb4: Intel UHCI root hub, rev 1.00/1.00, addr 1 isa0 at ichpcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pcppi0 at isa0 port 0x61 midi0 at pcppi0: PC speaker spkr0 at pcppi0 lpt0 at isa0 port 0x378/4 irq 7 npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 biomask ff6d netmask ff6d ttymask ffef pctr: user-level cycle counter enabled mtrr: Pentium Pro MTRR support uhidev0 at uhub1 port 1 configuration 1 interface 0 uhidev0: Sun Microsystems Type 6 Mouse, rev 1.00/1.02, addr 2, iclass 3/1 ums0 at uhidev0: 3 buttons wsmouse0 at ums0 mux 0 uhidev1 at uhub1 port 2 configuration 1 interface 0 uhidev1: Sun Microsystems Type 6 Keyboard, rev 1.00/1.01, addr 3, iclass 3/1 ukbd0 at uhidev1: 8 modifier keys, 6 key codes, layout 32 wskbd1 at ukbd0 mux 1 wskbd1: connecting to wsdisplay0 dkcsum: wd0 matches BIOS drive 0x80 root on wd0a swap on wd0b dump on wd0b WARNING: / was not properly unmounted auich0: measured ac97 link rate at 47998 Hz,
Re: spamd shows up as an open relay
hmm, on Tue, Sep 25, 2007 at 02:50:41PM -0700, Rob said that We just ran across an odd intermittent problem with email that we traced back to spamd showing up as an open relay. I double-checked the documentation and mailing list archives and didn't find anything relevant. dnsstuff.com is great to have a look what an admin left out/forgot/doesn't know :D i was quite dismayed too when it showed me as an open relay... (http://www.dnsstuff.com/tools/dnsreport.ch?domain=obiit.org) but please note their wording: FAIL Open relay test WARNING: One or more of your mailservers appears to be an open relay. If so, this means that you are allowing spammers to freely use the mailserver to send out spam! It is possible that your mailserver accepts all E-mail and later bounces it, or accepts the relay attempt and then deletes the E-mail, but this is not common. WARNING: obiit.org appears to be an open relay: 250 This is hurting you more than it is hurting me. br / and they are right, it is not common. but any service that would rely on this kind of info _only_ (mail accepted but not checking if arrived) should get a clue and rethink their strategy. that said, i have no idea if this could be changed in a meaningful way for spamd. the best thing about it after all, is it's MTA/OS ignorance. -f -- 43.3% of all statistics are meaningless.
Re: Speed Problems
On 2007/09/25 23:57, rezidue wrote: I've been having problems with throughput on a box I'm using as an edge gateway. dmesg and vmstat -i might give clues. Also try bsd.mp if you use bsd (or vice-versa), and Claudio's suggestion of 4.2 is a good one.
Re: Cannot fork
Edd Barrett wrote: Hi all, Yesterday my workstation started doing this: [EMAIL PROTECTED]:eddlocal ifconfig ksh: cannot fork - try again It usually only lasts a couple of minutes, but during which time the machine is pretty useless. you sure you've not got your maximum number of processes for your login class? i routinely see this error on my workstations when i've got lots of stuff open. the proper solution is to bump up the login.conf values for your login class, not sure if this can be fixed sans complete logout and relogin. if it's lasting a couple minutes then maybe some processes are being created and destroyed shortly thereafter. cheers, jake Top tells me that I have 500MB of RAM free, and that the OS has not even started swapping. I am going to try upgrading my snapshot to see if that fixes this, but I thought I should report it incase. OpenBSD 4.2-current (GENERIC) #2: Tue Sep 11 14:16:04 BST 2007 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel(R) Pentium(R) 4 CPU 3.00GHz (GenuineIntel 686-class) 3 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,CNXT-ID,xTPR real mem = 1055678464 (1006MB) avail mem = 1013071872 (966MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 04/05/04, BIOS32 rev. 0 @ 0xf0010, SMBIOS rev. 2.3 @ 0xfbe40 (76 entries) bios0: vendor Intel Corp. version BF86510A.86A.0058.P15.0404050012 date 04/05/2004 bios0: Intel Corporation D865GLC apm0 at bios0: Power Management spec V1.2 apm0: AC on, battery charge unknown apm0: flags 30102 dobusy 0 doidle 1 pcibios0 at bios0: rev 2.1 @ 0xf/0x1 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf3d00/224 (12 entries) pcibios0: PCI Interrupt Router at 000:31:0 (Intel 82801EB/ER LPC rev 0x00) pcibios0: PCI bus #2 is the last bus bios0: ROM list: 0xc/0xa200! 0xca800/0x1000 0xcb800/0x1000 cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 Intel 82865G/PE/P CPU-I/0-1 rev 0x02 vga1 at pci0 dev 2 function 0 Intel 82865G Video rev 0x02: aperture at 0xf000, size 0x800 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) ppb0 at pci0 dev 3 function 0 Intel 82865G/PE/P CPU-CSA rev 0x02 pci1 at ppb0 bus 1 em0 at pci1 dev 1 function 0 Intel PRO/1000CT (82547EI) rev 0x00: irq 10, address 00:0c:f1:f5:13:41 uhci0 at pci0 dev 29 function 0 Intel 82801EB/ER USB rev 0x02: irq 11 uhci1 at pci0 dev 29 function 1 Intel 82801EB/ER USB rev 0x02: irq 5 uhci2 at pci0 dev 29 function 2 Intel 82801EB/ER USB rev 0x02: irq 10 uhci3 at pci0 dev 29 function 3 Intel 82801EB/ER USB rev 0x02: irq 11 ehci0 at pci0 dev 29 function 7 Intel 82801EB/ER USB2 rev 0x02: irq 9 usb0 at ehci0: USB revision 2.0 uhub0 at usb0: Intel EHCI root hub, rev 2.00/1.00, addr 1 ppb1 at pci0 dev 30 function 0 Intel 82801BA AGP rev 0xc2 pci2 at ppb1 bus 2 ichpcib0 at pci0 dev 31 function 0 Intel 82801EB/ER LPC rev 0x02: 24-bit timer at 3579545Hz pciide0 at pci0 dev 31 function 1 Intel 82801EB/ER IDE rev 0x02: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility pciide0: channel 0 disabled (no drives) pciide0: channel 1 disabled (no drives) pciide1 at pci0 dev 31 function 2 Intel 82801EB SATA rev 0x02: DMA, channel 0 configured to native-PCI, channel 1 configured to native-PCI pciide1: using irq 10 for native-PCI interrupt wd0 at pciide1 channel 0 drive 0: WDC WD800JD-00MSA1 wd0: 16-sector PIO, LBA48, 76319MB, 156301488 sectors wd0(pciide1:0:0): using PIO mode 4, Ultra-DMA mode 5 ichiic0 at pci0 dev 31 function 3 Intel 82801EB/ER SMBus rev 0x02: irq 3 iic0 at ichiic0 adt0 at iic0 addr 0x2e: emc6d100 rev 0x65 auich0 at pci0 dev 31 function 5 Intel 82801EB/ER AC97 rev 0x02: irq 3, ICH5 AC97 ac97: codec id 0x41445375 (Analog Devices AD1985) ac97: codec features headphone, 20 bit DAC, No 3D Stereo audio0 at auich0 usb1 at uhci0: USB revision 1.0 uhub1 at usb1: Intel UHCI root hub, rev 1.00/1.00, addr 1 usb2 at uhci1: USB revision 1.0 uhub2 at usb2: Intel UHCI root hub, rev 1.00/1.00, addr 1 usb3 at uhci2: USB revision 1.0 uhub3 at usb3: Intel UHCI root hub, rev 1.00/1.00, addr 1 usb4 at uhci3: USB revision 1.0 uhub4 at usb4: Intel UHCI root hub, rev 1.00/1.00, addr 1 isa0 at ichpcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pcppi0 at isa0 port 0x61 midi0 at pcppi0: PC speaker spkr0 at pcppi0 lpt0 at isa0 port 0x378/4 irq 7 npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 biomask ff6d netmask ff6d ttymask ffef pctr: user-level cycle counter enabled mtrr: Pentium Pro MTRR support uhidev0 at uhub1 port 1 configuration 1 interface 0 uhidev0: Sun Microsystems Type 6 Mouse, rev 1.00/1.02, addr 2,
Re: spamd shows up as an open relay
hmm, on Wed, Sep 26, 2007 at 11:22:23AM +0200, frantisek holop said that dnsstuff.com is great to have a look what an admin left out/forgot/doesn't know :D i was quite dismayed too when it showed me as an open relay... (http://www.dnsstuff.com/tools/dnsreport.ch?domain=obiit.org) sorry, doesn't let you use it directly, doh. have to go through the front door. and when you pass that test, they'll say, it's just a quick check, and go to http://www.abuse.net/relay.html if want a full check. -f -- 30 minutes of begging is not considered foreplay.
Re: Cannot fork
On Wed, Sep 26, 2007 at 10:11:57AM +0100, Edd Barrett wrote: Hi all, Yesterday my workstation started doing this: [EMAIL PROTECTED]:eddlocal ifconfig ksh: cannot fork - try again It usually only lasts a couple of minutes, but during which time the machine is pretty useless. Top tells me that I have 500MB of RAM free, and that the OS has not even started swapping. You have reached the limit of the maximal allowed processes run by you. You could raise the limit in /etc/login.conf, but first I would check if there is something wrong on your machine with that many processes. It could be OK. I am going to try upgrading my snapshot to see if that fixes this, but I thought I should report it incase. Regards, Markus
You just recieved a Electronic Greeting.
Hello , A Greeting Card is waiting for you at our virtual post office! You can pick up your postcard at the following web address: http://www.all-yours.net/u/view.php?id=a0190313376667 visit E-Greetings at http://www.all-yours.net/ and enter your pickup code, which is: a0190313376667 (Your postcard will be available for 60 days.)
Re: SMTP flood + spamdb
On 26 September 2007, Craig Skinner [EMAIL PROTECTED] wrote: RW wrote: What I was getting looked like backscatter and smelled like backscatter it is just that some of the IPs sending it didn't check out as MTAs. i.e. they were not listed MXs for the domain they came from AND the domain was not likely someone with separate outbound senders. They all retried too and when I had them as TRAPPED entries the logged data included typical failed-to-deliver messages. 'bots getting smart eh? Bugger! If that is the trend, greylisting starts to lose its value as spammers adapt to the RFCs. [...] Greylisting is trivial to bypass, with or without a queue: just send the same messages twice. Some spammers have figured that out long ago. Ever wondered why sometimes you receive 2 or 3 copies of the same spam, from the same IP, with the same Message-Id etc., a few minutes apart? Regards, Liviu Daia -- Dr. Liviu Daia http://www.imar.ro/~daia
wi driver: maximal output power question
Dear all, First, let me say a big hello to everyone here. I've been out of this list for almost three years... Just came back less than a week ago and Chuck Yerkes is sorely missing... I don't know if this question will be better answered here or on [EMAIL PROTECTED] After reading an email about power management on ral devices, took a look in the following piece of code, from if_wi.c. It seems to suggest that power output, using wi devices, is limited. Anything greater than 20dBm will be treated as 20dBm. I'm waiting the arrival of some senao cards, capable of 200mW (23dBm) output. Is the wi driver capable of handling this amount of power? STATIC int wi_set_txpower(struct wi_softc *sc, struct ieee80211_txpower *txpower) { u_int16_t cmd; u_int16_t power; int8_t tmp; int error; int alc; if (txpower == NULL) { if (!(sc-wi_flags WI_FLAGS_TXPOWER)) return (EINVAL); alc = 0;/* disable ALC */ } else { if (txpower-i_mode == IEEE80211_TXPOWER_MODE_AUTO) { alc = 1;/* enable ALC */ sc-wi_flags = ~WI_FLAGS_TXPOWER; } else { alc = 0;/* disable ALC */ sc-wi_flags |= WI_FLAGS_TXPOWER; sc-wi_txpower = txpower-i_val; } } /* Set ALC */ cmd = WI_CMD_DEBUG | (WI_DEBUG_CONFBITS 8); if ((error = wi_cmd(sc, cmd, alc, 0x8, 0)) != 0) return (error); /* No need to set the TX power value if ALC is enabled */ if (alc) return (0); /* Convert dBM to internal TX power value */ if (sc-wi_txpower 20) power = 128; else if (sc-wi_txpower -43) power = 127; else { tmp = sc-wi_txpower; tmp = -12 - tmp; tmp = 2; power = (u_int16_t)tmp; } /* Set manual TX power */ cmd = WI_CMD_WRITE_MIF; if ((error = wi_cmd(sc, cmd, WI_HFA384X_CR_MANUAL_TX_POWER, power, 0)) != 0) return (error); if (sc-sc_ic.ic_if.if_flags IFF_DEBUG) printf(%s: %u (%d dBm)\n, sc-sc_dev.dv_xname, power, sc-wi_txpower); return (0); }
Re: The Atheros story ... Rui trolling again.
Rui Miguel Silva Seabra [EMAIL PROTECTED] lol it's always bullshit when it's not convenient to you, right? and you are a troll. can you please troll around somewhere else, you are wasting precious magnetic domains. eris will not set you free, she will eat you alive. -sm
Re: Cannot fork
On 26/09/2007, Markus Lude [EMAIL PROTECTED] wrote: You have reached the limit of the maximal allowed processes run by you. Correct I am only allowed 64. A quick login class switch to staff should fix this. Thanks for the help. -- Best Regards Edd --- http://students.dec.bournemouth.ac.uk/ebarrett
Re: OpenBSD on decTOP?
On Tue, 25 Sep 2007, Jonathan Gray wrote: SNIP There has been at least one dmesg submitted for these, Did you see any serial ports detected in the dmesg? If so how many? thanks diana
Re: SMTP flood + spamdb
On Wed, 26 Sep 2007, Liviu Daia wrote: Greylisting is trivial to bypass, with or without a queue: just send the same messages twice. Some spammers have figured that out long ago. Ever wondered why sometimes you receive 2 or 3 copies of the same spam, from the same IP, with the same Message-Id etc., a few minutes apart? That doesn't work, at least not against spamd.
Re: The Atheros story in much fewer words
On Wed, Sep 26, 2007 at 02:32:05PM +0200, Siegbert Marschall wrote: You don't seem to get the fact that I'm not even talking about what's more or less free (in your definition). The BSD has fewer requirements, but it allows some users to not have the freedoms you claim to defend. ROTFL. I almost wetted my keyboard with the remains in the bottle of water I was just about to drink... but it allows some users to not have the freedoms you claim to defend. Exactly. That's freedom. Being able to choose, even to choose to abandon freedom. Freedom of choice. Keep on writing I am beginning to enjoy the show, you are getting better at playing the clown Rui. Please, don't encourage him :( Gilles
hoststated and remote ip address
hi i run the hoststated and ic have a small problem. my config are table hobbithosts { #check http /ldirector.html code 200 check icmp timeout 300 real port 443 host $hobbit_predmz_ip } service hobbit01 { virtual host $hobbit_dmz_ip port 443 interface em0 tag hobbit01 sticky-address table hobbithosts } so i setup also an user authentication by apache and this work also if the connection plain from www. but if i connect the webserver through the hoststated i get never the authentication login from the apache. can help me someone ? holger
Re: OpenBSD on decTOP?
On 2007/09/26 06:38, Diana Eichert wrote: On Tue, 25 Sep 2007, Jonathan Gray wrote: SNIP There has been at least one dmesg submitted for these, Did you see any serial ports detected in the dmesg? If so how many? none showing.
Re: The Atheros story in much fewer words
but it allows some users to not have the freedoms you claim to defend. think you'll struggle to find people here who claim to defend freedom. personally, i'm a believer and practitioner, i leave the defending to the mis-guided and the hypocrites.
Re: OpenBSD on decTOP?
On 26/09/2007, Diana Eichert [EMAIL PROTECTED] wrote: On Tue, 25 Sep 2007, Jonathan Gray wrote: SNIP There has been at least one dmesg submitted for these, Did you see any serial ports detected in the dmesg? If so how many? T'was mine: OpenBSD 4.2 (GENERIC) #375: Tue Aug 28 10:38:44 MDT 2007 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Geode(TM) Integrated Processor by National Semi (Geode by NSC 586-class) 366 MHz cpu0: FPU,DE,PSE,TSC,MSR,CX8,PGE,CMOV,MMX real mem = 112693248 (107MB) avail mem = 100970496 (96MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 12/19/06 pcibios at bios0 function 0x1a not configured bios0: ROM list: 0xc/0x8000 acpi0 at mainbus0: rev 0 acpi0: tables DSDT FACP BOOT acpitimer at acpi0 not configured acpiprt0 at acpi0: bus 0 (PCI0) acpicpu at acpi0 not configured acpibtn at acpi0 not configured acpibtn at acpi0 not configured cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 1 function 0 NS CS5535 Host rev 0x21 vga1 at pci0 dev 1 function 1 NS CS5535 VIDEO rev 0x00 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) ATT/Lucent LTMODEM rev 0x02 at pci0 dev 13 function 0 not configured pcib0 at pci0 dev 15 function 0 NS CS5535 ISA rev 0x13 pciide0 at pci0 dev 15 function 2 NS CS5535 IDE rev 0x00: DMA (unsupported), channel 0 wired to compatibility, channel 1 wired to compatibility pciide0: channel 0 ignored (other hardware responding at addresses) pciide0: channel 1 ignored (not responding; disabled or no drives?) NS CS5535 AUDIO rev 0x00 at pci0 dev 15 function 3 not configured ohci0 at pci0 dev 15 function 4 NS CS5535 USB rev 0x06: irq 10, version 1.0, legacy support ohci1 at pci0 dev 15 function 5 NS CS5535 USB rev 0x06: irq 11, version 1.0, legacy support isa0 at pcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pms0 at pckbc0 (aux slot) pckbc0: using irq 12 for aux slot wsmouse0 at pms0 mux 0 wdc0 at isa0 port 0x1f0/8 irq 14 wd0 at wdc0 channel 0 drive 0: ST310014A wd0: 16-sector PIO, LBA, 9768MB, 20005650 sectors wd0(wdc0:0:0): using BIOS timings pcppi0 at isa0 port 0x61 midi0 at pcppi0: PC speaker spkr0 at pcppi0 npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 usb0 at ohci0: USB revision 1.0 uhub0 at usb0: NS OHCI root hub, rev 1.00/1.00, addr 1 usb1 at ohci1: USB revision 1.0 uhub1 at usb1: NS OHCI root hub, rev 1.00/1.00, addr 1 biomask effd netmask effd ttymask pctr: user-level cycle counter enabled axe0 at uhub0 port 2 configuration 1 interface 0 axe0: D-Link DUB-E100 rev B1, rev 2.00/0.01, addr 2, AX88772, address 00:80:c8:38:92:7e rlphy0 at axe0 phy 3: IP101 10/100 PHY, rev. 4 dkcsum: wd0 matches BIOS drive 0x80 root on wd0a swap on wd0b dump on wd0b -- dir21
Re: SMTP flood + spamdb
On 26 September 2007, Damien Miller [EMAIL PROTECTED] wrote: On Wed, 26 Sep 2007, Liviu Daia wrote: Greylisting is trivial to bypass, with or without a queue: just send the same messages twice. Some spammers have figured that out long ago. Ever wondered why sometimes you receive 2 or 3 copies of the same spam, from the same IP, with the same Message-Id etc., a few minutes apart? That doesn't work, at least not against spamd. How does spamd distinguish between a legitimate retry and a re-injection of the same message with the same Message-Id, sender etc.? Regards, Liviu Daia -- Dr. Liviu Daia http://www.imar.ro/~daia
Re: OpenBSD on decTOP?
according to the datasheet for the CS5535 there are 2 UARTS on the chip. http://www.amd.com/files/connectivitysolutions/geode/geode_gx/31506_cs5535_databook.pdf that would suck if it was permanently disabled diana
Re: SMTP flood + spamdb
Liviu Daia wrote: How does spamd distinguish between a legitimate retry and a re-injection of the same message with the same Message-Id, sender etc.? It doesn't. Just what you described would probably be within the default 25 mins grey period. Another delivery attempt would be needed after this time to pass spamd.
Re: SMTP flood + spamdb
On Wed, 26 Sep 2007, Liviu Daia wrote: On 26 September 2007, Damien Miller [EMAIL PROTECTED] wrote: On Wed, 26 Sep 2007, Liviu Daia wrote: Greylisting is trivial to bypass, with or without a queue: just send the same messages twice. Some spammers have figured that out long ago. Ever wondered why sometimes you receive 2 or 3 copies of the same spam, from the same IP, with the same Message-Id etc., a few minutes apart? That doesn't work, at least not against spamd. How does spamd distinguish between a legitimate retry and a re-injection of the same message with the same Message-Id, sender etc.? It can't. But spamd's default of 25 minute passtime should help. (Well it does help someone -- since it limits the spammer's resources.) (spamd doesn't know about Message-Id, it uses connecting IP address, HELO/EHLO, envelope-from, and envelope-to.)
Re: OpenBSD on decTOP?
hmmm, further reading of the data sheet makes me wonder if the serial UART is at address 2E8H for com3, if so that is disabled in GENERIC. #pccom3 at isa? port 0x2e8 irq 9# (conflicts with some video cards) I'm not completely familiar with the device scan when the kernel is loaded. Will it discover a device hanging off isa0 if a driver is not compiled into the kernel and show it as not configured or will it just not find it at all? diana
Re: SMTP flood + spamdb
On 26 September 2007, Craig Skinner [EMAIL PROTECTED] wrote: Liviu Daia wrote: How does spamd distinguish between a legitimate retry and a re-injection of the same message with the same Message-Id, sender etc.? It doesn't. Just what you described would probably be within the default 25 mins grey period. Why should it? The second copy is sent in a separate run, that's the whole point. The only thing the bot has to figure out is how long to wait until the second run. A smart one would send a second copy after 10 minutes, and a third one after, say, 35 minutes. Another delivery attempt would be needed after this time to pass spamd. Moral: randomize the greylisting time... Regards, Liviu Daia -- Dr. Liviu Daia http://www.imar.ro/~daia
Re: OpenBSD on decTOP?
Diana Eichert schrieb: hmmm, further reading of the data sheet makes me wonder if the serial UART is at address 2E8H for com3, if so that is disabled in GENERIC. #pccom3 at isa? port 0x2e8 irq 9# (conflicts with some video cards) I'm not completely familiar with the device scan when the kernel is loaded. Will it discover a device hanging off isa0 if a driver is not compiled into the kernel and show it as not configured or will it just not find it at all? As it won't probe on port 0x2e8 it will not find it. Thats why it was disabled, the probe will have negative effects on other hardware. Greetings Markus
Re: SMTP flood + spamdb
On Wed, 2007-09-26 at 17:02 +0300, Liviu Daia wrote: Another delivery attempt would be needed after this time to pass spamd. Moral: randomize the greylisting time... Between which min/max valuse? Keep in mind that this corresponds to the (minimum) delay introduced in delivering a good messages to the mailbox. ciao Luca
Re: SMTP flood + spamdb
Liviu Daia wrote: Why should it? The second copy is sent in a separate run, that's the whole point. The only thing the bot has to figure out is how long to wait until the second run. A smart one would send a second copy after 10 minutes, and a third one after, say, 35 minutes. OK, but you did say a few minutes apart. In English, few is normally a single digit.
Re: SMTP flood + spamdb
On 26 September 2007, Luca Corti [EMAIL PROTECTED] wrote: On Wed, 2007-09-26 at 17:02 +0300, Liviu Daia wrote: Another delivery attempt would be needed after this time to pass spamd. Moral: randomize the greylisting time... Between which min/max valuse? Keep in mind that this corresponds to the (minimum) delay introduced in delivering a good messages to the mailbox. That's up to you. The minimum should be large enough to keep away naive bots, as it does now. The maximum should be as large as you can afford without being too anti-social. :) Some crap will still pass through anyway. Regards, Liviu Daia -- Dr. Liviu Daia http://www.imar.ro/~daia
Re: OpenBSD on decTOP?
On Wed, 26 Sep 2007, Markus Hennecke wrote: As it won't probe on port 0x2e8 it will not find it. Thats why it was disabled, the probe will have negative effects on other hardware. Greetings Markus that's what I assumed, but I thought I'd ask anyway. thanks
Re: SMTP flood + spamdb
On 26 September 2007, Liviu Daia [EMAIL PROTECTED] wrote: On 26 September 2007, Luca Corti [EMAIL PROTECTED] wrote: On Wed, 2007-09-26 at 17:02 +0300, Liviu Daia wrote: Another delivery attempt would be needed after this time to pass spamd. Moral: randomize the greylisting time... Between which min/max valuse? Keep in mind that this corresponds to the (minimum) delay introduced in delivering a good messages to the mailbox. That's up to you. The minimum should be large enough to keep away naive bots, as it does now. The maximum should be as large as you can afford without being too anti-social. :) Some crap will still pass through anyway. The maximum should also leave plenty of time before expiry. Some mailers use queue backoff algorithms, which means some legitimate messages might never get a chance to pass if the window is too small... Regards, Liviu Daia -- Dr. Liviu Daia http://www.imar.ro/~daia
Re: SMTP flood + spamdb
Liviu Daia [EMAIL PROTECTED] writes: Why should it? The second copy is sent in a separate run, that's the whole point. The only thing the bot has to figure out is how long to wait until the second run. A smart one would send a second copy after 10 minutes, and a third one after, say, 35 minutes. *BZZT!* Assuming facts not in evidence: a *smart* spambot /and/ a spammer who actually *cares* about the delivery of individual messages. Another delivery attempt would be needed after this time to pass spamd. Actually, the way it works is more like this: 1st try: 451 try again later * At this point, anywhere between 80%-97% of spammers just move on, there's millions more messages to spew out there, and other hosts which are way more receptive. 2nd try, after passtime: 451 try again later (spamd to self: oh, this one retried, better whitelist) * This is where we decide it has a chance to be non-trash, but we don't let on just yet 3rd try: now you talk to the real smtp daemon (if there is one) * They've passed the test. They may still be bastids, but at least they know some basic rules of conduct. Moral: randomize the greylisting time... Random numbers can be fun, but I'd like to see real world data which support your theory. I'm beginning to think that this is another one of those 'I refuse to believe greylisting works because I refuse to understand it' episodes. -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.datadok.no/ http://www.nuug.no/ Remember to set the evil bit on all malicious network traffic delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: SMTP flood + spamdb
Liviu Daia wrote: That's up to you. The minimum should be large enough to keep away naive bots, as it does now. The maximum should be as large as you can afford without being too anti-social. :) Some crap will still pass through anyway. The maximum should also leave plenty of time before expiry. Some mailers use queue backoff algorithms, which means some legitimate messages might never get a chance to pass if the window is too small... The defaults work very well: See: http://www.ualberta.ca/~beck/nycbug06/spamd/mgp1.html Hear: http://www.fetissov.org/public/nycbsdcon06/2.4.mp3
Re: SMTP flood + spamdb
On Wed, 26 Sep 2007, Liviu Daia wrote: On 26 September 2007, Craig Skinner [EMAIL PROTECTED] wrote: Liviu Daia wrote: How does spamd distinguish between a legitimate retry and a re-injection of the same message with the same Message-Id, sender etc.? It doesn't. Just what you described would probably be within the default 25 mins grey period. Why should it? The second copy is sent in a separate run, that's the whole point. The only thing the bot has to figure out is how long to wait until the second run. A smart one would send a second copy after 10 minutes, and a third one after, say, 35 minutes. Another delivery attempt would be needed after this time to pass spamd. Moral: randomize the greylisting time... Or take advantage of the (by default) 25 minute window to use other means to detect that this address is sending spam. Perhaps spamd should be extended to look for excessive attempts to send messages from an address during that period? (How often do spammers' lists contain only one or two addresses from a domain?) Dave -- Dave Anderson [EMAIL PROTECTED]
Re: SMTP flood + spamdb
On 2007/09/26 11:03, Dave Anderson wrote: Or take advantage of the (by default) 25 minute window to use other means to detect that this address is sending spam. Perhaps spamd should be extended to look for excessive attempts to send messages from an address during that period? google: greyscanner
Re: SMTP flood + spamdb
Dave Anderson [EMAIL PROTECTED] writes: Or take advantage of the (by default) 25 minute window to use other means to detect that this address is sending spam. Perhaps spamd should be extended to look for excessive attempts to send messages from an address during that period? (How often do spammers' lists contain only one or two addresses from a domain?) You could probably use straight rdr instead of rdr pass to feed spamd, then in the relevant pass rule apply your source tracking options and overload and some table magic for that -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.datadok.no/ http://www.nuug.no/ Remember to set the evil bit on all malicious network traffic delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: Internet slowdown when pf is enabled? Running on i386 -current
I know it's weird that's why I posted this in the first place :P anyway, the OpenBSD gateway is running web server (apache+php), and mail server (postfix+dovecot). The thing is, it doesn't seem there are alot of connections from those daemons. and like i said before, if i tried to connect to the Internet directly from my laptop, the connection is fine. Would a tcpdump log be any helpful at this point? Thanks for replying though. On Wed, 26 Sep 2007 15:55:21 +0200, knitti [EMAIL PROTECTED] wrote: On 9/22/07, Reza Muhammad [EMAIL PROTECTED] wrote: I'm having a problem with my Internet connection in my home network. I noticed that my Internet connection has been very slow since I upgraded to -current a week ago. First, I thought it was just my ISP problem. Then, I tried to connect to the Internet directly from my laptop, it worked fine. I noticed that the Internet is slowing down when pf is enabled. I changed my pf.conf to only do nat, and scrub incoming packets, but it is still slow. State Table Total Rate current entries 698 searches 448763619511.5/s inserts 280924 1221.4/s removals 280226 1218.4/s I don't know what kind of traffic you have on your box, but these numbers look strange. I see on various firewalls between 0.1 and 5% of that with some simple rulesets and NAT. These are DSL links, both asymmetric and symmetric. If you are really only doing NAT, something is strange. greetings, knitti
Re: Porting OpenBSD to OLPC XO laptops.
[diverted to [EMAIL PROTECTED] On Wed, Sep 26, 2007 at 08:08:41AM -0700, big one wrote: | OLPC (One Laptop Per Child) had released XO AMD Geode LX Laptops | using G1G1 (Buy 2 Get 1). One laptop will be sent to the buyer and the | 2nd laptop will be sent to a child in a poor, developing country. | | According to Mr Theo de Raadt from OpenBSD, it is impossible to | write device driver for Wireless chipset inside XO. | | According to OLPC developer team: | 1. There is no standard BIOS inside XO laptops. | 2. There is no VGA/EGA/CGA video mode. | | Is it possible to port OpenBSD to XO Laptops without | activating/using the wireless chipset? | Thank you Why not buy some and send them to interested developers. Buy 2 Send 1 to an OpenBSD developer ;) Cheers, Paul 'WEiRD' de Weerd -- [++-]+++.+++[---].+++[+ +++-].++[-]+.--.[-] http://www.weirdnet.nl/
Loading PF after ppp
I connect to the internet using pppoe(8) by putting the following line in /etc/rc.local.conf: ppp -ddial pppoe However, the pf rules load before I have an internet connection and therefore pfctl reports an error. How does one load PF after ppp? Amit.
Re: SMTP flood + spamdb
On Wed, 2007-09-26 at 17:38 +0300, Liviu Daia wrote: That's up to you. The minimum should be large enough to keep away naive bots, as it does now. The maximum should be as large as you can afford without being too anti-social. :) Some crap will still pass through anyway. Sometimes is not about being social, but about receiving important messages in time. Some greylisting implementations have a bit more relaxed policies on whitelisting (e.g. whitelisting /24 subnets on which the sender resides instead of single IP address) to speed up whitelisting efficiency. Not sure about how much spam this allows to slip through. ciao Luca
Re: SMTP flood + spamdb
On Wed, 2007-09-26 at 16:01 +0100, Craig Skinner wrote: The defaults work very well: See: http://www.ualberta.ca/~beck/nycbug06/spamd/mgp1.html Hear: http://www.fetissov.org/public/nycbsdcon06/2.4.mp3 Maybe this also has to do with amount and type of traffic you get. Small shops are probably more likely to experience delays, while hosters of a large number of high traffic domains should have whitelists converge fast. ciao Luca
OpenBSD configuration file for Samhain
Hi, I got Samhain http://www.la-samhna.de/samhain/ installed on a 4.1 The default configuration file for it is written for a FreeBSD system. Are there people out there who use Samhain on OpenBSD if so could you please help me tune the configuration file to use it with OpenBSD. The default configuration file is given below. Thank you so much :-) Kind Regards Siju # # # FreeBSD Configuration file for samhain. # # # # -- empty lines and lines starting with '#', ';' or '//' are ignored # -- boolean options can be Yes/No or True/False or 1/0 # -- you can PGP clearsign this file -- samhain will check (if compiled #with support) or otherwise ignore the signature # -- CHECK mail address # # To each log facility, you can assign a threshold severity. Only # reports with at least the threshold severity will be logged # to the respective facility (even further below). # # # SETUP for file system checking: # (i) There are several policies, each has its own section. Put files # into the section for the appropriate policy (see below). # (ii) Section [EventSeverity]: # To each policy, you can assign a severity (further below). # (iii) Section [Log]: # To each log facility, you can assign a threshold severity. Only # reports with at least the threshold severity will be logged # to the respective facility (even further below). # # # # Files are defined with: file = /absolute/path # # Directories are defined with: dir = /absolute/path # or with an optional recursion depth (N = 99): dir = N/absolute/path # # Directory inodes are checked. If you only want to check files # in a directory, but not the directory inode itself, use (e.g.): # # [ReadOnly] # dir = /some/directory # [IgnoreAll] # file = /some/directory # # You can use shell-style globbing patterns, like: file = /path/foo* # ## [Misc] ## ## Add or subtract tests from the policies ## - if you want to change their definitions, ## you need to do that before using the policies ## # RedefReadOnly = (no default) # RedefAttributes=(no default) # RedefLogFiles=(no default) # RedefGrowingLogFiles=(no default) # RedefIgnoreAll=(no default) # RedefIgnoreNone=(no default) # RedefUser0=(no default) # RedefUser1=(no default) # # - / -- # [ReadOnly] dir = 0/ [Attributes] file = / file = /proc file = /entropy file = /tmp file = /var # # - /dev --- # [Attributes] dir = 99/dev [IgnoreAll] file = /dev/ttyp? [Misc] ## ## pseudo terminals are created/removed as needed ## IgnoreAdded = /dev/(p|t)typ.* IgnoreMissing = /dev/(p|t)typ.* # # - /etc --- # [ReadOnly] ## ## for these files, only access time is ignored ## dir = 99/etc # # - /boot --- # [ReadOnly] dir = 99/boot # # - /bin, /sbin --- # [ReadOnly] dir = 99/bin dir = 99/sbin # # - /lib --- # [ReadOnly] dir = 99/lib # # - /libexec --- # [ReadOnly] dir = 99/libexec # # - /rescue --- # [ReadOnly] dir = 99/rescue # # - /root --- # [Attributes] ## ## for these files, only changes in permissions and ownership are checked ## dir = 99/root # # - /stand --- # [ReadOnly] dir = 99/stand # # - /usr --- # [ReadOnly] dir = 99/usr [Attributes] dir = /usr/.snap dir = /usr/share/man/cat? file = /usr/compat/linux/etc file = /usr/compat/linux/etc/ld.so.cache [IgnoreAll] dir = -1/usr/home # # - /var --- # [Attributes] dir = 0/var [LogFiles] ## ## for these files, changes in signature, timestamps, and size are ignored ## file=/var/run/utmp [GrowingLogFiles] ## ## For these files, changes in signature, timestamps, and increase in size ## are ignored. Logfile rotation will cause a report because of shrinking ## size and different inode. ## dir = 99/var/log [Attributes] # # rotated logs will change inode # file = /var/log/*.[0-9].bz2 file = /var/log/*.[0-9].log file = /var/log/*.[0-9] file = /var/log/*.[0-9][0-9] file = /var/log/*.old file = /var/log/sendmail.st [Misc] # # Various naming schemes for rotated logs # IgnoreAdded = /var/log/.*\.[0-9]+$ IgnoreAdded = /var/log/.*\.[0-9]+\.gz$ IgnoreAdded = /var/log/.*\.[0-9]+\.bz2$ IgnoreAdded = /var/log/.*\.[0-9]+\.log$ [IgnoreNone] ## ## for these files, all modifications (even access time) are reported ##- you may create some interesting-looking file (like /etc/safe_passwd), ## just to watch whether someone will access it ... ## [User0] [User1] ## User0 and User1 are sections for files/dirs with
Re: Internet slowdown when pf is enabled? Running on i386 -current
On 2007/09/26 22:32, Reza Muhammad wrote: Would a tcpdump log be any helpful at this point? maybe; try ifconfig pfsync0 create and tcpdump -nipfsync0 -vvs1000 inserts 280924 1221.4/s removals 280226 1218.4/s expect it to scroll pretty damn fast...
Re: Loading PF after ppp
2007/9/26, Amit Finkler [EMAIL PROTECTED]: How does one load PF after ppp? By using ppp.linkup cat /etc/ppp/ppp.linkup MYADDR: !bg sh -c /sbin/pfctl -e -f /etc/pf.conf Best Martin
Re: Loading PF after ppp
I connect to the internet using pppoe(8) by putting the following line in /etc/rc.local.conf: ppp -ddial pppoe However, the pf rules load before I have an internet connection and therefore pfctl reports an error. How does one load PF after ppp? Being in the same situation I had not enabled PF through rc.conf of rc.conf.local, instead I've put following in rc.local: /usr/sbin/ppp -background -quiet pppoe if [ $? -eq 0 ]; then echo PPP enabled pfctl -e pfctl -f /etc/pf.conf fi I'm not sure whether it's correct or not, but it works for me :) Regards, -- Cezary Morga There are three kinds of lies: lies, damned lies, and statistics. (Benjamin Disraeli) [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc ]
Re: spamd shows up as an open relay
I'm not 100% certain I'm getting your idea here ... we do currently run inbound/outbound mail on different IPs, but the problem isn't with the connections themselves. From the example session transcript with spamd that I posted earlier: 250 Hello, spam sender. Pleased to be wasting your time. MAIL FROM: [EMAIL PROTECTED] 250 Ok to start over. RCPT TO: [EMAIL PROTECTED] 250 You are about to try to deliver spam. Your time will be spent, for nothing. For an actual MTA, the 250 code here indicates an open relay, because we are not the MX for checkor.com. Nope, because you can reject it later on. Their test is flawed. All our open relay checking we do here actually checks the full dialogue to see if the message is accepted *and* checks for an actual relay, if they aren't doing that, their test is amatuer hour crap. spamd of course doesn't know this (and I'm aware that fixing it might not be easy), but it is still triggering a false positive as an open relay. Spamd won't change in this regard. It would completely break spamd to accomodate some false idea of a test.
Re: Loading PF after ppp
On Wed, Sep 26, 2007 at 05:54:58PM +0200, Amit Finkler wrote: I connect to the internet using pppoe(8) by putting the following line in /etc/rc.local.conf: ppp -ddial pppoe However, the pf rules load before I have an internet connection and therefore pfctl reports an error. How does one load PF after ppp? Hi Amit. I guess pf complains about the non-existant interface. Starting and stopping pf can be done with entries in /etc/ppp/ppp.linkup and /etc/ppp/ppp.linkdown e.g I use: # cat /etc/ppp/ppp.linkup [... snipp ...] ! sh -c ifconfig pflog0 up ! sh -c pfctl -e ! sh -c pfctl -f /etc/pf.conf ! sh -c /usr/local/bin/svc -u /service/pflogd [... snipp ...] and # cat /etc/ppp/ppp.linkdown [... snipp ...] ! sh -c /usr/local/bin/svc -d /service/pflogd ! sh -c /usr/local/bin/svc -t /service/pflogd ! sh -c pfctl -d [... snipp ...] I use djbs daemontools to start and stop pflogd, but I think you can also use ! sh -c /sbin/pflogd and ! sh -c pkill pflogd HTH, Andreas. -- Windows 95: A 32-bit patch for a 16-bit GUI shell running on top of an 8-bit operating system written for a 4-bit processor by a 2-bit company who cannot stand 1 bit of competition.
Re: SMTP flood + spamdb
On 26 September 2007, Peter N. M. Hansteen [EMAIL PROTECTED] wrote: Liviu Daia [EMAIL PROTECTED] writes: Why should it? The second copy is sent in a separate run, that's the whole point. The only thing the bot has to figure out is how long to wait until the second run. A smart one would send a second copy after 10 minutes, and a third one after, say, 35 minutes. *BZZT!* Assuming facts not in evidence: a *smart* spambot /and/ a spammer who actually *cares* about the delivery of individual messages. My point is it doesn't have to. The third copy passes regardless of what happens with the first two. [...] Moral: randomize the greylisting time... Random numbers can be fun, but I'd like to see real world data which support your theory. Ok, since you ask, here's a recent one. The message passed all my filters, so it was received three times. Please note the identical message-id. First run: Sep 25 18:06:16 ns1 postfix-localhost/smtpd[27143]: 9FAE1142A7: client=unknown[212.239.40.101] Sep 25 18:06:17 ns1 postfix/cleanup[3734]: 9FAE1142A7: message-id=[EMAIL PROTECTED] Sep 25 18:06:18 ns1 postfix/qmgr[1554]: 9FAE1142A7: from=[EMAIL PROTECTED], size=2545, nrcpt=2 (queue active) Sep 25 18:06:18 ns1 postfix/pipe[25075]: 9FAE1142A7: to=[EMAIL PROTECTED], relay=uucpz, delay=1.8, delays=1.7/0/0/0.06, dsn=2.0.0, status=sent (delivered via uucpz service) Sep 25 18:06:18 ns1 postfix/local[7260]: 9FAE1142A7: to=[EMAIL PROTECTED], relay=local, delay=1.9, delays=1.7/0/0/0.24, dsn=2.0.0, status=sent (delivered to command: /usr/local/sbin/gather_stats.pl /usr/local/share/Mail_stats) Sep 25 18:06:18 ns1 postfix/qmgr[1554]: 9FAE1142A7: removed The same message, sent 8 minutes later: Sep 25 18:14:14 ns1 postfix-localhost/smtpd[8404]: 1649714331: client=unknown[212.239.40.101] Sep 25 18:14:15 ns1 postfix/cleanup[21622]: 1649714331: message-id=[EMAIL PROTECTED] Sep 25 18:14:15 ns1 postfix/qmgr[1554]: 1649714331: from=[EMAIL PROTECTED], size=2547, nrcpt=2 (queue active) Sep 25 18:14:15 ns1 postfix/pipe[25075]: 1649714331: to=[EMAIL PROTECTED], relay=uucpz, delay=1.4, delays=1.4/0/0/0.05, dsn=2.0.0, status=sent (delivered via uucpz service) Sep 25 18:14:15 ns1 postfix/local[7260]: 1649714331: to=[EMAIL PROTECTED], relay=local, delay=1.6, delays=1.4/0/0/0.25, dsn=2.0.0, status=sent (delivered to command: /usr/local/sbin/gather_stats.pl /usr/local/share/Mail_stats) Sep 25 18:14:15 ns1 postfix/qmgr[1554]: 1649714331: removed Same, 28 minutes later: Sep 25 18:42:52 ns1 postfix-localhost/smtpd[13055]: 72BCD142A7: client=unknown[212.239.40.101] Sep 25 18:42:53 ns1 postfix/cleanup[21622]: 72BCD142A7: message-id=[EMAIL PROTECTED] Sep 25 18:42:53 ns1 postfix/qmgr[1554]: 72BCD142A7: from=[EMAIL PROTECTED], size=3724, nrcpt=2 (queue active) Sep 25 18:42:53 ns1 postfix/pipe[25075]: 72BCD142A7: to=[EMAIL PROTECTED], relay=uucpz, delay=0.81, delays=0.75/0.01/0/0.05, dsn=2.0.0, status=sent (delivered via uucpz service) Sep 25 18:42:53 ns1 postfix/local[7260]: 72BCD142A7: to=[EMAIL PROTECTED], relay=local, delay=1, delays=0.75/0.01/0/0.24, dsn=2.0.0, status=sent (delivered to command: /usr/local/sbin/gather_stats.pl /usr/local/share/Mail_stats) Sep 25 18:42:53 ns1 postfix/qmgr[1554]: 72BCD142A7: removed Should I have used spamd, the first two copies would have been discarded, but the third would have passed. That said, randomizing the greylisting time probably is probably a lot of trouble, for little added value (it still doesn't solve the problem). I'm beginning to think that this is another one of those 'I refuse to believe greylisting works because I refuse to understand it' episodes. Oh, I'm not saying it doesn't work. What I'm saying is, greylisting is trivial to bypass, and some spammers have figured that out. Amazingly, most of them still haven't, which is why it still works in a significant number of cases. Regards, Liviu Daia -- Dr. Liviu Daia http://www.imar.ro/~daia
Re: Loading PF after ppp
On Wed, Sep 26, 2007 at 05:54:58PM +0200, Amit Finkler wrote: I connect to the internet using pppoe(8) by putting the following line in /etc/rc.local.conf: ppp -ddial pppoe However, the pf rules load before I have an internet connection and therefore pfctl reports an error. How does one load PF after ppp? By starting ppp from hostname.tun0...
Re: SMTP flood + spamdb
Oh, I'm not saying it doesn't work. What I'm saying is, greylisting is trivial to bypass, and some spammers have figured that out. Amazingly, most of them still haven't, which is why it still works in a significant number of cases. greylisting does what it does. It delays the initial email for 30 minutes or more. what you do with that 30 minutes will decide on how effective it is for you. In that 30 minutes) 1) you can look at their traffic profile and decide you don't want to talk to them. 2) they can hit a greytrap locally and you can decide you don't want to talk to them. 3) they can hit a bogus domain mx'ed to you locally and you can decide you don't want to talk to them. 4) optionally, if you check the greylist against valid local mail addresses, you could trap them if they're mailing to bogus local addresses (we do that here) 5) 1-4 could happen above at someone elses site (like nixspam or uatraps) that you are using as a blacklist. And in the end some of it gets through. That's why you run other stuff in addition to spamd if you really can't stand that. spamd is designed to get the low hanging fruit. It is *NOT* designed to stop all possible spam, forever. attempting to do so there is wrong. Spamd is a *tool* - it's good for what it's good for - stopping stuff that is easily identifiable in the smtp dialogue. It is not intended for other things. -Bob
Re: SMTP flood + spamdb
On Wed, 26 Sep 2007, Liviu Daia wrote: Same, 28 minutes later: Sep 25 18:42:52 ns1 postfix-localhost/smtpd[13055]: 72BCD142A7: client=unknown[212.239.40.101] Sep 25 18:42:53 ns1 postfix/cleanup[21622]: 72BCD142A7: message-id=[EMAIL PROTECTED] Sep 25 18:42:53 ns1 postfix/qmgr[1554]: 72BCD142A7: from=[EMAIL PROTECTED], size=3724, nrcpt=2 (queue active) Sep 25 18:42:53 ns1 postfix/pipe[25075]: 72BCD142A7: to=[EMAIL PROTECTED], relay=uucpz, delay=0.81, delays=0.75/0.01/0/0.05, dsn=2.0.0, status=sent (delivered via uucpz service) Sep 25 18:42:53 ns1 postfix/local[7260]: 72BCD142A7: to=[EMAIL PROTECTED], relay=local, delay=1, delays=0.75/0.01/0/0.24, dsn=2.0.0, status=sent (delivered to command: /usr/local/sbin/gather_stats.pl /usr/local/share/Mail_stats) Sep 25 18:42:53 ns1 postfix/qmgr[1554]: 72BCD142A7: removed Should I have used spamd, the first two copies would have been discarded, but the third would have passed. Not good example. As that would still hit spamd (default 25 minutes and your earlier one was too fast). Now it is whitelisted. Do you have a fourth email sent? (Which will have passed.)
����� ��� ������� ������ ������� ������ ��.��.��� ��� ���� ������; ��� ����� ����� ����� ��������� �������� ��� ��� ����
[IMAGE]Having trouble reading this email? See it in your browser ArabianBusiness.com Daily News Alert GHMK ]m Gacf^Z: GaCMO ,26 SHJcHQ 2007 [IMAGE] GaCNHGQ GaQFmSmI HfQUI OHm fdGSOG_ J]fRGd HcfG]^I cSGecm Cf.Ec.G_S Zal U]^I TQGFeG GaGJ]G^ aG mRGa mMJGL Jf^mZ GacSJKcQmd fmcdM dGSOG_ fHfQUI OHm 17 HGacGFI ]m Cf.Ec.G_S GaJm JOmQ HfQUGJ ]m TcGa CfQfH ^XQ JJf^Z JQGLZ RmGOI GaEmLGQGJ fGaEH^GA Zal QHX GaZcaI fRmQ GacGamI Ga^XQm m^fa Ed GaEmLGQGJ ]m ^XQ SJSJ^Q NaGa GaGKdl ZTQ TeQG Gac^HaI fCd GaHaGO caJRcI HGaEH^GA Zal QHX ZcaJeG HGaOfaGQ GaCcQm_m ArabianBusiness.com JobsBrowse all jobs ; Business Operations Manager Dubai, UAE Head of Risk - Banking Doha, Qatar Head of Proprietary Trading Doha, Qatar [IMAGE] c^GfaGJ GaEcGQGJ JTLZ GaHdGA GaUOm^ aaHmFI GaEcGQGJ JXa^ dYGc JUdm] GaHdGA GaUOm^ aaHmFI _NXfI aQ]Z GafZm GaHmFm Vcd UdGZI GaHdGA Hdf_ fE^JUGO GQJ]GZ GaQmGa aCZal SZQ ]m 21 ZGcG H]Za cVGQHGJ GaQmGa GaSZfOm mQJ]Z Eal CZal cSJfmGJe cdP 21 ZGcG c^GHa GaOfaGQ GaCcQm_m cZ JUGZO GaJ_edGJ HCd Gacca_I SJQ]Z ^QmHG ^mcI ZcaJeG GacQHfXI HGaOfaGQ E^JUGO ]QOm GaRcQOI Ga_fmJmI JTJQm MUI ]m TQ_I Jcfma GaES_Gd ^GaJ Sf^ Ga_fmJ aaCfQG^ GacGamI GaKaGKGA Ed TQ_I GaRcQOI Ga^GHVI Ga_fmJmI GTJQJ MUI JHa[ 11.37 ]m GacGFI cd TQ_I Jcfma GaES_Gd GacMamI aaE^QGV GaZ^GQm. SmGMI f]dGO^ LcmQG JJfal EOGQI cdJLZ ESHGdm cTQfZ LcmQI HfQJ SfaQ ]m cGmfQ_G ^mO GaEdTGA fcd GacJf^Z G]JJGMe cXaZ ZGc 2010 ^XGZ ZGc XmGQfG GaJGm]fd GaSZfOmmd mJa^fd GaJOQmH ]m Gacca_I GacJMOI GaSZfOmI SJ^fc HJOQmH Cfa 22 XmGQ fcedOS Zal Gac^GJaI GaCfQfHmI GaUdZ (JGm]fd) ]m Gacca_I GacJMOI HZO Cd ^Gc GaHaOGd cDNQGp HEHQGc U]^I HcHa[ 8.8 camGQ OfaGQ aTQGA 72 XGFQI cfGUaGJ EmQ ]QGdS JNXX aadcf ]m GaHMQmd SJ^fc NOcI GaTMd ]m EmQ ]QGdS HRmGOI ZOO QMaGJeG cd cXGQ GaHMQmd GaEZaGd Zd cfZO G]JJGM LSQ Ga^QefO emFI GaXQ^ fGacfGUaGJ J^fa HCd LSQ Ga^QefO GaLOmO SmJc G]JJGMe ^Ha cGQS Ga^GOc Gac^GaGJ GaC_KQ ^QGAI 1. EmQGd JSJZQV ^fJeG GaUGQfNmI ]m JMPmQ LOmO aa[QH 2. JOTmd NXI CHfYHm 2030 3. GaEcGQGJ JfG]^ Zal OfGA mSGZO Zal f^] GaJONmd 4. dGTXfd SZfOmfd ]m M^f^ GaEdSGd mXGaHfd HGaGZJQG] Hec 5. GaSZfOmI J]QL Zd dGTX EUaGMm aCSHGH UM To Advertise in this newsletter please contact : Richard O'Sullivan Tel: +971 50 651 4745 a^O Ja^mJ ePe GaQSGaI cd TQ_I Bm Jm Hm! GaTQ_I GaQGFOI ]m GadTQ ]m cLGa GaGJUGaGJ fJ^dmI GacZafcGJ fGaCZcGa ]m GaTQ^ GaCfSX! f^O Jc JSLma HQmO_ GaEa_JQfdm HZO Cd GTJQ_J ]m GadSNI GaEa_JQfdmI adTQI Arabianbusiness.com/arabic! fPa_ CKdGA GTJQG__ HcSGH^I Cf JU]M_ aCMO cfG^ZdG (ITP.net; GitexTimes.com; ArabianBusiness.com; TimeOutDubai.com; TimeOutAbuDhabi.com and Ahlan.ae ). EPG Q[HJ ]m MP] ZdfGd HQmO_ GaEa_JQfdm cd ^GFcI cQGSaGJdG ]Gd^Q edG Ja^m ePe GadTQI
Re: Speed Problems
Hi Claudio... What does 'net.inet.ip.ifq.maxlen=256' do for us? Tried a few 'man', and a few google searches and I wasn't very successful. Found tons of other posts telling ppl to bump up that sysctl, but never found what it does exactly. Cheers, g.
Re: Porting OpenBSD to OLPC XO laptops.
Maybe I've missed something but what makes it impossible to write a device driver for the Wireless chipset? -Josh On 9/26/07, Paul de Weerd [EMAIL PROTECTED] wrote: [diverted to [EMAIL PROTECTED] On Wed, Sep 26, 2007 at 08:08:41AM -0700, big one wrote: | OLPC (One Laptop Per Child) had released XO AMD Geode LX Laptops | using G1G1 (Buy 2 Get 1). One laptop will be sent to the buyer and the | 2nd laptop will be sent to a child in a poor, developing country. | | According to Mr Theo de Raadt from OpenBSD, it is impossible to | write device driver for Wireless chipset inside XO. | | According to OLPC developer team: | 1. There is no standard BIOS inside XO laptops. | 2. There is no VGA/EGA/CGA video mode. | | Is it possible to port OpenBSD to XO Laptops without | activating/using the wireless chipset? | Thank you Why not buy some and send them to interested developers. Buy 2 Send 1 to an OpenBSD developer ;) Cheers, Paul 'WEiRD' de Weerd -- [++-]+++.+++[---].+++[+ +++-].++[-]+.--.[-] http://www.weirdnet.nl/
Re: SMTP flood + spamdb
On 26 September 2007, Jeremy C. Reed [EMAIL PROTECTED] wrote: On Wed, 26 Sep 2007, Liviu Daia wrote: Same, 28 minutes later: Sep 25 18:42:52 ns1 postfix-localhost/smtpd[13055]: 72BCD142A7: client=unknown[212.239.40.101] Sep 25 18:42:53 ns1 postfix/cleanup[21622]: 72BCD142A7: message-id=[EMAIL PROTECTED] Sep 25 18:42:53 ns1 postfix/qmgr[1554]: 72BCD142A7: from=[EMAIL PROTECTED], size=3724, nrcpt=2 (queue active) Sep 25 18:42:53 ns1 postfix/pipe[25075]: 72BCD142A7: to=[EMAIL PROTECTED], relay=uucpz, delay=0.81, delays=0.75/0.01/0/0.05, dsn=2.0.0, status=sent (delivered via uucpz service) Sep 25 18:42:53 ns1 postfix/local[7260]: 72BCD142A7: to=[EMAIL PROTECTED], relay=local, delay=1, delays=0.75/0.01/0/0.24, dsn=2.0.0, status=sent (delivered to command: /usr/local/sbin/gather_stats.pl /usr/local/share/Mail_stats) Sep 25 18:42:53 ns1 postfix/qmgr[1554]: 72BCD142A7: removed Should I have used spamd, the first two copies would have been discarded, but the third would have passed. Not good example. As that would still hit spamd (default 25 minutes and your earlier one was too fast). Now it is whitelisted. Do you have a fourth email sent? (Which will have passed.) Not at hand, but I haven't been looking for one either. Does spamd really behave like that? That is, ignore retries during the greylisting period, and whitelist messages only on subsequent attempts? Regards, Liviu Daia -- Dr. Liviu Daia http://www.imar.ro/~daia
Re: SMTP flood + spamdb
On 26 September 2007, Bob Beck [EMAIL PROTECTED] wrote: Oh, I'm not saying it doesn't work. What I'm saying is, greylisting is trivial to bypass, and some spammers have figured that out. Amazingly, most of them still haven't, which is why it still works in a significant number of cases. greylisting does what it does. It delays the initial email for 30 minutes or more. what you do with that 30 minutes will decide on how effective it is for you. In that 30 minutes) [...] Ok, brain dump: That's an interesting idea, a lot of slow operations could be offloaded to those 30 minutes. Your greyscanner script does DNS checks on the envelope. A lot more could be done, should the script have access to the body. I think it's legal to reply with 4xx (that is, simulate a queue error) to the final . . That could be used to gather and inspect the data; basically do at greylisting time what Postfix does with the after-queue filters. I suppose gathering everything would be prohibitive though, and against the entire philosophy of greylisting. Which brings me to a different approach: use a pre-queue filter instead of spamd (which is what I'm doing now). Now, the problem with pre-queue filters is they can take too long to scan a message. Thus, the better mouse trap: a pre-queue filter, which can send feedback to smapd, and use spamd's database to keep some state across messages. I need to ponder on that some more. spamd is designed to get the low hanging fruit. It is *NOT* designed to stop all possible spam, forever. attempting to do so there is wrong. Spamd is a *tool* - it's good for what it's good for - stopping stuff that is easily identifiable in the smtp dialogue. It is not intended for other things. We are in violent agreement here... Regards, Liviu Daia -- Dr. Liviu Daia http://www.imar.ro/~daia
Re: Porting OpenBSD to OLPC XO laptops.
On 26/09/2007, Paul de Weerd [EMAIL PROTECTED] wrote: [diverted to [EMAIL PROTECTED] On Wed, Sep 26, 2007 at 08:08:41AM -0700, big one wrote: | OLPC (One Laptop Per Child) had released XO AMD Geode LX Laptops | using G1G1 (Buy 2 Get 1). One laptop will be sent to the buyer and the | 2nd laptop will be sent to a child in a poor, developing country. | | According to Mr Theo de Raadt from OpenBSD, it is impossible to | write device driver for Wireless chipset inside XO. | | According to OLPC developer team: | 1. There is no standard BIOS inside XO laptops. | 2. There is no VGA/EGA/CGA video mode. | | Is it possible to port OpenBSD to XO Laptops without | activating/using the wireless chipset? | Thank you Why not buy some and send them to interested developers. Buy 2 Send 1 to an OpenBSD developer ;) You'd have to buy at least a total of four laptops then. :) It is no less interesting to note that the price is obviously 2 times more what it was supposed to be. One more thing that deserves attention is that the OLPC camp promised us all that by the time the laptop goes into mass production, all parts of the system will be free, including the wireless module -- but is it indeed so? C.
Re: Porting OpenBSD to OLPC XO laptops.
On 2007/09/26 13:58, Joshua Smith wrote: Maybe I've missed something but what makes it impossible to write a device driver for the Wireless chipset? not impossible, but I think it was fiddly. it's malo(4), isn't it? there's the usual silly games with firmware files too, you need to get them onto the system by some other method (wired, USB, type in a printed uuencode, or whatever).
Re: Porting OpenBSD to OLPC XO laptops.
On 26/09/2007, Joshua Smith [EMAIL PROTECTED] wrote: Maybe I've missed something but what makes it impossible to write a device driver for the Wireless chipset? Nothing is impossible, but the problem is that so many parts of the OLPC hardware are proprietary and without readily available documentation that the work would be very difficult and time consuming. Looks can be deceiving, too: this version of the laptop appears to be targeted to 18+ users, because in many jurisdictions you have to be at least 18 to sign an NDA in order to actually explore the hardware part of the laptop. C.
Re: Internet slowdown when pf is enabled? Running on i386 -current
Reza Muhammad wrote: Hi guys, I'm having a problem with my Internet connection in my home network. I noticed that \ my Internet connection has been very slow since I upgraded to -current a week ago. \ First, I thought it was just my ISP problem. Then, I tried to connect to the \ Internet directly from my laptop, it worked fine. Did it happen before the upgrade? What were you running before? I noticed that the Internet is slowing down when pf is enabled. I changed my pf.conf \ to only do nat, and scrub incoming packets, but it is still slow. Here's the output \ of 'ping' to the Internet. [snip] noticed that the connection is more than 4 times slower? # here's my pf settings [EMAIL PROTECTED]:~% sudo pfctl -sa TRANSLATION RULES: nat on sis0 inet from 192.168.1.0/24 to any - (sis0:0) FILTER RULES: scrub in all fragment reassemble pass in all flags S/SA keep state pass out all flags S/SA keep state No queue in use [snip] my home network is on 192.168.1.0/24, but I see a lot of connections with state \ NO_TRAFFIC:SINGLE that are from other networks (I'm assuming they are coming from my \ ISP's network). Can someone help me out here? Would hardware be the problem? I just \ thought that if the network card was broken, it should just not work right? Rather \ than the connection being slower? Anyway, let me just post my dmesg also There is a lot of external broadcast traffic they are probably the cause of the large number of state insertions/deletions. They are either a badly designed p2p/broadcast/whatever protocol, or the result of the worm/malware of the month. Can you add block drop in quick on sis0 all at the start of your ruleset? This way the external traffic does not create states at all. Can -- In theory, there is no difference between theory and practice. But, in practice, there is.
4.2 and compactflash
Hi, maybe this is a bit off-topic, but: I'm planning to upgrade my firewall box which is running 4.1-STABLE on a 512Mb Kingston compactflash card to 4.2 on a 1-2gb (also Kingston) cf card. Currently I have / mounted ro and /var and /etc on an mfs which can be tricky... Question is: do I still need to mount / ro on current cf cards or do they have enough write cycles? The box doesn't run anything but pf, named and ntpd. -- Thanks Chris
Re: Speed Problems
On Wed, Sep 26, 2007 at 10:48:02AM -0700, Tom Bombadil wrote: Hi Claudio... What does 'net.inet.ip.ifq.maxlen=256' do for us? Tried a few 'man', and a few google searches and I wasn't very successful. Found tons of other posts telling ppl to bump up that sysctl, but never found what it does exactly. net.inet.ip.ifq.maxlen defines how many packets can be queued in the IP input queue before further packets are dropped. Packets comming from the network card are first put into this queue and the actuall IP packet processing is done later. Gigabit cards with interrupt mitigation may spit out many packets per interrupt plus heavy use of pf can slowdown the packet forwarding. So it is possible that a heavy burst of packets is overflowing this queue. On the other hand you do not want to use a too big number because this has negative effects on the system (livelock etc). 256 seems to be a better default then the 50 but additional tweaking may allow you to process a few packets more. -- :wq Claudio
Re: Speed Problems
On 2007/09/26 10:48, Tom Bombadil wrote: What does 'net.inet.ip.ifq.maxlen=256' do for us? try http://archive.openbsd.nu/?ml=openbsd-techa=2006-10t=2474666
Re: 4.2 and compactflash
On 9/26/07, Chris Cohen [EMAIL PROTECTED] wrote: Question is: do I still need to mount / ro on current cf cards or do they have enough write cycles? Go ahead and mount rw. I've put a couple of terabytes through a 256M card with iogen, and it's doing fine. The wear-leveling mechanisms on the cards work quite well, and I've had cards in production for years with no ill effect. CK -- GDB has a 'break' feature; why doesn't it have 'fix' too?
Re: You can't export non-ffs filesystems with NFS, and it isn't documented
[ Answering to a post from two and a half years back. :-) I was fiddling with nfs and stuff and remembered this thread. While reading it, I found out what the problem was. I realize (or at least hope) that Han is not still troubleshooting this issue, but for the archives... :-) ] Han Boetes wrote: Julian Leyh wrote: Han Boetes [EMAIL PROTECTED] wrote: I just noticed once again you can't export non-ffs filesystems with NFS. Well you can export them, but after mounting the partition on the client you won't see any files. I can't verify this behavior... mounted a msdos filesystem (usb stick) and exported it via nfs. i could mount and view all files on target nfs client. (server and client both -current). Odd... Could you be so kind to show me the lines of the msdos partition in /etc/fstab and in exports? I have: ~% grep msdos /etc/fstab /dev/sd0a /mnt/usb msdos rw,nodev,nosuid,noatime,noauto 0 0 ~% grep usb /etc/exports /mnt/usb/ -mapall=han:nfs marsupilami The problem is that nfs shares does not traverse file system mount points once initialized. Since nfs probably was started prior to mounting the msdos partition (with the noauto option in /etc/fstab), nfs would only share the contents of the mount point directory itself. A ``pkill -HUP mountd'' might help after mounting the msdos file system, in order to make mountd aware of the new file system overriding the mount point directory. /Alexander
Re: Speed Problems
net.inet.ip.ifq.maxlen defines how many packets can be queued in the IP input queue before further packets are dropped. Packets comming from the network card are first put into this queue and the actuall IP packet processing is done later. Gigabit cards with interrupt mitigation may spit out many packets per interrupt plus heavy use of pf can slowdown the packet forwarding. So it is possible that a heavy burst of packets is overflowing this queue. On the other hand you do not want to use a too big number because this has negative effects on the system (livelock etc). 256 seems to be a better default then the 50 but additional tweaking may allow you to process a few packets more. Thanks Claudio... In the link that Stuart posted here, Henning mentions 256 times the number of interfaces: http://archive.openbsd.nu/?ml=openbsd-techa=2006-10t=2474666 I'll try both and see. Thanks you and Stuart for the hints.
Re: Speed Problems
Hopefully this makes it through , I've been trying to post comments all day but they don't seem to make it here. To Bryan, I wasn't running pf originally when I noticed this problem but I am now just to block ssh from the outside. I've disabled and re-enabled pf to see if it affects throughput and it's not, or isn't that noticeable. As for what I have done I have performed a number of bandwidth tests. I've come from the outside, traversing the gateway while downloading from an internal host. I've come from the outside to the gateway downloading from it, I've come from the local subnet on a machine running the exact same hardware and installation while transferring a file in each direction. While under high load all forms of this testing is affected with poor speeds. Even when not under high loads I never see the speeds I should. I've checked interface stats on the switch and have found no errors. I have run iperf and can only seem to get 5-16Mb/s. I even bumped up sendspace and recvspace to help with edge host to host transfer but I've not seen any improvement. I'm going to be tinkering with netperf more because I'm not sure if I ran into an issue on bsd with it. On two linux boxes on the inside it reports line speed between them. To Max, Cables don't show any problems and I have the problems internally as well, not just external hosts. I wish it was that simple. To Claudio, I've gone through the 4.1 and 4.2 changes in hopes I would find some clear reason as to why I'm having these issues but I've not seen anything. The odd thing is that I report a negative value for drops and it's counting down. net.inet.ip.ifq.drops=-1381027346 I've put maxlen=256 and it seems to have slowed the count down. To Stuart, Dmesg has not shown any issues. I've been a bit confused with how to interpret the output of vmstat and systat vmstat. I was told to look for interrupts on systat vmstat but I haven't seen any being thrown while under heavy load. I also don't think I understand how interrupts work. As for vmstat -i, I'm not exactly sure what would signify a problem but I get the following output: Gateway1 (about 3-4 times the load of gateway2) interrupt total rate irq0/clock 6455328221 399 irq0/ipi 2543041813 157 irq19/ohci0 91660 irq17/pciide0 76302290 irq0/bge0 25346022947 1570 irq1/bge1 21123330824 1308 Total 55475363200 3437 Gateway2: interrupt total rate irq0/clock 6455272059 400 irq0/ipi 1819715207 112 irq19/ohci0 125740 irq17/pciide0 62321130 irq0/bge0 8118898045 503 irq1/bge1 12291117020 761 Total 28691247018 1777 On 9/26/07, Tom Bombadil [EMAIL PROTECTED] wrote: net.inet.ip.ifq.maxlen defines how many packets can be queued in the IP input queue before further packets are dropped. Packets comming from the network card are first put into this queue and the actuall IP packet processing is done later. Gigabit cards with interrupt mitigation may spit out many packets per interrupt plus heavy use of pf can slowdown the packet forwarding. So it is possible that a heavy burst of packets is overflowing this queue. On the other hand you do not want to use a too big number because this has negative effects on the system (livelock etc). 256 seems to be a better default then the 50 but additional tweaking may allow you to process a few packets more. Thanks Claudio... In the link that Stuart posted here, Henning mentions 256 times the number of interfaces: http://archive.openbsd.nu/?ml=openbsd-techa=2006-10t=2474666 I'll try both and see. Thanks you and Stuart for the hints.
Speed Problems Part 2
For some reason I can't seem to reply to the earlier responses. Hopefully this gets through. On 9/26/07, Bryan Irvine [EMAIL PROTECTED] wrote: What have you looked at? are you running pf? what kind of ruleset? Tried simplifying it? --Bryan I wasn't running pf originally when I noticed this problem but I am now just to block ssh from the outside. I've disabled and re-enabled pf to see if it affects throughput and it's not, or isn't that noticeable. As for what I have done I have performed a number of bandwidth tests. I've come from the outside, traversing the gateway while downloading from an internal host. I've come from the outside to the gateway downloading from it, I've come from the local subnet on a machine running the exact same hardware and installation while transferring a file in each direction. While under high load all forms of this testing is affected with poor speeds. Even when not under high loads I never see the speeds I should. I've checked interface stats on the switch and have found no errors. I have run iperf and can only seem to get 5-16Mb/s. I even bumped up sendspace and recvspace to help with edge host to host transfer but I've not seen any improvement. I'm going to be tinkering with netperf more because I'm not sure if I ran into an issue on bsd with it. On two linux boxes on the inside it reports line speed between them. On 9/26/07, Maxim Belooussov [EMAIL PROTECTED] wrote: Hi, The first thing to do is to check the cable :) And the second thing to do is to check the entire chain. Maybe it's not you, but the other end who cannot handle the load. Max Cables don't show any problems and I have the problems internally as well, not just external hosts. I wish it was that simple. On 9/26/07, Claudio Jeker [EMAIL PROTECTED] wrote: Order a 4.2 CD and install it as soon as you get it. 4.2 removed many bottlenecks in the network stack. In the meanwhile check out for the ip ifq len: # sysctl net.inet.ip.ifq net.inet.ip.ifq.len=0 net.inet.ip.ifq.maxlen=256 net.inet.ip.ifq.drops=0 I bet your drops are non 0 and the maxlen is to small (256 is a better value for gigabit firewalls/routers). -- :wq Claudio I've gone through the 4.1 and 4.2 changes in hopes I would find some clear reason as to why I'm having these issues but I've not seen anything. What exactly is this queue? The odd thing is that I report a negative value for drops and it's counting down. net.inet.ip.ifq.drops=-1381027346 I've put maxlen=256 and it seems to have slowed the count down. On 9/26/07, Stuart Henderson [EMAIL PROTECTED] wrote: dmesg and vmstat -i might give clues. Also try bsd.mp if you use bsd (or vice-versa), and Claudio's suggestion of 4.2 is a good one. Dmesg has not shown any issues. I've been a bit confused with how to interpret the output of vmstat and systat vmstat. I was told to look for interrupts on systat vmstat but I haven't seen any being thrown while under heavy load. As for vmstat -i, I'm not exactly sure what would signify a problem but I get the following output: Gateway1 (about 3-4 times the load of gateway2) interrupt total rate irq0/clock 6455328221 399 irq0/ipi 2543041813 157 irq19/ohci0 91660 irq17/pciide0 76302290 irq0/bge0 25346022947 1570 irq1/bge1 21123330824 1308 Total 55475363200 3437 Gateway2: interrupt total rate irq0/clock 6455272059 400 irq0/ipi 1819715207 112 irq19/ohci0 125740 irq17/pciide0 62321130 irq0/bge0 8118898045 503 irq1/bge1 12291117020 761 Total 28691247018 1777 Here is my sysctl -a output: kern.ostype=OpenBSD kern.osrelease=4.0 kern.osrevision=200611 kern.version=OpenBSD 4.0-stable (GENERIC.MP) #0: Thu Mar 15 07:28:19 CST 2007 [EMAIL PROTECTED] :/usr/src/sys/arch/amd64/compile/GENERIC.MP kern.maxvnodes=1310 kern.maxproc=532 kern.maxfiles=1772 kern.argmax=262144 kern.securelevel=1 kern.hostname=dyno1.nothingtoseehere.com kern.hostid=0 kern.clockrate=tick = 1, tickadj = 40, hz = 100, profhz = 100, stathz = 100 kern.posix1version=199009 kern.ngroups=16 kern.job_control=1 kern.saved_ids=1 kern.boottime=Fri Mar 23 06:44:05 2007 kern.domainname= kern.maxpartitions=16 kern.rawpartition=2 kern.osversion=GENERIC.MP#0 kern.somaxconn=128 kern.sominconn=80 kern.usermount=0 kern.random=160901082016 47373568 0 502891828 23135 5922320 0 0 0 0 0 0 22063035075 935474146 14935755619 48820374348 1984945954 2097660952 3949423372 384190080 606887773 1054912573 2101170714 1709697072 1531324571 891699911 1726356236 407933168 707207288 1237035834 37928905 5295362 15709563 160990 51580 47229 44160 31299
Re: 4.2 and compactflash
On Wednesday 26 September 2007 21:17:00 Chris Kuethe wrote: On 9/26/07, Chris Cohen [EMAIL PROTECTED] wrote: Question is: do I still need to mount / ro on current cf cards or do they have enough write cycles? Go ahead and mount rw. I've put a couple of terabytes through a 256M card with iogen, and it's doing fine. The wear-leveling mechanisms on the cards work quite well, and I've had cards in production for years with no ill effect. Thanks you Chris ;) and the guys who replied off-list. -- Greetings Chris
Re: Porting OpenBSD to OLPC XO laptops.
Paul de Weerd [EMAIL PROTECTED] wrote: [diverted to [EMAIL PROTECTED] On Wed, Sep 26, 2007 at 08:08:41AM -0700, big one wrote: | OLPC (One Laptop Per Child) had released XO AMD Geode LX Laptops | using G1G1 (Buy 2 Get 1). One laptop will be sent to the buyer and the | 2nd laptop will be sent to a child in a poor, developing country. | | According to Mr Theo de Raadt from OpenBSD, it is impossible to | write device driver for Wireless chipset inside XO. | | According to OLPC developer team: | 1. There is no standard BIOS inside XO laptops. | 2. There is no VGA/EGA/CGA video mode. | | Is it possible to port OpenBSD to XO Laptops without | activating/using the wireless chipset? | Thank you Why not buy some and send them to interested developers. Buy 2 Send 1 to an OpenBSD developer ;) Last week I borrowed a pre-production B2 model from a friendly OLPC developer. It's true the hardware is more like some embedded appliance than 'normal' i386. Moreover, it uses Open Firmware and not a BIOS. You can probably find this information and more on the OLPC wikis but here are dmesg and lspci for the curious. But keep in mind this is a pre-production model and the hardware in the production models is beefed up. (And no, I'm currently too much of a slacker getting it working with OpenBSD) 00:01.0 Host bridge: National Semiconductor Corporation Geode GX2 Host Bridge (rev 21) 00:01.1 VGA compatible controller: National Semiconductor Corporation Geode GX2 Graphics Processor 00:0c.0 FLASH memory: Marvell Technology Group Ltd. Unknown device 4100 (rev 10) 00:0c.1 Generic system peripheral [0805]: Marvell Technology Group Ltd. Unknown device 4101 (rev 10) 00:0c.2 Multimedia video controller: Marvell Technology Group Ltd. Unknown device 4102 (rev 10) 00:0f.0 ISA bridge: Advanced Micro Devices [AMD] CS5536 [Geode companion] ISA (rev 03) 00:0f.3 Multimedia audio controller: Advanced Micro Devices [AMD] CS5536 [Geode companion] Audio (rev 01) 00:0f.4 USB Controller: Advanced Micro Devices [AMD] CS5536 [Geode companion] OHC (rev 02) 00:0f.5 USB Controller: Advanced Micro Devices [AMD] CS5536 [Geode companion] EHC (rev 02) [0.00] Linux version 2.6.22-20070910.30.olpc.25d22c40e3bef15 ([EMAIL PROTECTED]) (gcc version 4.1.1 20070105 (Red Hat 4.1.1-51)) #1 PREEMPT Mon Sep 10 03:09:19 EDT 2007 [0.00] BIOS-provided physical RAM map: [0.00] BIOS-e801: - 0009f000 (usable) [0.00] BIOS-e801: 0010 - 075dd000 (usable) [0.00] 117MB LOWMEM available. [0.00] Entering add_active_range(0, 0, 30173) 0 entries of 256 used [0.00] Zone PFN ranges: [0.00] DMA 0 - 4096 [0.00] Normal 4096 -30173 [0.00] early_node_map[1] active PFN ranges [0.00] 0:0 -30173 [0.00] On node 0 totalpages: 30173 [0.00] DMA zone: 32 pages used for memmap [0.00] DMA zone: 0 pages reserved [0.00] DMA zone: 4064 pages, LIFO batch:0 [0.00] Normal zone: 203 pages used for memmap [0.00] Normal zone: 25874 pages, LIFO batch:7 [0.00] DMI not present or invalid. [0.00] Allocating PCI resources starting at 1000 (gap: 075dd000:f8a23000) [0.00] Built 1 zonelists. Total pages: 29938 [0.00] Kernel command line: ro root=mtd0 rootfstype=jffs2 console=ttyS0,115200 console=tty0 fbcon=font:SUN12x22 [0.00] Initializing CPU#0 [0.00] CPU 0 irqstacks, hard=c074a000 soft=c0749000 [0.00] PID hash table entries: 512 (order: 9, 2048 bytes) [0.00] Detected 362.994 MHz processor. [ 13.994339] Console: colour EGA 80x25 [ 13.995511] Dentry cache hash table entries: 16384 (order: 4, 65536 bytes) [ 13.996123] Inode-cache hash table entries: 8192 (order: 3, 32768 bytes) [ 14.022039] Memory: 106348k/120692k available (2325k kernel code, 13804k reserved, 842k data, 168k init, 0k highmem) [ 14.00] virtual kernel memory layout: [ 14.022234] fixmap : 0xd000 - 0xf000 ( 8 kB) [ 14.022251] vmalloc : 0xc800 - 0xb000 ( 895 MB) [ 14.022267] lowmem : 0xc000 - 0xc75dd000 ( 117 MB) [ 14.022284] .init : 0xc071a000 - 0xc0744000 ( 168 kB) [ 14.022301] .data : 0xc06455e9 - 0xc07181b4 ( 842 kB) [ 14.022318] .text : 0xc040 - 0xc06455e9 (2325 kB) [ 14.022777] Checking if this processor honours the WP bit even in supervisor mode... Ok. [ 14.174046] Calibrating delay using timer specific routine.. 727.64 BogoMIPS (lpj=3638233) [ 14.174543] Security Framework v1.0.0 initialized [ 14.174651] SELinux: Initializing. [ 14.174857] SELinux: Starting in permissive mode [ 14.174904] selinux_register_security: Registering secondary module capability [ 14.175015] Capability LSM initialized as secondary [ 14.175269] Mount-cache hash table entries: 512 [ 14.176363] CPU: After
Re: SMTP flood + spamdb
Oh, I'm not saying it doesn't work. What I'm saying is, greylisting is trivial to bypass, and some spammers have figured that out. Amazingly, most of them still haven't, which is why it still works in a significant number of cases. Just to give an additional data point here: I work for an ISP that receives upwards of a million inbound SMTP connections per day. While watching the connection logs, I've noticed that a large majority of spammers get the first spamd response (250 Hello, spam sender. Pleased to be wasting your time.) and immediately disconnect. This suggests to me that rather than spend time trying to get whitelisted by spamd servers, they've mostly decided to skip them entirely and move on to servers that aren't running spamd. Spamd, by itself, filters out almost 90% of our inbound email. So far, I've had just two false positives from mail servers that weren't behaving correctly, that I had to whitelist manually. We're running spamd with its defaults, for now. spamd doesn't catch everything, but it works is a bit of an understatement. We've also been hit by backscatter, and I haven't had the time to figure out how to stop that one yet. - R.
Re: SMTP flood + spamdb
Hi! On Wed, Sep 26, 2007 at 02:03:03PM -0700, Rob wrote: [...] While watching the connection logs, I've noticed that a large majority of spammers get the first spamd response (250 Hello, spam sender. Pleased to be wasting your time.) and immediately disconnect. This suggests to me that rather than spend time trying to get whitelisted by spamd servers, they've mostly decided to skip them entirely and move on to servers that aren't running spamd. Interesting. Do you think they pattern match on the response, or do you think they disconnect if the initial greeting takes too long (spamd stutters for the first 10 seconds, in its default settings)? I'd guess the latter. [...] We've also been hit by backscatter, and I haven't had the time to figure out how to stop that one yet. For some, signed envelope senders or variations thereof work. That depends on a few circumstances. The basic idea is this: My email address is [EMAIL PROTECTED] Normal mail installations would send mails out with both the From header *and* the envelope sender set to [EMAIL PROTECTED] SES and similar schemes instead create a modified sender address like [EMAIL PROTECTED] That is used in the envelope. The header From address is left unmodified. TAG is a tag saying this is a address created using the envelope signing scheme, hannah is the original local part, timestamp can be made short by making it have only day granularity, and perhaps even only days modulo 2^ sig is a MAC, created from the local part, the timestamp and a host specific key. When a legitimate bounce (empty envelope from) is received, it must be in response to a mail recently sent out from our domain. If all mails sent out from our domain use the envelope signing scheme, bounces need only be accepted if they are to *signed* addresses that are recent enough and have a valid MAC. Bounces that don't fulfill that can be rejected (I'd reject after DATA or later so address verification will not lead to false positive rejects in other situations). In addition, bounces should be only addressed to exactly *one* recipient... Some also use SRS (sender rewriting scheme, from the SPF people), signing their own envelope as if the mail were forwarded, and accept bounce traffic only to SRS'ed addresses. - R. Kind regards, Hannah.
Re: SMTP flood + spamdb
Hannah, On 9/26/07, Hannah Schroeter [EMAIL PROTECTED] wrote: Hi! On Wed, Sep 26, 2007 at 02:03:03PM -0700, Rob wrote: [...] While watching the connection logs, I've noticed that a large majority of spammers get the first spamd response (250 Hello, spam sender. Pleased to be wasting your time.) and immediately disconnect. This suggests to me that rather than spend time trying to get whitelisted by spamd servers, they've mostly decided to skip them entirely and move on to servers that aren't running spamd. Interesting. Do you think they pattern match on the response, or do you think they disconnect if the initial greeting takes too long (spamd stutters for the first 10 seconds, in its default settings)? I'd guess the latter. I would guess the latter too, except that they tend to wait the full default 10 seconds until the first 250 response. I'm looking forward to increasing the stutter time to something on the order of 60 seconds and watching to see what happens then. We've also been hit by backscatter, and I haven't had the time to figure out how to stop that one yet. For some, signed envelope senders or variations thereof work. That depends on a few circumstances. The basic idea is this: [...snip...] That would be nifty, but I don't think it would work in our case. We have a number of customers that send mail through their own mail server (or another provider's mail server) and receive mail through ours (old email addresses, hosted domains, etc.). So far we've seen the backscatter come through in a quick burst from a handful of mail servers. For one example, one of our unlucky users received 800+ bounce messages from about four mail servers in Italy. I think I can use max-src-conn and max-src-conn-rate, plus a few whitelist entries for Google, Yahoo, etc., to stop that, but it requires careful monitoring. - R.
Re: SMTP flood + spamdb
Rob [EMAIL PROTECTED] writes: I would guess the latter too, except that they tend to wait the full default 10 seconds until the first 250 response. I'm looking forward to increasing the stutter time to something on the order of 60 seconds and watching to see what happens then. I have reports that increasing the -s value to 4 seconds serves to keep the stupid ones around for (you guessed it) four times as long, at least for the tarpitted ones. So the host which would hang on for 404 seconds earlier now beavers on for 1616, and so on. - P -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.datadok.no/ http://www.nuug.no/ Remember to set the evil bit on all malicious network traffic delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: SMTP flood + spamdb
On Wed, 26 Sep 2007 17:26:22 +0200, Peter N. M. Hansteen wrote: Or take advantage of the (by default) 25 minute window to use other means to detect that this address is sending spam. Perhaps spamd should be extended to look for excessive attempts to send messages from an address during that period? (How often do spammers' lists contain only one or two addresses from a domain?) You could probably use straight rdr instead of rdr pass to feed spamd, then in the relevant pass rule apply your source tracking options and overload and some table magic for that Have you been looking at my ruleset? ;-) I took out the pass on the rdr ages ago because unless I did my personal blacklist could not be used to block things like stormers and some tedious twits like a movie-house chain which keeps on sending to a long gone client of mine even though the address returns a 554 every time. I blacklist those permanently to stop log clutter. Rod/ _ Depressed? Me? Don't make me laugh! :Spike Milligan:1918-2002:
Re: Porting OpenBSD to OLPC XO laptops.
On Sep 26, 2007, at 5:08 PM, big one wrote: OLPC (One Laptop Per Child) had released XO AMD Geode LX Laptops using G1G1 (Buy 2 Get 1). One laptop will be sent to the buyer and the 2nd laptop will be sent to a child in a poor, developing country. According to Mr Theo de Raadt from OpenBSD, it is impossible to write device driver for Wireless chipset inside XO. According to OLPC developer team: 1. There is no standard BIOS inside XO laptops. 2. There is no VGA/EGA/CGA video mode. Is it possible to port OpenBSD to XO Laptops without activating/ using the wireless chipset? Thank you The XO laptop looks like a great little laptop to use without the nice looking but weird SUGAR interface. I was actually hoping to buy one to use with OpenBSD. I didn't think any part of the laptop would be closed. From http://wiki.laptop.org/go/Core_principles/lang-en .. There is no inherent external dependency in being able to localize software into their language, fix the software to remove bugs, and repurpose the software to fit their needs. Nor is there any restriction in regard to redistribution; OLPC cannot know and should not control how the tools we create will be re-purposed in the future. ... Further, every child has something to contribute; we need a free and open framework that supports and encourages the very basic human need to express. Give me a free and open environment and I will learn and teach with joy. Proprietary hardware and software seems to be directly against their core principles. The XO laptop uses Open Firmware instead of a BIOS, so it's probably a lot like a Sun SPARC or a PPC Mac. Can you point me to the source where Theo de Raadt claims that it's impossible to write a driver for the Marvell Libertas controller (wireless networking). I can't seem to find it. Thanks, Floor Terra
Re: Speed Problems Part 2
rezidue wrote: kern.version=OpenBSD 4.0-stable (GENERIC.MP) #0: Thu Mar 15 07:28:19 CST Just for the hell of it, try running GENERIC, instead of GENERIC.MP. --Toby.
Re: Speed Problems Part 2
On 2007/09/26 13:50, rezidue wrote: Order a 4.2 CD and install it as soon as you get it. 4.2 removed many bottlenecks in the network stack. In the meanwhile check out for the ip ifq len: # sysctl net.inet.ip.ifq net.inet.ip.ifq.len=0 net.inet.ip.ifq.maxlen=256 net.inet.ip.ifq.drops=0 I bet your drops are non 0 and the maxlen is to small (256 is a better value for gigabit firewalls/routers). -- :wq Claudio I've gone through the 4.1 and 4.2 changes in hopes I would find some clear reason as to why I'm having these issues but I've not seen anything. At the last hackathon, there was a lot of work done on profiling and optimizing the path through the network stack/PF; you'll see more about this at http://www.openbsd.org/papers/cuug2007/mgp00012.html (and the following pages). What exactly is this queue? The odd thing is that I report a negative value for drops and it's counting down. The -ve is because it's a signed integer and has, on your system, exceeded the maximum value since bootup.. net.inet.ip.ifq.drops=-1381027346 I've put maxlen=256 and it seems to have slowed the count down. You might like to try bumping it up until it stops increasing (uh, decreasing. :-) And re-investigate when you get 4.2 (or make any other changes to the system).
Re: OpenBSD on decTOP?
On Wed, Sep 26, 2007 at 08:47:04AM -0600, Diana Eichert wrote: On Wed, 26 Sep 2007, Markus Hennecke wrote: As it won't probe on port 0x2e8 it will not find it. Thats why it was disabled, the probe will have negative effects on other hardware. Greetings Markus that's what I assumed, but I thought I'd ask anyway. If this particular board doesn't have that conflicting hardware, can't you alter the kernel with config(8) to find the UART? Doug.
AX.25
It's been a few years since anybody has asked this. Is anybody working on an AX.25 implementation for OpenBSD? Just passed my Extra exam and would like to start doing some packet radio soon. Would love to put OpenBSD 23km up like this guy did with Linux: http://vpizza.org/~jmeehan/balloon/ Chris KE7OVL
Re: Porting OpenBSD to OLPC XO laptops.
On Wed, Sep 26, 2007 at 01:58:16PM -0400, Joshua Smith wrote: Maybe I've missed something but what makes it impossible to write a device driver for the Wireless chipset? -Josh No one said it is impossible, it is just far harder than it should be due to a lack of documentation and companies like Red Hat signing NDAs with Marvell. The specific chip the OLPC people are using thus far does not seem to be found anywhere else in the market. Combine that with a quirky non standard machine with limited availability and you see why people aren't terribly interested.
Re: OpenBSD on decTOP?
On Wed, 26 Sep 2007, Douglas A. Tutty wrote: On Wed, Sep 26, 2007 at 08:47:04AM -0600, Diana Eichert wrote: On Wed, 26 Sep 2007, Markus Hennecke wrote: As it won't probe on port 0x2e8 it will not find it. Thats why it was disabled, the probe will have negative effects on other hardware. Greetings Markus that's what I assumed, but I thought I'd ask anyway. If this particular board doesn't have that conflicting hardware, can't you alter the kernel with config(8) to find the UART? Doug. Yep, you sure could and that would be a good test for someone who already has a decTOP. However after more reading of the documentation it is quite possible the UARTS are completely disabled. thanks diana
Re: Internet slowdown when pf is enabled? Running on i386 -current
Here's the log: 10:12:28.738263 UPD ST: all 6 122.200.52.134:22 - 125.160.128.35:60387 ESTABLISHED:ESTABLISHED [1381080430 + 65535] wscale 0 [3262031687 + 17040] wscale 0 age 3812101632:33:20, expires in 00:00:00, 482:293 pkts, 38584:35992 bytes id: 46facdc5804b creatorid: 2a435432 updates: 3 10:12:28.902894 INS ST: all 17 255.255.255.255:5678 - 122.200.54.146:5678 NO_TRAFFIC:SINGLE age 00:00:00, expires in 00:00:00, 0:0 pkts, 0:0 bytes, rule 13 id: 46facdc581a9 creatorid: 257e0ae9 10:12:29.458559 UPD ST: all 17 255.255.255.255:3259 - 122.200.50.65:1129 NO_TRAFFIC:SINGLE age 3571779072:45:52, expires in 00:00:00, 5:0 pkts, 270:0 bytes, rule 13 id: 46facdc580f5 creatorid: 257e0ae9 updates: 0 10:12:29.648865 INS ST: all 17 255.255.255.255:5678 - 192.168.140.248:5678 NO_TRAFFIC:SINGLE age 00:00:00, expires in 00:00:00, 0:0 pkts, 0:0 bytes, rule 13 id: 46facdc581aa creatorid: 257e0ae9 all 17 255.255.255.255:5678 - 192.168.125.120:5678 NO_TRAFFIC:SINGLE age 00:00:00, expires in 00:00:00, 0:0 pkts, 0:0 bytes, rule 13 id: 46facdc581ab creatorid: 257e0ae9 10:12:30.173882 UPD ST: all 17 239.255.255.250:1900 - 192.168.0.1:1900 NO_TRAFFIC:SINGLE age 494275328:34:56, expires in 00:00:00, 7181:0 pkts, 2279289:0 bytes id: 46facdc537f4 creatorid: 2a435432 updates: 12 10:12:30.173947 DEL ST: all 6 122.200.52.134:80 - 125.160.128.35:49548 FIN_WAIT_2:FIN_WAIT_2 [2274342568 + 65535] wscale 0 [2570619505 + 17040] wscale 0 age 1024067328:26:24, expires in 00:00:00, 6:5 pkts, 1653:645 bytes, rule 15 id: 46facdc580f6 creatorid: 257e0ae9 all 17 255.255.255.255:5678 - 192.168.157.58:5678 NO_TRAFFIC:SINGLE age 1024067328:26:24, expires in 00:00:00, 2:0 pkts, 230:0 bytes, rule 13 id: 46facdc580f8 creatorid: 257e0ae9 all 17 255.255.255.255:5678 - 192.168.93.10:5678 NO_TRAFFIC:SINGLE age 167249408:06:08, expires in 00:00:00, 2:0 pkts, 224:0 bytes, rule 13 id: 46facdc580f9 creatorid: 257e0ae9 all 17 255.255.255.255:5678 - 192.168.157.52:5678 NO_TRAFFIC:SINGLE age 167249408:06:08, expires in 00:00:00, 2:0 pkts, 210:0 bytes, rule 13 id: 46facdc580fa creatorid: 257e0ae9 10:12:30.173983 DEL ST: all 17 122.200.51.255:138 - 122.200.51.219:138 NO_TRAFFIC:SINGLE age 60622336:24:48, expires in 00:00:00, 2:0 pkts, 471:0 bytes, rule 13 id: 46facdc580fe creatorid: 257e0ae9 all 17 255.255.255.255:5678 - 192.168.157.74:5678 NO_TRAFFIC:SINGLE age 60622336:24:48, expires in 00:00:00, 2:0 pkts, 230:0 bytes, rule 13 id: 46facdc580ff creatorid: 257e0ae9 and there's still more. I noticed that the traffic coming in from 192.168.*.* aren't from my local network. On Wed, 26 Sep 2007 17:19:05 +0100, Stuart Henderson [EMAIL PROTECTED] wrote: On 2007/09/26 22:32, Reza Muhammad wrote: Would a tcpdump log be any helpful at this point? maybe; try ifconfig pfsync0 create and tcpdump -nipfsync0 -vvs1000 inserts 280924 1221.4/s removals 280226 1218.4/s expect it to scroll pretty damn fast...
Re: Internet slowdown when pf is enabled? Running on i386 -current
On 2007/09/27 10:16, Reza Muhammad wrote: Here's the log: Can's suggestion to block the incoming packets on sis0 is good. The problem is caused because you receive a lot of junk traffic from your ISP's network. Since OpenBSD 4.1, PF uses 'keep state' by default (this avoids some problems with common rulesets and TCP window scaling) and this is causing a lot of unnecessary states to be created. So I guess before you upgraded, you used a version from before 4.1. and there's still more. I noticed that the traffic coming in from 192.168.*.* aren't from my local network. It looks like your ISP has many subnets running over the same physical network.
Quotas cause system freeze on 4.1 AMD64 (raid1)
Running 4.1 generic kernel w. RAID1 on AMD64. Checking a users quota freezes the system and renders it useless. I have implemented quotas like described in the FAQ 1) alter /etc/fstab: /dev/raid0f /var ffs rw,userquota,softdep,nodev 1 2 -- This is a 60GB slice 2) create a test quota file for existing user 'johndoe' 3) quotaon -a 4) quota johndoe At point 4 the system stops responding. The server stays up and I can ping / login through SSH, however it never lets me pass after the password, it just hangs. The webserver (which reads files from /var/) doesn't work anymore either. I drove to the DC but still could not login as root. I could login as johndoe but su-ing to root gave the same problems. Hard rebooting helped, but the machine then hanged during startup on 'Checking quota's: ' - or so it seems. I waited 10 minutes - nothing happened. So CTRL-C'd it and removed it from /etc/fstab to prevent further problems. The only thing I can think of is that /var is 'just too big'..? Or could this be caused by a wrongly edited quota.user file? Any help is appreciated! Matt
Re: Internet slowdown when pf is enabled? Running on i386 -current
On Wed, 26 Sep 2007 11:37:28 -0700, Can E. Acar [EMAIL PROTECTED] wrote: Reza Muhammad wrote: ... also There is a lot of external broadcast traffic they are probably the cause of the large number of state insertions/deletions. They are either a badly designed p2p/broadcast/whatever protocol, or the result of the worm/malware of the month. Can you add block drop in quick on sis0 all at the start of your ruleset? This way the external traffic does not create states at all. Can Actually I've been noticing that my ISP has been broadcasting a lot of things since I've been using them. For example, I would get this type of message in /var/log/message all the time: Sep 27 10:10:25 blowfish /bsd: arp: attempt to overwrite entry for 192.168.1.1 on lo0 by 00:02:6f:3e:14:59 on sis0 Anyway, about the ruleset, since I'm also running a web server, and mail server on this box, I shouldn't use block quick right? Rather block in quick on sis0 all, then open up the ports that I need to use? Or am I missing the point? Thanks.