Re: pf tag goes missing post sshd tcp decapsulization
So sorry its not a propper diff anymore but this is what i've done:
--- sys.bak/kern/uipc_socket.c Wed Mar 5 21:11:31 2008
+++ sys/kern/uipc_socket.c Thu Mar 6 06:50:29 2008
@@ -48,6 +48,8 @@
#include sys/resourcevar.h
#include sys/pool.h
+#include net/pfvar.h
+
void filt_sordetach(struct knote *kn);
intfilt_soread(struct knote *kn, long hint);
void filt_sowdetach(struct knote *kn);
@@ -115,6 +117,7 @@ socreate(int dom, struct socket **aso, int type, int p
so-so_rgid = p-p_cred-p_rgid;
so-so_egid = p-p_ucred-cr_gid;
so-so_cpid = p-p_pid;
+ so-so_pftag = 0;
so-so_proto = prp;
error = (*prp-pr_usrreq)(so, PRU_ATTACH, NULL,
(struct mbuf *)(long)proto, NULL);
@@ -1085,6 +1088,17 @@ sosetopt(struct socket *so, int level, int optname, st
}
break;
}
+
+ case SO_PFTAG:
+ {
+ if (m == NULL) {
+ error = EINVAL;
+ printf(Error while setting tag\n);
+ goto bad;
+ }
+ so-so_pftag = pf_tagname2tag(mtod(m, char *));
+ break;
+ }
default:
error = ENOPROTOOPT;
@@ -1173,6 +1187,14 @@ sogetopt(struct socket *so, int level, int optname, st
mtod(m, struct timeval *)-tv_sec = val / hz;
mtod(m, struct timeval *)-tv_usec =
(val % hz) * tick;
+ break;
+ }
+ case SO_PFTAG:
+ {
+ char tagname[PF_TAG_NAME_SIZE];
+ pf_tag2tagname(so-so_pftag, tagname);
+ m-m_len = strlen(tagname) + 1;
+ strlcpy(mtod(m, char *), tagname, MLEN);
break;
}
--- sys.bak/net/pfvar.h Wed Mar 5 21:12:24 2008
+++ sys/net/pfvar.h Wed Mar 5 23:31:03 2008
@@ -41,6 +41,7 @@
#include net/radix.h
#include net/route.h
+#include net/if.h
#include netinet/ip_ipsp.h
#include netinet/tcp_fsm.h
--- sys.bak/netinet/tcp_output.cWed Mar 5 21:12:02 2008
+++ sys/netinet/tcp_output.cWed Mar 5 23:53:37 2008
@@ -98,6 +98,8 @@
#include netinet6/in6_var.h
#endif /* INET6 */
+#include net/pfvar.h
+
#ifdef notyet
extern struct mbuf *m_copypack();
#endif
@@ -698,6 +700,10 @@ send:
error = ENOBUFS;
goto out;
}
+ if (so-so_pftag != 0)
+ {
+ pf_tag_packet(m, so-so_pftag, -1);
+ }
/*
* m_copypack left space for our hdr; use it.
*/
@@ -716,6 +722,10 @@ send:
error = ENOBUFS;
goto out;
}
+ if (so-so_pftag != 0)
+ {
+ pf_tag_packet(m, so-so_pftag, -1);
+ }
m-m_data += max_linkhdr;
m-m_len = hdrlen;
if (len = M_TRAILINGSPACE(m)) {
@@ -761,6 +771,11 @@ send:
error = ENOBUFS;
goto out;
}
+ if (so-so_pftag != 0)
+ {
+ pf_tag_packet(m, so-so_pftag, -1);
+ }
+
m-m_data += max_linkhdr;
m-m_len = hdrlen;
}
--- sys.bak/sys/socket.hWed Mar 5 21:12:13 2008
+++ sys/sys/socket.hWed Mar 5 21:28:05 2008
@@ -80,6 +80,7 @@
#defineSO_ERROR0x1007 /* get error status and clear */
#defineSO_TYPE 0x1008 /* get socket type */
#defineSO_NETPROC 0x1020 /* multiplex; network
processing */
+#defineSO_PFTAG0x1030 /* tag packets from this socket
*/
/*
* Structure used for manipulating linger option.
--- sys.bak/sys/socketvar.h Wed Mar 5 21:12:13 2008
+++ sys/sys/socketvar.h Wed Mar 5 23:46:07 2008
@@ -108,6 +108,7 @@ struct socket {
uid_t so_euid, so_ruid; /* who opened the socket */
gid_t so_egid, so_rgid;
pid_t so_cpid;/* pid of process that opened socket */
+ u_int16_t so_pftag; /* tag a packet from this socket */
};
#defineSB_EMPTY_FIXUP(sb)
\
From James Adamati
Hi, How are you doing today? My name is James Adamati I live in London and work in a financial institution here in United Kingdom. There is a potential transaction relating to a dormant account of one of our deceased customers, which I would like us to handle the fund actualization together. Secondly, I hope to relocate and acquire a home for my family with a view to establishing over there. I will be needing your assistance and co-operation in this endeavor. Let me know if I can trust you with the above and more information will be sent to you as quickly as possible.For further details,please contact me through my private email- Respectfully, James Adamati
Re: The Dilbert Problem...
On Wed, Mar 05, 2008 at 04:25:08PM +0100, ropers wrote: snip NB: As for the number of open tabs, Firefox 2.0.0.x is a real sieve when it comes to memory. It leaks and leaks and leaks... The upcoming Firefox 3 is reportedly going to be a major step forward, but I haven't tried it yet. The desktop machine I'm currently using runs Ubuntu, so this may or may not be directly comparable, but in my experience Firefox 2.0.0.x **can** still be used with 20 tabs spread over 6 windows -- IFF you throw truckloads of RAM at it (e.g. 1-2GB), and use a very comprehensive ABP filter list, and pkill firefox and restartrestore it at least once a day (Firefox 2 allegedly doesn't free memory when tabs are closed). wow. Firefox 2.0.0.12 running on OpenBSD 4.3beta from 29 Feb on a Powerbook G3 with a whopping 256meg of memory and a blinding fast 333mhz G3 happily opens 17 tabs (my default startup) and is quite usable. For the first 30 secs or so Firefox isn't usable. When done it's sucked 125meg and taken 3 mins of CPU. After about 30 of those cpu seconds you can easily swap from tab to tab. OpenBSD 4.2 with what ever Firefox shipped in ports (2.0.0.6 maybe) basically felt like it worked the same. Is the PPC that much more efficient? :-) cheers bruce
GENERIC.MP - DELL PowerEdge 2950 works OK
OpenBSD 4.3 (GENERIC.MP) #1579: Tue Mar 4 15:00:17 MST 2008 [EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 2142175232 (2042MB) avail mem = 2068545536 (1972MB) mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.4 @ 0x7fb9c000 (64 entries) bios0: vendor Dell Inc. version 2.0.1 date 10/27/2007 bios0: Dell Inc. PowerEdge 2950 acpi0 at bios0: rev 2 acpi0: tables DSDT FACP APIC SPCR HPET MCFG WD__ SLIC ERST HEST BERT EINJ TCPA acpi0: wakeup devices PCI0(S5) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Xeon(R) CPU E5310 @ 1.60GHz, 1596.13 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,TM2,CX16,xTPR,NXE,LONG cpu0: 4MB 64b/line 16-way L2 cache cpu0: apic clock running at 265MHz cpu1 at mainbus0: apid 4 (application processor) cpu1: Intel(R) Xeon(R) CPU E5310 @ 1.60GHz, 1595.93 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,TM2,CX16,xTPR,NXE,LONG cpu1: 4MB 64b/line 16-way L2 cache cpu2 at mainbus0: apid 1 (application processor) cpu2: Intel(R) Xeon(R) CPU E5310 @ 1.60GHz, 1595.93 MHz cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,TM2,CX16,xTPR,NXE,LONG cpu2: 4MB 64b/line 16-way L2 cache cpu3 at mainbus0: apid 5 (application processor) cpu3: Intel(R) Xeon(R) CPU E5310 @ 1.60GHz, 1595.93 MHz cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,TM2,CX16,xTPR,NXE,LONG cpu3: 4MB 64b/line 16-way L2 cache cpu4 at mainbus0: apid 2 (application processor) cpu4: Intel(R) Xeon(R) CPU E5310 @ 1.60GHz, 1595.93 MHz cpu4: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,TM2,CX16,xTPR,NXE,LONG cpu4: 4MB 64b/line 16-way L2 cache cpu5 at mainbus0: apid 6 (application processor) cpu5: Intel(R) Xeon(R) CPU E5310 @ 1.60GHz, 1595.93 MHz cpu5: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,TM2,CX16,xTPR,NXE,LONG cpu5: 4MB 64b/line 16-way L2 cache cpu6 at mainbus0: apid 3 (application processor) cpu6: Intel(R) Xeon(R) CPU E5310 @ 1.60GHz, 1595.93 MHz cpu6: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,TM2,CX16,xTPR,NXE,LONG cpu6: 4MB 64b/line 16-way L2 cache cpu7 at mainbus0: apid 7 (application processor) cpu7: Intel(R) Xeon(R) CPU E5310 @ 1.60GHz, 1595.93 MHz cpu7: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,TM2,CX16,xTPR,NXE,LONG cpu7: 4MB 64b/line 16-way L2 cache ioapic0 at mainbus0 apid 8 pa 0xfec0, version 20, 24 pins ioapic0: misconfigured as apic 0, remapped to apid 8 ioapic1 at mainbus0 apid 9 pa 0xfec81000, version 20, 24 pins ioapic1: misconfigured as apic 0, remapped to apid 9 acpihpet0 at acpi0: 14318179 Hz acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 5 (PEX2) acpiprt2 at acpi0: bus 6 (UPST) acpiprt3 at acpi0: bus 7 (DWN1) acpiprt4 at acpi0: bus 9 (DWN2) acpiprt5 at acpi0: bus 1 (PEX3) acpiprt6 at acpi0: bus 2 (PE2P) acpiprt7 at acpi0: bus 11 (PEX4) acpiprt8 at acpi0: bus 13 (PEX6) acpiprt9 at acpi0: bus 3 (SBEX) acpiprt10 at acpi0: bus 15 (COMP) acpicpu0 at acpi0 acpicpu1 at acpi0 acpicpu2 at acpi0 acpicpu3 at acpi0 acpicpu4 at acpi0 acpicpu5 at acpi0 acpicpu6 at acpi0 acpicpu7 at acpi0 ipmi at mainbus0 not configured pci0 at mainbus0 bus 0: configuration mode 1 pchb0 at pci0 dev 0 function 0 Intel 5000X Host rev 0x12 ppb0 at pci0 dev 2 function 0 Intel 5000 PCIE rev 0x12 pci1 at ppb0 bus 5 ppb1 at pci1 dev 0 function 0 Intel 6321ESB PCIE rev 0x01 pci2 at ppb1 bus 6 ppb2 at pci2 dev 0 function 0 Intel 6321ESB PCIE rev 0x01 pci3 at ppb2 bus 7 ppb3 at pci3 dev 0 function 0 ServerWorks PCIE-PCIX rev 0xc3 pci4 at ppb3 bus 8 bnx0 at pci4 dev 0 function 0 Broadcom BCM5708 rev 0x12: apic 8 int 16 (irq 6) ppb4 at pci2 dev 1 function 0 Intel 6321ESB PCIE rev 0x01: apic 8 int 16 (irq 0) pci5 at ppb4 bus 9 ppb5 at pci1 dev 0 function 3 Intel 6321ESB PCIE-PCIX rev 0x01 pci6 at ppb5 bus 10 ppb6 at pci0 dev 3 function 0 Intel 5000 PCIE rev 0x12 pci7 at ppb6 bus 1 ppb7 at pci7 dev 0 function 0 Intel PCIE-PCIE rev 0x09 pci8 at ppb7 bus 2 mpi0 at pci8 dev 8 function 0 Symbios Logic SAS1068 rev 0x01: apic 9 int 0 (irq 6) scsibus0 at mpi0: 173 targets sd0 at scsibus0 targ 0 lun 0: ATA, ST3160815AS, A SCSI3 0/direct fixed sd0: 152587MB, 152588 cyl, 16 head, 127 sec, 512 bytes/sec, 31250 sec total ses0 at scsibus0 targ 8 lun
Regarding MTU values on 802.1q trunked physical interfaces (and more)
Hello all, I am a bit confused regarding the MTU value of the physical ethernet interfaces when there are vlan child interfaces configured, in regard to avoid unneeded fragmentation: ifconfig shows an MTU of 1500 for both the parent and the vlan interface. Should I increase by hand the mtu of the physical parent interface to accommodate the extra bytes for the vlan tags or this is taken care from the operating system someway when you define a physical interface as parent to a vlan one? Also as an extension to the previous question: When using IPSEC tunnels under openbsd, is there a need to increase the physical interface's MTU to accommodate ipsec overhead? And if yes, what would be that magic value from your experience? enc0 reports an MTU of 1536 which sounds logical, but that wouldnt prevent fragmentation if the interface that the ipsec traffic originates/terminates is at 1500. Ofc regarding the above, the rest of networking equipment between the ipsec endpoints (switches, routers, etc) has been configured to handle correctly the bigger mtu values. Thanks in advance on any insight Regards, George
Re: select outgoing route depending on souce interface (net)
Jon Rubio escreveu: Giancarlo Razzolini wrote: Selective routing uses the route-to directive from pf. It's quite simple to use and, to achieve what you want, a simple rule like this should solve (the macros are wrong, was lazy to look them every time :): pass in on $dmz_if route-to ($isp2_iface $ips2_gw) from $dmz_net to any $dmz_if = dmz interface $isp2_iface = interface which is attached to isp2 link $isp2_gw = next hop (host to reach the net on isp2) $dmz_net = dmz network route-to directives are quite powerful. I developed a solution using pf + ifstated + snmp + ping and some clever (almost) shell scripts to automatically change the rules depending on the availability of the link. My regards, -- Giancarlo Razzolini Linux User 172199 Red Hat Certified Engineer no:804006389722501 Moleque Sem Conteudo Numero #002 Slackware Current OpenBSD Stable Ubuntu 7.04 Feisty Fawn Snike Tecnologia em InformC!tica 4386 2A6F FFD4 4D5F 5842 6EA0 7ABE BBAB 9C0E 6B85 [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] Many thanks for your help Giancarlo. Based on your rule, I've added next to rules to my pf.conf: --- # ## ## FILTER: Routing outgoing to ISP2 # ## pass in quick on $dmz_if from $dmz_net to $lan_net pass in quick on $dmz_if route-to ($isp2_if $isp2_gw) \ from $dmz_net to !$lan_net --- The present behaviour is: I can reach and explore Internet from LAN net through ISP1, I can reach and explore Internet from DMZ net through ISP2, and I can reach (without response) to the Web Server on DMZ from Internet (through ISP2). The problem is that responses from the Web Server are not routed back to Internet through ISP2, and they are been send through ISP1 (bge0). Please, could someone help me with this? May be missing a reply-to rule? Thanks in advance. Yep, you need a reply-to rule. I'll not write one here, but basically, you do the rdr rule for incoming traffic as you normally would. But in the pass rule, you say that this rule will reply-to, to the isp2. If you do not make a reply-to rule, the requests get to server correctly, but when the firewall forward them, it will forward them to the default gateway set on it, which, in your case, is isp1. If you have trouble making the rules, i can help you write. This time i'm (almost) just lurking the list. My regards, -- Giancarlo Razzolini Linux User 172199 Red Hat Certified Engineer no:804006389722501 Moleque Sem Conteudo Numero #002 Slackware Current OpenBSD Stable Ubuntu 7.04 Feisty Fawn Snike Tecnologia em Informatica 4386 2A6F FFD4 4D5F 5842 6EA0 7ABE BBAB 9C0E 6B85 [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
GENERIC - DELL PowerEdge 2950 works OK
OpenBSD 4.3 (GENERIC) #1365: Tue Mar 4 14:47:58 MST 2008 [EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/GENERIC real mem = 2142175232 (2042MB) avail mem = 2068672512 (1972MB) mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.4 @ 0x7fb9c000 (64 entries) bios0: vendor Dell Inc. version 2.0.1 date 10/27/2007 bios0: Dell Inc. PowerEdge 2950 acpi0 at bios0: rev 2 acpi0: tables DSDT FACP APIC SPCR HPET MCFG WD__ SLIC ERST HEST BERT EINJ TCPA acpi0: wakeup devices PCI0(S5) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpihpet0 at acpi0: 14318179 Hz acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 5 (PEX2) acpiprt2 at acpi0: bus 6 (UPST) acpiprt3 at acpi0: bus 7 (DWN1) acpiprt4 at acpi0: bus 9 (DWN2) acpiprt5 at acpi0: bus 1 (PEX3) acpiprt6 at acpi0: bus 2 (PE2P) acpiprt7 at acpi0: bus 11 (PEX4) acpiprt8 at acpi0: bus 13 (PEX6) acpiprt9 at acpi0: bus 3 (SBEX) acpiprt10 at acpi0: bus 15 (COMP) acpicpu0 at acpi0 ipmi at mainbus0 not configured cpu0 at mainbus0: (uniprocessor) cpu0: Intel(R) Xeon(R) CPU E5310 @ 1.60GHz, 1596.17 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,TM2,CX16,xTPR,NXE,LONG cpu0: 4MB 64b/line 16-way L2 cache pci0 at mainbus0 bus 0: configuration mode 1 pchb0 at pci0 dev 0 function 0 Intel 5000X Host rev 0x12 ppb0 at pci0 dev 2 function 0 Intel 5000 PCIE rev 0x12 pci1 at ppb0 bus 5 ppb1 at pci1 dev 0 function 0 Intel 6321ESB PCIE rev 0x01 pci2 at ppb1 bus 6 ppb2 at pci2 dev 0 function 0 Intel 6321ESB PCIE rev 0x01 pci3 at ppb2 bus 7 ppb3 at pci3 dev 0 function 0 ServerWorks PCIE-PCIX rev 0xc3 pci4 at ppb3 bus 8 bnx0 at pci4 dev 0 function 0 Broadcom BCM5708 rev 0x12: irq 6 ppb4 at pci2 dev 1 function 0 Intel 6321ESB PCIE rev 0x01: irq 6 pci5 at ppb4 bus 9 ppb5 at pci1 dev 0 function 3 Intel 6321ESB PCIE-PCIX rev 0x01 pci6 at ppb5 bus 10 ppb6 at pci0 dev 3 function 0 Intel 5000 PCIE rev 0x12 pci7 at ppb6 bus 1 ppb7 at pci7 dev 0 function 0 Intel PCIE-PCIE rev 0x09 pci8 at ppb7 bus 2 mpi0 at pci8 dev 8 function 0 Symbios Logic SAS1068 rev 0x01: irq 6 scsibus0 at mpi0: 173 targets sd0 at scsibus0 targ 0 lun 0: ATA, ST3160815AS, A SCSI3 0/direct fixed sd0: 152587MB, 152588 cyl, 16 head, 127 sec, 512 bytes/sec, 31250 sec total ses0 at scsibus0 targ 8 lun 0: DP, BACKPLANE, 1.05 SCSI3 13/enclosure services fixed ppb8 at pci0 dev 4 function 0 Intel 5000 PCIE x8 rev 0x12 pci9 at ppb8 bus 11 ppb9 at pci0 dev 5 function 0 Intel 5000 PCIE rev 0x12 pci10 at ppb9 bus 12 ppb10 at pci0 dev 6 function 0 Intel 5000 PCIE x8 rev 0x12 pci11 at ppb10 bus 13 ppb11 at pci0 dev 7 function 0 Intel 5000 PCIE rev 0x12 pci12 at ppb11 bus 14 pchb1 at pci0 dev 16 function 0 Intel 5000 Error Reporting rev 0x12 pchb2 at pci0 dev 16 function 1 Intel 5000 Error Reporting rev 0x12 pchb3 at pci0 dev 16 function 2 Intel 5000 Error Reporting rev 0x12 pchb4 at pci0 dev 17 function 0 Intel 5000 Reserved rev 0x12 pchb5 at pci0 dev 19 function 0 Intel 5000 Reserved rev 0x12 pchb6 at pci0 dev 21 function 0 Intel 5000 FBD rev 0x12 pchb7 at pci0 dev 22 function 0 Intel 5000 FBD rev 0x12 ppb12 at pci0 dev 28 function 0 Intel 6321ESB PCIE rev 0x09 pci13 at ppb12 bus 3 ppb13 at pci13 dev 0 function 0 ServerWorks PCIE-PCIX rev 0xc3 pci14 at ppb13 bus 4 bnx1 at pci14 dev 0 function 0 Broadcom BCM5708 rev 0x12: irq 6 uhci0 at pci0 dev 29 function 0 Intel 6321ESB USB rev 0x09: irq 11 uhci1 at pci0 dev 29 function 1 Intel 6321ESB USB rev 0x09: irq 10 uhci2 at pci0 dev 29 function 2 Intel 6321ESB USB rev 0x09: irq 11 ehci0 at pci0 dev 29 function 7 Intel 6321ESB USB rev 0x09: irq 11 usb0 at ehci0: USB revision 2.0 uhub0 at usb0 Intel EHCI root hub rev 2.00/1.00 addr 1 ppb14 at pci0 dev 30 function 0 Intel 82801BA Hub-to-PCI rev 0xd9 pci15 at ppb14 bus 15 vga1 at pci15 dev 13 function 0 ATI ES1000 rev 0x02 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) pcib0 at pci0 dev 31 function 0 Intel 6321ESB LPC rev 0x09 pciide0 at pci0 dev 31 function 1 Intel 6321ESB IDE rev 0x09: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility atapiscsi0 at pciide0 channel 0 drive 0 scsibus1 at atapiscsi0: 2 targets cd0 at scsibus1 targ 0 lun 0: TEAC, CD-ROM CD-224E-N, 3.AC SCSI0 5/cdrom removable cd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2 pciide0: channel 1 ignored (disabled) usb1 at uhci0: USB revision 1.0 uhub1 at usb1 Intel UHCI root hub rev 1.00/1.00 addr 1 usb2 at uhci1: USB revision 1.0 uhub2 at usb2 Intel UHCI root hub rev 1.00/1.00 addr 1 usb3 at uhci2: USB revision 1.0 uhub3 at usb3 Intel UHCI root hub rev 1.00/1.00 addr 1 isa0 at pcib0 isadma0 at isa0 com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pcppi0 at isa0 port 0x61 midi0 at
Re: select outgoing route depending on souce interface (net)
Giancarlo Razzolini wrote: Selective routing uses the route-to directive from pf. It's quite simple to use and, to achieve what you want, a simple rule like this should solve (the macros are wrong, was lazy to look them every time :): pass in on $dmz_if route-to ($isp2_iface $ips2_gw) from $dmz_net to any $dmz_if = dmz interface $isp2_iface = interface which is attached to isp2 link $isp2_gw = next hop (host to reach the net on isp2) $dmz_net = dmz network route-to directives are quite powerful. I developed a solution using pf + ifstated + snmp + ping and some clever (almost) shell scripts to automatically change the rules depending on the availability of the link. My regards, -- Giancarlo Razzolini Linux User 172199 Red Hat Certified Engineer no:804006389722501 Moleque Sem Conteudo Numero #002 Slackware Current OpenBSD Stable Ubuntu 7.04 Feisty Fawn Snike Tecnologia em InformC!tica 4386 2A6F FFD4 4D5F 5842 6EA0 7ABE BBAB 9C0E 6B85 [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] Many thanks for your help Giancarlo. Based on your rule, I've added next to rules to my pf.conf: --- ### ## FILTER: Routing outgoing to ISP2 ### pass in quick on $dmz_if from $dmz_net to $lan_net pass in quick on $dmz_if route-to ($isp2_if $isp2_gw) \ from $dmz_net to !$lan_net --- The present behaviour is: I can reach and explore Internet from LAN net through ISP1, I can reach and explore Internet from DMZ net through ISP2, and I can reach (without response) to the Web Server on DMZ from Internet (through ISP2). The problem is that responses from the Web Server are not routed back to Internet through ISP2, and they are been send through ISP1 (bge0). Please, could someone help me with this? May be missing a reply-to rule? Thanks in advance. -- View this message in context: http://www.nabble.com/select-outgoing-route-depending-on-souce-interface-%28net%29-tp15863445p15870544.html Sent from the openbsd user - misc mailing list archive at Nabble.com.
More then 1 dhcrelay process on 1 router
Hello folks short: will 2 (or more) dhcrelay work on one router without problems long: I have a router connected to 3 networks: a.b.1.0/24 connected to if1, a.b.2.0/24 connceted to if2, a.b.3.0/24 connected to if3. Lets say I have a dhcpd on a.b.1.1 Is it possible to start the two dhcrelay processes: dhcrelay /usr/sbin/dhcrelay -i if2 a.b.1.1 /usr/sbin/dhcrelay -i if3 a.b.1.1 or will they interfere? If no one knows an answer I will test it next week, as for now I don't have a spare machine with enough network cards ready ;-) thanks guido
write cache on scsi
Hi all, Is there a straight-forward way to know if write cache is enabled on a SCSI disk? I installed 4.2 (both i386 and amd64) on a ibm x-series 336, and a simple mv of src.tar.gz from a dir to another in the same filesystem takes more than 10 seconds. 0m10.49s real 0m0.00s user 0m0.10s system Thanks a lot. Best regards, Josi ps. below is a dmesg -- OpenBSD 4.2 (GENERIC) #375: Tue Aug 28 10:38:44 MDT 2007 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel(R) Xeon(TM) CPU 3.20GHz (GenuineIntel 686-class) 3.21 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS H, DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,CNXT-ID,CX16,xTPR real mem = 1073094656 (1023MB) avail mem = 1029996544 (982MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 01/17/05, BIOS32 rev. 0 @ 0xfd721, SMBIOS rev. 2.3 @ 0xf602c (50 entries) bios0: vendor IBM version -[APE121AUS-1.06]- date 01/17/2005 bios0: IBM eserver xSeries 336 -[883721U]- pcibios0 at bios0: rev 2.1 @ 0xf/0x pcibios0: PCI BIOS has 11 Interrupt Routing table entries pcibios0: PCI Exclusive IRQs: 9 10 11 15 pcibios0: PCI Interrupt Router at 000:31:0 (Intel 82801EB/ER LPC rev 0x00) pcibios0: PCI bus #7 is the last bus bios0: ROM list: 0xc/0xb000 0xcb000/0x4000 0xcf000/0x1800 acpi at mainbus0 not configured ipmi0 at mainbus0: version 1.5 interface KCS iobase 0xca8/8 spacing 4 cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 Intel E7520 MCH rev 0x0a Intel E7520 MCH ERR rev 0x0a at pci0 dev 0 function 1 not configured ppb0 at pci0 dev 2 function 0 Intel MCH PCIE rev 0x0a pci1 at ppb0 bus 2 ppb1 at pci0 dev 4 function 0 Intel MCH PCIE rev 0x0a pci2 at ppb1 bus 3 ppb2 at pci2 dev 0 function 0 Intel PCIE-PCIE rev 0x09 pci3 at ppb2 bus 4 mpi0 at pci3 dev 1 function 0 Symbios Logic 53c1030 rev 0x08: irq 11 scsibus0 at mpi0: 16 targets sd0 at scsibus0 targ 0 lun 0: IBM-ESXS, MAW3300NC FN, C206 SCSI2 0/direct fixed sd0: 286102MB, 78753 cyl, 8 head, 930 sec, 512 bytes/sec, 585937500 sec total safte0 at scsibus0 targ 8 lun 0: IBM, 25P3495a S320 1, 1 SCSI2 3/processor fixed mpi0: target 0 Sync at 160MHz width 16bit offset 127 QAS 0 DT 1 IU 1 ppb3 at pci2 dev 0 function 2 Intel PCIE-PCIE rev 0x09 pci4 at ppb3 bus 5 bge0 at pci4 dev 1 function 0 Broadcom BCM5704C rev 0x10, BCM5704 B0 (0x2100): irq 11, address 00:10:18:24:5f:02 brgphy0 at bge0 phy 1: BCM5704 10/100/1000baseT PHY, rev. 0 bge1 at pci4 dev 1 function 1 Broadcom BCM5704C rev 0x10, BCM5704 B0 (0x2100): irq 11, address 00:10:18:24:5f:03 brgphy1 at bge1 phy 1: BCM5704 10/100/1000baseT PHY, rev. 0 ppb4 at pci0 dev 6 function 0 Intel MCH PCIE rev 0x0a pci5 at ppb4 bus 6 bge2 at pci5 dev 0 function 0 Broadcom BCM5721 rev 0x01, BCM5750 A1 (0x4001): irq 11, address 00:0d:60:99:a3:b2 brgphy2 at bge2 phy 1: BCM5750 10/100/1000baseT PHY, rev. 0 ppb5 at pci0 dev 7 function 0 Intel MCH PCIE rev 0x0a pci6 at ppb5 bus 7 bge3 at pci6 dev 0 function 0 Broadcom BCM5721 rev 0x01, BCM5750 A1 (0x4001): irq 11, address 00:0d:60:99:a3:b3 brgphy3 at bge3 phy 1: BCM5750 10/100/1000baseT PHY, rev. 0 Intel E7525 MCH Configuration rev 0x0a at pci0 dev 8 function 0 not configured uhci0 at pci0 dev 29 function 0 Intel 82801EB/ER USB rev 0x02: irq 11 uhci1 at pci0 dev 29 function 1 Intel 82801EB/ER USB rev 0x02: irq 3 ehci0 at pci0 dev 29 function 7 Intel 82801EB/ER USB2 rev 0x02: irq 3 usb0 at ehci0: USB revision 2.0 uhub0 at usb0: Intel EHCI root hub, rev 2.00/1.00, addr 1 ppb6 at pci0 dev 30 function 0 Intel 82801BA AGP rev 0xc2 pci7 at ppb6 bus 1 vga1 at pci7 dev 1 function 0 ATI Radeon VE QY rev 0x00 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) ichpcib0 at pci0 dev 31 function 0 Intel 82801EB/ER LPC rev 0x02: 24-bit timer at 3579545Hz pciide0 at pci0 dev 31 function 2 Intel 82801EB SATA rev 0x02: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility atapiscsi0 at pciide0 channel 0 drive 0 scsibus1 at atapiscsi0: 2 targets cd0 at scsibus1 targ 0 lun 0: HL-DT-ST, DVD-ROM GDR8083N, 0L02 SCSI0 5/cdrom removable cd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2 ichiic0 at pci0 dev 31 function 3 Intel 82801EB/ER SMBus rev 0x02: irq 11 iic0 at ichiic0: disabled to avoid ipmi0 interactions usb1 at uhci0: USB revision 1.0 uhub1 at usb1: Intel UHCI root hub, rev 1.00/1.00, addr 1 usb2 at uhci1: USB revision 1.0 uhub2 at usb2: Intel UHCI root hub, rev 1.00/1.00, addr 1 isa0 at ichpcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pmsi0 at pckbc0 (aux slot) pckbc0: using irq 12 for aux slot wsmouse0 at pmsi0 mux 0 pcppi0 at isa0 port 0x61 midi0 at pcppi0: PC speaker spkr0 at pcppi0 npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
Re: More then 1 dhcrelay process on 1 router
Guido Tschakert schrieb: Hello folks short: will 2 (or more) dhcrelay work on one router without problems long: I have a router connected to 3 networks: a.b.1.0/24 connected to if1, a.b.2.0/24 connceted to if2, a.b.3.0/24 connected to if3. Lets say I have a dhcpd on a.b.1.1 Is it possible to start the two dhcrelay processes: dhcrelay /usr/sbin/dhcrelay -i if2 a.b.1.1 /usr/sbin/dhcrelay -i if3 a.b.1.1 or will they interfere? If no one knows an answer I will test it next week, as for now I don't have a spare machine with enough network cards ready ;-) thanks guido Ok, If found some hardware to test it: it just worked out of the box. That is why I love OpenBSD: It just work! guido
NT 6 profile missing from PF /etc/pf.os on 4.3, 4.2
I've compared /etc/pf.os on 4.2 and 4.3 and they seem to both be missing fingerprints for blocking/filtering Windows NT 6 packets. Has a fingerprint been identified? Regards, -Lars
Re: floppy.fs
Hi! On Tue, Mar 04, 2008 at 11:22:11PM -0700, Paul Greidanus wrote: I'm just wondering how many people out there are using the floppy.fs installer still? I'm wondering if it would be a worthwhile thought to expand past the 1.44Mb limit for the CD and .rd install options if there are features that can be added to the installer. No, I'm not thinking a gui/menu based installer as the main reason, but there might be benefits to something like that. I used one recently to fix something on a box here at work. The box *has* a CD-ROM drive (even DVD-ROM) but we don't have easy access to CD/DVD *writers* and couldn't wait for shipment of a ready-made CD (e.g. the official OpenBSD one). So had to write an install floppy, boot it, use s and what is available there was enough to fix things up to being able to boot from hard disk again and fix the rest from there. Paul Kind regards, Hannah.
Re: select outgoing route depending on souce interface (net)
Giancarlo Razzolini wrote:
Yep, you need a reply-to rule. I'll not write one here, but basically,
you do the rdr rule for incoming traffic as you normally would. But in
the pass rule, you say that this rule will reply-to, to the isp2. If you
do not make a reply-to rule, the requests get to server correctly, but
when the firewall forward them, it will forward them to the default
gateway set on it, which, in your case, is isp1. If you have trouble
making the rules, i can help you write. This time i'm (almost) just
lurking the list.
My regards,
--
Giancarlo Razzolini
Linux User 172199
Red Hat Certified Engineer no:804006389722501
Moleque Sem Conteudo Numero #002
Slackware Current
OpenBSD Stable
Ubuntu 7.04 Feisty Fawn
Snike Tecnologia em Informatica
4386 2A6F FFD4 4D5F 5842 6EA0 7ABE BBAB 9C0E 6B85
[demime 1.01d removed an attachment of type application/pgp-signature
which had a name of signature.asc]
Many thanks for all your help.
Now, I've added a reply-to rule to my pf.conf:
---
###
## FILTER: Routing outgoing to ISP2
###
pass in quick on $dmz_if from $dmz_net to $lan_net
pass in quick on $dmz_if route-to ($isp2_if $isp2_gw) \
from $dmz_net to !$lan_net
pass out quick on $dmz_if route-to ($ips_if $ips_gw) from $dmz_net \
to {!$ofi_net !$des_net !$pro_net !$vpn_net}
---
This is still not working.
Any kind of help will be very apreciated.
I've convinced my boss to change the old payment firewall to OpenBSD,
I can't make this working and we have on DMZ all services down.
Does anyone know how to use the route-to rule?
Does anyone know where to find (or a book to buy) a complete guide to Packet
Filter?
Thanks in advance.
--
View this message in context:
http://www.nabble.com/select-outgoing-route-depending-on-souce-interface-%28net%29-tp15863445p15873002.html
Sent from the openbsd user - misc mailing list archive at Nabble.com.
Re: The Insecurity output - improving the SNR
Further to my earlier posting, the following diff may be of use to
people running anoncvs mirrors. Its utterly trivial, but the mantra
goes, where's the diff, so I thought why not.
Si1entDave
--- securitySun Mar 11 01:31:52 2007
+++ security.newThu Mar 6 13:17:02 2008
@@ -35,7 +35,7 @@
printf(Login %s has non-alphanumeric characters.\n, $1);
if (length($1) 31)
printf(Login %s has more than 31 characters.\n, $1);
- if ($2 == )
+ if ($2 == $1 != anoncvs)
printf(Login %s has no password.\n, $1);
if ($2 != length($2) != 13 ($10 ~ /.*sh$/ || $10 == )
($2 !~ /^\$[0-9a-f]+\$/) ($2 != skey)) {
Re: carp startup timing issues
* Clifford Bailey [EMAIL PROTECTED] [2008-03-05 16:45]: Hi, I have a puzzling issue with carp which I wondered whether anyone knew the answer to. I have two carp + pf + pfsync (on openbsd 4.2) boxes in a standard failover configuration (master and backup designated by advskew values). When the master is brought down the failover works nicely. When the master comes back up though, it takes control straight away, but doesn't respond to anything for between 5 and 20 seconds. I have found a workaround for this issue by enabling portfast on the port switches that the firewall is connected to, but it doesn't make any sense to me why the firewall acts in this way when portfast is disabled. err... portfast refers to spanning tree. here is what happens with portfast disabled: -machine comes up, port goes up -switch blocks the port for 15..30s, depending on configured stop timings, and listens for stp announcements on that port -the machine does not see carp advertisements from the other machine, since the switchport is bocked by stp. thus it thinks it is alone and goes to master. the other machine is master too, but since the freshly booted one has no net that does not matter much. -after the switch figured out there is no spanning tree speaking device on that port, it unblocks it and traffic can flow. for a short period both machines are master. since they see their repective carp announcements one goes to backup quickly. With setting portfast, you tell teh switch that there is no stp speaking device on that port and the port transitions to forwarding (i. e. NOT blocking) right away after the link comes up. so that is not a workaround but the proper solution. 4. HOWEVER, although the master now originates and receives traffic, it doesn't respond to any traffic, ie it won't send an echo reply to a request or ack any tcp traffic.This stays like this for between 5 and 20 seconds, are you sure that the master gets any traffic that it didn't originateitself, i. e. that actually wnt thru teh switchport in question? I have a hard time believing that. If I turn off portfast on the switch ports, the sequence is exactly the same, except that the 5 to 20 second delay isn't there. turn OFF portfast?? -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg Amsterdam
Re: pf tag goes missing post sshd tcp decapsulization
replying in public, since there are at least two people hacking on that * Konrad [EMAIL PROTECTED] [2008-03-06 10:26]: So sorry its not a propper diff anymore but this is what i've done: unfortunatly this is not enough. it messes the refcounting. the tagname2tag routing keeps a refcount for the name-tag-id mapping and removes it when the refcount drops to zero. pf_tagname2tag increases that refcount. you must call pf_tag_unref() at some point to decrease it again. this can be slightly nasty with sockets... some cases to consider: -of course, we need to unref when the socket is destroyed. -when we set a tag, and there was already a tag set on the socket, we need to do the unref for the old one. -what happens on accept()? also, as you already mentioned, the non-tcp cases are missing yet. but this is a nice start, keep going! -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg Amsterdam
Re: write cache on scsi
On 2008-03-06, Jose Fragoso [EMAIL PROTECTED] wrote: Is there a straight-forward way to know if write cache is enabled on a SCSI disk? # scsi -f /dev/rsd0c -m 8 and look at WCE But I don't think that's your problem. I installed 4.2 (both i386 and amd64) on a ibm x-series 336, and a simple mv of src.tar.gz from a dir to another in the same filesystem takes more than 10 seconds. What does top say? look at what state mv is in, what cpu% is used in interrupt, whether there's something else running that hits the disks.
how I can save ddb trace information.
Hi list: I have a panic with mp kernel, when panic launch me to ddb prompt I execute ps and trace but i don't know how save the dump information.
Re: floppy.fs
Regarding the new stuffs may be added to the floppy, personally I'd like to see more NIC drivers. I used to boot floppy to install my P2 PC but later when I install a P4 (Asus P4P800 MB) I had to use CD since the floppy doesn't have sk drive. Arthur
Re: how I can save ddb trace information.
On 12:16:31 Mar 06, Jorge Medina wrote: Hi list: I have a panic with mp kernel, when panic launch me to ddb prompt I execute ps and trace but i don't know how save the dump information. man crash(8) man savecore(8) You have type ddb boot dump -Girish -- unix soi qui mal y pense UNIX to him who evil thinks
Re: carp startup timing issues
Hi Henning, Thanks for your response. Yes, your understanding of spanning tree is the same as mine (I meant turn ON portfast at the end, not turn off sorry!) I realize that enabling portfast is a solution, but I am still very puzzled by why the server pauses when portfast is off as I don't think it should make any difference. If portfast is off, the change over shouldn't happen until the port can send and receive traffic anyway, so that should be seemless, which it isn't. When portfast isn't enabled it only starts seeing traffic after the port has gone into forwarding mode, and I am sure it is seeing traffic that it didn't originate itself, but it definitely isn't responding. I spent a little while looking into it yesterday as I was worried that it might cause me problems later on, and I captured a few logs of the startup sequence on the master if it helps (some background 192.168.1.101 is the master firewall, and is creating the CARP advertisements with advskew 1, 192.168.1.102 is the backup and has the advskew of 100, 192.168.0.20 and 112 are test boxes that are constantly pinging the 101 address to test its response) Annotated Log: PORT IS IN LEARNING MODE, nothing is being allowed out, only STP messages aer allowed in. 11:35:02.162830 802.1d STP config root=2000.0:xx:x:xx:xx:xx rootcost=3 bridge=8000.00 11:35:03.079833 CARPv2-advertise 36: vhid=3 advbase=1 advskew=1 demote=0 (DF) [tos 0] 11:35:04.099833 CARPv2-advertise 36: vhid=3 advbase=1 advskew=1 demote=0 (DF) [tos 0] 11:35:04.163588 802.1d STP config root=2000.0:xx:x:xx:xx:xx rootcost=3 bridge=8000.00 11:35:05.119835 CARPv2-advertise 36: vhid=3 advbase=1 advskew=1 demote=0 (DF) [tos 0] 11:35:05.350726 802.1d STP config flags=1TC role=DESIGNATED root=2000.0:d0:0:f3:140 PORT SWITCHES TO FORWARDING MODE (here you see echo requests come in from 192.168.0.20 and carp advertisements with a different advskew come in. At this point the other firewall changes to BACKUP from MASTER) 11:35:05.743107 192.168.0.20 192.168.1.101: icmp: echo request 11:35:05.921747 CARPv2-advertise 36: vhid=3 advbase=1 advskew=100 demote=0 (DF) 11:35:06.136239 192.168.0.112 192.168.1.101: icmp: echo request (DF) 11:35:06.139833 CARPv2-advertise 36: vhid=3 advbase=1 advskew=1 demote=0 (DF) [tos 0] 11:35:06.163971 802.1d STP config flags=1TC role=DESIGNATED root=2000.0:d0:0:f3:140 11:35:06.742987 192.168.0.20 1927497 192.168.0.112 192.168.1.1: icmp: echo request (DF) 11:35:07.136618 192.168.0.112 192.168.1.101: icmp: echo request (DF) 11:35:07.159835 CARPv2-advertise 36: vhid=3 advbase=1 advskew=1 demote=0 (DF) [tos 0] 11:35:07.306637 192.168.1.253.1985 224.0.0.2.1985:HSRPv0-hello 20: state=active gr4 11:35:07.743116 192.168.0.20 192.168.1.101: icmp: echo request 11:35:07.928251 192.168.0.112 192.168.1.1: icmp: echo request (DF) 11:35:08.012075 192.168.1.252.1985 224.0.0.2.1985:HSRPv0-hello 20: state=stvskew=1 demote=0 (DF) [tos 0] 11:35:09.743998 192.168.0.20 192.168.1.101: icmp: echo request 11:35:09.939502 192.168.0.112 192.168.1.1: icmp: echo request (DF) 11:35:10.147373 192.168.0.112 192.168.1.101: icmp: echo request (DF) 11:35:10.147384 arp who-has 192.168.1.254 tell 192.168.1.101 11:35:10.147622 arp reply 192.168.1.254 is-at 00:00:0c:07:ac:7c FIRST REPLY APPEARS (I have no idea what triggers this, but all of a sudden the server starts responding) 11:35:10.147631 192.168.1.101 192.168.0.112: icmp: echo reply (DF) 11:35:10.162863 802.1d STP config flags=1TC role=DESIGNATED root=2000.0:d0:0:f3:140 11:35:10.219832 CARPv2-advertise 36: vhid=3 advbase=1 advskew=1 demote=0 (DF) [tos 0] 11:35:10.744127 192.168.0.20 192.168.1.101: icmp: echo request 11:35:10.744137 192.168.1.101 192.168.0.20: icmp: echo reply 11:35:10.941505 192.168.0.112 192.168.1.1dvertise 36: vhid=3 advbase=1 advskew=1 demote=0 (DF) [tos 0] 11:35:11.574487 192.168.1.253.1985 224.0.0.2.1985:HSRPv0-hello 20: state=active gr4 11:35:11.744881 192.168.0.20 192.168.1.101: icmp: echo request 11:35:11.744892 192.168.1.101 192.168.0.20: icmp: echo reply On 06/03/2008, Henning Brauer [EMAIL PROTECTED] wrote: * Clifford Bailey [EMAIL PROTECTED] [2008-03-05 16:45]: Hi, I have a puzzling issue with carp which I wondered whether anyone knew the answer to. I have two carp + pf + pfsync (on openbsd 4.2) boxes in a standard failover configuration (master and backup designated by advskew values). When the master is brought down the failover works nicely. When the master comes back up though, it takes control straight away, but doesn't respond to anything for between 5 and 20 seconds. I have found a workaround for this issue by enabling portfast on the port switches that the firewall is connected to, but it doesn't make any sense to me why the firewall acts in this way when portfast is disabled. err... portfast refers to spanning tree. here is what happens with portfast disabled: -machine comes up, port goes up -switch blocks the port for 15..30s,
Re: write cache on scsi
Hi, Stuart! Thanks for the hint. # scsi -f /dev/rsd0c -m 8 IC: 0 ABPF: 0 CAP: 0 DISC: 1 SIZE: 0 WCE: 0 MF: 0 RCD: 0 Demand Retention Priority: 0 Write Retention Priority: 0 Disable Pre-fetch Transfer Length: 65535 Minimum Pre-fetch: 0 Maximum Pre-fetch: 65535 Maximum Pre-fetch Ceiling: 65535 WCE being 0, means it is not enabled? If so, how can one enable it? From top, I see mv goes to sleep state. On the WAIT, it showsgetblk. CPU usage is 0.05%. Thanks in advance for any help. Regards, Josi -- Want an e-mail address like mine? Get a free e-mail account today at www.mail.com!
Re: how I can save ddb trace information.
On 2008-03-06, Jorge Medina [EMAIL PROTECTED] wrote: I have a panic with mp kernel, when panic launch me to ddb prompt I execute ps and trace but i don't know how save the dump information. First see if your machine preserves dmesg between boots. Not all machines do, but it's worth checking this first (if your machine is one of those where dmesg shows more than one set of boot messages after a reboot, then this applies). Failing that, here are some options: Type it in to another machine, Write it down and type it in, Take a photo and type it in, Use a null-modem cable to another machine (http://www.openbsd.org/faq/faq7.html#SerCon)
Re: The Dilbert Problem...
On 06/03/2008, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: On Wed, Mar 05, 2008 at 04:25:08PM +0100, ropers wrote: snip NB: As for the number of open tabs, Firefox 2.0.0.x is a real sieve when it comes to memory. It leaks and leaks and leaks... The upcoming Firefox 3 is reportedly going to be a major step forward, but I haven't tried it yet. The desktop machine I'm currently using runs Ubuntu, so this may or may not be directly comparable, but in my experience Firefox 2.0.0.x **can** still be used with 20 tabs spread over 6 windows -- IFF you throw truckloads of RAM at it (e.g. 1-2GB), and use a very comprehensive ABP filter list, and pkill firefox and restartrestore it at least once a day (Firefox 2 allegedly doesn't free memory when tabs are closed). wow. Firefox 2.0.0.12 running on OpenBSD 4.3beta from 29 Feb on a Powerbook G3 with a whopping 256meg of memory and a blinding fast 333mhz G3 happily opens 17 tabs (my default startup) and is quite usable. For the first 30 secs or so Firefox isn't usable. When done it's sucked 125meg and taken 3 mins of CPU. After about 30 of those cpu seconds you can easily swap from tab to tab. OpenBSD 4.2 with what ever Firefox shipped in ports (2.0.0.6 maybe) basically felt like it worked the same. Is the PPC that much more efficient? :-) I haven't really done any rigorous testing, and I probably don't really need 1-2 GB for 20-30 tabs, but the above is what I currently use. ((I don't really care, because I plan on wiping this PC soon anyway, and I hope I'll be able to again use OpenBSD more.)) That said, my hunch is, PowerPC vs. x86 prolly hasn't much to do with it. IMHO (a) Ubuntu is MUCH less hardware-efficient than OpenBSD, and (b) I take it from your post that you're probably not using Flash -- I think heavy Flash in multiple tabs (even though eg. videos are not running concurrently) is probably the main culprit. In a nutshell: Flash. The FASTEST way to send **all** of your clock cycles to /dev/null.(TM) (Yeah. That's about it. That, and incompetently written s-sss-zzzloowww ECMAScript that uses polling and shit **cough** Digg **cough**.) To be honest, a further discussion of the performance issues seen with Ubuntu/Flash/bad JavaScript is off-topic for an OpenBSD mailing list. Feel free to email me off-list though. :) I might even get around to answering. ;-) Cheers, --ropers
Re: write cache on scsi
On 2008-03-06, Jose Fragoso [EMAIL PROTECTED] wrote: Hi, Stuart! Thanks for the hint. # scsi -f /dev/rsd0c -m 8 IC: 0 ABPF: 0 CAP: 0 DISC: 1 SIZE: 0 WCE: 0 MF: 0 RCD: 0 Demand Retention Priority: 0 Write Retention Priority: 0 Disable Pre-fetch Transfer Length: 65535 Minimum Pre-fetch: 0 Maximum Pre-fetch: 65535 Maximum Pre-fetch Ceiling: 65535 WCE being 0, means it is not enabled? Correct If so, how can one enable it? As far as I know, you should normally have write cache disabled on SCSI. I don't see how this can account for 10 seconds to update a dir entry... You can edit the code page with scsi(8). This change is saved permanently. But I think you should leave it alone. From top, I see mv goes to sleep state. On the WAIT, it showsgetblk. CPU usage is 0.05%. Thanks in advance for any help. Regards, Josi What does top say? look at what state mv is in, ** WHAT CPU% IS USED IN INTERRUPT **, whether there's something else running that hits the disks. Can you just paste in all the top output while it's running? (top|cat is easy to paste).
Re: how I can save ddb trace information.
On 3/6/08, Girish Venkatachalam [EMAIL PROTECTED] wrote: On 12:16:31 Mar 06, Jorge Medina wrote: Hi list: I have a panic with mp kernel, when panic launch me to ddb prompt I execute ps and trace but i don't know how save the dump information. man crash(8) man savecore(8) You have type ddb boot dump -Girish ok thank but the log location is? -- unix soi qui mal y pense UNIX to him who evil thinks -- Jorge Andris Medina Oliva. Systems Manager and Developer. BSDCHiLE.
Re: how I can save ddb trace information.
On Thu, Mar 06, 2008 at 09:10:02PM +0530, Girish Venkatachalam wrote: On 12:16:31 Mar 06, Jorge Medina wrote: Hi list: I have a panic with mp kernel, when panic launch me to ddb prompt I execute ps and trace but i don't know how save the dump information. man crash(8) man savecore(8) You have type ddb boot dump IIRC, swapencript needs to be disabled for this to work. -Girish Janjaap van Velthooven -- / __/ /_/ __/ /_ __/ __/ /___ / / /_ __/___/_/_ /___ / / __/ /___ / / /___/_/_/_/_/_/_/___/_/_/
Re: write cache on scsi
On Thu, Mar 06, 2008 at 04:32:38PM +, Stuart Henderson wrote: On 2008-03-06, Jose Fragoso [EMAIL PROTECTED] wrote: Hi, Stuart! Thanks for the hint. # scsi -f /dev/rsd0c -m 8 IC: 0 ABPF: 0 CAP: 0 DISC: 1 SIZE: 0 WCE: 0 MF: 0 RCD: 0 Demand Retention Priority: 0 Write Retention Priority: 0 Disable Pre-fetch Transfer Length: 65535 Minimum Pre-fetch: 0 Maximum Pre-fetch: 65535 Maximum Pre-fetch Ceiling: 65535 WCE being 0, means it is not enabled? Correct If so, how can one enable it? As far as I know, you should normally have write cache disabled on SCSI. I don't see how this can account for 10 seconds to update a dir entry... You can edit the code page with scsi(8). This change is saved permanently. But I think you should leave it alone. It is save to use. This is just mfgs being conservative. Got a UPS? use it! From top, I see mv goes to sleep state. On the WAIT, it showsgetblk. CPU usage is 0.05%. Thanks in advance for any help. Regards, Josi What does top say? look at what state mv is in, ** WHAT CPU% IS USED IN INTERRUPT **, whether there's something else running that hits the disks. Can you just paste in all the top output while it's running? (top|cat is easy to paste).
Re: Compile bind on 4.2 fails - no acceptable grep in path
Ehr, I did cvs-updated the source and rebuilt the kernel. But then after reboot, make world failed so I zipped up the sources and extracted them again from CD. That's exactly what happened. I still don't see what's wrong. My /usr/bin/grep has the same md5sum as the one from base.tgz = 2493db921cef8dc30f0b1f5c23d66163 config.log = This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. It was created by configure, which was generated by GNU Autoconf 2.60. Invocation command line was $ /usr/src/usr.sbin/bind/configure --prefix=/usr --localstatedir=/var --sysconfdir=/etc --disable-shared --disable-threads ## - ## ## Platform. ## ## - ## hostname = novo.ctors.local uname -m = i386 uname -r = 4.2 uname -s = OpenBSD uname -v = GENERIC#0 /usr/bin/uname -p = Intel(R) Core(TM)2 CPU T5600 @ 1.83GHz (GenuineIntel 686-class) /bin/uname -X = unknown /bin/arch = unknown /usr/bin/arch -k = OpenBSD.i386 /usr/convex/getsysinfo = unknown /usr/bin/hostinfo = unknown /bin/machine = unknown /usr/bin/oslevel = unknown /bin/universe = unknown PATH: /bin PATH: /usr/bin PATH: /sbin PATH: /usr/sbin ## --- ## ## Core tests. ## ## --- ## configure:2087: checking build system type configure:2105: result: i386-unknown-openbsd4.2 configure:2127: checking host system type configure:2142: result: i386-unknown-openbsd4.2 configure:2165: checking whether make sets $(MAKE) configure:2186: result: yes configure:2238: checking for ranlib configure:2254: found /usr/bin/ranlib configure:2265: result: ranlib configure:2304: checking for a BSD-compatible install configure:2360: result: /usr/bin/install -c configure:2379: checking for ar configure:2397: found /usr/bin/ar configure:2409: result: /usr/bin/ar configure:2448: checking for etags configure:2481: result: no configure:2448: checking for emacs-etags configure:2481: result: no configure:2515: checking for perl5 configure:2548: result: no configure:2515: checking for perl configure:2533: found /usr/bin/perl configure:2545: result: /usr/bin/perl configure:2713: checking for gcc configure:2740: result: cc configure:2978: checking for C compiler version configure:2985: cc --version 5 cc (GCC) 3.3.5 (propolice) Copyright (C) 2003 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. configure:2988: $? = 0 configure:2995: cc -v 5 Reading specs from /usr/lib/gcc-lib/i386-unknown-openbsd4.2/3.3.5/specs Configured with: Thread model: single gcc version 3.3.5 (propolice) configure:2998: $? = 0 configure:3005: cc -V 5 cc: `-V' option must have argument configure:3008: $? = 1 configure:3031: checking for C compiler default output file name configure:3058: cc -O2 -pipe conftest.c 5 configure:3061: $? = 0 configure:3107: result: a.out configure:3112: checking whether the C compiler works configure:3122: ./a.out configure:3125: $? = 0 configure:3142: result: yes configure:3149: checking whether we are cross compiling configure:3151: result: no configure:3154: checking for suffix of executables configure:3161: cc -o conftest -O2 -pipe conftest.c 5 configure:3164: $? = 0 configure:3188: result: configure:3194: checking for suffix of object files configure:3220: cc -c -O2 -pipeconftest.c 5 configure:3223: $? = 0 configure:3246: result: o configure:3250: checking whether we are using the GNU C compiler configure:3279: cc -c -O2 -pipeconftest.c 5 configure:3285: $? = 0 configure:3292: test -z $ac_c_werror_flag || test ! -s conftest.err configure:3295: $? = 0 configure:3302: test -s conftest.o configure:3305: $? = 0 configure:3319: result: yes configure:3324: checking whether cc accepts -g configure:3354: cc -c -g conftest.c 5 configure:3360: $? = 0 configure:3367: test -z $ac_c_werror_flag || test ! -s conftest.err configure:3370: $? = 0 configure:3377: test -s conftest.o configure:3380: $? = 0 configure:3510: result: yes configure:3527: checking for cc option to accept ISO C89 configure:3601: cc -c -O2 -pipeconftest.c 5 configure:3607: $? = 0 configure:3614: test -z $ac_c_werror_flag || test ! -s conftest.err configure:3617: $? = 0 configure:3624: test -s conftest.o configure:3627: $? = 0 configure:3647: result: none needed configure:3706: checking how to run the C preprocessor configure:3746: cc -E conftest.c configure:3752: $? = 0 configure:3790: cc -E conftest.c conftest.c:8:28: ac_nonexistent.h: No such file or directory configure:3796: $? = 1 configure: failed program was: | /* confdefs.h. */ | #define PACKAGE_NAME | #define PACKAGE_TARNAME | #define PACKAGE_VERSION | #define PACKAGE_STRING | #define PACKAGE_BUGREPORT | /* end confdefs.h. */ | #include ac_nonexistent.h configure:3836: result: cc -E configure:3865: cc -E conftest.c configure:3871: $? = 0 configure:3909:
Re: select outgoing route depending on souce interface (net)
Giancarlo Razzolini wrote: Yep, you need a reply-to rule. I'll not write one here, but basically, you do the rdr rule for incoming traffic as you normally would. But in the pass rule, you say that this rule will reply-to, to the isp2. If you do not make a reply-to rule, the requests get to server correctly, but when the firewall forward them, it will forward them to the default gateway set on it, which, in your case, is isp1. If you have trouble making the rules, i can help you write. This time i'm (almost) just lurking the list. My regards, -- Giancarlo Razzolini Linux User 172199 Red Hat Certified Engineer no:804006389722501 Moleque Sem Conteudo Numero #002 Slackware Current OpenBSD Stable Ubuntu 7.04 Feisty Fawn Snike Tecnologia em Informatica 4386 2A6F FFD4 4D5F 5842 6EA0 7ABE BBAB 9C0E 6B85 [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] Hello, I need some help. At the present situation: --- 1.) Workstations on LAN net (172.16.0.0/24) must reach Internet through ISP1 (172.16.0.X -- 172.16.0.254 -- 192.168.0.10 -- 192.168.0.1 -- ISP1). DONE!! --- 2.) Servers on DMZ net (172.31.0.0/24) must reach Internet through ISP2 (172.31.0.X -- 172.31.0.254 -- 80.25.145.194 -- 80.25.145.193 -- ISP2). DONE!! by: pass in quick on $dmz_if from $dmz_net to $lan_net pass in quick on $dmz_if route-to ($isp2_if $isp2_gw) \ from $dmz_net to !$lan_net --- 3.) Web server on DMZ net must be reachable from Internet through ISP2 (ISP2 -- 80.25.145.194 -- 172.31.0.254 -- 172.31.0.21). DONE!! by: rdr on $ips_if proto tcp \ from any to $isp2_if port http - $srv_web_001 port http --- 4.) Responses to incoming Web server (DMZ net) must be reply through ISP2 (172.31.0.21 -- 172.31.0.254 -- 80.25.145.194 -- 80.25.145.193 -- ISP2). ERROR!! Packages are send back through ISP1 (bge0). Can anyone help me with the missing rule? Please. Thanks in advance. -- View this message in context: http://www.nabble.com/select-outgoing-route-depending-on-souce-interface-%28net%29-tp15863445p15879537.html Sent from the openbsd user - misc mailing list archive at Nabble.com.
Re: write cache on scsi
Hi, $ cat top load averages: 0.12, 0.12, 0.0814:30:38 21 processes: 20 idle, 1 on processor CPU states: 0.0% user, 0.0% nice, 0.0% system, 0.1% interrupt, 99.8% idle Memory: Real: 8216K/145M act/tot Free: 856M Swap: 0K/1024M used/tot PID USERNAME PRI NICE SIZE RES STATEWAIT TIMECPU COMMAND 30086 ell20 3192K 2044K sleepselect0:00 0.00% sshd 4222 root 20 1092K 1528K sleepselect0:00 0.00% sendmail 20181 ell20 3328K 2056K sleepselect0:00 0.00% sshd 25280 root 20 3216K 2380K idle netio 0:00 0.00% sshd 4557 root 20 3320K 2360K idle netio 0:00 0.00% sshd 21292 _syslogd 20 536K 716K sleeppoll 0:00 0.00% syslogd 1770 root 20 544K 856K idle select0:00 0.00% cron 4810 root -50 380K 156K sleepgetblk0:00 0.00% mv 30965 root 180 524K 516K sleeppause 0:00 0.00% ksh 8845 ell 180 432K 492K sleeppause 0:00 0.00% ksh 26076 ell 180 540K 492K idle pause 0:00 0.00% ksh 1 root 100 440K 348K idle wait 0:00 0.00% init 19039 root 30 384K 764K idle ttyin 0:00 0.00% getty 16262 root 20 612K 1196K idle select0:00 0.00% sshd 32307 root 20 340K 684K idle select0:00 0.00% inetd 30381 root 30 252K 772K idle ttyin 0:00 0.00% getty 1613 root 30 452K 756K idle ttyin 0:00 0.00% getty 22750 root 30 396K 756K idle ttyin 0:00 0.00% getty Thanks again. Regards, Josi -- Want an e-mail address like mine? Get a free e-mail account today at www.mail.com!
Singularity OS
Hello chaps :) I just saw this on the net about a new OS from M$ called Singularity. What do you think of it thus far? http://www.pcpro.co.uk/news/174267/microsoft-releases-robust-new-operating-system.html
OpenBSD storage server
Hi, I am planning to build an OpenBSD storage server for home use. I was wondering if I could get some advice before I buy the hard disks. I am looking at either a couple of Samsung 750GB spinpoint's or the 1TB Seagate Barracuda. I understand AHCI support was added to 4.2 and I'd like to know if NCQ can give me a little more performance...Is the AHCI driver generic enough that *any* SATA2 drive will benefit from it? I'll be using a cheap Athlon X2 / 1GB / Gig ethernet / mATX board to complete the setup. I will definitely use OpenBSD's RAIDCtl for RAID 1 instead of the crappy on-board chips motherboard makers ship nowadays. Please forgive me if this question is OT and too noob'y TIA, Ravi
From Adamati James
Hi, How are you doing today? My name is James Adamati I live in London and work in a financial institution here in United Kingdom. There is a potential transaction relating to a dormant account of one of our deceased customers, which I would like us to handle the fund actualization together. Secondly, I hope to relocate and acquire a home for my family with a view to establishing over there. I will be needing your assistance and co-operation in this endeavor. Let me know if I can trust you with the above and more information will be sent to you as quickly as possible.For further details,please contact me through my private email- Respectfully, James Adamati
Re: pf tag goes missing post sshd tcp decapsulization
Hey
so now I changed the tagging from tcp_output to ip_output.
I also put an pf_tag_unref to so_free and sosetopt (in case that there
is allready a tag set).
I couldn't see a reason for a pf_tag_unref in the so_accept because
the socket could be reused.
Thanks to Henning for the ideas!
Any further ideas ? I'm in a good run :)
So and finally with an cvs diff on current:
Index: kern/uipc_socket.c
===
RCS file: /cvs/src/sys/kern/uipc_socket.c,v
retrieving revision 1.67
diff -u -p -r1.67 uipc_socket.c
--- kern/uipc_socket.c 20 Dec 2007 17:16:50 - 1.67
+++ kern/uipc_socket.c 6 Mar 2008 19:40:42 -
@@ -48,6 +48,8 @@
#include sys/resourcevar.h
#include sys/pool.h
+#include net/pfvar.h
+
void filt_sordetach(struct knote *kn);
intfilt_soread(struct knote *kn, long hint);
void filt_sowdetach(struct knote *kn);
@@ -115,6 +117,7 @@ socreate(int dom, struct socket **aso, i
so-so_rgid = p-p_cred-p_rgid;
so-so_egid = p-p_ucred-cr_gid;
so-so_cpid = p-p_pid;
+ so-so_pftag = 0;
so-so_proto = prp;
error = (*prp-pr_usrreq)(so, PRU_ATTACH, NULL,
(struct mbuf *)(long)proto, NULL);
@@ -188,6 +191,10 @@ sofree(struct socket *so)
if (!soqremque(so, 0))
return;
}
+
+ if(so-so_pftag != 0)
+ pf_tag_unref(so-so_pftag);
+
sbrelease(so-so_snd);
sorflush(so);
pool_put(socket_pool, so);
@@ -1085,6 +1092,25 @@ sosetopt(struct socket *so, int level, i
}
break;
}
+
+ case SO_PFTAG:
+ {
+ if (m == NULL) {
+ error = EINVAL;
+ goto bad;
+ }
+ if(so-so_pftag != 0)
+ {
+ pf_tag_unref(so-so_pftag);
+ }
+ so-so_pftag = pf_tagname2tag(mtod(m, char *));
+ if(so-so_pftag == 0)
+ {
+ error = EINVAL; /*XXX*/
+ goto bad;
+ }
+ break;
+ }
default:
error = ENOPROTOOPT;
@@ -1173,6 +1199,14 @@ sogetopt(struct socket *so, int level, i
mtod(m, struct timeval *)-tv_sec = val / hz;
mtod(m, struct timeval *)-tv_usec =
(val % hz) * tick;
+ break;
+ }
+ case SO_PFTAG:
+ {
+ char tagname[PF_TAG_NAME_SIZE];
+ pf_tag2tagname(so-so_pftag, tagname);
+ m-m_len = strlen(tagname) + 1;
+ strlcpy(mtod(m, char *), tagname, m-m_len);
break;
}
Index: net/pfvar.h
===
RCS file: /cvs/src/sys/net/pfvar.h,v
retrieving revision 1.259
diff -u -p -r1.259 pfvar.h
--- net/pfvar.h 2 Dec 2007 12:08:04 - 1.259
+++ net/pfvar.h 6 Mar 2008 19:40:44 -
@@ -41,6 +41,7 @@
#include net/radix.h
#include net/route.h
+#include net/if.h
#include netinet/ip_ipsp.h
#include netinet/tcp_fsm.h
Index: netinet/ip_output.c
===
RCS file: /cvs/src/sys/netinet/ip_output.c,v
retrieving revision 1.190
diff -u -p -r1.190 ip_output.c
--- netinet/ip_output.c 29 Oct 2007 16:19:23 - 1.190
+++ netinet/ip_output.c 6 Mar 2008 19:40:46 -
@@ -118,21 +118,27 @@ ip_output(struct mbuf *m0, ...)
struct m_tag *mtag;
struct tdb_ident *tdbi;
- struct inpcb *inp;
struct tdb *tdb;
int s;
#endif /* IPSEC */
+ struct inpcb *inp;
va_start(ap, m0);
opt = va_arg(ap, struct mbuf *);
ro = va_arg(ap, struct route *);
flags = va_arg(ap, int);
imo = va_arg(ap, struct ip_moptions *);
-#ifdef IPSEC
+
inp = va_arg(ap, struct inpcb *);
- if (inp (inp-inp_flags INP_IPV6) != 0)
- panic(ip_output: IPv6 pcb is passed);
+ if(inp)
+ {
+ if(inp-inp_socket-so_pftag != 0)
+ pf_tag_packet(m, inp-inp_socket-so_pftag, -1);
+#ifdef IPSEC
+ if((inp-inp_flags INP_IPV6) != 0)
+ panic(ip_output: IPv6 pcb is passed);
#endif /* IPSEC */
+ }
va_end(ap);
#ifdef DIAGNOSTIC
Index: netinet/tcp_output.c
===
RCS file: /cvs/src/sys/netinet/tcp_output.c,v
retrieving revision 1.81
diff -u -p -r1.81 tcp_output.c
--- netinet/tcp_output.c24 Nov 2007
Re: More then 1 dhcrelay process on 1 router
Guido Tschakert wrote: Hello folks short: will 2 (or more) dhcrelay work on one router without problems long: I have a router connected to 3 networks: a.b.1.0/24 connected to if1, a.b.2.0/24 connceted to if2, a.b.3.0/24 connected to if3. Lets say I have a dhcpd on a.b.1.1 Is it possible to start the two dhcrelay processes: dhcrelay /usr/sbin/dhcrelay -i if2 a.b.1.1 /usr/sbin/dhcrelay -i if3 a.b.1.1 or will they interfere? If no one knows an answer I will test it next week, as for now I don't have a spare machine with enough network cards ready ;-) thanks guido I have been doing this for over a year and have not had a problem. The only small issue is that you must run them from rc.local because rc.conf.local is only capable of running one dhcrelay.
Re: Singularity OS
DELURK The OS is coded in an extension of C# - rather than more simple C or C++ - to avoid the flaws of today's operating systems, such as their susceptibility to buffer overruns from worms or viruses. Hahahahahahahahahaha! I needed that laugh. LURK On Thu, Mar 6, 2008 at 10:25 AM, Adrian Fisher [EMAIL PROTECTED] wrote: Hello chaps :) I just saw this on the net about a new OS from M$ called Singularity. What do you think of it thus far? http://www.pcpro.co.uk/news/174267/microsoft-releases-robust-new-operating-system.html
Re: OpenBSD storage server
On 2008-03-06, RS [EMAIL PROTECTED] wrote: I am planning to build an OpenBSD storage server for home use. I was wondering if I could get some advice before I buy the hard disks. I am looking at either a couple of Samsung 750GB spinpoint's or the 1TB Seagate Barracuda. I understand AHCI support was added to 4.2 and I'd like to know if NCQ can give me a little more performance...Is the AHCI driver generic enough that *any* SATA2 drive will benefit from it? AHCI is a way of talking to the controller, not the disk, it would work with any drive if the motherboard's controller works with it. I'll be using a cheap Athlon X2 / 1GB / Gig ethernet / mATX board to complete the setup. I will definitely use OpenBSD's RAIDCtl for RAID 1 instead of the crappy on-board chips motherboard makers ship nowadays. The on-board RAID on cheap boards is typically software RAID with BIOS assistance to help it boot and as you probably know isn't supported here at all. But do you really need RAID? It introduces a bunch of complexities. I have RAID on a home server (LSI h/w raid) and the last time a drive fell over*, I wished I'd just used a couple of drives and rsync'd between them... * (grumble stupid 0-based drive numbering in software vs. 1-based port numbering printed on the card, and no display of hard drive serial numbers in ctrl-m config...)
Re: Singularity OS
Thank God someone is writing an OS with dependability and security in mind. Erik On Thu, Mar 6, 2008 at 12:25 PM, Adrian Fisher [EMAIL PROTECTED] wrote: Hello chaps :) I just saw this on the net about a new OS from M$ called Singularity. What do you think of it thus far? http://www.pcpro.co.uk/news/174267/microsoft-releases-robust-new-operating-system.html
Re: pf tag goes missing post sshd tcp decapsulization
Hey so now I changed the tagging from tcp_output to ip_output. I also put an pf_tag_unref to so_free and sosetopt (in case that there is allready a tag set). I couldn't see a reason for a pf_tag_unref in the so_accept because the socket could be reused. Thanks to Henning for the ideas! Any further ideas ? I'm in a good run :) Nice, you probably want to keep the application/kernel tag name spaces distinct though. Otherwise it would be easy for any local user/program to mess with pf.conf generated tags and bypass filtering etc. It could be as easy as adding a prefix (APP_ ?) to all application generated tags. Can
Re: problems with hoststated and relayd
Reyk Floeter [EMAIL PROTECTED] wrote:
btw., did you test it with the latest code from -current?
the sparch64 was installed from a snapshot not very long ago:
OpenBSD 4.2-current (GENERIC.MP) #113: Wed Feb 13 20:47:18 MST 2008
[EMAIL PROTECTED]:/usr/src/sys/arch/sparc64/compile/GENERIC.MP
the system is from the same download.
Sebastian
On Mon, Mar 03, 2008 at 07:37:53PM +0100, Sebastian Reitenbach wrote:
Reyk Floeter [EMAIL PROTECTED] wrote:
hi!
it tested your config and it works fine without problems, there is no
bug in relayd here...
...you seem to make a common mistake:
forward to ogohosts port http mode hash \
check http / code 200
you expect that the webservers always return the HTTP error code 200
OK. this is not how HTTP works. your webserver may return another
error based on the site, state, or configuration (moved, not allowed,
not found, server error, ...).
please test the following:
$ lynx -head http://10.0.0.121/
This was done on the host running relayd:
HTTP/1.1 200 OK
Date: Mon, 03 Mar 2008 18:22:37 GMT
Server: Apache
Last-Modified: Tue, 28 Aug 2007 16:00:16 GMT
ETag: fccbb0109d4b4b44b551e2fe7cc156404b93a785
Accept-Ranges: bytes
Content-Length: 2216
Connection: close
Content-Type: text/html
On the 4.2 host, this check works also well with hoststated, there its
embedded in the table definition, see last configuration snippet. But
with
hoststated, I have the other problem mentioned below.
The / on the apache instances is just serving the apache index page.
The application itself sits behind a location, but I think checking just
the
apache availability, and then assuming the application is there too, is
fine
for testing.
and you will see the HTTP header. for example, the following header
would require you to change your check to 'check http / code 302'
(or even 'check http /oxid/ code 200'):
HTTP/1.1 302 Found
Date: Mon, 03 Mar 2008 17:24:10 GMT
Server: Apache
Location: /oxid/
Connection: close
Content-Type: text/html
i normally use a special monitor script to check the state on the
webservers, for example the Zend platform provides the following
self-test:
check http '/ZendPlatform/client/getPing.php' code 200
there is unfortunately no such thing in the app I want to use, at least
not
that I am aware of, but I think the ordinary http check is ok for now.
Sebastian
reyk
On Mon, Mar 03, 2008 at 07:45:00AM +0100, Sebastian Reitenbach wrote:
Hi,
this is the first time I play around with hoststated/relayd.
I have a stateful web application, and try to use hoststated/relayd
in
front
of it. Because the application is stateful, the client has to be
redirected
to the same instance for the session lifetime. The session id is
encoded
as
GET parameter wosid. Further I have the problem that many of the
users
are
either sitting behind a proxy or a NAT'ed IP address, so these
should
not be
redirected to the same application instance.
I tried with hoststated on OpenBSD 4.2 i386 and with relayd on
OpenBSD -snapshot sparc64 from beginning of February 08.
I'm not sure, whether I see the same problems, as described here in
that
thread:
http://www.nabble.com/relayd-http-check-connection-failures--hoststated-
Well, I do not fiddle around with carp interfaces, and I also tried
the
patch with the timeout, that did not fixed my problem.
First I tried to use relayd, until I came across above mentioned
thread,
however, first I tried to setup a ssl accelerator as in the example:
ext_addr=10.0.0.24
ogo1=10.0.0.121
ogo2=10.0.0.122
ogo3=10.0.0.123
ogo4=10.0.0.124
ogo5=10.0.0.125
timeout
table ogohosts { $ogo1 $ogo2 $ogo3 $ogo4 $ogo5 }
http protocol httpssl {
header append $REMOTE_ADDR to X-Forwarded-For
header append $SERVER_ADDR:$SERVER_PORT to X-Forwarded-
header change Connection to close
cookie hash wosid
url hash wosid
url log wosid
# Various TCP performance options
# tcp { nodelay, sack, socket buffer 65536, backlog 128 }
# ssl { no sslv2, sslv3, tlsv1, ciphers HIGH }
# ssl session cache disable
}
relay wwwssl {
# Run as a SSL accelerator
listen on $ext_addr port 443 ssl
protocol httpssl
# Forward to hosts in the webhosts table using a src/dst
hash
forward to ogohosts port http mode hash \
check http / code 200
}
# relayd -d -vv -f /etc/relayd.conf
startup
init_filter: filter init done
init_tables: created 0 tables
relay_privinit: adding relay wwwssl
protocol 0: name
Re: pf tag goes missing post sshd tcp decapsulization
Nice, you probably want to keep the application/kernel tag name spaces distinct though. Otherwise it would be easy for any local user/program to mess with pf.conf generated tags and bypass filtering etc. It could be as easy as adding a prefix (APP_ ?) to all application generated tags. Can I'm not sure if this is necessary. If a user tag his pakets via pf.conf there is no need, so why should it be diffrent via socketoption. However, should be there a reasson, I would recommend to do this with kernel-tags (KERNEL_), or to mention a recommendation for setting tags via setsockopt with (for example APP_). If I'm wrong with my thoughts, its not to hard to change that. :)
Re: Singularity OS
The OS is written in Managed code and designed by managers :) On Thu, Mar 6, 2008 at 3:42 PM, Henry Sieff [EMAIL PROTECTED] wrote: DELURK The OS is coded in an extension of C# - rather than more simple C or C++ - to avoid the flaws of today's operating systems, such as their susceptibility to buffer overruns from worms or viruses. Hahahahahahahahahaha! I needed that laugh. LURK On Thu, Mar 6, 2008 at 10:25 AM, Adrian Fisher [EMAIL PROTECTED] wrote: Hello chaps :) I just saw this on the net about a new OS from M$ called Singularity. What do you think of it thus far? http://www.pcpro.co.uk/news/174267/microsoft-releases-robust-new-operating-system.html -- http://www.vikaskumar.org/
Re: Singularity OS
I wonder if anyone actually took a look to the code before opening his/her mouth. Note that I don't trust Microsoft either, but giving that Singularity is not planned to be a successor to Windows, but a research experiment, makes me think it _can_ be good.
Re: Singularity OS (O/T Trolling)
On Thu, 6 Mar 2008 22:27:49 +, Andris wrote: I wonder if anyone actually took a look to the code before opening his/her mouth. Note that I don't trust Microsoft either, but giving that Singularity is not planned to be a successor to Windows, but a research experiment, makes me think it _can_ be good. And what does this crap have to do with OpenBSD? Ah, yesss, it's TROLL NOISE. Rod/ Write a wise saying and your name will live on forever. - Anonymous
Re: Regarding MTU values on 802.1q trunked physical interfaces (and more)
-Urspr|ngliche Nachricht- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von George Paschos Gesendet: Donnerstag, 6. Mdrz 2008 11:47 An: misc@openbsd.org Betreff: Regarding MTU values on 802.1q trunked physical interfaces (and more) Hello all, I am a bit confused regarding the MTU value of the physical ethernet interfaces when there are vlan child interfaces configured, in regard to avoid unneeded fragmentation: ifconfig shows an MTU of 1500 for both the parent and the vlan interface. Should I increase by hand the mtu of the physical parent interface to accommodate the extra bytes for the vlan tags or this is taken care from the operating system someway when you define a physical interface as parent to a vlan one? Also as an extension to the previous question: When using IPSEC tunnels under openbsd, is there a need to increase the physical interface's MTU to accommodate ipsec overhead? And if yes, what would be that magic value from your experience? enc0 reports an MTU of 1536 which sounds logical, but that wouldnt prevent fragmentation if the interface that the ipsec traffic originates/terminates is at 1500. Ofc regarding the above, the rest of networking equipment between the ipsec endpoints (switches, routers, etc) has been configured to handle correctly the bigger mtu values. Thanks in advance on any insight Regards, George Hello, AFAIK the VLAN overhead should be handled by your nic (driver) - the mtu set to 1500 is the packet size without (jumbo frame) extensions - my understanding is, that it is the same for ipsec - as long as the frame that should go through the tunnel has a size = 1500 fragmentation will not take place, the ipsec interface itself need the overhead (1536 - 1500) for the ipsec tunnel. You see the difference because it's software, not nic/driver ... Correct my, if I'm wrong ... ;) Regards Hagen Volpers P.S.: Sorry for my bad english ...
Re: Would a crypto-accelerators help WEP on Soekris?
Quoting Andre Pierre [EMAIL PROTECTED]: Hi all, I have been turning a Soekris Net 4801 box into a wireless access point. I saw that one can get a crypto-accelerator card from Soekris Engineering that plugs into the free PCI slot on the 4801. One quick (silly) question. Under OpenBSD 4.2 would such a card improve WEP performance, or is that handled entirely by the wireless ath0 (mini-pci) card? It makes sense that a crypto-accelerator would help if the Soekris were a VPN endpoint, but for WEP I think it probably is entirely useless, right? For WEP it's pretty much useless. Wrong kind of crypto. The only thing that would help a soekris is a real CPU :) Just idle curiosity. Thanks Dre
Re: pf tag goes missing post sshd tcp decapsulization
Nice, you probably want to keep the application/kernel tag name spaces distinct though. Otherwise it would be easy for any local user/program to mess with pf.conf generated tags and bypass filtering etc. It could be as easy as adding a prefix (APP_ ?) to all application generated tags. Can I'm not sure if this is necessary. If a user tag his pakets via pf.conf there is no need, so why should it be diffrent via socketoption. However, should be there a reasson, I would recommend to do this with kernel-tags (KERNEL_), or to mention a recommendation for setting tags via setsockopt with (for example APP_). If I'm wrong with my thoughts, its not to hard to change that. :) Changing pf.conf and setting/changing the filter in the kernel requires root permissions. Therefore, only users/processes with root privileges can modify the rules and change the tagging/filtering policy. Setting a socket option does not require a privilege. Any user or process can do it. If they mistakenly or deliberately set the same tags specified in pf.conf they could potentially mess with the filtering policy of the box, and may be able to bypass some restrictions that are set against them in pf.conf. To be more clear, if the user/application sets the tag to MYTAG with setsockopt, it should be reflected to pf and filter rules as APP_MYTAG. The prefix to use is obviously open to discussion (what about @MYTAG). I am not sure how you could to change the 'kernel' tag names and become transparent/compatible at the same time. Since this is a new feature, it should make every effort to not break existing configurations and rulesets. Can -- Who is tagging the taggers?
Re: pf tag goes missing post sshd tcp decapsulization
On 2008-03-06, Can Erkin Acar [EMAIL PROTECTED] wrote: I am not sure how you could to change the 'kernel' tag names and become transparent/compatible at the same time. It wouldn't work anyway, then the app could set it's tag to KERNEL_whatever and the conflict would still exist..
Re: floppy.fs
Alright Theo and misc@, On Wed, Mar 5, 2008 at 6:55 PM, Theo de Raadt [EMAIL PROTECTED] wrote: There is one thing that some people out there could work on. Noone in our group is currently working on it, and it would be nice. I had another idea recently. I need to disable apm for proper power management on my i386. It would be nice if the installer offered to run config(8) so that you can rip out apm/acpi if so required. I always forget and then I require a fsck after a halt -p as it crashes the system :( Thoughts? -- Best Regards Edd http://students.dec.bournemouth.ac.uk/ebarrett
Re: how I can save ddb trace information.
Jorge Medina escreveu: Hi list: I have a panic with mp kernel, when panic launch me to ddb prompt I execute ps and trace but i don't know how save the dump information. I do enable booting from serial console and then use minicom, or something, to get it. My regards, -- Giancarlo Razzolini Linux User 172199 Red Hat Certified Engineer no:804006389722501 Moleque Sem Conteudo Numero #002 Slackware Current OpenBSD Stable Ubuntu 7.04 Feisty Fawn Snike Tecnologia em Informatica 4386 2A6F FFD4 4D5F 5842 6EA0 7ABE BBAB 9C0E 6B85 [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Re: select outgoing route depending on souce interface (net)
Jon Rubio escreveu: --- 4.) Responses to incoming Web server (DMZ net) must be reply through ISP2 (172.31.0.21 -- 172.31.0.254 -- 80.25.145.194 -- 80.25.145.193 -- ISP2). ERROR!! Packages are send back through ISP1 (bge0). Can anyone help me with the missing rule? Please. Thanks in advance. Hi, I was short on time to write the rule that time, but basically, your rdr is right. All you need is to edit you pass rule and add something like this: reply-to ($isp2_iface $isp2_gw). So, your complete rule might look like this: pass in on $isp2_iface reply-to ($isp2_iface $isp2_gw) from any to $srv_web_001 port http keep state Wish you luck, -- Giancarlo Razzolini Linux User 172199 Red Hat Certified Engineer no:804006389722501 Moleque Sem Conteudo Numero #002 Slackware Current OpenBSD Stable Ubuntu 7.04 Feisty Fawn Snike Tecnologia em Informatica 4386 2A6F FFD4 4D5F 5842 6EA0 7ABE BBAB 9C0E 6B85 [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Re: OpenBSD storage server
On Thu, Mar 06, 2008 at 01:41:43PM -0500, RS wrote: looking at either a couple of Samsung 750GB spinpoint's or the 1TB Seagate Barracuda. Only based on my personal experience, I keep boxes around forever (or at least until gcc stops supporting them) so I keep drives until they die of old age. I've yet to have a Seagate/Quantum drive fail whereas the other brands have. Now, they were all over 5 years old so it doesn't mean much, but a 15 year-old Quantum IDE drive?? The other thing to consider is the duty-cycle of the box. Is it to be left on 24/7, 7/5, etc? How much of that time will it be actively used and at what intensity? What throughput are you wanting to serve and how many simultaneous requests? As in, is SATA what you want or do you want SCSI/SAS? Remember that you can plunk SATA drives onto SAS controllers to start and upgrade to SAS later. I would assume that the manufactures still use the SATA/SAS divide for the quality-control devide when they make drives like they used to with IDE/SCSI but I may be wrong. As has been suggested, diff rsync and raid. Depending on what you are serving, it may be beneficial to have the OS on a separate spindle. If you're in the midst of serving a data stream you may not want the drive to have to seek to run something for the OS, or to fetch swap. When planning the box, remember the memory requirements for fscking a filesystem (I think I remember 1 MB/GB) so that it doesn't hit swap. If you're talking about one TB then that suggests you need 1 GB ram minimum. Upon which will you be backing your data (isn't English wonderful). What will you be using for backup for the 1TB of data? Remember, raid only protects against some drive failure modes, not controller failure, PSU, MB, disaster, etc. Enjoy. Doug.
problems building xenocara in 4.2 stable inside lndir'ed shadow directory when actual source is read only?
Hello, I try to keep one tree of stable source (on a NAS), and build releases for various architectures from that source tree. I've learned the hard way that the best(only) way to build a release is to create a shadow directory for the src using lndir, which makes symlinks to the target files in a new shadow directory tree. This works well for me. I then tried to build xenocara (installed as /usr/src/xenocara ), and ran into problems. On the first machine, I had the stable cvs update of the xenocara tree. I created the shadow directory tree, cd'ed into it, and did the makes per the FAQ. It worked fine. Then I build an X release, again using the instructions in the FAQ, so far so good. Then I copied the original xenocara source tree to my NAS. On a machine with a different architecture (i386 vs amd64), I then NFS mounted the xenocara source tree, and made another shadow source tree (using lndir) but this time the target files being shadowed where on the NAS, not a local disk). When I went to build xenocara, make bootstrap make obj worked OK, but make build failed, when it went into ./utils/macros it needed to write a file that was actually a symlink to my read-only source tree, and the make died. So, I believe there is a problem in the xenocara build process. In order to work around this problem, I copied my xenocara src tree to the local machine, and again built a shadow directory to it. This build works, because root can write to the local source directory, although IMHO, it really shouldn't need to. Don
Re: umsm(4) device attaches to ugen(4) instead
On Wed, Mar 5, 2008 at 3:26 PM, Travers Buda [EMAIL PROTECTED] wrote: I suspected that it may attach to umsm if it was not activated. Anyhow, good luck with the usbdevs, I can crank you out a kernel if you need it. ahh, fair enough. anyway, simply changing 0x0018 to 0x0218 in usbdevs.h has got it working nicely. now to figure out why I had *eighteen* sig11's while building the kernel. anyone have any favorite memory and io stress tests they'd like to share? oi. aaron
Re: OpenBSD storage server
On Thu, Mar 6, 2008 at 4:31 PM, bofh [EMAIL PROTECTED] wrote: On Thu, Mar 6, 2008 at 3:42 PM, Stuart Henderson [EMAIL PROTECTED] wrote: On 2008-03-06, RS [EMAIL PROTECTED] wrote: I'll be using a cheap Athlon X2 / 1GB / Gig ethernet / mATX board to complete the setup. I will definitely use OpenBSD's RAIDCtl for RAID 1 instead of the crappy on-board chips motherboard makers ship nowadays. The on-board RAID on cheap boards is typically software RAID with BIOS assistance to help it boot and as you probably know isn't supported here at all. The bigger question is - exactly what do you want? If this is an inside the house box, not running pf, etc, I would seriously consider opensolaris. ZFS is incredibly easy to set up, and serves nfs/samba pretty easily. raidz is pretty good. On an OpenBSD mailing list you're recommending OpenSolaris? Why not at least FreeBSD with ZFS? ;-)
Re: OpenBSD storage server
On Thu, Mar 6, 2008 at 9:38 PM, Richard Daemon On an OpenBSD mailing list you're recommending OpenSolaris? Why not at least FreeBSD with ZFS? ;-) Right tool for the right job. FreeBSD's zfs implementation still has issues the last I looked. If all you want is a box of drives, zfs is designed for cheap drives, and cheap controllers, with raid-z. I didn't say _broken_ drives or controllers - just cheap, as in, feature free (ie, no fake raid shit, etc). If I'm a dotbomb millionaire, the one thing I'll sponsor is zfs in openbsd. But since I'm not... :) -- http://www.glumbert.com/media/shift http://www.youtube.com/watch?v=tGvHNNOLnCk This officer's men seem to follow him merely out of idle curiosity. -- Sandhurst officer cadet evaluation. Securing an environment of Windows platforms from abuse - external or internal - is akin to trying to install sprinklers in a fireworks factory where smoking on the job is permitted. -- Gene Spafford learn french: http://www.youtube.com/watch?v=j1G-3laJJP0feature=related
Compile jdk 1.5 on amd64 run out of memory
When I compile jdk 1.5 on amd64 as root, dmesg report: warning: resource shortage: 1 pages of swap lost extent_alloc_subregion: can't allocate region descriptor extent_alloc_subregion: can't allocate region descriptor extent_alloc_subregion: can't allocate region descriptor extent_alloc_subregion: can't allocate region descriptor extent_alloc_subregion: can't allocate region descriptor top report: load averages: 14.06, 11.01, 7.06 11:52:56 79 processes: 1 running, 72 idle, 2 stopped, 1 zombie, 3 on processor CPU0 states: 6.6% user, 0.0% nice, 6.9% system, 9.6% interrupt, 76.9% idle CPU1 states: 2.1% user, 0.0% nice, 8.2% system, 0.0% interrupt, 89.7% idle CPU2 states: 1.0% user, 0.0% nice, 5.8% system, 0.0% interrupt, 93.2% idle CPU3 states: 1.4% user, 0.0% nice, 6.3% system, 0.0% interrupt, 92.2% idle CPU4 states: 0.7% user, 0.0% nice, 5.4% system, 0.0% interrupt, 93.9% idle CPU5 states: 1.4% user, 0.0% nice, 5.3% system, 0.0% interrupt, 93.3% idle CPU6 states: 0.9% user, 0.0% nice, 5.2% system, 0.0% interrupt, 93.8% idle CPU7 states: 1.0% user, 0.0% nice, 5.4% system, 0.0% interrupt, 93.6% idle Memory: Real: 1248M/1742M act/tot Free: 243M Swap: 716M/4103M used/tot PID USERNAME PRI NICE SIZE RES STATEWAIT TIMECPU COMMAND 4022 root 640 189M 191M onproc/7 - 0:20 62.89% cc1plus 4909 root 640 135M 137M onproc/5 - 0:19 61.23% cc1plus 9915 root -50 274M 217M sleep/7 biowait 2:41 0.59% cc1plus 2750 root -50 274M 170M sleep/1 biowait 2:36 0.54% cc1plus 22384 root -50 274M 212M sleep/6 biowait 2:44 0.49% cc1plus 27878 root -50 274M 157M sleep/7 biowait 2:28 0.29% cc1plus 20622 root -50 274M 161M sleep/6 biowait 2:28 0.15% cc1plus 32565 _syslogd 20 472K 616K sleep/4 poll 0:00 0.00% syslogd 6005 root 20 3288K 620K idle select0:19 0.00% sshd 3110 root -60 16M 8880K sleep/6 piperd0:07 0.00% gmake 2414 root -50 428K 612K run/6- 0:00 0.00% g++ 19420 root -50 1232K 684K sleep/5 biowait 0:00 0.00% as 16834 root 280 920K 1612K stop/0 - 0:03 0.00% top 10131 root 20 1184K 1244K sleep/0 select0:03 0.00% sendmail 26246 root 30 632K 276K idle ttyin 0:03 0.00% ksh 24483 root 20 3352K 1304K idle select0:00 0.00% sshd $ ulimit -a time(cpu-seconds)unlimited file(blocks) unlimited coredump(blocks) unlimited data(kbytes) 1048576 stack(kbytes)8192 lockedmem(kbytes)674606 memory(kbytes) 2019284 nofiles(descriptors) 128 processes660 The dmesg after boot is: http://marc.info/?l=openbsd-miscm=120479733117326w=2 What can I do ? Dongsheng [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
multiple connections to GPS device?
Is it possible to watch the NMEA traffic originating from a USB GPS device *while* attached via nmeaattach(8)? Once nmeaattach(8) has attached to the device, any subsequent connection attempted via cu(1) fails with an all ports busy message. The manpage for cu(1) states that connections are locked for UUCP integrity reasons, so I'm guessing that nmeaattach(8) is doing something similar (Sorry, I haven't traced the code yet...). Is there some other manner in which I can tap into this connection? Thanks for any insight shared. Jim
Re: multiple connections to GPS device?
On Thu, Mar 6, 2008 at 11:01 PM, James Hartley [EMAIL PROTECTED] wrote: Is it possible to watch the NMEA traffic originating from a USB GPS device *while* attached via nmeaattach(8)? no Once nmeaattach(8) has attached to the device, any subsequent connection attempted via cu(1) fails with an all ports busy message. The manpage for cu(1) states that connections are locked for UUCP integrity reasons, so I'm guessing that nmeaattach(8) is doing something similar (Sorry, I haven't traced the code yet...). Is there some other manner in which I can tap into this connection? ports/misc/gpsd -- GDB has a 'break' feature; why doesn't it have 'fix' too?
Re: multiple connections to GPS device?
On Thu, Mar 6, 2008 at 11:19 PM, Chris Kuethe [EMAIL PROTECTED] wrote: On Thu, Mar 6, 2008 at 11:01 PM, James Hartley [EMAIL PROTECTED] wrote: Is there some other manner in which I can tap into this connection? ports/misc/gpsd This looks really cool! Am I correct to assume that I can run this daemon while still using nmeaattach(8)? Jim
