Someone has working setup of sound in rdesktop?

[Tomáš Bodžár]

Hi all,

I'm trying to bring sound up in connection with Windows XP trough
rdesktop(1),but still no success.Googling recommend solutions which I
tryied yet and no special info in man page.
Here is my script for connection :

#!/bin/sh
/usr/local/bin/rdesktop -u myname -d domain -g 1440x900 -a 16 -0 -r
sound:remote remoteIP 

Thanks for points

Re: Someone has working setup of sound in rdesktop?

[Alexander Hall]

Toma Bodar wrote:
 Hi all,
 
 I'm trying to bring sound up in connection with Windows XP trough
 rdesktop(1),but still no success.Googling recommend solutions which I
 tryied yet and no special info in man page.
 Here is my script for connection :
 
 #!/bin/sh
 /usr/local/bin/rdesktop -u myname -d domain -g 1440x900 -a 16 -0 -r
 sound:remote remoteIP 
  

I believe you want sound:local if you want the sound to come out on
the machine you are running rdesktop at.

/Alexander

Re: Someone has working setup of sound in rdesktop?

[Jacob Meuser]

On Thu, May 07, 2009 at 08:25:59AM +0200, Tom?? Bod??r wrote:
 Hi all,
 
 I'm trying to bring sound up in connection with Windows XP trough
 rdesktop(1),but still no success.Googling recommend solutions which I
 tryied yet and no special info in man page.
 Here is my script for connection :
 
 #!/bin/sh
 /usr/local/bin/rdesktop -u myname -d domain -g 1440x900 -a 16 -0 -r
 sound:remote remoteIP 
 
 Thanks for points

I don't expect the audio support (rdpsnd_sun.c) in rdesktop to work
for at least two reasons: 1) full-duplex mode must be set explicitely,
opening the device O_RDWR is not enough.  2) the 'samples' in struct
audio_prinfo is a sample count on Sun OSs but byte counts on BSD OSs.

-- 
jake...@sdf.lonestar.org
SDF Public Access UNIX System - http://sdf.lonestar.org

Re: Someone has working setup of sound in rdesktop?

[Wijnand Wiersma]

Op 7 mei 2009, om 08:58 heeft Jacob Meuser het volgende geschreven:


On Thu, May 07, 2009 at 08:25:59AM +0200, Tom?? Bod??r wrote:

Hi all,

I'm trying to bring sound up in connection with Windows XP trough
rdesktop(1),but still no success.Googling recommend solutions which I
tryied yet and no special info in man page.
Here is my script for connection :

#!/bin/sh
/usr/local/bin/rdesktop -u myname -d domain -g 1440x900 -a 16 -0 -r
sound:remote remoteIP 

Thanks for points


I don't expect the audio support (rdpsnd_sun.c) in rdesktop to work
for at least two reasons: 1) full-duplex mode must be set explicitely,
opening the device O_RDWR is not enough.  2) the 'samples' in struct
audio_prinfo is a sample count on Sun OSs but byte counts on BSD OSs.


It worked for me 2 years ago.
But you should use sound:local as far as I remember.

Wijnand

dhclient and dynamic IP address

[Felipe Alfaro Solana]

Hi misc,

I've been reading dhclient(8) but still it is not clear to me if
dhclient(8) is supposed to stay in the background to automatically
renew leases. In the manual page it says:

 -d   Forces dhclient to always run as a foreground process.  By de-
  fault, dhclient runs in the foreground until it has configured
  the interface, and then will revert to running in the back-
  ground.

So apparently dhclient(8) should be kept in the background waiting for
leases to be renewed. However, if I run ps ax I can't see anything
that looks like dhclient(8) is running in the background at all. How
is this supposed to work for DHCP leases for cable/residential users
that are not guaranteed to always keep the same IP?

Thanks in advance.

-- 
http://www.felipe-alfaro.org/blog/disclaimer/

Re: Someone has working setup of sound in rdesktop?

[Tomáš Bodžár]

With sound:local I have a lot of ' ERROR: No space to queue audio
packet' errors.

2009/5/7 Wijnand Wiersma wijn...@videre.net:
 Op 7 mei 2009, om 08:58 heeft Jacob Meuser het volgende geschreven:

 On Thu, May 07, 2009 at 08:25:59AM +0200, Tom?? Bod??r wrote:

 Hi all,

 I'm trying to bring sound up in connection with Windows XP trough
 rdesktop(1),but still no success.Googling recommend solutions which I
 tryied yet and no special info in man page.
 Here is my script for connection :

 #!/bin/sh
 /usr/local/bin/rdesktop -u myname -d domain -g 1440x900 -a 16 -0 -r
 sound:remote remoteIP 

 Thanks for points

 I don't expect the audio support (rdpsnd_sun.c) in rdesktop to work
 for at least two reasons: 1) full-duplex mode must be set explicitely,
 opening the device O_RDWR is not enough. B 2) the 'samples' in struct
 audio_prinfo is a sample count on Sun OSs but byte counts on BSD OSs.

 It worked for me 2 years ago.
 But you should use sound:local as far as I remember.

 Wijnand





--
http://www.openbsd.org/lyrics.html

Re: dhclient and dynamic IP address

[Owain Ainsworth]

On Thu, May 07, 2009 at 09:57:57AM +0200, Felipe Alfaro Solana wrote:
 Hi misc,
 
 I've been reading dhclient(8) but still it is not clear to me if
 dhclient(8) is supposed to stay in the background to automatically
 renew leases. In the manual page it says:
 
  -d   Forces dhclient to always run as a foreground process.  By de-
   fault, dhclient runs in the foreground until it has configured
   the interface, and then will revert to running in the back-
   ground.
 
 So apparently dhclient(8) should be kept in the background waiting for
 leases to be renewed. However, if I run ps ax I can't see anything
 that looks like dhclient(8) is running in the background at all. How
 is this supposed to work for DHCP leases for cable/residential users
 that are not guaranteed to always keep the same IP?
 
 Thanks in advance.

o...@stephanie/pj:~$ pgrep -lf dhclient
30516 dhclient: iwn0
12511 dhclient: iwn0 [priv]
13402 dhclient: em0
27486 dhclient: em0 [priv]


guess again. It runs as a daemon. (those were started from
/etc/netstart).

-0-
-- 
It's always darkest just before it gets pitch black.

Re: swap(encrypt) vs. vnd

[Vadim Zhukov]

On Thursday 07 May 2009 01:14:34 Maxim Bourmistrov wrote:
 Hello misc@,
 any one can answer the following question:

 why codebase used to encrypt/decrypt swap is not used to replace/
 complement vnd?
 Complement, means skip the creation of encrypted image part and work
 directly with block device.

 //maxim

Because keys for swap encryption are generated on the fly and kept in 
system memory. You don't need to access previous swap contents after 
restart but you definitely want to access svnd data.

-- 
  Best wishes,
Vadim Zhukov

A: Because it messes up the way people read text.
Q: Why is a top-posting such a bad thing?

Re: dhclient and dynamic IP address

[Vadim Zhukov]

On Thursday 07 May 2009 11:57:57 Felipe Alfaro Solana wrote:
 Hi misc,

 I've been reading dhclient(8) but still it is not clear to me if
 dhclient(8) is supposed to stay in the background to automatically
 renew leases. In the manual page it says:

  -d   Forces dhclient to always run as a foreground process. 
 By de- fault, dhclient runs in the foreground until it has configured
 the interface, and then will revert to running in the back- ground.

 So apparently dhclient(8) should be kept in the background waiting for
 leases to be renewed. However, if I run ps ax I can't see anything
 that looks like dhclient(8) is running in the background at all. How
 is this supposed to work for DHCP leases for cable/residential users
 that are not guaranteed to always keep the same IP?

 Thanks in advance.

Check your /var/log/daemon for messages from dhclient. If interface is 
disabled on dhclient start and dhclient can't enable it, then it'll put 
its hands off.

-- 
  Best wishes,
Vadim Zhukov

A: Because it messes up the way people read text.
Q: Why is a top-posting such a bad thing?

Re: dhclient and dynamic IP address

[Felipe Alfaro Solana]

On Thu, May 7, 2009 at 10:09 AM, Owain Ainsworth zer...@googlemail.com
wrote:
 On Thu, May 07, 2009 at 09:57:57AM +0200, Felipe Alfaro Solana wrote:
 Hi misc,

 I've been reading dhclient(8) but still it is not clear to me if
 dhclient(8) is supposed to stay in the background to automatically
 renew leases. In the manual page it says:

 B  B  B -d B  B  B  Forces dhclient to always run as a foreground process.
B By de-
 B  B  B  B  B  B  B  fault, dhclient runs in the foreground until it has
configured
 B  B  B  B  B  B  B  the interface, and then will revert to running in the
back-
 B  B  B  B  B  B  B  ground.

 So apparently dhclient(8) should be kept in the background waiting for
 leases to be renewed. However, if I run ps ax I can't see anything
 that looks like dhclient(8) is running in the background at all. How
 is this supposed to work for DHCP leases for cable/residential users
 that are not guaranteed to always keep the same IP?

 Thanks in advance.

 o...@stephanie/pj:~$ pgrep -lf dhclient
 30516 dhclient: iwn0
 12511 dhclient: iwn0 [priv]
 13402 dhclient: em0
 27486 dhclient: em0 [priv]

I already said before that dhclient is _not_ running at all:

$ pgrep -lf dhclient
$

Any more ideas?

KDE and laptop battery monitor

[LEVAI Daniel]

Hi!

I'm trying to display an applet which will show me my battery status in KDE3.
I noticed that in Ksystemguard the acpi tree is totally missing, so I tried
KControl/Power Control/Laptop Battery:
It says on the configuration page, that Other error opening APM control
device /dev/apmctl. I thought that apmd(8) is using that device, so I killed
it, but still I couldn't make the Battery Monitor start.
Is it possible to make KDE's battery monitor work, or is there any other
monitor application that will integrate into a standard freedesktop
system-tray?

Thanks!

Daniel

--
LIVAI Daniel
PGP key ID = 0x4AC0A4B1
Key fingerprint = D037 03B9 C12D D338 4412  2D83 1373 917A 4AC0 A4B1

Re: dhclient and dynamic IP address

[Bret S. Lambert]

On Thu, May 07, 2009 at 10:11:04AM +0200, Felipe Alfaro Solana wrote:
 On Thu, May 7, 2009 at 10:09 AM, Owain Ainsworth zer...@googlemail.com
 wrote:
  On Thu, May 07, 2009 at 09:57:57AM +0200, Felipe Alfaro Solana wrote:
  Hi misc,
 
  I've been reading dhclient(8) but still it is not clear to me if
  dhclient(8) is supposed to stay in the background to automatically
  renew leases. In the manual page it says:
 
  B  B  B -d B  B  B  Forces dhclient to always run as a foreground process.
 B By de-
  B  B  B  B  B  B  B  fault, dhclient runs in the foreground until it has
 configured
  B  B  B  B  B  B  B  the interface, and then will revert to running in the
 back-
  B  B  B  B  B  B  B  ground.
 
  So apparently dhclient(8) should be kept in the background waiting for
  leases to be renewed. However, if I run ps ax I can't see anything
  that looks like dhclient(8) is running in the background at all. How
  is this supposed to work for DHCP leases for cable/residential users
  that are not guaranteed to always keep the same IP?
 
  Thanks in advance.
 
  o...@stephanie/pj:~$ pgrep -lf dhclient
  30516 dhclient: iwn0
  12511 dhclient: iwn0 [priv]
  13402 dhclient: em0
  27486 dhclient: em0 [priv]
 
 I already said before that dhclient is _not_ running at all:
 
 $ pgrep -lf dhclient
 $
 
 Any more ideas?
 

Yes; check your logs.

Today: Amsterdam OpenBSD 4.5 release party

[chefren]

Today, Thursday 7th of May:

Cafe de Deugniet Oude Brugsteeg 12, 1012 JP Amsterdam

http://maps.google.nl/maps?f=qhl=enq=Oudebrugsteeg+12,+Amsterdam+1012+Amsterdam,+North+Holland,+The+Netherlandssll=52.469397,5.509644sspn=3.741684,6.097412ie=UTF8cd=1geocode=0,52.375293,4.897561t=hz=17iwloc=addr


18:00 gathering in front of De Deugniet we will find some food in the 
neighborhood that has lots of places where we can eat.


From 20:00 on we will gather into De Deugniet itself and have a drink 
on OpenBSD 4.5!


+++chefren

Re: KDE and laptop battery monitor

[Vadim Zhukov]

On Thursday 07 May 2009 12:30:25 LEVAI Daniel wrote:
 Hi!

 I'm trying to display an applet which will show me my battery status
 in KDE3. I noticed that in Ksystemguard the acpi tree is totally
 missing, so I tried KControl/Power Control/Laptop Battery:
 It says on the configuration page, that Other error opening APM
 control device /dev/apmctl. I thought that apmd(8) is using that
 device, so I killed it, but still I couldn't make the Battery Monitor
 start.
 Is it possible to make KDE's battery monitor work, or is there any
 other monitor application that will integrate into a standard
 freedesktop system-tray?

Make sure that your user have write access to mentioned /dev/apmctl. By 
default, only root can write to it.

It's some sort of unsecure advice, though. :( But on the personal 
notebook, IMHO, it's acceptable.

-- 
  Best wishes,
Vadim Zhukov

A: Because it messes up the way people read text.
Q: Why is a top-posting such a bad thing?

Re: KDE and laptop battery monitor

[LEVAI Daniel]

On Thursday 07 May 2009 10.47.39 Vadim Zhukov wrote:
 On Thursday 07 May 2009 12:30:25 LEVAI Daniel wrote:
  Hi!
 
  I'm trying to display an applet which will show me my battery status
  in KDE3. I noticed that in Ksystemguard the acpi tree is totally
  missing, so I tried KControl/Power Control/Laptop Battery:
  It says on the configuration page, that Other error opening APM
  control device /dev/apmctl. I thought that apmd(8) is using that
  device, so I killed it, but still I couldn't make the Battery Monitor
  start.
  Is it possible to make KDE's battery monitor work, or is there any
  other monitor application that will integrate into a standard
  freedesktop system-tray?

 Make sure that your user have write access to mentioned /dev/apmctl. By
 default, only root can write to it.
Oh, thanks. I didn't think that I needed write access too.

 It's some sort of unsecure advice, though. :( But on the personal
 notebook, IMHO, it's acceptable.

Daniel

--
LIVAI Daniel
PGP key ID = 0x4AC0A4B1
Key fingerprint = D037 03B9 C12D D338 4412  2D83 1373 917A 4AC0 A4B1

Re: OT: 10GbE Physical Network Taps

[Peter Kay - Syllopsium]

From: J.C. Roberts list-...@designtools.org
To: Johan Fredin jo...@spelaroll.se


On 09-05-07 05.00, J.C. Roberts wrote:
 If anyone here mistakenly thinks they can actually run *ANALYSIS* at
 these speeds with off the shelf components...

 BAWAHAHAHAHAHAHAHA!

Well, depends on what you mean by off the shelf. Procera Networks
is doing layer 7 analysis at 40Gbps FD with their PacketLogic PL10k.
The hardware used for this is sourced from companies that anyone can
by hardware from as far as I know.

Of course it's not x86 stuff, but it's off the shelf. :)

This is really rather getting off topic, but I would suggest that 'off the 
shelf' only applies when there are many well known shelves where the kit may 
easily be obtained, preferably with multiple implementations of the 
hardware. If you can't drive to a random three decent suppliers and find it 
in one of them, it is not 'off the shelf'.


If the kit can be obtained from a restricted set of sources and features 
highly up to date technology, yet basically only requires money and a phone 
call to start the process it is 'leading edge' (if it features old 
technology it is now over the hill and is 'legacy')


If you're calling a company to source FPGA/DSPs or to contract someone to 
make it for you, you're now into the 'bleeding edge'


PK 

Re: azalia

[LEVAI Daniel]

 I put a lot of work into azalia(4) in the last release cycel, and I'd
 like to be able to say, when 4.6 release comes, that azalia is
 completed.

 by completed I mean it just works as expected, by default, everywhere.

 so, if you are using OpenBSD 4.5 or -current, and you have *any*
 issues with azalia(4) (I mean anything, even if it seems small or
 is not really a bug but I change this everytime), please let me
 know.

I have a ThinkPad T60.
I always wondered why I can hear the sounds from the earphones/speakers when
the output
volume control is on 0:

$ mixerctl -va
outputs.dig-dac_source=hdaudio  [ hdaudio adc ]
outputs.line_source=dac  [ dac mix2 ]
outputs.line_mute=off  [ off on ]
outputs.line=0,0
inputs.line=0,0
outputs.line_dir=output  [ none output input input-vr0 input-vr50 input-vr80
]
outputs.line_boost=off  [ off on ]
outputs.line_eapd=on  [ off on ]
inputs.mic=0,0
outputs.mic_dir=input-vr80  [ none input input-vr0 input-vr50 input-vr80 ]
outputs.SPDIF_source=dig-dac  [ dig-dac ]
inputs.sel_source=dac  [ dac mix mix2 line ]
inputs.mix_source=sel7  { sel7 }
inputs.mix2_source=dac,sel3,sel5,cd  { dac sel3 sel5 cd }
inputs.dac_mute=off  [ off on ]
inputs.dac=0,0
inputs.sel3_source=mic  [ mic ]
outputs.sel3_mute=off  [ off on ]
outputs.sel3=120,120
record.adc_source=mix  [ mix mix2 cd line ]
record.adc_mute=off  [ off on ]
record.adc=119,119
inputs.sel5_source=line  [ line ]
outputs.sel5_mute=off  [ off on ]
outputs.sel5=120,120
inputs.cd_mute=off  [ off on ]
inputs.cd=120,120
inputs.sel7_source=mic  [ mic ]
outputs.sel7_mute=off  [ off on ]
outputs.master=0,0
outputs.master.mute=off  [ off on ]
outputs.master.slaves=line,dac  { line dac sel3 sel5 cd sel7 }
record.volume=119,119
record.volume.mute=off  [ off on ]
record.volume.slaves=adc  { line mic adc }
inputs.usingdac=03  [ 03 02 ]

If I set outputs.line_mute=on, then it will mute it alright.

$ dmesg
OpenBSD 4.5-current (GENERIC.MP) #21: Mon May  4 17:18:54 MDT 2009
dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC.MP
cpu0: Genuine Intel(R) CPU T2400 @ 1.83GHz (GenuineIntel 686-class) 1.83
GHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,A
CPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,VMX,EST,TM2,xTPR
real mem  = 1072066560 (1022MB)
avail mem = 1028296704 (980MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 08/02/06, BIOS32 rev. 0 @ 0xfd6b0,
SMBIOS rev. 2.4
@ 0xe0010 (68 entries)
bios0: vendor LENOVO version 79ET66WW (1.10 ) date 08/02/2006
bios0: LENOVO 2007FRG
acpi0 at bios0: rev 2
acpi0: tables DSDT FACP SSDT ECDT TCPA APIC MCFG HPET BOOT SSDT SSDT
acpi0: wakeup devices LID_(S3) SLPB(S3) LURT(S3) DURT(S3) EXP0(S4) EXP1(S4)
EXP2(S4)
EXP3(S4) PCI1(S4) USB0(S3) USB1(S3) USB2(S3) USB7(S3) HDEF(S4)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: apic clock running at 166MHz
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Genuine Intel(R) CPU T2400 @ 1.83GHz (GenuineIntel 686-class) 1.83
GHz
cpu1:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,A
CPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,VMX,EST,TM2,xTPR
ioapic0 at mainbus0: apid 1 pa 0xfec0, version 20, 24 pins
ioapic0: misconfigured as apic 2, remapped to apid 1
acpihpet0 at acpi0: 14318179 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 1 (AGP_)
acpiprt2 at acpi0: bus 2 (EXP0)
acpiprt3 at acpi0: bus 3 (EXP1)
acpiprt4 at acpi0: bus 4 (EXP2)
acpiprt5 at acpi0: bus 12 (EXP3)
acpiprt6 at acpi0: bus 21 (PCI1)
acpiec0 at acpi0
acpicpu0 at acpi0: C3, C2
acpicpu1 at acpi0: C3, C2
acpitz0 at acpi0: critical temperature 127 degC
acpitz1 at acpi0: critical temperature 99 degC
acpibtn0 at acpi0: LID_
acpibtn1 at acpi0: SLPB
acpibat0 at acpi0: BAT0 model 42T4511 serial 21826 type LION oem SANYO
acpibat1 at acpi0: BAT1 not present
acpiac0 at acpi0: AC unit online
acpithinkpad0 at acpi0
acpidock at acpi0 not configured
acpivideo at acpi0 not configured
acpivideo at acpi0 not configured
bios0: ROM list: 0xc/0xfe00 0xd/0x1000 0xd1000/0x1000 0xdc000/0x4000!
0xe/0x1
cpu0: unknown Enhanced SpeedStep CPU, msr 0x06130b2c06000613
cpu0: using only highest and lowest power states
cpu0: Enhanced SpeedStep 1000 MHz (1004 mV): speeds: 1833, 1000 MHz
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
extent `pciio' (0x0 - 0x), flags=0
 0x1800 - 0x188f
 0x18a8 - 0x18cf
 0x18e0 - 0x18ff
 0x2000 - 0xdfff
 0x1 - 0x
extent `pcimem' (0x0 - 0x), flags=0
 0x0 - 0xfff
 0x2000 - 0x9
 0xd2000 - 0xd3fff
 0xdc000 - 0x3fff
 0xd800 - 0xee1f
 0xee40 - 0xee4047ff
 0xf000 - 0xf3ff
 0xfec0 - 0xfec0
 0xfed0 - 0xfed003ff
 0xfed14000 - 0xfed19fff
 0xfed1c000 - 0xfed8
 0xfee0 - 0xfee00fff
 0xff80 - 0x
pchb0 at pci0 dev 0 function 0 Intel 82945GM Host rev 0x03

Using ospfd to establish default routes with two outgoing connections

[carlopmart]

Hi all,

 I am trying to establish default routes on an openbsd firewall using ospfd 
instead of use multipath+route to param under pf.conf without luck.


 My topology is:

Internet --- ExtFw1 |
|
OpenBSDFw - Internal Network
|
Internet --- ExtFw2 |


 ExtFw1 and ExtFw2 are commercial products with different versions. I have put 
a rule to pass all traffic genereated by OpenBSD on both external firewalls.



 My interfaces config are:

em0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
lladdr 00:50:56:29:f2:2c
priority: 0
media: Ethernet autoselect (1000baseT full-duplex,master)
status: active
inet 172.25.50.1 netmask 0xffe0 broadcast 172.25.50.31
inet6 fe80::250:56ff:fe29:f22c%em0 prefixlen 64 scopeid 0x1
em1: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
lladdr 00:50:56:0f:7b:b0
priority: 0
media: Ethernet autoselect (1000baseT full-duplex,master)
status: active
inet6 fe80::250:56ff:fe0f:7bb0%em1 prefixlen 64 scopeid 0x2
enc0: flags=0 mtu 1536
priority: 0
vlan15: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
lladdr 00:50:56:0f:7b:b0
description: Management Interface
priority: 0
vlan: 15 priority: 0 parent interface: em1
groups: vlan
inet6 fe80::250:56ff:fe0f:7bb0%vlan15 prefixlen 64 scopeid 0x5
inet 172.25.65.1 netmask 0xfff0 broadcast 172.25.65.15
vlan25: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
lladdr 00:50:56:0f:7b:b0
description: VPN Interface
priority: 0
vlan: 25 priority: 0 parent interface: em1
groups: vlan
inet6 fe80::250:56ff:fe0f:7bb0%vlan25 prefixlen 64 scopeid 0x6
inet 172.25.85.1 netmask 0xfff8 broadcast 172.25.85.7
vlan35: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1496
lladdr 00:50:56:0f:7b:b0
description: Primary Outgoing Interface
priority: 0
vlan: 35 priority: 0 parent interface: em1
groups: vlan egress
inet6 fe80::250:56ff:fe0f:7bb0%vlan35 prefixlen 64 scopeid 0x7
inet 192.168.100.66 netmask 0xfffc broadcast 192.168.100.67
vlan45: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1496
lladdr 00:50:56:0f:7b:b0
description: Secondary Outgoing Interface
priority: 0
vlan: 45 priority: 0 parent interface: em1
groups: vlan
inet6 fe80::250:56ff:fe0f:7bb0%vlan45 prefixlen 64 scopeid 0x8
inet 10.10.10.201 netmask 0xfff8 broadcast 10.10.10.207
pflog0: flags=141UP,RUNNING,PROMISC mtu 33204
priority: 0
groups: pflog


My ospfd.conf:

router-id 192.168.100.66
fib-update yes
redistribute connected
redistribute default

area 0.0.0.0 {
auth-type none
interface vlan35
interface vlan45 { metric 20 }
}

Output of ospctl show database command is:

Router Link States (Area 0.0.0.0)

Link ID Adv Router  Age  Seq#   Checksum
192.168.100.66  192.168.100.66  641  0x8001 0x3bdc

Type-5 AS External Link States

Link ID Adv Router  Age  Seq#   Checksum
0.0.0.0 192.168.100.66  641  0x8001 0x11cf
172.25.50.0 192.168.100.66  641  0x8001 0x3ccb
172.25.65.0 192.168.100.66  641  0x8001 0xf6f1
172.25.85.0 192.168.100.66  641  0x8001 0x4a82



Output of ospctl show n command is:

r...@obsdintfw:~# ospfctl show n
ID  Pri StateDeadTime Address Iface Uptime

r...@obsdintfw:~#


Output of ospctl show r command is:

r...@obsdfwint:~# ospfctl show r
Destination  Nexthop   Path TypeType  CostUptime

r...@obsdfwint:~#

 Is this configuration correct? Why can't I establish my default routes with 
multipath using ospfd? Or I am wrong and only I can use multipath+route to with 
pf.conf??


Many thanks.

--
CL Martinez
carlopmart {at} gmail {d0t} com

Re: Using ospfd to establish default routes with two outgoing connections

[carlopmart]

carlopmart wrote:

Hi all,

 I am trying to establish default routes on an openbsd firewall using 
ospfd instead of use multipath+route to param under pf.conf without luck.


 My topology is:

Internet --- ExtFw1 |
|
OpenBSDFw - Internal Network
|
Internet --- ExtFw2 |


 ExtFw1 and ExtFw2 are commercial products with different versions. I 
have put a rule to pass all traffic genereated by OpenBSD on both 
external firewalls.



 My interfaces config are:

em0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
lladdr 00:50:56:29:f2:2c
priority: 0
media: Ethernet autoselect (1000baseT full-duplex,master)
status: active
inet 172.25.50.1 netmask 0xffe0 broadcast 172.25.50.31
inet6 fe80::250:56ff:fe29:f22c%em0 prefixlen 64 scopeid 0x1
em1: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
lladdr 00:50:56:0f:7b:b0
priority: 0
media: Ethernet autoselect (1000baseT full-duplex,master)
status: active
inet6 fe80::250:56ff:fe0f:7bb0%em1 prefixlen 64 scopeid 0x2
enc0: flags=0 mtu 1536
priority: 0
vlan15: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
lladdr 00:50:56:0f:7b:b0
description: Management Interface
priority: 0
vlan: 15 priority: 0 parent interface: em1
groups: vlan
inet6 fe80::250:56ff:fe0f:7bb0%vlan15 prefixlen 64 scopeid 0x5
inet 172.25.65.1 netmask 0xfff0 broadcast 172.25.65.15
vlan25: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
lladdr 00:50:56:0f:7b:b0
description: VPN Interface
priority: 0
vlan: 25 priority: 0 parent interface: em1
groups: vlan
inet6 fe80::250:56ff:fe0f:7bb0%vlan25 prefixlen 64 scopeid 0x6
inet 172.25.85.1 netmask 0xfff8 broadcast 172.25.85.7
vlan35: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1496
lladdr 00:50:56:0f:7b:b0
description: Primary Outgoing Interface
priority: 0
vlan: 35 priority: 0 parent interface: em1
groups: vlan egress
inet6 fe80::250:56ff:fe0f:7bb0%vlan35 prefixlen 64 scopeid 0x7
inet 192.168.100.66 netmask 0xfffc broadcast 192.168.100.67
vlan45: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1496
lladdr 00:50:56:0f:7b:b0
description: Secondary Outgoing Interface
priority: 0
vlan: 45 priority: 0 parent interface: em1
groups: vlan
inet6 fe80::250:56ff:fe0f:7bb0%vlan45 prefixlen 64 scopeid 0x8
inet 10.10.10.201 netmask 0xfff8 broadcast 10.10.10.207
pflog0: flags=141UP,RUNNING,PROMISC mtu 33204
priority: 0
groups: pflog


My ospfd.conf:

router-id 192.168.100.66
fib-update yes
redistribute connected
redistribute default

area 0.0.0.0 {
auth-type none
interface vlan35
interface vlan45 { metric 20 }
}

Output of ospctl show database command is:

Router Link States (Area 0.0.0.0)

Link ID Adv Router  Age  Seq#   Checksum
192.168.100.66  192.168.100.66  641  0x8001 0x3bdc

Type-5 AS External Link States

Link ID Adv Router  Age  Seq#   Checksum
0.0.0.0 192.168.100.66  641  0x8001 0x11cf
172.25.50.0 192.168.100.66  641  0x8001 0x3ccb
172.25.65.0 192.168.100.66  641  0x8001 0xf6f1
172.25.85.0 192.168.100.66  641  0x8001 0x4a82



Output of ospctl show n command is:

r...@obsdintfw:~# ospfctl show n
ID  Pri StateDeadTime Address Iface Uptime

r...@obsdintfw:~#


Output of ospctl show r command is:

r...@obsdfwint:~# ospfctl show r
Destination  Nexthop   Path TypeType  Cost
Uptime


r...@obsdfwint:~#

 Is this configuration correct? Why can't I establish my default routes 
with multipath using ospfd? Or I am wrong and only I can use 
multipath+route to with pf.conf??


Many thanks.


Sorry I forgot to mention OpenBSD version: 4.5

Thanks.

--
CL Martinez
carlopmart {at} gmail {d0t} com

Re: OT: 10GbE Physical Network Taps

[Rolf Sommerhalder]

 I need to collect raw throughput statistics without increasing latency
 or reducing bandwidth on 10GbE fiber links, so most of the typical
 methods are out of the question

After re-reading your post(s) and the thread, I am still unsure what
level of detail you need, e.g. what you mean by collect raw
throughput statistics.
Does that go more in-depth than simple Byte- or packet counts which
you might read by SNMP GETs from a network device in your path?
Or would a NetFlow or sFlow export provide enough level of detail for
those statistics?

Arien Vijn from AMS-IX has given some interesting presentations on
monitoring 10GE, also using the Meta / Force10 Networks programmable
NIC and a photonic cross connect/splitter:
http://events.ccc.de/congress/2006/Fahrplan/events/1640.en.html
(There is/was a voice/video recording if the session, but I can find
it right now.)

Another source for similar special NICs:
http://www.napatech.com

Rolf

Re: OT: 10GbE Physical Network Taps

[Rolf Sommerhalder]

 (There is/was a voice/video recording if the session, but I can find
 it right now.)

Here is the link to the presentation Arien held a year later, and this
one has pointers to videos of his talk:
  10GE monitoring live!  How to find that special one out of millions
  http://events.ccc.de/congress/2007/Fahrplan/events/2285.en.html

Possible (minor) security issue in the resolver library -- is this already known?

[Daniel Austin]

Just wanting a second opinion.

I was investigating why I and a fair few others were occasionally being
redirected to eBay or seeing seemingly random sites when going to common
places like Google, Twitter, etc. Turned out to be caused by the combination
of a few things, one of which was the  documented behaviour of the resolver
library. Here's what happens:

1. OS boots up, DHCP sets the domain name to something.com.au. (ok)

2. Browser starts up, opens a lot of tabs, starts doing DNS lookups.

3. Because the ISPs DNS server is not 100% reliable, some site name lookups
do not get a DNS response within the timeout (first problem, but nothing to
do with the OS).

4. Because the resolver library didn't resolve google.com.au or 
twitter.com it does a search. If there's no explicit DNS search path set
then RES_DNSRCH is activated and it looks up google.com.au.something.com.au
(ok -- just appending the domain name). Of course, that doesn't exist so it
gets no such domain.

5. So the resolver library walks back up the domain name and next tries to
resolve google.com.au.com.au (second problem -- I don't think the resolver
library should be going back that far it but it's obviously been like that
for a very long time and is documented).

6. Some smart alec actually owns au.com.au and com.com.au and they've
configured DNS entries for google.com.au.com.au and a host of other sites
(third problem). It's not a wildcard match. 
nosuchdomain.blah.blah.blah.au.com.au returns no such domain.

It's really quite a head-trip to type google.com.au and get Welcome to
ASZ.COm.AU or get redirected to eBay. I thought it was a DNS cache
poisoning attack at first but it isn't.

I think it's a relatively minor issue because all 3 conditions must be met
and the owner of au.com.au and com.com.au (same entity) don't seem to be
doing anything malicious with it (yet). But a quick Google shows a
surprising number of people fruitlessly searching for trojans and viruses
because they're affected.

The designer/implentor of the resolver library knew not to walk all the way
back to .com if your domain was something.com. So the problem only
affects people whose country domains include sub-domains. But I think for
the same reason you shouldn't walk all he way back to .com it shouldn't
walk all the way back to .com.au. Just IMHO.

Odd thing is -- OpenBSD doesn't seem to be vulnerable out of the box. That's
because dhcp-client writes /etc/resolv.conf and includes a search domain. If
you have search domains then RES_DNSRCH doesn't happen. To reproduce the
issue, remove the search option from /etc/resolv.conf then ping
bom.gov.au (you'll need a domain option set in /etc/resolv.conf like 
optusnet.com.au). You can reliably reproduce the behaviour with
bom.gov.aubecause they haven't configured A records for just 
bom.gov.au so the RES_DNSRCH feature is triggered in the absence of a
search directive.

So does OpenBSD write a seach domain to /etc/resolv.conf because this issue
was already known? Although the DHCP standard allows it my DHCP server is
definitely not setting a search path.

OSX, Windows and Linux don't do this and the problem is easily reproducible.
Haven't checked the other *BSDs.

Maybe I'm being too paranoid (but then, that's why I use OpenBSD... :-)  ).

Dan

ypldap and authorization with ldap

[Vasiliy Kiryanov]

Hello Pierre.

I have spent some time to setup authorization with LDAP via ypldap and
want to share some ideas that I believe can help others.
I think you can add it to documentation for ypldap with some details.

1. we should use ypbind in addition to ypldap.
2. we should activate YP passwd support in /etc/master.passwd with
string: +:/bin/ksh
3. in /etc/rc script we should comment-out invocation of ypbind or it
will launch before ypldap
4. we need login_ldap package for authentication

As for 3 I think it is bad thing to modify rc script and we need some
standard solution here!

I have written post about it where I cover it in more details:
 
[http://blogs.helion-prime.com/vasiliykiryanov/2009/05/07/authorization-with-ldap-on-openbsd.html]

thanks,
and have a nice day

Re: Calomel.org

[Stuart Henderson]

On 2009-05-07, FRLinux frli...@gmail.com wrote:
 On Thu, May 7, 2009 at 4:07 AM, James Peltier james_a_pelt...@yahoo.ca
 wrote:
 There was mention of calomel.org recently.  This is a great resource,
 however,
 it needs to be a bit more updated.  For example the following page advises
 *not* to use the GENERIC.MP kernel, however, considering how much work has
 gone into the MP work and fact that MP will become default I think it
 should
 be updated. ;)

 https://calomel.org/network_performance.html

 So I am guessing you got in touch with them?
 https://calomel.org/calomel_at.html

 Cheers,
 Steph



If you are interested in contacting us at Calomel.org please send
mail to the following email address @calomel.org. The text is read
from left to right and _not_ in the order they appear.

Said text is in an animated gif (which often doesn't display properly),
which is about as much fun to read, as it would be to dig through the site
and find where the errors are.

There are some useful things on the site, but please, use with a big
pinch of salt.

Re: Using ospfd to establish default routes with two outgoing connections

[Stuart Henderson]

On 2009-05-07, carlopmart carlopm...@gmail.com wrote:
 Hi all,

   I am trying to establish default routes on an openbsd firewall using ospfd 
 instead of use multipath+route to param under pf.conf without luck.

   My topology is:

 Internet --- ExtFw1 |
  |
  OpenBSDFw - Internal Network
  |
 Internet --- ExtFw2 |


   ExtFw1 and ExtFw2 are commercial products with different versions. I have 
 put 
 a rule to pass all traffic genereated by OpenBSD on both external firewalls.


ExtFw1 and ExtFw2 are running OSPF and announcing a default route
into it, right??



   My interfaces config are:

 em0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
  lladdr 00:50:56:29:f2:2c
  priority: 0
  media: Ethernet autoselect (1000baseT full-duplex,master)
  status: active
  inet 172.25.50.1 netmask 0xffe0 broadcast 172.25.50.31
  inet6 fe80::250:56ff:fe29:f22c%em0 prefixlen 64 scopeid 0x1
 em1: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
  lladdr 00:50:56:0f:7b:b0
  priority: 0
  media: Ethernet autoselect (1000baseT full-duplex,master)
  status: active
  inet6 fe80::250:56ff:fe0f:7bb0%em1 prefixlen 64 scopeid 0x2
 enc0: flags=0 mtu 1536
  priority: 0
 vlan15: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
  lladdr 00:50:56:0f:7b:b0
  description: Management Interface
  priority: 0
  vlan: 15 priority: 0 parent interface: em1
  groups: vlan
  inet6 fe80::250:56ff:fe0f:7bb0%vlan15 prefixlen 64 scopeid 0x5
  inet 172.25.65.1 netmask 0xfff0 broadcast 172.25.65.15
 vlan25: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
  lladdr 00:50:56:0f:7b:b0
  description: VPN Interface
  priority: 0
  vlan: 25 priority: 0 parent interface: em1
  groups: vlan
  inet6 fe80::250:56ff:fe0f:7bb0%vlan25 prefixlen 64 scopeid 0x6
  inet 172.25.85.1 netmask 0xfff8 broadcast 172.25.85.7
 vlan35: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1496
  lladdr 00:50:56:0f:7b:b0
  description: Primary Outgoing Interface
  priority: 0
  vlan: 35 priority: 0 parent interface: em1
  groups: vlan egress
  inet6 fe80::250:56ff:fe0f:7bb0%vlan35 prefixlen 64 scopeid 0x7
  inet 192.168.100.66 netmask 0xfffc broadcast 192.168.100.67
 vlan45: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1496
  lladdr 00:50:56:0f:7b:b0
  description: Secondary Outgoing Interface
  priority: 0
  vlan: 45 priority: 0 parent interface: em1
  groups: vlan
  inet6 fe80::250:56ff:fe0f:7bb0%vlan45 prefixlen 64 scopeid 0x8
  inet 10.10.10.201 netmask 0xfff8 broadcast 10.10.10.207
 pflog0: flags=141UP,RUNNING,PROMISC mtu 33204
  priority: 0
  groups: pflog


 My ospfd.conf:

 router-id 192.168.100.66
 fib-update yes
 redistribute connected
 redistribute default

 area 0.0.0.0 {
  auth-type none
  interface vlan35
  interface vlan45 { metric 20 }
 }

 Output of ospctl show database command is:

  Router Link States (Area 0.0.0.0)

 Link ID Adv Router  Age  Seq#   Checksum
 192.168.100.66  192.168.100.66  641  0x8001 0x3bdc

  Type-5 AS External Link States

 Link ID Adv Router  Age  Seq#   Checksum
 0.0.0.0 192.168.100.66  641  0x8001 0x11cf
 172.25.50.0 192.168.100.66  641  0x8001 0x3ccb
 172.25.65.0 192.168.100.66  641  0x8001 0xf6f1
 172.25.85.0 192.168.100.66  641  0x8001 0x4a82



 Output of ospctl show n command is:

 r...@obsdintfw:~# ospfctl show n
 ID  Pri StateDeadTime Address Iface Uptime

 r...@obsdintfw:~#


 Output of ospctl show r command is:

 r...@obsdfwint:~# ospfctl show r
 Destination  Nexthop   Path TypeType  CostUptime

 r...@obsdfwint:~#

   Is this configuration correct? Why can't I establish my default routes with 
 multipath using ospfd? Or I am wrong and only I can use multipath+route to 
 with 
 pf.conf??

 Many thanks.

Re: HD 'Analysis'

[Marco Peereboom]

You people crack me up.  I have been trying to ignore this post for a
while but can't anymore.  Garbage like badblock are from the era that
you still could low level format a drive.  Remember those fun days?
When you were all excited about your 10MB hard disk?

Use dd to read it; if it is somewhat broken the drive will reallocate
it.  If it is badly broken the IO will fail and it is time to toss the
disk.  Those are about all the flavors you have available.  Running
vendor diags is basically a fancier dd.

On Thu, May 07, 2009 at 01:10:56AM +0200, ropers wrote:
  On Monday 04 May 2009 17:56:43 L. V. Lammert wrote:
   What is the best way to do a surface analysis on a disk?
 
 
 2009/5/5 Tony Abernethy t...@servacorp.com:
  There is, in the e2fsprogs package, something called badblocks.
  I have used it (on Linux) to rescue bad disks.
  (Windows laptops  -- kinda redundant?)
 
  If you care about your data, follow Steve's advice.
 
  The reality seems to be that this does exercise a disk's ability
  to relocate bad sectors so that a bad disk suddenly goes good.
  This is using a destructive surface test  (badblocks -sw ...)
  Realistically, seems like the most reliable test is that disk is slower
  than it should be.
 
  Me, if I want to rely on a disk drive, I will run badblocks on it.
  The long-winded destructive test
  And I will time it, at least sporadically.
  (New disks are not immune from having problems ;-)
  The exercise maybe loses out to watching grass grow.
 
 I also would recommend badblocks(8), but I would recommend
   badblocks -svn
 instead of badblocks -sw.
 
 badblocks -svn also (s)hows its progress as it goes along, but does a
 (v)erbose (n)on-destructive read/write test (as opposed to either the
 default read-only test or the destructive read/write test). You can
 check an entire device with badblocks, or a partition, or a file. The
 great thing about using badblocks to check a partition is that it's
 filesystem-agnostic. It will dutifully check every bit of its target
 partition regardless of what's actually on it. And if you give
 badblocks -svn an entire storage device to test, it will not even care
 about the actual partition scheme used. Because this read/write test
 can trigger the disk's own built-in bad sector relocation, this means
 you can even have a disk that you can't read the partition table from,
 and running badblocks -svn over it may at least temporarily fix
 things. And I've used badblocks -svn e.g. to check old Macintosh
 floppies. Who cares that OpenBSD doesn't know much about the
 filesystem on those? badblocks does the job anyway.
 
 (Because of this agnosticism, it's actually questionable whether
 badblocks(8) ought to be part of a filesystem-specific package, but
 hey, that's what it comes in. Yea, one *could* also argue whether to
 include it elsewhere by default because it's so useful, but I'm not
 the one making those decisions and I guess the folks who do will do
 what makes the most sense to them, so I don't feel like starting to be
 a back seat driver... ;-)
 
 Oh, and of course it would probably be prudent to do a backup before
 read/write tests, even though badblocks is well-established and (with
 -n) supposed to be non-destructive. Supposed to... ;-) I've never been
 disappointed but YMMV.
 
 regards,
 --ropers

Re: OpenVPN destroys tun

[Henning Brauer]

* Claudio Jeker cje...@diehard.n-r-g.com [2009-05-06 23:07]:
 How does openvpn destroy the interfaces? IIRC they just close the fd and
 that is causing the interface to be destroyed if it was auto created.

the pasted code shows they do an explicit ifconfig tunX destroy, so
that won't help, unfortunately.

-- 
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting - Hamburg  Amsterdam

Re: OpenVPN destroys tun

[Henning Brauer]

* Jason Dixon ja...@dixongroup.net [2009-05-06 21:47]:
 Were you actually using altq on your tun device?

give it up, nobody got you...

the proper solution is to fix the altq parts in pf to make use of the
interface abstraction code, just like the rest of pf does. I don't see
myself doing that anytime soon, whoever wants to: feel free to ask me
for some guidance. but really, I won't go to the teach you C or
mbufs level.

-- 
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting - Hamburg  Amsterdam

Re: OpenVPN destroys tun

[Henning Brauer]

* Jason Dixon ja...@dixongroup.net [2009-05-06 22:52]:
 On Wed, May 06, 2009 at 05:38:51PM -0300, Giancarlo Razzolini wrote:
 
  Well, i wasn't OT with my reply. And i use openvpn from the beginning of  
  the project, even made a plugin for it. So i know i little of it. My  
  suggestion was to avoid what you might be already suspecting. You will  
  have to mess with openvpn code and recompile it to do what you want. The  
  solution i suggested is a viable one, even if already have queueing  
  policies on that interface. It'll only require a little adaptation on  
  your altq rules. I guess you won't get far with an attitude like that,  
  being rude with people that are trying to help you. That said, you might  
  want to take a look at openvpn source code, mainly tun.c and tun.h files.
 
 Regardless of how much you claim to know about it, the fact remains that
 there's no way to have OpenVPN bind to an existing tun device.  Thanks
 for the roundabout answer.

actually... the way he proposes should work, even in your usage case.
really. the tags telling altq where to queue survive the tun
encapsulation (i think). so you can queue on the real interface based
on classification done for traffic inside the tunnel.

-- 
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting - Hamburg  Amsterdam

Re: iwi(Intel pro/wireless 2200BG wireless nic) on asus A6 laptop

[José Brandão]

Sorry for replying to my own post.

I report here the solution of the problem, as pointed to me by  Stijn
(thank you very much by the way). Quoting Stijn:


Can you disable apm at boot time?

boot -c
disable apm
quit

If this works, you can make the change permanent with config(8).

And this worked like a charm.

Now, anyone with the same problem will have the solution one google search
away.

Thank you to everyone who sent me suggestions.

Best regards

Jose Brandao





2009/5/6 Josi Brandco ze.bran...@gmail.com:
 Hello,

 This is my first post, so forgive me if I inadvertently commit a
 gaffe.

 I am looking for advice regarding the setting-up of my wireless network
 card with wpa.

 I have installed the current release OpenBSD 4.5 on my asus A6 laptop.
 So far as I can tell, everything works perfectly except for the
 Intel pro/wireless 2200BG wireless nic (driver iwi, device iwi0) that
 I have been unable
 to put to work.

 As per man page instructions, I have installed into /etc/firmware the
 files from iwi-firmware-3.0p0.tgz.

 I have created the /etc/hostname.iwi0 file with contents:

 dhcp NONE NONE NONE nwid my_essid wpa \
 wpapsk $(wpa-psk my_essid my_passphrase)

 At boot-time, when comes the time to initialize the network, the following
 message is printed:

 iwi0: no link . sleeping

 I have also tried to activate the card with the instruction:

 ifconfig iwi0  -bssid chan 6 nwid WirelessFromTVCabo\
 -nwkey txpower 20 wpa wpaakms psk wpagroupcipher ccmp\
 wpaprotos wpa2 wpapsk $(wpa-psk my_essid my_passphrase)
 dhclient iwi0

 with the same results.

 The previous commands closely reproduce the setup on a debian
 installed on another partition.

 The output of dmesg is:

 OpenBSD 4.5 (GENERIC) #1749: Sat Feb 28 14:51:18 MST 2009
 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC
 cpu0: Intel(R) Pentium(R) M processor 1.60GHz (GenuineIntel
 686-class) 1.61 GHz
 cpu0:
FPU,V86,DE,PSE,TSC,MSR,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,
MMX,FXSR,SSE,SSE2,SS,TM,SBF,EST,TM2
 real mem  = 535654400 (510MB)
 avail mem = 509669376 (486MB)
 mainbus0 at root
 bios0 at mainbus0: AT/286+ BIOS, date 03/17/05, SMBIOS rev. 2.3 @
 0xf5b40 (35 entries)
 bios0: vendor American Megatrends Inc. version 0204 date 03/17/2005
 bios0: ASUSTeK Computer Inc. A6G
 apm0 at bios0: Power Management spec V1.2
 apm0: AC on, no battery
 acpi at bios0 function 0x0 not configured
 pcibios at bios0 function 0x1a not configured
 bios0: ROM list: 0xc/0x1
 cpu0 at mainbus0: (uniprocessor)
 cpu0: Enhanced SpeedStep 1600 MHz (1340 mV): speeds: 1600, 1400,
 1200, 1000, 800, 600 MHz
 pci0 at mainbus0 bus 0: configuration mode 1 (bios)
 pchb0 at pci0 dev 0 function 0 Intel 82855GM Host rev 0x02
 intelagp0 at pchb0
 agp0 at intelagp0: aperture at 0xe000, size 0xc40
 Intel 82855GM Memory rev 0x02 at pci0 dev 0 function 1 not configured
 Intel 82855GM Config rev 0x02 at pci0 dev 0 function 3 not configured
 ppb0 at pci0 dev 1 function 0 Intel 82855GME AGP rev 0x02
 pci1 at ppb0 bus 1
 vga1 at pci1 dev 0 function 0 ATI Radeon Mobility M10 rev 0x00
 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
 wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
 radeondrm0 at vga1: irq 5
 drm0 at radeondrm0
 uhci0 at pci0 dev 29 function 0 Intel 82801DB USB rev 0x03: irq 5
 uhci1 at pci0 dev 29 function 1 Intel 82801DB USB rev 0x03: irq 5
 uhci2 at pci0 dev 29 function 2 Intel 82801DB USB rev 0x03: irq 5
 ehci0 at pci0 dev 29 function 7 Intel 82801DB USB rev 0x03: irq 4
 ehci0: timed out waiting for BIOS
 usb0 at ehci0: USB revision 2.0
 uhub0 at usb0 Intel EHCI root hub rev 2.00/1.00 addr 1
 ppb1 at pci0 dev 30 function 0 Intel 82801BAM Hub-to-PCI rev 0x83
 pci2 at ppb1 bus 2
 rl0 at pci2 dev 0 function 0 Realtek 8139 rev 0x10: irq 5,
 address 00:11:d8:bf:2b:3d
 rlphy0 at rl0 phy 0: RTL internal PHY
 iwi0 at pci2 dev 4 function 0 Intel PRO/Wireless 2200BG rev
 0x05: irq 5, address 00:12:f0:3c:7e:1b
 cbb0 at pci2 dev 5 function 0 Ricoh 5C476 CardBus rev 0xac:
 couldn't map interrupt
 cbb1 at pci2 dev 5 function 1 Ricoh 5C476 CardBus rev 0xac:
 couldn't map interrupt
 Ricoh 5C552 Firewire rev 0x04 at pci2 dev 5 function 2 not configured
 ichpcib0 at pci0 dev 31 function 0 Intel 82801DBM LPC rev 0x03:
 24-bit timer at 3579545Hz
 pciide0 at pci0 dev 31 function 1 Intel 82801DBM IDE rev 0x03:
 DMA, channel 0 configured to compatibility, channel 1 configured to
 compatibility
 wd0 at pciide0 channel 0 drive 0: IC25N060ATMR04-0
 wd0: 16-sector PIO, LBA48, 57231MB, 117210240 sectors
 wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5
 atapiscsi0 at pciide0 channel 1 drive 0
 scsibus0 at atapiscsi0: 2 targets
 cd0 at scsibus0 targ 0 lun 0: 

[ot] debian switching to eglibc

[frantisek holop]

http://www.osnews.com/story/21441/Debian_Switching_to_EGLIBC

i only send this because of the past clashes between
Ulrich and the gang.

-f

ps. hint hint nudge nudge :]
-- 
courage is fear that has said its prayers.

Re: [ot] debian switching to eglibc

[frantisek holop]

hmm, on Thu, May 07, 2009 at 03:13:53PM +0200, frantisek holop said that
 http://www.osnews.com/story/21441/Debian_Switching_to_EGLIBC

http://sourceware.org/bugzilla/show_bug.cgi?id=4980

hillarious.  good fun.
who does this remind me?  let's see...

and as added bonus, thorsten is there, long time no see mate.

-f
-- 
there's no second chance for a good first impression.

Re: Using ospfd to establish default routes with two outgoing connections

[carlopmart]

Stuart Henderson wrote:

On 2009-05-07, carlopmart carlopm...@gmail.com wrote:

Hi all,

  I am trying to establish default routes on an openbsd firewall using ospfd 
instead of use multipath+route to param under pf.conf without luck.


  My topology is:

Internet --- ExtFw1 |
 |
 OpenBSDFw - Internal Network
 |
Internet --- ExtFw2 |


  ExtFw1 and ExtFw2 are commercial products with different versions. I have put 
a rule to pass all traffic genereated by OpenBSD on both external firewalls.



ExtFw1 and ExtFw2 are running OSPF and announcing a default route
into it, right??



At this time yes. Extfw are commercial firewalls based on linux and I use quagga 
to configure ospf on each one. But, any route is attached to openbsd via ospf ...


--
CL Martinez
carlopmart {at} gmail {d0t} com

Re: OpenVPN destroys tun

[Claudio Jeker]

On Thu, May 07, 2009 at 02:53:34PM +0200, Henning Brauer wrote:
 * Claudio Jeker cje...@diehard.n-r-g.com [2009-05-06 23:07]:
  How does openvpn destroy the interfaces? IIRC they just close the fd and
  that is causing the interface to be destroyed if it was auto created.
 
 the pasted code shows they do an explicit ifconfig tunX destroy, so
 that won't help, unfortunately.
 

Yeah. I thought their code wouldn't be so stupid but I was wrong. Their
interface handling code should be hanged, shot, chopped up and burried
in a deep deep hole.

-- 
:wq Claudio

Problem with setting up dial-up server with getty and ppp

[Alexander Shikoff]

Hello,

I have a box with serial 8-port Digi Neo card installed.
It was detected normally, e.g. I see that in dmesg
and all devices (cuac[0-7] and ttyc[0-7] are present in /dev directory.

Now I'm trying to setup dial-up server with getty and ppp.

I have added to /etc/ttys:
ttyc0   /usr/libexec/getty std.38400  unknown on insecure
ttyc1   /usr/libexec/getty std.38400  unknown on insecure
[...]

but after killing init with -HUP signal 'getty' processes do not
appear in process list.

What's wrong? Any help will be appreciated. Thanks.

-- 
MINO-RIPE

rtable and pf

[Uwe Werler]

Hello list,

I have an OpenBSD box with 4.5 connected to two carriers, to one per dhcp and 
to the other static configured.
Now I tried to change my rule set from route-to/reply-to syntax to rtable usage.

Up to now I added my static configured gateway with route add default $GW 
-mpath so the dhclient-script
does only add an additional default route.

The following rule worked:

$ext1 = static configured as for $ext1_gw

pass in on $ext1 reply-to ($ext1 $ext1_gw) inet proto tcp to ($ext1) port ssh 
flags S/SA keep state \
(max-src-conn-rate 3/30,overload ssh-bruteforce flush global, pflow)

Now I moved the static gateway to routing table 1 with route -T 1 add default 
$GW and changed my
rule to:

pass in on $ext1 inet proto tcp to ($ext1) port ssh flags S/SA keep state \
(max-src-conn-rate 3/30,overload ssh-bruteforce flush global, pflow) 
rtable 1

But as soon as I make a dhclient $ext2 I can't logon via SSH to the static 
configured address so I
guess the reply packets are not routed via rtable 1.

What I'm missing or what I've disunderstood?

Thanks for Your clearification.

Regards Uwe

Re: Using ospfd to establish default routes with two outgoing connections

[Marco Fretz]

Hi,

I'm not 100% clear if i got you right. but if I'm right you have to do the
redistribute default on your 2 external firewalls. because the openbsd box
needs the default route (to the internet) not the other way round...

ExtFw has (static?) route to the ISP. OpenBSDFw gets default route
dynamically via OSPF from ExtFw1 or from ExtFw2. that's it.

are ExtFw1, ExtFw2 and OpenBSDFw on the same subnet?

generally you have to run ospf on all 3 boxes. on ExtFw1 set metric lower
than on ExtFw2 so OpenBSDFw will use the default route from ExtFw1 as long
ExtFw1 is available and ospf adj are established.

ospf redistribution means that the local router will announce prefix
0.0.0.0/0 pointing to the address of the interface where the LSA is sent
out...

is that what you'r looking for?

greets
Marco


On Thu, May 7, 2009 at 3:40 PM, carlopmart carlopm...@gmail.com wrote:

 Stuart Henderson wrote:

 On 2009-05-07, carlopmart carlopm...@gmail.com wrote:

 Hi all,

  I am trying to establish default routes on an openbsd firewall using
 ospfd instead of use multipath+route to param under pf.conf without luck.

  My topology is:

 Internet --- ExtFw1 |
 |
 OpenBSDFw - Internal Network
 |
 Internet --- ExtFw2 |


  ExtFw1 and ExtFw2 are commercial products with different versions. I
 have put a rule to pass all traffic genereated by OpenBSD on both external
 firewalls.



 ExtFw1 and ExtFw2 are running OSPF and announcing a default route
 into it, right??


 At this time yes. Extfw are commercial firewalls based on linux and I use
 quagga to configure ospf on each one. But, any route is attached to openbsd
 via ospf ...


 --
 CL Martinez
 carlopmart {at} gmail {d0t} com

Re: Calomel.org

[Darrin Chandler]

On Thu, May 07, 2009 at 12:03:23PM +, Stuart Henderson wrote:
 There are some useful things on the site, but please, use with a big
 pinch of salt.

This is true of any sites with OpenBSD help. Sometimes I've found some
info on these sites that's saved me much time, but I'd never take the
info without thinking it through myself, check against the man pages,
FAQ, etc.

-- 
Darrin Chandler|  Phoenix BSD User Group  |  MetaBUG
dwchand...@stilyagin.com   |  http://phxbug.org/  |  http://metabug.org/
http://www.stilyagin.com/  |  Daemons in the Desert   |  Global BUG Federation

Re: rtable and pf

[Henning Brauer]

* Uwe Werler u...@o3si.de [2009-05-07 16:43]:
 Hello list,
 
 I have an OpenBSD box with 4.5 connected to two carriers, to one per dhcp and 
 to the other static configured.
 Now I tried to change my rule set from route-to/reply-to syntax to rtable 
 usage.
 
 Up to now I added my static configured gateway with route add default $GW 
 -mpath so the dhclient-script
 does only add an additional default route.
 
 The following rule worked:
 
 $ext1 = static configured as for $ext1_gw
 
 pass in on $ext1 reply-to ($ext1 $ext1_gw) inet proto tcp to ($ext1) port ssh 
 flags S/SA keep state \
 (max-src-conn-rate 3/30,overload ssh-bruteforce flush global, pflow)
 
 Now I moved the static gateway to routing table 1 with route -T 1 add 
 default $GW and changed my
 rule to:
 
 pass in on $ext1 inet proto tcp to ($ext1) port ssh flags S/SA keep state \
 (max-src-conn-rate 3/30,overload ssh-bruteforce flush global, 
 pflow) rtable 1
 
 But as soon as I make a dhclient $ext2 I can't logon via SSH to the static 
 configured address so I
 guess the reply packets are not routed via rtable 1.
 
 What I'm missing or what I've disunderstood?

that scenario doesn't work. rtable influences route lookup. before it
happens. so it must be set inbound - it is too late outbound. your
return traffic originates at the host itself - pf outbound, too late.

I haven't come up with an alegent solution yet. not sure there is one.

-- 
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting - Hamburg  Amsterdam

Re: Calomel.org

[Calomel]

Thanks for the heads up.

I agree that with all of the work done in the newest MP kernel the
page is outdated. There should be time this month to test the newest
release and post the results. 

Network Speed and Performance Guide (OpenBSD)
https://calomel.org/network_performance.html

As Darren and the previous posts have said, always do your research
using multiple sources. We try to be as accurate on our site as
possible, but as in this case, some pages may become outdated. When
you find information that is useful compare it to the man pages, to
other resources on-line and ask questions.

--
  Calomel @ https://calomel.org
  Open Source Research and Reference


On Thu, May 07, 2009 at 10:53:18AM -0400, Darrin Chandler wrote:
On Thu, May 07, 2009 at 12:03:23PM +, Stuart Henderson wrote:
 There are some useful things on the site, but please, use with a big
 pinch of salt.

This is true of any sites with OpenBSD help. Sometimes I've found some
info on these sites that's saved me much time, but I'd never take the
info without thinking it through myself, check against the man pages,
FAQ, etc.

-- 
Darrin Chandler|  Phoenix BSD User Group  |  MetaBUG
dwchand...@stilyagin.com   |  http://phxbug.org/  |  http://metabug.org/
http://www.stilyagin.com/  |  Daemons in the Desert   |  Global BUG Federation

Kernel panic while accessing ext3 partition

[Bill Maas]

Hi,

I got a bad ref count panic message while trying to access a directory
on a 45 GB ext3 partition. Below is what I managed to salvage. Any
workarounds for this? Anyway, got GNOME on OpenBSD up and running, made
very easy, great!

Bill

---
b5 at pci0 dev 30 function 0 Intel 82801BAM Hub-to-PCI rev 0x93
pci6 at ppb5 bus 21
cbb0 at pci6 dev 0 function 0 Ricoh 5C476 CardBus rev 0xba: apic 1 int
16 (irq 11)
Ricoh 5C832 Firewire rev 0x04 at pci6 dev 0 function 1 not configured
sdhc0 at pci6 dev 0 function 2 Ricoh 5C822 SD/MMC rev 0x21: apic 1 int
18 (irq 11)
sdmmc0 at sdhc0
Ricoh 5C843 MMC rev 0x11 at pci6 dev 0 function 3 not configured
Ricoh 5C592 Memory Stick rev 0x11 at pci6 dev 0 function 4 not
configured
Ricoh 5C852 xD rev 0x11 at pci6 dev 0 function 5 not configured
cardslot0 at cbb0 slot 0 flags 0
cardbus0 at cardslot0: bus 22 device 0 cacheline 0x0, lattimer 0xb0
pcmcia0 at cardslot0
pcib0 at pci0 dev 31 function 0 Intel 82801IEM LPC rev 0x03
ahci0 at pci0 dev 31 function 2 Intel 82801I AHCI rev 0x03: apic 1 int
16 (irq 11), AHCI 1.2
scsibus0 at ahci0: 32 targets
sd0 at scsibus0 targ 0 lun 0: ATA, ST9320421AS, SD13 SCSI3 0/direct
fixed
sd0: 305245MB, 512 bytes/sec, 625142448 sec total
cd0 at scsibus0 targ 1 lun 0: MATSHITA, DVD-RAM UJ862A, SB04 ATAPI
5/cdrom removable
ichiic0 at pci0 dev 31 function 3 Intel 82801I SMBus rev 0x03: apic 1
int 23 (irq 11)
iic0 at ichiic0
usb2 at uhci0: USB revision 1.0
uhub2 at usb2 Intel UHCI root hub rev 1.00/1.00 addr 1
usb3 at uhci1: USB revision 1.0
uhub3 at usb3 Intel UHCI root hub rev 1.00/1.00 addr 1
usb4 at uhci2: USB revision 1.0
uhub4 at usb4 Intel UHCI root hub rev 1.00/1.00 addr 1
usb5 at uhci3: USB revision 1.0
uhub5 at usb5 Intel UHCI root hub rev 1.00/1.00 addr 1
usb6 at uhci4: USB revision 1.0
uhub6 at usb6 Intel UHCI root hub rev 1.00/1.00 addr 1
usb7 at uhci5: USB revision 1.0
uhub7 at usb7 Intel UHCI root hub rev 1.00/1.00 addr 1
isa0 at pcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pms0 at pckbc0 (aux slot)
pckbc0: using irq 12 for aux slot
wsmouse0 at pms0 mux 0
pcppi0 at isa0 port 0x61
midi0 at pcppi0: PC speaker
spkr0 at pcppi0
aps0 at isa0 port 0x1600/31
npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
mtrr: Pentium Pro MTRR support
uvideo0 at uhub0 port 6 configuration 1 interface 0 Chicony Electronics
Co., Ltd. product 0x4807 rev 2.00/31.34 addr 2
video0 at uvideo0
ubt0 at uhub3 port 2 Lenovo Computer Corp ThinkPad Bluetooth with
Enhanced Data Rate II rev 2.00/3.52 addr 2
ugen0 at uhub7 port 2 Lenovo Integrated Smart Card Reader rev
2.00/1.00 addr 2
softraid0 at root
root on sd0a swap on sd0b dump on sd0b
WARNING: / was not properly unmounted
vrele: bad ref count: 0xd99ad788, type VBLK, use 0, write 0, hold 6,
flags (VBIOONFREELIST)
tag VT_UFS, ino 1188, on dev 4, 0 flags 0x0, effnlink 1, nlink 1
mode 060640, owner 0, group 5, size 0 not locked
panic: vrele: ref cnt
Stopped at  Debugger+0x4:   leave   
RUN AT LEAST 'trace' AND 'ps' AND INCLUDE OUTPUT WHEN REPORTING THIS
PANIC!
DO NOT EVEN BOTHER REPORTING THIS WITHOUT INCLUDING THAT INFORMATION!
ddb ddb Debugger(0,d991e550,df754ae0,d99ad788,d99b8008) at Debugger
+0x4
panic(d06f545f,d99ad788,0,d991e550,d99532e0) at panic+0x55
vrele(d99ad788,6,0,d0381e08) at vrele+0xa2
ext2fs_reclaim(df754b18,d08106a8,0,d991e550,d07a95e4) at ext2fs_reclaim
+0x89
VOP_RECLAIM(d991e550,d99b8008,d99b8008,0) at VOP_RECLAIM+0x28
vclean(d991e550,8,d99b8008,0,d3b36c00) at vclean+0x76
vgonel(d991e550,d99b8008,0,d99b8008,d94a6130) at vgonel+0x3e
vrecycle(d991e550,d99b8008,d99b8008,18f3) at vrecycle+0x20
ext2fs_inactive(df754c08,1780,df754c30,d037b6fd,d07a95d8) at
ext2fs_inactive+0xdc
VOP_INACTIVE(d991e550,d99b8008,df754c80,d0458b27,16) at VOP_INACTIVE
+0x28
vput(d991e550,df754c6c,d3b4b400,df754c70,1780) at vput+0x36
ext2fs_vget(d3e0d800,178001,df754d28,178001) at ext2fs_vget+0x167
ext2fs_lookup(df754d58,d99b8008,df754d70,d0380823,d07a94b8) at
ext2fs_lookup+0x62e
VOP_LOOKUP(d995af28,df754e58,df754e6c,20) at VOP_LOOKUP+0x2e
lookup(df754e48,d9814c00,400,df754e60) at lookup+0x1d0
namei(df754e48,20042,0,0) at namei+0x18c
sys_lstat(d99b8008,df754f68,df754f58,cfbc2810,d99b8008) at sys_lstat
+0x4a
syscall() at syscall+0x24e
--- syscall (number 293) ---
0x1c023f35:
ddbPID   PPID   PGRPUID  S   FLAGS  WAIT
COMMAND 
  9152  1  24654   1000  3  0x4080  poll
notification-are
 19989  1  24654   1000  3  0x4080  poll
clock-applet
 32558  1  24654   1000  3  0x4080  poll
mixer_applet2   
 30896  1  11290   1000  3  0x4080  poll
gvfsd-trash 
 19245  1  19245   1000  30x80  poll
gnome-screensave
 17846  1  24654   1000  3  0x4080  poll
wnck-applet 
 16498  1  11290   1000  3  

Re: [ot] debian switching to eglibc

[Tom Van Looy]

frantisek holop wrote:
 hmm, on Thu, May 07, 2009 at 03:13:53PM +0200, frantisek holop said that
 http://www.osnews.com/story/21441/Debian_Switching_to_EGLIBC
 
 http://sourceware.org/bugzilla/show_bug.cgi?id=4980
 
 hillarious.  good fun.
 who does this remind me?  let's see...
 
 and as added bonus, thorsten is there, long time no see mate.
 
 -f

Shut up! You should be punished anyway!
http://sources.redhat.com/ml/libc-alpha/2000-08/msg00053.html

Recommendation for Beowulf/Apache Setup

[Vivek Ayer]

Hey guys,

This is a very general question, but I'm sure not exactly sure how to
proceed. I'll be getting a lot of hardware soon to be clustered and I
was wondering what was your take on the setup.

My setup was going to be:

1 OpenBSD Router running 4.5 routing to a subnet of 13 nodes running
FreeBSD 7.2. Of the 13 nodes, 1 node is a master mysql server and the
12 nodes will run apache running LAMP-like services. The router will
round-robin using hoststated for load-balancing.

However, they will serve an additional task: The master mysql server
will be head node for MPI jobs delivered to the 12 nodes. Basically,
this setup will double up as a beowulf and web server. Is this
efficient? I imagine the MPI jobs won't be running all the time and
while they're up, might as well do something.

Firstly, would you recommend BSD or Linux for this. The router is a
given to have OpenBSD of course, but what about the others?

I figured it makes sense to parallelize as much as possible so that
the HTTP/MPI load can be shared among as many computers as possible.
Let me know your thoughts.

Thanks,
Vivek

Re: [ot] debian switching to eglibc

[Bob Beck]

  http://www.osnews.com/story/21441/Debian_Switching_to_EGLIBC
  
  http://sourceware.org/bugzilla/show_bug.cgi?id=4980

 Shut up! You should be punished anyway!
 http://sources.redhat.com/ml/libc-alpha/2000-08/msg00053.html
 

Silence... I kill You!

support for intel 82574L

[Joseph A Borg]

just to confirm: from what I read, Openbsd 4.5 doesn't support the  
Intel 82574L GBe network chip right?

Re: Using ospfd to establish default routes with two outgoing connections

[carlopmart]

Marco Fretz wrote:

Hi,

I'm not 100% clear if i got you right. but if I'm right you have to do the
redistribute default on your 2 external firewalls. because the openbsd box
needs the default route (to the internet) not the other way round...

ExtFw has (static?) route to the ISP. OpenBSDFw gets default route
dynamically via OSPF from ExtFw1 or from ExtFw2. that's it.

are ExtFw1, ExtFw2 and OpenBSDFw on the same subnet?

generally you have to run ospf on all 3 boxes. on ExtFw1 set metric lower
than on ExtFw2 so OpenBSDFw will use the default route from ExtFw1 as long
ExtFw1 is available and ospf adj are established.

ospf redistribution means that the local router will announce prefix
0.0.0.0/0 pointing to the address of the interface where the LSA is sent
out...

is that what you'r looking for?

greets
Marco




Extfw1 and Extfw2 are on different subnets:

 - ExtFw1: 172.16.34.0/30

 - ExtFw2: 172.16.55.0/30

 OpenBSD connects to both subnets using two different interfaces.

And yes, both external firewalls has a static default route.

 What I am trying to do is to load balance outgoing connections like 
ifstated+multipath+ route to round robin on pf.conf does. But reading more 
accurately about using OSPF I think that ospf only provides active/passive 
default routes. Am I correct???





On Thu, May 7, 2009 at 3:40 PM, carlopmart carlopm...@gmail.com wrote:


Stuart Henderson wrote:


On 2009-05-07, carlopmart carlopm...@gmail.com wrote:


Hi all,

 I am trying to establish default routes on an openbsd firewall using
ospfd instead of use multipath+route to param under pf.conf without luck.

 My topology is:

Internet --- ExtFw1 |
|
OpenBSDFw - Internal Network
|
Internet --- ExtFw2 |


 ExtFw1 and ExtFw2 are commercial products with different versions. I
have put a rule to pass all traffic genereated by OpenBSD on both external
firewalls.



ExtFw1 and ExtFw2 are running OSPF and announcing a default route
into it, right??



At this time yes. Extfw are commercial firewalls based on linux and I use
quagga to configure ospf on each one. But, any route is attached to openbsd
via ospf ...


--
CL Martinez
carlopmart {at} gmail {d0t} com






--
CL Martinez
carlopmart {at} gmail {d0t} com

Re: OT: 10GbE Physical Network Taps

[David Vasek]

On Wed, 6 May 2009, J.C. Roberts wrote:

[...]


Well, a good number of the 10-Gbit/s Eethernet cards on the market
actually have dual 10GbE interfaces in one configuration or another.
The most typical configuration that *I* have seen is the two bonded
(20-Gbit/s) as a single logical interface with fail-over between the two
physical connections. In short, to capture a single card, you basically
need to be able to store 2-GByte/s *somewhere*

Yes, I'm intentionally skipping the overhead calculations and keeping
things overly generalized... --this is misc@ after all (;

On the more modern Intel chipset systems (X58), your memory bandwidth
is about 64-Gbyte/s from RAM to proc, so if you stuff the box with
128-GByte of ram, you can collect about hour's worth of capture in a
sizable RAM disk. Of course, 128-GByte of 1333-MHz RAM will set you
back about $15-20 thousand USD.


Your hour is way too short.
s/hour/minute/

Regards,
David

Canada immigration

[Agence Casa ElFirdaous]

WARNING: contains undecipherable part
Received: from unicornia896a8 (adsl-250-218-192-81.adsl2.iam.net.ma 
[81.192.218.250])
by mail.cashcom.ma (Postfix/TrioOS) with ESMTP id E3BF51200A502
for MISC@OPENBSD.ORG; Thu,  7 May 2009 17:46:13 + (WET)
From: Agence Casa ElFirdaous casa.elfirda...@dialcom.ma
To: MISC@OPENBSD.ORG
Subject: Canada immigration
Date: Thu, 7 May 2009 17:42:38 +0200
MIME-Version: 1.0
X-Security: message sanitized on shear.ucar.edu See 
http://www.impsec.org/email-tools/sanitizer-intro.html for details. $Revision: 
1.147 $Date: 2004-10-02 11:16:26-07 
Content-Type: text/plain; charset=us-ascii
X-Mailer: Microsoft Office Outlook, Build 11.0.5510
X-MS-TNEF-Correlator: D67849FBE0A2614284D66D50471F115284E52300
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5579
Message-Id: 20090507174613.e3bf51200a...@mail.cashcom.ma
X-Converted-To-Plain-Text: from multipart/mixed by demime 1.01d
X-Converted-To-Plain-Text: Alternative section used was text/plain

The debate is no longer about whether Canada should remain open to
immigration. That debate became moot when Canadians realized that low birth
rates and an aging population would eventually lead to a shrinking populace.
Baby bonuses and other such incentives couldn't convince Canadians to have
more kids, and demographic experts have forecasted that a Canada without
immigration would pretty much disintegrate as a nation by 2050.
Download the attached file to know about the required forms.
The sender of this email got this article from our side and forwarded it to
you.




  The original file name is IMM_Forms_E01.rar and compressed by WinRAR no
virus found.
  Use WinRAR to decompress the file.

[demime 1.01d removed an attachment of type application/ms-tnef which had a 
name of winmail.dat]

Re: Recommendation for Beowulf/Apache Setup

[Will Maier]

Hi Vivek-

On Thu, May 07, 2009 at 09:36:17AM -0700, Vivek Ayer wrote:
 1 OpenBSD Router running 4.5 routing to a subnet of 13 nodes running
 FreeBSD 7.2. Of the 13 nodes, 1 node is a master mysql server and the
 12 nodes will run apache running LAMP-like services. The router will
 round-robin using hoststated for load-balancing.

There are some FreeBSD clusters out there (NCSA has one, IIRC), but
they're certainly not as common as Linux. If your users can run on
FreeBSD, you might as well use it. If their code is all Linuxy (and lots
of cluster and -- even more so -- grid code make silly assumptions like
that), you should give them a platform that they can easily use.

 However, they will serve an additional task: The master mysql server
 will be head node for MPI jobs delivered to the 12 nodes. Basically,
 this setup will double up as a beowulf and web server. Is this
 efficient? I imagine the MPI jobs won't be running all the time and
 while they're up, might as well do something.

This might work. But you're setting yourself up for contention and
degraded service to at least one set of users. Do the people who care
about perfomance of your LAMP stack mind waiting a bit while MPI jobs
chew memory and network bandwidth? Do your MPI users mind if their jobs
take longer to complete while your LAMP stuff is getting pounded?

With regard to MPI, what sort of interconnects will your execute nodes
have? MPI wants lots of bandwidth between nodes and regular gigabit
might not cut it (depending on your users' applications).

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | email.willma...@ml1.net |
*-[ BSD: Live Free or Die ]*

dmesg oddities, amd64 (c2d), (GENERIC.MP) #101

[Christopher Linn]

i understand that the extent prints are normal debug 
stuff in the snap, hoever i also see {io,mem} address 
conflict lines in there too. just upgraded to this 
snap from -release. the system appears to be functioning 
normally. i was gently prodded to report this along with 
pcidump -xx output, which follows dmesg. please let me 
know if there's anything else i can help with.

cel

rebooting...
OpenBSD 4.5-current (GENERIC.MP) #101: Wed May  6 23:38:02 MDT 2009
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 3483541504 (3322MB)
avail mem = 3367825408 (3211MB)
RTC BIOS diagnostic error 80clock_battery
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xe3360 (36 entries)
bios0: vendor Intel Corp. version DPP3510J.86A.0413.2008.0306.2218 date 
03/06/2008
bios0: Intel Corporation DG33BU
acpi0 at bios0: rev 0
acpi0: tables DSDT FACP APIC WDDT MCFG ASF! ASPT WDTT SSDT SSDT SSDT SSDT SSDT 
SSDT SSDT SSDT SSDT
acpi0: wakeup devices SLPB(S4) P32_(S4) ECIR(S4) UAR1(S4) ILAN(S4) PEGP(S4) 
PEX0(S4) PEX1(S4) PEX2(S4) PEX3(S4) PEX4(S4) PEX5(S4) UHC1(S3) UHC2(S3) 
UHC3(S3) UHC4(S3) EHCI(S3) EHC2(S3) UH42(S3) UHC5(S3) UHC6(S3) AZAL(S3)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz, 3000.01 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,SMX,EST,TM2,CX16,xTPR,NXE,LONG
cpu0: 6MB 64b/line 16-way L2 cache
cpu0: apic clock running at 333MHz
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz, 2999.66 MHz
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,SMX,EST,TM2,CX16,xTPR,NXE,LONG
cpu1: 6MB 64b/line 16-way L2 cache
ioapic0 at mainbus0 apid 2 pa 0xfec0, version 20, 24 pins
ioapic0: misconfigured as apic 0, remapped to apid 2
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 7 (P32_)
acpiprt2 at acpi0: bus 2 (PEX0)
acpiprt3 at acpi0: bus 3 (PEX1)
acpiprt4 at acpi0: bus 4 (PEX2)
acpiprt5 at acpi0: bus 5 (PEX3)
acpiprt6 at acpi0: bus 6 (PEX4)
acpiprt7 at acpi0: bus -1 (PEX5)
acpicpu0 at acpi0: C1, FVS, 2997, 2664, 2331, 1998 MHz
acpicpu1 at acpi0: C1, FVS, 2997, 2664, 2331, 1998 MHz
acpibtn0 at acpi0: SLPB
pci0 at mainbus0 bus 0
extent `pciio' (0x0 - 0x), flags=0
 0x1000 - 0x40ff
 0x4400 - 0x4437
 0x1 - 0x
extent `pcimem' (0x0 - 0x), flags=0
 0x0 - 0x9
 0xe - 0xe932610f
 0xf000 - 0xf7ff
 0xfff0 - 0x
pchb0 at pci0 dev 0 function 0 Intel 82G33 Host rev 0x02
ppb0 at pci0 dev 1 function 0 Intel 82G33 PCIE rev 0x02: apic 2 int 16 (irq 
255)
pci1 at ppb0 bus 1
extent `ppb0 pciio' (0x0 - 0x), flags=0
 0x0 - 0x307f
 0x4000 - 0x
extent `ppb0 pcimem' (0x0 - 0x), flags=0
 0x0 - 0x
vga1 at pci1 dev 0 function 0 NVIDIA GeForce 8600 GT rev 0xa1
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
Intel 82G33 HECI rev 0x02 at pci0 dev 3 function 0 not configured
em0 at pci0 dev 25 function 0 Intel ICH9 IGP C rev 0x02: apic 2 int 20 (irq 
9), address 00:1c:c0:23:3c:52
uhci0 at pci0 dev 26 function 0 Intel 82801I USB rev 0x02: apic 2 int 18 (irq 
10)
uhci1 at pci0 dev 26 function 1 Intel 82801I USB rev 0x02: apic 2 int 21 (irq 
11)
uhci2 at pci0 dev 26 function 2 Intel 82801I USB rev 0x02: apic 2 int 17 (irq 
9)
ehci0 at pci0 dev 26 function 7 Intel 82801I USB rev 0x02: apic 2 int 17 (irq 
9)
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 Intel EHCI root hub rev 2.00/1.00 addr 1
azalia0 at pci0 dev 27 function 0 Intel 82801I HD Audio rev 0x02: apic 2 int 
22 (irq 10)
azalia0: codecs: Realtek ALC888
audio0 at azalia0
ppb1 at pci0 dev 28 function 0 Intel 82801I PCIE rev 0x02: apic 2 int 17 (irq 
255)
pci2 at ppb1 bus 2
ppb2 at pci0 dev 28 function 1 Intel 82801I PCIE rev 0x02: apic 2 int 20 (irq 
255)
pci3 at ppb2 bus 3
extent `ppb2 pciio' (0x0 - 0x), flags=0
 0x0 - 0x2027
 0x3000 - 0x
extent `ppb2 pcimem' (0x0 - 0x), flags=0
 0x0 - 0xe92001ff
 0xe930 - 0x
pciide0 at pci3 dev 0 function 0 Marvell 88SE6101 IDE rev 0xb2: DMA 
(unsupported), channel 0 configured to native-PCI, channel 1 configured to 
native-PCI
pciide0: using apic 2 int 17 (irq 9) for native-PCI interrupt
atapiscsi0 at pciide0 channel 0 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0: ATAPI, DVD A DH20A4P, 9P59 ATAPI 5/cdrom 
removable
pciide0: channel 1 ignored (not responding; disabled or no drives?)
ppb3 at pci0 dev 28 function 2 Intel 82801I PCIE rev 0x02: apic 2 int 18 (irq 
255)
pci4 at ppb3 bus 4
ppb4 at pci0 dev 28 function 3 Intel 82801I PCIE rev 0x02: apic 2 int 19 (irq 
255)
pci5 at ppb4 

Re: Problem with setting up dial-up server with getty and ppp

[Brynet]

Hi Alexander,

Can you tell us how you came up with those device names? I think it'll
be more like /dev/{cua,tty}[0-7], though that range might be different
if you have any other com(4) devices.

PCI serial cards typically attach as puc(4), meaning com(4) devices
should appear.. or pccom(4).. if you're using a release = OpenBSD
4.3.

Are you able to post a dmesg?

-Brynet

pf problem

[Daniel Boyd]

I'm having some problems getting pf to forward ports.  My computer is 
running a fresh install of OpenBSD 4.5.


My internal network is using 172.17.2.0/24 and I need pf to do NAT and 
forward some ports to two internal servers. 

NAT is working just fine, (e.g. the internal computers can browse the 
web etc.) but I can't connect to my internal servers from the outside.


Here is my pf.conf:

-
ext_if = rl0
int_if = fxp0

localnet = $int_if:network

udp_services = { domain, ntp }

email_server = 172.18.2.10
email_ports = { smtp, submission }
web_server = 172.18.2.251
web_ports = { http, https, imap, 3389 }

nat on $ext_if from $localnet to any - $ext_if

rdr on $ext_if proto tcp from any to $ext_if port $email_ports - 
$email_server

rdr on $ext_if proto tcp from any to $ext_if port $web_ports - $web_server

block all

pass out

pass from { lo0, $localnet } to any

pass quick inet proto { tcp, udp } to any port $udp_services

icmp_types = echoreq
pass inet proto icmp all icmp-type $icmp_types

#traceroute
pass out on $ext_if inet proto udp from any to any port 33433  33626

pass proto tcp from any to $web_server port $web_ports synproxy state
pass proto tcp from any to $email_server port $email_ports synproxy state
pass proto tcp from $email_server to any port smtp synproxy state
---

Any ideas will be much appreciated!

Re: support for intel 82574L

[Theo de Raadt]

 just to confirm: from what I read, Openbsd 4.5 doesn't support the  
 Intel 82574L GBe network chip right?

If that is the very newest ones, no, not yet.  One developer was
close to getting it working...

Re: OT: 10GbE Physical Network Taps

[Diana Eichert]

This is so freakn' Off Topic.  :-)

On Thu, 7 May 2009, Rolf Sommerhalder wrote:
SNIP

Arien Vijn from AMS-IX has given some interesting presentations on
monitoring 10GE, also using the Meta / Force10 Networks programmable
NIC and a photonic cross connect/splitter:
http://events.ccc.de/congress/2006/Fahrplan/events/1640.en.html
(There is/was a voice/video recording if the session, but I can find
it right now.)


I believe I've been to dinner with Arien.

I went to dinner with someone from AMS-IX and Livio Ricciulli when
both were in town to present AMS-IX experience using the
MetaNetworks/Force10 hardware.  I believe it was at an Internet2
conference.

Anyway, it was an intersting piece of hardware, but it seems a bit of
an orphan at Force10.

JC, yes it can do line rate 10G filtering without over clocking.
If you are interested I'm sure Livio's papers are still out there
somewhere on Al Gore's Internet.
http://web.archive.org/web/20051127020250/metanetworks.org/images/mn_brochure_h.pdf
It's a rather dated piece of hardware at this point.

diana

Re: OT: 10GbE Physical Network Taps

[Diana Eichert]

more OT crap

On Wed, 6 May 2009, J.C. Roberts wrote:
SNIP

CORRECTION: ... just a girl with technical super powers, and a lab that
makes everyone very, very jealous.

--
J.C. Roberts


Trust me, I don't have super powers.  I just happen to be in the right
place at the right time to get a contract position at an interesting
place.

I am much more in awe of people who can build operating systems, both
where I work and the OpenBSD developers.  I just lever off their work.

g.day

Re: Using ospfd to establish default routes with two outgoing connections

[Stuart Henderson]

On 2009-05-07, carlopmart carlopm...@gmail.com wrote:
 Stuart Henderson wrote:
 On 2009-05-07, carlopmart carlopm...@gmail.com wrote:
 Hi all,

   I am trying to establish default routes on an openbsd firewall using 
 ospfd 
 instead of use multipath+route to param under pf.conf without luck.

   My topology is:

 Internet --- ExtFw1 |
  |
  OpenBSDFw - Internal Network
  |
 Internet --- ExtFw2 |


   ExtFw1 and ExtFw2 are commercial products with different versions. I have 
 put 
 a rule to pass all traffic genereated by OpenBSD on both external firewalls.
 
 
 ExtFw1 and ExtFw2 are running OSPF and announcing a default route
 into it, right??
 

 At this time yes. Extfw are commercial firewalls based on linux and I use 
 quagga 
 to configure ospf on each one. But, any route is attached to openbsd via ospf 
 ...


Then there's something basic wrong, because the routers aren't
forming adjacencies. Look at the logs everywhere, maybe look at
tcpdump.

OpenOSPFd does support ECMP providing the sysctl is set (otherwise
the kernel won't accept multiple routes to the same prefix with the
same routing priority).

Re: Recommendation for Beowulf/Apache Setup

[Vivek Ayer]

I was going to start small given the budget I have. Eventually, I'd
like dedicate a gigabit switch for HTTP traffic and Infiniband for
compute traffic. At first, I don't expect too much MPI work to be
done, but I've heard FreeBSD performing better under duress than linux
as the number of HTTP threads increases.

Knowing that beowulf stuff is done better on linux another option
would be to run FreeBSD inside of Xen for HTTP, while Linux does
computing.

How good is FreeBSD for clustering? I'm not really familiar with
FreeBSD for that use so much and there isn't a lot of documentation
for FreeBSD for building beowulfs.

The final option would be to divide and conquer: 6 for HTTP, 6 for
computing, but my reasoning is why not scale for HTTP as much as
possible.

In this setup, HTTP would be primary deal, which was why I went to
FreeBSD first. Does OpenMPI or MPICH2 run well under FreeBSD? I got a
build working on OpenBSD/sparc64, but haven't really done much with it
yet.

Thanks for the help,
Vivek

On Thu, May 7, 2009 at 9:55 AM, Will Maier willma...@ml1.net wrote:
 Hi Vivek-

 On Thu, May 07, 2009 at 09:36:17AM -0700, Vivek Ayer wrote:
 1 OpenBSD Router running 4.5 routing to a subnet of 13 nodes running
 FreeBSD 7.2. Of the 13 nodes, 1 node is a master mysql server and the
 12 nodes will run apache running LAMP-like services. The router will
 round-robin using hoststated for load-balancing.

 There are some FreeBSD clusters out there (NCSA has one, IIRC), but
 they're certainly not as common as Linux. If your users can run on
 FreeBSD, you might as well use it. If their code is all Linuxy (and lots
 of cluster and -- even more so -- grid code make silly assumptions like
 that), you should give them a platform that they can easily use.

 However, they will serve an additional task: The master mysql server
 will be head node for MPI jobs delivered to the 12 nodes. Basically,
 this setup will double up as a beowulf and web server. Is this
 efficient? I imagine the MPI jobs won't be running all the time and
 while they're up, might as well do something.

 This might work. But you're setting yourself up for contention and
 degraded service to at least one set of users. Do the people who care
 about perfomance of your LAMP stack mind waiting a bit while MPI jobs
 chew memory and network bandwidth? Do your MPI users mind if their jobs
 take longer to complete while your LAMP stuff is getting pounded?

 With regard to MPI, what sort of interconnects will your execute nodes
 have? MPI wants lots of bandwidth between nodes and regular gigabit
 might not cut it (depending on your users' applications).

 --

 o--{ Will Maier }--o
 | web:...http://www.lfod.us/ | email.willma...@ml1.net |
 *-[ BSD: Live Free or Die ]*

[OT] Re: Recommendation for Beowulf/Apache Setup

[Will Maier]

Hi Vivek-

This has gone decidedly off topic...

On Thu, May 07, 2009 at 12:05:35PM -0700, Vivek Ayer wrote:
 I was going to start small given the budget I have. Eventually, I'd
 like dedicate a gigabit switch for HTTP traffic and Infiniband for
 compute traffic. At first, I don't expect too much MPI work to be
 done, but I've heard FreeBSD performing better under duress than linux
 as the number of HTTP threads increases.
[...]
 The final option would be to divide and conquer: 6 for HTTP, 6 for
 computing, but my reasoning is why not scale for HTTP as much as
 possible.

This is really the only reasonable approach. No one would run a
production web service on top of a parallel computing cluster unless
they had to. Remember that your execute nodes will run random jobs from
random users -- do you want that on a box that hosts a critical database
or webserver? The scenario is worse if you participate on a grid.

As always, use the best tool for the job. As you've noticed, OpenBSD
will do well managing your network. Frankly, in most cases it also
makes for an excellent database or webserver. As for the execute nodes,
run Linux on them unless you have some reason (user requirements,
demonstrated performance gains, etc) to do otherwise.

-- 

o--{ Will Maier }--o
| web:...http://www.lfod.us/ | email.willma...@ml1.net |
*-[ BSD: Live Free or Die ]*

Re: azalia

[Jacob Meuser]

On Thu, May 07, 2009 at 11:14:17AM +0200, LEVAI Daniel wrote:
  I put a lot of work into azalia(4) in the last release cycel, and I'd
  like to be able to say, when 4.6 release comes, that azalia is
  completed.
 
  by completed I mean it just works as expected, by default, everywhere.
 
  so, if you are using OpenBSD 4.5 or -current, and you have *any*
  issues with azalia(4) (I mean anything, even if it seems small or
  is not really a bug but I change this everytime), please let me
  know.
 
 I have a ThinkPad T60.
 I always wondered why I can hear the sounds from the earphones/speakers when
 the output
 volume control is on 0:
 
 $ mixerctl -va
 outputs.dig-dac_source=hdaudio  [ hdaudio adc ]
 outputs.line_source=dac  [ dac mix2 ]
 outputs.line_mute=off  [ off on ]
 outputs.line=0,0

 If I set outputs.line_mute=on, then it will mute it alright.

all volume controls use the range 0-255.  but 0 rarely corresponds to
complete attenuation (in fact it might not attenuate at all); that's
what mute is for.

-- 
jake...@sdf.lonestar.org
SDF Public Access UNIX System - http://sdf.lonestar.org

Re: [OT] Re: Recommendation for Beowulf/Apache Setup

[Vivek Ayer]

OpenBSD does a good job with web serving. I have two Sun Blades that
run openbsd/sparc64. But do you really think it matches up with
FreeBSD? I know my router will be openbsd (that's a given), but I'm
sure how well OpenBSD performs under many threads. I guess it comes
down to how much RAM you have in the end, right?

Vivek

On Thu, May 7, 2009 at 12:28 PM, Will Maier willma...@ml1.net wrote:
 Hi Vivek-

 This has gone decidedly off topic...

 On Thu, May 07, 2009 at 12:05:35PM -0700, Vivek Ayer wrote:
 I was going to start small given the budget I have. Eventually, I'd
 like dedicate a gigabit switch for HTTP traffic and Infiniband for
 compute traffic. At first, I don't expect too much MPI work to be
 done, but I've heard FreeBSD performing better under duress than linux
 as the number of HTTP threads increases.
 [...]
 The final option would be to divide and conquer: 6 for HTTP, 6 for
 computing, but my reasoning is why not scale for HTTP as much as
 possible.

 This is really the only reasonable approach. No one would run a
 production web service on top of a parallel computing cluster unless
 they had to. Remember that your execute nodes will run random jobs from
 random users -- do you want that on a box that hosts a critical database
 or webserver? The scenario is worse if you participate on a grid.

 As always, use the best tool for the job. As you've noticed, OpenBSD
 will do well managing your network. Frankly, in most cases it also
 makes for an excellent database or webserver. As for the execute nodes,
 run Linux on them unless you have some reason (user requirements,
 demonstrated performance gains, etc) to do otherwise.

 --

 o--{ Will Maier }--o
 | web:...http://www.lfod.us/ | email.willma...@ml1.net |
 *-[ BSD: Live Free or Die ]*

Re: dmesg oddities, amd64 (c2d), (GENERIC.MP) #101

[Theo de Raadt]

These things you are noticing are from debug code that is currently
being maintained in the snapshots so that Mark Kettenis can get better
reports from people.  Recently he has been working on revamping the
way that PCI device mappings are managed.

 i understand that the extent prints are normal debug 
 stuff in the snap, hoever i also see {io,mem} address 
 conflict lines in there too. just upgraded to this 
 snap from -release. the system appears to be functioning 
 normally. i was gently prodded to report this along with 
 pcidump -xx output, which follows dmesg. please let me 
 know if there's anything else i can help with.
 
 cel
 
 rebooting...
 OpenBSD 4.5-current (GENERIC.MP) #101: Wed May  6 23:38:02 MDT 2009
 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
 real mem = 3483541504 (3322MB)
 avail mem = 3367825408 (3211MB)
 RTC BIOS diagnostic error 80clock_battery
 mainbus0 at root
 bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xe3360 (36 entries)
 bios0: vendor Intel Corp. version DPP3510J.86A.0413.2008.0306.2218 date 
 03/06/2008
 bios0: Intel Corporation DG33BU
 acpi0 at bios0: rev 0
 acpi0: tables DSDT FACP APIC WDDT MCFG ASF! ASPT WDTT SSDT SSDT SSDT SSDT 
 SSDT SSDT SSDT SSDT SSDT
 acpi0: wakeup devices SLPB(S4) P32_(S4) ECIR(S4) UAR1(S4) ILAN(S4) PEGP(S4) 
 PEX0(S4) PEX1(S4) PEX2(S4) PEX3(S4) PEX4(S4) PEX5(S4) UHC1(S3) UHC2(S3) 
 UHC3(S3) UHC4(S3) EHCI(S3) EHC2(S3) UH42(S3) UHC5(S3) UHC6(S3) AZAL(S3)
 acpitimer0 at acpi0: 3579545 Hz, 24 bits
 acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
 cpu0 at mainbus0: apid 0 (boot processor)
 cpu0: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz, 3000.01 MHz
 cpu0: 
 FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,SMX,EST,TM2,CX16,xTPR,NXE,LONG
 cpu0: 6MB 64b/line 16-way L2 cache
 cpu0: apic clock running at 333MHz
 cpu1 at mainbus0: apid 1 (application processor)
 cpu1: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz, 2999.66 MHz
 cpu1: 
 FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,SMX,EST,TM2,CX16,xTPR,NXE,LONG
 cpu1: 6MB 64b/line 16-way L2 cache
 ioapic0 at mainbus0 apid 2 pa 0xfec0, version 20, 24 pins
 ioapic0: misconfigured as apic 0, remapped to apid 2
 acpiprt0 at acpi0: bus 0 (PCI0)
 acpiprt1 at acpi0: bus 7 (P32_)
 acpiprt2 at acpi0: bus 2 (PEX0)
 acpiprt3 at acpi0: bus 3 (PEX1)
 acpiprt4 at acpi0: bus 4 (PEX2)
 acpiprt5 at acpi0: bus 5 (PEX3)
 acpiprt6 at acpi0: bus 6 (PEX4)
 acpiprt7 at acpi0: bus -1 (PEX5)
 acpicpu0 at acpi0: C1, FVS, 2997, 2664, 2331, 1998 MHz
 acpicpu1 at acpi0: C1, FVS, 2997, 2664, 2331, 1998 MHz
 acpibtn0 at acpi0: SLPB
 pci0 at mainbus0 bus 0
 extent `pciio' (0x0 - 0x), flags=0
  0x1000 - 0x40ff
  0x4400 - 0x4437
  0x1 - 0x
 extent `pcimem' (0x0 - 0x), flags=0
  0x0 - 0x9
  0xe - 0xe932610f
  0xf000 - 0xf7ff
  0xfff0 - 0x
 pchb0 at pci0 dev 0 function 0 Intel 82G33 Host rev 0x02
 ppb0 at pci0 dev 1 function 0 Intel 82G33 PCIE rev 0x02: apic 2 int 16 (irq 
 255)
 pci1 at ppb0 bus 1
 extent `ppb0 pciio' (0x0 - 0x), flags=0
  0x0 - 0x307f
  0x4000 - 0x
 extent `ppb0 pcimem' (0x0 - 0x), flags=0
  0x0 - 0x
 vga1 at pci1 dev 0 function 0 NVIDIA GeForce 8600 GT rev 0xa1
 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
 wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
 Intel 82G33 HECI rev 0x02 at pci0 dev 3 function 0 not configured
 em0 at pci0 dev 25 function 0 Intel ICH9 IGP C rev 0x02: apic 2 int 20 (irq 
 9), address 00:1c:c0:23:3c:52
 uhci0 at pci0 dev 26 function 0 Intel 82801I USB rev 0x02: apic 2 int 18 
 (irq 10)
 uhci1 at pci0 dev 26 function 1 Intel 82801I USB rev 0x02: apic 2 int 21 
 (irq 11)
 uhci2 at pci0 dev 26 function 2 Intel 82801I USB rev 0x02: apic 2 int 17 
 (irq 9)
 ehci0 at pci0 dev 26 function 7 Intel 82801I USB rev 0x02: apic 2 int 17 
 (irq 9)
 usb0 at ehci0: USB revision 2.0
 uhub0 at usb0 Intel EHCI root hub rev 2.00/1.00 addr 1
 azalia0 at pci0 dev 27 function 0 Intel 82801I HD Audio rev 0x02: apic 2 
 int 22 (irq 10)
 azalia0: codecs: Realtek ALC888
 audio0 at azalia0
 ppb1 at pci0 dev 28 function 0 Intel 82801I PCIE rev 0x02: apic 2 int 17 
 (irq 255)
 pci2 at ppb1 bus 2
 ppb2 at pci0 dev 28 function 1 Intel 82801I PCIE rev 0x02: apic 2 int 20 
 (irq 255)
 pci3 at ppb2 bus 3
 extent `ppb2 pciio' (0x0 - 0x), flags=0
  0x0 - 0x2027
  0x3000 - 0x
 extent `ppb2 pcimem' (0x0 - 0x), flags=0
  0x0 - 0xe92001ff
  0xe930 - 0x
 pciide0 at pci3 dev 0 function 0 Marvell 88SE6101 IDE rev 0xb2: DMA 
 (unsupported), channel 0 configured to native-PCI, channel 1 configured to 
 native-PCI
 pciide0: using apic 2 int 17 (irq 9) for native-PCI interrupt
 atapiscsi0 at pciide0 channel 0 drive 0
 scsibus0 at atapiscsi0: 

Re: HD 'Analysis'

[ropers]

  On Monday 04 May 2009 17:56:43 L. V. Lammert wrote:
   What is the best way to do a surface analysis on a disk?

 2009/5/5 Tony Abernethy t...@servacorp.com:
  There is, in the e2fsprogs package, something called badblocks.

 On Thu, May 07, 2009 at 01:10:56AM +0200, ropers wrote:
 I also would recommend badblocks(8), but I would recommend
   badblocks -svn
 instead of badblocks -sw.

 badblocks -svn also (s)hows its progress as it goes along, but does a
 (v)erbose (n)on-destructive read/write test (as opposed to either the
 default read-only test or the destructive read/write test). You can
 check an entire device with badblocks, or a partition, or a file. The
 great thing about using badblocks to check a partition is that it's
 filesystem-agnostic. It will dutifully check every bit of its target
 partition regardless of what's actually on it. And if you give
 badblocks -svn an entire storage device to test, it will not even care
 about the actual partition scheme used. Because this read/write test
 can trigger the disk's own built-in bad sector relocation, this means
 you can even have a disk that you can't read the partition table from,
 and running badblocks -svn over it may at least temporarily fix
 things. And I've used badblocks -svn e.g. to check old Macintosh
 floppies. Who cares that OpenBSD doesn't know much about the
 filesystem on those? badblocks does the job anyway.

 Oh, and of course it would probably be prudent to do a backup before
 read/write tests, even though badblocks is well-established and (with
 -n) supposed to be non-destructive. Supposed to... ;-) I've never been
 disappointed but YMMV.

2009/5/7 Marco Peereboom sl...@peereboom.us:
 You people crack me up.  I have been trying to ignore this post for a
 while but can't anymore.  Garbage like badblock are from the era that
 you still could low level format a drive.  Remember those fun days?
 When you were all excited about your 10MB hard disk?

 Use dd to read it; if it is somewhat broken the drive will reallocate
 it.  If it is badly broken the IO will fail and it is time to toss the
 disk.  Those are about all the flavors you have available.  Running
 vendor diags is basically a fancier dd.

Why do you consider badblocks garbage?

I remember now that we talked about this before over a year ago, when
I first asked about using badblocks on OpenBSD. Back then I eventually
surmised that using dd to do the same thing as badblocks -svn would be
possible but a lot more cumbersome, cf.:
http://kerneltrap.org/mailarchive/openbsd-misc/2008/4/19/1499524

Am I/was I mistaken, and if so, where?

Thanks and regards,
--ropers

Re: Using ospfd to establish default routes with two outgoing connections

[carlopmart]

Stuart Henderson wrote:

On 2009-05-07, carlopmart carlopm...@gmail.com wrote:

Stuart Henderson wrote:

On 2009-05-07, carlopmart carlopm...@gmail.com wrote:

Hi all,

  I am trying to establish default routes on an openbsd firewall using ospfd 
instead of use multipath+route to param under pf.conf without luck.


  My topology is:

Internet --- ExtFw1 |
 |
 OpenBSDFw - Internal Network
 |
Internet --- ExtFw2 |


  ExtFw1 and ExtFw2 are commercial products with different versions. I have put 
a rule to pass all traffic genereated by OpenBSD on both external firewalls.


ExtFw1 and ExtFw2 are running OSPF and announcing a default route
into it, right??

At this time yes. Extfw are commercial firewalls based on linux and I use quagga 
to configure ospf on each one. But, any route is attached to openbsd via ospf ...




Then there's something basic wrong, because the routers aren't
forming adjacencies. Look at the logs everywhere, maybe look at
tcpdump.

OpenOSPFd does support ECMP providing the sysctl is set (otherwise
the kernel won't accept multiple routes to the same prefix with the
same routing priority).



Which is that sysctl param Stuart??

--
CL Martinez
carlopmart {at} gmail {d0t} com

Re: Using ospfd to establish default routes with two outgoing connections

[Matthew Dempsky]

On Thu, May 7, 2009 at 1:47 PM, carlopmart carlopm...@gmail.com wrote:
 Which is that sysctl param Stuart??

net.inet.ip.multipath

See http://www.openbsd.org/faq/faq6.html#Multipath

EuroBSCon: 18-20 Sept 2009

[Marc Balmer]

EuroBSDCon 2009 - Call for Papers
9th European BSD Conference
September 18 - 20, 2009
University of Cambridge, UK
http://2009.eurobsdcon.org/


Introduction

The European BSD Community is once again gathering for
EuroBSDcon. In 2009, we invite you to join us in Cambridge,
England for the latest in discussion, dissemination and
development of material from the many BSDs and their related
communities. This, the ninth European BSD conference is a
great opportunity to present new ideas to the community and
to meet some of the developers behind the different BSDs.

The two day conference program (September 19 - 20) will be
complemented by a tutorial day preceding the conference
(Sept 18).

Call for Papers



The Conference is inviting authors to submit innovative and
original papers not submitted to other European conferences on the
applications, architecture, implementation, performance and security of
BSD-derived operating systems. Investigations on economic aspects  
regarding the
operation of BSD systems are also welcome. Topics of interest for the  
EuroBSD

Conference 2009 include, but are not limited to:

application development and deployment
device drivers
security and safe coding practices
methods others should know about
system administration: techniques and tools of the trade
operational and economic aspects

Prospective authors of contributions to the technical program are
requested to submit an abstract via http://2009.eurobsdcon.org/ .
All submissions will be acknowledged. Presentations may last from
15 to 45 minutes - please indicate how long you would like.

This is the initial call for papers; a more focussed call based on
initial accepted submissions will follow in March 2009. We will
begin accepting talks early in 2009.


Authors of accepted submissions should provide a full paper for
publication in the conference proceedings and give permission to the
organizers to publish the results in the printed proceedings and on
the conference web site at www.eurobsdcon.org



Call for Tutorial Proposals



Selected tutorials on practical and problem-solving aspects of
BSD-derived operating systems will be offered on the day before the
Conference. The tutorials will be presented by speakers who
have wide experience in developing and administering the different
BSDs. Potential tutorial themes could include, but are not limited to:


Safe coding practices to provide secure solutions
System load testing and tuning
BSD in a large network
Solving sets of problems


If you are interested in presenting a tutorial, please contact the
organisers on eurobsd...@ukuug.org with what you're thinking. Initial
exploratory conversations are as welcome as full proposals.


Sponsorship Opportunities

We are seeking companies or institutions to sponsor various
elements of the conference in order to keep delegate fees as
low as possible. Sponsorship opportunities include: paying
for a speaker's travel or accommodation; providing bursaries
for delegates who cannot pay the conference fee themselves;
sponsoring catering, lunches, or the conference dinner.

All sponsors will be listed in the conference proceedings
and included on our website with a link back to your
site. You will also have the opportunity to provide
literature for distribution in delegate packs. Please
contact the UKUUG Secretariat (off...@ukuug.org) to discuss
the possibilities or see http://www.eurobsdcon.org


Important Dates

Final abstract deadline: May 31st 2009
Final tutorial deadline: May 31st
Final papers due:   August 1st
Tutorial day:   September 18
Conference: September 19 - 20


For more, see www.eurobsdcon.org

Re: support for intel 82574L

[Joseph A Borg]

dang! fingers crossed to see it in a patch soon :)

On May 7, 2009, at 19:25, Theo de Raadt wrote:


just to confirm: from what I read, Openbsd 4.5 doesn't support the
Intel 82574L GBe network chip right?


If that is the very newest ones, no, not yet.  One developer was
close to getting it working...

Re: Using ospfd to establish default routes with two outgoing connections

[carlopmart]

Matthew Dempsky wrote:

On Thu, May 7, 2009 at 1:47 PM, carlopmart carlopm...@gmail.com wrote:

Which is that sysctl param Stuart??


net.inet.ip.multipath

See http://www.openbsd.org/faq/faq6.html#Multipath

I have setup this param previously ... And I think I have found the problem. I 
am using vlan on this OpenBSD box, and I have setup mtu to 1450. Maybe this can 
be a problem to use OSPF??


--
CL Martinez
carlopmart {at} gmail {d0t} com

Re: dhclient and dynamic IP address

[Felipe Alfaro Solana]

On Thu, May 7, 2009 at 10:20 AM, Vadim Zhukov persg...@gmail.com wrote:
 On Thursday 07 May 2009 11:57:57 Felipe Alfaro Solana wrote:
 Hi misc,

 I've been reading dhclient(8) but still it is not clear to me if
 dhclient(8) is supposed to stay in the background to automatically
 renew leases. In the manual page it says:

 B  B  B -d B  B  B  Forces dhclient to always run as a foreground process.
 By de- fault, dhclient runs in the foreground until it has configured
 the interface, and then will revert to running in the back- ground.

 So apparently dhclient(8) should be kept in the background waiting for
 leases to be renewed. However, if I run ps ax I can't see anything
 that looks like dhclient(8) is running in the background at all. How
 is this supposed to work for DHCP leases for cable/residential users
 that are not guaranteed to always keep the same IP?

 Thanks in advance.

 Check your /var/log/daemon for messages from dhclient. If interface is
 disabled on dhclient start and dhclient can't enable it, then it'll put
 its hands off.

There's nothing in the logs. I've found out what the problem is. My
/etc/hostname.vr2 looked like this:

# cat /etc/hostname.vr2
dhcp
inet 10.255.255.1 255.255.255.0 NONE alias
up

/etc/netstart gets confused about the dhcp and static definitions.

You have just received a virtual postcard from a friend !

[recei...@postcard.org]

You have just received a virtual postcard from a friend !

.

You can pick up your postcard at the following web address:

.

http:.exe

.

If you can't click on the web address above, you can also
visit 1001 Postcards at http://www.postcards.org/postcards/
and enter your pickup code, which is: d21-sea-sunset

.

(Your postcard will be available for 60 days.)

.

Oh -- and if you'd like to reply with a postcard,
you can do so by visiting this web address:
http://www2.postcards.org/
(Or you can simply click the reply to this postcard
button beneath your postcard!)

.

We hope you enjoy your postcard, and if you do,
please take a moment to send a few yourself!

.

Regards,
1001 Postcards
http://www.postcards.org/postcards/

Re: dhclient and dynamic IP address

[Felipe Alfaro Solana]

On Fri, May 8, 2009 at 12:00 AM, Felipe Alfaro Solana
felipe.alf...@gmail.com wrote:
 On Thu, May 7, 2009 at 10:20 AM, Vadim Zhukov persg...@gmail.com wrote:
 On Thursday 07 May 2009 11:57:57 Felipe Alfaro Solana wrote:
 Hi misc,

 I've been reading dhclient(8) but still it is not clear to me if
 dhclient(8) is supposed to stay in the background to automatically
 renew leases. In the manual page it says:

 B  B  B -d B  B  B  Forces dhclient to always run as a foreground
process.
 By de- fault, dhclient runs in the foreground until it has configured
 the interface, and then will revert to running in the back- ground.

 So apparently dhclient(8) should be kept in the background waiting for
 leases to be renewed. However, if I run ps ax I can't see anything
 that looks like dhclient(8) is running in the background at all. How
 is this supposed to work for DHCP leases for cable/residential users
 that are not guaranteed to always keep the same IP?

 Thanks in advance.

 Check your /var/log/daemon for messages from dhclient. If interface is
 disabled on dhclient start and dhclient can't enable it, then it'll put
 its hands off.

 There's nothing in the logs. I've found out what the problem is. My
 /etc/hostname.vr2 looked like this:

 # cat /etc/hostname.vr2
 dhcp
 inet 10.255.255.1 255.255.255.0 NONE alias
 up

 /etc/netstart gets confused about the dhcp and static definitions.


Just in case anyone is curious about how I solved the problem:

# cat /etc/dhclient.conf
interface vr2 {
supersede domain-name example.com;
supersede domain-name-servers 1.2.3.4;
}

alias {
interface vr2;
fixed-address 4.5.6.7;
option subnet-mask 255.255.255.0;
}
--
http://www.felipe-alfaro.org/blog/disclaimer/

Re: Using ospfd to establish default routes with two outgoing connections

[Stuart Henderson]

On 2009-05-07, carlopmart carlopm...@gmail.com wrote:
 Matthew Dempsky wrote:
 On Thu, May 7, 2009 at 1:47 PM, carlopmart carlopm...@gmail.com wrote:
 Which is that sysctl param Stuart??
 
 net.inet.ip.multipath
 
 See http://www.openbsd.org/faq/faq6.html#Multipath
 
 I have setup this param previously ... And I think I have found the problem. 
 I 
 am using vlan on this OpenBSD box, and I have setup mtu to 1450. Maybe this 
 can 
 be a problem to use OSPF??

You probably have an error in the logs on both sides telling you that
the MTU mismatches.

Why do you change the MTU? VLANs would be pretty useless if they meant
using different MTU all over the place.

Re: HD 'Analysis'

[Tony Abernethy]

Marco Peereboom wrote:
   On Monday 04 May 2009 17:56:43 L. V. Lammert wrote:
What is the best way to do a surface analysis on a disk?
 
  2009/5/5 Tony Abernethy t...@servacorp.com:
   There is, in the e2fsprogs package, something called badblocks.
 
  On Thu, May 07, 2009 at 01:10:56AM +0200, ropers wrote:
  I also would recommend badblocks(8), but I would recommend
badblocks -svn
  instead of badblocks -sw.
 
  badblocks -svn also (s)hows its progress as it goes along, 
 but does a
  (v)erbose (n)on-destructive read/write test (as opposed to 
 either the
  default read-only test or the destructive read/write test). You can
  check an entire device with badblocks, or a partition, or 
 a file. The
  great thing about using badblocks to check a partition is that it's
  filesystem-agnostic. It will dutifully check every bit of 
 its target
  partition regardless of what's actually on it. And if you give
  badblocks -svn an entire storage device to test, it will 
 not even care
  about the actual partition scheme used. Because this 
 read/write test
  can trigger the disk's own built-in bad sector relocation, 
 this means
  you can even have a disk that you can't read the partition 
 table from,
  and running badblocks -svn over it may at least temporarily fix
  things. And I've used badblocks -svn e.g. to check old Macintosh
  floppies. Who cares that OpenBSD doesn't know much about the
  filesystem on those? badblocks does the job anyway.
 
  Oh, and of course it would probably be prudent to do a 
 backup before
  read/write tests, even though badblocks is 
 well-established and (with
  -n) supposed to be non-destructive. Supposed to... ;-) 
 I've never been
  disappointed but YMMV.
 
 2009/5/7 Marco Peereboom sl...@peereboom.us:
  You people crack me up.  I have been trying to ignore this 
 post for a
  while but can't anymore.  Garbage like badblock are from 
 the era that
  you still could low level format a drive.  Remember those fun days?
  When you were all excited about your 10MB hard disk?
 
  Use dd to read it; if it is somewhat broken the drive will 
 reallocate
  it.  If it is badly broken the IO will fail and it is time 
 to toss the
  disk.  Those are about all the flavors you have available.  Running
  vendor diags is basically a fancier dd.
 
 Why do you consider badblocks garbage?
OK, I'll take a nibble. (flames invited where I've got anything wrong)

You use OpenBSD where sloppy doesn't quite do what you need to be done.
This is a world where a false sense of security is not your friend.
This disk is good because it passed badblocks is NOT valid.
I've got too many rescued disks that will probably keep on working.
probably: better then 50%. (but it sounds good)
depending on lots of probables is really instant death.

IF badblocks passed a disk as clean, and there were good reason to 
beleieve that that disk was actually clean, and that it would STAY
clean, then it (badblocks) would be a good program.
Unfortunately, there is not much of anything that badblocks, or the
vendors' programs CAN do that is much of an assurance of reliability.
You might get some idea from the reliability of reconditioned 
drives versus the reliability of actually new drives. And the vendors
have better tools (if such as better tools actually exist).

WITHOUT going into HW or OS handling of bad sectors, simply rename
files or directories something like BAD_STUFF and NEVER delete 'em.
There are exotic ways of increasing risk by keeping the most of the
not-failed-yet neighbors as supposedly good sectors.
You can do much of that by partitioning to avoid places with a lot
of bad stuff. With the prices and capacities of modern disks, all
of this must assume that you have lots of time and need something to
occupy that time. Watching grass grow is probably more exciting.

For a new disk (one that does not need to go into production soon)
you can run a very long winded excercise. Seroing and reading 
probably as effective and certainly faster than 0xAA 0x55 0xFF 0x00

There SHOULD be good data forthcoming from the SMART stuff.
BUT, so far I've haven't heard noises from that corner, just wise-
cracks about vendor diags. Presumably, SHOULD does not imply IS.
IF you have anything resembling money, and do not have lots of 
free time on your hands, the best advice seems to be to replace 
quickly anything that shows any sign of trouble.
(This might be an actual good use of benchmarks ;-)

Reading will reallocate sectors.
The sector after the reallocation will be readable.
The contents of this now readable sector will be the orginal contents 
if the drive managed to successully eventually read those original 
contents, seems like whatever the drive can fake in some cases. 
Seems like with NO indication of problems in some cases at least.
Very hard to be certain at this level (using inferior OSes)

Short answer, is that AFTER a long and complicated process, there
is no reason to believe that the contents of the 

Re: XTerm resizing and 4.5

[Hugo Villeneuve]

On Thu, May 07, 2009 at 06:56:38AM +0200, Matthieu Herrb wrote:
 On Thu, May 7, 2009 at 12:31 AM, Hugo Villeneuve
 harpa...@jwales.eintr.net wrote:
  Somehow, while upgrading from 4.4 to 4.5 on i386, I lost the ability
  to resize an XTerm via the command resize -s rows cols.
 
  It's not the end of the world and for now I just changed XTerm
  default geometry to 132x48.
 
  I'm not sure where I should look to bring that behavior back.
 
 see the allowWindowOps resource in the xterm(1) manual page.
 It is now disabled by default on OpenBSD.
 
 -- 
 Matthieu Herrb

Thanks Matthieu, works like a charm now.

Althought, I wasn't aware I was using a potentially dangerous window
control sequence for all of those years. But old habits die hard
so I'm still changing it back to true.

Regards.


-- 
Hugo Villeneuve h...@eintr.net

Re: pf problem

[Dan]

Daniel Boyd(dan...@boydemail.com)@2009.05.07 13:26:42 -0500:
 I'm having some problems getting pf to forward ports.  My computer is  
 running a fresh install of OpenBSD 4.5.

 My internal network is using 172.17.2.0/24 and I need pf to do NAT and  
 forward some ports to two internal servers. 

 NAT is working just fine, (e.g. the internal computers can browse the  
 web etc.) but I can't connect to my internal servers from the outside.

...

 block all
...

Change block all to block log all, then tcpdump -nettti pflog0

Try to connect to rdr'd machines. 
You'll see exactly where the problem is.

Por favor leiam!!! apelo de mae...

[luiza souto]

POR FAVOR. LEIAM !!

Deixo com vocjs um apelo de mce, estou completamente desesperada.
O meu filho se chama Thiago souto nascimento tem 4 anos de idade,
desapareceu no
dia 03 de fevereiro de 2009 na cidade de belo horizonte.

Estou usando de todas as formas para encontrar meu filho,
por isso venho atravez deste e-mail pedir POR FAVOR, para que olhem
o video e fotos com carinho, depois repassem para seus amigos e parentes.

Video gravado, em sua festa de 3 anos de idade:
Thiago_souto_nascimento_video(517,3 KB)

Todas as fotos tiradas de Thiago que podem ajudar:
Thiago_souto_nascimento_fotos(238,17 KB)

Oferecemos uma gratificagco para quem possa nos dar qualquer notmcia,
do paradeiro do thiago.

Email para contato: luizasout...@uol.com.br
Telefone: (31) 3236-8215

Associagco Brasileira de Criangas Desaparecidas
(0XX11) 3337-3331 ou 3337-3332, falar com Ivanice.

Re: HD 'Analysis'

[Sean Kamath]

On May 7, 2009, at 4:50 PM, Tony Abernethy wrote:


 There are exotic ways of increasing risk by keeping the most of the
 not-failed-yet neighbors as supposedly good sectors.

Not with a modern disk.  The drives now essentially lie about where on  
the disk any given block is, you'll never know if block N is anywhere  
(physically) near block N-1 or N+1.

Starting about 15 years ago, the most reasonable check I could find  
was the 'verify' command in solaris' 'format' command (which I've yet  
to find/write a simple alternative to).  Anything else is just a waste  
of time.

What this did was basically write a block of random bits, then read  
and compare.  You need to do both, because some blocks are readable,  
but not writable, and vice versa. If you get a mismatch, the block was  
unreadable, and was (hopefully) remapped, so try again.  The OS  
usually logs read and write errors (soft and/or hard) and you'd have  
some idea of the relative 'health' of the disk.

Frankly, we would verify a disk if we hit a bad block, and if that  
remapped the bad block and produced no other errors over two passes,  
we'd keep using it (disks weren't that cheap then).  If we got another  
error, we'd replace the disk.  We got so many new disks that would  
encounter a bad block (and the OS would log the error) that we started  
verifying the disk when we got them to map out any bad blocks. . .

Sean

[demime 1.01d removed an attachment of type application/pkcs7-signature which 
had a name of smime.p7s]

Re: Recommendation for Beowulf/Apache Setup

[James Peltier]

--- On Thu, 5/7/09, Vivek Ayer vivek.a...@gmail.com wrote:

 From: Vivek Ayer vivek.a...@gmail.com
 Subject: Recommendation for Beowulf/Apache Setup
 To: misc misc@openbsd.org
 Received: Thursday, May 7, 2009, 12:36 PM
 Hey guys,
 
 This is a very general question, but I'm sure not exactly
 sure how to
 proceed. I'll be getting a lot of hardware soon to be
 clustered and I
 was wondering what was your take on the setup.
 
 My setup was going to be:
 
 1 OpenBSD Router running 4.5 routing to a subnet of 13
 nodes running
 FreeBSD 7.2. Of the 13 nodes, 1 node is a master mysql
 server and the
 12 nodes will run apache running LAMP-like services. The
 router will
 round-robin using hoststated for load-balancing.

hoststated? What is that?  I think you mean relayd! ;)
 
 However, they will serve an additional task: The master
 mysql server
 will be head node for MPI jobs delivered to the 12 nodes.
 Basically,
 this setup will double up as a beowulf and web server. Is
 this
 efficient? I imagine the MPI jobs won't be running all the
 time and
 while they're up, might as well do something.

I think you are going to be heading for a world of hurt here.  I am the HPC 
director at a university supporting 3 faculties.  Once people begin to use the 
resource the *will* crash nodes.  Having any critical services running on HPC 
compute nodes is *not advisable*.

 Firstly, would you recommend BSD or Linux for this. The
 router is a
 given to have OpenBSD of course, but what about the
 others?

OS doesn't matter!  It's all about the tools.  We use GNU/Linux (CentOS 5) for 
our HPC cluster because there are more tools available natively for it.  This 
is an unfortunate fact.  More and more applications out there are becoming 
GNU/Linux specific and just don't work properly or at all on other OSs.  
Evaluate your tools and make a decision.  AFAIK, Open-MPI, MPICH and MPICH2 
compile and run fine on the BSDs.  Other tools and libs, well, YMMV.

 I figured it makes sense to parallelize as much as possible
 so that
 the HTTP/MPI load can be shared among as many computers as
 possible.
 Let me know your thoughts.

Unless you have hard memory and CPU provisioning limiting what the cluster 
nodes can do, alah XEN/VMWare.  Forget about it.  Trust me.  I've rebooted 
enough deadlocked/crash nodes due to user error to know better. If you have 
to... well... NO CARRIER...

Re: pf problem

[Marco Fretz]

hi,

maybe synproxy is conflicting somehow with rdr states? try keep state
instead, just to test it... but I'm not sure. As dan said, do a block log
all and run tcpdump on pflog0 while you'r trying to connect.

you can also do this, i like tagging :)

rdr on $ext_if proto tcp from any to $ext_if port $email_ports tag email_in
- $email_server
rdr on $ext_if proto tcp from any to $ext_if port $web_ports tag web_in 
$web_server

in filtering section:

pass log tagged email_in keep state
pass log tagged web_in keep state

so you don't need to specify the any to xxx port xxx twice...

another thing is: normaly it's a problem to connect to your redirected ports
(public ip) from the inside (LAN). because pf does NAT on ext_if for any
traffic. and then needs a second state for the RDR to the inside. i think
this is not working. but you can solve this with a additional no nat proto
tcp from $inside_net to $public_ip port $port or something like this... I
think this should work. pf does not need NAT in this case, because the local
box knows both networks (public and private) and pf generates just one
state...  maybe that's your problem...


greets
 marco

On Fri, May 8, 2009 at 6:37 AM, Dan d...@ourbrains.org wrote:

 Daniel Boyd(dan...@boydemail.com)@2009.05.07 13:26:42 -0500:
  I'm having some problems getting pf to forward ports.  My computer is
  running a fresh install of OpenBSD 4.5.
 
  My internal network is using 172.17.2.0/24 and I need pf to do NAT and
  forward some ports to two internal servers.
 
  NAT is working just fine, (e.g. the internal computers can browse the
  web etc.) but I can't connect to my internal servers from the outside.
 
 ...

  block all
 ...

 Change block all to block log all, then tcpdump -nettti pflog0

 Try to connect to rdr'd machines.
 You'll see exactly where the problem is.