Re: pf, altq, packet rate

[irix]

Hello ,

And then you're going to add a dropper ?

 we already do some mitigation for that in certain drivers.

 $ cd /sys/dev; grep MCLGETI pci/* ic/*
 pci/if_bge.c:   MCLGETI(m, M_DONTWAIT, sc-arpcom.ac_if, MCLBYTES);
 pci/if_bge.c:   MCLGETI(m, M_DONTWAIT, sc-arpcom.ac_if, BGE_JLEN);
 pci/if_bnx.c:   MCLGETI(m, M_DONTWAIT, sc-arpcom.ac_if, MCLBYTES);
 pci/if_em.c:MCLGETI(m, M_DONTWAIT, sc-interface_data.ac_if, MCLBYTES);
 pci/if_iwn.c:   MCLGETI(data-m, M_DONTWAIT, NULL, IWN_RBUF_SIZE);
 pci/if_iwn.c:   MCLGETI(m1, M_DONTWAIT, NULL, IWN_RBUF_SIZE);
 pci/if_ix.c:MCLGETI(m, M_DONTWAIT, sc-arpcom.ac_if, size);
 pci/if_msk.c:   MCLGETI(m, M_DONTWAIT, sc_if-arpcom.ac_if, 
 sc_if-sk_pktlen);
 pci/if_sis.c:   MCLGETI(m_new, M_DONTWAIT, sc-arpcom.ac_if, MCLBYTES);
 pci/if_sk.c:MCLGETI(m, M_DONTWAIT, sc_if-arpcom.ac_if, SK_JLEN);
 pci/if_vic.c:   MCLGETI(m0, M_DONTWAIT, NULL, 
 m-m_pkthdr.len);
 pci/if_vic.c:   MCLGETI(m, M_DONTWAIT, sc-sc_ac.ac_if, pktlen);
 pci/if_wpi.c:   MCLGETI(data-m, M_DONTWAIT, NULL, WPI_RBUF_SIZE);
 pci/if_wpi.c:   MCLGETI(m1, M_DONTWAIT, NULL, WPI_RBUF_SIZE);
 ic/gem.c:   MCLGETI(m, M_DONTWAIT, sc-sc_arpcom.ac_if, MCLBYTES);
 ic/hme.c:   MCLGETI(m, M_DONTWAIT, sc-sc_arpcom.ac_if, MCLBYTES);


-- 
Best regards,
 irix  mailto:i...@ukr.net

Where's demime?

[ropers]

Hiya,

I know that demime is being used on the misc mailing list.
I've searched for a demime package, but couldn't find anything:

http://www.openbsd.org/4.5_packages/i386.html

I even tried to see if it's contained in some other package:
http://www.google.ie/search?q=demime+inurl%3Aopenbsd.org+inurl%3Acontents.html

A Google search for openbsd and demime returns too many archived mails
that just include the line demime 1.01d removed an attachment of type
(...).

So where is demime? Is it part of some other package?

Thank you very much in advance,
--ropers

Re: mounting a dmg file

[ropers]

2009/5/29 frantisek holop min...@obiit.org:
 hi there,

 does anyone know how to mount a .dmg file on openbsd?

 $ file image.dmg
 image.dmg: Apple Partition data block size: 2048, first type: 
 Apple_partition_map, name: Apple, number of blocks: 15,

 anybody tried anything of these?
 http://en.wikipedia.org/wiki/Apple_Disk_Image#Non-Macintosh

I have in the past had success with dmg2iso (or dmg2img, I can't
recall). This is mentioned on the above page:
http://vu1tur.eu.org/tools/

Essentially you convert the dmg to iso or img, and then you loop-mount
the new image as HFS plus. I tried this under Linux though; I don't
think I've so far ever tried to access HFS plus volumes from OpenBSD,
so I'm not sure what mileage you'll get -- but I'd be curious to hear
if you succeed.

regards,
--ropers

Re: pf, altq, packet rate

[Anton Maksimenkov]

 we already do some mitigation for that in certain drivers.
 $ cd /sys/dev; grep MCLGETI pci/* ic/*
...
Oh, that's great to hear! I missed.

29 MAQ 2009 G. 13:28 POLXZOWATELX irix i...@ukr.net NAPISAL:
 And then you're going to add a dropper ?
You had to try man MCLGETI before asking here. At least.
--
antonvm

Radeon 9200 PRO + radeondrm freezes OpenBSD 4.5

[Viktor Varheit]

Hi,

according to radeon(4) my graphics card is supported, but I
cannot get hardware acceleration to work. Booting with
disable radeondrm in UKC and then running startx works
fine. Doing the same with enable radeondrm (which is the
default in the GENERIC kernel) appears to freeze the machine.
The screen goes blank, and the monitor enters standby mode.

Sometimes the computer shuts down after pressing the power
button, but most of the time it can only be forced off by
holding the power button.

Trying several options in xorg.conf did not advance things.

I booted with a serial console to see if any messages appeared
after entering startx. This is what I got:

radeondrm0: Setting GART location based on new memory map
radeondrm0: writeback test failed
radeondrm0: wait idle failed status : 0x80010140 0x
radeondrm0: wait idle failed status : 0x80010140 0x
radeondrm0: wait idle failed status : 0x80010140 0x
...

The last message is repeated over and over until the machine
appears to freeze. The time it takes to get to that point
varies.

After setting 'Option AGPFastWrite on' in xorg.conf
no messages were output at all, but that was the only
apparent difference.

Setting AccelMethod to EXA also did not change anything.

Using no xorg.conf at all also did not work.

Anyway, here's my xorg.conf and dmesg. I hope someone
can give me a hint.

Vic


+++ xorg.conf +++
Section ServerLayout
Identifier X.org Configured
Screen  0  Screen0 0 0
InputDeviceMouse0 CorePointer
InputDeviceKeyboard0 CoreKeyboard
EndSection

Section Files
ModulePath   /usr/X11R6/lib/modules
FontPath /usr/X11R6/lib/X11/fonts/misc/
FontPath /usr/X11R6/lib/X11/fonts/TTF/
FontPath /usr/X11R6/lib/X11/fonts/OTF
FontPath /usr/X11R6/lib/X11/fonts/Type1/
FontPath /usr/X11R6/lib/X11/fonts/100dpi/
FontPath /usr/X11R6/lib/X11/fonts/75dpi/
EndSection

Section Module
Load  dbe
Load  dri
Load  extmod
Load  glx
Load  freetype
EndSection

Section InputDevice
Identifier  Keyboard0
Driver  kbd
EndSection

Section InputDevice
Identifier  Mouse0
Driver  mouse
Option  Protocol wsmouse
Option  Device /dev/wsmouse
Option  ZAxisMapping 4 5 6 7
EndSection

Section Monitor
#DisplaySize  340   270 # mm
Identifier   Monitor0
VendorName   ENC
ModelNameL557
HorizSync24.0 - 80.0
VertRefresh  50.0 - 75.0
Option  DPMS
EndSection

Section Device
Option AGPMode x4
Option BusType AGP  # [str]
#Option AGPFastWrite on # [bool]
#Option AccelMethod EXA # str
Option DRI on   # [bool]
Identifier  Card0
Driver  radeon
VendorName  ATI
BoardName   Radeon 9200 PRO
BusID   PCI:1:0:0
EndSection

Section Screen
Identifier Screen0
Device Card0
MonitorMonitor0
SubSection Display
Viewport   0 0
Depth 1
EndSubSection
SubSection Display
Viewport   0 0
Depth 4
EndSubSection
SubSection Display
Viewport   0 0
Depth 8
EndSubSection
SubSection Display
Viewport   0 0
Depth 15
EndSubSection
SubSection Display
Viewport   0 0
Depth 16
EndSubSection
SubSection Display
Viewport   0 0
Depth 24
EndSubSection
EndSection

+++ dmesg +++
OpenBSD 4.5-stable (GENERIC) #0: Sun May  3 11:29:20 CEST 2009
v...@overstolz.my.domain:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: AMD Athlon(tm) XP 2000+ (AuthenticAMD 686-class, 256KB L2 cache) 1.68 
GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE
real mem  = 804810752 (767MB)
avail mem = 769404928 (733MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 10/18/06, BIOS32 rev. 0 @ 0xfdb10, SMBIOS 
rev. 2.3 @ 0xf0630 (21 entries)
bios0: vendor American Megatrends Inc. version P2.80 date 10/18/2006
bios0: American Megatrends Inc. K7S41GX
acpi0 at bios0: rev 0
acpi0: tables DSDT FACP APIC
acpi0: wakeup devices PS2M(S4) PS2K(S4) UAR1(S4) USB1(S4) USB2(S4) EHCI(S4) 
LAN_(S4) MDM_(S4) AUD_(S4) PCI0(S4)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: apic clock running at 268MHz
ioapic0 at mainbus0: apid 2 pa 0xfec0, version 11, 24 pins
acpiprt0 at acpi0: bus 0 (PCI0)
acpicpu0 at acpi0
acpibtn0 at acpi0: PWRB
bios0: ROM list: 0xc/0xd000 0xcd000/0xa000
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 

Re: pf, altq, packet rate

[irix]

Hello ,

Today I felt CDNR in NetBSD-5
Works fine. No claims.

Why write that does not work, I can not even guess. I use in NetBSD-2, and 
NetBSD-5.
It works without reproach.

interface pvc1
conditioner pvc1 ef_cdnr tbmeter 6M 64K passdrop
filter pvc1 ef_cdnr 0 0 172.16.4.176 0 0


 so, let's look at FreeBSD's manpage.

  ALTQ_CDNR   Build the traffic conditioner.  This option is meaningless at
  the moment as the conditioner is not used by any of the
  available disciplines or consumers.

 or a fairly recent NetBSD list post:

 The input limiter absolutely doesn't work under NetBSD-3, it seems,
 and I've found some other posts on the web that seem to confirm this.
 [...]   I have a NetBSD-4 build of this box, which is an embeded system, which
 I could deploy in this application, but it's not a trivial exercise to do
 so.  So, I'm wondering if anyone has used and can report whether the input
 traffic conditioner actually works to limit traffic on input traffic under
 NetBSD-4.  

 ...


-- 
Best regards,
 irix  mailto:i...@ukr.net

Re: pf, altq, packet rate

[irix]

Hello ,


In  addition  CDNR  still has the 3 color marker, which, if slightly
reworked,you   can   get   a   different   dynamic   shaper. For each color 
would be to set a speed,
and switch between the colors would be implemented through traffic past in the 
ends of time.
For  example  10Mb/always  5Mb/10Gb  (in  1  day)  1Mb/15Gb (in 2
day's) flush 1 day,  (green yellow red)(reset couter)
 and an additional parameter discharging the counter, for example, to reset the 
counter 1 time per day .


-- 
Best regards,
 irix  mailto:i...@ukr.net

Re: two IP addresses on one pppoe connection

[Stuart Henderson]

On 2009-05-29, Scott McEachern sc...@erratic.ca wrote:

 So the specifics for OpenBSD is that this is completely do-able with 
 userland pppoe.  Keep the existing pppoe setup for the single IP as is, 
 and just modify the /etc/ppp/ppp.linkup file as such:  (Assuming you 
 were given a.b.c.d/30)

 MYADDR:
  !bg sh -c /sbin/ifconfig tun0 alias a.b.c.d netmask 255.255.255.255
 [...]
  !bg sh -c /sbin/ifconfig tun0 alias a.b.c.d+3 netmask 255.255.255.255
  !bg sh -c /sbin/pfctl -ef /etc/pf.conf
  !bg sh -c pkill -1 named

where you have a single address and also a routed subnet, the normal
way to do this is to put those IPs on another network interface.
but with something small like a /30, assuming you just want them for
natting and not passing directly to another machine, this is a good
way to make use of the extra addresses that you normally wouldn't
be able to.


   The last two lines are to load a pppoe-aware pf.conf and to let the 
 name server start listening on any external address per named.conf.
   The result is that adding a /30 actually gives a total of 5 usable 
 IPs: the original IP, what you would think are the 'network' and 
 'broadcast' addresses for the /30, plus the two 'normal' usable addresses.
   After that, it was just a matter of myself and pf.conf having a chat, 
 and all is well. :)

Re: PF/Carp/Pfsync

[Markus Wernig]

Hi Georg

I think I remember something like this ... could it be that carp takes 
over the interface before pfsync has finished updating the booted 
machine's connection table?
TCP (and many other protocols) takes care of such situations by simply 
retransmitting, so any TCP connections should recover within seconds. 
When using UDP I suppose, recovery depends on the application.


Another reason could be the interfaces not coming back up together. You 
should set net.inet.carp.preempt=1


hth /markus


Georg Kahest wrote:
[...] but when the prefered

master comes up again and starts to act as carp master, then client who
has carp as its gateway loses some packets on the moment of failover, [...]

4.5 - stable/ports/gcc-4.2/Error code 1

[soko.tica]

Hello list,

I am trying to install gnome-session from ports on 4.5 - stable, and I
am facing the following error in gcc-4.2
..
===  Configuring for gcc-4.2.20070307
loading site script /usr/ports/infrastructure/db/config.site
loading cache ./config.cache
checking host system type... i386-unknown-openbsd4.5
checking target system type... i386-unknown-openbsd4.5
checking build system type... i386-unknown-openbsd4.5
checking for a BSD compatible install... /usr/bin/install -c -o root -g bin
checking whether ln works... yes
checking whether ln -s works... yes
checking for gcc... /usr/ports/lang/gcc/4.2/w-gcc-4.2.20070307/bin/egcc
checking whether the C compiler
(/usr/ports/lang/gcc/4.2/w-gcc-4.2.20070307/bin/egcc -O2 -g ) works...
no
*** Error code 1

Stop in /usr/ports/lang/gcc/4.2 (line 2147 of
/usr/ports/infrastructure/mk/bsd.port.mk).
*** Error code 1

Stop in /usr/ports/lang/gcc/4.2 (line 1427 of
/usr/ports/infrastructure/mk/bsd.port.mk).
==

The ports are NOT configured according to
http://openbsd.org/faq/faq15.html#PortsConfig . I don't know how to do
it.
Particularly, there is no /etc/mk.conf (and I don't know how to create
it other than touch command). Moreover, there are NO directories
/usr/obj/ports
/usr/distfiles /usr/packages where WRKOBJDIR=/usr/obj/ports
DISTDIR=/usr/distfiles PACKAGE_REPOSITORY=/usr/packages are supposed
to be configured, according
tohttp://openbsd.org/faq/faq15.html#PortsConfig

Thanks in advance for any suggestion. Dmesg below.

Apart from that, 4.5 rocks! Great work!

==
dmesg
OpenBSD 4.5-stable (GENERIC) #0: Sun May 24 19:03:08 CEST 2009
ad...@ljubinko.zderic.my6net:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel(R) Celeron(R) CPU 2.80GHz (GenuineIntel 686-class) 2.82 GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,CNXT-ID,xTPR
real mem  = 804810752 (767MB)
avail mem = 769404928 (733MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 09/09/04, BIOS32 rev. 0 @
0xfae70, SMBIOS rev. 2.3 @ 0xf0100 (39 entries)
bios0: vendor Award Software International, Inc. version F3 date 09/09/2004
bios0: Gigabyte Technology Co., Ltd. 8I845PE Pro
acpi0 at bios0: rev 0
acpi0: tables DSDT FACP APIC
acpi0: wakeup devices HUB0(S4) USB0(S1) USB1(S1) USB2(S1) USB3(S1)
USBE(S1) PCI0(S4)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: apic clock running at 133MHz
ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 2 (HUB0)
acpicpu0 at acpi0
acpitz0 at acpi0: critical temperature 75 degC
acpibtn0 at acpi0: PWRB
bios0: ROM list: 0xc/0xc000
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 0 function 0 Intel 82865G Host rev 0x02
intelagp0 at pchb0
agp0 at intelagp0: aperture at 0xe000, size 0x800
ppb0 at pci0 dev 1 function 0 Intel 82865G AGP rev 0x02
pci1 at ppb0 bus 1
vga1 at pci1 dev 0 function 0 ATI Radeon 9200 SE Sec rev 0x01
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
radeondrm0 at vga1: apic 2 int 16 (irq 10)
drm0 at radeondrm0
ATI Radeon 9200 SE rev 0x01 at pci1 dev 0 function 1 not configured
uhci0 at pci0 dev 29 function 0 Intel 82801EB/ER USB rev 0x02: apic
2 int 16 (irq 10)
uhci1 at pci0 dev 29 function 1 Intel 82801EB/ER USB rev 0x02: apic
2 int 19 (irq 11)
uhci2 at pci0 dev 29 function 2 Intel 82801EB/ER USB rev 0x02: apic
2 int 18 (irq 9)
uhci3 at pci0 dev 29 function 3 Intel 82801EB/ER USB rev 0x02: apic
2 int 16 (irq 10)
ehci0 at pci0 dev 29 function 7 Intel 82801EB/ER USB2 rev 0x02: apic
2 int 23 (irq 5)
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 Intel EHCI root hub rev 2.00/1.00 addr 1
ppb1 at pci0 dev 30 function 0 Intel 82801BA Hub-to-PCI rev 0xc2
pci2 at ppb1 bus 2
skc0 at pci2 dev 9 function 0 Marvell Yukon 88E8001/8003/8010 rev
0x13, Yukon Lite (0x9): apic 2 int 20 (irq 11)
sk0 at skc0 port A: address 00:0f:ea:77:e0:94
eephy0 at sk0 phy 0: 88E1011 Gigabit PHY, rev. 5
ichpcib0 at pci0 dev 31 function 0 Intel 82801EB/ER LPC rev 0x02
pciide0 at pci0 dev 31 function 1 Intel 82801EB/ER IDE rev 0x02:
DMA, channel 0 configured to compatibility, channel 1 configured to
compatibility
wd0 at pciide0 channel 0 drive 0: WDC WD800BB-00FJA0
wd0: 16-sector PIO, LBA, 76319MB, 156301488 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5
atapiscsi0 at pciide0 channel 1 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0: PIONEER, DVD-RW DVR-115D, 1.13 ATAPI
5/cdrom removable
cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2
ichiic0 at pci0 dev 31 function 3 Intel 82801EB/ER SMBus rev 0x02:
apic 2 int 17 (irq 12)
iic0 at ichiic0
spdmem0 at iic0 addr 0x50: 256MB DDR SDRAM non-parity PC3200CL2.5
spdmem1 at iic0 addr 0x51: 256MB DDR SDRAM non-parity PC3200CL3.0
spdmem2 at iic0 

Re: 4.5 - stable/ports/gcc-4.2/Error code 1

[Dennis Davis]

On Fri, 29 May 2009, soko.tica wrote:

 From: soko.tica soko.t...@gmail.com
 To: misc@openbsd.org
 Date: Fri, 29 May 2009 13:01:13 +0200
 Subject: 4.5 - stable/ports/gcc-4.2/Error code 1
 X-Spam-Score: 0.4 (/)
 
 Hello list,
 
 I am trying to install gnome-session from ports on 4.5 - stable, and I
 am facing the following error in gcc-4.2
 ..
 ===  Configuring for gcc-4.2.20070307
 loading site script /usr/ports/infrastructure/db/config.site
 loading cache ./config.cache
 checking host system type... i386-unknown-openbsd4.5
 checking target system type... i386-unknown-openbsd4.5
 checking build system type... i386-unknown-openbsd4.5
 checking for a BSD compatible install... /usr/bin/install -c -o root -g bin
 checking whether ln works... yes
 checking whether ln -s works... yes
 checking for gcc... /usr/ports/lang/gcc/4.2/w-gcc-4.2.20070307/bin/egcc
 checking whether the C compiler
 (/usr/ports/lang/gcc/4.2/w-gcc-4.2.20070307/bin/egcc -O2 -g ) works...
 no
 *** Error code 1
 
 Stop in /usr/ports/lang/gcc/4.2 (line 2147 of
 /usr/ports/infrastructure/mk/bsd.port.mk).
 *** Error code 1

Seriously consider installing gcc-4.2 from a pre-built package.

Alternatively add the soft link libc.so.42.0 in /usr/lib:

(root) ?// pwd  
/usr/lib
(root) ?// ls -l libc.so.42.0  
lrwxr-xr-x  1 root  wheel  12 May  7 12:35 libc.so.42.0 - libc.so.50.1

Can't remember how I found this out.  Seems the bootstrap compiler
wants it:

(root) ?// ldd /usr/ports/lang/gcc/4.2/w-gcc-4.2.20070307/bootstrap/bin/egcc
/usr/ports/lang/gcc/4.2/w-gcc-4.2.20070307/bootstrap/bin/egcc:
StartEnd  Type Open Ref GrpRef Name
1c00 3c008000 exe  10   0  
/usr/ports/lang/gcc/4.2/w-gcc-4.2.20070307/bootstrap/bin/egcc
04402000 2443b000 rlib 01   0  /usr/lib/libc.so.42.0
09b3d000 09b3d000 rtld 01   0  /usr/libexec/ld.so

*But* as noted above, consider installing the package
-- 
Dennis Davis, BUCS, University of Bath, Bath, BA2 7AY, UK
d.h.da...@bath.ac.uk   Phone: +44 1225 386101

Re: 4.5 - stable/ports/gcc-4.2/Error code 1

[soko.tica]

On 5/29/09, Dennis Davis d.h.da...@bath.ac.uk wrote:
 Seriously consider installing gcc-4.2 from a pre-built package.

I've already tried it, prior to maling the list, it didn't work -
package gcc-4.2 was installed, but gnome-session would still fail from
ports.


 Alternatively add the soft link libc.so.42.0 in /usr/lib:

 (root) ?// pwd
 /usr/lib
 (root) ?// ls -l libc.so.42.0
 lrwxr-xr-x  1 root  wheel  12 May  7 12:35 libc.so.42.0 - libc.so.50.1

 Can't remember how I found this out.  Seems the bootstrap compiler
 wants it:

 (root) ?// ldd /usr/ports/lang/gcc/4.2/w-gcc-4.2.20070307/bootstrap/bin/egcc
 /usr/ports/lang/gcc/4.2/w-gcc-4.2.20070307/bootstrap/bin/egcc:
 StartEnd  Type Open Ref GrpRef Name
 1c00 3c008000 exe  10   0
 /usr/ports/lang/gcc/4.2/w-gcc-4.2.20070307/bootstrap/bin/egcc
 04402000 2443b000 rlib 01   0  /usr/lib/libc.so.42.0
 09b3d000 09b3d000 rtld 01   0  /usr/libexec/ld.so


#pwd
/usr/lib
#ls -l libc.so.42.0
ls: libc.so.42.0 : No such file or directory

If possible, instruction for DUMMIES how to create the soft link would
be appreciated very much.

Hardware compatibility question : VIA VX 800 chipset

[Benjamin G.]

Hello list,

I would like to buy a motherboard based on Via Nano and
VX 800 chipset. Before buying this motherboard I would like
to be sure that OpenBSD works well on it.

This is the motherboard Jetway JNF76 VIA NANO 1GHz
and here is the specs :
  CPU: VIA Nano U2300 (1.0GHz) processor
  Chipset: VIA VX800 Chipsets
  Graphics: VIA Chrome9 HC3 IGP
  Power Management: ACPI S3/S4 Compliant
  Audio: VIA VT1708B
  Ethernet LAN: RTL8111C
Note : this for home use, so performance is not a priority

I Havn't find compatibility informations on this chipset on
google and on the official hardware compatibility list page.
That's why I am mailing the list.

Thanks in advance for your help.

Best regards,
Benjamin.

Re: 4.5 - stable/ports/gcc-4.2/Error code 1

[soko.tica]

On 5/29/09, Dennis Davis d.h.da...@bath.ac.uk wrote:
...
# pwd
/usr/lib
# ln -s libc.so.50.1 libc.so.42.0

solved the problem (in case anyone in future search the archive after
the key words).

Re: 4.5 - stable/ports/gcc-4.2/Error code 1

[Antoine Jacoutot]

On Fri, 29 May 2009, soko.tica wrote:

 On 5/29/09, Dennis Davis d.h.da...@bath.ac.uk wrote:
 ...
 # pwd
 /usr/lib
 # ln -s libc.so.50.1 libc.so.42.0
 
 solved the problem (in case anyone in future search the archive after
 the key words).

Considering you did not even bother looking at the archives yourself, I 
find this quite amusing...

http://www.nabble.com/openoffice3-and-gcc4.2-and-opera-flash-td23218745.html

-- 
Antoine

Re: 4.5 - stable/ports/gcc-4.2/Error code 1[solved]

[soko.tica]

On 5/29/09, Antoine Jacoutot ajacou...@bsdfrog.org wrote:
 On Fri, 29 May 2009, soko.tica wrote:

 On 5/29/09, Dennis Davis d.h.da...@bath.ac.uk wrote:
 ...
 # pwd
 /usr/lib
 # ln -s libc.so.50.1 libc.so.42.0

 solved the problem (in case anyone in future search the archive after
 the key words).

 Considering you did not even bother looking at the archives yourself, I
 find this quite amusing...

 http://www.nabble.com/openoffice3-and-gcc4.2-and-opera-flash-td23218745.html

 --
 Antoine

In fact I did, and found several threads, but none that seemed to be
the solution I need. Mind, I didn't know the specifics of the problem,
so I think the title of this thread is more comprehensive. Anyway, the
above is for DUMMIES, such as myself. I hope you don't mind ;)

Re: 4.5 - stable/ports/gcc-4.2/Error code 1[solved]

[Antoine Jacoutot]

On Fri, 29 May 2009, soko.tica wrote:
 In fact I did, and found several threads, but none that seemed to be
 the solution I need. Mind, I didn't know the specifics of the problem,
 so I think the title of this thread is more comprehensive. Anyway, the
 above is for DUMMIES, such as myself. I hope you don't mind ;)

No.
But you may find http://mailman.theapt.org/listinfo/openbsd-newbies 
better for you.

-- 
Antoine

Re: 4.5 - stable/ports/gcc-4.2/Error code 1[solved]

[soko.tica]

On 5/29/09, Antoine Jacoutot ajacou...@bsdfrog.org wrote:
 On Fri, 29 May 2009, soko.tica wrote:
 In fact I did, and found several threads, but none that seemed to be
 the solution I need. Mind, I didn't know the specifics of the problem,
 so I think the title of this thread is more comprehensive. Anyway, the
 above is for DUMMIES, such as myself. I hope you don't mind ;)

 No.
 But you may find http://mailman.theapt.org/listinfo/openbsd-newbies
 better for you.

 --
 Antoine

Since FAQ says ports (and following -stable) isn't for beginners, and
having in mind that I managed to build it, I think I am in the
appropriate list. Apart from kudos and respect from you for the great
work you do, you didn't spoil my mood by your remarks. And, NO, I
don't intend to change the address, so try either to accommodate
yourself to the increase of DUMMIES that try OpenBSD - it is a great
work, yours in part, it won't go unnoticed - or find a way to block us
from this list. Or simply ignore us. :D

Re: 4.5 - stable/ports/gcc-4.2/Error code 1[solved]

[Antoine Jacoutot]

On Fri, 29 May 2009, soko.tica wrote:
 Since FAQ says ports (and following -stable) isn't for beginners, and
 having in mind that I managed to build it, I think I am in the
 appropriate list. Apart from kudos and respect from you for the great
 work you do, you didn't spoil my mood by your remarks. And, NO, I
 don't intend to change the address, so try either to accommodate
 yourself to the increase of DUMMIES that try OpenBSD - it is a great
 work, yours in part, it won't go unnoticed - or find a way to block us
 from this list. Or simply ignore us. :D

Why did you think I wanted to spoil your mood?
Hmm ok, I though I was doing a nice thing pointing you to a newbie list.
No offense but, not knowing how to make a symlink means your next mail 
threads in this list are going to be very fun to watch, so no I won't 
ignore you.


-- 
Antoine

Re: 4.5 - stable/ports/gcc-4.2/Error code 1[solved]

[soko.tica]

On 5/29/09, Antoine Jacoutot ajacou...@bsdfrog.org wrote:
 On Fri, 29 May 2009, soko.tica wrote:
 Since FAQ says ports (and following -stable) isn't for beginners, ...

 Why did you think I wanted to spoil your mood?
 Hmm ok, I though I was doing a nice thing pointing you to a newbie list.
 No offense but, not knowing how to make a symlink means your next mail
 threads in this list are going to be very fun to watch, so no I won't
 ignore you.


 --
 Antoine


No offense, and all respect and kudos from my side to you and all the
others that do such a great work. Perhaps I misread something.

I'll try to learn to make symlinks (I've already produced one!), in
spite of all difficulties (not appropriate to be elaborated here), and
do try hard not to post stupid questions too often. At least I do try
to search before posting, but, alas, as in this case, sometimes I
don't see the answer that is in front of my eyes. :)

John Tate has invited you to join Updown.com

[UpDown.com]

Your friend, John Tate, has invited you to join Updown.com, the fantasy 
investing site that gives away $3,000 every month to the best investors who 
manage a virtual portfolio of $1,000,000.

Join Updown.com  become John Tate's Friend. 
(http://nasdaq.updown.com/click.php/e13718/t1253412/c13105105/?_refer=132362_code_2=_invite_invite=229236)

--

Here is John Tate's personal message to you:

Hi. I've been using this site to become a better investor. It's a lot of fun. I 
think you'd like it.

--

Sincerely,

The Updown Team



Please ensure you'll continue to receive e-mails from Updown.com:
* Outlook Users:  From the Actions menu, select Junk E-mail and Add Sender to 
Safe Senders List
* Hotmail, Yahoo and AOL Users: Click the Add Address or Save Address 
button or link beside the From address at the top of this message
* Users of Other Email Systems: Please follow the software or 
service-provider's instructions for adding Updown.com to your safe senders 
list or whitelist.

Updown.com respects your right to privacy. You can view our privacy policy by 
visiting: http://nasdaq.updown.com/click.php/e13718/t1253413/c13105105/

If you are a member and wish to turn off this email, you can update your email 
settings by visiting: 
http://nasdaq.updown.com/click.php/e13718/t1253414/c13105105/

To unsubscribe to all future emails, visit: 
http://nasdaq.updown.com/click.php/e13718/t1253415/c13105105/?mail=13105105email=m...@openbsd.org

RAM not detected on HP DL580 G4

[BARDOU Pierre]

Hello,

I'm trying to set up an OpenBSD 4.5 amd64 on a HP ProLiant DL580 G4. It has 38
GB RAM, but only ~3 GB is detected.
Is it possible to use all the RAM ?

The dmesg :
# dmesg
OpenBSD 4.5 (GENERIC) #2052: Sat Feb 28 14:55:24 MST 2009
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC
real mem = 3487395840 (3325MB)
avail mem = 3371655168 (3215MB)
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.3 @ 0xec000 (109 entries)
bios0: vendor HP version P59 date 09/08/2006
bios0: HP ProLiant DL580 G4
acpi0 at bios0: rev 2
acpi0: tables DSDT FACP SPCR SRAT MCFG APIC SSDT
acpi0: wakeup devices
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Xeon(TM) CPU 3.00GHz, 2992.94 MHz
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,CNXT-ID,CX16,
xTPR,LONG
cpu0: 1MB 64b/line 8-way L2 cache
cpu0: apic clock running at 199MHz
cpu at mainbus0: not configured
cpu at mainbus0: not configured
cpu at mainbus0: not configured
cpu at mainbus0: not configured
cpu at mainbus0: not configured
cpu at mainbus0: not configured
cpu at mainbus0: not configured
ioapic0 at mainbus0 apid 1 pa 0xfec0, version 20, 24 pins
ioapic1 at mainbus0 apid 4 pa 0xfec8, version 20, 24 pins
ioapic2 at mainbus0 apid 5 pa 0xfec80800, version 20, 24 pins
acpimadt0: unknown apic structure type ff
acpimadt0: unknown apic structure type ff
acpiprt0 at acpi0: bus 1 (IP2P)
acpiprt1 at acpi0: bus 9 (PXHA)
acpiprt2 at acpi0: bus 10 (PXHB)
acpiprt3 at acpi0: bus 8 (PTD0)
acpiprt4 at acpi0: bus 2 (PTA0)
acpiprt5 at acpi0: bus 5 (PTA1)
acpiprt6 at acpi0: bus 13 (PTB0)
acpiprt7 at acpi0: bus 16 (PTB1)
acpiprt8 at acpi0: bus 19 (PTC0)
acpiprt9 at acpi0: bus 22 (PTC1)
acpiprt10 at acpi0: bus 0 (PCI0)
acpicpu0 at acpi0
acpitz0 at acpi0: critical temperature 31 degC
pci0 at mainbus0 bus 0: configuration mode 1
pchb0 at pci0 dev 0 function 0 Intel E8500 Host rev 0x11
ppb0 at pci0 dev 1 function 0 Intel E8500 PCIE rev 0x11
pci1 at ppb0 bus 8
ppb1 at pci1 dev 0 function 0 Intel PCIE-PCIE rev 0x09
pci2 at ppb1 bus 9
bnx0 at pci2 dev 1 function 0 Broadcom BCM5706 rev 0x02: apic 4 int 0 (irq
5)
bnx1 at pci2 dev 2 function 0 Broadcom BCM5706 rev 0x02: apic 4 int 3 (irq
7)
ppb2 at pci1 dev 0 function 2 Intel PCIE-PCIE rev 0x09
pci3 at ppb2 bus 10
ppb3 at pci3 dev 1 function 0 Pericom PI7C21P100 PCIX-PCIX rev 0x01
pci4 at ppb3 bus 11
em0 at pci4 dev 4 function 0 Intel PRO/1000MT QP (82546GB) rev 0x03: apic 5
int 2 (irq 10), address 00:0e:0c:c6:be:f8
em1 at pci4 dev 4 function 1 Intel PRO/1000MT QP (82546GB) rev 0x03: apic 5
int 3 (irq 7), address 00:0e:0c:c6:be:f9
em2 at pci4 dev 6 function 0 Intel PRO/1000MT QP (82546GB) rev 0x03: apic 5
int 0 (irq 5), address 00:0e:0c:c6:be:fa
em3 at pci4 dev 6 function 1 Intel PRO/1000MT QP (82546GB) rev 0x03: apic 5
int 1 (irq 10), address 00:0e:0c:c6:be:fb
ppb4 at pci0 dev 2 function 0 Intel E8500 PCIE rev 0x11
pci5 at ppb4 bus 19
Emulex LPe1150 rev 0x02 at pci5 dev 0 function 0 not configured
ppb5 at pci0 dev 3 function 0 Intel E8500 PCIE rev 0x11
pci6 at ppb5 bus 22
ciss0 at pci6 dev 0 function 0 Hewlett-Packard Smart Array rev 0x01: apic 1
int 16 (irq 5)
ciss0: 1 LD, HW rev 1, FW 1.18/1.18
scsibus0 at ciss0: 1 targets
sd0 at scsibus0 targ 0 lun 0: HP, LOGICAL VOLUME, 1.18 SCSI0 0/direct fixed
sd0: 69973MB, 512 bytes/sec, 143305920 sec total
ppb6 at pci0 dev 4 function 0 Intel E8500 PCIE rev 0x11
pci7 at ppb6 bus 13
em4 at pci7 dev 0 function 0 Intel PRO/1000 PT (82571EB) rev 0x06: apic 1
int 16 (irq 5), address 00:17:08:7d:cd:d2
em5 at pci7 dev 0 function 1 Intel PRO/1000 PT (82571EB) rev 0x06: apic 1
int 17 (irq 10), address 00:17:08:7d:cd:d3
ppb7 at pci0 dev 5 function 0 Intel E8500 PCIE rev 0x11
pci8 at ppb7 bus 16
Emulex LPe1150 rev 0x02 at pci8 dev 0 function 0 not configured
ppb8 at pci0 dev 6 function 0 Intel E8500 PCIE rev 0x11
pci9 at ppb8 bus 2
ppb9 at pci0 dev 7 function 0 Intel E8500 PCIE rev 0x11
pci10 at ppb9 bus 5
pchb1 at pci0 dev 8 function 0 Intel E8500 IMI rev 0x11
Intel E8500 XMB rev 0x11 at pci0 dev 9 function 0 not configured
Intel E8500 XMB Misc rev 0x11 at pci0 dev 9 function 1 not configured
Intel E8500 XMB MAI rev 0x11 at pci0 dev 9 function 2 not configured
Intel E8500 XMB DDR rev 0x11 at pci0 dev 9 function 3 not configured
Intel E8500 XMB Reserved rev 0x11 at pci0 dev 9 function 4 not configured
Intel E8500 XMB Reserved rev 0x11 at pci0 dev 9 function 5 not configured
Intel E8500 XMB Reserved rev 0x11 at pci0 dev 9 function 6 not configured
Intel E8500 XMB Reserved rev 0x11 at pci0 dev 9 function 7 not configured
pchb2 at pci0 dev 10 function 0 Intel E8500 IMI rev 0x11
Intel E8500 XMB rev 0x11 at pci0 dev 11 function 0 not configured
Intel E8500 XMB Misc rev 0x11 at pci0 dev 11 function 1 not configured
Intel E8500 XMB MAI rev 0x11 at pci0 dev 11 function 2 not configured
Intel E8500 XMB DDR 

Re: RAM not detected on HP DL580 G4

[Matthew Szudzik]

On Fri, May 29, 2009 at 02:33:48PM +0200, BARDOU Pierre wrote:
 I'm trying to set up an OpenBSD 4.5 amd64 on a HP ProLiant DL580 G4. It has 38
 GB RAM, but only ~3 GB is detected.
 Is it possible to use all the RAM ?

See

 http://marc.info/?l=openbsd-miscm=123763424431042

Re: 4.5 - stable/ports/gcc-4.2/Error code 1

[Stuart Henderson]

On 2009-05-29, soko.tica soko.t...@gmail.com wrote:
 On 5/29/09, Dennis Davis d.h.da...@bath.ac.uk wrote:
...
 # pwd
 /usr/lib
 # ln -s libc.so.50.1 libc.so.42.0

 solved the problem (in case anyone in future search the archive after
 the key words).



This is the wrong way to fix it. The reason the version numbers are
different is because the APIs are NOT COMPATIBLE with each other.

Use a package or disable the Ada support.

Webinar: Learning About CRM

[Matthew Kallas]

Your invitation to join our webinar:

Everything you always wanted to know about CRM
(But Were Afraid to Ask)
Thu, June 4, 2009
No cost to attendees, but space is limited. Sign up here:
http://online.intelestream.net/em/link.php?M=601630N=273L=58F=T

Intelestream's Chief Operating Officer Richard Baldwin will
address five key aspects of CRM with which all businesses should
be familiar:

- Defining CRM and why businesses use it
- CRM processes involving sales, marketing, customer support,
e-commerce, and reporting
- Implementation best practices and encouraging user adoption
- Customizations, maintenance, and enhancement
- Overview of the CRM marketplace: matching specific business
needs with the right CRM platform

There will be a question and answer session focusing on the
specific business case scenarios of attendees.

More about Intelestream

To learn more about Intelestream, go to www.intelestream.net
Click this link to unsubscribe:
http://online.intelestream.net/em/unsubscribe.php?M=601630C=d3a0f04ade91cf5412c4ec94041bf894L=8N=273

Re: multilink VPN

[Toni Mueller]

Hi,

On Wed, 27.05.2009 at 22:07:25 -0300, James Mackinnon jmackin...@devantec.com 
wrote:
 I need to setup redundant VPN's between these locations without the use of
 BGP.

 I have used sasync in the past, pfsync etc however, I have not tried to setup
 a VPN where 2 ISPs are used without the ISPs setup with BGP.  Because BGP
 convergance can take a bit of time, and the network in this case not being
 able to drop for 1 second, I need to determine what option is best.

I heavily doubt that you'll be able to keep the network up at all
times because even CARP failover will take longer than one second.

 I have spoke with a cisco guy today and they can do multilink VPN's on cisco
 for this,

Did he actually tell you how they make sure that there'll be no
downtime of even one second? Was the explanation technically sound?
How about error conditions in the Internet, between your sites? 



FWIW, I've configured semi-multilink VPN in the past (before the
CARP age), with this kind of setup:


LAN1 --- FW{1,2} --- Internet --- FW{3,4} --- LAN2

with

LAN1, FW1, FW2: my end

FW3, FW4, LAN2: other end (not accessible to me)



Manually switching between FW1 and FW2 usually took on the order of
8-15 seconds.


The other side switched between FW3 and FW4 at their leisure, w/o
telling anyone.

The idea to configure this with isakmpd.conf was to have both peers
configured on both of your firewalls, and then add as many IPSEC
connections so that you cover all connection pairs.

That way, you can access LAN2 from LAN1 regardless whether FW3 or FW4
is operational. In my setup, one of the tunnels simply vanished and the
other appeared, if the other side switched their firewalls.

Now, if you can detect your conditions under which you want to fail
over to the other firewall (eg. fiber cut), it should be easy to
cook up a script and fire it on such an event.


But you won't get away without any downtime, and if you find out how to
do this on the IP level, I'm interested to hear about it.

I strongly suspect that if you really want to force less than 1 seconds
of downtime even in the case of error, then you need to swap IP for a
real high-reliability type of connection like telcos use in their long
hauls (eg. SDH).

But if you can weed out duplicate packets, you might be able to create
some magic with bridging and move all packets over both links all the
time, dropping one half at the receiving end(s). But this is only a
shot in the dark - I don't know how to do this.

I'm curious about what kind of application you have that does not
tolerate 1 second of downtime?

If someone has an idea about how to configure this with ipsec.conf, I'm
eager to hear.


Kind regards,
--Toni++

Ordering more than the CD

[Jean-Francois]

Hello,

Could you please indicate where one in France can order the Shirt and
CD, I found only CD resaler.
Ordering in EU/US is not a problem if needed.

Thank you!
JF

Re: multiple videocards... for console text

[Need Coffee]

On Thu, May 28, 2009 at 10:21 PM, Theo de Raadt dera...@cvs.openbsd.org
wrote:
 Thanks, but my goal was not just to add more text consoles, it was to
 actually create more
 VTs on existing heads.  I have 3 monitors.  We're all painfully aware
 of the Xorg limitations
 with multiple pci graphics cards.  So, I wanted to run them in text
 mode (80x50 of course  :)

 80x50 is easy.  It's the getting all 3 monitors to work
 independently that isn't.

 Getting them to work seperately requires almost as much work as X does
 to do that.  The PC hardware video architecture is more broken and
 complex than you could possibly imagine.

Thanks for the definitive reply -- I had a feeling it was not going to
pan out...

Domain Resolution Issue

[Mario Vega]

Hello,

We are experiencing an issue with resolution of a domain, roadwire.com, on our
gateway email server running 4.5-stable.  The server is running named with
/etc/resolv.conf set to 127.0.0.1.

NXDOMAIN is returned when performing an nslookup or dig on roadwire.com. 
However, if a rndc flushname roadwire.com is issued, then the domain resolves
correctly for a period of time (ttl I imagine, yet to confirm).

Named is configured to forward to our internal name servers.  During the times
that named returns NXDOMAIN, the internal name servers can be queried and
correctly return the record.

Below is our named.conf.  Any recommendations on troubleshooting this issue
would be greatly appreciated.

Thank you,
mv

-- 

options {
version ;
listen-on{ 127.0.0.1; };
listen-on-v6 { none; };
empty-zones-enable yes;
allow-recursion { 127.0.0.1; };
clients-per-query 30;
forwarders { 192.168.2.2; 192.168.2.4; };
forward only;
};

logging {
category lame-servers { null; };
};

zone localhost {
type master;
file standard/localhost;
allow-transfer { localhost; };
};

zone localhost {
type master;
file standard/localhost;
allow-transfer { localhost; };
};

zone 127.in-addr.arpa {
type master; 
file standard/loopback;
allow-transfer { localhost; };
};

PPTP vpn with OBSD gateway (outgoing)

[Juan Miscaro]

Hi, I'm trying to set up a PPTP tunnel for a Windows machine lying
behind my OBSD 4.0 internet gateway.  I can establish the tunnel but
I'm missing the last piece in the puzzle.  This is the routing of the
RFC 1918 addresses.  Locally I have 10.9.0.0/16 addresses and the
windows machine wants to connect to a web server on the remote side
that is using 192.168.0.0/16.

I'm not familiar enough with Windows to say if there is some checkbox
to fill in to make this work but the Firefox browser complains:

Connection interrupted.
The connection to the server was reset while the page was loading.
The network link was interrupted while negotiating a connection.
Please try again.

Is there some particular route that needs to be set up for this to work?

Thank you,

/jm

Re: PPTP vpn with OBSD gateway (outgoing)

[patrick keshishian]

On Fri, May 29, 2009 at 2:08 PM, Juan Miscaro jmisc...@gmail.com wrote:
 Hi, I'm trying to set up a PPTP tunnel for a Windows machine lying
 behind my OBSD 4.0 internet gateway. B I can establish the tunnel but
 I'm missing the last piece in the puzzle. B This is the routing of the
 RFC 1918 addresses. B Locally I have 10.9.0.0/16 addresses and the
 windows machine wants to connect to a web server on the remote side
 that is using 192.168.0.0/16.

Just to make sure I am understanding you correctly, you have a Windows
machine in your network which is behind an OpenBSD firewall (pf). The
Windows machine establishes a PPTP VPN connection to the remote site.
If I understood this correctly...

What is the route table on the Windows box look like? I'm not a
windows person but I believe the command is 'route print' from a
DOS/CMD prompt. Does the route to the remote site exist/show up in the
output? Does 'ipconfig' show your local ip assigned to your Windows
machine by the VPN server?

--patrick

Re: PPTP vpn with OBSD gateway (outgoing)

[Juan Miscaro]

2009/5/29 patrick keshishian pkesh...@gmail.com:
 On Fri, May 29, 2009 at 2:08 PM, Juan Miscaro jmisc...@gmail.com wrote:
 Hi, I'm trying to set up a PPTP tunnel for a Windows machine lying
 behind my OBSD 4.0 internet gateway. B I can establish the tunnel but
 I'm missing the last piece in the puzzle. B This is the routing of the
 RFC 1918 addresses. B Locally I have 10.9.0.0/16 addresses and the
 windows machine wants to connect to a web server on the remote side
 that is using 192.168.0.0/16.

 Just to make sure I am understanding you correctly, you have a Windows
 machine in your network which is behind an OpenBSD firewall (pf). The
 Windows machine establishes a PPTP VPN connection to the remote site.
 If I understood this correctly...

 What is the route table on the Windows box look like? I'm not a
 windows person but I believe the command is 'route print' from a
 DOS/CMD prompt. Does the route to the remote site exist/show up in the
 output? Does 'ipconfig' show your local ip assigned to your Windows
 machine by the VPN server?

Yeah, you understood my setup.

I will try the windows commands.

Thanks.

/jm

Re: Letting FTP out through PF with a default block all

[Andres Salazar]

Hmm.. Iam starting to think that ftp-proxy isnt possible with a default
block all in the pf.conf  due to BUG???


The PF FAQ at openbsd gives the example of ftp-proxy with block in pass
outall  Which actually defeats the purpose of doing ftp proxy for
outgoing connections if you have free access to the outside!!


So at the end, anybody can share if they have gotten to work fto-proxy with
block all?

Thanks
Andres

On Tue, May 26, 2009 at 5:51 PM, Andres Salazar ndrsslz...@gmail.comwrote:

 Hello,

 Before posting I acknowledge I have read the FAQ.. based on that this is my
 PF config:


 t_externa = re0

 set block-policy drop
 set loginterface $t_externa
 set limit states 10
 set limit frags 30
 set limit src-nodes 5
 set optimization aggressive

 set skip on lo0
 set debug urgent
 scrub in on $t_externa all
 scrub out on $t_externa all random-id

 nat-anchor ftp-proxy/*
 rdr-anchor ftp-proxy/*

 rdr on $t_externa proto tcp from any to any port 21 - 127.0.0.1 port 8021





 block all

 anchor ftp-proxy/*

 antispoof quick for { lo }

 #SSH

 pass in quick on $t_externa inet proto tcp from any to ($t_externa) \
port 22 flags S/SA modulate state


 ##DNS
 pass out log quick on $t_externa inet proto { tcp, udp } from ($t_externa)
 to any \
  port 53 keep state

 ##FTP
 pass out log quick on $t_externa inet proto tcp from ($t_externa) to any \
 port ftp flags S/SA modulate state

 pass out log quick on $t_externa inet proto tcp from ($t_externa) to any \
 port 8021 flags S/SA modulate state


 If I do block log all .. a tcpdump on pflog recieves this:


 May 25 20:03:55.067671 rule 0/(match) block out on re0: 58.46.80.70.46330 
 129.128.5.191.64072: S 1312607360:1312607360(0) win 16384 mss
 1460,nop,nop,sackOK,nop,wscale 0,[|tcp] (DF)
 May 25 20:03:55.375881 rule 0/(match) block in on re0: 129.128.5.191.20 
 58.46.80.70.63627: S 1300023739:1300023739(0) win 16384 mss
 1460,nop,nop,sackOK,nop,wscale 0,[|tcp] (DF)
 May 25 20:04:01.372812 rule 0/(match) block in on re0: 129.128.5.191.20 
 58.46.80.70.63627: S 1300023739:1300023739(0) win 16384 mss
 1460,nop,nop,sackOK,nop,wscale 0,[|tcp] (DF)
 May 25 20:04:13.373244 rule 0/(match) block in on re0: 129.128.5.191.20 
 58.46.80.70.63627: S 1300023739:1300023739(0) win 16384 mss
 1460,nop,nop,sackOK,nop,wscale 0,[|tcp] (DF)

 58 is my IP, 129 is ftp.openbsd.org

 I have also made sure that ftp-proxy is running, if I do telnet localhost
 8021 I get:

 orion:~$telnet localhost 8021
 Trying ::1...
 telnet: connect to address ::1: Connection refused
 Trying 127.0.0.1...
 Connected to localhost.
 Escape character is '^]'.
 Connection closed by foreign host.


 Which I think suggests that iam running it correctly.

 orion:~$telnet localhost 8021
 Trying ::1...
 telnet: connect to address ::1: Connection refused
 Trying 127.0.0.1...
 Connected to localhost.
 Escape character is '^]'.
 Connection closed by foreign host.orion:~$telnet localhost 8021
 Trying ::1...
 telnet: connect to address ::1: Connection refused
 Trying 127.0.0.1...
 Connected to localhost.
 Escape character is '^]'.
 Connection closed by foreign host.

 orion:~$telnet localhost 8021
 Trying ::1...
 telnet: connect to address ::1: Connection refused
 Trying 127.0.0.1...
 Connected to localhost.
 Escape character is '^]'.
 Connection closed by foreign host

 My conclusion is that somehow the rdr part to port 8021 isnt taking place..
 so the communication isnt channeled to the proxy..?

 pfctl -s all reads:

 # pfctl -s all
 TRANSLATION RULES:
 nat-anchor ftp-proxy/* all
 rdr-anchor ftp-proxy/* all
 rdr log on re0 inet proto tcp from any to any port = ftp - 127.0.0.1 port
 8021

 FILTER RULES:
 scrub in on re0 all fragment reassemble
 scrub out on re0 all random-id fragment reassemble
 block drop all
 anchor ftp-proxy/* all
 block drop in quick on ! lo inet from 127.0.0.0/8 to any
 block drop in quick on ! lo inet6 from ::1 to any
 block drop in quick inet6 from ::1 to any
 block drop in quick on lo0 inet6 from fe80::1 to any
 block drop in quick inet from 127.0.0.1 to any
 pass in quick on re0 inet proto tcp from any to (re0) port = ssh flags S/SA
 modulate state
 pass out quick on re0 inet proto tcp from (re0) to any port = ssh flags
 S/SA modulate state
 pass out quick on re0 inet proto tcp from (re0) to any port = domain flags
 S/SA keep state
 pass out quick on re0 inet proto udp from (re0) to any port = domain keep
 state
 pass out quick on re0 inet proto tcp from (re0) to any port = ftp flags
 S/SA modulate state
 pass out quick on re0 inet proto tcp from (re0) to any port = 8021 flags
 S/SA modulate state
 No queue in use


 I have also started ftp.proxy with and without the -r flag.

 Thank you.

 Andres

Best supported Asterisk interface for OpenBSD?

[Andres Salazar]

I would like to ask the OBSD community if someone can recommend me a good
supported interface for Asterisk on OBSD.

I have heard that FreePBX is really a pain to configure because it assumes a
linux environment.

Please anybody share their experience?

Thank you.

Andres

Re: multilink VPN

[Stuart Henderson]

On 2009-05-29, Toni Mueller openbsd-m...@oeko.net wrote:
 On Wed, 27.05.2009 at 22:07:25 -0300, James Mackinnon 
 jmackin...@devantec.com wrote:
 I need to setup redundant VPN's between these locations without the use of
 BGP.

 I have used sasync in the past, pfsync etc however, I have not tried to setup
 a VPN where 2 ISPs are used without the ISPs setup with BGP.  Because BGP
 convergance can take a bit of time, and the network in this case not being
 able to drop for 1 second, I need to determine what option is best.

 I heavily doubt that you'll be able to keep the network up at all
 times because even CARP failover will take longer than one second.

OSPF over gre's or gif's (which can then themselves be protected by
ipsec) is probably the fastest option at present on OpenBSD. You're
restricted to the lowest value you can set router-dead-time to; with
very aggressive timers (which are likely to cause problems with
false drops) that's 2 seconds. 3-4 seconds (with hellos at a second)
is more realistic for fast recovery over ethernet or some good quality
pseudowire circuit. Not sure exactly what you mean by VPN as it's not
a well defined term but you should look at that carefully. e.g. Rekeying
can be a little on the slow side, you want to avoid this happening
on both connections at the same time.

 I strongly suspect that if you really want to force less than 1 seconds
 of downtime even in the case of error, then you need to swap IP for a
 real high-reliability type of connection like telcos use in their long
 hauls (eg. SDH).

BFD can be quite quick.

In some parts of the world these better types of connection are simply
not available.

If you're used to what's available in Europe (1Gb ethernet-presented
private circuit over about 15 miles for GBP21K/year?) you will find the
situation in some places absolutely unbelievable.

Re: Ordering more than the CD

[Fred Crowson]

On 5/29/09, Jean-Francois jfsimon1...@gmail.com wrote:
 Hello,

 Could you please indicate where one in France can order the Shirt and
 CD, I found only CD resaler.
 Ordering in EU/US is not a problem if needed.

 Thank you!
 JF

The Computer Shop of Calgary will sell you everything you need:

https://https.openbsd.org/cgi-bin/order

hth

Fred

Re: Best supported Asterisk interface for OpenBSD?

[Chris Cappuccio]

I typically use the configuration files and asterisk command line.  

Andres Salazar [ndrsslz...@gmail.com] wrote:
 I would like to ask the OBSD community if someone can recommend me a good
 supported interface for Asterisk on OBSD.
 
 I have heard that FreePBX is really a pain to configure because it assumes a
 linux environment.
 
 Please anybody share their experience?
 
 Thank you.
 
 Andres

-- 
The audiences like to think that satire is doing something. But, in fact, it is 
mostly to leave themselves satisfied. Satisfied rather than angry, which is 
what they should be. 
-- Tom Lehrer

Re: multilink VPN

[James Mackinnon]

Hi All

Thanks for your feedback.

The guy regarding the cisco is a CCIE so I tend to accept his statements 
quick enough..


In VPN, I am referencing it in general terms in the creation of a private 
network over a public network of course.  I would go with MPLS or another 
technology, however again, not 100% failsafe.


Their application is a thick app which has allowances for network drops, 
however, the data is a real-time life and death type of solution in that 
they are a security monitoring company with multiple sites to which access 
data in 1 location. This is what I must ensure stays up because staff must 
be able to handle the alarms..


Roughly 1 million alarms a day go through this network, thus, any outage can 
result in dropped alarms.. Our solutions in both facilities also offer some 
allowances for drops by caching an alarm until network return, however 
applications failures are also bad in this case.


At first, I was looking at BGP, and in the past have used it, but with 
convergence time on a net down situation, it doesn't come close to the time 
required.


Personally, I think any solution that can rebuild in 10-30 seconds is a very 
solid solution. If they are not happy with that, I could recommend a very 
expensive alternative but that won't fly.


Stuart, do you know of some sources I should review on your mentioned idea.

I am also looking at multi-segmenting the locations systems and having their 
applications account for loss to failover to the second IP.


fun little project, very small to almost nil budget is the challange.

Cheers

James
- Original Message - 
From: Stuart Henderson s...@spacehopper.org

To: misc@openbsd.org
Sent: Friday, May 29, 2009 7:37 PM
Subject: Re: multilink VPN



On 2009-05-29, Toni Mueller openbsd-m...@oeko.net wrote:
On Wed, 27.05.2009 at 22:07:25 -0300, James Mackinnon 
jmackin...@devantec.com wrote:
I need to setup redundant VPN's between these locations without the use 
of

BGP.


I have used sasync in the past, pfsync etc however, I have not tried to 
setup
a VPN where 2 ISPs are used without the ISPs setup with BGP.  Because 
BGP
convergance can take a bit of time, and the network in this case not 
being

able to drop for 1 second, I need to determine what option is best.


I heavily doubt that you'll be able to keep the network up at all
times because even CARP failover will take longer than one second.


OSPF over gre's or gif's (which can then themselves be protected by
ipsec) is probably the fastest option at present on OpenBSD. You're
restricted to the lowest value you can set router-dead-time to; with
very aggressive timers (which are likely to cause problems with
false drops) that's 2 seconds. 3-4 seconds (with hellos at a second)
is more realistic for fast recovery over ethernet or some good quality
pseudowire circuit. Not sure exactly what you mean by VPN as it's not
a well defined term but you should look at that carefully. e.g. Rekeying
can be a little on the slow side, you want to avoid this happening
on both connections at the same time.


I strongly suspect that if you really want to force less than 1 seconds
of downtime even in the case of error, then you need to swap IP for a
real high-reliability type of connection like telcos use in their long
hauls (eg. SDH).


BFD can be quite quick.

In some parts of the world these better types of connection are simply
not available.

If you're used to what's available in Europe (1Gb ethernet-presented
private circuit over about 15 miles for GBP21K/year?) you will find the
situation in some places absolutely unbelievable.

Re: PPTP vpn with OBSD gateway (outgoing)

[Marcello Cruz]

Hi,

To publish an internal PPTP server:
rdr pass on $ext_if proto tcp from any to $ext_if port 1723 - 
$internal_server

rdr pass on $ext_if proto gre from any to any - $internal_server

To allow an internal computer establish a PPTP tunnel to a server on the 
Internet:

pass out on $ext_if proto gre from $ext_if  to any keep state
pass in on $int_if proto tcp from $internal_client to any port 1723 keep 
state

pass in  on $int_if proto gre from $internal_client to any keep state

The PPTP needs GRE and 1723/tcp..

Rgds
Marcello


- Original Message - 
From: Juan Miscaro jmisc...@gmail.com

To: patrick keshishian pkesh...@gmail.com
Cc: openbsd-misc misc@openbsd.org
Sent: Friday, May 29, 2009 7:08 PM
Subject: Re: PPTP vpn with OBSD gateway (outgoing)



2009/5/29 patrick keshishian pkesh...@gmail.com:

On Fri, May 29, 2009 at 2:08 PM, Juan Miscaro jmisc...@gmail.com wrote:

Hi, I'm trying to set up a PPTP tunnel for a Windows machine lying
behind my OBSD 4.0 internet gateway. B I can establish the tunnel but
I'm missing the last piece in the puzzle. B This is the routing of the
RFC 1918 addresses. B Locally I have 10.9.0.0/16 addresses and the
windows machine wants to connect to a web server on the remote side
that is using 192.168.0.0/16.


Just to make sure I am understanding you correctly, you have a Windows
machine in your network which is behind an OpenBSD firewall (pf). The
Windows machine establishes a PPTP VPN connection to the remote site.
If I understood this correctly...

What is the route table on the Windows box look like? I'm not a
windows person but I believe the command is 'route print' from a
DOS/CMD prompt. Does the route to the remote site exist/show up in the
output? Does 'ipconfig' show your local ip assigned to your Windows
machine by the VPN server?


Yeah, you understood my setup.

I will try the windows commands.

Thanks.

/jm

Re: pf, altq, packet rate

[Daniel Gracia Garallar]

As stupid as it can sound, you could develop a protocol to make routers 
talk each other and say how much bandwith is available in between. I 
think there's no other really sane way of inbound traffic control.


Dropper techniques are a cheap trick nice for little networks. Serious 
and big performance networking requires solid bases.


Think of overhead of receiving, dropping a packet, enqueing the 
offending stream, waiting, listening a resend again... That looks too 
much as spam :)


Regards,

Dani

irix escribio':

Hello ,



* irix i...@ukr.net [2009-05-27 18:12]:

But I can not understand why you are sure that traffic can only
outlet Shape

i can not understand why you want to shape outlets.

you don't understand that inbound shaping doesn't work because you
have obviously no idea how the network stack works. there is no
suitable queue inbound to do any queueing on. the ipintrq is way too
early. so to do any inbound shaping you had to insert another queueing
step, which is as clever as drinking water from the dead sea when
you're thirsty. or maybe one could rape the ipintrq somehow. but i
don't and won't rape.


by  shaping  the  incoming  traffic,  I  mean  simple  dropper  without
constructing  queues. All that the above specified speed dropped until
the  flow becomes less than or equal to specified speed. That actually
makes CDNR, which arrears.




But it pains me to see the obvious defects in my favorite system,

interestingly, in the 6 years since I did the altq/pf merge, you're
the only one to see that obvious defect


and complete indifference on the part of developers to the obvious defects.

obviously the developers have no clue about what they are doing, and
the milestones they have to meet by the contract they have with you


 understood the joke. Funny

Personal invitation from Rajneesh Shetty

[Rajneesh Shetty]

Personal invitation from Rajneesh Shetty

Re: multilink VPN

[Jussi Peltola]

In cisco speak, with pretty pictures:
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00800a43f6.shtml

On OpenBSD, it works analoguously, except that it's much cleaner :)

Just think of the ipsec secured gre tunnel as a wire from point A to B.
Make two such wires. Then run a routing protocol on them to redundantly
route your traffic through.

Some things to consider:

1. What if the internet links fail some other way than completely dead,
like high packet loss?

2. The rest of the system probably isn't as reliable as you think, if
you can't have much money for making the internet links redundant.

-- 
Jussi Peltola