Re: strangely slow OpenBSD server connection
On Mon, May 10, 2010 at 02:41:39PM -0700, Patrick Dohman wrote: On Mon, May 10, 2010 at 11:54 AM, Kurt Mosiejczuk kurt-openbsd-m...@se.rit.edu wrote: Fixing a speed below full and/or setting a duplex mode means you aren't using autoneg. Not sure if this where your headed Kurt but it's a subject i'm somewhat unclear on when it comes to GbE. Most if not all of the GbE cards I've utilized have drivers with no configuration for duplex when running at gigabit speeds. Basically all the duplex and flow control settings are auto only when running at gig speeds. b.t.w my apologies to the o.p I'm not trying to hijack the thread ;) GbE requires autoneg to run all the time. Whereas on 10 and 100MbE autoneg is optional. Getting the speed right is normaly not an issue but the duplex settings are often wrong (since half-duplex is the default for 10 and 100). -- :wq Claudio
OpenBSD does not detect connection ( no carrier ) to ASMI52 Leased Line modem
Hi, I have a leased line connection comming through MROTEK ASMi-52 modem. http://www.tradekey.com/product_view/id/1117664.htm If I plugin the output of that modem to any laptop it will work. If I plugin that output to a desktop it will not work Under OpenBSD it shows 'no carrier' during an 'ifconfig -a' Behind the moden from which the ethernet cable is connected it is written. LINK 10/100 BASE-T ACT What could be the trouble? Thanks --Siju
Re: strangely slow OpenBSD server connection
On Tue, May 11, 2010 at 01:05:47AM +0300, Andreas Gerdd wrote: On Mon, May 10, 2010 at 03:34, Daniel Melameth dan...@melameth.com wrote: I'll concur--that's pretty slow. Have you tried increasing net.inet.tcp.recvspace and/or net.inet.tcp.sendspace Increasing TCP send,recv and UDP send,recv dramatically improved the speed from 80 KB/s to 1.12M/s. God.. What a difference! from the default OpenBSD 4.6 values to: net.inet.tcp.sendspace=262144 net.inet.tcp.recvspace=262144 net.inet.udp.recvspace=262144 net.inet.udp.sendspace=262144 Would those high values make the server vulnerable to ddos attacks? Yes. First of all you increased the tcp sendspace by 16 so 16 times more memory will be consumed for each socket. So in the end you can use 16 times less concurrent sockets. Watch out for hitting the kern.maxclusters limit. Second the tcp recvspace should normaly not cause any troubles since as long as userland is responding that socketbuffer will stay almost empty. Third bumping udp send space makes no sense at all and the recv space should only be touched if you expect massive burst of huge udp traffic. I still don't feel comfortable with that bge0 card. Heh 80 KB/s.. I'll request an Intel NIC from the company. At 10Mbps. fxp(4), em(4) is overkill but a good option as well. On Mon, May 10, 2010 at 09:08, Tomas Bodzar tomas.bod...@gmail.com wrote: If you will take a look trough archives you will find that best option is to use Intel cards because of quality of HW. As you suggested, what model Intel NIC would be the best possible choice for OpenBSD? On Mon, May 10, 2010 at 18:46, James Records james.reco...@gmail.com wrote: Is this only with http? If you transfer a file using scp is it any faster? Tried both HTTP/FTP/SCP. Same speed. The SFTP/SCP speed was even around some few bytes! -- :wq Claudio
Re: Hardware for a PF box
On Mon, 10 May 2010, Chris Smith wrote: What about logging in this case? Can PF logs be sent to another system running a syslog daemon? You answered your own question. ;) Look at the 'action' field explanation in the manual page for syslog.conf(5) About the diskless machine, many of the so-called diskless machines actually use flash or ssd instead of a spinning magnetic platter. The base installation of openbsd is still quite small. If you are only running PF, you will have a lot of space left over on a 1GB CF to make a logging partition. Flash can be very slow, so volitile caches can be stored in an mfs partition. /Lars
Re: OpenBSD does not detect connection ( no carrier ) to ASMI52 Leased Line modem
On Tue, May 11, 2010 at 12:19:29PM +0530, Siju George wrote: Hi, I have a leased line connection comming through MROTEK ASMi-52 modem. http://www.tradekey.com/product_view/id/1117664.htm If I plugin the output of that modem to any laptop it will work. If I plugin that output to a desktop it will not work Under OpenBSD it shows 'no carrier' during an 'ifconfig -a' Behind the moden from which the ethernet cable is connected it is written. LINK 10/100 BASE-T ACT What could be the trouble? Try using a cross-over cable. -- :wq Claudio
Re: OpenBSD does not detect connection ( no carrier ) to ASMI52 Leased Line modem
On Tue, May 11, 2010 at 12:29 PM, Claudio Jeker cje...@diehard.n-r-g.com wrote: Try using a cross-over cable. Thanks for the idea Claudio. The cross over cable does not work either. Whatis amazing for me is that it can be connected to a laptop but not to a desktop computer? It connects to a Windows XP laptop and I can connect to the internet but it will not show link up if I connect it to a Windows XP desktop or a linux desktop or my OpenBSD firewall. I tried giving the same lladdr of the Windows XP laptiop through which i connected to the openBSD NIC still it shows no carrier :-( The ISP told us that it should be given to some device like fortigate But What amazes me is how I am able to get it working on a laptop :-( thanks --Siju
Re: OpenBSD does not detect connection ( no carrier ) to ASMI52 Leased Line modem
On 2010-05-11, Siju George sgeorge...@gmail.com wrote: Hi, I have a leased line connection comming through MROTEK ASMi-52 modem. http://www.tradekey.com/product_view/id/1117664.htm If I plugin the output of that modem to any laptop it will work. If I plugin that output to a desktop it will not work Under OpenBSD it shows 'no carrier' during an 'ifconfig -a' Did you 'ifconfig iface up'? Some NICs show link before this is done, others do not.
Matheus Teles cantor sertanejo
Matheus Teles, 15 anos de idade, cantor sertanejo. Acesse www.MatheusTeles.com.br
Re: cd arrived in Italy, and in Sweden too
On 11 May 2010 00:37, Benny Lvfgren bl-li...@lofgren.biz wrote: matteo filippetto wrote: Hi all, today cd arrived in Italy ...and mine came today as well, together with two mugs and two t-shirts that my girlfriend immediately banned from use in public amongst non-nerds. :-) Thanks, folks. No stranger ever went out of their way to say something about any of my generic printed t-shirts or even any of my old Linux t-shirts (back when I was still finding myself :). But OpenBSD t-shirts? Strangers go out of their way to comment on my OpenBSD t-shirts over the years. I remember once a baker leaned over the counter after I'd bought a pie, raised his finger to his lips and went sshh. I thought, WTF? Then he points to my OpenSSH t-shirt! Ahhh. But even better, even a hot young Asian chick commented about my cool Puffy t-shirt. Let me set the scene here, hot young Asian chicks don't go out of their way to talk to me. THANK YOU OpenBSD!!! I reckon your girlfriend knows this and that's why she does not wanting you wearing them. Shane
Re: OpenBSD does not detect connection ( no carrier ) to ASMI52 Leased Line modem
On Tue, May 11, 2010 at 03:09:37PM +0530, Siju George wrote: On Tue, May 11, 2010 at 12:29 PM, Claudio Jeker cje...@diehard.n-r-g.com wrote: Try using a cross-over cable. Thanks for the idea Claudio. The cross over cable does not work either. You might have auto-negotiation problems, try to force a different mode. i guess that 100 full-duplex should work. also try to use a cable that is at least 2m long. # ifconfig em0 media 100baseTx mediaopt full-duplex or to list the available options for your NIC: # ifconfig em0 media Whatis amazing for me is that it can be connected to a laptop but not to a desktop computer? It connects to a Windows XP laptop and I can connect to the internet but it will not show link up if I connect it to a Windows XP desktop or a linux desktop or my OpenBSD firewall. try to figure out the link speed that windows is using to connect to the modem. but i don't know a way to figure out the duplex state on windows. The ISP told us that it should be given to some device like fortigate you should change the ISP for giving such a misleading advise. reyk
Re: strange pausing behavior in -current
On Mon, May 10, 2010 at 8:53 PM, Bryan bra...@gmail.com wrote: I just installed -current and did a build of the most recent cvs pull, and I'm still experiencing it. As I type of do pretty much anything on the computer, the whole screen and output (xterms, firefox, etc) will stutter, and will only unpause if I wait several seconds, or move the mouse. Once I move the mouse, the screen updates, and everything is good. This only occurs in X, consoles don't have the issue. The pausing seems to occurring at random. It's more annoying than anything, but I I just wondered if anyone else had come across this issue before... Take a look at: http://marc.info/?l=openbsd-miscw=4r=1s=intel+drmq=b dmesg is below. here is the latest dmesg: OpenBSD 4.7-current (build) #0: Mon May 10 20:08:01 CDT 2010 r...@openbsd-host.gateway.2wire.net:/usr/build cpu0: Pentium(R) Dual-Core CPU T4400 @ 2.20GHz (GenuineIntel 686-class) 2.20 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MW AIT,DS-CPL,EST,TM2,SSSE3,CX16,xTPR,PDCM,XSAVE real mem = 3145064448 (2999MB) avail mem = 3050852352 (2909MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 12/09/09, BIOS32 rev. 0 @ 0xfd8f0, SMBIOS rev. 2.5 @ 0xbbac (45 entries) bios0: vendor Phoenix Technologies LTD version V2.04 date 12/09/2009 bios0: Acer Aspire 7736 acpi0 at bios0: rev 2 acpi0: tables DSDT FACP HPET MCFG SLIC APIC BOOT SSDT SSDT acpi0: wakeup devices P0P1(S4) USB0(S3) USB1(S3) USB2(S3) USBR(S3) EHC1(S3) USB3(S3) USB4(S3) USB5(S3) EHC2(S3) HDEF(S3) PXSX(S5) GL AN(S5) LID0(S3) SLPB(S3) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpihpet0 at acpi0: 14318179 Hz acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: apic clock running at 199MHz cpu1 at mainbus0: apid 1 (application processor) cpu1: Pentium(R) Dual-Core CPU T4400 @ 2.20GHz (GenuineIntel 686-class) 2.20 GHz cpu1: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MW AIT,DS-CPL,EST,TM2,SSSE3,CX16,xTPR,PDCM,XSAVE ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 13 (P0P1) acpiprt2 at acpi0: bus 2 (RP01) acpiprt3 at acpi0: bus 3 (RP02) acpiprt4 at acpi0: bus -1 (RP03) acpiprt5 at acpi0: bus -1 (RP04) acpiprt6 at acpi0: bus 4 (RP05) acpiec0 at acpi0 acpicpu0 at acpi0: C2, C1, PSS acpicpu1 at acpi0: C2, C1, PSS acpitz0 at acpi0: critical temperature 101 degC acpitz1 at acpi0: critical temperature 101 degC acpibat0 at acpi0: BAT0 model AS07B31 serial 170 type LION oem 4f594e4153 acpiac0 at acpi0: AC unit offline acpibtn0 at acpi0: LID0 acpibtn1 at acpi0: SLPB acpivideo0 at acpi0: VGA_ acpivout0 at acpivideo0: CRT_ acpivout1 at acpivideo0: LCD_ acpivout2 at acpivideo0: TV0_ acpivout3 at acpivideo0: DVI_ acpivideo1 at acpi0: GFX0 acpivout4 at acpivideo1: DD01 acpivout5 at acpivideo1: DD02 acpivout6 at acpivideo1: DD03 bios0: ROM list: 0xc/0xfe00! 0xd/0x1000 0xd1200/0x1000 cpu0: Enhanced SpeedStep 2195 MHz: speeds: 2200, 1600, 1200 MHz pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 0 function 0 Intel GM45 Host rev 0x09 vga1 at pci0 dev 2 function 0 Intel GM45 Video rev 0x09 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) intagp0 at vga1 agp0 at intagp0: aperture at 0xd000, size 0x1000 inteldrm0 at vga1: apic 2 int 16 (irq 11) drm0 at inteldrm0 Intel GM45 Video rev 0x09 at pci0 dev 2 function 1 not configured uhci0 at pci0 dev 26 function 0 Intel 82801I USB rev 0x03: apic 2 int 20 (irq 11) uhci1 at pci0 dev 26 function 1 Intel 82801I USB rev 0x03: apic 2 int 20 (irq 11) ehci0 at pci0 dev 26 function 7 Intel 82801I USB rev 0x03: apic 2 int 20 (irq 11) usb0 at ehci0: USB revision 2.0 uhub0 at usb0 Intel EHCI root hub rev 2.00/1.00 addr 1 azalia0 at pci0 dev 27 function 0 Intel 82801I HD Audio rev 0x03: apic 2 int 21 (irq 10) azalia0: codecs: Realtek ALC888, ATT/Lucent/0x1040, Intel/0x2802, using Realtek ALC888 audio0 at azalia0 ppb0 at pci0 dev 28 function 0 Intel 82801I PCIE rev 0x03: apic 2 int 16 (irq 11) pci1 at ppb0 bus 2 bge0 at pci1 dev 0 function 0 Broadcom BCM5784 rev 0x10, BCM5784 A1 (0x5784100): apic 2 int 16 (irq 11), address 00:26:2d:82:c7:73 brgphy0 at bge0 phy 1: BCM5784 10/100/1000baseT PHY, rev. 4 ppb1 at pci0 dev 28 function 1 Intel 82801I PCIE rev 0x03: apic 2 int 17 (irq 11) pci2 at ppb1 bus 3 athn0 at pci2 dev 0 function 0 Atheros AR9281 rev 0x01: apic 2 int 17 (irq 11), address c4:17:fe:81:ea:1d athn0: AR9280 rev 2 (2T2R), ROM rev 22 ppb2 at pci0 dev 28 function 4 Intel 82801I PCIE rev 0x03: apic 2 int 16 (irq 11) pci3 at ppb2 bus 4 uhci2 at pci0 dev 29 function 0 Intel 82801I USB rev 0x03: apic 2 int 23 (irq 10)
nested vlans: safe to use?
Hi, I've been trying to figure out whether I can use OpenBSD in a nested vlan scenario. I'm looking at a data centre where I want to get two wires, each carrying several vlans, and funneling them home across a WAN link. Various switch vendors claim to be able to do it, but I couldn't really figure out what the current state of affairs wrt. OpenBSD is. On the other side of the wires or fibres, I'll be talking to Junipers, Ciscos (6509), and/or Foundy switches and/or routers on the other side(s). The desired setup looks like this: data centre LAN --- switch --- WAN --- home (OpenBSD) I want to run at least three vlans across the WAN link, and need to keep the vlans strictly separated. I also need to do traffic shaping on a per-vlan basis. :/ TIA! Kind regards, --Toni++
Re: Hardware for a PF box
On Tue, May 11, 2010 at 4:56 PM, Lars Nooden lars.cura...@gmail.com wrote: On Mon, 10 May 2010, Chris Smith wrote: What about logging in this case? Can PF logs be sent to another system running a syslog daemon? You answered your own question. ;) Look at the 'action' field explanation in the manual page for syslog.conf(5) About the diskless machine, many of the so-called diskless machines actually use flash or ssd instead of a spinning magnetic platter. The base installation of openbsd is still quite small. If you are only running PF, you will have a lot of space left over on a 1GB CF to make a logging partition. Flash can be very slow, so volitile caches can be stored in an mfs partition. /Lars OpenBSD will happily fit into about 160mb by installing only base and etc which provide plenty for a firewall. My 1.4GHz Toshiba laptop acting as a wireless-wired gateway runs OpenBSD 4.6 on a 512mb USB drive (which I'd like to replace with a CF disk on a 2.5 compatible adapter) with space to spare. Sure it doesn't do anywhere near as many packets as you propose, but it handles a constantly-running seedbox and my gaming together without skipping a beat, which is more than I can ask for. -- Aaron Mason - Programmer, open source addict I've taken my software vows - for beta or for worse
Re: nested vlans: safe to use?
On 11/05/2010 12:45, Toni Mueller wrote: Hi, I've been trying to figure out whether I can use OpenBSD in a nested vlan scenario. I'm looking at a data centre where I want to get two wires, each carrying several vlans, and funneling them home across a WAN link. Various switch vendors claim to be able to do it, but I couldn't really figure out what the current state of affairs wrt. OpenBSD is. On the other side of the wires or fibres, I'll be talking to Junipers, Ciscos (6509), and/or Foundy switches and/or routers on the other side(s). The desired setup looks like this: data centre LAN --- switch --- WAN --- home (OpenBSD) I want to run at least three vlans across the WAN link, and need to keep the vlans strictly separated. I also need to do traffic shaping on a per-vlan basis. :/ First of all, how will you connect from home to the data center? Normal household broadband? Can't do VLAN's over that. If you have leased lines for example, say from an office to datacenter, then you can do it but only if they are VLAN clear. I had some links once from Office to different sites from a company called Adapt, but they where not VLAN clear and it was problem which we had to work around, and it wasn't that bad but once we installed VLAN clear lines it was much better.
Halens'den bedava urun kazanma sansi!
a)Yukar}da gvr|nt|lenen t|m fiyatlarda KDV dahil olup,30 May}s'a kadar kargo |cretsizdir. b)L|tfen bu iletiyi elektronik posta program}n}z}n 'cevapla' tu~unu kullanarak cevaplamay}n}z. c)Sorular}n}z veya yorumlar}n}z igin l|tfen ileti~im formunu kullan}n}z. d)Bilgi almak igin gizlilik politikam}z} ve ~art ve h|k|mlermizi okuyunuz. e)Gvr|nt|lenen ticari markalar ve marka adlar} ilgili, yasal sahiplere aittir. Halens hakk}nda daha fazla bilgi igin l|tfen web sitemizi ziyaret ediniz. Halens T|rkiye : Kvyalt} Mevki Cemal Ulusoy Caddesi Asena Sok. No : 9 Kat : 3 34197 Yenibosna / ]stanbul T|rkiye CEO: Matthias Fink, Ticaret Sicil Numaras} 694704 HALEN DANI^MA HATTI 09:30 - 12:30 / 13:30 - 17:30 i...@halens.com.tr Telif hakk} 2009 Quelle T|rkiye tekstil ve Elektronik Online Shop Limited ^irketi'ne aittir. Bu maili d|zg|n gvremiyorsan}z t}klay}n}z. \yelikten g}kmak istiyorsan}z t}klay}n}z. Tasar}m : Kollektif
*BSD meetup, London May 27th
Hi Guys Some of us are meeting at the Barrowboy Banker by London bridge on the 27th this month, 7pm More details here: http://mailman.uk.freebsd.org/pipermail/ukfreebsd/2010-May/012735.html Sevan / Venture37
Re: strange pausing behavior in -current
On Tue, May 11, 2010 at 06:38, Neal Hogan nealho...@gmail.com wrote: Take a look at: http://marc.info/?l=openbsd-miscw=4r=1s=intel+drmq=b I did read this thread pchb0 at pci0 dev 0 function 0 Intel GM45 Host rev 0x09 vga1 at pci0 dev 2 function 0 Intel GM45 Video rev 0x09 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) intagp0 at vga1 agp0 at intagp0: aperture at 0xd000, size 0x1000 inteldrm0 at vga1: apic 2 int 16 (irq 11) drm0 at inteldrm0 Intel GM45 Video rev 0x09 at pci0 dev 2 function 1 not configured I'm not really having any issues with X not starting, nor is the agp0 at intagp0 having issues. In my case, I built a GENERIC.MP kernel, and started X with no issues, it seems like the screen pauses for a few seconds at random. Above, you can see the video portion of my dmesg from 10 May 2010. It appears to be working as the devs wanted it to. As I'm sitting here writing this, I wonder if its an EXA/XXA issue, like: http://marc.info/?l=openbsd-miscm=124488326903516w=2 but it also happens on apps like Firefox, and Midori (I installed it thinking it was a firefox issue). I'll try this and get back with you...
Re: Hardware for a PF box
Hello, I'll try to answer every suggestion... I'm going to buy brand new HP servers, DL360 G5 or DL165 G7. So the choice for CPU is between AMD Opteron 24xx or Intel Xeon 55xx. I've read that a PIII would be sufficient : I have performance issues actually, running on a Xeon 2.8GHz (monocore, FSB 800, socket 604). I don't think they come from PF BTW, it should be logging/relayd/OpenVPN which makes the box lag. I'm actually on a test with dual xeon E5420 on GEMERIC.MP, it runs like a charm. But it's borrowed hardware, I have to give it back :) I'm very interested in separated log machine, I think I'll do that. Could you give me an estimation on how many Mbps I need on the log server ? I think I'll put this on a VM, we have an ESX cluster connected to a CX3-40 SAN which should give enough disk I/O... Installing SSD on the machines is way more expensive with HP hardware : 72 GB SAS 15Ktpm costs 260b,, 60 GB SSD costs 950b,. HP offers no way to install a compact flash as disk drive. Networks cards are Intel Gb, using em(4) driver. So, with all your considerations, here's my actual setup : * Xeon E5504 quad core @2Ghz (don't need AMD's 6 cores, and costs nearly the same prize than the only dual core remaining, E5502 @1.86GHz) * 3*1GB memory (Xeon are triple channel, so I need three DIMM for maximal memory bandwidth) * 2x72 Gb SAS drives on raid0 Does it sound correct to you ? Do you have any suggestion/modification ? Thank you very much for the help. -- Cordialement, Pierre BARDOU -Message d'origine- DeB : Aaron Mason [mailto:simplersolut...@gmail.com] EnvoyC)B : mardi 11 mai 2010 14:01 CB : Lars Nooden CcB : misc@openbsd.org ObjetB : Re: Hardware for a PF box On Tue, May 11, 2010 at 4:56 PM, Lars Nooden lars.cura...@gmail.com wrote: On Mon, 10 May 2010, Chris Smith wrote: What about logging in this case? Can PF logs be sent to another system running a syslog daemon? You answered your own question. ;) Look at the 'action' field explanation in the manual page for syslog.conf(5) About the diskless machine, many of the so-called diskless machines actually use flash or ssd instead of a spinning magnetic platter. The base installation of openbsd is still quite small. If you are only running PF, you will have a lot of space left over on a 1GB CF to make a logging partition. Flash can be very slow, so volitile caches can be stored in an mfs partition. /Lars OpenBSD will happily fit into about 160mb by installing only base and etc which provide plenty for a firewall. My 1.4GHz Toshiba laptop acting as a wireless-wired gateway runs OpenBSD 4.6 on a 512mb USB drive (which I'd like to replace with a CF disk on a 2.5 compatible adapter) with space to spare. Sure it doesn't do anywhere near as many packets as you propose, but it handles a constantly-running seedbox and my gaming together without skipping a beat, which is more than I can ask for. -- Aaron Mason - Programmer, open source addict I've taken my software vows - for beta or for worse
Re: Hardware for a PF box
Sorry, typo : SAS drives would be on RAID1. So the config would be : * Xeon E5504 quad core @2Ghz (don't need AMD's 6 cores, and costs nearly the same prize than the only dual core remaining, E5502 @1.86GHz) * 3*1GB memory (Xeon are triple channel, so I need three DIMM for maximal memory bandwidth) * 2x72 Gb SAS drives on raid1 * GENERIC.MP kernel -- Cordialement, Pierre BARDOU -Message d'origine- DeB : BARDOU Pierre EnvoyC)B : mardi 11 mai 2010 15:40 CB : 'misc@openbsd.org' ObjetB : RE: Hardware for a PF box Hello, I'll try to answer every suggestion... I'm going to buy brand new HP servers, DL360 G5 or DL165 G7. So the choice for CPU is between AMD Opteron 24xx or Intel Xeon 55xx. I've read that a PIII would be sufficient : I have performance issues actually, running on a Xeon 2.8GHz (monocore, FSB 800, socket 604). I don't think they come from PF BTW, it should be logging/relayd/OpenVPN which makes the box lag. I'm actually on a test with dual xeon E5420 on GEMERIC.MP, it runs like a charm. But it's borrowed hardware, I have to give it back :) I'm very interested in separated log machine, I think I'll do that. Could you give me an estimation on how many Mbps I need on the log server ? I think I'll put this on a VM, we have an ESX cluster connected to a CX3-40 SAN which should give enough disk I/O... Installing SSD on the machines is way more expensive with HP hardware : 72 GB SAS 15Ktpm costs 260b,, 60 GB SSD costs 950b,. HP offers no way to install a compact flash as disk drive. Networks cards are Intel Gb, using em(4) driver. So, with all your considerations, here's my actual setup : * Xeon E5504 quad core @2Ghz (don't need AMD's 6 cores, and costs nearly the same prize than the only dual core remaining, E5502 @1.86GHz) * 3*1GB memory (Xeon are triple channel, so I need three DIMM for maximal memory bandwidth) * 2x72 Gb SAS drives on raid0 Does it sound correct to you ? Do you have any suggestion/modification ? Thank you very much for the help. -- Cordialement, Pierre BARDOU -Message d'origine- DeB : Aaron Mason [mailto:simplersolut...@gmail.com] EnvoyC)B : mardi 11 mai 2010 14:01 CB : Lars Nooden CcB : misc@openbsd.org ObjetB : Re: Hardware for a PF box On Tue, May 11, 2010 at 4:56 PM, Lars Nooden lars.cura...@gmail.com wrote: On Mon, 10 May 2010, Chris Smith wrote: What about logging in this case? Can PF logs be sent to another system running a syslog daemon? You answered your own question. ;) Look at the 'action' field explanation in the manual page for syslog.conf(5) About the diskless machine, many of the so-called diskless machines actually use flash or ssd instead of a spinning magnetic platter. The base installation of openbsd is still quite small. If you are only running PF, you will have a lot of space left over on a 1GB CF to make a logging partition. Flash can be very slow, so volitile caches can be stored in an mfs partition. /Lars OpenBSD will happily fit into about 160mb by installing only base and etc which provide plenty for a firewall. My 1.4GHz Toshiba laptop acting as a wireless-wired gateway runs OpenBSD 4.6 on a 512mb USB drive (which I'd like to replace with a CF disk on a 2.5 compatible adapter) with space to spare. Sure it doesn't do anywhere near as many packets as you propose, but it handles a constantly-running seedbox and my gaming together without skipping a beat, which is more than I can ask for. -- Aaron Mason - Programmer, open source addict I've taken my software vows - for beta or for worse
Re: Sendmail performance and OpenBSD
On 5/9/2010 11:28 PM, Claus Assmann wrote: PS: you might want to run some of those disk I/O benchmarks to determine the number of IOPs your system can provide. Thanks, everyone, for your help. I followed Nick's advice and went in the server room to watch the lights, and they're really not blinken that much. I had expected them to be on constantly. I tried running bonnie -s 1024 while watching the output of iostat. The iostat -w 5 -d output at rest (relaying mail, LA 0.9-1.5) is 8-16 KB/t, 0-15 t/s, 0.01-0.10 MB/s. During the run it seemed to max out at ~10 MB/s on writes and ~32 MB/s on reads. I also ran Jeff Ross' first dd test: jr...@varley:/var/postgresql $ sudo time dd if=/dev/zero of=big_file bs=8k count=1024000 1024000+0 records in 1024000+0 records out 8388608000 bytes transferred in 276.573 secs (30330468 bytes/sec) 276.60 real 0.17 user 60.39 sys # time dd if=/dev/zero of=big_file bs=8k count=1024000 1024000+0 records in 1024000+0 records out 8388608000 bytes transferred in 204.444 secs (41031301 bytes/sec) 3m25.64s real 0m0.57s user 0m49.42s system So, I got slightly better performance out of these 10k disks. iostat said I was doing about 20mb/sec. I'll have to run the /dev/null test later so my users don't yell at me about delayed emails. I have no milters running. I do have TLS enabled, but I wouldn't think that'd have an impact on a 3 GHz machine, and if it did I'd expect high CPU use. I'll keep looking, but at this point I'm thinking I'm not disk bound. For completeness, bioctl and dmesg pasted below. I'm running 4.7-stable with patch 004. The dmesg says it's a Smart Array 64xx, but I'm pretty sure it's a 6i, if that matters. Volume Status Size Device ciss0 0 Online72833679360 sd0 RAID1 0 Online72834973696 0:0.0 noencl COMPAQ BD07288277 '3KT08MDM75266AF3' 1 Online72834973696 0:1.0 noencl COMPAQ BD0728856A 'AAL1P5A0F2B80541' OpenBSD 4.7 (GENERIC.MP) #1: Thu May 6 01:12:41 EDT 2010 r...@pa508bld47-64.gmaccm.com:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 2146381824 (2046MB) avail mem = 2079801344 (1983MB) mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.3 @ 0xec000 (56 entries) bios0: vendor HP version P52 date 07/16/2007 bios0: HP ProLiant DL360 G4 acpi0 at bios0: rev 2 acpi0: tables DSDT FACP SPCR MCFG APIC acpi0: wakeup devices acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Xeon(TM) CPU 3.00GHz, 3000.60 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,CNXT-ID,CX16,xTPR,NXE,LONG cpu0: 1MB 64b/line 8-way L2 cache cpu0: apic clock running at 200MHz cpu1 at mainbus0: apid 6 (application processor) cpu1: Intel(R) Xeon(TM) CPU 3.00GHz, 3000.11 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,CNXT-ID,CX16,xTPR,NXE,LONG cpu1: 1MB 64b/line 8-way L2 cache ioapic0 at mainbus0: apid 8 pa 0xfec0, version 20, 24 pins ioapic1 at mainbus0: apid 9 pa 0xfec1, version 20, 24 pins ioapic1: misconfigured as apic 0, remapped to apid 9 ioapic2 at mainbus0: apid 10 pa 0xfec82000, version 20, 24 pins ioapic3 at mainbus0: apid 11 pa 0xfec82400, version 20, 24 pins acpiprt0 at acpi0: bus 1 (IP2P) acpiprt1 at acpi0: bus 2 (ICHR) acpiprt2 at acpi0: bus 7 (PCXA) acpiprt3 at acpi0: bus 10 (PCXB) acpiprt4 at acpi0: bus 6 (PTB0) acpiprt5 at acpi0: bus 13 (PTA0) acpiprt6 at acpi0: bus 3 (PTC0) acpiprt7 at acpi0: bus 0 (PCI0) acpicpu0 at acpi0 acpicpu1 at acpi0 acpitz0 at acpi0: critical temperature 31 degC pci0 at mainbus0 bus 0 pchb0 at pci0 dev 0 function 0 Intel E7520 Host rev 0x0c ppb0 at pci0 dev 2 function 0 Intel E7520 PCIE rev 0x0c pci1 at ppb0 bus 13 ppb1 at pci0 dev 4 function 0 Intel E7520 PCIE rev 0x0c pci2 at ppb1 bus 6 ppb2 at pci2 dev 0 function 0 Intel PCIE-PCIE rev 0x09 pci3 at ppb2 bus 7 ppb3 at pci2 dev 0 function 2 Intel PCIE-PCIE rev 0x09 pci4 at ppb3 bus 10 ppb4 at pci0 dev 6 function 0 Intel E7520 PCIE rev 0x0c pci5 at ppb4 bus 3 ppb5 at pci0 dev 28 function 0 Intel 6300ESB PCIX rev 0x02 pci6 at ppb5 bus 2 ciss0 at pci6 dev 1 function 0 Compaq Smart Array 64xx rev 0x01: apic 9 int 0 (irq 5) ciss0: 1 LD, HW rev 1, FW 2.84/2.84, 64bit fifo scsibus0 at ciss0: 1 targets sd0 at scsibus0 targ 0 lun 0: HP, LOGICAL VOLUME, 2.84 SCSI2 0/direct fixed sd0: 69459MB, 512 bytes/sec, 142253280 sec total bge0 at pci6 dev 2 function 0 Broadcom BCM5704C rev 0x10, BCM5704 B0 (0x2100): apic 9 int 1 (irq 5), address 00:12:79:93:07:ff brgphy0 at bge0 phy 1: BCM5704 10/100/1000baseT PHY, rev. 0 bge1 at pci6 dev 2 function 1 Broadcom BCM5704C rev 0x10, BCM5704 B0 (0x2100):
Re: strange pausing behavior in -current
On Tue, May 11, 2010 at 8:08 AM, Bryan bra...@gmail.com wrote: On Tue, May 11, 2010 at 06:38, Neal Hogan nealho...@gmail.com wrote: Take a look at: http://marc.info/?l=openbsd-miscw=4r=1s=intel+drmq=b Just to be a bit more specific. http://marc.info/?l=openbsd-miscm=127264769508631w=4 I pointed you to all those threads b/c there were a few in there addressing your situation more recently than the thread you read. The devs are aware of the stuttering/pausing thing with X and seem to be working on it. I have yet found time to test Owain's patch . . . will try to soon ;-) I did read this thread pchb0 at pci0 dev 0 function 0 Intel GM45 Host rev 0x09 vga1 at pci0 dev 2 function 0 Intel GM45 Video rev 0x09 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) intagp0 at vga1 agp0 at intagp0: aperture at 0xd000, size 0x1000 inteldrm0 at vga1: apic 2 int 16 (irq 11) drm0 at inteldrm0 Intel GM45 Video rev 0x09 at pci0 dev 2 function 1 not configured I'm not really having any issues with X not starting, nor is the agp0 at intagp0 having issues. In my case, I built a GENERIC.MP kernel, and started X with no issues, it seems like the screen pauses for a few seconds at random. Above, you can see the video portion of my dmesg from 10 May 2010. It appears to be working as the devs wanted it to. As I'm sitting here writing this, I wonder if its an EXA/XXA issue, like: http://marc.info/?l=openbsd-miscm=124488326903516w=2 but it also happens on apps like Firefox, and Midori (I installed it thinking it was a firefox issue). I'll try this and get back with you...
Re: Why left asymmetric layout for RAID 5?
On Mon, May 10, 2010 at 01:42:29AM -0700, Matthew Dempsky wrote: I noticed that softraid's RAID 5 implementation uses the left asymmetric layout, while I've only found (sparse/vague) documentation suggesting symmetric layouts should be slightly better (namely, for an N-disk array, every N consecutive data units will each be stored on a different disk) without any apparent disadvantage. Is there an advantage to asymmetric layouts that I'm not aware of? Designers choice. It seems like it would be a fairly non-intrusive change: simply changing lines 423--424 of softraid_raidp.c to chunk = (parity + 1 + chunk) % (no_chunk + 1);, though I haven't tested this. Sure, but why? What are we gaining? Of course, RAID 5 users would have to recreate their RAID arrays, but upgrading from 4.7 to 4.8 will require that anyway.
Re: Hardware for a PF box
On Tue, 11 May 2010, BARDOU Pierre wrote: ... I don't think they come from PF BTW, it should be logging/relayd/OpenVPN which makes the box lag. Verify before you flush money. Tools like iostat, vmstat and pftop might help show where the load is. Does the load you have from OpenVPN suggest the need for hardware random number generator? I'm very interested in separated log machine, I think I'll do that. Could you give me an estimation on how many Mbps I need on the log server ? It depends on what you have chosen to log, the level of detail you have chosen to log at and how much that service is actually used. Try set up the logging rules and use tcpdump or pftop to track the connection to the log server to see. Does it sound correct to you ? It could be overkill on the hardware. Do you have any suggestion/modification ? Several have already mentioned that a diskless set up would work. For PF,relayd,OpenVPN you do not need much of a hard drive. You boot from a 1GB CF and fit base in way less than 250MB of it. The rest could be used for short-term logging with copies sent to a log server. If you are running squid or another cache, then the RAID set up might be useful. Or it might not be. If you have a lot of RAM, then you can put the cache onto a ramdisk using mfs, if the size is right. /Lars
Re: strange pausing behavior in -current
On Tue, May 11, 2010 at 4:07 PM, Neal Hogan nealho...@gmail.com wrote: I pointed you to all those threads b/c there were a few in there addressing your situation more recently than the thread you read. The devs are aware of the stuttering/pausing thing with X and seem to be working on it. I have yet found time to test Owain's patch . . . will try to soon ;-) And now INTELDRM_GEM is the default: http://marc.info/?l=openbsd-cvsm=127353058425278w=2 ciao, david
Re: strange pausing behavior in -current
On Tue, May 11, 2010 at 09:07, Neal Hogan nealho...@gmail.com wrote: On Tue, May 11, 2010 at 8:08 AM, Bryan bra...@gmail.com wrote: On Tue, May 11, 2010 at 06:38, Neal Hogan nealho...@gmail.com wrote: Take a look at: http://marc.info/?l=openbsd-miscw=4r=1s=intel+drmq=b Just to be a bit more specific. http://marc.info/?l=openbsd-miscm=127264769508631w=4 I pointed you to all those threads b/c there were a few in there addressing your situation more recently than the thread you read. The devs are aware of the stuttering/pausing thing with X and seem to be working on it. I have yet found time to test Owain's patch . . . will try to soon ;-) I did read this thread pchb0 at pci0 dev 0 function 0 Intel GM45 Host rev 0x09 vga1 at pci0 dev 2 function 0 Intel GM45 Video rev 0x09 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) intagp0 at vga1 agp0 at intagp0: aperture at 0xd000, size 0x1000 inteldrm0 at vga1: apic 2 int 16 (irq 11) drm0 at inteldrm0 Intel GM45 Video rev 0x09 at pci0 dev 2 function 1 not configured I'm not really having any issues with X not starting, nor is the agp0 at intagp0 having issues. B In my case, I built a GENERIC.MP kernel, and started X with no issues, it seems like the screen pauses for a few seconds at random. B Above, you can see the video portion of my dmesg from 10 May 2010. B It appears to be working as the devs wanted it to. As I'm sitting here writing this, I wonder if its an EXA/XXA issue, like: http://marc.info/?l=openbsd-miscm=124488326903516w=2 but it also happens on apps like Firefox, and Midori (I installed it thinking it was a firefox issue). B I'll try this and get back with you... Sorry man... I did read this one too, but it had been a while ago...
Re: SAS RAID Controller of SunFire X4150 causes trouble
Am 07.05.2010 11:35, schrieb Stuart Henderson: On 2010-05-06, Schafhauser, Florian fschafhau...@arri.de wrote: Hello, the RAID Controller causes trouble with OpenBSD 4.5 and 4.6. First off, for mpi(4) you want one of these patches: ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.5/common/015_mpi.patch ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.6/common/009_mpi.patch ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.7/common/002_mpi.patch Reading and writing is quite slow. When I use I/O intensive applications like squid, machine dies within next 30 minutes. I applied the patch in this way: cvsup -g -L2 /etc/cvsup patch -p1 009_mpi.patch rebuild the kernel reboot 10240 bytes transferred in 15.936 secs (6425378 bytes/sec) 10240 bytes transferred in 16.173 secs (6331465 bytes/sec) 10240 bytes transferred in 16.004 secs (6398081 bytes/sec) Writing speed is still the same. Which information do you need to analyze the problem? Florian # dmesg OpenBSD 4.6-stable (FWNODE) #1: Mon May 10 11:59:56 CEST 2010 r...@xx.arri.de:/usr/src/sys/arch/i386/compile/FWNODE cpu0: Intel(R) Xeon(R) CPU E5410 @ 2.33GHz (GenuineIntel 686-class) 2.33 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,CX16, xTPR real mem = 3757338624 (3583MB) avail mem = 3648577536 (3479MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 03/03/09, BIOS32 rev. 0 @ 0xf0010, SMBIOS rev. 2.4 @ 0xfccd0 (69 entries) bios0: vendor American Megatrends Inc. version 1ADQW060 date 03/03/2009 bios0: Sun Microsystems SUN FIRE X4150 acpi0 at bios0: rev 2 acpi0: tables DSDT FACP APIC SPCR MCFG SSDT OEMB HPET TCPA SSDT EINJ BERT ERST HEST acpi0: wakeup devices SPE4(S1) SPE2(S1) SPE1(S5) P8PC(S5) P0P1(S1) UAR1(S5) P0P5(S1) P0P6(S1) P0P7(S1) NPE4(S5) NPE5(S5) NPE6(S5) NPE7(S5) USB0(S1) USB1(S1) USB2(S1) USB3(S1) EUSB(S1) BR1E(S5) OPH1(S5) SLPB(S4) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: apic clock running at 332MHz cpu1 at mainbus0: apid 1 (application processor) cpu1: Intel(R) Xeon(R) CPU E5410 @ 2.33GHz (GenuineIntel 686-class) 2.33 GHz cpu1: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,CX16, xTPR cpu2 at mainbus0: apid 2 (application processor) cpu2: Intel(R) Xeon(R) CPU E5410 @ 2.33GHz (GenuineIntel 686-class) 2.33 GHz cpu2: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,CX16, xTPR cpu3 at mainbus0: apid 3 (application processor) cpu3: Intel(R) Xeon(R) CPU E5410 @ 2.33GHz (GenuineIntel 686-class) 2.33 GHz cpu3: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,CX16, xTPR ioapic0 at mainbus0: apid 4 pa 0xfec0, version 20, 24 pins ioapic1 at mainbus0: apid 5 pa 0xfec8, version 20, 24 pins acpihpet0 at acpi0: 14318179 Hz acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 1 (NPE2) acpiprt2 at acpi0: bus 2 (SPE4) acpiprt3 at acpi0: bus -1 (SPE2) acpiprt4 at acpi0: bus 3 (SPE1) acpiprt5 at acpi0: bus 4 (P8PC) acpiprt6 at acpi0: bus 15 (P0P1) acpiprt7 at acpi0: bus -1 (P0P5) acpiprt8 at acpi0: bus -1 (P0P6) acpiprt9 at acpi0: bus -1 (P0P7) acpiprt10 at acpi0: bus 7 (NPE4) acpiprt11 at acpi0: bus 8 (NPE5) acpiprt12 at acpi0: bus 9 (NPE6) acpiprt13 at acpi0: bus 13 (NPE7) acpiprt14 at acpi0: bus 14 (P0P4) acpiprt15 at acpi0: bus 0 (BR1E) acpicpu0 at acpi0: C3, C2, C1, PSS acpicpu1 at acpi0: C3, C2, C1, PSS acpicpu2 at acpi0: C3, C2, C1, PSS acpicpu3 at acpi0: C3, C2, C1, PSS acpibtn0 at acpi0: SLPB acpibtn1 at acpi0: PWRB bios0: ROM list: 0xc/0x6800 0xc6800/0x1000 0xc7800/0x1000 0xc8800/0x5c00 0xce800/0x1000 0xcf800/0x1000 0xd0800/0x1000 0xd1800/0x1000 ipmi at mainbus0 not configured cpu0: Enhanced SpeedStep 2328 MHz: speeds: 2336, 2003 MHz pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 0 function 0 Intel 5000P Host rev 0xb1 ppb0 at pci0 dev 2 function 0 Intel 5000 PCIE rev 0xb1 pci1 at ppb0 bus 1 ppb1 at pci1 dev 0 function 0 Intel 6321ESB PCIE rev 0x01 pci2 at ppb1 bus 2 ppb2 at pci2 dev 0 function 0 Intel 6321ESB PCIE rev 0x01 pci3 at ppb2 bus 3 ppb3 at pci2 dev 2 function 0 Intel 6321ESB PCIE rev 0x01 pci4 at ppb3 bus 4 em0 at pci4 dev 0 function 0 Intel PRO/1000 PT (80003ES2) rev 0x01: apic 4 int 18 (irq 11), address 00:23:8b:41:ba:4e em1 at pci4 dev 0 function 1 Intel PRO/1000 PT (80003ES2) rev 0x01: apic 4 int 19 (irq 5), address 00:23:8b:41:ba:4f ppb4 at pci1 dev 0 function 3 Intel 6321ESB PCIE-PCIX rev 0x01 pci5 at ppb4 bus 5 ppb5 at pci0 dev 3 function 0 Intel 5000 PCIE rev 0xb1 pci6 at ppb5 bus 6 ppb6 at pci0 dev 4 function 0 Intel 5000 PCIE x8 rev 0xb1 pci7 at ppb6 bus 7 mpi0 at pci7
Hang booting kernel 4.5 on i386 system.
Hello, I have a system which hangs if I try to boot bsd or bsd.rd from 4.6 or 4.7-current, but which works with 4.5. The system is a small form factor firewall box - a Fabiatech FX5621. I've attached the output of dmesg and lspci from when running the generic 4.5 kernel. When attempting to boot a more recent kernel the output gets only as far as: pci0 at mainbus0 bus 0: configuration mode 1 (bios) mem address conflict 0xe000/0x1000 Let me know if I need to submit this via sendbug(1). Regards, Andrew -- Andrew Back mailto:and...@osmosoft.com http://carrierdetect.com OpenBSD 4.5 (RAMDISK_CD) #1112: Sat Feb 28 15:06:26 MST 2009 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/RAMDISK_CD cpu0: VIA Eden Processor 1000MHz (CentaurHauls 686-class) 1 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,CMOV,PAT,CFLUSH,ACPI,MMX,FXSR,SSE,SSE2,TM,SBF,SSE3,EST,TM2,xTPR real mem = 502886400 (479MB) avail mem = 47984 (457MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 01/16/09, BIOS32 rev. 0 @ 0xf0010, SMBIOS rev. 2.5 @ 0xfc390 (47 entries) bios0: vendor American Megatrends Inc. version 080014 date 01/16/2009 acpi at bios0 function 0x0 not configured mpbios at bios0 function 0x0 not configured pcibios0 at bios0: rev 3.0 @ 0xf/0x1 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf5780/336 (19 entries) pcibios0: no compatible PCI ICU found: ICU vendor 0x1106 product 0x3287 pcibios0: Warning, unable to fix up PCI interrupt routing pcibios0: PCI bus #130 is the last bus bios0: ROM list: 0xc/0xfe00 0xd/0x1000 0xd1000/0x1000 0xd2000/0x1000 0xd3000/0x1000 cpu0 at mainbus0: (uniprocessor) cpu0: RNG AES AES-CTR SHA1 SHA256 RSA pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 0 function 0 VIA CN700 Host rev 0x00 pchb1 at pci0 dev 0 function 1 VIA CN700 Host rev 0x00 pchb2 at pci0 dev 0 function 2 VIA CN700 Host rev 0x00 pchb3 at pci0 dev 0 function 3 VIA PT890 Host rev 0x00 pchb4 at pci0 dev 0 function 4 VIA CN700 Host rev 0x00 pchb5 at pci0 dev 0 function 7 VIA CN700 Host rev 0x00 ppb0 at pci0 dev 1 function 0 VIA VT8377 AGP rev 0x00 pci1 at ppb0 bus 1 vga1 at pci1 dev 0 function 0 VIA S3 Unichrome PRO IGP rev 0x01 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) rl0 at pci0 dev 9 function 0 Realtek 8139 rev 0x10: irq 10, address 00:04:a7:08:93:b5 rlphy0 at rl0 phy 0: RTL internal PHY rl1 at pci0 dev 10 function 0 Realtek 8139 rev 0x10: irq 11, address 00:04:a7:08:93:b4 rlphy1 at rl1 phy 0: RTL internal PHY rl2 at pci0 dev 11 function 0 Realtek 8139 rev 0x10: irq 5, address 00:04:a7:08:93:b3 rlphy2 at rl2 phy 0: RTL internal PHY rl3 at pci0 dev 12 function 0 Realtek 8139 rev 0x10: irq 3, address 00:04:a7:08:93:b2 rlphy3 at rl3 phy 0: RTL internal PHY pciide0 at pci0 dev 15 function 0 vendor VIA, unknown product 0x5287 rev 0x20: DMA (unsupported), channel 0 configured to native-PCI, channel 1 configured to native-PCI pciide0: using irq 11 for native-PCI interrupt pciide0: channel 0 ignored (not responding; disabled or no drives?) pciide0: channel 1 ignored (not responding; disabled or no drives?) pciide1 at pci0 dev 15 function 1 VIA VT82C571 IDE rev 0x07: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility wd0 at pciide1 channel 0 drive 0: SAMSUNG HM160HC wd0: 16-sector PIO, LBA48, 152627MB, 312581808 sectors wd0(pciide1:0:0): using PIO mode 4, DMA mode 2 pciide1: channel 1 disabled (no drives) uhci0 at pci0 dev 16 function 0 VIA VT83C572 USB rev 0x91: irq 10 ehci0 at pci0 dev 16 function 4 VIA VT6202 USB rev 0x90: irq 5 usb0 at ehci0: USB revision 2.0 uhub0 at usb0 VIA EHCI root hub rev 2.00/1.00 addr 1 pcib0 at pci0 dev 17 function 0 VIA VT8251 ISA rev 0x00 pchb6 at pci0 dev 17 function 7 VIA VT8251 VLINK rev 0x00 ppb1 at pci0 dev 19 function 0 VIA VT8251 PCIE rev 0x00 pci2 at ppb1 bus 128 ppb2 at pci2 dev 0 function 0 VIA VT8251 PCIE rev 0x00 pci3 at ppb2 bus 130 et0 at pci3 dev 0 function 0 ATT/Lucent ET1310 rev 0x03: irq 10, address 00:04:a7:05:9a:e0 etphy0 at et0 phy 0: ET1011 10/100/1000baseT PHY, rev. 2 ppb3 at pci2 dev 0 function 1 VIA VT8251 PCIE rev 0x00 pci4 at ppb3 bus 129 et1 at pci4 dev 0 function 0 ATT/Lucent ET1310 rev 0x03: irq 10, address 00:04:a7:05:9a:e1 etphy1 at et1 phy 0: ET1011 10/100/1000baseT PHY, rev. 2 usb1 at uhci0: USB revision 1.0 uhub1 at usb1 VIA UHCI root hub rev 1.00/1.00 addr 1 isa0 at pcib0 isadma0 at isa0 com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 biomask ffe5 netmask ffed ttymask rd0: fixed, 3800 blocks softraid0 at root PXE boot MAC address 00:04:a7:08:93:b5, interface rl0 root on rd0a swap on rd0b dump on rd0b syncing disks... OpenBSD 4.5 (GENERIC) #1749: Sat Feb 28 14:51:18 MST 2009
Patching kernel to work around buggy ACPI BIOS
* Stefan Unterweger on Tue, May 04, 2010 at 12:43:22AM +0200: As far as I understood from some ancient [FreeBSD] mailinglist threads, in theory it should be possible to somehow do something such that the kernel loads patched ACPI tables which have those particular bugs corrected. Finally I've found that particular post again, and have been able to fix the broken DSDT to some extent. With some dirty patchwork acpi_load_dsdt now loads my custom table, and `shutdown -p -h` succeeds in turning off the machine, without any more warnings. A few questions'd remain, though: - I don't suppose that there would be some official point in the ACPI driver where such workarounds would belong? The code looks clear enough to me, but I speak neither enough C nor ACPI to be sure... - The patch seems almost too easy to me, but I'm not yet made that much progress in learning C. With all that memcpy going around, I have the uneasy feeling that I might be introducing some nasty memory holes... The patch is against 4.6-release, since that's the version I was planning to put on the machine. Regards, s//un --- acpi.c.orig Tue May 11 18:07:10 2010 +++ acpi.c Tue May 11 17:59:56 2010 @@ -48,6 +48,8 @@ #define APMDEV_NORMAL 0 #define APMDEV_CTL 8 +#include custom_dsdt.h + #ifdef ACPI_DEBUG int acpi_debug = 16; #endif @@ -889,6 +891,11 @@ } memcpy((*dsdt)-q_data, handle.va, len); (*dsdt)-q_table = (*dsdt)-q_data; + + /* 5AEb+sk: Override the Tyan Tiger S2466's corrupt DSDT */ + printf(Trying to override broken DSDT table...\n); + (*dsdt)-q_table = (struct acpi_table_header *)AmlCode; + acpi_unmap(handle); } }
Serious problems with current since end of april, related to scsi controllers (Adaptec/LSILogic)
Hi! Since end of april, sorry I don't have a more precise date, one of my systems has serious problems. It can't boot sucessfully with a Adaptec controller anymore, the first sign is that it can't find one library, e.g. libc or libz, and later the hard disks transfer rate can't established and the system freezes. See the first dmesg. After switching the controller to a LSILogic one, the system boots correctly, but (presumly) under higher disk io load the system panics, syncing my local cvs repository with cvsync in this case. See second dmesg and trace output. Does someone else encounter similar problems? If you need further information, please drop me a note. Ulrich First dmesg OpenBSD/i386 BOOT 3.02 boot booting hd0a:/bsd: 7181376+1055428 [52+365600+349966]=0x889bdc entry point at 0x200120 [ using 715992 bytes of bsd ELF symbol table ] Copyright (c) 1982, 1986, 1989, 1991, 1993 The Regents of the University of California. All rights reserved. Copyright (c) 1995-2010 OpenBSD. All rights reserved. http://www.OpenBSD.org OpenBSD 4.7-current (GENERIC.MP) #560: Wed Apr 28 11:55:01 MDT 2010 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC.MP RTC BIOS diagnostic error 13memory_size cpu0: Intel Pentium III (GenuineIntel 686-class) 1 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE real mem = 2146988032 (2047MB) avail mem = 2069180416 (1973MB) RTC BIOS diagnostic error 13memory_size mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 08/16/00, BIOS32 rev. 0 @ 0xfd8b0, SMBIOS rev. 2.3 @ 0xe0010 (76 entries) bios0: vendor Phoenix Technologies Ltd. version ID.W2.02US date 08/16/2000 bios0: Hewlett-Packard HP VISUALIZE NT Workstation acpi0 at bios0: rev 0 acpi0: tables DSDT FACP APIC BOOT acpi0: wakeup devices PCI0(S4) USB0(S1) LAN0(S4) KBC_(S1) COMA(S1) PCI1(S4) acpitimer0 at acpi0: 3579545 Hz, 32 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 1 (boot processor) cpu0: apic clock running at 132MHz cpu1 at mainbus0: apid 0 (application processor) cpu1: Intel Pentium III (GenuineIntel 686-class) 1 GHz cpu1: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE ioapic0 at mainbus0: apid 2 pa 0xfec0, version 11, 16 pins ioapic1 at mainbus0: apid 3 pa 0xfec01000, version 11, 16 pins acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 2 (PCI1) acpicpu0 at acpi0 acpicpu1 at acpi0 acpibtn0 at acpi0: PWRB bios0: ROM list: 0xc/0x8000 0xc8000/0x1000 0xc9000/0x5400 0xe/0x4000! pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 0 function 0 ServerWorks CNB20HE Host rev 0x22 ppb0 at pci0 dev 0 function 1 ServerWorks CNB20LE Host rev 0x01 pci1 at ppb0 bus 1 vga1 at pci1 dev 0 function 0 Matrox MGA G200 AGP rev 0x03 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) Hewlett-Packard Visualize FX2 rev 0x80 at pci1 dev 1 function 0 not configured pchb1 at pci0 dev 0 function 2 ServerWorks CNB20HE Host rev 0x00 pchb2 at pci0 dev 0 function 3 ServerWorks CNB20HE Host rev 0x00 pci2 at pchb2 bus 2 ahc0 at pci2 dev 2 function 0 Adaptec AHA-29160 U160 rev 0x02: apic 3 int 8 (irq 11) scsibus0 at ahc0: 16 targets, initiator 7 sd0 at scsibus0 targ 0 lun 0: SEAGATE, ST373405LC, 0002 SCSI3 0/direct fixed sd0: 70007MB, 512 bytes/sec, 143374741 sec total sd1 at scsibus0 targ 1 lun 0: SEAGATE, ST373405LW, HPA4 SCSI2 0/direct fixed sd1: 70007MB, 512 bytes/sec, 143374738 sec total fxp0 at pci0 dev 7 function 0 Intel 8255x rev 0x08, i82559: apic 3 int 10 (irq 10), address 00:30:6e:0a:c3:1d inphy0 at fxp0 phy 1: i82555 10/100 PHY, rev. 4 clcs0 at pci0 dev 8 function 0 Cirrus Logic CS4280/46xx CrystalClear rev 0x01: apic 3 int 11 (irq 5) ac97: codec id 0x43525903 (Cirrus Logic CS4297 rev 3) ac97: codec features headphone, 18 bit DAC, 18 bit ADC, No 3D Stereo piixpm0 at pci0 dev 15 function 0 ServerWorks OSB4 rev 0x50: polling iic0 at piixpm0 piixpm0: exec: op 1, addr 0x20, cmdlen 1, len 1, flags 0x08: timeout, status 0x5BUSY,DEVERR iic0: addr 0x20 00=00 01=00 02=00 03=02 04=04 05=04 06=04 07=06 08=08 09=08 0a=08 0b=0a 0c=0c 0d=0c 0e=0c 0f=0e 10=10 11=10 12=10 13=12 14=14 15=14 16=14 17=16 18=18 19=18 1a=18 1b=1a 1c=1c 1d=1c 1e=1c 1f=1e 20=20 21=20 3e=3e 48=48 4a=48 4e=4e fc=fc fe=fe words 00= 01= 02= 03= 04= 05= 06= 07= pciide0 at pci0 dev 15 function 1 ServerWorks OSB4 IDE rev 0x00: DMA atapiscsi0 at pciide0 channel 1 drive 0 scsibus1 at atapiscsi0: 2 targets cd0 at scsibus1 targ 0 lun 0: MITSUMI, CD-ROM FX4830T!B, R02J ATAPI 5/cdrom removable cd0(pciide0:1:0): using PIO mode 4, DMA mode 2, Ultra-DMA mode 2 ohci0 at pci0 dev 15 function 2 ServerWorks OSB4/CSB5 USB rev 0x04: apic 2 int 9 (irq 9), version 1.0, legacy support usb0 at ohci0: USB revision 1.0 uhub0 at usb0 ServerWorks OHCI root hub rev 1.00/1.00 addr 1 isa0 at mainbus0 isadma0 at isa0 com0
Re: Hardware for a PF box
On Tue, May 11, 2010 at 2:56 AM, Lars Nooden lars.cura...@gmail.com wrote: You answered your own question. ;) B Look at the 'action' field explanation in the manual page for syslog.conf(5) Maybe I'm missing something: I can send normal syslog data to a remote logging server without writing log files but not PF log entries - there is no entry in syslog.conf for pflog. There's a neat trick listed here: http://www.openbsd.org/faq/pf/logging.html but the PF logs first have to be written locally to a the pflog file. The concern is repeated writing to the SSD or CF which apparently tends to shorten their life. If PF could write directly to syslog this problem would be ameliorated. Chris
Re: Patching kernel to work around buggy ACPI BIOS
On Tue, May 11, 2010 at 06:27:20PM +0200, Stefan Unterweger wrote: * Stefan Unterweger on Tue, May 04, 2010 at 12:43:22AM +0200: As far as I understood from some ancient [FreeBSD] mailinglist threads, in theory it should be possible to somehow do something such that the kernel loads patched ACPI tables which have those particular bugs corrected. Finally I've found that particular post again, and have been able to fix the broken DSDT to some extent. With some dirty patchwork acpi_load_dsdt now loads my custom table, and `shutdown -p -h` succeeds in turning off the machine, without any more warnings. A few questions'd remain, though: - I don't suppose that there would be some official point in the ACPI driver where such workarounds would belong? The code looks clear enough to me, but I speak neither enough C nor ACPI to be sure... - The patch seems almost too easy to me, but I'm not yet made that much progress in learning C. With all that memcpy going around, I have the uneasy feeling that I might be introducing some nasty memory holes... The patch is against 4.6-release, since that's the version I was planning to put on the machine. Regards, s//un --- acpi.c.orig Tue May 11 18:07:10 2010 +++ acpi.cTue May 11 17:59:56 2010 @@ -48,6 +48,8 @@ #define APMDEV_NORMAL0 #define APMDEV_CTL 8 +#include custom_dsdt.h I assume you forgot to cvs add the custom_dsdt.h header there. -0- -- Celebrate Hannibal Day this year. Take an elephant to lunch.
Re: Sendmail performance and OpenBSD
On Tue, May 11, 2010 at 09:55:18AM -0400, Steve Shockley wrote: On 5/9/2010 11:28 PM, Claus Assmann wrote: PS: you might want to run some of those disk I/O benchmarks to determine the number of IOPs your system can provide. Thanks, everyone, for your help. I followed Nick's advice and went in the server room to watch the lights, and they're really not blinken that much. I had expected them to be on constantly. I tried running bonnie -s 1024 while watching the output of iostat. The iostat -w 5 -d output at rest (relaying mail, LA 0.9-1.5) is 8-16 KB/t, 0-15 t/s, 0.01-0.10 MB/s. During the run it seemed to max out at ~10 MB/s on writes and ~32 MB/s on reads. I also ran Jeff Ross' first dd test: jr...@varley:/var/postgresql $ sudo time dd if=/dev/zero of=big_file bs=8k count=1024000 1024000+0 records in 1024000+0 records out 8388608000 bytes transferred in 276.573 secs (30330468 bytes/sec) 276.60 real 0.17 user 60.39 sys # time dd if=/dev/zero of=big_file bs=8k count=1024000 1024000+0 records in 1024000+0 records out 8388608000 bytes transferred in 204.444 secs (41031301 bytes/sec) 3m25.64s real 0m0.57s user 0m49.42s system So, I got slightly better performance out of these 10k disks. iostat said I was doing about 20mb/sec. I'll have to run the /dev/null test later so my users don't yell at me about delayed emails. I have no milters running. I do have TLS enabled, but I wouldn't think that'd have an impact on a 3 GHz machine, and if it did I'd expect high CPU use. I'll keep looking, but at this point I'm thinking I'm not disk bound. For completeness, bioctl and dmesg pasted below. I'm running 4.7-stable with patch 004. The dmesg says it's a Smart Array 64xx, but I'm pretty sure it's a 6i, if that matters. Look at top, do you have particularly high cpu usage due to interrupts? -0- -- In seeking the unattainable, simplicity only gets in the way. -- Epigrams in Programming, ACM SIGPLAN Sept. 1982
Re: Hardware for a PF box
2010/5/11, Chris Smith obsd_m...@chrissmith.org: Maybe I'm missing something: You might want something like this: # mkdir /var/log/rd ; chmod 700 /var/log/rd ; chown _pflogd:_pflogd /var/log/rd # echo 'pflogd_flags=-f /var/log/rd/pflog ' /etc/rc.conf.local # echo 'swap /var/log/rd/ mfs rw,nodev,nosuid,-s=67108864 0 0' /etc/fstab # mount /var/log/rd/ # pkill pflogd ; sleep 1 ; pflogd -f /var/log/rd/pflog Filesystems in RAM are extremely handy, but make sure the remote logging works, because umount makes the data disappear - see mfs(8). Does anyone know neater solution? -- Martin PelikC!n, Steadynet Jabber: sztor...@jabber.cz web: http://cap.potazmo.cz/
Asking for donation: dead laptop replacement
Hello everyone, It seems this is not a lucky month of developers because my laptop went kaputt the other day (something has probably burned in it.) Fortunately all of my data is safe because the hdd was not damaged, but currently i am not in the financial state of buying a new laptop myself. If someone has a spare laptop that can be donated or if people can help me out with some smallish donations, that'd be greatly appriciated. I was looking around and it seemd i can get a decent Thinpad in between 800-1000 EUR. So if you can donate a couple of coins please paypal me at rob...@openbsd.org. Of course if i have the needed amount or a laptop offer itself I will write an email to the list or paypal back the money. Thank you very much in advance.
Re: Asking for donation: dead laptop replacement: completed
Hello again, Ok this was very fast :) the donation is actually complete. Thank you! On (2010-05-11 20:07), Robert Nagy wrote: Hello everyone, It seems this is not a lucky month of developers because my laptop went kaputt the other day (something has probably burned in it.) Fortunately all of my data is safe because the hdd was not damaged, but currently i am not in the financial state of buying a new laptop myself. If someone has a spare laptop that can be donated or if people can help me out with some smallish donations, that'd be greatly appriciated. I was looking around and it seemd i can get a decent Thinpad in between 800-1000 EUR. So if you can donate a couple of coins please paypal me at rob...@openbsd.org. Of course if i have the needed amount or a laptop offer itself I will write an email to the list or paypal back the money. Thank you very much in advance.
Re: Hardware for a PF box
On Tue, 11 May 2010, Chris Smith wrote: ...http://www.openbsd.org/faq/pf/logging.html but the PF logs first have to be written locally to a the pflog file. Or you can pipe to logger(1) directly or go via a FIFO /Lars
fdisk and bootable flag
I have a machine with / on wd0. I'm creating a RAID 1 setup using softraid on wd1 and wd2. The instructions are great, except I'm having a problem with fdisk. Using fdisk -iy wd1, it creates one partition, great. But it's bootable, which is causing my machine to hang on boot. Yes, I know you'd usually switch which hard drive to start up in the BIOS, but the BIOS on my machine sucks. Unlike Linux fdisk, there's no a option to toggle the bootable flag. Anyone know how to edit the default MBR record so fdisk -iy creates one partition with no bootable flag, or how to unset the bootable flag?
Re: fdisk and bootable flag
On Tue, 11 May 2010 12:34:28 -0700 (PDT) stupidmail4me stupidmail...@yahoo.com wrote: Anyone know how to edit the default MBR record so fdisk -iy creates one partition with no bootable flag, or how to unset the bootable flag? I think the following should do it: fdisk: 1 flag partition 0 I suppose the man page should mention that this operation can take on a second operand.
Re: fdisk and bootable flag
On Tue, May 11, 2010 at 12:34:28PM -0700, stupidmail4me wrote: I have a machine with / on wd0. I'm creating a RAID 1 setup using softraid on wd1 and wd2. The instructions are great, except I'm having a problem with fdisk. Using fdisk -iy wd1, it creates one partition, great. But it's bootable, which is causing my machine to hang on boot. Yes, I know you'd usually switch which hard drive to start up in the BIOS, but the BIOS on my machine sucks. Unlike Linux fdisk, there's no a option to toggle the bootable flag. Anyone know how to edit the default MBR record so fdisk -iy creates one partition with no bootable flag, or how to unset the bootable flag? Can't you flag some other, empty, partition as bootable? (flag 3) Joachim -- TFMotD: strxfrm (3) - transform a string under locale
Re: Hardware for a PF box
On Tue, 11 May 2010 12:43:17 -0400, Chris Smith wrote: On Tue, May 11, 2010 at 2:56 AM, Lars Nooden lars.cura...@gmail.com wrote: You answered your own question. ;) B Look at the 'action' field explanation in the manual page for syslog.conf(5) Maybe I'm missing something: I can send normal syslog data to a remote logging server without writing log files but not PF log entries - there is no entry in syslog.conf for pflog. There's a neat trick listed here: http://www.openbsd.org/faq/pf/logging.html but the PF logs first have to be written locally to a the pflog file. The concern is repeated writing to the SSD or CF which apparently tends to shorten their life. I have tried to kill a CF for years. For more than a year it was running spamd with the most verbose logging possible and lots of other read/writes the system could live without. It is still going. I suggest that you use CF and when upgrade time comes around you program a new one and then have a halt-swap-reboot event and send me the one you don't think has much life left. I'll try wearing it out for you. My clients have lost more hard drives last year (3) than CFs in my lifetime (0) and I've been using them since they were exorbitantly priced. Some of that is good luck but they sure are not easily worn out. *** NOTE *** Please DO NOT CC me. I am subscribed to the list. Mail to the sender address that does not originate at the list server is tarpitted. The reply-to: address is provided for those who feel compelled to reply off list. Thankyou. Rod/ --- This life is not the real thing. It is not even in Beta. If it was, then OpenBSD would already have a man page for it.
Re: Trying to set diskless(8) -- hanging in RPC timeout for server
On Tue, May 11, 2010 at 12:50 AM, Stefan Unterweger stefan+open...@aleturo.com wrote: Hello! I'm trying to set up my server for diskless boots, as described in the diskless(8) manpage (at the moment, more or less mostly as an academic exercise, but I was planning to take my oldish laptops to some use this way). I went along the instructions from the manpage, setting up the various pieces as I was instructed; since I was already running a limited PXE boot environment so that I can do installs more rapidly, many of the steps were already done, having to setup only rarpd and nfs. However, when I now try to get the client actually to boot from this setup, it fails quite miserably when trying to mount the root filesystem via NFS. The kernel just hangs forever, printing RPC timeout for server 172.23.255.255 (0xac17) prog 10. After some research, I came up with an old posting from misc (http://archives.neohapsis.com/archives/openbsd/2004-01/0603.html), but without any solution. The problem described there is quite similar to the one I'm experiencing here, but without all the peculiarities that were used there (i.e., I'm using a stock 4.6-release, stock-dhcpd, stock-everything). Especially, my client does the same thing as the Soekris in that old posting, i.e. trying to connect to the NFS server at the broadcast address 172.23.255.255, instead of 172.23.12.2, which would be the real public address of the server. It _does_ connect to 172.23.12.2 on the original PXE bootstrap, but that might as well be because dhcpd tells it to do so, as far as I understood the process. Since the server also runs some other services, pf is running, which I first guessed might be the culprit. However, even with pass quick for everything coming from the particular client, nothing changes. tcpdump on the pflog-interface shows the sunrpc packets to be allowed, so I don't think that it is a PF issue. Disabling PF didn't change anything, for that matter. rpcinfo(8) shows everything up and running: | % rpcinfo -p |program vers proto port | 102 tcp111 portmapper | 102 udp111 portmapper | 132 udp 2049 nfs | 133 udp 2049 nfs | 132 tcp 2049 nfs | 133 tcp 2049 nfs | 1000210 udp759 nlockmgr | 1000211 udp759 nlockmgr | 1000213 udp759 nlockmgr | 1000214 udp759 nlockmgr | 1000211 tcp776 nlockmgr | 1000213 tcp776 nlockmgr | 1000214 tcp776 nlockmgr | 1000241 udp992 status | 1000241 tcp726 status | 151 udp994 mountd | 153 udp994 mountd | 151 tcp 1011 mountd | 153 tcp 1011 mountd Especially the portmapper itself, as this one seems to be the service that the client seems unable to find. Or at least, that's how I interpret the prog 10 which scrolls continuously on the client's error message. I have already tried to have tcpdump have a look at what's going on, but unfortunately, I don't see very much in its output: | $ tcpdump -n -s 140 -i em0 host 172.23.13.138 | tcpdump: listening on em0, link-type EN10MB | 01:29:31.853178 172.23.13.138.718 172.23.255.255.111: udp 96 | 01:29:36.853392 172.23.13.138.718 172.23.255.255.111: udp 96 | 01:29:41.853479 172.23.13.138.718 172.23.255.255.111: udp 96 (ad infinitum) As far as I see it, the client sends some UDP packet to the portmapper, but does not get any response. Since it looks like a RPC/NFS issue, I tried to see if normal NFS access would yield similar issues, so I had the same client try to connect from some Linux livecd thingie. This succeeded on the first try---hence, NFS seems to work, at least in general. However, the straightforward nfs mount did connect using 172.23.13.2 (i.e., the real address of the server), not the broadcast address. Trying to do a mount to 172.23.255.255:/export/client resulted in an error message, namely Network is unreachable, but no blip comes up at the tcpdump above which was still running at this time, so it might as well have been Linux who won't allow to connect NFS on the broadcast address. The previously mentioned old mailinglist posting mentioned that rpc.bootparamd'd be needed, but starting it or not does not make any difference (and http://www.netbsd.org/docs/network/netboot/intro.i386.html kind of implies that rpc.bootparamd is not needed on i386, and the manpage actively discourages it). I'm now quite at a loss now, and don't know where to look anymore. I'm sure it's just some small thing that I'm still overlooking, or some interoperatibility issue with some parts of that setup, but I don't know where to look anymore. Thanks in advance for any hints, or for just having the patience to read through to the end. :o) s//un Hi, What
Re: Trying to set diskless(8) -- hanging in RPC timeout for server
* Fred Crowson on Tue, May 11, 2010 at 10:43:09PM +0100: What does your dhcpd.conf look like on your server? I have several subnets served via DHCP, so I have reported only the relevant one together with the global options: | server-name Neu-Sorpigal; | option domain-name intranet.aleturo.com; | default-lease-time 86400; | | shared-network wired { | option domain-name wired.intranet.aleturo.com; | option domain-name-servers 172.23.12.2; | option netbios-name-servers 172.23.12.2; | option routers 172.23.12.2; | | filename pxeboot; | next-server 172.23.12.2; | option root-path /export/client/; | | subnet 172.23.0.0 netmask 255.255.0.0 { | allow unknown-clients; | range 172.23.13.128 172.23.13.254; | } | } I've added the options next-server and root-path just now, since I've seen mention of it in pxeboot(8). Prior to that, only the filename directive was there. Everything else however, including the tcpdumps, is not impressed by that. It might be worth having -vv and -X on your tcpdump it might provide more info as to the problem. I didn't include the dump from phase 2, where pxeboot and the kernel are served by tftp and whatelse, since that's an insane amount of data. This tcpdump was started just before the kernel tried to connect to NFS, that is, before the second burst. | $ tcpdump -X -vv -n -s 160 -i em0 host 172.23.13.138 | tcpdump: listening on em0, link-type EN10MB | 00:19:48.612571 rarp reply 00:00:e2:87:e8:76 at 172.23.13.138 | : 0001 0800 0604 0004 000e 0c06 be26 ac17 ,. | 0010: 0c02 e287 e876 ac17 0d8ab.hv,... | | 00:19:48.613207 arp who-has 172.23.13.138 tell 172.23.13.138 | : 0001 0800 0604 0001 e287 e876 ac17 ..b.hv,. | 0010: 0d8a ac17 0d8a ,... | 0020: .. | | 00:19:48.630322 172.23.13.138.718 172.23.255.255.111: [udp sum ok] udp 96 (ttl 64, id 65499, len 124) | : 4500 007c ffdb 4011 14dd ac17 0d8a E..|...@..],... | 0010: ac17 02ce 006f 0068 eac4 90ad 0bca ,..N.o.hjD.-.J | 0020: 0002 0001 86a0 0002 ... | 0030: 0005 0001 0014 | 0040: | 0050: 0001 86ba 0001 ...: | 0060: 0001 0014 0001 00ac ..., | 0070: 0017 000d 008a | | 00:19:49.620480 172.23.13.138.718 172.23.255.255.111: [udp sum ok] udp 96 (ttl 64, id 60019, len 124) | : 4500 007c ea73 4011 2a45 ac17 0d8a E..|j...@.*e,... | 0010: ac17 02ce 006f 0068 eac4 90ad 0bca ,..N.o.hjD.-.J | 0020: 0002 0001 86a0 0002 ... | 0030: 0005 0001 0014 | 0040: | 0050: 0001 86ba 0001 ...: | 0060: 0001 0014 0001 00ac ..., | 0070: 0017 000d 008a | | 00:19:51.620513 172.23.13.138.718 172.23.255.255.111: [udp sum ok] udp 96 (ttl 64, id 63711, len 124) | : 4500 007c f8df 4011 1bd9 ac17 0d8a E..|x...@..y,... | 0010: ac17 02ce 006f 0068 eac4 90ad 0bca ,..N.o.hjD.-.J | 0020: 0002 0001 86a0 0002 ... | 0030: 0005 0001 0014 | 0040: | 0050: 0001 86ba 0001 ...: | 0060: 0001 0014 0001 00ac ..., | 0070: 0017 000d 008a | | 00:19:54.620566 172.23.13.138.718 172.23.255.255.111: [udp sum ok] udp 96 (ttl 64, id 635, len 124) | : 4500 007c 027b 4011 123e ac17 0d8a E..|@..,... | 0010: ac17 02ce 006f 0068 eac4 90ad 0bca ,..N.o.hjD.-.J | 0020: 0002 0001 86a0 0002 ... | 0030: 0005 0001 0014 | 0040: | 0050: 0001 86ba 0001 ...: | 0060: 0001 0014 0001 00ac ..., | 0070: 0017 000d 008a | | 00:19:58.620632 172.23.13.138.718 172.23.255.255.111: [udp sum ok] udp 96 (ttl 64, id 40174, len 124) | : 4500 007c 9cee 4011 77ca ac17 0d8a E..|@.wj,... | 0010: ac17 02ce 006f 0068 eac4 90ad 0bca ,..N.o.hjD.-.J | 0020: 0002 0001 86a0 0002 ... | 0030: 0005 0001 0014 | 0040: | 0050: 0001
Re: Why left asymmetric layout for RAID 5?
On Tue, May 11, 2010 at 7:09 AM, Marco Peereboom sl...@peereboom.us wrote: Sure, but why? What are we gaining? So to be clear, I wasn't as much saying softraid *should* switch. I was just casually reading the code, saw the comment about left asymmetric layout, and so I started investigating what that meant and what the other options were. I've found very little documentation explaining the technical merits of the different layouts, except that symmetric layouts have slightly more even distribution of contiguous data stripes across the array. (E.g., for a 3-disk RAID 5 array, with a symmetric layout, every 3 contiguous data stripes will have one stripe on each disk, while an asymmetric layout sometimes 3 contiguous data stripes will only be distributed across two of the three disks.) It's perhaps not a significant difference (and unfortunately, I don't have the hardware to test), but as I haven't found any analogous mention of advantages (even weak ones) for an asymmetric layout, I was just curious why one was chosen and thought I'd ask.
Re: openfile advice / clarification
Thanks for reply, it was the openfiles-cur that had been causing us problems. I've upped the limit so something like 1 and everything seems fine now . Thanks Keith On 07/05/2010 01:25, Stuart Henderson wrote: On 2010-05-06, Keithke...@scott-land.net wrote: Hi, I am having trouble increasing the openfile limit in a default install of OpenBSD 4.6 x64 from the default setting of 128 to say 5000. I want to run Pound (reverse http proxy) stably without it stopping at random times (Always seems to be the weekend) and to do that I need to crank up the openfile limit. I think Pound runs with the following account settings Type=deamon, user = _pound , group= _pound If you start it from a shell, it uses the class for the account you've logged in as. If you start it from /etc/rc.local, unless you do something with su or sudo, it uses the class daemon. So you need to adjust openfiles-cur for the class of the account you're starting it from. If starting it from a shell, make sure you use a new login shell after adjusting this. I know that if I do a ulimit -n 1 the limit get's set at maximum of 7030. I don't know if doing this change effects other users and I am pretty sure it doesn't survive a reboot. This limit is from kern.maxfiles sysctl. Either adjust it with sysctl(8) or edit sysctl.conf and reboot to change this. I've done sysctl kern.maxfiles=3000 for example but if I do a ulimit This is lowering things from the default (7030), at least on i386 and amd64.
Relayd on localhost with multiple SSL Certificates
Hi. is it possible to get multiple http relayd relays listening on localhost each with a different port # and each with a different ssl certificate ? I've followed a tutorial I found on the net about setting up a firewall up so that no services we bound to any network interfaces and then using pf rdr's to pass say https traffic to localhost where you have relayd listening and let it do the ssl decryption. So if pf failed for some reason then there would be no services available for anyone to connect to ! I've got this setup working for http and a single https certificate just now and it seems to be working fine but I need to be able to host multiple SSL Certificates. If seems that the certificate appears to need to be named after the IP that it's listening on and this is going to cause issues as there's only one 127.0.0.1 I think. Our current setup consists of a pair of firewalls running openbsd, carp, pf and relayd. Currently the carp interface has just one IP but we will assign others to as we free up the other IP addresses in our range. I guess it's not the best idea to do the ssl offloading on the firewall so in the future when another server becomes available I will probably want it to do the SSL decryption. I guess if we do that we could just get the new server a number of IP addresses and let relayd listed on each of them with the SSL certs named after each IP. (If that makes sense) Could anyone give me some advice plz ? Thanks Keith
Re: Sendmail performance and OpenBSD
On 5/11/2010 1:11 PM, Owain Ainsworth wrote: Look at top, do you have particularly high cpu usage due to interrupts? Thanks for the idea, but the interrupts in top are close to zero, in fact both CPUs are generally over 90% idle.
Re: nested vlans: safe to use?
On 5/11/2010 8:22 AM, Michal wrote: First of all, how will you connect from home to the data center? Normal household broadband? Can't do VLAN's over that. Wouldn't a VPN bridge solve that problem? http://openvpn.net/bridge.html
Re: nested vlans: safe to use?
On 2010-05-11, Toni Mueller openbsd-m...@oeko.net wrote: Hi, I've been trying to figure out whether I can use OpenBSD in a nested vlan scenario. I'm looking at a data centre where I want to get two wires, each carrying several vlans, and funneling them home across a WAN link. Various switch vendors claim to be able to do it, but I couldn't really figure out what the current state of affairs wrt. OpenBSD is. On the other side of the wires or fibres, I'll be talking to Junipers, Ciscos (6509), and/or Foundy switches and/or routers on the other side(s). The desired setup looks like this: data centre LAN --- switch --- WAN --- home (OpenBSD) I want to run at least three vlans across the WAN link, and need to keep the vlans strictly separated. First talk to your wan provider, they might either be able to allocate you a couple of vlans that they'll carry for you, or do QinQ (i.e. you feed the provider plain vlans, and they appear directly at the other side). But then again they might be like one I've used which *strips* tags! In-tree, there is the option of 'ifconfig vlanXXX vlandev vlanYYY which might get you somewhere. This uses the same ethertype on inner and outer vlans and doesn't interoperate with other vendors vlan stacking, but you might be able to do something with it (or maybe you'll just confuse your providers switches). There's also a diff at http://www.mail-archive.com/misc@openbsd.org/msg65694.html that switches ethertype so you can interoperate with other vendors QinQ (it will need updating for -current). But usually you just feed plain vlans to the wan provider and they handle translation or stacking.. I also need to do traffic shaping on a per-vlan basis. This does seem to work but I'm under the impression that queueing should be done on the physical interface (vlandev).
Re: SAS RAID Controller of SunFire X4150 causes trouble
On 2010-05-11, Schafhauser, Florian fschafhau...@arri.de wrote: Am 07.05.2010 11:35, schrieb Stuart Henderson: On 2010-05-06, Schafhauser, Florian fschafhau...@arri.de wrote: Hello, the RAID Controller causes trouble with OpenBSD 4.5 and 4.6. First off, for mpi(4) you want one of these patches: ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.5/common/015_mpi.patch ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.6/common/009_mpi.patch ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.7/common/002_mpi.patch Reading and writing is quite slow. When I use I/O intensive applications like squid, machine dies within next 30 minutes. I applied the patch in this way: cvsup -g -L2 /etc/cvsup patch -p1 009_mpi.patch rebuild the kernel reboot 10240 bytes transferred in 15.936 secs (6425378 bytes/sec) 10240 bytes transferred in 16.173 secs (6331465 bytes/sec) 10240 bytes transferred in 16.004 secs (6398081 bytes/sec) Writing speed is still the same. This won't help writing speed but it would be very interesting to know if it does anything to help with the freezes. Are you sure about reading being slow? That speed seems about right for write-cache being disabled on the volume. http://old.nabble.com/Re%3A-HP-DL140-G3%2C-mpi%284%29-SAS1068-%28hotplug%29%2 C-slow-disk-writes.-p17059402.html This (i.e. running the raid vendor's tool under linux and enabling write-cache for the array) might help writing speed.
Virtual domains/users setup with smtpd.
Hi, I am very much hoping that I could get the input of a kind sole out there, or even to send me a working configuration is find. But I spend the last three days on/off to try to get the virtual alias/domains working on smtpd and I can't get there. I read the man page no less the 20 times, google and all. Eve saw the changes in alias done a few days, ago. 13 now. Even the latest fix here: http://www.mail-archive.com/misc@openbsd.org/msg90204.html Or the few example here: https://calomel.org/opensmtpd.html I try on 4.5, 4.7 and after the fix posted 13 days ago, I did try on current as well. I even empty a bottle of wine tonight to calm me down as I hit the wall a few times and I am getting upset. May be I don't understand the english as it should be, but for me, there is something missing in the man page that I can't break yet. I try no less then may be 100 variation on possible, and very unlikely possibility to get this working, but I cant get there. I set up two servers to test, one with 4.5 one with current and even test on 4.6 a few times. I strip to the minimum, but frankly, I hit the wall. It got to be the most stupid missing details, but please any help would be great. I can't figure it out with the docs I read so far and believe me I read a hell of a lots so far. Below is what I understand, I guess at this time that should work as writing all that I tried would be way to long. What am I missing? Here are the details: Now tested on current on sparc 64. I have multiple domains for testing and ll. All DNS are ok. I see the incoming right. I get constant errors at the receiving end: May 11 21:07:45 spamtrap smtpd[24488]: 1273626465.PixuMJ6IS1qoctUk: from=dan...@presscom.net, relay=smtp1.realconnect.com [66.63.3.242], stat=LocalError (530 5.0.0 Recipient rejected: dan...@opensipd.com) I can deliver local mail to local user on that box. I try to setup virtual users on that box, or virtual users forwarded to remote address as well for testing. That I can't get there. Putting anything in /etc/mail/aliases and doing the newalias will not do it. The simplest configuration as I understand it based on the man page and I even removed any tls stuff as well to keep it simple should be: mail to root@ the hostname will work, no problem. I create the virtual.db file with a single line as follow: # cat virtual dan...@opensipd.com: dan...@presscom.net makemap -t aliases -o /etc/mail/virtual.db /etc/mail/virtual the smtpd.conf have this: listen on lo0 listen on dc0 map aliases { source db /etc/mail/aliases.db } map virtual { source db /etc/mail/virtual.db } accept for all relay accept from all for local deliver to mbox accept for domain opensipd.com alias virtual deliver to mbox But the above isn't right and give configuration errors. Even if the man page suggest it should be possible; for domain domain [alias map] This rule applies to mail destined for the specified domain. This parameter supports the `*' wildcard, so that a single rule for all sub-domains can be used, for example: accept for domain *.example.com deliver to mbox If specified, map is used for looking up alternative destinations for addresses in this domain. May be I don't understand that part properly. Anyway, putting: accept from all for domain opensipd.com alias virtual deliver to mbox give errors as well. accept from all for virtual virtual deliver to mbox give no success either. even f there isn't any error at the start. I still get the : 530 5.0.0 Recipient rejected: dan...@opensipd.com Even trying this for a test; accept from all for virtual virtual relay will not go. Or this; accept from all for domain virtual deliver to mbox no error at startup, but still no go. Anyway, I got a very long list of variation and all kind of trial and nothing works for me so far. Please anyone can tell me what actually works in a step by step as long like what ever I read just do not give me the answer and I am at a lost to get it going. It got to very very stupid and I am sure I will beat myself over the head when it's working, but I can't get it, or understand the man page properly. Some small details is definitely missing for me to get it and may be a very small additional example in the man page might help lost sole like me. Anyone have a small amount of time to graciously offer me to light my candle here? Best, Daniel PS; I didn't put all the variation I tried in the last three days as many were just plan stupid, but I tried anyway just in case. I just can't get there.
vamos pôr toda a gente a falar da sua página web
se nco conseguir visualizar correctamente o contezdo deste e-mail, por favor, clique aqui INICIAR Apresentamos as solugues certas para comegar a sua presenga na web em grande estilo. De uma forma que nco vai passar despercebida a ninguim. RENOVAR Juntamos a criatividade ` tecnologia para despertar a sua comunicagco. As nossas solugues vco voltar a coloca-lo online com o Mundo. INOVAR Criamos conceitos adaptados `s suas necessidades e gostos pessoais. Aconselhamos sempre as melhores solugues para maximizar o seu investimento. Para mais informagues, contacte-nos: AVISO De acordo com a legislagco internacional que regulamenta o correio electrsnico, Secgco 301, paragrafo (a)(2)(c) Decreto S 1618, tmtulo terceiro aprovado pelo 105 Congresso Base Das Normativas Internacionais Sobre Spam diz o seguinte: O email nco podera ser considerado SPAM quando incluir uma forma do receptor ser removido da lista. Se por algum acaso o seu nome esta inclumdo nesta lista por erro ou gostaria de ser removido desta lista, por favor clique aqui Esta mensagem (incluindo quaisquer anexos) pode conter informagco confidencial ou legalmente protegida para uso exclusivo do destinatario. Se nco for o destinatario pretendido da mesma, nco devera usar, copiar, distribuir ou revelar o seu contezdo (incluindo quaisquer anexos) a terceiros, sem autorizagco. Se recebeu esta mensagem por engano, por favor informe o emissor por e-mail e elimine-a imediatamente. Obrigado. A transmissco de mensagens via e-mail nco pode ser considerada protegida ou isenta de erros uma vez que a informagco podera ser interceptada, corrompida, perdida, destrumda, chegar ao destino com atraso ou conter vmrus. Assim, o remetente nco podera ser responsabilizado por quaisquer erros ou omissues.
Using PF to NAT IPSec connections when network segments overlap (redux)
A while back I was wondering if there was a good way to deal with overlapping network addresses in OpenBSD when setting up site-to-site VPNs. At the time the best solution I could find was just to use relayd (which iirc is now called something else), which works but isn't pretty. I've since found a much better solution, and I want to write it down here so that the next guy doesn't have to spend a day tearing his hair out. First: if you're using a recent version of OpenBSD, and the other side is as well, you may as well try http://www.undeadly.org/cgi?action=articlesid=20090127205841 I haven't, but it looks like a neat solution. In my case, the opposite end of the link is using a Juniper NetScreen, and my firewall is OpenBSD 4.3. I mostly followed the guide here: http://fixunix.com/bsd/87865-nat-ipsec-openbsd-pf-isakmpd.html, which works generally but is wrong in a few particulars. In my case, my company bought another company and we needed to merge networks. Unfortunately, the remote company used 192.168.10.0/24, which was the network on our end that we needed to share. What we did was, the remote end picked an unused network (192.168.14.0/24) and I picked another unused network (192.168.15.0/24). We then set up ipsec to set up the flows: ipsec.conf: ike active esp from 192.168.15.0/24 to 192.168.14.0/24 \ local a.a.a.a peer b.b.b.b \ main auth hmac-sha1 enc 3des group modp1024 \ quick auth hmac-sha1 enc 3des group none \ psk keykeykey (can I just say, by the way, how awesome ipsec.conf is? because it is) Now, as in the guide, we're going to route through lo1 and perform our natting on that interface. However, we do *not* want to assign any IP from the 192.168.15.0/24 network to lo1. This is because we want packets coming in from the enc0 interface to get routed back out of the OpenBSD box, which will not happen if OpenBSD thinks it's the destination for that packet. We do this by assigning lo1 an IP that is completely unrelated to anything else we're doing. Fortunately rfc1918 is generous. I took 192.168.99.1 because I didn't really expect this to work when I tried it. It would be trivial to move out of 192.168/16 altogether, I suppose, but it's even more trivial to leave it where it is: # ifconfig lo1 create # ifconfig lo1 inet 192.168.99.1/32 # route add 192.168.14.0/24 192.168.99.1 # route add 192.168.15.0/24 192.168.99.1 The first route sends packets headed for the IPSec link over lo1, where they will have their source address rewritten. The second rule forces packets over lo1 again, where the proper address is restored. Finally, add the binat rule in pf.conf, and do your firewalling. If you're having trouble, see whether you have `set skip on lo0` or just `lo`. You want the former. I pass all traffic to my NAT address and apply the firewall rules after the NAT when they are checked leaving the lo1 interface: pf.conf: binat on lo1 inet from 192.168.10.0/24 to 192.168.14.0/24 - 192.168.15.0/24 pass on lo1 from any to 192.168.15.0/24 pass on lo1 proto tcp from any to 192.168.10.37 port 80 If everything's working, you should be able to follow packets from the internal interface (bge0, in my case) over lo1, into enc0, and out the external (bge1). Let me know if you find any errors. I'm not on the list, so please cc me.
Re: Relayd on localhost with multiple SSL Certificates
On 5/11/10 8:05 PM, Keith wrote: Hi. is it possible to get multiple http relayd relays listening on localhost each with a different port # and each with a different ssl certificate ? SSL certificate are host name bound, not port bound isn't it? So, I would say no, but I could be wrong.
Re: Relayd on localhost with multiple SSL Certificates
On Tue, May 11, 2010 at 5:05 PM, Keith ke...@scott-land.net wrote: Hi. is it possible to get multiple http relayd relays listening on localhost each with a different port # and each with a different ssl certificate ? I've followed a tutorial I found on the net about setting up a firewall up so that no services we bound to any network interfaces and then using pf rdr's to pass say https traffic to localhost where you have relayd listening and let it do the ssl decryption. So if pf failed for some reason then there would be no services available for anyone to connect to ! I've got this setup working for http and a single https certificate just now and it seems to be working fine but I need to be able to host multiple SSL Certificates. If seems that the certificate appears to need to be named after the IP that it's listening on and this is going to cause issues as there's only one 127.0.0.1 I think. Our current setup consists of a pair of firewalls running openbsd, carp, pf and relayd. Currently the carp interface has just one IP but we will assign others to as we free up the other IP addresses in our range. I guess it's not the best idea to do the ssl offloading on the firewall so in the future when another server becomes available I will probably want it to do the SSL decryption. I guess if we do that we could just get the new server a number of IP addresses and let relayd listed on each of them with the SSL certs named after each IP. (If that makes sense) Could anyone give me some advice plz ? I can't think of a situation where what you describe doesn't sound wacky. Maybe I misunderstand the intentions, can you link the 'tutorial'? Also, to do more than 1 SSL site you will just need to add another IP that coresponds with the cert. Maybe 'ifconfig lo1 127.0.0.2' is enough? -Bryan
Re: Hardware for a PF box
On May 11, 2010, at 17:18, Rod Whitworth glis...@witworx.com wrote: On Tue, 11 May 2010 12:43:17 -0400, Chris Smith I have tried to kill a CF for years. For more than a year it was running spamd with the most verbose logging possible and lots of other read/writes the system could live without. It is still going. I suggest that you use CF and when upgrade time comes around you program a new one and then have a halt-swap-reboot event and send me the one you don't think has much life left. I'll try wearing it out for you. My clients have lost more hard drives last year (3) than CFs in my lifetime (0) and I've been using them since they were exorbitantly priced. Some of that is good luck but they sure are not easily worn out. I'd have to agree there. I had one CF fail after three years of heavy DNS logging and I had a brand new card fail immediately as well. I've had many more times the hard drives fail. I would also suggest looking at the flashrd project. http://www.nmedia.net/flashrd/ I just recently started using it on some individual firewalls as well as several clusters. The whole point of the setup is to mount everything possible as read only and the rest to mfs. Bryan
Re: Sendmail performance and OpenBSD
On Tue, May 11, 2010, Steve Shockley wrote: I also ran Jeff Ross' first dd test: Sorry, but that's almost completely irrelevant for an MTA. The important part for an MTA is IOPs. An MTA has to open/write/close/sync queue files at a high rate, which means the number of FS meta operations is important. You can look at postfix's fsstone, or the perf/ subdirectory of the MeTA1 distribution for test programs. Unfortunately OpenBSD's FS isn't the fastest for this kind of operations but it is more than fast enough for your requirements (unless something is wrong with the disk driver or your setup). You might want get Nick Christenson's book about sendmail performance tuning (http://www.jetcafe.org/npc/book/sendmail/) for a lot of insight.
PMS DE MÉXICO LE INVITA: SEMINARIO DE PAGO DE IMPUESTOS PARA NO FISCALISTAS
Estrategias Efectivas para el manejo de Impuestos para No Fiscalistas 20 de Mayo de 2010 MC)xico D.F. PMS de MC)xico B. le presenta este vital seminario, sin duda el pago de impuestos es un tema de suma importancia, este seminario le permite conocer de la mano de un experto los alcances y obligaciones fiscales con las que nos regimos y como presentarlas. Beneficios para usted: -El participante conocerC! las bases legales de las contribuciones e impuestos aplicables a las empresas y a las personas fCsicas. -ConocerC! las principales obligaciones fiscales que tienen las empresas y personas, las fechas en que debe cumplirlas asC como la forma de atender los requerimientos De las autoridades fiscales. -EntenderC! los aspectos generales para el cC!lculo del Impuesto al Valor Agregado y su acreditamiento. -AplicarC! los conocimientos adquiridos en este curso para proceder al llenado de las declaraciones anuales y provisionales que correspondan al presente curso. Dirigido a: Empresarios, Comerciantes, Contadores, subcontadores y asistentes contables de las empresas, abogados, economistas, y todo personal relacionado al pago de impuestos. Ventajas de asistir a nuestro seminario: Es la forma mC!s efectiva para mantenerse a la vanguardia, le brindara estrategias aplicables en su organizaciC3n, y una excelente retroalimentaciC3n con los asistentes de diferentes empresas. DuraciC3n: 10 Horas de entrenamiento. B!Promociones Especiales para Grupos! Solicite mC!s informes responda este correo electrC3nico con los siguientes datos. Empresa: Nombre: TelC)fono: Email: NC:mero de Interesados: Y en breve le haremos llegar la informaciC3n completa del evento. O bien comunCquense a nuestros telC)fonos un ejecutivo con gusto le atenderC! Tels. (33) 8851-2365, (33)8851-2741, (33)3125-4658. Este Mensaje ha sido enviado a misc@openbsd.org como usuario de Pms de MC)xico o bien un usuario le refiriC3 para recibir este boletCn. Como usuario de Pms de MC)xico, en este acto autoriza de manera expresa que Pms de MC)xico le puede contactar vCa correo electrC3nico u otros medios. Si usted ha recibido este mensaje por error, haga caso omiso de el y reporte su cuenta respondiendo este correo con el subject BAJAIMPUESTOS Unsubscribe to this mailing list, reply a blank message with the subject UNSUBSCRIBE BAJAIMPUESTOS Tenga en cuenta que la gestiC3n de nuestras bases de datos es de suma importancia y no es intenciC3n de la empresa la inconformidad del receptor.
Re: OpenBSD does not detect connection ( no carrier ) to ASMI52 Leased Line modem
On Tue, May 11, 2010 at 3:21 PM, Stuart Henderson s...@spacehopper.org wrote: Did you 'ifconfig iface up'? Some NICs show link before this is done, others do not. Ok :-) # ifconfig rl2 up # ifconfig rl2 rl2: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:0b:5d:4c:5b:30 priority: 0 media: Ethernet autoselect (none) status: no carrier inet6 fe80::2e0:4dff:fe06:2b68%rl2 prefixlen 64 scopeid 0x3 inet 132.181.20.26 netmask 0xfffc broadcast 132.181.20.27 does not seem to work :-( Thanks for the reply Stuart :-) --Siju
İGED AKADEMİ: YÖNETİCİ ASİSTANLIĞI - (SERTİFİKALI)
This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible.
Re: OpenBSD does not detect connection ( no carrier ) to ASMI52 Leased Line modem
On Tue, May 11, 2010 at 3:33 PM, Reyk Floeter r...@openbsd.org wrote: You might have auto-negotiation problems, try to force a different mode. i guess that 100 full-duplex should work. also try to use a cable that is at least 2m long. # ifconfig em0 media 100baseTx mediaopt full-duplex or to list the available options for your NIC: # ifconfig em0 media Thanks Reyk for the reply :-) I tried it # ifconfig rl2 media 100baseTx mediaopt full-duplex # ifconfig rl2 rl2: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:0b:5d:4c:5b:30 priority: 0 media: Ethernet 100baseTX full-duplex status: no carrier inet6 fe80::2e0:4dff:fe06:2b68%rl2 prefixlen 64 scopeid 0x3 inet 132.181.20.26 netmask 0xfffc broadcast 132.181.20.27 # ifconfig rl2 media rl2: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:0b:5d:4c:5b:30 priority: 0 media: Ethernet 100baseTX full-duplex status: no carrier supported media: media 10baseT media 10baseT mediaopt full-duplex media 100baseTX media 100baseTX mediaopt full-duplex media autoselect inet 132.181.20.26 netmask 0xfffc broadcast 132.181.20.27 Whatis amazing for me is that it can be connected to a laptop but not to a desktop computer? It connects to a Windows XP laptop and I can connect to the internet but it will not show link up if I connect it to a Windows XP desktop or a linux desktop or my OpenBSD firewall. try to figure out the link speed that windows is using to connect to the modem. but i don't know a way to figure out the duplex state on windows. Ok will do that and try with a longer cable as you said :-) The ISP told us that it should be given to some device like fortigate you should change the ISP for giving such a misleading advise. They made my Boss purchase a Netgear Wireless-G 54 Router ( while I was away ) http://www.netgear.com/Products/RoutersandGateways/WirelessGRouters/WGR614.as px and now I am asked to give the connection from the Leased Line modem directly to it and keep it in between the OpenBSD firewall and leased line modem. This setup works. I dont know what is special about the net gear device but I wonder what is special about the Laptop NICs ( differrent from the desktop NICs ) so that they show the link up ? Thanks Reyk :-) --Siju
Broadcast behavior in 4.7 [Was: Re: Trying to set diskless(8) -- hanging in RPC timeout for server]
I just happened to run into the same issue right after upgrading to 4.7 (however, you mention 4.6, so I'm uncertain we're dealing with the same cause). Basically, the issue I'm seeing is that portmap/rpc.bootparamd don't see the incoming packets for 172.16.255.255 (my own network being 172.16.5.0/25, so broadcast is 172.16.5.127). There were some changes made to sys/netinet/in.c, especially rev 1.56. As far as I know, the diskless machine cannot learn its netmask through RARP, so will assume a netmask based on the class of the network the machine is in, hence the 172.16.255.255 broadcast. Before rev 1.56 of netinet/in.c, it seems the kernel would accept broadcasts for the broadcast address associated to your network class. Or at least that's the behavior I observe when running portmap -d. After updating to 1.56 and up, portmap/rpc.bootparamd don't see the requests for 172.16.255.255. As a workaround, I succeeded by either keeping a 4.6 kernel around to answer the bootparam requests, or forcing a broadcast address of 172.16.255.255 on the bootparamd server. Not particularly clean, but it did the trick. As for a permanent fix, I am unsure. I don't know of any way other than RARP to do diskless in OpenBSD, at least on i386/amd64. Any thoughts? -- Pascal On Wed, May 12, 2010 at 12:30:39AM +0200, Stefan Unterweger wrote: * Fred Crowson on Tue, May 11, 2010 at 10:43:09PM +0100: What does your dhcpd.conf look like on your server? I have several subnets served via DHCP, so I have reported only the relevant one together with the global options: | server-name Neu-Sorpigal; | option domain-name intranet.aleturo.com; | default-lease-time 86400; | | shared-network wired { | option domain-name wired.intranet.aleturo.com; | option domain-name-servers 172.23.12.2; | option netbios-name-servers 172.23.12.2; | option routers 172.23.12.2; | | filename pxeboot; | next-server 172.23.12.2; | option root-path /export/client/; | | subnet 172.23.0.0 netmask 255.255.0.0 { | allow unknown-clients; | range 172.23.13.128 172.23.13.254; | } | } I've added the options next-server and root-path just now, since I've seen mention of it in pxeboot(8). Prior to that, only the filename directive was there. Everything else however, including the tcpdumps, is not impressed by that. It might be worth having -vv and -X on your tcpdump it might provide more info as to the problem. I didn't include the dump from phase 2, where pxeboot and the kernel are served by tftp and whatelse, since that's an insane amount of data. This tcpdump was started just before the kernel tried to connect to NFS, that is, before the second burst. | $ tcpdump -X -vv -n -s 160 -i em0 host 172.23.13.138 | tcpdump: listening on em0, link-type EN10MB | 00:19:48.612571 rarp reply 00:00:e2:87:e8:76 at 172.23.13.138 | : 0001 0800 0604 0004 000e 0c06 be26 ac17 ,. | 0010: 0c02 e287 e876 ac17 0d8ab.hv,... | | 00:19:48.613207 arp who-has 172.23.13.138 tell 172.23.13.138 | : 0001 0800 0604 0001 e287 e876 ac17 ..b.hv,. | 0010: 0d8a ac17 0d8a ,... | 0020: .. | | 00:19:48.630322 172.23.13.138.718 172.23.255.255.111: [udp sum ok] udp 96 (ttl 64, id 65499, len 124) | : 4500 007c ffdb 4011 14dd ac17 0d8a E..|...@..],... | 0010: ac17 02ce 006f 0068 eac4 90ad 0bca ,..N.o.hjD.-.J | 0020: 0002 0001 86a0 0002 ... | 0030: 0005 0001 0014 | 0040: | 0050: 0001 86ba 0001 ...: | 0060: 0001 0014 0001 00ac ..., | 0070: 0017 000d 008a | | 00:19:49.620480 172.23.13.138.718 172.23.255.255.111: [udp sum ok] udp 96 (ttl 64, id 60019, len 124) | : 4500 007c ea73 4011 2a45 ac17 0d8a E..|j...@.*e,... | 0010: ac17 02ce 006f 0068 eac4 90ad 0bca ,..N.o.hjD.-.J | 0020: 0002 0001 86a0 0002 ... | 0030: 0005 0001 0014 | 0040: | 0050: 0001 86ba 0001 ...: | 0060: 0001 0014 0001 00ac ..., | 0070: 0017 000d 008a | | 00:19:51.620513 172.23.13.138.718 172.23.255.255.111: [udp sum ok] udp 96 (ttl 64, id 63711, len 124) | : 4500 007c f8df 4011 1bd9 ac17 0d8a E..|x...@..y,... | 0010: ac17 02ce 006f 0068 eac4 90ad 0bca ,..N.o.hjD.-.J | 0020: 0002 0001 86a0 0002 ... | 0030: 0005 0001 0014
X exiting after update (inteldrm error)
Hi, I'm not sure if misc@ is the right place to send this... After update kernel + userland + X (yesterday, in the morning (here in Brazil)... but with all the latest relevant changes in the trees src/ and xenocara/ applied), X exited (today, tonight, here in Brazil... yeah! :) with the following error: $ zcat /var/log/messages.0.gz [...] May 12 00:47:30 valinor /bsd: render error detected, EIR: 0x0010 May 12 00:47:30 valinor /bsd: page table error May 12 00:47:30 valinor /bsd: PGTBL_ER: 0x0002 May 12 00:47:30 valinor /bsd: render error detected, EIR: 0x0010 May 12 00:47:30 valinor /bsd: page table error May 12 00:47:30 valinor /bsd: PGTBL_ER: 0x0002 May 12 00:47:30 valinor /bsd: no reset function for chipset. May 12 00:47:30 valinor /bsd: no reset function for chipset. May 12 00:47:39 valinor /bsd: error: [drm:pid17835:inteldrm_lastclose] *ERROR* failed to idle hardware: 5 [...] After try to start X, the X exited again with the error: $ zcat /var/log/messages.0.gz [...] May 12 00:56:35 valinor /bsd: error: [drm:pid28250:inteldrm_lastclose] *ERROR* failed to idle hardware: 5 May 12 00:56:38 valinor /bsd: error: [drm:pid28250:i915_gem_entervt_ioctl] *ERROR* Reenabling wedged hardware, good luck May 12 00:56:38 valinor /bsd: render error detected, EIR: 0x0010 May 12 00:56:38 valinor /bsd: page table error May 12 00:56:38 valinor /bsd: PGTBL_ER: 0x0002 May 12 00:56:38 valinor /bsd: render error detected, EIR: 0x0010 May 12 00:56:38 valinor /bsd: page table error May 12 00:56:38 valinor /bsd: PGTBL_ER: 0x0002 May 12 00:56:38 valinor /bsd: no reset function for chipset. May 12 00:56:38 valinor /bsd: error: [drm:pid6:i915_gem_evict_inactive] *ERROR* Pinned object in unbind list May 12 00:56:38 valinor /bsd: no reset function for chipset. May 12 00:56:38 valinor /bsd: error: [drm:pid6:i915_gem_evict_inactive] *ERROR* Pinned object in unbind list May 12 00:56:48 valinor /bsd: error: [drm:pid28250:inteldrm_lastclose] *ERROR* failed to idle hardware: 5 [...] After reboot the machine, X works again... How-to-repeat: Well, the error occured only one time by now, but maybe it can happen again... I was using mupdf-0.5 and mozilla-firefox-3.6.3p1 (Google Images and cartoon...) when the error occurred. Render error? Any connection with mupdf or firefox? Bellow: dmesg, Xorg.0.log.old (when error happened), Xorg.0.log (system running OK, while I'm typing this message...). dmesg = OpenBSD 4.7-current (GENERIC) #0: Tue May 11 11:27:27 BRT 2010 r...@valinor.arda.net:/usr/obj/GENERIC cpu0: Intel(R) Celeron(R) M CPU 520 @ 1.60GHz (GenuineIntel 686-class) 1.60 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,TM,SBF,SSE3,MWAIT,DS-CPL,TM2,SSSE3,CX16,xTPR,PDCM real mem = 1063690240 (1014MB) avail mem = 1020542976 (973MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 05/28/07, BIOS32 rev. 0 @ 0xffa10, SMBIOS rev. 2.4 @ 0xf70b0 (61 entries) bios0: vendor Dell Inc. version A06 date 05/28/2007 bios0: Dell Inc. Latitude D520 acpi0 at bios0: rev 0 acpi0: tables DSDT FACP HPET APIC MCFG SLIC SSDT SSDT acpi0: wakeup devices LID_(S3) PBTN(S4) PCI0(S4) USB0(S0) USB1(S0) USB2(S0) USB3(S0) EHCI(S0) AZAL(S3) PCIE(S4) RP01(S3) RP02(S4) RP03(S3) RP04(S3) RP05(S3) RP06(S3) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpihpet0 at acpi0: 14318179 Hz acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: apic clock running at 132MHz ioapic0 at mainbus0: apid 1 pa 0xfec0, version 20, 24 pins ioapic0: misconfigured as apic 0, remapped to apid 1 acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 2 (PCIE) acpiprt2 at acpi0: bus 11 (RP01) acpiprt3 at acpi0: bus 12 (RP02) acpiprt4 at acpi0: bus -1 (RP03) acpiprt5 at acpi0: bus -1 (RP04) acpiprt6 at acpi0: bus -1 (RP05) acpiprt7 at acpi0: bus -1 (RP06) acpicpu0 at acpi0: C3, C2, C1 acpitz0 at acpi0: critical temperature 126 degC acpiac0 at acpi0: AC unit online acpibat0 at acpi0: BAT0 not present acpibat1 at acpi0: BAT1 not present acpibtn0 at acpi0: LID_ acpibtn1 at acpi0: PBTN acpibtn2 at acpi0: SBTN acpidock0 at acpi0: GDCK not docked (0) acpivideo0 at acpi0: VID_ acpivout0 at acpivideo0: TV__ acpivout1 at acpivideo0: CRT_ acpivout2 at acpivideo0: LCD_ acpivout3 at acpivideo0: DVI_ acpivideo1 at acpi0: VID2 bios0: ROM list: 0xc/0xf000! 0xcf000/0x1000 pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 0 function 0 Intel 82945GM Host rev 0x03 vga1 at pci0 dev 2 function 0 Intel 82945GM Video rev 0x03 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) intagp0 at vga1 agp0 at intagp0: aperture at 0xd000, size 0x1000 inteldrm0 at vga1: apic 1 int 16 (irq 11) drm0 at inteldrm0 Intel 82945GM Video rev 0x03 at pci0 dev 2 function 1 not configured azalia0 at pci0 dev 27 function 0 Intel 82801GB HD Audio rev 0x01: apic 1 int 21 (irq 10)