Re: strangely slow OpenBSD server connection

[Claudio Jeker]

On Mon, May 10, 2010 at 02:41:39PM -0700, Patrick Dohman wrote:
 On Mon, May 10, 2010 at 11:54 AM, Kurt Mosiejczuk 
 kurt-openbsd-m...@se.rit.edu wrote:
 
 
  Fixing a speed below full and/or setting a duplex mode means you aren't
  using autoneg.
 
 
 Not sure if this where your headed Kurt but it's a subject i'm somewhat
 unclear on when it comes to GbE. Most if not all of the GbE cards I've
 utilized have drivers with no configuration for duplex when running at
 gigabit speeds. Basically all the duplex and flow control settings are auto
 only when running at gig speeds. b.t.w my apologies to the o.p I'm not
 trying to hijack the thread ;)
 

GbE requires autoneg to run all the time. Whereas on 10 and 100MbE autoneg
is optional. Getting the speed right is normaly not an issue but the
duplex settings are often wrong (since half-duplex is the default for 10
and 100).

-- 
:wq Claudio

OpenBSD does not detect connection ( no carrier ) to ASMI52 Leased Line modem

[Siju George]

Hi,

I have a leased line connection comming through MROTEK ASMi-52 modem.

http://www.tradekey.com/product_view/id/1117664.htm

If I plugin the output of that modem to any laptop it will work.
If I plugin that output to a desktop it will not work

Under OpenBSD it shows 'no carrier' during an 'ifconfig -a'

Behind the moden from which the ethernet cable is connected it is written.

LINK 10/100 BASE-T ACT

What could be the trouble?

Thanks

--Siju

Re: strangely slow OpenBSD server connection

[Claudio Jeker]

On Tue, May 11, 2010 at 01:05:47AM +0300, Andreas Gerdd wrote:
  On Mon, May 10, 2010 at 03:34, Daniel Melameth dan...@melameth.com
 wrote:
  I'll concur--that's pretty slow.  Have you tried increasing
  net.inet.tcp.recvspace and/or net.inet.tcp.sendspace
 
 Increasing TCP send,recv and UDP send,recv dramatically improved the speed
 from
 80 KB/s to 1.12M/s. God.. What a difference!
 
 from the default OpenBSD 4.6 values to:
 net.inet.tcp.sendspace=262144
 net.inet.tcp.recvspace=262144
 net.inet.udp.recvspace=262144
 net.inet.udp.sendspace=262144
 Would those high values make the server vulnerable to ddos attacks?
 

Yes.
First of all you increased the tcp sendspace by 16 so 16 times more memory
will be consumed for each socket. So in the end you can use 16 times less
concurrent sockets. Watch out for hitting the kern.maxclusters limit.
Second the tcp recvspace should normaly not cause any troubles since as
long as userland is responding that socketbuffer will stay almost empty.
Third bumping udp send space makes no sense at all and the recv space
should only be touched if you expect massive burst of huge udp traffic.

 I still don't feel comfortable with that bge0 card. Heh 80 KB/s..
 I'll request an Intel NIC from the company.
 

At 10Mbps. fxp(4), em(4) is overkill but a good option as well.

  On Mon, May 10, 2010 at 09:08, Tomas Bodzar tomas.bod...@gmail.com
 wrote:
  If you will take a look trough archives you will find that best option
  is to use Intel cards because of quality of HW.
 
 As you suggested, what model Intel NIC would be the best possible choice for
 OpenBSD?
 
  On Mon, May 10, 2010 at 18:46, James Records james.reco...@gmail.com
 wrote:
  Is this only with http?  If you transfer a file using scp is it any
 faster?
 
 Tried both HTTP/FTP/SCP. Same speed. The SFTP/SCP speed was even around some
 few bytes!
 

-- 
:wq Claudio

Re: Hardware for a PF box

[Lars Nooden]

On Mon, 10 May 2010, Chris Smith wrote:

What about logging in this case? Can PF logs be sent to another system
running a syslog daemon?


You answered your own question. ;)  Look at the 'action' field explanation 
in the manual page for syslog.conf(5)


About the diskless machine, many of the so-called diskless machines 
actually use flash or ssd instead of a spinning magnetic platter.  The 
base installation of openbsd is still quite small.  If you are only 
running PF, you will have a lot of space left over on a 1GB CF to make a 
logging partition.  Flash can be very slow, so volitile caches can be 
stored in an mfs partition.


/Lars

Re: OpenBSD does not detect connection ( no carrier ) to ASMI52 Leased Line modem

[Claudio Jeker]

On Tue, May 11, 2010 at 12:19:29PM +0530, Siju George wrote:
 Hi,
 
 I have a leased line connection comming through MROTEK ASMi-52 modem.
 
 http://www.tradekey.com/product_view/id/1117664.htm
 
 If I plugin the output of that modem to any laptop it will work.
 If I plugin that output to a desktop it will not work
 
 Under OpenBSD it shows 'no carrier' during an 'ifconfig -a'
 
 Behind the moden from which the ethernet cable is connected it is written.
 
 LINK 10/100 BASE-T ACT
 
 What could be the trouble?
 

Try using a cross-over cable.

-- 
:wq Claudio

Re: OpenBSD does not detect connection ( no carrier ) to ASMI52 Leased Line modem

[Siju George]

On Tue, May 11, 2010 at 12:29 PM, Claudio Jeker
cje...@diehard.n-r-g.com wrote:

 Try using a cross-over cable.


Thanks for the idea Claudio.

The cross over cable does not work either.

Whatis amazing for me is that it can be connected to a laptop but not
to a desktop computer?
It connects to a Windows XP laptop and I can connect to the internet
but it will not show link up if I connect it to a Windows XP desktop
or a linux desktop or my OpenBSD firewall.

I tried giving the same lladdr of the Windows XP laptiop through which
i connected to the openBSD NIC still it shows no carrier :-(

The ISP told us that it should be given to some device like fortigate
But What amazes me is how I am able to get it working on a laptop :-(

thanks

--Siju

Re: OpenBSD does not detect connection ( no carrier ) to ASMI52 Leased Line modem

[Stuart Henderson]

On 2010-05-11, Siju George sgeorge...@gmail.com wrote:
 Hi,

 I have a leased line connection comming through MROTEK ASMi-52 modem.

 http://www.tradekey.com/product_view/id/1117664.htm

 If I plugin the output of that modem to any laptop it will work.
 If I plugin that output to a desktop it will not work

 Under OpenBSD it shows 'no carrier' during an 'ifconfig -a'

Did you 'ifconfig iface up'? Some NICs show link before this is
done, others do not.

Matheus Teles cantor sertanejo

[Matheus Teles]

Matheus Teles, 15 anos de idade, cantor sertanejo. Acesse
www.MatheusTeles.com.br

Re: cd arrived in Italy, and in Sweden too

[SJP Lists]

On 11 May 2010 00:37, Benny Lvfgren bl-li...@lofgren.biz wrote:
 matteo filippetto wrote:

 Hi all,

 today cd arrived in Italy

 ...and mine came today as well, together with two mugs and two t-shirts
that
 my girlfriend immediately banned from use in public amongst non-nerds. :-)

 Thanks, folks.

No stranger ever went out of their way to say something about any of
my generic printed t-shirts or even any of my old Linux t-shirts (back
when I was still finding myself :).

But OpenBSD t-shirts?  Strangers go out of their way to comment on my
OpenBSD t-shirts over the years.  I remember once a baker leaned over
the counter after I'd bought a pie, raised his finger to his lips and
went sshh.  I thought, WTF? Then he points to my OpenSSH t-shirt!
Ahhh.

But even better, even a hot young Asian chick commented about my
cool Puffy t-shirt.  Let me set the scene here, hot young Asian
chicks don't go out of their way to talk to me.

THANK YOU OpenBSD!!!

I reckon your girlfriend knows this and that's why she does not
wanting you wearing them.


Shane

Re: OpenBSD does not detect connection ( no carrier ) to ASMI52 Leased Line modem

[Reyk Floeter]

On Tue, May 11, 2010 at 03:09:37PM +0530, Siju George wrote:
 On Tue, May 11, 2010 at 12:29 PM, Claudio Jeker
 cje...@diehard.n-r-g.com wrote:
 
  Try using a cross-over cable.
 
 
 Thanks for the idea Claudio.
 
 The cross over cable does not work either.
 

You might have auto-negotiation problems, try to force a different
mode.  i guess that 100 full-duplex should work.  also try to use a
cable that is at least 2m long.

# ifconfig em0 media 100baseTx mediaopt full-duplex

or to list the available options for your NIC:

# ifconfig em0 media

 Whatis amazing for me is that it can be connected to a laptop but not
 to a desktop computer?
 It connects to a Windows XP laptop and I can connect to the internet
 but it will not show link up if I connect it to a Windows XP desktop
 or a linux desktop or my OpenBSD firewall.
 

try to figure out the link speed that windows is using to connect to
the modem.  but i don't know a way to figure out the duplex state on
windows.

 The ISP told us that it should be given to some device like fortigate

you should change the ISP for giving such a misleading advise.

reyk

Re: strange pausing behavior in -current

[Neal Hogan]

On Mon, May 10, 2010 at 8:53 PM, Bryan bra...@gmail.com wrote:
 I just installed -current and did a build of the most recent cvs pull,
 and I'm still experiencing it.  As I type of do pretty much anything
 on the computer, the whole screen and output (xterms, firefox, etc)
 will stutter, and will only unpause if I wait several seconds, or move
 the mouse.  Once I move the mouse, the screen updates, and everything
 is good.  This only occurs in X, consoles don't have the issue.

 The pausing seems to occurring at random.  It's more annoying than
 anything, but I I just wondered if anyone else had come across this
 issue before...


Take a look at:

http://marc.info/?l=openbsd-miscw=4r=1s=intel+drmq=b

 dmesg is below.


 here is the latest dmesg:

 OpenBSD 4.7-current (build) #0: Mon May 10 20:08:01 CDT 2010
r...@openbsd-host.gateway.2wire.net:/usr/build
 cpu0: Pentium(R) Dual-Core CPU T4400 @ 2.20GHz (GenuineIntel
 686-class) 2.20 GHz
 cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MW
 AIT,DS-CPL,EST,TM2,SSSE3,CX16,xTPR,PDCM,XSAVE
 real mem  = 3145064448 (2999MB)
 avail mem = 3050852352 (2909MB)
 mainbus0 at root
 bios0 at mainbus0: AT/286+ BIOS, date 12/09/09, BIOS32 rev. 0 @
 0xfd8f0, SMBIOS rev. 2.5 @ 0xbbac (45 entries)
 bios0: vendor Phoenix Technologies LTD version V2.04 date 12/09/2009
 bios0: Acer Aspire 7736
 acpi0 at bios0: rev 2
 acpi0: tables DSDT FACP HPET MCFG SLIC APIC BOOT SSDT SSDT
 acpi0: wakeup devices P0P1(S4) USB0(S3) USB1(S3) USB2(S3) USBR(S3)
 EHC1(S3) USB3(S3) USB4(S3) USB5(S3) EHC2(S3) HDEF(S3) PXSX(S5) GL
 AN(S5) LID0(S3) SLPB(S3)
 acpitimer0 at acpi0: 3579545 Hz, 24 bits
 acpihpet0 at acpi0: 14318179 Hz
 acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
 cpu0 at mainbus0: apid 0 (boot processor)
 cpu0: apic clock running at 199MHz
 cpu1 at mainbus0: apid 1 (application processor)
 cpu1: Pentium(R) Dual-Core CPU T4400 @ 2.20GHz (GenuineIntel
 686-class) 2.20 GHz
 cpu1:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MW
 AIT,DS-CPL,EST,TM2,SSSE3,CX16,xTPR,PDCM,XSAVE
 ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins
 acpiprt0 at acpi0: bus 0 (PCI0)
 acpiprt1 at acpi0: bus 13 (P0P1)
 acpiprt2 at acpi0: bus 2 (RP01)
 acpiprt3 at acpi0: bus 3 (RP02)
 acpiprt4 at acpi0: bus -1 (RP03)
 acpiprt5 at acpi0: bus -1 (RP04)
 acpiprt6 at acpi0: bus 4 (RP05)
 acpiec0 at acpi0
 acpicpu0 at acpi0: C2, C1, PSS
 acpicpu1 at acpi0: C2, C1, PSS
 acpitz0 at acpi0: critical temperature 101 degC
 acpitz1 at acpi0: critical temperature 101 degC
 acpibat0 at acpi0: BAT0 model AS07B31 serial   170 type LION oem
4f594e4153
 acpiac0 at acpi0: AC unit offline
 acpibtn0 at acpi0: LID0
 acpibtn1 at acpi0: SLPB
 acpivideo0 at acpi0: VGA_
 acpivout0 at acpivideo0: CRT_
 acpivout1 at acpivideo0: LCD_
 acpivout2 at acpivideo0: TV0_
 acpivout3 at acpivideo0: DVI_
 acpivideo1 at acpi0: GFX0
 acpivout4 at acpivideo1: DD01
 acpivout5 at acpivideo1: DD02
 acpivout6 at acpivideo1: DD03
 bios0: ROM list: 0xc/0xfe00! 0xd/0x1000 0xd1200/0x1000
 cpu0: Enhanced SpeedStep 2195 MHz: speeds: 2200, 1600, 1200 MHz
 pci0 at mainbus0 bus 0: configuration mode 1 (bios)
 pchb0 at pci0 dev 0 function 0 Intel GM45 Host rev 0x09
 vga1 at pci0 dev 2 function 0 Intel GM45 Video rev 0x09
 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
 wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
 intagp0 at vga1
 agp0 at intagp0: aperture at 0xd000, size 0x1000
 inteldrm0 at vga1: apic 2 int 16 (irq 11)
 drm0 at inteldrm0
 Intel GM45 Video rev 0x09 at pci0 dev 2 function 1 not configured
 uhci0 at pci0 dev 26 function 0 Intel 82801I USB rev 0x03: apic 2
 int 20 (irq 11)
 uhci1 at pci0 dev 26 function 1 Intel 82801I USB rev 0x03: apic 2
 int 20 (irq 11)
 ehci0 at pci0 dev 26 function 7 Intel 82801I USB rev 0x03: apic 2
 int 20 (irq 11)
 usb0 at ehci0: USB revision 2.0
 uhub0 at usb0 Intel EHCI root hub rev 2.00/1.00 addr 1
 azalia0 at pci0 dev 27 function 0 Intel 82801I HD Audio rev 0x03:
 apic 2 int 21 (irq 10)
 azalia0: codecs: Realtek ALC888, ATT/Lucent/0x1040, Intel/0x2802,
 using Realtek ALC888
 audio0 at azalia0
 ppb0 at pci0 dev 28 function 0 Intel 82801I PCIE rev 0x03: apic 2
 int 16 (irq 11)
 pci1 at ppb0 bus 2
 bge0 at pci1 dev 0 function 0 Broadcom BCM5784 rev 0x10, BCM5784 A1
 (0x5784100): apic 2 int 16 (irq 11), address 00:26:2d:82:c7:73
 brgphy0 at bge0 phy 1: BCM5784 10/100/1000baseT PHY, rev. 4
 ppb1 at pci0 dev 28 function 1 Intel 82801I PCIE rev 0x03: apic 2
 int 17 (irq 11)
 pci2 at ppb1 bus 3
 athn0 at pci2 dev 0 function 0 Atheros AR9281 rev 0x01: apic 2 int
 17 (irq 11), address c4:17:fe:81:ea:1d
 athn0: AR9280 rev 2 (2T2R), ROM rev 22
 ppb2 at pci0 dev 28 function 4 Intel 82801I PCIE rev 0x03: apic 2
 int 16 (irq 11)
 pci3 at ppb2 bus 4
 uhci2 at pci0 dev 29 function 0 Intel 82801I USB rev 0x03: apic 2
 int 23 (irq 10)
 

nested vlans: safe to use?

[Toni Mueller]

Hi,

I've been trying to figure out whether I can use OpenBSD in a nested
vlan scenario. I'm looking at a data centre where I want to get two
wires, each carrying several vlans, and funneling them home across a
WAN link. Various switch vendors claim to be able to do it, but I
couldn't really figure out what the current state of affairs wrt.
OpenBSD is. On the other side of the wires or fibres, I'll be talking
to Junipers, Ciscos (6509), and/or Foundy switches and/or routers on
the other side(s).

The desired setup looks like this:

  data centre LAN --- switch --- WAN --- home (OpenBSD)

I want to run at least three vlans across the WAN link, and need to
keep the vlans strictly separated. I also need to do traffic shaping on
a per-vlan basis. :/


TIA!



Kind regards,
--Toni++

Re: Hardware for a PF box

[Aaron Mason]

On Tue, May 11, 2010 at 4:56 PM, Lars Nooden lars.cura...@gmail.com wrote:
 On Mon, 10 May 2010, Chris Smith wrote:

 What about logging in this case? Can PF logs be sent to another system
 running a syslog daemon?

 You answered your own question. ;)  Look at the 'action' field explanation
 in the manual page for syslog.conf(5)

 About the diskless machine, many of the so-called diskless machines actually
 use flash or ssd instead of a spinning magnetic platter.  The base
 installation of openbsd is still quite small.  If you are only running PF,
 you will have a lot of space left over on a 1GB CF to make a logging
 partition.  Flash can be very slow, so volitile caches can be stored in an
 mfs partition.

 /Lars



OpenBSD will happily fit into about 160mb by installing only base and
etc which provide plenty for a firewall.  My 1.4GHz Toshiba laptop
acting as a wireless-wired gateway runs OpenBSD 4.6 on a 512mb USB
drive (which I'd like to replace with a CF disk on a 2.5 compatible
adapter) with space to spare.  Sure it doesn't do anywhere near as
many packets as you propose, but it handles a constantly-running
seedbox and my gaming together without skipping a beat, which is more
than I can ask for.

-- 
Aaron Mason - Programmer, open source addict
I've taken my software vows - for beta or for worse

Re: nested vlans: safe to use?

[Michal]

On 11/05/2010 12:45, Toni Mueller wrote:
 Hi,
 
 I've been trying to figure out whether I can use OpenBSD in a nested
 vlan scenario. I'm looking at a data centre where I want to get two
 wires, each carrying several vlans, and funneling them home across a
 WAN link. Various switch vendors claim to be able to do it, but I
 couldn't really figure out what the current state of affairs wrt.
 OpenBSD is. On the other side of the wires or fibres, I'll be talking
 to Junipers, Ciscos (6509), and/or Foundy switches and/or routers on
 the other side(s).
 
 The desired setup looks like this:
 
   data centre LAN --- switch --- WAN --- home (OpenBSD)
 
 I want to run at least three vlans across the WAN link, and need to
 keep the vlans strictly separated. I also need to do traffic shaping on
 a per-vlan basis. :/

First of all, how will you connect from home to the data center? Normal
household broadband? Can't do VLAN's over that. If you have leased lines
for example, say from an office to datacenter, then you can do it but
only if they are VLAN clear. I had some links once from Office to
different sites from a company called Adapt, but they where not VLAN
clear and it was problem which we had to work around, and it wasn't that
bad but once we installed VLAN clear lines it was much better.

Halens'den bedava urun kazanma sansi!

[Halens]

a)Yukar}da gvr|nt|lenen t|m fiyatlarda KDV dahil olup,30 May}s'a kadar
kargo |cretsizdir.
  b)L|tfen bu iletiyi elektronik posta program}n}z}n 'cevapla' tu~unu
kullanarak cevaplamay}n}z.
  c)Sorular}n}z veya yorumlar}n}z igin l|tfen ileti~im formunu
kullan}n}z.
  d)Bilgi almak igin gizlilik politikam}z} ve ~art ve h|k|mlermizi
okuyunuz.
  e)Gvr|nt|lenen ticari markalar ve marka adlar} ilgili, yasal
sahiplere aittir.

  Halens hakk}nda daha fazla bilgi igin l|tfen web sitemizi ziyaret
ediniz.














Halens T|rkiye : Kvyalt} Mevki Cemal Ulusoy
Caddesi Asena Sok. No : 9 Kat : 3 34197
Yenibosna / ]stanbul T|rkiye
 CEO: Matthias Fink, Ticaret Sicil Numaras} 694704



HALEN DANI^MA HATTI
09:30 - 12:30 / 13:30 - 17:30
 i...@halens.com.tr








Telif hakk} 2009 Quelle T|rkiye tekstil ve
 Elektronik Online Shop Limited ^irketi'ne aittir.

Bu maili d|zg|n gvremiyorsan}z t}klay}n}z.
\yelikten g}kmak istiyorsan}z t}klay}n}z.
Tasar}m : Kollektif

*BSD meetup, London May 27th

[Sevan / Venture37]

Hi Guys
Some of us are meeting at the Barrowboy  Banker by London bridge on
the 27th this month, 7pm
More details here:
http://mailman.uk.freebsd.org/pipermail/ukfreebsd/2010-May/012735.html


Sevan / Venture37

Re: strange pausing behavior in -current

[Bryan]

On Tue, May 11, 2010 at 06:38, Neal Hogan nealho...@gmail.com wrote:

 Take a look at:

 http://marc.info/?l=openbsd-miscw=4r=1s=intel+drmq=b


I did read this thread


 pchb0 at pci0 dev 0 function 0 Intel GM45 Host rev 0x09
 vga1 at pci0 dev 2 function 0 Intel GM45 Video rev 0x09
 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
 wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
 intagp0 at vga1
 agp0 at intagp0: aperture at 0xd000, size 0x1000
 inteldrm0 at vga1: apic 2 int 16 (irq 11)
 drm0 at inteldrm0
 Intel GM45 Video rev 0x09 at pci0 dev 2 function 1 not configured

I'm not really having any issues with X not starting, nor is the agp0
at intagp0 having issues.  In my case, I built a GENERIC.MP kernel,
and started X with no issues, it seems like the screen pauses for a
few seconds at random.  Above, you can see the video portion of my
dmesg from 10 May 2010.  It appears to be working as the devs wanted
it to.

As I'm sitting here writing this, I wonder if its an EXA/XXA issue, like:

http://marc.info/?l=openbsd-miscm=124488326903516w=2

but it also happens on apps like Firefox, and Midori (I installed it
thinking it was a firefox issue).  I'll try this and get back with
you...

Re: Hardware for a PF box

[BARDOU Pierre]

Hello,



I'll try to answer every suggestion...



I'm going to buy brand new HP servers, DL360 G5 or DL165 G7. So the choice for 
CPU is between AMD Opteron 24xx or Intel Xeon 55xx.

I've read that a PIII would be sufficient : I have performance issues actually, 
running on a Xeon 2.8GHz (monocore, FSB 800, socket 604). I don't think they 
come from PF BTW, it should be logging/relayd/OpenVPN which makes the box lag.



I'm actually on a test with dual xeon E5420 on GEMERIC.MP, it runs like a 
charm. But it's borrowed hardware, I have to give it back :)



I'm very interested in separated log machine, I think I'll do that. Could you 
give me an estimation on how many Mbps I need on the log server ?

I think I'll put this on a VM, we have an ESX cluster connected to a CX3-40 SAN 
which should give enough disk I/O...



Installing SSD on the machines is way more expensive with HP hardware : 72 GB 
SAS 15Ktpm costs 260b,, 60 GB SSD costs 950b,.

HP offers no way to install a compact flash as disk drive.



Networks cards are Intel Gb, using em(4) driver.



So, with all your considerations, here's my actual setup :

* Xeon E5504 quad core @2Ghz (don't need AMD's 6 cores, and costs nearly the 
same prize than the only dual core remaining, E5502 @1.86GHz)

* 3*1GB memory (Xeon are triple channel, so I need three DIMM for maximal 
memory bandwidth)

* 2x72 Gb SAS drives on raid0 



Does it sound correct to you ?

Do you have any suggestion/modification ?



Thank you very much for the help.



--

Cordialement,

Pierre BARDOU





-Message d'origine-

DeB : Aaron Mason [mailto:simplersolut...@gmail.com] 

EnvoyC)B : mardi 11 mai 2010 14:01

CB : Lars Nooden

CcB : misc@openbsd.org

ObjetB : Re: Hardware for a PF box



On Tue, May 11, 2010 at 4:56 PM, Lars Nooden lars.cura...@gmail.com wrote:

 On Mon, 10 May 2010, Chris Smith wrote:



 What about logging in this case? Can PF logs be sent to another system

 running a syslog daemon?



 You answered your own question. ;)  Look at the 'action' field explanation

 in the manual page for syslog.conf(5)



 About the diskless machine, many of the so-called diskless machines actually

 use flash or ssd instead of a spinning magnetic platter.  The base

 installation of openbsd is still quite small.  If you are only running PF,

 you will have a lot of space left over on a 1GB CF to make a logging

 partition.  Flash can be very slow, so volitile caches can be stored in an

 mfs partition.



 /Lars







OpenBSD will happily fit into about 160mb by installing only base and

etc which provide plenty for a firewall.  My 1.4GHz Toshiba laptop

acting as a wireless-wired gateway runs OpenBSD 4.6 on a 512mb USB

drive (which I'd like to replace with a CF disk on a 2.5 compatible

adapter) with space to spare.  Sure it doesn't do anywhere near as

many packets as you propose, but it handles a constantly-running

seedbox and my gaming together without skipping a beat, which is more

than I can ask for.



-- 

Aaron Mason - Programmer, open source addict

I've taken my software vows - for beta or for worse

Re: Hardware for a PF box

[BARDOU Pierre]

Sorry, typo : 

SAS drives would be on RAID1.



So the config would be :

* Xeon E5504 quad core @2Ghz (don't need AMD's 6 cores, and costs nearly the 
same prize than the only dual core remaining, E5502 @1.86GHz)

* 3*1GB memory (Xeon are triple channel, so I need three DIMM for maximal 
memory bandwidth)

* 2x72 Gb SAS drives on raid1

* GENERIC.MP kernel



--

Cordialement,

Pierre BARDOU





-Message d'origine-

DeB : BARDOU Pierre 

EnvoyC)B : mardi 11 mai 2010 15:40

CB : 'misc@openbsd.org'

ObjetB : RE: Hardware for a PF box



Hello,



I'll try to answer every suggestion...



I'm going to buy brand new HP servers, DL360 G5 or DL165 G7. So the choice for 
CPU is between AMD Opteron 24xx or Intel Xeon 55xx.

I've read that a PIII would be sufficient : I have performance issues actually, 
running on a Xeon 2.8GHz (monocore, FSB 800, socket 604). I don't think they 
come from PF BTW, it should be logging/relayd/OpenVPN which makes the box lag.



I'm actually on a test with dual xeon E5420 on GEMERIC.MP, it runs like a 
charm. But it's borrowed hardware, I have to give it back :)



I'm very interested in separated log machine, I think I'll do that. Could you 
give me an estimation on how many Mbps I need on the log server ?

I think I'll put this on a VM, we have an ESX cluster connected to a CX3-40 SAN 
which should give enough disk I/O...



Installing SSD on the machines is way more expensive with HP hardware : 72 GB 
SAS 15Ktpm costs 260b,, 60 GB SSD costs 950b,.

HP offers no way to install a compact flash as disk drive.



Networks cards are Intel Gb, using em(4) driver.



So, with all your considerations, here's my actual setup :

* Xeon E5504 quad core @2Ghz (don't need AMD's 6 cores, and costs nearly the 
same prize than the only dual core remaining, E5502 @1.86GHz)

* 3*1GB memory (Xeon are triple channel, so I need three DIMM for maximal 
memory bandwidth)

* 2x72 Gb SAS drives on raid0 



Does it sound correct to you ?

Do you have any suggestion/modification ?



Thank you very much for the help.



--

Cordialement,

Pierre BARDOU





-Message d'origine-

DeB : Aaron Mason [mailto:simplersolut...@gmail.com] 

EnvoyC)B : mardi 11 mai 2010 14:01

CB : Lars Nooden

CcB : misc@openbsd.org

ObjetB : Re: Hardware for a PF box



On Tue, May 11, 2010 at 4:56 PM, Lars Nooden lars.cura...@gmail.com wrote:

 On Mon, 10 May 2010, Chris Smith wrote:



 What about logging in this case? Can PF logs be sent to another system

 running a syslog daemon?



 You answered your own question. ;)  Look at the 'action' field explanation

 in the manual page for syslog.conf(5)



 About the diskless machine, many of the so-called diskless machines actually

 use flash or ssd instead of a spinning magnetic platter.  The base

 installation of openbsd is still quite small.  If you are only running PF,

 you will have a lot of space left over on a 1GB CF to make a logging

 partition.  Flash can be very slow, so volitile caches can be stored in an

 mfs partition.



 /Lars







OpenBSD will happily fit into about 160mb by installing only base and

etc which provide plenty for a firewall.  My 1.4GHz Toshiba laptop

acting as a wireless-wired gateway runs OpenBSD 4.6 on a 512mb USB

drive (which I'd like to replace with a CF disk on a 2.5 compatible

adapter) with space to spare.  Sure it doesn't do anywhere near as

many packets as you propose, but it handles a constantly-running

seedbox and my gaming together without skipping a beat, which is more

than I can ask for.



-- 

Aaron Mason - Programmer, open source addict

I've taken my software vows - for beta or for worse

Re: Sendmail performance and OpenBSD

[Steve Shockley]

On 5/9/2010 11:28 PM, Claus Assmann wrote:

PS: you might want to run some of those disk I/O benchmarks
to determine the number of IOPs your system can provide.


Thanks, everyone, for your help.  I followed Nick's advice and went in 
the server room to watch the lights, and they're really not blinken that 
much.  I had expected them to be on constantly.


I tried running bonnie -s 1024 while watching the output of iostat.  The 
iostat -w 5 -d output at rest (relaying mail, LA 0.9-1.5) is 8-16 
KB/t, 0-15 t/s, 0.01-0.10 MB/s.  During the run it seemed to max out at 
~10 MB/s on writes and ~32 MB/s on reads.


I also ran Jeff Ross' first dd test:

 jr...@varley:/var/postgresql $ sudo time dd if=/dev/zero of=big_file
 bs=8k count=1024000
 1024000+0 records in
 1024000+0 records out
 8388608000 bytes transferred in 276.573 secs (30330468 bytes/sec)
 276.60 real 0.17 user 60.39 sys

# time dd if=/dev/zero of=big_file bs=8k count=1024000
1024000+0 records in
1024000+0 records out
8388608000 bytes transferred in 204.444 secs (41031301 bytes/sec)
3m25.64s real 0m0.57s user 0m49.42s system

So, I got slightly better performance out of these 10k disks.  iostat 
said I was doing about 20mb/sec.  I'll have to run the /dev/null test 
later so my users don't yell at me about delayed emails.


I have no milters running.  I do have TLS enabled, but I wouldn't think 
that'd have an impact on a 3 GHz machine, and if it did I'd expect high 
CPU use.  I'll keep looking, but at this point I'm thinking I'm not disk 
bound.


For completeness, bioctl and dmesg pasted below.  I'm running 4.7-stable 
with patch 004.  The dmesg says it's a Smart Array 64xx, but I'm pretty 
sure it's a 6i, if that matters.


Volume  Status   Size Device
ciss0 0 Online72833679360 sd0 RAID1
  0 Online72834973696 0:0.0   noencl COMPAQ  BD07288277  
 '3KT08MDM75266AF3'
  1 Online72834973696 0:1.0   noencl COMPAQ  BD0728856A  
 'AAL1P5A0F2B80541'


OpenBSD 4.7 (GENERIC.MP) #1: Thu May  6 01:12:41 EDT 2010

r...@pa508bld47-64.gmaccm.com:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 2146381824 (2046MB)
avail mem = 2079801344 (1983MB)
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.3 @ 0xec000 (56 entries)
bios0: vendor HP version P52 date 07/16/2007
bios0: HP ProLiant DL360 G4
acpi0 at bios0: rev 2
acpi0: tables DSDT FACP SPCR MCFG APIC
acpi0: wakeup devices
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Xeon(TM) CPU 3.00GHz, 3000.60 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,CNXT-ID,CX16,xTPR,NXE,LONG

cpu0: 1MB 64b/line 8-way L2 cache
cpu0: apic clock running at 200MHz
cpu1 at mainbus0: apid 6 (application processor)
cpu1: Intel(R) Xeon(TM) CPU 3.00GHz, 3000.11 MHz
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,CNXT-ID,CX16,xTPR,NXE,LONG

cpu1: 1MB 64b/line 8-way L2 cache
ioapic0 at mainbus0: apid 8 pa 0xfec0, version 20, 24 pins
ioapic1 at mainbus0: apid 9 pa 0xfec1, version 20, 24 pins
ioapic1: misconfigured as apic 0, remapped to apid 9
ioapic2 at mainbus0: apid 10 pa 0xfec82000, version 20, 24 pins
ioapic3 at mainbus0: apid 11 pa 0xfec82400, version 20, 24 pins
acpiprt0 at acpi0: bus 1 (IP2P)
acpiprt1 at acpi0: bus 2 (ICHR)
acpiprt2 at acpi0: bus 7 (PCXA)
acpiprt3 at acpi0: bus 10 (PCXB)
acpiprt4 at acpi0: bus 6 (PTB0)
acpiprt5 at acpi0: bus 13 (PTA0)
acpiprt6 at acpi0: bus 3 (PTC0)
acpiprt7 at acpi0: bus 0 (PCI0)
acpicpu0 at acpi0
acpicpu1 at acpi0
acpitz0 at acpi0: critical temperature 31 degC
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 Intel E7520 Host rev 0x0c
ppb0 at pci0 dev 2 function 0 Intel E7520 PCIE rev 0x0c
pci1 at ppb0 bus 13
ppb1 at pci0 dev 4 function 0 Intel E7520 PCIE rev 0x0c
pci2 at ppb1 bus 6
ppb2 at pci2 dev 0 function 0 Intel PCIE-PCIE rev 0x09
pci3 at ppb2 bus 7
ppb3 at pci2 dev 0 function 2 Intel PCIE-PCIE rev 0x09
pci4 at ppb3 bus 10
ppb4 at pci0 dev 6 function 0 Intel E7520 PCIE rev 0x0c
pci5 at ppb4 bus 3
ppb5 at pci0 dev 28 function 0 Intel 6300ESB PCIX rev 0x02
pci6 at ppb5 bus 2
ciss0 at pci6 dev 1 function 0 Compaq Smart Array 64xx rev 0x01: apic 
9 int 0 (irq 5)

ciss0: 1 LD, HW rev 1, FW 2.84/2.84, 64bit fifo
scsibus0 at ciss0: 1 targets
sd0 at scsibus0 targ 0 lun 0: HP, LOGICAL VOLUME, 2.84 SCSI2 0/direct 
fixed

sd0: 69459MB, 512 bytes/sec, 142253280 sec total
bge0 at pci6 dev 2 function 0 Broadcom BCM5704C rev 0x10, BCM5704 B0 
(0x2100): apic 9 int 1 (irq 5), address 00:12:79:93:07:ff

brgphy0 at bge0 phy 1: BCM5704 10/100/1000baseT PHY, rev. 0
bge1 at pci6 dev 2 function 1 Broadcom BCM5704C rev 0x10, BCM5704 B0 
(0x2100): 

Re: strange pausing behavior in -current

[Neal Hogan]

On Tue, May 11, 2010 at 8:08 AM, Bryan bra...@gmail.com wrote:
 On Tue, May 11, 2010 at 06:38, Neal Hogan nealho...@gmail.com wrote:

 Take a look at:

 http://marc.info/?l=openbsd-miscw=4r=1s=intel+drmq=b



Just to be a bit more specific.

http://marc.info/?l=openbsd-miscm=127264769508631w=4

I pointed you to all those threads b/c there were a few in there
addressing your situation more recently than the thread you read. The
devs are aware of the stuttering/pausing thing with X and seem to be
working on it. I have yet found time to test Owain's patch . . . will
try to soon ;-)


 I did read this thread


 pchb0 at pci0 dev 0 function 0 Intel GM45 Host rev 0x09
 vga1 at pci0 dev 2 function 0 Intel GM45 Video rev 0x09
 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
 wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
 intagp0 at vga1
 agp0 at intagp0: aperture at 0xd000, size 0x1000
 inteldrm0 at vga1: apic 2 int 16 (irq 11)
 drm0 at inteldrm0
 Intel GM45 Video rev 0x09 at pci0 dev 2 function 1 not configured

 I'm not really having any issues with X not starting, nor is the agp0
 at intagp0 having issues.  In my case, I built a GENERIC.MP kernel,
 and started X with no issues, it seems like the screen pauses for a
 few seconds at random.  Above, you can see the video portion of my
 dmesg from 10 May 2010.  It appears to be working as the devs wanted
 it to.

 As I'm sitting here writing this, I wonder if its an EXA/XXA issue, like:

 http://marc.info/?l=openbsd-miscm=124488326903516w=2

 but it also happens on apps like Firefox, and Midori (I installed it
 thinking it was a firefox issue).  I'll try this and get back with
 you...

Re: Why left asymmetric layout for RAID 5?

[Marco Peereboom]

On Mon, May 10, 2010 at 01:42:29AM -0700, Matthew Dempsky wrote:
 I noticed that softraid's RAID 5 implementation uses the left
 asymmetric layout, while I've only found (sparse/vague) documentation
 suggesting symmetric layouts should be slightly better (namely, for an
 N-disk array, every N consecutive data units will each be stored on a
 different disk) without any apparent disadvantage.  Is there an
 advantage to asymmetric layouts that I'm not aware of?

Designers choice.

 
 It seems like it would be a fairly non-intrusive change: simply
 changing lines 423--424 of softraid_raidp.c to chunk = (parity + 1 +
 chunk) % (no_chunk + 1);, though I haven't tested this.

Sure, but why?

What are we gaining?

 Of course, RAID 5 users would have to recreate their RAID arrays, but
 upgrading from 4.7 to 4.8 will require that anyway.

Re: Hardware for a PF box

[Lars Nooden]

On Tue, 11 May 2010, BARDOU Pierre wrote:
... I don't think they come from PF BTW, it should be 
logging/relayd/OpenVPN which makes the box lag.


Verify before you flush money.  Tools like iostat, vmstat and pftop might 
help show where the load is.  Does the load you have from OpenVPN suggest 
the need for hardware random number generator?


I'm very interested in separated log machine, I think I'll do that. 
Could you give me an estimation on how many Mbps I need on the log 
server ?


It depends on what you have chosen to log, the level of detail you have 
chosen to log at and how much that service is actually used.  Try set up 
the logging rules and use tcpdump or pftop to track the connection to the 
log server to see.



Does it sound correct to you ?


It could be overkill on the hardware.


Do you have any suggestion/modification ?


Several have already mentioned that a diskless set up would work.  For 
PF,relayd,OpenVPN you do not need much of a hard drive.


You boot from a 1GB CF and fit base in way less than 250MB of it.  The 
rest could be used for short-term logging with copies sent to a log 
server.


If you are running squid or another cache, then the RAID set up might be 
useful.  Or it might not be.  If you have a lot of RAM, then you can put 
the cache onto a ramdisk using mfs, if the size is right.


/Lars

Re: strange pausing behavior in -current

[David Coppa]

On Tue, May 11, 2010 at 4:07 PM, Neal Hogan nealho...@gmail.com wrote:

 I pointed you to all those threads b/c there were a few in there
 addressing your situation more recently than the thread you read. The
 devs are aware of the stuttering/pausing thing with X and seem to be
 working on it. I have yet found time to test Owain's patch . . . will
 try to soon ;-)

And now INTELDRM_GEM is the default:

http://marc.info/?l=openbsd-cvsm=127353058425278w=2

ciao,
david

Re: strange pausing behavior in -current

[Bryan]

On Tue, May 11, 2010 at 09:07, Neal Hogan nealho...@gmail.com wrote:
 On Tue, May 11, 2010 at 8:08 AM, Bryan bra...@gmail.com wrote:
 On Tue, May 11, 2010 at 06:38, Neal Hogan nealho...@gmail.com wrote:

 Take a look at:

 http://marc.info/?l=openbsd-miscw=4r=1s=intel+drmq=b



 Just to be a bit more specific.

 http://marc.info/?l=openbsd-miscm=127264769508631w=4

 I pointed you to all those threads b/c there were a few in there
 addressing your situation more recently than the thread you read. The
 devs are aware of the stuttering/pausing thing with X and seem to be
 working on it. I have yet found time to test Owain's patch . . . will
 try to soon ;-)


 I did read this thread


 pchb0 at pci0 dev 0 function 0 Intel GM45 Host rev 0x09
 vga1 at pci0 dev 2 function 0 Intel GM45 Video rev 0x09
 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
 wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
 intagp0 at vga1
 agp0 at intagp0: aperture at 0xd000, size 0x1000
 inteldrm0 at vga1: apic 2 int 16 (irq 11)
 drm0 at inteldrm0
 Intel GM45 Video rev 0x09 at pci0 dev 2 function 1 not configured

 I'm not really having any issues with X not starting, nor is the agp0
 at intagp0 having issues. B In my case, I built a GENERIC.MP kernel,
 and started X with no issues, it seems like the screen pauses for a
 few seconds at random. B Above, you can see the video portion of my
 dmesg from 10 May 2010. B It appears to be working as the devs wanted
 it to.

 As I'm sitting here writing this, I wonder if its an EXA/XXA issue,
like:

 http://marc.info/?l=openbsd-miscm=124488326903516w=2

 but it also happens on apps like Firefox, and Midori (I installed it
 thinking it was a firefox issue). B I'll try this and get back with
 you...




Sorry man... I did read this one too, but it had been a while ago...

Re: SAS RAID Controller of SunFire X4150 causes trouble

[Schafhauser, Florian]

Am 07.05.2010 11:35, schrieb Stuart Henderson:
 On 2010-05-06, Schafhauser, Florian fschafhau...@arri.de wrote:
 Hello,

 the RAID Controller causes trouble with OpenBSD 4.5 and 4.6.

 First off, for mpi(4) you want one of these patches:

 ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.5/common/015_mpi.patch
 ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.6/common/009_mpi.patch
 ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.7/common/002_mpi.patch

 Reading and writing is quite slow. When I use I/O intensive applications
like
 squid, machine dies within next 30 minutes.

I applied the patch in this way:
cvsup -g -L2 /etc/cvsup
patch -p1  009_mpi.patch
rebuild the kernel
reboot

10240 bytes transferred in 15.936 secs (6425378 bytes/sec)
10240 bytes transferred in 16.173 secs (6331465 bytes/sec)
10240 bytes transferred in 16.004 secs (6398081 bytes/sec)

Writing speed is still the same.

Which information do you need to analyze the problem?

Florian

# dmesg
OpenBSD 4.6-stable (FWNODE) #1: Mon May 10 11:59:56 CEST 2010
r...@xx.arri.de:/usr/src/sys/arch/i386/compile/FWNODE
cpu0: Intel(R) Xeon(R) CPU E5410 @ 2.33GHz (GenuineIntel 686-class) 2.33
GHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,CX16,
xTPR
real mem  = 3757338624 (3583MB)
avail mem = 3648577536 (3479MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 03/03/09, BIOS32 rev. 0 @ 0xf0010,
SMBIOS rev. 2.4 @ 0xfccd0 (69 entries)
bios0: vendor American Megatrends Inc. version 1ADQW060 date 03/03/2009
bios0: Sun Microsystems SUN FIRE X4150
acpi0 at bios0: rev 2
acpi0: tables DSDT FACP APIC SPCR MCFG SSDT OEMB HPET TCPA SSDT EINJ BERT ERST
HEST
acpi0: wakeup devices SPE4(S1) SPE2(S1) SPE1(S5) P8PC(S5) P0P1(S1) UAR1(S5)
P0P5(S1) P0P6(S1) P0P7(S1) NPE4(S5) NPE5(S5) NPE6(S5) NPE7(S5) USB0(S1)
USB1(S1) USB2(S1) USB3(S1) EUSB(S1) BR1E(S5) OPH1(S5) SLPB(S4)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: apic clock running at 332MHz
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Intel(R) Xeon(R) CPU E5410 @ 2.33GHz (GenuineIntel 686-class) 2.33
GHz
cpu1:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,CX16,
xTPR
cpu2 at mainbus0: apid 2 (application processor)
cpu2: Intel(R) Xeon(R) CPU E5410 @ 2.33GHz (GenuineIntel 686-class) 2.33
GHz
cpu2:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,CX16,
xTPR
cpu3 at mainbus0: apid 3 (application processor)
cpu3: Intel(R) Xeon(R) CPU E5410 @ 2.33GHz (GenuineIntel 686-class) 2.33
GHz
cpu3:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,CX16,
xTPR
ioapic0 at mainbus0: apid 4 pa 0xfec0, version 20, 24 pins
ioapic1 at mainbus0: apid 5 pa 0xfec8, version 20, 24 pins
acpihpet0 at acpi0: 14318179 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 1 (NPE2)
acpiprt2 at acpi0: bus 2 (SPE4)
acpiprt3 at acpi0: bus -1 (SPE2)
acpiprt4 at acpi0: bus 3 (SPE1)
acpiprt5 at acpi0: bus 4 (P8PC)
acpiprt6 at acpi0: bus 15 (P0P1)
acpiprt7 at acpi0: bus -1 (P0P5)
acpiprt8 at acpi0: bus -1 (P0P6)
acpiprt9 at acpi0: bus -1 (P0P7)
acpiprt10 at acpi0: bus 7 (NPE4)
acpiprt11 at acpi0: bus 8 (NPE5)
acpiprt12 at acpi0: bus 9 (NPE6)
acpiprt13 at acpi0: bus 13 (NPE7)
acpiprt14 at acpi0: bus 14 (P0P4)
acpiprt15 at acpi0: bus 0 (BR1E)
acpicpu0 at acpi0: C3, C2, C1, PSS
acpicpu1 at acpi0: C3, C2, C1, PSS
acpicpu2 at acpi0: C3, C2, C1, PSS
acpicpu3 at acpi0: C3, C2, C1, PSS
acpibtn0 at acpi0: SLPB
acpibtn1 at acpi0: PWRB
bios0: ROM list: 0xc/0x6800 0xc6800/0x1000 0xc7800/0x1000 0xc8800/0x5c00
0xce800/0x1000 0xcf800/0x1000 0xd0800/0x1000 0xd1800/0x1000
ipmi at mainbus0 not configured
cpu0: Enhanced SpeedStep 2328 MHz: speeds: 2336, 2003 MHz
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 0 function 0 Intel 5000P Host rev 0xb1
ppb0 at pci0 dev 2 function 0 Intel 5000 PCIE rev 0xb1
pci1 at ppb0 bus 1
ppb1 at pci1 dev 0 function 0 Intel 6321ESB PCIE rev 0x01
pci2 at ppb1 bus 2
ppb2 at pci2 dev 0 function 0 Intel 6321ESB PCIE rev 0x01
pci3 at ppb2 bus 3
ppb3 at pci2 dev 2 function 0 Intel 6321ESB PCIE rev 0x01
pci4 at ppb3 bus 4
em0 at pci4 dev 0 function 0 Intel PRO/1000 PT (80003ES2) rev 0x01: apic 4
int 18 (irq 11), address 00:23:8b:41:ba:4e
em1 at pci4 dev 0 function 1 Intel PRO/1000 PT (80003ES2) rev 0x01: apic 4
int 19 (irq 5), address 00:23:8b:41:ba:4f
ppb4 at pci1 dev 0 function 3 Intel 6321ESB PCIE-PCIX rev 0x01
pci5 at ppb4 bus 5
ppb5 at pci0 dev 3 function 0 Intel 5000 PCIE rev 0xb1
pci6 at ppb5 bus 6
ppb6 at pci0 dev 4 function 0 Intel 5000 PCIE x8 rev 0xb1
pci7 at ppb6 bus 7
mpi0 at pci7 

Hang booting kernel 4.5 on i386 system.

[Andrew Back]

Hello,

I have a system which hangs if I try to boot bsd or bsd.rd from 4.6 or
4.7-current, but which works with 4.5. The system is a small form factor
firewall box - a Fabiatech FX5621. I've attached the output of dmesg and
lspci from when running the generic 4.5 kernel. When attempting to boot a
more recent kernel the output gets only as far as:

pci0 at mainbus0 bus 0: configuration mode 1 (bios)
mem address conflict 0xe000/0x1000

Let me know if I need to submit this via sendbug(1).

Regards,

Andrew

-- 
Andrew Back
mailto:and...@osmosoft.com
http://carrierdetect.com
OpenBSD 4.5 (RAMDISK_CD) #1112: Sat Feb 28 15:06:26 MST 2009
dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/RAMDISK_CD
cpu0: VIA Eden Processor 1000MHz (CentaurHauls 686-class) 1 GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,CMOV,PAT,CFLUSH,ACPI,MMX,FXSR,SSE,SSE2,TM,SBF,SSE3,EST,TM2,xTPR
real mem  = 502886400 (479MB)
avail mem = 47984 (457MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 01/16/09, BIOS32 rev. 0 @ 0xf0010, SMBIOS 
rev. 2.5 @ 0xfc390 (47 entries)
bios0: vendor American Megatrends Inc. version 080014 date 01/16/2009
acpi at bios0 function 0x0 not configured
mpbios at bios0 function 0x0 not configured
pcibios0 at bios0: rev 3.0 @ 0xf/0x1
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf5780/336 (19 entries)
pcibios0: no compatible PCI ICU found: ICU vendor 0x1106 product 0x3287
pcibios0: Warning, unable to fix up PCI interrupt routing
pcibios0: PCI bus #130 is the last bus
bios0: ROM list: 0xc/0xfe00 0xd/0x1000 0xd1000/0x1000 0xd2000/0x1000 
0xd3000/0x1000
cpu0 at mainbus0: (uniprocessor)
cpu0: RNG AES AES-CTR SHA1 SHA256 RSA
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 0 function 0 VIA CN700 Host rev 0x00
pchb1 at pci0 dev 0 function 1 VIA CN700 Host rev 0x00
pchb2 at pci0 dev 0 function 2 VIA CN700 Host rev 0x00
pchb3 at pci0 dev 0 function 3 VIA PT890 Host rev 0x00
pchb4 at pci0 dev 0 function 4 VIA CN700 Host rev 0x00
pchb5 at pci0 dev 0 function 7 VIA CN700 Host rev 0x00
ppb0 at pci0 dev 1 function 0 VIA VT8377 AGP rev 0x00
pci1 at ppb0 bus 1
vga1 at pci1 dev 0 function 0 VIA S3 Unichrome PRO IGP rev 0x01
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
rl0 at pci0 dev 9 function 0 Realtek 8139 rev 0x10: irq 10, address 
00:04:a7:08:93:b5
rlphy0 at rl0 phy 0: RTL internal PHY
rl1 at pci0 dev 10 function 0 Realtek 8139 rev 0x10: irq 11, address 
00:04:a7:08:93:b4
rlphy1 at rl1 phy 0: RTL internal PHY
rl2 at pci0 dev 11 function 0 Realtek 8139 rev 0x10: irq 5, address 
00:04:a7:08:93:b3
rlphy2 at rl2 phy 0: RTL internal PHY
rl3 at pci0 dev 12 function 0 Realtek 8139 rev 0x10: irq 3, address 
00:04:a7:08:93:b2
rlphy3 at rl3 phy 0: RTL internal PHY
pciide0 at pci0 dev 15 function 0 vendor VIA, unknown product 0x5287 rev 
0x20: DMA (unsupported), channel 0 configured to native-PCI, channel 1 
configured to native-PCI
pciide0: using irq 11 for native-PCI interrupt
pciide0: channel 0 ignored (not responding; disabled or no drives?)
pciide0: channel 1 ignored (not responding; disabled or no drives?)
pciide1 at pci0 dev 15 function 1 VIA VT82C571 IDE rev 0x07: DMA, channel 0 
configured to compatibility, channel 1 configured to compatibility
wd0 at pciide1 channel 0 drive 0: SAMSUNG HM160HC
wd0: 16-sector PIO, LBA48, 152627MB, 312581808 sectors
wd0(pciide1:0:0): using PIO mode 4, DMA mode 2
pciide1: channel 1 disabled (no drives)
uhci0 at pci0 dev 16 function 0 VIA VT83C572 USB rev 0x91: irq 10
ehci0 at pci0 dev 16 function 4 VIA VT6202 USB rev 0x90: irq 5
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 VIA EHCI root hub rev 2.00/1.00 addr 1
pcib0 at pci0 dev 17 function 0 VIA VT8251 ISA rev 0x00
pchb6 at pci0 dev 17 function 7 VIA VT8251 VLINK rev 0x00
ppb1 at pci0 dev 19 function 0 VIA VT8251 PCIE rev 0x00
pci2 at ppb1 bus 128
ppb2 at pci2 dev 0 function 0 VIA VT8251 PCIE rev 0x00
pci3 at ppb2 bus 130
et0 at pci3 dev 0 function 0 ATT/Lucent ET1310 rev 0x03: irq 10, address 
00:04:a7:05:9a:e0
etphy0 at et0 phy 0: ET1011 10/100/1000baseT PHY, rev. 2
ppb3 at pci2 dev 0 function 1 VIA VT8251 PCIE rev 0x00
pci4 at ppb3 bus 129
et1 at pci4 dev 0 function 0 ATT/Lucent ET1310 rev 0x03: irq 10, address 
00:04:a7:05:9a:e1
etphy1 at et1 phy 0: ET1011 10/100/1000baseT PHY, rev. 2
usb1 at uhci0: USB revision 1.0
uhub1 at usb1 VIA UHCI root hub rev 1.00/1.00 addr 1
isa0 at pcib0
isadma0 at isa0
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
biomask ffe5 netmask ffed ttymask 
rd0: fixed, 3800 blocks
softraid0 at root
PXE boot MAC address 00:04:a7:08:93:b5, interface rl0
root on rd0a swap on rd0b dump on rd0b
syncing disks... 
OpenBSD 4.5 (GENERIC) #1749: Sat Feb 28 14:51:18 MST 2009

Patching kernel to work around buggy ACPI BIOS

[Stefan Unterweger]

* Stefan Unterweger on Tue, May 04, 2010 at 12:43:22AM +0200:
 As far as I understood from some ancient [FreeBSD] mailinglist
 threads, in theory it should be possible to somehow do
 something such that the kernel loads patched ACPI tables which
 have those particular bugs corrected.

Finally I've found that particular post again, and have been able
to fix the broken DSDT to some extent. With some dirty patchwork
acpi_load_dsdt now loads my custom table, and `shutdown -p -h`
succeeds in turning off the machine, without any more warnings.

A few questions'd remain, though:

- I don't suppose that there would be some official point in
  the ACPI driver where such workarounds would belong? The code
  looks clear enough to me, but I speak neither enough C nor
  ACPI to be sure...

- The patch seems almost too easy to me, but I'm not yet made
  that much progress in learning C. With all that memcpy going
  around, I have the uneasy feeling that I might be introducing
  some nasty memory holes...

The patch is against 4.6-release, since that's the version I was
planning to put on the machine.


Regards,
  s//un



--- acpi.c.orig Tue May 11 18:07:10 2010
+++ acpi.c  Tue May 11 17:59:56 2010
@@ -48,6 +48,8 @@
 #define APMDEV_NORMAL  0
 #define APMDEV_CTL 8
 
+#include custom_dsdt.h
+
 #ifdef ACPI_DEBUG
 int acpi_debug = 16;
 #endif
@@ -889,6 +891,11 @@
}
memcpy((*dsdt)-q_data, handle.va, len);
(*dsdt)-q_table = (*dsdt)-q_data;
+
+   /* 5AEb+sk: Override the Tyan Tiger S2466's corrupt DSDT */
+   printf(Trying to override broken DSDT table...\n);
+   (*dsdt)-q_table = (struct acpi_table_header *)AmlCode;
+
acpi_unmap(handle);
}
 }

Serious problems with current since end of april, related to scsi controllers (Adaptec/LSILogic)

[Ulrich Kahl]

Hi!

Since end of april, sorry I don't have a more precise date, one of my
systems has serious problems.
It can't boot sucessfully with a Adaptec controller anymore, the first
sign is that it can't find one library, e.g. libc or libz, and later
the hard disks transfer rate can't established and the system freezes. See
the first dmesg.

After switching the controller to a LSILogic one, the system boots
correctly, but (presumly) under higher disk io load the system panics,
syncing my local cvs repository with cvsync in this case. See second
dmesg and trace output.

Does someone else encounter similar problems?

If you need further information, please drop me a note.


Ulrich


First dmesg 

 OpenBSD/i386 BOOT 3.02
boot
booting hd0a:/bsd: 7181376+1055428 [52+365600+349966]=0x889bdc
entry point at 0x200120

[ using 715992 bytes of bsd ELF symbol table ]
Copyright (c) 1982, 1986, 1989, 1991, 1993
The Regents of the University of California.  All rights reserved.
Copyright (c) 1995-2010 OpenBSD. All rights reserved.  http://www.OpenBSD.org

OpenBSD 4.7-current (GENERIC.MP) #560: Wed Apr 28 11:55:01 MDT 2010
dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC.MP
RTC BIOS diagnostic error 13memory_size
cpu0: Intel Pentium III (GenuineIntel 686-class) 1 GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE
real mem  = 2146988032 (2047MB)
avail mem = 2069180416 (1973MB)
RTC BIOS diagnostic error 13memory_size
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 08/16/00, BIOS32 rev. 0 @ 0xfd8b0, SMBIOS 
rev. 2.3 @ 0xe0010 (76 entries)
bios0: vendor Phoenix Technologies Ltd. version ID.W2.02US date 08/16/2000
bios0: Hewlett-Packard HP VISUALIZE NT Workstation
acpi0 at bios0: rev 0
acpi0: tables DSDT FACP APIC BOOT
acpi0: wakeup devices PCI0(S4) USB0(S1) LAN0(S4) KBC_(S1) COMA(S1) PCI1(S4)
acpitimer0 at acpi0: 3579545 Hz, 32 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 1 (boot processor)
cpu0: apic clock running at 132MHz
cpu1 at mainbus0: apid 0 (application processor)
cpu1: Intel Pentium III (GenuineIntel 686-class) 1 GHz
cpu1: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE
ioapic0 at mainbus0: apid 2 pa 0xfec0, version 11, 16 pins
ioapic1 at mainbus0: apid 3 pa 0xfec01000, version 11, 16 pins
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 2 (PCI1)
acpicpu0 at acpi0
acpicpu1 at acpi0
acpibtn0 at acpi0: PWRB
bios0: ROM list: 0xc/0x8000 0xc8000/0x1000 0xc9000/0x5400 0xe/0x4000!
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 0 function 0 ServerWorks CNB20HE Host rev 0x22
ppb0 at pci0 dev 0 function 1 ServerWorks CNB20LE Host rev 0x01
pci1 at ppb0 bus 1
vga1 at pci1 dev 0 function 0 Matrox MGA G200 AGP rev 0x03
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
Hewlett-Packard Visualize FX2 rev 0x80 at pci1 dev 1 function 0 not configured
pchb1 at pci0 dev 0 function 2 ServerWorks CNB20HE Host rev 0x00
pchb2 at pci0 dev 0 function 3 ServerWorks CNB20HE Host rev 0x00
pci2 at pchb2 bus 2
ahc0 at pci2 dev 2 function 0 Adaptec AHA-29160 U160 rev 0x02: apic 3 int 8 
(irq 11)
scsibus0 at ahc0: 16 targets, initiator 7
sd0 at scsibus0 targ 0 lun 0: SEAGATE, ST373405LC, 0002 SCSI3 0/direct fixed
sd0: 70007MB, 512 bytes/sec, 143374741 sec total
sd1 at scsibus0 targ 1 lun 0: SEAGATE, ST373405LW, HPA4 SCSI2 0/direct fixed
sd1: 70007MB, 512 bytes/sec, 143374738 sec total
fxp0 at pci0 dev 7 function 0 Intel 8255x rev 0x08, i82559: apic 3 int 10 
(irq 10), address 00:30:6e:0a:c3:1d
inphy0 at fxp0 phy 1: i82555 10/100 PHY, rev. 4
clcs0 at pci0 dev 8 function 0 Cirrus Logic CS4280/46xx CrystalClear rev 
0x01: apic 3 int 11 (irq 5)
ac97: codec id 0x43525903 (Cirrus Logic CS4297 rev 3)
ac97: codec features headphone, 18 bit DAC, 18 bit ADC, No 3D Stereo
piixpm0 at pci0 dev 15 function 0 ServerWorks OSB4 rev 0x50: polling
iic0 at piixpm0
piixpm0: exec: op 1, addr 0x20, cmdlen 1, len 1, flags 0x08: timeout, status 
0x5BUSY,DEVERR
iic0: addr 0x20 00=00 01=00 02=00 03=02 04=04 05=04 06=04 07=06 08=08 09=08 
0a=08 0b=0a 0c=0c 0d=0c 0e=0c 0f=0e 10=10 11=10 12=10 13=12 14=14 15=14 16=14 
17=16
18=18 19=18 1a=18 1b=1a 1c=1c 1d=1c 1e=1c 1f=1e 20=20 21=20 3e=3e 48=48 4a=48 
4e=4e fc=fc fe=fe words 00= 01= 02= 03= 04= 05= 06= 
07=
pciide0 at pci0 dev 15 function 1 ServerWorks OSB4 IDE rev 0x00: DMA
atapiscsi0 at pciide0 channel 1 drive 0
scsibus1 at atapiscsi0: 2 targets
cd0 at scsibus1 targ 0 lun 0: MITSUMI, CD-ROM FX4830T!B, R02J ATAPI 5/cdrom 
removable
cd0(pciide0:1:0): using PIO mode 4, DMA mode 2, Ultra-DMA mode 2
ohci0 at pci0 dev 15 function 2 ServerWorks OSB4/CSB5 USB rev 0x04: apic 2 
int 9 (irq 9), version 1.0, legacy support
usb0 at ohci0: USB revision 1.0
uhub0 at usb0 ServerWorks OHCI root hub rev 1.00/1.00 addr 1
isa0 at mainbus0
isadma0 at isa0
com0 

Re: Hardware for a PF box

[Chris Smith]

On Tue, May 11, 2010 at 2:56 AM, Lars Nooden lars.cura...@gmail.com wrote:
 You answered your own question. ;) B Look at the 'action' field explanation
 in the manual page for syslog.conf(5)

Maybe I'm missing something:

I can send normal syslog data to a remote logging server without
writing log files but not PF log entries - there is no entry in
syslog.conf for pflog. There's a neat trick listed here:
http://www.openbsd.org/faq/pf/logging.html but the PF logs first have
to be written locally to a the pflog file. The concern is repeated
writing to the SSD or CF which apparently tends to shorten their life.

If PF could write directly to syslog this problem would be ameliorated.

Chris

Re: Patching kernel to work around buggy ACPI BIOS

[Owain Ainsworth]

On Tue, May 11, 2010 at 06:27:20PM +0200, Stefan Unterweger wrote:
 * Stefan Unterweger on Tue, May 04, 2010 at 12:43:22AM +0200:
  As far as I understood from some ancient [FreeBSD] mailinglist
  threads, in theory it should be possible to somehow do
  something such that the kernel loads patched ACPI tables which
  have those particular bugs corrected.
 
 Finally I've found that particular post again, and have been able
 to fix the broken DSDT to some extent. With some dirty patchwork
 acpi_load_dsdt now loads my custom table, and `shutdown -p -h`
 succeeds in turning off the machine, without any more warnings.
 
 A few questions'd remain, though:
 
 - I don't suppose that there would be some official point in
   the ACPI driver where such workarounds would belong? The code
   looks clear enough to me, but I speak neither enough C nor
   ACPI to be sure...
 
 - The patch seems almost too easy to me, but I'm not yet made
   that much progress in learning C. With all that memcpy going
   around, I have the uneasy feeling that I might be introducing
   some nasty memory holes...
 
 The patch is against 4.6-release, since that's the version I was
 planning to put on the machine.
 
 
 Regards,
   s//un
 
 
 
 --- acpi.c.orig   Tue May 11 18:07:10 2010
 +++ acpi.cTue May 11 17:59:56 2010
 @@ -48,6 +48,8 @@
  #define APMDEV_NORMAL0
  #define APMDEV_CTL   8
  
 +#include custom_dsdt.h

I assume you forgot to cvs add the custom_dsdt.h header there.

-0-
-- 
Celebrate Hannibal Day this year.  Take an elephant to lunch.

Re: Sendmail performance and OpenBSD

[Owain Ainsworth]

On Tue, May 11, 2010 at 09:55:18AM -0400, Steve Shockley wrote:
 On 5/9/2010 11:28 PM, Claus Assmann wrote:
 PS: you might want to run some of those disk I/O benchmarks
 to determine the number of IOPs your system can provide.
 
 Thanks, everyone, for your help.  I followed Nick's advice and went
 in the server room to watch the lights, and they're really not
 blinken that much.  I had expected them to be on constantly.
 
 I tried running bonnie -s 1024 while watching the output of iostat.
 The iostat -w 5 -d output at rest (relaying mail, LA 0.9-1.5) is
 8-16 KB/t, 0-15 t/s, 0.01-0.10 MB/s.  During the run it seemed to
 max out at ~10 MB/s on writes and ~32 MB/s on reads.
 
 I also ran Jeff Ross' first dd test:
 
  jr...@varley:/var/postgresql $ sudo time dd if=/dev/zero of=big_file
  bs=8k count=1024000
  1024000+0 records in
  1024000+0 records out
  8388608000 bytes transferred in 276.573 secs (30330468 bytes/sec)
  276.60 real 0.17 user 60.39 sys
 
 # time dd if=/dev/zero of=big_file bs=8k count=1024000
 1024000+0 records in
 1024000+0 records out
 8388608000 bytes transferred in 204.444 secs (41031301 bytes/sec)
 3m25.64s real 0m0.57s user 0m49.42s system
 
 So, I got slightly better performance out of these 10k disks.
 iostat said I was doing about 20mb/sec.  I'll have to run the
 /dev/null test later so my users don't yell at me about delayed
 emails.
 
 I have no milters running.  I do have TLS enabled, but I wouldn't
 think that'd have an impact on a 3 GHz machine, and if it did I'd
 expect high CPU use.  I'll keep looking, but at this point I'm
 thinking I'm not disk bound.
 
 For completeness, bioctl and dmesg pasted below.  I'm running
 4.7-stable with patch 004.  The dmesg says it's a Smart Array 64xx,
 but I'm pretty sure it's a 6i, if that matters.

Look at top, do you have particularly high cpu usage due to interrupts?

-0-
-- 
In seeking the unattainable, simplicity only gets in the way.
-- Epigrams in Programming, ACM SIGPLAN Sept. 1982

Re: Hardware for a PF box

[Martin Pelikán]

2010/5/11, Chris Smith obsd_m...@chrissmith.org:
 Maybe I'm missing something:

You might want something like this:
# mkdir /var/log/rd ; chmod 700 /var/log/rd ; chown _pflogd:_pflogd
/var/log/rd
# echo 'pflogd_flags=-f /var/log/rd/pflog '  /etc/rc.conf.local
# echo 'swap /var/log/rd/ mfs rw,nodev,nosuid,-s=67108864 0 0'  /etc/fstab
# mount /var/log/rd/
# pkill pflogd ; sleep 1 ; pflogd -f /var/log/rd/pflog

Filesystems in RAM are extremely handy, but make sure the remote
logging works, because umount makes the data disappear - see mfs(8).
Does anyone know neater solution?

--
Martin PelikC!n, Steadynet
Jabber: sztor...@jabber.cz
web: http://cap.potazmo.cz/

Asking for donation: dead laptop replacement

[Robert Nagy]

Hello everyone,

It seems this is not a lucky month of developers because my laptop
went kaputt the other day (something has probably burned in it.)
Fortunately all of my data is safe because the hdd was not damaged,
but currently i am not in the financial state of buying a new laptop
myself.
If someone has a spare laptop that can be donated or if people can help
me out with some smallish donations, that'd be greatly appriciated.
I was looking around and it seemd i can get a decent Thinpad in between
800-1000 EUR. So if you can donate a couple of coins please paypal me
at rob...@openbsd.org.
Of course if i have the needed amount or a laptop offer itself I will
write an email to the list or paypal back the money.

Thank you very much in advance.

Re: Asking for donation: dead laptop replacement: completed

[Robert Nagy]

Hello again,

Ok this was very fast :) the donation is actually complete.
Thank you!

On (2010-05-11 20:07), Robert Nagy wrote:
 Hello everyone,
 
 It seems this is not a lucky month of developers because my laptop
 went kaputt the other day (something has probably burned in it.)
 Fortunately all of my data is safe because the hdd was not damaged,
 but currently i am not in the financial state of buying a new laptop
 myself.
 If someone has a spare laptop that can be donated or if people can help
 me out with some smallish donations, that'd be greatly appriciated.
 I was looking around and it seemd i can get a decent Thinpad in between
 800-1000 EUR. So if you can donate a couple of coins please paypal me
 at rob...@openbsd.org.
 Of course if i have the needed amount or a laptop offer itself I will
 write an email to the list or paypal back the money.
 
 Thank you very much in advance.

Re: Hardware for a PF box

[Lars Nooden]

On Tue, 11 May 2010, Chris Smith wrote:
...http://www.openbsd.org/faq/pf/logging.html but the PF logs first have 
to be written locally to a the pflog file.


Or you can pipe to logger(1) directly or go via a FIFO

/Lars

fdisk and bootable flag

[stupidmail4me]

I have a machine with / on wd0.

I'm creating a RAID 1 setup using softraid on wd1 and wd2.

The instructions are great, except I'm having a problem with fdisk. Using fdisk 
-iy wd1, it creates one partition, great. But it's bootable, which is causing 
my machine to hang on boot. Yes, I know you'd usually switch which hard drive 
to start up in the BIOS, but the BIOS on my machine sucks. Unlike Linux fdisk, 
there's no a option to toggle the bootable flag.

Anyone know how to edit the default MBR record so fdisk -iy creates one 
partition with no bootable flag, or how to unset the bootable flag?

Re: fdisk and bootable flag

[Thomas Pfaff]

On Tue, 11 May 2010 12:34:28 -0700 (PDT)
stupidmail4me stupidmail...@yahoo.com wrote:
 
 Anyone know how to edit the default MBR record so fdisk -iy creates
 one partition with no bootable flag, or how to unset the bootable flag?


I think the following should do it:

fdisk: 1 flag partition 0

I suppose the man page should mention that this operation can take on
a second operand.

Re: fdisk and bootable flag

[Joachim Schipper]

On Tue, May 11, 2010 at 12:34:28PM -0700, stupidmail4me wrote:
 I have a machine with / on wd0.
 
 I'm creating a RAID 1 setup using softraid on wd1 and wd2.
 
 The instructions are great, except I'm having a problem with fdisk. Using 
 fdisk -iy wd1, it creates one partition, great. But it's bootable, which is 
 causing my machine to hang on boot. Yes, I know you'd usually switch which 
 hard drive to start up in the BIOS, but the BIOS on my machine sucks. Unlike 
 Linux fdisk, there's no a option to toggle the bootable flag.
 
 Anyone know how to edit the default MBR record so fdisk -iy creates one 
 partition with no bootable flag, or how to unset the bootable flag?

Can't you flag some other, empty, partition as bootable? (flag 3)

Joachim

-- 
TFMotD: strxfrm (3) - transform a string under locale

Re: Hardware for a PF box

[Rod Whitworth]

On Tue, 11 May 2010 12:43:17 -0400, Chris Smith wrote:

On Tue, May 11, 2010 at 2:56 AM, Lars Nooden lars.cura...@gmail.com wrote:
 You answered your own question. ;) B Look at the 'action' field explanation
 in the manual page for syslog.conf(5)

Maybe I'm missing something:

I can send normal syslog data to a remote logging server without
writing log files but not PF log entries - there is no entry in
syslog.conf for pflog. There's a neat trick listed here:
http://www.openbsd.org/faq/pf/logging.html but the PF logs first have
to be written locally to a the pflog file. The concern is repeated
writing to the SSD or CF which apparently tends to shorten their life.

I have tried to kill a CF for years. For more than a year it was
running spamd with the most verbose logging possible and lots of other
read/writes the system could live without.

It is still going.

I suggest that you use CF and when upgrade time comes around you
program a new one and then have a halt-swap-reboot event and send me
the one you don't think has much life left. I'll try wearing it out for
you.

My clients have lost more hard drives last year (3) than CFs in my
lifetime (0) and I've been using them since they were exorbitantly
priced.

Some of that is good luck but they sure are not easily worn out.


*** NOTE *** Please DO NOT CC me. I am subscribed to the list.
Mail to the sender address that does not originate at the list server is 
tarpitted. The reply-to: address is provided for those who feel compelled to 
reply off list. Thankyou.

Rod/
---
This life is not the real thing.
It is not even in Beta.
If it was, then OpenBSD would already have a man page for it.

Re: Trying to set diskless(8) -- hanging in RPC timeout for server

[Fred Crowson]

On Tue, May 11, 2010 at 12:50 AM, Stefan Unterweger
stefan+open...@aleturo.com wrote:
 Hello!

 I'm trying to set up my server for diskless boots, as described
 in the diskless(8) manpage (at the moment, more or less mostly as
 an academic exercise, but I was planning to take my oldish
 laptops to some use this way).

 I went along the instructions from the manpage, setting up the
 various pieces as I was instructed; since I was already running
 a limited PXE boot environment so that I can do installs more
 rapidly, many of the steps were already done, having to setup
 only rarpd and nfs.

 However, when I now try to get the client actually to boot from
 this setup, it fails quite miserably when trying to mount the
 root filesystem via NFS. The kernel just hangs forever, printing
 RPC timeout for server 172.23.255.255 (0xac17) prog 10.

 After some research, I came up with an old posting from misc
 (http://archives.neohapsis.com/archives/openbsd/2004-01/0603.html),
 but without any solution. The problem described there is quite
 similar to the one I'm experiencing here, but without all the
 peculiarities that were used there (i.e., I'm using a stock
 4.6-release, stock-dhcpd, stock-everything). Especially, my
 client does the same thing as the Soekris in that old posting,
 i.e. trying to connect to the NFS server at the broadcast address
 172.23.255.255, instead of 172.23.12.2, which would be the real
 public address of the server. It _does_ connect to 172.23.12.2 on
 the original PXE bootstrap, but that might as well be because
 dhcpd tells it to do so, as far as I understood the process.

 Since the server also runs some other services, pf is running,
 which I first guessed might be the culprit. However, even with
 pass quick for everything coming from the particular client,
 nothing changes. tcpdump on the pflog-interface shows the sunrpc
 packets to be allowed, so I don't think that it is a PF issue.
 Disabling PF didn't change anything, for that matter.

 rpcinfo(8) shows everything up and running:
 | % rpcinfo -p
 |program vers proto   port
 | 102   tcp111  portmapper
 | 102   udp111  portmapper
 | 132   udp   2049  nfs
 | 133   udp   2049  nfs
 | 132   tcp   2049  nfs
 | 133   tcp   2049  nfs
 | 1000210   udp759  nlockmgr
 | 1000211   udp759  nlockmgr
 | 1000213   udp759  nlockmgr
 | 1000214   udp759  nlockmgr
 | 1000211   tcp776  nlockmgr
 | 1000213   tcp776  nlockmgr
 | 1000214   tcp776  nlockmgr
 | 1000241   udp992  status
 | 1000241   tcp726  status
 | 151   udp994  mountd
 | 153   udp994  mountd
 | 151   tcp   1011  mountd
 | 153   tcp   1011  mountd

 Especially the portmapper itself, as this one seems to be the
 service that the client seems unable to find. Or at least, that's
 how I interpret the prog 10 which scrolls continuously on
 the client's error message.

 I have already tried to have tcpdump have a look at what's going
 on, but unfortunately, I don't see very much in its output:
 | $ tcpdump -n -s 140 -i em0 host 172.23.13.138
 | tcpdump: listening on em0, link-type EN10MB
 | 01:29:31.853178 172.23.13.138.718  172.23.255.255.111: udp 96
 | 01:29:36.853392 172.23.13.138.718  172.23.255.255.111: udp 96
 | 01:29:41.853479 172.23.13.138.718  172.23.255.255.111: udp 96
 (ad infinitum)

 As far as I see it, the client sends some UDP packet to the
 portmapper, but does not get any response.

 Since it looks like a RPC/NFS issue, I tried to see if normal
 NFS access would yield similar issues, so I had the same client
 try to connect from some Linux livecd thingie. This succeeded on
 the first try---hence, NFS seems to work, at least in general.
 However, the straightforward nfs mount did connect using
 172.23.13.2 (i.e., the real address of the server), not the
 broadcast address. Trying to do a mount to
 172.23.255.255:/export/client resulted in an error message,
 namely Network is unreachable, but no blip comes up at the
 tcpdump above which was still running at this time, so it might
 as well have been Linux who won't allow to connect NFS on
 the broadcast address.

 The previously mentioned old mailinglist posting mentioned that
 rpc.bootparamd'd be needed, but starting it or not does not make
 any difference (and
http://www.netbsd.org/docs/network/netboot/intro.i386.html
 kind of implies that rpc.bootparamd is not needed on i386, and
 the manpage actively discourages it).


 I'm now quite at a loss now, and don't know where to look
 anymore. I'm sure it's just some small thing that I'm still
 overlooking, or some interoperatibility issue with some parts of
 that setup, but I don't know where to look anymore.

 Thanks in advance for any hints, or for just having the patience
 to read through to the end. :o)

 s//un

Hi,

What 

Re: Trying to set diskless(8) -- hanging in RPC timeout for server

[Stefan Unterweger]

* Fred Crowson on Tue, May 11, 2010 at 10:43:09PM +0100:
 What does your dhcpd.conf look like on your server?

I have several subnets served via DHCP, so I have reported only
the relevant one together with the global options:

| server-name Neu-Sorpigal;
| option domain-name intranet.aleturo.com;
| default-lease-time 86400;
| 
| shared-network wired {
| option domain-name wired.intranet.aleturo.com;
| option domain-name-servers 172.23.12.2;
| option netbios-name-servers 172.23.12.2;
| option routers 172.23.12.2;
| 
| filename pxeboot;
| next-server 172.23.12.2;
| option root-path /export/client/;
| 
| subnet 172.23.0.0 netmask 255.255.0.0 {
| allow unknown-clients;
| range 172.23.13.128 172.23.13.254;
| }
| }

I've added the options next-server and root-path just now,
since I've seen mention of it in pxeboot(8). Prior to that, only
the filename directive was there. Everything else however,
including the tcpdumps, is not impressed by that.

 It might be worth having -vv and -X on your tcpdump it might provide
 more info as to the problem.

I didn't include the dump from phase 2, where pxeboot and the
kernel are served by tftp and whatelse, since that's an insane
amount of data. This tcpdump was started just before the kernel
tried to connect to NFS, that is, before the second burst.

| $ tcpdump -X -vv -n -s 160 -i em0 host 172.23.13.138
| tcpdump: listening on em0, link-type EN10MB
| 00:19:48.612571 rarp reply 00:00:e2:87:e8:76 at 172.23.13.138
|   : 0001 0800 0604 0004 000e 0c06 be26 ac17  ,.
|   0010: 0c02  e287 e876 ac17 0d8ab.hv,...
| 
| 00:19:48.613207 arp who-has 172.23.13.138 tell 172.23.13.138
|   : 0001 0800 0604 0001  e287 e876 ac17  ..b.hv,.
|   0010: 0d8a    ac17 0d8a    ,...
|   0020:          ..
| 
| 00:19:48.630322 172.23.13.138.718  172.23.255.255.111: [udp sum ok] udp 96 
(ttl 64, id 65499, len 124)
|   : 4500 007c ffdb  4011 14dd ac17 0d8a  E..|...@..],...
|   0010: ac17  02ce 006f 0068 eac4 90ad 0bca  ,..N.o.hjD.-.J
|   0020:    0002 0001 86a0  0002  ... 
|   0030:  0005  0001  0014    
|   0040:          
|   0050:     0001 86ba  0001  ...:
|   0060:  0001  0014  0001  00ac  ...,
|   0070:  0017  000d  008a
| 
| 00:19:49.620480 172.23.13.138.718  172.23.255.255.111: [udp sum ok] udp 96 
(ttl 64, id 60019, len 124)
|   : 4500 007c ea73  4011 2a45 ac17 0d8a  E..|j...@.*e,...
|   0010: ac17  02ce 006f 0068 eac4 90ad 0bca  ,..N.o.hjD.-.J
|   0020:    0002 0001 86a0  0002  ... 
|   0030:  0005  0001  0014    
|   0040:          
|   0050:     0001 86ba  0001  ...:
|   0060:  0001  0014  0001  00ac  ...,
|   0070:  0017  000d  008a
| 
| 00:19:51.620513 172.23.13.138.718  172.23.255.255.111: [udp sum ok] udp 96 
(ttl 64, id 63711, len 124)
|   : 4500 007c f8df  4011 1bd9 ac17 0d8a  E..|x...@..y,...
|   0010: ac17  02ce 006f 0068 eac4 90ad 0bca  ,..N.o.hjD.-.J
|   0020:    0002 0001 86a0  0002  ... 
|   0030:  0005  0001  0014    
|   0040:          
|   0050:     0001 86ba  0001  ...:
|   0060:  0001  0014  0001  00ac  ...,
|   0070:  0017  000d  008a
| 
| 00:19:54.620566 172.23.13.138.718  172.23.255.255.111: [udp sum ok] udp 96 
(ttl 64, id 635, len 124)
|   : 4500 007c 027b  4011 123e ac17 0d8a  E..|@..,...
|   0010: ac17  02ce 006f 0068 eac4 90ad 0bca  ,..N.o.hjD.-.J
|   0020:    0002 0001 86a0  0002  ... 
|   0030:  0005  0001  0014    
|   0040:          
|   0050:     0001 86ba  0001  ...:
|   0060:  0001  0014  0001  00ac  ...,
|   0070:  0017  000d  008a
| 
| 00:19:58.620632 172.23.13.138.718  172.23.255.255.111: [udp sum ok] udp 96 
(ttl 64, id 40174, len 124)
|   : 4500 007c 9cee  4011 77ca ac17 0d8a  E..|@.wj,...
|   0010: ac17  02ce 006f 0068 eac4 90ad 0bca  ,..N.o.hjD.-.J
|   0020:    0002 0001 86a0  0002  ... 
|   0030:  0005  0001  0014    
|   0040:          
|   0050:     0001 

Re: Why left asymmetric layout for RAID 5?

[Matthew Dempsky]

On Tue, May 11, 2010 at 7:09 AM, Marco Peereboom sl...@peereboom.us wrote:
 Sure, but why?

 What are we gaining?

So to be clear, I wasn't as much saying softraid *should* switch.  I
was just casually reading the code, saw the comment about left
asymmetric layout, and so I started investigating what that meant and
what the other options were.

I've found very little documentation explaining the technical merits
of the different layouts, except that symmetric layouts have slightly
more even distribution of contiguous data stripes across the array.
(E.g., for a 3-disk RAID 5 array, with a symmetric layout, every 3
contiguous data stripes will have one stripe on each disk, while an
asymmetric layout sometimes 3 contiguous data stripes will only be
distributed across two of the three disks.)

It's perhaps not a significant difference (and unfortunately, I don't
have the hardware to test), but as I haven't found any analogous
mention of advantages (even weak ones) for an asymmetric layout, I was
just curious why one was chosen and thought I'd ask.

Re: openfile advice / clarification

[Keith]

Thanks for reply, it was the openfiles-cur that had been causing us 
problems. I've upped the limit so something like 1 and everything 
seems fine now

.
Thanks
Keith

On 07/05/2010 01:25, Stuart Henderson wrote:

On 2010-05-06, Keithke...@scott-land.net  wrote:
   

Hi, I am having trouble increasing the openfile limit in a default
install of OpenBSD 4.6 x64 from the default setting of 128 to say 5000.
I want to run Pound (reverse http proxy)  stably without it stopping at
random times (Always seems to be the weekend) and to do that I need to
crank up the openfile limit. I think Pound runs with the following
account settings Type=deamon, user = _pound , group= _pound
 

If you start it from a shell, it uses the class for the account you've
logged in as.

If you start it from /etc/rc.local, unless you do something with su or
sudo, it uses the class daemon.

So you need to adjust openfiles-cur for the class of the account you're
starting it from. If starting it from a shell, make sure you use a new
login shell after adjusting this.

   

I know that if I do a ulimit -n 1  the limit get's set at maximum of
7030. I don't know if doing this change effects other users and I am
pretty sure it doesn't survive a reboot.
 

This limit is from kern.maxfiles sysctl. Either adjust it with sysctl(8)
or edit sysctl.conf and reboot to change this.

   

I've done sysctl kern.maxfiles=3000 for example but if I do a ulimit
 

This is lowering things from the default (7030), at least on i386
and amd64.

Relayd on localhost with multiple SSL Certificates

[Keith]

Hi. is it possible to get multiple http relayd relays listening on 
localhost each with a different port # and each with a different ssl 
certificate ?


I've followed a tutorial I found on the net about setting up a firewall 
up so that no services we bound to any network interfaces and then using 
pf rdr's to pass say https traffic to localhost where you have relayd 
listening and let it do the ssl decryption. So if pf failed for some 
reason then there would be no services available for anyone to connect to !


I've got this setup working for http and a single https certificate just 
now and it seems to be working fine but I need to be able to host 
multiple SSL Certificates. If seems that the certificate appears to need 
to be named after the IP  that it's listening on and this is going to 
cause issues as there's only one 127.0.0.1 I think.


Our current setup consists of a pair of firewalls running openbsd, carp, 
pf and relayd. Currently the carp interface has just one IP but we will 
assign others to as we free up the other IP addresses in our range.


I guess it's not the best idea to do the ssl offloading on the firewall 
so in the future when another  server becomes available I will probably 
want it to do the SSL decryption. I guess if we do that we could just 
get the new server a number of IP addresses and let relayd listed on 
each of them with the SSL certs named after each IP.  (If that makes sense)


Could anyone give me some advice plz ?

Thanks
Keith

Re: Sendmail performance and OpenBSD

[Steve Shockley]

On 5/11/2010 1:11 PM, Owain Ainsworth wrote:

Look at top, do you have particularly high cpu usage due to interrupts?


Thanks for the idea, but the interrupts in top are close to zero, in 
fact both CPUs are generally over 90% idle.

Re: nested vlans: safe to use?

[Steve Shockley]

On 5/11/2010 8:22 AM, Michal wrote:

First of all, how will you connect from home to the data center? Normal
household broadband? Can't do VLAN's over that.


Wouldn't a VPN bridge solve that problem?

http://openvpn.net/bridge.html

Re: nested vlans: safe to use?

[Stuart Henderson]

On 2010-05-11, Toni Mueller openbsd-m...@oeko.net wrote:
 Hi,

 I've been trying to figure out whether I can use OpenBSD in a nested
 vlan scenario. I'm looking at a data centre where I want to get two
 wires, each carrying several vlans, and funneling them home across a
 WAN link. Various switch vendors claim to be able to do it, but I
 couldn't really figure out what the current state of affairs wrt.
 OpenBSD is. On the other side of the wires or fibres, I'll be talking
 to Junipers, Ciscos (6509), and/or Foundy switches and/or routers on
 the other side(s).

 The desired setup looks like this:

   data centre LAN --- switch --- WAN --- home (OpenBSD)

 I want to run at least three vlans across the WAN link, and need to
 keep the vlans strictly separated.

First talk to your wan provider, they might either be able to allocate
you a couple of vlans that they'll carry for you, or do QinQ (i.e. you
feed the provider plain vlans, and they appear directly at the other
side).

But then again they might be like one I've used which *strips* tags!

In-tree, there is the option of 'ifconfig vlanXXX vlandev vlanYYY which
might get you somewhere. This uses the same ethertype on inner and
outer vlans and doesn't interoperate with other vendors vlan stacking,
but you might be able to do something with it (or maybe you'll just
confuse your providers switches).

There's also a diff at 
http://www.mail-archive.com/misc@openbsd.org/msg65694.html
that switches ethertype so you can interoperate with other vendors QinQ (it
will need updating for -current).

But usually you just feed plain vlans to the wan provider and they handle
translation or stacking..

I also need to do traffic shaping on
 a per-vlan basis.

This does seem to work but I'm under the impression that queueing
should be done on the physical interface (vlandev).

Re: SAS RAID Controller of SunFire X4150 causes trouble

[Stuart Henderson]

On 2010-05-11, Schafhauser, Florian fschafhau...@arri.de wrote:
 Am 07.05.2010 11:35, schrieb Stuart Henderson:
 On 2010-05-06, Schafhauser, Florian fschafhau...@arri.de wrote:
 Hello,

 the RAID Controller causes trouble with OpenBSD 4.5 and 4.6.

 First off, for mpi(4) you want one of these patches:

 ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.5/common/015_mpi.patch
 ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.6/common/009_mpi.patch
 ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.7/common/002_mpi.patch

 Reading and writing is quite slow. When I use I/O intensive applications
 like
 squid, machine dies within next 30 minutes.

 I applied the patch in this way:
 cvsup -g -L2 /etc/cvsup
 patch -p1  009_mpi.patch
 rebuild the kernel
 reboot

 10240 bytes transferred in 15.936 secs (6425378 bytes/sec)
 10240 bytes transferred in 16.173 secs (6331465 bytes/sec)
 10240 bytes transferred in 16.004 secs (6398081 bytes/sec)

 Writing speed is still the same.

This won't help writing speed but it would be very interesting to
know if it does anything to help with the freezes.



 Are you sure about reading being slow? That speed seems about right
 for write-cache being disabled on the volume.


 http://old.nabble.com/Re%3A-HP-DL140-G3%2C-mpi%284%29-SAS1068-%28hotplug%29%2
 C-slow-disk-writes.-p17059402.html

This (i.e. running the raid vendor's tool under linux and enabling
write-cache for the array) might help writing speed.

Virtual domains/users setup with smtpd.

[Daniel Ouellet]

Hi,

I am very much hoping that I could get the input of a kind sole out 
there, or even to send me a working configuration is find. But I spend 
the last three days on/off to try to get the virtual alias/domains 
working on smtpd and I can't get there.


I read the man page no less the 20 times, google and all. Eve saw the 
changes in alias done a few days, ago. 13 now.


Even the latest fix here:

http://www.mail-archive.com/misc@openbsd.org/msg90204.html

Or the few example here:

https://calomel.org/opensmtpd.html

I try on 4.5, 4.7 and after the fix posted 13 days ago, I did try on 
current as well.


I even empty a bottle of wine tonight to calm me down as I hit the wall 
a few times and I am getting upset. May be I don't understand the 
english as it should be, but for me, there is something missing in the 
man page that I can't break yet.


I try no less then may be 100 variation on possible, and very unlikely 
possibility to get this working, but I cant get there.


I set up two servers to test, one with 4.5 one with current and even 
test on 4.6 a few times.


I strip to the minimum, but frankly, I hit the wall. It got to be the 
most stupid missing details, but please any help would be great. I can't 
figure it out with the docs I read so far and believe me I read a hell 
of a lots so far.


Below is what I understand, I guess at this time that should work as 
writing all that I tried would be way to long.


What am I missing?

Here are the details:

Now tested on current on sparc 64.

I have multiple domains for testing and ll.

All DNS are ok.

I see the incoming right.

I get constant errors at the receiving end:

May 11 21:07:45 spamtrap smtpd[24488]: 1273626465.PixuMJ6IS1qoctUk: 
from=dan...@presscom.net, relay=smtp1.realconnect.com [66.63.3.242], 
stat=LocalError (530 5.0.0 Recipient rejected: dan...@opensipd.com)


I can deliver local mail to local user on that box.

I try to setup virtual users on that box, or virtual users forwarded to 
remote address as well for testing.


That I can't get there.

Putting anything in /etc/mail/aliases and doing the newalias will not do it.

The simplest configuration as I understand it based on the man page and 
I even removed any tls stuff as well to keep it simple should be:


mail to root@ the hostname will work, no problem.

I create the virtual.db file with a single line as follow:

# cat virtual
dan...@opensipd.com: dan...@presscom.net

makemap -t aliases -o /etc/mail/virtual.db /etc/mail/virtual

the smtpd.conf have this:

listen on lo0
listen on dc0

map aliases { source db /etc/mail/aliases.db }
map virtual { source db /etc/mail/virtual.db }

accept for all relay
accept from all for local deliver to mbox
accept for domain opensipd.com alias virtual deliver to mbox

But the above isn't right and give configuration errors.

Even if the man page suggest it should be possible;

for domain domain [alias map]
  This rule applies to mail destined for the specified
  domain.  This parameter supports the `*' wildcard, so
  that a single rule for all sub-domains can be used, for
  example:

  accept for domain *.example.com deliver to mbox

  If specified, map is used for looking up alternative
  destinations for addresses in this domain.


May be I don't understand that part properly.

Anyway, putting:

accept from all for domain opensipd.com alias virtual deliver to mbox

give errors as well.

accept from all for virtual virtual deliver to mbox

give no success either.

even f there isn't any error at the start.

I still get the :

530 5.0.0 Recipient rejected: dan...@opensipd.com

Even trying this for a test;

accept from all for virtual virtual relay

will not go.

Or this;

accept from all for domain virtual deliver to mbox

no error at startup, but still no go.

Anyway, I got a very long list of variation and all kind of trial and 
nothing works for me so far.


Please anyone can tell me what actually works in a step by step as long 
like what ever I read just do not give me the answer and I am at a lost 
to get it going.


It got to very very stupid and I am sure I will beat myself over the 
head when it's working, but I can't get it, or understand the man page 
properly.


Some small details is definitely missing for me to get it and may be a 
very small additional example in the man page might help lost sole like me.


Anyone have a small amount of time to graciously offer me to light my 
candle here?


Best,

Daniel

PS; I didn't put all the variation I tried in the last three days as 
many were just plan stupid, but I tried anyway just in case. I just 
can't get there.

vamos pôr toda a gente a falar da sua página web

[Info Mail website na hora]

se nco conseguir visualizar correctamente o contezdo deste e-mail, por
favor, clique aqui

INICIAR
Apresentamos as solugues certas para comegar a sua presenga na web em
grande estilo.
De uma forma que nco vai passar despercebida a ninguim.

RENOVAR
Juntamos a criatividade ` tecnologia para despertar a sua comunicagco.
As nossas solugues vco voltar a coloca-lo online com o Mundo.

INOVAR
Criamos conceitos adaptados `s suas necessidades e gostos pessoais.
Aconselhamos sempre as melhores solugues para maximizar o seu
investimento.

Para mais informagues, contacte-nos:

AVISO



De acordo com a legislagco internacional que regulamenta o correio
electrsnico, Secgco 301, paragrafo (a)(2)(c) Decreto S 1618, tmtulo
terceiro aprovado pelo 105 Congresso Base Das Normativas Internacionais
Sobre Spam diz o seguinte: O email nco podera ser considerado SPAM
quando incluir uma forma do receptor ser removido da lista. Se por algum
acaso o seu nome esta inclumdo nesta lista por erro ou gostaria de ser
removido desta lista, por favor clique aqui
Esta mensagem (incluindo quaisquer anexos) pode conter informagco
confidencial ou legalmente protegida para uso exclusivo do destinatario.
Se nco for o destinatario pretendido da mesma, nco devera usar, copiar,
distribuir ou revelar o seu contezdo (incluindo quaisquer anexos) a
terceiros, sem autorizagco. Se recebeu esta mensagem por engano, por
favor informe o emissor por e-mail e elimine-a imediatamente. Obrigado. A
transmissco de mensagens via e-mail nco pode ser considerada protegida ou
isenta de erros uma vez que a informagco podera ser interceptada,
corrompida, perdida, destrumda, chegar ao destino com atraso ou conter
vmrus. Assim, o remetente nco podera ser responsabilizado por quaisquer
erros ou omissues.

Using PF to NAT IPSec connections when network segments overlap (redux)

[Toby Burress]

A while back I was wondering if there was a good way to deal with
overlapping network addresses in OpenBSD when setting up site-to-site
VPNs.

At the time the best solution I could find was just to use relayd (which
iirc is now called something else), which works but isn't pretty.

I've since found a much better solution, and I want to write it down here
so that the next guy doesn't have to spend a day tearing his hair out.

First: if you're using a recent version of OpenBSD,
and the other side is as well, you may as well try
http://www.undeadly.org/cgi?action=articlesid=20090127205841
I haven't, but it looks like a neat solution.

In my case, the opposite end of the link is using a Juniper NetScreen,
and my firewall is OpenBSD 4.3.

I mostly followed the guide here:
http://fixunix.com/bsd/87865-nat-ipsec-openbsd-pf-isakmpd.html, which
works generally but is wrong in a few particulars.

In my case, my company bought another company and we needed to merge
networks.  Unfortunately, the remote company used 192.168.10.0/24,
which was the network on our end that we needed to share.

What we did was, the remote end picked an unused network (192.168.14.0/24)
and I picked another unused network (192.168.15.0/24).  We then set up
ipsec to set up the flows:

  ipsec.conf:

ike active esp from 192.168.15.0/24 to 192.168.14.0/24 \
  local a.a.a.a peer b.b.b.b \
  main auth hmac-sha1 enc 3des group modp1024 \
  quick auth hmac-sha1 enc 3des group none \
  psk keykeykey

(can I just say, by the way, how awesome ipsec.conf is?  because it is)

Now, as in the guide, we're going to route through lo1 and perform our
natting on that interface.  However, we do *not* want to assign any IP
from the 192.168.15.0/24 network to lo1.  This is because we want packets
coming in from the enc0 interface to get routed back out of the OpenBSD
box, which will not happen if OpenBSD thinks it's the destination for
that packet.

We do this by assigning lo1 an IP that is completely unrelated to anything
else we're doing.  Fortunately rfc1918 is generous.  I took 192.168.99.1
because I didn't really expect this to work when I tried it.  It would
be trivial to move out of 192.168/16 altogether, I suppose, but it's
even more trivial to leave it where it is:

# ifconfig lo1 create
# ifconfig lo1 inet 192.168.99.1/32
# route add 192.168.14.0/24 192.168.99.1
# route add 192.168.15.0/24 192.168.99.1

The first route sends packets headed for the IPSec link over lo1, where
they will have their source address rewritten.  The second rule forces
packets over lo1 again, where the proper address is restored.

Finally, add the binat rule in pf.conf, and do your firewalling.
If you're having trouble, see whether you have `set skip on lo0` or just
`lo`.  You want the former.  I pass all traffic to my NAT address and
apply the firewall rules after the NAT when they are checked leaving
the lo1 interface:

  pf.conf:
binat on lo1 inet from 192.168.10.0/24 to 192.168.14.0/24 - 192.168.15.0/24
pass on lo1 from any to 192.168.15.0/24
pass on lo1 proto tcp from any to 192.168.10.37 port 80

If everything's working, you should be able to follow packets from the
internal interface (bge0, in my case) over lo1, into enc0, and out the
external (bge1).

Let me know if you find any errors.  I'm not on the list, so please cc me.

Re: Relayd on localhost with multiple SSL Certificates

[Daniel Ouellet]

On 5/11/10 8:05 PM, Keith wrote:

Hi. is it possible to get multiple http relayd relays listening on
localhost each with a different port # and each with a different ssl
certificate ?


SSL certificate are host name bound, not port bound isn't it?

So, I would say no, but I could be wrong.

Re: Relayd on localhost with multiple SSL Certificates

[Bryan Irvine]

On Tue, May 11, 2010 at 5:05 PM, Keith ke...@scott-land.net wrote:
 Hi. is it possible to get multiple http relayd relays listening on
localhost
 each with a different port # and each with a different ssl certificate ?

 I've followed a tutorial I found on the net about setting up a firewall up
 so that no services we bound to any network interfaces and then using pf
 rdr's to pass say https traffic to localhost where you have relayd
listening
 and let it do the ssl decryption. So if pf failed for some reason then
there
 would be no services available for anyone to connect to !

 I've got this setup working for http and a single https certificate just
now
 and it seems to be working fine but I need to be able to host multiple SSL
 Certificates. If seems that the certificate appears to need to be named
 after the IP  that it's listening on and this is going to cause issues as
 there's only one 127.0.0.1 I think.

 Our current setup consists of a pair of firewalls running openbsd, carp, pf
 and relayd. Currently the carp interface has just one IP but we will assign
 others to as we free up the other IP addresses in our range.

 I guess it's not the best idea to do the ssl offloading on the firewall so
 in the future when another  server becomes available I will probably want
it
 to do the SSL decryption. I guess if we do that we could just get the new
 server a number of IP addresses and let relayd listed on each of them with
 the SSL certs named after each IP.  (If that makes sense)

 Could anyone give me some advice plz ?

I can't think of a situation where what you describe doesn't sound
wacky.  Maybe I misunderstand the intentions, can you link the
'tutorial'?

Also, to do more than 1 SSL site you will just need to add another IP
that coresponds with the cert.  Maybe 'ifconfig lo1 127.0.0.2' is
enough?

-Bryan

Re: Hardware for a PF box

[Bryan Vyhmeister]

On May 11, 2010, at 17:18, Rod Whitworth glis...@witworx.com wrote:

 On Tue, 11 May 2010 12:43:17 -0400, Chris Smith

 I have tried to kill a CF for years. For more than a year it was
 running spamd with the most verbose logging possible and lots of other
 read/writes the system could live without.

 It is still going.

 I suggest that you use CF and when upgrade time comes around you
 program a new one and then have a halt-swap-reboot event and send me
 the one you don't think has much life left. I'll try wearing it out for
 you.

 My clients have lost more hard drives last year (3) than CFs in my
 lifetime (0) and I've been using them since they were exorbitantly
 priced.

 Some of that is good luck but they sure are not easily worn out.

I'd have to agree there. I had one CF fail after three years of heavy DNS
logging and I had a brand new card fail immediately as well. I've had many
more times the hard drives fail.

I would also suggest looking at the flashrd project.

http://www.nmedia.net/flashrd/

I just recently started using it on some individual firewalls as well as
several clusters. The whole point of the setup is to mount everything possible
as read only and the rest to mfs.

Bryan

Re: Sendmail performance and OpenBSD

[Claus Assmann]

On Tue, May 11, 2010, Steve Shockley wrote:

 I also ran Jeff Ross' first dd test:

Sorry, but that's almost completely irrelevant for an MTA.  The
important part for an MTA is IOPs. An MTA has to open/write/close/sync
queue files at a high rate, which means the number of FS meta
operations is important. You can look at postfix's fsstone, or the
perf/ subdirectory of the MeTA1 distribution for test programs.
Unfortunately OpenBSD's FS isn't the fastest for this kind of
operations but it is more than fast enough for your requirements
(unless something is wrong with the disk driver or your setup).

You might want get Nick Christenson's book about sendmail performance
tuning (http://www.jetcafe.org/npc/book/sendmail/) for a lot of insight.

PMS DE MÉXICO LE INVITA: SEMINARIO DE PAGO DE IMPUESTOS PARA NO FISCALISTAS

[Lic. lenadra Padilla]

Estrategias Efectivas para el manejo de

 Impuestos para No Fiscalistas 

20 de Mayo de 2010 MC)xico D.F.

PMS de MC)xico B. le presenta este vital seminario, sin duda el pago de
impuestos es un tema de suma importancia, este seminario le permite
conocer de la mano de un experto los alcances y obligaciones fiscales con
las que nos regimos y como presentarlas.

Beneficios para usted:

-El participante conocerC! las bases legales de las contribuciones e
impuestos aplicables a las empresas y a las personas fCsicas. 

-ConocerC! las principales obligaciones fiscales que tienen las empresas
y personas, las fechas en que debe cumplirlas asC como la forma de
atender los requerimientos De las autoridades fiscales. 

-EntenderC! los aspectos generales para el cC!lculo del Impuesto al Valor
Agregado y su acreditamiento. 

-AplicarC! los conocimientos adquiridos en este curso para proceder al
llenado de las declaraciones anuales y provisionales que correspondan al
presente curso.

Dirigido a:

Empresarios, Comerciantes, Contadores, subcontadores y asistentes
contables de las empresas, abogados, economistas, y todo personal
relacionado al pago de impuestos.

Ventajas de asistir a nuestro seminario:

Es la forma mC!s efectiva para mantenerse a la vanguardia, le brindara
estrategias aplicables en su organizaciC3n, y una excelente
retroalimentaciC3n con los asistentes de diferentes empresas.

DuraciC3n: 10 Horas de entrenamiento.  

B!Promociones Especiales para Grupos!

Solicite mC!s informes responda este correo electrC3nico con los
siguientes datos.

Empresa:

Nombre:

TelC)fono:

Email:

NC:mero de Interesados:

Y en breve le haremos llegar la informaciC3n completa del evento.

O bien comunCquense a nuestros telC)fonos un ejecutivo con gusto le
atenderC!

Tels. (33) 8851-2365, (33)8851-2741, (33)3125-4658.

Este Mensaje ha sido enviado a misc@openbsd.org como usuario de Pms de
MC)xico o bien un usuario le refiriC3 para recibir este boletCn.

Como usuario de Pms de MC)xico, en este acto autoriza de manera expresa
que Pms de MC)xico le puede contactar vCa correo electrC3nico u otros
medios.

Si usted ha recibido este mensaje por error, haga caso omiso de el y
reporte su cuenta respondiendo este correo con el subject BAJAIMPUESTOS
Unsubscribe to this mailing list, reply a blank message with the subject
UNSUBSCRIBE BAJAIMPUESTOS Tenga en cuenta que la gestiC3n de nuestras
bases de datos es de suma importancia y no es intenciC3n de la empresa la
inconformidad del receptor.

Re: OpenBSD does not detect connection ( no carrier ) to ASMI52 Leased Line modem

[Siju George]

On Tue, May 11, 2010 at 3:21 PM, Stuart Henderson s...@spacehopper.org wrote:
 Did you 'ifconfig iface up'? Some NICs show link before this is
 done, others do not.



Ok :-)

# ifconfig rl2 up
# ifconfig rl2
rl2: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
lladdr 00:0b:5d:4c:5b:30
priority: 0
media: Ethernet autoselect (none)
status: no carrier
inet6 fe80::2e0:4dff:fe06:2b68%rl2 prefixlen 64 scopeid 0x3
inet 132.181.20.26 netmask 0xfffc broadcast 132.181.20.27

does not seem to work :-(

Thanks for the reply Stuart :-)

--Siju

İGED AKADEMİ: YÖNETİCİ ASİSTANLIĞI - (SERTİFİKALI)

[İstanbul Genç İşadamları Derneği]

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

Re: OpenBSD does not detect connection ( no carrier ) to ASMI52 Leased Line modem

[Siju George]

On Tue, May 11, 2010 at 3:33 PM, Reyk Floeter r...@openbsd.org wrote:

 You might have auto-negotiation problems, try to force a different
 mode.  i guess that 100 full-duplex should work.  also try to use a
 cable that is at least 2m long.

 # ifconfig em0 media 100baseTx mediaopt full-duplex

 or to list the available options for your NIC:

 # ifconfig em0 media


Thanks Reyk for the reply :-)

I tried it

# ifconfig rl2 media 100baseTx mediaopt full-duplex
# ifconfig rl2
rl2: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
lladdr 00:0b:5d:4c:5b:30
priority: 0
media: Ethernet 100baseTX full-duplex
status: no carrier
inet6 fe80::2e0:4dff:fe06:2b68%rl2 prefixlen 64 scopeid 0x3
inet 132.181.20.26 netmask 0xfffc broadcast 132.181.20.27
# ifconfig rl2 media
rl2: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
lladdr 00:0b:5d:4c:5b:30
priority: 0
media: Ethernet 100baseTX full-duplex
status: no carrier
supported media:
media 10baseT
media 10baseT mediaopt full-duplex
media 100baseTX
media 100baseTX mediaopt full-duplex
media autoselect
inet 132.181.20.26 netmask 0xfffc broadcast 132.181.20.27

 Whatis amazing for me is that it can be connected to a laptop but not
 to a desktop computer?
 It connects to a Windows XP laptop and I can connect to the internet
 but it will not show link up if I connect it to a Windows XP desktop
 or a linux desktop or my OpenBSD firewall.


 try to figure out the link speed that windows is using to connect to
 the modem.  but i don't know a way to figure out the duplex state on
 windows.


Ok will do that and try with a longer cable as you said :-)

 The ISP told us that it should be given to some device like fortigate

 you should change the ISP for giving such a misleading advise.


They made my Boss purchase a Netgear Wireless-G 54 Router ( while I was away
)

http://www.netgear.com/Products/RoutersandGateways/WirelessGRouters/WGR614.as
px

and now I am asked to give the connection from the Leased Line modem
directly to it and keep it in between the OpenBSD firewall and leased
line modem. This setup works. I dont know what is special about the
net gear device but I wonder what is special about the Laptop NICs (
differrent from the desktop NICs ) so that they show the link up ?

Thanks Reyk :-)

--Siju

Broadcast behavior in 4.7 [Was: Re: Trying to set diskless(8) -- hanging in RPC timeout for server]

[Pascal Lalonde]

I just happened to run into the same issue right after upgrading to 4.7
(however, you mention 4.6, so I'm uncertain we're dealing with the same
cause).

Basically, the issue I'm seeing is that portmap/rpc.bootparamd don't see
the incoming packets for 172.16.255.255 (my own network being
172.16.5.0/25, so broadcast is 172.16.5.127).

There were some changes made to sys/netinet/in.c, especially rev 1.56.

As far as I know, the diskless machine cannot learn its netmask through
RARP, so will assume a netmask based on the class of the network the
machine is in, hence the 172.16.255.255 broadcast. Before rev 1.56 of
netinet/in.c, it seems the kernel would accept broadcasts for the
broadcast address associated to your network class. Or at least that's
the behavior I observe when running portmap -d. After updating to 1.56
and up, portmap/rpc.bootparamd don't see the requests for
172.16.255.255.

As a workaround, I succeeded by either keeping a 4.6 kernel around to
answer the bootparam requests, or forcing a broadcast address of
172.16.255.255 on the bootparamd server. Not particularly clean, but it
did the trick.

As for a permanent fix, I am unsure. I don't know of any way other than
RARP to do diskless in OpenBSD, at least on i386/amd64.

Any thoughts?

--
Pascal



On Wed, May 12, 2010 at 12:30:39AM +0200, Stefan Unterweger wrote:
 * Fred Crowson on Tue, May 11, 2010 at 10:43:09PM +0100:
  What does your dhcpd.conf look like on your server?

 I have several subnets served via DHCP, so I have reported only
 the relevant one together with the global options:

 | server-name Neu-Sorpigal;
 | option domain-name intranet.aleturo.com;
 | default-lease-time 86400;
 |
 | shared-network wired {
 | option domain-name wired.intranet.aleturo.com;
 | option domain-name-servers 172.23.12.2;
 | option netbios-name-servers 172.23.12.2;
 | option routers 172.23.12.2;
 |
 | filename pxeboot;
 | next-server 172.23.12.2;
 | option root-path /export/client/;
 |
 | subnet 172.23.0.0 netmask 255.255.0.0 {
 | allow unknown-clients;
 | range 172.23.13.128 172.23.13.254;
 | }
 | }

 I've added the options next-server and root-path just now,
 since I've seen mention of it in pxeboot(8). Prior to that, only
 the filename directive was there. Everything else however,
 including the tcpdumps, is not impressed by that.

  It might be worth having -vv and -X on your tcpdump it might provide
  more info as to the problem.

 I didn't include the dump from phase 2, where pxeboot and the
 kernel are served by tftp and whatelse, since that's an insane
 amount of data. This tcpdump was started just before the kernel
 tried to connect to NFS, that is, before the second burst.

 | $ tcpdump -X -vv -n -s 160 -i em0 host 172.23.13.138
 | tcpdump: listening on em0, link-type EN10MB
 | 00:19:48.612571 rarp reply 00:00:e2:87:e8:76 at 172.23.13.138
 |   : 0001 0800 0604 0004 000e 0c06 be26 ac17  ,.
 |   0010: 0c02  e287 e876 ac17 0d8ab.hv,...
 |
 | 00:19:48.613207 arp who-has 172.23.13.138 tell 172.23.13.138
 |   : 0001 0800 0604 0001  e287 e876 ac17  ..b.hv,.
 |   0010: 0d8a    ac17 0d8a    ,...
 |   0020:          ..
 |
 | 00:19:48.630322 172.23.13.138.718  172.23.255.255.111: [udp sum ok] udp
96 (ttl 64, id 65499, len 124)
 |   : 4500 007c ffdb  4011 14dd ac17 0d8a  E..|...@..],...
 |   0010: ac17  02ce 006f 0068 eac4 90ad 0bca  ,..N.o.hjD.-.J
 |   0020:    0002 0001 86a0  0002  ... 
 |   0030:  0005  0001  0014    
 |   0040:          
 |   0050:     0001 86ba  0001  ...:
 |   0060:  0001  0014  0001  00ac  ...,
 |   0070:  0017  000d  008a
 |
 | 00:19:49.620480 172.23.13.138.718  172.23.255.255.111: [udp sum ok] udp
96 (ttl 64, id 60019, len 124)
 |   : 4500 007c ea73  4011 2a45 ac17 0d8a  E..|j...@.*e,...
 |   0010: ac17  02ce 006f 0068 eac4 90ad 0bca  ,..N.o.hjD.-.J
 |   0020:    0002 0001 86a0  0002  ... 
 |   0030:  0005  0001  0014    
 |   0040:          
 |   0050:     0001 86ba  0001  ...:
 |   0060:  0001  0014  0001  00ac  ...,
 |   0070:  0017  000d  008a
 |
 | 00:19:51.620513 172.23.13.138.718  172.23.255.255.111: [udp sum ok] udp
96 (ttl 64, id 63711, len 124)
 |   : 4500 007c f8df  4011 1bd9 ac17 0d8a  E..|x...@..y,...
 |   0010: ac17  02ce 006f 0068 eac4 90ad 0bca  ,..N.o.hjD.-.J
 |   0020:    0002 0001 86a0  0002  ... 
 |   0030:  0005  0001  0014    

X exiting after update (inteldrm error)

[Alan R. S. Bueno]

Hi,

I'm not sure if misc@ is the right place to send this...

After update kernel + userland + X (yesterday, in the morning (here in
Brazil)... but with all the latest relevant changes in the trees src/
and xenocara/ applied), X exited (today, tonight, here in Brazil...
yeah! :) with the following error:


$ zcat /var/log/messages.0.gz
[...]
May 12 00:47:30 valinor /bsd: render error detected, EIR: 0x0010
May 12 00:47:30 valinor /bsd: page table error
May 12 00:47:30 valinor /bsd:   PGTBL_ER: 0x0002
May 12 00:47:30 valinor /bsd: render error detected, EIR: 0x0010
May 12 00:47:30 valinor /bsd: page table error
May 12 00:47:30 valinor /bsd:   PGTBL_ER: 0x0002
May 12 00:47:30 valinor /bsd: no reset function for chipset.
May 12 00:47:30 valinor /bsd: no reset function for chipset.
May 12 00:47:39 valinor /bsd: error: [drm:pid17835:inteldrm_lastclose]
*ERROR* failed to idle hardware: 5
[...]


After try to start X, the X exited again with the error:


$ zcat /var/log/messages.0.gz
[...]
May 12 00:56:35 valinor /bsd: error: [drm:pid28250:inteldrm_lastclose]
*ERROR* failed to idle hardware: 5
May 12 00:56:38 valinor /bsd: error:
[drm:pid28250:i915_gem_entervt_ioctl] *ERROR* Reenabling wedged
hardware, good luck
May 12 00:56:38 valinor /bsd: render error detected, EIR: 0x0010
May 12 00:56:38 valinor /bsd: page table error
May 12 00:56:38 valinor /bsd:   PGTBL_ER: 0x0002
May 12 00:56:38 valinor /bsd: render error detected, EIR: 0x0010
May 12 00:56:38 valinor /bsd: page table error
May 12 00:56:38 valinor /bsd:   PGTBL_ER: 0x0002
May 12 00:56:38 valinor /bsd: no reset function for chipset.
May 12 00:56:38 valinor /bsd: error:
[drm:pid6:i915_gem_evict_inactive] *ERROR* Pinned object in unbind
list
May 12 00:56:38 valinor /bsd: no reset function for chipset.
May 12 00:56:38 valinor /bsd: error:
[drm:pid6:i915_gem_evict_inactive] *ERROR* Pinned object in unbind
list
May 12 00:56:48 valinor /bsd: error: [drm:pid28250:inteldrm_lastclose]
*ERROR* failed to idle hardware: 5
[...]


After reboot the machine, X works again...

How-to-repeat: Well, the error occured only one time by now, but
maybe it can happen again... I was using mupdf-0.5 and
mozilla-firefox-3.6.3p1 (Google Images and cartoon...) when the error
occurred. Render error? Any connection with mupdf or firefox?

Bellow: dmesg, Xorg.0.log.old (when error happened), Xorg.0.log
(system running OK, while I'm typing this message...).


dmesg
=

OpenBSD 4.7-current (GENERIC) #0: Tue May 11 11:27:27 BRT 2010
r...@valinor.arda.net:/usr/obj/GENERIC
cpu0: Intel(R) Celeron(R) M CPU 520 @ 1.60GHz (GenuineIntel
686-class) 1.60 GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,TM,SBF,SSE3,MWAIT,DS-CPL,TM2,SSSE3,CX16,xTPR,PDCM
real mem  = 1063690240 (1014MB)
avail mem = 1020542976 (973MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 05/28/07, BIOS32 rev. 0 @
0xffa10, SMBIOS rev. 2.4 @ 0xf70b0 (61 entries)
bios0: vendor Dell Inc. version A06 date 05/28/2007
bios0: Dell Inc. Latitude D520
acpi0 at bios0: rev 0
acpi0: tables DSDT FACP HPET APIC MCFG SLIC SSDT SSDT
acpi0: wakeup devices LID_(S3) PBTN(S4) PCI0(S4) USB0(S0) USB1(S0)
USB2(S0) USB3(S0) EHCI(S0) AZAL(S3) PCIE(S4) RP01(S3) RP02(S4)
RP03(S3) RP04(S3) RP05(S3) RP06(S3)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpihpet0 at acpi0: 14318179 Hz
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: apic clock running at 132MHz
ioapic0 at mainbus0: apid 1 pa 0xfec0, version 20, 24 pins
ioapic0: misconfigured as apic 0, remapped to apid 1
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 2 (PCIE)
acpiprt2 at acpi0: bus 11 (RP01)
acpiprt3 at acpi0: bus 12 (RP02)
acpiprt4 at acpi0: bus -1 (RP03)
acpiprt5 at acpi0: bus -1 (RP04)
acpiprt6 at acpi0: bus -1 (RP05)
acpiprt7 at acpi0: bus -1 (RP06)
acpicpu0 at acpi0: C3, C2, C1
acpitz0 at acpi0: critical temperature 126 degC
acpiac0 at acpi0: AC unit online
acpibat0 at acpi0: BAT0 not present
acpibat1 at acpi0: BAT1 not present
acpibtn0 at acpi0: LID_
acpibtn1 at acpi0: PBTN
acpibtn2 at acpi0: SBTN
acpidock0 at acpi0: GDCK not docked (0)
acpivideo0 at acpi0: VID_
acpivout0 at acpivideo0: TV__
acpivout1 at acpivideo0: CRT_
acpivout2 at acpivideo0: LCD_
acpivout3 at acpivideo0: DVI_
acpivideo1 at acpi0: VID2
bios0: ROM list: 0xc/0xf000! 0xcf000/0x1000
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 0 function 0 Intel 82945GM Host rev 0x03
vga1 at pci0 dev 2 function 0 Intel 82945GM Video rev 0x03
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
intagp0 at vga1
agp0 at intagp0: aperture at 0xd000, size 0x1000
inteldrm0 at vga1: apic 1 int 16 (irq 11)
drm0 at inteldrm0
Intel 82945GM Video rev 0x03 at pci0 dev 2 function 1 not configured
azalia0 at pci0 dev 27 function 0 Intel 82801GB HD Audio rev 0x01:
apic 1 int 21 (irq 10)