Re: netword's wireless security settings - how to determine

[MERIGHI Marcus]

ted.unan...@gmail.com (Ted Unangst), 2011.02.18 (Fri) 01:27 (CET):
 On Thu, Feb 17, 2011 at 4:52 PM, Dmitrij D. Czarkoff czark...@gmail.com 
 wrote:
  On Thu, Feb 17, 2011 at 11:46:05AM +, Stuart Henderson wrote:
  Perhaps we think that the AP supports wpa2 but it is actually broken
  and only wpa1 works.
 
  We shouldn't as far as wpaprotos defaults to wpa1,wpa2, so wpa2 shouldn't 
  be
  tested if wpa1 succeeds.
 
 The man page says the opposite.  wpa2 is preferred if both are allowed.
 
A couple of times when access points claimed to do both wpa1 and wpa2 I
had no luck with them using wpa2 - but wpa1 worked like a charm. 

Re: netword's wireless security settings - how to determine

[Dmitrij D. Czarkoff]

On Thu, Feb 17, 2011 at 07:27:52PM -0500, Ted Unangst wrote:
 The man page says the opposite.  wpa2 is preferred if both are allowed.

Well, this seems to answer the question - OpenBSD sticks with wpa2 unless
explicitly told to do otherwise.

-- 
Dmitrij D. Czarkoff

Re: how to set an alias on a carp interface?

[Daniel Ouellet]

Think about it that way may be.

You want an alias IP's, not an alias subnet, so how do you enter a single IP? 
With a /32 subnet.



Actually I _do_ want to have alias subnets, as written before:


Why?


Please note that I would like to have 172.12.96.0/22,
but 172.12.101.0/24 and 172.12.126.0/24.


These subnets share the same physical line, but they have
different netmasks. If I would use

inet   172.12.96.5  255.255.252.0 NONE
inet alias 172.12.101.5 255.255.255.255 NONE
inet alias 172.12.126.5 255.255.255.255 NONE
- -inet6
group internal

as you suggested, then the netmask information is lost.


So, did you try it?

See I have for example:

# cat hostname.fxp0
inet 66.63.3.250 255.255.255.240 NONE
inet alias 66.63.40.19 255.255.255.255

Not in the same subnet at all, but address by the routing in front of it.

Alias are enter with /32.

Your network card is configure with the IP 172.12.96.5 and you want to 
have on the same network card the IP 172.12.101.5 and 172.12.126.5 
working right?


Then enter it with the /32 netmark. Not relevant what subnet it is in 
really. Make sure your router, or what ever in front of that box point 
these IP's to your box here.


It's possible that I do not understand your question may be, but unless 
I miss something really stupid here and that may be possible, just try 
it and you will have these IP's working on your box as long as obviously 
pf is configure to let that traffic going through right?


Alias do not need to be part of the same subnet to work.

At the price of making a fool of myself, witch wouldn't be the first 
time and most likely not the last either! If they need to be, that's 
news to me and I have been wrong for many years then. Sure possible, but 
as I said. I never did and I may have been wrong for many years...


Why would you need to keep the subnet mark to get them to work as alias 
on that box really?


It is also possible that I really don't understand your question too, 
but I guess based on what I put above that's what you try to do no?


If that's not the case, they simply ignore me and sorry for wasting your 
time.


Just try it.

Hope this help you never the less.

Daniel

Re: how to set an alias on a carp interface?

[Henning Brauer]

* Daniel Ouellet dan...@presscom.net [2011-02-18 11:15]:
 Alias are enter with /32.

huh? hell no.

 Your network card is configure with the IP 172.12.96.5 and you want
 to have on the same network card the IP 172.12.101.5 and
 172.12.126.5 working right?
 
 Then enter it with the /32 netmark. Not relevant what subnet it is
 in really. Make sure your router, or what ever in front of that box
 point these IP's to your box here.

NO!

 At the price of making a fool of myself, witch wouldn't be the first
 time and most likely not the last either! If they need to be, that's
 news to me and I have been wrong for many years then. Sure possible,
 but as I said. I never did and I may have been wrong for many
 years...

well, you have been wrong all the time then.

one IP per subnet with the real mask so there is a route, all others
with all-ones netmask.

-- 
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting

Re: Strange pf match

[m]

Thank you all very much for the help. I really appreciate it.
BR

--- On Wed, 2/16/11, Stuart Henderson s...@spacehopper.org wrote:

 From: Stuart Henderson s...@spacehopper.org
 Subject: Re: Strange pf match
 To: misc@openbsd.org
 Date: Wednesday, February 16, 2011, 11:39 PM
 On 2011-02-16, Henning Brauer lists-open...@bsws.de
 wrote:
  apparently you're not on tech... it's a bug and it's
 fixed. dunno
  wether it has been pulled to -stable yet.
 
 Yes, and errata are published for 4.7-4.8.
 
  * m mutimir2...@yahoo.com
 [2011-02-16 13:31]:
  Hi again,
  
  could someone please tell me how it's possible for
 a rule to match wrong dst address? Under what circumstances
 woult it match in that way? Do I have to rewrite all IPRange
 rules?
 
 When the addresses were being compared against the range
 (i.e. =
 the first address, = the second address), the addresses
 weren't
 changed from network to host byte order, so the comparison
 was
 incorrect on little-endian CPUs).
 
 As a workaround if you don't want to patch/reboot you can
 rewrite
 the rules to use single addresses or prefixes.
 
 In general I would recommend using an addressing scheme
 that lets
 you use prefixes rather than ranges (bitmask  simple
 equality check
 vs. less-than/greater-than comparisons against two
 addresses).

Is it worth upping the anty on SSH fingerprints

[Kevin Chadwick]

Various sources on the net say that even though md5 and sha1 are not
vulnerable to preimage attacks it would be prudent to raise the hash as
collision attacks suggest greater potential for preimage attacks. Are
preimage attempts beginning to get closer.

http://portal.acm.org/citation.cfm?id=1427259;

Fingerprint length and/or ascii representation may add work but is it
worth adding it to the todo list?

Re: how to set an alias on a carp interface?

[Indunil Jayasooriya]

 one IP per subnet with the real mask so there is a route, all others
 with all-ones netmask.

 Then, It is like this..


# cat
/etc/hostname.em0

inet 192.168.9.62 255.255.255.0
inet alias 192.168.9.63 255.255.255.255
inet alias 192.168.5.62 255.255.255.0
inet alias 192.168.5.63 255.255.255.255
inet alias 192.168.6.62 255.255.255.0
inet alias 192.168.6.63 255.255.255.255

your comments?





-- 
Thank you
Indunil Jayasooriya

Re: connecting ubt0 to a wireless audio

[Thomas Pfaff]

On Thu, 17 Feb 2011 11:37:34 -0600
Bryan bra...@gmail.com wrote:

 I have an MW600 from Sony Ericsson, that I can pair to my Droid, and
 the passcode is .  I recently picked up a SparkLAN WPEA-111N
 which attaches to ral(4) and ubt(4):
 
[...]
 
 After following these this:
 
 http://marc.info/?l=openbsd-miscm=124085846000680


Just for the record, this no longer works for me.  I get a hard lock or a
panic very shortly after bringing up the Bluetooth interface and trying to
communicate with it.  It used to work, though ;-(

Cheers,
Thomas.

Relayd Questions on past posts

[Steve]

Hi all,

Firstly, a past post has indicated that there is no benefit of relayd over pf
for external mappings to single machines on the lan. I would have thought a
relayed connection to an internal machine would have some security benefit
over a pf redirected connection. Is this the case ?

Secondly I am trying to use relayd to reverse proxy to multiple rails web
sites running on different ports on the local gateway. domain =1 will be on
port 3000 domain2 on 3001 etc. I am using multiple domain configurations like
these below changing the domain name and the appropriate port number in the
relay statement. All requests seem to be being directed to the final relay
statement and generating an incomplete request error in the debug log. A past
forum post has indicated that this capability is not available however this
structure seems made for it. Is it possible ? This server is currently running
4.5 but I can see nothing in the changelog to indicate any change with this.

With thanks for any assistance or info.

 http protocol domain1 {
header append $REMOTE_ADDR to X-Forwarded-For
header append $SERVER_ADDR:$SERVER_PORT to X-Forwarded-By
#   header change Connection to close
header expect www.domain1.com from Host

# Various TCP performance options
tcp { nodelay, sack, socket buffer 65536, backlog 128 }
}

relay domain1 {
# Run as a SSL accelerator
listen on $ext_addr port 80
protocol domain1
forward to 127.0.0.1 port 3000
}

Re: connecting ubt0 to a wireless audio

[Bryan]

On Thu, Feb 17, 2011 at 19:46, Jacob Meuser jake...@sdf.lonestar.org wrote:
 On Thu, Feb 17, 2011 at 12:33:51PM -0600, Bryan wrote:
 On Thu, Feb 17, 2011 at 11:37, Bryan bra...@gmail.com wrote:
  I have an MW600 from Sony Ericsson, that I can pair to my Droid, and
  the passcode is . B I recently picked up a SparkLAN WPEA-111N
  which attaches to ral(4) and ubt(4):
 

 Well hell, now all I'm getting is kernel panics when I run btconfig ubt0
up

 don't expect btsco(4) to work reliably, even if the bluetooth layer
 itself works. B btsco(4) uses audio_hw_if-start_{output,input}. B these
 can only work with realtime operating systems, since they require
 that the kernel fills the next audio buffer in an isr. B this means the
 isr needs to be run within microseconds of interrupt generation. B I've
 seen delays of over 100 ms between interrupt generation and isr
 execution with azalia(4) on MP systems. B using uaudio(4) on an MP
 system will give an idea of how bad this is (and uaudio actually does
 do some bufferring in the usb layer; btsco would be much worse).


Oh, okay, I see now.  Even it did work, it would have been awful...
I'll just buy an extension cable...

@jacob:  Did you receive my other e-mail?

Re: connecting ubt0 to a wireless audio

[David Coppa]

On Fri, Feb 18, 2011 at 3:36 PM, Thomas Pfaff tpf...@tp76.info wrote:

 Just for the record, this no longer works for me.  I get a hard lock or a
 panic very shortly after bringing up the Bluetooth interface and trying to
 communicate with it.  It used to work, though ;-(

http://www.openbsd.org/cgi-bin/cvsweb/src/sys/arch/i386/conf/GENERIC

Disable sbt and ubt devices. The bluetooth code will sometimes sleep while
holding locks, this is not allowed, and nobody has stepped up to fix this,
so better not lure people into using bluetooth devices.

Cheers,
David

hibernate function

[Orestes Leal R.]

does it exists?

Re: hibernate function

[Joachim Schipper]

On Fri, Feb 18, 2011 at 10:51:27AM -0600, Orestes Leal R. wrote:
 does it exists?

Not yet.

Joachim

-- 
PotD: converters/wv2 - library functions to access Microsoft Word/Excel files
http://www.joachimschipper.nl/

Re: rsu0 problem

[Gianluca D'Auri Muscelli]

On Fri, 18 Feb 2011 13:03:27 +0100
Hans Zimmerman h...@everlasting.be wrote:

 On Fri, 18 Feb 2011 02:58:52 +0100, Gianluca D'Auri Muscelli
 g...@email.it wrote:
  now when i sudo sh /etc/netstart rsu0
  rsu0.no link  sleeping
  and in console i look ' rsu0: could not send site survey command'
  my hostname.rsu0 is:
  dhcp NONE NONE NONE nwkey my_wep_password_clear_text chan 6
  or
  dhcp NONE NONE NONE nwid my_wii_name nwkey my_pass_cl_text chan 6
  ;(
 
  Do u know how i can resolve this problem??
  tks vvm

 I think I have the same problem, see pr 6534
 http://cvs.openbsd.org/cgi-bin/query-pr-wrapper?full=yesnumbers=6534

 I have not found a solution yet.

 Hans



I'v found a solution only to get my network with WAP encryption, this
card with WEP doesn't function, I try many many time!


--
Gianluca D'Auri Muscelli
g...@email.it
Fingerprint: 3A277FACD60A3D33388BC371F4548B69078A9A04


 ,(   ).
 | \,--_ / |
 /_  _  `  /
/-.,-.`\  _    _ _
\O|O  | |/ ___ \   |  _ \ / |  __ \
  (___)`--'_/   / /  / /___  ___   | |_) | (___ | |  | |
   `.__/`  /   / /  / / __ \/ _ \/ __ \|  _  \___ \| |  | |
 `.__,   ,/   / /__/ / /_/ /  __/ / / /| |_) |) | |__| |
  \_/ .___/\___/_/ /_/ |/|_/|_/
 ___/ /__
   /_/

[demime 1.01d removed an attachment of type application/pgp-signature which had 
a name of signature.asc]

rsu0 connection lost in one min.

[Gianluca D'Auri Muscelli]

Hi, now i can connect with my usb-wii-card rsu0 
with hostname.rsu0:
dhcp NONE NONE NONE nwid name_wii chan 6 wpakey my_wpa

but my connection be lost in one minutes...why???
thanks very mutch for help...

-- 
Gianluca D'Auri Muscelli
g...@email.it
Fingerprint: 3A277FACD60A3D33388BC371F4548B69078A9A04


 ,(   ). 
 | \,--_ / |  
 /_  _  `  / 
/-.,-.`\  _    _ _   
\O|O  | |/ ___ \   |  _ \ / |  __ \  
  (___)`--'_/   / /  / /___  ___   | |_) | (___ | |  | | 
   `.__/`  /   / /  / / __ \/ _ \/ __ \|  _  \___ \| |  | | 
 `.__,   ,/   / /__/ / /_/ /  __/ / / /| |_) |) | |__| |   
  \_/ .___/\___/_/ /_/ |/|_/|_/ 
 ___/ /__
   /_/   

Re: Dell R310 - H200 Raid performance problem

[Łukasz Czarniecki]

On 18.02.2011 07:57, David Gwynne wrote:
 this diff implements the disk cache ioctl handling in mpii so sd(4)
 can drive the change rather than have mpii(4) whack everything.
 modelled on the same functionality in mpi(4) and mikeb's code...
 
 could someone test this please?

It freezes on my system.

Last lines from dmesg are:

mpii0 at pci2 dev 0 function 0 Symbios Logic SAS2008 rev 0x02: apic 0
int 16 (irq 15)
scsibus0 at mpii0: 42 targets
sd0 at scsibus0 targ 1 lun0: Dell, Virtual Disk, 1028 SCSI4 0/direct fixed
sd0: 237824MB, 512 bytes/sec, 487063772 sec total

Lukasz

[demime 1.01d removed an attachment of type image/jpeg which had a name of 
20110218281.jpg]

Re: hibernate function

[Kevin Chadwick]

On Fri, 18 Feb 2011 16:17:25 +0100
Joachim Schipper wrote:

 On Fri, Feb 18, 2011 at 10:51:27AM -0600, Orestes Leal R. wrote:
  does it exists?
 
 Not yet.
 
   Joachim

Hibernate offers more integrity of user data but it's a lot less
secure, discounting the boot virus's like the one mentioned on P.
Hansteen's site that may? be hindered by power removal. (Anyone heard
more about those or how that one worked.)

http://bsdly.blogspot.com/2010/10/if-it-runs-openbsd-it-has-to-be.html;


I don't really see how hibernate could be done safely without all
systems having a TPM. Maybe a storage file in /var that only root can
access, but that's still a compromise.

flush global not killing states in pf

[Kapetanakis Giannis]

Hi,

The flush global directive in the following pf rule does not kill all
states of the offending host.

table abusive_hosts persist
block in quick log on $ext_if from abusive_hosts
block in
pass in quick on $ext_if proto tcp from 10.0.0.2 to ($ext_if) port
2000:2002 flags S/
SA keep state (tcp.first 15, tcp.closing 30, tcp.finwait 15, tcp.closed
15, max-src-conn 1
, overload abusive_hosts flush global)

I'm using nc to do this test
server# nc -l 2000
server# nc -l 2001

10.0.0.2# nc server 2000
10.0.0.2# nc server 2001 (connection blocked)

host 10.0.0.2 is added in abusive_hosts and rest of the connections
are blocked.

# pfctl -t abusive_hosts -vT show
10.0.0.2
Cleared: Fri Feb 18 19:17:12 2011

Feb 18 19:17:17.354147 rule 1/(match) block in on fxp0: 10.0.0.2.38283 
10.0.0.1.2001: P 2121540353:2121540363(10) ack 1359198395 win 92
nop,nop,timestamp 89238363 4104326239 (DF)

However the first connection (to port 2000) remains established and not
being flushed.
#pfctl -s states | grep 10.0.0.2

all tcp 10.0.0.1:2000 - 10.0.0.2:44923   ESTABLISHED:ESTABLISHED

Is it something I misused or don't understand correct?

regards,

Giannis
ps.  OpenBSD 4.8 GENERIC#0 i386

[demime 1.01d removed an attachment of type application/pkcs7-signature which 
had a name of smime.p7s]

Booting and radeon problems on ThinkPad SL510

[Pascal Stumpf]

Hi misc@,

I am too experiencing the booting problems described a few days ago for
the SL410. With the MP kernel, booting would sometines just stop at 
mtrr: Pentium Pro MTRR support,

forcing a hard reset of the machine. Other times it just works fine, not
following any apparent pattern.

How can I provide more info to debug this?

The second problem has already been reported multiple times. (Hardware
acceleration not working on some Radeon chips.) The corresponding PR is
user/6549, the symptoms are exactly as described there.

Maybe (?) related to that: Graphics are not resumed after suspend.
Xorg.0.log has lots of:

[607691.656] (EE) RADEON(0): Idle timed out, resetting engine...
[607691.875] (EE) RADEON(0): RADEONWaitForIdleCP: CP idle 16
[607691.875] (EE) RADEON(0): Idle timed out, resetting engine...
[607692.075] (EE) RADEON(0): RADEONWaitForIdleCP: CP idle 16
[607692.075] (EE) RADEON(0): Idle timed out, resetting engine...
[607692.275] (EE) RADEON(0): RADEONWaitForIdleCP: CP idle 16

messages after resume:
Feb 14 13:50:09 aias apmd: system resumed from APM sleep
Feb 14 13:50:09 aias /bsd: iwn0: RF switch: radio enabled
Feb 14 13:50:09 aias Tor[2339]: Your system clock just jumped 1436 seconds 
forward; assuming established circuits no longer work. 
Feb 14 13:50:09 aias Tor[2339]: Tried for 1470 seconds to get a connection to 
[scrubbed]:80. Giving up. (waiting for circuit) 
Feb 14 13:50:09 aias Tor[2339]: Tried for 1470 seconds to get a connection to 
[scrubbed]:80. Giving up. (waiting for circuit) 
Feb 14 13:50:10 aias /bsd: video0 detached
Feb 14 13:50:10 aias /bsd: uvideo0 detached
Feb 14 13:50:11 aias /bsd: uvideo0 at uhub1
Feb 14 13:50:11 aias /bsd:  port 6 configuration 1 interface 0 Chicony 
Electronics Co., Ltd. Integrated Camera rev 2.00/82.54 addr 2
Feb 14 13:50:11 aias /bsd: video0 at uvideo0
Feb 14 13:50:11 aias /bsd: ubt0 detached
Feb 14 13:50:11 aias /bsd: radeondrm0: wait idle failed status : 0xA0003028 
0x0002
Feb 14 13:50:14 aias last message repeated 14 times
Feb 14 13:50:14 aias /bsd: ubt0 at uhub7
Feb 14 13:50:14 aias /bsd: radeondrm0: wait idle failed status : 0xA0003028 
0x0002
Feb 14 13:50:15 aias /bsd:  port 1 Broadcom Corp Broadcom Bluetooth Device 
rev2.00/3.60 addr 2
Feb 14 13:50:15 aias /bsd: radeondrm0: wait idle failed status : 0xA0003028 
0x0002
Feb 14 13:50:46 aias last message repeated 154 times



OpenBSD 4.9-beta (GENERIC.MP) #780: Thu Jan 20 17:21:34 MST 2011
t...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 3182116864 (3034MB)
avail mem = 3083386880 (2940MB)
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.5 @ 0xe0010 (44 entries)
bios0: vendor LENOVO version 6JET85WW (1.43 ) date 12/24/2010
bios0: LENOVO 2847D8G
acpi0 at bios0: rev 4
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP HPET MCFG APIC BOOT SLIC SSDT SSDT SSDT
acpi0: wakeup devices P0P2(S4) P0P1(S4) USB0(S3) USB1(S3) USB2(S3) USBR(S3) 
EHC1(S3) USB3(S3) USB4(S3) USB5(S3) EHC2(S3) HDEF(S4) PXSX(S4) RP01(S4) 
PXSX(S4) RP02(S4) PXSX(S4) RP03(S4) PXSX(S4) RP04(S4) PXSX(S4) RP05(S4) 
RP06(S4) BLAN(S4) LID_(S3) SLPB(S3)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpihpet0 at acpi0: 14318179 Hz
acpimcfg0 at acpi0 addr 0xe000, bus 0-255
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM)2 Duo CPU T6670 @ 2.20GHz, 6803.39 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,XSAVE,NXE,LONG
cpu0: 2MB 64b/line 8-way L2 cache
cpu0: apic clock running at 199MHz
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Intel(R) Core(TM)2 Duo CPU T6670 @ 2.20GHz, 2194.50 MHz
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,XSAVE,NXE,LONG
cpu1: 2MB 64b/line 8-way L2 cache
ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 1 (P0P2)
acpiprt2 at acpi0: bus 9 (P0P1)
acpiprt3 at acpi0: bus 2 (RP01)
acpiprt4 at acpi0: bus 3 (RP02)
acpiprt5 at acpi0: bus 4 (RP03)
acpiprt6 at acpi0: bus 5 (RP04)
acpiprt7 at acpi0: bus 6 (RP05)
acpiprt8 at acpi0: bus 8 (RP06)
acpiec0 at acpi0
acpicpu0 at acpi0: C2, C1, PSS
acpicpu1 at acpi0: C2, C1, PSS
acpitz0 at acpi0: critical temperature 105 degC
acpithinkpad0 at acpi0
acpiac0 at acpi0: AC unit online
acpibat0 at acpi0: BAT1 model 42T4848 serial 55331 type LION oem LGC
acpibtn0 at acpi0: LID_
acpibtn1 at acpi0: PWRB
acpibtn2 at acpi0: SLPB
cpu0: Enhanced SpeedStep 2194 MHz: speeds: 2201, 2200, 1600, 1200 MHz
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 Intel GM45 Host rev 0x07
ppb0 at pci0 dev 1 function 0 Intel GM45 PCIE rev 0x07: apic 2 int 16 (irq 10)
pci1 at ppb0 bus 1
vga1 at pci1 dev 0 function 0 ATI Mobility Radeon HD 4500 rev 0x00

Re: hibernate function

[Marco Peereboom]

there are some patches floating around.

On Fri, Feb 18, 2011 at 10:51:27AM -0600, Orestes Leal R. wrote:
 does it exists?

Re: Dell R310 - H200 Raid performance problem

[Łukasz Czarniecki]

With following Mike's suggestions it worked.

 could you please change this line
 if (mpii_req_cfg_page(sc, addr, 0, hdr, 1, vpg, pagelen) != 0) {

 to
 if (mpii_req_cfg_page(sc, addr, MPII_PG_POLL, hdr, 1, vpg,
pagelen) != 0) {

 and one more:

 this:
 if (mpii_req_cfg_header(sc, MPII_CONFIG_REQ_PAGE_TYPE_RAID_VOL, 0,
addr, 0, hdr) != 0)
 to:
 if (mpii_req_cfg_header(sc, MPII_CONFIG_REQ_PAGE_TYPE_RAID_VOL, 0,
addr, MPII_PG_POLL, hdr) != 0)


mpii0 at pci2 dev 0 function 0 Symbios Logic SAS2008 rev 0x02: apic 0
int 16 (irq 15)
scsibus0 at mpii0: 42 targets
sd0 at scsibus0 targ 1 lun 0: Dell, Virtual Disk, 1028 SCSI4 0/direct
fixed
sd0: 237824MB, 512 bytes/sec, 487063552 sec total
ses0 at scsibus0 targ 10 lun 0: DP, BACKPLANE, 1.07 SCSI3 13/enclosure
services fixed
ses0: unable to read enclosure configuration

# scsi -f /dev/rsd0c -m 8
IC:  0
ABPF:  0
CAP:  0
DISC:  0
SIZE:  0
WCE:  1
MF:  0
RCD:  0
Demand Retention Priority:  0
Write Retention Priority:  0
Disable Pre-fetch Transfer Length:  65535
Minimum Pre-fetch:  0
Maximum Pre-fetch:  65280
Maximum Pre-fetch Ceiling:  65535
FSW:  0
LBCSS:  0
DRA:  0
Vendor-specific:  0
NV_DIS:  0
Number of Cache Segments:  15
Cache Segment Size:  0

how to manipulate write cache policy?

Lukasz

Casa o Depa????

[Laura de la Garza]

  RW Fereli y Asociados

  Rio Grijalva ote. # 25-C, Col del Valle  , Garza Garcia, N.L.

Tels. 04481-82521561

 

En Venta  CASA NUEVA con FINOS acabados  Y COMODA  distribuciC3n.

Ubicada en la tranquilidad de La LC!grima a 2 minutos de
LC!zaro CC!rdenas 

  Tres RecC!maras, dos y medio BaC1os

 Dos  Plantas,   Estudios

 JardC-n 

230m2 construcciC3n, 186 m2 terreno

2,100,000.00

   Departamentos  DE LUJO con  VIGILANCIA Y HERMOSA
VISTA PANORAMICA

 

  Renta y Venta  en San Pedro 

Amueblados o sin amueblar

  Dos y tres recC!maras

  Alberca, Gimnasio, SalC3n de eventos, Sky Lounge

   

  Vigilancia 24 horas 7 dC-as de la semana

   

 

Citas: 0448182521561, e-mail: ldel...@hotmail.com
[mailto:ldel...@hotmail.com?subject=Busco%20casa%20o%20depa]

   
[http://corporativomexico.info/send/link.php?M=6510722N=149L=139F=T]

Unsubscribe 
[http://corporativomexico.info/send/link.php?M=6510722N=149L=60F=T]

Re: how to set an alias on a carp interface?

[Daniel Ouellet]

On 2/18/11 5:42 AM, Henning Brauer wrote:

* Daniel Ouelletdan...@presscom.net  [2011-02-18 11:15]:

Alias are enter with /32.


huh? hell no.


OK, but all examples show it as such in man(5) hostname.if and such.


Your network card is configure with the IP 172.12.96.5 and you want
to have on the same network card the IP 172.12.101.5 and
172.12.126.5 working right?

Then enter it with the /32 netmark. Not relevant what subnet it is
in really. Make sure your router, or what ever in front of that box
point these IP's to your box here.


NO!


OK!


At the price of making a fool of myself, witch wouldn't be the first
time and most likely not the last either! If they need to be, that's
news to me and I have been wrong for many years then. Sure possible,
but as I said. I never did and I may have been wrong for many
years...


well, you have been wrong all the time then.


yes I have been! And thanks for correcting me on it too!


one IP per subnet with the real mask so there is a route, all others
with all-ones netmask.


That is no where to be find in the FAQ even if that absolutely logical, 
no question about it. I really read FAQ religeously and never got that 
understanding from it as as shown I sure didn't do it on many servers 
for many years too. If I could suggest, just adding to the FAQ exactly 
your text as above would have eliminate that mistake for me and 
eliminate that recurring question as well looks like as I am not the 
only one missing the point here.


Would that be possible.

Again thanks for taking the time to correct my multi years and recuring 
errors here.


Best,

Daniel

Re: how to set an alias on a carp interface?

[Daniel Ouellet]

On 2/18/11 6:10 AM, Indunil Jayasooriya wrote:

one IP per subnet with the real mask so there is a route, all others
with all-ones netmask.

Then, It is like this..



# cat
/etc/hostname.em0

inet 192.168.9.62 255.255.255.0
inet alias 192.168.9.63 255.255.255.255
inet alias 192.168.5.62 255.255.255.0
inet alias 192.168.5.63 255.255.255.255
inet alias 192.168.6.62 255.255.255.0
inet alias 192.168.6.63 255.255.255.255

your comments?


Then based on the correction from Henning on my previous suggestion, I 
would say that's exactly how it should be done.


Or it could be like this I suppose if your network was actually on the 
proper boundary.


 inet 192.168.9.62 255.255.255.0
 inet alias 192.168.9.63 255.255.255.255
 inet alias 192.168.6.62 255.255.254.0
 inet alias 192.168.6.63 255.255.255.255
 inet alias 192.168.7.62 255.255.255.255
 inet alias 192.168.7.63 255.255.255.255

On the above example 192.168.6.x with /23 would cover both the 6.x and 
7.x and if they are both directly connected to that interface chances 
are that they should be in the router as such, but that's just a 
suggestion and based on Henning should be good.


Best,

Daniel

PS: I learn something new, but more importantly, I corrected a long 
lasting mistake today! (;


PS2: It would really good if the FAQ could add that simple distinction. 
I would have found it useful talking just for myself may be, but sure 
would have eliminated the question from the start.

Re: hibernate function

[Benny Lofgren]

On 2011-02-18 18.17, Kevin Chadwick wrote:
 On Fri, 18 Feb 2011 16:17:25 +0100
 Joachim Schipper wrote:
 On Fri, Feb 18, 2011 at 10:51:27AM -0600, Orestes Leal R. wrote:
 does it exists?
 Not yet.

 Hibernate offers more integrity of user data but it's a lot less
 secure, discounting the boot virus's like the one mentioned on P.
 Hansteen's site that may? be hindered by power removal. (Anyone heard
 more about those or how that one worked.)
 http://bsdly.blogspot.com/2010/10/if-it-runs-openbsd-it-has-to-be.html;
 I don't really see how hibernate could be done safely without all
 systems having a TPM. Maybe a storage file in /var that only root can
 access, but that's still a compromise.

I'm sure it's just my too-narrow mind, but I fail to see any particular
security implications that are not also implied by having actual
physical access to the machine. Could you elaborate?

The one problem I see is the risk of being able to read system memory
from the hibernation storage if someone unauthorized gains access to the
system and boots it into single-user mode or removes the disk and reads
it in another computer.

But the way I imagine hibernation to be implemented would be to simply
swap out all memory to the (by default) encrypted swap space, and then
somehow flag the upcoming next boot that the swap contains live
hibernation data, and provide the encryption key (which of course
becomes the weak point).

Then for the really paranoid, the location of that flag and key could
perhaps be configurable, and be set to a USB stick or memory card that
can be removed and for example travel separately from the laptop itself.
Not perfect of course, but then again, if access to the physical
hardware is gained all bets are more or less off anyway.


Regards,

/Benny


-- 
internetlabbet.se / work:   +46 8 551 124 80  / Words must
Benny LC6fgren/  mobile: +46 70 718 11 90 /   be weighed,
/   fax:+46 8 551 124 89/not counted.
   /email:  benny -at- internetlabbet.se

Re: Booting and radeon problems on ThinkPad SL510

[Bryan Chapman]

On 02/18/11 12:41, Pascal Stumpf wrote:

Hi misc@,

I am too experiencing the booting problems described a few days ago for
the SL410. With the MP kernel, booting would sometines just stop at
mtrr: Pentium Pro MTRR support,

forcing a hard reset of the machine. Other times it just works fine, not
following any apparent pattern.

How can I provide more info to debug this?


The fix for me on my SL410 was to disable the webcam via BIOS.  That was 
the device for me that was causing it to hang.


uvideo0 at uhub1 port 6 configuration 1 interface 0 Bison Integrated Camera 
rev 2.00/0.06 addr 2



-Bryan

New LA Hotel Fund

[Cayson Metz]

My Name is Cayson Metz and im a hard money lender in California and I came
across your information on a hotel listing. My partner and I have recently
Launched a 250 million hospitality fund to help capitalize select hotels in
need of rehab, bridge loans and permanent financing.You will never see an
advance fee and  will typically close within 3 weeks. Do you have anything in
need? I am trying to deploy this money no later than mid March.


Here is some press on the fund.   www.abfjournal.com/story.asp?id=32412
http://www.abfjournal.com/story.asp?id=32412
andThank you for your time,

Truly,

Cayson Metz,
Gauntlet CREC, LLC.
7154 E. Stetson Drive Ste. 320
Scottsdale, AZ 85251
866.865.6647 ext. 1015
O: 480. 393 0829  (Scottsdale, AZ)
D: 310.954.1992 (Beverly Hills, CA)

This email was sent to misc@openbsd.org.
If you are no longer interested you can unsubscribe instantly:
http://gauntletcapital.cmail2.com/t/r/u/yktidhd/oukdljyp/

Re: how to set an alias on a carp interface?

[Daniel Ouellet]

On 2/18/11 3:23 PM, Ted Unangst wrote:

On Fri, Feb 18, 2011 at 2:39 PM, Daniel Ouelletdan...@presscom.net  wrote:

On 2/18/11 5:42 AM, Henning Brauer wrote:


* Daniel Ouelletdan...@presscom.net[2011-02-18 11:15]:


Alias are enter with /32.


huh? hell no.


OK, but all examples show it as such in man(5) hostname.if and such.


You are apparently reading manpages for a different operating system
or the OpenBSD man pages you are reading have been terribly corrupted,
because hostname.if on my system has no such nonsense.



Nope I am not, see below:

http://www.openbsd.org/cgi-bin/man.cgi?query=hostname.ifapropos=0sektion=0manpath=OpenBSD+Currentarch=i386format=html

under static section.

  inet 10.0.1.12 255.255.255.0 10.0.1.255 media 100baseTX 
description Uplink

  inet alias 10.0.1.13 255.255.255.255 10.0.1.13
  inet alias 10.0.1.14 255.255.255.255 NONE
  inet alias 10.0.1.15 255.255.255.255
  inet alias 10.0.1.16 0x

my point only was that there isn't an example of a second subnet and as 
I said I assume that every cases of alias as shown were always with /32 
for the subnet mask.


I simply miss understood that for many years obviously.

If only a reference in either ifconfig of in hostname.if with what 
Henning clarify for me as:


one IP per subnet with the real mask so there is a route, all others
with all-ones netmask.

Would have done the trick.

That's not really no sense. It's clean in my head now, just wasn't and 
is not clear for me in the man page.

Re: how to set an alias on a carp interface?

[Daniel Ouellet]

On 2/18/11 3:45 PM, Daniel Ouellet wrote:

On 2/18/11 3:23 PM, Ted Unangst wrote:

On Fri, Feb 18, 2011 at 2:39 PM, Daniel Ouelletdan...@presscom.net
wrote:

On 2/18/11 5:42 AM, Henning Brauer wrote:


* Daniel Ouelletdan...@presscom.net [2011-02-18 11:15]:


Alias are enter with /32.


huh? hell no.


OK, but all examples show it as such in man(5) hostname.if and such.


You are apparently reading manpages for a different operating system
or the OpenBSD man pages you are reading have been terribly corrupted,
because hostname.if on my system has no such nonsense.


Unless you refer at me writing /32 instead of the long way 255.255.255.255?

If so, yes you are 100% right. I use the /32 to express the mask in a 
shorter way. If that's the confusion, I am sorry to have created that.


It's an old habit hard to die, I find it much more convenient to always 
express the IP's in that form oppose to use the long mask.


I never tried to enter it into the hostname.if file as a configuration I 
don't think it support it anyway, I do not know.


So, if that's the no sense you are referring at from my part, then my 
apologies, you are 100% right.


I refer at needed to have one instance of the alias to have the proper 
mask and all additional one part of the same subnet needed the 
255.255.255.255 mask oppose to all instance of alias using only the 
255.255.255.255 form. That was and isn't clean in the man page.


Hope this make sense now. (;

Re: hibernate function

[Joe Snikeris]

On Fri, Feb 18, 2011 at 11:51 AM, Orestes Leal R.
l...@cubacatering.avianet.cu wrote:
 does it exists?

It'll work if it's implemented in hardware like on a Thinkpad X40.

Re: how to set an alias on a carp interface?

[Ted Unangst]

On Fri, Feb 18, 2011 at 2:39 PM, Daniel Ouellet dan...@presscom.net wrote:
 On 2/18/11 5:42 AM, Henning Brauer wrote:

 * Daniel Ouelletdan...@presscom.net  [2011-02-18 11:15]:

 Alias are enter with /32.

 huh? hell no.

 OK, but all examples show it as such in man(5) hostname.if and such.

You are apparently reading manpages for a different operating system
or the OpenBSD man pages you are reading have been terribly corrupted,
because hostname.if on my system has no such nonsense.

Re: security of hibernate (was: hibernate function)

[Joachim Schipper]

On Fri, Feb 18, 2011 at 05:17:57PM +, Kevin Chadwick wrote:
 On Fri, 18 Feb 2011 16:17:25 +0100 Joachim Schipper wrote:
  On Fri, Feb 18, 2011 at 10:51:27AM -0600, Orestes Leal R. wrote:
   does it exists?
  
  Not yet.
 
 Hibernate offers more integrity of user data but it's a lot less
 secure, discounting the boot virus's like the one mentioned on P.
 Hansteen's site that may? be hindered by power removal. (Anyone heard
 more about those or how that one worked.)

Actually, if one could specify an encryption password for the memory
written to disk, a stolen hibernating system would be less dangerous
than a running/ACPI-sleeping system because it's suddenly impossible to
get interesting data from the system memory. Interesting data like the
keys in ssh-agent or a softraid decryption key.

Read e.g. http://citp.princeton.edu/pub/coldboot.pdf for a very readable
introduction to rip-your-memory-out-of-your-machine attacks (figure 4 is
particularly nice); in particular, note that such attacks are quite
feasible.

Despite the common with physical access, all bets are off wisdom,
physical attacks can actually be defended against quite well - *if* the
system is turned off when they are carried out and never turned on
again.

Joachim

-- 
PotD: net/fping - quickly ping N hosts w/o flooding the network
http://www.joachimschipper.nl/

Re: Booting and radeon problems on ThinkPad SL510

[Joachim Schipper]

On Fri, Feb 18, 2011 at 06:41:26PM +0100, Pascal Stumpf wrote:
 I am too experiencing the booting problems described a few days ago for
 the SL410. With the MP kernel, booting would sometines just stop at 
 mtrr: Pentium Pro MTRR support,
 
 forcing a hard reset of the machine. Other times it just works fine, not
 following any apparent pattern.
 
 How can I provide more info to debug this?

My SL510 works if I disable acpitz*. The debugging-only diff at the
end of this message can help show that this is indeed the issue (by
default, it doesn't do much; use boot -d and 'write
acpitz_skip_first_setperfs 10' (if it's N = 0, skip the first N
acpitz_cpu_setperf() calls; negative values drop you into ddb at
acpitz_cpu_setperf() calls, which allows you to get a backtrace.)

That said, I don't have the time or expertise to fix this myself, and I
guess it's rather hard to fix it without the hardware...

 The second problem has already been reported multiple times. (Hardware
 acceleration not working on some Radeon chips.) The corresponding PR is
 user/6549, the symptoms are exactly as described there.

Sorry, I can't help you with that - I have an Intel card.

Joachim

Index: acpitz.c
===
RCS file: /usr/cvs/src/src/sys/dev/acpi/acpitz.c,v
retrieving revision 1.39
diff -u -p -r1.39 acpitz.c
--- acpitz.c27 Jul 2010 04:28:36 -  1.39
+++ acpitz.c4 Oct 2010 08:37:30 -
@@ -88,6 +88,7 @@ void  (*acpitz_cpu_setperf)(int);
 intacpitz_perflevel = -1;
 extern void(*cpu_setperf)(int);
 extern int perflevel;
+intacpitz_skip_first_setperfs = 0;
 #define PERFSTEP 10
 
 #define ACPITZ_TRIPS   (1L  0)
@@ -376,8 +377,21 @@ acpitz_refresh(void *arg)
 
/* Perform CPU setperf */
if (acpitz_cpu_setperf  nperf != acpitz_perflevel) {
-   acpitz_perflevel = nperf;
-   acpitz_cpu_setperf(nperf);
+   if (acpitz_skip_first_setperfs  0) {
+   /* Enter ddb here - and hopefully continue */
+   Debugger();
+   } else if (acpitz_skip_first_setperfs  0) {
+   acpitz_skip_first_setperfs--;
+   printf(%s: skipping %d more setperf() calls\n,
+   DEVNAME(sc), acpitz_skip_first_setperfs);
+   } else {
+   acpitz_perflevel = nperf;
+   printf(%s: acpitz_cpu_setperf at %p called: 
acpitz_cpu_setperf(%d)\n,
+   DEVNAME(sc), (void *) acpitz_cpu_setperf, 
nperf);
+   acpitz_cpu_setperf(nperf);
+   printf(%s: acpitz_cpu_setperf ok\n,
+   DEVNAME(sc));
+   }
}
}
sc-sc_lasttmp = sc-sc_tmp;

Re: security of hibernate (was: hibernate function)

[Ted Unangst]

On Fri, Feb 18, 2011 at 3:35 PM, Joachim Schipper
joac...@joachimschipper.nl wrote:
 Actually, if one could specify an encryption password for the memory
 written to disk, a stolen hibernating system would be less dangerous
 than a running/ACPI-sleeping system because it's suddenly impossible to
 get interesting data from the system memory. Interesting data like the
 keys in ssh-agent or a softraid decryption key.

Not really much difference between encrypting memory that's written to
disk and memory that's just left in memory.

Re: Booting and radeon problems on ThinkPad SL510

[Pascal Stumpf]

On Fri, Feb 18, 2011 at 09:45:22PM +0100, Joachim Schipper wrote:
 On Fri, Feb 18, 2011 at 06:41:26PM +0100, Pascal Stumpf wrote:
  I am too experiencing the booting problems described a few days ago for
  the SL410. With the MP kernel, booting would sometines just stop at 
  mtrr: Pentium Pro MTRR support,
  
  forcing a hard reset of the machine. Other times it just works fine, not
  following any apparent pattern.
  
  How can I provide more info to debug this?
 
 My SL510 works if I disable acpitz*. The debugging-only diff at the
 end of this message can help show that this is indeed the issue (by
 default, it doesn't do much; use boot -d and 'write
 acpitz_skip_first_setperfs 10' (if it's N = 0, skip the first N
 acpitz_cpu_setperf() calls; negative values drop you into ddb at
 acpitz_cpu_setperf() calls, which allows you to get a backtrace.)
 
 That said, I don't have the time or expertise to fix this myself, and I
 guess it's rather hard to fix it without the hardware...
 
Thanks a lot, but thatbs most likely not the issue in my case. I donbt
even seem to be able to get any negative values.

Bryanbs suggestion to disable the webcam via BIOS has most likely done
the trick. (I havenbt had any hangs since then, but you never knowB b)

Still, this solutions seems unsatisfying. Would the info provided by
UVIDEO_DEBUG help in tracking down the bug?

Re: usb external disk freezes system [SOLVED ON -CURRENT]

[shwegime]

On Wed, 16 Feb 2011, Kenneth R Westerback wrote:


On Wed, Feb 16, 2011 at 06:05:59PM +0800, shweg...@gmail.com wrote:

I have an external usb drive which freezes the system, especially if
I do some cp of scp of big files, but not necessarily, it happens
also with small files, here is the error I get:

attempting to restore vector in use vecproc 0 veccpu 6boff0
attempting to restore vector in use vecproc 0 veccpu 6boff0
(yes, written to times)
umass0: Invalid CSW: sig 0x40f00ee0 shuld be 0x53425355


Please try a -current snapshot. Many, many USB fixes since Aug. and
it would be good to know if the problem still exists as 4.9 is
about to lock.

 Ken



The problem seems to be gone, thank you very much!
Here is the new dmesg:

[ using 479744 bytes of bsd ELF symbol table ]
console out [ATY,RockHopper2_A]console in [] , no keyboard attached, 
trying usb anyway
using parent ATY,RockHopper2Paren:: memaddr 9800 size 800, : 
consaddr 9c008000, : ioaddr 9002, size 2: memtag 8000, iotag 8000: 
width 640 linebytes 768 height 480 depth 8

Copyright (c) 1982, 1986, 1989, 1991, 1993
The Regents of the University of California.  All rights reserved.
Copyright (c) 1995-2011 OpenBSD. All rights reserved. 
http://www.OpenBSD.org


OpenBSD 4.9 (GENERIC) #35: Tue Feb 15 15:34:27 MST 2011
t...@macppc.openbsd.org:/usr/src/sys/arch/macppc/compile/GENERIC
real mem = 1073741824 (1024MB)
avail mem = 1032323072 (984MB)
mainbus0 at root: model PowerMac10,1
cpu0 at mainbus0: 7447A (Revision 0x102): 1249 MHz: 512KB L2 cache
mem0 at mainbus0
spdmem0 at mem0: 1GB DDR SDRAM non-parity PC3200CL3.0
memc0 at mainbus0: uni-n
hw-clock at memc0 not configured
kiic0 at memc0 offset 0xf8001000
iic0 at kiic0
mpcpcibr0 at mainbus0 pci: uni-north, Revision 0xff
pci0 at mpcpcibr0 bus 0
pchb0 at pci0 dev 11 function 0 Apple UniNorth AGP rev 0x00
vgafb0 at pci0 dev 16 function 0 ATI Radeon 9200 rev 0x01, mmio
wsdisplay0 at vgafb0 mux 1: console (std, vt100 emulation)
mpcpcibr1 at mainbus0 pci: uni-north, Revision 0x5
pci1 at mpcpcibr1 bus 0
pchb1 at pci1 dev 11 function 0 Apple UniNorth PCI rev 0x00
macobio0 at pci1 dev 23 function 0 Apple Intrepid rev 0x00
openpic0 at macobio0 offset 0x4: version 0x4614 little endian
macgpio0 at macobio0 offset 0x50
modem-reset at macgpio0 offset 0x1d not configured
modem-power at macgpio0 offset 0x1c not configured
macgpio1 at macgpio0 offset 0x9 irq 47
pgs0 at macgpio0 offset 0x11: irq 55
gpio5 at macgpio0 offset 0x6f not configured
gpio6 at macgpio0 offset 0x70 not configured
extint-gpio15 at macgpio0 offset 0x67 not configured
escc-legacy at macobio0 offset 0x12000 not configured
zsc0 at macobio0 offset 0x13000: irq 22,23
zstty0 at zsc0 channel 0
zstty1 at zsc0 channel 1
aoa0 at macobio0 offset 0x1: irq 30,1,2
audio0 at aoa0
timer at macobio0 offset 0x15000 not configured
adb0 at macobio0 offset 0x16000 irq 25: via-pmu, 0 targets
apm0 at adb0: battery flags 0x0, 0% charged
piic0 at adb0
iic1 at piic0
maxtmp0 at iic1 addr 0xc8: max6642
kiic1 at macobio0 offset 0x18000
iic2 at kiic1
wdc0 at macobio0 offset 0x2 irq 24: DMA
ohci0 at pci1 dev 24 function 0 Apple Intrepid USB rev 0x00: irq 0, 
version 1.0, legacy support
ohci1 at pci1 dev 25 function 0 Apple Intrepid USB rev 0x00: irq 0, 
version 1.0, legacy support
ohci2 at pci1 dev 26 function 0 Apple Intrepid USB rev 0x00: irq 29, 
version 1.0, legacy support

ohci3 at pci1 dev 27 function 0 NEC USB rev 0x43: irq 63, version 1.0
ohci4 at pci1 dev 27 function 1 NEC USB rev 0x43: irq 63, version 1.0
ehci0 at pci1 dev 27 function 2 NEC USB rev 0x04: irq 63
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 NEC EHCI root hub rev 2.00/1.00 addr 1
usb1 at ohci0: USB revision 1.0
uhub1 at usb1 Apple OHCI root hub rev 1.00/1.00 addr 1
usb2 at ohci1: USB revision 1.0
uhub2 at usb2 Apple OHCI root hub rev 1.00/1.00 addr 1
usb3 at ohci2: USB revision 1.0
uhub3 at usb3 Apple OHCI root hub rev 1.00/1.00 addr 1
usb4 at ohci3: USB revision 1.0
uhub4 at usb4 NEC OHCI root hub rev 1.00/1.00 addr 1
usb5 at ohci4: USB revision 1.0
uhub5 at usb5 NEC OHCI root hub rev 1.00/1.00 addr 1
mpcpcibr2 at mainbus0 pci: uni-north, Revision 0x6
pci2 at mpcpcibr2 bus 0
pchb2 at pci2 dev 11 function 0 Apple UniNorth PCI rev 0x00
kauaiata0 at pci2 dev 13 function 0 Apple Intrepid ATA rev 0x00
wdc1 at kauaiata0 irq 39: DMA
wd0 at wdc1 channel 0 drive 0: SAMSUNG HM160HC
wd0: 16-sector PIO, LBA48, 152627MB, 312581808 sectors
atapiscsi0 at wdc1 channel 0 drive 1
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0: MATSHITA, CD-RW CW-8124, DACD ATAPI 
5/cdrom removable

wd0(wdc1:0:0): using PIO mode 4, DMA mode 2, Ultra-DMA mode 2
cd0(wdc1:0:1): using PIO mode 4, DMA mode 2, Ultra-DMA mode 2
Apple UniNorth Firewire rev 0x81 at pci2 dev 14 function 0 not 
configured
gem0 at pci2 dev 15 function 0 Apple Uni-N2 GMAC rev 0x80: irq 41, 
address 00:0d:93:5e:38:10

bmtphy0 at gem0 phy 0: BCM5221 100baseTX PHY, rev. 4
umass0 at uhub0 port 1 configuration 1 

Re: how to set an alias on a carp interface?

[Harald Dunkel]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hi folks,

On 02/18/11 03:43, Dan Harnett wrote:
 
 IMHO, it would be better to use a new carp device for each alias.  The
 routes will be created and destroyed properly with the status change of
 each carp device.
 

I tried this together with Henning's suggestion to specify the netmask per
subnet only on em1 and use 255.255.255.255 for the rest. This seems to work.

Maybe it could be helpful if hostname.if(5) or ifconfig(8) would be more
precise about this. Obviously the example in hostname.if(5) is correct,
but not sufficient as a reference.


Many thanx to all

Harri
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk1fWHkACgkQUTlbRTxpHjdsOwCfU1s3+6DgVyj7A6ls+GJ21myX
F48An2+FbzeJOo/n8+PRJuxz08rNxK1e
=RtEN
-END PGP SIGNATURE-

Re: how to set an alias on a carp interface?

[Ted Unangst]

On Fri, Feb 18, 2011 at 3:58 PM, Daniel Ouellet dan...@presscom.net wrote:
 On 2/18/11 3:45 PM, Daniel Ouellet wrote:

 On 2/18/11 3:23 PM, Ted Unangst wrote:
 Unless you refer at me writing /32 instead of the long way 255.255.255.255?

Ah, yes, I thought you somehow meant just writing 10.1.1.1/32, for instance.

Re: how to set an alias on a carp interface?

[Daniel Ouellet]

On 2/19/11 12:51 AM, Ted Unangst wrote:

On Fri, Feb 18, 2011 at 3:58 PM, Daniel Ouelletdan...@presscom.net  wrote:

On 2/18/11 3:45 PM, Daniel Ouellet wrote:


On 2/18/11 3:23 PM, Ted Unangst wrote:

Unless you refer at me writing /32 instead of the long way 255.255.255.255?


Ah, yes, I thought you somehow meant just writing 10.1.1.1/32, for instance.


Sorry to have added to the confusion there, My bad!

Would be cool to be able to do it however like in the pf.conf and 
bgpd.conf, etc. (;

Re: how to set an alias on a carp interface?

[Claudio Jeker]

On Sat, Feb 19, 2011 at 02:01:36AM -0500, Daniel Ouellet wrote:
 On 2/19/11 12:51 AM, Ted Unangst wrote:
 On Fri, Feb 18, 2011 at 3:58 PM, Daniel Ouelletdan...@presscom.net  wrote:
 On 2/18/11 3:45 PM, Daniel Ouellet wrote:
 
 On 2/18/11 3:23 PM, Ted Unangst wrote:
 Unless you refer at me writing /32 instead of the long way 255.255.255.255?
 
 Ah, yes, I thought you somehow meant just writing 10.1.1.1/32, for instance.
 
 Sorry to have added to the confusion there, My bad!
 
 Would be cool to be able to do it however like in the pf.conf and
 bgpd.conf, etc. (;
 

It is possible to that in ifconfig as well. I use it all the time.
It works in hostname.if if you skip the inet IIRC.

-- 
:wq Claudio