Re: ARP and libpcap

[Jan Stary]

On Apr 05 19:06:40, Alessandro Baggi wrote:
 Ok, but my app must take those packet from the net for other
 operation.

Huh? tpcdump/pcap also takes those packet from the net of course.

 For this purpose I can also build my own structure to see
 arp parameter, but I'm trying to know how to use arphdr structure.

Why exactly do you need to write your own code for this,
replicating the functionality that already is in base?

 Someone has experience about it?

Yes, libpcap does it somehow. Look at its source.

What is it that yo actually want to do?

Re: new upper limit with BIGMEM

[Daniel Gracia]

Tell the Voyager 1; it's about trespassing even that limit xDDD

El 05/04/2011 23:02, James A. Peltier escribiC3:

- Original Message -
|real mem = 137428045824 (131061MB)
|avail mem = 133755703296 (127559MB)
|  
|seems to work ok...
|
|  But have you hit the limit?
|
| The sky is the limit, but his is not a flying machine.
|
| Miod


Umm, we conquered the skies a while ago.  Really the solar system is the limit 
currently.

pf rule

[Gianluca D'Auri Muscelli]

Hi everyone,
I never had to deal with pf, but if possible i have a question:

on my OpenBSD now block all outcoming connection to ssh and telnet to internet
with:

block out on re0 proto { tcp } from any to any port  { ssh telnet }

but now with this rule i can't connect with ssh to my lan 192.168.1.0/24 ,
there is any rule for this question?

Thanks vm and sorry for my bad english!

Re: pf rule

[Gianluca D'Auri Muscelli]

i try with:

pass out on re0 from any to { 192.168.1.9, 192.168.1.10 }

there is ok for you?

Il giorno 06/apr/2011, alle ore 10.19, Gianluca D'Auri Muscelli ha scritto:

 Hi everyone,
 I never had to deal with pf, but if possible i have a question:

 on my OpenBSD now block all outcoming connection to ssh and telnet to
internet
 with:

 block out on re0 proto { tcp } from any to any port  { ssh telnet }

 but now with this rule i can't connect with ssh to my lan 192.168.1.0/24 ,
 there is any rule for this question?

 Thanks vm and sorry for my bad english!

Invito ad evento: AFFIDABILITA' E TECNOLOGIA 2011

[elaboran...@prodware.it]

logo AT

AFFIDABILITA' E TECONLOGIE
Torino 13-14 Aprile 2011

Saremo presenti nell' AREA BLU, SOFTWARE E PROGETTAZIONE - Stand 119

per informazini su come raggiungerci clicca qui

Spett. Azienda

Elabora Srl h lieta di invitarLa ad: AFFIDABILITA' E TECNOLOGIE  2011.

La manifestazione italiana dedicata all'innovazione ed alla tecnologia
che si terr` a Torino, presso l'ente Fiera Lingotto il 13 e 14 aprile
2011.

Presenteremo i-Man Interactive Manufacturing, il sistema che sta
rivoluzionando la fabbrica, permettendo di interagire con gli addetti in
modo altamente efficiente:

  * controlli qualit`: iniziali e finali, capacit` macchina e di
processo. Controllo in accettazione, tutti completamente integrati
nella logistica e nei flussi produttivi.

  * terminale touchscreen per l'interscambio d'informazioni: lavorazioni
da eseguire, attrezzaggi, utensili, manutenzioni

  * completa tracciabilit` dei lotti e stato di avanzamento

  * trasmissione e ricezione programmi macchina

  * acquisizione stati macchina, segnali e contapezzi

  * articoli, schede tecniche, disegni e documenti gestiti per indice di
revisione

Venga a visitarci, avremo piacere di illustrarLe le nostre soluzioni per
gestire la produzione, la qualit`, l’assistenza post vendita, l’intera
azienda.

Cordiali saluti
Lo staff di Elabora

i-Man

i-Man in funzione

Logo
Prodware

Disclaimer:

Questa comunicazione e' stata inviata in conformita' alle norme vigenti
in materia di tutela della privacy, d.lgs. 196/2003.

Se desidera cancellare il suo nominativo, puo' rispondere a questa mail
indicando nell'oggetto la parola rimuovi.

Elabora S.r.l.
Software solutions  consulting for enterprise management
Tel. 02-90.93.11 mail: elab...@prodware.it sito web: www.prodware.it

Powerd by: Elabora Srl

Re: Wildest Africa Tour

[Marcus Mülbüsch]

Am 04.04.2011 19:09, schrieb Stuart VanZee:

Don't be silly.  While Lions do provide excelent physical security
they don't provide any data security at all.


# sudo pkg_add -v lion

results in

Can't find lion

What am i doing wrong?

Re: Wildest Africa Tour

[Robert]

On Wed, 06 Apr 2011 11:34:23 +0200
Marcus M|lb|sch muelbue...@as-infodienste.de wrote:
 # sudo pkg_add -v lion

 results in

 Can't find lion

 What am i doing wrong?


They are in ports, not packages:

$ grep -R lion /usr/ports/
/usr/ports/games/falconseye/pkg/PLIST:${GAMEDIR}/sound/lion.raw
/usr/ports/net/gajim/pkg/PLIST:share/gajim/data/emoticons/static/lion.png
...

regards,
Robert

Email Marketing - Publicidad por Correo - Aceptamos tarjetas de crédito, Paypal, cheque o efectivo.

[OFERTA DE LA SEMANA]

No puede ver la imagen correctamente? Si quiere ver una versiC3n online de
este anuncio haga clic en el siguiente link:
http://www.panamacorreo.com/mail/display.php?M=176375C=45ce1208ba75b76cbc4c66d66bf5a405S=17L=1N=2


Abril - 2011


PROMOCICN PARA EL MES DE ABRIL

Tres envC-os de email marketing en fechas diferentes por sC3lo us$129.95.
Llegue a nuestra base de datos de 400,000 contactos en PanamC! en tres
ocasiones diferentes. Si necesita que le hagamos el diseC1o del arte que
quiere enviar, al tomar nuestro paquete promocional, pague sC3lo us$19.95
por el diseC1o de su arte publicitario para email.

B?CC3mo estC! compuesta nuestra base de datos?

MicroKey Group verifica diariamente sus bases de datos, entre ellas la
base de PanamC!. Nuestra base cuenta con 400,000 contactos verificados de
PanamC!. La base incluye correos empresas y personales. En promedio 55%
correos empresariales y 45% correos personales. Son personas de 25 a 50
aC1os, con su correo electrC3nico activo.

B?CC3mo MicroKey me muestra una prueba del envC-o?

El C:nico con detalle exhaustivo.

MicroKey le harC! llegar una prueba completa del envC-o realizado. Una
semana despuC)s de realizado su envC-o recibirC! un reporte completo con
la cantidad de correos leC-dos, rebotados, desuscritos. RecibirC! en ese
reporte tambiC)n una lista de correos de hasta 500 contactos - los mC!s
representativos en dicha campaC1a - que hayan leC-dos su correo o hayan
hecho clic en alguno de los enlaces colocados en la campaC1a publicitaria.
Usted contarC! con 500 contactos de feedback para comprobar que nuestro
envC-o fue realizado. Es una lista de clientes interesados en su producto
o servicio y que usted podrC! contactar directamente. Una lista de
potenciales clientes, de clientes objetivo.

B?Por quC) recibo el reporte una semana despuC)s?

En promedio se ha establecido que la base total lee su correo en una
semana. Basado en que los usuarios revisan su correo como mC-nimo una vez
a la semana, el reporte se generarC! pasado ese tiempo. Esto sucede debido
a la base de datos que le brindamos - los 500 contactos de feedback - por
cada envC-o. El sistema necesita establecer cuales son los contactos mC!s
representativos de la base de datos - es decir mC!s interesados - y se
establecerC! por el usuario que ademC!s de leer el correo, haya hecho clic
en su link, o el usuario que haya leC-do el mensaje en dos ocasiones
diferentes a lo largo de la semana.
B?Por quC) hacer Marketing por Correo / Email Marketing?

El internet se mueve alrededor del correo electrC3nico. Es la principal
herramienta utilizada por los cibernautas, y es la que primero miran
cuando ingresan a la red. Aunque hayan aparecido redes sociales, el correo
electrC3nico no ha perdido su posiciC3n relevante en el marketing.

B?En quC) paC-ses MicroKey hace mail marketing?

En toda AmC)rica, Europa y Asia. Contamos con bases de datos verificadas
semana tras semana. Si quiere mayor informaciC3n de nuestras bases de
datos, no dude en contactarnos vC-a telefC3nica.

B?Ventajas para mi negocio?

Las campaC1as de correo electrC3nico le dan acceso instantC!neo a
resultados y mediciones, y empieza a recibir informaciC3n sC3lo unos
segundos despuC)s de haber enviado los e-mails. Obtiene un nivel de
detalle imposible de conseguir a travC)s de otros medios.



Haga clic aquC- para contactarnos o leer mC!s sobre nuestras ofertas

TambiC)n ofrecemos bases de datos de muchos paC-ses, clic aquC-

Recuerde que aceptamos pagos por tarjetas de crC)dito, PayPal, Cheque,
Transferencia bancarias, Western Union o pago en efectivo.




MicroKey Group
VC-a Ricardo J. Alfaro, The Century Tower, Piso #4
Tel. (507) 360-5858
Usted ha recibido este correo porque en algC:n momento nos indicC3 su
interC)s en recibir promociones o nos fue recomendado por otro de nuestros
usuarios o web sites aliados.Respetamos su derecho de privacidad y le
invitamos a darse de baja de nuestra lista de correos si no desea recibir
promociones, favor hacer clic aquC- para eliminar permanentemente su
suscripciC3n

You have received this email because at some point we indicated interest
in us promoting or recommended by other users or our partners web sites.

We respect your right and invite you to unsubscribe from our mailing list
if you want to receive promotions, Unsubscribe me from this list



MicroKey IT maneja un estricto y seguro mail marketing en internet,
cumpliendo con todas las polC-ticas Anti-Spam internacionales.
http://www.panamacorreo.com/mail/unsubscribe.php?M=176375C=45ce1208ba75b76cbc4c66d66bf5a405L=1N=17

Re: pf rule

[Indunil Jayasooriya]

On Wed, Apr 6, 2011 at 1:49 PM, Gianluca D'Auri Muscelli g...@email.it
wrote:
 Hi everyone,
 I never had to deal with pf, but if possible i have a question:

 on my OpenBSD now block all outcoming connection to ssh and telnet to
internet
 with:

 block out on re0 proto { tcp } from any to any port  { ssh telnet }

do you have one interface?

re0 may be your external interface. What is your internal interface





--
Thank you
Indunil Jayasooriya

Re: Wildest Africa Tour

[Marcus Mülbüsch]

Am 06.04.2011 11:52, schrieb Robert:

On Wed, 06 Apr 2011 11:34:23 +0200
Marcus M|lb|schmuelbue...@as-infodienste.de  wrote:

# sudo pkg_add -v lion

results in

Can't find lion

What am i doing wrong?



They are in ports, not packages:

$ grep -R lion /usr/ports/
/usr/ports/games/falconseye/pkg/PLIST:${GAMEDIR}/sound/lion.raw
/usr/ports/net/gajim/pkg/PLIST:share/gajim/data/emoticons/static/lion.png
...


So, to actually increase physical security I also need a speaker 
connected to my pf-Firewall?


Okay, a really big speaker with a corresponding big amplifier will 
probably do the trick!

Re: Performance degradation after upgrade

[Peter Hallin]

On 2011-04-05 14:35, Claudio Jeker wrote:
 Can you give the following diff a spin and see if that makes the card act
 faster. This disables the ppb hotplug interrupt which is shared with the
 em2 and em3 interrupts.
 
 -- 
 :wq Claudio

Ok, that did the trick.

I made the changes to the 4.8 source and ppb hotplug was disabled.

I then tested the dual port cards and got close to 1 Gbit/s but without
the high CPU usage (only about 30% intr).

So my question now is: Do we need the ppb hotplug? What is it good for?

//Peter

Re: ARP and libpcap

[Alessandro Baggi]

Il 06/04/2011 08:25, Jan Stary ha scritto:

On Apr 05 19:06:40, Alessandro Baggi wrote:

Ok, but my app must take those packet from the net for other
operation.

Huh? tpcdump/pcap also takes those packet from the net of course.


For this purpose I can also build my own structure to see
arp parameter, but I'm trying to know how to use arphdr structure.

Why exactly do you need to write your own code for this,
replicating the functionality that already is in base?


Someone has experience about it?

Yes, libpcap does it somehow. Look at its source.

What is it that yo actually want to do?

Hi jan, i'm trying to make a program that map a specified MAC address to 
a specified IP, and then get information by getting arp packets for the 
specified nic to see if some host changes its IP. I can do this getting 
tcp/upd packets on a specified nic, and query with arp each hosts, but 
it can take more resources.

Re: Wildest Africa Tour

[Kevin Chadwick]

On Tue, 05 Apr 2011 16:28:31 -0700
Mehma Sarja wrote:

 On 4/5/11 9:07 AM, Stuart Henderson wrote:
  On 2011-04-04, Stuart VanZeestua...@datalinesys.com  wrote:
  Don't be silly.  While Lions do provide excelent physical security
  they don't provide any data security at all.
  I love animals: I'm always talking about animals, I love 'em. But
  the thing is that, you know, whenever you see animals on the telly,
  it's always the show-off animals. Yeah? It's always the leopards
  and panthers and crocodiles. Lions milling about, going Oh, I'm
  very good, I'm on everything, and it really makes me annoyed, you
  know? Because what about the English animals, you know? The British
  mammals, yeah? Hah, what about the muskrat, or the tiny northern
  root-vole, with his little banjo and hat made of elastic bands,
  yeah? Who's representing them, eh? No-one, that's who.
 
 You had a good buildup and even some suspense. Oh what a letdown! What 
 British animals? You've got to be kidding. Isn't everybody over there 
 all civilized an stuff? Take your little poodle and pony show and move 
 it along down the road.
 
 Mehma
 

Well if you didn't get the sarcasm, then there's meant to be a big
black cat around. Otherwise you'd have to go back thousands of years to
get Lions.

Aside from wiping out the bears I don't see what civilisaton has to do
with it.

Avviso importante.

[Cariparma Credit Agricole]

[IMAGE]

Comunicazione di servizio per i clienti Cariparma Credito Agricole.
Si prega di recarsi urgentemente negli uffici della Cariparma Credito
Agricole oppure collegarsi online, per accertarsi della propria identit`.
Negli ultimi giorni, la Cariparma Credito Agricole, ha avuto
comunicazioni dagli Addetti alla sicurezza informatica riguardo continui
ed aggravati
furti di ident`, e furti di codici a danno dei clienti Cariparma Credito
Agricole.

La Cariparma Credito Agricole si scusa per il disagio ed invita i clienti
a verificare l`esatta ident` recandosi in filiale oppure accedendo online
al proprio conto: qui

Copyright ) 2011 Cariparma Gruppo Credit Agricole

Re: ARP and libpcap

[Robert]

On Wed, 06 Apr 2011 12:30:56 +0200
Alessandro Baggi alessandro.ba...@gmail.com wrote:
 Hi jan, i'm trying to make a program that map a specified MAC address to 
 a specified IP, and then get information by getting arp packets for the 
 specified nic to see if some host changes its IP. I can do this getting 
 tcp/upd packets on a specified nic, and query with arp each hosts, but 
 it can take more resources.

Maybe you find something in the source of Arpwatch.

regards,
Robert

Re: ARP and libpcap

[Jan Stary]

On Apr 06 12:30:56, Alessandro Baggi wrote:
 Il 06/04/2011 08:25, Jan Stary ha scritto:
 On Apr 05 19:06:40, Alessandro Baggi wrote:
 Ok, but my app must take those packet from the net for other
 operation.
 Huh? tpcdump/pcap also takes those packet from the net of course.
 
 For this purpose I can also build my own structure to see
 arp parameter, but I'm trying to know how to use arphdr structure.
 Why exactly do you need to write your own code for this,
 replicating the functionality that already is in base?
 
 Someone has experience about it?
 Yes, libpcap does it somehow. Look at its source.
 
 What is it that yo actually want to do?
 
 Hi jan, i'm trying to make a program that map a specified MAC
 address to a specified IP, and then get information by getting arp
 packets for the specified nic to see if some host changes its IP.

You should have said that in your original post.
Step by step we are getting to what you really want.
So: why do you want to know that someone's IP address has changed?

Also, there is 'arp -a' of of course.

Re: Free heroin shipping!

[Super Biscuit]

I guess this explains so many bad attitudes on here; people are having 
withdrawals.


--- On Wed, 4/6/11, Cornell Bruce w...@daedae.org wrote:

From: Cornell Bruce w...@daedae.org
Subject: Free heroin shipping!
To: misc@openbsd.org
Date: Wednesday, April 6, 2011, 12:41 AM

FREE HEROIN SHIPPING!


1. Heroin, in liquid and crystal form.
2. Rocket fuel and Tomohawk rockets (serious enquiries only).
4. New shipment of cocaine has arrived, buy 9 grams and get 10th for free.

Everebody welcome, but not US citizens, sorry.

ATTENTION. Clearance offer. Buy 30 grams of heroin, get 5 free.

Please contact: debbie...@gmail.com 

PHONE 0093(0)4765481
FAX 0093(0)4485291

Afghanistan

Re: Performance degradation after upgrade

[Claudio Jeker]

On Wed, Apr 06, 2011 at 01:22:41PM +0200, Peter Hallin wrote:
 On 2011-04-05 14:35, Claudio Jeker wrote:
  Can you give the following diff a spin and see if that makes the card act
  faster. This disables the ppb hotplug interrupt which is shared with the
  em2 and em3 interrupts.
  
  -- 
  :wq Claudio
 
 Ok, that did the trick.
 
 I made the changes to the 4.8 source and ppb hotplug was disabled.
 
 I then tested the dual port cards and got close to 1 Gbit/s but without
 the high CPU usage (only about 30% intr).
 
 So my question now is: Do we need the ppb hotplug? What is it good for?
 
It is needed for handling hotplug events especially on the expresscard
slots on modern laptops.

Here is a better version that may get commited if it works for you.
Currently only amd64 is fixed, we're looking into i386 to do the same
dance with the interrupt return values.
So the idea is to establish the interrupt handler for the ppb as last and
jump out of interrupt processing if the handler returns 1 (HW was the
source of interrupt). So we should not end up in the slow ppb interrupt
handler unless it is actually a hotplug interrupt.
-- 
:wq Claudio

Index: arch/amd64/amd64/vector.S
===
RCS file: /cvs/src/sys/arch/amd64/amd64/vector.S,v
retrieving revision 1.28
diff -u -p -r1.28 vector.S
--- arch/amd64/amd64/vector.S   1 Apr 2011 22:51:45 -   1.28
+++ arch/amd64/amd64/vector.S   6 Apr 2011 13:18:45 -
@@ -484,7 +484,9 @@ IDTVEC(intr_##name##num)
;\
call*IH_FUN(%rbx)   /* call it */   ;\
orq %rax,%rax   /* should it be counted? */ ;\
jz  4f  ;\
-   incqIH_COUNT(%rbx)  ;\
+   incqIH_COUNT(%rbx)  /* -1 or 1 */   ;\
+   orq %rax,%rax   ;\
+   jns 5f  ;\
 4: movqIH_NEXT(%rbx),%rbx  /* next handler in chain */ ;\
testq   %rbx,%rbx   ;\
jnz 6b  ;\
Index: dev/pci/ppb.c
===
RCS file: /cvs/src/sys/dev/pci/ppb.c,v
retrieving revision 1.47
diff -u -p -r1.47 ppb.c
--- dev/pci/ppb.c   30 Dec 2010 00:58:22 -  1.47
+++ dev/pci/ppb.c   6 Apr 2011 12:50:33 -
@@ -142,7 +142,7 @@ ppbattach(struct device *parent, struct 
pci_intr_handle_t ih;
pcireg_t busdata, reg, blr;
char *name;
-   int pin;
+   int pin, has_hotplug = 0;
 
sc-sc_pc = pc;
sc-sc_tag = pa-pa_tag;
@@ -169,21 +169,9 @@ ppbattach(struct device *parent, struct 
/* Check for PCI Express capabilities and setup hotplug support. */
if (pci_get_capability(pc, pa-pa_tag, PCI_CAP_PCIEXPRESS,
sc-sc_cap_off, reg)  (reg  PCI_PCIE_XCAP_SI)) {
-   if (pci_intr_map(pa, ih) == 0)
-   sc-sc_intrhand = pci_intr_establish(pc, ih, IPL_TTY,
-   ppb_intr, sc, self-dv_xname);
-
-   if (sc-sc_intrhand) {
+   if (pci_intr_map(pa, ih) == 0) {
printf(: %s, pci_intr_string(pc, ih));
-
-   /* Enable hotplug interrupt. */
-   reg = pci_conf_read(pc, pa-pa_tag,
-   sc-sc_cap_off + PCI_PCIE_SLCSR);
-   reg |= (PCI_PCIE_SLCSR_HPE | PCI_PCIE_SLCSR_PDE);
-   pci_conf_write(pc, pa-pa_tag,
-   sc-sc_cap_off + PCI_PCIE_SLCSR, reg);
-
-   timeout_set(sc-sc_to, ppb_hotplug_insert_finish, sc);
+   has_hotplug = 1;
}
}
 
@@ -305,6 +293,22 @@ ppbattach(struct device *parent, struct 
pba.pba_intrtag = pa-pa_intrtag;
 
sc-sc_psc = config_found(self, pba, ppbprint);
+
+   if (has_hotplug) {
+   sc-sc_intrhand = pci_intr_establish(pc, ih, IPL_TTY,
+   ppb_intr, sc, self-dv_xname);
+   if (sc-sc_intrhand) {
+
+   /* Enable hotplug interrupt. */
+   reg = pci_conf_read(pc, pa-pa_tag,
+   sc-sc_cap_off + PCI_PCIE_SLCSR);
+   reg |= (PCI_PCIE_SLCSR_HPE | PCI_PCIE_SLCSR_PDE);
+   pci_conf_write(pc, pa-pa_tag,
+   sc-sc_cap_off + PCI_PCIE_SLCSR, reg);
+
+   timeout_set(sc-sc_to, ppb_hotplug_insert_finish, sc);
+   }
+   }
 }
 
 int

Can't get multipath working correctly

[Marcus Mülbüsch]

Hello all,

   please forgive if my question turns out to be very hazy and unclear. 
If I could myself clearer I could probably understand what happens ;)


   I have set up a pf firewall with two external NICs and CARP on that 
external IPs. (I think) I followed 
http://www.openbsd.org/faq/faq6.html#Multipath


   Now, for example if I sent a ping to 8.8.8.8, I see that the pf rule 
makes a


pass out on em1: *WAN_IP_1*  8.8.8.8: icmp: echo request

   however, the first request sometimes goes out on em0, while the echo 
replies and all other echo requests use em1.


   Sometimes something similar happens when a connection comes in 
through an external interface: the first return packet goes out through 
the wrong interface, and is thus blocked (duh!) - though I'm pretty sure 
(and can see it through tcpdump) that I've set a pass in rule with 
reply-to *ROUTER_IP*@em1.


   Now I see that netstat -rn shows me

Destination Gateway  Flags   Refs  Use   Mtu  Prio Iface
default ROUTER_IP_0  UGSP   2   83 - 8 em0
default ROUTER_IP_1  UGSP   2   92 - 8 em1
*WAN_NET_0*/29  link#1   UC 20 - 4 em0
some other IPs in that net
*WAN_NET_1*/29  link#4   UC 30 - 4 em2
some other IPs in that net
other IPs in DMZ and lo0

   If I understand correctly, something for WAN_NET_1 is pointing 
wrong. After a reboot I have even seen once that *both* links pointed 
wrong, the *WAN_NET_0* on em0 to the *ROUTER_IP* on em1.


   Now I have three questions:

1) Is this really the error?
2) What can I do to correct it manually?
3) What mistake did I do in the first place in my hostname.em and 
hostname.carp files?


Marcus

Re: Performance degradation after upgrade

[Claudio Jeker]

On Wed, Apr 06, 2011 at 03:55:03PM +0200, Claudio Jeker wrote:
 On Wed, Apr 06, 2011 at 01:22:41PM +0200, Peter Hallin wrote:
  On 2011-04-05 14:35, Claudio Jeker wrote:
   Can you give the following diff a spin and see if that makes the card act
   faster. This disables the ppb hotplug interrupt which is shared with the
   em2 and em3 interrupts.
   
   -- 
   :wq Claudio
  
  Ok, that did the trick.
  
  I made the changes to the 4.8 source and ppb hotplug was disabled.
  
  I then tested the dual port cards and got close to 1 Gbit/s but without
  the high CPU usage (only about 30% intr).
  
  So my question now is: Do we need the ppb hotplug? What is it good for?
  
 It is needed for handling hotplug events especially on the expresscard
 slots on modern laptops.
 
 Here is a better version that may get commited if it works for you.
 Currently only amd64 is fixed, we're looking into i386 to do the same
 dance with the interrupt return values.
 So the idea is to establish the interrupt handler for the ppb as last and
 jump out of interrupt processing if the handler returns 1 (HW was the
 source of interrupt). So we should not end up in the slow ppb interrupt
 handler unless it is actually a hotplug interrupt.

Wait. It seems more is needed. Will come back when we have a better
solution.

 -- 
 :wq Claudio
 
 Index: arch/amd64/amd64/vector.S
 ===
 RCS file: /cvs/src/sys/arch/amd64/amd64/vector.S,v
 retrieving revision 1.28
 diff -u -p -r1.28 vector.S
 --- arch/amd64/amd64/vector.S 1 Apr 2011 22:51:45 -   1.28
 +++ arch/amd64/amd64/vector.S 6 Apr 2011 13:18:45 -
 @@ -484,7 +484,9 @@ IDTVEC(intr_##name##num)  
 ;\
   call*IH_FUN(%rbx)   /* call it */   ;\
   orq %rax,%rax   /* should it be counted? */ ;\
   jz  4f  ;\
 - incqIH_COUNT(%rbx)  ;\
 + incqIH_COUNT(%rbx)  /* -1 or 1 */   ;\
 + orq %rax,%rax   ;\
 + jns 5f  ;\
  4:   movqIH_NEXT(%rbx),%rbx  /* next handler in chain */ ;\
   testq   %rbx,%rbx   ;\
   jnz 6b  ;\
 Index: dev/pci/ppb.c
 ===
 RCS file: /cvs/src/sys/dev/pci/ppb.c,v
 retrieving revision 1.47
 diff -u -p -r1.47 ppb.c
 --- dev/pci/ppb.c 30 Dec 2010 00:58:22 -  1.47
 +++ dev/pci/ppb.c 6 Apr 2011 12:50:33 -
 @@ -142,7 +142,7 @@ ppbattach(struct device *parent, struct 
   pci_intr_handle_t ih;
   pcireg_t busdata, reg, blr;
   char *name;
 - int pin;
 + int pin, has_hotplug = 0;
  
   sc-sc_pc = pc;
   sc-sc_tag = pa-pa_tag;
 @@ -169,21 +169,9 @@ ppbattach(struct device *parent, struct 
   /* Check for PCI Express capabilities and setup hotplug support. */
   if (pci_get_capability(pc, pa-pa_tag, PCI_CAP_PCIEXPRESS,
   sc-sc_cap_off, reg)  (reg  PCI_PCIE_XCAP_SI)) {
 - if (pci_intr_map(pa, ih) == 0)
 - sc-sc_intrhand = pci_intr_establish(pc, ih, IPL_TTY,
 - ppb_intr, sc, self-dv_xname);
 -
 - if (sc-sc_intrhand) {
 + if (pci_intr_map(pa, ih) == 0) {
   printf(: %s, pci_intr_string(pc, ih));
 -
 - /* Enable hotplug interrupt. */
 - reg = pci_conf_read(pc, pa-pa_tag,
 - sc-sc_cap_off + PCI_PCIE_SLCSR);
 - reg |= (PCI_PCIE_SLCSR_HPE | PCI_PCIE_SLCSR_PDE);
 - pci_conf_write(pc, pa-pa_tag,
 - sc-sc_cap_off + PCI_PCIE_SLCSR, reg);
 -
 - timeout_set(sc-sc_to, ppb_hotplug_insert_finish, sc);
 + has_hotplug = 1;
   }
   }
  
 @@ -305,6 +293,22 @@ ppbattach(struct device *parent, struct 
   pba.pba_intrtag = pa-pa_intrtag;
  
   sc-sc_psc = config_found(self, pba, ppbprint);
 +
 + if (has_hotplug) {
 + sc-sc_intrhand = pci_intr_establish(pc, ih, IPL_TTY,
 + ppb_intr, sc, self-dv_xname);
 + if (sc-sc_intrhand) {
 +
 + /* Enable hotplug interrupt. */
 + reg = pci_conf_read(pc, pa-pa_tag,
 + sc-sc_cap_off + PCI_PCIE_SLCSR);
 + reg |= (PCI_PCIE_SLCSR_HPE | PCI_PCIE_SLCSR_PDE);
 + pci_conf_write(pc, pa-pa_tag,
 + sc-sc_cap_off + PCI_PCIE_SLCSR, reg);
 +
 + timeout_set(sc-sc_to, ppb_hotplug_insert_finish, sc);
 + }
 + }
  }
  
  int
 

-- 
:wq Claudio

Re: Performance degradation after upgrade

[Ted Unangst]

On Wed, Apr 6, 2011 at 9:55 AM, Claudio Jeker cje...@diehard.n-r-g.com wrote:
 Here is a better version that may get commited if it works for you.
 Currently only amd64 is fixed, we're looking into i386 to do the same
 dance with the interrupt return values.
 So the idea is to establish the interrupt handler for the ppb as last and
 jump out of interrupt processing if the handler returns 1 (HW was the
 source of interrupt). So we should not end up in the slow ppb interrupt
 handler unless it is actually a hotplug interrupt.

I think this is a very bad idea.  Not running ppb sounds like a good
idea, but jumping out is bad.  If you have two devices sharing, and
the first one is busy, the second will be starved.  Drivers don't even
return 1 accurately, wi is a good example of one that doesn't.  There
are many more.

Re: ARP and libpcap

[Alessandro Baggi]

Il 06/04/2011 15:26, Jan Stary ha scritto:

of of course
For some obscure reason :D, not really, to avoid problem as poisoning 
for insecure services.

Re: Performance degradation after upgrade

[Peter Hallin]

On 2011-04-06 16:43, Claudio Jeker wrote:
 
 Wait. It seems more is needed. Will come back when we have a better
 solution.
 

Alright. Your first quick fix is good enough for us, we don't use
expresscards in our firewalls.. ;)

I actually tested it on an older 4.4 fw that has been under heavy load
despite low traffic, and it was a drastic improvement.

When you are ready with a new diff against -current, I'll be happy to
test it with our stuff.

Until then, we are satisfied with disabling ppb hotplug completely.

//Peter

Re: network bandwith with em(4)

[Stuart Henderson]

On 2011-02-28, Manuel Guesdon ml+openbsd.m...@oxymium.net wrote:

 OK. Anyway NIC buffers restrict buffered packets number. But the problem
 remain: why a (for exemple) dual Xeon E5520@2.27GHz with Intel PRO/1000
 (82576) can't route 150kpps without Ierr :-)
 http://www.oxymium.net/tmp/core3-dmesg

So looking at this dmesg you have ppb and em sharing ints;
it wouldn't be a total surprise if the Performance degradation
after upgrade thread was relevant:

http://comments.gmane.org/gmane.os.openbsd.misc/184121

Re: Anyone using IPcomp and/or PPP-deflate?

[Matthew Dempsky]

On Fri, Apr 1, 2011 at 11:01 AM, Matthew Dempsky matt...@dempsky.org wrote:
 For the time being, I'd suggest anyone concerned ensure ipcomp
 processing is disabled; i.e., make sure sysctl
 net.inet.ipcomp.enable is set to 0.  (And like I said, it's disabled
 by default.)

If there are any IPComp users out there, markus@ has just committed
the following diff to prevent IPComp-induced workq loops:

http://www.openbsd.org/cgi-bin/cvsweb/src/sys/netinet/ipsec_input.c.diff?
r1=1.101;r2=1.102;f=h

I also suggest that if you're configuring IPComp on a host with IP
forwarding enabled (on any platform, not just OpenBSD), that you
should only use IPComp in conjunction with IPsec (i.e., ESP or AH).
Otherwise there's a risk of routing loops.

Upgrade i386 to amd64

[Steven R. Gerber]

I ran the upgrade from CD.
I want to be sure that packages are OK.
Is pkg_add -u sufficient?  (It looks like nothing changed.)
Should I try pkg_add -u -D update or something else?

Thanks,
Steven

Re: Upgrade i386 to amd64

[Nick Holland]

On 04/06/11 18:46, Steven R. Gerber wrote:
 I ran the upgrade from CD.

from i386 to amd64?  No.  Don't do this.

Boot off the CD again, and this time pick install.
You can save your /home directory and config files.

amd64 and i386, for OpenBSD, are totally different platforms.  You can't
upgrade from one platform to another safely, you have to reinstall.

 I want to be sure that packages are OK.
 Is pkg_add -u sufficient?  (It looks like nothing changed.)
 Should I try pkg_add -u -D update or something else?

nuke from orbit, only way to be sure.

Sure, you might be able to get away with this, but one left over library
or binary will really ruin your day at some point.

Nick.

¿Necesita un diseñador Gráfico? sólo us$300.00 por mes

[OFERTA DISEÑO GRÁFICO]

No puede ver la imagen correctamente? Si quiere ver una versiC3n online de
este anuncio haga clic en el siguiente link:
http://www.panamacorreo.com/mail/display.php?M=176375C=45ce1208ba75b76cbc4c66d66bf5a405S=18L=1N=16


Marzo - 2011
CONFIRMAR SUSCRIPCICN  ELIMINAR SUSCRIPCICN

PROMOCICN PARA EL MES DE MARZO



MicroKey Group le ofrece el servicio de diseC1ador grC!fico mensual, un
plan pensado para empresas que necesitan de estos servicios a un precio
competitivo. ObtendrC! un diseC1ador grC!fico con experiencia colaborando
en sus proyectos de negocios. Este plan abarca el diseC1o de: banners,
vallas, logos, artes para revistas y periC3dicos, tapas de libros,
tarjetas (cumpleaC1os, fechas especiales, fiestas decembrinas), membretes,
calendarios, mailers, volantes, artes para muppies, tarjetas de
presentaciC3n, afiches, sobres, carC!tulas de CD, retoque fotogrC!fico,
gigantografC-as, etc.Le ofrecemos este servicio por sC3lo $300 mensuales.

Haga clic aquC- para contactarnos o leer mC!s sobre nuestras ofertas


Recuerde que aceptamos pagos por Tarjetas de CrC)dito, PayPal, Cheque,
Transferencia bancarias, Western Union o pago en efectivo.

Otros Servicios que Ofrece MicroKey Group
- Email Marketing en AmC)rica Latina, Europa, EE.UU. y CanadC!.
- Servicio de Hospedaje Web, Hosting Reseller y Servidores Dedicados.
- Registros de Dominios .com .net .org .biz .info .us .eu .com.pa .cc .es
it
- Servidores Dedicados para Email Marketing (Su propio sistema de
marketing por correo)
- AdministraciC3n de CampaC1as en Facebook, Google, Yahoo y Messenger
Ads.
- Entre otros.



MicroKey Group
VC-a Ricardo J. Alfaro, The Century Tower, Piso #4
Tel. (507) 360-5858
Usted ha recibido este correo porque en algC:n momento nos indicC3 su
interC)s en recibir promociones o nos fue recomendado por otro de nuestros
usuarios o web sites aliados.Respetamos su derecho de privacidad y le
invitamos a darse de baja de nuestra lista de correos si no desea recibir
promociones, favor hacer clic aquC- para eliminar permanentemente su
suscripciC3n

You have received this email because at some point we indicated interest
in us promoting or recommended by other users or our partners web sites.

We respect your right and invite you to unsubscribe from our mailing list
if you want to receive promotions, Unsubscribe me from this list



MicroKey IT maneja un estricto y seguro mail marketing en internet,
cumpliendo con todas las polC-ticas Anti-Spam internacionales.
Click this link to unsubscribe:
http://www.panamacorreo.com/mail/unsubscribe.php?M=176375C=45ce1208ba75b76cbc4c66d66bf5a405L=1N=18

Re: svnserve and SASL

[Maxim Nazarenko]

Hello

I have nearly identical setup and my problem is the same: SASL(-13):
user not found: no
secret in database. My file locations and permissions seem to be
correct, however svnserve dtill doesn't work. What did you do to solve
it?

Best regards,
Maxim Nazarenko

On 5 August 2010 00:38,  m...@umaxx.net wrote:
 Hi,

 just for the archives I'm answering to my own questions below:

 I found the solution to that problem via ktrace/kdump. Starting
 svnserve with ktrace revealed that the process tries to
 read: /usr/local/lib/sasl2/svn.conf
 Furthermore the .db extension is not required in this file and no
 special flags are required to create the password file.

 Regards,

 JC6rg

 On Sun, 25 Jul 2010 12:45:50 +0200
 umaxx um...@oleco.net wrote:

 Hi,

 I'm having trouble to get svnserve + SASL to work under OpenBSD 4.7
 stable.

 When I try to checkout I always get:
 svn: Authentication error from server: SASL(-13): user not found: no
 secret in database

 Here is my config:

 # cat /var/svn/myrepo/conf/svnserve.conf
 [general]
 # anon-access = read
 # auth-access = write
 # password-db = passwd
 # authz-db = authz
 realm = myrepo
 [sasl]
 use-sasl = true
 # min-encryption = 0
 # max-encryption = 256

 # cat /usr/local/lib/sasl2/subversion.conf
 pwcheck_method: auxprop
 auxprop_plugin: sasldb
 sasldb_path: /etc/svn-sasldb2
 mech_list: ANONYMOUS DIGEST-MD5

 This is how I create the user:

 # saslpasswd2 -c -f /etc/svn-sasldb2 -u myrepo username

 Some questions which might help me to debug/solve the problem:

 - can I get SASL to log somewhere on the server (I tried log_level: 7
 in subversion.conf without success already)?
 - what is the correct name for SASL app config file:
 /usr/local/lib/sasl2/svn.conf or /usr/local/lib/sasl2/subversion.conf
 or what?
 - what is the correct sasldb_path in this file: with or without .db
 extension (saslpasswd2 seems to append .db automatically)?
 - do I need to add some special flags or something to use saslpasswd2
 with DIGEST-MD5 or should I create the svn-sasldb2 in a different way?

 Any hints are welcome.

 Thanks in advance,
 Regards,

 JC6rg

Re: Upgrade i386 to amd64

[Amit Kulkarni]

Is this in the FAQ? Never thought I would read such a question.

On Wed, Apr 6, 2011 at 7:06 PM, Nick Holland
n...@holland-consulting.net wrote:
 On 04/06/11 18:46, Steven R. Gerber wrote:
 I ran the upgrade from CD.

 from i386 to amd64?  No.  Don't do this.

 Boot off the CD again, and this time pick install.
 You can save your /home directory and config files.

 amd64 and i386, for OpenBSD, are totally different platforms.  You can't
 upgrade from one platform to another safely, you have to reinstall.

 I want to be sure that packages are OK.
 Is pkg_add -u sufficient?  (It looks like nothing changed.)
 Should I try pkg_add -u -D update or something else?

 nuke from orbit, only way to be sure.

 Sure, you might be able to get away with this, but one left over library
 or binary will really ruin your day at some point.

 Nick.

Re: Upgrade i386 to amd64

[Steven R. Gerber]

On 4/6/2011 8:57 PM, Amit Kulkarni wrote:
 Is this in the FAQ? Never thought I would read such a question.
 
 On Wed, Apr 6, 2011 at 7:06 PM, Nick Holland
 n...@holland-consulting.net wrote:
 On 04/06/11 18:46, Steven R. Gerber wrote:
 I ran the upgrade from CD.

 from i386 to amd64?  No.  Don't do this.

 Boot off the CD again, and this time pick install.
 You can save your /home directory and config files.

 amd64 and i386, for OpenBSD, are totally different platforms.  You can't
 upgrade from one platform to another safely, you have to reinstall.

 I want to be sure that packages are OK.
 Is pkg_add -u sufficient?  (It looks like nothing changed.)
 Should I try pkg_add -u -D update or something else?

 nuke from orbit, only way to be sure.

 Sure, you might be able to get away with this, but one left over library
 or binary will really ruin your day at some point.

 Nick.
 
 
 

Sorry for the stupid question?
But, this is a real scenario.
Testing for bug system/6586: rdist (file larger than 2GB) times out but
will not die.
I need(ed) one of my configured/development machines to go from i386 to
amd64.  I did not want to lose my configuration in /etc nor /home nor
/root ...
In the bigger picture, many users/admins will probably be doing similar
things as we can use more physical memory.
An appropriate FAQ entry would be terrific.

I did save my /etc, /home, /root, etc. to an array
and did a full reinstall.
Some thoughts: Having to redo partitions/mounts was a pain.
Going through /etc manually or by sysmerge is tedious.

Thanks,
Steven

atheros ar5b95 (toss it or keep it?)

[patrick keshishian]

my netbook came with atheros ar5b95 which doesn't seem to be
supported. it shows up as athn0 but running `ifconfig athn0 scan`
hangs the netbook.

my question is whether there is any hope that this half mini pcie(?)
card will ever work with openbsd? Or am i better off tossing it and
getting something like an Intel 622AN.HMWWB Mini PCI Express 6200
Centrino? I am assuming the Intel one will work with iwn driver.

--patrick

Re: Upgrade i386 to amd64

[Steven R. Gerber]

On 4/7/2011 1:01 AM, Abel Abraham Camarillo Ojeda wrote:
 On Wed, Apr 6, 2011 at 11:37 PM, Steven R. Gerber
 sger...@gerber-systems.com wrote:
 
Going through /etc manually or by sysmerge is tedious.

 
 I wish we had some kind of super-black-magic-mind-reading-hyper-sysmerge 
 tool...
 
 

Dear Abel,
That was unnecessary.
My point was that migrating from 4.8/i386 to 4.8/amd64 requires
virtually no changes to main /etc.
But, a fresh install (not an upgrade) makes me (re)verify all of /etc.
The upgrade FAQ 4.7 - 4.8 was fairly clear about what parts of /etc
were touched and needed special attention.

Thanks,
Steven