Re: PF sync doesn't not work very well
Hi, Thanks for your reply. I wasn't careful about this section. If i understand i must add defer option to my WAN iface (or i'm wrong i must add it to my vlan995 iface ?) ? I will test it this morning, and i return back to misc :) -- Best regards, Loïc BLOT, UNIX systems, security and network expert http://www.unix-experience.fr Le mercredi 03 juillet 2013 à 02:02 +0200, mxb a écrit : pfsync(4) explains this: ⦠The pfsync interface will attempt to collapse multiple state updates into a single packet where possible. The maximum number of times a single state can be updated before a pfsync packet will be sent out is controlled by the maxupd parameter ⦠and ⦠Where more than one firewall might actively handle packets, e.g. with certain ospfd(8), bgpd(8) or carp(4) configurations, it is beneficial to defer transmission of the initial packet of a connection. The pfsync state insert message is sent immediately; the packet is queued until either this message is acknowledged by another system, or a timeout has expired. This behaviour is enabled with the defer parameter to ifconfig(8). ⦠Eg. defer: on, yours is off. //mxb On 2 jul 2013, at 21:54, Loïc BLOT loic.b...@unix-experience.fr wrote: Hi all I have a strange issue (or i haven't read pfsync correctly but i don't think this is the problem :D) I'm using 2 OpenBSD as BGP+OSPF routers at the border of one site. Those BGP routers are secure with strong PF in stateful mode, and the stateful is working very well on each router. Because of my full mesh BGP configuration, the outgoing layer 7 sessions can leave my network by one router and responses can income by the other. To resolve this issue, i have created a dedidated VLAN for the pfsync traffic and attached pfsync to this VLAN. Here is a sample output of ifconfig on my first router: vlan995: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr a0:36:9f:10:4a:a6 priority: 0 vlan: 995 parent interface: trunk1 groups: vlan status: active inet6 fe80::a236:9fff:fe10:4aa6%vlan995 prefixlen 64 scopeid 0x10 inet 10.117.1.129 netmask 0xfff8 broadcast 10.117.1.135 pfsync0: flags=41UP,RUNNING mtu 1500 priority: 0 pfsync: syncdev: vlan995 maxupd: 255 defer: off groups: carp pfsync And here on my second router: vlan995: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr a0:36:9f:17:e2:1e priority: 0 vlan: 995 parent interface: trunk1 groups: vlan status: active inet6 fe80::a236:9fff:fe17:e21e%vlan995 prefixlen 64 scopeid 0x10 inet 10.117.1.130 netmask 0xfff8 broadcast 10.117.1.135 pfsync0: flags=41UP,RUNNING mtu 1500 priority: 0 pfsync: syncdev: vlan995 maxupd: 255 defer: off groups: carp pfsync As you see in next tcpdump capture, there is some discussions between the two routers: # tcpdump -nni vlan995 tcpdump: listening on vlan995, link-type EN10MB tcpdump: WARNING: compensating for unaligned libpcap packets 23:41:13.699617 10.117.1.130: PFSYNCv6 len 108 act UPD ST COMP count 1 ... (DF) [tos 0x10] 23:41:14.158500 10.117.1.129: PFSYNCv6 len 108 act UPD ST COMP count 1 ... (DF) [tos 0x10] 23:41:14.941396 SSTP STP config root=83e3.0:a:b8:7b:27:80 rootcost=3 bridge=c3e3.0:17:e:2e:f:80 port=142 ifcost=130 age=1/0 max=20/0 hello=2/0 fwdelay=15/0 pvid=995 23:41:14.949617 10.117.1.130: PFSYNCv6 len 108 act UPD ST COMP count 1 ... (DF) [tos 0x10] 23:41:15.237655 10.117.1.129: PFSYNCv6 len 640 act UPD ST COMP count 1 ... (DF) [tos 0x10] 23:41:15.949617 10.117.1.130: PFSYNCv6 len 124 act UPD ST COMP count 1 ... (DF) [tos 0x10] 23:41:16.255230 10.117.1.129: PFSYNCv6 len 36 act DEL ST COMP count 1 id: 51d16a356c33 creatorid: a10bbd21 (DF) [tos 0x10] 23:41:16.946454 SSTP STP config root=83e3.0:a:b8:7b:27:80 rootcost=3 bridge=c3e3.0:17:e:2e:f:80 port=142 ifcost=130 age=1/0 max=20/0 hello=2/0 fwdelay=15/0 pvid=995 23:41:16.949619 10.117.1.130: PFSYNCv6 len 1116 act UPD ST COMP count 13 ... (DF) [tos 0x10] The problem is simple, when i initiate a stateful connection from one server, the return (by second router) is blocked by PF (i see the return with pflog0) To be precise here is an example (and tested path): OBSD NTP - OBSD router 1 - WAN...ftp.fr.openbsd.org...WAN - OBSD router 2 || blocked PF allow in/out routing traffic from this server but incoming from WAN is blocked by default Can you confirm to me that pfsync may add a state for outgoing tcp connection in the second router when the first router add it ? Have you got any idea on this issue ? -- Best regards, Loïc BLOT, UNIX systems, security and network
Re: Compiling and debugging custom ralink driver for 5.3 GENERIC (release)
Nathan Goings wrote: I purchased an Edimax EW-7128Gn that contains a ralink RT3060 chip and it's unrecognized. dmesg: vendor Ralink, unknown product 0x3060 (class network subclass miscellaneous, rev 0x00) at pci4 dev 0 function 0 not configured The documentation says a/g/n but this is a b/g/n. Ralink's drivers use the same firmware across what is supported and the 3060. The linux drivers are grouped in the 2860/3062 (which is supported). Plus the official drivers are open source! So my plan was to force the 3062 (later the 2860) onto the 3060 and see if it worked. Otherwise compare the linux drivers between 2860/3060/3062/3090 and compare the OpenBSD ralink between 2561/2561S/2661/2860 (per sys/dev/pci/if_ral_pci.c) and make the required changes (EEPROM? microcode?) Here's my problem, upon updating /sys/dev/pci/pcidevs (also changed pcidevs.h and pcidevs_data.h, unsure how they are auto-generated) AFAICT it's: - update /sys/dev/pci/pcidevs - run make in /sys/dev/pci/ (see /sys/dev/pci/Makefile for the details) I then updated sys/dev/pci/if_ral_pci.c (and associated cardbus) for pci_matchid ral_pci_devices so that the 3060 is matched by the ralink driver (and by default switch case the rt2860 is used) I still get unknown product 0x3060...not configured in dmesg. AFAIK this is step one. Assuming you added the PCI IDs correctly, the driver's attach function should run. However, to the best of my understanding, you chose a more or less random attach function for your unsupported device. My guess is that the attach function didn't run, or hasn't got the proper support for your device and therefore fails, leaving you with a not configured device. (Frankly, step one should be to first compare drivers and see if OpenBSD has the code necessary to support your device and add the missing pieces, instead of semi-randomly trying to run some OpenBSD code on your unsupported device. Also beware of differences in how the code is licensed in case you want to literally copy stuff.) pcidevs entry: (and correct changes in .h and _data.h) product RALINK RT30600x3060RT3060 and for completeness, I'm successfully building and installing a GENERIC kernal *and* userland. First, how do I correctly compile and associate a not configured product to a specific driver, and second, how do I debug such an association?
Re: Still unable to compile binaries :(
Thanks Phil. Your advice worked out. It is quite sad that I can't run parallel compile while building system, but this definitely wont stop me from using OBSD! On 7/3/2013 0:50 AM, Philip Guenther wrote: On Tue, Jul 2, 2013 at 2:19 PM, jV j...@dodec.lt wrote: ... then I followed instructions here: http://www.openbsd.org/stable.html#building ... The build command was issued with *make -j8 build* Not quite: that webpage doesn't suggest using -j8. Indeed, there have been many fixes to the Makefiles to have them work with parallel make, but it looks to me like the Makefile in that kerberosV subdir never got the required dependencies to be reliable with parallel make. A close look shows that it appears to have tried to compile slc-lex.c before yacc finished writing y.tab.h: === kerberosV/usr.sbin/kadmin yacc -d /usr/src/kerberosV/usr.sbin/kadmin/../../src/lib/sl/slc-gram.y lex /usr/src/kerberosV/usr.sbin/kadmin/../../src/lib/sl/slc-lex.l cc -O2 -pipe -DHAVE_CONFIG_H -DBINDIR=\/usr/bin\ -DSBINDIR=\/usr/sbin\ -DLIBEXECDIR=\/usr/libexec\ -DSYSCONFDIR=\/etc/kerberosV\ -I/usr/include/kerberosV -I/usr/src/ker usr.sbin/kadmin/../../src/lib/roken -I/usr/src/kerberosV/usr.sbin/kadmin/../../src/include -I/usr/src/kerberosV/usr.sbin/kadmin/../../src/lib/sl -I/usr/src/kerberosV/usr.sbin/ka berosV/usr.sbin/kadmin/../../src/lib/krb5 -I/usr/src/kerberosV/usr.sbin/kadmin/../../src/lib/kadm5 -I. -c -o slc-lex.o lex.yy.c /usr/src/kerberosV/usr.sbin/kadmin/../../src/lib/sl/slc-lex.l: In function 'yylex': /usr/src/kerberosV/usr.sbin/kadmin/../../src/lib/sl/slc-lex.l:57: error: 'yylval' undeclared (first use in this function) /usr/src/kerberosV/usr.sbin/kadmin/../../src/lib/sl/slc-lex.l:57: error: (Each undeclared identifier is reported only once /usr/src/kerberosV/usr.sbin/kadmin/../../src/lib/sl/slc-lex.l:57: error: for each function it appears in.) /usr/src/kerberosV/usr.sbin/kadmin/../../src/lib/sl/slc-lex.l:58: error: 'LITERAL' undeclared (first use in this function) /usr/src/kerberosV/usr.sbin/kadmin/../../src/lib/sl/slc-lex.l:60: error: 'STRING' undeclared (first use in this function) These are defined in y.tab.h, which is created by yacc -d This might have been fixed in -current by the import of the newer version of heimdal, but I don't have time to check right now. I suggest you stop using parallel make unless you know the build works with it. Philip Guenther
Re: Still unable to compile binaries :(
Hi Marc, can you please be more specific here ? Thanks, On 7/3/2013 7:37 AM, Marc Espie wrote: On Tue, Jul 02, 2013 at 02:50:08PM -0700, Philip Guenther wrote: These are defined in y.tab.h, which is created by yacc -d This might have been fixed in -current by the import of the newer version of heimdal, but I don't have time to check right now. I suggest you stop using parallel make unless you know the build works with it. It may even have been fixed after 5.3 prior the import of new heimdal... bad luck. Carefully check the commits to the Makefile in that directory, you should be able to pick the wee little part you need.
Re: PF sync doesn't not work very well
Okay, defer is now enabled on pfsync interface (sorry for my last idea, i haven't the man on me :) ). It seems the problem isn't resolved. The transfer starts but blocked at random time. -- Best regards, Loïc BLOT, Engineering UNIX Systems, Security and Networks http://www.unix-experience.fr Le mercredi 03 juillet 2013 à 08:12 +0200, Loïc BLOT a écrit : Hi, Thanks for your reply. I wasn't careful about this section. If i understand i must add defer option to my WAN iface (or i'm wrong i must add it to my vlan995 iface ?) ? I will test it this morning, and i return back to misc :) -- Best regards, Loc BLOT, UNIX systems, security and network expert http://www.unix-experience.fr Le mercredi 03 juillet 2013 02:02 +0200, mxb a crit : pfsync(4) explains this: The pfsync interface will attempt to collapse multiple state updates into a single packet where possible. The maximum number of times a single state can be updated before a pfsync packet will be sent out is controlled by the maxupd parameter and Where more than one firewall might actively handle packets, e.g. with certain ospfd(8), bgpd(8) or carp(4) configurations, it is beneficial to defer transmission of the initial packet of a connection. The pfsync state insert message is sent immediately; the packet is queued until either this message is acknowledged by another system, or a timeout has expired. This behaviour is enabled with the defer parameter to ifconfig(8). Eg. defer: on, yours is off. //mxb On 2 jul 2013, at 21:54, Loc BLOT loic.b...@unix-experience.fr wrote: Hi all I have a strange issue (or i haven't read pfsync correctly but i don't think this is the problem :D) I'm using 2 OpenBSD as BGP+OSPF routers at the border of one site. Those BGP routers are secure with strong PF in stateful mode, and the stateful is working very well on each router. Because of my full mesh BGP configuration, the outgoing layer 7 sessions can leave my network by one router and responses can income by the other. To resolve this issue, i have created a dedidated VLAN for the pfsync traffic and attached pfsync to this VLAN. Here is a sample output of ifconfig on my first router: vlan995: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr a0:36:9f:10:4a:a6 priority: 0 vlan: 995 parent interface: trunk1 groups: vlan status: active inet6 fe80::a236:9fff:fe10:4aa6%vlan995 prefixlen 64 scopeid 0x10 inet 10.117.1.129 netmask 0xfff8 broadcast 10.117.1.135 pfsync0: flags=41UP,RUNNING mtu 1500 priority: 0 pfsync: syncdev: vlan995 maxupd: 255 defer: off groups: carp pfsync And here on my second router: vlan995: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr a0:36:9f:17:e2:1e priority: 0 vlan: 995 parent interface: trunk1 groups: vlan status: active inet6 fe80::a236:9fff:fe17:e21e%vlan995 prefixlen 64 scopeid 0x10 inet 10.117.1.130 netmask 0xfff8 broadcast 10.117.1.135 pfsync0: flags=41UP,RUNNING mtu 1500 priority: 0 pfsync: syncdev: vlan995 maxupd: 255 defer: off groups: carp pfsync As you see in next tcpdump capture, there is some discussions between the two routers: # tcpdump -nni vlan995 tcpdump: listening on vlan995, link-type EN10MB tcpdump: WARNING: compensating for unaligned libpcap packets 23:41:13.699617 10.117.1.130: PFSYNCv6 len 108 act UPD ST COMP count 1 ... (DF) [tos 0x10] 23:41:14.158500 10.117.1.129: PFSYNCv6 len 108 act UPD ST COMP count 1 ... (DF) [tos 0x10] 23:41:14.941396 SSTP STP config root=83e3.0:a:b8:7b:27:80 rootcost=3 bridge=c3e3.0:17:e:2e:f:80 port=142 ifcost=130 age=1/0 max=20/0 hello=2/0 fwdelay=15/0 pvid=995 23:41:14.949617 10.117.1.130: PFSYNCv6 len 108 act UPD ST COMP count 1 ... (DF) [tos 0x10] 23:41:15.237655 10.117.1.129: PFSYNCv6 len 640 act UPD ST COMP count 1 ... (DF) [tos 0x10] 23:41:15.949617 10.117.1.130: PFSYNCv6 len 124 act UPD ST COMP count 1 ... (DF) [tos 0x10] 23:41:16.255230 10.117.1.129: PFSYNCv6 len 36 act DEL ST COMP count 1 id: 51d16a356c33 creatorid: a10bbd21 (DF) [tos 0x10] 23:41:16.946454 SSTP STP config root=83e3.0:a:b8:7b:27:80 rootcost=3 bridge=c3e3.0:17:e:2e:f:80 port=142 ifcost=130 age=1/0 max=20/0 hello=2/0 fwdelay=15/0 pvid=995 23:41:16.949619 10.117.1.130: PFSYNCv6 len 1116 act UPD ST COMP count 13 ... (DF) [tos 0x10] The problem is simple, when i initiate a stateful connection from one server, the return (by second router) is blocked by PF (i see the return with pflog0) To be precise here
Re: PF sync doesn't not work very well
How does your CARP setup looks like. On both machines? Can you send your ifconfig output? What is your environment/setup for this 2-node CARP? How interfaces (ext/int) are connected? What switches do you use? On 3 jul 2013, at 10:23, Loïc Blot loic.b...@unix-experience.fr wrote: Okay, defer is now enabled on pfsync interface (sorry for my last idea, i haven't the man on me :) ). It seems the problem isn't resolved. The transfer starts but blocked at random time. -- Best regards, Loïc BLOT, Engineering UNIX Systems, Security and Networks http://www.unix-experience.fr Le mercredi 03 juillet 2013 à 08:12 +0200, Loïc BLOT a écrit : Hi, Thanks for your reply. I wasn't careful about this section. If i understand i must add defer option to my WAN iface (or i'm wrong i must add it to my vlan995 iface ?) ? I will test it this morning, and i return back to misc :) -- Best regards, Loc BLOT, UNIX systems, security and network expert http://www.unix-experience.fr Le mercredi 03 juillet 2013 02:02 +0200, mxb a crit : pfsync(4) explains this: The pfsync interface will attempt to collapse multiple state updates into a single packet where possible. The maximum number of times a single state can be updated before a pfsync packet will be sent out is controlled by the maxupd parameter and Where more than one firewall might actively handle packets, e.g. with certain ospfd(8), bgpd(8) or carp(4) configurations, it is beneficial to defer transmission of the initial packet of a connection. The pfsync state insert message is sent immediately; the packet is queued until either this message is acknowledged by another system, or a timeout has expired. This behaviour is enabled with the defer parameter to ifconfig(8). Eg. defer: on, yours is off. //mxb On 2 jul 2013, at 21:54, Loc BLOT loic.b...@unix-experience.fr wrote: Hi all I have a strange issue (or i haven't read pfsync correctly but i don't think this is the problem :D) I'm using 2 OpenBSD as BGP+OSPF routers at the border of one site. Those BGP routers are secure with strong PF in stateful mode, and the stateful is working very well on each router. Because of my full mesh BGP configuration, the outgoing layer 7 sessions can leave my network by one router and responses can income by the other. To resolve this issue, i have created a dedidated VLAN for the pfsync traffic and attached pfsync to this VLAN. Here is a sample output of ifconfig on my first router: vlan995: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr a0:36:9f:10:4a:a6 priority: 0 vlan: 995 parent interface: trunk1 groups: vlan status: active inet6 fe80::a236:9fff:fe10:4aa6%vlan995 prefixlen 64 scopeid 0x10 inet 10.117.1.129 netmask 0xfff8 broadcast 10.117.1.135 pfsync0: flags=41UP,RUNNING mtu 1500 priority: 0 pfsync: syncdev: vlan995 maxupd: 255 defer: off groups: carp pfsync And here on my second router: vlan995: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr a0:36:9f:17:e2:1e priority: 0 vlan: 995 parent interface: trunk1 groups: vlan status: active inet6 fe80::a236:9fff:fe17:e21e%vlan995 prefixlen 64 scopeid 0x10 inet 10.117.1.130 netmask 0xfff8 broadcast 10.117.1.135 pfsync0: flags=41UP,RUNNING mtu 1500 priority: 0 pfsync: syncdev: vlan995 maxupd: 255 defer: off groups: carp pfsync As you see in next tcpdump capture, there is some discussions between the two routers: # tcpdump -nni vlan995 tcpdump: listening on vlan995, link-type EN10MB tcpdump: WARNING: compensating for unaligned libpcap packets 23:41:13.699617 10.117.1.130: PFSYNCv6 len 108 act UPD ST COMP count 1 ... (DF) [tos 0x10] 23:41:14.158500 10.117.1.129: PFSYNCv6 len 108 act UPD ST COMP count 1 ... (DF) [tos 0x10] 23:41:14.941396 SSTP STP config root=83e3.0:a:b8:7b:27:80 rootcost=3 bridge=c3e3.0:17:e:2e:f:80 port=142 ifcost=130 age=1/0 max=20/0 hello=2/0 fwdelay=15/0 pvid=995 23:41:14.949617 10.117.1.130: PFSYNCv6 len 108 act UPD ST COMP count 1 ... (DF) [tos 0x10] 23:41:15.237655 10.117.1.129: PFSYNCv6 len 640 act UPD ST COMP count 1 ... (DF) [tos 0x10] 23:41:15.949617 10.117.1.130: PFSYNCv6 len 124 act UPD ST COMP count 1 ... (DF) [tos 0x10] 23:41:16.255230 10.117.1.129: PFSYNCv6 len 36 act DEL ST COMP count 1 id: 51d16a356c33 creatorid: a10bbd21 (DF) [tos 0x10] 23:41:16.946454 SSTP STP config root=83e3.0:a:b8:7b:27:80 rootcost=3 bridge=c3e3.0:17:e:2e:f:80 port=142 ifcost=130 age=1/0 max=20/0 hello=2/0 fwdelay=15/0 pvid=995 23:41:16.949619 10.117.1.130: PFSYNCv6 len 1116 act UPD ST COMP count 13 ... (DF) [tos 0x10] The problem is simple, when i initiate a stateful connection from one server, the return (by second router) is
Hang possibly related to pipex
I have a machine that has been serving as NAT gateway and VPN server
(both pptp/poptop and openvpn) since 5.0 without problems.
On 5.2 I switched poptop to npppd compiled from sources and was very
happy with it. With release of 5.3 I added second machine as CARP
failover backup.
In last 10 days machine hanged twice. I do not have hang message from
the first time, but this time i read this:
uvm_fault(0xd8f5f680, 0x0, 0, 3) - e
kernel: page fault trap, code=0
Stopped at pipex_close_session+0xc4: movl %eax,0x6c(%exc)
ddb{3}
Below is my dmesg:
OpenBSD 5.3 (GENERIC.MP) #58: Tue Mar 12 18:43:53 MDT 2013
dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC.MP
cpu0: Intel(R) Xeon(R) CPU E5420 @ 2.50GHz (GenuineIntel 686-class) 2.51 GHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,LONG,SSE3,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,DCA,SSE4.1,LAHF,PERF
real mem = 2145267712 (2045MB)
avail mem = 2099216384 (2001MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 12/31/99, BIOS32 rev. 0 @ 0xf, SMBIOS
rev. 2.4 @ 0xee000 (68 entries)
bios0: vendor HP version P58 date 07/10/2009
bios0: HP ProLiant DL360 G5
acpi0 at bios0: rev 2
acpi0: sleep states S0 S4 S5
acpi0: tables DSDT FACP SPCR MCFG HPET SPMI ERST APIC BERT HEST SSDT
acpi0: wakeup devices PCI0(S5)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimcfg0 at acpi0 addr 0xe000, bus 0-255
acpihpet0 at acpi0: 14318179 Hz
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: apic clock running at 333MHz
cpu1 at mainbus0: apid 2 (application processor)
cpu1: Intel(R) Xeon(R) CPU E5420 @ 2.50GHz (GenuineIntel 686-class) 2.51 GHz
cpu1:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,LONG,SSE3,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,DCA,SSE4.1,LAHF,PERF
cpu2 at mainbus0: apid 1 (application processor)
cpu2: Intel(R) Xeon(R) CPU E5420 @ 2.50GHz (GenuineIntel 686-class) 2.51 GHz
cpu2:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,LONG,SSE3,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,DCA,SSE4.1,LAHF,PERF
cpu3 at mainbus0: apid 3 (application processor)
cpu3: Intel(R) Xeon(R) CPU E5420 @ 2.50GHz (GenuineIntel 686-class) 2.51 GHz
cpu3:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,LONG,SSE3,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,DCA,SSE4.1,LAHF,PERF
ioapic0 at mainbus0: apid 8 pa 0xfec0, version 20, 24 pins
ioapic1 at mainbus0: apid 9 pa 0xfec8, version 20, 24 pins
acpiprt0 at acpi0: bus 1 (IP2P)
acpiprt1 at acpi0: bus 11 (IPE1)
acpiprt2 at acpi0: bus 10 (IPE4)
acpiprt3 at acpi0: bus 16 (P2P2)
acpiprt4 at acpi0: bus 9 (PT02)
acpiprt5 at acpi0: bus 6 (PT03)
acpiprt6 at acpi0: bus 19 (PT04)
acpiprt7 at acpi0: bus 3 (NB01)
acpiprt8 at acpi0: bus 5 (NB02)
acpiprt9 at acpi0: bus 0 (PCI0)
acpicpu0 at acpi0: C3, C1
acpicpu1 at acpi0: C3, C1
acpicpu2 at acpi0: C3, C1
acpicpu3 at acpi0: C3, C1
acpitz0 at acpi0: critical temperature is 31 degC
bios0: ROM list: 0xc/0xb000 0xcc400/0x4000 0xe6000/0x2000!
ipmi at mainbus0 not configured
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 0 function 0 Intel 5000P Host rev 0xb1
ppb0 at pci0 dev 2 function 0 Intel 5000 PCIE rev 0xb1
pci1 at ppb0 bus 9
ppb1 at pci1 dev 0 function 0 Intel 6321ESB PCIE rev 0x01
pci2 at ppb1 bus 10
ppb2 at pci2 dev 0 function 0 Intel 6321ESB PCIE rev 0x01
pci3 at ppb2 bus 11
ppb3 at pci2 dev 1 function 0 Intel 6321ESB PCIE rev 0x01
pci4 at ppb3 bus 14
ppb4 at pci2 dev 2 function 0 Intel 6321ESB PCIE rev 0x01
pci5 at ppb4 bus 15
ppb5 at pci1 dev 0 function 3 Intel 6321ESB PCIE-PCIX rev 0x01
pci6 at ppb5 bus 16
ppb6 at pci0 dev 3 function 0 Intel 5000 PCIE rev 0xb1
pci7 at ppb6 bus 6
ciss0 at pci7 dev 0 function 0 Hewlett-Packard Smart Array rev 0x04: apic 8
int 16
ciss0: 1 LD, HW rev 4, FW 7.08/7.08, 64bit fifo
scsibus0 at ciss0: 1 targets
sd0 at scsibus0 targ 0 lun 0: HP, LOGICAL VOLUME, 7.08 SCSI3 0/direct fixed
sd0: 139979MB, 512 bytes/sector, 286677120 sectors
ppb7 at pci0 dev 4 function 0 Intel 5000 PCIE x8 rev 0xb1
pci8 at ppb7 bus 19
em0 at pci8 dev 0 function 0 Intel PRO/1000 MT (82574L) rev 0x00: msi,
address 2c:27:d7:15:20:67
ppb8 at pci0 dev 5 function 0 Intel 5000 PCIE rev 0xb1
pci9 at ppb8 bus 22
ppb9 at pci0 dev 6 function 0 Intel 5000 PCIE rev 0xb1
pci10 at ppb9 bus 2
ppb10 at pci10 dev 0 function 0 ServerWorks PCIE-PCIX rev 0xc3
pci11 at ppb10 bus 3
bnx0 at pci11 dev 0 function 0 Broadcom BCM5708 rev 0x12: apic 8 int 18
ppb11 at pci0 dev 7 function 0 Intel 5000 PCIE rev 0xb1
pci12 at ppb11 bus 4
ppb12 at pci12 dev 0 function 0 ServerWorks PCIE-PCIX rev 0xc3
pci13 at ppb12 bus 5
bnx1 at pci13 dev 0 function 0 Broadcom BCM5708 rev 0x12: apic 8
Re: PF sync doesn't not work very well
Hello, no carp is used at this time. My configuration on each router is simple: em0 + em3 = trunk0 em1 + em2 = trunk1 4 interco vlan (at this time, only 2 are active, 1 for a BGP neighbor IPv4, 1 for a BGP neighbor IPv6) on trunk0 vlan 50 + vlan 90 + vlan995 on trunk1 pfsync on vlan 995 -- Best regards, Loïc BLOT, Engineering UNIX Systems, Security and Networks http://www.unix-experience.fr Le mercredi 03 juillet 2013 à 12:47 +0200, mxb a écrit : How does your CARP setup looks like. On both machines? Can you send your ifconfig output? What is your environment/setup for this 2-node CARP? How interfaces (ext/int) are connected? What switches do you use? On 3 jul 2013, at 10:23, Loïc Blot loic.b...@unix-experience.fr wrote: Okay, defer is now enabled on pfsync interface (sorry for my last idea, i haven't the man on me :) ). It seems the problem isn't resolved. The transfer starts but blocked at random time. -- Best regards, Loïc BLOT, Engineering UNIX Systems, Security and Networks http://www.unix-experience.fr Le mercredi 03 juillet 2013 à 08:12 +0200, Loïc BLOT a écrit : Hi, Thanks for your reply. I wasn't careful about this section. If i understand i must add defer option to my WAN iface (or i'm wrong i must add it to my vlan995 iface ?) ? I will test it this morning, and i return back to misc :) -- Best regards, Loc BLOT, UNIX systems, security and network expert http://www.unix-experience.fr Le mercredi 03 juillet 2013 02:02 +0200, mxb a crit : pfsync(4) explains this: The pfsync interface will attempt to collapse multiple state updates into a single packet where possible. The maximum number of times a single state can be updated before a pfsync packet will be sent out is controlled by the maxupd parameter and Where more than one firewall might actively handle packets, e.g. with certain ospfd(8), bgpd(8) or carp(4) configurations, it is beneficial to defer transmission of the initial packet of a connection. The pfsync state insert message is sent immediately; the packet is queued until either this message is acknowledged by another system, or a timeout has expired. This behaviour is enabled with the defer parameter to ifconfig(8). Eg. defer: on, yours is off. //mxb On 2 jul 2013, at 21:54, Loc BLOT loic.b...@unix-experience.fr wrote: Hi all I have a strange issue (or i haven't read pfsync correctly but i don't think this is the problem :D) I'm using 2 OpenBSD as BGP+OSPF routers at the border of one site. Those BGP routers are secure with strong PF in stateful mode, and the stateful is working very well on each router. Because of my full mesh BGP configuration, the outgoing layer 7 sessions can leave my network by one router and responses can income by the other. To resolve this issue, i have created a dedidated VLAN for the pfsync traffic and attached pfsync to this VLAN. Here is a sample output of ifconfig on my first router: vlan995: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr a0:36:9f:10:4a:a6 priority: 0 vlan: 995 parent interface: trunk1 groups: vlan status: active inet6 fe80::a236:9fff:fe10:4aa6%vlan995 prefixlen 64 scopeid 0x10 inet 10.117.1.129 netmask 0xfff8 broadcast 10.117.1.135 pfsync0: flags=41UP,RUNNING mtu 1500 priority: 0 pfsync: syncdev: vlan995 maxupd: 255 defer: off groups: carp pfsync And here on my second router: vlan995: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr a0:36:9f:17:e2:1e priority: 0 vlan: 995 parent interface: trunk1 groups: vlan status: active inet6 fe80::a236:9fff:fe17:e21e%vlan995 prefixlen 64 scopeid 0x10 inet 10.117.1.130 netmask 0xfff8 broadcast 10.117.1.135 pfsync0: flags=41UP,RUNNING mtu 1500 priority: 0 pfsync: syncdev: vlan995 maxupd: 255 defer: off groups: carp pfsync As you see in next tcpdump capture, there is some discussions between the two routers: # tcpdump -nni vlan995 tcpdump: listening on vlan995, link-type EN10MB tcpdump: WARNING: compensating for unaligned libpcap packets 23:41:13.699617 10.117.1.130: PFSYNCv6 len 108 act UPD ST COMP count 1 ... (DF) [tos 0x10] 23:41:14.158500 10.117.1.129: PFSYNCv6 len 108 act UPD ST COMP count 1 ... (DF) [tos 0x10] 23:41:14.941396 SSTP STP config root=83e3.0:a:b8:7b:27:80 rootcost=3 bridge=c3e3.0:17:e:2e:f:80 port=142 ifcost=130 age=1/0 max=20/0 hello=2/0 fwdelay=15/0 pvid=995 23:41:14.949617 10.117.1.130: PFSYNCv6 len 108 act UPD ST COMP count 1 ... (DF) [tos 0x10] 23:41:15.237655 10.117.1.129: PFSYNCv6 len 640 act UPD ST COMP count 1 ... (DF) [tos 0x10] 23:41:15.949617 10.117.1.130:
Re: PF sync doesn't not work very well
On Wed, 03 Jul 2013 07:00:02 -0500, Loïc Blot loic.b...@unix-experience.fr wrote: Hello, no carp is used at this time. pfsync needs to be used with carp... without it you're just playing whack-a-mole with your session table.
Re: PF sync doesn't not work very well
It's not possible to sync pf table without CARP ? I must use it in some case, then those case will be fixed but the other (OSPFd routing) may fail i think ? -- Best regards, Loïc BLOT, Engineering UNIX Systems, Security and Networks http://www.unix-experience.fr Le mercredi 03 juillet 2013 à 07:11 -0500, Mark Felder a écrit : On Wed, 03 Jul 2013 07:00:02 -0500, Loïc Blot loic.b...@unix-experience.fr wrote: Hello, no carp is used at this time. pfsync needs to be used with carp... without it you're just playing whack-a-mole with your session table.
Re: PF sync doesn't not work very well
On Wed, 03 Jul 2013 07:40:08 -0500, Loïc Blot loic.b...@unix-experience.fr wrote: It's not possible to sync pf table without CARP ? In order to answer that I'll need to understand what you believe the pf table is.
Re: PF sync doesn't not work very well
Sure it syncs, but node1 has completely different IP addresses than node2(both external and internal ??), if no CARP. So storing states from node1, which passes/initiated connection to ftp.fr , on node2 does not help. In your case, you'd probably to decide to ever have MASTER-BACKUP or to have MASTER-MASTER CARP setup. On 3 jul 2013, at 14:40, Loïc Blot loic.b...@unix-experience.fr wrote: It's not possible to sync pf table without CARP ? I must use it in some case, then those case will be fixed but the other (OSPFd routing) may fail i think ? -- Best regards, Loïc BLOT, Engineering UNIX Systems, Security and Networks http://www.unix-experience.fr Le mercredi 03 juillet 2013 à 07:11 -0500, Mark Felder a écrit : On Wed, 03 Jul 2013 07:00:02 -0500, Loïc Blot loic.b...@unix-experience.fr wrote: Hello, no carp is used at this time. pfsync needs to be used with carp... without it you're just playing whack-a-mole with your session table.
Re: PF sync doesn't not work very well
For me pf table is (sorry for the missing precisions) the pf state stable for stateful operations -- Best regards, Loïc BLOT, Engineering UNIX Systems, Security and Networks http://www.unix-experience.fr Le mercredi 03 juillet 2013 à 08:22 -0500, Mark Felder a écrit : On Wed, 03 Jul 2013 07:40:08 -0500, Loïc Blot loic.b...@unix-experience.fr wrote: It's not possible to sync pf table without CARP ? In order to answer that I'll need to understand what you believe the pf table is.
Re: PF sync doesn't not work very well
Le Wed, 03 Jul 2013 07:11:08 -0500, Mark Felder f...@feld.me a écrit : On Wed, 03 Jul 2013 07:00:02 -0500, Loïc Blot loic.b...@unix-experience.fr wrote: Hello, no carp is used at this time. pfsync needs to be used with carp... without it you're just playing whack-a-mole with your session table. I don't see why as states are not attached on carp interfaces but to real interfaces (if-bounded) or even by default to no interface at all ? Regards
Re: PF sync doesn't not work very well
On Wed, 03 Jul 2013 09:24:54 -0500, Loïc Blot loic.b...@unix-experience.fr wrote: For me pf table is (sorry for the missing precisions) the pf state stable for stateful operations First of all, the states of node 1 being synced to node 2 and vice versa is worthless because they have different IP addresses; the states wont match anything. Secondly, you'll probably end up dealing with the nodes fighting each other as they sync back and forth. If a state from node1 is synced to node2 and node2 decides to expire that session because it hasn't been used it will tell node1 to remove that session as well. Now your session that was working on node1 has stopped functioning. This is probably the hanging/stalling behavior you were experiencing before. I've never even attempted to set this up in a lab and I know nothing of the pfsync/pf code, but I assume this is what is happening to you. I'm actually quite surprised it will even accept any changes to states for IPs that don't exist on the server, but I suppose it doesn't seem worthwhile to put such strict validation on it.
Re: PF sync doesn't not work very well
I don't understand why they can't be synced because if i have this scheme: server 1 - | Router 1 + Router 2 | remote server 1 contact remote, outgoing by Router 1 and the return traffic comes from Router 2. The state may have server 1 port A to remote port B, then the virtual IP is useless in this configuration, no ? -- Best regards, Loïc BLOT, Engineering UNIX Systems, Security and Networks http://www.unix-experience.fr Le mercredi 03 juillet 2013 à 09:36 -0500, Mark Felder a écrit : On Wed, 03 Jul 2013 09:24:54 -0500, Loïc Blot loic.b...@unix-experience.fr wrote: For me pf table is (sorry for the missing precisions) the pf state stable for stateful operations First of all, the states of node 1 being synced to node 2 and vice versa is worthless because they have different IP addresses; the states wont match anything. Secondly, you'll probably end up dealing with the nodes fighting each other as they sync back and forth. If a state from node1 is synced to node2 and node2 decides to expire that session because it hasn't been used it will tell node1 to remove that session as well. Now your session that was working on node1 has stopped functioning. This is probably the hanging/stalling behavior you were experiencing before. I've never even attempted to set this up in a lab and I know nothing of the pfsync/pf code, but I assume this is what is happening to you. I'm actually quite surprised it will even accept any changes to states for IPs that don't exist on the server, but I suppose it doesn't seem worthwhile to put such strict validation on it.
Re: PF sync doesn't not work very well
States ARE synced. IPs are not the same on node1 and node2 for external. The you initiated connection to ftp.fr, you done it via node1 with its external IP. On node2 those packets will be DROPPED as those do not belong to external NIC on node2 (IP) On 3 jul 2013, at 17:16, Loïc Blot loic.b...@unix-experience.fr wrote: I don't understand why they can't be synced because if i have this scheme: server 1 - | Router 1 + Router 2 | remote server 1 contact remote, outgoing by Router 1 and the return traffic comes from Router 2. The state may have server 1 port A to remote port B, then the virtual IP is useless in this configuration, no ? -- Best regards, Loïc BLOT, Engineering UNIX Systems, Security and Networks http://www.unix-experience.fr Le mercredi 03 juillet 2013 à 09:36 -0500, Mark Felder a écrit : On Wed, 03 Jul 2013 09:24:54 -0500, Loïc Blot loic.b...@unix-experience.fr wrote: For me pf table is (sorry for the missing precisions) the pf state stable for stateful operations First of all, the states of node 1 being synced to node 2 and vice versa is worthless because they have different IP addresses; the states wont match anything. Secondly, you'll probably end up dealing with the nodes fighting each other as they sync back and forth. If a state from node1 is synced to node2 and node2 decides to expire that session because it hasn't been used it will tell node1 to remove that session as well. Now your session that was working on node1 has stopped functioning. This is probably the hanging/stalling behavior you were experiencing before. I've never even attempted to set this up in a lab and I know nothing of the pfsync/pf code, but I assume this is what is happening to you. I'm actually quite surprised it will even accept any changes to states for IPs that don't exist on the server, but I suppose it doesn't seem worthwhile to put such strict validation on it.
Re: PF sync doesn't not work very well
The connection is not done by my routers themselves but by DMZ servers behind them ! -- Best regards, Loïc BLOT, Engineering UNIX Systems, Security and Networks http://www.unix-experience.fr Le mercredi 03 juillet 2013 à 17:32 +0200, mxb a écrit : States ARE synced. IPs are not the same on node1 and node2 for external. The you initiated connection to ftp.fr, you done it via node1 with its external IP. On node2 those packets will be DROPPED as those do not belong to external NIC on node2 (IP) On 3 jul 2013, at 17:16, Loïc Blot loic.b...@unix-experience.fr wrote: I don't understand why they can't be synced because if i have this scheme: server 1 - | Router 1 + Router 2 | remote server 1 contact remote, outgoing by Router 1 and the return traffic comes from Router 2. The state may have server 1 port A to remote port B, then the virtual IP is useless in this configuration, no ? -- Best regards, Loïc BLOT, Engineering UNIX Systems, Security and Networks http://www.unix-experience.fr Le mercredi 03 juillet 2013 à 09:36 -0500, Mark Felder a écrit : On Wed, 03 Jul 2013 09:24:54 -0500, Loïc Blot loic.b...@unix-experience.fr wrote: For me pf table is (sorry for the missing precisions) the pf state stable for stateful operations First of all, the states of node 1 being synced to node 2 and vice versa is worthless because they have different IP addresses; the states wont match anything. Secondly, you'll probably end up dealing with the nodes fighting each other as they sync back and forth. If a state from node1 is synced to node2 and node2 decides to expire that session because it hasn't been used it will tell node1 to remove that session as well. Now your session that was working on node1 has stopped functioning. This is probably the hanging/stalling behavior you were experiencing before. I've never even attempted to set this up in a lab and I know nothing of the pfsync/pf code, but I assume this is what is happening to you. I'm actually quite surprised it will even accept any changes to states for IPs that don't exist on the server, but I suppose it doesn't seem worthwhile to put such strict validation on it.
Re: Softraid performance: CRYPTO on top of RAID 1?
On Tue, 2 Jul 2013, Erling Westenvik wrote: Hi folks, Anyone having any experience with putting an softraid CRYPTO partition on top of a softraid RAID 1? In terms of performance? I'd like to build a file server that favors redundancy, availability and privacy over performance. The latter within limits though, hence my initial question. Private use only. Me, my family and ... friends. I'm planning to use 3 x 1TB drives in RAID 1. No FDE since availability involves the possibility of unattended booting; like after a power outage while being abroad/out of town, in which case I'd have to ssh in to the box and bioctl(8) the encrypted volume. Otherwise the PC is an old Pentium 4 3.40GHz with 3GB RAM which as of today runs fine as a file server with 2 x 500GB disks in softraid RAID 1. You would get much better throughput with a CPU that supports AESNI, however unless you're wanting near-disk level performance, you shouldn't have any problems. FWIW one of my servers (handles mail, etc) is a Sun Fire V210 (sparc64) machine with 2x1GHz CPU, 2GB RAM and a pair of SCSI drives - it runs perfectly well in a similar CRYPTO on RAID 1 configuration. That said, you'd be best to set it up and measure the performance to ensure it will meet your needs. Sorry if my question does not belong on @misc. I've done quite some homework but could not find information pertinent to my case and would like to hear any arguments for or against before I spend many hours on copying hundres of gigabytes to potentially no avail. Regards, Erling -- Action without study is fatal. Study without action is futile. -- Mary Ritter Beard
Re: OpenBSD Doesn't Support 64-Bit Intel
hello florenz! u are wright! i was a wrong and try to defend myself by answering back but i check again to what jash was saying and then bang he was Wright, Damm even worse, but ok i learn the lesson, usually y try to internet and then on archives but this time i got confused on supports from 32 bits and 64 and answered too quick trying to defend OpenBSD what derived on a very strong correction by some folks even theo participate but ok i learned and thanks sometimes it is better to learn the hard way --by the way first time that many help me jeje and first time theo send me a mail :) -- Subject: Re: OpenBSD Doesn't Support 64-Bit Intel From: f...@well.com Date: Wed, 3 Jul 2013 10:11:21 +0200 To: genesi...@hotmail.com hello Carlos, On Jul 2, 2013, at 6:15 PM, carlos albino garcia grijalba wrote: LOL ok im the rude guy dude! but ok im the dummy what its really funny its that when i ask the list for some nobody answer but when i write something that someone feel its rude then bang i have answers!!! LOL actually, I answered not because I felt your statement was so wrong it was not even funny anymore. look at this thread: http://listserv.sap.com/pipermail/linux.general/2005-December/004843.html then you might realize that IA64 vs. AMD64 was a topic I found quite interesting some years ago. So that's the way the misc works. It's easier to critique on style rather than on substance, and critique makes most feel superior - probably including me. Don't be one of the people doing it, ignore the noise, and listen to the helpful people. There are quite some on misc, and about once or twice a week you will see a very helpful tip. here is some free advice: 1) now that you feel properly welcomed by having your error corrected in public, try to pay it back by doing your homework. Never before was technical and non-technical information available as free and fast as today. Use it. There is no excuse for not searching the documentation, and the internet. 2) Stay away from opinion, and stick to the facts. Opinion goes best with a beer, and time to waste. 3) Show some respect by investing time and effort in your language and writing style. At the moment, you are giving the impression of a 15-year-old. The concept of respect is well-known in the spanish hemisphere, my friends from Spain and Protugal tell me. Show some to others be making yourself appear more mature. Incidentally, it makes it easier to read for yourself, too. Same as wearing a tie to the have a nice day :-) Florenz
Re: Compiling and debugging custom ralink driver for 5.3 GENERIC (release)
Thanks for your response! On 7/3/2013 1:07 AM, Remco wrote: AFAIK this is step one. Assuming you added the PCI IDs correctly, the driver's attach function should run. However, to the best of my understanding, you chose a more or less random attach function for your unsupported device. My guess is that the attach function didn't run, or hasn't got the proper support for your device and therefore fails, leaving you with a not configured device. (Frankly, step one should be to first compare drivers and see if OpenBSD has the code necessary to support your device and add the missing pieces, instead of semi-randomly trying to run some OpenBSD code on your unsupported device. Also beware of differences in how the code is licensed in case you want to literally copy stuff.) Ralink packages the 2860 and 3060 source code in their open source driver. OpenBSD's ral(4) uses the 2860 as the default or 'catch all.' This indicates that the 2860 might be suitable for the 3060. The odd thing is that the 2860 *and* 3090 vendor packages include '30xx.c' I would think if the attach failed it would be in /var/log/messages. How would I debug this? If the attach is failing, I might try crafting it to use a different driver. (guess I should try printf) Finally, I'm very knowledgeable when it comes to copyright and licensing laws. Vendor code is GNU GPL and might be a problem with the register tables and such.
Re: OpenBSD Doesn't Support 64-Bit Intel
Nick Holland [n...@holland-consulting.net] wrote: On 07/02/2013 11:44 AM, noah pugsley wrote: More wrong? Maybe so. My point was that both are and either way it's inconsistent. not anymore. new text, as of last night: Processors All CPUs compatible with the Intel 80486 or better, with Intel-compatible hardware floating point support should work. Is there floating-point hardware for 486 or higher that isn't Intel-compatible? This text seems superfluous.
Re: OpenBSD Doesn't Support 64-Bit Intel
On 03.07.2013. 19:15, Chris Cappuccio wrote: Is there floating-point hardware for 486 or higher that isn't Intel-compatible? This text seems superfluous. I remember some Weitek floating-point coprocessors from those times - I suppose they were not x87 compatible?
Re: OpenBSD Doesn't Support 64-Bit Intel
On 07/03/2013 01:15 PM, Chris Cappuccio wrote: Nick Holland [n...@holland-consulting.net] wrote: On 07/02/2013 11:44 AM, noah pugsley wrote: More wrong? Maybe so. My point was that both are and either way it's inconsistent. not anymore. new text, as of last night: Processors All CPUs compatible with the Intel 80486 or better, with Intel-compatible hardware floating point support should work. Is there floating-point hardware for 486 or higher that isn't Intel-compatible? This text seems superfluous. an unlikely combination, but a 486sx with a Weitek 4167 would qualify. Plus... I would not be surprised if some day, someone (probably Chinese/Taiwanese/Indian) did an embedded x86 compatible-ish chip optimized for low price and power consumption without any FPU. Whether this could run any modern off-the-shelf OS as-is, no idea..but someone will post on misc@ will it will run OpenBSD? within thirty minutes of the very first press release. Nick.
Re: softdep issue in 5.3-current ?
On 07/03/13 05:45, Andreas Bartelt wrote: I made a new build of current and the problem with tar performance seems to be resolved now. before: # time tar -xzpf /usr/releasedir/comp53.tgz 3m17.81s real 0m2.14s user 0m2.22s system # time tar -xzpf /usr/releasedir/base53.tgz 3m39.33s real 0m2.23s user 0m2.23s system after: # dmesg|head -n2 OpenBSD 5.3-current (GENERIC.MP) #0: Tue Jul 2 22:44:07 CEST 2013 root@test:/usr/src/sys/arch/amd64/compile/GENERIC.MP # time tar -xzpf /usr/releasedir/comp53.tgz 0m8.92s real 0m1.80s user 0m1.07s system # time tar -xzpf /usr/releasedir/base53.tgz 0m11.29s real 0m2.21s user 0m1.17s system I was wrong -- the problem persists! Directly after booting into a system built with the current source, tar extraction performance is OK (like in my second example from above), but after 'make build make release' of current source on the same system, tar extraction performance is horrible (like in the first example from above). So tar extraction performance seems to get much worse after the system was under heavy I/O for a while (i.e., after make build make release). Can anyone reproduce this? Best Regards Andreas
Re: OpenBSD Doesn't Support 64-Bit Intel
Zeljko Jovanovic zelj...@tesla.rcub.bg.ac.rs wrote: Is there floating-point hardware for 486 or higher that isn't Intel-compatible? This text seems superfluous. I remember some Weitek floating-point coprocessors from those times - I suppose they were not x87 compatible? They weren't. http://www.cpu-world.com/CPUs/4167/ http://datasheets.chipdb.org/Weitek/WTL4167.pdf -- Christian naddy Weisgerber na...@mips.inka.de
Re: OpenBSD Doesn't Support 64-Bit Intel
an unlikely combination, but a 486sx with a Weitek 4167 would qualify. And OpenBSD would not run on it, because it only expects an x87-compatible FPU on such a system. Plus... I would not be surprised if some day, someone (probably Chinese/Taiwanese/Indian) did an embedded x86 compatible-ish chip optimized for low price and power consumption without any FPU. Such systems already exist. You can buy newly produced 80386 clones (running way faster than 25 or 33MHz). Of course these are not intended to be used in PC-style hardware.
luit and crashing xterm
In my ~/.Xresources, I specify XTerm*locale:ISO8859-2 to get my xterm to display the chars of the Czech language, and in my ~/.xinitrc, I toggle -layout us,cz via setxkbmap to be able to type the Czech chars. (See full ~/.Xresources and ~/.xinitrc at bottom.) My problem is that _sometimes_ I cannot even start those xterms. Occasionaly, upon launching a new xterm with ctrl-alt-enter (I use cwm), the xterm window appears for a moment and disappears immediately. Sometimes, after a few such tries, the xterm window appears to stay and the xterm works just fine. Sometimes, luit(1) zombie are left after the previous failed xterms; sometimes not. This is how it looks after a succesfully started xterm: | \-+- 27420 hans xinit /home/hans/.xinitrc -- /home/hans/.xserverrc :0 -auth /home/hans/.serverauth.3252 | |-+= 24140 hans Xorg -nolisten tcp | | \--- 01784 root Xorg: [priv] (Xorg) | \-+= 30481 hans sh /home/hans/.xinitrc | \-+- 02515 hans cwm | \-+= 12316 hans xterm | \-+= 01852 hans /usr/X11R6/bin/luit -encoding ISO8859-2 -argv0 -ksh | \-+= 01607 hans -ksh (ksh) | \-+= 24783 hans tmux: client (/tmp/tmux-1000/default) (tmux) | \--- 30479 hans (tmux) I understand that the support for the XTerm*locale: ISO8859-2 setting is achieved by using luit(1). If I comment the locale setting out (and so don't launch luit and lose the locale support), these problems disappear. This leads me to suspect luit, or the way xterm calls luit. Am I missing something? Is there something specific I could test? Also, is this actually the way to get xterm support for my locale? How do people with languages out of ascii do this? Jan $ cat .xinitrc #!/bin/sh xset -b -c dpms 300 600 900 m 2 0 r rate 400 30 s blank s 120 60 xsetroot -solid black xrdb ~/.Xresources setxkbmap -layout us,cz -option grp:shifts_toggle,grp_led:scroll xmodmap ~/.xmodmaprc cwm $ cat .Xresources XTerm*termName: xterm-color XTerm*message: true XTerm*cutNewline: true XTerm*cutToBeginningOfLine: true ! these should not break a word XTerm*charClass:37:48,45-47:48,58:48,64:48,126:48 XTerm*toolBar: false !XTerm.keyboardType:vt220 XTerm*backarrowKeyIsErase: false !XTer*deleteIsDEL: true !XTerm.ptyInitialErase: true !XTerm.ttyModes: TODO XTerm*background: black XTerm*foreground: white XTerm*activeIcon: false XTerm*autowrap: true XTerm*colorMode:true XTerm*cursorBlink: true XTerm*backarrowKey: true XTerm*dynamicColors:false XTerm*loginShell: true XTerm*reverseWrap: true XTerm*scrollBar:false !XTerm*scrollKey: true !XTerm*scrollLines: 1024 !XTerm*scrollTtyOutput: false XTerm*saveLines:1024 XTerm*selectToClipboard:true !XTerm*translations:TODO XTerm*visualBell: true XTerm*pointerMode: 1 XTerm*eightBitInput:true !XTerm*font: -misc-fixed-medium-r-normal--20-200-75-75-c-100-iso8859-2 XTerm*locale: ISO8859-2
Re: luit and crashing xterm
Jan Stary h...@stare.cz wrote: I understand that the support for the XTerm*locale: ISO8859-2 setting is achieved by using luit(1). If I comment the locale setting out (and so don't launch luit and lose the locale support), these problems disappear. This leads me to suspect luit, or the way xterm calls luit. Am I missing something? Is there something specific I could test? I don't think you're missing something, and I think there's a bug somewhere. I'll try to look into this. Also, is this actually the way to get xterm support for my locale? Yes. xterm only supports ISO8859-1 and UTF-8 natively; everything else requires luit and is mapped to UTF-8. How do people with languages out of ascii do this? Either the same way or they go with UTF-8. -- Christian naddy Weisgerber na...@mips.inka.de
Re: Softraid performance: CRYPTO on top of RAID 1?
On Thu, Jul 04, 2013 at 02:33:51AM +1000, Joel Sing wrote: [...snip...] FWIW one of my servers (handles mail, etc) is a Sun Fire V210 (sparc64) machine with 2x1GHz CPU, 2GB RAM and a pair of SCSI drives - it runs perfectly well in a similar CRYPTO on RAID 1 configuration. That said, you'd be best to set it up and measure the performance to ensure it will meet your needs. I'm confused. Is it possible to have RAID1 and CRYPTO on top of that as boot device? It did not work for me... jirib
Re: Any other ThinkPad W500 users out there?
On 2 July 2013 14:39, Mikhail Krutov n...@takino.org wrote: On Sun, Jun 30, 2013 at 02:43:28AM -0400, STeve Andre' wrote: If so, I'd like to know if you are running a recent 5.3-current. Mail me off list so we don't pollute misc@. Steve, My opinion (if it costs anything) is that this info won't polute. No central directory is found on OpenBSD laptop compatibility and misc@ is only source. If you would buy one, please keep list (or me) informed. :) NYC Bug has a publicly searchable dmesg database at: http://www.nycbug.org/?action=dmesgd Which can sometimes be useful for checking compatibility... hth Fred
Fuse on OpenBSD
About a month ago, I followed up on tech@ that some fuse support had been merged into the kernel, but disable by default. (By the way, congrats and thanks to the devs for that! :D) I'm wondering if there's any timeframe for this getting enabled by default - I'd love to have fuse support, but I don't think I'm ready to void my warranty just yet ;) Is there more testing needed, or exactly what's necessary for it to move forward? On a somewhat related note; might this mean we might be able to port fuse drivers (like aufs) into BSD? :D Thanks, -- Hugo Osvaldo Barrera [demime 1.01d removed an attachment of type application/pgp-signature]
Re: softraid: adding volumes, CPU requirements, RAID5
On 2013-07-02 18:53, Nick Holland wrote: On 07/02/13 17:07, Jean-Francois Simon wrote: Le 20/05/2013 13:46, Nick Holland a écrit : On 05/20/13 00:52, Hugo Osvaldo Barrera wrote: ... 3) The man pages report RAID5 as experimental. I'm curious, why is this so? Is it just not-very-thoroughly tested, or is there some missing feature? I read on a 2010 presentation that rebuild was not implemented yet, is this still so? That's really a question you will need to find out though experimentation before you implement (i.e., you MUST practice this recovery stuff before going into production), but yes, RAID5 rebuild is still not there, so I would NOT recommend going this route. However, a nice little RAID1 system to start, hopefully leaving you two SATA ports for the next generation/upgrade disks. Nick. RAID5 rebuild is still not there Can you please make it more clear what actual state of soft raid can and what it cannot do under RAID 5 ... I'm not so sure to get it, thank you. J.-F. RAID5 rebuild is still not there - there's no RAID5 rebuild. I'm not sure how to make it more clear... Ok, let's try this... Today, you take four 1TB disks, and make a 3TB RAID5 volume. You can do that. Works great. Now, a lot of people might call this Job Done. Not me. The point of RAID isn't to build complicated systems, but to have the system keep your butt out of the fire when things go wrong. Next month, one of those drive fail. That's ok, RAID5 is designed to keep your data usable with one drive down. THAT is the point of RAID. You pat yourself on the back and say, I'm glad I am using RAID5. You replace the failed drive and... ... um... now what? You have a three drive degraded RAID5 system with no remaining redundancy...and a new drive that is currently unused. You have no ability to rebuild the function of the failed drive into the new drive...because the RAID5 rebuild is not there. Oh, poo. Your options? Well, * you can build a NEW array on other disks (hope you have enough ports to plug them into), copy the data from the old one to the new one * you can hope your backup system is perfect, and rebuild the entire array and reload from backup * you can hope a second drive doesn't fail in your array... for the life of the system. Not much else I can think of. If you want to play with softraid and raid5, hey, have a blast. You want to put critical data on it? I'd not suggest that. A job ago, I had some relatively large chunks of data to hash through to find some needles of data in and no disks handy that could do it in one chunk...but I had some big disk array boxes, and a lot of smallish SCSI disks I could stick in them (and the office space was really cold, so a bit of heat under my desk was not unappreciated). I think I did them as softraid RAID0, but I could have done it as RAID5 with this system -- the data is there just for analysis, not storage. RAID5 might give me a few minutes to pull data off that I realized was important only after the drive failed, but otherwise the loss of data on this array would not have been catastrophic at all. Now, anyone who drops important data on any kind of RAID system without figuring out how to deal with disk (and controller) failures deserves what they get. So if I was a nice guy, I'd have said Go try it out on some spare hardware and unimportant data and answer your own question, but being the evil bastard that I am, I'm denying you a very important learning experience. Nick. Indeed! I wanted to make sure I'd know how to rebuild the RAID after it failed, and that was my initial doubt. You can be pretty much assured that I didn't use RAID5 in the end (I don't have anywhere to copy all my stuff while I rebuild the array). I'm wondering though; is it *so* hard to implement the rebuildage, or is there simply no interest on behalf of the devs? -- Hugo Osvaldo Barrera [demime 1.01d removed an attachment of type application/pgp-signature]
Re: Fuse on OpenBSD
About a month ago, I followed up on tech@ that some fuse support had been merged into the kernel, but disable by default. (By the way, congrats and thanks to the devs for that! :D) I'm wondering if there's any timeframe for this getting enabled by default - I'd love to have fuse support, but I don't think I'm ready to void my warranty just yet ;) Is there more testing needed, or exactly what's necessary for it to move forward? On a somewhat related note; might this mean we might be able to port fuse drivers (like aufs) into BSD? :D Good grief. You can enable it yourself, right now. You can test it. You can find bugs. You can report them. You can even try to fix them. You can communicate directly with developers trying to bring it to fruition. Instead, what is your mail -- is it a rah rah please enable it tomorrow? Is it a statement of event if there is a major screw up hiding, enable it tomorrow please please please rah rah rah? Hugo, grow up. This is a participation community. The process is not opaque. Opportunities for participation at all levels are highly visible. Participate in development, to your own form. The email you sent above is not a form of participation. It is at the level of fanboy.
Re: Fuse on OpenBSD
Theo, Don't you just love it when folks ask questions they already know the answers to? Still, FUSE is a wonderful idea. It certainly would make OpenBSD more versatile (and even allow it to wend its way further into both the user and corporate market segments. anyway, hope you are having a nice summer up there (its roasting here at or above 115). keep cool and don't let the buggers get you down. :) -Eric On Jul 3, 2013, at 5:55 PM, Theo de Raadt wrote: About a month ago, I followed up on tech@ that some fuse support had been merged into the kernel, but disable by default. (By the way, congrats and thanks to the devs for that! :D) I'm wondering if there's any timeframe for this getting enabled by default - I'd love to have fuse support, but I don't think I'm ready to void my warranty just yet ;) Is there more testing needed, or exactly what's necessary for it to move forward? On a somewhat related note; might this mean we might be able to port fuse drivers (like aufs) into BSD? :D Good grief. You can enable it yourself, right now. You can test it. You can find bugs. You can report them. You can even try to fix them. You can communicate directly with developers trying to bring it to fruition. Instead, what is your mail -- is it a rah rah please enable it tomorrow? Is it a statement of event if there is a major screw up hiding, enable it tomorrow please please please rah rah rah? Hugo, grow up. This is a participation community. The process is not opaque. Opportunities for participation at all levels are highly visible. Participate in development, to your own form. The email you sent above is not a form of participation. It is at the level of fanboy.
Re: Fuse on OpenBSD
Still, FUSE is a wonderful idea. It certainly would make OpenBSD more versatile (and even allow it to wend its way further into both the user and corporate market segments. So we should enable it right now, today, when it is brand new code? Skip the testing period? Start from go, and immediately assume all the potential downsides? Eric, nice try, but you are an idiot.
Re: Fuse on OpenBSD
Did I say that it had to be run today? Funny, I only remember remarking that its a wonderful idea. As for my being an idiot, the jury is still out on that one. :) I know that this is your way to motivate others into doing for themselves. There are better ways to do this, but you are you and I am what I am. :) Anyway, thanks for the motivation. :) -eric On Jul 3, 2013, at 6:18 PM, Theo de Raadt wrote: Still, FUSE is a wonderful idea. It certainly would make OpenBSD more versatile (and even allow it to wend its way further into both the user and corporate market segments. So we should enable it right now, today, when it is brand new code? Skip the testing period? Start from go, and immediately assume all the potential downsides? Eric, nice try, but you are an idiot.
Re: Fuse on OpenBSD
Why do we need FUSE anyway? O.D. On 4. juli 2013 at 2:10 AM, eric oyen eric.o...@gmail.com wrote: Did I say that it had to be run today? Funny, I only remember remarking that its a wonderful idea. As for my being an idiot, the jury is still out on that one. :) I know that this is your way to motivate others into doing for themselves. There are better ways to do this, but you are you and I am what I am. :) Anyway, thanks for the motivation. :) -eric On Jul 3, 2013, at 6:18 PM, Theo de Raadt wrote: Still, FUSE is a wonderful idea. It certainly would make OpenBSD more versatile (and even allow it to wend its way further into both the user and corporate market segments. So we should enable it right now, today, when it is brand new code? Skip the testing period? Start from go, and immediately assume all the potential downsides? Eric, nice try, but you are an idiot.
Re: Fuse on OpenBSD
On 03/07/13 11:07 PM, openda...@hushmail.com wrote: Why do we need FUSE anyway? To be able to utilize FUSE based filesystems. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Re: Fuse on OpenBSD
On Jul 3, 2013, at 20:23, Brad Smith b...@comstyle.com wrote: On 03/07/13 11:07 PM, openda...@hushmail.com wrote: Why do we need FUSE anyway? To be able to utilize FUSE based filesystems. Fuse is a terrible hack. But, a useful one that solves all kinds of problems. Sent form my iFoe.
sdhc and Ricoh 5U823
My first dumb question since I've been back and there will probably be plenty more. With the Ricoh 5U823 does sdhc only recognize SD cards on boot? OpenBSD 5.3 (GENERIC.MP) #58: Tue Mar 12 18:43:53 MDT 2013 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC.MP cpu0: Intel(R) Core(TM) i7-2640M CPU @ 2.80GHz (GenuineIntel 686-class) 2.80 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,NXE,LONG,SSE3,PCLMUL,DTES64,MWAIT,D S-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,D EADLINE,AES,XSAVE,AVX,LAHF,PERF,ITSC real mem = 3662856192 (3493MB) avail mem = 3592019968 (3425MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 04/25/12, BIOS32 rev. 0 @ 0xfc200, SMBIOS rev. 2.6 @ 0xdae9c000 (68 entries) bios0: vendor LENOVO version 8DET61WW (1.31 ) date 04/25/2012 bios0: LENOVO 4291X04 acpi0 at bios0: rev 2 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP SLIC SSDT SSDT SSDT HPET APIC MCFG ECDT ASF! TCPA SSDT SSDT UEFI UEFI UEFI acpi0: wakeup devices LID_(S3) SLPB(S3) IGBE(S4) EXP4(S4) EXP7(S4) EHC1(S3) EHC2(S3) HDEF(S4) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpihpet0 at acpi0: 14318179 Hz acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: apic clock running at 99MHz cpu1 at mainbus0: apid 1 (application processor) cpu1: Intel(R) Core(TM) i7-2640M CPU @ 2.80GHz (GenuineIntel 686-class) 2.80 GHz cpu1: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,NXE,LONG,SSE3,PCLMUL,DTES64,MWAIT,D S-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,D EADLINE,AES,XSAVE,AVX,LAHF,PERF,ITSC cpu2 at mainbus0: apid 2 (application processor) cpu2: Intel(R) Core(TM) i7-2640M CPU @ 2.80GHz (GenuineIntel 686-class) 2.80 GHz cpu2: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,NXE,LONG,SSE3,PCLMUL,DTES64,MWAIT,D S-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,D EADLINE,AES,XSAVE,AVX,LAHF,PERF,ITSC cpu3 at mainbus0: apid 3 (application processor) cpu3: Intel(R) Core(TM) i7-2640M CPU @ 2.80GHz (GenuineIntel 686-class) 2.80 GHz cpu3: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,NXE,LONG,SSE3,PCLMUL,DTES64,MWAIT,D S-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,D EADLINE,AES,XSAVE,AVX,LAHF,PERF,ITSC ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins acpimcfg0 at acpi0 addr 0xf800, bus 0-63 acpiec0 at acpi0 acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus -1 (PEG_) acpiprt2 at acpi0: bus 2 (EXP1) acpiprt3 at acpi0: bus 3 (EXP2) acpiprt4 at acpi0: bus 5 (EXP4) acpiprt5 at acpi0: bus 13 (EXP5) acpiprt6 at acpi0: bus 14 (EXP7) acpicpu0 at acpi0: C3, C1, PSS acpicpu1 at acpi0: C3, C1, PSS acpicpu2 at acpi0: C3, C1, PSS acpicpu3 at acpi0: C3, C1, PSS acpipwrres0 at acpi0: PUBS acpitz0 at acpi0: critical temperature is 99 degC acpibtn0 at acpi0: LID_ acpibtn1 at acpi0: SLPB acpibat0 at acpi0: BAT0 model 45N1025 serial 910 type LION oem LGC acpibat1 at acpi0: BAT1 not present acpiac0 at acpi0: AC unit online acpithinkpad0 at acpi0 acpidock0 at acpi0: GDCK not docked (0) bios0: ROM list: 0xc/0x1! cpu0: Enhanced SpeedStep 2791 MHz: speeds: 2801, 2800, 2600, 2400, 2200, 2000, 1800, 1600, 1400, 1200, 1000, 800 MHz pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 0 function 0 Intel Core 2G Host rev 0x09 vga1 at pci0 dev 2 function 0 Intel HD Graphics 3000 rev 0x09 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) intagp0 at vga1 agp0 at intagp0: aperture at 0xe000, size 0x1000 inteldrm0 at vga1: apic 2 int 16 drm0 at inteldrm0 Intel 6 Series MEI rev 0x04 at pci0 dev 22 function 0 not configured puc0 at pci0 dev 22 function 3 Intel 6 Series KT rev 0x04: ports: 1 com com3 at puc0 port 0 apic 2 int 19: ns16550a, 16 byte fifo com3: probed fifo depth: 0 bytes em0 at pci0 dev 25 function 0 Intel 82579LM rev 0x04: msi, address 3c:97:0e:08:67:59 ehci0 at pci0 dev 26 function 0 Intel 6 Series USB rev 0x04: apic 2 int 16 usb0 at ehci0: USB revision 2.0 uhub0 at usb0 Intel EHCI root hub rev 2.00/1.00 addr 1 azalia0 at pci0 dev 27 function 0 Intel 6 Series HD Audio rev 0x04: msi azalia0: codecs: Conexant/0x506e, Intel/0x2805, using Conexant/0x506e audio0 at azalia0 ppb0 at pci0 dev 28 function 0 Intel 6 Series PCIE rev 0xb4: apic 2 int 16 pci1 at ppb0 bus 2 ppb1 at pci0 dev 28 function 1 Intel 6 Series PCIE rev 0xb4: apic 2 int 17 pci2 at ppb1 bus 3 iwn0 at pci2 dev 0 function 0 Intel Centrino Advanced-N 6205 rev 0x34: msi, MIMO 2T2R, MoW, address 8c:70:5a:f5:14:b8 ppb2 at pci0 dev 28 function 3 Intel 6 Series PCIE rev 0xb4: apic 2 int 19 pci3 at ppb2 bus 5 ppb3 at pci0
