Re: OpenBSD embedded? (was: OpenBSD 5.6-current on ASUS Chromebox)
The lovable scamp Ted Unangst posted about a box with dual broadcoms, Atom CPU, DDR3 RAM, etc for $129 on his blog: http://www.tedunangst.com/flak/post/new-home-router -Chester Enjoy those tacos now, for in a thousand years they will be illegal! Ha ha ha ha-I think we all know why. - Benjamin Franklin On 12/3/2014 at 11:09 AM, Gene gh5...@gmail.com wrote: On Wed, Dec 3, 2014 at 9:49 AM, Alan McKay alan.mc...@gmail.com wrote: This is very interesting - I've been looking at various small boxes like this to use as a home firewall. The only problem is that not many of them have 2 NICs, and the ones that do are very expensive (higher end Zotac) Does anyone know of a similar device with 2 NICs that might be suitable as a home firewall? Look into the PC Engines ALIX and APU system boards. You can get kits for under $200, or sometimes for less on eBay. http://www.pcengines.ch Great hardware. I have a couple of the ALIX boards. The APU series has gigabit NICs and a lot more horse power. If you search the mailing list you'll see several mentions for it. What about one of the Open Firmware firewalls like ASUS? Is there an OpenBSD load for those? Instead of Tomato or the likes ... -Gene (p.s. I'm bad at mailing lists and didn't reply all last time, I apologise for emailing you twice, Alan).
Re: Securing communications with OpenBSD
Very true, filling your subterranean data server with angry hornets certainly seems like a good idea but it's really not, most AC maintenance contractors will charge you extra (usually per sting!). Chester T. Field And remember when I left all the meat out because I saw Mr. David Lynch “I’m on TV” do it, and he got on TV from doin’ it, and I did it and didn’t get on TV from doin’ it? - Gandhi On 10/6/2014 at 1:37 PM, Matti Karnaattu mkarnaa...@gmail.com wrote: Yes, my goal is to secure the infrastructure as much as possible. I don't know details but it sounds overly complex. And complexity may cause other issues, without any benefit for security. Example, you don't have to encrypt your whole hard disk if the hard disk is located in guarded bunker. But if you do that, it will increase security in theory but that may cause service outtage if you have to always locally type your crypt password if machine crashes. I would put this effort to ease maintainability, ease monitoring, use stateful firewall, deploy honeypot etc. and avoid complexity.
Re: Bad performance with re(4)
On 8/26/2014 at 12:27 PM, Chris Cappuccio ch...@nmedia.net wrote:Chester T. Field [chester.fi...@hushmail.com] wrote: Hi friends, Have you verified it's an openbsd-only problem? This driver is well supported and provides good performance in my experience. I tried it under Linux and I'm seeing the same crappy speeds, I haven't checked with Windows to see if the problem exists with proprietary drivers vs this being a hardware issue. I have experienced something similar with alc(4) on a Toshiba C640D, both OpenBSD and Linux would cause weird lockups under high(-ish) network activity. I don't know if this was the cause but the ACPI implementation on that machine was really messed up, I tried to view the tables in Windows and the machine would just blue screen... I digress... Sorry about the new e-mail address, I Googled how to make money so the Secret Service tasered my cat and reset my password. -Chester Chickens are a vital link in nature's chain and that's why we use them to play chicken-ball in the house! - Susan B. Anthony
Re: Bad performance with re(4)
On 8/26/2014 at 1:02 PM, Brent Cook bust...@gmail.com wrote: That sounds really familiar. I had a random sparc machine show very similar behavior with multiple operating systems. It turned out it did not like to play nicely with my gigabit switch and was constantly renegotiating link speed. I think it had something to do with the power efficient ethernet support. I bought a new switch, and everything worked properly. I did the initial install as a PXE boot from another computer, I was busy doing something else at the time but I remember thinking it was taking a really long time to tftp bsd.rd (this was via a crossover cable). Because of that I'm hesitant to believe it's related to my networking gear but perhaps something is borked with the power settings. After reading jsg's Driver Architecture and Implementation in OpenBSD I ran the following commands while ftping a large file: $ netstat -i NameMtu Network Address Ipkts IerrsOpkts Oerrs Colls re0 1500 Link 00:21:cc:50:2e:32 7513 0 4637 0 0 re0 1500 10.0.0/24 10.0.0.48 7513 0 4637 0 0 ... 10 seconds go by ... re0 1500 Link 00:21:cc:50:2e:32 7711 0 4780 0 0 re0 1500 10.0.0/24 10.0.0.48 7711 0 4780 0 0 ... 10 seconds go by ... re0 1500 Link 00:21:cc:50:2e:32 7910 0 4928 0 0 re0 1500 10.0.0/24 10.0.0.48 7910 0 4928 0 0 ... 10 seconds go by ... re0 1500 Link 00:21:cc:50:2e:32 8110 0 5084 0 0 re0 1500 10.0.0/24 10.0.0.48 8110 0 5084 0 0 $ netstat -m 93 mbufs in use: 84 mbufs allocated to data 4 mbufs allocated to packet headers 5 mbufs allocated to socket names and addresses 17/48/6144 mbuf 2048 byte clusters in use (current/peak/max) 64/72/6144 mbuf 4096 byte clusters in use (current/peak/max) 0/8/6144 mbuf 8192 byte clusters in use (current/peak/max) 0/8/6144 mbuf 9216 byte clusters in use (current/peak/max) 0/8/6144 mbuf 12288 byte clusters in use (current/peak/max) 0/8/6144 mbuf 16384 byte clusters in use (current/peak/max) 0/8/6144 mbuf 65536 byte clusters in use (current/peak/max) 596 Kbytes allocated to network (52% in use) 0 requests for memory denied 0 requests for memory delayed 0 calls to protocol drain routines $ sysstat vm (wasn't able to capture the output very cleanly) ... 259 interrupts, 200 clock, 8 ipi, 49 re0 and 2 ahci0 I don't see anything there that appears to be out of order... -Chester See? Kids love pizza, and they love squalor. - James Madison
Bad performance with re(4)
spdmem0 at iic0 addr 0x50: 1GB DDR2 SDRAM non-parity PC2-6400CL5 SO-DIMM usb1 at uhci0: USB revision 1.0 uhub1 at usb1 Intel UHCI root hub rev 1.00/1.00 addr 1 usb2 at uhci1: USB revision 1.0 uhub2 at usb2 Intel UHCI root hub rev 1.00/1.00 addr 1 usb3 at uhci2: USB revision 1.0 uhub3 at usb3 Intel UHCI root hub rev 1.00/1.00 addr 1 usb4 at uhci3: USB revision 1.0 uhub4 at usb4 Intel UHCI root hub rev 1.00/1.00 addr 1 isa0 at pcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pms0 at pckbc0 (aux slot) pckbc0: using irq 12 for aux slot wsmouse0 at pms0 mux 0 pms0: Synaptics touchpad, firmware 7.4 pcppi0 at isa0 port 0x61 spkr0 at pcppi0 uvideo0 at uhub0 port 8 configuration 1 interface 0 Alcor Micro, Corp. HP Webcam rev 2.00/20.04 addr 2 video0 at uvideo0 vscsi0 at root scsibus2 at vscsi0: 256 targets softraid0 at root scsibus3 at softraid0: 256 targets root on sd0a (1c1f21b50fce237d.a) swap on sd0b dump on sd0b pcidump -v 1:0:0: Realtek 8101E 0x: Vendor ID: 10ec Product ID: 8136 0x0004: Command: 0007 Status: 0010 0x0008: Class: 02 Subclass: 00 Interface: 00 Revision: 04 0x000c: BIST: 00 Header Type: 80 Latency Timer: 00 Cache Line Size: 10 0x0010: BAR io addr: 0x2000/0x0100 0x0014: BAR empty () 0x0018: BAR mem prefetchable 64bit addr: 0x50004000/0x1000 0x0020: BAR mem prefetchable 64bit addr: 0x5000/0x4000 0x0028: Cardbus CIS: 0x002c: Subsystem Vendor ID: 103c Product ID: 148a 0x0030: Expansion ROM Base Address: 0x0038: 0x003c: Interrupt Pin: 01 Line: 0b Min Gnt: 00 Max Lat: 00 0x0040: Capability 0x01: Power Management 0x0050: Capability 0x05: Message Signaled Interrupts (MSI) 0x0070: Capability 0x10: PCI Express Link Speed: 2.5 / 2.5 GT/s Link Width: x1 / x1 0x00b0: Capability 0x11: Extended Message Signaled Interrupts (MSI-X) 0x00d0: Capability 0x03: Vital Product Data (VPD) Sincerly, Chester T. Field Shoulda Had 'Em Bronzed - Zoltar Williams III