Re: su and passwd
Hi you can use passwd root, after su, or use su - that simulate a full login and the command passwd. Massimo Il 12/11/2012 16.38, Alessandro Baggi ha scritto: Hi list, today, I've logged on my openbsd box, and when I change the root password I get this: $ uname -pmrsv OpenBSD 5.1 GENERIC.MP#207 amd64 amd64 $ whoami userlog $ echo $USER userlog $ su Password: # passwd Changing local password for userlog. New password: Password unchanged. # echo $USER userlog # Logging in with an user called userlog, get su, run passwd as root, it says that i'm changing password for userlog. From manual page I get: By default, the environment is unmodified with the exception of LOGNAME, HOME, SHELL, and USER. HOME and SHELL are set to the target login's default values. LOGNAME and USER are set to the target login, unless the target login has a user ID of 0 and the -l flag was not specified, in which case it is unmodified. The invoked shell is the target login's. This is the traditional behavior of su Running su -l works good. Why if user ID is == 0 or if there's no -l, the $USER will not be set? What is the policy? I've tried this also on OpenBSD 4.9 with same result. Thanks in advance. Alessandro.
Re: Performance with network card at 10Gb
hi i upgrade the driver and the performance are improved by about 45% passing from 1.3Gb/s to 1.9Gb/s. I check the hardware and i saw that the pcie bus of the server Xen are 2.0 and the pci of the OpenBSD server is not specified, i suppose isn't pcie 2.0. I am looking for another hardware with pci 2.0. tanks Massimo Il 03/07/2012 11.18, Hrvoje Popovski ha scritto: On 2.7.2012. 9:17, Massimo Pignoloni wrote: hi i have performance problem with an intel X520 DA2. I use this networ at 10Gb to do the backup of some virtual Xen machine. The two Xen server using the same network card and using iperf with them, the value is approximately 5-6 Gb/s. The performance between Xen and OpenBSD 5.1 are at most 1.5 Gb/s. I have tried some changes to /etc/sysctl file and the mtu size, but without positive result. The OpenBSD server is an HP 380 GL. anybody can help me? thanks Massimo hello, could you try current, there is mikeb's performance patch for ix http://www.openbsd.org/cgi-bin/cvsweb/src/sys/dev/pci/if_ix.c is your ix card in pcie 2.0 x8 ? http://ark.intel.com/products/39776/Intel-Ethernet-Server-Adapter-X520-DA2 if you update to current could you share results? OpenBSD 5.1 (GENERIC.MP) #188: Sun Feb 12 09:55:11 MST 2012 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC.MP cpu0: Intel(R) Xeon(R) CPU E5345 @ 2.33GHz (GenuineIntel 686-class) 2.34 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CF LUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,LONG,SSE3,MWAIT,DS-CPL,VMX,EST,TM2, SSSE3,CX16,xTPR,PDCM,DCA,LAHF real mem = 3487444992 (3325MB) avail mem = 3420291072 (3261MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 12/31/99, BIOS32 rev. 0 @ 0xf, SMBIOS rev. 2.4 @ 0xee000 (68 entries) bios0: vendor HP version P58 date 08/03/2008 bios0: HP ProLiant DL360 G5 acpi0 at bios0: rev 2 acpi0: sleep states S0 S4 S5 acpi0: tables DSDT FACP SPCR MCFG HPET SPMI ERST APIC BERT HEST SSDT acpi0: wakeup devices PCI0(S5) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimcfg0 at acpi0 addr 0xe000, bus 0-255 acpihpet0 at acpi0: 14318179 Hz acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: apic clock running at 333MHz cpu1 at mainbus0: apid 4 (application processor) cpu1: Intel(R) Xeon(R) CPU E5345 @ 2.33GHz (GenuineIntel 686-class) 2.34 GHz cpu1: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CF LUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,LONG,SSE3,MWAIT,DS-CPL,VMX,EST,TM2, SSSE3,CX16,xTPR,PDCM,DCA,LAHF cpu2 at mainbus0: apid 2 (application processor) cpu2: Intel(R) Xeon(R) CPU E5345 @ 2.33GHz (GenuineIntel 686-class) 2.34 GHz cpu2: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CF LUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,LONG,SSE3,MWAIT,DS-CPL,VMX,EST,TM2, SSSE3,CX16,xTPR,PDCM,DCA,LAHF cpu3 at mainbus0: apid 6 (application processor) cpu3: Intel(R) Xeon(R) CPU E5345 @ 2.33GHz (GenuineIntel 686-class) 2.34 GHz cpu3: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CF LUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,LONG,SSE3,MWAIT,DS-CPL,VMX,EST,TM2, SSSE3,CX16,xTPR,PDCM,DCA,LAHF cpu4 at mainbus0: apid 1 (application processor) cpu4: Intel(R) Xeon(R) CPU E5345 @ 2.33GHz (GenuineIntel 686-class) 2.34 GHz cpu4: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CF LUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,LONG,SSE3,MWAIT,DS-CPL,VMX,EST,TM2, SSSE3,CX16,xTPR,PDCM,DCA,LAHF cpu5 at mainbus0: apid 5 (application processor) cpu5: Intel(R) Xeon(R) CPU E5345 @ 2.33GHz (GenuineIntel 686-class) 2.34 GHz cpu5: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CF LUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,LONG,SSE3,MWAIT,DS-CPL,VMX,EST,TM2, SSSE3,CX16,xTPR,PDCM,DCA,LAHF cpu6 at mainbus0: apid 3 (application processor) cpu6: Intel(R) Xeon(R) CPU E5345 @ 2.33GHz (GenuineIntel 686-class) 2.34 GHz cpu6: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CF LUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,LONG,SSE3,MWAIT,DS-CPL,VMX,EST,TM2, SSSE3,CX16,xTPR,PDCM,DCA,LAHF cpu7 at mainbus0: apid 7 (application processor) cpu7: Intel(R) Xeon(R) CPU E5345 @ 2.33GHz (GenuineIntel 686-class) 2.34 GHz cpu7: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CF LUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,LONG,SSE3,MWAIT,DS-CPL,VMX,EST,TM2, SSSE3,CX16,xTPR,PDCM,DCA,LAHF ioapic0 at mainbus0: apid 8 pa 0xfec0, version 20, 24 pins ioapic1 at mainbus0: apid 9 pa 0xfec8, version 20, 24 pins acpiprt0 at acpi0: bus 1 (IP2P) acpiprt1 at acpi0: bus 11 (IPE1) acpiprt2 at acpi0: bus 10 (IPE4) acpiprt3 at acpi0: bus 16 (P2P2) acpiprt4 at acpi0: bus 9 (PT02) acpiprt5 at acpi0: bus 6 (PT03) acpiprt6 at acpi0: bus 19 (PT04) acpiprt7 at acpi0: bus 3 (NB01) acpiprt8 at acpi0: bus 5 (NB02) acpiprt9 at acpi0: bus 0 (PCI0) acpicpu0 at acpi0### AML PARSE ERROR (0xfff12023
Performance with network card at 10Gb
hi i have performance problem with an intel X520 DA2. I use this networ at 10Gb to do the backup of some virtual Xen machine. The two Xen server using the same network card and using iperf with them, the value is approximately 5-6 Gb/s. The performance between Xen and OpenBSD 5.1 are at most 1.5 Gb/s. I have tried some changes to /etc/sysctl file and the mtu size, but without positive result. The OpenBSD server is an HP 380 GL. anybody can help me? thanks Massimo OpenBSD 5.1 (GENERIC.MP) #188: Sun Feb 12 09:55:11 MST 2012 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC.MP cpu0: Intel(R) Xeon(R) CPU E5345 @ 2.33GHz (GenuineIntel 686-class) 2.34 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CF LUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,LONG,SSE3,MWAIT,DS-CPL,VMX,EST,TM2, SSSE3,CX16,xTPR,PDCM,DCA,LAHF real mem = 3487444992 (3325MB) avail mem = 3420291072 (3261MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 12/31/99, BIOS32 rev. 0 @ 0xf, SMBIOS rev. 2.4 @ 0xee000 (68 entries) bios0: vendor HP version P58 date 08/03/2008 bios0: HP ProLiant DL360 G5 acpi0 at bios0: rev 2 acpi0: sleep states S0 S4 S5 acpi0: tables DSDT FACP SPCR MCFG HPET SPMI ERST APIC BERT HEST SSDT acpi0: wakeup devices PCI0(S5) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimcfg0 at acpi0 addr 0xe000, bus 0-255 acpihpet0 at acpi0: 14318179 Hz acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: apic clock running at 333MHz cpu1 at mainbus0: apid 4 (application processor) cpu1: Intel(R) Xeon(R) CPU E5345 @ 2.33GHz (GenuineIntel 686-class) 2.34 GHz cpu1: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CF LUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,LONG,SSE3,MWAIT,DS-CPL,VMX,EST,TM2, SSSE3,CX16,xTPR,PDCM,DCA,LAHF cpu2 at mainbus0: apid 2 (application processor) cpu2: Intel(R) Xeon(R) CPU E5345 @ 2.33GHz (GenuineIntel 686-class) 2.34 GHz cpu2: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CF LUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,LONG,SSE3,MWAIT,DS-CPL,VMX,EST,TM2, SSSE3,CX16,xTPR,PDCM,DCA,LAHF cpu3 at mainbus0: apid 6 (application processor) cpu3: Intel(R) Xeon(R) CPU E5345 @ 2.33GHz (GenuineIntel 686-class) 2.34 GHz cpu3: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CF LUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,LONG,SSE3,MWAIT,DS-CPL,VMX,EST,TM2, SSSE3,CX16,xTPR,PDCM,DCA,LAHF cpu4 at mainbus0: apid 1 (application processor) cpu4: Intel(R) Xeon(R) CPU E5345 @ 2.33GHz (GenuineIntel 686-class) 2.34 GHz cpu4: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CF LUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,LONG,SSE3,MWAIT,DS-CPL,VMX,EST,TM2, SSSE3,CX16,xTPR,PDCM,DCA,LAHF cpu5 at mainbus0: apid 5 (application processor) cpu5: Intel(R) Xeon(R) CPU E5345 @ 2.33GHz (GenuineIntel 686-class) 2.34 GHz cpu5: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CF LUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,LONG,SSE3,MWAIT,DS-CPL,VMX,EST,TM2, SSSE3,CX16,xTPR,PDCM,DCA,LAHF cpu6 at mainbus0: apid 3 (application processor) cpu6: Intel(R) Xeon(R) CPU E5345 @ 2.33GHz (GenuineIntel 686-class) 2.34 GHz cpu6: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CF LUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,LONG,SSE3,MWAIT,DS-CPL,VMX,EST,TM2, SSSE3,CX16,xTPR,PDCM,DCA,LAHF cpu7 at mainbus0: apid 7 (application processor) cpu7: Intel(R) Xeon(R) CPU E5345 @ 2.33GHz (GenuineIntel 686-class) 2.34 GHz cpu7: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CF LUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,LONG,SSE3,MWAIT,DS-CPL,VMX,EST,TM2, SSSE3,CX16,xTPR,PDCM,DCA,LAHF ioapic0 at mainbus0: apid 8 pa 0xfec0, version 20, 24 pins ioapic1 at mainbus0: apid 9 pa 0xfec8, version 20, 24 pins acpiprt0 at acpi0: bus 1 (IP2P) acpiprt1 at acpi0: bus 11 (IPE1) acpiprt2 at acpi0: bus 10 (IPE4) acpiprt3 at acpi0: bus 16 (P2P2) acpiprt4 at acpi0: bus 9 (PT02) acpiprt5 at acpi0: bus 6 (PT03) acpiprt6 at acpi0: bus 19 (PT04) acpiprt7 at acpi0: bus 3 (NB01) acpiprt8 at acpi0: bus 5 (NB02) acpiprt9 at acpi0: bus 0 (PCI0) acpicpu0 at acpi0### AML PARSE ERROR (0xfff12023): Undefined name: CS03 error evaluating: \\_PR_.CPU0._CST : C3 acpicpu1 at acpi0### AML PARSE ERROR (0xfff12923): Undefined name: CS03 error evaluating: \\_PR_.CPU1._CST : C3 acpicpu2 at acpi0### AML PARSE ERROR (0xfff12323): Undefined name: CS03 error evaluating: \\_PR_.CPU2._CST : C3 acpicpu3 at acpi0### AML PARSE ERROR (0x1bf23): Undefined name: CS03 error evaluating: \\_PR_.CPU3._CST : C3 acpicpu4 at acpi0### AML PARSE ERROR (0x1bd23): Undefined name: CS03 error evaluating: \\_PR_.CPU4._CST : C3 acpicpu5 at acpi0### AML PARSE ERROR (0x1bb23): Undefined name: CS03 error evaluating: \\_PR_.CPU5._CST : C3 acpicpu6 at acpi0### AML PARSE ERROR (0x1b923): Undefined name: CS03 error evaluating: \\_PR_.CPU6._CST : C3
Re: PF match counter seems to be hitting a limit
On Tue, 1 Feb 2011 17:45:52 -0500 Ted Unangst ted.unan...@gmail.com wrote: On Tue, Feb 1, 2011 at 4:34 PM, Steve Johnson maill...@sjohnson.info wrote: I had forgotten to also include the sysctl changes that I had made as well, mostly based from calomel.org, which were the following: net.inet.ip.ttl=254 I love this. Bigger is better! Size does matter... -- Massimo --
Re: It still doable to buy VIA padlock engine CPU?
On Wed, 20 Oct 2010 18:30:31 +0100 Kevin Chadwick ma1l1i...@yahoo.co.uk wrote: On Tue, 19 Oct 2010 18:45:18 +0200 Massimo Lusetti mass...@cedoc.mo.it wrote: 1.5GHz VIA C7 CPU o an ATOM one? No idea what the acceleration on this board brings to the party, but if you do then bare in mind that; 1 atom mhz != 1 traditional i386 mhz (see atom on wikipedia (varying types) for info) Maybe that tips the scales in your thought process? Thanks to you and everyone answering, I'll dig a little more and hopefully I will do some tests on different boards. Cheers -- Massimo
Re: It still doable to buy VIA padlock engine CPU?
On Tue, 19 Oct 2010 18:32:48 + (UTC) Stuart Henderson s...@spacehopper.org wrote: On 2010-10-19, Massimo Lusetti mass...@cedoc.mo.it wrote: Does it still doable nowadays to buy VIA padlock engine equipped CPU/motherboard just to take advantage of the hw crypto acceleration? I mean, to do IPSec stuff it's better to use a 1.5GHz VIA C7 CPU o an ATOM one? To do fast IPsec AES, it's better to use core i5 and -current. Well, thanks for the info but I think I cannot use that kind of boxes in this specific environment cause I need fanless boxes. I've to replace Commell boards so I'm looking for something similar (maybe fanless too) with 2/3/4 nics I remember we chatted about this three/four years ago? Anyany thanks again for the pointer... Cheers -- Massimo
Re: It still doable to buy VIA padlock engine CPU?
On Wed, 20 Oct 2010 11:35:19 +0200 Francesco Vollero ra...@lilik.it wrote: Did you already check here[1] ? :) I think I read misc@ daily plus tech@ and source-changes@ too and that's the reason I'm asking. I read (some time ago) VIA C7 has a crippled implementation of the crypto flow instruction (if memory serves were from djm@). I've more the 40 C7 boxes from 3/4 years ago serving us pretty well 24h but they're start to failing some due to lack of conditioning other due to lack of surge protection and so on... I cannot control the environment where they are settled I just can provide suggestions and directive... So I start to look around to find if it's the case to switch architecture/platform too and I guess I could ask for direct experience here in misc. Just to have more clue on argument, so any hint is appreciated. Cheers -- Massimo
It still doable to buy VIA padlock engine CPU?
Does it still doable nowadays to buy VIA padlock engine equipped CPU/motherboard just to take advantage of the hw crypto acceleration? I mean, to do IPSec stuff it's better to use a 1.5GHz VIA C7 CPU o an ATOM one? Do anyone have any experience? Thanks in advantage -- Massimo
Re: How to use /dev/srandom
On Wed, 29 Sep 2010 11:16:53 -0600 Theo de Raadt dera...@cvs.openbsd.org wrote: It is more efficient. There is almost always enough entropy for arandom, and if there isn't, you would have a hard time detecting that. There is always enough. The generator will keep moving, until it has ^^^ Like 64K will be enough for everyone ? ;) ... please put it in theo.c -- Massimo
Filter on a CARP (active/passive) firewall
Hi guys, I read on the OpenBSD PF's FAQ this statement: Ruleset Tips Filter the physical interface. As far as PF is concerned, network traffic comes from the physical interface, not the CARP virtual interface (i.e., carp0). So, write your rule sets accordingly. Don't forget that an interface name in a PF rule can be either the name of a physical interface or an address associated with that interface. For example, this rule could be correct: pass in on fxp0 inet proto tcp from any to carp0 port 22 but replacing the fxp0 with carp0 would not work as you desire. I would ask if using the group names instead of the physical interface has some draw backs, cause i find it easier to understand. I'm also giving the same group name to the carp interface so i can see all my IPs with ifconfig group_name. Am I missing something abvious? Thanks -- Massimo
What a nice theme for the current hackathon!
... I think it deserve at least an undeadly article ;) Thanks guys! -- Massimo
Re: dhcpd knob
On Sat, 19 Jun 2010 11:08:29 -0600 Theo de Raadt dera...@cvs.openbsd.org wrote: anyone is welcome to run the official isc stuff if they want. they're also welcome to drink the water in india. we don't mind when other Please add this to theo.c ... it deserve it! -- Massimo
Re: iked(8) and ikectl(8)
On Fri, 4 Jun 2010 12:35:36 +0200 Reyk Floeter r...@openbsd.org wrote: but please a little bit before using it in production networks, iked(8) is not fully ready yet ;-). I'm following your commit flow about it and is exiting, this is why I'm still with OpenBSD ;) -- Massimo
Re: iked(8) and ikectl(8)
On Thu, 3 Jun 2010 23:06:58 +0200 Reyk Floeter r...@openbsd.org wrote: This is a very brief summary, more information will follow. reyk That's great! ... 4.7 is just behind the door and is already time to move on -current! I got 48 IPsec gateways which just await to be upgraded! Pretty nice! -- Massimo
Re: dmesg FW-8750 with 4G from 4.7-current
On Thu, 20 May 2010 16:07:31 +0200 Henning Brauer lists-open...@bsws.de wrote: argh, no. bigmem isn't useable as of now or it would be default. the difference being PCI space mostly. only have 32bit adressing ake 4G for mem AND pci etc, ya know. yep, reading archives and commit logs I have come to the decision to leave it to the defaults. I expect to mail dmesg@ on monday or tuesday when the box will be released. Cheers -- Massimo
dmesg FW-8750 with 4G from 4.7-current
rev 0x02: apic 2 int 23 (irq 14) usb0 at ehci0: USB revision 2.0 uhub0 at usb0 Intel EHCI root hub rev 2.00/1.00 addr 1 ppb11 at pci0 dev 30 function 0 Intel 82801BA Hub-to-PCI rev 0x92 pci12 at ppb11 bus 1 pcib0 at pci0 dev 31 function 0 Intel 82801IO LPC rev 0x02 pciide0 at pci0 dev 31 function 2 Intel 82801I SATA rev 0x02: DMA, channel 0 configured to native-PCI, channel 1 configured to native-PCI pciide0: using apic 2 int 19 (irq 10) for native-PCI interrupt wd0 at pciide0 channel 1 drive 0: INTEL SSDSA2M080G2GC wd0: 16-sector PIO, LBA48, 76319MB, 156301488 sectors SSDSA2M080G2GC wd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 6 ichiic0 at pci0 dev 31 function 3 Intel 82801I SMBus rev 0x02: apic 2 int 18 (irq 11) iic0 at ichiic0 spdmem0 at iic0 addr 0x50: 2GB DDR2 SDRAM non-parity PC2-6400CL5 spdmem1 at iic0 addr 0x52: 2GB DDR2 SDRAM non-parity PC2-6400CL5 pciide1 at pci0 dev 31 function 5 Intel 82801I SATA rev 0x02: DMA, channel 0 wired to native-PCI, channel 1 wired to native-PCI pciide1: using apic 2 int 19 (irq 10) for native-PCI interrupt usb1 at uhci0: USB revision 1.0 uhub1 at usb1 Intel UHCI root hub rev 1.00/1.00 addr 1 usb2 at uhci1: USB revision 1.0 uhub2 at usb2 Intel UHCI root hub rev 1.00/1.00 addr 1 isa0 at pcib0 isadma0 at isa0 com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo com0: console com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo pckbc0 at isa0 port 0x60/5 pcppi0 at isa0 port 0x61 midi0 at pcppi0: PC speaker spkr0 at pcppi0 lpt0 at isa0 port 0x378/4 irq 7 it0 at isa0 port 0x2e/2: IT8718F rev 4, EC port 0xa10 mtrr: Pentium Pro MTRR support umass0 at uhub0 port 2 configuration 1 interface 0 Cypress Semiconductor USB2.0 Storage Device rev 2.00/0.01 addr 2 umass0: using SCSI over Bulk-Only scsibus0 at umass0: 2 targets, initiator 0 cd0 at scsibus0 targ 1 lun 0: HL-DT-ST, DVDRAM GSA-4163B, A103 SCSI0 5/cdrom removable uhidev0 at uhub1 port 1 configuration 1 interface 0 SILITEK USB Keyboard rev 1.10/2.00 addr 2 uhidev0: iclass 3/1 ukbd0 at uhidev0: 8 modifier keys, 6 key codes wskbd0 at ukbd0: console keyboard, using wsdisplay0 uhidev1 at uhub1 port 1 configuration 1 interface 1 SILITEK USB Keyboard rev 1.10/2.00 addr 2 uhidev1: iclass 3/0, 2 report ids uhid0 at uhidev1 reportid 1: input=5, output=0, feature=0 uhid1 at uhidev1 reportid 2: input=5, output=0, feature=4 vscsi0 at root scsibus1 at vscsi0: 256 targets softraid0 at root root on wd0a swap on wd0b dump on wd0b The machine bios sees 4G RAM while OpenBSD 4.7amd64 sees only 3G RAM Any clue is really appreciated, thanks Regards -- Massimo Lusetti
Re: dmesg FW-8750 with 4G from 4.7-current
On Wed, 19 May 2010 11:40:33 +0200 Massimo Lusetti mass...@cedoc.mo.it wrote: Hi guys, I got a small issue with a FW-8750 which boots: OpenBSD 4.7-current (GENERIC.MP) #227: Wed Apr 28 11:55:45 MDT 2010 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 3210477568 (3061MB) avail mem = 3111297024 (2967MB) [..] The machine bios sees 4G RAM while OpenBSD 4.7amd64 sees only 3G RAM Any clue is really appreciated, thanks I see the dmesg has been mangled by my mailer and/or cutpaste so here I attach dmesg from booting multi and single processor GENERIC hoping it will not be removed, thanks again for any hint. Cheers -- Massimo Lusetti [demime 1.01d removed an attachment of type application/octet-stream which had a name of dmesg] [demime 1.01d removed an attachment of type application/octet-stream which had a name of dmesg.mp]
Re: dmesg FW-8750 with 4G from 4.7-current
On Wed, 19 May 2010 13:32:19 +0200 Robert rob...@openbsd.pap.st wrote: This is the expected behaviour. Check the mailinglist-archives for details. (hint: bigmem) Thanks for the hint, looking for infos. Thanks to others answering privately too, even the ones suggesting another MUA ;) Cheers -- Massimo
Re: Route modified dynamically
On Fri, 12 Mar 2010 01:43:39 +0100 Claudio Jeker cje...@diehard.n-r-g.com wrote: On Fri, Mar 12, 2010 at 12:28:33AM +, Stuart Henderson wrote: On 2010-03-10, Massimo Lusetti mass...@cedoc.mo.it wrote: Hi misc, I got a 4.5 box which act as a perimeter ipsec routing gateway, it has 682 flow (by ipsecctl -sf | wc -l). Some of this flow are up with a static route to the other point of the ipsec tunnel and some of these routes are changing dynamically (netstat shows UGHMS flags). Wow that's a strange flag combo. Why is S M set together? Hmm. Another strange routing thing I need to have a loot at. Most probably the cloning is done wrong. BTW I've settled the same default present in 4.6 for not-accepting icmp redirect and 4 days are passed without route modifications. Cheers -- Massimo
Re: Route modified dynamically
On Fri, 12 Mar 2010 14:55:51 +0100 Claudio Jeker cje...@diehard.n-r-g.com wrote: Wow that's a strange flag combo. Why is S M set together? Hmm. Another strange routing thing I need to have a loot at. Most probably the cloning is done wrong. Hmm, does it have to be cloned? Couldn't this be the result of route add -host, and then receiving a redirect? Massimo, what command are you using to add these static routes? Yep, I simply added the route the usual openbsd way, inside hostname file without particular options: route add 10.0.0.1 10.10.10.10 He adds static host routes and the redirect changes the gateway of the static route. I think it would be better to add the redirect with a high priority to the table so the original one is not modified. At least something like this would work now. But this way the redirect don't take precedence over static one? Besides my particular case where the redirect point to a non usable gateway (which is indeed a bad configuration on the other side), should a redirect change a static route? Cheers -- Massimo
Route modified dynamically
Hi misc, I got a 4.5 box which act as a perimeter ipsec routing gateway, it has 682 flow (by ipsecctl -sf | wc -l). Some of this flow are up with a static route to the other point of the ipsec tunnel and some of these routes are changing dynamically (netstat shows UGHMS flags). When these routes changes dynamically my tunnel fall cause i cannot reach my tunnel endpoint anymore. Probably these redirect are coming from some ciscozze with HSRP or something and I've already asked the ciscozze admin to look without any luck so I guess I've to do something on my side and I'm here to ask for hints. Should I have to elevate the priority of the static route ? Should I block redirects from the ciscozze gateway? BTW the issues is popped up when we deployed 4.5, with 4.3 we didn't notice it but I cannot guarantee something has changed on the other side. Any hints is really appreciated. Cheers -- Massimo
Re: Route modified dynamically
On Wed, 10 Mar 2010 09:44:36 +0100 Massimo Lusetti mass...@cedoc.mo.it wrote: Any hints is really appreciated. Should I stop accepting icmp redirect with the sysctl knobs as the changes in the 4.6 release? Cheers -- Massimo
Re: Questions for OpenBGPd Developers
On Tue, 13 Oct 2009 02:12:04 +0200 Henning Brauer lists-open...@bsws.de wrote: and there's a reason why it is that way - I always found the idea of making a bgp router out of a common unix box by adding a userland bgp speaker only flawed. many things can only properly or at all be done at kernel level or with kernel support. I guess that's apply to OpenOSPF and RIP too, right? Cheers -- Massimo
Re: c2k7 hackathon is over
On Sat, 02 Jun 2007 16:40:49 -0600 Theo de Raadt [EMAIL PROTECTED] wrote: Hope you guys out there enjoy the changes that we've made. You can't imagine how much i enjoyed reading through commit logs. Amazing. Thank you! -- Massimo.run(); : is not an identifier
UMTS card almost recognized
Hi all, with my own CDs i freshly installed 4.1 on my laptop, everything is working smootly expect for an UMTS PCMCIA card which is not totally recognized. I think this is similar to the ones supported by ubsa(4). This is the kernel messages obtained when i insert the PCMCIA card on a 4.1 GENERIC kernel. The card is marked as ONDA Mobile Communication H600 HSDPA/UMTS/GPRS Type MF330. Any hint/info is really appreaciated. If you would like to see the full dmesg (the same i posted to [EMAIL PROTECTED]) drop me a note ohci0 at cardbus0 dev 0 function 0 vendor Philips, unknown product 0x1561 rev 0x11: irq 6, version 1.0 usb5 at ohci0: USB revision 1.0 uhub5 at usb5 uhub5: Philips OHCI root hub, rev 1.00/1.00, addr 1 uhub5: 2 ports with 2 removable, self powered ehci1 at cardbus0 dev 0 function 2 vendor Philips, unknown product 0x1562 rev 0x11: irq 6 usb6 at ehci1: USB revision 2.0 uhub6 at usb6 uhub6: Philips EHCI root hub, rev 2.00/1.00, addr 1 uhub6: 2 ports with 2 removable, self powered ugen0 at uhub5 port 2 ugen0: Qualcomm, Incorporated ONDA CDMA Technologies MSM, rev 1.10/0.00, addr 2 Best regards -- Massimo.run(); And you can't get any Watney's Red Barrel, because the bars close every time you're thirsty...
Re: UMTS card almost recognized
On Wed, 2 May 2007 21:48:38 +1000 Jonathan Gray [EMAIL PROTECTED] wrote: Sounds like umsm(4) would be more likely to me. Can you send the output of usbdevs -v? Here you are: Controller /dev/usb0: addr 1: full speed, self powered, config 1, UHCI root hub(0x), Intel (0x8086), rev 1.00 port 1 powered port 2 powered Controller /dev/usb1: addr 1: full speed, self powered, config 1, UHCI root hub(0x), Intel (0x8086), rev 1.00 port 1 powered port 2 powered Controller /dev/usb2: addr 1: full speed, self powered, config 1, UHCI root hub(0x), Intel (0x8086), rev 1.00 port 1 powered port 2 powered Controller /dev/usb3: addr 1: full speed, self powered, config 1, UHCI root hub(0x), Intel (0x8086), rev 1.00 port 1 addr 2: low speed, power 98 mA, config 1, USB-PS/2 Optical Mouse (0xc00e), Logitech(0x046d), rev 11.10 port 2 powered Controller /dev/usb4: addr 1: high speed, self powered, config 1, EHCI root hub(0x), Intel (0x8086), rev 1.00 port 1 powered port 2 powered port 3 powered port 4 powered port 5 powered port 6 powered port 7 powered port 8 powered Controller /dev/usb5: addr 1: full speed, self powered, config 1, OHCI root hub(0x), Philips(0x1131), rev 1.00 port 1 powered port 2 addr 2: full speed, power 500 mA, config 1, ONDA CDMA Technologies MSM(0x6613), Qualcomm, Incorporated(0x05c6), rev 0.00 Thanks for your time. Regards -- Massimo.run(); Is sex dirty? Only if it's done right. -- Woody Allen, All You Ever Wanted To Know About Sex
Re: bcw(4) is gone
On Mon, 9 Apr 2007 20:20:33 -0500 Marco Peereboom [EMAIL PROTECTED] wrote: GPL is as free as communism. Please add this to fortune! -- Massimo.run(); She's the kind of girl who climbed the ladder of success wrong by wrong. -- Mae West
re(4) watchdog timeout on a LE-565
This[1] is from a LE-565 board which refuse to run normally when 2 or more network are attached to more then one re(4). As soon as i configure and connect an Ethernet cable to a second nic i get the watchdog timeout error at the bottom of the dmesg. No matter if i put traffic on wire or not. BTW with recents current SpeedStep has gained two more clock steps. Any hint is really appreciated. -- Massimo.run(); [1] OpenBSD 4.0-current (GENERIC) #1238: Mon Nov 27 07:21:29 MST 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: VIA Esther processor 1000MHz (CentaurHauls 686-class) 1 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,CMOV,PAT,CFLUSH,ACPI,MMX,FXSR,SSE,SSE2,TM,SBF,SSE3,EST,TM2 cpu0: Enhanced SpeedStep 1000 MHz (844 mV): speeds: 1000, 800, 600, 400 MHz cpu0: RNG AES AES-CTR SHA1 SHA256 RSA real mem = 468152320 (457180K) avail mem = 418914304 (409096K) using 4256 buffers containing 23531520 bytes (22980K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(d2) BIOS, date 06/26/06, BIOS32 rev. 0 @ 0xf9ed0, SMBIOS rev. 2.3 @ 0xf (33 entries) apm0 at bios0: Power Management spec V1.2 apm0: AC on, battery charge unknown apm0: flags 70102 dobusy 1 doidle 1 pcibios0 at bios0: rev 2.1 @ 0xf/0xd274 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfd180/224 (12 entries) pcibios0: bad IRQ table checksum pcibios0: PCI BIOS has 13 Interrupt Routing table entries pcibios0: PCI Exclusive IRQs: 10 pcibios0: PCI Interrupt Router at 000:17:0 (VIA VT8237 ISA rev 0x00) pcibios0: PCI bus #1 is the last bus bios0: ROM list: 0xc/0xd800! 0xd/0x1000 cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 VIA CN700 Host rev 0x00 pchb1 at pci0 dev 0 function 1 VIA CN700 Host rev 0x00 pchb2 at pci0 dev 0 function 2 VIA CN700 Host rev 0x00 pchb3 at pci0 dev 0 function 3 VIA PT890 Host rev 0x00 pchb4 at pci0 dev 0 function 4 VIA CN700 Host rev 0x00 pchb5 at pci0 dev 0 function 7 VIA CN700 Host rev 0x00 ppb0 at pci0 dev 1 function 0 VIA VT8377 AGP rev 0x00 pci1 at ppb0 bus 1 vga1 at pci1 dev 0 function 0 VIA S3 Unichrome PRO IGP rev 0x01: aperture at 0xf400, size 0x1000 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) rtw0 at pci0 dev 10 function 0 Realtek 8185 rev 0x20: irq 10 rtw0: ver RTL8185, rtw0: could not recall EEPROM in 1us rtw0: could not recall EEPROM in 1us re0 at pci0 dev 11 function 0 Realtek 8169 rev 0x10: irq 10, address 00:03:1d:03:97:bd rgephy0 at re0 phy 7: RTL8169S/8110S PHY, rev. 0 re1 at pci0 dev 12 function 0 Realtek 8169 rev 0x10: irq 10, address 00:03:1d:03:97:be rgephy1 at re1 phy 7: RTL8169S/8110S PHY, rev. 0 re2 at pci0 dev 13 function 0 Realtek 8169 rev 0x10: irq 10, address 00:03:1d:03:97:bf rgephy2 at re2 phy 7: RTL8169S/8110S PHY, rev. 0 re3 at pci0 dev 14 function 0 Realtek 8169 rev 0x10: irq 10, address 00:03:1d:03:97:c0 rgephy3 at re3 phy 7: RTL8169S/8110S PHY, rev. 0 pciide0 at pci0 dev 15 function 0 VIA VT6420 SATA rev 0x80: DMA pciide0: using irq 10 for native-PCI interrupt pciide1 at pci0 dev 15 function 1 VIA VT82C571 IDE rev 0x06: ATA133, channel 0 configured to compatibility, channel 1 configured to compatibility wd0 at pciide1 channel 0 drive 0: IBM-DTLA-307030 wd0: 16-sector PIO, LBA, 29314MB, 60036480 sectors wd0(pciide1:0:0): using PIO mode 4, Ultra-DMA mode 5 pciide1: channel 1 disabled (no drives) uhci0 at pci0 dev 16 function 0 VIA VT83C572 USB rev 0x81: irq 10 usb0 at uhci0: USB revision 1.0 uhub0 at usb0 uhub0: VIA UHCI root hub, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered uhci1 at pci0 dev 16 function 1 VIA VT83C572 USB rev 0x81: irq 10 usb1 at uhci1: USB revision 1.0 uhub1 at usb1 uhub1: VIA UHCI root hub, rev 1.00/1.00, addr 1 uhub1: 2 ports with 2 removable, self powered uhci2 at pci0 dev 16 function 2 VIA VT83C572 USB rev 0x81: irq 10 usb2 at uhci2: USB revision 1.0 uhub2 at usb2 uhub2: VIA UHCI root hub, rev 1.00/1.00, addr 1 uhub2: 2 ports with 2 removable, self powered uhci3 at pci0 dev 16 function 3 VIA VT83C572 USB rev 0x81: irq 10 usb3 at uhci3: USB revision 1.0 uhub3 at usb3 uhub3: VIA UHCI root hub, rev 1.00/1.00, addr 1 uhub3: 2 ports with 2 removable, self powered ehci0 at pci0 dev 16 function 4 VIA VT6202 USB rev 0x86: irq 10 usb4 at ehci0: USB revision 2.0 uhub4 at usb4 uhub4: VIA EHCI root hub, rev 2.00/1.00, addr 1 uhub4: 8 ports with 8 removable, self powered viapm0 at pci0 dev 17 function 0 VIA VT8237 ISA rev 0x00 iic0 at viapm0 lm1 at iic0 addr 0x2f: W83782D auvia0 at pci0 dev 17 function 5 VIA VT8233 AC97 rev 0x60: irq 10 ac97: codec id 0x414c4760 (Avance Logic ALC655 rev 0) audio0 at auvia0 isa0 at mainbus0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pcppi0 at isa0 port 0x61 midi0 at pcppi0: PC speaker spkr0 at pcppi0 lpt0 at isa0 port 0x378/4
wpi fail to load firmware
I'm really happy since i can now try to work with the wpi(4) on my laptop. I freshly installed 4.0 and got wpi0 at pci5 dev 0 function 0 Intel PRO/Wireless 3945ABG rev 0x02: irq 10, address 00:13:02:18:e5:b2 but as soon as i try ifconfig wpi0 up and the driver try to load the firware i got wpi0: timeout waiting for thermal sensors calibration wpi0: timeout waiting for thermal sensors calibration wpi0: fatal firmware error If i can do anything to help you debug this problem, please let me know, I'll try. As usual I've sent complete dmesg to dmesg@ but if you want it here i can paste it. Thanks for this great piece of software. -- Massimo BSD guys are a lot like Linux guys, except they have kissed girls
Re: wpi fail to load firmware
On Fri, 2006-11-03 at 10:56 +0100, Massimo Lusetti wrote: If i can do anything to help you debug this problem, please let me know, I'll try. Could be this related? CVSROOT:/cvs Module name:src Changes by: [EMAIL PROTECTED] 2006/11/01 04:25:01 Modified files: sys/dev/pci: if_wpi.c Log message: fix firmware fatal errors on re-associations. reported and tested by Marc Winiger and dhartmei@ I did notice this commit only right now... -- Massimo.run();
Re: Via C7 fully supported?
On Tue, 31 Oct 2006 07:12:51 -0700 (MST) Diana Eichert [EMAIL PROTECTED] wrote: On Tue, 31 Oct 2006, Tom Cosgrove wrote: Although they're not yet available, Wim is hoping to sell http://www.liantec.com/product/emboard/EMB-5740.htm soon. See http://www.kd85.com/liantec.html. Thanks Tom look like a more interesting choice than the commell I'm looking at, http://www.commell.com.tw/Product/SBC/LV-669.HTM The only thing thery're missing is the gpio, which could be usefull. Regards -- Massimo
Re: Actual network chipset
On Sat, 2006-10-14 at 09:59 +1000, Jonathan Gray wrote: This is because the hardware presents the same number to the kernel for 8169/8169S/8110S. The 8110S is designed to be used on system boards, 8169 is the sort of thing that can be found on pci cards. Thanks for the clarification. What sounds strange to me is that this is revealed from a SBC board, particularly, a Commell LE-565, even whose spec sheet and manuals always talks about RTL8110S-32 as the ethernet chipset. Regards -- Massimo.run();
Actual network chipset
Hi all, I wish to know actually which chipset this board has on, since the spec sheet says it has to be a RTL8110S-32 but after seeing the dmesg output I'm not so sure right now. This is from a 4.0-CURRENT from mid of September (14/09) re0 at pci0 dev 11 function 0 Realtek 8169 rev 0x10: irq 10, address 00:03:1d:03:97:bd rgephy0 at re0 phy7: RTL8169S/8110S PHY, rev. 0 I cannot read on the chip itself since it is covered by a not removable heat dissipater Thanks for your time, best regards -- Massimo BSD guys are a lot like Linux guys, except they have kissed girls
Re: 'flags S/SA keep state' now the default
On Fri, 2006-10-06 at 11:36 +, Ryan McBride wrote: I've just committed code based on a suggestion made by Daniel Hartmeier to make flags S/SA keep state the default for rules. THANKS! -- Massimo.run();
Re: Experience with isakmpd/ipsec in production?
On Mon, 2006-08-21 at 15:43 +0200, Sven Ingebrigt Ulland wrote: How long have you been running openbsd isakmpd/ipsec (in production)? We've been using them since 3.9 and got small quirks mostly due to our misunderstanding of protocols and implementations, a little also due to the initial lack of openbsd-standard-level documentation :) Any issue was resolved with a small search on code or mailing list archive or as a last resource asking directly to [EMAIL PROTECTED] Now we got a 10 node VPN lan based totally on -current as of mid of August with more the 70 tunnels in it. I will add 8 more peers during September. So far very happy with reliability and maintenance facility. A small side note, I'm waiting the 'fix' for totally take advantage of Via C3/C7 crypto features and hope they will be in for 4.0 or just a little after :) even if my users are very happy with the current performance. Regards -- Massimo.run();
Re: bsd.rd
On Mon, 2006-07-24 at 03:05 -0300, Gustavo Rios wrote: What is the process one should pass through in order to have built a bsd.rd kernel? I highly suggest you to look at flashboot. -- Massimo.run();
Re: sokeris output
On Mon, 2006-07-24 at 02:33 -0300, Gustavo Rios wrote: PS: If you have a kernel configuration file for exact that hardware, i would enjoy too. Look at flashboot[1] source. [1] http://mindrot.org/flashboot.html -- Massimo.run();
Error building ntpd on -current
I just updated from CVS today and cannot do a make build anymore. I successfully installed a booted a GENERIC kernel. OpenBSD 3.9-current (GENERIC) #3: Wed Jul 5 09:38:20 CEST 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel Pentium III (GenuineIntel 686-class) 602 MHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE real mem = 133722112 (130588K) avail mem = 115286016 (112584K) but cannot build userland: cc -o ntpd ntpd.o buffer.o log.o imsg.o ntp.o ntp_msg.o parse.o config.o server.o client.o sensors.o util.o ntpd.o(.text+0x9ec): In function `ntpd_adjfreq': : undefined reference to `adjfreq' ntpd.o(.text+0xa44): In function `ntpd_adjfreq': : undefined reference to `adjfreq' ntpd.o(.text+0xc32): In function `readfreq': : undefined reference to `adjfreq' collect2: ld returned 1 exit status *** Error code 1 Stop in /usr/src/usr.sbin/ntpd (line 93 of /usr/share/mk/bsd.prog.mk). *** Error code 1 Stop in /usr/src/usr.sbin. *** Error code 1 Stop in /usr/src. *** Error code 1 Stop in /usr/src (line 73 of Makefile). Any help is really appreciated. Thanks. -- Massimo
Re: Error building ntpd on -current
On Wed, 2006-07-05 at 16:41 +0200, Otto Moerbeek wrote: You probably did not do a make build, but took a shortcut. No at all. I've followed precisely the procedure described here: http://www.openbsd.org/faq/faq5.html as I've always done before, I forgot to mention that the machine was a current from 10th June. Now I've upgraded that box to the latest snapshot and will do the same exactly procedure on the following box: OpenBSD 3.9-current (GENERIC) #0: Thu Jun 1 09:43:35 CEST 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel(R) Pentium(R) 4 CPU 3.00GHz (GenuineIntel 686-class) 3.01 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,EST,CNXT-ID,CX16 cpu0: unknown Enhanced SpeedStep CPU, msr 0x0f250f25 real mem = 1005088768 (981532K) avail mem = 909152256 (887844K) Just for the records, both machines (the one being reinstalled and the above one) where successfully updated from a snapshot of the 9th April. Thanks for your time. -- Massimo.run();
Re: Error building ntpd on -current
On Wed, 2006-07-05 at 17:38 +0200, Otto Moerbeek wrote: What is the version of your libc? Check ls -l /usr/lib/libc.so.*, newest version should be 39.2. $ nm /usr/lib/libc.so.39.2 | grep adjfreq 000411f0 T _thread_sys_adjfreq 000411f0 W adjfreq I'm building right now on the second box but it seems clear that that was the problem, just for the fact are you saying that On the box i'm building on right now i got this: libc.so.39.0 from 9th April and libc.so.39.1 from 1st June And if i understand correctly it's right to have that value before the build, i just have to have 39.2 after a successful build, right? If the verison is not 39.2, or the above command gives no matches, then you did not do a proper build. What could have been the problem? -- Massimo.run();
IPSec unspec transport
I got a VPN network which works quite well, i mean works very well thanks to OpenBSD and its implementation but i got one end point over the 6 running which causing me troubles. The configuration is done with ipsec.conf and is identical to others which works well. Here some example config: ike esp from $MY_NET to $OTHER_NET peer $VPN_PEER main auth hmac-md5 enc aes Isakmpd is started with no .conf and .policy just with -K and use IPv4 private/pubkeys as identifiers on public static IPs. This all on a OpenBSD 3.9-current (GENERIC-RD) #0: Tue Mar 28 12:41:04 EST 2006 From the troubling VPN gateway and respectively from the central VPN gatewayt i (apparently randomly) got: unspec transport from x.y.w.z to z.w.y.x spi 0xa0a35d6a and the tunnel with the flows along falls. What unspec transport actually means? What could cause the above message? Any hint is really appreciated, thanks. -- Massimo
Re: IPSec unspec transport
On Mon, 2006-07-03 at 00:51 -0700, Clint Pachl wrote: Are both end points trying to negotiate? Try using the passive keyword on one endpoint: ike passive esp ... Yes both active. Does that should cause problems? I have experienced the same issue. I don't know the details of what exactly is happening, however, it seems to be a synchronization problem. Here's what I have done to get rid of the unspec transport and setup the proper flows and SAs: Execute on the passive box first, then the other: # ipsecctl -F # echo R /var/run/isakmpd.fifo # ipsecctl -f /etc/ipsec.conf I know how to put it up again and i actually use -d just to keep up others tunnel. Anyway you're telling me that every time your tunnel fall you are there to cast that command to bring it up again? That's not suitable... : What i really want to know (investigate) is what is causing this drops since they happen just on one line not in the other and the devices are all the same just as the OpenBSD version. To add infos i just dropped down the max-mss size to a lower value cause i was seeing a lot of DF! packets without that setting and now all packets aren't fragmented by the routers between my peers. Again i'm not so sure how this is related but digging through the problem i've discovered that the time the tunnel fall is near the time the ISP's router is negotiating its own wan IP address through PPPoA with the ISP's kerberos server. Does this sound resonable or it is totally unrelated? Also, make sure all IP addresses in ipsec.conf are reachable; check netstat -rnfinet. Double checked. Thanks for your time -- Massimo
Re: VIA C7 hardware AES support in IPSEC(ctl)
On Thu, 2006-06-22 at 20:04 +0200, Hans-Joerg Hoexer wrote: we are. It would be great if you could explain us a little more about this? BTW thanks for the great tool ipsecctl is! Ciao -- Massimo.run();
Re: Crypto acceleration (was: Re: VIA C7 hardware AES support in IPSEC(ctl))
On Fri, 2006-06-23 at 10:00 +0200, Markus Friedl wrote: yes, the card needs to support all algorithms, crypto_newsession() does this: /* * The algorithm we use here is pretty stupid; just use the * first driver that supports all the algorithms we need. Do * a double-pass over all the drivers, ignoring software ones * at first, to deal with cases of drivers that register after * the software one(s) --- e.g., PCMCIA crypto cards. * * XXX We need more smarts here (in real life too, but that's * XXX another story altogether). */ -m I was looking at this a while ago for an old setup which is still alive for test pourpose and needed attention just for this particular case. Thanks Christian and Markus for pointing this out. Regards. -- Massimo.run();
Re: VIA C7 hardware AES support in IPSEC(ctl)
On Wed, 2006-06-21 at 17:49 +0200, Bihlmaier Andreas wrote: Sorry, for that but I thought it wouldn't matter: I dont mean to offend you, but... i think test environment matter. All hosts are in the same network and can talk directly to each other, but for unsecure protocols (NFS, HTTP) I run a VPN between them. host1 router host2 10.0.0.1 10.0.0.254 10.0.0.8// Real IP // VPN 10.2.0.1 10.2.0.254 10.2.0.8// alias used for VPN +-+ host1---+ | | Switch +--- router host2---+ | +-+ Again you don't specify which host is what so i'm guessing here. Which is the C7? What the others box are? I use iperf -w 256k for testing purposes. The speed between hosts/router using their real IPs (-B 10.0.0.*) is about 70-80 Mb/s. ~22 Mb/s between host1 and host2 using their VPN IPs. BTW i don't think you should spit on 22 Mb/s IPSec for a 500/600EURO box. For the records I got the same IPSec performance with C3 1GHz on rl(4) boxes. Sustained. -- Massimo.run();
Re: VIA C7 hardware AES support in IPSEC(ctl)
On Wed, 2006-06-21 at 13:48 +0200, Bihlmaier Andreas wrote: I dont mean to offend you, but ... Doh, I know that and these are VERY nice figures, BUT my problem is that I have to slow (== no acceleration) speed in IPSEC. I thought that OPenBSD would just make use of it (again in IPSEC) if it detects it. You haven't specified the network setup and how did you conduced the tests. -- Massimo.run();
Re: Mail Server configuration question(s)
On Fri, 2006-06-09 at 13:55 +0100, Craig Skinner wrote: When I worked for a small ISP that had 5000 domains, we found the best thing to do was use passwd for auth as anything else was too slow. When an account was added via the website, a perl script would pull data from SQL, generate passwd, postfix confs reload postfix. You could have cron run the script every 15 mins and only generate config files if there was new data/accounts to remove. Well, 5000 domains and how many accounts/aliases/forwarders? -- Massimo.run();
Re: ipsecctl, ipsecadm and friends
On Wed, 2005-09-14 at 11:41 -0400, Jason Dixon wrote: At first glance, ipsec.conf appears to marginalize the need for isakmpd.conf, simplifying the flow definitions. The syntax is very easy and resembles the linguistic format we've come to love in pf.conf. I suppose for using ike within ipsec.conf isakmpd should be already running, right ? So a blank isakmpd.conf or one with the defaults should be enough? -- Massimo.run();
Re: Via C3 IPSec test result
On Fri, 2005-08-05 at 09:30 -0600, Bob Beck wrote: Yes, that's the hlt-hlt apm bug. -Bob So it seems to me it's already committed to 3_7 stable branch, right ? If so, how it could be related to this topic ? (APM calls during interrupt ?) Thanks Bob and sorry for the double mails... -- Massimo.run();
Via C3 IPSec test result
I've made up a test LAN built on two mini-ITX Via C3 based board to test the AES encryption functionality of this CPU on a real setup. I've used flashboot 0.7.2 from Damien simply for a matter of time (I've some flash card already configured) and since it seems to me a very good product, the kernel is GENERIC-MD The LAN was only populated with the machine needed by the test, two OBSD 3.7 box and the two C3 base board with the needed switches to wire them together, on the two OBSD I got iperf (1.7.0) from packages to produce the traffic. PF is disabled. The VPN configuration is exactly the one from vpn(8) with only IPs and Transforms suite changed. Now the result. Iperf with 3DES suite show a 6.7Mbit/s with AES suit 16.8Mbit/s The LAN with no IPSec, just routing show a 86Mbit/s, the two OBSD boxe wired together show up to 94Mbit/s Here the conf: # Incoming phase 1 negotiations are multiplexed on the source IP # address. Phase 1 is used to set up a protected channel just # between the two gateway machines. This channel is then used for # the phase 2 negotiation traffic (i.e. encrypted authenticated). [Phase 1] 192.168.3.198=peer-machineB # 'Phase 2' defines which connections the daemon should establish. # These connections contain the actual IPsec VPN information. [Phase 2] Connections=VPN-A-B # ISAKMP phase 1 peers (from [Phase 1]) [peer-machineB] Phase= 1 Transport= udp Address=192.168.3.198 Configuration= Default-main-mode Authentication= yoursharedsecret # IPSEC phase 2 connections (from [Phase 2]) [VPN-A-B] Phase= 2 ISAKMP-peer=peer-machineB Configuration= Default-quick-mode Local-ID= machineA-internal-network Remote-ID= machineB-internal-network # ID sections (as used in [VPN-A-B]) [machineA-internal-network] ID-type=IPV4_ADDR_SUBNET Network=192.168.2.0 Netmask=255.255.255.0 [machineB-internal-network] ID-type=IPV4_ADDR_SUBNET Network=192.168.4.0 Netmask=255.255.255.0 # Main and Quick Mode descriptions (as used by peers and connections) [Default-main-mode] DOI=IPSEC EXCHANGE_TYPE= ID_PROT # Transforms= 3DES-SHA,BLF-SHA Transforms= AES-SHA,BLF-SHA [Default-quick-mode] DOI=IPSEC EXCHANGE_TYPE= QUICK_MODE # Suites= QM-ESP-3DES-SHA-SUITE Suites= QM-ESP-AES-SHA-SUITE Here are the two dmegs (very similar): gwtest1: OpenBSD 3.7-stable (GENERIC-RD) #0: Sun Jul 24 12:40:20 EST 2005 [EMAIL PROTECTED]:/root/flashboot-0.7/obj/GENERIC-RD cpu0: VIA Nehemiah (CentaurHauls 686-class) 1 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,MTRR,PGE,CMOV,PAT,MMX,FXSR,SSE cpu0: RNG AES real mem = 198746112 (194088K) avail mem = 162844672 (159028K) using 2451 buffers containing 10039296 bytes (9804K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(71) BIOS, date 01/24/05, BIOS32 rev. 0 @ 0xfb040 apm0 at bios0: Power Management spec V1.2 apm0: AC on, battery charge unknown pcibios0 at bios0: rev 2.1 @ 0xf/0xdf14 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfde60/160 (8 entries) pcibios0: PCI Exclusive IRQs: 7 12 pcibios0: PCI Interrupt Router at 000:17:0 (VIA VT82C596A ISA rev 0x00) pcibios0: PCI bus #1 is the last bus bios0: ROM list: 0xc/0xf400 cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 vendor VIA, unknown product 0x0259 rev 0x00 pchb1 at pci0 dev 0 function 1 vendor VIA, unknown product 0x1259 rev 0x00 pchb2 at pci0 dev 0 function 2 vendor VIA, unknown product 0x2259 rev 0x00 pchb3 at pci0 dev 0 function 3 vendor VIA, unknown product 0x3259 rev 0x00 pchb4 at pci0 dev 0 function 4 vendor VIA, unknown product 0x4259 rev 0x00 pchb5 at pci0 dev 0 function 7 vendor VIA, unknown product 0x7259 rev 0x00 ppb0 at pci0 dev 1 function 0 VIA VT8377 AGP rev 0x00 pci1 at ppb0 bus 1 vga1 at pci1 dev 0 function 0 vendor VIA, unknown product 0x3118 rev 0x02: aperture at 0xf000, size 0x1000 wsdisplay0 at vga1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) rl0 at pci0 dev 10 function 0 Realtek 8139 rev 0x10: irq 12 address 00:03:1d:01:c4:3f rlphy0 at rl0 phy 0: RTL internal phy VIA VT6306 FireWire rev 0x46 at pci0 dev 11 function 0 not configured pciide0 at pci0 dev 15 function 0 VIA VT8237 SATA rev 0x80: DMA pciide0: using irq 12 for native-PCI interrupt pciide1 at pci0 dev 15 function 1 VIA VT82C571 IDE rev 0x06: ATA133, channel 0 configured to compatibility, channel 1 configured to compatibility pciide1: channel 0 disabled (no drives) wd0 at pciide1 channel 1 drive 0: SAMSUNG CF/ATA wd0: 1-sector PIO, LBA, 491MB, 1006992 sectors wd0(pciide1:1:0): using PIO mode 0 pcib0 at pci0 dev 17 function 0 VIA VT8237 ISA rev 0x00 auvia0 at pci0 dev 17 function 5
Re: flashdist-20050601 for OpenBSD 3.7
On Wed, 2005-06-01 at 23:55 -0700, Chris Cappuccio wrote: Here is a new release that works on both OpenBSD 3.7 and OpenBSD-current as of June 1st (and should work on 3.6 with one or two minor adjustments of the packaging list) Your work is really appreciated. Thanks to OpenBSD and your script I'm putting together a series (twenty) of 4801 devices to be part of a wide VPN dislocated around a in a MAN, I'll put the result on a web pages if anyone is interested. Ciao -- Massimo.run();
