Re: Trouble with OpenBSD 4.2 DNS server setup
On 2008/05/07 19:21, Sam Fourman Jr. wrote: > > > I assume that if I want to host email for 10 different domains I have > > > to have these set > > > > > > allow-recursion { any; }; > > > > This allows anybody to use your nameserver as a resolver (e.g. > > anyone can ask you to lookup domains for them). You shouldn't > > do this at all without a very good reason (one example being if > > you're providing DNS to VPN clients and filtering non-VPN traffic). > > Doing so without other controls leaves you open to being an > > attack amplifier for anyone who can send a UDP packet with an > > invalid source address, and also may open you up to DNS poisoning. > > > > If you're currently using a setup that involves the same IP > > address for both authoritative (domains you host) and recursive > > queries (client DNS requests), you should get these split onto > > separate addresses. > > > > so if I understand this, the correct way to setup DNS > is to have one nameserver do just recursive quires > and a separate name server on a separate ip address have the actual domain > files That's how I usually do things, it gives a clear separation, and most people don't need a powerful machine to host authoritative dns. Other options include running two daemons bound to different addresses (I have some systems where I do this, usually with nsd for auth, BIND for resolver), or using one daemon with views and "match-destinations". It's also possible to use views with "match-clients", but I'm not keen on this, it makes things difficult when customers transfer a domain away, and makes it hard to filter or separate things onto different machines if you want to do that sometime. I also usually run named on mail servers, just answering to localhost queries, forwarding to a main resolver - this saves a bunch of local network traffic when you have messages stuck in queues.
Re: Problem with state and PF on a 4.3 setup
On 2008-05-08, Jon Radel <[EMAIL PROTECTED]> wrote: > > You appear making use of the default pass rule for all your outbound > traffic, as I didn't notice a single rule that applied to outbound > traffic (other than your block port 0, CARP, PFSync, and ping rules). I > don't believe that can be counted on to establish state. Unless I missed anything in the commits from the last couple of days, the implicit "pass" rules definitely do not establish state.
OpenBSD 4.3 CD, T-Shirts, Books arrived at ShenZhen, China.
Hi, guys. Just want to let you know, it arrived :) - 15 CD sets. - 8 Books (*7, *1). - 5 T-Shirts. It taken about one week from USA -> China. Thanks all people who made this possible. :D -- Best Regards. Zhang Huangbin - OpenBSD 4.2 -release, i386. - RHEL 5.1 Client
nagios monitoring of a remote openntp service
Hi, Has anybody gotten Nagois' check_ntp_* to play nicely with a remote openntp service ? It appears to rely upon services not implemented in openntp ? /Pete
Re: How to copy/pipe console buffert to file?
On Thu, 8 May 2008 12:37:47 +0200, rancor wrote > Hi > > Is there any way of copy/pipe the information on the console to a > file? I need the same information that I can see of I hold down > Ctrl+Shift and using PageUp/Down when I'm on the console. I'm not > using serial, that would be simple but I'm stuck right on the machine. > For many people, the built-in script(1) program works well. Some also find that using col(1) with the "-b" option removes extraneous control characters very nicely.
How to copy/pipe console buffert to file?
Hi Is there any way of copy/pipe the information on the console to a file? I need the same information that I can see of I hold down Ctrl+Shift and using PageUp/Down when I'm on the console. I'm not using serial, that would be simple but I'm stuck right on the machine. I'm using OpenBSD 4.3 Best Regards rancor
Re: nagios monitoring of a remote openntp service
On Thursday, 08.05.2008 at 11:53 +0200, Pete Vickers wrote: > Has anybody gotten Nagois' check_ntp_* to play nicely with a remote > openntp service ? It appears to rely upon services not implemented > in openntp ? openntpd does not listen on port 123 by default: that's what Nagios would use to monitor, Check man ntpd.conf for the 'listen' option. Dave. -- Dave Ewart [EMAIL PROTECTED], jabber:[EMAIL PROTECTED], freenode:davee All email from me is now digitally signed, http://www.sungate.co.uk/ Fingerprint: AEC5 9360 0A35 7F66 66E9 82E4 9E10 6769 CD28 DA92
Re: How to copy/pipe console buffert to file?
On Thu, May 08, 2008 at 12:37:47PM +0200, rancor wrote: > Hi > > Is there any way of copy/pipe the information on the console to a file? I > need the same information that I can see of I hold down Ctrl+Shift and using > PageUp/Down when I'm on the console. I'm not using serial, that would be > simple but I'm stuck right on the machine. dd if=/dev/mem of=/tmp/a bs=32k skip=23 count=1 cu -- paranoic mickey (my employers have changed but, the name has remained)
Re: How to copy/pipe console buffert to file?
On Thu, May 08, 2008 at 10:59:46AM +, mickey wrote: > On Thu, May 08, 2008 at 12:37:47PM +0200, rancor wrote: > > Hi > > > > Is there any way of copy/pipe the information on the console to a file? I > > need the same information that I can see of I hold down Ctrl+Shift and using > > PageUp/Down when I'm on the console. I'm not using serial, that would be > > simple but I'm stuck right on the machine. > > dd if=/dev/mem of=/tmp/a bs=32k skip=23 count=1 if you ain't require original color pipe thru hexdump -e '"%_c\n"' | awk 'NR % 2 {s=s $0} END {print s}'|more cu -- paranoic mickey (my employers have changed but, the name has remained)
Re: Problem with state and PF on a 4.3 setup
Thanks for the information. This is the first time that I've used PF as a router based firewall and not with NAT. I didn't know that the state was on a per interface basis, and not global to the system. So this means that unless I want to allow all outbound traffic from my firewall, I need to have a matching pass out rule for all the pass in rules for which I want to restrict the inbound interface (ie for which I don't want to put just pass for)? The reason I need quick, especially on a few of these rules, is that the firewall will be establishing 3 to 6 thousand new sessions per second and managing betwee 300 000-500 000 state entries. This means that if it's one state entry per interface, this effectively doubles the state table size. Thanks for the other tips by other people for lists and the implicit keep state, I hadn't even realized I had omitted important lists and didn't know about the implicit keep state. Jon Radel wrote: You appear making use of the default pass rule for all your outbound traffic, as I didn't notice a single rule that applied to outbound traffic (other than your block port 0, CARP, PFSync, and ping rules). I don't believe that can be counted on to establish state. So a packet arrives on an interface, is allowed in with a "pass in quick on XX" and state is established. The packet is then routed out YY, which is allowed since there is no rule to block it. There is, however, no state established on interface YY, so the return packet is dropped unless you have a rule explicitly allowing that packet in. Try dropping a pass out all into the rule set to see if things get better. (As a test, think about the implications before you put that into production.) --Jon Radel
Re: nagios monitoring of a remote openntp service
Hi, That's not the problem ! - the hosting is correctly listening, and indeed other hosts are correctly syncing to it. It's only the nagios check_ntp_* that doesn't like it. $ ~> grep -i listen /etc/ntpd.conf # Addresses to listen on (ntpd does not listen by default) listen on * $ ~> ps -aux | grep ntp _ntp 18182 0.0 0.0 468 612 ?? S 19Nov065:57.94 ntpd: ntp engine (ntpd) root 10889 0.0 0.0 512 616 ?? Is19Nov060:00.24 ntpd: [priv] (ntpd) /Pete On 8 May 2008, at 12:59 PM, Dave Ewart wrote: On Thursday, 08.05.2008 at 11:53 +0200, Pete Vickers wrote: Has anybody gotten Nagois' check_ntp_* to play nicely with a remote openntp service ? It appears to rely upon services not implemented in openntp ? openntpd does not listen on port 123 by default: that's what Nagios would use to monitor, Check man ntpd.conf for the 'listen' option. Dave. -- Dave Ewart [EMAIL PROTECTED], jabber:[EMAIL PROTECTED], freenode:davee All email from me is now digitally signed, http://www.sungate.co.uk/ Fingerprint: AEC5 9360 0A35 7F66 66E9 82E4 9E10 6769 CD28 DA92
Re: Problem with state and PF on a 4.3 setup
On Thu, May 08, 2008 at 07:23:41AM -0400, Steve Johnson wrote: > Thanks for the information. This is the first time that I've used PF as a > router based firewall and not with NAT. I didn't know that the state was on > a per interface basis, and not global to the system. So this means that > unless I want to allow all outbound traffic from my firewall, I need to > have a matching pass out rule for all the pass in rules for which I want to > restrict the inbound interface (ie for which I don't want to put just pass > for)? No, states are by default global and not tied to an interface. See man pf.conf. -Otto > > The reason I need quick, especially on a few of these rules, is that the > firewall will be establishing 3 to 6 thousand new sessions per second and > managing betwee 300 000-500 000 state entries. This means that if it's one > state entry per interface, this effectively doubles the state table size. > > Thanks for the other tips by other people for lists and the implicit keep > state, I hadn't even realized I had omitted important lists and didn't know > about the implicit keep state. > > Jon Radel wrote: >> You appear making use of the default pass rule for all your outbound >> traffic, as I didn't notice a single rule that applied to outbound >> traffic (other than your block port 0, CARP, PFSync, and ping rules). I >> don't believe that can be counted on to establish state. >> >> So a packet arrives on an interface, is allowed in with a "pass in quick >> on XX" and state is established. The packet is then routed out YY, >> which is allowed since there is no rule to block it. There is, however, >> no state established on interface YY, so the return packet is dropped >> unless you have a rule explicitly allowing that packet in. >> >> Try dropping a >> >> pass out all >> >> into the rule set to see if things get better. (As a test, think about >> the implications before you put that into production.) >> >> --Jon Radel
Re: nagios monitoring of a remote openntp service
On 2008-05-08, Pete Vickers <[EMAIL PROTECTED]> wrote: > Has anybody gotten Nagois' check_ntp_* to play nicely with a remote > openntp service ? It appears to rely upon services not implemented > in openntp ? this is against an OpenNTP server; <[EMAIL PROTECTED]:12>$ /usr/local/libexec/nagios/check_ntp_time -H ntp NTP OK: Offset -0.002711469308 secs|offset=-0.002711s;60.00;120.00; so, it can work.
Re: Problem with state and PF on a 4.3 setup
* Otto Moerbeek <[EMAIL PROTECTED]> [2008-05-08 13:47]: > On Thu, May 08, 2008 at 07:23:41AM -0400, Steve Johnson wrote: > > > Thanks for the information. This is the first time that I've used PF as a > > router based firewall and not with NAT. I didn't know that the state was on > > a per interface basis, and not global to the system. So this means that > > unless I want to allow all outbound traffic from my firewall, I need to > > have a matching pass out rule for all the pass in rules for which I want to > > restrict the inbound interface (ie for which I don't want to put just pass > > for)? > > No, states are by default global and not tied to an interface. See man > pf.conf. now you conusd him even more :) while otto is right, contrary to your belief, the direction of creation is in the state. so given routing doesn't change they are effectively per-interface. it;s just that they can move onto another interfaces if routing changes. for your case, consider skipping filtering on one interface (set skip em5) -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam
Re: Problem with state and PF on a 4.3 setup
On 2008-05-08, Otto Moerbeek <[EMAIL PROTECTED]> wrote: > On Thu, May 08, 2008 at 07:23:41AM -0400, Steve Johnson wrote: > >> Thanks for the information. This is the first time that I've used PF as a >> router based firewall and not with NAT. I didn't know that the state was on >> a per interface basis, and not global to the system. So this means that >> unless I want to allow all outbound traffic from my firewall, I need to >> have a matching pass out rule for all the pass in rules for which I want to >> restrict the inbound interface (ie for which I don't want to put just pass >> for)? > > No, states are by default global and not tied to an interface. See man > pf.conf. But they are sensitive to direction; if you keep state for a new incoming session on an interface, you: 1. *do* pass _return_ traffic associated with that connection, 2. *do not* pass the incoming traffic that created the state (or any following incoming traffic from the same connection) out of another interface to send to another machine For 2. you can either pass the outbound traffic separately, or you can tag the inbound traffic and pass outbound traffic that has been tagged. ... >> The reason I need quick, especially on a few of these rules, is that the >> firewall will be establishing 3 to 6 thousand new sessions per second You should read this set of articles: http://undeadly.org/cgi?action=article&sid=20060927091645
Re: Editing C with...
Hi! On Sun, May 04, 2008 at 11:42:53AM -0400, Nick Holland wrote: >ropers wrote: >> 2008/5/4 Nick Holland <[EMAIL PROTECTED]>: >>> "[vim] alters files in unexpected ways", which I consider a >>> major sin. >> I didn't know that, and cursory googling didn't turn up anything >> enlightening. Could you elaborate? >> Thanks and regards, >> --ropers >It might have been better if I had said, "alters my input", instead >of implying that I edit a file with vim and it gets saved >differently than loaded without my deliberately changing anything. >And yes, tabs and auto indent were some of the things. Now, nvi has auto-indent too (:set ai), just not enabled by default. >I also had >an experience with it auto-inserting line breaks which caused me >large amounts of problem. Could happen with nvi too (:set wrapmargin=42). Just not enabled by default. >All this stuff is there for a reason, and is great for the >intended purposes. HOWEVER, it's annoying as heck when one's >purposes don't jive with the editor's defaults. Now, on *OpenBSD*, the defaults of vim are quite sane IMO. (I.e. syntax highlighting, auto-indent, text wrapping, smart-tabs, tab expansion, etc. *off* by default, I have to enable all the fancy I really want in my $HOME/.vimrc). It's vim as it's distributed on some Linux distributions that sucks rocks through tiny holes. >Yes, all those >defaults can be changed, but on the machine I was fighting with >at the time, they were in some very inappropriate for my needs, and >quite unexpected behavior for something I invoked with the command >"vi". I won't dispute vim is a great editor...I just dislike it >pretending to be vi on some distributions of another OS. In all >likelihood, it COULD pass as vi, but not with all the options >turned on. Yes. Probably it works for me especially because I mostly use it on OpenBSD. :-) >Nick. Kind regards, Hannah.
Re: nagios monitoring of a remote openntp service
that works fine: $ ~>/usr/local/libexec/nagios/check_ntp_time -H ntp1 NTP OK: Offset 0.0008395434124 secs|offset=0.000840s; 60.00;120.00; but, I'm trying to verifty the NTP server's health, not that my monitoring host is sync'd to it. "Notes: This plugin checks the clock offset between the local host and a remote NTP server. It is independent of any commandline programs or external libraries. If you'd rather want to monitor an NTP server, please use check_ntp_peer." but that doesn't work (for me) : $ ~>/usr/local/libexec/nagios/check_ntp_peer -H ntp1 -t 3 CRITICAL - Socket timeout after 3 seconds /Pete On 8 May 2008, at 1:55 PM, Stuart Henderson wrote: On 2008-05-08, Pete Vickers <[EMAIL PROTECTED]> wrote: Has anybody gotten Nagois' check_ntp_* to play nicely with a remote openntp service ? It appears to rely upon services not implemented in openntp ? this is against an OpenNTP server; <[EMAIL PROTECTED]:12>$ /usr/local/libexec/nagios/check_ntp_time -H ntp NTP OK: Offset -0.002711469308 secs|offset=-0.002711s; 60.00;120.00; so, it can work.
Re: nagios monitoring of a remote openntp service
On Thursday, 08.05.2008 at 13:29 +0200, Pete Vickers wrote: >>> Has anybody gotten Nagois' check_ntp_* to play nicely with a remote >>> openntp service ? It appears to rely upon services not implemented >>> in openntp ? >> >> openntpd does not listen on port 123 by default: that's what Nagios >> would use to monitor, >> >> Check man ntpd.conf for the 'listen' option. > > That's not the problem ! - the hosting is correctly listening, and > indeed other hosts are correctly syncing to it. It's only the nagios > check_ntp_* that doesn't like it. On this network, Nagios runs on a Debian Etch machine and issuing: /usr/lib/nagios/plugins/check_ntp -H myhostname returns NTP OK: Offset -0.0001729539945 secs|offset=-0.0001729539945 What output do *you* get when you run check_ntp? Dave. -- Dave Ewart [EMAIL PROTECTED], jabber:[EMAIL PROTECTED], freenode:davee All email from me is now digitally signed, http://www.sungate.co.uk/ Fingerprint: AEC5 9360 0A35 7F66 66E9 82E4 9E10 6769 CD28 DA92
Re: Editing C with...
Hi! On Wed, May 07, 2008 at 04:55:55PM +0100, overdrive openbsd wrote: >I don't want to start a flamewar, but I will say my experience; after >lot of years using vi and vim, I decide 'taste' emacs. Now I can see >that the major part of users those use vi/vim is because they never >tried more than 5 minutes on emacs or directly they never tried. Now I >am more productive (-; of course stupid devels will be stupid in vi or >emacs, but they will be slower to write their stupid code! I beg to differ. Used emacs (back then when 19 was the current version, heck, even *ported* emacs 19 to my machine then) for quite a long time and moved to vim. Bottom line: YMMV. Find the tool(s) that fit(s) you best and get proficient in it/them. >Borja Tarraso Kind regards, Hannah.
Re: Problem with state and PF on a 4.3 setup
Ah, that explains a lot! Thanks for the information. Yes, what Otto had mentioned was indeed confusing me :-) Especially when I look at the following statement from the faq: http://www.openbsd.org/faq/pf/filter.html#state " When a rule creates state, the first packet matching the rule creates a "state" between the sender and receiver. Now, not only do packets going from the sender to receiver match the state entry and bypass ruleset evaluation, but so do the reply packets from receiver to sender." Plus, in the pf.conf(5) stated that floating was the default behaviour, which I now notice is what Otto pointed out, but that meant me think even more that the pass out would not have been needed, since the state was created with the pass in. I've added a "pass out from ! self" rule that should take care of everything that I've allowed to come in. It also explains why the state table will grow so much, if there's a state entry for each direction. I'll look more into the tag part which should be even better as well as that link on optimization. Is the state direction tracking something that changed at one point of the PF development or has it always been like that? Thanks again to all for the responses and references, Steve Stuart Henderson wrote: On 2008-05-08, Otto Moerbeek <[EMAIL PROTECTED]> wrote: On Thu, May 08, 2008 at 07:23:41AM -0400, Steve Johnson wrote: Thanks for the information. This is the first time that I've used PF as a router based firewall and not with NAT. I didn't know that the state was on a per interface basis, and not global to the system. So this means that unless I want to allow all outbound traffic from my firewall, I need to have a matching pass out rule for all the pass in rules for which I want to restrict the inbound interface (ie for which I don't want to put just pass for)? No, states are by default global and not tied to an interface. See man pf.conf. But they are sensitive to direction; if you keep state for a new incoming session on an interface, you: 1. *do* pass _return_ traffic associated with that connection, 2. *do not* pass the incoming traffic that created the state (or any following incoming traffic from the same connection) out of another interface to send to another machine For 2. you can either pass the outbound traffic separately, or you can tag the inbound traffic and pass outbound traffic that has been tagged. ... The reason I need quick, especially on a few of these rules, is that the firewall will be establishing 3 to 6 thousand new sessions per second You should read this set of articles: http://undeadly.org/cgi?action=article&sid=20060927091645
Thinkpad T42 + OpenBSD 4.3 Freeze
Hi, everyone, i have a problem with my IBM Thinkpad T42 2373 and OpenBSD 4.3 (stable and current), with 512mb of ram (default) works fine, when i add 1gb (kingston) the system works fine a few minutes, and then freeze without error o message. Here is my dmesg: OpenBSD 4.3 (GENERIC) #698: Wed Mar 12 11:07:05 MDT 2008 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel(R) Pentium(R) M processor 1.60GHz ("GenuineIntel" 686-class) 1.60 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,TM,SBF,EST,TM2 real mem = 1609527296 (1534MB) avail mem = 1547259904 (1475MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 07/27/05, BIOS32 rev. 0 @ 0xfd750, SMBIOS rev. 2.33 @ 0xe0010 (61 entries) bios0: vendor IBM version "1RETDLWW (3.17 )" date 07/27/2005 bios0: IBM 2373RY1 apm0 at bios0: Power Management spec V1.2 apm0: battery life expectancy 97% apm0: AC on, battery charge high acpi at bios0 function 0x0 not configured pcibios0 at bios0: rev 2.1 @ 0xfd6e0/0x920 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdea0/272 (15 entries) pcibios0: PCI Interrupt Router at 000:31:0 ("Intel 82371FB ISA" rev 0x00) pcibios0: PCI bus #6 is the last bus bios0: ROM list: 0xc/0x1 0xd/0x1000 0xd1000/0x1000 0xdc000/0x4000! 0xe/0x1 cpu0 at mainbus0 cpu0: Enhanced SpeedStep 1600 MHz (1340 mV): speeds: 1600, 1400, 1200, 1000, 800, 600 MHz pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 "Intel 82855PM Host" rev 0x03 agp0 at pchb0: aperture at 0xd000, size 0x1000 ppb0 at pci0 dev 1 function 0 "Intel 82855PM AGP" rev 0x03 pci1 at ppb0 bus 1 vga1 at pci1 dev 0 function 0 "ATI Radeon Mobility M7 LW" rev 0x00 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) uhci0 at pci0 dev 29 function 0 "Intel 82801DB USB" rev 0x01: irq 11 uhci1 at pci0 dev 29 function 1 "Intel 82801DB USB" rev 0x01: irq 11 uhci2 at pci0 dev 29 function 2 "Intel 82801DB USB" rev 0x01: irq 11 ehci0 at pci0 dev 29 function 7 "Intel 82801DB USB" rev 0x01: irq 11 usb0 at ehci0: USB revision 2.0 uhub0 at usb0 "Intel EHCI root hub" rev 2.00/1.00 addr 1 ppb1 at pci0 dev 30 function 0 "Intel 82801BAM Hub-to-PCI" rev 0x81 pci2 at ppb1 bus 2 cbb0 at pci2 dev 0 function 0 "TI PCI4520 CardBus" rev 0x01: irq 11 cbb1 at pci2 dev 0 function 1 "TI PCI4520 CardBus" rev 0x01: irq 11 em0 at pci2 dev 1 function 0 "Intel PRO/1000MT (82540EP)" rev 0x03: irq 11, address 00:11:25:d5:bb:e2 ipw0 at pci2 dev 2 function 0 "Intel PRO/Wireless 2100" rev 0x04: irq 11, address 00:13:e8:02:d6:9a cardslot0 at cbb0 slot 0 flags 0 cardbus0 at cardslot0: bus 3 device 0 cacheline 0x8, lattimer 0xb0 pcmcia0 at cardslot0 cardslot1 at cbb1 slot 1 flags 0 cardbus1 at cardslot1: bus 6 device 0 cacheline 0x8, lattimer 0xb0 pcmcia1 at cardslot1 ichpcib0 at pci0 dev 31 function 0 "Intel 82801DBM LPC" rev 0x01: 24-bit timer at 3579545Hz pciide0 at pci0 dev 31 function 1 "Intel 82801DBM IDE" rev 0x01: DMA, channel 0 configured to compatibility, channel 1 configured to co mpatibility wd0 at pciide0 channel 0 drive 0: wd0: 16-sector PIO, LBA, 28615MB, 58605120 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5 atapiscsi0 at pciide0 channel 1 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: SCSI0 5/cdrom removable cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2 ichiic0 at pci0 dev 31 function 3 "Intel 82801DB SMBus" rev 0x01: irq 11 iic0 at ichiic0 spdmem0 at iic0 addr 0x50: 512MB DDR SDRAM non-parity PC2700CL2.5 spdmem1 at iic0 addr 0x51: 1GB DDR SDRAM non-parity PC2700CL2.5 auich0 at pci0 dev 31 function 5 "Intel 82801DB AC97" rev 0x01: irq 11, ICH4 AC97 ac97: codec id 0ac97: codec features headphone, 20 bit DAC, No 3D Stereo audio0 at auich0 "Intel 82801DB Modem" rev 0x01 at pci0 dev 31 function 6 not configured usb1 at uhci0: USB revision 1.0 uhub1 at usb1 "Intel UHCI root hub" rev 1.00/1.00 addr 1 usb2 at uhci1: USB revision 1.0 uhub2 at usb2 "Intel UHCI root hub" rev 1.00/1.00 addr 1 usb3 at uhci2: USB revision 1.0 uhub3 at usb3 "Intel UHCI root hub" rev 1.00/1.00 addr 1 isa0 at ichpcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pms0 at pckbc0 (aux slot) pckbc0: using irq 12 for aux slot wsmouse0 at pms0 mux 0 pcppi0 at isa0 port 0x61 midi0 at pcppi0: spkr0 at pcppi0 aps0 at isa0 port 0x1600/31 npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 biomask effd netmask effd ttymask mtrr: Pentium Pro MTRR support ugen0 at uhub3 port 2 "STMicroelectronics Biometric Coprocessor" rev 1.00/0.01 addr 2 softraid0 at root root on wd0a swap on wd0b dump on wd0b WARNING: / was not properly unmounted x41445374 (Analog Devices AD1981B) Any idea? Regards.
Re: nagios monitoring of a remote openntp service
On 2008/05/08 14:33, Pete Vickers wrote: > > that works fine: > > $ ~>/usr/local/libexec/nagios/check_ntp_time -H ntp1 > NTP OK: Offset 0.0008395434124 > secs|offset=0.000840s;60.00;120.00; > > but, I'm trying to verifty the NTP server's health, not that my > monitoring host is sync'd to it. check_ntp_time should be fine for that. > "Notes: > This plugin checks the clock offset between the local host and a > remote NTP server. It is independent of any commandline programs or > external libraries. > > If you'd rather want to monitor an NTP server, please use > check_ntp_peer." I think that's just useful for ISC ntpd, it checks stratum.
Re: Problem with state and PF on a 4.3 setup
* Steve Johnson <[EMAIL PROTECTED]> [2008-05-08 14:57]: > Is the state direction tracking something that changed at one point of the > PF development or has it always been like that? it has always been like that. it is the only sane thing to do. once you exceed that little 2 interfaces firewall scenario you'll see why... you put policies on interfaces, and anyonegoing fron netA to netB must pass the outbound policy on the netA facing interface and the inbound policy in the netB facing interface (to make things more confusing, the inbound policy is what gets written as "pass ->out<- on... anyway). with the one state covering everything you bypass netB's inbound policy, which is both dangerous and stupid. ipfilter does it that way. -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam
Re: How to copy/pipe console buffert to file?
Thanks! That did the trick =) // rancor On Thu, May 8, 2008 at 1:13 PM, mickey <[EMAIL PROTECTED]> wrote: > On Thu, May 08, 2008 at 10:59:46AM +, mickey wrote: > > On Thu, May 08, 2008 at 12:37:47PM +0200, rancor wrote: > > > Hi > > > > > > Is there any way of copy/pipe the information on the console to a file? > I > > > need the same information that I can see of I hold down Ctrl+Shift and > using > > > PageUp/Down when I'm on the console. I'm not using serial, that would > be > > > simple but I'm stuck right on the machine. > > > > dd if=/dev/mem of=/tmp/a bs=32k skip=23 count=1 > > if you ain't require original color pipe thru > hexdump -e '"%_c\n"' | awk 'NR % 2 {s=s $0} END {print s}'|more > cu > -- >paranoic mickey (my employers have changed but, the name has > remained)
Re: Thinkpad T42 + OpenBSD 4.3 Freeze
Gonzalo Lionel Rodriguez wrote: Hi, everyone, i have a problem with my IBM Thinkpad T42 2373 and OpenBSD 4.3 (stable and current), with 512mb of ram (default) works fine, when i add 1gb (kingston) the system works fine a few minutes, and then freeze without error o message. Here is my dmesg: I have this same laptop somewhere at my closet. Ill give it a shot when I get home. I dont have the exact memstick though. Are you mounting it or just having it plugged in. Also, show your dmesg right after you plug in the device if you can before it locks up. .adam.
System memory available for kernel and PF
Hi, Sorry for asking something else again so soon, but in my previous question, I received a link with a lot of useful information in regards to PF (http://undeadly.org/cgi?action=article&sid=20060927091645). However, one piece of information in that article could create an important issue for us: "Not all memory of the host is available to the kernel, and the way the amount of physical RAM affects the amount available to the kernel depends on architecture and kernel options and version. As of OpenBSD 3.6, an i386 kernel can use up to 256MB of memory. Prior to 3.6, that limit was much lower for i386. You could have 8GB of RAM in your host, and still pf would fail to allocate memory beyond a small fraction of that amount." I saw at other places that there were some patches for 3.x that made it up to 768MB, and one other place that thought it was now default, but didn't manage to find any concluding information on the current status of this limitation. If it is still present, what's the current value and is there any way to manipulate it? The firewall for which this system will be used is a 4.3 i386 server, replacing an IPTables system, that will manage hundreds of thousands of sessions, but most of them generate little throughput, with answers that have around 20 bytes of payload. We basically want to make sure that there will be sufficient memory to scale our current and future session tracking needs, especially as this service will increase in load. Thanks again, Steve Johnson
Re: Thinkpad T42 + OpenBSD 4.3 Freeze
On Thursday 08 May 2008 08:59:22 Gonzalo Lionel Rodriguez wrote: > Hi, everyone, i have a problem with my IBM Thinkpad T42 2373 and OpenBSD > 4.3 (stable and current), with 512mb of ram (default) works fine, when i > add 1gb (kingston) the system works fine a few minutes, and then freeze > without error o message. > > Here is my dmesg: > > > OpenBSD 4.3 (GENERIC) #698: Wed Mar 12 11:07:05 MDT 2008 > [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC > cpu0: Intel(R) Pentium(R) M processor 1.60GHz ("GenuineIntel" 686-class) > 1.60 GHz > cpu0: > FPU,V86,DE,PSE,TSC,MSR,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX >,FXSR,SSE,SSE2,SS,TM,SBF,EST,TM2 real mem = 1609527296 (1534MB) > avail mem = 1547259904 (1475MB) > mainbus0 at root > bios0 at mainbus0: AT/286+ BIOS, date 07/27/05, BIOS32 rev. 0 @ 0xfd750, > SMBIOS rev. 2.33 @ 0xe0010 (61 entries) > bios0: vendor IBM version "1RETDLWW (3.17 )" date 07/27/2005 > bios0: IBM 2373RY1 > apm0 at bios0: Power Management spec V1.2 > apm0: battery life expectancy 97% > apm0: AC on, battery charge high > acpi at bios0 function 0x0 not configured > pcibios0 at bios0: rev 2.1 @ 0xfd6e0/0x920 > pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdea0/272 (15 entries) > pcibios0: PCI Interrupt Router at 000:31:0 ("Intel 82371FB ISA" rev 0x00) > pcibios0: PCI bus #6 is the last bus > bios0: ROM list: 0xc/0x1 0xd/0x1000 0xd1000/0x1000 > 0xdc000/0x4000! 0xe/0x1 > cpu0 at mainbus0 > cpu0: Enhanced SpeedStep 1600 MHz (1340 mV): speeds: 1600, 1400, 1200, > 1000, 800, 600 MHz > pci0 at mainbus0 bus 0: configuration mode 1 (no bios) > pchb0 at pci0 dev 0 function 0 "Intel 82855PM Host" rev 0x03 > agp0 at pchb0: aperture at 0xd000, size 0x1000 > ppb0 at pci0 dev 1 function 0 "Intel 82855PM AGP" rev 0x03 > pci1 at ppb0 bus 1 > vga1 at pci1 dev 0 function 0 "ATI Radeon Mobility M7 LW" rev 0x00 > wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) > wsdisplay0: screen 1-5 added (80x25, vt100 emulation) > uhci0 at pci0 dev 29 function 0 "Intel 82801DB USB" rev 0x01: irq 11 > uhci1 at pci0 dev 29 function 1 "Intel 82801DB USB" rev 0x01: irq 11 > uhci2 at pci0 dev 29 function 2 "Intel 82801DB USB" rev 0x01: irq 11 > ehci0 at pci0 dev 29 function 7 "Intel 82801DB USB" rev 0x01: irq 11 > usb0 at ehci0: USB revision 2.0 > uhub0 at usb0 "Intel EHCI root hub" rev 2.00/1.00 addr 1 > ppb1 at pci0 dev 30 function 0 "Intel 82801BAM Hub-to-PCI" rev 0x81 > pci2 at ppb1 bus 2 > cbb0 at pci2 dev 0 function 0 "TI PCI4520 CardBus" rev 0x01: irq 11 > cbb1 at pci2 dev 0 function 1 "TI PCI4520 CardBus" rev 0x01: irq 11 > em0 at pci2 dev 1 function 0 "Intel PRO/1000MT (82540EP)" rev 0x03: irq 11, > address 00:11:25:d5:bb:e2 > ipw0 at pci2 dev 2 function 0 "Intel PRO/Wireless 2100" rev 0x04: irq 11, > address 00:13:e8:02:d6:9a > cardslot0 at cbb0 slot 0 flags 0 > cardbus0 at cardslot0: bus 3 device 0 cacheline 0x8, lattimer 0xb0 > pcmcia0 at cardslot0 > cardslot1 at cbb1 slot 1 flags 0 > cardbus1 at cardslot1: bus 6 device 0 cacheline 0x8, lattimer 0xb0 > pcmcia1 at cardslot1 > ichpcib0 at pci0 dev 31 function 0 "Intel 82801DBM LPC" rev 0x01: 24-bit > timer at 3579545Hz > pciide0 at pci0 dev 31 function 1 "Intel 82801DBM IDE" rev 0x01: DMA, > channel 0 configured to compatibility, channel 1 configured to co > mpatibility > wd0 at pciide0 channel 0 drive 0: > wd0: 16-sector PIO, LBA, 28615MB, 58605120 sectors > wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5 > atapiscsi0 at pciide0 channel 1 drive 0 > scsibus0 at atapiscsi0: 2 targets > cd0 at scsibus0 targ 0 lun 0: SCSI0 > 5/cdrom removable > cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2 > ichiic0 at pci0 dev 31 function 3 "Intel 82801DB SMBus" rev 0x01: irq 11 > iic0 at ichiic0 > spdmem0 at iic0 addr 0x50: 512MB DDR SDRAM non-parity PC2700CL2.5 > spdmem1 at iic0 addr 0x51: 1GB DDR SDRAM non-parity PC2700CL2.5 > auich0 at pci0 dev 31 function 5 "Intel 82801DB AC97" rev 0x01: irq 11, > ICH4 AC97 > ac97: codec id 0ac97: codec features headphone, 20 bit DAC, No 3D Stereo > audio0 at auich0 > "Intel 82801DB Modem" rev 0x01 at pci0 dev 31 function 6 not configured > usb1 at uhci0: USB revision 1.0 > uhub1 at usb1 "Intel UHCI root hub" rev 1.00/1.00 addr 1 > usb2 at uhci1: USB revision 1.0 > uhub2 at usb2 "Intel UHCI root hub" rev 1.00/1.00 addr 1 > usb3 at uhci2: USB revision 1.0 > uhub3 at usb3 "Intel UHCI root hub" rev 1.00/1.00 addr 1 > isa0 at ichpcib0 > isadma0 at isa0 > pckbc0 at isa0 port 0x60/5 > pckbd0 at pckbc0 (kbd slot) > pckbc0: using irq 1 for kbd slot > wskbd0 at pckbd0: console keyboard, using wsdisplay0 > pms0 at pckbc0 (aux slot) > pckbc0: using irq 12 for aux slot > wsmouse0 at pms0 mux 0 > pcppi0 at isa0 port 0x61 > midi0 at pcppi0: > spkr0 at pcppi0 > aps0 at isa0 port 0x1600/31 > npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 > biomask effd netmask effd ttymask > mtrr: Pentium Pro MTRR support > ugen0 at uhub3 port 2 "STMicroelectronics Biometric Coprocessor" r
Post-intrusion forensics
For our Windows/Solaris/Linux servers, we've had PWC say that they're qualified and able to do post-intrusion forensics on our server(s). I'm told this will go a long way in making everyone in our company as well as our customers feel better. Partly because it's an outside party verification of what happened, and partly because everyone knows PWC. What PWC won't do for us is OpenBSD forensics; and thus the reason for this email. Does anyone know of a company that does this? We like big names, but management seems to understand that that isn't always possible with OpenBSD. Any help would be appreciated. Chris
Re: Thinkpad T42 + OpenBSD 4.3 Freeze
Le Thu, 8 May 2008 09:59:22 -0300, "Gonzalo Lionel Rodriguez" <[EMAIL PROTECTED]> a icrit : Hi, > Hi, everyone, i have a problem with my IBM Thinkpad T42 2373 and > OpenBSD 4.3 (stable and current), with 512mb of ram (default) works > fine, when i add 1gb (kingston) the system works fine a few minutes, > and then freeze without error o message. Did you run a test of your RAM (with memtest for example) ? I had the same problem last year and I realized I have an half-assed memory module. Regards, Guillaume
Re: nagios monitoring of a remote openntp service
On Thu, 2008-05-08 at 14:33 +0200, Pete Vickers wrote: > that works fine: > > $ ~>/usr/local/libexec/nagios/check_ntp_time -H ntp1 > NTP OK: Offset 0.0008395434124 secs|offset=0.000840s; > 60.00;120.00; > > but, I'm trying to verifty the NTP server's health, not that my > monitoring host is sync'd to it. Nagios checks almost never have sufficient debugging mechanisms, and UDP services dont send RST+ICMP. You an always: $ sudo ntpdate -qdv [host to check] ~BAS > "Notes: > This plugin checks the clock offset between the local host and a > remote NTP server. It is independent of any commandline programs or > external libraries. > > If you'd rather want to monitor an NTP server, please use > check_ntp_peer." > > > but that doesn't work (for me) : > > $ ~>/usr/local/libexec/nagios/check_ntp_peer -H ntp1 -t 3 > CRITICAL - Socket timeout after 3 seconds > > > > /Pete > > > > On 8 May 2008, at 1:55 PM, Stuart Henderson wrote: > > > On 2008-05-08, Pete Vickers <[EMAIL PROTECTED]> wrote: > >> Has anybody gotten Nagois' check_ntp_* to play nicely with a remote > >> openntp service ? It appears to rely upon services not implemented > >> in openntp ? > > > > this is against an OpenNTP server; > > > > <[EMAIL PROTECTED]:12>$ /usr/local/libexec/nagios/check_ntp_time -H ntp > > NTP OK: Offset -0.002711469308 secs|offset=-0.002711s; > > 60.00;120.00; > > > > so, it can work. > -- Brian A. Seklecki <[EMAIL PROTECTED]> Collaborative Fusion, Inc.
Re: Thinkpad T42 + OpenBSD 4.3 Freeze
Gonzalo Lionel Rodriguez wrote: Sorry, but the 1gb is RAM not a mestick. 1 GB Kingston RAM + 512 MB (default) = 1.5 Gb ram the system freeze, with 512 mb ram (default) the system works fine. regards then its probably just a bad stick of memory :/
Re: nagios monitoring of a remote openntp service
On Thu, May 8, 2008 at 8:52 AM, Brian A. Seklecki <[EMAIL PROTECTED]> wrote: > Nagios checks almost never have sufficient debugging mechanisms, and UDP > services dont send RST+ICMP. you should get an ICMP port unreachable if there is no UDP service listening. i haven't looked at nagios, but i wonder if it's not trying to use NTP "mode 6" control messages to get more status information out of the daemon. openntpd doesn't support these queries... > You an always: $ sudo ntpdate -qdv [host to check] or "rdate -pnv ". quite some time ago i added a check to make rdate bail out if the server is unsync'd. ... if ((data.status & STATUS_ALARM) == STATUS_ALARM) { warnx("Ignoring NTP server with alarm flag set"); return (-1); } ... CK -- GDB has a 'break' feature; why doesn't it have 'fix' too?
gmake error, please help :)
Hey all, I'm running OpenBSD 4.2/i386 and am booting bsd.mp. I have brought over a linux program that uses gcc as the compiler. I have installed the following sets: - gmake-3.80p1.tgz - gettext-0.14.6p0.tgz - libiconv-1.9.2p3.tgz and when I do a "gmake" I get the following two errors: - " /bin/gmake[1]: ELF: not found" - "/bin/gmake[365]: no closing quote any ideas? Thanks, v. -- View this message in context: http://www.nabble.com/gmake-error%2C-please-help-%3A%29-tp17129307p17129307.html Sent from the openbsd user - misc mailing list archive at Nabble.com.
Re: Editing C with...
Or you could just use vim... On May 7, 2008, at 3:12 PM, "overdrive openbsd" <[EMAIL PROTECTED] > wrote: You can always use the name of comand instead keystrokes. Also you can customize these keys and change the defaults (customizable) On Wed, May 7, 2008 at 6:28 PM, Marco Peereboom <[EMAIL PROTECTED]> wrote: I gave emacs quite the fighting chance. Used it for 4 weeks and could not deal with the sore hands & fingers anymore. emacs is great for people that don't mind finger gymnastics. Vim is much nicer for people with sore hands. On Wed, May 07, 2008 at 04:55:55PM +0100, overdrive openbsd wrote: Hi Jordi, I don't want to start a flamewar, but I will say my experience; after lot of years using vi and vim, I decide 'taste' emacs. Now I can see that the major part of users those use vi/vim is because they never tried more than 5 minutes on emacs or directly they never tried. Now I am more productive (-; of course stupid devels will be stupid in vi or emacs, but they will be slower to write their stupid code! Borja Tarraso On Sat, May 3, 2008 at 6:56 PM, Jordi Espasa Clofent <[EMAIL PROTECTED]> wrote: Yes, I know, it's completely a dumb question; but I'm curious about it. I'm just learning C applied in networking area and I wonder what editor is preferred by OpenBSD developers. At present moment I use vim. -- Thanks, Jordi Espasa Clofent
Re: gmake error, please help :)
vatocleti wrote: Hey all, I'm running OpenBSD 4.2/i386 and am booting bsd.mp. I have brought over a linux program that uses gcc as the compiler. I have installed the following sets: - gmake-3.80p1.tgz - gettext-0.14.6p0.tgz - libiconv-1.9.2p3.tgz and when I do a "gmake" I get the following two errors: - " /bin/gmake[1]: ELF: not found" - "/bin/gmake[365]: no closing quote any ideas? Thanks, v. gmake != gcc != g++
Re: gmake error, please help :)
On Thu, May 08, 2008 at 10:22:01AM -0700, vatocleti wrote: > Hey all, Hi. > I'm running OpenBSD 4.2/i386 and am booting bsd.mp. I have brought over a > linux program that uses gcc as the compiler. > > I have installed the following sets: > > - gmake-3.80p1.tgz > - gettext-0.14.6p0.tgz > - libiconv-1.9.2p3.tgz > > and when I do a "gmake" I get the following two errors: > > - " /bin/gmake[1]: ELF: not found" > - "/bin/gmake[365]: no closing quote *ahem* Where does /bin/gmake come from ? The gmake from gmake-3.80p1.tgz lives in /usr/local/bin/gmake (And your /bin/gmake looks like a shell script. Did you take a look at this script?) HTH, Andreas. -- Windows 95: A 32-bit patch for a 16-bit GUI shell running on top of an 8-bit operating system written for a 4-bit processor by a 2-bit company who cannot stand 1 bit of competition.
Re: Thinkpad T42 + OpenBSD 4.3 Freeze
Yes, Its the memory, the memtest freeze just like OpenBSD. Thanks all. Gonzalo. 2008/5/8 Adam Patterson <[EMAIL PROTECTED]>: > Gonzalo Lionel Rodriguez wrote: > > > Sorry, but the 1gb is RAM not a mestick. 1 GB Kingston RAM + 512 MB > > (default) = 1.5 Gb ram the system freeze, with 512 mb ram (default) the > > system works fine. > > > > regards > > > > > > > > > then its probably just a bad stick of memory :/
Re: gmake error, please help :)
Louis V. Lambrecht-3 wrote: > > vatocleti wrote: >> Hey all, >> I'm running OpenBSD 4.2/i386 and am booting bsd.mp. I have brought over >> a >> linux program that uses gcc as the compiler. >> >> I have installed the following sets: >> >> - gmake-3.80p1.tgz >> - gettext-0.14.6p0.tgz >> - libiconv-1.9.2p3.tgz >> >> and when I do a "gmake" I get the following two errors: >> >> - " /bin/gmake[1]: ELF: not found" >> - "/bin/gmake[365]: no closing quote >> >> any ideas? >> >> Thanks, >> v. >> >> > gmake != gcc != g++ > > > Hi, This worked for me on a different system running the amd64 image, but trying the same process with the same sets on a i386 (bsd.mp) image, I get the error...not sure why? If I have a linux app, should I be able to build with the native bsd make or do I need GNU (gmake)? thanks in advance. -- View this message in context: http://www.nabble.com/gmake-error%2C-please-help-%3A%29-tp17129307p17134268.html Sent from the openbsd user - misc mailing list archive at Nabble.com.
Re: Editing C with...
On Thu, May 8, 2008 at 4:37 AM, Matthew Szudzik <[EMAIL PROTECTED]> wrote: > And anyway, I'm a minimalist (that's why I run OpenBSD). Really? Funny, I get the feeling that I was forced to be a minimalist for _not_ using OpenBSD the more I discover it... -- http://tumblr.marcher.name http://noneisyours.marcher.name http://www.xing.com/profile/Martin_Marcher http://www.linkedin.com/in/martinmarcher You are not free to read this message, by doing so, you have violated my licence and are required to urinate publicly. Thank you.
Re: Window Manager
Fluxbox On Sun, May 04, 2008 at 09:29:42PM -0300, Gonzalo Lionel Rodriguez wrote: > I dont know if it is the place to ask it, but that window manager uses? And > why? > > Regards ---end quoted text---
Re: gmake error, please help :)
On Thu, May 8, 2008 at 1:05 PM, vatocleti <[EMAIL PROTECTED]> wrote: ... > This worked for me on a different system running the amd64 image, but > trying the same process with the same sets on a i386 (bsd.mp) image, I get > the error...not sure why? amd64 and i386 are NOT interchangeable or compatible: you cannot run an amd64 binary under the i386 kernel, nor vice versa. (I'm actually surprised that the packages installed. Did you copy the binaries over instead of installing the packages? Or did you override pkg_add's warnings and use the -A or -Farch options?) > If I have a linux app, should I be able to build > with the native bsd make or do I need GNU (gmake)? That depends on whether the app's makefiles were written to require GNU make or not. Since you didn't say what app this is, we can't answer the question. Of course, if this app has been added to the ports tree then building it from there would be the simplest way forward. Philip Guenther
(stupid?) softraid question
Hi, Just got 4.3 up and running and saw in dmesg output: softraid0 at root Well, I do not want softraid and did not try to configure it. Can I just safely ignore the message? Thanks, --per
Re: Editing C with...
The nice thing about editors is that we have so many of them to choose from. Everyone will be happy, like some prefer blondes, other brunettes ... ;) Today one of our servers decided to send one of it's disks to the abyss, I was happy to be able to edit /etc/fstab in ed while in single user mode. ymmv, yemv!
Re: How to copy/pipe console buffert to file?
On Thu, May 08, 2008 at 12:37:47PM +0200, rancor wrote: > Hi > > Is there any way of copy/pipe the information on the console to a file? I > need the same information that I can see of I hold down Ctrl+Shift and using > PageUp/Down when I'm on the console. I'm not using serial, that would be > simple but I'm stuck right on the machine. While Mickey's solution is rather cool, misc/screen would allow you to copy text off the screen (Ctrl-A [, select. Ctrl-A ]). It also has a lot of other useful commands. Of course, screen isn't found everywhere, while dd pretty much is. Joachim -- TFMotD: term (7) - conventions for naming terminal types
Problems going from 4.3-release to -stable
Hello, After a fresh install of obsd on a new server, I cannot update my system to -stable. The src has been obtained from cvs in the usual manner. Here is the error :- # cd /usr/src/sys/arch/sparc64/conf/ # ls CVS GENERIC.MP RAMDISK RAMDISKU5 GENERIC Makefile.sparc64RAMDISKU1 files.sparc64 # config GENERIC ../../../../conf/files:1005: syntax error ../../../../conf/files:1006: syntax error ../../../../conf/files:1007: syntax error ../../../../conf/files:1008: syntax error ../../../../conf/files:1009: syntax error ../../../../conf/files:1010: syntax error ../../../../conf/files:1011: syntax error ../../../../conf/files:1012: syntax error ../../../../conf/files:1013: syntax error ../../../../conf/files:1014: syntax error ../../../../conf/files:1015: syntax error ../../../../conf/files:1016: syntax error ../../../../conf/files:1017: syntax error ../../../../conf/files:1018: syntax error ../../../../conf/files:1019: syntax error ../../../../conf/files:1020: syntax error ../../../../conf/files:1021: syntax error ../../../../conf/files:1022: syntax error ../../../../conf/files:1023: syntax error ../../../../conf/files:1024: syntax error ../../../../conf/files:1025: syntax error ../../../../conf/files:1026: syntax error ../../../../conf/files:1027: syntax error ../../../../conf/files:1028: syntax error ../../../../conf/files:1029: syntax error ../../../../conf/files:1030: syntax error ../../../../conf/files:1031: syntax error ../../../../conf/files:1032: syntax error ../../../../conf/files:1033: syntax error ../../../../conf/files:1034: syntax error ../../../../conf/files:1035: syntax error ../../../../conf/files:1036: syntax error ../../../../conf/files:1037: syntax error ../../../../conf/files:1038: syntax error *** Stop. # uname -a OpenBSD atom 4.2 GENERIC#1427 sparc64 Am i missing something obvious? This has not occured on 4.2 Cheers, Mike
eeepc acpi
Hi Matthieu, Just a quick note concerning the eeepc i386-laptop.html entry. I acquired one today, and installed OpenBSD via pxeboot using the builtin ethernet interface. Then I discovered it's not entire acpi that causes panics, it's only acpibat. If you boot -c (or config -e) then: - disable apm - enable acpi - disable acpibat you'll get the following: # sysctl hw hw.machine=i386 hw.model=Intel(R) Celeron(R) M processor 900MHz ("GenuineIntel" 686- class) hw.ncpu=1 hw.byteorder=1234 hw.pagesize=4096 hw.disknames=wd0,sd0 hw.diskcount=2 hw.sensors.acpitz0.temp0=54.05 degC (zone temperature) hw.sensors.acpiac0.indicator0=On (power supply) hw.cpuspeed=631 hw.setperf=100 hw.vendor=ASUSTeK Computer INC. hw.product=701 hw.version=x.x hw.serialno=EeePC-1234567890 hw.uuid=80480a3a-bf04-dd81-37b7-001fc65688ff hw.physmem=527527936 hw.usermem=527523840 # and # apmd # apm -A # apm Battery state: absent, 0% remaining, unknown life estimate A/C adapter state: connected Performance adjustment mode: auto (75 MHz) Full dmesg below: /Pete OpenBSD 4.3-current (GENERIC) #853: Fri May 2 04:37:23 MDT 2008 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel(R) Celeron(R) M processor 900MHz ("GenuineIntel" 686- class) 631 MHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH ,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,TM,SBF real mem = 527527936 (503MB) avail mem = 501972992 (478MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 03/03/08, BIOS32 rev. 0 @ 0xf0010, SMBIOS rev. 2.5 @ 0xf06e0 (37 entries) bios0: vendor American Megatrends Inc. version "0910" date 03/03/2008 bios0: ASUSTeK Computer INC. 701 apm at bios0 function 0x15 not configured acpi0 at bios0: rev 0 acpi0: tables DSDT FACP APIC OEMB MCFG acpi0: wakeup devices P0P3(S0) P0P4(S0) P0P5(S0) P0P6(S0) P0P7(S0) MC97(S0) USB1(S0) USB2(S0) USB3(S0) USB4(S0) EUSB(S0) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 5 (P0P3) acpiprt2 at acpi0: bus 3 (P0P5) acpiprt3 at acpi0: bus 1 (P0P6) acpiec0 at acpi0 acpicpu0 at acpi0: C3, C2 acpitz0 at acpi0: critical temperature 90 degC acpibat at acpi0 not configured acpiac0 at acpi0: AC unit online acpiasus0 at acpi0 acpibtn0 at acpi0: LID_ acpibtn1 at acpi0: SLPB acpibtn2 at acpi0: PWRB bios0: ROM list: 0xc/0xf800! cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 "Intel 82915GM Host" rev 0x04 vga1 at pci0 dev 2 function 0 "Intel 82915GM Video" rev 0x04 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) agp0 at vga1: aperture at 0xd000, size 0x1000 "Intel 82915GM Video" rev 0x04 at pci0 dev 2 function 1 not configured azalia0 at pci0 dev 27 function 0 "Intel 82801FB HD Audio" rev 0x04: irq 5 azalia0: codec[s]: Realtek/0x0662 audio0 at azalia0 ppb0 at pci0 dev 28 function 0 "Intel 82801FB PCIE" rev 0x04: irq 5 pci1 at ppb0 bus 4 ppb1 at pci0 dev 28 function 1 "Intel 82801FB PCIE" rev 0x04: irq 11 pci2 at ppb1 bus 3 lii0 at pci2 dev 0 function 0 "Attansic Technology L2" rev 0xa0: irq 11, address 00:1f:c6:56:88:ff ukphy0 at lii0 phy 1: Generic IEEE 802.3u media interface, rev. 2: OUI 0x001374, model 0x0002 ppb2 at pci0 dev 28 function 2 "Intel 82801FB PCIE" rev 0x04: irq 10 pci3 at ppb2 bus 1 uhci0 at pci0 dev 29 function 0 "Intel 82801FB USB" rev 0x04: irq 3 uhci1 at pci0 dev 29 function 1 "Intel 82801FB USB" rev 0x04: irq 7 uhci2 at pci0 dev 29 function 2 "Intel 82801FB USB" rev 0x04: irq 10 uhci3 at pci0 dev 29 function 3 "Intel 82801FB USB" rev 0x04: irq 5 ehci0 at pci0 dev 29 function 7 "Intel 82801FB USB" rev 0x04: irq 3 usb0 at ehci0: USB revision 2.0 uhub0 at usb0 "Intel EHCI root hub" rev 2.00/1.00 addr 1 ppb3 at pci0 dev 30 function 0 "Intel 82801BAM Hub-to-PCI" rev 0xd4 pci4 at ppb3 bus 5 ichpcib0 at pci0 dev 31 function 0 "Intel 82801FBM LPC" rev 0x04: PM disabled pciide0 at pci0 dev 31 function 2 "Intel 82801FBM SATA" rev 0x04: DMA, channel 0 wired to compatibility, channel 1 wired to compatibility wd0 at pciide0 channel 1 drive 0: wd0: 1-sector PIO, LBA, 3815MB, 7815024 sectors wd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 4 ichiic0 at pci0 dev 31 function 3 "Intel 82801FB SMBus" rev 0x04: irq 7 iic0 at ichiic0 spdmem0 at iic0 addr 0x50: 512MB DDR2 SDRAM non-parity PC2-5300CL5 SO- DIMM usb1 at uhci0: USB revision 1.0 uhub1 at usb1 "Intel UHCI root hub" rev 1.00/1.00 addr 1 usb2 at uhci1: USB revision 1.0 uhub2 at usb2 "Intel UHCI root hub" rev 1.00/1.00 addr 1 usb3 at uhci2: USB revision 1.0 uhub3 at usb3 "Intel UHCI root hub" rev 1.00/1.00 addr 1 usb4 at uhci3: USB revision 1.0 uhub4 at usb4 "Intel UHCI root hub" rev 1.00/1.00 addr 1 isa0 at ichpcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pms0 at pckbc0 (aux slot)
Re: Problems going from 4.3-release to -stable
On Thursday, May 8, 2008 at 21:08:54 +, Mike wrote: >Hello, > >After a fresh install of obsd on a new server, I cannot update my system >to -stable. > >The src has been obtained from cvs in the usual manner. > >Here is the error :- > ># cd /usr/src/sys/arch/sparc64/conf/ ># ls >CVS GENERIC.MP RAMDISK RAMDISKU5 >GENERIC Makefile.sparc64RAMDISKU1 files.sparc64 ># config GENERIC >../../../../conf/files:1038: syntax error >*** Stop. ># uname -a >OpenBSD atom 4.2 GENERIC#1427 sparc64 You are still running 4.2, not 4.3. You cannot compile 4.3-stable on a system running 4.2. Did you really do a fresh install? Maurice BTW: you can find binaries for 4.3-stable at ftp://ftp.z74.net/pub/OpenBSD/4.3-stable/ . Not for all architectures, but sparc64 is available. Of course it's up to you to decide if you have enough trust in me to use them.
Re: Problems going from 4.3-release to -stable
Ignore that question, the 'obvious' has come and hit me in the face after scratching my head for 4 hours, answer - I have installed 4.2 and not 4.3 hence it wont build Sorry guys! On Thu, 8 May 2008, Mike wrote: Hello, After a fresh install of obsd on a new server, I cannot update my system to -stable. The src has been obtained from cvs in the usual manner. Here is the error :- # cd /usr/src/sys/arch/sparc64/conf/ # ls CVS GENERIC.MP RAMDISK RAMDISKU5 GENERIC Makefile.sparc64RAMDISKU1 files.sparc64 # config GENERIC ../../../../conf/files:1005: syntax error ../../../../conf/files:1006: syntax error ../../../../conf/files:1007: syntax error ../../../../conf/files:1008: syntax error ../../../../conf/files:1009: syntax error ../../../../conf/files:1010: syntax error ../../../../conf/files:1011: syntax error ../../../../conf/files:1012: syntax error ../../../../conf/files:1013: syntax error ../../../../conf/files:1014: syntax error ../../../../conf/files:1015: syntax error ../../../../conf/files:1016: syntax error ../../../../conf/files:1017: syntax error ../../../../conf/files:1018: syntax error ../../../../conf/files:1019: syntax error ../../../../conf/files:1020: syntax error ../../../../conf/files:1021: syntax error ../../../../conf/files:1022: syntax error ../../../../conf/files:1023: syntax error ../../../../conf/files:1024: syntax error ../../../../conf/files:1025: syntax error ../../../../conf/files:1026: syntax error ../../../../conf/files:1027: syntax error ../../../../conf/files:1028: syntax error ../../../../conf/files:1029: syntax error ../../../../conf/files:1030: syntax error ../../../../conf/files:1031: syntax error ../../../../conf/files:1032: syntax error ../../../../conf/files:1033: syntax error ../../../../conf/files:1034: syntax error ../../../../conf/files:1035: syntax error ../../../../conf/files:1036: syntax error ../../../../conf/files:1037: syntax error ../../../../conf/files:1038: syntax error *** Stop. # uname -a OpenBSD atom 4.2 GENERIC#1427 sparc64 Am i missing something obvious? This has not occured on 4.2 Cheers, Mike
Re: uvm_fault after fsck on OpenBSD 3.9
You can probably test if I'm barking up the right tree or barking mad by booting a 4.3 bsd.rd and see if you can fsck your root partition. Since you appear to have a serial console, I'd try to do this by booting single user, mount -f / (to skip the fsck), start the rest of the system, and copy over a 4.3 bsd.rd, then reboot off it. If the fsck works, reboot, and upgrade the machine, please. Nick. Turned out to be bad RAM. Fortunately the system had 2 512MB sticks, so we just pulled one and its running fine. I'll be upgrading soon. -- Sincerely, Kirk Ismay System Administrator -- Net Idea 201-625 Front Street Nelson, BC V1L 4B6 P:250-352-3512 | F:250-352-9780 | TF:1-888-352-3512 Check out our brand new website! www.netidea.com
Re: Problems going from 4.3-release to -stable
On Thu, May 08, 2008 at 09:08:54PM +, Mike wrote: > Hello, > > After a fresh install of obsd on a new server, I cannot update my system to > -stable. > > The src has been obtained from cvs in the usual manner. > > Here is the error :- > > # cd /usr/src/sys/arch/sparc64/conf/ > # ls > CVS GENERIC.MP RAMDISK RAMDISKU5 > GENERIC Makefile.sparc64RAMDISKU1 files.sparc64 > # config GENERIC > ../../../../conf/files:1005: syntax error > ../../../../conf/files:1006: syntax error > ../../../../conf/files:1007: syntax error > ../../../../conf/files:1008: syntax error > ../../../../conf/files:1009: syntax error > ../../../../conf/files:1010: syntax error > ../../../../conf/files:1011: syntax error > ../../../../conf/files:1012: syntax error > ../../../../conf/files:1013: syntax error > ../../../../conf/files:1014: syntax error > ../../../../conf/files:1015: syntax error > ../../../../conf/files:1016: syntax error > ../../../../conf/files:1017: syntax error > ../../../../conf/files:1018: syntax error > ../../../../conf/files:1019: syntax error > ../../../../conf/files:1020: syntax error > ../../../../conf/files:1021: syntax error > ../../../../conf/files:1022: syntax error > ../../../../conf/files:1023: syntax error > ../../../../conf/files:1024: syntax error > ../../../../conf/files:1025: syntax error > ../../../../conf/files:1026: syntax error > ../../../../conf/files:1027: syntax error > ../../../../conf/files:1028: syntax error > ../../../../conf/files:1029: syntax error > ../../../../conf/files:1030: syntax error > ../../../../conf/files:1031: syntax error > ../../../../conf/files:1032: syntax error > ../../../../conf/files:1033: syntax error > ../../../../conf/files:1034: syntax error > ../../../../conf/files:1035: syntax error > ../../../../conf/files:1036: syntax error > ../../../../conf/files:1037: syntax error > ../../../../conf/files:1038: syntax error > *** Stop. > # uname -a > OpenBSD atom 4.2 GENERIC#1427 sparc64 > > Am i missing something obvious? This has not occured on 4.2 > > Cheers, Mike > Well, the error is pretty obvious. Whatever you did, you are on OpenBSD 4.2 trying to build OpenBSD 4.3. This doesn't work. -- Pierre Riteau
Re: Editing C with...
On Thu, May 08, 2008 at 10:02:22PM +0200, Marc Balmer wrote: > The nice thing about editors is that we have so many of them to choose > from. > Everyone will be happy, like some prefer blondes, other brunettes ... ;) > > Today one of our servers decided to send one of it's disks to the abyss, > I was happy to be able to edit /etc/fstab in ed while in single user mode. If the name is ed, I doubt if blonde or brunette will make a difference to me. > ymmv, yemv! Yes, apparently. ;-) -- Darrin Chandler| Phoenix BSD User Group | MetaBUG [EMAIL PROTECTED] | http://phxbug.org/ | http://metabug.org/ http://www.stilyagin.com/ | Daemons in the Desert | Global BUG Federation
fsck large filesystem, memory limit problem
Hello all, I just upgraded to 4.3, and I would like to congratulate the devs on another wonderful release! shutdown -p works and the wbng sensor support was a nice surprise. However, the most useful feature to me was the support for ffs2. I upgraded without a hitch, and repartitioned from a 1tb filesystem to a 2tb share mount point. However, when I try to fsck the system just to make sure everything is ok, I receive this error: # fsck -f /dev/sd0i ** /dev/rsd0i ** File system is already clean cannot alloc 485015042 bytes for lncntp I just upgraded to 3gb ram, so that should be a non-issue according to the faq. I have tried `ulimit -d unlimited` (as suggested previously in the archives), but the data limit will not go above 1048576, which I suspect to be the problem. I'm sure that there is another silly limit I am missing somewhere. Thanks for any help! -William Here is a dmesg of my system: OpenBSD 4.3 (GENERIC.MP) #1: Sat May 3 17:08:02 EDT 2008 [EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 3219636224 (3070MB) avail mem = 3110854656 (2966MB) mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.51 @ 0xbfeea000 (35 entries) bios0: vendor Phoenix Technologies LTD version "6.00" date 07/12/2006 bios0: Supermicro PDSM4+ acpi0 at bios0: rev 0 acpi0: tables DSDT FACP MCFG APIC BOOT SSDT acpi0: wakeup devices PXHA(S5) PXHB(S5) DEV3(S5) EXP1(S5) EXP5(S5) EXP6(S5) PCIB(S5) KBC0(S1) MSE0(S1) COM1(S5) COM2(S5) USB1(S4) USB2(S4) USB3(S4) USB4(S4) EUSB(S4) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Core(TM)2 CPU 6600 @ 2.40GHz, 2394.32 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,CX16,xTPR,NXE,LONG cpu0: 4MB 64b/line 16-way L2 cache cpu0: apic clock running at 266MHz cpu1 at mainbus0: apid 1 (application processor) cpu1: Intel(R) Core(TM)2 CPU 6600 @ 2.40GHz, 2394.00 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,CX16,xTPR,NXE,LONG cpu1: 4MB 64b/line 16-way L2 cache ioapic0 at mainbus0 apid 2 pa 0xfec0, version 20, 24 pins ioapic1 at mainbus0 apid 3 pa 0xfecc, version 20, 24 pins ioapic2 at mainbus0 apid 4 pa 0xfecc0400, version 20, 24 pins acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 2 (PXHA) acpiprt2 at acpi0: bus 3 (PXHB) acpiprt3 at acpi0: bus -1 (DEV3) acpiprt4 at acpi0: bus 9 (EXP1) acpiprt5 at acpi0: bus 13 (EXP5) acpiprt6 at acpi0: bus 14 (EXP6) acpiprt7 at acpi0: bus 15 (PCIB) acpicpu0 at acpi0 acpicpu1 at acpi0 acpibtn0 at acpi0: PWRB ipmi at mainbus0 not configured pci0 at mainbus0 bus 0: configuration mode 1 pchb0 at pci0 dev 0 function 0 "Intel E7230 Host" rev 0xc0 ppb0 at pci0 dev 1 function 0 "Intel E7230 PCIE" rev 0xc0: apic 2 int 16 (irq 10) pci1 at ppb0 bus 1 ppb1 at pci1 dev 0 function 0 "Intel PCIE-PCIE" rev 0x09 pci2 at ppb1 bus 2 "Intel IOxAPIC" rev 0x09 at pci1 dev 0 function 1 not configured ppb2 at pci1 dev 0 function 2 "Intel PCIE-PCIE" rev 0x09 pci3 at ppb2 bus 3 ppb3 at pci3 dev 3 function 0 "Intel IOP331 PCIX-PCIX" rev 0x07 pci4 at ppb3 bus 4 ami0 at pci4 dev 14 function 0 "Symbios Logic MegaRAID SATA 4x/8x" rev 0x07: apic 4 int 4 (irq 10) ami0: LSI 3008, 32b, FW 815C, BIOS vH432, 128MB RAM ami0: 1 channels, 0 FC loops, 1 logical drives scsibus0 at ami0: 40 targets sd0 at scsibus0 targ 0 lun 0: SCSI2 0/direct fixed sd0: 1907348MB, 243152 cyl, 255 head, 63 sec, 512 bytes/sec, 3906248704 sec total scsibus1 at ami0: 16 targets "Intel IOxAPIC" rev 0x09 at pci1 dev 0 function 3 not configured ppb4 at pci0 dev 28 function 0 "Intel 82801GB PCIE" rev 0x01: apic 2 int 17 (irq 11) pci5 at ppb4 bus 9 ppb5 at pci0 dev 28 function 4 "Intel 82801G PCIE" rev 0x01: apic 2 int 17 (irq 11) pci6 at ppb5 bus 13 em0 at pci6 dev 0 function 0 "Intel PRO/1000MT (82573E)" rev 0x03: apic 2 int 16 (irq 10), address 00:30:48:8b:b6:76 ppb6 at pci0 dev 28 function 5 "Intel 82801G PCIE" rev 0x01: apic 2 int 16 (irq 10) pci7 at ppb6 bus 14 em1 at pci7 dev 0 function 0 "Intel PRO/1000MT (82573L)" rev 0x00: apic 2 int 17 (irq 11), address 00:30:48:8b:b6:77 uhci0 at pci0 dev 29 function 0 "Intel 82801GB USB" rev 0x01: apic 2 int 23 (irq 5) uhci1 at pci0 dev 29 function 1 "Intel 82801GB USB" rev 0x01: apic 2 int 19 (irq 10) uhci2 at pci0 dev 29 function 2 "Intel 82801GB USB" rev 0x01: apic 2 int 18 (irq 11) uhci3 at pci0 dev 29 function 3 "Intel 82801GB USB" rev 0x01: apic 2 int 16 (irq 10) ehci0 at pci0 dev 29 function 7 "Intel 82801GB USB" rev 0x01: apic 2 int 23 (irq 5) usb0 at ehci0: USB revision 2.0 uhub0 at usb0 "Intel EHCI root hub" rev 2.00/1.00 addr 1 ppb7 at pci0 dev 30 function 0 "Intel 82801BA Hub-to-PCI" rev 0xe1 pci8 at ppb7 bus 15 vga1 at pci8 dev 4 function 0 "ATI ES1000" rev 0x02 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emula
Re: fsck large filesystem, memory limit problem
Isn't this the 1GB application limit mentioned in FAQ 14.7 - " By the time one gets to a 2TB file system with default fragment and block sizes, fsck will require 1GB RAM to run, which is the application limit under OpenBSD. Larger fragments and/or blocks will reduce the number of inodes, and allow for larger file systems."? Will wrote: Hello all, I just upgraded to 4.3, and I would like to congratulate the devs on another wonderful release! shutdown -p works and the wbng sensor support was a nice surprise. However, the most useful feature to me was the support for ffs2. I upgraded without a hitch, and repartitioned from a 1tb filesystem to a 2tb share mount point. However, when I try to fsck the system just to make sure everything is ok, I receive this error: # fsck -f /dev/sd0i ** /dev/rsd0i ** File system is already clean cannot alloc 485015042 bytes for lncntp I just upgraded to 3gb ram, so that should be a non-issue according to the faq. I have tried `ulimit -d unlimited` (as suggested previously in the archives), but the data limit will not go above 1048576, which I suspect to be the problem. I'm sure that there is another silly limit I am missing somewhere. Thanks for any help! -William Here is a dmesg of my system: OpenBSD 4.3 (GENERIC.MP) #1: Sat May 3 17:08:02 EDT 2008 [EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 3219636224 (3070MB) avail mem = 3110854656 (2966MB) mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.51 @ 0xbfeea000 (35 entries) bios0: vendor Phoenix Technologies LTD version "6.00" date 07/12/2006 bios0: Supermicro PDSM4+ acpi0 at bios0: rev 0 acpi0: tables DSDT FACP MCFG APIC BOOT SSDT acpi0: wakeup devices PXHA(S5) PXHB(S5) DEV3(S5) EXP1(S5) EXP5(S5) EXP6(S5) PCIB(S5) KBC0(S1) MSE0(S1) COM1(S5) COM2(S5) USB1(S4) USB2(S4) USB3(S4) USB4(S4) EUSB(S4) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Core(TM)2 CPU 6600 @ 2.40GHz, 2394.32 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,CX16,xTPR,NXE,LONG cpu0: 4MB 64b/line 16-way L2 cache cpu0: apic clock running at 266MHz cpu1 at mainbus0: apid 1 (application processor) cpu1: Intel(R) Core(TM)2 CPU 6600 @ 2.40GHz, 2394.00 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,CX16,xTPR,NXE,LONG cpu1: 4MB 64b/line 16-way L2 cache ioapic0 at mainbus0 apid 2 pa 0xfec0, version 20, 24 pins ioapic1 at mainbus0 apid 3 pa 0xfecc, version 20, 24 pins ioapic2 at mainbus0 apid 4 pa 0xfecc0400, version 20, 24 pins acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 2 (PXHA) acpiprt2 at acpi0: bus 3 (PXHB) acpiprt3 at acpi0: bus -1 (DEV3) acpiprt4 at acpi0: bus 9 (EXP1) acpiprt5 at acpi0: bus 13 (EXP5) acpiprt6 at acpi0: bus 14 (EXP6) acpiprt7 at acpi0: bus 15 (PCIB) acpicpu0 at acpi0 acpicpu1 at acpi0 acpibtn0 at acpi0: PWRB ipmi at mainbus0 not configured pci0 at mainbus0 bus 0: configuration mode 1 pchb0 at pci0 dev 0 function 0 "Intel E7230 Host" rev 0xc0 ppb0 at pci0 dev 1 function 0 "Intel E7230 PCIE" rev 0xc0: apic 2 int 16 (irq 10) pci1 at ppb0 bus 1 ppb1 at pci1 dev 0 function 0 "Intel PCIE-PCIE" rev 0x09 pci2 at ppb1 bus 2 "Intel IOxAPIC" rev 0x09 at pci1 dev 0 function 1 not configured ppb2 at pci1 dev 0 function 2 "Intel PCIE-PCIE" rev 0x09 pci3 at ppb2 bus 3 ppb3 at pci3 dev 3 function 0 "Intel IOP331 PCIX-PCIX" rev 0x07 pci4 at ppb3 bus 4 ami0 at pci4 dev 14 function 0 "Symbios Logic MegaRAID SATA 4x/8x" rev 0x07: apic 4 int 4 (irq 10) ami0: LSI 3008, 32b, FW 815C, BIOS vH432, 128MB RAM ami0: 1 channels, 0 FC loops, 1 logical drives scsibus0 at ami0: 40 targets sd0 at scsibus0 targ 0 lun 0: SCSI2 0/direct fixed sd0: 1907348MB, 243152 cyl, 255 head, 63 sec, 512 bytes/sec, 3906248704 sec total scsibus1 at ami0: 16 targets "Intel IOxAPIC" rev 0x09 at pci1 dev 0 function 3 not configured ppb4 at pci0 dev 28 function 0 "Intel 82801GB PCIE" rev 0x01: apic 2 int 17 (irq 11) pci5 at ppb4 bus 9 ppb5 at pci0 dev 28 function 4 "Intel 82801G PCIE" rev 0x01: apic 2 int 17 (irq 11) pci6 at ppb5 bus 13 em0 at pci6 dev 0 function 0 "Intel PRO/1000MT (82573E)" rev 0x03: apic 2 int 16 (irq 10), address 00:30:48:8b:b6:76 ppb6 at pci0 dev 28 function 5 "Intel 82801G PCIE" rev 0x01: apic 2 int 16 (irq 10) pci7 at ppb6 bus 14 em1 at pci7 dev 0 function 0 "Intel PRO/1000MT (82573L)" rev 0x00: apic 2 int 17 (irq 11), address 00:30:48:8b:b6:77 uhci0 at pci0 dev 29 function 0 "Intel 82801GB USB" rev 0x01: apic 2 int 23 (irq 5) uhci1 at pci0 dev 29 function 1 "Intel 82801GB USB" rev 0x01: apic 2 int 19 (irq 10) uhci2 at pci0 dev 29 function 2 "Intel 82801GB USB" rev 0x01: apic 2 int 18 (irq 11) uhci3 at pci0 dev 29 function 3 "Intel 82801GB USB" rev 0x01: apic 2 int 16 (irq 10) ehci0 at pci0 dev 29
PF Congestion and state table question
Hi, After successfully putting into testing the new firewall setup with some of our services, we are seeing some low congestion issues It's not major, but since I'm only throwing it half our expected traffic for the time being, I would have liked it to be at 0. Our setup is a 4.3 i386 (Xeon 3GHz) box with 6 Intel gigabit interfaces (em), all of them having at least one carp interface, and 2 of them having trunked VLANs. NAT is only applied to outgoing traffic, which is very minimal. Just about all of the traffic that I'm sending to it right now consists of very small XML requests over HTTP, so low throughput but very high session count. All the interfaces have the speed and duplex hardcoded at the switch and system level. Here's a link that includes some possible debugging information from pfctl -si, some sysctl parameters, top load and dmesg: http://www.sjohnson.info/other/diaginfo.txt And here's the set of PF rules that are active: http://www.sjohnson.info/other/pf.conf Just about all the traffic that is coming in at the moment is hitting that first "pass in quick" rule. Is the congestion issue that I'm getting considered "normal" under that type of traffic and with the present hardware? Are there any other settings that I should look into tweaking? Also, is it expected that a total of 135K sessions in our link load balancers give us around 550K sessions with PF? I now know it's supposed to be at least double because of the directional state entry, but I just find the number alerting, especially since it was close to a 1:1 when we compared them to our netfilter states (agreeing that state processing is completely different between the two). This is with aggressive setting, as I was getting passed 750K sessions with conservative setting. Thanks again for help, Steve Johnson
Re: fsck large filesystem, memory limit problem
I did see that, but did not realize that the 1GB limit is not a user-configurable feature. Even so, the FAQ implies that a 2TB filesystem is possible with default options, which is what I have. relevant output of df: Filesystem 512-blocks Used Avail Capacity Mounted on /dev/sd0i 3758267452 1935576944 163477713654%/mnt/share -William On Thu, May 8, 2008 at 5:04 PM, David J. Stillman <[EMAIL PROTECTED]> wrote: > Isn't this the 1GB application limit mentioned in FAQ 14.7 - " By the time > one gets to a 2TB file system with default fragment and block sizes, fsck > will require 1GB RAM to run, which is the application limit under OpenBSD. > Larger fragments and/or blocks will reduce the number of inodes, and allow > for larger file systems."? > > Will wrote: >> >> Hello all, >> >> I just upgraded to 4.3, and I would like to congratulate the devs on >> another wonderful release! shutdown -p works and the wbng sensor >> support was a nice surprise. However, the most useful feature to me >> was the support for ffs2. >> >> I upgraded without a hitch, and repartitioned from a 1tb filesystem to >> a 2tb share mount point. However, when I try to fsck the system just >> to make sure everything is ok, I receive this error: >> >> # fsck -f /dev/sd0i >> ** /dev/rsd0i >> ** File system is already clean >> cannot alloc 485015042 bytes for lncntp >> >> I just upgraded to 3gb ram, so that should be a non-issue according to the >> faq. >> >> I have tried `ulimit -d unlimited` (as suggested previously in the >> archives), but the data limit will not go above 1048576, which I >> suspect to be the problem. I'm sure that there is another silly limit >> I am missing somewhere. >> >> Thanks for any help! >> -William >> >> Here is a dmesg of my system: >> >> OpenBSD 4.3 (GENERIC.MP) #1: Sat May 3 17:08:02 EDT 2008 >> [EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/GENERIC.MP >> real mem = 3219636224 (3070MB) >> avail mem = 3110854656 (2966MB) >> mainbus0 at root >> bios0 at mainbus0: SMBIOS rev. 2.51 @ 0xbfeea000 (35 entries) >> bios0: vendor Phoenix Technologies LTD version "6.00" date 07/12/2006 >> bios0: Supermicro PDSM4+ >> acpi0 at bios0: rev 0 >> acpi0: tables DSDT FACP MCFG APIC BOOT SSDT >> acpi0: wakeup devices PXHA(S5) PXHB(S5) DEV3(S5) EXP1(S5) EXP5(S5) >> EXP6(S5) PCIB(S5) KBC0(S1) MSE0(S1) COM1(S5) COM2(S5) USB1(S4) USB2(S4) >> USB3(S4) USB4(S4) EUSB(S4) >> acpitimer0 at acpi0: 3579545 Hz, 24 bits >> acpimadt0 at acpi0 addr 0xfee0: PC-AT compat >> cpu0 at mainbus0: apid 0 (boot processor) >> cpu0: Intel(R) Core(TM)2 CPU 6600 @ 2.40GHz, 2394.32 MHz >> cpu0: >> >> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,CX16,xTPR,NXE,LONG >> cpu0: 4MB 64b/line 16-way L2 cache >> cpu0: apic clock running at 266MHz >> cpu1 at mainbus0: apid 1 (application processor) >> cpu1: Intel(R) Core(TM)2 CPU 6600 @ 2.40GHz, 2394.00 MHz >> cpu1: >> >> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,CX16,xTPR,NXE,LONG >> cpu1: 4MB 64b/line 16-way L2 cache >> ioapic0 at mainbus0 apid 2 pa 0xfec0, version 20, 24 pins >> ioapic1 at mainbus0 apid 3 pa 0xfecc, version 20, 24 pins >> ioapic2 at mainbus0 apid 4 pa 0xfecc0400, version 20, 24 pins >> acpiprt0 at acpi0: bus 0 (PCI0) >> acpiprt1 at acpi0: bus 2 (PXHA) >> acpiprt2 at acpi0: bus 3 (PXHB) >> acpiprt3 at acpi0: bus -1 (DEV3) >> acpiprt4 at acpi0: bus 9 (EXP1) >> acpiprt5 at acpi0: bus 13 (EXP5) >> acpiprt6 at acpi0: bus 14 (EXP6) >> acpiprt7 at acpi0: bus 15 (PCIB) >> acpicpu0 at acpi0 >> acpicpu1 at acpi0 >> acpibtn0 at acpi0: PWRB >> ipmi at mainbus0 not configured >> pci0 at mainbus0 bus 0: configuration mode 1 >> pchb0 at pci0 dev 0 function 0 "Intel E7230 Host" rev 0xc0 >> ppb0 at pci0 dev 1 function 0 "Intel E7230 PCIE" rev 0xc0: apic 2 int 16 >> (irq 10) >> pci1 at ppb0 bus 1 >> ppb1 at pci1 dev 0 function 0 "Intel PCIE-PCIE" rev 0x09 >> pci2 at ppb1 bus 2 >> "Intel IOxAPIC" rev 0x09 at pci1 dev 0 function 1 not configured >> ppb2 at pci1 dev 0 function 2 "Intel PCIE-PCIE" rev 0x09 >> pci3 at ppb2 bus 3 >> ppb3 at pci3 dev 3 function 0 "Intel IOP331 PCIX-PCIX" rev 0x07 >> pci4 at ppb3 bus 4 >> ami0 at pci4 dev 14 function 0 "Symbios Logic MegaRAID SATA 4x/8x" rev >> 0x07: apic 4 int 4 (irq 10) >> ami0: LSI 3008, 32b, FW 815C, BIOS vH432, 128MB RAM >> ami0: 1 channels, 0 FC loops, 1 logical drives >> scsibus0 at ami0: 40 targets >> sd0 at scsibus0 targ 0 lun 0: SCSI2 0/direct fixed >> sd0: 1907348MB, 243152 cyl, 255 head, 63 sec, 512 bytes/sec, 3906248704 >> sec total >> scsibus1 at ami0: 16 targets >> "Intel IOxAPIC" rev 0x09 at pci1 dev 0 function 3 not configured >> ppb4 at pci0 dev 28 function 0 "Intel 82801GB PCIE" rev 0x01: apic 2 int >> 17 (irq 11) >> pci5 at ppb4 bus 9 >> ppb5 at pci0 dev 28 function 4 "Intel 82801G PCIE" rev 0x01: apic 2
ftpchroot root directories
Greetings. I'm setting up ftp access* for a number of users to a directory structure like this (assume "/" is an alias for the top of the tree): Username directory perms user1/ rw user2/projects r user3/projects rw user4/ r The FAQ and the ftpd(8) manpage say that chrooting goes to a user's home directory, and nothing about permissions. Is there some other way of setting this up? thanks dn ps. FTP is the client's choice, not mine. Same with this directory structure.
Re: (stupid?) softraid question
On 2008-05-08, Per olof Ljungmark <[EMAIL PROTECTED]> wrote: > Hi, > Just got 4.3 up and running and saw in dmesg output: > softraid0 at root > > Well, I do not want softraid and did not try to configure it. Can I just > safely ignore the message? Yes.
Re: nagios monitoring of a remote openntp service
On 2008-05-08, Chris Kuethe <[EMAIL PROTECTED]> wrote: > On Thu, May 8, 2008 at 8:52 AM, Brian A. Seklecki ><[EMAIL PROTECTED]> wrote: >> Nagios checks almost never have sufficient debugging mechanisms, and UDP >> services dont send RST+ICMP. > > you should get an ICMP port unreachable if there is no UDP service listening. > > i haven't looked at nagios, but i wonder if it's not trying to use NTP > "mode 6" control messages to get more status information out of the > daemon. openntpd doesn't support these queries... check_ntp_peer does exactly that. >> You an always: $ sudo ntpdate -qdv [host to check] > > or "rdate -pnv ". quite some time ago i added a check to make > rdate bail out if the server is unsync'd. > > ... > if ((data.status & STATUS_ALARM) == STATUS_ALARM) { > warnx("Ignoring NTP server with alarm flag set"); > return (-1); > } > ... > > CK > check_ntp_time says "NTP CRITICAL: Offset unknown|" if that happens, same as if the server isn't running. Not quite as much information as it could give, but if you're basically looking to be alerted when your server is broken, it's still helpful.
Re: gmake error, please help :)
vatocleti wrote: Louis V. Lambrecht-3 wrote: vatocleti wrote: Hey all, I'm running OpenBSD 4.2/i386 and am booting bsd.mp. I have brought over a linux program that uses gcc as the compiler. I have installed the following sets: - gmake-3.80p1.tgz - gettext-0.14.6p0.tgz - libiconv-1.9.2p3.tgz and when I do a "gmake" I get the following two errors: - " /bin/gmake[1]: ELF: not found" - "/bin/gmake[365]: no closing quote any ideas? Thanks, v. gmake != gcc != g++ Hi, This worked for me on a different system running the amd64 image, but trying the same process with the same sets on a i386 (bsd.mp) image, I get the error...not sure why? If I have a linux app, should I be able to build with the native bsd make or do I need GNU (gmake)? thanks in advance. We need more info: - you list 3 applications you installed, to compile with gcc, but you don't list gcc - you have an error /bin/gmake[1]: ELF: not found line 1, the shabang. on my system which gmake returns /usr/local/bin/gmake - an error as "no closing quotes" can be what it means. It can be an error of the author. It can be caused by a Linuxism as using Ctrl+Enter to write a non-breaking space. Can be caused by a plain cp from one slice to the other without using FTP or NFS (which make the needed conversions as dos2unix ...) List goes on. Can be a bug. - have both systems you tried on the same toolchain? What is a Linux app? Portable sources should not have problems to compile with the proper toolchain.
Re: PF Congestion and state table question
Hi, Sorry, I hadn't noticed that I had removed that part of information by mistake when I split the debug information in a different file. I had been told about that setting and had seen the thread, which stated around 256MB per gigabit interface. I had tested from 1000 up to 2500, and although it did reduce the congestion a lot, I was still seeing over 1 per second, which I can't consider that safe for production. I haven't tested higher than 2500 though. Thanks, Steve Thomas Althoff wrote: What about net.inet.ip.ifq.maxlen ? Try net.inet.ip.ifq.maxlen=2500 at least. I don't recall Henning's rule, search the archive something like X times your number of nics. -Thomas -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steve Johnson Sent: den 8 maj 2008 23:18 To: misc@openbsd.org Subject: PF Congestion and state table question Hi, After successfully putting into testing the new firewall setup with some of our services, we are seeing some low congestion issues It's not major, but since I'm only throwing it half our expected traffic for the time being, I would have liked it to be at 0. Our setup is a 4.3 i386 (Xeon 3GHz) box with 6 Intel gigabit interfaces (em), all of them having at least one carp interface, and 2 of them having trunked VLANs. NAT is only applied to outgoing traffic, which is very minimal. Just about all of the traffic that I'm sending to it right now consists of very small XML requests over HTTP, so low throughput but very high session count. All the interfaces have the speed and duplex hardcoded at the switch and system level. Here's a link that includes some possible debugging information from pfctl -si, some sysctl parameters, top load and dmesg: http://www.sjohnson.info/other/diaginfo.txt And here's the set of PF rules that are active: http://www.sjohnson.info/other/pf.conf Just about all the traffic that is coming in at the moment is hitting that first "pass in quick" rule. Is the congestion issue that I'm getting considered "normal" under that type of traffic and with the present hardware? Are there any other settings that I should look into tweaking? Also, is it expected that a total of 135K sessions in our link load balancers give us around 550K sessions with PF? I now know it's supposed to be at least double because of the directional state entry, but I just find the number alerting, especially since it was close to a 1:1 when we compared them to our netfilter states (agreeing that state processing is completely different between the two). This is with aggressive setting, as I was getting passed 750K sessions with conservative setting. Thanks again for help, Steve Johnson
OpenBSD and MSA500
Hi! Did anyone had success with OpenBSD using one of this beasts. Actually OpenBSD runs on the DL380 nicely, but I was unable to detect the MSA500 Disk Array... Any ideas or it simply isn't supported? dmesg follows thanks, Pedro OpenBSD 4.3 (GENERIC) #698: Wed Mar 12 11:07:05 MDT 2008 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel(R) Xeon(TM) CPU 3.40GHz ("GenuineIntel" 686-class) 3.41 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,EST,CNXT-ID,CX16,xTPR real mem = 1073258496 (1023MB) avail mem = 1029750784 (982MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 12/31/99, BIOS32 rev. 0 @ 0xf, SMBIOS rev. 2.3 @ 0xec000 (74 entries) bios0: vendor HP version "P51" date 12/02/2004 bios0: HP ProLiant DL380 G4 acpi0 at bios0: rev 2 acpi0: tables DSDT FACP SPCR MCFG APIC acpi0: wakeup devices acpitimer0 at acpi0: 3579545 Hz, 24 bits acpiprt0 at acpi0: bus 1 (IP2P) acpiprt1 at acpi0: bus 3 (PCXA) acpiprt2 at acpi0: bus 4 (PCXB) acpiprt3 at acpi0: bus 2 (PTA0) acpiprt4 at acpi0: bus 6 (PCXC) acpiprt5 at acpi0: bus 10 (PCXD) acpiprt6 at acpi0: bus 5 (PTC0) acpiprt7 at acpi0: bus 0 (PCI0) acpicpu0 at acpi0 acpitz0 at acpi0: critical temperature 31 degC bios0: ROM list: 0xc/0x8000 0xc8000/0x4000! 0xcc000/0x1800 0xee000/0x2000! cpu0 at mainbus0 cpu0: Enhanced SpeedStep disabled by BIOS pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 "Intel E7520 Host" rev 0x0c ppb0 at pci0 dev 2 function 0 "Intel E7520 PCIE" rev 0x0c pci1 at ppb0 bus 2 ppb1 at pci1 dev 0 function 0 "Intel PCIE-PCIE" rev 0x09 pci2 at ppb1 bus 3 bge0 at pci2 dev 1 function 0 "Broadcom BCM5704C" rev 0x10, BCM5704 B0 (0x2100): irq 5, address 00:12:79:cf:c0:eb brgphy0 at bge0 phy 1: BCM5704 10/100/1000baseT PHY, rev. 0 bge1 at pci2 dev 1 function 1 "Broadcom BCM5704C" rev 0x10, BCM5704 B0 (0x2100): irq 5, address 00:12:79:cf:c0:ea brgphy1 at bge1 phy 1: BCM5704 10/100/1000baseT PHY, rev. 0 ppb2 at pci1 dev 0 function 2 "Intel PCIE-PCIE" rev 0x09 pci3 at ppb2 bus 4 ciss0 at pci3 dev 3 function 0 "Compaq Smart Array 64xx" rev 0x01: irq 5 ciss0: 1 LD, HW rev 1, FW 2.36/2.36 scsibus0 at ciss0: 1 targets sd0 at scsibus0 targ 0 lun 0: SCSI0 0/direct fixed sd0: 34727MB, 4427 cyl, 255 head, 63 sec, 512 bytes/sec, 71122560 sec total ppb3 at pci0 dev 6 function 0 "Intel E7520 PCIE" rev 0x0c: irq 5 pci4 at ppb3 bus 5 ppb4 at pci4 dev 0 function 0 "Intel PCIE-PCIE" rev 0x09 pci5 at ppb4 bus 6 ppb5 at pci4 dev 0 function 2 "Intel PCIE-PCIE" rev 0x09 pci6 at ppb5 bus 10 uhci0 at pci0 dev 29 function 0 "Intel 82801EB/ER USB" rev 0x02: irq 5 uhci1 at pci0 dev 29 function 1 "Intel 82801EB/ER USB" rev 0x02: irq 5 uhci2 at pci0 dev 29 function 2 "Intel 82801EB/ER USB" rev 0x02: irq 5 uhci3 at pci0 dev 29 function 3 "Intel 82801EB/ER USB" rev 0x02: irq 5 ehci0 at pci0 dev 29 function 7 "Intel 82801EB/ER USB2" rev 0x02: irq 5 usb0 at ehci0: USB revision 2.0 uhub0 at usb0 "Intel EHCI root hub" rev 2.00/1.00 addr 1 ppb6 at pci0 dev 30 function 0 "Intel 82801BA Hub-to-PCI" rev 0xc2 pci7 at ppb6 bus 1 vga1 at pci7 dev 3 function 0 "ATI Rage XL" rev 0x27 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) "Compaq iLO" rev 0x01 at pci7 dev 4 function 0 not configured "Compaq iLO" rev 0x01 at pci7 dev 4 function 2 not configured ichpcib0 at pci0 dev 31 function 0 "Intel 82801EB/ER LPC" rev 0x02 pciide0 at pci0 dev 31 function 1 "Intel 82801EB/ER IDE" rev 0x02: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility atapiscsi0 at pciide0 channel 0 drive 0 scsibus1 at atapiscsi0: 2 targets cd0 at scsibus1 targ 0 lun 0: SCSI0 5/cdrom removable cd0(pciide0:0:0): using PIO mode 4 pciide0: channel 1 disabled (no drives) usb1 at uhci0: USB revision 1.0 uhub1 at usb1 "Intel UHCI root hub" rev 1.00/1.00 addr 1 usb2 at uhci1: USB revision 1.0 uhub2 at usb2 "Intel UHCI root hub" rev 1.00/1.00 addr 1 usb3 at uhci2: USB revision 1.0 uhub3 at usb3 "Intel UHCI root hub" rev 1.00/1.00 addr 1 usb4 at uhci3: USB revision 1.0 uhub4 at usb4 "Intel UHCI root hub" rev 1.00/1.00 addr 1 isa0 at ichpcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pms0 at pckbc0 (aux slot) pckbc0: using irq 12 for aux slot wsmouse0 at pms0 mux 0 pcppi0 at isa0 port 0x61 midi0 at pcppi0: spkr0 at pcppi0 npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo pccom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo pccom1: probed fifo depth: 0 bytes fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 biomask ede5 netmask ede5 ttymask ffe7 mtrr: Pentium Pro MTRR support softraid0 at root root on sd0a swap on sd0b dump on sd0b
Re: PF Congestion and state table question
What about net.inet.ip.ifq.maxlen ? Try net.inet.ip.ifq.maxlen=2500 at least. I don't recall Henning's rule, search the archive something like X times your number of nics. -Thomas -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steve Johnson Sent: den 8 maj 2008 23:18 To: misc@openbsd.org Subject: PF Congestion and state table question Hi, After successfully putting into testing the new firewall setup with some of our services, we are seeing some low congestion issues It's not major, but since I'm only throwing it half our expected traffic for the time being, I would have liked it to be at 0. Our setup is a 4.3 i386 (Xeon 3GHz) box with 6 Intel gigabit interfaces (em), all of them having at least one carp interface, and 2 of them having trunked VLANs. NAT is only applied to outgoing traffic, which is very minimal. Just about all of the traffic that I'm sending to it right now consists of very small XML requests over HTTP, so low throughput but very high session count. All the interfaces have the speed and duplex hardcoded at the switch and system level. Here's a link that includes some possible debugging information from pfctl -si, some sysctl parameters, top load and dmesg: http://www.sjohnson.info/other/diaginfo.txt And here's the set of PF rules that are active: http://www.sjohnson.info/other/pf.conf Just about all the traffic that is coming in at the moment is hitting that first "pass in quick" rule. Is the congestion issue that I'm getting considered "normal" under that type of traffic and with the present hardware? Are there any other settings that I should look into tweaking? Also, is it expected that a total of 135K sessions in our link load balancers give us around 550K sessions with PF? I now know it's supposed to be at least double because of the directional state entry, but I just find the number alerting, especially since it was close to a 1:1 when we compared them to our netfilter states (agreeing that state processing is completely different between the two). This is with aggressive setting, as I was getting passed 750K sessions with conservative setting. Thanks again for help, Steve Johnson
Re: PF Congestion and state table question
On 2008-05-08, Steve Johnson <[EMAIL PROTECTED]> wrote: > Is the congestion issue that I'm getting considered "normal" under that > type of traffic and with the present hardware? Are there any other > settings that I should look into tweaking? >> CPU states: 0.2% user, 0.0% nice, 1.9% system, 38.1% interrupt, 59.8% idle cpu% in interrupt (which includes PF processing) will almost certainly spike higher than this instantaneous reading at times, leading to congestion. >> scrub all random-id fragment reassemble do you need to scrub/random-id _all_ of the traffic, in+out, on all interfaces? you're natting on the network Henning suggested you 'set skip' on aren't you... if you can live with that breaking to test, try the 'set skip' anyway and see if it helps enough to be worth working out something else for the nat. btw personally I'd rather have all the information in the list post than have to fetch it by http, I expect it's probably the same for others..
snmpd
I'm a total noob to snmp and was excited snmpd from Reyk is included in 4.3. I started snmpd with the default config and net-snmp-walked the tree. It looks like there is no info about disk usage, memory usage, load and other sensor stuff. I have no clue where to find the mibs (locate mib or locate .txt | grep snmp have no results) or how to load them.. Can I easily extend it with this mib http://www.packetmischief.ca/openbsd/snmp/sensors-mib-tree.txt or is there another way to get disk usage info from OpenBSD's new snmpd? With king regards, Tim Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
Re: Post-intrusion forensics
On Thu, May 08, 2008 at 09:02:48AM -0600, Chris Cameron wrote: > For our Windows/Solaris/Linux servers, we've had PWC say that they're > qualified and able to do post-intrusion forensics on our server(s). > I'm told this will go a long way in making everyone in our company as > well as our customers feel better. Partly because it's an outside > party verification of what happened, and partly because everyone knows > PWC. > > What PWC won't do for us is OpenBSD forensics; and thus the reason for > this email. Does anyone know of a company that does this? We like big > names, but management seems to understand that that isn't always > possible with OpenBSD. You may get more useful responses if you are willing to share your location... is UpNIX your company, or do you happen to have an account with them? Have you considered http://www.openbsd.org/support.html? Of course, all those firms are somewhat smaller than PricewaterhouseCoopers. On the other hand, some developers may be found there (I found Otto Moerbeek and Reyk Floeter in the past; I'm sure I've missed some), and there are quite a few firms specializing in security in one way or another. I am not familiar with any of them, and any advice is likely to be location-dependent anyway. If you find an organization on http://www.openbsd.org/users.html that is in some way related to your own, they may be able to offer some assistance. This is probably not an option for you, but it may be easier to find an company that can audit/pentest OpenBSD than one that can do post-intrusion forensics. OpenBSD has some tricks that can make actually exploiting some common security vulnerabilities more difficult, but that is not necessarily a problem unless you require a pen-test to actually penetrate (as opposed to using it as a way of finding potentially exploitable bugs). If you are willing to undertake action yourself, note that AIDE is in ports (security/aide) and security(8) runs nightly (and can be tuned to watch additional files). Either can be very useful in post-intrusion analysis or even in detecting an intrustion, especially on systems were ,ery few files change legitimately - like on a firewall, where only log files will change. If so inclined, you could include AIDE on a bootable CD containing file checksums. I've also seen a Samhain port on ports@, and tools/sleuthkit is also available. This is not necessarily sufficient for a general range of systems; but if you use OpenBSD (only) as a router and firewall platform, this is a very good - and cheap - way of doing intrusion detection and forensics. Joachim -- TFMotD: quiz (6) - random knowledge tests
Re: snmpd
On Thu, 2008-05-08 at 15:22 -0700, Tim Kuijsten wrote: > It looks like there is no info about disk usage, memory usage, load > and other sensor stuff. I have no clue where to find the mibs (locate > mib or locate .txt | grep snmp have no results) or how to load them.. That's all in HOST-RESOURCES-MIB and UCD-DISKIO-MIB Try: $ snmptable -v2c -c [comm] [host] HOST-RESOURCES-MIB::hrStorageTable $ snmptable -v2c -c [comm] [host] UCD-DISKIO-MIB::diskIOTable The sensor stuff should be committed into the Ports version of Net-SNMP by now. I can get it committed to Pkgsrc if not. Its just not been at the top of my priority list. -- Brian A. Seklecki <[EMAIL PROTECTED]> Collaborative Fusion, Inc.
Re: ftpchroot root directories
On Thu, May 08, 2008 at 02:52:50PM -0700, David Newman wrote: > Greetings. I'm setting up ftp access* for a number of users to a directory > structure like this (assume "/" is an alias for the top of the tree): > > Username directory perms > > user1/ rw > user2/projects r > user3/projects rw > user4/ r > > The FAQ and the ftpd(8) manpage say that chrooting goes to a user's home > directory, and nothing about permissions. > > Is there some other way of setting this up? > ps. FTP is the client's choice, not mine. Same with this directory > structure. You could switch to a more featureful FTP daemon - vsftpd is likely to be enough. It also supports FTP-with-SSL, which, while a many-tentacled monstrosity, is at least preferable to plain FTP. As long as you don't have to traverse stateful firewalls. (In vsftpd's defence, you can open a range of ports only.) However, OpenBSD's ftpd(8) should do. Aside from user4 being able to write to /tmp and so on, at least - user/group permissions should suffice. (Mode 0640? Feel free to set umask to 0137, see login.conf(5)) But you should probably at least try to get your client to consider using sftp instead. Note that you can now have per-user chroots and sftp-only accounts using sshd, and it's both less of a firewall-headache and more secure than FTP. WinSCP is a very usable[1] interface for anyone who is able to use an FTP client. Also note that using sshd makes this directory layout almost sane. FInally, if you do go with FTP, don't allow FTP accounts to log in. Joachim [1] Well, it is a graphical program and runs on Windows. But within those constraints, I haven't had many problems with it. -- PotD: x11/xcursor-themes - X11 Cursors themes
Re: PF Congestion and state table question
* Steve Johnson <[EMAIL PROTECTED]> [2008-05-09 00:25]: > Sorry, I hadn't noticed that I had removed that part of information by > mistake when I split the debug information in a different file. I had been > told about that setting and had seen the thread, which stated around 256MB > per gigabit interface. I had tested from 1000 up to 2500, and although it > did reduce the congestion a lot, I was still seeing over 1 per second, > which I can't consider that safe for production. I haven't tested higher > than 2500 though. you can try a bit more. modern nics tend to shovel a lot of packets per interrupt, and you have 6 of them. don't blindly increase, be careful, but don't stop to early either. -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam
pftop doesn't build with -current
After upgrading to -current today pf did not run after building the kernel and rebooting. After building the userland and rebooting that problem is resolved. But now I can no longer build pftop from ports (cvs): ===> Checking files for pftop-0.7 `/usr/ports/distfiles/pftop-0.7.tar.gz' is up to date. >> (SHA256) pftop-0.7.tar.gz: OK ===> Verifying specs: c curses c curses ===> found c.44.0 curses.10.0 ===> Extracting for pftop-0.7 ===> Patching for pftop-0.7 ===> Configuring for pftop-0.7 ===> Building for pftop-0.7 cc -O2 -pipe -Wall -DOS_LEVEL=42 -nostdinc -idirafter /usr/include -c pftop.c pftop.c: In function `print_rule': pftop.c:1478: error: structure has no member named `states' *** Error code 1 Stop in /usr/ports/sysutils/pftop/w-pftop-0.7/pftop-0.7 (line 92 of /usr/share/mk/sys.mk). *** Error code 1 Stop in /usr/ports/sysutils/pftop (line 2112 of /usr/ports/infrastructure/mk/bsd.port.mk). *** Error code 1 Stop in /usr/ports/sysutils/pftop (line 1412 of /usr/ports/infrastructure/mk/bsd.port.mk). *** Error code 1 Stop in /usr/ports/sysutils/pftop (line 1910 of /usr/ports/infrastructure/mk/bsd.port.mk). *** Error code 1 Stop in /usr/ports/sysutils/pftop (line 1442 of /usr/ports/infrastructure/mk/bsd.port.mk). Thank you for any assistance. -- Chris
n2k8 network hackathon
Perhaps some who watch the commit logs have already figured out that most of the network developers are currently involved in a week-long network hackathon in Japan. A bit more information about this can be found at http://openbsd.org/hackathons.html#n2k8 We are in a rather old hotel with an onsen in a seaside village, but even with all the local distractions, the developer's noses are mostly stuck in the code. There are lots of commits happening to the network parts of the tree. Many future projects are being worked on too. We would really like to thank Mark Uemura for putting us up in this location and doing so much preparation and setup for the event.
www.rchaker.com
Hebergement + Domaine Gratuit Economy Plan Features 10 GB Space 300 GB Transfer 500 Email Accounts No FTP access 10 MySQL Databases 50 Email Forwards Forums, Blogging, Photos 1300 DH/an Deluxe Plan Features 150 GB Space 1,500 GB Transfer 1,000 Email Accounts Unlimited Web sites FTP access 25 MySQL Databases Unlimited Email Forwards Forums, Blogging, Photo Galleries 3500 DH/an Premium Plan Features FREE! SSL Certificate 300 GB Space 3,000 GB Transfer 2,000 Email Accounts Unlimited Web sites FTP access 50 MySQL Databases Unlimited Email Forwards Forums, Blogging, Photos 6000 DH/an Nos services Resolution des problemes Optimisation de la vitesse d'ordinateur Gestion et protection Computer Upgrades Assemblage d'ordinateur, installation de logiciels Data Recovery Conception de sites Web Reparation de PC et aide a distance Securite des systemes, WAN et LANs Modelisation et simulation informatiques Formation profesionnelle www.rchaker.com
OpenBSD release building systems
Hi list, After reading [0], [1] and [2] once again (it never hurts, hey?), I started wondering the following. We know [3] that big parts of OpenBSD releases, for several archs, are built in Theo's basement [4]. But what I have not been able to work out is what version of OpenBSD these machines are actually running. Is this -current, or the latest -stable? Moreover, when it comes to upgrading these machines, what is the preferred way to do so? Is this using the freshly backed new install media to upgrade, maybe bsd.rd [5], or is it a complete reinstall? I'm just being curious here (: Thanks. [0] http://www.openbsd.org/stable.html [1] http://www.openbsd.org/faq/upgrade43.html [2] http://www.openbsd.org/faq/faq5.html [3] http://marc.info/?l=openbsd-misc&m=110098157015931&w=2 [4] http://www.openbsd.org/images/newrack.jpg [5] http://www.openbsd.org/faq/faq4.html#bsd.rd -- Olivier Mehani <[EMAIL PROTECTED]> PGP fingerprint: 3720 A1F7 1367 9FA3 C654 6DFB 6845 4071 E346 2FD1
tpwireless
Anyone know of any documentation on tpwireless? Specifically how to "re-set" the bit that it unsets. There isnt a man page and there aren't and switches to cause 'usage' to show up. I'm not completely sure that this is the problem but my X41 does not see the original iwi card that was in there. My dmesg is exactly the same as a regular X41, just doesn't show anything about the card anymore. Also no error on boot about the card being "non-centrino" like I have seen when cards just need to be reseated. Would be willing to try to reset this bit to see if that helps. If not i guess i can recompile it. Any thoughts would be greatly appreciated. Thank you .adam.
Re: n2k8 network hackathon
On 8 May 2008, at 20:24, Theo de Raadt wrote: > Perhaps some who watch the commit logs have already figured out that > most of the network developers are currently involved in a week-long > network hackathon in Japan. > > A bit more information about this can be found at > http://openbsd.org/hackathons.html#n2k8 Any pictures of the festivities online? Gaby. -- Junkets for bunterish lickspittles since 1998! http://www.playr.co.uk/
Re: OpenBSD release building systems
On Fri, May 09, 2008 at 10:39:39AM +1000, Olivier Mehani wrote: > Hi list, > > After reading [0], [1] and [2] once again (it never hurts, hey?), I > started wondering the following. > > We know [3] that big parts of OpenBSD releases, for several > archs, are built in Theo's basement [4]. But what I have not been able > to work out is what version of OpenBSD these machines are actually > running. Is this -current, or the latest -stable? > > Moreover, when it comes to upgrading these machines, what is the > preferred way to do so? Is this using the freshly backed new install > media to upgrade, maybe bsd.rd [5], or is it a complete reinstall? OpenBSD, as a general rule, can only be built on a system "close" to the target: -release to -stable, -current to a -current released not much later, and so on. So I'm fairly certain the machines used for -stable run -stable, etc. In general, upgrading is done by the documented upgrade procedure, although those specific machines could be handled another way. I don't know. Joachim -- TFMotD: evcount, evcount_attach, evcount_detach (9) - generic interrupt and event counter kernel API
Re: ral(4) hostap plea
James Turner wrote: I've been trying to get my new ral(4) card to work like I would expect it to. I've read through most if not all the talk on misc@ about running these cards in hostap mode. I would really like to replace my wi(4), which works really well, with my new ral(4) and enjoy 11g and later wpa. Sadly, the performance is just not there in both 11b or 11g modes. Some info, the ral(4) is a Gigabyte GN-WP01GS which is an RT2561S. My basic hostname.ral0 reads: inet 192.168.1.1 255.255.255.0 NONE media autoselect mode 11g mediaopt hostap nwid my_net nwkey secret chan 11. I've enabled RAL_DEBUG in my kernel and selected one of the standard channels with the highest power. This is on 4.2 -release + patches. If anyone has any new or additional information that might be helpful I would greatly appreciate it, otherwise I guess I'll stick to my trusted wi(4). I used to have terrible reception and connectivity with my ral(4) when using OBSD4.0. It was always shutting down the interface, setting the OACTIVE bit. There was a nice patch in 4.1 that fixed this issue and upgrading almost eliminated my problems. I also determined that my ral(4) had a crappy antenna. I used an antenna with a 2 foot pigtail in order to get it up above my equipment. Then I built a parabolic shield like the one found here: http://www.freeantennas.com/projects/template/. After that, my WLAN works like a dream. I was so frustrated for such a long time and was ready to go back to my Linksys wireless router. However, a little troubleshooting, upgrading, and tweaking got everything running like a champ. I would say don't blame the OS. I have also had the experience that no matter what I do the reception/connectivity just sucks. That has been my experience with Planet Wireless NICs. I'm currently using LevelOne NICs (PCI and PCcard) and I'm extremely satisfied. We also have Macs that wirelessly stream video via 11g through the OpenBSD firewall and I've never had a problem. I would know if there were issues because my girlfriend would be bitching if she couldn't stream her shows. I'd also like to note that antenna impedance matching can play a factor. I've got a Planet Wireless antenna connected to the LevelOne NIC. I was able to get higher signal strength on the LevelOne NIC with the Planet W. antenna than with the original LevelOne antenna. One other thing I noticed is that my 2.4GHz cordless phones reduced signal for some NICs more than others. Try experimenting with different channels. Here is my LevelOne PCI card that I bought from NewEgg years ago: ral0 at pci0 dev 12 function 0 "Ralink RT2561S" rev 0x00: irq 11, address 00:11:6b:37:07:b2 ral0: MAC/BBP RT2661B, RF RT2527 -pachl
Re: tpwireless
On Thu, 8 May 2008, Adam Patterson wrote: > Anyone know of any documentation on tpwireless? Specifically how to "re-set" > the bit that it unsets. There isnt a man page and there aren't and switches to > cause 'usage' to show up. There are no flags. There is no usage doc. However, if you edit the source and change the line: b |= 0x80; to read: b &= ~0x80; recompile and execute tpwireless, then it will clear the magic bit instead of setting it. -d
Re: tpwireless
Damien Miller wrote: On Thu, 8 May 2008, Adam Patterson wrote: Anyone know of any documentation on tpwireless? Specifically how to "re-set" the bit that it unsets. There isnt a man page and there aren't and switches to cause 'usage' to show up. There are no flags. There is no usage doc. However, if you edit the source and change the line: b |= 0x80; to read: b &= ~0x80; recompile and execute tpwireless, then it will clear the magic bit instead of setting it. -d Well. I didn't think that was it because I heard that bit didn't do anything on these models. Changed source, recompiled and that worked perfect. Thanks for such a quick response Damien.
Re: Thinkpad X41 and tpwireless
Thomas Menari wrote: I have a X41 Tablet, and it has standard Atheros wireless: 04:02.0 Ethernet controller: Atheros Communications, Inc. AR5212 802.11abg NIC (rev 01) Tom. [demime 1.01d removed an attachment of type application/pgp-signature] You have any issues with that card or does it work fine. Maybe I'll buy one of those instead of downgrading to this slower X40 just to use wireless. Although I got it for an extended trip to India but it doesn't seem like there will be much wireless around anyway. :)
on K8M800: k8pnow_read_pending_wait: change pending stuck. hangs machine [solved]
Posting this so others may find this solution. Recently, my box was hanging. I noticed in my dmesg "k8pnow_read_pending_wait: change pending stuck." Essentially, when reducing the vid and fid (Cool'nQuiet,) something goes awry. I had recently replaced my video card with something else, then something else again. Both these cards were causing the problem. The culprits are a radeon 9000 all-in-wonder and the integrated via unichrome pro igp video on the K8M800. Googling for the problem, I found cases of linux users with the same problem. Some indications are that the EVGA e-GeForce MX 4000 will also cause the problem. It seems that this is a problem with the K8M800 from via. Here's the link to their product page: http://www.via.com.tw/en/products/chipsets/k8-series/k8m800/ The A00 revision of the Matrox G45+ (G450) works fine though, that's what I'm currently using. So: avoid the K8M800 unless you have a cache of video cards and you don't mind which one you use. Hell, I'd just avoid the K8M800, the damn integrated video on the chip does not play well with the rest of the chip! Seriously, guys. -- Travers Buda
Final EUSecWest 2008 Speakers London May 21/22
The selected papers for EUSecWest 2008 are: * PhlashDance, discovering permanent denial of service attacks against embedded systems - Rich Smith, HP Labs * Attacking Near Field Communications (NFC) Mobile Phones - Collin Muliner, trifinite * Abusing X.509 certificate features - Alexander Klink, Cynops GmbH * Phoenix, and automated vulnerability finding - Tim Burrell, Microsoft * Cisco IOS Rootkits - Sebastian Muqiz, Core * Advances in attacking interpreted languages - Justin Ferguson, IOActive * One Token to Rule Them All: Post-Exploitation Fun in Windows Environments - Luke Jennings, MWR InfoSecurity * Building the bridge between the Web Application and the OS: GUI access through SQL Injection - Alberto Revelli, Portcullis * Satellite Systems - Adam Laurie, RFIDIOt.org * Browser Exploits - Attacks and Defense - Saumil Shah, Net Square * WebSphere MQ Security - Martyn Ruks, MWR InfoSecurity Paper synopses are now up on the website. This year there will be three Security Masters Dojo courses on May 19/20, including a new course from Foundstone: * Ultimate Web Hacking - Nick Murison, Foundstone, a division of McAfee * Advanced Honeypot Tactics - Thorsten Holz, Aachen University * The Exploit Laboratory - Advanced Edition Saumil Shah and Christopher Owen Net-Square and Consault cheers, --dr -- World Security Pros. Cutting Edge Training, Tools, and Techniques London, U.K. May 21/22 - 2008http://eusecwest.com pgpkey http://dragos.com/ kyxpgp
Re: net-snmp and openbsd
I got it going..finally just removed the package and installed it from ports and it worked like a charm. Still having issues with graphing it using cacti. Any know how...would be great to know. Thx. On May 7, 2008, at 4:15 PM, Aaron Glenn wrote: On Tue, May 6, 2008 at 10:03 PM, Parvinder Bhasin <[EMAIL PROTECTED]> wrote: Appreciate any help. Thanks :) Does netstat show it listening on the correct IP? any reason to run net-snmp? I'd use the base snmpd unless you have a very specific reason to run net-snmp. aaron.glenn
Re: How to copy/pipe console buffert to file?
Screen is a awesome tool but it can't capture everything what's happened during boot. The dd-solusion did the trick perfectly, exempt when I put the data into Microsoft Windows because there was a bunch of unwritable characters that I had to take care of. Thanks anyway Regards rancor On Thu, May 8, 2008 at 10:06 PM, Joachim Schipper < [EMAIL PROTECTED]> wrote: > On Thu, May 08, 2008 at 12:37:47PM +0200, rancor wrote: > > Hi > > > > Is there any way of copy/pipe the information on the console to a file? I > > need the same information that I can see of I hold down Ctrl+Shift and > using > > PageUp/Down when I'm on the console. I'm not using serial, that would be > > simple but I'm stuck right on the machine. > > While Mickey's solution is rather cool, misc/screen would allow you to > copy text off the screen (Ctrl-A [, select. Ctrl-A ]). It also has a lot > of other useful commands. > > Of course, screen isn't found everywhere, while dd pretty much is. > >Joachim > > -- > TFMotD: term (7) - conventions for naming terminal types
How to filter based on application protocol being used
Hello All Since many of standard services can be made to listen on any port on the server side, and proxies with custom configuration can be used in cases otherwise, how effective is a firewall if it blocks based on standard service ports? Is there a way in which the application protocols being used can be detected and then this knowledge be used to let pf know what to filter and what not? So, is there some way to ensure that traffic to port 53 is in fact not from a program like iodine and what goes to port 80 is only HTTP/HTTPS, and so on for all the common protocols? With my little bit of knowledge what I figure is that we need some piece of software(s) which understands each protocol thoroughly, can look at raw packets in real-time and detect the protocol being used. Even then, it may get bypassed in cases like 'protocol obfuscation' feature of eMule being used, or if sufficient amount of random garbage traffic is generated to deter proper analysis. Please correct if I am wrong or the question itself is impertinent to this list. Any help will be great. Thanks in advance. Srikant Tangirala.
Re: How to filter based on application protocol being used
On Fri, May 09, 2008 at 10:40:18AM +0530, Srikant Tangirala wrote: > let pf know what to filter and what not? So, is > there some way to ensure that traffic to port 53 > is in fact not from a program like iodine and what > goes to port 80 is only HTTP/HTTPS, and so on > for all the common protocols? With my little bit you can redirect the outgoing traffic through a pf proxy which understands and enforces the common parts of the protocol. this does not prevent anyone to tunnel something else in the well-defined protocol, like SSH over DNS, but it at least allows to make it a little bit stricter. examples are ftp-proxy(8), tftp-proxy(8), relayd(8) (DNS, HTTP, and more), ... some people also like squid with pf patches from ports; but i'm feeling sorry for them. reyk
Re: n2k8 network hackathon
On Fri, May 9, 2008 at 2:24 AM, Theo de Raadt <[EMAIL PROTECTED]> wrote: > Perhaps some who watch the commit logs have already figured out that > most of the network developers are currently involved in a week-long > network hackathon in Japan. > > A bit more information about this can be found at > http://openbsd.org/hackathons.html#n2k8 > > We are in a rather old hotel with an onsen in a seaside village, but > even with all the local distractions, the developer's noses are mostly > stuck in the code. There are lots of commits happening to the network > parts of the tree. Many future projects are being worked on too. > > We would really like to thank Mark Uemura for putting us up in this > location and doing so much preparation and setup for the event. > > Really cool. I haven't kept an eye on the cvs logs so haven't noticed this. Very nice that more specific hackathon are being held. Keep up the good work and we look forward to test all kind of new stuff!! Thanks! BR dunceor
Re: How to filter based on application protocol being used
On Fri, May 09, 2008 at 10:40:18AM +0530, Srikant Tangirala wrote: > for all the common protocols? With my little bit > of knowledge what I figure is that we need some > piece of software(s) which understands each protocol > thoroughly, can look at raw packets in real-time > and detect the protocol being used. Even then, ah, i'm just looking at your mail again - you a are kidding, there is no way to do content inspection in "real-time". go and use linux where you can use stupid and dangerous stuff in the kernel. this is not what openbsd is about. reyk
what is different in socket connection handling ?
Hi all, Since 2 months, I'm fighting with couhdb database document server (http://www.couchdb.org) on openbsd but i have "performance" problem while connecting to it : https://issues.apache.org/jira/browse/COUCHDB-40 These problems are specific to openbsd, everything works on other os (bsd, osx or even linux. It seem like when you don't close properly the connexion with socket close() or http header "Connection: close" (you access to couchdb via http) on the client side, the server continue to listen on this socket/adress until it die, which it does not on other os. So When I launch multiple GET serially with curl, it take a long time between each request. Any idee what's going on and wher I have to look for to improve it ? - benont -- - benont
Re: fsck large filesystem, memory limit problem
On Thu, May 08, 2008 at 05:18:26PM -0400, Will wrote: > I did see that, but did not realize that the 1GB limit is not a > user-configurable feature. > > Even so, the FAQ implies that a 2TB filesystem is possible with > default options, which is what I have. It might be the 2TB limit is a little too high, and the actual limit is lower. Can you show us your disklabel entry for /dev/sd0i and the output of df -i? -Otto > > relevant output of df: > > Filesystem 512-blocks Used Avail Capacity Mounted on > /dev/sd0i 3758267452 1935576944 163477713654%/mnt/share > > -William > > On Thu, May 8, 2008 at 5:04 PM, David J. Stillman > <[EMAIL PROTECTED]> wrote: > > Isn't this the 1GB application limit mentioned in FAQ 14.7 - " By the time > > one gets to a 2TB file system with default fragment and block sizes, fsck > > will require 1GB RAM to run, which is the application limit under OpenBSD. > > Larger fragments and/or blocks will reduce the number of inodes, and allow > > for larger file systems."? > > > > Will wrote: > >> > >> Hello all, > >> > >> I just upgraded to 4.3, and I would like to congratulate the devs on > >> another wonderful release! shutdown -p works and the wbng sensor > >> support was a nice surprise. However, the most useful feature to me > >> was the support for ffs2. > >> > >> I upgraded without a hitch, and repartitioned from a 1tb filesystem to > >> a 2tb share mount point. However, when I try to fsck the system just > >> to make sure everything is ok, I receive this error: > >> > >> # fsck -f /dev/sd0i > >> ** /dev/rsd0i > >> ** File system is already clean > >> cannot alloc 485015042 bytes for lncntp > >> > >> I just upgraded to 3gb ram, so that should be a non-issue according to the > >> faq. > >> > >> I have tried `ulimit -d unlimited` (as suggested previously in the > >> archives), but the data limit will not go above 1048576, which I > >> suspect to be the problem. I'm sure that there is another silly limit > >> I am missing somewhere. > >> > >> Thanks for any help! > >> -William > >> > >> Here is a dmesg of my system: > >> > >> OpenBSD 4.3 (GENERIC.MP) #1: Sat May 3 17:08:02 EDT 2008 > >> [EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/GENERIC.MP > >> real mem = 3219636224 (3070MB) > >> avail mem = 3110854656 (2966MB) > >> mainbus0 at root > >> bios0 at mainbus0: SMBIOS rev. 2.51 @ 0xbfeea000 (35 entries) > >> bios0: vendor Phoenix Technologies LTD version "6.00" date 07/12/2006 > >> bios0: Supermicro PDSM4+ > >> acpi0 at bios0: rev 0 > >> acpi0: tables DSDT FACP MCFG APIC BOOT SSDT > >> acpi0: wakeup devices PXHA(S5) PXHB(S5) DEV3(S5) EXP1(S5) EXP5(S5) > >> EXP6(S5) PCIB(S5) KBC0(S1) MSE0(S1) COM1(S5) COM2(S5) USB1(S4) USB2(S4) > >> USB3(S4) USB4(S4) EUSB(S4) > >> acpitimer0 at acpi0: 3579545 Hz, 24 bits > >> acpimadt0 at acpi0 addr 0xfee0: PC-AT compat > >> cpu0 at mainbus0: apid 0 (boot processor) > >> cpu0: Intel(R) Core(TM)2 CPU 6600 @ 2.40GHz, 2394.32 MHz > >> cpu0: > >> > >> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,CX16,xTPR,NXE,LONG > >> cpu0: 4MB 64b/line 16-way L2 cache > >> cpu0: apic clock running at 266MHz > >> cpu1 at mainbus0: apid 1 (application processor) > >> cpu1: Intel(R) Core(TM)2 CPU 6600 @ 2.40GHz, 2394.00 MHz > >> cpu1: > >> > >> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,CX16,xTPR,NXE,LONG > >> cpu1: 4MB 64b/line 16-way L2 cache > >> ioapic0 at mainbus0 apid 2 pa 0xfec0, version 20, 24 pins > >> ioapic1 at mainbus0 apid 3 pa 0xfecc, version 20, 24 pins > >> ioapic2 at mainbus0 apid 4 pa 0xfecc0400, version 20, 24 pins > >> acpiprt0 at acpi0: bus 0 (PCI0) > >> acpiprt1 at acpi0: bus 2 (PXHA) > >> acpiprt2 at acpi0: bus 3 (PXHB) > >> acpiprt3 at acpi0: bus -1 (DEV3) > >> acpiprt4 at acpi0: bus 9 (EXP1) > >> acpiprt5 at acpi0: bus 13 (EXP5) > >> acpiprt6 at acpi0: bus 14 (EXP6) > >> acpiprt7 at acpi0: bus 15 (PCIB) > >> acpicpu0 at acpi0 > >> acpicpu1 at acpi0 > >> acpibtn0 at acpi0: PWRB > >> ipmi at mainbus0 not configured > >> pci0 at mainbus0 bus 0: configuration mode 1 > >> pchb0 at pci0 dev 0 function 0 "Intel E7230 Host" rev 0xc0 > >> ppb0 at pci0 dev 1 function 0 "Intel E7230 PCIE" rev 0xc0: apic 2 int 16 > >> (irq 10) > >> pci1 at ppb0 bus 1 > >> ppb1 at pci1 dev 0 function 0 "Intel PCIE-PCIE" rev 0x09 > >> pci2 at ppb1 bus 2 > >> "Intel IOxAPIC" rev 0x09 at pci1 dev 0 function 1 not configured > >> ppb2 at pci1 dev 0 function 2 "Intel PCIE-PCIE" rev 0x09 > >> pci3 at ppb2 bus 3 > >> ppb3 at pci3 dev 3 function 0 "Intel IOP331 PCIX-PCIX" rev 0x07 > >> pci4 at ppb3 bus 4 > >> ami0 at pci4 dev 14 function 0 "Symbios Logic MegaRAID SATA 4x/8x" rev > >> 0x07: apic 4 int 4 (irq 10) > >> ami0: LSI 3008, 32b, FW 815C, BIOS vH432, 128MB RAM > >> ami0: 1 channels, 0 FC loops, 1 logical drives > >> scsib