Re: DadOS - sys shutdown with XDM
The first thing I did was add a flag file to my dad's home directory and made sure he cant modify or delete it. # touch /home/dad/.xshutdown # chown root:wheel /home/dad/.xshutdown # chmod 400 /home/dad/.xshutdown login: dad password: dadsbox $ ls -l .xshutdown -r1 root wheel 0 Jan 3 11:11 .xshutdown dadsbox $ mv .xshutdown /tmp dadsbox $ echo :-) :-) Assuming, of course, that /tmp and /home are one partition. --patrick
Re: low-MHz server
Have you considered a PowerPC-based machine? They run at lower frequencies, using less power. Might be something to consider. Something like an old beige PowerMac 6200 or something from that era. In Vancouver, we have a Mac consignment shop that always has old machines like this. Maybe you have something like that out your way. We actually used such a machine as recent as 2000 to run a pretty functional web and terminal server. If your wife is comfortable using Pine or Elm for email, you could easily use a machine like this. (I believe OpenBSD's PowerPC/RISC support is quite good.) http://en.wikipedia.org/wiki/Power_Macintosh_6200 On Jan 30, 2008 8:08 PM, Douglas A. Tutty [EMAIL PROTECTED] wrote: On Thu, Jan 31, 2008 at 05:14:32AM +0200, Jussi Peltola wrote: I haven't had any difficulty finding PII / PPro based HP Netservers that are too heavy to carry up the stairs. Any i386 server from that time should be pretty reliable if it still works... Running OpenBSD is a whole another thing. I've found most of the early PII servers very quirky, the netservers being a bit less so than some of the worst. I'd recommend just carrying a bunch of them home and throwing out the useless ones. P-II runs too fast. I'm looking at P or P-Pro (or 486). I haven't found any. Know of a source of such servers? Thanks, Doug.
Re: pre-orders
OK, I know this is very annoying and lame, but for whatever reason I'm just very excited about my pre- order, which I just placed! =) - 2 Stop Blob! (L) - 2 OpenBSD 3.9 CD - 1 Wireframe Daemon Shirt (L, Navy Blue) - USD small DONATION to the OpenBSD Project I actually like this art work very much! Though I don't yet have a clue as to what it may be about =P Keep up the great work everyone! --patrick Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
majordomo archive-index command? (possibly OT)
I'm not sure which list would be the proper place for this question. I get the pre-dawn digest of the misc list. Sometimes I want to reply to a particular post, but since it is in a digest form, I can't pick a specific post to reply to. So, I figured that majordomo could possibly have a feature by which I could get a particular posted message sent to me individually. Looking through the Mailing Lists link and clicking around I go to the page where some of the majordomo commands are explained[1]. Specifically, I found that the archive-index command would return me a list of posts with their message numbers, which I could then use with archive-get command to retrieve the specific message as a separate email. Well, the problem is a) I don't understand these commands as explained on the help page[1] and/or b) these commands are not enabled for non-administrative users (as the respond to my archive-index command states). Help? :-) --patrick [1] http://lists.openbsd.org/cgi-bin/mj_wwwusr?user=passw=list=GLOBALfunc=helpextra=archive Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
4 port pf setup - comments?
Hi all, Just wanted some comments on this pf.conf design. Mostly, I am hoping a second pair of eyes to spot any major over-sight on my part. I've not tested this set-up, yet! Just some scratch-pad design/brain-storming. Thanks :-) --patrick # Pseudo PF design: # # I'm preparing to replace a current firewall with a PF firewall. # I've been reading through PF User's Guide again to refresh # my memory of what can and cannot be done with PF. The PF # firewall will have 4 interfaces in bridge mode. One connects # to the DSL router. One to the DMZ. One to the LAN and the # last to the Wireless router (not yet in place -- planned for # near future). The last interface will probably need an # IP since I plan to use IPsec over the wireless (I don't yet # know much about this process and skipping it in this discussion). # Potentailly using PF firewall as the access-point (have to # research this further as well). # # I just wanted to present what I'm thinking of doing in semi- # pseudo PF code, and get your feedback on whether I'm thinking # through this straight or do I need to adjust my thinking. # # Static IP Subnet: # x.x.x.0/28 # Divided into 4 sections # a) DSL router # b) Wifi router (planned for near future with IPsec) # c) LAN section (workstations, laptops) # d) DMZ section: servers (www, dns, mail) # # DSL Router: # has a WAN side IP # has a LAN side IP (x.x.x.1) # # PF server: # has 4 interfaces: a, b, c and d # 1 static IP on interface b: x.x.x.6 (for IPsec and possibly hostap) # # __DMZ__: # 4 static IPs x.x.x.2-.5 # # __WIFI__: # 4 static IPs x.x.x.7-.10 # # __LAN__: # 4 static IPs x.x.x.11-.14 # # # /Internet/ # | # [DSL Router] # .1 | # | # __WIFI__ (a) ___DMZ___ # .7 +++ .2 dns1 / mail1 # .8 -(b)| PF|(d)- .3 dns2 / mail2 # .9 .6 +++ .4 www1 # .10 (c) .5 www2 # | # | #__LAN__ #.11 .12 .13 .14 dsl_if = de0 dmz_if = ... lan_if = ... wifi_if = ath0 # maybe... # but maybe xl0 connecting to a port on a wifi router # Local network locnet = x.x.x.0/28 # DSL Router dsl_router = x.x.x.1 # VPN interface for IPsec path for Wifi users (or even as the access-point # interface) vpn = x.x.x.6 # DMZ servers dns1 = x.x.x.2 mail1 = x.x.x.2 dns2 = x.x.x.3 mail2 = x.x.x.3 www1 = x.x.x.4 www2 = x.x.x.5 dmz_grp = { $dns1 $dns2 $www1 $www2 } # Wifi users mobile1 = x.x.x.7 mobile2 = x.x.x.8 mobile3 = x.x.x.9 mobile4 = x.x.x.10 wifi_grp = { $mobile1 $mobile2 $mobile3 $mobile4 } # LAN clients desk1 = x.x.x.11 desk2 = x.x.x.12 desk3 = x.x.x.13 desk4 = x.x.x.14 lan_grp = { $desk1 $desk2 $desk3 $desk4 } wifi2net_ports = { 80 443 5190 } wifi2dmz_ports = { 53 80 } ping = echoreq # Shorthand dns = { $dns1 $dns2 } port 53 mail = { $mail1 $mail2 } port 25 flags S/SA www = { $www1 $www2 } port {80 443} flags S/SA keep_sane = keep state (max-src-conn 50, max-src-conn-rate 15/5, \ overload abusers flush global) table abusers persist table spamd persist table spamd-white persist set skip on { lo } set block-policy return scrub in rdr pass on $lan_if proto tcp to port ftp - 127.0.0.1 port 8021 rdr pass on $dsl_if proto tcp from spamd to port smtp \ - 127.0.0.1 port spamd rdr pass on $dsl_if proto tcp from !spamd-white to port smtp \ - 127.0.0.1 port spamd block in quick from abusers block all antispoof quick for { lo } #-- # Interface a / $dsl_if # - LAN workstations are trusted more than those on WIFI pass out on $dsl_if proto {tcp udp} from $lan_grp to any keep state pass out on $dsl_if proto tcp from $wifi_grp to \ any port $wifi2net_ports keep state # # Any traffic coming in on $dsl_if should be destined for DMZ only! pass in on $dsl_if proto tcp from any to $mail $keep_sane pass in on $dsl_if proto tcp from any to $www $keep_sane pass in on $dsl_if proto udp from any to $dns $keep_sane # Allow pings to DMZ pass in on $dsl_if proto icmp from any to $dmz_grp icmp-type $ping $keep_sane #--- # Interface b / $wifi_if # - Nothing should be connecting to wifi clients # (default block all) # - WIFI group only gets to use DMZ DNS and Web servers (no mail!) pass in on $wifi_if proto tcp from $wifi_grp to $www keep state pass in on $wifi_if proto udp from $wifi_grp to $dns keep state # This should cover any out-bound traffic (to the net) pass in on $wifi_if from $wifi_grp to !$locnet #--- # Interface c / $lan_if # - Nothing should be connecting to lan workstations # (default block all) # LAN workstations should be able to connect to all DMZ servers pass in on $lan_if from $lan_grp to $dmz_grp keep state # Covers out-bound
fs block-number (soft) error - uncorrectable/corrected?
Hi, This is the second time I've been seeing this type of an error: Mar 27 01:30:47 box /bsd: wd0f: reading fsbn 3967732 of 3967732-3967735 (wd0 bn 9723412; cn 9646 tn 3 sn 55), retrying Mar 27 01:30:48 box /bsd: wd0: soft error (corrected) -- Apr 17 01:30:34 box /bsd: wd0f: uncorrectable data error reading fsbn 3655388 of 3655388-3655391 (wd0 bn 9411068; cn 9336 tn 6 sn 2), retrying Apr 17 01:30:36 box /bsd: wd0: soft error (corrected) wd0f is my /usr partition. How serious is this? Should I start looking into a hard-disk replacement? Obviously I'm making a back-up of data files I would like to keep. This is on OpenBSD 3.7 GENERIC (I'm about to upgrade it to 3.9). I noticed (google/MARC searched) that there is no definitive answer given for this topic. Some suggestions that it might be a drive going bad [1]. Wondering if I should simply wait to replace the drive before upgrading. Thanks in advance, --patrick [1] http://marc.theaimsgroup.com/?l=openbsd-miscm=108121869925371w=2 OpenBSD 3.7-stable (GENERIC) #0: Mon Aug 1 19:32:49 PDT 2005 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: AMD Sempron(tm) Processor 2600+ (AuthenticAMD 686-class) 1.61 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2 real mem = 536387584 (523816K) avail mem = 482521088 (471212K) using 4278 buffers containing 26923008 bytes (26292K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(6b) BIOS, date 04/08/05, BIOS32 rev. 0 @ 0xfa120 apm0 at bios0: Power Management spec V1.2 apm0: AC on, battery charge unknown pcibios0 at bios0: rev 2.1 @ 0xf/0xc4b4 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfc380/288 (16 entries) pcibios0: bad IRQ table checksum pcibios0: PCI BIOS has 17 Interrupt Routing table entries pcibios0: PCI Exclusive IRQs: 3 5 10 11 12 pcibios0: no compatible PCI ICU found pcibios0: Warning, unable to fix up PCI interrupt routing pcibios0: PCI bus #2 is the last bus bios0: ROM list: 0xc/0x8000 0xc8000/0x800 cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 Nvidia nForce3 250 PCI Host rev 0xa1 pcib0 at pci0 dev 1 function 0 Nvidia nForce3 250 ISA rev 0xa2 Nvidia nForce3 250 SMBus rev 0xa1 at pci0 dev 1 function 1 not configured ohci0 at pci0 dev 2 function 0 Nvidia nForce3 250 USB rev 0xa1: irq 12, version 1.0, legacy support usb0 at ohci0: USB revision 1.0 uhub0 at usb0 uhub0: Nvidia OHCI root hub, class 9/0, rev 1.00/1.00, addr 1 uhub0: 4 ports with 4 removable, self powered ohci1 at pci0 dev 2 function 1 Nvidia nForce3 250 USB rev 0xa1: irq 10, version 1.0, legacy support usb1 at ohci1: USB revision 1.0 uhub1 at usb1 uhub1: Nvidia OHCI root hub, class 9/0, rev 1.00/1.00, addr 1 uhub1: 4 ports with 4 removable, self powered ehci0 at pci0 dev 2 function 2 Nvidia nForce3 250 USB2 rev 0xa2: irq 11 ehci0: EHCI version 1.0 ehci0: companion controllers, 4 ports each: ohci0 ohci1 usb2 at ehci0: USB revision 2.0 uhub2 at usb2 uhub2: Nvidia EHCI root hub, class 9/0, rev 2.00/1.00, addr 1 uhub2: single transaction translator uhub2: 8 ports with 8 removable, self powered Nvidia nForce3 LAN rev 0xa2 at pci0 dev 5 function 0 not configured auich0 at pci0 dev 6 function 0 Nvidia nForce3 250 AC-97 Audio rev 0xa1: irq 3, nForce3 AC97 ac97: codec id 0x414c4780 (Avance Logic ALC658) ac97: codec features 20 bit DAC, 18 bit ADC, No 3D Stereo audio0 at auich0 pciide0 at pci0 dev 8 function 0 Nvidia nForce3 250 IDE rev 0xa2: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility wd0 at pciide0 channel 0 drive 0: Maxtor 6Y080P0 wd0: 16-sector PIO, LBA, 78167MB, 160086528 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 6 atapiscsi0 at pciide0 channel 1 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: _NEC, DVD_RW ND-3540A, 1.01 SCSI0 5/cdrom removable cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2 pciide1 at pci0 dev 10 function 0 Nvidia nForce3 250 SATA rev 0xa2: DMA (unsupported), channel 0 wired to native-PCI, channel 1 wired to native-PCI pciide1: using irq 11 for native-PCI interrupt pciide1: channel 0 ignored (not responding; disabled or no drives?) pciide1: channel 1 ignored (not responding; disabled or no drives?) ppb0 at pci0 dev 11 function 0 Nvidia nForce3 250 AGP rev 0xa2 pci1 at ppb0 bus 1 vga1 at pci1 dev 0 function 0 ATI Rage 128 Pro TF rev 0x00 wsdisplay0 at vga1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) ppb1 at pci0 dev 14 function 0 Nvidia nForce3 250 PCI-PCI rev 0xa2 pci2 at ppb1 bus 2 xl0 at pci2 dev 7 function 0 3Com 3c905C 100Base-TX rev 0x74: irq 10, address 00:01:02:c2:a1:b9 bmtphy0 at xl0 phy 24: Broadcom 3C905C internal PHY, rev. 6 pchb1 at pci0 dev 24 function 0 AMD AMD64 HyperTransport rev 0x00 pchb2 at pci0 dev 24 function 1 AMD AMD64 Address Map rev 0x00 pchb3 at pci0 dev 24 function 2 AMD AMD64 DRAM Cfg rev 0x00 pchb4 at pci0 dev 24 function
pf/bridge/routing: packet sent out on wrong interface
Hi, In a previous message (about a week ago?) I mentioned plans to replace a current firewall with a pf-based one. I gave a little outline of things I'd jot down on paper. Well, this weekend, I spent some time putting the actual pf.conf together, and debugging some mistakes (oversights). Anyway, I got it to a point where I felt confident to do a test run in production. I swapped out the production firewall box with the pf-based one. I've been monitoring the traffic to see any anomalies, or things that I may have missed. Kinda QA-ing if you will. One thing I did notice is that my ibook is spewing lots of crap, but this message isn't about that :) While monitoring pflog0 I noticed a blocked packet from one of my web-servers to 68.142.250.133. I didn't understand why that was. So I ran: # tcpdump -n -e -ttt -r /var/log/pflog host 68.142.250.133 tcpdump: WARNING: snaplen raised from 96 to 116 Apr 23 19:59:26.010917 rule 2/(match) block out on de2: 68.142.250.133.45648 a.b.c.d.80: S 3164412190:3164412190(0) win 5840 mss 1460,sackOK,timestamp 103193913[|tcp] (DF) Apr 23 20:00:59.803910 rule 2/(match) block in on de1: a.b.c.d.80 68.142.250.133.45648: S 873225897:873225897(0) ack 3164412191 win 5792 mss 1460,sackOK,timestamp 431195378[|tcp] (DF) Here is my set-up from my earlier post: # /Internet/ # | # [DSL Router] # .1 | # | # __WIFI__ (de0)___DMZ___ # +++ .2 www1 # --X--(b)| PF|(de1)--- .3 www2 # (down) +++ .4 dns1 # (de2).5 mail1 # | # | #__LAN__ #.11 .12 .13 .14 What I'm confused about is why did the original packet from 68.142.250.133 try to out on de2 interface and not on de1 as it should have? pf-based box is running a 'cvs up -rOPENBSD_3_9 -dP' build. All my pf filtering are using pass with tag on entry interface, then using pass tagged on out-going interfaces. Blocking by default. I'm not using any rdr, no nat, etc. e.g., pass in on de0 from any to $web_server port www \ flags S/SA keep state tag NET2DMZ pass out quick on de1 all keep state tagged NET2DMZ Nothing is accepted on de0 destined for anything other than dmz_grp. Is there more info I can provide? What else should I look for? I obviously have ip forwarding enabled. All four interfaces are bridged together, though currently the wifi interface is disabled. Is this something I need to use route-to to force traffic to proper internal interface containing destination host address? Any thoughts on the matter are appreciated! --patrick Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Re: pf/bridge/routing: packet sent out on wrong interface
Since I didn't get any reply, I decided to do more digging on my own. Although, I didn't even get my pre-dawn misc digest either, so maybe something is wrong with the mailing list(s). Some more google-ing using different combination of phrases I go to two threads on obsd-misc and -sparc from a Jim Fron j-fron {at} q {at} public {at} comcast {dot} net (email address no longer valid according to comcast). The issue he was asking help for (and received more responses than I did) seems pretty similar to that of mine. In his own words: Issue: bridging causes pf to mis-apply frames to the wrong interface. This is back in February '05: http://article.gmane.org/gmane.os.openbsd.sparc/1751 http://thread.gmane.org/gmane.os.openbsd.sparc/1745/focus=1745 It was a relief to find out I'm not the only one with this issue. He mentions having use a patch that helped his issue. I assume he means this patch (but not certain): http://monkey.org/openbsd/archive/misc/0411/msg01560.html I attempted to email him, but comcast claims to have broken off with with Jim. Poor Jim ='( I don't mind digging in source code at all. I would, however, appreciate some pointers as to where to start looking. Also, my idea of using route-to didn't work quite as expected. It worked for a while, but when I checked in the morning, I found that none of the packets would get to the right interface. I put log statements on all pass rules for packets entering $dsl_if and destined for $dmz_if. Then I monitored pflog0 using tcpdump -ne -ttt -i pflog0. I would see a DNS lookup come in on $dsl_if and be sent out on $dmz_if. Great right? BUT, although, tcpdump on $dsl_if would show the packet enter, it would show NO activity on $dmz_if!! I believe there is something seriously wrong with the way the combination of pf, bridging and routing interact with one another. Anyone interested in helping here? I'm obviously volunteering to be the guinea pig here. Again system is a freshly installed -rOPENBSD_3_9. My latest attempt for a solution is to set up static entries for my servers on $dmz_if using brconfig. Though I think this is very hokey as far as solutions go. I'm monitoring to see if I see any instances of the issue or any other side-effects thereof. --patrick Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Re: X.Org server security vulnerability
Just a thought, but in accordance with FAQ section 5.5 Building X (http://www.openbsd.org/faq/faq5.html#Xbld) Shouldn't the patch instruct user to cd in /usr/Xbld to perform the make build? Best regards, --patrick Patch for 002_xorg.patch :-) --8CUT-8-- --- 002_xorg.patch-orig Wed May 3 00:01:32 2006 +++ 002_xorg.patch Wed May 3 00:40:26 2006 @@ -1,8 +1,11 @@ Apply by doing: - cd /usr/src/XF4 + cd /usr/XF4 patch -p0 002_xorg.patch And then rebuild and install X: + test -d /usr/Xbld || \ + (mkdir -p /usr/Xbld cd /usr/Xbld lndir ../XF4) + cd /usr/Xbld make build Index: xc/programs/Xserver/render/mitri.c --8CUT-8-- --- Peter Valchev [EMAIL PROTECTED] wrote: A security vulnerability has been found in the X.Org server -- CVE-2006-1526. Clients authorized to connect to the X server are able to crash it and to execute malicious code within the X server. Patches for the respective releases: ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.9/common/002_xorg.patch ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/common/007_xorg.patch ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.7/common/013_xorg.patch Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Re: PS/2 keyboard failing on generic MP-kernel (Dell SC1425)
Looks like bug in BIOS. Some motherboards affected but some not. I saw this on Dual P3 Supermicro motherboards on versions earlier than 3.9. I see some people on misc@ experiencing similar trouble http://marc.theaimsgroup.com/?l=openbsd-miscm=114656073922504w=2 http://marc.theaimsgroup.com/?l=openbsd-miscm=110540231317022w=2 IMO, it is cheaper to buy USB-keyboard than working around bugs in some vendors' BIOS code. Or maybe if some other people with such problem will speak up, we can go further and fix it... FWIIW, The first link to marc is my post about a dual PIII Xeon. I don't think the problem is from a BIOS problem since the keyboard worked fine with the /bsd image. It only stopped responding after I booted using the /bsd.mp image. As I mentioned in my post, there may be a problem with the motherboard since I noticed some problems/flakiness with the CDRom drive as well during installation procedure. I do recall that after another reboot the keyboard did start to work once again. Since then I have removed the installed video and sound cards from this server. Hence, no keyboard is attached at the moment either. Since I suspect something might be wrong with mobo, I didn't go further with testing/trouble-shooting it. --patrick Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Monitor not suspending? (Xorg, DPMS, OBSD 3.9)
Greetings, This may just be a problem with my video card, but I thought I'd ask since I couldn't find a definitive answer from googling. I noticed that none of the DPMS settings (Standby, Suspend nor Off) would take effect at their designated time periods. In short, X wouldn't shut-off my monitor. Now I used to have a Linux system connected to this monitor, and I am 100% positive with DPMS enabled, my monitor would shut-off at the proper/expected time. The interesting bit is that even though the monitor isn't shutting down, X seems to pause (for a lack of better term). I can explain it this way: For example, if I lock the terminal using: $ xlock -mode marquee Marquee uses fortune to put up text on the screen (if you didn't know this). After some time passing, with no interaction with the system via keyboard or mouse, the marquee would get stuck, or pause mid-sentence: e.g., The opposite of a profound truth may well be ano However, if you were to move the mouse the fortune would continue from where it had paused (and this could be many hours after its original pause time): ...ther profound truth. -- Bohr I'd like to clarify that this is not an xlock issue, since the screen doesn't blank even if I don't run xlock. Since I produce this on two different DPMS aware monitors, I can only consider either of the following: OpenBSD's Xorg release or the video card. Anyone else experience similar issues? If not, does anyone know whether an ATI Rage 128 Pro video card is DPMS capable? I couldn't find my answer using google. Since there are so many posts of X{,org}.0.log out on the net, searching using the DPMS as a keyword isn't very effective. TIA --patrick ps., I also cron'ed a script that would print `date' and `xset -q | grep -A 1 -i dpms' into a file every 5 minutes. The output indicates that X is in fact thinking (or being lead to believe) the monitor is in fact transitioning though each of the states, while in reality, the monitor is still on :-) $ cat dpms_test.out Fri Sep 29 23:05:01 PDT 2006 DPMS (Energy Star): Standby: 1200Suspend: 1800Off: 2400 DPMS is Enabled Monitor is On Fri Sep 29 23:10:01 PDT 2006 DPMS (Energy Star): Standby: 1200Suspend: 1800Off: 2400 DPMS is Enabled Monitor is On Fri Sep 29 23:15:01 PDT 2006 DPMS (Energy Star): Standby: 1200Suspend: 1800Off: 2400 DPMS is Enabled Monitor is On Fri Sep 29 23:20:01 PDT 2006 DPMS (Energy Star): Standby: 1200Suspend: 1800Off: 2400 DPMS is Enabled Monitor is On Fri Sep 29 23:25:01 PDT 2006 DPMS (Energy Star): Standby: 1200Suspend: 1800Off: 2400 DPMS is Enabled Monitor is On Fri Sep 29 23:30:01 PDT 2006 DPMS (Energy Star): Standby: 1200Suspend: 1800Off: 2400 DPMS is Enabled Monitor is On Fri Sep 29 23:35:01 PDT 2006 DPMS (Energy Star): Standby: 1200Suspend: 1800Off: 2400 DPMS is Enabled Monitor is On Fri Sep 29 23:40:01 PDT 2006 DPMS (Energy Star): Standby: 1200Suspend: 1800Off: 2400 DPMS is Enabled Monitor is in Standby Fri Sep 29 23:45:01 PDT 2006 DPMS (Energy Star): Standby: 1200Suspend: 1800Off: 2400 DPMS is Enabled Monitor is in Standby Fri Sep 29 23:50:01 PDT 2006 DPMS (Energy Star): Standby: 1200Suspend: 1800Off: 2400 DPMS is Enabled Monitor is in Standby Fri Sep 29 23:55:01 PDT 2006 DPMS (Energy Star): Standby: 1200Suspend: 1800Off: 2400 DPMS is Enabled Monitor is in Standby Sat Sep 30 00:00:01 PDT 2006 DPMS (Energy Star): Standby: 1200Suspend: 1800Off: 2400 DPMS is Enabled Monitor is in Standby Sat Sep 30 00:05:01 PDT 2006 DPMS (Energy Star): Standby: 1200Suspend: 1800Off: 2400 DPMS is Enabled Monitor is in Standby Sat Sep 30 00:10:01 PDT 2006 DPMS (Energy Star): Standby: 1200Suspend
Re: Monitor not suspending? (Xorg, DPMS, OBSD 3.9) [solved]
Just thought I'd reply to the list, as this may serve someone else in the future. The problem was user configuration error (or it seems). After some more googling and reading more man pages, I wondered about the following suggestion in xorg.conf(5): Options Some Option flags that may be useful to include in Monitor sections (when needed) include DPMS, and SyncOnGreen. So I thought I would give it a go since I had nothing to lose. Well, putting 'Option DPMS' in the Monitor section of my xorg.conf file and restarting X seems to have done the trick. I don't understand why though, since 'xset q' was reporting that DPMS was enabled prior to this change. Cheers --- patrick ~ [EMAIL PROTECTED] wrote: Greetings, This may just be a problem with my video card, but I thought I'd ask since I couldn't find a definitive answer from googling. I noticed that none of the DPMS settings (Standby, Suspend nor Off) would take effect at their designated time periods. In short, X wouldn't shut-off my monitor. Now I used to have a Linux system connected to this monitor, and I am 100% positive with DPMS enabled, my monitor would shut-off at the proper/expected time. The interesting bit is that even though the monitor isn't shutting down, X seems to pause (for a lack of better term). I can explain it this way: For example, if I lock the terminal using: $ xlock -mode marquee Marquee uses fortune to put up text on the screen (if you didn't know this). After some time passing, with no interaction with the system via keyboard or mouse, the marquee would get stuck, or pause mid-sentence: e.g., The opposite of a profound truth may well be ano However, if you were to move the mouse the fortune would continue from where it had paused (and this could be many hours after its original pause time): ...ther profound truth. -- Bohr I'd like to clarify that this is not an xlock issue, since the screen doesn't blank even if I don't run xlock. Since I produce this on two different DPMS aware monitors, I can only consider either of the following: OpenBSD's Xorg release or the video card. Anyone else experience similar issues? If not, does anyone know whether an ATI Rage 128 Pro video card is DPMS capable? I couldn't find my answer using google. Since there are so many posts of X{,org}.0.log out on the net, searching using the DPMS as a keyword isn't very effective. TIA --patrick ps., I also cron'ed a script that would print `date' and `xset -q | grep -A 1 -i dpms' into a file every 5 minutes. The output indicates that X is in fact thinking (or being lead to believe) the monitor is in fact transitioning though each of the states, while in reality, the monitor is still on :-) [snip...] Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Hard drive going bad? or something else? (obsd4.0)
I just finished installing OpenBSD 4.0 on a machine of mine. After installation first thing I did was to get some ports installed. First post was PostgreSQL. Running 'make build' failed with an error pointing in configure script. I looked at it to see if it was the patch process that messed up or not. I couldn't be too sure. I did a 'make clean' and started the build over again. This time configure went on and the build process began, but soon after failed again with: cc -O2 -pipe -Wall -Wmissing-prototypes -Wpointer-arith -Winline -Wendif-labels -fno-strict-aliasing -fpic -DPIC -I../../../../../../src/include -I/usr/include/kerberosV -c -o utf8_and_gb18030.o utf8_and_gb18030.c In file included from utf8_and_gb18030.c:17: ../../Unicode/gb18030_to_utf8.map:29313: error: syntax error before '{' token gmake[3]: *** [utf8_and_gb18030.o] Error 1 gmake[3]: Leaving directory `/usr/ports/databases/postgresql/w-postgresql-8.1.4/postgresql-8.1.4/src/backend/utils/mb/conversion_procs/utf8_and_gb18030' gmake[2]: *** [all] Error 2 I thought that was strange. This wasn't one of the patched files. I wondered if something might be wrong with the dist-file. I untared it in my home dir and ran a recursive 'diff -qr' on both dirs and found a handful of files different. I did a manual diff on these files and strange difference appear (see pasted output at end of message). So, I untared the dist-file again in my home dir, in a different dir and ran the diff -rq on the two virgin directories in my home. Again a few files came up different. I checksums on the dist-file are matching fine, so it isn't the source of the problem. I've not see this type of problem before, so I turn to you guys. Is this a sign that maybe a drive is going bad? Or sign of bad memory? What's going on here!? I know it is almost Halloween and all, but this is kinda _spooky_ to say the least. Idea? Please? :-) gmake[3]: Leaving directory `/usr/ports/databases/postgresql/w-postgresql-8.1.4/postgresql-8.1.4/src/backend/utils/mb/conversion_procs/utf8_and_euc_tw' gmake[3]: Entering directory `/usr/ports/databases/postgresql/w-postgresql-8.1.4/postgresql-8.1.4/src/backend/utils/mb/conversion_procs/utf8_and_gb18030' cc -O2 -pipe -Wall -Wmissing-prototypes -Wpointer-arith -Winline -Wendif-labels -fno-strict-aliasing -fpic -DPIC -I../../../../../../src/include -I/usr/include/kerberosV -c -o utf8_and_gb18030.o utf8_and_gb18030.c In file included from utf8_and_gb18030.c:17: ../../Unicode/gb18030_to_utf8.map:29313: error: syntax error before '{' token gmake[3]: *** [utf8_and_gb18030.o] Error 1 gmake[3]: Leaving directory `/usr/ports/databases/postgresql/w-postgresql-8.1.4/postgresql-8.1.4/src/backend/utils/mb/conversion_procs/utf8_and_gb18030' gmake[2]: *** [all] Error 2 --- src/backend/utils/mb/Unicode/gb18030_to_utf8.mapSat Aug 23 22:18:04 2003 +++ /home/sidster/src/postgresql-8.1.4/src/backend/utils/mb/Unicode//gb18030_to_utf8.map Sat Aug 23 22:18:04 2003 @@ -29309,9 +29309,8 @@ static pg_local_to_utf LUmapGB18030[ 633 {0x8134a137, 0xe19895}, {0x8134a138, 0xe19896}, {0x8134a139, 0xe19897}, - {0x8134a230, 0xe19898 - {0x8134a136, 0xe19894}, - + {0x8134a230, 0xe19898}, + {0x8134a231, 0xe19899}, {0x8134a232, 0xe1989a}, {0x8134a233, 0xe1989b}, {0x8134a234, 0xe1989c}, $ ls -l src/backend/utils/mb/Unicode/gb18030_to_utf8.map -rw-r--r-- 1 root wheel 1547811 Aug 23 2003 src/backend/utils/mb/Unicode/gb18030_to_utf8.map $ ls -l /home/sidster/src/postgresql-8.1.4/src/backend/utils/mb/Unicode//gb18030_to_utf8.map -rw-r--r-- 1 sidster sidster 1547811 Aug 23 2003 /home/sidster/src/postgresql-8.1.4/src/backend/utils/mb/Unicode//gb18030_to_utf8.map $ md5 src/backend/utils/mb/Unicode/gb18030_to_utf8.map /home/sidster/src/postgresql-8.1.4/src/backend/utils/mb/Unicode//gb18030_to_utf8.map MD5 (src/backend/utils/mb/Unicode/gb18030_to_utf8.map) = c38472696883c20280cabe6aa122d1ac MD5 (/home/sidster/src/postgresql-8.1.4/src/backend/utils/mb/Unicode/) = d41d8cd98f00b204e9800998ecf8427e $ diff -qr . /home/sidster/src/postgresql-8.1.4/ | grep -v ^Only diff -qr ./config/config.sub /home/sidster/src/postgresql-8.1.4/config/config.sub Files ./config/config.sub and /home/sidster/src/postgresql-8.1.4/config/config.sub differ diff -qr ./configure /home/sidster/src/postgresql-8.1.4/configure Files ./configure and /home/sidster/src/postgresql-8.1.4/configure differ diff -qr ./src/Makefile.shlib /home/sidster/src/postgresql-8.1.4/src/Makefile.shlib Files ./src/Makefile.shlib and /home/sidster/src/postgresql-8.1.4/src/Makefile.shlib differ diff -qr ./src/backend/po/ru.po /home/sidster/src/postgresql-8.1.4/src/backend/po/ru.po Files ./src/backend/po/ru.po and /home/sidster/src/postgresql-8.1.4/src/backend/po/ru.po differ diff -qr ./src/backend/utils/mb/Unicode/gb18030_to_utf8.map /home/sidster/src/postgresql-8.1.4/src/backend/utils/mb/Unicode/gb18030_to_utf8.map Files ./src/backend/utils/mb/Unicode/gb18030_to_utf8.map and
Re: Hard drive going bad? or something else? (obsd4.0)
Thanks for the insightful info. Yes, as another user had suggested privately, I was running memtest86 since pretty much my post last night (early morning). Thus far 16 passes, running almost 17 hours and no errors. Although, I know, and as you pointed out, no errors doesn't really rule out bad memory module(s). I'm going to try swapping out modules, maybe I'll get lucky. --- Marcus Watts [EMAIL PROTECTED] wrote: I've not see this type of problem before, so I turn to you guys. Is this a sign that maybe a drive is going bad? Or sign of bad memory? What's going on here!? I know it is almost Halloween and all, but this is kinda _spooky_ to say the least. Idea? Please? :-) Hard drives contain lots of moving parts, a known reliability risk. Therefore most if not all modern hard disks and associated logic contain more or less elaborate internal self-checking logic to detect failing media, failing spindle motor, failing head positioning mechanism, over and under voltage, bus driver failure, etc. Most of these will result in kernel messages and/or other obvious signs of system distress. Your dmesg (assuming it was done after the failed build) doesn't show any evidence of such problem, so there's no reason to suspect a hard disk going bad. More likely possibilities are bad memory, a bad motherboard, incompatible memory, bad disk controller, mis-configured bus speeds, environmental problem, or possibly but less likely, a bad cpu. Memory is simple: if you buy a consumer grade home machine, you get memory that has no self-check logic. A chip going bad could well produce the problems you show below. A server class machine will nearly always contain ECC memory. A few companies (Dell, Sun) also make commercial grade desktop machines, which usually also contain ECC. Note that most home computer stores and even many professionals don't understand or value ECC memory, and will steer you away from such technology. If it's memory, even without self-check logic that may still be easy to see if it's broken. memcheck86+ has a good reputation. This is a stand-alone program, which you can leave running overnight. If it fails memcheck86+, then the problem is obvious. If it passes, the memory is still not in the clear; for instance, it's in theory possible for the memory to fail when accessed by DMA but not by the processor. If you can get the memory to fail more or less predictably, and you have multiple memory modules, you may be able to play remove swap games to identify which module is bad. Check your hardward doc first - on some systems, modules may need to be paired in some particular fashion. It is certainly worth checking your machine for obvious physical problems. For instance, check air paths to ensure they aren't blocked. Be suspicious of burning smells, obvious heat, excessive fan noise, or lack of distinct air flow. Check the inside of the machine. Is there excessive dust build-up? Are the fan blades clean? Do the fans spin very smoothly and fairly freely? Are the cables in the way? Are there any loose cables? Loose boards? Bad solder joints or cracks? (On most modern motherboards, it's not worth spending much time checking this if it's not easy to get to; removing the motherboard may itself cause damage, and even a large crack sufficient to produce complete failure may be nearly impossible to spot). Other signs of physical distress? Ideally you want your machine to be in a climate-controlled environment comfortable to people. Dust, very dry air, excessive moisture, temperature cycles, etc. are all bad. Electrically conductive dust can become particularly exciting. An older or fancier machine may have a separate disk controller, in which case if you have a spare it may be worth swapping. Your machine is probably not one of these. On many newer machines, the BIOS can contain settings which alter the speed or timing of various bus components. Getting this wrong can produce subtle weirdness, or obvious and drammatic signs of failure. It may take a while for subtle weirdness to manifest itself in any obvious fashion. If you have ECC memory, make sure the bios knows that. Sorting all this out can take time. If the machine is an older one, it may be cheaper to replace it than figure out what failed. Also, in case you missed it, building large software packages is an excellent way to burn a new machines in or establish that an existing machine is reliable. :-) -Marcus Get your email and see which of your friends are online - Right on the New Yahoo.com (http://www.yahoo.com/preview)
failedlogin
Greetings, This is on a 4.0 test system. I'm preping it to move over a 3.9 system. It was cvs updated to -rOPENBSD_4_0 and new kernel then system built. Noticed that /var/log/failedlogin grew from 0 bytes to 304304 bytes. I couldn't find much about the file. Some googling brings some AIX related pages. One reference to 3.7 COLUG[0] post. A search in misc@ list on MARC doesn't really show much either. A few references between 2001-2004. I don't see any tool that will display the contents of it either. Here is a hex dump of it: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 * 74 74 79 43 30 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 * 00 00 00 00 00 00 00 00 20 58 5d 45 00 00 00 00 -rw--- 1 root wheel 304304 Nov 16 22:35 failedlogin Mainly empty with only a reference to: ttyC0 X]E Could someone give me some pointers please? TIA. [0] http://www.colug.net/pipermail/colug432/2005-September/001405.html The all-new Yahoo! Mail beta Fire up a more powerful email and get things done faster. http://new.mail.yahoo.com
Xft font rendering extremely slow
I recently configured urxvt to use an Xft font, specifically LucidaTypewriter. I noticed after doing so that font rendering is extremely slow -- Page-Down'ing a manpage takes 25% of the CPU, whereas using the Fixed font uses 0% of the CPU. Also, when conky is configured to use an Xft font, it uses about 4% of the CPU (0% when using the Fixed font). Navigating a web-page that uses an Xft font gives major lag. Why is this? I'm using OpenBSD 4.3. I can provide a dmesg by request.
Samsung (SH-S182M) DVD/CD-R burn/read-back issue
Greetings, Early October I bought this Samsung DVD/CD burner [1] (OEM) from newegg. I put in a computer I was going to put 4.0 on. After installing 4.0 and updating source with cvs -rOPENBSD_4_0 I made a release. I attempted to burn a CD so I can use for upgrading my other i386 systems as well. I built cdrtools from ports. After burning a CD-R I couldn't boot from it. I tried another CD-R and same problem. Tried yet a 3rd one and had the same problem. I mounted the CD and I could list contents of the CD, but couldn't read back contents of any of the files. e.g., $ cat /mnt/cd/4.0/i386/CKSUM cat: /mnt/cd/4.0/i386/CKSUM: Input/output error (also see tail of dmesg [2]) I got curious. I took the ISO image I used to burn the CD-R to a 3.9 box I have and used it to burn a CD-R and that one works just fine. I thought maybe something wrong with the burner. Called newegg they sent me a new one after I sent mine back. It took me a while but I finally got motivated enough to go through the same exercise over again. But have the same exact problem. I burn a CD-R but unable to read-back data. I'd appreciate any ideas anyone may have on this. Otherwise, I'm tossing this item and getting me another non-Samsung equivalent. TIA, --patrick [1] SAMSUNG|SH-S182M http://www.newegg.com/Product/Product.asp?Item=N82E16827151136 [2] OpenBSD 4.0-stable (GENERIC) #0: Wed Dec 13 02:11:04 PST 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: AMD Sempron(tm) Processor 2600+ (AuthenticAMD 686-class, 128KB L2 cache) 1.61 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2 real mem = 536375296 (523804K) avail mem = 481329152 (470048K) using 4256 buffers containing 26923008 bytes (26292K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(6b) BIOS, date 04/08/05, BIOS32 rev. 0 @ 0xfa120, SMBIOS rev. 2.2 @ 0xf (34 entries) bios0: http://www.abit.com.tw/ NF8/NF8-V (nVidia nForce3 250GB) apm0 at bios0: Power Management spec V1.2 apm0: AC on, battery charge unknown apm0: flags 70102 dobusy 1 doidle 1 pcibios0 at bios0: rev 2.1 @ 0xf/0xc4b4 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfc380/288 (16 entries) pcibios0: bad IRQ table checksum pcibios0: PCI BIOS has 17 Interrupt Routing table entries pcibios0: PCI Exclusive IRQs: 3 5 10 11 12 pcibios0: no compatible PCI ICU found pcibios0: Warning, unable to fix up PCI interrupt routing pcibios0: PCI bus #2 is the last bus bios0: ROM list: 0xc/0x8000 0xc8000/0x4000! 0xcc000/0x800 cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 NVIDIA nForce3 250 PCI Host rev 0xa1 pcib0 at pci0 dev 1 function 0 NVIDIA nForce3 250 ISA rev 0xa2 nviic0 at pci0 dev 1 function 1 NVIDIA nForce3 250 SMBus rev 0xa1 iic0 at nviic0 unknown at iic0 addr 0x2e not configured iic1 at nviic0 ohci0 at pci0 dev 2 function 0 NVIDIA nForce3 250 USB rev 0xa1: irq 12, version 1.0, legacy support usb0 at ohci0: USB revision 1.0 uhub0 at usb0 uhub0: NVIDIA OHCI root hub, rev 1.00/1.00, addr 1 uhub0: 4 ports with 4 removable, self powered ohci1 at pci0 dev 2 function 1 NVIDIA nForce3 250 USB rev 0xa1: irq 10, version 1.0, legacy support usb1 at ohci1: USB revision 1.0 uhub1 at usb1 uhub1: NVIDIA OHCI root hub, rev 1.00/1.00, addr 1 uhub1: 4 ports with 4 removable, self powered ehci0 at pci0 dev 2 function 2 NVIDIA nForce3 250 USB2 rev 0xa2: irq 11 usb2 at ehci0: USB revision 2.0 uhub2 at usb2 uhub2: NVIDIA EHCI root hub, rev 2.00/1.00, addr 1 uhub2: 8 ports with 8 removable, self powered nfe0 at pci0 dev 5 function 0 NVIDIA nForce3 LAN rev 0xa2: irq 12, address 00:50:8d:7c:06:8c ciphy0 at nfe0 phy 1: Cicada CS8201 10/100/1000TX PHY, rev. 3 auich0 at pci0 dev 6 function 0 NVIDIA nForce3 250 AC97 rev 0xa1: irq 3, nForce3 AC97 ac97: codec id 0x414c4780 (Avance Logic ALC658 rev 0) ac97: codec features 20 bit DAC, 18 bit ADC, No 3D Stereo audio0 at auich0 pciide0 at pci0 dev 8 function 0 NVIDIA nForce3 250 IDE rev 0xa2: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility wd0 at pciide0 channel 0 drive 0: IC35L120AVVA07-0 wd0: 16-sector PIO, LBA, 117799MB, 241252607 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5 atapiscsi0 at pciide0 channel 1 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: TSSTcorp, CD/DVDW SH-S182M, SB02 SCSI0 5/cdrom removable cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2 pciide1 at pci0 dev 10 function 0 NVIDIA nForce3 250 SATA rev 0xa2: DMA pciide1: using irq 11 for native-PCI interrupt ppb0 at pci0 dev 11 function 0 NVIDIA nForce3 250 AGP rev 0xa2 pci1 at ppb0 bus 1 vga1 at pci1 dev 0 function 0 ATI Rage 128 Pro TF rev 0x00 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) ppb1 at pci0 dev 14 function 0 NVIDIA nForce3 250 PCI-PCI rev 0xa2 pci2 at ppb1 bus 2 xl0 at pci2 dev 7 function 0 3Com 3c905C 100Base-TX rev
qualcom gobi 2000 support
Can someone share some information on the support of the qualcom gobi 2000 mini pci express card in openbsd? Kind regards
Firewall: Where is the bottleneck?
Hi, I use a OpenBSD based firewall (version 5.2, I know I should upgrade but ...) between a 8 host cluster of Linux server and 300 clients which will access this clutser via VNC. Each server is connected with one gigabit port to a dedicated switch and the firewall has on each site one gigabit (dedicated switch and campus network). The users complains about slow VNC response times (if I connect a client system to the dedicated switch, the access is faster, even during peak hours), and the admins of the cluster blame my firewall :(. I use MRTG for traffic monitoring (data retrieves from OpenBSD in one minute interval) and can see average traffic of 160 Mbit/s during office hours and peaks and 280 Mbit/s. With bwm-ng and a five second interval I can see peaks and 580 Mbit/s. The peak packets per second is arround 8 packets (also measured with bwm-ng). The interrupt of CPU0 is in peak 25%. So with this data I don't think the firewall is at the limit, I'm right? The server is a standard Intel Xeon (E3-1220V2, 4 Cores, 3.10 GHz) with 4 GByte of memory and 4 1 Gbit/s ethernet cooper Intel nics (driver em). Where is the problem? Can't the nics handle more packets/second? How can I check for this? If I connect a client system directly to the dedicated system, the response times are better. Thanks for your help, Patrick
Re: Firewall: Where is the bottleneck?
Hi Hrvoje, nestat -i shows nothing special. NameMtu Network Address Ipkts IerrsOpkts Oerrs Colls lo0 33152 Link 91235 091235 0 0 lo0 33152 localhost/1 localhost91235 091235 0 0 lo0 33152 fe80::%lo0/ fe80::1%lo0 91235 091235 0 0 lo0 33152 localhost localhost91235 091235 0 0 em0 1500 Link 00:25:90:a6:08:52 16371757334772 297519394073 0 0 em0 1500 megagw06a.o megagw06a.ohb-sys 16371757334772 297519394073 0 0 em0 1500 fe80::%em0/ fe80::225:90ff:fe 16371757334772 297519394073 0 0 em1 1500 Link 00:25:90:a6:08:53 297512809627 489 163342615216 0 0 em1 1500 10.242.13/2 10.242.13.1 297512809627 489 163342615216 0 0 em1 1500 fe80::%em1/ fe80::225:90ff:fe 297512809627 489 163342615216 0 0 em2*1500 Link 00:25:90:a6:08:540 00 0 0 em3*1500 Link 00:25:90:a6:08:550 00 0 0 enc0* 0 Link 0 00 0 0 pflog0 33152 Link 0 0 146527095 0 0 I will try to have a maintenance window for the upgrade. Thanks for the help, Patrick Am 04.11.2014 um 23:22 schrieb Hrvoje Popovski hrv...@srce.hr: out of curiosity, could you post netstat -i if you can, why don't you upgrade bios and install openbsd 5.6
Re: Problems building userland
Josh Grosse jggimi.homeip.net> writes: > > On Sat, Sep 19, 2015 at 10:35:07AM -0500, Amit Kulkarni wrote: > > Hello, > > > > How are you guys able to build userland? I double-checked that the > > > > http://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/src/Makefile?rev=1.125=text/plain > > > > is still referring to ${SUDO} > > > > here is the result. > > > > # make build > > cd /usr/src/share/mk && exec /usr/bin/sudo -E make install > > /bin/sh: /usr/bin/sudo: not found > > *** Error 127 in /usr/src (Makefile:75 'build') > > > > Thanks > > > > The sudo application moved from built-in to ports. See the details in > the Following -current FAQ: > > http://www.openbsd.org/faq/current.html#20150703 > > Greetings I use the FAQ 5.3.5 to build userland it works on amd64 and i386 5.3.5 - Building the userland There is a specific process used by OpenBSD. Processes used on other OSs you may have been familiar with will most likely not work on OpenBSD, and will get you laughed at when you ask why. Clear your /usr/obj directory and rebuild symbolic links: # rm -rf /usr/obj/* # cd /usr/src # make obj Note that the use of the /usr/obj directory is mandatory. Failing to do this step before building the rest of the tree will likely leave your src tree in bad shape. Make sure all the appropriate directories are created. # cd /usr/src/etc && env DESTDIR=/ make distrib-dirs Build the system: # cd /usr/src # make build This compiles and installs all the "userland" utilities in the appropriate order. This is a fairly time consuming step -- a very fast machine may be able to complete it in well under an hour, a very slow machine may take many days. When this step is complete, you have newly compiled binaries in place on your system. >> cheers
Re: OpenBSD on Fiber
I understand the fact about an dedicated server and the fact that not ervery speedtest is the same. But there is another angle. I have installed FreeBSD with the same specs and also a PF enabled and in testing its is much better. I have also a VPS in a DC normal the speeds is average 48 and with OpenBSD it is average 17. So is there a good explanation for this? On Sunday, August 30, 2015, Vivek Vinod vi...@icanconnect.com wrote: I run a miniscule ISP. Speed tests are flawed. Depends on which ones you are running - they basically download a file (typically 2 to 10 MB) and determine how much time that took. Then they report the mbps. Issues like latency are almost never taken into account when reporting these tests. It totally depends on how far your speedtest server is. Internet is much more than just the thickness of your pipe. Also, apologies for assuming you don't knowâ, but Internet speeds (throughput) are in mega bits per second and not mega bytes per second. Vivek Sent from my BlackBerry 10 smartphone. Original Message From: Patrickâ Sent: Sunday 30 August 2015 23:39 To: misc@openbsd.org javascript:;â Subject: OpenBSD on Fiber Hello, I have a fiber internet connection with 500Mbs download and 500Mbs upload. I installed a long time ago a firewall with OpenBSD 5.5 with routing and PF. But after a speedtest the line is stuck at around 200Mbs. Even when i download a test bin the speed is around 17Mbs. After this experience i had FreeBSD installed which doing fine with my fiber network. I have tested 5.6 and 5.7 and even 5.8 for testing any improvements in the network speed. Does anybody now what can cause this problem? Below i have my specs posted: *Hardware / OS* HP DL380 G6 vSphere ESXI 6 (Updated to last patches) *VM* Virtual Machine 11 (Also tried 8) Type: Other 32Bit / Other 64Bit And FreeBSD 64bit same results 1 CPU 1 core 4GB *What i have tried (This all had no results)* Upgrade the virtual machine hardware. Forward the network cards from pci slots to the VM Different ethernet adapters, VMXNET3 is still the best which is getting the highest speeds. Add system tweaks in sysctl.conf disabling PF Use other versions of OpenBSD 32Bit / 64Bit. Best Regards, Patrick -- Met vriendelijke groet, *Patrick Koreneef* T: +316-40951631 E: patr...@natpnk.nl
Re: OpenBSD on Fiber
Met vriendelijke groet, *Patrick Koreneef* T: +316-40951631 E: patr...@natpnk.nl On 30 August 2015 at 23:28, Patrick patr...@natpnk.nl wrote: So upgrade righ now. I am currently runnig 5.8 What does download a test bin mean, exactly? A 1000mb.bin with zero's to test the download speed for a DC Meaning what, exactly? After removing OpenBSD and install FreeBSD the speeds where normal for my internet connection What problem? I willing to know what can cause this network speed lag What i mean with the hardware version is the hardware version in ESXI. PS: I am a system engineer in daily life. Met vriendelijke groet, *Patrick Koreneef* T: +316-40951631 E: patr...@natpnk.nl On 30 August 2015 at 23:20, Jan Stary h...@stare.cz wrote: I have a fiber internet connection with 500Mbs download and 500Mbs upload. I installed a long time ago a firewall with OpenBSD 5.5 with routing and PF. So upgrade righ now. But after a speedtest the line is stuck at around 200Mbs. Even when i download a test bin the speed is around 17Mbs. What does download a test bin mean, exactly? After this experience i had FreeBSD installed which doing fine with my fiber network. Meaning what, exactly? I have tested 5.6 and 5.7 and even 5.8 for testing any improvements in the network speed. Does anybody now what can cause this problem? What problem? *Hardware / OS* HP DL380 G6 vSphere ESXI 6 (Updated to last patches) *VM* Virtual Machine 11 (Also tried 8) Type: Other 32Bit / Other 64Bit And FreeBSD 64bit same results 1 CPU 1 core 4GB Ah, so you are not really running OpenBSD. The first and obvious thing to try is to run OpenBSD on the HW itself. *What i have tried (This all had no results)* Upgrade the virtual machine hardware. Forward the network cards from pci slots to the VM Different ethernet adapters, VMXNET3 is still the best which is getting the highest speeds. Add system tweaks in sysctl.conf disabling PF Use other versions of OpenBSD 32Bit / 64Bit. Try the first and obvious first.
OpenBSD on Fiber
Hello, I have a fiber internet connection with 500Mbs download and 500Mbs upload. I installed a long time ago a firewall with OpenBSD 5.5 with routing and PF. But after a speedtest the line is stuck at around 200Mbs. Even when i download a test bin the speed is around 17Mbs. After this experience i had FreeBSD installed which doing fine with my fiber network. I have tested 5.6 and 5.7 and even 5.8 for testing any improvements in the network speed. Does anybody now what can cause this problem? Below i have my specs posted: *Hardware / OS* HP DL380 G6 vSphere ESXI 6 (Updated to last patches) *VM* Virtual Machine 11 (Also tried 8) Type: Other 32Bit / Other 64Bit And FreeBSD 64bit same results 1 CPU 1 core 4GB *What i have tried (This all had no results)* Upgrade the virtual machine hardware. Forward the network cards from pci slots to the VM Different ethernet adapters, VMXNET3 is still the best which is getting the highest speeds. Add system tweaks in sysctl.conf disabling PF Use other versions of OpenBSD 32Bit / 64Bit. Best Regards, Patrick
Re: SPA112 VoIP with pf and NAT - States keeps open on address change
> On 06.02.2019, at 11:15, Sebastian Reitenbach > wrote: > > Am Mittwoch, Februar 06, 2019 10:57 CET, jum...@yahoo.de schrieb: > >> Hello, >> I have a Cisco SPA112 VoIP to connect my analog phone to my provider SIP >> system. Recently I replaced my Linux based (Fritzbox) with a OpenBSD 6.4 >> firewall. The firewall is connected to a vDSL modem and performs NAT for >> outgoing IPv4 connection. The connection to the SIP server from the SPA112 >> is a IPv4 with NAT via UDP port 5060. The connection works and I can see the >> NAT in the state table. I have configured NAT-Keepalive on the SPA112 to >> keep the state open. After 24 hours my provider terminate my connection and >> after established a new connection the firewall has a new public IPv4 >> address. >> After this change the SPA112 can't longer communicate to the SIP server >> because it's still using the old state with the old public IPv4 address. If >> I deleted the state manually on the firewall the force the SPA112 to >> register again it works. The SPA112 has also an automatism to re-register >> after 60 minutes. But without deleting the state the SPA112 will use again >> the old state/connection. >> From my point of view the SPA112 should use a new connection for the >> re-register or at least a new connection, if it detects the lost of the >> previous registration. But this problem doesn't exist with the old Linux >> based firewall. I can also see a lot of other NAT entries in the state table >> with the old public IPv4 address. Is there a feature of pf to delete all NAT >> entries with the no longer existing public IPv4 on a address change? >> Best Regards,Patrick > > some lines of pf.conf would be helpful. Do you have parentheses around your > interface name in the nat-to rule, like nat-to ($ext_if) > that should update the rules when addresses change, but I don't think that > will touch active states. > However, SIP and UDP might be problematic, since states are consulted first, > before the rules are traversed. Since UDP is stateless, PF only seems > sending/receiving IP and port, but with SIP the sending port always might be > 5060 as well, so it may match the existing state, even if the external IP > changed. > > Sebastian > Hi Sebastian, Thanks for your quick reply. My nat rule use the parenthesis and all other devices behind the firewall works fine. I think it’s more a specific issue with the SPA112. I have also set the ruleset optimization to conservative but in this case the generated state has just a longer time to live. This isn’t the problem because the SPA112 sends regular keep alive packets which reset the counter for the state. Here the related rules: pass out quick on egress inet from (vether0:network) nat-to (egress) modulate state pass in on egress inet proto udp from to (egress) port 5060 As I’m just reading again my rules. Is the modulate state the problem? Or will pf use keep state for UDP packets as the default? Best Regards, Patrick
Re: SPA112 VoIP with pf and NAT - States keeps open on address change
> On 07.02.2019, at 14:21, Stuart Henderson wrote: > > On 2019-02-06, Patrick wrote: >> My nat rule use the parenthesis and all other devices behind the >> firewall works fine. I think it’s more a specific issue with the SPA112. >> I have also set the ruleset optimization to conservative but in this >> case the generated state has just a longer time to live. This isn’t the >> problem because the SPA112 sends regular keep alive packets which reset >> the counter for the state. > > Setting to 'conservative' (i.e. hanging on to states for longer) can't > help with this. > > Using parentheses won't help either, that means "do a lookup at state > creation time", but you aren't getting a new state created because the > old one hasn't expired. > >> >> Here the related rules: >> pass out quick on egress inet from (vether0:network) nat-to (egress) >> modulate state >> pass in on egress inet proto udp from to (egress) port 5060 >> >> As I’m just reading again my rules. Is the modulate state the problem? >> Or will pf use keep state for UDP packets as the default? > > PF uses "keep state" by default, and "keep state" is required for NAT. > > I think your main options are: > > - use a *shorter* timeout for this rule (this can be set per-rule > and overrides the default from "set optimization") and have a port > forward rule so that incoming packets still work even when the > state has timed out > > - arrange a way to flush these states when the IP changes > > The first of these is probably easiest if you can do it .. > > Thanks for suggestions. I tried to change the timeouts but every time the state gets deleted the SIP server refused the new connection. I think because of the change of source port. Maybe it would work with static-port option. I choose option two and have created a cron job to reconnect my VDSL connection and flush the state table at 2am in the night. This moved the force termination after 24 hours to the night. I remember that the old firewall had a similar option and probably also deleted the state table at the same time. I didn’t noticed the disconnection of my SPA112 in the middle of the night. To recover quicker from a termination at day I have set the re-register timeout to 30 minutes and also runs a script every five minutes on the firewall to check the current public IPv4 address and the one in the state table for the SPA112 and if it not match delete the state. Best Regards, Patrick
Allocate more memory than 512 MB with squid
Hi all, I use the squid web-proxy on a OpenBSD 4.1 i386 machine with 1024 MB of RAM. Squid can only allocate 512 MB of RAM. If squid tries to allocate more than that, the process kills himself and starts automatically again with the following message in /var/log/messages. FATAL: xcalloc: Unable to allocate 4096 blocks of 1 bytes! Squid runs under the user _squid. This user is in the login class daemon in which the data size is set to infinity. I also checked the file /usr/src/sys/arch/i386/include/vmparam.h where I found the line. #define MAXDSIZ (1024*1024*1024) /* max data size */ Can anybody give me a hint where I can set the maximum RAM usage of one process? Thanks in advance Patrick [demime 1.01d removed an attachment of type application/x-pkcs7-signature which had a name of smime.p7s]
Re: Allocate more memory than 512 MB with squid
Thanks for your reply. I installed squid from the Package squid-2.6.STABLE9.tgz on OpenBSD 4.1-stable i386. Here the relevant parts of my squid.conf. cache_mem 192 MB maximum_object_size 16 MB cache_dir ufs /var/squid/cache 5000 16 256 With this cache_mem size, the squid process use 498 MB of RAM. In a few days I will try to run a little C-Program which allocate more than 512 MB and post the output here. Here my dmesg. OpenBSD 4.1 (GENERIC) #2: Tue May 29 17:53:25 CEST 2007 [EMAIL PROTECTED]:/usr/binpatch/work-binpatch-4.1/src/sys/arch/i386/compile/GENERIC cpu0: Intel Pentium III (GenuineIntel 686-class) 804 MHz cpu0:FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE real mem = 1073233920 (1048080K) avail mem = 971886592 (949108K) using 4278 buffers containing 53784576 bytes (52524K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+ BIOS, date 11/02/00, BIOS32 rev. 0 @ 0xf0aa0, SMBIOS rev. 2.3 @ 0xf2930 (45 entries) bios0: ASUSTeK Computer INC. CUV4X apm0 at bios0: Power Management spec V1.2 apm0: AC on, battery charge unknown apm0: flags 30102 dobusy 0 doidle 1 pcibios0 at bios0: rev 2.1 @ 0xf/0x12e2 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf1250/144 (7 entries) pcibios0: PCI Interrupt Router at 000:04:0 (VIA VT82C586 ISA rev 0x00) pcibios0: PCI bus #1 is the last bus bios0: ROM list: 0xc/0xc000 acpi at mainbus0 not configured cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 VIA VT8605 PCI rev 0x81 ppb0 at pci0 dev 1 function 0 VIA VT8605 AGP rev 0x00 pci1 at ppb0 bus 1 vga1 at pci1 dev 0 function 0 ATI Rage Fury rev 0x00 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) pcib0 at pci0 dev 4 function 0 VIA VT82C686 ISA rev 0x22 pciide0 at pci0 dev 4 function 1 VIA VT82C571 IDE rev 0x10: ATA66, channel 0 configured to compatibility, channel 1 configured to compatibility wd0 at pciide0 channel 0 drive 0: QUANTUM FIREBALL CX10.2A wd0: 16-sector PIO, LBA, 9787MB, 20044080 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 4 atapiscsi0 at pciide0 channel 1 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: E-IDE, CD-950E/AKU, A4Q SCSI0 5/cdrom removable cd0(pciide0:1:0): using PIO mode 4, DMA mode 2 uhci0 at pci0 dev 4 function 2 VIA VT83C572 USB rev 0x10: irq 12 usb0 at uhci0: USB revision 1.0 uhub0 at usb0 uhub0: VIA UHCI root hub, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered uhci1 at pci0 dev 4 function 3 VIA VT83C572 USB rev 0x10: irq 12 usb1 at uhci1: USB revision 1.0 uhub1 at usb1 uhub1: VIA UHCI root hub, rev 1.00/1.00, addr 1 uhub1: 2 ports with 2 removable, self powered viaenv0 at pci0 dev 4 function 4 VIA VT82C686 SMBus rev 0x30: HWM disabled xl0 at pci0 dev 14 function 0 3Com 3c905C 100Base-TX rev 0x78: irq 10, address 00:01:02:e3:19:86 exphy0 at xl0 phy 24: 3Com internal media interface xl1 at pci0 dev 15 function 0 3Com 3c905 100Base-TX rev 0x00: irq 12, address 00:60:08:55:98:9b nsphy0 at xl1 phy 24: DP83840 10/100 PHY, rev. 1 xl2 at pci0 dev 16 function 0 3Com 3c905B 100Base-TX rev 0x24: irq 5, address 00:a0:24:a9:1c:23 exphy1 at xl2 phy 24: 3Com internal media interface isa0 at pcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pcppi0 at isa0 port 0x61 midi0 at pcppi0: PC speaker spkr0 at pcppi0 lpt0 at isa0 port 0x378/4 irq 7 npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo pccom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec biomask fb45 netmask ff65 ttymask ffe7 pctr: 686-class user-level performance counters enabled mtrr: Pentium Pro MTRR support dkcsum: wd0 matches BIOS drive 0x80 root on wd0a rootdev=0x0 rrootdev=0x300 rawdev=0x302 Best regards. Patrick Whyzzi schrieb: Curious. Well there's not much we can say on the matter: 1) no dmesg 2) no squid conf I personally recommend testing your squid server's memory for problems and providing at least the whole dmesg and relevant parts of your squid.conf (eg cache_mem). BTW: Shouldn't this be in the ports list? Cheers! On 15/07/07, Patrick Hemmen [EMAIL PROTECTED] wrote: Hi all, I use the squid web-proxy on a OpenBSD 4.1 i386 machine with 1024 MB of RAM. Squid can only allocate 512 MB of RAM. If squid tries to allocate more than that, the process kills himself and starts automatically again with the following message in /var/log/messages. FATAL: xcalloc: Unable to allocate 4096 blocks of 1 bytes! Squid runs under the user _squid. This user is in the login class daemon in which the data size is set to infinity. I also checked the file /usr/src/sys/arch/i386/include/vmparam.h where
Re: Allocate more memory than 512 MB with squid
Thanks for the hint. I will test the memory and view the BIOS settings as soon as possible. Best regards. Patrick Whyzzi schrieb: Again I highly recommend you check the memory for problems: http://www.memtest86.com/ Another thing I've noticed that can cause strange problems: miss-matched memory timings caused by mixture of RAM, especially if the BIOS is set to auto detect timings. Double check the memory module RAS/CAS timings between each module and if they are not the same, force the timing in the BIOS from the highest timing module. I also recommend checking to see if there is a BIOS update for your board. Good luck. PV As a comparison, I'm running squid-2.5.STABLE13 on a 4.0 snapshot without issue: OpenBSD 4.0 (GENERIC) #1107: Sat Sep 16 19:15:58 MDT 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel(R) Pentium(R) 4 CPU 2.40GHz (GenuineIntel 686-class) 2.44 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM real mem = 1073217536 (1048064K) avail mem = 970981376 (948224K) using 4256 buffers containing 53764096 bytes (52504K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(ed) BIOS, date 11/10/03, BIOS32 rev. 0 @ 0xf1e30, SMBIOS rev. 2.3 @ 0xf0040 (56 entries) bios0: ASUSTeK Computer INC. P4PE apm0 at bios0: Power Management spec V1.2 (BIOS mgmt disabled) apm0: APM power management enable: unrecognized device ID (9) apm0: APM engage (device 1): power management disabled (1) apm0: AC on, battery charge unknown apm0: flags b0102 dobusy 0 doidle 1 pcibios0 at bios0: rev 2.1 @ 0xf/0x24b2 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf23d0/224 (12 entries) pcibios0: PCI Interrupt Router at 000:31:0 (Intel 82371FB ISA rev 0x00) pcibios0: PCI bus #2 is the last bus bios0: ROM list: 0xc/0xc800 0xd/0x7c00! 0xd8000/0x1000 cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 Intel 82845G/GL rev 0x02 ppb0 at pci0 dev 1 function 0 Intel 82845G/GL/GV/GE/PE AGP rev 0x02 pci1 at ppb0 bus 1 vga1 at pci1 dev 0 function 0 NVIDIA GeForce2 MX rev 0xb2 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) uhci0 at pci0 dev 29 function 0 Intel 82801DB USB rev 0x02: irq 12 usb0 at uhci0: USB revision 1.0 uhub0 at usb0 uhub0: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered uhci1 at pci0 dev 29 function 1 Intel 82801DB USB rev 0x02: irq 3 usb1 at uhci1: USB revision 1.0 uhub1 at usb1 uhub1: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub1: 2 ports with 2 removable, self powered uhci2 at pci0 dev 29 function 2 Intel 82801DB USB rev 0x02: irq 14 usb2 at uhci2: USB revision 1.0 uhub2 at usb2 uhub2: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub2: 2 ports with 2 removable, self powered ehci0 at pci0 dev 29 function 7 Intel 82801DB USB rev 0x02: irq 11 usb3 at ehci0: USB revision 2.0 uhub3 at usb3 uhub3: Intel EHCI root hub, rev 2.00/1.00, addr 1 uhub3: 6 ports with 6 removable, self powered ppb1 at pci0 dev 30 function 0 Intel 82801BA AGP rev 0x82 pci2 at ppb1 bus 2 VIA VT6306 FireWire rev 0x80 at pci2 dev 3 function 0 not configured pciide0 at pci2 dev 4 function 0 Promise PDC20376 rev 0x02: DMA wd0 at pciide0 channel 0 drive 0: ST380013AS wd0: 16-sector PIO, LBA48, 76319MB, 156301488 sectors wd0(pciide0:0:0): using BIOS timings, Ultra-DMA mode 6 pciide0: using irq 11 for native-PCI interrupt bge0 at pci2 dev 5 function 0 Broadcom BCM5702X rev 0x02, BCM5703 A2 (0x1002): irq 10, address 00:e0:18:bf:77:eb brgphy0 at bge0 phy 1: BCM5703 10/100/1000baseT PHY, rev. 2 em0 at pci2 dev 10 function 0 Intel PRO/1000GT (82541GI) rev 0x05: irq 5, address 00:0e:0c:bc:33:44 ichpcib0 at pci0 dev 31 function 0 Intel 82801DB LPC rev 0x02 pciide1 at pci0 dev 31 function 1 Intel 82801DB IDE rev 0x02: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility pciide1: no compatibility interrupt for use by channel 0 atapiscsi0 at pciide1 channel 1 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: HL-DT-ST, DVD-ROM GDR8161B, 0100 SCSI0 5/cdrom removable cd0(pciide1:1:0): using PIO mode 4, Ultra-DMA mode 2 isa0 at ichpcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pcppi0 at isa0 port 0x61 midi0 at pcppi0: PC speaker spkr0 at pcppi0 lpt0 at isa0 port 0x378/4 irq 7 npx0 at isa0 port 0xf0/16: using exception 16 pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec biomask fb4d netmask ff6d ttymask ffef pctr: user-level cycle counter enabled dkcsum: wd0 matches BIOS drive 0x80 root on wd0a On 16/07/07, Patrick Hemmen
Re: Allocate more memory than 512 MB with squid
Squid runs under the user _squid and this user is in the login class daemon in which the data size is set to infinity. Or do I have to set a another capability? Best regards. Patrick Tim Kuhlman schrieb: On Mon July 16 2007 12:00:41 pm Patrick Hemmen wrote: Thanks for your reply. I installed squid from the Package squid-2.6.STABLE9.tgz on OpenBSD 4.1-stable i386. Here the relevant parts of my squid.conf. cache_mem 192 MB maximum_object_size 16 MB cache_dir ufs /var/squid/cache 5000 16 256 With this cache_mem size, the squid process use 498 MB of RAM. In a few days I will try to run a little C-Program which allocate more than 512 MB and post the output here. Sounds like a login.conf restriction to me, which your little c program should encounter also. man 5 login.conf [demime 1.01d removed an attachment of type application/x-pkcs7-signature which had a name of smime.p7s]
Re: Allocate more memory than 512 MB with squid
I start squid with the following entry in /etc/rc.local. if [ -x /usr/local/sbin/squid ]; then echo -n ' squid'; /usr/local/sbin/squid fi Best regards. Patrick Daniel Ouellet schrieb: Patrick Hemmen wrote: Squid runs under the user _squid and this user is in the login class daemon in which the data size is set to infinity. Or do I have to set a another capability? How do you start your squid is the key. man 5 login.conf man 8 rc explain it. Just putting the class there for a specific user doesn't make it use it unless you specify that class at the start in your rc.local It's not for squid, but check the principal and ideas here: http://openbsdsupport.org/mysql.htm#/etc/login.conf http://openbsdsupport.org/mysql.htm#/etc/rc.local You will see that unless you specifically tell it to use it, it will not use it and only gets the default class no matter what you put in there. Hope this help you. Daniel [demime 1.01d removed an attachment of type application/x-pkcs7-signature which had a name of smime.p7s]
Re: Allocate more memory than 512 MB with squid
Hi, yesterday I run the little c-program under the user root and it works. Here is the source code of the program. #include stdio.h #include stdlib.h int main() { size_t size = 936870912; char *a = malloc(size); if (a) printf(yes); else perror(no); } Do I start squid correctly with the entry in /etc/rc.local? Thanks. Patrick Patrick Hemmen wrote: I start squid with the following entry in /etc/rc.local. if [ -x /usr/local/sbin/squid ]; then echo -n ' squid'; /usr/local/sbin/squid fi Best regards. Patrick [demime 1.01d removed an attachment of type application/x-pkcs7-signature which had a name of smime.p7s]
Re: spamd question (4.1)
On 7/23/07, Darrin Chandler [EMAIL PROTECTED] wrote: It seems normal enough. What I and some others have done in addition is to add a whitelist that bypasses spamd altogether. Into that whitelist goes gmail (host -ttxt gmail.com) and other large providers using pools for outgoing mail. Good point. If you are concerned about the entries that you saw whitelisted, have you checked where the mail went that they sent? If this is wholly your domain then you should be able to easily see that. If you can't look (because it's other people's mail) then you can still ask around and see if people have been getting spam. I've not had a chance to examine where the white listed hosts were trying to send to (yet). I have yet to run sendmail to accept incoming mail. However, while monitoring the output from spamdb, I did noticed most to addresses for the GREY trapped hosts were bogus recipients. Also, though spamd works GREAT, it is what it is. As I mentioned above, it will not stop spam from real mail servers, whether open relays or spam house servers. You may get to the point where you do want to add I see your point about open relays and such. Thanks for your input! --patrick
SMTP flood + spamdb
Hi all, At around 1:40 PM (PDT) my SMTP server started getting flooded by enormous amount of connections. The connections were for seemingly random users @my-domain-name. I'm running spamdb in greylist mode, but these servers were getting white-listed very quickly. $ /usr/sbin/spamdb | /usr/bin/grep -c ^WHITE 717 Typical value for above is not more than 20. Traffic going in/out of my mail-server is minimal. I would remove them from the WHITE list and they would fill up almost immediately. My guess is someone is using these faked addresses ([EMAIL PROTECTED]) to send out SPAM and I'm getting the bounces from these. I'm basically looking for opinions as how to combat this problem right now. I'm not even 100% on the bounced email theory, but this had happened to me once before back in May 2003, but the bounces were mainly from gc.ca domain. I use gmane to read the list. If not too much to ask, please CC me on your reply(ies). Thanks, --patrick p.s., Server is running cvs updated -rOPENBSD_4_1 code.
Re: SMTP flood + spamdb
On 9/23/07, Darrin Chandler [EMAIL PROTECTED] wrote: On Sun, Sep 23, 2007 at 03:33:03PM -0700, patrick keshishian wrote: At around 1:40 PM (PDT) my SMTP server started getting flooded by enormous amount of connections. The connections were for seemingly random users @my-domain-name. I'm running spamdb in greylist mode, but these servers were getting white-listed very quickly. $ /usr/sbin/spamdb | /usr/bin/grep -c ^WHITE 717 I've seen something *very* similar. In my case the user portions seemed random at first glance, but some were repeated a LOT. See if you have that, too. If so, enter those random addresses as SPAMTRAP entries. That way they're blocked for 24 hours, and will reblock themselves if they persist. They seemed pretty random to me, but I did a quick check after reading your response and I see 468 unique fake email address @my-domain, only one was duplicated twice. This was in the span of about 1 hour, from 13:38 to 14:31 Pacific time. After which I enabled filtering of SMTP port 'til I figure out what I am going to do. I can't imagine entering all those address as spamtraps. Another user suggested greytrapping in private email, which made me reread spamd(8) a couple of times, at least the 'GREYTRAPPING' section, which mentions /etc/mail/spamd.alloweddomains file. It doesn't specifically say one could use it to enter valid email address in that file, but a naive look at the source spamd/grey.c suggests it could work. I plan on giving this a try unless someone from the list advises against it. Is there anyway one could flush the GREY entries from spamdb? I had the problem where I would clear the WHITE entries that didn't belong, but the WHITE list would grow rapidly out of control again. I'm not sure if this is related or not, but I have noticed that a few times yesterday and once again tonight around 8PM PDT, spamd-setup failed on ftp with connection time out. Thanks for all the replies. I had also done a log tailer that added to a blacklist, but that turned out not to be needed with the above. ymmv. -- Darrin Chandler| Phoenix BSD User Group | MetaBUG [EMAIL PROTECTED] | http://phxbug.org/ | http://metabug.org/ http://www.stilyagin.com/ | Daemons in the Desert | Global BUG Federation -- How romantic. Two lovers' first kiss shared on the banks of the river Seine -- LL as CK (ep.72 s04e06)
Re: SMTP flood + spamdb
On 9/24/07, Stuart Henderson [EMAIL PROTECTED] wrote: On 2007/09/23 20:53, patrick keshishian wrote: They seemed pretty random to me, but I did a quick check after reading your response and I see 468 unique fake email address @my-domain, only one was duplicated twice. What's the problem, they'll just be dropped user unknown by your MTA won't they? It wouldn't be a problem if it didn't mimic a DDOS attack. Getting bombarded by many dozen SMTP connection in a very short time-span iss a bit alarming (at least was to me). Other than that, I agree, sendmail would drop them as User unknown and that's the end of story. Btw, your reply-to field contains my e-mail address. Is that intended? Cheers, --patrick
Re: SMTP flood + spamdb
On 9/23/07, Peter N. M. Hansteen [EMAIL PROTECTED] wrote: patrick keshishian [EMAIL PROTECTED] writes: I'm running spamdb in greylist mode, but these servers were getting white-listed very quickly. Then it sounds almost like you were running with a too short passtime, but then that's easy to adjust. The default (which I believe is 25 minutes). At around 1:40 PM (PDT) my SMTP server started getting flooded by enormous amount of connections. The connections were for seemingly random users @my-domain-name. We've been seeing a lot of that here, too. Mostly it's a few (maybe 20) a day to the most widely known domain here, then occasionally somebody pushes the generate button for too long and one domain almost nobody actually uses gets the bouces for 700+ fake addresses[1]. Bob Beck's greyscanner is rather effective, as is the more manual methods I've blogged about the observations quite a bit, starting with [2]. I have just re-opened my SMTP port which I had shut since 1440 Sunday. Not 1 hour has passed yet and my GREY list is almost at 300. I've added about 250 (count at the time) bogus emails to the greytrap list but since they are unique I don't think it will help the situation much. I'm very certain right now, this flood is due to a spammer using these fake addresses @my-domain-name to spam these mail server (all around the world -- Japan, South America, US, Germany, Ireland, etc...) and I'm getting the brunt of it in the form of these bounced messages. At this point I think I have no other choice but to wait out the storm. Short summary for those who are not too interested in blog posts: I started seeing more than the usual amount of bounce activity in my mail server log summaries, close enough to what you describe. So after a bit of thinking and log browsing I decided this was generated mainly by misconfigured mail servers bouncing spam. Then I decided I wanted to do an experiment, to see if I could poison the well and at the same time get a feel for the data I was collecting. When you speak of misconfigured mail servers bouncing spam, what exactly is a proper configured mail server supposed to do with spam directed at non-existing user @their-host-name? Just curious. FYI, as of now my: - GREY list count is 342 (and growing) - unique bogus email count is 341 - ESTABLISHED spamd connection count is 63 (and growing) This is not fun :-\ I started publishing the fake addresses on a web page[3] as well as entering them into the list of trap addresses. I've been seeing evidence that the addresses are actually being harvested and used as to-be-spammed addresses too: addresses which are all uppercase on the web page turning up in the spamd logs and greylist dumps in all lowercase, addresses which have been on my flypaper list for months turn up all the time, and we see a steadily growing number of hosts in TRAPPED state. My users here are not getting any more spam than they used to (as close as does not matter to none), false positives are pretty much an unknown, and it looks like we're succeeding in making the spammers work harder. [1] http://bsdly.blogspot.com/2007/08/lady-in-distress-or-then-again-maybe.html [2] http://bsdly.blogspot.com/2007/07/hey-spammer-heres-list-for-you.html [3] http://www.bsdly.net/~peter/traplist.html
ipsec with carp
Hello all, I have two OpenBSD machines for a redundancy VPN-Gateway. They use carp to share one IP-Address and sasyncd to synchronize SAs and SPDs. I setup a ipsec-tunnel in /etc/ipsec.conf. The tunnel isn't established and the error PAYLOAD_MALFORMED appears in the logs. With tcpdump I can see that the initial packet (isakmp v1.0 exchange ID_PROT) to establish the tunnel come from the host IP-Address and not from the carp address. Thanks in advance. Patrick
Re: ipsec with carp
Ok. Before using carp/sasyncd the IPSEC tunnel had worked. The isakmpd daemon listen on all interfaces/ip addresses. I am illustrating my set up vpngw01: 10.10.10.101 carp: 10.10.10.1 -- INTERNET -- remote gateway: 192.168.1.1 vpngw02: 10.10.10.102 My machines are vpngw01 and 02. The IPSEC tunnel is negotiated between the addresses 10.10.10.1 and 192.168.1.1. But my master (vpngw01) tries to establish the IPSEC connection with the non-carp address 10.10.10.101. The other side is in passive mode. Thanks for the replies. Patrick Brian A. Seklecki schrieb: Also: 1) Does the documentation in ipsec(4) / isakmpd.conf(5) / sasyncd.conf(5) imply that all policies / security associations should be between the CARP HA L3 address? 2) Is your isakmpd(8) binding to wildcard address? 3) Did this problem evolve with the implementation of sasyncd(8) or did your IPSEC never work? ~BAS On Mon, 2007-10-01 at 08:16 -0700, Dag Richards wrote: Patrick Hemmen wrote: Hello all, I have two OpenBSD machines for a redundancy VPN-Gateway. They use carp to share one IP-Address and sasyncd to synchronize SAs and SPDs. I setup a ipsec-tunnel in /etc/ipsec.conf. The tunnel isn't established and the error PAYLOAD_MALFORMED appears in the logs. With tcpdump I can see that the initial packet (isakmp v1.0 exchange ID_PROT) to establish the tunnel come from the host IP-Address and not from the carp address. Thanks in advance. Patrick Maybe it's the humidity. Maybe it's something in your ipsec.conf file. Based on the info you have provided so far, both seem to be about as like as each other ;) ipsec.conf ifconfig -A maybe a quote from your dumps and perhaps a bit of logging info
Re: ipsec with carp
Heinrich Rebehn schrieb: Patrick Hemmen wrote: Ok. Before using carp/sasyncd the IPSEC tunnel had worked. The isakmpd daemon listen on all interfaces/ip addresses. I am illustrating my set up vpngw01: 10.10.10.101 carp: 10.10.10.1 -- INTERNET -- remote gateway: 192.168.1.1 vpngw02: 10.10.10.102 Remove the IP addresses from the physical interfaces. The master will then use 10.10.10.1 as source address. Use the carpdev clause in ifconfig to specify the physical interface used for carp. Note however that the machine will no longer respond to broadcast packets. -- Heinrich I fixed this problem by adding local 10.10.10.1 before peer 192.168.1.1 to the /etc/ipsec.conf file. I have to read the manual more thoroughly ;). I think the tunnel isn't available because of wrong lifetimes settings. The remote gateway returns a NO PROPOSAL CHOSEN and all other settings are correct. Now, I'm waiting for the lifetimes settings information of the remote site. Best regards. Patrick [demime 1.01d removed an attachment of type application/x-pkcs7-signature which had a name of smime.p7s]
Re: ipsec with carp
Heinrich Rebehn schrieb: Patrick Hemmen wrote: Ok. Before using carp/sasyncd the IPSEC tunnel had worked. The isakmpd daemon listen on all interfaces/ip addresses. I am illustrating my set up vpngw01: 10.10.10.101 carp: 10.10.10.1 -- INTERNET -- remote gateway: 192.168.1.1 vpngw02: 10.10.10.102 Remove the IP addresses from the physical interfaces. The master will then use 10.10.10.1 as source address. Use the carpdev clause in ifconfig to specify the physical interface used for carp. Note however that the machine will no longer respond to broadcast packets. -- Heinrich I fixed this problem by adding local 10.10.10.1 before peer 192.168.1.1 to the /etc/ipsec.conf file. I have to read the manual more thoroughly ;). I think the tunnel isn't available because of wrong lifetimes settings. The remote gateway returns a NO PROPOSAL CHOSEN and all other settings are correct. Now, I'm waiting for the lifetimes settings information of the remote site. Best regards. Patrick Now the tunnel is up and running. The remote site used the wrong ip address for our vpn-gw in their config. I see this after they switch to active mode. That's also the reason for the NO PROPOSAL CHOSEN error that I saw. Thanks a lot. Patrick Hemmen I have a new email address.
Re: F-Secure Computer Virus Information Pages: Googkle
On Sunday 08 May 2005 17:15, Mike wrote: I'm very prone to go and poke around there with Firefox - though I wish F-secure was more explicit about the exploits that they're describing - ... That's quite typical for these security organizations, not to speak any bad about Windows. It's a matter of fact in the security circles, that almost all problems are due to Windows. But the security companies who make their living on the bugs of Windows (Symantec, Norton and others) simply dno't want to loose their streams of revenue. They don't want the people to switch to other systems. When a problem affects Linux exclusively (there has been some especially with PHP and Apache), they almost trumpet it, clearly stating that it was Linux. When a problem affects a mix of platforms (some Apache versions had problems on Linux and Windows) they mention it to. But when a problem only affects Windows, they seem to suddenly forget to mention which systems are affected, specially in the non technical medias. Thus Microsoft can blatantly lie about the security of their systems and claim that security problems are as much numerous on other platforms. If you go to CNN.com, you'll see alerts like: A virus spreads on the internet and infects thousands of PCs per hour ! But are these really any PC ?? No obviously not ! These only affects IBM compatible PC (not Macintoshes nor Amiga, nor Amstrad nor whatever) running only on Intel x86 and compatible processor serie, running a version of Windows or MS-DOS. These problems these days typically involve IE, Word documents and Outlook, which only run on Windows. You can read the whole article, you'll typically find no mention of Windows. The question is why is it so ? It's because Microsoft buys ad space in the major medias, incuding CNN. With this scheme, the IT deciders who typically don't read technical articles come to believe that virus and malwares spread regardless of the OS and so the intended effect is reached: they don't think about switching to an alternative platform to enhance security. That's why Microsoft continuously run advertising campaigns for Windows although there is no hope to expand the market share of Windows, because the market is almost saturated. -- Patrick BURNAND [EMAIL PROTECTED]
OpenBSD Zaurus - Installed but fails to boot
I tried sending this to the [EMAIL PROTECTED] list but got no response, so let me try misc. The install of the OS and core packages completes just fine. I am pretty sure that fdisk and disklabel configs are correct. Boot behaves very strangely in that it doesn't appear to see hd0a at all and can't find the kernel /bsd (or anyhting else...). When I boot to bsd.rd using the puffy icon under Linux and shell out, I can mount /dev/wd0a and I can see that everything installed just find and can verify that /bsd exists. Since I originally sent the message below, I have tried a complete clean install by deleting the old bsd partition on the disk and removing the OpenBSD IPK. I also used the latest snapshot as of today. The problem remains constant and annoying. I *really* would appreciate some insight into fixing this. Thanks, Patrick Original Message Subject: Re: OpenBSD Zaurus - Installed but fails to boot From:Patrick Heim PatrickHeim at maldoror.cotse.net Date:Sat, June 25, 2005 7:16 pm To: PatrickHeim at maldoror.cotse.net Cc: [EMAIL PROTECTED] -- I've re-read the documents and tried various tweaks in fdisk and disklabel and can't figure out how to get openbsd to boot. Below is the output from fdisk, dislabel, and the boot process. The only deviation from the normal network install is that I am pulling the packages from a BSD formatted compact flash disk (wd1c) rather than a network interface. Thanks for the help. Cheers, Patrick fdisk info: --- Disk: wd0 geometry: 1024/8/17 [7999488 Sectors] Offset: 0 Signature: 0xAA55 Starting Ending LBA Info: #: id C H S -C H S [start: size ] --- 0: 83 0 3 13 - 1511 7 17 [ 63: 205569 ] Linux files* 1: 83 1512 0 1 - 7559 7 17 [ 205632: 822528 ] Linux files* 2: 0C 7560 0 1 - 13442 2 14 [ 1028160: 80 ] Win95 FAT32L *3: A6 12442 4 11 - 58820 3 10 [ 1828160: 6171391 ] OpenBSD fdisk: /using/mdec/mbr: No such file of directory fdisk: using builtin MBR disklabel info: --- device: /dev/rwd0c type: ST506 disk: ST506/MFM/RLL label: ST506 bytes/sector: 512 sectors/track: 17 tracks/cylinder: 8 sectors/cylinder: 136 cylinders: 1024 total sectors: 7999488 free sectors: 63 rpm: 3600 16 partitions: # size offset fstype [fsize bsize cpg] a: 5761744 2237744 4.2BSD 2048 16384 1364 b:409584 1828160swap c: 7999488 0 unused 0 0 i:205569 63 ext2fs j:822528 205632 ext2fs k:80 1028160 MSDOS boot process: - probing: cn0 com0 com1 com2 disk: hd0* OpenBSD/zaurus BOOT 2.0 open(hd0a:/etc/boot.conf): Invalid argument boot booting hd0a:/bsd: open hd0a:/bsd: Invalid argument failed(22). will try /obsd boot booting hd0a:/obsd: open hd0a:/obsd: Invalid argument failed(22). will try /bsd.old boot booting hd0a:/bsd.old: open hd0a:/bsd.old: Invalid argument failed(22). will try /bsd boot booting hd0a:/bsd: open hd0a:/bsd: Invalid argument failed(22). will try /obsd boot booting hd0a:/obsd: open hd0a:/obsd: Invalid argument failed(22). will try /bsd.old boot booting hd0a:/bsd.old: open hd0a:/bsd.old: Invalid argument failed(22). will try /bsd Turning timeout off boot The install completed successfuly, but now it sits on the boot prompt with this error: open(hd0a:/etc/boot.conf): Invalid argument Any help? A reboot command restores Linux. Cheers, Patrick
Re: OpenBSD Zaurus - Installed but fails to boot
Thanks for the reply. I'm not sure I understand what you mean with the discrepancy between the start of the BSD partition and the OpenBSD block. fdisk shows the A6 partition starting at 1828160. I chose to put the swap disklabel at 1828160 with a size of 409584 and a: at 2237744 (1828160+409584) with a size of 5761744. Are you saying the a: disklabel needs to be the first in the A6 partition (at 1828160)? If this is what you meant, I will it a shot... ...I just gave it a shot. Problem solved! Thank you! Maybe it wasn't stated in the instructions (or maybe I glazed over it), but it appears that the a: disklabel needs to be the first one in the A6 partition. Cheers, Patrick On Mon, Jun 27, 2005 at 03:10:12PM -0700, Patrick Heim wrote: I tried sending this to the [EMAIL PROTECTED] list but got no response, so let me try misc. The install of the OS and core packages completes just fine. I am pretty sure that fdisk and disklabel configs are correct. Boot behaves very strangely in that it doesn't appear to see hd0a at all and can't find the kernel /bsd (or anyhting else...). When I boot to bsd.rd using the puffy icon under Linux and shell out, I can mount /dev/wd0a and I can see that everything installed just find and can verify that /bsd exists. Since I originally sent the message below, I have tried a complete clean install by deleting the old bsd partition on the disk and removing the OpenBSD IPK. I also used the latest snapshot as of today. The problem remains constant and annoying. I *really* would appreciate some insight into fixing this. Thanks, Patrick Subject: Re: OpenBSD Zaurus - Installed but fails to boot From:Patrick Heim PatrickHeim at maldoror.cotse.net Date:Sat, June 25, 2005 7:16 pm To: PatrickHeim at maldoror.cotse.net Cc: [EMAIL PROTECTED] -- I've re-read the documents and tried various tweaks in fdisk and disklabel and can't figure out how to get openbsd to boot. Below is the output from fdisk, dislabel, and the boot process. The only deviation from the normal network install is that I am pulling the packages from a BSD formatted compact flash disk (wd1c) rather than a network interface. Thanks for the help. Cheers, Patrick fdisk info: --- Disk: wd0 geometry: 1024/8/17 [7999488 Sectors] Offset: 0 Signature: 0xAA55 Starting Ending LBA Info: #: id C H S -C H S [start: size ] --- 0: 83 0 3 13 - 1511 7 17 [ 63: 205569 ] Linux files* 1: 83 1512 0 1 - 7559 7 17 [ 205632: 822528 ] Linux files* 2: 0C 7560 0 1 - 13442 2 14 [ 1028160: 80 ] Win95 FAT32L *3: A6 12442 4 11 - 58820 3 10 [ 1828160: 6171391 ] OpenBSD fdisk: /using/mdec/mbr: No such file of directory fdisk: using builtin MBR disklabel info: --- device: /dev/rwd0c type: ST506 disk: ST506/MFM/RLL label: ST506 bytes/sector: 512 sectors/track: 17 tracks/cylinder: 8 sectors/cylinder: 136 cylinders: 1024 total sectors: 7999488 free sectors: 63 rpm: 3600 16 partitions: # size offset fstype [fsize bsize cpg] a: 5761744 2237744 4.2BSD 2048 16384 1364 b:409584 1828160swap c: 7999488 0 unused 0 0 i:205569 63 ext2fs j:822528 205632 ext2fs k:80 1028160 MSDOS Sorry, been very busy lately and not been keeping up on things. It appears that you have some discrepancy between the start of you BSD partition and the OpenBSD block on the MBR *3: A6 12442 4 11 - 58820 3 10 [ 1828160: 6171391 ] OpenBSD a: 5761744 2237744 4.2BSD 2048 16384 1364 Mine is slightly different: --- #: idC H S -C H S [ start: size ] 3: A6 9065 7 2 - 58819 6 2 [ 1232960: 6766528 ] OpenBSD --- # sizeoffset fstype [fsize bsize cpg] a: 6635456 1232960 4.2BSD 2048 16384 1364 # Cyl 9065*- 57855 --- However, notice that the offset of the a parittion and the start of the mbr entry is the same value. Try repartitioning with disklabel so those values are the same, reinstall and try again. Dale Rahn [EMAIL PROTECTED]
Re: Clustering using OpenBSD
On 1/29/06, Gabriel George POPA [EMAIL PROTECTED] wrote: Hello all, I'm planning to deploy a small cluster behind my firewall (for test purposes). What would be the recommender program to use for clustering and wht can it do? Where should I start? I have 5 workstations (1GHz Intel Celeron)+server 3GHz Intel P4. I know several ways of clustering, but I ask you because you might know what is the best method to use with OpenBSD. Oh, and what's with that picture on www.openbsd.org (lower-right corner)? Respectfully yours, Gabriel George POPA What kind of cluster do you want to create? There are essentially three types: high availability/failover, load-balancing, and high performance computing. Each requires very different approaches. Let us know more about the problem you're trying to solve and we can give you more info.
uath firmware load crash/freeze
Greetings, I'm not sure whether this belongs to misc@ or tech@, so I'm posting it first in [EMAIL PROTECTED] I have this TRENDnet TEW-444UB/A wireless USB adaptor lying around and I was hoping to use it with one of my laptops (using -current). I downloaded the latest firmware from TRENDnet's download page [1] and placed, what I believe to be the firmware file (ar5523.bin) in /etc/firmware/uath-ar5523. Next I plugged in the USB adaptor and I got: Apr 25 23:53:40 foo /bsd: uath0 at uhub0 port 1 Apr 25 23:53:40 foo /bsd: Apr 25 23:53:40 foo /bsd: uath0: Atheros Communications Inc AR5523, rev 2.00/0.0 1, addr 2 Apr 25 23:53:41 foo /bsd: uath0: at uhub0 port 1 (addr 2) disconnected Apr 25 23:53:41 foo /bsd: uath0 detached Apr 25 23:53:42 foo /bsd: uath0 at uhub0 port 1 Apr 25 23:53:42 foo /bsd: Apr 25 23:53:42 foo /bsd: uath0: Atheros Communications Inc AR5523, rev 2.00/0.0 1, addr 2 Apr 25 23:53:52 foo /bsd: uath0: could not send firmware block data Apr 25 23:53:52 foo /bsd: uath0: could not load firmware (error=TIMEOUT) Next I got the CD that came with the adaptor package and on there I find two .bin files (assuming they are the firmwares): $ ls -l /mnt/cd/Driver/*.bin -r-xr-xr-x 1 root wheel 142768 Feb 24 2005 /mnt/cd/Driver/ar5523.bin* -r-xr-xr-x 1 root wheel 143536 Jan 24 2005 /mnt/cd/Driver/ar55239x.bin* I don't know exactly why there are two, but the 9x hints at Win9x, which still doesn't explain why there would be two versions of the firmware. Anyway, I picked the first one (listed) and place it in the firmware directory and renamed it to uath-ar5523. Plugged the USB adaptor in and a couple of seconds later the laptop froze. The computer wasn't dead, but the OS seemed to be. I could toggle num-lock and caps-lock keys. I could get in and out of the BIOS using function keys. But the OS was unresponsive. Last lines in /var/log/messages were: Apr 26 23:04:28 foo /bsd: uath0 at uhub0 port 1 Apr 26 23:04:28 foo /bsd: Apr 26 23:04:28 foo /bsd: uath0: Atheros Communications Inc AR5523, rev 2.00/0.0 1, addr 2 Apr 26 23:04:29 foo /bsd: uath0: at uhub0 port 1 (addr 2) disconnected Apr 26 23:04:29 foo /bsd: uath0 detached Apr 26 23:04:32 foo /bsd: uath0 at uhub0 port 1 Apr 26 23:04:32 foo /bsd: Apr 26 23:04:32 foo /bsd: uath0: Atheros Communications Inc AR5523, rev 2.00/0.0 1, addr 2 I tried the second .bin file from the CD and had the same result. I'm not quite sure where to go from this point on. I was thinking of recompiling a new kernel with debug printf()s, but not sure how far would that get me. I realize that this laptop is old enough that it does not support USB 2.0. But my other laptop (also on -current) does, and although I have not yet tried the .bin files from the CD on it, the one downloaded off the TRENDnet's web-site got me the same TIMEOUT error/result. I'm open to suggestions and ideas, especially if you can recommend a reasonably priced alternative USB wireless network adaptor which will work on both i386 and macppc architectures. Thanks, --patrick p.s., If at all possible, consider cc-ing me on replies, as I am subscribed to the digest version of the mailing-lists. [1] http://www.trendnet.com/downloads/info/TEW-444UB.htm [2] dmesg OpenBSD 4.1-current (GENERIC) #1: Mon Apr 23 21:14:08 PDT 2007 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel Pentium III (GenuineIntel 686-class) 549 MHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXS R,SSE real mem = 267915264 (261636K) avail mem = 236519424 (230976K) using 3301 buffers containing 13520896 bytes (13204K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+ BIOS, date 09/20/01, BIOS32 rev. 0 @ 0xffe90, SMBIOS rev. 2.3 @ 0xf6c00 (60 entries) bios0: Dell Computer Corporation Inspiron 8000 apm0 at bios0: Power Management spec V1.2 apm0: battery life expectancy 59% apm0: AC off, battery charge high, estimated 3:04 hours apm0: flags 30102 dobusy 0 doidle 1 pcibios0 at bios0: rev 2.1 @ 0xf/0x1 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfbc20/192 (10 entries) pcibios0: PCI Interrupt Router at 000:31:0 (Intel 82371 ISA and IDE rev 0x00) pcibios0: PCI bus #5 is the last bus bios0: ROM list: 0xc/0x1 acpi at mainbus0 not configured cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 Intel 82815 Hub rev 0x02: rng active, 800Kb /sec ppb0 at pci0 dev 1 function 0 Intel 82815 AGP rev 0x02 pci1 at ppb0 bus 1 vga1 at pci1 dev 0 function 0 ATI Rage 128 Mobility MF rev 0x00 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) ppb1 at pci0 dev 30 function 0 Intel 82801BAM Hub-to-PCI rev 0x02 pci2 at ppb1 bus 2 esa0 at pci2 dev 3 function 0 ESS Maestro 3 rev 0x10: irq 5 ac97: codec id 0x83847609 (SigmaTel STAC9721/23) ac97: codec features 18 bit DAC, 18 bit ADC, SigmaTel 3D audio0 at esa0 ppb2 at pci2 dev 6 function 0 unknown vendor 0x1668
Re: uath firmware load crash/freeze
On 4/27/07, Niall O'Higgins [EMAIL PROTECTED] wrote: On Fri, Apr 27, 2007 at 12:07:04AM -0700, patrick keshishian wrote: I downloaded the latest firmware from TRENDnet's download page [1] and placed, what I believe to be the firmware file (ar5523.bin) in /etc/firmware/uath-ar5523. You are making this much harder for yourself than it needs be. As the uath(4) manual page says, you can just Yes. I have read the uath(4) man page prior to attempting to use the adaptor. After looking at the mentioned package I noticed there was a newer firmware on the vendor's web-site and hence decided to use it instead [1]. After trying the newer firmware I noticed the TIMEOUT problem during firmware loading process. Next I decided to try the firmware shipped with the adaptor on the original CD. That's when I observed the freezing of OpenBSD-current. The only reason I decided to post to the list. Personally, I find it a slight bit disturbing that simply loading a firmware would cause what could be categorized as a DoS attack, albeit a self-induced one. pkg_add http://damien.bergamini.free.fr/packages/openbsd/uath-firmware-1.0.tgz I'm open to suggestions and ideas, especially if you can recommend a reasonably priced alternative USB wireless network adaptor which will work on both i386 and macppc architectures. uath(4) is not very good. There are no docs and little incentive to fix bugs in a driver with such an unfriendly vendor. ural(4) and rum(4) are both pretty solid USB wifi devices, and Ralink are pretty friendly. Yes, thanks :-) --patrick [1] $ zcat uath-firmware-1.0.tgz | pax -v -rw-r--r-- 1 root wheel 257 Sep 16 2006 +CONTENTS -rw-r--r-- 1 root wheel 175 Sep 16 2006 +DESC -rw-r--r-- 1 root wheel 147664 Sep 16 2006 etc/firmware/uath-ar5523 vs. one available on TRENDnet's web-site dated 3/17/2007.
NVIDIA nForce Pro support
Hi, does anyone know if this chipset NVIDIA nForce Professional 3400 MCP is completely supported by openBSD?? The hardware support page is not clear about that, it only shows NVIDIA nForce/nForce2/nForce2-400/nForce3/nForce3-250/nForce4, MCP04/MCP51/MCP55/MCP61/MCP65/MCP67. Thanks _ Soyez parmi les premiers ` essayer Windows Live Mail. http://ideas.live.com/programpage.aspx?versionId=5d21c51a-b161-4314-9b0e-4911 fb2b2e6d
nfe0 problem (obsd 4.1)
Hi, I've been noticing some strange problems with the built-in nfe0 interface on my desktop. Actually I've seen it on two such computers, but the description below is for my current desktop PC. The PC is running `cvs up -dP -rOPENBSD_4_1' built. I'm including netstat, ifconfig output[1] and dmesg below[2]. I've noticed that once in a while the nfe0 interface will stop sending and receiving data. At this point I can not make it work again. The only solution I have is to reboot the box. I have installed a dc0 card in the box since. The problem seemed intermittent and not reliably reproducible. But I think I found a way to reproduce this problem on demand (at least for the time being). I have an ssh session to another box, on which I run '/usr/bin/nm somelib.so'. After a page or two of output the terminal hangs. At this point nfe0 becomes unresponsive. I switch to the dc0 interface and the terminal finishes the output. Running the nm command while using the dc0 interface doesn't cause any problems. Interestingly enough, if I redirect the output of nm to a file and subsequently cat the file the nfe0 interface doesn't seem to exhibit the same problem. I am not sure how to diagnose this problem further. I've enabled debug on the nfe0 interface (/sbin/ifconfig nfe0 debug), but don't see any output. Any and all suggestions are welcome. --patrick [1] netstat and ifconfig outputs: $ /usr/bin/netstat -in NameMtu Network Address Ipkts IerrsOpkts Oerrs Colls lo0 33224 Link 1 01 0 0 lo0 33224 127/8 127.0.0.11 01 0 0 lo0 33224 ::1/128 ::1 1 01 0 0 lo0 33224 fe80::%lo0/ fe80::1%lo0 1 01 0 0 dc0 1500 Link 00:02:e3:07:cc:df 1713 0 424 7 0 dc0 1500 fe80::%dc0/ fe80::202:e3ff:fe 1713 0 424 7 0 nfe01500 Link 00:16:e6:82:17:da 1520 613 878 0 0 nfe01500 fe80::%nfe0 fe80::216:e6ff:fe 1520 613 878 0 0 nfe01500 xx.yy.ww.zz xx.yy.ww.zz2 1520 613 878 0 0 pflog0 33224 Link 0 00 0 0 enc0* 1536 Link 0 00 0 0 $ /usr/bin/netstat -rnfinet Routing tables Internet: DestinationGatewayFlagsRefs UseMtu Interface defaultxx.yy.ww.zz9 UGS 00 - nfe0 xx.yy.ww.zz8/28link#2 UC 40 - nfe0 xx.yy.ww.zz9 00:20:6f:03:a2:e5 UHLc10 - nfe0 xx.yy.ww.zz1 link#2 UHLc02 - nfe0 xx.yy.ww.zz3 00:01:02:c2:a1:b9 UHLc1 159 - nfe0 xx.yy.ww.zz0 00:20:e0:68:5d:c8 UHLc1 11 - L nfe0 127/8 127.0.0.1 UGRS00 33224 lo0 127.0.0.1 127.0.0.1 UH 10 33224 lo0 224/4 127.0.0.1 URS 00 33224 lo0 $ /sbin/ifconfig lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST mtu 33224 groups: lo inet 127.0.0.1 netmask 0xff00 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5 dc0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:02:e3:07:cc:df media: Ethernet autoselect (none) status: no carrier inet6 fe80::202:e3ff:fe07:ccdf%dc0 prefixlen 64 scopeid 0x1 nfe0: flags=8847UP,BROADCAST,DEBUG,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:16:e6:82:17:da groups: egress media: Ethernet autoselect (100baseTX full-duplex) status: active inet6 fe80::216:e6ff:fe82:17da%nfe0 prefixlen 64 scopeid 0x2 inet xx.yy.ww.zz2 netmask 0xfff0 broadcast xx.yy.ww.zz3 pflog0: flags=141UP,RUNNING,PROMISC mtu 33224 enc0: flags=0 mtu 1536 [2] dmesg OpenBSD 4.1-stable (GENERIC) #0: Mon May 28 18:06:28 PDT 2007 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: AMD Athlon(tm) 64 Processor 3200+ (AuthenticAMD 686-class, 512KB L2 cach e) 2.02 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CF LUSH,MMX,FXSR,SSE,SSE2,SSE3 cpu0: AMD erratum 89 present, BIOS upgrade may be required real mem = 536375296 (523804K) avail mem = 481710080 (470420K) using 4278 buffers containing 26943488 bytes (26312K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+ BIOS, date 05/11/06, BIOS32 rev. 0 @ 0xfb5f0, SMBIOS rev. 2.3 @ 0xf0100 (43 entries) bios0: Gigabyte Technology Co., Ltd. GA-K8N-SLi / GA-K8N-SLi-RH apm0 at bios0: Power Management spec V1.2 apm0: AC on, battery charge unknown apm0: flags 70102 dobusy 1 doidle 1 pcibios0 at bios0: rev 3.0 @ 0xf/0xdd64 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdc00/352 (20 entries) pcibios0: PCI
Re: nfe0 problem (obsd 4.1)
On 6/24/07, Vijay Sankar [EMAIL PROTECTED] wrote: On Sunday 24 June 2007 13:50, patrick keshishian wrote: Hi, I've been noticing some strange problems with the built-in nfe0 interface on my desktop. Actually I've seen it on two such computers, but the description below is for my current desktop PC. The PC is running `cvs up -dP -rOPENBSD_4_1' built. I'm including netstat, ifconfig output[1] and dmesg below[2]. I've noticed that once in a while the nfe0 interface will stop sending and receiving data. At this point I can not make it work again. The only solution I have is to reboot the box. I have installed a dc0 card in the box since. The problem seemed intermittent and not reliably reproducible. But I think I found a way to reproduce this problem on demand (at least for the time being). I have an ssh session to another box, on which I run '/usr/bin/nm somelib.so'. After a page or two of output the terminal hangs. At this point nfe0 becomes unresponsive. I switch to the dc0 interface and the terminal finishes the output. Running the nm command while using the dc0 interface doesn't cause any problems. I experienced similar problems last year and can empathize. The following items improved my situation somewhat: 1) BIOS upgrade 2) Removing dual boot (I had both OpenBSD and Windows 2003 on one machine. There were more errors if I did not power off after shutting down Windows 2003 and just did a restart from within Windows. If I did not unplug the machine after shutting down Windows, most of the time I saw watchdog timeouts but if I powered off the host, and then powered it back on, there were fewer errors) Both boxes I have run solely OpenBSD. One thing that I did notice was that after switching to the dc0 interface for a short while (5 min or so?), I could switch back to the nfe0 and it would start responding again. Basically: # /sbin/ifconfig dc0 delete # /sbin/route delete default # /sbin/ifconfig nfe0 inet IP netmask netmask up # /sbin/route add default gateway Therefore, a reboot isn't the only way to fix the problem (reset the interface) as I had previously thought. I am not sure exactly what causes the interface to reset: idle time, no carrier, or something completely random? Either way, thanks for all the replies! I experimented with different combinations and different switches (10/100/1000, 10/100, and 10-Base-T). When all the hosts connected to a 10/100 switch were running at 100 MB/s then changing nfe0 from autoselect to full-duplex using ifconfig nfe0 media 100baseTX mediaopt full-duplex seemed to eliminate nfe0 hangs as well as timeouts completely. I am not sure whether this has any rational basis or is specific to some weird situation in my network, but that has been my experience. Vijay Interestingly enough, if I redirect the output of nm to a file and subsequently cat the file the nfe0 interface doesn't seem to exhibit the same problem. I am not sure how to diagnose this problem further. I've enabled debug on the nfe0 interface (/sbin/ifconfig nfe0 debug), but don't see any output. Any and all suggestions are welcome. --patrick
Re: multi-disk external scsi enclosures
Date: Wed, 6 Feb 2008 07:12:55 -0500 From: [EMAIL PROTECTED] To: misc@openbsd.org Subject: Re: multi-disk external scsi enclosures Not sure how much storage you are after here, but I'm not sure I believe that ten 9G disks are better for your quest than one 100G disk. ONE 9G vs. ONE 100G? Maybe (and even then...keep in mind that SATA cables are shielded, PATA and older SCSI cables are not really shielded), but the fact that you need a lot of them and they use more cabling is very possibly going to add up on you. SATA cables aren't shielded either, because they're supposed to be used inside an enclosure. eSATA cables are shielded. _
Couple of MacBook Questions
Greetings, I'm considering replacing my iBook G4 with possibly a MacBook and I was hoping I'd find a couple of MacBook users that run OpenBSD regularly on their MacBooks who could answer the following for me. First question I have is regarding swapping the caps-lock and control keys (in OpenBSD... Google tells me that MacOS X 10.4+ has options to allow this). My iBook laptop with its ADB keyboard has given me enough grief and stress over this. I also am aware of Apple's Aluminum keyboards and their smart caps-lock feature that requires a key-press of more than a fraction of a second before it activates. Good grief... I just want to make sure I'm not setting myself up for disappointment as I can't find any relevant info using Google. Second question I have is about virtualization. Just curious to hear about any success stories. Particularly interested in Xen or similar and how they compare to Parallels. TIA, --patrick
problems configuring and making nmap 4.11 on OpenBSD 3.9 stable
I'm running OpenBSD 3.9 stable, arch i386. Also autoconf-2.59. I'd install the nmap package, but it's an older version. When I run ./configure --with-openssl=/usr/sbin/ I get a number of warnings like the following: configure: WARNING: net/if.h: present but cannot be compiled configure: WARNING: net/if.h: check for missing prerequisite headers? configure: WARNING: net/if.h: see the Autoconf documentation configure: WARNING: net/if.h: section Present But Cannot Be Compiled configure: WARNING: net/if.h: proceeding with the preprocessor's result configure: WARNING: net/if.h: in the future, the compiler will take precedence configure: WARNING: ## -- ## configure: WARNING: ## Report this to the AC_PACKAGE_NAME lists. ## configure: WARNING: ## -- ## This happens for several files: net/if.h, sys/sysctl.h, net/if_arp.h, net/fpvar.h, net/route.h, and netinet/in_var.h. Then when I run make I get: Makefile, line 1: Need an operator Makefile, line 14: Need an operator Makefile, line 15: Need an operator Makefile, line 21: Need an operator Makefile, line 38: Need an operator Makefile, line 49: Need an operator Makefile, line 51: Need an operator Makefile, line 190: Could not find makefile.dep Fatal errors encountered -- cannot continue I can provide the contents of my config.log file if necessary. TIA for help.
Socket 10/100 Ethernet CF Card
I have a little problem - my Socket 10/100 CF Ethernet card is not properly recognized under 4.0 snapshot (9/1/06). It never was, but I saw a changelong entry Support Compaq Flash Socket CF 10/100 card in ne(4). (http://www.openbsd.org/plus.html) and was expecting that it would. dmesg output is: ne0 at pcmcia1 function 0 Socket, CF+ 10/100 Ethernet, 1.0 port 0x0/32: can't match ethernet vendor code It looks like all that may be needed is binding the corect vendor code to the ne driver I can't figure out how to get the vendor code under OpenBSD. Under Linux, cardctl reports: product info: Socket, CF+ 10/100 Ethernet, 1.0 manfid: 0x0104, 0x0145 function: 6 (network) Any help? Cheers, Patrick
disks not detected during install
Hi misc, I'm trying to setup a new openbsd 3.9 install on i386. It worked before on that computer when I installed quickly to test for compatibility, but I needed to finish up some hardware stuff on it and then I wanted to install for real but it does not work anymore. It hangs at the disk: line Loading /3.9/I386/CDBOOT probing: pc0 com0 apm mem[639K 382M a20=on] disk: and then it stays there forever. The computer has two storage controllers. One is an ami-compatible raid controller. The other is the pciide-compatible sata sil3114 chip. Both appear to be working. If I unplug the scsi drives from the controller and leave the controller in, it will work. Also if I unplug the sata drives and leave the controller in, it will work. However all appears to be working quite well as I can install win2000 on it and all drives work well. Also as I've said openbsd 3.9 worked on it just a few days ago, but I can't find what I've changed. I thought it might be a bios settings problem so I played with the settings, but nothing seemed to help. Overall I think this makes no sense, what are some of the problems that might be happening?
Re: disks not detected during install
On 11/10/06, Patrick Cummings [EMAIL PROTECTED] wrote: Hi misc, I'm trying to setup a new openbsd 3.9 install on i386. It worked before on that computer when I installed quickly to test for compatibility, but I needed to finish up some hardware stuff on it and then I wanted to install for real but it does not work anymore. It hangs at the disk: line Loading /3.9/I386/CDBOOT probing: pc0 com0 apm mem[639K 382M a20=on] disk: and then it stays there forever. The computer has two storage controllers. One is an ami-compatible raid controller. The other is the pciide-compatible sata sil3114 chip. Both appear to be working. If I unplug the scsi drives from the controller and leave the controller in, it will work. Also if I unplug the sata drives and leave the controller in, it will work. However all appears to be working quite well as I can install win2000 on it and all drives work well. Also as I've said openbsd 3.9 worked on it just a few days ago, but I can't find what I've changed. I thought it might be a bios settings problem so I played with the settings, but nothing seemed to help. Overall I think this makes no sense, what are some of the problems that might be happening? Can you boot from any of the install boot floppies? If so, can you provide a dmesg? Sure, I can get a dmesg if I use it with the two sata drives unplugged: OpenBSD 3.9 (GENERIC) #617: Thu Mar 2 02:26:48 MST 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel Pentium III (GenuineIntel 686-class) 1 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXS R,SSE real mem = 402169856 (392744K) avail mem = 359616512 (351188K) using 4278 buffers containing 20209664 bytes (19736K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(71) BIOS, date 04/12/01, BIOS32 rev. 0 @ 0xfb1b0 apm0 at bios0: Power Management spec V1.2 apm0: AC on, battery charge unknown apm0: flags 70102 dobusy 1 doidle 1 pcibios0 at bios0: rev 2.1 @ 0xf/0xdbd4 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdb40/144 (7 entries) pcibios0: PCI Exclusive IRQs: 10 11 15 pcibios0: PCI Interrupt Router at 000:07:0 (VIA VT82C596A ISA rev 0x00) pcibios0: PCI bus #1 is the last bus bios0: ROM list: 0xc/0xa000 0xcc000/0x2200 cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 VIA VT82C691 PCI rev 0xc4 ppb0 at pci0 dev 1 function 0 VIA VT82C598 AGP rev 0x00 pci1 at ppb0 bus 1 vga1 at pci1 dev 0 function 0 S3 Savage 4 rev 0x03 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) pcib0 at pci0 dev 7 function 0 VIA VT82C686 ISA rev 0x40 pciide0 at pci0 dev 7 function 1 VIA VT82C571 IDE rev 0x06: ATA100, channel 0 configured to compatibility, channel 1 configured to compatibility atapiscsi0 at pciide0 channel 0 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: SONY, CD-ROM CDU5221, 0.30 SCSI0 5/cdrom removab le cd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2 pciide0: channel 1 ignored (disabled) uhci0 at pci0 dev 7 function 2 VIA VT83C572 USB rev 0x16: irq 11 usb0 at uhci0: USB revision 1.0 uhub0 at usb0 uhub0: VIA UHCI root hub, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered uhci1 at pci0 dev 7 function 3 VIA VT83C572 USB rev 0x16: irq 11 usb1 at uhci1: USB revision 1.0 uhub1 at usb1 uhub1: VIA UHCI root hub, rev 1.00/1.00, addr 1 uhub1: 2 ports with 2 removable, self powered viaenv0 at pci0 dev 7 function 4 VIA VT82C686 SMBus rev 0x40 rl0 at pci0 dev 11 function 0 Realtek 8139 rev 0x10: irq 10, address 00:02:44: 26:2f:12 rlphy0 at rl0 phy 0: RTL internal PHY ami0 at pci0 dev 12 function 0 AMI MegaRAID Series 428 rev 0x04: irq 11 AMI 42 8 32b ami0: FW UF82, BIOS v1.66, 16MB RAM ami0: 2 channels, 16 targets, 1 logical drives scsibus1 at ami0: 1 targets sd0 at scsibus1 targ 0 lun 0: AMI, Host drive #00, SCSI2 0/direct fixed sd0: 34730MB, 34730 cyl, 64 head, 32 sec, 512 bytes/sec, 71127040 sec total pciide1 at pci0 dev 13 function 0 CMD Technology SiI3114 SATA rev 0x02: DMA pciide1: using irq 15 for native-PCI interrupt isa0 at pcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pcppi0 at isa0 port 0x61 midi0 at pcppi0: PC speaker spkr0 at pcppi0 npx0 at isa0 port 0xf0/16: using exception 16 pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo biomask fbed netmask ffed ttymask ffef pctr: 686-class user-level performance counters enabled mtrr: Pentium Pro MTRR support dkcsum: sd0 matches BIOS drive 0x80 root on sd0a rootdev=0x400 rrootdev=0xd00 rawdev=0xd02
Re: c.93.3 not found when installing packages
Christian Weisgerber [EMAIL PROTECTED] wrote: I expect a new snapshot to be available by Monday. (Building a full package snapshot now takes ~68 hours on the Xeon 2.66 GHz dedicated to the job. If somebody wants to donate a new high-end machine for the task, talk to Theo what his rack can accommodate.) Hmm.. can you use a few such machines and employ distcc? I couldn't help notice that a port for it was recently submitted to [EMAIL PROTECTED] distcc significantly reduces compile time. At work we used to run it on our individual boxes and our compiles would take a fraction of the normal time. -- Christian naddy Weisgerber [EMAIL PROTECTED]
Unknown . dir in a daily insecurity report
I don't know what I'm supposed to make of this: === Start Message === Subject: my host name daily insecurity output Checking special files and directories. Output format is: filename: criteria (shouldbe, reallyis) .: permissions (0755, 0777) === End Message === Normally I don't get daily insecurity reports, which I take to mean that everything is OK. But for the past two nights I have gotten this one; and I can't figure out what it's trying to tell me. cmd sudo find / -perm 777 /cmd will show no output other than when I deliberately create a single chmod 777 file, at which point it will show only that one file. This proves that that find is working properly and that there are, as far as I can tell, no chmod 777 files on my system. The only thing worth mentioning about my system is that it's still running 3.8. -Patrick
Re: Unknown . dir in a daily insecurity report
On Oct 26, 2006, at 4:04 AM, Otto Moerbeek wrote: On Thu, 26 Oct 2006, Patrick Rutkowski wrote: I don't know what I'm supposed to make of this: === Start Message === Subject: my host name daily insecurity output Checking special files and directories. Output format is: filename: criteria (shouldbe, reallyis) .: permissions (0755, 0777) === End Message === Normally I don't get daily insecurity reports, which I take to mean that everything is OK. But for the past two nights I have gotten this one; and I can't figure out what it's trying to tell me. cmd sudo find / -perm 777 /cmd will show no output other than when I deliberately create a single chmod 777 file, at which point it will show only that one file. This proves that that find is working properly and that there are, as far as I can tell, no chmod 777 files on my system. The only thing worth mentioning about my system is that it's still running 3.8. It looks like your / dir has the wrong permissions. -Otto Yup, that was it; ty :-D
problems installing mysql-python
Hi all, I've been unable to successfully install mysql-python. Here are the details: ## # versions: ## OpenBSD 3.9 stable Python 2.5 MySQL 3.23.58 MySQL-python-1.2.1_p2 ## # build results: ## % python setup.py build running build running build_py creating build creating build/lib.openbsd-3.9-i386-2.5 copying _mysql_exceptions.py - build/lib.openbsd-3.9-i386-2.5 creating build/lib.openbsd-3.9-i386-2.5/MySQLdb copying MySQLdb/__init__.py - build/lib.openbsd-3.9-i386-2.5/MySQLdb copying MySQLdb/converters.py - build/lib.openbsd-3.9-i386-2.5/MySQLdb copying MySQLdb/connections.py - build/lib.openbsd-3.9-i386-2.5/MySQLdb copying MySQLdb/cursors.py - build/lib.openbsd-3.9-i386-2.5/MySQLdb copying MySQLdb/release.py - build/lib.openbsd-3.9-i386-2.5/MySQLdb copying MySQLdb/times.py - build/lib.openbsd-3.9-i386-2.5/MySQLdb creating build/lib.openbsd-3.9-i386-2.5/MySQLdb/constants copying MySQLdb/constants/__init__.py - build/lib.openbsd-3.9-i386-2.5/MySQLdb/constants copying MySQLdb/constants/CR.py - build/lib.openbsd-3.9-i386-2.5/MySQLdb/constants copying MySQLdb/constants/FIELD_TYPE.py - build/lib.openbsd-3.9-i386-2.5/MySQLdb/constants copying MySQLdb/constants/ER.py - build/lib.openbsd-3.9-i386-2.5/MySQLdb/constants copying MySQLdb/constants/FLAG.py - build/lib.openbsd-3.9-i386-2.5/MySQLdb/constants copying MySQLdb/constants/REFRESH.py - build/lib.openbsd-3.9-i386-2.5/MySQLdb/constants copying MySQLdb/constants/CLIENT.py - build/lib.openbsd-3.9-i386-2.5/MySQLdb/constants running build_ext building '_mysql' extension creating build/temp.openbsd-3.9-i386-2.5 gcc -fno-strict-aliasing -DNDEBUG -g -O3 -Wall -Wstrict-prototypes -fPIC -I/usr/local/include/mysql -I/usr/local/include/python2.5 -c _mysql.c -o build/temp.openbsd-3.9-i386-2.5/_mysql.o -Dversion_info=(1,2,1,'final',2) -D__version__=1.2.1_p2 _mysql.c: In function `_mysql_server_init': _mysql.c:222: warning: unused variable `s' _mysql.c:223: warning: unused variable `cmd_argc' _mysql.c:223: warning: unused variable `i' _mysql.c:223: warning: unused variable `groupc' _mysql.c:224: warning: unused variable `item' _mysql.c:298: warning: label `finish' defined but not used _mysql.c: In function `_mysql_escape_dict': _mysql.c:1132: warning: passing arg 2 of `PyDict_Next' from incompatible pointer type gcc -shared -fPIC build/temp.openbsd-3.9-i386-2.5/_mysql.o -L/usr/local/lib/mysql -lmysqlclient -lz -lm -o build/lib.openbsd-3.9-i386-2.5/_mysql.so ## # install results: ## [root]# python setup.py install running install running build running build_py copying MySQLdb/release.py - build/lib.openbsd-3.9-i386-2.5/MySQLdb running build_ext running install_lib copying build/lib.openbsd-3.9-i386-2.5/_mysql_exceptions.py - /usr/local/lib/python2.5/site-packages creating /usr/local/lib/python2.5/site-packages/MySQLdb copying build/lib.openbsd-3.9-i386-2.5/MySQLdb/__init__.py - /usr/local/lib/python2.5/site-packages/MySQLdb copying build/lib.openbsd-3.9-i386-2.5/MySQLdb/converters.py - /usr/local/lib/python2.5/site-packages/MySQLdb copying build/lib.openbsd-3.9-i386-2.5/MySQLdb/connections.py - /usr/local/lib/python2.5/site-packages/MySQLdb copying build/lib.openbsd-3.9-i386-2.5/MySQLdb/cursors.py - /usr/local/lib/python2.5/site-packages/MySQLdb copying build/lib.openbsd-3.9-i386-2.5/MySQLdb/release.py - /usr/local/lib/python2.5/site-packages/MySQLdb copying build/lib.openbsd-3.9-i386-2.5/MySQLdb/times.py - /usr/local/lib/python2.5/site-packages/MySQLdb creating /usr/local/lib/python2.5/site-packages/MySQLdb/constants copying build/lib.openbsd-3.9-i386-2.5/MySQLdb/constants/__init__.py - /usr/local/lib/python2.5/site-packages/MySQLdb/constants copying build/lib.openbsd-3.9-i386-2.5/MySQLdb/constants/CR.py - /usr/local/lib/python2.5/site-packages/MySQLdb/constants copying build/lib.openbsd-3.9-i386-2.5/MySQLdb/constants/FIELD_TYPE.py - /usr/local/lib/python2.5/site-packages/MySQLdb/constants copying build/lib.openbsd-3.9-i386-2.5/MySQLdb/constants/ER.py - /usr/local/lib/python2.5/site-packages/MySQLdb/constants copying build/lib.openbsd-3.9-i386-2.5/MySQLdb/constants/FLAG.py - /usr/local/lib/python2.5/site-packages/MySQLdb/constants copying build/lib.openbsd-3.9-i386-2.5/MySQLdb/constants/REFRESH.py - /usr/local/lib/python2.5/site-packages/MySQLdb/constants copying build/lib.openbsd-3.9-i386-2.5/MySQLdb/constants/CLIENT.py - /usr/local/lib/python2.5/site-packages/MySQLdb/constants copying build/lib.openbsd-3.9-i386-2.5/_mysql.so - /usr/local/lib/python2.5/site-packages byte-compiling /usr/local/lib/python2.5/site-packages/_mysql_exceptions.py to _mysql_exceptions.pyc byte-compiling /usr/local/lib/python2.5/site-packages/MySQLdb/__init__.py to __init__.pyc byte-compiling /usr/local/lib/python2.5/site-packages/MySQLdb/converters.py to converters.pyc byte-compiling /usr/local/lib/python2.5/site-packages/MySQLdb/connections.py to connections.pyc byte-compiling /usr/local/lib/python2.5/site-packages/MySQLdb/cursors.py to
Re: problems installing mysql-python
On Fri, Oct 27, 2006 at 05:25:50PM +0200, Joerg Zinke wrote: mysql-python is in ports/packages. When I tried to install the package, it wanted a newer version of MySQL. i assume you want to install or have already installed all this versions from source on 3.9? a bleeding edge python version vs. a historic mysql- version, why? I like MySQL 3.23.58. It's easy to use, fast, and meets my needs. why did you not take the versions from ports in -current or the packages from 3.9? I wanted the newest Python and mysql-python.
Rexx on openBSD
Hi misc, I would like to know if I can use the Rexx programming language on openBSD, and if yes, how. Thanks _ Ne perdez pas de temps dans les files dattente magasinez en ligne. http://magasiner.sympatico.msn.ca
Re: disks not detected during install
On 11/10/06, Patrick Cummings [EMAIL PROTECTED] wrote: Hi misc, I'm trying to setup a new openbsd 3.9 install on i386. It worked before on that computer when I installed quickly to test for compatibility, but I needed to finish up some hardware stuff on it and then I wanted to install for real but it does not work anymore. It hangs at the disk: line Loading /3.9/I386/CDBOOT probing: pc0 com0 apm mem[639K 382M a20=on] disk: and then it stays there forever. The computer has two storage controllers. One is an ami-compatible raid controller. The other is the pciide-compatible sata sil3114 chip. Both appear to be working. If I unplug the scsi drives from the controller and leave the controller in, it will work. Also if I unplug the sata drives and leave the controller in, it will work. However all appears to be working quite well as I can install win2000 on it and all drives work well. Also as I've said openbsd 3.9 worked on it just a few days ago, but I can't find what I've changed. I thought it might be a bios settings problem so I played with the settings, but nothing seemed to help. Overall I think this makes no sense, what are some of the problems that might be happening? Can you boot from any of the install boot floppies? If so, can you provide a dmesg? Sure, I can get a dmesg if I use it with the two sata drives unplugged: OpenBSD 3.9 (GENERIC) #617: Thu Mar 2 02:26:48 MST 2006 . (end deleted) I just tried back a few days ago, now it's working. I think it might be caused by a flawed bios on the motherboard. Also I noticed the operating sytem won't boot if either the mouse or keyboard is unplugged. It simply hangs when it should boot with no errors. That might be bios problems too if I'm not wrong. I think I will buy a new motherboard. This time I'll try with a gigabyte board instead of ECS. The hardware was a few years old anyway. ECS refused to provide support when I contacted them because the motherboard is EOL'ed. _ Achetez ce que vous voulez, quand vous voulez sur Sympatico / MSN Magasiner http://magasiner.sympatico.msn.ca/content/shp/?ctId=101,ptnrid=176,ptnrdata=081805
Re: OT Was: Wanted: OpenBSD Systems Administrator
Jack J. Woehr wrote: The real problem is that when outsiders stumble into our newsgroups, we shriek, Ni! Ni! and demand another shrubbery. Maybe we should just chill out a bit. True. I'm currently evaluating OpenBSD and I am trying to understand the mindset of OpenBSD users by reading the newsgroups. And this thread *is* strange. -pu
mixed (compile from source, binary update) approach
Hi, I expected that this question had come up many times before but I didn't find anything in the archives, so here I go. My understanding is that OpenBSD version updates can only be done with binaries. Likewise, for additional application installation, packages i.e. binaries are favored over ports i.e. compiling from source. Why then, otoh, does following -stable involve compiling from source? I thought that the rationale for using binaries was security: everybody is guaranteed to use exactly the same binaries so there's no risk that for some reason, on one machine, the compile process would yield in a different result. Yet the same argument would be true for following -stable, especially as using the GENERIC kernel is the only supported configuration. So I guess I am missing something decisive here. Can anybody shed some light on _why_ there are 2 different ways to update? Regards, -pu
Re: mixed (compile from source, binary update) approach
Nick Holland wrote: UpGRADING (changing functionality, changing version numbers) from source is HARD. Having thousands of people thinking they should be able to build a new version from some arbitrary old version by source is a leading cause of developer hair loss, and helping those people would waste an incredible amount of developer time. Why is is hard? If I pull the complete sources from cvs, so that every file used in the Makefiles is present and up to date, the build process would be just as trivial I assume. In what case would this _not_ be true? (I'm really trying to understand where the risk is) ON THE OTHER HAND, upDATING (patching) by source is trivial. It Just Works (when you follow the directions). Yes, I updated a 3.9 yesterday, and it worked fine. Updating from source would be just as easy (but quicker). So I understand that it's more a lack of resources and that you'd be just as fine with binary upgrades if they were officially supported. Which raises a second question - why are packages used for additional software but not for OpenBSD core? Regards, -pu
Re: mixed (compile from source, binary update) approach
Nick Holland wrote: I think you were confusing UPGRADE and UPDATE there someplace. No, I updated 3.9-release to 3.9-stable. Remove (or don't install) Sendmail... Boom, your daily reports are now non-functional. There are other ways you could get the same info, but none of them quite as simple or built-in. Remove Perl, suddenly, the package tools would stop working (and that would be unfortunate when you wished to reinstall Perl). The developers have assumed certain things are in the basic installation. Verifying the dependencies for every combination of core packages would be difficult...and pointless. Well I think that's feasible, it the package manager manages dependencies and the dependencies in the packages are correct. Plus, the whole thing would look like a number of Linux distributions, which think nothing of requiring some of six CDs for a basic install, installing five different screen editors, but think that locate(1) and sudo(8) are options (and lots of the stuff is broken, because there is just too much stuff to test). The developers have picked a set of apps they feel makes a system highly useful, and yet keep the system very lean. We can be pretty sure that unless you do something strange, your base system looks a lot like my base system. The base system can still be installed with ease on a 250M flash device or a very old hard disk, which is leaner than most of the more modular systems end up being. That's true, but by actually using packages, following -stable could be done by updating small packages and it would perhaps make binary updates easier because only parts of the OS would have to be updated. -pu
Re: mixed (compile from source, binary update) approach
Joachim Schipper wrote: For instance, OpenBSD 4.0 introduced a warning for large stacks, and 4.0 kernels are compiled with this option. Compiling a pre-4.0 -current on 3.9 is thus impossible. That's indeed a good example. While there's probably a way around it by upgrading in several steps, indeed the upgrade could become quite messy and complicated, and change from release to release. Other, usually more subtle, problems also exist. Since snapshots are easy to support and easy to use, they are preferred. Don't get me wrong, I prefer the binary approach. I'd rather have only binary upgrades and updates than only upgrades and updates from source. Again, because there are lots of interdependencies. It's not like you can get away with using packages for gcc, glibc and binutils on Linux, for instance. Sure, they'll package them for you, but don't try to make any other combination than the official... Well, you could, if your package manager manages dependencies correctly. OpenBSD's package manager does AFAIK. However, some things are just that way for historical reasons - it might be possible to make a package out of Apache 1.3, for instance. (However, Apache in particular has been changed quite a bit from the 'official' version.) Yes, that's probably the main reason. Thanks for your explanations. Now I'm wondering why FreeBSD maintains the upgrade from source approach, but that's for a different list (yes, I read that in FreeBSD 6.2 you can do binary upgrades now - but actually I am not interested in FreeBSD at this point). Thanks very much for your explanations. I hate it when things don't make sense to me. -pu
more than one OBSD slice on the same harddisk?
List, If I have a harddisk with one OBSD slice and one other slice (say Linux), can I convert that second slice to OBSD A6 and use it from the same OBSD installation? If so, what will be the disklabel numbering? Regards, -pu
rdr woes (3.9) transparent bridge pf
Greetings, I have a transparent bridged pf serving my home network. It has been running fairly nicely for some time now. I have a web server behind it which I'm trying to move to another server, same network, different IP. I thought it might be a simple thing to just use a rdr rule to point traffic intended for web server one (www1) to web server two (www2) until the DNS changes take place. But it doesn't seem to be working as expected. Just to test this out before committing to it, I added the following to my pf.conf rdr proto tcp to $www1 port 8080 - $www2 port www I fire up a browser and type in the URL: http://www1:8080/ But it just sits there trying to load. Client shows SYN_SENT state. www2 shows no states. `pfctl -ss -v' shows: all tcp www2:80 - www1:8080 - client:49639 CLOSED:SYN_SENT all tcp client:49639 - www2:80 SYN_SENT:CLOSED Is there something I'm missing? Anything else I should be keeping an eye on? Note that client can connect to either web server directly, that is there are no filter rules blocking client from connecting to www[12]:80. The only thing I can think of that may be putting a kink in this picture is that the pf server is bridging the interfaces transparently, and I'm using tags to base my filtering policies on. Reading pf.conf(5) I don't see any particular thing that could cause problems with this set up. Any help would be appreciated. --patrick
ccd, disklabel and partition 'a'
I am currently experimenting with ccd(4) and although it appears to work, I am uncomfortable with one point. I have configured 2 partitions as a JBOD (interleave 0). However, the first of these partitions is partition 'a' of one disk. So the first effect I had was that ccd0 appeared to have the same disklabel as the first disk. I read through the mailing list archives and found a thread explaining that the disklabel is stored around the beginning of partition 'a' and that one should allocate a small partition 'a' which should not be made part of the JBOD. What I am uncomfortable with is that 1) this does not appear to be documented in the man pages anywhere 2) that the size and position of the disklabel of partition 'a' is not clearly stated anywhere so that I can be certain that it doesn't get overwritten and that I am not wasting too much space. Can anybody please shed some light on this? Regards, -pu
Re: ccd, disklabel and partition 'a'
Otto Moerbeek wrote: I read through the mailing list archives and found a thread explaining that the disklabel is stored around the beginning of partition 'a' and that one should allocate a small partition 'a' which should not be made part of the JBOD. I think you misread. It's enough to make sure the a partitions starts after the first track. Just run fdisk -i on a new (ccd) disk. It takes care of that. I am talking about the physical disk, not the ccd disk. In this case, the physical disk is wd1, which has been initialized by fdisk -i. I then created wd1a and wd1b. wd1's disklabel gets put into the beginning of wd1a if I understood correctly. Because when I create ccd0 with wd1a and wd1b as members, ccd0 has the same disklabel as wd1. What I am uncomfortable with is that 1) this does not appear to be documented in the man pages anywhere http://www.openbsd.org/faq/faq14.html#disklabel True, the FAQ is not 'offcial documentation' To me it is. But the information isn't there. What comes close is disklabel(5) which states: The label is located in sector number LABELSECTOR of the drive, usually sector 0 where it may be found without any information about the disk ge ometry. Usually sector 0 is a little vague. Still confused, -pu
Re: ccd, disklabel and partition 'a'
Otto Moerbeek wrote: How are we supposed to help if you omit all relevant info? dmesg, disklabels, fdisk info... A good start would be to read my post, all the information is there. Except for dmesg, which is not useful in this case. -pu
Re: ccd, disklabel and partition 'a'
christian widmer wrote: man ccd: Note that the `raw' partitions of the disks should not be combined. Each component partition should be offset at least one cylinder from the beginning of the component disk. What is a raw partition in that case? In the examples I found, the members of the ccd disk were always wdxy such as wd1a, wd1b, which is exactly what I did. see also thread on misc: CCD: started on 17 jan 2007 by Chris Mika I did. But in that thread it doesn't become clear how much space to skip. i used 'disklabel -e ccd0' to change the type to 'unused'. after that i created one big partition 'd' on the ccd0 drive. Does the name really matter? Whether your partition is called 'a' or 'd', doesn't the disklabel get stored into the beginning of the first partition anyway? -pu
Re: Intel D945GCLF2
I use a Morex CUBID CP2600 [1] with a Morex 60W Power Kit. In Germany for approximately 110 Euro. I installed a 2.5 hard drive and pinched off the noisy case fans. Also I bought a new north bridge fan [2]. It could be still quieter, but it's much better as before. [1] http://www.morex.com.tw/products/productdetail.php?fd_id=35PHPSESSID=c88735b8e065cbbc0dcf57dce9f48f8e [2] http://www.scythe-usa.com/product/acc/016/sy124010l_detail.html -- Patrick Chris Cohen wrote: Anathae Townsend wrote: checkout http://kerneltrap.org/mailarchive/openbsd-misc/2008/9/30/3457064 -Original Message- From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of Chris Cohen Sent: Friday, January 02, 2009 12:41 PM To: misc@openbsd.org Subject: Intel D945GCLF2 Has anyone installed openbsd on the Atom board D945GCLF2? If so could you post a dmesg and does it run stable? -- Thanks Chris thanks! could someone please share what case he is using? I've found serveral, but they are all either too expensive or for in-car use.
Re: Intel D945GCLF2
No problem. Here the output of 'sysctl -a|grep hw'. hw.machine=i386 hw.model=Intel(R) Atom(TM) CPU 330 @ 1.60GHz (GenuineIntel 686-class) hw.ncpu=2 hw.byteorder=1234 hw.pagesize=4096 hw.disknames=wd0 hw.diskcount=1 hw.sensors.cpu0.temp0=32.00 degC hw.sensors.admtm0.temp0=22.00 degC (Internal) hw.sensors.admtm0.temp1=36.00 degC (External) hw.sensors.admtm0.temp2=28.00 degC (External) hw.sensors.admtm0.volt0=2.54 VDC (2.5 V) hw.sensors.admtm0.volt1=0.00 VDC (Vccp) hw.sensors.admtm0.volt2=2.44 VDC (3.3 V) hw.sensors.admtm0.volt3=4.97 VDC (5 V) hw.sensors.admtm0.volt4=12.12 VDC (12 V) hw.sensors.admtm0.volt5=3.27 VDC (Vcc) hw.sensors.admtm0.volt6=1.57 VDC (1.5 V) hw.sensors.admtm0.volt7=1.78 VDC (1.8 V) hw.cpuspeed=1613 hw.setperf=100 hw.vendor=Intel Corporation hw.product=D945GCLF2 hw.uuid=c3d16cf0-8dd7-11dd-b190-00112550a074 hw.physmem=2135662592 hw.usermem=2135646208 -- Patrick Chris Cohen wrote: Patrick Hemmen wrote: I use a Morex CUBID CP2600 [1] with a Morex 60W Power Kit. In Germany for approximately 110 Euro. I installed a 2.5 hard drive and pinched off the noisy case fans. Also I bought a new north bridge fan [2]. It could be still quieter, but it's much better as before. Thanks for your two replies. I've just got one more question. Can you read the temperatures with sysctl? (I'm thinking about a totally fanless design, since this thing would only route (Gbit LAN+DMZ and DSL) and run pf. So temperature monitoring would be nice)
pppd, ip-up script and privileges
Hi, I'm curious about why privileges are revoked before executing ip-{up,down} scripts? ROUTING section of pppd(8) says: +--- pppd(8) | When IPCP negotiation is completed successfully, | pppd will inform the kernel of the local and remote | IP addresses ... to create a host route to the remote | end ... which will enable the peers to exchange IP | packets. Communication with other machines generally | requires further modification to routing tables. In | most cases the defaultroute [is] sufficient for this, | but in some cases further intervention is required. | The /etc/ppp/ip-up script can be used for this. +- However, if ip-up is to change the routing table it will require root privilege. Am I missing something? --patrick
gumstix port: any plans to include the OVERO board?
gumstix support for the PXA270 (ARM based) seems to be included in the current cvs sources.. ...as you know there is a new board from gumstix with the OMAP3503 processor from Texas Instruments any plans to support this board in the near future? i would be glad to test and support (but am no kernel developer yet) thx /pat
Re: pppd, ip-up script and privileges
Stuart Henderson stu at spacehopper.org writes: On 2009-01-04, patrick keshishian sidster at boxsoft.com wrote: Hi, I'm curious about why privileges are revoked before executing ip-{up,down} scripts? ROUTING section of pppd(8) says: +--- pppd(8) | When IPCP negotiation is completed successfully, | pppd will inform the kernel of the local and remote | IP addresses ... to create a host route to the remote | end ... which will enable the peers to exchange IP | packets. Communication with other machines generally | requires further modification to routing tables. In | most cases the defaultroute [is] sufficient for this, | but in some cases further intervention is required. | The /etc/ppp/ip-up script can be used for this. +- However, if ip-up is to change the routing table it will require root privilege. Am I missing something? Looks like a bug to me. The actual behaviour is not what is documented in the SCRIPTS section of the manual The scripts are executed as root (with the real and effective user ID set to 0). Upstream (now hosted at ppp.samba.org) changed this to setuid(0), we haven't synced since then. - (void) chdir (/); /* no current directory. */ - setuid(geteuid()); + (void) chdir (/); /* no current directory. */ + setuid(0); /* set real UID = root */ http://git.ozlabs.org/?p=ppp.git;a=commit;h=a00baab063b349591289cbde22ab40cf80b8f0af We changed to use setresuid() rather than setuid(), but this didn't change behaviour here. I guess many people will run pppd as root so they won't notice the problem (afaict, it only happens if you start as a non-root member of the group network). As discussed (off-line) this was changed in -r1.45 by d...@. Since no one else is chiming in, I'm asking if someone will looking into updating this, or was there a valid reason why it was decided to prevent scripts to run with root privilege in our local copy of pppd? I'm not a heavy pppd user so I can't test this patch thoroughly. But if there are not glaring issues with running the scripts from pppd (ip-up, ip-down, ...) with uid set to 0 I can give it a go. --patrick
Re: pppd, ip-up script and privileges
Stuart Henderson stu at spacehopper.org writes: On 2009-01-07, patrick keshishian pkeshish at gmail.com wrote: http://git.ozlabs.org/?p=ppp.git;a=commit;h=a00baab063b349591289cbde22ab40cf80b8f0af We changed to use setresuid() rather than setuid(), but this didn't change behaviour here. I guess many people will run pppd as root so they won't notice the problem (afaict, it only happens if you start as a non-root member of the group network). As discussed (off-line) this was changed in -r1.45 by d...@. Since no one else is chiming in, I'm asking if someone will looking into updating this, or was there a valid reason why it was decided to prevent scripts to run with root privilege in our local copy of pppd? you misinterpreted this, We changed to use setresuid() rather than setuid(), but this didn't change ^^ behaviour here. ^^ upstream's old code: drop privileges - (void) chdir (/); /* no current directory. */ - setuid(geteuid()); I don't know how to use git, nor am I finding their web-interface very intuitive, but from the link you provided, looking at the diff for main.c, upstream never had setuid(geteuid()) as far as I can see: /* Leave the current location */ - (void) setsid();/* No controlling tty. */ + (void) setsid();/* No controlling tty. */ (void) umask (S_IRWXG|S_IRWXO); - (void) chdir (/); /* no current directory. */ + (void) chdir (/); /* no current directory. */ + setuid(0); /* set real UID = root */ setgid(getegid()); They only added the setuid(0). upstream's new code: setuid(root) (even though it's already running as root..?) Effective uid may be root, assuming they are installing it like OpenBSD is, set-user-ID bit set, but real uid is that of the user who invoked pppd. + (void) chdir (/); /* no current directory. */ + setuid(0); /* set real UID = root */ the setuid() - setresuid() change made in OpenBSD did not affect this. the old version in OpenBSD and upstream both dropped privileges for these scripts. OpenBSD's copy changed this -r1.44 -r1.45 main.c @@ -1195,8 +1203,14 @@ run_program(prog, args, must_exist) (void) setsid();/* No controlling tty. */ (void) umask (S_IRWXG|S_IRWXO); (void) chdir (/); /* no current directory. */ - setuid(geteuid()); - setgid(getegid()); + + /* revoke privs */ + uid = getuid(); + gid = getgid(); + if (setresgid(gid, gid, gid) == -1 || setresuid(uid, uid, uid) == -1) { + syslog(LOG_ERR, revoke privileges: %s, strerror(errno)); + _exit(1); + } setuid(geteuid()) is equivalent to setuid(0) since set-user-ID pppd will have effective uid of 0 (file owner is root). This was changed to setuid(getuid()) which changes the uid to the userid invoking pppd. Which is causing the problem of ip-up not being able to update the routes: insufficient privileges. --patrick
after 4.3 - 4.4 upgrade, fails to boot
Hello to everyone, I have one home firewall/router PC that I use since 3.8 that I upgrade every 6 month. Yesterday I did the 4.3 - 4.4 upgrade using a boot cd. However, it fails to boot when I reboot (after the upgrade, when I boot it for the first time from the hard drive). And by that, I mean that it simply prints this: OpenBSD/i386 BOOT 3.02 boot booting hd0a:/bsd: 6238560+1041588=0x6f1788 entry point at 0x200120 And then nothing else. Forever. It just stays there. Is there any change from 4.3 to 4.4 that could have caused this with my hardware? (a dmesg follows) Could it be that I now need a custom kernel? How could I get more infos about what is wrong with it (I don't know how to get more debugging). I have recovered 4.3 from backups and it works like it used to. Thanks to anyone that can help! OpenBSD 4.3 (GENERIC) #0: Mon Sep 1 01:52:32 EDT 2008 r...@.***.**.net:/usr/src/sys/arch/i386/compile/GENER IC cpu0: Intel Pentium/MMX (GenuineIntel 586-class) 234 MHz cpu0: FPU,V86,DE,PSE,TSC,MSR,MCE,CX8,MMX cpu0: F00F bug workaround installed real mem = 267939840 (255MB) avail mem = 251023360 (239MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 07/15/95, BIOS32 rev. 0 @ 0xfdb80 apm0 at bios0: Power Management spec V1.2 (BIOS management disabled) apm0: APM power management enable: power management disabled (1) apm0: APM engage (device 1): power management disabled (1) apm0: AC on, battery charge unknown pcibios0 at bios0: rev 2.1 @ 0xf/0x1 pcibios0: PCI BIOS has 5 Interrupt Routing table entries pcibios0: PCI Interrupt Router at 000:07:0 (Intel 82371AB PIIX4 ISA rev 0x00) pcibios0: PCI bus #1 is the last bus WARNING: can't reserve area for I/O APIC. bios0: ROM list: 0xc/0x8000 0xc8000/0x2c00 0xcb000/0x1000 0xcc000/0x1000 0xcd000/0x1000 cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 Intel 82439TX System rev 0x01 piixpcib0 at pci0 dev 7 function 0 Intel 82371AB PIIX4 ISA rev 0x01 pciide0 at pci0 dev 7 function 1 Intel 82371AB IDE rev 0x01: DMA, channel 0 wired to compatibility, channel 1 wired to compatibility atapiscsi0 at pciide0 channel 0 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: SCSI0 5/cdrom removable cd0(pciide0:0:0): using PIO mode 4, DMA mode 2 pciide0: channel 1 ignored (disabled) uhci0 at pci0 dev 7 function 2 Intel 82371AB USB rev 0x01: irq 10 piixpm0 at pci0 dev 7 function 3 Intel 82371AB Power rev 0x01: polling iic0 at piixpm0 iic0: addr 0x2d 00=a8 01=c3 02=68 03=30 05=18 06=02 07=59 08=18 09=0b 0a=60 0b=46 0c=a0 0d=d4 0e=80 10=24 11=4c 12=68 13=04 14=33 15=99 16=28 17=40 18=52 19=5c 1a=a4 1b=49 1c=45 1d=a0 1e=cc 1f=92 20=b7 21=3c 22=01 23=80 24=11 26=e2 27=5e 28=23 29=f1 2a=2c 2b=3c 2c=60 2d=2f 2e=a3 2f=b0 30=cc 31=23 32=0b 33=ac 34=76 35=98 36=1c 37=05 38=04 39=10 3a=0a 3b=0a 3c=5e 3d=03 3e=78 3f=82 40=08 46=40 47=57 48=2d 49=40 4b=40 4c=40 4d=40 4e=78 50=08 56=40 57=57 58=2d 59=40 5a=40 5b=40 5c=40 5d=40 5e=40 60=b7 61=3c 62=01 63=80 64=11 66=e2 67=5e 68=23 69=f1 6a=2c 6b=3c 6c=60 6d=2f 6e=a3 6f=b0 70=cc 71=23 72=0b 73=ac 74=76 75=98 76=1c 77=05 78=04 79=10 7a=0a 7b=0a 7c=5e 7d=03 7e=78 7f=82 80=a8 81=c3 82=68 83=30 85=18 86=02 87=59 88=18 89=0b 8a=60 8b=46 8c=a0 8d=d4 8e=80 90=24 91=4c 92=68 93=04 94=33 95=99 96=28 97=40 98=52 99=5c 9a=a4 9b=49 9c=45 9d=a0 9e=cc 9f=92 a0=b7 a1=3c a2=01 a3=80 a4=11 a6=e2 a7=5e a8=23 a9=f1 aa=2c ab=3c ac=60 ad=2f ae=a3 af=b0 b0=cc b1=23 b2=0b b3=ac b4=76 b5=98 b6=1c b7=05 b8=04 b9=10 ba=0a bb=0a bc=5e bd=03 be=78 bf=82 c0=08 c6=40 c7=57 c8=2d c9=40 ca=40 cb=40 cc=40 cd=40 ce=40 d0=08 d6=40 d7=57 d8=2d d9=40 da=40 db=40 dc=40 dd=40 de=40 e0=b7 e1=3c e2=01 e3=80 e4=11 e6=e2 e7=5e e8=23 e9=f1 ea=2c eb=3c ec=60 ed=2f ee=a3 ef=b0 f0=cc f1=23 f2=0b f3=ac f4=76 f5=98 f6=1c f7=05 f8=04 f9=10 fa=0a fb=0a fc=5e fd=03 fe=78 ff=82 words 00=a880 01=c380 02=6880 03=3080 04=0080 05=1880 06=0280 07=5980 08=1880 09=0b80 0a=6080 0b=4680 0c=a080 0d=d480 0e=8080 0f=0080 lmtemp0 at iic0 addr 0x4a: lm75 spdmem0 at iic0 addr 0x50: 256MB SDRAM non-parity PC133CL3 ppb0 at pci0 dev 17 function 0 Intel i960 RP PCI-PCI rev 0x03 pci1 at ppb0 bus 1 ami0 at pci0 dev 17 function 1 Intel 80960RP ATU rev 0x03: irq 11 ami0: AMI 438, 32b, FW GH8E, BIOS v1.48, 64MB RAM ami0: 3 channels, 16 targets, 1 logical drives scsibus1 at ami0: 1 targets sd0 at scsibus1 targ 0 lun 0: SCSI2 0/direct fixed sd0: 17017MB, 2169 cyl, 255 head, 63 sec, 512 bytes/sec, 34850816 sec total fxp0 at pci0 dev 18 function 0 Intel 8255x rev 0x08, i82559: irq 15, address 00:04:ac:d3:04:e6 inphy0 at fxp0 phy 1: i82555 10/100 PHY, rev. 4 fxp1 at pci0 dev 19 function 0 Intel 8255x rev 0x08, i82559: irq 9, address 00:04:ac:a3:fc:ac inphy1 at fxp1 phy 1: i82555 10/100 PHY, rev. 4 fxp2 at pci0 dev 20 function 0 Intel 8255x rev 0x08, i82559: irq 10, address 00:04:ac:e3:f7:b0 inphy2 at fxp2 phy 1: i82555 10/100 PHY, rev. 4 isa0 at piixpcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at
Re: why skip is not shown in pfctl -s rules ?
Le Thu, 20 Oct 2011 15:41:51 +0600, PP;QQ P(P8P?P8QP8P= chipits...@gmail.com a C)crit : Hello, but I do not find skip in pfctl -s rules output: Yes, you can check that the interface is skiped with # pfctl -vs Interfaces -i lo0 lo0 (skip) Regards.
Re: Synaptic Touchpad doesn't work
ahm... so where I left this off was back in mid-September, where Alexandr Shadchin and I exchanged a couple of emails privately on this topic, and I went on building a debug kernel print-ing pms packets, and pms_ioctl_synaptics, pms_{dis,en}able_synaptics and pms_{pric,sync}_synapctics calls to see why the touchpad was remaining in disabled mode. I was hoping for some guidance as to which area to concentrate on, but without any nudges, I soon got distracted with work and didn't return to poking at the code. I have not since update my source on this netbook and the touchpad has remained disabled. Just now, for the first time since this thread, I unintentionally touched the touchpad and my window manager scrolled through the virtual desktops/workspaces and I noticed the massive amounts of logging in /var/log/message. The kernel is the same as back then, so what would make it just behave differently now? The only difference I see going back in the /var/log/message*.gz history is that right after i plugged in my camera in the USB socket to grab some images, pms_sync_synaptics started to appear @ 21:43:16 mark[1]. But I have plugged in this same camera in before, but I have not noticed the touchpad coming alive. Lets see what happens if I detach the camera. The touchpad still seems to work. What happened here? Anyone? Someone smarter than I? --patrick p.s., Yea, I realize it is Halloween and this may be some spooky joke on me. [1] /var/log/message: Oct 31 18:07:33 noir syslogd: start Oct 31 18:07:33 noir /bsd: OpenBSD 5.0-current (SYNAPK) #12: Sat Sep 17 00:55:52 PDT 2011 Oct 31 18:07:33 noir /bsd: sids...@noir.my-domain-name.com:/usr/build/src/sys/arch/amd64/compile/SYNAPK Oct 31 18:07:33 noir /bsd: real mem = 1876754432 (1789MB) Oct 31 18:07:33 noir /bsd: avail mem = 1812758528 (1728MB) Oct 31 18:07:33 noir /bsd: mainbus0 at root Oct 31 18:07:33 noir /bsd: bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xf10d0 (17 entries) Oct 31 18:07:33 noir /bsd: bios0: vendor Phoenix Technologies LTD version v1.3201 date 06/18/2009 Oct 31 18:07:33 noir /bsd: bios0: Gateway LT31 Oct 31 18:07:33 noir /bsd: acpi0 at bios0: rev 2 Oct 31 18:07:33 noir /bsd: acpi0: sleep states S0 S3 S4 S5 Oct 31 18:07:33 noir /bsd: acpi0: tables DSDT FACP APIC MCFG HPET BOOT SLIC Oct 31 18:07:33 noir /bsd: acpi0: wakeup devices PB5_(S5) OHC1(S3) OHC2(S3) EHCI(S3) HDAU(S3) Oct 31 18:07:33 noir /bsd: acpitimer0 at acpi0: 3579545 Hz, 32 bits Oct 31 18:07:33 noir /bsd: acpimadt0 at acpi0 addr 0xfee0: PC-AT compat Oct 31 18:07:33 noir /bsd: cpu0 at mainbus0: apid 0 (boot processor) Oct 31 18:07:33 noir /bsd: cpu0: AMD Athlon(tm) Processor L110, 1197.23 MHz Oct 31 18:07:33 noir /bsd: cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SSE3,CX16,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW Oct 31 18:07:33 noir /bsd: cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 64b/line 16-way L2 cache Oct 31 18:07:33 noir /bsd: cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative Oct 31 18:07:33 noir /bsd: cpu0: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative Oct 31 18:07:33 noir /bsd: cpu0: apic clock running at 199MHz Oct 31 18:07:33 noir /bsd: ioapic0 at mainbus0: apid 1 pa 0xfec0, version 21, 24 pins Oct 31 18:07:33 noir /bsd: acpimcfg0 at acpi0 addr 0xe000, bus 0-8 Oct 31 18:07:33 noir /bsd: acpihpet0 at acpi0: 14318180 Hz Oct 31 18:07:33 noir /bsd: acpiprt0 at acpi0: bus 0 (PCI0) Oct 31 18:07:33 noir /bsd: acpiprt1 at acpi0: bus -1 (PB3_) Oct 31 18:07:33 noir /bsd: acpiprt2 at acpi0: bus -1 (PB4_) Oct 31 18:07:33 noir /bsd: acpiprt3 at acpi0: bus 3 (PB5_) Oct 31 18:07:33 noir /bsd: acpiprt4 at acpi0: bus 4 (PB6_) Oct 31 18:07:33 noir /bsd: acpiprt5 at acpi0: bus -1 (PB7_) Oct 31 18:07:33 noir /bsd: acpiprt6 at acpi0: bus 9 (P2P_) Oct 31 18:07:33 noir /bsd: acpiprt7 at acpi0: bus 1 (AGP_) Oct 31 18:07:33 noir /bsd: acpiec0 at acpi0 Oct 31 18:07:33 noir /bsd: acpicpu0 at acpi0: C3, C2 Oct 31 18:07:33 noir /bsd: acpitz0 at acpi0: critical temperature is 100 degC Oct 31 18:07:33 noir /bsd: acpiac0 at acpi0: AC unit online Oct 31 18:07:33 noir /bsd: acpibat0 at acpi0: BAT1 model UM09B44 serial 210 type LION oem SONY Oct 31 18:07:33 noir /bsd: acpibtn0 at acpi0: LID_ Oct 31 18:07:33 noir /bsd: acpibtn1 at acpi0: SLPB Oct 31 18:07:33 noir /bsd: acpibtn2 at acpi0: PWRB Oct 31 18:07:33 noir /bsd: acpivideo0 at acpi0: VGA_ Oct 31 18:07:33 noir /bsd: acpivout0 at acpivideo0: LCD_ Oct 31 18:07:33 noir /bsd: pci0 at mainbus0 bus 0 Oct 31 18:07:33 noir /bsd: pchb0 at pci0 dev 0 function 0 ATI RS690 Host rev 0x00 Oct 31 18:07:33 noir /bsd: ppb0 at pci0 dev 1 function 0 ATI RS690 PCIE rev 0x00 Oct 31 18:07:33 noir /bsd: pci1 at ppb0 bus 1 Oct 31 18:07:33 noir /bsd: vga1 at pci1 dev 5 function 0 ATI Radeon X1250 IGP rev 0x00 Oct 31 18:07:33 noir /bsd: wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) Oct 31 18:07:33 noir /bsd: wsdisplay0: screen
Re: PF.CONF - with DMZ and packet tagging example
Le Mon, 7 Nov 2011 16:58:29 -0500, Bentley, Dain dbent...@nas.edu a icrit : Hello, block in on $ext from bastards #NAT INBOUND TO DMZ pass in on $ext proto tcp from any to any port $web_services rdr-to $webserver tag INET_TO_DMZ pass in on $ext proto tcp from any to any port $mail_services rdr-to $mailserver tag INET_TO_DMZ Looks not good, missing quick in the block rule? Regards.
Re: Multiple ISPs: send packets to the interface they came from
Le Tue, 08 Nov 2011 15:27:02 -0500, Guillaume Filion g...@logidac.com a icrit : Hi all, Hello, I also tried using pf route-to but that seems to only work with NAT... No it does routing. I use it without nat. So basically my question is how to tell OpenBSD to send packets to the interface they came from? See reply-to Regards.
Re: cd boot panic on 5.0 but not 4.9 or earlier
On Sat, Nov 19, 2011 at 5:44 PM, quartz qua...@sneakertech.com wrote: first off, apologies if this is a known issue. I didn't see anything relevant in the release notes/changes, and nothing came up in a google search. I have an older pentium 3 machine. 450mhz cpu, 100mhz bus, intel sun river 440bx motherboard, 128mb of ram (of which something like 12 are being used for the onboard video). generic seagate 10gb ata drive connected with one ribbon cable, cd drive connected with another. no pci cards or other addons. a couple days ago I tried to install 5.0 release via the install50.iso I downloaded off a mirror. however, the installer doesn't get very far. it completely loads the ram disk, but then it kernel panics instantly with a 'trap type 6'. no messages about found hardware or anything, it prints out the copyright message and the panic message all in one swift motion. I don't even get enough text to scroll the disk prompt off the top of the screen. nothing I do changes this behavior. I have tried the following: - typing boot -c at the boot prompt (still panics) - disabling different combinations of things in the bios - swapping cd drives - swapping ata cables - swapping which ata port the cd was connected to - swapped ram - ran a memtest overnight - verified the checksum on the install50.iso - tried booting from cd50.iso now, the fun part is that this only happens with 5.0, I can boot and install off the 4.9 and 4.5 'install##.iso' cds just fine. I don't have the knowledge or hardware to try and debug this via serial, and I can't try booting off a floppy because I threw out all my floppy drives years ago. I can give a dmesg from 4.9 if people think it might help. dmesg can only help. also, periodically try newer snapshots.
Re: cd boot panic on 5.0 but not 4.9 or earlier
On Mon, Nov 21, 2011 at 10:09 PM, quartz qua...@sneakertech.com wrote: ok, so whatever was wrong has fixed itself sometime between release and 11/16, because both the 11/16 and 11/20 install50 snapshot images boot fine. how safe are those two images? would it be ok to run on a production system or should I wait for the official 5.0 stable branch? those images are far past 5.0. many run snapshots on their daily use computers/laptops/servers. It all depends on what production means to you. If you have to ask that question, you probably should stick to running official releases for a while until you are more comfortable with OBSD. Glad, things resolved for you. --patrick
Re: DNS Google ?
On Tue, Nov 22, 2011 at 9:16 AM, Nick Holland n...@holland-consulting.net wrote: On 11/22/11 10:31, Claer wrote: On Tue, Nov 22 2011 at 13:16, Jan Stary wrote: On Nov 22 08:16:21, Nick Holland wrote: Long term, BIND is done. Long term, unbound will probably be replacing it in OpenBSD. IF you are doing anything beyond a simple resolver, I'd agree completely...take the time to learn unbound/nsd (or djbdns or ...) However, right now, unbound is a package requiring separate install and maintenance. Nick, would you please clarify: nsd(8) is in base, unbound is a package; yet it is unbound who's gonna be the default resolver? What is the status of nsd then? (I am just about to try it on one of my resolvers). NSD is just an autoritative name server that doesn't do cache and does not answer recursive queries. nsd and unbound are complementary. Claer right... BIND lumps these two functions together, with the effect of confusing people, but they are really two separate tasks... BE the authoritative source for DNS information about certain zones (nsd, tinydns, etc.) OR find the correct resolution information by checking with other DNS servers, which ARE authoritative (a resolver, like unbound, dnscache, etc.). Unless I'm misreading you, what you say doesn't make much sense. It has its use-case, fine; when you just need the resolver. e.g., typical home user where s/he doesn't host domains. But at this point you might as well use your ISP's DNS service -- it's not reliable? that's a different issue and not one you and should set out to solve for every one out there. But for a small business where they have their own domain, running an authoritative DNS server, and local users using the intertubes, that service needs to also do the recursive lookups. The setup you suggest is more involved. Two servers: one resolving, and the other dealing w/the authoritative responses. --patrick In the case where you think you want both (i.e., you want resolution of internal names AND external names), it's still easy -- run your authoritative on localhost and your resolver on the external IP, and tell your resolver to consult with your authoritative server for the appropriate subdomains. Really, it works better this way. Nick.
[5.0] pkg_add too many FTP connections
Hello, I'm trying to update packages with pkg_add via ftp : # pkg_add -ui Error from ftp://ftp.irisa.fr/pub/OpenBSD/5.0/packages/amd64/gperf-3.0.4.tgz 421 There are too many connections from your internet address. ftp: Can't connect or login to host `ftp.irisa.fr' Error from ftp://ftp.irisa.fr/pub/OpenBSD/5.0/packages/amd64/gtar-1.26p0.tgz 421 There are too many connections from your internet address. ftp: Can't connect or login to host `ftp.irisa.fr' ... Is there a way to limit the number of FTP connections for pkg_add? Thanks, regards.
Re: [5.0] pkg_add too many FTP connections
Le Wed, 30 Nov 2011 12:35:40 +0100, Marc Espie es...@nerim.net a icrit : Fix your proxy/connection. pkg_add keeps one ftp connection alive, not more, but it does interrupt connections brutally as soon as it has the information it wants. All such problems come from stale ftp connections, there's something flaky in your network setup that means ftp.irisa.fr does not see the severed connections. Thanks Marc, Could it be that this ftp server (irisa) is near from here (1Gbit) and doesn't have the time to see that the connection was dropped? I don't have any problem with other mirror (ex ftp://fr.openbsd.org) Thanks, regards.
Re: network bandwith with em(4)
Le Tue, 22 Feb 2011 18:09:32 +0100, Patrick Lamaiziere patf...@davenulle.org a icrit : (4.8/amd64) I'm using two ethernet cards Intel 1000/PRO quad ports (gigabit) on a firewall (one fiber and one copper). The problem is that we don't get more than ~320 Mbits/s of bandwith beetween the internal networks and internet (gigabit). As far I can see, on load there is a number of Ierr on the interface connected to Internet (between 1% to 5%). -- dmesg (on 4.8): em0 at pci5 dev 0 function 0 Intel PRO/1000 QP (82571EB) rev 0x06: apic 1 int 13 (irq 14), address 00:15:17:ed:98:9d em4 at pci9 dev 0 function 0 Intel PRO/1000 QP (82575GB) rev 0x02: apic 1 int 23 (irq 11), address 00:1b:21:38:e0:80 Hello, This issue (IERR on em) looks to be fixed on 5.0. With 4.8 and 4.9 there were IERR errors with traffic 150 Mbs. With 5.0 there are only few IERR from time to time, even on high load ( 400 Mbits/s, 40K packets/s in, 30K packets/s out) I guess that the fixes on em(4) helps. May be the use of MSI interrupts too because I see a significant improvement on CPU interrupt load (around 60% in load to 50% with 5.0). (the measures are averaged on 5 minutes) That's cool! There are still some PF congestions from time to time but I have to investigate. It happens even when the box is idle but may be there are some burst of traffic. The box has 6 interfaces and I don't believe it can handle 6 Gbits at once. Too finish this too long thread, since february we (an university) are very happy with the reliability of our two PF firewalls, that just works. Thanks a lot, regards.
Re: Postscript printer: is poscript support enough to get it running?
Print languages:HP PCL 5c; HP PCL 6; HP postscript level 3 emulation with automatic language switching source: http://www.shopping.hp.com/product/printer/LaserJet/1/storefronts/CE459A%2523 ABA;HHOJSID=PhcXT2lHNxpKCxk8X1TLbrMJ35K5BT2F5Z5XnzGRDmgZJhKtM9nh!743062901 On Sat, Dec 24, 2011 at 9:38 AM, Hugo Osvaldo Barrera h...@osvaldobarrera.com.ar wrote: Hi, I've been considering buying a printer, and after a bit of homework, I found that postscript is the standard supported method for printing (even though most printers nowdays do all the work on CPU rather than themselves to cut costs). So I looked up a model but I really *don't* understand that much, this is the first time *ever* I'd be buying/using/installing a printer, so what I'd like to know is: Is postscript support in an ethernet/USB printer enough? Or do I need to take some other specification into consideration? If so, which? I don't want to go out and buy a printer, only to find out that I need support for X, for Y software for the platform where I'll use it. As a side note, it's the HP P2055 I've been considering, and supports PS3. Thanks -- Hugo Osvaldo Barrera
[PF] bug in port range.
Hello, happy new year. I think there is a off-by-one error in Packet Filter port ranges, for example with an exclude boundary range : port1 port2 PF or pfctl does not check that port1 = port2 and if port1 port2 the port range is not correct. For example 82 80 is not the same as 80 82 (but should IMO). I've tested with these rules: pass in quick block out quick proto tcp from self to 94.23.254.147 port 82 80 pass out quick Then, port 81 is not filtered out. Thanks, regards.
Re: [PF] bug in port range.
Le Tue, 3 Jan 2012 17:54:18 +0100, Henning Brauer lists-open...@bsws.de a icrit : Hello, * Patrick Lamaiziere patf...@davenulle.org [2012-01-03 17:45]: I think there is a off-by-one error in Packet Filter port ranges, for example with an exclude boundary range : port1 port2 nope. Ports and ranges of ports are specified using these operators: : (range including boundaries) (range excluding boundaries) yes, that is from the manpage, of course. explicitely EXCLUDES the boundaries. now where is that off by one? Please forget the off-by-one, I've found that 82:80 differs from 80:82 :) PF or pfctl does not check that port1 = port2 and if port1 port2 the port range is not correct. pf does what you, the operator, tells it to do. For example 82 80 is not the same as 80 82 (but should IMO). should? why? Well because for me 80:82 is (80, 81, 82) and 82:80 the same items and so the same range. But you are right, the man page is explicit. I should re-read it more often. So what is the meaning for PF of the range 82:80? If this is a non sense, an error from pfctl would be cool. port 82 80 defines a range that can't match, and it doesn't. as in, all is good. when you mean 80 82 you ought to write 80 82 and not 82 80. Sure, but when using service name it's easy to make a mistake. In fact I've found this strange behavior while translating a Cisco acl : permit tcp any any range ftp ftp-data Translated to port ftp:ftp-data, which if I understand well does not mean anything for PF. Thanks, regards.
Re: strange localhost address
On Sat, Jan 21, 2012 at 1:45 AM, Jan Stary h...@stare.cz wrote: On Jan 21 10:42:58, Jan Stary wrote: On Sat, 21 Jan 2012 09:01:35 +0100, Jan Stary h...@stare.cz wrote: On Jan 21 11:40:32, Wesley M. wrote: When i ping localhost it give me : 208.73.210.29 instead of 127.0.0.1 ! Where does it come from ? I don't understand. I use OpenBSD 5.0 with bind patch. Before I burst into howls of derisive laughter: what bind patch? On Jan 21 12:05:00, Wesley M. wrote: see http://www.openbsd.org/errata50.html Ah, sorry. It *seems* that 208.73.210.29 is your public IP, bound to the wifi interface you configured, right? It would help if you also posted your ifconfig. From what I can gather from you OP: - if both rl0 and iw0 are down, 'ping localhost' pings 127.0.0.1 - if iwi0 is up (how? dhcp? show ifconfig, netstat, resolv.conf, ...), 'ping localhost' pings 208.73.210.29 - if rl0 is up (how? dhcp? show ifconfig, netstat, resolv.conf, ...), 'ping localhost' pings 208.73.210.29 Is that what you see? Jan Also, your resolv.conf says just nameserver 192.168.1.1 so /etc/hosts doesn't even get consulted, right? sure it does. --patrick So who is 192.168.1.1 and how does it resolve 'localhost' (under the different network settings)?
Re: should 'make -j8 build' work?
On Tue, Feb 7, 2012 at 10:45 AM, Kenneth R Westerback kwesterb...@rogers.com wrote: On Tue, Feb 07, 2012 at 01:01:42PM -0500, Joe Gidi wrote: I just built a new box with one of AMD's FX-8120 8-core processors and wanted to stress-test it a bit. I installed the Feb 6 amd64 snapshot, checked out a src tree, and had no trouble compiling GENERIC.MP. I tried compiling userland with make -j8 build and the box hung. Before I go further in depth with troubleshooting, I'd just like to know if this should work properly on good hardware. If it's known not to work, I won't waste my (or the lists') time on figuring out why it's hanging. Also, is there a maximum number of make jobs that should work? I used to run 'make -j4 build successfully on my previous 4-core system... Thanks for any feedback, -- Joe Gidi j...@entropicblur.com You cannot buy skill. -- Ross Seyfried Sometimes it works and sometimes not. There are parts of the tree that have races. it is one thing for the build to fail, but the guy said the box hung, which indicates something is amiss.
Re: Does cvsync let ancient patches escape from the attic?
On Thu, Feb 9, 2012 at 4:43 PM, Brett brett.ma...@gmx.com wrote: Hi, Yesterday I updated to current and rebuilt the ports I use. All went well except building mupdf, which stalled at file to patch:: # cd textproc/mupdf/ # make install === Checking files for mupdf-0.9 `/usr/ports/distfiles/mupdf-0.9-source.tar.gz' is up to date. (SHA256) mupdf-0.9-source.tar.gz: OK . === Extracting for mupdf-0.9 === Patching for mupdf-0.9 File to patch: Looking in /usr/ports/textproc/mupdf/patches/ $ ls CVS patch-apps_unix_ximage_c patch-debian_mupdf_pc patch-Makerules patch-debian_mupdf_desktop Somehow patch-apps_unix_ximage_c has gotten in there, even though (according to http://www.openbsd.org/cgi-bin/cvsweb/ports/textproc/mupdf/patches/Attic/ ) it was moved to the attic over 2 years ago. $ cvs status patch-apps_unix_ximage_c see if there is sticky tag there. If so, then do: $ cvs up -dPA --patrick
Re: Does cvsync let ancient patches escape from the attic?
On Thu, Feb 9, 2012 at 6:26 PM, Brett brett.ma...@gmx.com wrote: Somehow patch-apps_unix_ximage_c has gotten in there, even though (according to http://www.openbsd.org/cgi-bin/cvsweb/ports/textproc/mupdf/patches/Attic/ ) it was moved to the attic over 2 years ago. $ cvs status patch-apps_unix_ximage_c see if there is sticky tag there. If so, then do: $ cvs up -dPA --patrick # cvs -d/usr/cvsync status /usr/ports/textproc/mupdf/patches/patch-apps_unix_ximage_c === File: patch-apps_unix_ximage_c Status: Up-to-date Working revision:1.1 Fri Feb 10 00:17:20 2012 Repository revision: 1.1 /usr/cvsync/ports/textproc/mupdf/patches/patch-apps_unix_ximage_c,v Sticky Tag: (none) Sticky Date: (none) Sticky Options: (none) I ran the $ cvs up -dPA command anyway but patch-apps_unix_ximage_c did not return to the attic. The hostname in my cvsync config file is cvsync.allbsd.org if that would make any difference. I would try another cvsync host and see if the issue gets resolved. --patrick
Re: CVS checkout for OPENBSD_5_0 : aborted
On Mon, Feb 13, 2012 at 11:41 PM, Giridhari giridh...@live.com.au wrote: I'm not sure what you mean. Are you suggesting I should read up on how to operate cvs, or is there something specific about CVS and OPenBSD I should be aware of? I'm following the faq. I have updated several times in the past with CVS with no trouble at all. -Original Message- From: Richard Toohey Sent: Tuesday, February 14, 2012 5:15 PM To: Giridhari Cc: misc@openbsd.org Subject: Re: CVS checkout for OPENBSD_5_0 : aborted On 14/02/2012, at 5:01 PM, Giridhari wrote: HELO have tried a cvs checkout of OPENBSD_5_0 several times in the last week or two and have seen cvs abort: cvs checkout: Updating src/games/snake cvs [chckout aborted]: could not chdir to src/games/snake/snake : Not a directory $ ls -F src/games/snake/ did you `make build' without `make obj' first? --patrick
Re: CVS checkout for OPENBSD_5_0 : aborted
On Mon, Feb 13, 2012 at 11:59 PM, Giridhari giridh...@live.com.au wrote: $ ls -F src/games/snake/ did you `make build' without `make obj' first? --patrick I'm not sure why I would do that. CVS doesn't build anything. Can you explain a bit about why you suggest that? Please excuse me if I don't know what you mean. One reason one might use cvs to get the OpenBSD sources is to build the system using these sources. --patrick