Re: com0 at boot prompt input issues
William Graeber wrote: I have just installed OpenBSD 3.9 on a net4511. My root partition is read-only, and I have a tarball unzipped into an mfs partition for /var upon boot. /dev/ttyp00-01 and /dev/ptyp00-01 are symlinked to /var/dev so that they are r/w. At the login prompt over the serial console I am able to log in and access the system with minicom under linux or hyperterminal on windows, however I am not able to input anything before then. Initially when boot is displayed, if I try to input boot -s to enter single user mode b is the only character that actually gets entered. After that they system seems to freeze and not respond to anything else that I send it. What seems odd to me is that if I try to access the same machine with another OpenBSD box with the command cu -l /dev/cua00 -s 9600, I am able to enter the full boot -s and get to single user mode without any problems. I have the lines: console /usr/libexec/getty Pc vt220 on secure tty00 /usr/libexec/getty std.9600 vt220on secure in /etc/ttys, although I don't believe it is far enough in the boot process to matter. I don't understand why cu under OpenBSD would work while minicom or hyperterminal wouldn't under the same circumstances. Isn't the default speed of serial console on the net4511 19200? or have you changed it in the bios? Fred -- OpenBSD on the Zaurus C3200 http://www.crowsons.net/puters/zaurus.php
Re: WiFi PC Card Atheros AR5213 - Association doesn't work, Status: no network
On 9/27/06, Peter Hessler [EMAIL PROTECTED] wrote: Its been pointed out to me that zyd(4) was disabled for release. Not to mention, it currently doesn't work. When the driver is enabled, the above device will attach as zyd(4). :-( : Welcome to the club. The F5D7050 has several variations which can be : either ural, rum or zyd. The manufacturer didn't even have the common : courtesy of changing the model number. : fuck! Now i must search another different hardware Thanks to all, -- ip
Re: com0 at boot prompt input issues
On 2006/09/27 00:29, William Graeber wrote: I don't understand why cu under OpenBSD would work while minicom or hyperterminal wouldn't under the same circumstances. flow control settings, perhaps?
Re: Hacking a mail server
On 9/27/06, Carlos A. Garcia G. [EMAIL PROTECTED] wrote: ;) Sorry ok the problem it is this someone told my boss that the email messages has been readed by someone else this information came from our isp we have a e1 connection its like a t1 connection so with that information they said that the hacker redirect the messages before they get to the mail server and after being read it the massage hit the mail server, so the question that if someone can do that its becose this information. redirecting before it hits the mail server would be probably either at the senders network or at your isp. which *should* be able to defend its network. of course, if the isp is *required* to be comprimised (law enforcement), you would probably want end-to-end encryption. sendmail as well as many pop/imap servers do support ssl/tls. of course, you must trust that your server is not compromised. now what i think its that it is probably that the hacker its inside my local network but if this was the case how it is that my isp now that i have a hacker inside my network getting a copy of the mails, send the mails to his destination ? there are a couple of techniques for (maliciously) rerouting traffic, which aren't exactly on topic (start with googling dns poisoning, and arp poisoning, go from there). ill give more information for the time beign i have just installed the stunnel and activate it for the pop3 and smtp, im thinking in auditing the my mail server and auditing my network, do you know of tools that help to check the information above? look whether your server behaves strangely, e.g. look at the logs, load patterns etc. and look at it from the outside, boot a cdrom or a ramdisk-kernel and check, whether the binaries are those which you expect. sniff your servers traffic. finding whether a box was compromised ist not trivial, especially if you don't find any evidence. if you can afford to do it, better reinstall from scratch and look where you can tighten up the security. --knitti
bandwidth speed between openbsd boxes
Hi all, I bumped on your that emial on the list http://archives.neohapsis.com/archives/openbsd/2005-06/1679.html about testing the bandwidth between obsd obsd , obsd linux and thorugh router linux bsd linux boxes. Im using dell 1425SC boxes witch 1GB em0 nics and my machine with openbsd 3.9 routes packets only with max around 680Mbits/s for one connection using iperf , window from 64k - 256k or up to 800Mbits/s for 2 or more connections using iperf , window 64k-256k , the best results i got with window 128k ,direct connections to openbsd box with one conn from iperf are 40Mbits/s ??!! and a few connection the speed is multiply how many connection you do 2 so speed is 80Mbits/s??!!.These are parameters i have on my obsd box and command i used to test. net.inet.tcp.sendspace=131072 net.inet.tcp.recvspace=131072 not sure that it has any affection on speed net.inet.tcp.sackholelimit=65536 i increased it net.bpf.bufsize=65536 commands i used: linux1 iperf -s -p 1 -w 128k obsd router linux2 iperf -c linux1 -p 1 -w 128k [ for pararell -P 2 ] [EMAIL PROTECTED]:~$ iperf -c 192.168.0.10 -p 1 -w 64k -P 2 Client connecting to 192.168.0.10, TCP port 1 TCP window size: 128 KByte (WARNING: requested 64.0 KByte) [ 3] local 192.168.10.6 port 46006 connected with 192.168.0.10 port 1 [ 4] local 192.168.10.6 port 46007 connected with 192.168.0.10 port 1 [ 3] 0.0-10.0 sec485 MBytes407 Mbits/sec [ 4] 0.0-10.0 sec483 MBytes405 Mbits/sec [SUM] 0.0-10.0 sec968 MBytes812 Mbits/sec [EMAIL PROTECTED]:~$ iperf -c 192.168.0.10 -p 1 -w 64k -P 1 Client connecting to 192.168.0.10, TCP port 1 TCP window size: 128 KByte (WARNING: requested 64.0 KByte) [ 3] local 192.168.10.6 port 46008 connected with 192.168.0.10 port 1 [ 3] 0.0-10.0 sec718 MBytes602 Mbits/sec linux iperf -c obsd -p 1 -w 128k [ for pararell -P 2 ] obsd iperf -s -p 1 -w 128k [EMAIL PROTECTED]:~$ iperf -c 192.168.0.6 -p 1 -w 64k Client connecting to 192.168.0.6, TCP port 1 TCP window size: 128 KByte (WARNING: requested 64.0 KByte) [ 3] local 192.168.0.10 port 48851 connected with 192.168.0.6 port 1 [ 3] 0.0-10.0 sec 46.1 MBytes 38.6 Mbits/sec [EMAIL PROTECTED]:~$ iperf -c 192.168.0.6 -p 1 -w 64k -P 2 Client connecting to 192.168.0.6, TCP port 1 TCP window size: 128 KByte (WARNING: requested 64.0 KByte) [ 4] local 192.168.0.10 port 48853 connected with 192.168.0.6 port 1 [ 3] local 192.168.0.10 port 48852 connected with 192.168.0.6 port 1 [ 4] 0.0-10.0 sec 46.9 MBytes 39.3 Mbits/sec [ 3] 0.0-10.0 sec 42.1 MBytes 35.3 Mbits/sec [SUM] 0.0-10.0 sec 89.0 MBytes 74.5 Mbits/sec [EMAIL PROTECTED]:~$ iperf -c 192.168.0.6 -p 1 -w 64k -P 10 Client connecting to 192.168.0.6, TCP port 1 TCP window size: 128 KByte (WARNING: requested 64.0 KByte) [ 5] local 192.168.0.10 port 52513 connected with 192.168.0.6 port 1 [ 7] local 192.168.0.10 port 52515 connected with 192.168.0.6 port 1 [ 12] local 192.168.0.10 port 52520 connected with 192.168.0.6 port 1 [ 10] local 192.168.0.10 port 52518 connected with 192.168.0.6 port 1 [ 8] local 192.168.0.10 port 52516 connected with 192.168.0.6 port 1 [ 6] local 192.168.0.10 port 52514 connected with 192.168.0.6 port 1 [ 9] local 192.168.0.10 port 52517 connected with 192.168.0.6 port 1 [ 4] local 192.168.0.10 port 52512 connected with 192.168.0.6 port 1 [ 11] local 192.168.0.10 port 52519 connected with 192.168.0.6 port 1 [ 3] local 192.168.0.10 port 52511 connected with 192.168.0.6 port 1 [ 5] 0.0-10.0 sec 42.0 MBytes 35.2 Mbits/sec [ 6] 0.0-10.0 sec 42.0 MBytes 35.2 Mbits/sec [ 4] 0.0-10.0 sec 48.3 MBytes 40.5 Mbits/sec [ 7] 0.0-10.0 sec 42.0 MBytes 35.1 Mbits/sec [ 12] 0.0-10.0 sec 42.0 MBytes 35.1 Mbits/sec [ 10] 0.0-10.0 sec 42.0 MBytes 35.1 Mbits/sec [ 8] 0.0-10.0 sec 42.0 MBytes 35.1 Mbits/sec [ 9] 0.0-10.0 sec 42.0 MBytes 35.1 Mbits/sec [ 11] 0.0-10.0 sec 42.0 MBytes 35.1 Mbits/sec [ 3] 0.0-10.0 sec 42.1 MBytes 35.2 Mbits/sec [SUM] 0.0-10.0 sec426 MBytes357 Mbits/sec linux iperf -s -p 1 -w 128k [ in pararell -P 2] obsd iperf -c -p 1 -w 128k cio$iperf -c 192.168.0.10 -p 1 -w 128k -P 1 Client connecting to
Re: bandwidth speed between openbsd boxes
On Wed, Sep 27, 2006 at 10:12:12AM +0100, jacek wrote: Hi all, I bumped on your that emial on the list http://archives.neohapsis.com/archives/openbsd/2005-06/1679.html about testing the bandwidth between obsd obsd , obsd linux and thorugh router linux bsd linux boxes. Im using dell 1425SC boxes witch 1GB em0 nics and my machine with openbsd 3.9 routes packets only with max around 680Mbits/s for one connection using iperf , window from 64k - 256k or up to 800Mbits/s for 2 or more connections using iperf , window 64k-256k , the best results i got with window 128k ,direct connections to openbsd box with one conn from iperf are 40Mbits/s ??!! and a few connection the speed is multiply how many connection you do 2 so speed is 80Mbits/s??!!.These are parameters i have on my obsd box and command i used to test. net.inet.tcp.sendspace=131072 net.inet.tcp.recvspace=131072 Does not matter on a router. not sure that it has any affection on speed net.inet.tcp.sackholelimit=65536 Does not matter on a router. i increased it net.bpf.bufsize=65536 Does not matter on a router unless you plan to toy around with sniffing tools like snort (but that does not belong on a router anyway). You should have a look at net.inet.ip.ifq.maxlen. Also look at net.inet.ip.ifq.drops if it goes up or not. Tuning the ifq size is black magic because to large queues reduce the performance and may case high delays. Something around 100-300 is enough for a router. Have you enabled pf(4)? I remeber that ipref2 has issues on OpenBSD because of the way they use threads. Not sure if it got fixed. -- :wq Claudio
Re: bandwidth speed between openbsd boxes
You should have a look at net.inet.ip.ifq.maxlen. Also look at net.inet.ip.ifq.drops if it goes up or not. Tuning the ifq size is black magic because to large queues reduce the performance and may case high delays. Something around 100-300 is enough for a router. i give it a try Have you enabled pf(4)? i tried both pf enabled and disabled for direct connection to openbsd, i did not notice any big diffrences. I remeber that ipref2 has issues on OpenBSD because of the way they use threads. Not sure if it got fixed maybe but even if i upload file form linux to obsd box it very slow 10Mb , window is 32k then.( checked by tcpdump ) so which tool would you recommend to test speed between obsd boxes ? -- :wq Claudio thanks for your reply -- Jacek
Re: bandwidth speed between openbsd boxes
that was it , ifq.drop number was high 7 sth, i increased ifx.maxlen to 300, and now im getting 25Mbytes/s ~ 200 Mbitsto obsd box using scp, still seems to be a bit slow 5 times less then ( 1Gb links) but it's better then it was :) . Thanks again for a tip. -- Jacek On 9/27/06, jacek [EMAIL PROTECTED] wrote: You should have a look at net.inet.ip.ifq.maxlen. Also look at net.inet.ip.ifq.drops if it goes up or not. Tuning the ifq size is black magic because to large queues reduce the performance and may case high delays. Something around 100-300 is enough for a router. i give it a try Have you enabled pf(4)? i tried both pf enabled and disabled for direct connection to openbsd, i did not notice any big diffrences. I remeber that ipref2 has issues on OpenBSD because of the way they use threads. Not sure if it got fixed maybe but even if i upload file form linux to obsd box it very slow 10Mb , window is 32k then.( checked by tcpdump ) so which tool would you recommend to test speed between obsd boxes ? -- :wq Claudio thanks for your reply -- Jacek
Re: bandwidth speed between openbsd boxes
jacek wrote: that was it , ifq.drop number was high 7 sth, i increased ifx.maxlen to 300, and now im getting 25Mbytes/s ~ 200 Mbitsto obsd box using scp, still seems to be a bit slow 5 times less then ( 1Gb links) but it's better then it was :) . Thanks again for a tip. Be aware that scp (or rather ssh) is sensitive to latency on high bandwidth links (the SSH2 channels are currently limited to around 64Kbytes, so if you have more than that in-flight then you will hit performance limits). There's some work going on elsewhere on this (hpn-ssh) or you can try using SSH protocol 1 (it doesn't have channels). -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.
Re: bandwidth speed between openbsd boxes
On Wed, Sep 27, 2006 at 12:12:30PM +0100, jacek wrote: snip I remeber that ipref2 has issues on OpenBSD because of the way they use threads. Not sure if it got fixed maybe but even if i upload file form linux to obsd box it very slow 10Mb , window is 32k then.( checked by tcpdump ) so which tool would you recommend to test speed between obsd boxes ? -- Jacek I always use benchmarks/netpipe from ports, which works great for me and doesn't use available 100% CPU as iperf always seems to do. See its man page there you'll find examples on who to create a (nice) graph from its output using gnuplot. Regards, ahb
Re: ath(4) testers needed: AR2413, AR5413, AR5424 and AR5212 11a mode
On Sun, Sep 24, 2006 at 02:58:34PM +0200, Pierre Riteau wrote: On 9/19/06, Reyk Floeter [EMAIL PROTECTED] wrote: hi, i recently enabled support for some newer wireless chipsets from atheros, like the AR2413, AR5413, and AR5424 single chip solutions. please also test it if you have an intel-based mac - the integrated wireless NIC is based on the pci express AR5424 chipset. I just tested it with a snapshot from the 23th, on a 2Ghz Macbook (non Pro). Here is my dmesg : please retry with the attached diff from kettenis. you may see some 11b aps but it doesn't seem to work, yet (the channels are wrong). ath0 at pci2 dev 0 function 0 Atheros AR5424 rev 0x01: irq 11 ar5k_ar5212_nic_wakeup: failed to resume the AR5212 (again) ath0: unable to attach hardware; HAL status 22 reyk Index: ar5212.c === RCS file: /cvs/src/sys/dev/ic/ar5212.c,v retrieving revision 1.33 diff -u -p -r1.33 ar5212.c --- ar5212.c19 Sep 2006 17:49:13 - 1.33 +++ ar5212.c24 Sep 2006 18:22:33 - @@ -304,6 +304,7 @@ ar5k_ar5212_nic_wakeup(struct ath_hal *h * Reset and wakeup the device */ +#if 0 /* ...reset chipset and PCI device */ if (hal-ah_single_chip == AH_FALSE ar5k_ar5212_nic_reset(hal, @@ -311,6 +312,7 @@ ar5k_ar5212_nic_wakeup(struct ath_hal *h AR5K_PRINT(failed to reset the AR5212 + PCI chipset\n); return (AH_FALSE); } +#endif /* ...wakeup */ if (ar5k_ar5212_set_power(hal,
Re: WiFi PC Card Atheros AR5213 - Association doesn't work, Status: no network
By the way, if anyone has spare USB Zydas hardware, it would be nice to get more of it spread around amongst our developers. Mail me back, but do tell me where you are located too... thanks.
Re: building python port with debugging support
On Wed, Sep 27, 2006 at 11:24:22AM +0200, Francois Visconte wrote:
Hello,
Is there standard way to build python2.{3,4} package with debugging
symbols ?
cd /usr/ports/lang/python/2.3 env DEBUG=-g make install
or put DEBUG=-g in /etc/mk.conf re ad mk.conf(5) for more details
--
Mathieu Sauve-Frankel
ipmi delay in 4.0 snapshot
Hello, I noticed that when booting a Sun Fire V20z with a recent 4.0 snapshot, the kernel hangs for about 17 seconds right after ipmi0 at mainbus0. The box boots successfully, and impi seems to be working fine. Not sure if the delay is normal or not; just wanted to report it. This happens with both bsd and bsd.mp kernels. -- David OpenBSD 4.0 (GENERIC.MP) #967: Sat Sep 16 20:38:15 MDT 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 2146480128 (2096172K) avail mem = 1834668032 (1791668K) using 22937 buffers containing 214855680 bytes (209820K) of memory mainbus0 (root) bios0 at mainbus0: SMBIOS rev. 2.31 @ 0xefc10 (44 entries) bios0: Sun Microsystems Sun Fire V20z ipmi0 at mainbus0: version 1.5 interface KCS iobase 0xca2/2 spacing 1 mainbus0: Intel MP Specification (Version 1.4) (SUN SunFire V20z) cpu0 at mainbus0: apid 0 (boot processor) cpu0: AMD Opteron(tm) Processor 248, 2193.17 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36, CFLUSH,MMX,FXSR,SSE,SSE2,SSE3,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 1MB 64b/line 16-way L2 cache cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu0: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu0: apic clock running at 199MHz cpu1 at mainbus0: apid 1 (application processor) cpu1: AMD Opteron(tm) Processor 248, 2192.84 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36, CFLUSH,MMX,FXSR,SSE,SSE2,SSE3,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW cpu1: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 1MB 64b/line 16-way L2 cache cpu1: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu1: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative mpbios: bus 0 is type PCI mpbios: bus 1 is type PCI mpbios: bus 2 is type PCI mpbios: bus 3 is type PCI mpbios: bus 4 is type ISA ioapic0 at mainbus0 apid 2 pa 0xfec0, version 11, 24 pins ioapic1 at mainbus0 apid 3 pa 0xfd00, version 11, 4 pins ioapic2 at mainbus0 apid 4 pa 0xfd001000, version 11, 4 pins pci0 at mainbus0 bus 0: configuration mode 1 ppb0 at pci0 dev 6 function 0 AMD 8111 PCI-PCI rev 0x07 pci1 at ppb0 bus 1 ohci0 at pci1 dev 0 function 0 AMD 8111 USB rev 0x0b: apic 2 int 19 (irq 11), version 1.0, legacy support usb0 at ohci0: USB revision 1.0 uhub0 at usb0 uhub0: AMD OHCI root hub, rev 1.00/1.00, addr 1 uhub0: 3 ports with 3 removable, self powered ohci1 at pci1 dev 0 function 1 AMD 8111 USB rev 0x0b: apic 2 int 19 (irq 11), version 1.0, legacy support usb1 at ohci1: USB revision 1.0 uhub1 at usb1 uhub1: AMD OHCI root hub, rev 1.00/1.00, addr 1 uhub1: 3 ports with 3 removable, self powered vga1 at pci1 dev 5 function 0 Trident Blade 3D rev 0x3a wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) pcib0 at pci0 dev 7 function 0 AMD AMD8111 LPC rev 0x05 pciide0 at pci0 dev 7 function 1 AMD 8111 IDE rev 0x03: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility pciide0: channel 0 disabled (no drives) atapiscsi0 at pciide0 channel 1 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: TEAC, CD-224E, 1.9A SCSI0 5/cdrom removable cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2 amdpm0 at pci0 dev 7 function 3 AMD 8111 Power rev 0x05: rng active iic0 at amdpm0: disabled to avoid ipmi0 interactions ppb1 at pci0 dev 10 function 0 AMD 8131 PCIX rev 0x12 pci2 at ppb1 bus 2 bge0 at pci2 dev 2 function 0 Broadcom BCM5704C rev 0x03, BCM5704 A3 (0x2003): apic 3 int 1 (irq 5), address 00:09:3d:13:32:8b brgphy0 at bge0 phy 1: BCM5704 10/100/1000baseT PHY, rev. 0 bge1 at pci2 dev 2 function 1 Broadcom BCM5704C rev 0x03, BCM5704 A3 (0x2003): apic 3 int 2 (irq 3), address 00:09:3d:13:32:8c brgphy1 at bge1 phy 1: BCM5704 10/100/1000baseT PHY, rev. 0 mpi0 at pci2 dev 4 function 0 Symbios Logic 53c1030 rev 0x08: apic 3 int 3 (irq 11) scsibus1 at mpi0: 16 targets sd0 at scsibus1 targ 0 lun 0: SEAGATE, ST373207LC, 0002 SCSI3 0/direct fixed sd0: 70007MB, 90774 cyl, 2 head, 789 sec, 512 bytes/sec, 143374744 sec total sd1 at scsibus1 targ 1 lun 0: FUJITSU, MAT3073NC, 0104 SCSI3 0/direct fixed sd1: 70136MB, 78753 cyl, 2 head, 911 sec, 512 bytes/sec, 143638992 sec total mpi0: target 0 Sync at 160MHz width 16bit offset 63 QAS 1 DT 1 IU 1 mpi0: target 1 Sync at 160MHz width 16bit offset 127 QAS 1 DT 1 IU 1 aapic0 at pci0 dev 10 function 1 AMD 8131 PCIX IOAPIC rev 0x01 ppb2 at pci0 dev 11 function 0 AMD 8131 PCIX rev 0x12 pci3 at ppb2 bus 3 aapic1 at pci0 dev 11 function 1 AMD 8131 PCIX IOAPIC rev 0x01 pchb0 at pci0 dev 24 function 0 AMD AMD64 HyperTransport rev 0x00 pchb1 at pci0 dev 24 function 1 AMD AMD64 Address Map rev 0x00 pchb2 at pci0 dev 24 function 2 AMD AMD64 DRAM Cfg rev 0x00 pchb3 at pci0 dev 24 function 3 AMD AMD64 Misc Cfg rev 0x00 pchb4 at pci0 dev 25 function 0 AMD AMD64
Re: ipmi delay in 4.0 snapshot
Delay is normal. The communication with the BMC is quite slow and during the first boot it goes out and talks to all devices so it'll incur maximum penalty time wise. Subsequent reads and writes to the BMC are faster. Since this only happens upon boot I don't think it is that important. I did think about deferring the initial reads until later but then you could end up with an incomplete sensor list and/or invalid readings. On Wed, Sep 27, 2006 at 11:52:27AM -0500, [EMAIL PROTECTED] wrote: Hello, I noticed that when booting a Sun Fire V20z with a recent 4.0 snapshot, the kernel hangs for about 17 seconds right after ipmi0 at mainbus0. The box boots successfully, and impi seems to be working fine. Not sure if the delay is normal or not; just wanted to report it. This happens with both bsd and bsd.mp kernels. -- David OpenBSD 4.0 (GENERIC.MP) #967: Sat Sep 16 20:38:15 MDT 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 2146480128 (2096172K) avail mem = 1834668032 (1791668K) using 22937 buffers containing 214855680 bytes (209820K) of memory mainbus0 (root) bios0 at mainbus0: SMBIOS rev. 2.31 @ 0xefc10 (44 entries) bios0: Sun Microsystems Sun Fire V20z ipmi0 at mainbus0: version 1.5 interface KCS iobase 0xca2/2 spacing 1 mainbus0: Intel MP Specification (Version 1.4) (SUN SunFire V20z) cpu0 at mainbus0: apid 0 (boot processor) cpu0: AMD Opteron(tm) Processor 248, 2193.17 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36, CFLUSH,MMX,FXSR,SSE,SSE2,SSE3,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 1MB 64b/line 16-way L2 cache cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu0: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu0: apic clock running at 199MHz cpu1 at mainbus0: apid 1 (application processor) cpu1: AMD Opteron(tm) Processor 248, 2192.84 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36, CFLUSH,MMX,FXSR,SSE,SSE2,SSE3,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW cpu1: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 1MB 64b/line 16-way L2 cache cpu1: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu1: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative mpbios: bus 0 is type PCI mpbios: bus 1 is type PCI mpbios: bus 2 is type PCI mpbios: bus 3 is type PCI mpbios: bus 4 is type ISA ioapic0 at mainbus0 apid 2 pa 0xfec0, version 11, 24 pins ioapic1 at mainbus0 apid 3 pa 0xfd00, version 11, 4 pins ioapic2 at mainbus0 apid 4 pa 0xfd001000, version 11, 4 pins pci0 at mainbus0 bus 0: configuration mode 1 ppb0 at pci0 dev 6 function 0 AMD 8111 PCI-PCI rev 0x07 pci1 at ppb0 bus 1 ohci0 at pci1 dev 0 function 0 AMD 8111 USB rev 0x0b: apic 2 int 19 (irq 11), version 1.0, legacy support usb0 at ohci0: USB revision 1.0 uhub0 at usb0 uhub0: AMD OHCI root hub, rev 1.00/1.00, addr 1 uhub0: 3 ports with 3 removable, self powered ohci1 at pci1 dev 0 function 1 AMD 8111 USB rev 0x0b: apic 2 int 19 (irq 11), version 1.0, legacy support usb1 at ohci1: USB revision 1.0 uhub1 at usb1 uhub1: AMD OHCI root hub, rev 1.00/1.00, addr 1 uhub1: 3 ports with 3 removable, self powered vga1 at pci1 dev 5 function 0 Trident Blade 3D rev 0x3a wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) pcib0 at pci0 dev 7 function 0 AMD AMD8111 LPC rev 0x05 pciide0 at pci0 dev 7 function 1 AMD 8111 IDE rev 0x03: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility pciide0: channel 0 disabled (no drives) atapiscsi0 at pciide0 channel 1 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: TEAC, CD-224E, 1.9A SCSI0 5/cdrom removable cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2 amdpm0 at pci0 dev 7 function 3 AMD 8111 Power rev 0x05: rng active iic0 at amdpm0: disabled to avoid ipmi0 interactions ppb1 at pci0 dev 10 function 0 AMD 8131 PCIX rev 0x12 pci2 at ppb1 bus 2 bge0 at pci2 dev 2 function 0 Broadcom BCM5704C rev 0x03, BCM5704 A3 (0x2003): apic 3 int 1 (irq 5), address 00:09:3d:13:32:8b brgphy0 at bge0 phy 1: BCM5704 10/100/1000baseT PHY, rev. 0 bge1 at pci2 dev 2 function 1 Broadcom BCM5704C rev 0x03, BCM5704 A3 (0x2003): apic 3 int 2 (irq 3), address 00:09:3d:13:32:8c brgphy1 at bge1 phy 1: BCM5704 10/100/1000baseT PHY, rev. 0 mpi0 at pci2 dev 4 function 0 Symbios Logic 53c1030 rev 0x08: apic 3 int 3 (irq 11) scsibus1 at mpi0: 16 targets sd0 at scsibus1 targ 0 lun 0: SEAGATE, ST373207LC, 0002 SCSI3 0/direct fixed sd0: 70007MB, 90774 cyl, 2 head, 789 sec, 512 bytes/sec, 143374744 sec total sd1 at scsibus1 targ 1 lun 0: FUJITSU, MAT3073NC, 0104 SCSI3 0/direct fixed sd1: 70136MB, 78753 cyl, 2 head, 911 sec, 512 bytes/sec, 143638992 sec total mpi0: target 0 Sync at
sonicwall pro 200: can it be assimilated?
i've got an older model sonicwall firewall (pro 200) and am wondering if i can get openbsd onto it. the processor is listed as 233 MHz StrongARM 233 RISC, but is not listed on the supported machines for the armish platform. feel free to suggest other OSes (offlist, plz!) that will run on this hardware if openbsd won't make it go. cheers, jake
Spamassassin install from ports fail.
Hi all! I am trying to install Spamassaassin from the ports tree on an OpenBSD 3.9 system. I have removed /usr/ports an downloaded a fresh copy starting from scratch. I did one prior run with make which of course gave the same result. I get the fallowing: *Error in package*: # cd /usr/ports/mail/p5-Mail-SpamAssassin/ # make === p5-Mail-SpamAssassin-3.1.0p0 depends on: p5-IO-Socket-SSL-* - not found === Verifying install for p5-IO-Socket-SSL-* in security/p5-IO-Socket-SSL === Checking files for p5-IO-Socket-SSL-0.97 `/usr/ports/distfiles/IO-Socket-SSL-0.97.tar.gz' is up to date. Checksum OK for IO-Socket-SSL-0.97.tar.gz. (sha1) === p5-IO-Socket-SSL-0.97 depends on: p5-Net-SSLeay-=1.21 - not found === Verifying install for p5-Net-SSLeay-=1.21 in security/p5-Net_SSLeay === Building package for p5-Net-SSLeay-1.25p0 *Error in package*: /usr/ports/security/p5-Net_SSLeay/w-p5-Net-SSLeay-1.25p0/fake-i386//usr/local/man/man3p/Net::SSLeay::Handle.3p does not exist === Cleaning for p5-Net-SSLeay-1.25p0 rm -f /usr/ports/packages/i386/all/p5-Net-SSLeay-1.25p0.tgz *** Error code 1 Stop in /usr/ports/security/p5-Net_SSLeay (line 2075 of /usr/ports/infrastructure/mk/bsd.port.mk).*** Error code 1 Stop in /usr/ports/security/p5-Net_SSLeay (line 1308 of /usr/ports/infrastructure/mk/bsd.port.mk).*** Error code 1 Stop in /usr/ports/security/p5-IO-Socket-SSL (line 1422 of /usr/ports/infrastructure/mk/bsd.port.mk). *** Error code 1 Stop in /usr/ports/security/p5-IO-Socket-SSL (line 1750 of /usr/ports/infrastructure/mk/bsd.port.mk).*** Error code 1 Stop in /usr/ports/mail/p5-Mail-SpamAssassin (line 1422 of /usr/ports/infrastructure/mk/bsd.port.mk). # ls /usr/ports/security/p5-Net_SSLeay/w-p5-Net-SSLeay-1.25p0/fake-i386//usr/local/man/man3p Net::SSLeay.3p There is no Net::SSLeay::Handle.3p in that directory as written by the error message. Just Net::SSLeay.3p. Any clue? /Hasse -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Re: Spamassassin install from ports fail.
On Wed, 27 Sep 2006, Hans Almqvist wrote: Hi all! I am trying to install Spamassaassin from the ports tree on an OpenBSD 3.9 system. I have removed /usr/ports an downloaded a fresh copy starting from scratch. I did one prior run with make which of course gave the same result. I get the fallowing: *Error in package*: # cd /usr/ports/mail/p5-Mail-SpamAssassin/ # make === p5-Mail-SpamAssassin-3.1.0p0 depends on: p5-IO-Socket-SSL-* - not found === Verifying install for p5-IO-Socket-SSL-* in security/p5-IO-Socket-SSL === Checking files for p5-IO-Socket-SSL-0.97 `/usr/ports/distfiles/IO-Socket-SSL-0.97.tar.gz' is up to date. Checksum OK for IO-Socket-SSL-0.97.tar.gz. (sha1) === p5-IO-Socket-SSL-0.97 depends on: p5-Net-SSLeay-=1.21 - not found === Verifying install for p5-Net-SSLeay-=1.21 in security/p5-Net_SSLeay === Building package for p5-Net-SSLeay-1.25p0 *Error in package*: does not exist === Cleaning for p5-Net-SSLeay-1.25p0 rm -f /usr/ports/packages/i386/all/p5-Net-SSLeay-1.25p0.tgz *** Error code 1 Hmmm. Works for me. Just rebuilt the p5-Net-SSLeay-1.25p0 package from source. My source: MD5 (/usr/ports/distfiles/Net_SSLeay.pm-1.25.tar.gz) = 87de8a06802fbb63c7c85e89eedbe139 Try again. Could you have run out of disk space or had some other sort of transient error? Dave
Re: bgpd best external route
Sounds like the behavior you are looking for is route reflection. Eric Tom Beard wrote: Henning Brauer wrote: i honestly don't understand your problem ;( I get told that a lot ;) Our two border routers (I'll call them B1 B2) both have full views made up of various transit peering connections. They have iBGP peerings with each other and also with both of the access routers (I'll call them A1 A2). Under normal circumstances the access routers see ~180,000 prefixes from B1 and ~12,000 prefixes from B2. If for some reason B1 loses external connectivity, there is about a 2 minute time frame where A1 A2 only have partial connectivity as B2 loses the routes from B1 and then starts advertising more of it's own external routes. JunOS has an option that allow you to tell B1 B2 to advertise a full table of routes to all iBGP peers so in the example of B2, it might have selected routes via B1 as active, however it will still advertise a full table of it's own best external routes. This means that should B1 lose connectivity, A1 and A2 already have a full route view from B2 and don't need to wait to it to re-converge. I'm not convinced that made much more sense. Perhaps I'm making the whole issue overly complicated? Tom
Re: Spamassassin install from ports fail.
Woodchuck skrev: On Wed, 27 Sep 2006, Hans Almqvist wrote: Hi all! I am trying to install Spamassaassin from the ports tree on an OpenBSD 3.9 system. I have removed /usr/ports an downloaded a fresh copy starting from scratch. I did one prior run with make which of course gave the same result. I get the fallowing: *Error in package*: # cd /usr/ports/mail/p5-Mail-SpamAssassin/ # make === p5-Mail-SpamAssassin-3.1.0p0 depends on: p5-IO-Socket-SSL-* - not found === Verifying install for p5-IO-Socket-SSL-* in security/p5-IO-Socket-SSL === Checking files for p5-IO-Socket-SSL-0.97 `/usr/ports/distfiles/IO-Socket-SSL-0.97.tar.gz' is up to date. Checksum OK for IO-Socket-SSL-0.97.tar.gz. (sha1) === p5-IO-Socket-SSL-0.97 depends on: p5-Net-SSLeay-=1.21 - not found === Verifying install for p5-Net-SSLeay-=1.21 in security/p5-Net_SSLeay === Building package for p5-Net-SSLeay-1.25p0 *Error in package*: does not exist === Cleaning for p5-Net-SSLeay-1.25p0 rm -f /usr/ports/packages/i386/all/p5-Net-SSLeay-1.25p0.tgz *** Error code 1 Hmmm. Works for me. Just rebuilt the p5-Net-SSLeay-1.25p0 package from source. My source: MD5 (/usr/ports/distfiles/Net_SSLeay.pm-1.25.tar.gz) = 87de8a06802fbb63c7c85e89eedbe139 Try again. Could you have run out of disk space or had some other sort of transient error? Dave Ok. I fetched p5-Net-SSLeay-1.25p0.tgz and did a pkg_add. After that the install proceeded. Thanks Dave. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Re: Transparent bridge rdr SSH traffic
yes i tried, but it doesn't work, you need an ip adress on sis0 Thomas On Wed, 2006-09-27 at 22:23 +0200, Johan wrote: Hi, We are trying to put an OpenBSD server (3.9 with all patches) between an ADSL modem and a commercial firewall. Using transparent bridge and PF, is it possible to redirect all SSH traffic arriving at sis0 to 127.0.0.1 on the OpenBSD server and pass all other traffic the the existing firewall? We still want the existing firewall to get the (only) public ip via dhcp from the ADSL modem. Must the bridge (sis1 or sis0) have a public ip for this to work? We have been trying google/groups and alot of different setups in pf.conf wihtout any luck. Is this setup possible at all? Any help, hints or suggestions would be much appreciated! Regards Johan Linnir DHCP ExtInt | ADSL |- -| Firewall | | | -|---|- |sis0| |sis1|bridge0 -|---|- | | --- | OpenBSD | | sshd | |127.0.0.1| ---
Re: Hacking a mail server
On 9/26/06, Carlos A. Garcia G. [EMAIL PROTECTED] wrote: ;) Sorry ok the problem it is this someone told my boss that the email messages has been readed by someone else this information came from our isp we have a e1 connection its like a t1 connection so with that information they said that the hacker redirect the messages before they get to the mail server and after being read it the massage hit the mail server, so the question that if someone can do that its becose this information. hey don't blame the hackers when the ISP misroutes thousands of supernets on accident! hackers have feelings too-
Re: Transparent bridge rdr SSH traffic
On Sep 27, 2006, at 4:23 PM, Johan wrote: Hi, We are trying to put an OpenBSD server (3.9 with all patches) between an ADSL modem and a commercial firewall. Using transparent bridge and PF, is it possible to redirect all SSH traffic arriving at sis0 to 127.0.0.1 on the OpenBSD server and pass all other traffic the the existing firewall? We still want the existing firewall to get the (only) public ip via dhcp from the ADSL modem. Must the bridge (sis1 or sis0) have a public ip for this to work? We have been trying google/groups and alot of different setups in pf.conf wihtout any luck. Is this setup possible at all? Any help, hints or suggestions would be much appreciated! Think about it. How would sshd communicate with you without an IP address? Seems to defy the laws of TCP/IP. -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net
Re: Transparent bridge rdr SSH traffic
How about adding a third nic to both the openbsd and firewall, give them their own private network addresses, then redirect the ssh traffic from firewall to openbsd over this new network forgive my poor attempts at modifying your drawing ;-) -- John Brooks [EMAIL PROTECTED] ... Any help, hints or suggestions would be much appreciated! Regards Johan Linnir DHCP ExtInt | ADSL |-- | Firewall | | | -|---|- | 10.1.1.1 |sis0| |sis1|bridge0| -|---|- | | || --- | | OpenBSD | 10.1.1.2 | | sshd |--- | | fxp0 ---
hardware crypto accelerator that works with openbsd 4.0
I am considernig deploying either an ipsec or openvpn box using the upcming openbsd 4.0 for my company. Since there are large number of users I am looking at some hardware crypto accelerators that will work with openbsd 4.0. when I search archives I did not find a lot of info on what cards are supported, othre than some old hifn-based cards that are no longer available in market or cards like soekris vpn1401 that are only partialy supported (no AES with SHA2). Are there any decent new hardware crypto cards that are fully supported? Are there any new hardware crypto cards that openbsd developers want users to donate? pardon my english - j Concerned about your privacy? Instantly send FREE secure email, no account required http://www.hushmail.com/send?l=480 Get the best prices on SSL certificates from Hushmail https://www.hushssl.com?l=485
rndc/named automatic key generation
Following OpenBSD's automatic generation of ssh and isakmp keys, prehaps the following would be a worthwhile addition to /etc/rc to generate a key/config for rndc/named. == if [ ! -f /etc/rndc.conf ]; then echo -n rndc-confgen: generating new RNDC key... if /usr/sbin/rndc-confgen | tee /etc/rndc.conf \ | grep '^# [^SEU]' /var/named/etc/named.conf; then chown root:named /etc/rndc.conf /var/named/etc/ rndc.conf chmod 640 /etc/rndc.conf /var/named/etc/rndc.conf echo done. else echo failed. fi fi == Notes: 1. I stopped short of piping through a sed '/^#//' so that it still remains disabled by default. 2. I guess there is a better way than the late chown/chmod calls, but I guess it's ok, since we are still pre-login during rc. /Pete
Re: Transparent bridge rdr SSH traffic
On 9/27/06, Jason Dixon [EMAIL PROTECTED] wrote: Think about it. How would sshd communicate with you without an IP address? Seems to defy the laws of TCP/IP. I'd concede that its more akin to bending than defying laws (RFCs). with enough will and some legwork you might be able to get further with renumbering lo(4) and using rdr. it would be a fun feature to run a ethernet interface in half bridge mode, but in the meantime just get a third interface outside of the bridge group.
Re: rndc/named automatic key generation
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Following OpenBSD's automatic generation of ssh and isakmp keys, prehaps the following would be a worthwhile addition to /etc/rc to generate a key/config for rndc/named. /etc/rc already handles that during named startup. DS
PF optimization
Just in case you haven't seen it yet. http://www.undeadly.org/cgi?action=articlesid=20060927091645 Daniel Hartmei posted a great article at undeadly.org and announce more to come! I very much enjoy the reading a LOTS! Try all the example he showed as well just to see how good or bad my various configuration were and I have to say that I am looking forward to the release of the next few articles! I sure hope that Daniel get to publish his book one day as between his writing, example, etc and the reprint of The OpenBSD PF Packet Filter Book, there is a big difference. Not to but the just release book down, it's not the same at all, but Not the same class either. Go read it, it's worth the time!!! I sure wish you get the publish the book one day and if not, then put me down on buying the complete PDF version if that's all is possible! I will print it myself and then bind it to put on my self! Very nicely done! Best and thanks Daniel for the great work! Daniel
pf/spamd issue: single ip drowns in big blacklist blocks - Or, how to create a fastlane for whitelisted hosts?
Hello, I've been looking att the default redirection rule (from spamd(8)) for greylisting with spamd and pf. It looks like this: table spamd persist table spamd-white persist rdr pass inet proto tcp from spamd to any port smtp - 127.0.0.1 port spamd rdr pass inet proto tcp from !spamd-white to any port smtp - 127.0.0.1 port spamd How I interpret this: 1) If sending host is listed in table spamd, forward to connection to spamd-daemon for wasting time 2) If sending host was NOT in table spamd, AND was NOT in table spamd-white, forward connection to spamd-daemon for greylisting 3) If none of the above was true, proceed as later rules state. What I see as the problem here, is that the blacklisting occurs before the whitelisting. So that, when a large block such as 31.32.33.0/24 is in spamd and I wish to whitelist 31.32.33.188, that whitelist entry will have no effect. I'm I on the right track here or have it misunderstood it? Seems like a so obvoius issue so that I'd be very surprised if the sharp-minded OpenBSD crew didn't think about that. I tried to remedy this issue by inserting a fastlane rule in front of the two default rules, like: rdr pass on $ext_if proto tcp from spamd-white to any port smtp - 111.112.113.114 port smtp rdr pass inet proto tcp from spamd to any port smtp - 127.0.0.1 port spamd rdr pass inet proto tcp from !spamd-white to any port smtp - 127.0.0.1 port spamd With this setup, whitelisted hosts would also never need to wait 'passtime' before beeing allowed to connect to the mailhost. 111.112.113.114 beeing the mailhost in this example. This didn't work out as expected. No connections would reach the mailserver after this, no idea why though... What's your opinion on this? What's the best way to acheive a fast lane and how to rescue a single mailsender that has drowned in a big block of blacklists? Best regards Rickard Borgmdster
Re: pf/spamd issue: single ip drowns in big blacklist blocks - Or, how to create a fastlane for whitelisted hosts?
On Sep 27, 2006, at 6:10 PM, Rickard Borgmdster wrote: What I see as the problem here, is that the blacklisting occurs before the whitelisting. So that, when a large block such as 31.32.33.0/24 is in spamd and I wish to whitelist 31.32.33.188, that whitelist entry will have no effect. This is solved in spamd, not pf. Have a look at spamd.conf (5) In short, you specify whitelists to be applied in conjunction with certain blacklists. Steve
Re: bgpd best external route
I'm not sure though... doesn't he want what the external peers sent to his border routers, not just what the border routers decided were the best routes? Dan Farrell Applied Innovations [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Eric Stockwell Sent: Wednesday, September 27, 2006 4:19 PM To: Tom Beard Cc: misc@openbsd.org Subject: Re: bgpd best external route Sounds like the behavior you are looking for is route reflection. Eric Tom Beard wrote: Henning Brauer wrote: i honestly don't understand your problem ;( I get told that a lot ;) Our two border routers (I'll call them B1 B2) both have full views made up of various transit peering connections. They have iBGP peerings with each other and also with both of the access routers (I'll call them A1 A2). Under normal circumstances the access routers see ~180,000 prefixes from B1 and ~12,000 prefixes from B2. If for some reason B1 loses external connectivity, there is about a 2 minute time frame where A1 A2 only have partial connectivity as B2 loses the routes from B1 and then starts advertising more of it's own external routes. JunOS has an option that allow you to tell B1 B2 to advertise a full table of routes to all iBGP peers so in the example of B2, it might have selected routes via B1 as active, however it will still advertise a full table of it's own best external routes. This means that should B1 lose connectivity, A1 and A2 already have a full route view from B2 and don't need to wait to it to re-converge. I'm not convinced that made much more sense. Perhaps I'm making the whole issue overly complicated? Tom
