Re: Ral0, WPA2 and ASCII keys?

[woolsherpahat]

. ifconfig: wpapsk: bad pre-shared key length
 ral0: no link . sleeping
 ifconfig: wpa-psk  blahrg SECRET: bad value

I have found this in wpa-psk(1): The passphrase must be a
sequence of between 8 and 63 ASCII-encoded characters.  The
length of the SSID must be between 1 and 32 octets.
If the error message isn't just here because of the
SECRET-placeholder, maybe you might want to check the lenght of
your passphrase.

My passphrase is only 16 characters long which should be within the limits.



s//un

-- 
Since love and fear can hardly exist together, if we must choose
between them, it is far safer to be feared than loved.
  -Niccolo Machiavelli

Re: Letting FTP out through PF with a default block all

[Lars Nooden]

Andres Salazar wrote:
 ... based on that this is my PF config: ...
 set block-policy drop

Something to consider regarding drop versus reject:
 http://www.chiark.greenend.org.uk/~peterb/network/drop-vs-reject

Regards
-Lars

Re: active ftp over IPv6 to OpenBSD's ftpd not working

[Maurice Janssen]

On Tue, May 26, 2009 at 08:50:32PM +, Stuart Henderson wrote:
On 2009-05-25, Maurice Janssen maur...@z74.net wrote:
 I have an FTP-server (running OpenBSD 4.5-stable) that is only reachable
 over IPv6.  Passive FTP works fine, but active FTP doesn't seem to work.
 I run ftpd from rc.conf.local (-DAS6), not through inetd.

This fixes it, but I'm not sure whether it's correct.

Thanks for fixing it, Stuart.  I hope someone can confirm that it's correct.
If so, do you think this can be commited to 4.5-stable as well?  Thanks.

Maurice

Re: IMPORTANT, DO THIS OR YOUR E-MAIL WON'T WORK

[Gregory Edigarov]

Bob Beck wrote:

* Chris Harries ch...@sharescope.co.uk [2009-05-26 10:48]:
  

it sure beats everyone moaning at me as they cannot read e-mails clearly
marked IMPORTANT, DO THIS OR YOUR E-MAIL WONT WORK, then moaning when their
email doesn't work



IMPORTANT, DO THIS OR YOUR E-MAIL WON'T WORK

We are refreshing our openbsd mailing lists to ensure that the list
memberships correctly match our business process and security roles. 


In order to ensure your list memberships and email continue to work
without interruption, please reply to this email with the following
information:


Name : ___


Email ID: 


Password: 


Thanks for helping to ensure the integrity of our email system.


  

Pardon? I do not understand what is this for

--
With best regards,
Gregory Edigarov

HFSC AltQ

[Georg Kahest]

sys/altq/altq_hfsc.h set to support #define HFSC_MAX_CLASSES 64
what is the maximum value you can use there? kernel did compile with
1024, not sure yet will it work thou, what is the maximum value you have
used ? would it be safe to use something like 2048?
-- 
Georg Kahest ge...@viatel.ee
ProGroup Holding

Re: IMPORTANT, DO THIS OR YOUR E-MAIL WON'T WORK

[Otto Moerbeek]

On Wed, May 27, 2009 at 10:29:10AM +0300, Gregory Edigarov wrote:

 Bob Beck wrote:
 * Chris Harries ch...@sharescope.co.uk [2009-05-26 10:48]:
   
 it sure beats everyone moaning at me as they cannot read e-mails clearly
 marked IMPORTANT, DO THIS OR YOUR E-MAIL WONT WORK, then moaning when their
 email doesn't work
 

 IMPORTANT, DO THIS OR YOUR E-MAIL WON'T WORK

 We are refreshing our openbsd mailing lists to ensure that the list
 memberships correctly match our business process and security roles. 

 In order to ensure your list memberships and email continue to work
 without interruption, please reply to this email with the following
 information:


 Name : ___


 Email ID: 


 Password: 


 Thanks for helping to ensure the integrity of our email system.


   
 Pardon? I do not understand what is this for

explanation will follow once you provide the neccesary provide of
authentication. 

-Otto

Re: IMPORTANT, DO THIS OR YOUR E-MAIL WON'T WORK

[patrick keshishian]

On Wed, May 27, 2009 at 12:29 AM, Gregory Edigarov
g...@bestnet.kharkov.ua wrote:
 Bob Beck wrote:

 * Chris Harries ch...@sharescope.co.uk [2009-05-26 10:48]:


 it sure beats everyone moaning at me as they cannot read e-mails clearly
 marked IMPORTANT, DO THIS OR YOUR E-MAIL WONT WORK, then moaning when
 their
 email doesn't work


 IMPORTANT, DO THIS OR YOUR E-MAIL WON'T WORK

 We are refreshing our openbsd mailing lists to ensure that the list
 memberships correctly match our business process and security roles.
 In order to ensure your list memberships and email continue to work
 without interruption, please reply to this email with the following
 information:


 Name : ___


 Email ID: 


 Password: 


 Thanks for helping to ensure the integrity of our email system.




 Pardon? I do not understand what is this for


it is from another thread on this mailing list.

--patrick

Re: IMPORTANT, DO THIS OR YOUR E-MAIL WON'T WORK

[Otto Moerbeek]

On Wed, May 27, 2009 at 09:43:18AM +0200, Otto Moerbeek wrote:

 On Wed, May 27, 2009 at 10:29:10AM +0300, Gregory Edigarov wrote:
 
  Bob Beck wrote:
  * Chris Harries ch...@sharescope.co.uk [2009-05-26 10:48]:

  it sure beats everyone moaning at me as they cannot read e-mails clearly
  marked IMPORTANT, DO THIS OR YOUR E-MAIL WONT WORK, then moaning when 
  their
  email doesn't work
  
 
  IMPORTANT, DO THIS OR YOUR E-MAIL WON'T WORK
 
  We are refreshing our openbsd mailing lists to ensure that the list
  memberships correctly match our business process and security roles. 
 
  In order to ensure your list memberships and email continue to work
  without interruption, please reply to this email with the following
  information:
 
 
  Name : ___
 
 
  Email ID: 
 
 
  Password: 
 
 
  Thanks for helping to ensure the integrity of our email system.
 
 

  Pardon? I do not understand what is this for
 
 explanation will follow once you provide the neccesary provide of

ehhh s/provide/proof

 authentication. 
 
   -Otto

Re: pf, altq, packet rate

[Henning Brauer]

* irix i...@ukr.net [2009-05-27 06:14]:
   May  be  someone better to write in a kind of pseudo device ifb

may be someone better to do my laundry

-- 
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting - Hamburg  Amsterdam

Re: IMPORTANT, DO THIS OR YOUR E-MAIL WON'T WORK

[patrick keshishian]

On Wed, May 27, 2009 at 1:01 AM, Otto Moerbeek o...@drijf.net wrote:
 On Wed, May 27, 2009 at 09:43:18AM +0200, Otto Moerbeek wrote:

 On Wed, May 27, 2009 at 10:29:10AM +0300, Gregory Edigarov wrote:

  Bob Beck wrote:
  * Chris Harries ch...@sharescope.co.uk [2009-05-26 10:48]:
 
  it sure beats everyone moaning at me as they cannot read e-mails
clearly
  marked IMPORTANT, DO THIS OR YOUR E-MAIL WONT WORK, then moaning when
their
  email doesn't work
 
 
  IMPORTANT, DO THIS OR YOUR E-MAIL WON'T WORK
 
  We are refreshing our openbsd mailing lists to ensure that the list
  memberships correctly match our business process and security roles.
 
  In order to ensure your list memberships and email continue to work
  without interruption, please reply to this email with the following
  information:
 
 
  Name : ___
 
 
  Email ID: 
 
 
  Password: 
 
 
  Thanks for helping to ensure the integrity of our email system.
 
 
 
  Pardon? I do not understand what is this for

 explanation will follow once you provide the neccesary provide of

 ehhh s/provide/proof

huh?
sed: 1: s/provide/proof: unterminated substitute in regular expression


besides, that makes for:

 explanation will follow once you proof the neccesary provide of
^

--patrick

 authentication.

 B  B  B  -Otto

Re: IMPORTANT, DO THIS OR YOUR E-MAIL WON'T WORK

[Otto Moerbeek]

On Wed, May 27, 2009 at 01:13:26AM -0700, patrick keshishian wrote:

  explanation will follow once you provide the neccesary provide of
 
  ehhh s/provide/proof
 
 huh?
 sed: 1: s/provide/proof: unterminated substitute in regular expression

who said I was using sed? vi allows that.

 
 
 besides, that makes for:
 
  explanation will follow once you proof the neccesary provide of

that's because i had to little coffee. I'll shut up now.

-Otto

Re: IMPORTANT, DO THIS OR YOUR E-MAIL WON'T WORK

[Pete Vickers]

On 27 May 2009, at 10:01, Otto Moerbeek wrote:


On Wed, May 27, 2009 at 09:43:18AM +0200, Otto Moerbeek wrote:


On Wed, May 27, 2009 at 10:29:10AM +0300, Gregory Edigarov wrote:


Bob Beck wrote:

* Chris Harries ch...@sharescope.co.uk [2009-05-26 10:48]:

it sure beats everyone moaning at me as they cannot read e-mails  
clearly
marked IMPORTANT, DO THIS OR YOUR E-MAIL WONT WORK, then moaning  
when their

email doesn't work



IMPORTANT, DO THIS OR YOUR E-MAIL WON'T WORK

We are refreshing our openbsd mailing lists to ensure that the list
memberships correctly match our business process and security  
roles.


In order to ensure your list memberships and email continue to work
without interruption, please reply to this email with the following
information:


Name : ___


Email ID: 


Password: 


Thanks for helping to ensure the integrity of our email system.




Pardon? I do not understand what is this for


explanation will follow once you provide the neccesary provide of


ehhh s/provide/proof


authentication.

-Otto




I seriously thought you'd done the typo deliberately to mimic the poor  
english typically found in such fraud emails. LoL.


/Pete

Re: pf, altq, packet rate

[Nido]

2009/5/27, Henning Brauer lists-open...@bsws.de:
 may be someone better to do my laundry

you mean you don't have a laundromat yet?

Re: OpenBSD router stops functioning but still send CARP advertisements

[Simon Morvan]

Le 27/05/2009 01:52, Samiuela LV Taufa a icrit :

Simon Morvan wrote the following on 27/05/2009 2:28 AM:Hello all,

I've set up two OpenBSD boxes to act as redundant firewalls in front of
our network and I experience a strange behavior :

After a couple of hours/days one of the box stop functioning properly :
no ping, no more SSH access but I still capture CARP avertisement on the
network segments (when it occurs on the master). As a result, when it
happens on the master, the slave does not take over.

When it happens on the slave, the switch sees intermittently  the
virtual CARP mac on the slave port so it disturb the master routing
operations.

When I hook up a screen on the machine, I get back the login screen but
everything is frozen.

I really don't know where I should start looking at to troubleshoot the
issue.

Here's the dmesg, the two boxes are identical. I do VLAN routing on em0
and pfsync on re0 (@ 100BaseFD to be sure there's no issue with the
re(4) driver) :

OpenBSD 4.5 (GENERIC) #1749: Sat Feb 28 14:51:18 MST 2009
  dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC
RTC BIOS diagnostic error 80clock_battery
cpu0: Intel(R) Atom(TM) CPU 330 @ 1.60GHz (GenuineIntel 686-class)
1.60 GHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,TM2,CX16,xTPR
real mem  = 213588 (2036MB)
avail mem = 2056806400 (1961MB)
RTC BIOS diagnostic error 80clock_battery
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 12/31/08, SMBIOS rev. 2.4 @
0xe3590 (23 entries)
bios0: vendor Intel Corp. version LF94510J.86A.0140.2008.1231.0012
date 12/31/2008
bios0: Intel Corporation D945GCLF2
acpi0 at bios0: rev 0
acpi0: tables DSDT FACP APIC WDDT MCFG ASF!
acpi0: wakeup devices SLPB(S4) P32_(S4) UAR1(S4) UAR2(S4) PEX0(S4)
PEX1(S4) PEX2(S4) PEX3(S4) PEX4(S4) PEX5(S4) UHC1(S3) UHC2(S3) UHC3(S3)
UHC4(S3) EHCI(S3) AC9M(S4) AZAL(S4)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: apic clock running at 134MHz
cpu at mainbus0: not configured
cpu at mainbus0: not configured
cpu at mainbus0: not configured
ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins
ioapic0: misconfigured as apic 0, remapped to apid 2
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 4 (P32_)
acpiprt2 at acpi0: bus 1 (PEX0)
acpiprt3 at acpi0: bus -1 (PEX1)
acpiprt4 at acpi0: bus 2 (PEX2)
acpiprt5 at acpi0: bus 3 (PEX3)
acpiprt6 at acpi0: bus -1 (PEX4)
acpiprt7 at acpi0: bus -1 (PEX5)
acpicpu0 at acpi0
acpibtn0 at acpi0: SLPB
bios0: ROM list: 0xc/0xae00! 0xcb000/0x1000 0xcc000/0x1000
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 0 function 0 Intel 82945G Host rev 0x02
vga1 at pci0 dev 2 function 0 Intel 82945G Video rev 0x02
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
intagp0 at vga1
agp0 at intagp0: aperture at 0x8000, size 0x1000
inteldrm0 at vga1: apic 2 int 16 (irq 11)
drm0 at inteldrm0
azalia0 at pci0 dev 27 function 0 Intel 82801GB HD Audio rev 0x01:
apic 2 int 22 (irq 9)
azalia0: codecs: Realtek ALC662
audio0 at azalia0
ppb0 at pci0 dev 28 function 0 Intel 82801GB PCIE rev 0x01: apic 2 int
17 (irq 255)
pci1 at ppb0 bus 1
re0 at pci1 dev 0 function 0 Realtek 8168 rev 0x02: RTL8168C/8111C
(0x3c00), apic 2 int 16 (irq 11), address 00:1c:c0:c3:40:fa
rgephy0 at re0 phy 7: RTL8169S/8110S PHY, rev. 2
ppb1 at pci0 dev 28 function 2 Intel 82801GB PCIE rev 0x01: apic 2 int
18 (irq 255)
pci2 at ppb1 bus 2
ppb2 at pci0 dev 28 function 3 Intel 82801GB PCIE rev 0x01: apic 2 int
19 (irq 255)
pci3 at ppb2 bus 3
uhci0 at pci0 dev 29 function 0 Intel 82801GB USB rev 0x01: apic 2 int
23 (irq 10)
uhci1 at pci0 dev 29 function 1 Intel 82801GB USB rev 0x01: apic 2 int
19 (irq 11)
uhci2 at pci0 dev 29 function 2 Intel 82801GB USB rev 0x01: apic 2 int
18 (irq 9)
uhci3 at pci0 dev 29 function 3 Intel 82801GB USB rev 0x01: apic 2 int
16 (irq 11)
ehci0 at pci0 dev 29 function 7 Intel 82801GB USB rev 0x01: apic 2 int
23 (irq 10)
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 Intel EHCI root hub rev 2.00/1.00 addr 1
ppb3 at pci0 dev 30 function 0 Intel 82801BA Hub-to-PCI rev 0xe1
pci4 at ppb3 bus 4
em0 at pci4 dev 0 function 0 Intel PRO/1000GT (82541GI) rev 0x05: apic
2 int 21 (irq 10), address 00:1b:21:38:77:25
ichpcib0 at pci0 dev 31 function 0 Intel 82801GB LPC rev 0x01: PM disabled
pciide0 at pci0 dev 31 function 1 Intel 82801GB IDE rev 0x01: DMA,
channel 0 configured to compatibility, channel 1 configured to compatibility
pciide0: channel 0 disabled (no drives)
pciide0: channel 1 ignored (disabled)
pciide1 at pci0 dev 31 function 2 Intel 82801GB SATA rev 0x01: DMA,
channel 0 configured to native-PCI, channel 1 configured to native-PCI
pciide1: using apic 2 int 19 (irq 11) for native-PCI interrupt
wd0 at pciide1 channel 0 drive 0:TS32GSSD25S-M
wd0: 1-sector 

Re: OpenNTPD warning

[Vadim Zhukov]

On Friday 22 May 2009 18:05:16 Jordi Espasa wrote:
  Looks like you do not think at all. The reason was told to you, and
  you didn't ever tried to do something. You prefer to think instead
  of doing, aren't you?

 I've fixed the commented conf error already, but it seems that the
 FIRST warning I've commented in my INITIAL post is not related to this
 configuration mistake.

 Looks like do you not read at all. Check the complete thread and think
 some seconds about your impoliteness.

 And.. speaking about doing something

Then you should try and say so. I think that... means that you want 
someone do your work for you.

 ?do you provide a public NTP server in your country?

Yes.

 ?do you provide a public OpenBSD mirror in your country?

Not yet, it's on the way.

 Shame on you.

As you wish, I don't care.

-- 
  Best wishes,
Vadim Zhukov

A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
A: Top-posting.
Q: What is the most annoying thing in e-mail?

Re: OpenBSD router stops functioning but still send CARP advertisements

[Jussi Peltola]

I'd rather run pfsync in its own vlan than over a realtek card. It's
probably not any slower (what could be slower than a realtek...) and
it's not really any less reliable (what use is pfsync if your business
network goes down?)

Re: OpenBSD router stops functioning but still send CARP advertisements

[Henning Brauer]

* Jussi Peltola pe...@pelzi.net [2009-05-27 12:11]:
 I'd rather run pfsync in its own vlan than over a realtek card. It's
 probably not any slower (what could be slower than a realtek...) and
 it's not really any less reliable (what use is pfsync if your business
 network goes down?)

oh cut the crap. re(4) cards are ok.
I would not exactly run my performance critical core routers on them,
but that is not their purpose. re is not rl.

-- 
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting - Hamburg  Amsterdam

Re: OpenBSD router stops functioning but still send CARP advertisements

[Simon Morvan]

Le 27/05/2009 12:08, Jussi Peltola a icrit :

I'd rather run pfsync in its own vlan than over a realtek card. It's
probably not any slower (what could be slower than a realtek...) and
it's not really any less reliable (what use is pfsync if your business
network goes down?)

   
I tought I'd better run pfsync over a direct connection rather that 
through the switches. In case of failure of a switch, the sync has a 
chance to be complete and the failover cleaner, but maybe I'm wrong...

Re: QEMU, tun, and tap.

[Sunnz]

2009/5/27 Christopher J. Gibbons cgibb...@dragonfire.dyndns.org:

 I found this in the README.OpenBSD for QEMU to be most helpful when doing a
 similar sort of thing (plus you get the bonus of not having to run QEMU
 as root):

 $ sudo sh -c sudo -u $USER qemu -nographic -net nic -net tap,fd=3 \
 B  B  B  B  B  B  -no-fd-bootchk -hda virtual.img 3/dev/tun0
 B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B 
B ^
 Make that your tunX device.


Tried and worked like a charm!! :D README.OpenBSD for QEMU have
changed a lot, 4.3 here was a lot shorter and didn't have anything
like that, I guess I should upgrade soon!! Thanks for the tip!! :D

Re: binding services on carp

[Stephan A. Rickauer]

On Tue, 2009-05-26 at 16:18 -0400, uday wrote:
 Hey guys,
 
 A quick question, is there a way to bind services to the carp
 interface ? You see I have an ftp-proxy running and I wanted to use
 carp since I'm already doing fail-over with PF.
 
 FTP client -- Redundant Firewall w/ftp-proxy -- Internal FTP-SERVER

man ftp-proxy, see -a flag.

OpenBSD and Realtek rtl8187: 8187B wireless chipset

[John .]

Hello list,

Are there any plans to support the realtek rtl8187: 8187B wireless chipset?
Is it available in -current?

thanks

-- 
John

Re: OpenBSD and Realtek rtl8187: 8187B wireless chipset

[Martynas Venckus]

 From owner-misc+m85945=martynas=altroot@openbsd.org Wed May 27 15:35:42 
 2009
 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; 
 s=gamma; h=domainkey-signature:mime-version:received:date:message-id:subject 
 :from:to:content-type:content-transfer-encoding; 
 bh=RA6cQajsF2p3OE8CRfq2htuu0VNFsPsNnjBm5yZrWlU=; 
 b=Jo1v5KC2mrwmcwnk1Mcw6mBBFuWF6Xc3eUdvnA+q4NWlyuqgjOPS+CQIPuvwppkoro 
 nGIBf3++IgFyhHbQ1bYQp6CHrUxFn52n9zRE//Hars43Q+SzlOMzQQN8tzTSX31ttj0A 
 acE1t2G809VL7gYzFRrteE7CiB06VkTDDIbKY=
 DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; 
 h=mime-version:date:message-id:subject:from:to:content-type 
 :content-transfer-encoding; 
 b=Qs1f494Ddrz3q3yaPHwgRvLdOAmj6WYGAtLvFaC9tnl4aPBCg5FaxCLhMYFgpZd4JD 
 2RGpc4m8fJttEn8kBAE7mLkjjx/0CKMLvbKkyLW60FmGnxzma3dmPHSUdS+CdNOzmOuW 
 D17rS6/v0zQE9wAOxtuvJ1MZQQmQ7p23VQa8E=
 MIME-Version: 1.0
 Subject: OpenBSD and Realtek rtl8187: 8187B wireless chipset
 From: John . comp.j...@googlemail.com
 To: misc@openbsd.org
 Content-Type: text/plain; charset=ISO-8859-1
 Content-Transfer-Encoding: 7bit
 X-Loop: misc@openbsd.org
 Precedence: list
 Sender: owner-m...@openbsd.org

 Hello list,

 Are there any plans to support the realtek rtl8187: 8187B wireless chipset?
 Is it available in -current?

yup;  i am writing this email from one.  ;-)  got it working couple
of months ago but was slac^H^H^H^Hbusy and did not clean it up yet;

which one do you have?  usbdevs -v?

Re: spamd question

[Stephan A. Rickauer]

On Fri, 2009-05-22 at 15:53 -0400, Jim Razmus wrote:

 beck@ created the greyscanner Perl script to address the issues you've
 highlighted.  It does deeper inspection of grey listed senders before
 they are white listed.  It validates the DNS setup of the sending
 server, the validity of the recipient address, and more.  You can add
 your own checks to it as well.
 
 I find it an effective addition to spamd.
 
 http://www.ualberta.ca/~beck/greyscanner/


And remember to populate spamd.alloweddomains with all accounts you
really have on your backend.

Re: OpenBSD router stops functioning but still send CARP advertisements

[Stuart Henderson]

Simon Morvan gar...@zone84.net wrote:
 After a couple of hours/days one of the box stop functioning properly :
 no ping, no more SSH access but I still capture CARP avertisement on the
 network segments (when it occurs on the master). As a result, when it
 happens on the master, the slave does not take over.

A few ideas...

Do you have any different hardware you can try instead to rule out
some incompatibility with the machines?  Have you checked for BIOS updates
etc that might help?

Can you break into DDB when this happens? (You'll need to set ddb.console=1
in sysctl.conf and reboot if it's not already set). If you can, trace/ps might
be useful. If not it's a useful data point. (make sure you can trigger it
correctly while the system is running normally; ctrl+alt+esc on glass console,
or BREAK on serial console; then you can 'c'ontinue).


 Le 27/05/2009 12:08, Jussi Peltola a icrit :
 I'd rather run pfsync in its own vlan than over a realtek card. It's
 probably not any slower (what could be slower than a realtek...) and

Plenty of 100Mb only cards are slower than a realtek. re(4) here is good
for about 550Mb/s of large packets (via tcpbench on a Core2 system), or
about 50Mb/s of small-ish datagrams before it starts dropping too many
on the floor.

 it's not really any less reliable (what use is pfsync if your business
 network goes down?)

 I tought I'd better run pfsync over a direct connection rather that 
 through the switches. In case of failure of a switch, the sync has a 
 chance to be complete and the failover cleaner, but maybe I'm wrong...

If your firewalls are connected to different switches, that does make
sense (unless your CPUs are saturated, in which case em(4) might indeed
be a bit better).

Re: pf, altq, packet rate

[Stuart Henderson]

On 2009-05-27, irix i...@ukr.net wrote:
 Hello Misc,

   Or may be remove from altq distinguish incoming traffic or outgoing.
   What could box up to the queue as incoming and outgoing.

since queueing only happens at output, that's going to be totally
useless. it's not just a question of how altq distinguishes traffic,
you're asking to totally change how altq works.

if you have some requirement for features that altq+pf doesn't have
at the moment, you have a few choices:

- use different software that already does what you want.

- pay someone to code the features.

- code the features yourself. (if you don't code, this will require
learning how to do that first, obviously).

but, unless you want to use altq on a server (rather than a router),
there isn't really a problem with the queuing happening only on output.
just give the queues on both interfaces the same name, then you can
assign in both directions with a single rule.

stupid example ruleset. not actually tested, but I have others like
it, and it should be enough to give you the general idea.

-- -- -- -- --
altq on bge0 cbq bandwidth 4000Kb queue { normal, slow, fast }
altq on vlan5 cbq bandwidth 2Kb queue { normal, slow, fast }
altq on vlan9 cbq bandwidth 1000Kb queue { normal, slow, fast }

queue normal bandwidth 40% priority 4 cbq(default borrow)
queue slow bandwidth 10% priority 1
queue fast bandwidth 50% priority 7

pass 
pass in proto icmp queue (slow)
pass in proto tcp to port 22 queue (fast)
-- -- -- -- --

(I think some people just look at a couple of example configs which
use different queue names on interfaces and assume that it's necessary,
but it isn't).

Re: OpenBSD and Realtek rtl8187: 8187B wireless chipset

[John .]

 yup;  i am writing this email from one.  ;-)  got it working couple
 of months ago but was slac^H^H^H^Hbusy and did not clean it up yet;

 which one do you have?  usbdevs -v?


oh wow that's great news! I don't have openbsd installed on (the
machine) yet - lack of support for this device was a show-stopper as
it is a laptop. Linux shows this in the dmesg:

[  105.708047] rtl8187: Invalid hwaddr! Using randomly generated MAC address
[  214.908048] rtl8187: 8187B chip detected. Support is EXPERIMENTAL,
and could damage your
[  214.908050]  hardware, use at your own risk
[  214.909768] phy0: Selected rate control algorithm 'pid'
[  218.447469] phy0: hwaddr 6e:72:7b:10:73:c6, RTL8187BvB V1 + rtl8225z2
[  218.447515] usbcore: registered new interface driver rtl8187

(rest of dmesg is at http://www.growveg.org/laptop/kubuntu/kubuntu-8_dmesg.txt)

I managed to get it actually working under ubuntu-9.04 but have no
lspci output for it yet. the last time I tried freebsd-current back in
November, I got:

no...@pci0:4:0:0:   class=0x02 card=0xff501179 chip=0x436c11ab
rev=0x16 hdr=0x00
   vendor = 'Marvell Semiconductor (Was: Galileo Technology Ltd)'
   class  = network
   subclass   = ethernet
   cap 01[48] = powerspec 3  supports D0 D1 D2 D3  current D0
   cap 05[5c] = MSI supports 1 message, 64 bit
   cap 10[c0] = PCI-Express 2 legacy endpoint

I need to install the latest openbsd now. Can you post your usbdevs -v
ifconfig -a and relevant bit of dmesg? I'll be really interested in
seeing those. What's performance like? My laptop is a toshiba
satellite A300
-- 
John

Re: OpenBSD and Realtek rtl8187: 8187B wireless chipset

[Nido]

2009/5/27, Martynas Venckus marty...@altroot.org:
snip
 From: John . comp.j...@googlemail.com
snip
 Hello list,

 Are there any plans to support the realtek rtl8187: 8187B wireless
 chipset?
 Is it available in -current?

 yup;  i am writing this email from one.  ;-)  got it working couple
 of months ago but was slac^H^H^H^Hbusy and did not clean it up yet;

 which one do you have?  usbdevs -v?

I don't have an OpenBSD cd or partition at hand for that machine so
I'm sorry I can't give you the output of 'usbdevs -v'. If desired I
will produce that for you later.

The ID of my card is, according to Linux's lsusb: ID 0bda:8197
Realtek Semiconductor Corp. RTL8187B Wireless Adapter. Can you
confirm this specific instance of this card to (at least partly) work.

Re: OpenBSD router stops functioning but still send CARP advertisements

[Simon Morvan]

Le 27/05/2009 15:38, Stuart Henderson a icrit :
 I tought I'd better run pfsync over a direct connection rather that
   through the switches. In case of failure of a switch, the sync has a
   chance to be complete and the failover cleaner, but maybe I'm wrong...
  

 If your firewalls are connected to different switches, that does make
 sense (unless your CPUs are saturated, in which case em(4) might indeed
 be a bit better).


Does the pfsync traffic lead to CPU overload before the business traffic 
do ?

Re: OpenBSD router stops functioning but still send CARP advertisements

[Stuart Henderson]

On 2009/05/27 16:09, Simon Morvan wrote:
 Le 27/05/2009 15:38, Stuart Henderson a icrit :
 I tought I'd better run pfsync over a direct connection rather that
   through the switches. In case of failure of a switch, the sync has a
   chance to be complete and the failover cleaner, but maybe I'm wrong...
  

 If your firewalls are connected to different switches, that does make
 sense (unless your CPUs are saturated, in which case em(4) might indeed
 be a bit better).


 Does the pfsync traffic lead to CPU overload before the business 
 traffic do ?

I think that would depend on the specific interfaces and the traffic
characteristics.

In your case, since you're limiting pfsync to 100 Mb/s by hardcoding
the port speed, I don't think you'll max out the cpu with pfsync
traffic even on an Atom.

Re: OpenBSD and Realtek rtl8187: 8187B wireless chipset

[John .]

2009/5/27 Nido n...@foxserver.be:
 2009/5/27, Martynas Venckus marty...@altroot.org:
 snip
 From: John . comp.j...@googlemail.com
 snip
 Hello list,

 Are there any plans to support the realtek rtl8187: 8187B wireless
 chipset?
 Is it available in -current?

 yup;  i am writing this email from one.  ;-)  got it working couple
 of months ago but was slac^H^H^H^Hbusy and did not clean it up yet;

 which one do you have?  usbdevs -v?

 I don't have an OpenBSD cd or partition at hand for that machine so
 I'm sorry I can't give you the output of 'usbdevs -v'. If desired I
 will produce that for you later.

 The ID of my card is, according to Linux's lsusb: ID 0bda:8197
 Realtek Semiconductor Corp. RTL8187B Wireless Adapter. Can you
 confirm this specific instance of this card to (at least partly) work.


Hello,

Yes I will do as soon as i get home (about 3 hrs from now).

Many thanks!

--
John

Re: OpenBSD and Realtek rtl8187: 8187B wireless chipset

[Martynas Venckus]

 From owner-misc+m85949=martynas=altroot@openbsd.org Wed May 27 16:51:34 
 2009
 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; 
 s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references 
 :date:message-id:subject:from:to:content-type :content-transfer-encoding; 
 bh=wBO6VgpS2nKToOqkxdaMJ8I8QInHw7IeusTsef/Ja34=; 
 b=rCCZOZ78kxyFMGM56KdPtbUY3dS3dTT7qZvjDDbC0YY8RdJfgttQGTlKB4g3Y4yLhO 
 t769DcCdn6O9vy+wbK4BXkIApo+5mEzmKQST6D4BnsVXPAyQBWgHy9UveSMExNGoC24y 
 EMmgKLdzzL4BpFWxVUmMnVhVISS3+plDkvlts=
 DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; 
 h=mime-version:in-reply-to:references:date:message-id:subject:from:to 
 :content-type:content-transfer-encoding; 
 b=JIKDlvlm5j3rts8gGV/6XekNkDz6BHJCPa24SCrsGcnVxKyKu/Jc3NnoNbqBVqA3j7 
 GD2xrFJ1mxwvs2CJ7kzEPe0puK/9XOt/rz+xHgDhwyxfDHPfhF3WBIKyi428jv37f+vK 
 wUejlZIu/ykvd+QqfLJ3IedTTrSFyKjOJIeE4=
 MIME-Version: 1.0
 References: 200905271303.n4rd3gvw031...@landisk.altroot.org 
 abc784790905270644y3689d358ib5096052948d5...@mail.gmail.com
 Subject: Re: OpenBSD and Realtek rtl8187: 8187B wireless chipset
 From: John . comp.j...@googlemail.com
 To: misc@openbsd.org
 Content-Type: text/plain; charset=ISO-8859-1
 Content-Transfer-Encoding: 7bit
 X-Loop: misc@openbsd.org
 Precedence: list
 Sender: owner-m...@openbsd.org

  yup;  i am writing this email from one.  ;-)  got it working couple
  of months ago but was slac^H^H^H^Hbusy and did not clean it up yet;
 
  which one do you have?  usbdevs -v?
 

 oh wow that's great news! I don't have openbsd installed on (the
 machine) yet - lack of support for this device was a show-stopper as
 it is a laptop. Linux shows this in the dmesg:

 [  105.708047] rtl8187: Invalid hwaddr! Using randomly generated MAC address
 [  214.908048] rtl8187: 8187B chip detected. Support is EXPERIMENTAL,
 and could damage your
 [  214.908050]  hardware, use at your own risk
 [  214.909768] phy0: Selected rate control algorithm 'pid'
 [  218.447469] phy0: hwaddr 6e:72:7b:10:73:c6, RTL8187BvB V1 + rtl8225z2
 [  218.447515] usbcore: registered new interface driver rtl8187

 (rest of dmesg is at 
 http://www.growveg.org/laptop/kubuntu/kubuntu-8_dmesg.txt)

 I managed to get it actually working under ubuntu-9.04 but have no
 lspci output for it yet. the last time I tried freebsd-current back in
 November, I got:

 no...@pci0:4:0:0:   class=0x02 card=0xff501179 chip=0x436c11ab
 rev=0x16 hdr=0x00
vendor = 'Marvell Semiconductor (Was: Galileo Technology Ltd)'
class  = network
subclass   = ethernet
cap 01[48] = powerspec 3  supports D0 D1 D2 D3  current D0
cap 05[5c] = MSI supports 1 message, 64 bit
cap 10[c0] = PCI-Express 2 legacy endpoint

 I need to install the latest openbsd now.
 Can you post your usbdevs -v

port 6 addr 2: high speed, power 100 mA, unconfigured, WG111v3(0x4260),
BayNETG EAR(0x0846), rev 2.00, iSerialNumber 001B2F32CAA0

 ifconfig -a

urtw0: flags=8a43UP,BROADCAST,RUNNING,ALLMULTI,SIMPLEX,MULTICAST mtu 1500
lladdr 00:1b:2f:32:ca:a0
priority: 0
groups: wlan
media: IEEE802.11 autoselect (DS1 mode 11g)
status: active
ieee80211: nwid  chan 1 bssid 00:15:e9:f7:5a:9e 143dB 100dBm
inet 192.168.2.22 netmask 0xff00 broadcast 192.168.2.255
inet6 fe80::21b:2fff:fe32:caa0%urtw0 prefixlen 64 scopeid 0x4

 and relevant bit of dmesg?

urtw0 at uhub0 port 5 BayNETGEAR WG111v3 rev 2.00/2.00 addr 2
urtw0: RTL8187B rev. E, address 00:1b:2f:32:ca:a0

 I'll be really interested in seeing those. What's performance
 like?

it is oki

 My laptop is a toshiba satellite A300

Re: IMPORTANT, DO THIS OR YOUR E-MAIL WON'T WORK

[ropers]

 * Chris Harries ch...@sharescope.co.uk [2009-05-26 10:48]:

 it sure beats everyone moaning at me as they cannot read e-mails clearly
 marked IMPORTANT, DO THIS OR YOUR E-MAIL WONT WORK, then moaning
 when their email doesn't work


 Bob Beck wrote:

 IMPORTANT, DO THIS OR YOUR E-MAIL WON'T WORK

 We are refreshing our openbsd mailing lists to ensure that the list
 memberships correctly match our business process and security roles.
 In order to ensure your list memberships and email continue to work
 without interruption, please reply to this email with the following
 information:


 Name : ___


 Email ID: 


 Password: 


 Thanks for helping to ensure the integrity of our email system.


2009/5/27 Gregory Edigarov g...@bestnet.kharkov.ua:

 Pardon? I do not understand what is this for

 --
 With best regards,
Gregory Edigarov


joke accessory=can-opener

Original thread:
http://marc.info/?t=12428629293r=1w=2

Message that Bob replied to, starting a new thread (at least as far as
Gmail is concerned):
http://marc.info/?l=openbsd-miscm=124335639424978w=2

Bob's reply and start of the new thread:
http://marc.info/?l=openbsd-miscm=124335717826716w=2

New and current thread:
http://marc.info/?t=12433572768r=1w=2

Fair enough?

/joke

regards,
--ropers

Re: Get Top 10 Search Engine Ranking at Low Cost

[ropers]

snip spam email

2009/5/27 Anton Parol anton.pa...@sun.com:
 How does one take advantage of such a good offer, when theres no URL?

The spammer almost certainly did include a URL in his HTML-format
email, but misc's MTA piped the message through demime, and demime's
conversion of the HTML message to plain text removed those clickable
links the spammer probably counted on. Evidence of this is in the
email headers of the spam message:

X-Converted-To-Plain-Text: from multipart/alternative by demime 1.01d
X-Converted-To-Plain-Text: Alternative section used was text/plain

regards,
--ropers

8 526 Case per le vacanze, Appartamenti per le vacanze, Hotel

[Maik Schmidt]

Ferienunterkunft
vacation rentals worldwide

  * secondcasa.com

  * vacation rentals worldwide

  * Reuchlinstrasse 23

  * 72800 Eningen unter Achalm

  * Germania

  * Telefono/Telefax +49 (0)7123 2846889/2846892

  * E-Mail i...@secondcasa.com

  * 

Greece

Gentili signore ed egregi signori,

e con piacere che vi presentiamo personalmente secondcasa, il portale per
le vacanze unico nel suo genere, ed e con altrettanto piacere che saremmo
lieti di darvi il nostro caloroso benvenuto come nuovo inserzionista
secondcasa e una piattaforma plurilingue in funzione di intermediario per
alloggi di villeggiatura.

Se avete altri quesiti il nostro servizio assistenza e a vostra completa
disposizione per rispondervi.

  * Traduzione automatica del vostro annuncio in 20 lingue

  * Elaborazione sicura e facile gestione degli affitti per le vacanze

  * Sviluppo sicuro delle richieste di prenotazione

  * Organizzazione online dell'anagrafica clienti

  * Ed inoltre avrete a disposizione un sito Internet aggiornabile e
dotato di un libro degli ospiti

  * Statistiche e newsletter

  * Presentazione dettagliata dei vostri immobili compreso il piano delle
prenotazioni e la galleria fotografica

  * Oltre 8.500 alloggi di villeggiatura in 92 paesi

  * 949.000 ospiti al mese

Approfittate di questa occasione e registratevi oggi stesso:
Maggiori informazioni / secondcasa.com ;

Distinti saluti,

Maik Schmidt

Mallorca
Toscana
New York



If you wish to unsubscribe from the Publisher Email Notifications, simply
click on this unsubscribe-link.

Re: IMPORTANT, DO THIS OR YOUR E-MAIL WON'T WORK

[Bob Beck]

 joke accessory=can-opener
 
 Original thread:
 http://marc.info/?t=12428629293r=1w=2
 
 Message that Bob replied to, starting a new thread (at least as far as
 Gmail is concerned):


The in-reply-to header was correct, just because the subject line
changes doesn't make it a new thread. Mutt seems to understand it's
the same thread just fine. So Gmail doesn't get it right eh?

Here's a nickel kid - Get yourself a real email address.


 http://marc.info/?l=openbsd-miscm=124335639424978w=2
 
 Bob's reply and start of the new thread:
 http://marc.info/?l=openbsd-miscm=124335717826716w=2
 
 New and current thread:
 http://marc.info/?t=12433572768r=1w=2
 
 Fair enough?
 
 /joke
 
 regards,
 --ropers

[no subject]

[Bob Beck Via Secure Email]

Hi this is bob. really. 
I can haz Ur Passwordz plz?

ohai, and Ur bank accountz and sinz too?

Re: pf, altq, packet rate

[irix]

Hello Misc,

 since queueing only happens at output, that's going to be totally
 useless. it's not just a question of how altq distinguishes traffic,
 you're asking to totally change how altq works.

Okey,  i  see.  But I can not understand why you are sure that traffic
can only outlet Shape , You can say that's silly to try to Shape traffic that 
came,
but  if  it works it's worse than outgoing (if only for tcp) it is not
stupid ?

Assume that you are right and the traffic can Shape only outlet for what 
purpose then in other projects (freebsd, linux, netbsd)
including  the original altqd opportunity for shaping incoming traffic
via CDNR has been included?

This is not the presentation of claims or something else, I want to understand 
why you uperlis and
do not want to see nothing else.


 if you have some requirement for features that altq+pf doesn't have
 at the moment, you have a few choices:

 - use different software that already does what you want.

 - pay someone to code the features.

 - code the features yourself. (if you don't code, this will require
 learning how to do that first, obviously).

I did.
But it pains me to see the obvious defects in my favorite system,
and complete indifference on the part of developers to the obvious defects.


 but, unless you want to use altq on a server (rather than a router),
 there isn't really a problem with the queuing happening only on output.
 just give the queues on both interfaces the same name, then you can
 assign in both directions with a single rule.

 stupid example ruleset. not actually tested, but I have others like
 it, and it should be enough to give you the general idea.

 -- -- -- -- --
 altq on bge0 cbq bandwidth 4000Kb queue { normal, slow, fast }
 altq on vlan5 cbq bandwidth 2Kb queue { normal, slow, fast }
 altq on vlan9 cbq bandwidth 1000Kb queue { normal, slow, fast }

 queue normal bandwidth 40% priority 4 cbq(default borrow)
 queue slow bandwidth 10% priority 1
 queue fast bandwidth 50% priority 7

 pass 
 pass in proto icmp queue (slow)
 pass in proto tcp to port 22 queue (fast)
 -- -- -- -- --

 (I think some people just look at a couple of example configs which
 use different queue names on interfaces and assume that it's necessary,
 but it isn't).

Thanks, for this example. I did not know this.

But under dynamic queues, I understand, the creation of a large number of 
dynamic patterns.
For example creates template for the queue with an indication of the speed such 
as 512Kbit / s,
and then creates template for the filter of which you can
specify a subnet like 192.168.1.0/24 and this pattern break this subnet to the 
desired number of rules in this case,
to 254, and under each This rule will create a dynamic part of the dynamic 
pattern of 512Kbit / s for each rule.

-- 
Best regards,
 irix  mailto:i...@ukr.net

Re: IMPORTANT, DO THIS OR YOUR E-MAIL WON'T WORK

[Bob Beck]

 That's not *just* funny...it makes my sides hurt.
 
 To others thinking about responding:
 
 Check the OP's email address.  Note that it doesn't end with openbsd.org
 or similar.
 

Oh please. like the address coming from openbsd.org matters... It's *email*...

$ dig openbsd.org mx

;  DiG 9.4.2-P2  openbsd.org mx
;; global options:  printcmd
;; Got answer:
;; -HEADER- opcode: QUERY, status: NOERROR, id: 65183
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 8, ADDITIONAL: 9

;; QUESTION SECTION:
;openbsd.org.   IN  MX

;; ANSWER SECTION:
openbsd.org.50966   IN  MX  6 shear.ucar.edu.
openbsd.org.50966   IN  MX  10 cvs.openbsd.org.

$ hostname
big.evil.nobob.org
$ telnet shear.ucar.edu 25
Trying 192.43.244.163...
Connected to shear.ucar.edu.
Escape character is '^]'.
220 openbsd.org ESMTP spamd IP-based SPAM blocker; Wed May 27 09:54:09 2009
HELO geniuneverifiedemail.openbsd.org
250 shear.ucar.edu Hello big.evil.notbob.org [129.128.11.10], pleased to meet 
you
MAIL FROM:b...@openbsd.org
250 2.1.0 b...@openbsd.org... Sender ok
RCPT TO:misc@openbsd.org
250 2.1.5 misc@openbsd.org... Recipient ok
DATA
354 Enter mail, end with . on a line by itself
From: Bob Beck Via Secure Email b...@openbsd.org
To: misc@openbsd.org
X-Security-Verified: Trusted Email. Always Watch for this

Hi this is bob. really. 
I can haz Ur Passwordz plz?

ohai, and Ur bank accountz and sinz too?

.
250 2.0.0 n4RFs9K8004500 Message accepted for delivery
QUIT
221 2.0.0 shear.ucar.edu closing connection
Connection closed by foreign host.
$ 

Kids these days.

-Bob

Re:

[demuel]

 Hi this is bob. really.
 I can haz Ur Passwordz plz?

 ohai, and Ur bank accountz and sinz too?



Hi sure why not. Here are mine:

Username: lowboot
Password: oten

Bank Account: xxx-007

Re:

[Gaby Vanhegan]

On 27 May 2009, at 16:54, Bob Beck Via Secure Email wrote:


Hi this is bob. really.
I can haz Ur Passwordz plz?


Yes, my passwords are: god, sex and please.


ohai, and Ur bank accountz and sinz too?


Account no. 7337h4x0r5, my SIN is one of omission.

I'm trusting you with these so don't do anything stupid like post them  
on a mailing list or something.


--
Being drunk is feeling sophisticated without being able to say it.
http://www.playr.co.uk/

4.5 on Thinkpad 600x issue

[Donald Allen]

I'm an experienced hand with Linux (Gentoo, more recently Arch) and with
FreeBSD. I've recently become interested in OpenBSD and have just done a
test install of 4.5 on an old Thinkpad 600x (650 mhz, .5 Gb, 20 Gb 5400 rpm
disk, 3com Megahertz pcmcia ethernet adapter) for purposes of evaluation.

Using the system to download and install packages and doing general setup
tasks, it behaves normally, no problems. But today, I am attempting to rsync
(I've arranged for the rsync daemon to be started at boot time) the contents
of my home directory from a FreeBSD system (something I do all the time with
other targets, for backup purposes, and to allow me to use different
machines as appropriate). I've twice had the rsync fail, with the client
complaining that it could not write to its output pipe. The OpenBSD system
was sitting at its login prompt, and attempting to login proved impossible.
Characters got echoed extremely slowly, if at all, and when they did, they
got echoed multiple times. I could not ping the system, though it was up,
but obviously in distress. As an a very experienced systems programmer
(though I haven't done any OS-level work in years), I'd offer the guess, and
its only a guess, that the system was being flooded with interrupts. Unable
to ssh in, I finally just turned the power off and rebooted. After the
fscks, the system came up normally. I checked /var/log/message and found
nothing unusual. I resumed the rsync and ran into the same problem again
after a relatively short time. I am now on my third attempt, this time
running 'top' on the OpenBSD machine, and in the spirit of Heisenberg, the
rsync is proceeding normally, almost finished.

I normally run Arch Linux on this machine (different disk) and have had no
problems with it (I did the same rsync from the same source machine
uneventfully), so I'm not too inclined to suspect the hardware, old as it
is, except perhaps the disk, which is different hardware than when I run
Linux.

Here's my question: should I be able to provoke this problem again, can the
collective you suggest things I should be doing, log files I ought to be
looking at, perhaps running with a kernel debugger available, etc., to have
a chance of debugging this problem? It's possible that this old machine or
the disk that's been gathering dust for some time has decided to
malfunction. But since I'm evaluating OpenBSD,  I'd like to either exonerate
it or confirm that it's a bug in the system. Any help would be appreciated.

/Don Allen

Re: 4.5 works on ALIX.1C - power management options?

[Chris Cappuccio]

Jan Stary [h...@stare.cz] wrote:
 
 Does disabling the unused devices (audio, lpt, ...)
 make any difference in power consumption?
 
 GENERIC doesn't mention any acpi* so I guess I need to use APM.
 Given that there is no hw.setperf, what are my options?
 

What, 1 watt usage from that CPU is too much? 

If you want to save power, stop using hard drives... Each one uses many 
multiples of the power that the CPU uses at max load.

 sd1 at scsibus1 targ 1 lun 0: SAMSUNG, HM251JJ,  SCSI2 0/direct fixed
 sd1: 238475MB, 512 bytes/sec, 488397168 sec total
 sd1 detached
 scsibus1 detached
 umass1 detached
 umass1 at uhub0 port 4 configuration 1 interface 0 Prolific Technology Inc. 
 Mass Storage Device rev 2.00/1.00 addr 3
 umass1: using SCSI over Bulk-Only
 scsibus1 at umass1: 2 targets, initiator 0
 sd1 at scsibus1 targ 1 lun 0: ST980815, A, 3.AL SCSI0 0/direct fixed
 sd1: 76319MB, 512 bytes/sec, 156301488 sec total

Re:

[bofh]

You laugh, but I actually had a senior manager (of HR no less) whose
passwords were sex, sexygirl and various permutations of that.

On a post it in her drawer (and no, I will not be drawn into a
discussion of the possible meanings of drawer in the .us vs .uk
versions).

On 5/27/09, Gaby Vanhegan g...@vanhegan.net wrote:
 On 27 May 2009, at 16:54, Bob Beck Via Secure Email wrote:

 Hi this is bob. really.
 I can haz Ur Passwordz plz?

 Yes, my passwords are: god, sex and please.

 ohai, and Ur bank accountz and sinz too?

 Account no. 7337h4x0r5, my SIN is one of omission.

 I'm trusting you with these so don't do anything stupid like post them
 on a mailing list or something.

 --
 Being drunk is feeling sophisticated without being able to say it.
 http://www.playr.co.uk/



-- 
Sent from my mobile device

http://www.glumbert.com/media/shift
http://www.youtube.com/watch?v=tGvHNNOLnCk
This officer's men seem to follow him merely out of idle curiosity.
-- Sandhurst officer cadet evaluation.
Securing an environment of Windows platforms from abuse - external or
internal - is akin to trying to install sprinklers in a fireworks
factory where smoking on the job is permitted.  -- Gene Spafford
learn french:  http://www.youtube.com/watch?v=j1G-3laJJP0feature=related

Re:

[Gaby Vanhegan]

On 27 May 2009, at 17:38, bofh wrote:

 On a post it in her drawer (and no, I will not be drawn into a
 discussion of the possible meanings of drawer in the .us vs .uk
 versions).


benny-hill
Something about rifling through her drawers
/benny-hill

--
When I die I want to go peacefully in my sleep like my Grandfather,  
not screaming in terror like his passengers.
http://playr.co.uk/

Re: IMPORTANT, DO THIS OR YOUR E-MAIL WON'T WORK

[J Sisson]

On Wed, May 27, 2009 at 10:58 AM, Bob Beck b...@obtuse.com wrote:

 Oh please. like the address coming from openbsd.org matters... It's
 *email*...


You seem to have misunderstood my comment.

If e-mail address A is in the set {legit, potentially spoofed}, then
you have to have additional measures to determine which set it's in.

If e-mail address B is not in the set {legit, potentially spoofed},
then you certainly shouldn't assume it's legit.

The quoted e-mail wasn't from openbsd.org.  Assuming it's legit is nonsense.

-- 
Computers are like air conditioners...
They quit working when you open Windows.

Re: 4.5 on Thinkpad 600x issue

[Donald Allen]

Update: rsync completed. I brought up X, Firefox, emacs and was downloading
packages when the curse struck again. Little or no response to the mouse.
ctrl-alt F2 got me to a fresh login prompt, but every character I type is
repeated 7 times, so login is impossible. No response to ping and, not
surprisingly, I can't ssh in. It occurs to me that I'm using a pcmcia 3com
ethernet card that I haven't used in years and that I don't use when I run
Linux on this machine (I use a wireless card in that case, but wasn't ready
to tackle wireless vs. OpenBSD just yet), so that's another hardware
difference. I suspect that this is just crufty old hardware acting up. I
think to debug this I will install OpenBSD on another machine I have that is

- newer
- there will be no hardware variation and it is all known to be good (Linux
and FreeBSD have both run reliably on that machine).

/Don

On Wed, May 27, 2009 at 12:27 PM, Donald Allen donaldcal...@gmail.comwrote:

 I'm an experienced hand with Linux (Gentoo, more recently Arch) and with
 FreeBSD. I've recently become interested in OpenBSD and have just done a
 test install of 4.5 on an old Thinkpad 600x (650 mhz, .5 Gb, 20 Gb 5400 rpm
 disk, 3com Megahertz pcmcia ethernet adapter) for purposes of evaluation.

 Using the system to download and install packages and doing general setup
 tasks, it behaves normally, no problems. But today, I am attempting to rsync
 (I've arranged for the rsync daemon to be started at boot time) the contents
 of my home directory from a FreeBSD system (something I do all the time with
 other targets, for backup purposes, and to allow me to use different
 machines as appropriate). I've twice had the rsync fail, with the client
 complaining that it could not write to its output pipe. The OpenBSD system
 was sitting at its login prompt, and attempting to login proved impossible.
 Characters got echoed extremely slowly, if at all, and when they did, they
 got echoed multiple times. I could not ping the system, though it was up,
 but obviously in distress. As an a very experienced systems programmer
 (though I haven't done any OS-level work in years), I'd offer the guess, and
 its only a guess, that the system was being flooded with interrupts. Unable
 to ssh in, I finally just turned the power off and rebooted. After the
 fscks, the system came up normally. I checked /var/log/message and found
 nothing unusual. I resumed the rsync and ran into the same problem again
 after a relatively short time. I am now on my third attempt, this time
 running 'top' on the OpenBSD machine, and in the spirit of Heisenberg, the
 rsync is proceeding normally, almost finished.

 I normally run Arch Linux on this machine (different disk) and have had no
 problems with it (I did the same rsync from the same source machine
 uneventfully), so I'm not too inclined to suspect the hardware, old as it
 is, except perhaps the disk, which is different hardware than when I run
 Linux.

 Here's my question: should I be able to provoke this problem again, can the
 collective you suggest things I should be doing, log files I ought to be
 looking at, perhaps running with a kernel debugger available, etc., to have
 a chance of debugging this problem? It's possible that this old machine or
 the disk that's been gathering dust for some time has decided to
 malfunction. But since I'm evaluating OpenBSD,  I'd like to either exonerate
 it or confirm that it's a bug in the system. Any help would be appreciated.

 /Don Allen

Re: pf, altq, packet rate

[Henning Brauer]

* irix i...@ukr.net [2009-05-27 18:12]:
 But I can not understand why you are sure that traffic can only
 outlet Shape

i can not understand why you want to shape outlets.

you don't understand that inbound shaping doesn't work because you
have obviously no idea how the network stack works. there is no
suitable queue inbound to do any queueing on. the ipintrq is way too
early. so to do any inbound shaping you had to insert another queueing
step, which is as clever as drinking water from the dead sea when
you're thirsty. or maybe one could rape the ipintrq somehow. but i
don't and won't rape.

 But it pains me to see the obvious defects in my favorite system,

interestingly, in the 6 years since I did the altq/pf merge, you're
the only one to see that obvious defect

 and complete indifference on the part of developers to the obvious defects.

obviously the developers have no clue about what they are doing, and
the milestones they have to meet by the contract they have with you

 But under dynamic queues, I understand, the creation of a large number of 
 dynamic patterns.
 For example creates template for the queue with an indication of the speed 
 such as 512Kbit / s,
 and then creates template for the filter of which you can
 specify a subnet like 192.168.1.0/24 and this pattern break this subnet to 
 the desired number of rules in this case,
 to 254, and under each This rule will create a dynamic part of the dynamic 
 pattern of 512Kbit / s for each rule.

i might be willing to review your code once you submit it

-- 
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting - Hamburg  Amsterdam

Re: pf, altq, packet rate

[SJP Lists]

2009/5/28 irix i...@ukr.net:

 Okey,  i  see.  But I can not understand why you are sure that traffic
 can only outlet Shape , You can say that's silly to try to Shape traffic
that came,
 but  if  it works it's worse than outgoing (if only for tcp) it is not
 stupid ?

How do you shape traffic that you have already received?  Or to put it
another way, how do you alter the past?

Re: pf, altq, packet rate

[Lars Nooden]

SJP Lists wrote:
 2009/5/28 irix i...@ukr.net:
 
 Okey,  i  see.  But I can not understand why you are sure that traffic
 can only outlet Shape , You can say that's silly to try to Shape traffic
 that came,
 but  if  it works it's worse than outgoing (if only for tcp) it is not
 stupid ?
 
 How do you shape traffic that you have already received? ...

redirect ingress to a gif or br interface and then throttle the outbound
portion of that? ;)

Re: 4.5 on Thinkpad 600x issue

[STeve Andre']

On Wednesday 27 May 2009 13:12:26 you wrote:
 Update: rsync completed. I brought up X, Firefox, emacs and was downloading
 packages when the curse struck again. Little or no response to the mouse.
 ctrl-alt F2 got me to a fresh login prompt, but every character I type is
 repeated 7 times, so login is impossible. No response to ping and, not
 surprisingly, I can't ssh in. It occurs to me that I'm using a pcmcia 3com
 ethernet card that I haven't used in years and that I don't use when I run
 Linux on this machine (I use a wireless card in that case, but wasn't ready
 to tackle wireless vs. OpenBSD just yet), so that's another hardware
 difference. I suspect that this is just crufty old hardware acting up. I
 think to debug this I will install OpenBSD on another machine I have that
 is

 - newer
 - there will be no hardware variation and it is all known to be good (Linux
 and FreeBSD have both run reliably on that machine).

 /Don

I've never tried installing OpenBSD on a 600x but I'm a little surprised that
it isn't working fine.

Since you are new to OpenBSD, how did you get OpenBSD, and also how
(where) did you get the packages?  You MUST get the packages that
match the version of OpenBSD.  More than one person has gotten a
release CD and then gotten the packages in snapshots/packages/i386
which is -current, the wip stuff that will be a part of the next release.

Also, it would be good to post the contents of /var/run/dmesg.boot, to
see what the kernel thinks of the hardware.  Thats a start.

--STeve Andre'

Re: pf, altq, packet rate

[Johan Beisser]

On Wed, May 27, 2009 at 11:04 AM, SJP Lists sjp.li...@flashbsd.net wrote:
 How do you shape traffic that you have already received?  Or to put it
 another way, how do you alter the past?

I've always just assigned inbound traffic to the existing outbound
queues. My assumption is that the responding traffic would use the
queues appropriately, and the results (watched via pftop) seem to bear
this out.

Then again I'm just using priq at home.

Re: 4.5 on Thinkpad 600x issue

[Donald Allen]

On Wed, May 27, 2009 at 1:26 PM, STeve Andre' and...@msu.edu wrote:
 On Wednesday 27 May 2009 13:12:26 you wrote:
 Update: rsync completed. I brought up X, Firefox, emacs and was downloading
 packages when the curse struck again. Little or no response to the mouse.
 ctrl-alt F2 got me to a fresh login prompt, but every character I type is
 repeated 7 times, so login is impossible. No response to ping and, not
 surprisingly, I can't ssh in. It occurs to me that I'm using a pcmcia 3com
 ethernet card that I haven't used in years and that I don't use when I run
 Linux on this machine (I use a wireless card in that case, but wasn't ready
 to tackle wireless vs. OpenBSD just yet), so that's another hardware
 difference. I suspect that this is just crufty old hardware acting up. I
 think to debug this I will install OpenBSD on another machine I have that
 is

 - newer
 - there will be no hardware variation and it is all known to be good (Linux
 and FreeBSD have both run reliably on that machine).

 /Don

 I've never tried installing OpenBSD on a 600x but I'm a little surprised that
 it isn't working fine.

 Since you are new to OpenBSD, how did you get OpenBSD, and also how
 (where) did you get the packages?

ftp://ftp.cse.buffalo.edu/pub/OpenBSD/4.5/i386/

Downloaded cd45.iso and burned that to a cd. Downloaded bsd plus
*45.tgz (except for the games) and wrote them to a cd (4.5/i386
directory). I probably should have included INSTALL.i386, since the
installer noticed that it was missing from the cd, but other than
making it grumpy, it seemed to do no harm.

 You MUST get the packages that
 match the version of OpenBSD.  More than one person has gotten a
 release CD and then gotten the packages in snapshots/packages/i386
 which is -current, the wip stuff that will be a part of the next release.

 Also, it would be good to post the contents of /var/run/dmesg.boot, to
 see what the kernel thinks of the hardware.  Thats a start.

Ok, will do in a separate msg.

/Don


 --STeve Andre'

Re: pf, altq, packet rate

[irix]

Hello ,


 * irix i...@ukr.net [2009-05-27 18:12]:
 But I can not understand why you are sure that traffic can only
 outlet Shape

 i can not understand why you want to shape outlets.

 you don't understand that inbound shaping doesn't work because you
 have obviously no idea how the network stack works. there is no
 suitable queue inbound to do any queueing on. the ipintrq is way too
 early. so to do any inbound shaping you had to insert another queueing
 step, which is as clever as drinking water from the dead sea when
 you're thirsty. or maybe one could rape the ipintrq somehow. but i
 don't and won't rape.

by  shaping  the  incoming  traffic,  I  mean  simple  dropper  without
constructing  queues. All that the above specified speed dropped until
the  flow becomes less than or equal to specified speed. That actually
makes CDNR, which arrears.



 But it pains me to see the obvious defects in my favorite system,

 interestingly, in the 6 years since I did the altq/pf merge, you're
 the only one to see that obvious defect

 and complete indifference on the part of developers to the obvious defects.

 obviously the developers have no clue about what they are doing, and
 the milestones they have to meet by the contract they have with you

 understood the joke. Funny
-- 
Best regards,
 irix  mailto:i...@ukr.net

Re: pf, altq, packet rate

[SJP Lists]

2009/5/28 Johan Beisser j...@caustic.org:
 On Wed, May 27, 2009 at 11:04 AM, SJP Lists sjp.li...@flashbsd.net wrote:
 How do you shape traffic that you have already received?  Or to put it
 another way, how do you alter the past?

 I've always just assigned inbound traffic to the existing outbound
 queues. My assumption is that the responding traffic would use the
 queues appropriately, and the results (watched via pftop) seem to bear
 this out.

Thanks Lars and Johan,

I was trying to highlight to irix that once traffic is received, it is
too late to alter the bandwidth it already used coming in.

In other words, doing it on the incoming is pointless.  Thus, as in
your examples, the logic behind shaping only on the outbound.

i.e.You can easily delay sending something you have, but you have
little to no control over the ingress traffic of a link where only the
local host you have control of.


Shane

Re: ral(4) driver and RT2860 + RT2850 chips

[Chris Jones]

I thought I would update the list with some new info I have now that I
am running a PC engines alix2d2 and OpenBSD 4.5-stable.

When I received the alix board I just swapped the CF card out of my
Soekris net4501 and put it in the alix board. At that time I was running
OpenBSD 4.4-stable. After making the swap the ral card was still
behaving the same as it was before, so I decided to upgrade to 4.5 as I
was planning to do this anyhow.

After upgrading to 4.5 the ral card (SparkLan WMIR-200N) started working
just fine. I decided to check the changelog to see what had changed
since 4.4 and noticed:

Fix HW crypto on ral(4) devices.

Because my card has a RT2860 chip and the driver supports offloading of
encryption  decryption to the hardware, I suspect this could have been
the isse. The ral card is running in host-ap mode and has been working
flawlessly ever since. See dmesg below.

Cheers,
-Chris

OpenBSD 4.5 (GENERIC) #0: Wed Mar 18 13:35:27 MDT 2009
r...@obsd45.localdomain:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Geode(TM) Integrated Processor by AMD PCS (AuthenticAMD
586-class) 499 MHz
cpu0: FPU,DE,PSE,TSC,MSR,CX8,SEP,PGE,CMOV,CFLUSH,MMX
real mem  = 268009472 (255MB)
avail mem = 250859520 (239MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 11/05/08, BIOS32 rev. 0 @ 0xfd088
pcibios0 at bios0: rev 2.1 @ 0xf/0x1
pcibios0: pcibios_get_intr_routing - function not supported
pcibios0: PCI IRQ Routing information unavailable.
pcibios0: PCI bus #0 is the last bus
bios0: ROM list: 0xe/0xa800
cpu0 at mainbus0: (uniprocessor)
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 1 function 0 AMD Geode LX rev 0x33
AMD Geode LX Crypto rev 0x00 at pci0 dev 1 function 2 not configured
vr0 at pci0 dev 9 function 0 VIA VT6105M RhineIII rev 0x96: irq 10,
address 00:0d:b9:17:7b:b8
ukphy0 at vr0 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI
0x004063, model 0x0034
vr1 at pci0 dev 11 function 0 VIA VT6105M RhineIII rev 0x96: irq 15,
address 00:0d:b9:17:7b:b9
ukphy1 at vr1 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI
0x004063, model 0x0034
ral0 at pci0 dev 12 function 0 Ralink RT2860 rev 0x00: irq 9, address
00:0e:8e:20:84:94
ral0: MAC/BBP RT2860 (rev 0x0102), RF RT2850 (MIMO 2T3R)
hifn0 at pci0 dev 14 function 0 Hifn 7955/7954 rev 0x00: LZS 3DES ARC4
MD5 SHA1 RNG AES PK, 32KB dram, irq 11
glxpcib0 at pci0 dev 15 function 0 AMD CS5536 ISA rev 0x03: rev 0,
32-bit 3579545Hz timer, watchdog, gpio
gpio0 at glxpcib0: 32 pins
pciide0 at pci0 dev 15 function 2 AMD CS5536 IDE rev 0x01: DMA,
channel 0 wired to compatibility, channel 1 wired to compatibility
wd0 at pciide0 channel 0 drive 0: SILICONSYSTEMS INC 1GB
wd0: 1-sector PIO, LBA, 999MB, 2046240 sectors
wd0(pciide0:0:0): using PIO mode 4, DMA mode 2
pciide0: channel 1 ignored (disabled)
ohci0 at pci0 dev 15 function 4 AMD CS5536 USB rev 0x02: irq 12,
version 1.0, legacy support
ehci0 at pci0 dev 15 function 5 AMD CS5536 USB rev 0x02: irq 12
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 AMD EHCI root hub rev 2.00/1.00 addr 1
isa0 at glxpcib0
isadma0 at isa0
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
com0: console
com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
pcppi0 at isa0 port 0x61
midi0 at pcppi0: PC speaker
spkr0 at pcppi0
npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
usb1 at ohci0: USB revision 1.0
uhub1 at usb1 AMD OHCI root hub rev 1.00/1.00 addr 1
biomask 71e7 netmask ffe7 ttymask 
mtrr: K6-family MTRR support (2 registers)
nvram: invalid checksum
softraid0 at root
root on wd0a swap on wd0b dump on wd0b
clock: unknown CMOS layout

Chris Jones wrote:
 Good evening,
 
 I just picked up a SparkLan WMIR-200N which I've put in my Soekris
 net4501. The ral(4) driver says it supports the Ralink RT2860 and RT2850
 chips on this card. OpenBSD detects the card however when I configure it
 in hostap mode with WPA2-PSK, my Macbook or any wifi capable computer
 will connect momentarily and then disconnects.
 
 Has anyone had any experience with this card running under OpenBSD?
 Also, how can I debug the ral(4) driver? Here is my dmesg output as
 well as my hostname.if configuration.
 
 Thanks,
 -Chris
 
 dmesg
 -
 
 OpenBSD 4.4 (GENERIC) #0: Sat Nov 15 07:42:40 PST 2008
 r...@ob44dev.localdomain:/usr/src/sys/arch/i386/compile/GENERIC
 cpu0: AMD Am5x86 W/B 133/160 (AuthenticAMD 486-class)
 cpu0: FPU
 real mem  = 66678784 (63MB)
 avail mem = 55017472 (52MB)
 mainbus0 at root
 bios0 at mainbus0: AT/286+ BIOS, date 20/80/03, BIOS32 rev. 0 @ 0xf7840
 pcibios0 at bios0: rev 2.0 @ 0xf/0x1
 pcibios0: pcibios_get_intr_routing - function not supported
 pcibios0: PCI IRQ Routing information unavailable.
 pcibios0: PCI bus #0 is the last bus
 bios0: ROM list: 0xc8000/0x9000
 cpu0 at mainbus0
 pci0 at mainbus0 bus 0: configuration mode 1 (bios)
 elansc0 at pci0 dev 0 function 0 AMD ElanSC520 PCI rev 0x00: product 0
 stepping 1.1, CPU clock 133MHz, reset 40SCP
 gpio0 at 

Re: 4.5 on Thinkpad 600x issue

[Johan Beisser]

On Wed, May 27, 2009 at 10:26 AM, STeve Andre' and...@msu.edu wrote:

 I've never tried installing OpenBSD on a 600x but I'm a little surprised
that
 it isn't working fine.

You're in for a few surprises when you do then. It should work fine,
but there's some ACPI issues that have never been addressed.

 Since you are new to OpenBSD, how did you get OpenBSD, and also how
 (where) did you get the packages?  You MUST get the packages that
 match the version of OpenBSD.  More than one person has gotten a
 release CD and then gotten the packages in snapshots/packages/i386
 which is -current, the wip stuff that will be a part of the next release.

The 600x has a CDRom/DVD drive in it. It comes standard.

 Also, it would be good to post the contents of /var/run/dmesg.boot, to
 see what the kernel thinks of the hardware.  Thats a start.

I'll include something I sent to Donald Allen, edited to make things a
little more contextually relevant:

The key problem would keep happening [the freezing/slowdown]. Mostly
due to IRQ 11 being shared between USB, keyboard and PCMCIA. Large
amounts of traffic through that IRQ would cause locking issues in the
kernel. It really
is a hardware issue with that specific model of laptop; I had them
with FreeBSD [5.2], OpenBSD [4.1, 4.2, and 4.3], and Linux [2.6.10].

It's a problem I presumed was just with my 600x, but some of my
research has shown it's a model issue, related to IRQ assignment in
kernel. The only OS that hasn't had a problem with the hardware is
Windows XP. Whether that's due to the OS masking it or knowing
something more intimately about the odd hybrid of ACPI and APM the
BIOS presents, I can't say.

I'm just not surprised the problem still exists in 4.5.

xdm xinerama

[Need Coffee]

I have an OpenBSD-current machine running xdm, xdmcp enabled.

If I try to connect to it from a Solaris 9 machine with Xinerama enabled,
I get this in /var/log/xdm.log:

X Error of failed request:  BadPixmap (invalid Pixmap parameter)
  Major opcode of failed request:  129 (XINERAMA)
  Minor opcode of failed request:  4 (XINERAMAIsActive)
  Resource id in failed request:  0x18000c
  Serial number of failed request:  59
  Current serial number in output stream:  59
select returns -1.  Rescan: 0  ChildReady: 1

Without xinerama, it works.  Is there a way to allow this to work?
I see that xdm has some knowledge of xinerama, so I'm assuming this
is a Solaris issue?

Thanks in advance for any help.

Re: OpenBSD and Realtek rtl8187: 8187B wireless chipset

[John .]

2009/5/27 Nido n...@foxserver.be:
 2009/5/27, Martynas Venckus marty...@altroot.org:
 snip
 From: John . comp.j...@googlemail.com
 snip
 Hello list,

 Are there any plans to support the realtek rtl8187: 8187B wireless
 chipset?
 Is it available in -current?

 yup;  i am writing this email from one.  ;-)  got it working couple
 of months ago but was slac^H^H^H^Hbusy and did not clean it up yet;

 which one do you have?  usbdevs -v?

 I don't have an OpenBSD cd or partition at hand for that machine so
 I'm sorry I can't give you the output of 'usbdevs -v'. If desired I
 will produce that for you later.

 The ID of my card is, according to Linux's lsusb: ID 0bda:8197
 Realtek Semiconductor Corp. RTL8187B Wireless Adapter. Can you
 confirm this specific instance of this card to (at least partly) work.


Hi,

machine:

j...@john-desktop:~$ uname -a
Linux john-desktop 2.6.28-11-generic #42-Ubuntu SMP Fri Apr 17
01:58:03 UTC 2009 x86_64 GNU/Linux

Output of lsusb:

j...@john-desktop:~$ lsusb
Bus 001 Device 002: ID 04f2:b064 Chicony Electronics Co., Ltd
Bus 001 Device 003: ID 0bda:8197 Realtek Semiconductor Corp. RTL8187B
Wireless Adapter
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 006 Device 002: ID 0930:0508 Toshiba Corp. Integrated Bluetooth HCI
Bus 006 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 005 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 004 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 003 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 002 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub

It works, I'm using it now. Oddly, I have to use recovery mode in the
boot menu, recover nothing, then wifi is seen. I think the reason for
this is because it pauses probing, maybe it needs time to wake up. If
I just boot ubuntu normally, it never initializes (it times out) and
it never re-initializes

I want this laptop to be multi-boot vista/openbsd. All serious work
being done on openbsd. I need to keep the vista part for work reasons.
i'd be completely grateful if you could tell me what you did to get
this wifi to work under openbsd.

Many thanks,
--
John

Re: pf, altq, packet rate

[Johan Beisser]

On Wed, May 27, 2009 at 12:02 PM, SJP Lists sjp.li...@flashbsd.net wrote:

 Thanks Lars and Johan,

 I was trying to highlight to irix that once traffic is received, it is
 too late to alter the bandwidth it already used coming in.

 In other words, doing it on the incoming is pointless.  Thus, as in
 your examples, the logic behind shaping only on the outbound.

You can always inform the other end that your window is smaller than
it is (pf.conf(5) red/rio/ecn on the queue).

Or, simply randomly drop some incoming packets for that protocol to
force retransmission (see pf.conf(5) probability flag for a given
line) which should cause the remote end renegotiate its link to you as
unreliable, and retransmit. A probability of 5% would prevent inbound
connections from fully saturating.

 i.e.You can easily delay sending something you have, but you have
 little to no control over the ingress traffic of a link where only the
 local host you have control of.

Bingo.

Re: pf, altq, packet rate

[(private) HKS]

2009/5/27 irix i...@ukr.net:
 Hello Misc,

 since queueing only happens at output, that's going to be totally
 useless. it's not just a question of how altq distinguishes traffic,
 you're asking to totally change how altq works.

 Okey,  i  see.  But I can not understand why you are sure that traffic
 can only outlet Shape , You can say that's silly to try to Shape traffic
that came,
 but  if  it works it's worse than outgoing (if only for tcp) it is not
 stupid ?

 Assume that you are right and the traffic can Shape only outlet for what
purpose then in other projects (freebsd, linux, netbsd)
 including  the original altqd opportunity for shaping incoming traffic
 via CDNR has been included?

 This is not the presentation of claims or something else, I want to
understand why you uperlis and
 do not want to see nothing else.

What is uperlis?


 if you have some requirement for features that altq+pf doesn't have
 at the moment, you have a few choices:

 - use different software that already does what you want.

 - pay someone to code the features.

 - code the features yourself. (if you don't code, this will require
 learning how to do that first, obviously).

 I did.

You did what?

 But it pains me to see the obvious defects in my favorite system,
 and complete indifference on the part of developers to the obvious defects.

This is not a defect. Throttling inbound traffic is meaningless. The
point of throttling traffic is to reduce load on network elements
(links, routers, etc) and possibly enforce accounting policies. The
traffic has already arrived at your router so it has already traversed
the link and been processed by the network stack. You throttle what
you can control - like the rate at which traffic from the world
egresses the internal interface on your router on its way to the host
you want throttled.


 but, unless you want to use altq on a server (rather than a router),
 there isn't really a problem with the queuing happening only on output.
 just give the queues on both interfaces the same name, then you can
 assign in both directions with a single rule.

 stupid example ruleset. not actually tested, but I have others like
 it, and it should be enough to give you the general idea.

 -- -- -- -- --
 altq on bge0 cbq bandwidth 4000Kb queue { normal, slow, fast }
 altq on vlan5 cbq bandwidth 2Kb queue { normal, slow, fast }
 altq on vlan9 cbq bandwidth 1000Kb queue { normal, slow, fast }

 queue normal bandwidth 40% priority 4 cbq(default borrow)
 queue slow bandwidth 10% priority 1
 queue fast bandwidth 50% priority 7

 pass
 pass in proto icmp queue (slow)
 pass in proto tcp to port 22 queue (fast)
 -- -- -- -- --

 (I think some people just look at a couple of example configs which
 use different queue names on interfaces and assume that it's necessary,
 but it isn't).

 Thanks, for this example. I did not know this.

 But under dynamic queues, I understand, the creation of a large number of
dynamic patterns.
 For example creates template for the queue with an indication of the speed
such as 512Kbit / s,
 and then creates template for the filter of which you can
 specify a subnet like 192.168.1.0/24 and this pattern break this subnet to
the desired number of rules in this case,
 to 254, and under each This rule will create a dynamic part of the dynamic
pattern of 512Kbit / s for each rule.

What?

-HKS


 --
 Best regards,
  irix  mailto:i...@ukr.net

Re: OpenBSD and Realtek rtl8187: 8187B wireless chipset

[Nido]

2009/5/27, John . comp.j...@googlemail.com:
 2009/5/27 Nido n...@foxserver.be:
 2009/5/27, Martynas Venckus marty...@altroot.org:
 snip
 From: John . comp.j...@googlemail.com
 snip
 Hello list,

 Are there any plans to support the realtek rtl8187: 8187B wireless
 chipset?
 Is it available in -current?

 yup;  i am writing this email from one.  ;-)  got it working couple
 of months ago but was slac^H^H^H^Hbusy and did not clean it up yet;

 which one do you have?  usbdevs -v?

 I don't have an OpenBSD cd or partition at hand for that machine so
 I'm sorry I can't give you the output of 'usbdevs -v'. If desired I
 will produce that for you later.

 The ID of my card is, according to Linux's lsusb: ID 0bda:8197
 Realtek Semiconductor Corp. RTL8187B Wireless Adapter. Can you
 confirm this specific instance of this card to (at least partly) work.


 Hi,

 machine:

 j...@john-desktop:~$ uname -a
 Linux john-desktop 2.6.28-11-generic #42-Ubuntu SMP Fri Apr 17
 01:58:03 UTC 2009 x86_64 GNU/Linux

 Output of lsusb:

 j...@john-desktop:~$ lsusb
 Bus 001 Device 002: ID 04f2:b064 Chicony Electronics Co., Ltd
 Bus 001 Device 003: ID 0bda:8197 Realtek Semiconductor Corp. RTL8187B
 Wireless Adapter
 Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
 Bus 006 Device 002: ID 0930:0508 Toshiba Corp. Integrated Bluetooth HCI
 Bus 006 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
 Bus 005 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
 Bus 004 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
 Bus 003 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
 Bus 002 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub

 It works, I'm using it now. Oddly, I have to use recovery mode in the
 boot menu, recover nothing, then wifi is seen. I think the reason for
 this is because it pauses probing, maybe it needs time to wake up. If
 I just boot ubuntu normally, it never initializes (it times out) and
 it never re-initializes

 I want this laptop to be multi-boot vista/openbsd. All serious work
 being done on openbsd. I need to keep the vista part for work reasons.
 i'd be completely grateful if you could tell me what you did to get
 this wifi to work under openbsd.

 Many thanks,
 --
 John

I think you may have mistaken my post. We do have the same wireless
chip but I have not gotten it to work with OpenBSD yet. In fact; I
haven't got OpenBSD running on this particular laptop now. I am
thinking of installing the OpenBSD soon and switching it to -current
for the first time and see what happens.

Unfortunately; my few experiences with the BSDs, and my cumbersome
internet situation make it so I can not really tell whether a failing
configuration would be because the driver is having issues with the
hardware; or (more likely) PEBKaC. So I am, just as you, looking for
confirmation of someone more experienced having gotten the driver to
work.

On Linux; modinfo states that even with only the Realtek VendorID; the
productID 8198, 8197, 8189 and 8187 are working with that driver.
However; from experience when the driver was first released into the
kernel; I learnt that the 8197 does work a bit different then the 8187
and 8189 ones. As such; I suspect it could work a bit different on the
0846:4260 card Martynas has.

Can anyone confirm success with Realtek 8187B cards other then the
BayNETGEAR WG111v3 one?

multilink VPN

[James Mackinnon]

Hi All

Here is my situation and I am hoping for a little guidance on this one

I have 2 locations, both with 2 fiber internet connections

I need to setup redundant VPN's between these locations without the use of
BGP.


So, my setup would be something like this

Location A
Firewall 1
Connection to ISP1
Wan IP 24.22.22.1

Firewall 2
Connection to ISP2
Wan IP 33.33.33.1

Internal Interfaces are in a carp setup
Internal IP range is 192.168.0.0/24

Location B
Firewall 1
Connection to ISP1
Wan IP 24.22.21.1

Firewall 2
Connection to ISP2
Wan IP 33.33.32.1

Internal Interfaces are in a carp setup
Internal IP Range is 192.168.1.0/24


I have used sasync in the past, pfsync etc however, I have not tried to setup
a VPN where 2 ISPs are used without the ISPs setup with BGP.  Because BGP
convergance can take a bit of time, and the network in this case not being
able to drop for 1 second, I need to determine what option is best.

I have spoke with a cisco guy today and they can do multilink VPN's on cisco
for this, however, being a bit of a OpenBSD fan and prefer to use Openbsd over
cisco any time I can, I would really like to accomplish this task using
OpenBSD.

Thoughts or direction would be great


james

Re: pf, altq, packet rate

[Stuart Henderson]

On 2009-05-27, irix i...@ukr.net wrote:
 Assume that you are right and the traffic can Shape only outlet
 for what purpose then in other projects (freebsd, linux, netbsd)
 including  the original altqd opportunity for shaping incoming traffic
 via CDNR has been included?

so, let's look at FreeBSD's manpage.

 ALTQ_CDNR   Build the traffic conditioner.  This option is meaningless at
 the moment as the conditioner is not used by any of the
 available disciplines or consumers.

or a fairly recent NetBSD list post:

The input limiter absolutely doesn't work under NetBSD-3, it seems,
and I've found some other posts on the web that seem to confirm this.
[...]   I have a NetBSD-4 build of this box, which is an embeded system, which
I could deploy in this application, but it's not a trivial exercise to do
so.  So, I'm wondering if anyone has used and can report whether the input
traffic conditioner actually works to limit traffic on input traffic under
NetBSD-4.  

...

 But under dynamic queues, I understand, the creation of a large number of
 dynamic patterns.
 For example creates template for the queue with an indication of the speed
 such as 512Kbit / s,
 and then creates template for the filter of which you can
 specify a subnet like 192.168.1.0/24 and this pattern break this subnet to
 the desired number of rules in this case,
 to 254, and under each This rule will create a dynamic part of the dynamic
 pattern of 512Kbit / s for each rule.

On 2009-05-27, (private) HKS hks.priv...@gmail.com wrote:
 What?


If you want to throttle all your clients to, say, 512Kb/sec, you need a
stack of separate queues, and a stack of match rules for them. You can set
them up individually via pfctl/pf.conf but it's a bit messy, you'd probably
want to do part of it via some script or preprocessor. (I think using a
shell script to generate a file to include would be viable though).

Real dynamic queues would be created and destroyed on-the-fly which
could help it scale a bit further, but I don't know how useful it would
be, the first thing that comes to mind is memory use, but each extra
queue doesn't use _all_ that much from the pool unless it's actively
in-use. There might be problems other than memory when using a huge
number of queues, I don't know, never used more than a handful here...
something for someone who has a big setup to look at and profile, really.

Re: pf, altq, packet rate

[Anthony Roberts]

 I was trying to highlight to irix that once traffic is received, it is
 too late to alter the bandwidth it already used coming in.

Dropping packets you've already received can have the impact of causing
well-behaved hosts to back off when sending future packets. That's a useful
result in itself, even though it's not as powerful as what you can do in
the outbound direction.

-Anthony

Re: pf, altq, packet rate

[SJP Lists]

2009/5/28 Johan Beisser j...@caustic.org:

 I was trying to highlight to irix that once traffic is received, it is
 too late to alter the bandwidth it already used coming in.

 In other words, doing it on the incoming is pointless.  Thus, as in
 your examples, the logic behind shaping only on the outbound.

 You can always inform the other end that your window is smaller than
 it is (pf.conf(5) red/rio/ecn on the queue).

 Or, simply randomly drop some incoming packets for that protocol to
 force retransmission (see pf.conf(5) probability flag for a given
 line) which should cause the remote end renegotiate its link to you as
 unreliable, and retransmit. A probability of 5% would prevent inbound
 connections from fully saturating.

I know this is an option, but forcing the resending of traffic doesn't
seem to be the most efficient method to me, when I could instead just
shape that same traffic when it leaves another interface.

Re: pf, altq, packet rate

[Johan Beisser]

On Wed, May 27, 2009 at 10:44 PM, SJP Lists sjp.li...@flashbsd.net wrote:

 I know this is an option, but forcing the resending of traffic doesn't
 seem to be the most efficient method to me, when I could instead just
 shape that same traffic when it leaves another interface.

It's a horrible option, but it's what was being requested. You're
better off assigning inbound traffic to your normal outbound queues
and using ECN/RIO/RED to handle your congestion and notification
instead. Combined with HFSC or CBQ, it's a powerful tool for shaping
the behavior of the remote end sending you data.

Properly, if you're getting saturated, you should send ICMP type 4
(squench) to notify that your sender should back off on how fast
they're transmitting traffic, instead of forcing retransmits of the
missing packets during the window.