strange behaviour with amd64, 3des and crypto accelerator
Hi misc! configuration is following: Server | Router0 || ||ipsec tunnel || Router1 | Client ipsec tunnel between routers is using following parameters: ike esp transport proto ipencap from R0_IP to R1_IP \ local R0_IP peer R1_IP quick auth hmac-sha1 enc 3des \ srcid R0_NAME dstid R1_NAME Routers are directly connected(no other devices between them) Both routers are running OpenBSD 4.7 amd64 MP kernel with stable patches. Both routers have a crypto accelerator: ubsec0 at pci2 dev 1 function 0 Sun Crypto 5821 rev 0x01: 3DES MD5 SHA1 RNG PK, apic 9 int 5 (irq 10) Now the problem. When using iperf, everything works perfectly(tried UDP and TCP at various packet sizes). Same goes with ping. The only way(so far), i've been able to reproduce the problem, is using either mysql client to connect to mysql server or doing telnet to the mysql servers 3306 port. The connection fails on both cases. Tcpdump in the server side routers ipsec tunnel gif shows the following: 10:05:35.320881 192.168.8.46.45873 192.168.7.7.3306: S 3861220531:3861220531(0) win 5840 mss 1460,sackOK,timestamp 2517252528 0,nop,wscale 6 [tos 0x10] 10:05:35.321063 192.168.7.7.3306 192.168.8.46.45873: S 25184535:25184535(0) ack 3861220532 win 5792 mss 1460,sackOK, timestamp 4053315240 2517252528,nop,wscale 7 10:05:35.321951 192.168.8.46.45873 192.168.7.7.3306: . ack 1 win 92 nop,nop,timestamp 2517252528 4053315240 [tos 0x10] 10:05:35.322402 192.168.7.7.3306 192.168.8.46.45873: P 1:75(74) ack 1 win 46 nop,nop,timestamp 4053315241 2517252528 [tos 0x8] 10:05:35.530663 192.168.7.7.3306 192.168.8.46.45873: P 1:75(74) ack 1 win 46 nop,nop,timestamp 4053315293 2517252528 [tos 0x8] 10:05:35.937570 192.168.7.7.3306 192.168.8.46.45873: P 1:75(74) ack 1 win 46 nop,nop,timestamp 4053315395 2517252528 [tos 0x8] 10:05:36.753450 192.168.7.7.3306 192.168.8.46.45873: P 1:75(74) ack 1 win 46 nop,nop,timestamp 4053315599 2517252528 [tos 0x8] 10:05:38.385517 192.168.7.7.3306 192.168.8.46.45873: P 1:75(74) ack 1 win 46 nop,nop,timestamp 4053316007 2517252528 [tos 0x8] 10:05:41.649605 192.168.7.7.3306 192.168.8.46.45873: P 1:75(74) ack 1 win 46 nop,nop,timestamp 4053316823 2517252528 [tos 0x8] On the client side routers gif interface i can see only the first three packets. netstat -ssp esp shows that, everytime i try this, counter packets that failed verification received increases only on the client side router. The problem is symmetrical - if i reverse the direction, same things happen, but all the beforementioned events have swithced places and are on the other router now. When using aes instead of 3des, the problem does not occur. My guess is that it is so due to the lack of aes support of the crypto accelerator. When crypo accelerator is not present in the system, i haven't been able to reproduce the problem. I have seen the same problem also in 4.8(amd64) and 4.9 current(amd64) from 08.02.11. Using SP kernel doesn't solve the problem. In the test environment i couldn't reproduce the problem with 4.7 i386 (with mysql client), but i saw the same symptoms when i tried it in the live environment. Perhaps the problem didn't occur due to low system load in the lab setup. I have also tested it with IPSec tunnel mode. Problem doesn't occur with mysql client, but in live environment some packets still fail verification and there are problems with some services. It's nature seems to me similar to some MTU problems but packet sizes do not confirm that and there is no problem with aes. For that reason, i believe, that we can exclude PF as the source of the problem. Routers hardware is almost identical(processor speed and the amount of memory are different). Both are running on HP Proliant 365 G1. Dmesg of the server side router is following: OpenBSD 4.7 (GENERIC.MP) #1: Mon Jan 17 16:12:03 EET 2011 root@router.local:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 2144657408 (2045MB) avail mem = 2078121984 (1981MB) mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xee000 (64 entries) bios0: vendor HP version A10 date 03/27/2008 bios0: HP ProLiant DL365 G1 acpi0 at bios0: rev 2 acpi0: tables DSDT FACP SPCR MCFG HPET SPMI ERST APIC SRAT BERT HEST acpi0: wakeup devices acpitimer0 at acpi0: 3579545 Hz, 32 bits acpihpet0 at acpi0: 14318180 Hz acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Dual-Core AMD Opteron(tm) Processor , 3000.59 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT ,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,CX16,NXE,MMXX,FFXSR,LONG,3DNOW2, 3DNOW cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 1MB 64b/line 16-way L2 cache cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu0: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu0: apic clock running at 200MHz cpu1 at mainbus0: apid 1 (application processor) cpu1: Dual-Core AMD Opteron(tm) Processor ,
Re: SSH getting blocked on PF after 30 seconds (OpenBSD 4.7)
Thank you for your replies so far. Interestingly enough, killing off stateful filtering seems to have done the trick. The router happens to be running BGP along with another couple of OpenBSD boxes also running BGP. After much extensive digging, I eventually found this little paragraph from Claudio Jeker hiding deep in the internet... I generally do not filter on core routers because of the asymetric routing. Stateless filtering works OK to block the martians and other unwanted traffic at the boarder but keep the ruleset as minimal as possible. Claudio Jeker Sat, 30 Jan 2010 05:01:26 -0800 So thank you Claudio ! :) Perhaps I can humbly suggest that the powers that be consider adding this sort of useful information to the FAQ or docs, because it would have saved me many, many hours of frustration and confusion. At the moment, the FAQ and docs are written from the point of view of a single-homed stub system with a simple default route to an ISP router. It would be nice to see more consideration for more advanced applications of OpenBSD where stateful filtering might not be such a Good Thing (TM) as the docs and FAQ make it out to be. Also, while I've got your attention. There's not much information at all as to the benefits/disadvantages of using sloppy states vs no states.
Re: brcm80211
It's not only in Arch, Debian/Ubuntu/OpenSUSE say the same thing. Anyway.. It's the header in all src files at /drivers/staging/brcm80211/: -- /* * Copyright (c) 2010 Broadcom Corporation * * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED AS IS AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -- --- Em qui, 10/2/11, Skylar Hawk skylar.j.h...@gmail.com escreveu: De: Skylar Hawk skylar.j.h...@gmail.com Assunto: Re: brcm80211 Para: Tissio Fechine precheca...@yahoo.com.br Cc: misc@openbsd.org Data: Quinta-feira, 10 de Fevereiro de 2011, 23:18 2011/2/10 Tissio Fechine precheca...@yahoo.com.br Hello, My wifi card (Broadcom 4313 - 0x4727) is currently unsupported by OpenBSD. But in Arch linux, modinfo brcm80211 (the driver for this card) shows that its BSD/GNU licensed: ... filename: /lib/modules/2.6.37-ARCH/kernel/drivers/staging/brcm80211/brcm80211.ko.gz license:Dual BSD/GPL description:Broadcom 802.11n wireless LAN driver. author: Broadcom Corporation alias: pci:v14E4d4727sv*sd*bc*sc*i* alias: pci:v14E4d4353sv*sd*bc*sc*i* alias: pci:v14E4d4357sv*sd*bc*sc*i* depends:mac80211,cfg80211 ... I just want to know if someone is aware of that fact, and if the proper support is in the TODO list. Thaks! I think the Arch Linux folks lied a bit there... I've got the same wifi card, and I looked at the driver that the Broadcom Corporation released, and it is not Dual BSD/GPL licensed. It uses their own license. You can check it out here: http://www.broadcom.com/docs/linux_sta/hybrid-portsrc_x86_32-v5_100_82_38.tar .gz The license is in lib/LICENSE.txt
Maestr�a en Administraci�n de Proyectos
Title:::Universidad para la Cooperacion Internacional:: Si no puede ver este anuncio, haga click aqum Maestrma en ADMINISTRACISN DE PROYECTOS MAESTRMAS Y POSGRADOS EN MODALIDAD 100% VIRTUAL Y SEMIPRESENCIAL Maestrma en Administracisn de Proyectos Objetivo general: Formar profesionales capaces de asesorar a empresas en el logro de sus proyectos tomando en cuenta los principales factores crmticos de ixito: tiempo, presupuesto, producto y objetivos estratigicos. Ventajas de la maestrma [*]Maestrma que incorpora los estandares y criterios del Project Management Institute (PMI)\n [*]Registrada como Proveedor Global de Educacisn y znica universidad en Latinoamirica como Global Accreditation Center-GAC.\n [*]Profesores idsneos de diferentes nacionalidades con experiencia docente y empresarial de excelencia que le asegura una formacisn completa e integral.\n [*]Modalidad 100% virtual, disponible 24/7\n [*]Adquiere PDU4s para certificaciones PMI.\n [*]Al inscribirse en la maestrma queda asociado al PMI\n 100% Virtual Calidad internacional Becas parciales disponibles MATRICULA ABIERTA Para mas informacisn UNIVERSIDAD PARA LA COOPERACISN INTERNACIONAL (506) 2283-6464 www.uci.ac.cr i...@uci.ac.cr CONOCIMIENTO SIN FRONTERAS Primera universidad en Amirica Latina en obtener la distincisn Global Accreditation Center (GAC) del Project Management Institute - PMI. Para mayor informacisn, llene sus datos haciendo click aqum Puedes ver esta y todas las promociones desde el sitio de Direct Publiweb en: Si desea anunciarse con nosotros, contactenos. Telifonos: (502) 2361-7900 / (502) 2377-1272 Fax: (502) 2331-6749 Registre gratuitamente a un amigo, o actualice sus datos a cambio de futuros incentivos. Si no desea recibir mas promociones o informacisn, remuivase aqum. Emarketing - Paginas Web - Presentaciones Interactivas
default route interface not in group egress
I am puzzled by the fact that interface ppp0 is not automagically assigned to interface group ``egress'' though a default route points to it. This does not seem to match ifconfig(8): ``The interface(s) the default route(s) point to are members of the egress interface group.'' On the other hand bwi0 stays in the ``egress'' group even if the default route pointing to it is removed. According to my OpenBSD experience it is probably me getting something wrong, anyone got a clue stick to apply on me? $ netstat -n -r -f inet Routing tables Internet: DestinationGatewayFlags Refs Use Mtu Prio Iface default192.168.111.111UGS1 68 -12 bwi0 default10.1.67.76 UG 00 -56 ppp0 10.1.67.76 10.120.190.120 UH 10 - 4 ppp0 127/8 127.0.0.1 UGRS 00 33200 8 lo0 127.0.0.1 127.0.0.1 UH 5 82 33200 4 lo0 192.168.111/24 link#1 UC 10 - 4 bwi0 192.168.111.11100:0e:56:00:4f:90 UHLc 14 - 4 bwi0 192.168.111.205127.0.0.1 UGHS 00 33200 8 lo0 224/4 127.0.0.1 URS00 33200 8 lo0 $ ifconfig bwi0 bwi0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:14:a4:81:85:48 priority: 4 groups: wlan egress media: IEEE802.11 autoselect (DS11 mode 11b) status: active ieee80211: [snip] inet6 fe80::214:a4ff:fe81:8548%bwi0 prefixlen 64 scopeid 0x1 inet 192.168.111.205 netmask 0xff00 broadcast 192.168.111.255 $ ifconfig ppp0 ppp0: flags=8051UP,POINTOPOINT,RUNNING,MULTICAST mtu 1500 priority: 0 groups: ppp inet 10.120.190.120 -- 10.1.67.76 netmask 0xff00 $ sudo route -n delete default $ netstat -n -r -f inet Routing tables Internet: DestinationGatewayFlags Refs Use Mtu Prio Iface default10.1.67.76 UG 0 14 -56 ppp0 10.1.67.76 10.120.190.120 UH 10 - 4 ppp0 127/8 127.0.0.1 UGRS 00 33200 8 lo0 127.0.0.1 127.0.0.1 UH 3 280 33200 4 lo0 192.168.111/24 link#1 UC 10 - 4 bwi0 192.168.111.11100:0e:56:00:4f:90 UHLc 0 24 - 4 bwi0 192.168.111.205127.0.0.1 UGHS 00 33200 8 lo0 224/4 127.0.0.1 URS00 33200 8 lo0 $ ifconfig bwi0 bwi0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:14:a4:81:85:48 priority: 4 groups: wlan egress media: IEEE802.11 autoselect (DS11 mode 11b) status: active ieee80211: [snip] inet6 fe80::214:a4ff:fe81:8548%bwi0 prefixlen 64 scopeid 0x1 inet 192.168.111.205 netmask 0xff00 broadcast 192.168.111.255 $ ifconfig ppp0 ppp0: flags=8051UP,POINTOPOINT,RUNNING,MULTICAST mtu 1500 priority: 0 groups: ppp inet 10.120.190.120 -- 10.1.67.76 netmask 0xff00 $ dmesg OpenBSD 4.9-beta (GENERIC) #650: Sun Feb 6 17:26:25 MST 2011 t...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Mobile Intel(R) Pentium(R) 4 - M CPU 2.00GHz (GenuineIntel 686-class) 2 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,CNXT-ID,xTPR real mem = 1072721920 (1023MB) avail mem = 1045041152 (996MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 06/12/03, BIOS32 rev. 0 @ 0xfd7e0, SMBIOS rev. 2.31 @ 0xe0010 (48 entries) bios0: vendor IBM version 1IET66WW (2.05 ) date 06/12/2003 bios0: IBM 2366EG9 acpi0 at bios0: rev 2 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP SSDT ECDT TCPA BOOT acpi0: wakeup devices LID_(S3) SLPB(S3) UART(S3) PCI0(S4) PCI1(S4) DOCK(S4) USB0(S3) USB1(S3) USB2(S3) AC97(S4) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpiec0 at acpi0 acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 1 (AGP_) acpiprt2 at acpi0: bus 2 (PCI1) acpicpu0 at acpi0: C3, C2, FVS, 2000, 1200 MHz acpipwrres0 at acpi0: PUBS acpitz0 at acpi0: critical temperature 94 degC acpibtn0 at acpi0: LID_ acpibtn1 at acpi0: SLPB acpibat0 at acpi0: BAT0 model IBM-COMPATIBLE serial 20884 type LION oem GW acpibat1 at acpi0: BAT1 not present acpiac0 at acpi0: AC unit online acpithinkpad0 at acpi0 acpidock0 at acpi0: DOCK not docked (0) bios0: ROM list: 0xc/0x1 0xdc000/0x4000! 0xe/0x1 cpu0 at mainbus0: (uniprocessor) pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 0 function 0 Intel 82845 Host rev 0x04 intelagp0 at pchb0 agp0 at intelagp0: aperture at 0xe000, size 0x400 ppb0 at pci0 dev 1 function 0 Intel 82845 AGP rev 0x04 pci1 at ppb0 bus 1 vga1 at pci1 dev 0
Re: Dell R310 - H200 Raid performance problem
On 11.02.2011 03:49, Nick Holland wrote: tip: use OpenBSD's resident ftp app, save a package: /tmp $ ftp http://ftp.spline.de/pub/OpenBSD/4.8/sys.tar.gz :) i.e., basically the same for all Therefore, I'm ignoring all but the 4.9 GENERIC. I almost never complain about dmesgs being included, but including four different dmesgs that show the same result wasn't overly interesting and 57k emails are a bit big... :) Sorry, just trying to be helpfull :). Sounds like you don't have softdeps running on your system. Use 'em (FAQ 14). A lot slower, but still a lot better than you are getting, so, I suspect you have both issues going on. There are about 10,000 files in that file, so that's a lot of file creations, that's the stuff that Softdeps shines on. Enabling softdeps made some improvement but performance is still unacceptable. # mount /dev/sd0a on / type ffs (local) /dev/sd0m on /home type ffs (local, nodev, nosuid, softdep) /dev/sd0d on /tmp type ffs (local, nodev, nosuid) /dev/sd0f on /usr type ffs (local, nodev) /dev/sd0g on /usr/X11R6 type ffs (local, nodev) /dev/sd0h on /usr/local type ffs (local, nodev) /dev/sd0l on /usr/obj type ffs (local, nodev, nosuid) /dev/sd0k on /usr/src type ffs (local, nodev, nosuid) /dev/sd0e on /var type ffs (local, nodev, nosuid) # pwd /home/test/6 # time tar xzf ./sys.tar.gz 1m2.53s real 0m0.58s user 0m0.62s system I think my problem is somehow related to this: http://old.nabble.com/Dell-R310-with-SAS-drives-very-slow-td28659314.html And this: http://support.dell.com/support/edocs/storage/storlink/h200/en/ug/html/features.htm#wp1062398 Thank you. Lukasz
Süper Kobi - Web Sitesi İhtiyaçlarınıza Ekonomik ve Fonksiyonel Çözümler
SCPER KOBD0 Yeni ticaret kanununa gC6re web sitesi tCm firmalar iC'in artD1k zorunlu! Biz sizin iC'in hazD1rD1z, HazD1r Site olarak bizden ucuzu ve daha kalitelisi yok! FirmalarD1n internette tanD1tD1m ihtiyaC'larD1nD1 karED1lamak amacD1yla uygun maliyetlerde komple bir C'C6zCm Cretmek sunmaktadD1r. D0ETE KOBD0 HAZIR WEB SD0TELERD0, kobilerin web sitesi ihtiyacD1nD1 en uygun koEullarla karED1lamak amacD1yla oluEturulmuEtur. FirmalarD1n en kolay tanD1tD1m yapabildiDi ortam kuEkusuz ki internettir. Bu ortamD1n verimli kullanD1lmasD1 kobilere hiC' beklenmeyen ticari fD1rsatlar yaratabilmektedir. Clkemiz genelinde malesef ki henCz biliEim sektC6rC tam olarak yerleEmiE bir sektC6r deDildir. Bu konuda C'ok yetersiz web siteleri bulunmaktadD1r.TCm bunlarD1n C6nCne geC'ebilmek amacD1yla tek bir standart grafik yapD1da olmayan , sitenin tasarD1mD1 da dahil olmak Czere tamamD1nD1n yC6netilebildiDi hazD1r web sitesi paketleri oluEturulmuEtur. D0Ete Kobi HazD1r Web Sitesi Fonksiyonel ve YCksek Verimlidir HazD1r web sitesi paketlerinden yararlanabilmek ve tCm sitenizi yC6netmek iC'in kullanD1cD1larD1n temel internet bilgisine sahip olmalarD1 yeterlidir. HazD1r web sitesi paket iC'eriDinde, firma bilgileri, CrCn bilgileri, referans bilgileri, iletiEim bilgileri, mail listesi oluEturma, toplu mail gC6nderme imkanD1, tasarD1m deDiEtirebilme imkanD1, insan kaynaklarD1 formlarD1, fiyat listesi oluEturma imkanD1, galeri sayfalarD1 ve ihtiyaC' halinde kullanD1m iC'in joker sayfalar mevcuttur. D0Ete Kobi HazD1r Web Sitesi Paketleri Ekonomiktir D0lk kurulum ve yD1llD1k yenileme maliyetleri aC'D1sD1ndanda iddialD1 olan D0ETE KOBD0 HAZIR WEB SD0TELERD0 tCm kobilerin internetten en optimum faydayD1 saDlamasD1 iC'in aralD1ksD1z olarak hizmetlerini geliEtirme arzusundadD1r. Gerek gC6rsel gerekse yC6netim panelini buraya tD1klayarak ana sayfamD1zda bulunan demo bC6lCmCnden inceleyebilirsiniz. DetaylD1 bilgi iC'in lCtfen bizlerle iletiEime geC'in; CanlD1 MSN HattD1 : superkob...@gmail.com i...@istekobi.com 0216 336 66 44 Recaizade Sok. Czdil apt. No:7/9 KadD1kC6y http://www.superkobi.com B) Copyright (2011) www.superkobi.com. All Rights Reserved.
[OT] squid and https.
Hi list. I have a squid proxy with url filtering and file av scan composed by OpenBSD 4.8 + squid-2.7-STABLE7 + squidGuard + havp, all works fine but i'm not able to get https traffic scanned. To avoid this, we can use squid-3.1.11 with ssl-bump feature. At this point I've tried to set this configuration on a linux host, to avoid to break my firewall, on Slackware 13.1 + squid-3.1.11 + sslbump + c-icap + squidclamav-6.0 + squidGuard + clamav. from http://wiki.squid-cache.org/Features/SslBump: Squid-in-the-middle decryption and encryption of straight CONNECT and transparently redirected SSL traffic, using configurable client- and server-side certificates. While decrypted, the traffic can be inspected using ICAP. At this point there's no needed examplation about sslbump. All HTTP and HTTPS traffic will be scanned greatly. I've tried also to set an env with: Slackware 13.1 + squid-3.1.11 + sslbump + havp + clamav + squidguard. The point is that, to get in work squid with havp, I must insert a parent (cache_peer) to havp and then when squid get the request from a client, it sends the request to havp, and havp tells (rightly) that the request is an invalid request returning the havp page. There is a method to avoid this? Or the problem is related only to havp that could not see https traffic? Another question is about security. With this method, the SSL communication beetween two endpoint is broken with the squid in the middle, what are the security implication using this method? There are many pro in front of cons to use this solution? The last question: why openbsd does not get squid-3.x instead 2.7-x? Thanks in advance
TRS is now Ignite Technical Resources
Dear Jay, We are excited to announce TRS Contract Consulting Group has now become Ignite Technical Resources. The new name better reflects the services the company provides and demonstrates the continuing evolution from a small firm to one of Canada's leading IT Resource Providers. Ignite's average annual growth rate of over 84% over the last 5 years ranks it as one of fastest growing companies in Canada. The good news is other than the name, nothing else has changed. The company as the same ownership, management, address and telephone number. As a result, you resume and personal information is still considered confidential and Ignite will continue to conduct all its operations under the Canada's Privacy Act. Should you have any questions or concerns please email @ regis...@ignitetechnical.com mailto:regis...@ignitetechnical.com or call our at the office, 604-687-6795. Looking forward to a prosperous future for all. Check out our new website www.ignitetechnical.com http://www.ignitetechnical.com Or follow us on twitter @ignitetechnical regis...@ignitetechnical.com mailto:regis...@ignitetechnical.com www.ignitetechnical.com http://www.ignitetechnical.com File #File_ID - Used to group and organize related email You are receiving this email because you are a member of our private contact database. If you do not wish to receive similar email messages in the future and to see our contact information please click here http://www.maxhire.net/services/optout.aspx?id=596F7D190F2E241051752B3F 5D1A620D417C270B5C2C49472655 . We respect your privacy. This email fully complies with the CAN-SPAM Act.
Re: Constant rate mbuf leak
Just to say that I've been having the same problem with a Soekris board since about 4.4. I haven't figured out what's going on, but strangely the problem is getting better with time (i.e. the rate at which mbufs are allocated decreases). I *think* that it was fine in 4.3 (though I never run the machine for any length of time with that kernel), so you could try that if you want to investigate. I haven't been able to establish a correlation between allocated mbufs and (network) load either. The solution for me so far has been to keep a watchful eye and reboot the machine once too much memory is used, combined with a watchdog and monit to reboot the machine automatically if it becomes unresponsive. Lars
Re: Dell R310 - H200 Raid performance problem
On Thu, Feb 10, 2011 at 09:49:43PM -0500, Nick Holland wrote: Also, check to see if your RAID card has a battery for its cache, if it doesn't, a lot of RAID controllers drop to non-cached writes, and often seem to slow down way beyond what you'd expect just to make you buy the dang battery :). I believe most of the current crop of Dell RAID controllers have an option buried in the RAID setup screens to cache writes even without a battery. Don't blame me (or Dell, or anyone else) if you trip over the power cord and blow away your array. I second this too. Check if you have that write cache enabled. cheers, --rodolfo
Re: [OT] squid and https.
Il 11/02/2011 19:17, R0me0 *** ha scritto: Hello Alessandro ! Try read this If possible, coment after try :D Regards, spawn 2011/2/11 Alessandro Baggi alessandro.ba...@gmail.com mailto:alessandro.ba...@gmail.com Hi list. I have a squid proxy with url filtering and file av scan composed by OpenBSD 4.8 + squid-2.7-STABLE7 + squidGuard + havp, all works fine but i'm not able to get https traffic scanned. To avoid this, we can use squid-3.1.11 with ssl-bump feature. At this point I've tried to set this configuration on a linux host, to avoid to break my firewall, on Slackware 13.1 + squid-3.1.11 + sslbump + c-icap + squidclamav-6.0 + squidGuard + clamav. from http://wiki.squid-cache.org/Features/SslBump: Squid-in-the-middle decryption and encryption of straight CONNECT and transparently redirected SSL traffic, using configurable client- and server-side certificates. While decrypted, the traffic can be inspected using ICAP. At this point there's no needed examplation about sslbump. All HTTP and HTTPS traffic will be scanned greatly. I've tried also to set an env with: Slackware 13.1 + squid-3.1.11 + sslbump + havp + clamav + squidguard. The point is that, to get in work squid with havp, I must insert a parent (cache_peer) to havp and then when squid get the request from a client, it sends the request to havp, and havp tells (rightly) that the request is an invalid request returning the havp page. There is a method to avoid this? Or the problem is related only to havp that could not see https traffic? Another question is about security. With this method, the SSL communication beetween two endpoint is broken with the squid in the middle, what are the security implication using this method? There are many pro in front of cons to use this solution? The last question: why openbsd does not get squid-3.x instead 2.7-x? Thanks in advance Azz, is very very secure this solution :D. Letting the jokes, i've ridden something about this, and I would the assurance of this. For my second question: cause squid-3 permit mitm. Thanks for the reply. Best regards
Prezado Cliente Banco do Brasil S.A
BANCO DO BRASIL Prezado(a) Cliente. O Banco do Brasil traz para sua maior Seguranga o Sistema adesco de Seguranga da Central do Auto-Atendimento BB: O BB esta fornecendo adesco a senha da Central do Auto-Atendimento de (4 Dmgitos). A partir de hoje 11/02/2011 todas as transagues sera obrigatsrio usar a senha da Central do Auto-Atendimento para a confirmagco das suas transagues Internet Banking. Todas as transagues pela Internet Banking passara para o Sistema de Analise, onde ocorre o liberamento das suas transagues. Renove ou crie sua senha da Central do Auto-Atendimento no link abaixo: Adesco de Seguranga da Central do Auto-Atendimento BB Pronto! Seu computador possui o que ha de mais avangado para seguranga de transagues bancarias. ATENGCO: caso vocj nco Cadastra-se ou renove sua senha, por medidas de seguranga sua conta sera suspensa para o acesso ao Auto-Atendimento BB pela Internet e o desbloqueio podera ser realizado somente nas agjncias do Banco do Brasil.
Re: Constant rate mbuf leak
Lars == Lars Kotthoff li...@larsko.org writes: Lars Just to say that I've been having the same problem with a Lars Soekris board since about 4.4. I haven't figured out what's Lars going on, but strangely the problem is getting better with Lars time (i.e. the rate at which mbufs are allocated decreases). Lars I *think* that it was fine in 4.3 (though I never run the Lars machine for any length of time with that kernel), so you could Lars try that if you want to investigate. Lars I haven't been able to establish a correlation between Lars allocated mbufs and (network) load either. Lars The solution for me so far has been to keep a watchful eye Lars and reboot the machine once too much memory is used, combined Lars with a watchdog and monit to reboot the machine automatically Lars if it becomes unresponsive. I've had a similar issue in the past (see PR kernel/6380). First a small amount of background, I'm using an Alix 3d3 to act as a bridging firewall. ISP -- vr2 -- Bridge0 + PF -- vr1 -- MyHost With this setup, if PF was enabled, or disabled, I would leak 2k sized mbufs at a roughly linear rate, causing the system to become non-responsive after it could not allocate more mbufs. Raising the limit on mbufs would prolong the hang, and raised high enough the machine would hang when it ran off the end of memory. I eventually found a way to mitigate this by filtering the MAC's seen through the bridge. This isn't a fix to the real problem, just a bandaid that seems to fit. Basically I only allow packets written with the MAC for MyHost on the bridge with the following in /etc/hostname.bridge0: add vr2 add vr1 rule pass in on vr1 src 88:88:88:88:88:88 tag extbr rule pass out on vr1 dst 88:88:88:88:88:88 tag extbr rule block on vr1 up This keeps my inside machine from having to see the ISP's usual background packets (arp spam, etc). With these filters in place the firewall has been stable and non-leaking for 100 days. I don't understand the link between this filtering and the memory leaks that are seen without it (I started to go through the code, but so far RealLife(TM) has kept me from completely getting my head around it). Anyways, I don't know if this will be at all applicable for what you are seeing, but hopefully it's a nudge in the right direction. -- Chris
Thinkpad x201 OBSD compatibility
I'm planning to buy a Thinkpad x201 laptop (not the tablet one) and wondering if anyone using it with OpenBSD at the moment. If so, is it 100% OpenBSD compatible? Thanks.
Re: Constant rate mbuf leak
Prime suspect here would be the network driver. dlg@ had a nice mbuf leak detect-o-matic diff a while back. I'll have to see if I can find it. In the meantime knowing which board it is (or, even better, what network drivers are in use) would help immensely. On Fri, Feb 11, 2011 at 06:20:50PM +, Lars Kotthoff wrote: Just to say that I've been having the same problem with a Soekris board since about 4.4. I haven't figured out what's going on, but strangely the problem is getting better with time (i.e. the rate at which mbufs are allocated decreases). I *think* that it was fine in 4.3 (though I never run the machine for any length of time with that kernel), so you could try that if you want to investigate. I haven't been able to establish a correlation between allocated mbufs and (network) load either. The solution for me so far has been to keep a watchful eye and reboot the machine once too much memory is used, combined with a watchdog and monit to reboot the machine automatically if it becomes unresponsive. Lars
Re: Constant rate mbuf leak
In the meantime knowing which board it is (or, even better, what network drivers are in use) would help immensely. 3 like this rl0 at pci0 dev 18 function 0 Realtek 8139 rev 0x10 and one ral0 at pci0 dev 21 function 0 Ralink RT2860 rev 0x00 ral0: MAC/BBP RT2860 (rev 0x0101), RF RT2820 (MIMO 2T3R) Alan's network drivers seem to be completely different though. Lars
Re: Constant rate mbuf leak
Are you all running bridged setups ?
Re: Constant rate mbuf leak
Are you all running bridged setups ? I am, but the problem also occurred without the bridge. I originally suspected the wireless interface (which is bridged with one of the wired ones) and removed the card and hence the bridge. Same problem. Lars
Re: Thinkpad x201 OBSD compatibility
On Fri, Feb 11, 2011 at 12:26 PM, Chris atst...@gmail.com wrote: I'm planning to buy a Thinkpad x201 laptop (not the tablet one) and wondering if anyone using it with OpenBSD at the moment. If so, is it 100% OpenBSD compatible? I have an X201s and it works okay. The biggest thing that doesn't *seem* to work correctly is CPU throttling: even when the machine's 100% idle, the CPU fan is still spinning at full speed and power consumption isn't any lower at 100% utilization. There seems to be some issue with aps(4) too, but that hasn't practically caused me any issues.
Re: Thinkpad x201 OBSD compatibility
On 11 February 2011 P3. 23:26:33 Chris wrote: I'm planning to buy a Thinkpad x201 laptop (not the tablet one) and wondering if anyone using it with OpenBSD at the moment. If so, is it 100% OpenBSD compatible? Using X201i now. Almost all is working OK. Here are all problems I saw: - Bluetooth causes panics sometimes, especially after suspend/resume cycle. Do not try to disable radio while in OpenBSD. Also note that Bluetooth chip here does not allow to save even one key in his memory, but this looks like hardware limitation. - After switching away from X console is blank, but suspend/resume usually helps. - Note that Lenovo changed the fingerprint sensor, which is not supported by login_fingerprint. - NTFS causes problems exhausting kernel memory when, for example, running find(1) on Windows folder. All those are minorities, the machine itself works cool. I had no problems using OpenBSD, including lockups, except noted above. -- Best wishes, Vadim Zhukov A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing in e-mail?
Re: brcm80211
2011/2/11 Tissio Fechine precheca...@yahoo.com.br: It's not only in Arch, Debian/Ubuntu/OpenSUSE say the same thing. Anyway.. It's the header in all src files at /drivers/staging/brcm80211/: -- /* * Copyright (c) 2010 Broadcom Corporation * * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED AS IS AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -- Wow, you didn't even bother looking at the license did you? Okay, I'll list just a small sections from the license (again at http://www.broadcom.com/docs/linux_sta/hybrid-portsrc_x86_32-v5_100_82_38.tar .gz ) to show my point. ... 2.2.Restriction on Modification. If and to the extent that the Software is designed to be compliant with any published communications standard (including, without limitation, DOCSIS, HomePNA, IEEE, and ITU standards), Licensee may not make any modifications to the Software that would cause the Software or the accompanying Broadcom Products to be incompatible with such standard. ... Point here is the license is not GPL nor GPL compatible and if the driver they are using really is the official Broadcom Corporation driver, they are ALL lying. Otherwise, they've got some other driver they are using, and I'm curious why they are crediting Broadcom for making it. I would guess that someone fibbed about it to the Debian repos and the rest of them have ported it onward to their own distros. -Sky
Re: Thinkpad x201 OBSD compatibility
On Sat, Feb 12, 2011 at 07:26:33AM +1100, Chris wrote: I'm planning to buy a Thinkpad x201 laptop (not the tablet one) and wondering if anyone using it with OpenBSD at the moment. If so, is it 100% OpenBSD compatible? Thanks. I use a ThinkPad x201. Works well, there is truth a couple of problems: - don't work USB after suspend/resume - if X run - don't work switch to text consoles (blank screen) -- Alexandr Shadchin
Re: Constant rate mbuf leak
On Fri, Feb 11, 2011 at 3:44 PM, Lars Kotthoff li...@larsko.org wrote: In the meantime knowing which board it is (or, even better, what network drivers are in use) would help immensely. 3 like this rl0 at pci0 dev 18 function 0 Realtek 8139 rev 0x10 and one ral0 at pci0 dev 21 function 0 Ralink RT2860 rev 0x00 ral0: MAC/BBP RT2860 (rev 0x0101), RF RT2820 (MIMO 2T3R) Alan's network drivers seem to be completely different though. Lars I have had a lot of problem with rl*, I didn't wanted to debug, so just bought some re* (if you want something cheap). I remember a comment by Jacob Meuser about how rl driver (and cards) sucks and re* are more or less ok.
Les premiers noms
Le Chien ` Plumes annonce les premiers noms !! les 5.6.7 aout ` LANGRES - 52 - Lac de Villegusien : KATERINE (Fr)http://katerine.free.fr/ GOGOL BORDELLO (US) http://www.gogolbordello.com/us/home APOCALYPTICA (Finlande)http://www.myspace.com/apocalyptica KATZENJAMMER (Norvhge) http://katzenjammer.no/site/ STAFF BENDA BILILI (Congo)http://www.myspace.com/staffbendabilili CALI (Fr) http://www.calimusic.fr/ BOMBA ESTEREO (Colombie) http://www.myspace.com/bombaestereo Rens : www.chienaplumes.fr http://www.facebook.com/LE.CHIEN.A.PLUMES ... la suite bienttt ! Faites tourner !! [demime 1.01d removed an attachment of type image/jpeg which had a name of bandeau750x250_50dpi.jpg]
Re: brcm80211
Wow, you didn't even bother looking at the license did you? Yes.. Because I'm talking about brcm80211, and you are referring to other driver's license. You didn't even bother looking at the e-mail subject did you? :D
Re: brcm80211
2011/2/11 Tissio Fechine precheca...@yahoo.com.br: Wow, you didn't even bother looking at the license did you? Yes.. Because I'm talking about brcm80211, and you are referring to other driver's license. You didn't even bother looking at the e-mail subject did you? :D I did read the subject, but I wasn't aware that Broadcom had released more than one version of their driver for that chipset. The driver I referred to is for that same chipset you spoke of as well. None-the-less, I am not too proud to admit I am wrong on list. My apologies Tissio. You are right, and for both our sakes, I hope that the driver ends up being ported. -Sky
Re: Thinkpad x201 OBSD compatibility
On Fri, Feb 11, 2011 at 5:05 PM, Vadim Zhukov persg...@gmail.com wrote: - NTFS causes problems exhausting kernel memory when, for example, running find(1) on Windows folder. can you run find in a smaller folder a few times, and send the output of vmstat -m | grep -i ntfs?
Re: Thinkpad x201 OBSD compatibility
On 12 February 2011 c. 05:13:33 Ted Unangst wrote: On Fri, Feb 11, 2011 at 5:05 PM, Vadim Zhukov persg...@gmail.com wrote: - NTFS causes problems exhausting kernel memory when, for example, running find(1) on Windows folder. can you run find in a smaller folder a few times, and send the output of vmstat -m | grep -i ntfs? After running find on /win/Users/pers/Documents: packet tags, temp, NTFS data, NTFS vrun, AGP Memory, DRM USB, memdesc, temp, NTFS vrun, DRM USB device, NDP, temp, NTFS data, NTFS vrun, AGP Memory, DRM NTFS node, NTFS fnode, NTFS data, NTFS vrun, DRM UVM aobj, USB, USB device, temp, NTFS data, bluetooth, DRM NTFS mount, NTFS attr, NTFS data, DRM UVM amap, UVM aobj, USB, crypto data, temp, NTFS data, DRM VM swap, UVM amap, temp, NTFS mount, DRM USB, memdesc, temp, NTFS dir, DRM UVM amap, temp, NTFS hash, DRM 131072 devbuf, VM swap, NTFS data NTFS mount 2 3K 3K 39322K20 0 512,2048 NTFS node 11014K 26K 39322K 4880 0 128 NTFS fnode 11014K 26K 39322K 4880 0 128 NTFS dir 105 420K420K 39322K 1220 0 4096 NTFS hash 116K 16K 39322K10 0 16384 NTFS attr 495 248K296K 39322K 12100 0 512 NTFS data 453 193K194K 39322K 10290 0 16,64,128,256,512,1024,131072 NTFS vrun86 2K 4K 39322K 3640 0 16,32,64,128 After this find ran on /win/Users/pers: packet tags, temp, NTFS data, NTFS vrun, AGP Memory, DRM USB, memdesc, temp, NTFS vrun, DRM USB device, NDP, temp, NTFS data, NTFS vrun, AGP Memory, DRM NTFS node, NTFS fnode, NTFS data, NTFS vrun, DRM UVM aobj, USB, USB device, temp, NTFS data, bluetooth, DRM NTFS mount, NTFS attr, NTFS data, DRM UVM amap, UVM aobj, USB, crypto data, temp, NTFS data, DRM VM swap, UVM amap, temp, NTFS mount, DRM USB, memdesc, temp, NTFS dir, DRM UVM amap, temp, NTFS hash, DRM 131072 devbuf, VM swap, NTFS data NTFS mount 2 3K 3K 39322K20 0 512,2048 NTFS node 1343 168K168K 39322K 17210 0 128 NTFS fnode 1343 168K168K 39322K 17210 0 128 NTFS dir 1339 5356K 5356K 39322K 13560 0 4096 NTFS hash 116K 16K 39322K10 0 16384 NTFS attr 5368 2684K 2684K 39322K 60830 0 512 NTFS data 5084 913K913K 39322K 56600 0 16,64,128,256,512,1024,131072 NTFS vrun 57012K 12K 39322K 8480 0 16,32,64,128 And after running on /win/Users: packet tags, temp, NTFS data, NTFS vrun, AGP Memory, DRM USB, memdesc, temp, NTFS vrun, DRM USB device, NDP, temp, NTFS data, NTFS vrun, AGP Memory, DRM NTFS node, NTFS fnode, NTFS data, NTFS vrun, DRM UVM aobj, USB, USB device, temp, NTFS data, bluetooth, DRM NTFS mount, NTFS attr, NTFS data, DRM UVM amap, UVM aobj, USB, crypto data, temp, NTFS data, DRM VM swap, UVM amap, temp, NTFS mount, DRM USB, memdesc, temp, NTFS dir, DRM UVM amap, temp, NTFS hash, DRM 131072 devbuf, VM swap, NTFS data NTFS mount 2 3K 3K 39322K20 0 512,2048 NTFS node 1552 194K194K 39322K 19300 0 128 NTFS fnode 1552 194K194K 39322K 19300 0 128 NTFS dir 1549 6196K 6196K 39322K 15660 0 4096 NTFS hash 116K 16K 39322K10 0 16384 NTFS attr 6272 3136K 3136K 39322K 69870 0 512 NTFS data 5952 1039K 1039K 39322K 65280 0 16,64,128,256,512,1024,131072 NTFS vrun 64213K 13K 39322K 9200 0 16,32,64,128 If I rerun find on previously searched folder it ends it work almost immediately - caching? - and there is no difference in vmstat output. -- Best wishes, Vadim Zhukov A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing in e-mail?