pf issue - not blocking
I have this rule: block in log quick on $lan from { 192.168.1.88, 192.168.1.95, 192.168.1.99 } to any label USER_RULE: blabla pass in quick on $lan from 192.168.1.0/24 to any keep state label USER_RULE: Default LAN - any 192.168.1.95 is being blocked, but others can use internet. For this rule looks correct. Any suggestions?
Re: pf issue - not blocking
On 9/5/05, Dulmandakh Sukhbaatar [EMAIL PROTECTED] wrote: I have this rule: block in log quick on $lan from { 192.168.1.88, 192.168.1.95, 192.168.1.99 } to any label USER_RULE: blabla pass in quick on $lan from 192.168.1.0/24 to any keep state label USER_RULE: Default LAN - any 192.168.1.95 is being blocked, but others can use internet. For this rule looks correct. Any suggestions? are there other *quick* rules that match 192.168.1.88 192.168.1.99 before the block in log quick on $lan from { 192.168.1.88, 192.168.1.95, 192.168.1.99 } to any label USER_RULE: blabla rule??? It is a bit difficult to help without those details. Please post your /etc/pf.conf and output of ifconfig -a etc. --Siju
Jose Nazario's dmesg explained for OpenBSD
Hi, In there an online openbsd version of http://linuxgazette.net/issue59/nazario.html by Jose?? I understad that it is there in his book but am unable to place it on the web :-( Please let me know if it exists on the web!!! Thankyou so much Kind Regards Siju
Re: watch irq usage: soekris net4801 + vpn1401: unterstand vmstat output
On Sun, Sep 04, 2005 at 09:31:36PM +0200, Vincent Immler wrote: What does this output mean? Is someone able to explain this output to me? /* not copying files*/ soekris# vmstat -i | grep hifn irq11/hifn0397322 488 /* start to copying files via SFTP*/ soekris# vmstat -i | grep hifn irq11/hifn0421628 507 Anyone has got a better way to ensure that this vpn card is working? Why is there no improvement? looks like there is improvement. 507488. but i know what you mean. why is this not a big number who makes you feel good? first, make sure kern.usercrypto=1 second, vmstat(8) says that '-i' tells you interrupts since system startup. since there is no other info given, i believe rate is also going to be a rolling rate since system startup. line 773 of /usr/src/usr.bin/vmstat/vmstat.c: --- if (cnt || zflag) (void)printf(%-16.16s %20llu %8llu\n, intrname, cnt, cnt / uptime); inttotal += cnt; --- so if i'm at the right spot, it is a rolling average. watch 'systat vmstat' and you'll see interrupts per display-interval ( or second, don't remember which ). this is not as easily greppable tho. i don't know of a better way, but am interested in being told :P jared ps, fwiw, here are some SCPs from a 4801+1401 to a 2x.k7-MP+1401, of a 32MB file from dd if=/dev/arandom. both machines are 3.8 current from aug.29 snapshot, and neither was doing much of anything during the test: for i in aes{128,192,256}-{cbc,ctr} arcfour{,128,256} 3des-cbc; { echo $i scp -c $i arandom.32M arandom.32M arandom.32M telperion:/MNT/warthog; }; [user.crypto=0] aes128-cbc arandom.32M 100% 32MB 762.1KB/s 00:43 arandom.32M 100% 32MB 712.4KB/s 00:46 arandom.32M 100% 32MB 728.2KB/s 00:45 aes192-cbc arandom.32M 100% 32MB 728.2KB/s 00:45 arandom.32M 100% 32MB 682.7KB/s 00:48 arandom.32M 100% 32MB 728.2KB/s 00:45 aes256-cbc arandom.32M 100% 32MB 668.7KB/s 00:49 arandom.32M 100% 32MB 712.4KB/s 00:46 arandom.32M 100% 32MB 668.7KB/s 00:49 3des-cbc arandom.32M 100% 32MB 420.1KB/s 01:18 arandom.32M 100% 32MB 414.8KB/s 01:19 arandom.32M 100% 32MB 431.2KB/s 01:16 [user.crypto=1] aes128-cbc arandom.32M 100% 32MB 963.8KB/s 00:34 arandom.32M 100% 32MB 963.8KB/s 00:34 arandom.32M 100% 32MB 885.6KB/s 00:37 aes192-cbc arandom.32M 100% 32MB 936.2KB/s 00:35 arandom.32M 100% 32MB 885.6KB/s 00:37 arandom.32M 100% 32MB 963.8KB/s 00:34 aes256-cbc arandom.32M 100% 32MB 936.2KB/s 00:35 arandom.32M 100% 32MB 885.6KB/s 00:37 arandom.32M 100% 32MB 963.8KB/s 00:34 3des-cbc arandom.32M 100% 32MB 712.4KB/s 00:46 arandom.32M 100% 32MB 697.2KB/s 00:47 arandom.32M 100% 32MB 697.2KB/s 00:47 - [ openbsd 3.7 GENERIC ( aug 29 ) // i386 ]
Re: mount_null gone?
Quoting Gijs Nijholt [EMAIL PROTECTED]: What's particularly strange, it's that the command (/sbin/mount_null) exists, but on executing the following command: [EMAIL PROTECTED] sudo mount_null /extended/ /home/gijs/fileserver/ ...I get the following error: mount_null: /home/gijs/fileserver/: Filesystem not supported by kernel Both filesystems are FFS, and it worked really well in 3.6. Can anyone tell me how to fix this problem? On 9/4/05, Gijs Nijholt [EMAIL PROTECTED] wrote: Hello, After some digging through mailinglist archives, it seems that mount_null is no longer in the GENERIC since OpenBSD 3.7 (and mount_union as well) This is not mentioned in the release notes as far as I can verify. Why is it gone and what is the alternative? (I need a way to mount my /extended partition into /home/users and /var/www/users/user, which are both chrooted in respectively ftp and apache) Or how can I get mount_null back without reinstalling the system? Thanks in advance. Gijs Nijholt This was planned imho, a few months after reporting this: http://www.monkey.org/openbsd/archive/bugs/0404/msg00119.html I got response from Otto that nullfs isn't supported anymore. I think the code is to old and hasn't a maintainer to support it any further (I could be wrong). Take a look at mount_nullfs(8) from freebsd for example: BUGS THIS FILE SYSTEM TYPE IS NOT YET FULLY SUPPORTED (READ: IT DOESN'T WORK) AND USING IT MAY, IN FACT, DESTROY DATA ON YOUR SYSTEM. USE AT YOUR OWN RISK. BEWARE OF DOG. SLIPPERY WHEN WET. This code also needs an owner in order to be less dangerous - serious hackers can apply by sending mail to [EMAIL PROTECTED] and announcing their intent to take it over. Kind Regards, Jimmy Scott This message has been sent through ihosting.be To report spamming or other unaccepted behavior by a iHosting customer, please send a message to [EMAIL PROTECTED]
Re: mount_null gone?
Gijs Nijholt [EMAIL PROTECTED] writes: Hello, After some digging through mailinglist archives, it seems that mount_null is no longer in the GENERIC since OpenBSD 3.7 (and mount_union as well) This is not mentioned in the release notes as far as I can verify. Why is it gone and what is the alternative? Alternative to mount_null? Take a hammer and hit your disk repeatedly with it and you might get the same results. Or maybe pull out memory sticks from your machine while it's running. Removing the cpu fan could work too. Sticking long needles under your knee might emulate the sensation. Etc. nullfs never worked. Anything else you experienced can be explained by luck or high resistance to kernel crashes and corrupted data. It's not coming back until it's safe. In the same way as rlogin is not coming back and we're not making xterm setuid root. Don't like it? Then OpenBSD is obviously not for you. //art
Lifecycle question
Currently, our Institute investigates alternative operating systems compared to Linux. Apart from technical issues we are also concerned about lifecycle management as well. We simply don't want to reinstall/upgrade an entire OS all half year, which is the main reason, why we will no longer use half-commercial system like SuSE (= 2 year lifecycle for 'free' version). The question is how you OpenBSD guys handle the upgrade issue. From the website I learned that -STABLE is maintained for only one year (= two releases). Given that upgrading by skipping one release is not recommended, does that mean one needs to upgrade the entire OS every half year? I couldn't get that from the website. Thanks for helping, -- Stephan A. Rickauer Institut f|r Neuroinformatik Universitdt / ETH Z|rich Winterthurerstriasse 190 CH-8057 Z|rich Tel: +41 44 635 30 50 Sek: +41 44 635 30 52 Fax: +41 44 635 30 53 http://www.ini.ethz.ch
Re: Lifecycle question
Stephan A. Rickauer wrote: The question is how you OpenBSD guys handle the upgrade issue. From the website I learned that -STABLE is maintained for only one year (= two releases). Given that upgrading by skipping one release is not recommended, does that mean one needs to upgrade the entire OS every half year? I couldn't get that from the website. Well, I'm no expert, but you could also upgrade once a year without skipping any release. At the end of the n release support, you could just upgrade to n+1 then n+2 right after... and you're back for a year of support. Of course, you could also maintain you own security patches for older unsupported releases, but this is another story... Antoine
Re: Security Patch - OpenSSH
Miroslav Kubik wrote: I'm just wondering if the patch for OpenSSH bugs ( http://secunia.com/advisories/16686/ ) already exists for OpenBSD or if it necessary to compile new version of OpenSSH. On OpenBSD errata page is nothing. This is fixed in OpenSSH-4.2 which is in CVS now. I can't confirm that OpenSSH ist in the CVS. Not realy.. It's aviable for about 15 hours now but OpenBSD 3.6 and 3.8 got it already days ago. I personal decided to install it on a couple of machines from Source because it wasn't aviable via CVS. Other guys may install it now from the CVS of course. Btw: What is the reason that OpenBSD 3.7 had to wait for OpenSSH 4.2 that long? OpenBSD 3.6 and 3.8 got it much earlier. :-/ Kind regards, Sebastian -- Don't buy anything from YeongYang. Their Computercases are expensiv, they WTX-powersuplies start burning and their support refuse any RMA even there's still some warenty.
Re: mount_null gone?
On 05 Sep 2005 10:51:37 +0200, Artur Grabowski [EMAIL PROTECTED] wrote: nullfs never worked. Anything else you experienced can be explained by luck or high resistance to kernel crashes and corrupted data. It's not coming back until it's safe. In the same way as rlogin is not coming back and we're not making xterm setuid root. Don't like it? Then OpenBSD is obviously not for you. //art it's not that I don't like it, I just could not find an explanation for the errors I got... so I'll probably try a local NFS mount instead for the fileserver directories, and set the ftp/www homedirs to be the usersdirs directly... thanks for the information - gijs
Re: [OT]: good home switch?
HP's ProCurve series are a bit on the steep side, though they come with lifetime warranty, got two 2524 (managed) 10/100 and I haven't seen any issues with them so far, next to them I got two D-Link (unmanaged) 10/100/1000 16 port switches, on one of them the fan sounded like a lawnmower and failed after about a month, on the other one I noticed 2 dead ports, haven't tested all of the d-link ports yet but I suspect to find more when I do. The rack also sports a Linksys 32 port 10/100 switch with no issues to date, haven't tested all ports there either. The equipment is about 18 months (HP) and 13 months (the rest) old. - J On 9/4/05, Przemyslaw Nowaczyk [EMAIL PROTECTED] wrote: Hi misc, I'm trying to find buy a stable reliable 5 to 8 port 100Mbit switch for my home network. My first impression was to buy the 3COM OfficeConnect Dual Speed Switch 10/100 5 Plus (3C16790) or the D-Link DES-1005D Switch 10/100 Mbit/s 5-port but I thought that it might be a good idea to ask here for some advice, not only about those two mentioned above but in general. Thanks in advance, -- Przemyslaw Nowaczyk [EMAIL PROTECTED] CS student @ Poznan University of Technology -- // Johan
Re: [OT]: good home switch?
--On 05 September 2005 12:17 +0200, Johan P. LindstrC6m wrote: HP's ProCurve series are a bit on the steep side, though they come with lifetime warranty, got two 2524 (managed) 10/100 and I haven't seen any issues with them so far I looked at some HP 2626 which seem like quite nice switches (management interface seems fairly intelligently designed and uses OpenSSH), but the 1U fans would be very noisy for a home (or small office). It seems fairly rare to find sound levels on spec sheets for much 19 kit, probably on the basis it's likely to be used in a machine room. If anyone is thinking of using it where noise might be a problem, try and check before committing to buying...
Re: complex.h under OpenBSD
Hello again, After several days of investigation, I was able to patch and make NEC (numerical Electromacnetigs Code) in plain C languaje under OpenBSD. The trick was making function definitions for those functions that are built-in in gcc compiler: #define complex _Complex double creal(complex double z); double cimag(complex double z); long double creall(complex long double z); long double cimagl(complex long double z); complex double conj(complex double z); and definitions for the complex functions made by myself: long double carg(complex long double z); long double complexabs(complex long double z); complex long double csqrt(complex long double z); complex long double clog(complex long double z); complex long double cexp(complex long double z); I added a complex.c file with the home made functions: #include nec2c.h long double carg(complex long double z) { return( atan2( cimagl(z) , creall(z) ) ); } long double complexabs(complex long double z) { return( sqrt( pow(creall(z),2) + pow(cimagl(z),2) ) ); } complex long double csqrt(complex long double z) { return( pow(complexabs(z),2) * ( cos(carg(z)/2) + sin(carg(z)/2) * CPLX_01)); } complex long double clog(complex long double z) { return( log(complexabs(z))+CPLX_01*carg(z)); } complex long double cexp(complex long double z) { return(exp(creall(z)) * (cos(cimagl(z)) + CPLX_01*sin(cimagl(z)))); } Every cabs() on the program was renamed to complexabs() just to not conflict cabs() under OpenBSD. I wrote this just in case someone desire to use this classic antenna modelling software under OpenBSD in plain C languaje. The Fortran version that compiles without effort is an interactive one. This one, written in plain C, is not interactive and can accept command line input and output files, and thus is more flexible and convenient. If someone is interested in making a port for OpenBSD, please contact me and I will send the patch. I am not a programmer and know that this is a horrible and dirty patch that make the program work. The original program is nec2c.rxq-0.2.tar.gz at: http://sharon.esrac.ele.tue.nl/users/pe1rxq/ Thanks for your time. Ramiro EA1ABZ.
Re: Lifecycle question
Stephan A. Rickauer wrote: Currently, our Institute investigates alternative operating systems compared to Linux. Apart from technical issues we are also concerned about lifecycle management as well. We simply don't want to reinstall/upgrade an entire OS all half year, which is the main reason, why we will no longer use half-commercial system like SuSE (= 2 year lifecycle for 'free' version). The question is how you OpenBSD guys handle the upgrade issue. From the website I learned that -STABLE is maintained for only one year (= two releases). Given that upgrading by skipping one release is not recommended, does that mean one needs to upgrade the entire OS every half year? I couldn't get that from the website. Thanks for helping, Stephan, I am a 3 year Debian Linux user and recently started using OpenBSD. I like and use both systems. But If you are concerned about easy upgrading, I would recommend Debian GNU/Linux (no flamewars please ;-) ). It is a very stable system that it is upgraded slowly, about 2 years (they whant to speed it in the future to 18 month cicle). You will not need to learn new things. OpenBSD is another different flavour of Unix (true Unix) and presents many differences with Linux. You will have to learn new things. Debian has got more ready to use packages than OpenBSD has. I found more applications for my engineering work and amateur radio hobby. Upgrades are a simple aptitude dist-upgrade command. On OpenBSD, you usually have to reinstall everything when you upgrade (or compile). Debian upgrade is an easier and automated task. This is not a problem if you are going to build a server, a firewall, a database server or something related, that is based on a few packages added to the base system. If you want a desktop with hundreds of packages installed, I find Debian more practical to upgrade. Both systems allow you to tweak the internals as you want. Both come with the base system and the remaining applications. Anyway, I am getting in love with OpenBSD because of its securyty, simplicity, stability, clarity, superb documentation and coherency. If I would have to build a server conected to the dangerous Internet, I will undoubtlely use OpenBSD. Just my 2 cents. Ramiro.
Re: Lifecycle question
Howdy Debian has got more ready to use packages than OpenBSD has. I found more applications for my engineering work and amateur radio hobby. Upgrades are a simple aptitude dist-upgrade command. On OpenBSD, you usually have to reinstall everything when you upgrade (or compile). Espie has done a lot of work in this area in -current recently. It will get easier. (Not that its difficult now) Regards Edd
Re: Lifecycle question
Ramiro Aceves schrieb: I like and use both systems. But If you are concerned about easy upgrading, I would recommend Debian GNU/Linux (no flamewars please ;-) ). It is a very stable system that it is upgraded slowly, about 2 years (they whant to speed it in the future to 18 month cicle). You will not We have FreeBSD, Debian Sarge and SuSE 9.0 9.1 9.3 as productive systems running. Technically, we're kind of aware of the differences. system. If you want a desktop with hundreds of packages installed, I find Debian more practical to upgrade. Both systems allow you to tweak the internals as you want. Both come with the base system and the remaining applications. We use SuSE on ~50 desktops in our Institute and are quite happy (well, we had to tune it a bit to make it use apt-get). Debian is my first choice for non-BSD servers, but I would not use it for dekstop purposes still. Well, don't wan't flame wars here either ;) Anyway, I am getting in love with OpenBSD because of its securyty, simplicity, stability, clarity, superb documentation and coherency. If I would have to build a server conected to the dangerous Internet, I will undoubtlely use OpenBSD. I am already in love with it, since I plan to use it as a HA-firewall using carp and pfsync. Problem here is just that it looks as if I had to reinstall it all year ... Thanks, -- Stephan A. Rickauer Institut f|r Neuroinformatik Universitdt / ETH Z|rich Winterthurerstriasse 190 CH-8057 Z|rich Tel: +41 44 635 30 50 Sek: +41 44 635 30 52 Fax: +41 44 635 30 53 http://www.ini.ethz.ch
Re: Lifecycle question
On Mon, 05 Sep 2005 15:52:50 +0300, Stephan A. Rickauer [EMAIL PROTECTED] wrote: I am already in love with it, since I plan to use it as a HA-firewall using carp and pfsync. Problem here is just that it looks as if I had to reinstall it all year ... Hi Stephan, If it's just a firewall, and you won't need any new features (wich will come with some new release), then why should you upgrade? Just configure it, put the server somewhere in the dark corner and it will handle it's job very nicely :) Giedrius -- Using Opera's revolutionary e-mail client: http://www.opera.com/mail/
Re: Lifecycle question
Stephan A. Rickauer wrote: The question is how you OpenBSD guys handle the upgrade issue. From the website I learned that -STABLE is maintained for only one year (= two releases). Given that upgrading by skipping one release is not recommended, does that mean one needs to upgrade the entire OS every half year? I couldn't get that from the website. From my experience, I can say that upgrading is not actually an issue with OpenBSD. This can be best explained with one of the catch-phrases that describe it, OpenBSD constantly evolves, it does not revolutionize all the time. Version numbers are mostly that, numbers, and an indication that several weeks of disciplined quality assurance went into it after another development cycle. The result is really painless upgrades -- maybe not in a sense of (attempted) automation like on some other OSes, but in terms of breakages. The time saved by the fact that everything typically Just Works makes up for the few additional manual steps during upgrades, and Nick Holland is so kind to supply very thorough upgradeXY.html documents for every release, outlining any possible gotchas. There are also several ways to speed up upgrades when dealing with lots of similar boxes, slightly customized `release(8)'s via siteXY.tgz and so on. All in all, it helps to have some support infrastructure to manage an OpenBSD deployment -- e.g. a build box and maybe one or two representative test boxes (although that's good to have with any other OS as well.) As I am writing this, your second mail just came in. With your HA setup, there won't even be any downtime during upgrades, and they will *really* be painless as you probably don't have to deal with any package upgrades. Reboot new kernel, untar sets, apply a prepared patch for /etc, MAKEDEV and mtree, reboot and you're good to go after some 5 minutes, give or take, per box. Of course, simply swapping out harddrives with an upgraded installation is another possibility. Moritz
Re: Lifecycle question
Giedrius RekaE!ius schrieb: If it's just a firewall, and you won't need any new features (wich will come with some new release), then why should you upgrade? Just configure it, put the because patch-xy has been made for release zz where I have release bb after 'it has been in the dark corner' for some years? Stephan
Re: Lifecycle question
Moritz Grimm schrieb: The result is really painless upgrades -- maybe not in a sense of (attempted) automation like on some other OSes, but in terms of breakages. The time saved by the fact that everything typically Just Works makes up for the few additional manual steps during upgrades, and Nick Holland is so kind to supply very thorough upgradeXY.html documents for every release, outlining any possible gotchas. That is an important information, thanks. I can't recall how often SuSE messed up an upgrade procedure because they compiled kernel modul xy and shipped them with conflicting userland version yz ... nightmares. I guess I'll risk it with OpenBSD ;) -- Stephan A. Rickauer Institut f|r Neuroinformatik Universitdt / ETH Z|rich Winterthurerstriasse 190 CH-8057 Z|rich Tel: +41 44 635 30 50 Sek: +41 44 635 30 52 Fax: +41 44 635 30 53 http://www.ini.ethz.ch
Re: Lifecycle question
Henning Brauer schrieb: you don't have to reinstall at all. hogwash by some people here. I have about a hundred servers in production, some are upgraded ever since 2.7 times or so. upgrade typically takes us 5 minutes and one reboot a box. Well, I am thinking of using OpenBSD for our firewalls. Those I do want to upgrade regularly. Not because of features, but because of patches. Stephan
Re: Lifecycle question
I recently did my first upgrade from 3.6 to 3.7 without the cd's and it was surprisingly simple... I would say the upgrade was less complicated than my last linux upgrade (kernel and userland is in sync here). Love this OS On Mon, 05 Sep 2005 15:21:29 +0200 Moritz Grimm [EMAIL PROTECTED] wrote: From my experience, I can say that upgrading is not actually an issue with OpenBSD. This can be best explained with one of the catch-phrases that describe it, OpenBSD constantly evolves, it does not revolutionize all the time. Version numbers are mostly that, numbers, and an indication that several weeks of disciplined quality assurance went into it after another development cycle. The result is really painless upgrades -- maybe not in a sense of (attempted) automation like on some other OSes, but in terms of breakages. The time saved by the fact that everything typically Just Works makes up for the few additional manual steps during upgrades, and Nick Holland is so kind to supply very thorough upgradeXY.html documents for every release, outlining any possible gotchas. Moritz -- Bill Chmura
Re: Lifecycle question
Moritz Grimm wrote: Stephan A. Rickauer wrote: The question is how you OpenBSD guys handle the upgrade issue. From the website I learned that -STABLE is maintained for only one year (= two releases). Given that upgrading by skipping one release is not recommended, does that mean one needs to upgrade the entire OS every half year? I couldn't get that from the website. Of course, simply swapping out harddrives with an upgraded installation is another possibility. Moritz I second that motion. GENERIC allows for you to build and test on *whatever* hardware and then with minimal changes plug the hdd into the new machine and you're off running. Disk arrays cause a bit of a cluster in this theory, but still a workable solution and a lot better than downtime. -JR
update /etc/changelist as part of package install?
Hi, Just a thought. For packages with sensitive system configs wouldn't it be useful if the install automatically patched /etc/changelist. Also it might help if they modified /etc/mtree/special too, although this is probably more difficult to get right. Or is there a good reason why this isn't done? Mike
Re: Lifecycle question
...on Mon, Sep 05, 2005 at 03:35:19PM +0200, Stephan A. Rickauer wrote: Henning Brauer schrieb: you don't have to reinstall at all. hogwash by some people here. I have about a hundred servers in production, some are upgraded ever since 2.7 times or so. upgrade typically takes us 5 minutes and one reboot a box. Well, I am thinking of using OpenBSD for our firewalls. Those I do want to upgrade regularly. Not because of features, but because of patches. For a simple filtering firewall, you won't need to do much for an upgrade. Perhaps touching a few files in /etc according to the upgrade document, and if you use any ports or local binaries, getting them up to the current version. The basic layout of things hasn't been changed for a long time, it's not as if suddenly config files will have to be in a different directory because someone wants to be compatible with some standards document or so. On the other hand, there's little incentive to upgrade such a setup at all (except for the exercise) - there are rarely catastrophic bugs that will be able to compromise your system, and throwing in a new version of things like openssh or zlib will usually work a couple of versions back from the current release, even if there's no formal patch. (In reality, if there's a case where you really, really need to upgrade such a system after a few years, it will probably hurt - currently have that with a 3.3 box with so many local changes that it barely looks like OpenBSD anymore...). Alex.
Re: [OT]: good home switch?
I use OpenBSD boxes with a few 4xFE on two sites as switches/routers =) I'm am happier with them than the cheapo switches I replaced. -- Tony Sarendal - [EMAIL PROTECTED] IP/Unix -= The scorpion replied, I couldn't help it, it's my nature =-
Re: [OT]: good home switch?
On 9/4/05, Przemyslaw Nowaczyk [EMAIL PROTECTED] wrote: Hi misc, I'm trying to find buy a stable reliable 5 to 8 port 100Mbit switch for my home network. My first impression was to buy the 3COM OfficeConnect Dual Speed Switch 10/100 5 Plus (3C16790) or the D-Link DES-1005D Switch 10/100 Mbit/s 5-port but I thought that it might be a good idea to ask here for some advice, not only about those two Have bunch of 3com officeconnect 8/16 plus 10/100 switches that have been running for upto 4 years now without problems. Only thing is after a power failure they get confused and need an extra hard reset (power cycle) but that's probably because they're strewn all over the building and the way the power comes back up. They have external power supply and no fan. -- drs. Mark C. Prins Spatial Fusion Specialist / Network Specialist SkypeMe@ callto:mark.prins-caris.nl __ CARIS 2005 - Mapping A Seamless Society 10th International User Group Conference and Educational Sessions 26-29 September 2005 - World Trade Center, Halifax, Nova Scotia, Canada Visit http://www.caris.com/caris2005 or send email enquiries to [EMAIL PROTECTED] for more information __ CARIS Geographic Informations Sytems BV phone: +31 413 296 010 fax: +31 413 296 012 web: http://www.caris.nl product support: [EMAIL PROTECTED] sales/marketing: [EMAIL PROTECTED] __ This email contains confidential informations for the intended recipient. If you are not the intended adressee please, notify us immediately. You should not use, disclose, distribute or copy this communication if received in error. No binding contract will result from this message until such a time as a written contract has been signed on behalf of the company named above. __ This message has been scanned for viruses using McAfee Groupshield. This message may have been modified by the scanner. __
Re: certpatch in 3.8 ...
On Sat, 03 Sep 2005 at 10:31 -0600, jared r r spiegel wrote: On Tue, Aug 23, 2005 at 03:58:31PM +0100, Jason McIntyre wrote: yes, it was removed a little while ago. you can get the same functionality from openssl(1) req. see also isakmpd(8). i checked on the isakmpd(8), it gives an example how to make a subjectAltName extension field using IP or FQDN, but how does one make UFQDN now that certpatch is gone? i did a 'find /usr/src -type f | xargs egrep -i (u|user).*fqdn', but didn't find much who could hint me on how to add an [x509v3_UFQDN] section to /etc/ssl/x509v3.cnf correctly. i made a few random guesses and tried these type of things individually: hmm i don't relly know what you are doing wrong here but for me this has worked almost any time. [x509v3_UFQDN] subjectAltName=email:$ENV::CERTUFQDN CERTUFQDN must be provided as environment variable and you might want to use it with somthing like that. openssl genrsa -out $CERTDIR/$SUBJECT/$SUBJECT.key \ $CERTBITS openssl req -batch -config $REQUEST_CONFIG -sha1 -new \ -key $CERTDIR/$SUBJECT/$SUBJECT.key \ -out $CERTDIR/$SUBJECT/$SUBJECT.csr openssl x509 -req -sha1 -days $CERTDAYS \ -in $CERTDIR/$SUBJECT/$SUBJECT.csr \ -CA $CADIR/certs/ca.crt -CAkey $CADIR/private/ca.key\ -extfile $EXTFILE -extensions x509v3_FQDN \ -CAcreateserial -CAserial $CADIR/serial \ -out $CERTDIR/$SUBJECT/$SUBJECT.crt \ -passin env:PASSPHRASE adding the section to you x509v3.cnf you should have something like: # default settings CERTPATHLEN = 1 CERTUSAGE = digitalSignature,keyCertSign CERTIP = 0.0.0.0 CERTFQDN= nohost.nodomain # This section should be referenced when building an x509v3 CA # Certificate. # The default path length and the key usage can be overriden # modified by setting the CERTPATHLEN and CERTUSAGE environment # variables. [x509v3_CA] basicConstraints=critical,CA:true,pathlen:$ENV::CERTPATHLEN keyUsage=$ENV::CERTUSAGE # This section should be referenced to add an IP Address # as an alternate subject name, needed by isakmpd # The address must be provided in the CERTIP environment variable [x509v3_IPAddr] subjectAltName=IP:$ENV::CERTIP # This section should be referenced to add a FQDN hostname # as an alternate subject name, needed by isakmpd # The address must be provided in the CERTFQDN environment variable [x509v3_FQDN] subjectAltName=DNS:$ENV::CERTFQDN # This section should be referenced to add a UFQDN hostname # as an alternate subject name, needed by isakmpd # The address must be provided in the CERTUFQDN environment variable [x509v3_UFQDN] subjectAltName=email:$ENV::CERTUFQDN if you want to have a script doing this work for you i will upload one. Tim -- Darksun rising over blood red sea [demime 1.01d removed an attachment of type application/pgp-signature]
Re: DBMail on openBSD
Jean-Daniel Beaubien wrote: Hi everyone, I'd like to get an idea of the status of DBMail on openBSD. If anyone has had some experience with DBMail on obsd please let me know what you think about it. Is it stable? How is the speed? How's the initial setup? I know I there's a dbmail mailing list...but I wanted a non-partisan opinion. Thanks, Jean-Daniel P.S. Anyone has an approx ETA until we can pre-order 3.8 cds? I've never used DBMail on OpenBSD but I experimented with it a fair deal on FreeBSD 5.x a few months back when I was playing around with different imap implementations. While I liked the idea of using mysql backend for storing mail I found that the read/write performance was very poor when faced with larger imap folders (5000 messages). I eventually abandoned it for cyrus-imapd which handles folders 2 messages without a stutter. If high-performance is a priority for you, I'd recommend you look elsewhere. But, as always, YMMV. G
Re: Lifecycle question
Stephan A. Rickauer wrote: Currently, our Institute investigates alternative operating systems compared to Linux. Apart from technical issues we are also concerned about lifecycle management as well. We simply don't want to reinstall/upgrade an entire OS all half year, which is the main reason, why we will no longer use half-commercial system like SuSE (= 2 year lifecycle for 'free' version). When I was working as an independant consultant, I would occassionally get calls from people who were only interested in one thing: how much I charge per hour. That's it. Wouldn't tell me about the job, or ask me how many hours I felt a job might take. They apparently believed all people could accomplish the same job in the same number of hours, or that they would all do the same job. Be careful when you pick measures for a project. There is often a lot more to it than one simple measure. :) The question is how you OpenBSD guys handle the upgrade issue. From the website I learned that -STABLE is maintained for only one year (= two releases). Given that upgrading by skipping one release is not recommended, does that mean one needs to upgrade the entire OS every half year? I couldn't get that from the website. First of all, you get lots of points for worrying about lifecycle. Too many people measure the success of a project by does it work NOW?, not how long can I keep it working? How do I upgrade it? How do other people maintain it? How do I fix it when it breaks?, etc. There are a lot of measures to how the upgrade process works out. Here are SOME: 1) Frequency (i.e., how often do you need to do upgrades) 2) Difficulty (how much human work is involved) 3) Ugency (when an upgrade is needed, how important is it that it is done *NOW*) 4) Downtime (when you do the upgrade, do you need to do it at 3:00am, or can you do it during production hours?) 5) Flexibility (what cute tricks can you do to make the process simpler, safer, easier, etc.) Yes, OpenBSD had new releases every six months, and only supports a previous release with patches for one past release, so your frequency is going to be higher. So, at the outside, you are looking at an upgrade every year, and I'd recommend staying with the active release, rather than jumping two releases every upgrade cycle. So that looks bad (kinda like my hourly rate. :) HOWEVER...the rest starts looking pretty good. :) How difficult is it to upgrade? Usually, Not Very. Granted, we don't have an automatic tool that does all the work (and thinking) for you, but all things considered, I'd rather that *you* be closely involved in the upgrade of your machines, rather than having some magic happen in the background. It certainly makes it easier to deal with issues if something goes wrong, as you have a much better idea what happened. How urgent are upgrades? Usually, not very urgent at all. That's why you run OpenBSD, right? Look at the errata pages...not a lot of them are security issues for many of the applications that OpenBSD is put to. That isn't to say they aren't important or shouldn't be fixed...but usually it is not a ok, we gotta shut down the main firewall or router NOW to implement a fix, as it is critical and exploits are running around NOW! 4) How much downtime do you experience when you do the upgrade? Well, for certain applications, you could configure your systems for ZERO downtime (CARP'd firewalls -- upgrade one, reboot, upgrade the other, reboot). Other apps, the upgrades will usually involve minimal downtime. Beware of systems that make upgrades too painless -- friend of mine recently had his Debian system rooted, he suspects a hole in the kernel. While he had been using the wonderful Debian update process, he had skipped that little detail about updating the kernel and rebooting, too inconvienent. When you are sitting on the Internet, I think convience has to be secondary to security. 5) Flexibility: wow. I love OpenBSD. :) Granted, learning a lot of this will come from time and usage, and looking at YOUR particular applications. The ability to test your installs on not identical hardware is very nice. The siteXX.tgz stuff is great. The simplicity of the installer is just magical. Anyway...look at the whole picture, not just how often you have to do upgrades. Remember: there are reasons we don't support old releases very long -- in addition to the work required, there is the fundemental moving forward philosophy of OpenBSD. With every release, they try to make the OS more secure and more correct. Not only does pushing stuff back to old releases take time and effort, but some stuff just won't go easily. The malloc(3) upgrades were a huge improvement to security, but pushing them back to 3.6 or before isn't going to happen. We don't want you to think that because you run 3.5-stable, that you are as safe or as reliable as you are if you are running -current. Lifecycle has to be part of
Re: update /etc/changelist as part of package install?
Hi Mickey, [ pkg_add does not change /etc/changelist and /etc/mtree/special ] is there a good reason why this isn't done? IMHO, KISS. Don't have packages mess up the base system. Keep central configuration files as concise and straightforward as possible. Of course, if you have some particular reason to modify the central configuration files on your machine, you are free to do it by hand. Do it sparingly and only when you know what you are doing and when you really need to. Remember that merging may be necessary during upgrades. In case you wonder why packages should leave central configuration alone, try to understand e.g. the run-parts(8) nightmare under Linux - zillions of code snippets all over the place from zillions of sources, and if you try to find out whether something particular is being done or whether it isn't, you will have quite some work to do in order to find out. Unless you know quite well how to use find ... -exec grep ... -print, you will probably never find out at all. By the way, in case you are looking for serious intrusion detection, you should not rely on /etc/security anyway, but install (and maintain!) some real intrusion detection system. Yours, Ingo
massive kde error log after upgrade
I apologise if I'm posting these questions to the wrong list. I'm getting GAZILLIONS of the following error messages since I upgraded to KDE 3.3.2. How come? 1 QGDict::hashKeyString: Invalid null key ASSERT: !m_doc-wrapCursor() in /usr/obj/i386/kdelibs-3.3.2p4/kdelibs-3.3.2/kate/part/katerend erer.cpp (626) 1= I'm also getting error messages about missing kde3 laptop libraries which seem odd since I'm running on a desktop: 2 Could not init font path element /usr/X11R6/lib/X11/fonts/CID/, removing from list! startkde: Starting up... QPixmap: Cannot create a QPixmap when no GUI is being used QPixmap: Cannot create a QPixmap when no GUI is being used QPixmap: Cannot create a QPixmap when no GUI is being used QPixmap: Cannot create a QPixmap when no GUI is being used kbuildsycoca running... kdecore (KProcess): WARNING: chownpty failed for device /dev/ptyp0::/dev/ttyp0 This means the communication can be eavesdropped. SetClientVersion: 0 8 kdeinit:/usr/local/lib/kde3/kcm_laptop.so: undefined symbol '_ZN15laptop_portable18get_battery_s tatusERiR11QStringListS2_S2_' kdeinit: /usr/local/lib/kde3/kcm_laptop.so: can't resolve reference '_ZN15laptop_portable18get_b attery_statusERiR11QStringListS2_S2_' kdeinit:/usr/local/lib/kde3/kcm_laptop.so: undefined symbol '_ZN15laptop_portable7has_lavEv' kdeinit: /usr/local/lib/kde3/kcm_laptop.so: can't resolve reference '_ZN15laptop_portable7has_la vEv' kdeinit:/usr/local/lib/kde3/kcm_laptop.so: undefined symbol '_ZN15laptop_portable20has_software_ suspendEi' kdeinit: /usr/local/lib/kde3/kcm_laptop.so: can't resolve reference '_ZN15laptop_portable20has_s oftware_suspendEi' kdeinit:/usr/local/lib/kde3/kcm_laptop.so: undefined symbol '_ZN15laptop_portable7has_apmEi' kdeinit: /usr/local/lib/kde3/kcm_laptop.so: can't resolve reference '_ZN15laptop_portable7has_ap mEi' kdeinit:/usr/local/lib/kde3/kcm_laptop.so: undefined symbol '_ZN15laptop_portable8has_acpiEi' kdeinit: /usr/local/lib/kde3/kcm_laptop.so: can't resolve reference '_ZN15laptop_portable8has_ac piEi' /dev/apmctl: Permission denied /usr/local/bin/artsd: Permission denied kdecore (KAction): WARNING: KAction::insertKAccel( kaccel = 0x3c1c74c0 ): KAccel object already contains an action name del QPixmap: Cannot create a QPixmap when no GUI is being used QPixmap: Cannot create a QPixmap when no GUI is being used kdecore (KProcess): WARNING: chownpty failed for device /dev/ptyp1::/dev/ttyp1 This means the communication can be eavesdropped. konqueror: ERROR: Error in BrowserExtension::actionSlotMap(), unknown action : searchProvider X Error: BadWindow (invalid Window parameter) 3 Major opcode: 7 Minor opcode: 0 Resource id: 0x145 X Error: BadWindow (invalid Window parameter) 3 Major opcode: 6 Minor opcode: 0 Resource id: 0x145 X Error: BadWindow (invalid Window parameter) 3 Major opcode: 7 Minor opcode: 0 Resource id: 0x1ab X Error: BadWindow (invalid Window parameter) 3 Major opcode: 6 Minor opcode: 0 Resource id: 0x1ab startkde: Shutting down... klauncher: Exiting on signal 1 KWrited - Listening on Device /dev/ttyp0 startkde: Running shutdown scripts... startkde: Done. 2= Thanks, Dave Feustel -- Tired of having to defend against Malware? (You know: trojans, viruses, SPYWARE, ADWARE, KEYLOGGERS, rootkits, worms and popups) Then Switch to OpenBSD with a KDE desktop!!!
CVSync-Problems...
I've some problems with serval CVSYNC-Servers. No matter wich server I tried for now I've similiar errors: Updating (collection openbsd/rcs) No such file or directory Updater(RCS): ADD: /nfs/cvs/ports/devel/libglade2/files/libglade2.spec,v Updater: RCS Error Socket Error: recv: 2 residue 2 Receiver(DATA) Error: recv Mux(SEND) Error: socket DirScan: RCS Error Mux(SEND) Error: not running: 1 FileScan(RCS): ATTIC /nfs/cvs/ports/mail/dovecot/patches/patch-src_lib-index_mail-modifylog_c,v FileScan: RCS Error Failed I tried 4-5 CVSYNC-Servers for now. Is there any problem with CVSYNC currently? It worked very nice..until now. Now it seams something is broken and I can't figure out where the problem is. SCRIPT: config { hostname cvsync.openbsd.se compress collection { name openbsd release rcs prefix /nfs/cvs umask 002 } } I also used the german CVSYNC-Servers and 3-4 others. They all fail (just the files wich are missing or so change). Kind regards, Sebastian -- Don't buy anything from YeongYang. Their Computercases are expensiv, they WTX-powersuplies start burning and their support refuse any RMA even there's still some warenty.
Re: CVSync-Problems...
On Mon, Sep 05, 2005 at 07:03:59PM +0200, [EMAIL PROTECTED] wrote: Is there any problem with CVSYNC currently? 3.8 has been tagged, which puts heavy load on all mirrors (including cvsync mirrors). Ciao, Kili
Re: CVSync-Problems...
On Mon, Sep 05, 2005 at 07:03:59PM +0200, [EMAIL PROTECTED] wrote: Is there any problem with CVSYNC currently? 3.8 has been tagged, which puts heavy load on all mirrors (including cvsync mirrors). Yes I thought about that too but I wonder why it takes about 1-2 days even for the mirrors to mirror the code. :-/ Kind regards, Sebastian -- Don't buy anything from YeongYang. Their Computercases are expensiv, they WTX-powersuplies start burning and their support refuse any RMA even there's still some warenty.
Re: packet blocking question
I've been reading Jacek's book on pf but haven't found a way to block packets on the basis of the country of origin. Is it that possible in pf? Yes, but you'll need to define what IP blocks you want blocked yourself. I have resorted to this myself to stop certain known spam havens from hitting some of my servers. I have a pf table /etc/tables/spammers that does just that. Then just add a table definition line and one simple pf rule as such: -- ... table spammerspersist file /etc/tables/spammers ... block in log quick on $ext from spammers to any ... -- In that table are subnets of all the IP blocks I want to consider as spam havens to block. One starting point for you to consider in your quest for IP lists is /etc/spamd.conf which has URLs of places to get IP lists to block--some of them are national. These lists can make the foundation of what you're after I imagine. Kevin -- http://www.ebiinc.com - Background Screening from EBI Corporate background checks and drug testing, worldwide.
Re: CVSync-Problems...
[EMAIL PROTECTED] wrote: On Mon, Sep 05, 2005 at 07:03:59PM +0200, [EMAIL PROTECTED] wrote: Is there any problem with CVSYNC currently? 3.8 has been tagged, which puts heavy load on all mirrors (including cvsync mirrors). Yes I thought about that too but I wonder why it takes about 1-2 days even for the mirrors to mirror the code. :-/ first of all, it hasn't been two days. Secondly, it is an astronomcal amount of work. Every active file in the tree gets altered. That's big stuff. My cvsync output files so far are over 7M and I'm not sure its done yet. Patience. This is one of those times where slow international links can really hurt. Give it a couple more days, all will be fine. Nick.
Re: update /etc/changelist as part of package install?
MikeyG wrote: Just a thought. For packages with sensitive system configs wouldn't it be useful if the install automatically patched /etc/changelist. Also it might help if they modified /etc/mtree/special too, although this is probably more difficult to get right. Packages shouldn't modify system configs like that, at most the package installer should inform the user to do so, or provide a script the user can run to do so.
happy birthday for Theo :-)
happy birthday for Theo :-) http://www.techexpo.aplus.pl/openbsd2.jpg :-)
Floppy problems... (fdc missing in /dev)
Hello everybody, I've noticed that fdc isn't in /dev/. I noticed it during I tried to boot a floppy. 1. I checked the FD-Device # dmesg | grep fd fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 biomask fff5 netmask fffd ttymask fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 biomask fff5 netmask fffd ttymask 2. I tried to boot the floppy # mount -t msdos /dev/fdc0 floppy/ mount_msdos: /dev/fdc0 on /mnt/floppy: No such file or directory 3. Getting confused and checked /dev # ls /dev/fdc* ls: /dev/fdc*: No such file or directory # man -k fdc fdc (4) - NEC765 compatible floppy disk driver Did I made something wrong (it's a 3.7 oBSD) or why does fdc still not exist? That's a littlebit confusing...I think. Kind regards, Sebastian -- Don't buy anything from YeongYang. Their Computercases are expensiv, they WTX-powersuplies start burning and their support refuse any RMA even there's still some warenty.
Re: Floppy problems... (fdc missing in /dev)
On Monday 05 September 2005 20:31, [EMAIL PROTECTED] wrote: Hello everybody, I've noticed that fdc isn't in /dev/. I noticed it during I tried to boot a floppy. fdc(4) is the floppy controller. If you read the manpage, you'll discover that the floppy *drive* is /dev/fd[0-3][A-H][a-p] Try looking at /dev/fd*, in particular /dev/fd0c for your floppy. -- Simon Farnsworth [demime 1.01d removed an attachment of type application/pgp-signature]
Re: Floppy problems... (fdc missing in /dev)
On 2005-09-05 at 21:31, [EMAIL PROTECTED] wrote: I've noticed that fdc isn't in /dev/. I noticed it during I tried to boot a floppy. You probably want to access a floppy drive, which are called fd*, not fdc*. From fdc(4): The standard names of a floppy drive will take the form /dev/fd{0,1,2,3}{,B,C,D,E,F,G,H}[a-p]. On a working system you'd supposedly get something like: fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec HTH
Re: Floppy problems... (fdc missing in /dev)
Try actually reading that manual on fdc as well. It says: The standard names of a floppy drive will take the form /dev/fd{0,1,2,3}{,B,C,D,E,F,G,H}[a-p]. Cheers, Andreas On 05/09/05, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Hello everybody, I've noticed that fdc isn't in /dev/. I noticed it during I tried to boot a floppy. 1. I checked the FD-Device # dmesg | grep fd fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 biomask fff5 netmask fffd ttymask fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 biomask fff5 netmask fffd ttymask 2. I tried to boot the floppy # mount -t msdos /dev/fdc0 floppy/ mount_msdos: /dev/fdc0 on /mnt/floppy: No such file or directory 3. Getting confused and checked /dev # ls /dev/fdc* ls: /dev/fdc*: No such file or directory # man -k fdc fdc (4) - NEC765 compatible floppy disk driver Did I made something wrong (it's a 3.7 oBSD) or why does fdc still not exist? That's a littlebit confusing...I think. Kind regards, Sebastian -- Don't buy anything from YeongYang. Their Computercases are expensiv, they WTX-powersuplies start burning and their support refuse any RMA even there's still some warenty. -- Andreas Kahari
Re: Floppy problems... (fdc missing in /dev)
On Monday 05 September 2005 20:31, [EMAIL PROTECTED] wrote: Hello everybody, I've noticed that fdc isn't in /dev/. I noticed it during I tried to boot a floppy. fdc(4) is the floppy controller. If you read the manpage, you'll discover that the floppy *drive* is /dev/fd[0-3][A-H][a-p] Try looking at /dev/fd*, in particular /dev/fd0c for your floppy. -- Simon Farnsworth Thanks to all of you guys.. But I wouldn't write a mail if I didn't read the man-page already. I tried the whole combinations (yes, all of them). Well I guess the floppy-controler on an ASUS K7V880 is noticed but not used. DMESG: OpenBSD 3.7-stable (GENERIC) #1: Sun Aug 14 18:56:44 CEST 2005 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: AMD Duron(tm) (AuthenticAMD 686-class) 1.35 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE real mem = 267231232 (260968K) avail mem = 236531712 (230988K) using 3287 buffers containing 13463552 bytes (13148K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(00) BIOS, date 09/24/04, BIOS32 rev. 0 @ 0xf0010 apm0 at bios0: Power Management spec V1.2 apm0: AC on, battery charge unknown pcibios0 at bios0: rev 2.1 @ 0xf/0x1 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf4740/224 (12 entries) pcibios0: no compatible PCI ICU found: ICU vendor 0x1106 product 0x3227 pcibios0: Warning, unable to fix up PCI interrupt routing pcibios0: PCI bus #1 is the last bus bios0: ROM list: 0xc/0x8000 0xc8000/0x4400! cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 vendor VIA, unknown product 0x0269 rev 0x80 pchb1 at pci0 dev 0 function 1 vendor VIA, unknown product 0x1269 rev 0x00 pchb2 at pci0 dev 0 function 2 vendor VIA, unknown product 0x2269 rev 0x00 pchb3 at pci0 dev 0 function 3 vendor VIA, unknown product 0x3269 rev 0x00 pchb4 at pci0 dev 0 function 4 vendor VIA, unknown product 0x4269 rev 0x00 pchb5 at pci0 dev 0 function 7 vendor VIA, unknown product 0x7269 rev 0x00 ppb0 at pci0 dev 1 function 0 VIA VT8377 AGP rev 0x00 pci1 at ppb0 bus 1 vga1 at pci0 dev 12 function 0 Matrox MGA Millenium 2064W (Storm) rev 0x01 wsdisplay0 at vga1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) ath0 at pci0 dev 13 function 0 Atheros AR5212 rev 0x01: irq 5 ath0: mac 80.9 phy 4.3 radio 4.6, 802.11a/b/g, ETSI1W, address CENSORED gpio at ath0 not configured xl0 at pci0 dev 14 function 0 3Com 3c905B 100Base-TX rev 0x24: irq 3, address CENSORED exphy0 at xl0 phy 24: 3Com internal media interface pciide0 at pci0 dev 15 function 0 VIA VT8237 SATA rev 0x80: DMA pciide0: using irq 10 for native-PCI interrupt wd0 at pciide0 channel 0 drive 0: HDS722516VLSA80 wd0: 16-sector PIO, LBA48, 157066MB, 321672960 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5 pciide1 at pci0 dev 15 function 1 VIA VT82C571 IDE rev 0x06: ATA133, channel 0 configured to compatibility, channel 1 configured to compatibility wd1 at pciide1 channel 0 drive 0: SAMSUNG SP1614N wd1: 16-sector PIO, LBA48, 152627MB, 312581808 sectors wd2 at pciide1 channel 0 drive 1: SAMSUNG SP1614N wd2: 16-sector PIO, LBA48, 152627MB, 312581808 sectors wd1(pciide1:0:0): using PIO mode 4, Ultra-DMA mode 5 wd2(pciide1:0:1): using PIO mode 4, Ultra-DMA mode 5 pciide1: channel 1 disabled (no drives) uhci0 at pci0 dev 16 function 0 VIA VT83C572 USB rev 0x81: irq 5 usb0 at uhci0: USB revision 1.0 uhub0 at usb0 uhub0: VIA UHCI root hub, class 9/0, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered uhci1 at pci0 dev 16 function 1 VIA VT83C572 USB rev 0x81: irq 5 usb1 at uhci1: USB revision 1.0 uhub1 at usb1 uhub1: VIA UHCI root hub, class 9/0, rev 1.00/1.00, addr 1 uhub1: 2 ports with 2 removable, self powered ehci0 at pci0 dev 16 function 4 VIA VT6202 USB rev 0x86: irq 10 ehci0: EHCI version 1.0 ehci0: companion controllers, 2 ports each: uhci0 uhci1 usb2 at ehci0: USB revision 2.0 uhub2 at usb2 uhub2: VIA EHCI root hub, class 9/0, rev 2.00/1.00, addr 1 uhub2: single transaction translator uhub2: 4 ports with 4 removable, self powered pcib0 at pci0 dev 17 function 0 VIA VT8237 ISA rev 0x00 xl1 at pci0 dev 19 function 0 3Com 3c905B 100Base-TX rev 0x24: irq 10, address CENSORED exphy1 at xl1 phy 24: 3Com internal media interface isa0 at pcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0 (mux 1 ignored for console): console keyboard, using wsdisplay0 pcppi0 at isa0 port 0x61 midi0 at pcppi0: PC speaker sysbeep0 at pcppi0 npx0 at isa0 port 0xf0/16: using exception 16 fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 biomask fff5 netmask fffd ttymask pctr: user-level cycle counter enabled mtrr: Pentium Pro MTRR support Kernelized RAIDframe activated dkcsum: wd0 matched BIOS disk 80 dkcsum: wd1 matched BIOS disk 81 dkcsum: wd2 matched BIOS disk 82 root on wd0a rootdev=0x0 rrootdev=0x300 rawdev=0x302 raid0 (root) Looks strange
Re: Floppy problems... (fdc missing in /dev)
On Monday 05 September 2005 21:23, [EMAIL PROTECTED] wrote: On Monday 05 September 2005 20:31, [EMAIL PROTECTED] wrote: Well I guess the floppy-controler on an ASUS K7V880 is noticed but not used. Simpler than that; the floppy controller appears to have no drives attached from the PoV of the kernel: DMESG: OpenBSD 3.7-stable (GENERIC) #1: Sun Aug 14 18:56:44 CEST 2005 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC Check your custom configuration with care; you may have broken something critical (e.g. left out the fd device). cpu0: AMD Duron(tm) (AuthenticAMD 686-class) 1.35 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX ,FXSR,SSE real mem = 267231232 (260968K) avail mem = 236531712 (230988K) using 3287 buffers containing 13463552 bytes (13148K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(00) BIOS, date 09/24/04, BIOS32 rev. 0 @ 0xf0010 apm0 at bios0: Power Management spec V1.2 apm0: AC on, battery charge unknown pcibios0 at bios0: rev 2.1 @ 0xf/0x1 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf4740/224 (12 entries) pcibios0: no compatible PCI ICU found: ICU vendor 0x1106 product 0x3227 pcibios0: Warning, unable to fix up PCI interrupt routing pcibios0: PCI bus #1 is the last bus bios0: ROM list: 0xc/0x8000 0xc8000/0x4400! cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 vendor VIA, unknown product 0x0269 rev 0x80 pchb1 at pci0 dev 0 function 1 vendor VIA, unknown product 0x1269 rev 0x00 pchb2 at pci0 dev 0 function 2 vendor VIA, unknown product 0x2269 rev 0x00 pchb3 at pci0 dev 0 function 3 vendor VIA, unknown product 0x3269 rev 0x00 pchb4 at pci0 dev 0 function 4 vendor VIA, unknown product 0x4269 rev 0x00 pchb5 at pci0 dev 0 function 7 vendor VIA, unknown product 0x7269 rev 0x00 ppb0 at pci0 dev 1 function 0 VIA VT8377 AGP rev 0x00 pci1 at ppb0 bus 1 vga1 at pci0 dev 12 function 0 Matrox MGA Millenium 2064W (Storm) rev 0x01 wsdisplay0 at vga1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) ath0 at pci0 dev 13 function 0 Atheros AR5212 rev 0x01: irq 5 ath0: mac 80.9 phy 4.3 radio 4.6, 802.11a/b/g, ETSI1W, address CENSORED gpio at ath0 not configured xl0 at pci0 dev 14 function 0 3Com 3c905B 100Base-TX rev 0x24: irq 3, address CENSORED exphy0 at xl0 phy 24: 3Com internal media interface pciide0 at pci0 dev 15 function 0 VIA VT8237 SATA rev 0x80: DMA pciide0: using irq 10 for native-PCI interrupt wd0 at pciide0 channel 0 drive 0: HDS722516VLSA80 wd0: 16-sector PIO, LBA48, 157066MB, 321672960 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5 pciide1 at pci0 dev 15 function 1 VIA VT82C571 IDE rev 0x06: ATA133, channel 0 configured to compatibility, channel 1 configured to compatibility wd1 at pciide1 channel 0 drive 0: SAMSUNG SP1614N wd1: 16-sector PIO, LBA48, 152627MB, 312581808 sectors wd2 at pciide1 channel 0 drive 1: SAMSUNG SP1614N wd2: 16-sector PIO, LBA48, 152627MB, 312581808 sectors wd1(pciide1:0:0): using PIO mode 4, Ultra-DMA mode 5 wd2(pciide1:0:1): using PIO mode 4, Ultra-DMA mode 5 pciide1: channel 1 disabled (no drives) uhci0 at pci0 dev 16 function 0 VIA VT83C572 USB rev 0x81: irq 5 usb0 at uhci0: USB revision 1.0 uhub0 at usb0 uhub0: VIA UHCI root hub, class 9/0, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered uhci1 at pci0 dev 16 function 1 VIA VT83C572 USB rev 0x81: irq 5 usb1 at uhci1: USB revision 1.0 uhub1 at usb1 uhub1: VIA UHCI root hub, class 9/0, rev 1.00/1.00, addr 1 uhub1: 2 ports with 2 removable, self powered ehci0 at pci0 dev 16 function 4 VIA VT6202 USB rev 0x86: irq 10 ehci0: EHCI version 1.0 ehci0: companion controllers, 2 ports each: uhci0 uhci1 usb2 at ehci0: USB revision 2.0 uhub2 at usb2 uhub2: VIA EHCI root hub, class 9/0, rev 2.00/1.00, addr 1 uhub2: single transaction translator uhub2: 4 ports with 4 removable, self powered pcib0 at pci0 dev 17 function 0 VIA VT8237 ISA rev 0x00 xl1 at pci0 dev 19 function 0 3Com 3c905B 100Base-TX rev 0x24: irq 10, address CENSORED exphy1 at xl1 phy 24: 3Com internal media interface isa0 at pcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0 (mux 1 ignored for console): console keyboard, using wsdisplay0 pcppi0 at isa0 port 0x61 midi0 at pcppi0: PC speaker sysbeep0 at pcppi0 npx0 at isa0 port 0xf0/16: using exception 16 fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 Notice that while the floppy controller fdc0 is seen, there are no floppy drives (fd0 at fdc0 flags 0x00 would be what you'd expect to see). biomask fff5 netmask fffd ttymask pctr: user-level cycle counter enabled mtrr: Pentium Pro MTRR support Kernelized RAIDframe activated dkcsum: wd0 matched BIOS disk 80 dkcsum: wd1 matched BIOS disk 81 dkcsum: wd2 matched BIOS disk 82 root on wd0a rootdev=0x0
Re: Floppy problems... (fdc missing in /dev)
[EMAIL PROTECTED] wrote: On Monday 05 September 2005 20:31, [EMAIL PROTECTED] wrote: Hello everybody, I've noticed that fdc isn't in /dev/. I noticed it during I tried to boot a floppy. fdc(4) is the floppy controller. If you read the manpage, you'll discover that the floppy *drive* is /dev/fd[0-3][A-H][a-p] Try looking at /dev/fd*, in particular /dev/fd0c for your floppy. -- Simon Farnsworth Thanks to all of you guys.. But I wouldn't write a mail if I didn't read the man-page already. I tried the whole combinations (yes, all of them). Well I guess the floppy-controler on an ASUS K7V880 is noticed but not used. DMESG: OpenBSD 3.7-stable (GENERIC) #1: Sun Aug 14 18:56:44 CEST 2005 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: AMD Duron(tm) (AuthenticAMD 686-class) 1.35 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE real mem = 267231232 (260968K) avail mem = 236531712 (230988K) using 3287 buffers containing 13463552 bytes (13148K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(00) BIOS, date 09/24/04, BIOS32 rev. 0 @ 0xf0010 apm0 at bios0: Power Management spec V1.2 apm0: AC on, battery charge unknown pcibios0 at bios0: rev 2.1 @ 0xf/0x1 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf4740/224 (12 entries) pcibios0: no compatible PCI ICU found: ICU vendor 0x1106 product 0x3227 pcibios0: Warning, unable to fix up PCI interrupt routing pcibios0: PCI bus #1 is the last bus bios0: ROM list: 0xc/0x8000 0xc8000/0x4400! cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 vendor VIA, unknown product 0x0269 rev 0x80 pchb1 at pci0 dev 0 function 1 vendor VIA, unknown product 0x1269 rev 0x00 pchb2 at pci0 dev 0 function 2 vendor VIA, unknown product 0x2269 rev 0x00 pchb3 at pci0 dev 0 function 3 vendor VIA, unknown product 0x3269 rev 0x00 pchb4 at pci0 dev 0 function 4 vendor VIA, unknown product 0x4269 rev 0x00 pchb5 at pci0 dev 0 function 7 vendor VIA, unknown product 0x7269 rev 0x00 ppb0 at pci0 dev 1 function 0 VIA VT8377 AGP rev 0x00 pci1 at ppb0 bus 1 vga1 at pci0 dev 12 function 0 Matrox MGA Millenium 2064W (Storm) rev 0x01 wsdisplay0 at vga1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) ath0 at pci0 dev 13 function 0 Atheros AR5212 rev 0x01: irq 5 ath0: mac 80.9 phy 4.3 radio 4.6, 802.11a/b/g, ETSI1W, address CENSORED gpio at ath0 not configured xl0 at pci0 dev 14 function 0 3Com 3c905B 100Base-TX rev 0x24: irq 3, address CENSORED exphy0 at xl0 phy 24: 3Com internal media interface pciide0 at pci0 dev 15 function 0 VIA VT8237 SATA rev 0x80: DMA pciide0: using irq 10 for native-PCI interrupt wd0 at pciide0 channel 0 drive 0: HDS722516VLSA80 wd0: 16-sector PIO, LBA48, 157066MB, 321672960 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5 pciide1 at pci0 dev 15 function 1 VIA VT82C571 IDE rev 0x06: ATA133, channel 0 configured to compatibility, channel 1 configured to compatibility wd1 at pciide1 channel 0 drive 0: SAMSUNG SP1614N wd1: 16-sector PIO, LBA48, 152627MB, 312581808 sectors wd2 at pciide1 channel 0 drive 1: SAMSUNG SP1614N wd2: 16-sector PIO, LBA48, 152627MB, 312581808 sectors wd1(pciide1:0:0): using PIO mode 4, Ultra-DMA mode 5 wd2(pciide1:0:1): using PIO mode 4, Ultra-DMA mode 5 pciide1: channel 1 disabled (no drives) uhci0 at pci0 dev 16 function 0 VIA VT83C572 USB rev 0x81: irq 5 usb0 at uhci0: USB revision 1.0 uhub0 at usb0 uhub0: VIA UHCI root hub, class 9/0, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered uhci1 at pci0 dev 16 function 1 VIA VT83C572 USB rev 0x81: irq 5 usb1 at uhci1: USB revision 1.0 uhub1 at usb1 uhub1: VIA UHCI root hub, class 9/0, rev 1.00/1.00, addr 1 uhub1: 2 ports with 2 removable, self powered ehci0 at pci0 dev 16 function 4 VIA VT6202 USB rev 0x86: irq 10 ehci0: EHCI version 1.0 ehci0: companion controllers, 2 ports each: uhci0 uhci1 usb2 at ehci0: USB revision 2.0 uhub2 at usb2 uhub2: VIA EHCI root hub, class 9/0, rev 2.00/1.00, addr 1 uhub2: single transaction translator uhub2: 4 ports with 4 removable, self powered pcib0 at pci0 dev 17 function 0 VIA VT8237 ISA rev 0x00 xl1 at pci0 dev 19 function 0 3Com 3c905B 100Base-TX rev 0x24: irq 10, address CENSORED exphy1 at xl1 phy 24: 3Com internal media interface isa0 at pcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0 (mux 1 ignored for console): console keyboard, using wsdisplay0 pcppi0 at isa0 port 0x61 midi0 at pcppi0: PC speaker sysbeep0 at pcppi0 npx0 at isa0 port 0xf0/16: using exception 16 fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 biomask fff5 netmask fffd ttymask pctr: user-level cycle counter enabled mtrr: Pentium Pro MTRR support Kernelized RAIDframe activated dkcsum: wd0 matched BIOS disk 80 dkcsum: wd1 matched BIOS disk 81 dkcsum: wd2 matched BIOS disk 82 root on wd0a rootdev=0x0 rrootdev=0x300 rawdev=0x302 raid0
Re: [OT]: good home switch?
How about a Dell PowerConnect 2216? They are currently $49US for an unmanaged 16port that can be rackmounted with the included hardware. Quiet and fairly reliable.
Re: [OT]: good home switch?
On 5-Sep-05, at 5:31 PM, Steven Bowers wrote: How about a Dell PowerConnect 2216? They are currently $49US for an unmanaged 16port that can be rackmounted with the included hardware. Quiet and fairly reliable. A friend of mine was once running a pentest at a client's site, and they had a Dell switch. No clue if it was this model, but I can guarantee you that the Dell switch did NOT survive a simple nmap scan.
Re: update /etc/changelist as part of package install?
On Mon, Sep 05, 2005 at 03:11:02PM -0400, Steve Shockley wrote: MikeyG wrote: Just a thought. For packages with sensitive system configs wouldn't it be useful if the install automatically patched /etc/changelist. Also it might help if they modified /etc/mtree/special too, although this is probably more difficult to get right. Packages shouldn't modify system configs like that, at most the package installer should inform the user to do so, or provide a script the user can run to do so. Well, we've quietly done it for shells, and I haven't seen anyone complaining yet... We also hack at whatis.db, and we quietly run ldconfig. Gee, is that bad ?
Re: Jose Nazario's dmesg explained for OpenBSD
Siju George wrote: Hi, In there an online openbsd version of http://linuxgazette.net/issue59/nazario.html by Jose?? I understad that it is there in his book but am unable to place it on the web :-( Please let me know if it exists on the web!!! Haven't seen such a beast. LONG ago (before nick@), I actually sat down to start working on such an article for my own (now mostly abandoned) OpenBSD help pages. That was back when I was mostly writing in Windows and uploading to OpenBSD web servers, and it was a royal pain in the butt to write, as almost every line in a dmesg points to a man page ('course, with what I know now, I could automate that part of the task with a little scripting. :) All you really need to do is understand just a little bit about how it is displayed, and start reading. Information-wise, it is one of the densest bits of writing you will normally see (short, perhaps, of a hex dump of a binary executable) -- almost everything has meaning. Let's look at a small snippet: pchb0 at pci0 dev 0 function 0 AMD 761 PCI rev 0x12 ppb0 at pci0 dev 1 function 0 AMD 761 PCI-PCI rev 0x00 pci1 at ppb0 bus 1 vga1 at pci1 dev 5 function 0 Matrox MGA G400/G450 AGP rev 0x04 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) pcib0 at pci0 dev 7 function 0 VIA VT82C686 ISA rev 0x40 pciide0 at pci0 dev 7 function 1 VIA VT82C571 IDE rev 0x06: ATA100, channel 0 configured to compatibility, channel 1 configured to compatibility wd0 at pciide0 channel 0 drive 0: WDC WD400BB-75AUA1 wd0: 16-sector PIO, LBA, 38166MB, 78165360 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5 The first word of most dmesg lines is a device driver, and in this case, they all are: pchb, ppb, pci, vga, wsdisplay, pcib, pciide, wd. And (get this!) they each have a man page! Is that cool or what? :) So, you want to learn about wsdisplay, man 4 wsdisplay. In this case, ppb0 is a PCI-PCI bridge, giving you another PCI bus (pci1) attached to the first one (pci0). That second PCI bus has the vga(4) driver hanging off it, and the wsdisplay(4) driver hangs off vga(4). There's an ISA bus which isn't being used in this snippet, but is used later in the sysetm for the ISA devices like the keyboard, DMA controller, etc. (take note: that's one reason why you DON'T SNIP YOUR DMESG when asking for help!). There's an IDE interface hanging off pci0, and that has a wd(4)-supported disk hanging off it. Nifty, eh? yeah, I probably should write up a how to read a dmesg article, probably be a little long for the FAQ (or maybe not, I *do* get to make those decisions!), but there are other places it could be put. We could end up with a whole chorus of people on misc@ beating the snot out of people who don't post dmesgs or snip them down to only the part THEY think we need. Might be a good thing. :) Nick.
Volume based internet restrictions
Greets I am setting up an openbsd router to manage a companies intenet access, and would like to deploy volume based internet usage. I have setup squid, but it doesn't seem to have any options to limit a user by volume of traffic, only bandwidth. Is there any solution to do this? I pretty much want to limit volume to may 50mb a day per user and have it refresh each day. I don;t care what they look at or how fast they get it, only that its no more that 50mb per day. Or is there another solution or recommendation someone can make. Thanks in advance for any help Fletch p.s. Have had no problems getting openbsd to run and think I'm gong to convert from Linux, as it just seems to be a hell of a lot better. Keep up the good work.
Re: Floppy problems... (fdc missing in /dev)
floppys are not supported on amd. Has been in the archives for ages. If you had included the dmesg as you are supposed to you would not have been wasting everyones time (as usual). Art wrote a nice rant about why not a few weeks ago. On Mon, Sep 05, 2005 at 10:23:56PM +0200, [EMAIL PROTECTED] wrote: On Monday 05 September 2005 20:31, [EMAIL PROTECTED] wrote: Hello everybody, I've noticed that fdc isn't in /dev/. I noticed it during I tried to boot a floppy. fdc(4) is the floppy controller. If you read the manpage, you'll discover that the floppy *drive* is /dev/fd[0-3][A-H][a-p] Try looking at /dev/fd*, in particular /dev/fd0c for your floppy. -- Simon Farnsworth Thanks to all of you guys.. But I wouldn't write a mail if I didn't read the man-page already. I tried the whole combinations (yes, all of them). Well I guess the floppy-controler on an ASUS K7V880 is noticed but not used. DMESG: OpenBSD 3.7-stable (GENERIC) #1: Sun Aug 14 18:56:44 CEST 2005 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: AMD Duron(tm) (AuthenticAMD 686-class) 1.35 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE real mem = 267231232 (260968K) avail mem = 236531712 (230988K) using 3287 buffers containing 13463552 bytes (13148K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(00) BIOS, date 09/24/04, BIOS32 rev. 0 @ 0xf0010 apm0 at bios0: Power Management spec V1.2 apm0: AC on, battery charge unknown pcibios0 at bios0: rev 2.1 @ 0xf/0x1 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf4740/224 (12 entries) pcibios0: no compatible PCI ICU found: ICU vendor 0x1106 product 0x3227 pcibios0: Warning, unable to fix up PCI interrupt routing pcibios0: PCI bus #1 is the last bus bios0: ROM list: 0xc/0x8000 0xc8000/0x4400! cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 vendor VIA, unknown product 0x0269 rev 0x80 pchb1 at pci0 dev 0 function 1 vendor VIA, unknown product 0x1269 rev 0x00 pchb2 at pci0 dev 0 function 2 vendor VIA, unknown product 0x2269 rev 0x00 pchb3 at pci0 dev 0 function 3 vendor VIA, unknown product 0x3269 rev 0x00 pchb4 at pci0 dev 0 function 4 vendor VIA, unknown product 0x4269 rev 0x00 pchb5 at pci0 dev 0 function 7 vendor VIA, unknown product 0x7269 rev 0x00 ppb0 at pci0 dev 1 function 0 VIA VT8377 AGP rev 0x00 pci1 at ppb0 bus 1 vga1 at pci0 dev 12 function 0 Matrox MGA Millenium 2064W (Storm) rev 0x01 wsdisplay0 at vga1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) ath0 at pci0 dev 13 function 0 Atheros AR5212 rev 0x01: irq 5 ath0: mac 80.9 phy 4.3 radio 4.6, 802.11a/b/g, ETSI1W, address CENSORED gpio at ath0 not configured xl0 at pci0 dev 14 function 0 3Com 3c905B 100Base-TX rev 0x24: irq 3, address CENSORED exphy0 at xl0 phy 24: 3Com internal media interface pciide0 at pci0 dev 15 function 0 VIA VT8237 SATA rev 0x80: DMA pciide0: using irq 10 for native-PCI interrupt wd0 at pciide0 channel 0 drive 0: HDS722516VLSA80 wd0: 16-sector PIO, LBA48, 157066MB, 321672960 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5 pciide1 at pci0 dev 15 function 1 VIA VT82C571 IDE rev 0x06: ATA133, channel 0 configured to compatibility, channel 1 configured to compatibility wd1 at pciide1 channel 0 drive 0: SAMSUNG SP1614N wd1: 16-sector PIO, LBA48, 152627MB, 312581808 sectors wd2 at pciide1 channel 0 drive 1: SAMSUNG SP1614N wd2: 16-sector PIO, LBA48, 152627MB, 312581808 sectors wd1(pciide1:0:0): using PIO mode 4, Ultra-DMA mode 5 wd2(pciide1:0:1): using PIO mode 4, Ultra-DMA mode 5 pciide1: channel 1 disabled (no drives) uhci0 at pci0 dev 16 function 0 VIA VT83C572 USB rev 0x81: irq 5 usb0 at uhci0: USB revision 1.0 uhub0 at usb0 uhub0: VIA UHCI root hub, class 9/0, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered uhci1 at pci0 dev 16 function 1 VIA VT83C572 USB rev 0x81: irq 5 usb1 at uhci1: USB revision 1.0 uhub1 at usb1 uhub1: VIA UHCI root hub, class 9/0, rev 1.00/1.00, addr 1 uhub1: 2 ports with 2 removable, self powered ehci0 at pci0 dev 16 function 4 VIA VT6202 USB rev 0x86: irq 10 ehci0: EHCI version 1.0 ehci0: companion controllers, 2 ports each: uhci0 uhci1 usb2 at ehci0: USB revision 2.0 uhub2 at usb2 uhub2: VIA EHCI root hub, class 9/0, rev 2.00/1.00, addr 1 uhub2: single transaction translator uhub2: 4 ports with 4 removable, self powered pcib0 at pci0 dev 17 function 0 VIA VT8237 ISA rev 0x00 xl1 at pci0 dev 19 function 0 3Com 3c905B 100Base-TX rev 0x24: irq 10, address CENSORED exphy1 at xl1 phy 24: 3Com internal media interface isa0 at pcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0 (mux 1 ignored for console): console keyboard, using wsdisplay0 pcppi0 at isa0 port 0x61 midi0 at pcppi0: PC speaker sysbeep0 at
Re: Floppy problems... (fdc missing in /dev)
On Monday 05 September 2005 23:47, Marco Peereboom wrote: floppys are not supported on amd. Has been in the archives for ages. If you had included the dmesg as you are supposed to you would not have been wasting everyones time (as usual). Art wrote a nice rant about why not a few weeks ago. I've just been and read Art's rant about why not at http://archives.neohapsis.com/archives/openbsd/2005-08/0254.html - he seems to be on about AMD64, not AMD Duron (which are i386 architecture). Is there some bug I'm unaware of in AMD's implementation of i386, but not Intel's, that prevents floppies working properly? If so, how come they work with my pre-Duron, let alone AMD64 Windows 95 disks? -- Simon Farnsworth [demime 1.01d removed an attachment of type application/pgp-signature]
OpenBSD 3.8-beta Alpha panic with pppoe
Hello List, I am unable to get pppoe to work with an alpha that I want to use as a firewall. It panics amap_wipeout: corrupt amap when I connect the ADSL Speedstream modem to any of the three nic's. I have used the same hostname.pppoe0 and ppp.conf files with the same modem and a secondary nic on an i386 successfully. My assumption is this is hardware related to the alpha and not OpenBSD. Would anyone be able to check this out and verify this or let me know how I can correct this error. Would ukc disable amap work? I Googled this and did not find any information on this. Thank you, rogern John 3:16 ppp.conf pppoedev de1 !/sbin/ifconfig de1 up !/usr/sbin/spppcontrol \$if myauthproto=pap myauthname=xx \ myauthkey=xx !/sbin/ifconfig \$if inet 0.0.0.0 0.0.0.1 netmask 0x !/sbin/route add default 0.0.0.1 up default: set log Phase Chat LCP IPCP CCP tun command set redial 15 0 set reconnect 15 0 pppoe: set device !/usr/sbin/pppoe -i de1 disable acfcomp protocomp deny acfcomp set mtu max 1492 set speed sync enable lqr set lqrperiod 5 set cd 5 set dial set login set timeout 0 set authname xx http://by104fd.bay104.hotmail.msn.com/cgi-bin/compose?curmbox=----0005a=d9d1a96b13850385229d6349db56a66cb301e5b1c03f299849ee88a783abf3a5mailto=1[EMAIL PROTECTED]msg=905312EE-3B52-4260-B863-71F6B0932ECBstart=0len=71831src=type=x set authkey xx add! default HISADDR enable dns enable mssfixup Script started on Fri Sep 2 17:09:14 2005 # cu -l tty00Connected ^C DKA0 DKA0 is not executable boot DKA0 (boot dka0.0.0.1004.0 -flags a) block 0 of dka0.0.0.1004.0 is a valid boot block reading 15 blocks from dka0.0.0.1004.0 bootstrap code read in base = 1d8000, image_start = 0, image_bytes = 1e00 initializing HWRPB at 2000 initializing page table at 1ca000 initializing machine state setting affinity to the primary CPU jumping to bootstrap code OpenBSD/Alpha Primary Boot ...OpenBSD/Alpha boot 1.7 VMS PAL rev: 0x100010114, OSF PAL rev: 0x100020116 Loading bsd... [ using 471328 bytes of bsd ELF symbol table ] consinit: not using prom console Copyright (c) 1982, 1986, 1989, 1991, 1993 The Regents of the University of California. All rights reserved. Copyright (c) 1995-2005 OpenBSD. All rights reserved. http://www.OpenBSD.org OpenBSD 3.8-beta (GENERIC) #573: Tue Aug 23 02:20:28 MDT 2005 [EMAIL PROTECTED] http://by104fd.bay104.hotmail.msn.com/cgi-bin/compose?curmbox=----0005a=d9d1a96b13850385229d6349db56a66cb301e5b1c03f299849ee88a783abf3a5mailto=1[EMAIL PROTECTED]msg=905312EE-3B52-4260-B863-71F6B0932ECBstart=0len=71831src=type=x:/usr/src/sys/arch/alpha/compile/GENERIC Digital Personal WorkStation 500au, 500MHz 8192 byte page size, 1 processor. total memory = 134217728 (131072K) (1941504 reserved for PROM, 132276224 used by OpenBSD) avail memory = 109191168 (106632K) using 1614 buffers containing 13221888 bytes (12912K) of memory mainbus0 (root) cpu0 at mainbus0: ID 0 (primary), 21164A-0 (unknown minor type 0) cpu0: Architecture extensions: 1BWX cia0 at mainbus0: DECchip 2117x Core Logic Chipset (Pyxis), pass 1 cia0: extended capabilities: 1BWEN cia0: using BWX for PCI config and bus access pci0 at cia0 bus 0 de0 at pci0 dev 3 function 0 DEC 21142/3 rev 0x30: dec 550 irq 0 de0: DEC pass 3.0 address 00:00:f8:76:73:52 sio0 at pci0 dev 7 function 0 Contaq Microsystems CY82C693U ISA rev 0x00 pciide0 at pci0 dev 7 function 1 Contaq Microsystems CY82C693U ISA rev 0x00: DMA, channel 0 wired to compatibility pciide0: channel 0 disabled (no drives) pciide1 at pci0 dev 7 function 2 Contaq Microsystems CY82C693U ISA rev 0x00: no DMA, channel 0 wired to compatibility atapiscsi0 at pciide1 channel 0 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: TOSHIBA, CD-ROM XM-6302B, 1017 SCSI0 5/cdrom removable cd0(pciide1:0:0): using PIO mode 4 ohci0 at pci0 dev 7 function 3 Contaq Microsystems CY82C693U ISA rev 0x00: isa irq 10, version 1.0, legacy support usb0 at ohci0: USB revision 1.0 uhub0 at usb0 uhub0: Contaq Microsys OHCI root hub, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered tga0 at pci0 dev 11 function 0 DEC TGA2 rev 0x22: TGA2 pass 2, board type T8-02 tga0: 1024 x 768, 8bpp, Bt485 RAMDAC tga0: interrupting at dec 550 irq 4 wsdisplay0 at tga0 mux 1 wsdisplay0: screen 0 added (std, vt100 emulation) ppb0 at pci0 dev 20 function 0 DEC 21152 PCI-PCI rev 0x03 pci1 at ppb0 bus 1 isp0 at pci1 dev 4 function 0 QLogic ISP1020 rev 0x05: dec 550 irq 3 isp0: invalid NVRAM header scsibus1 at isp0: 16 targets sd0 at scsibus1 targ 0 lun 0: DEC, RZ2CC-KA (C) DEC, 5520 SCSI2 0/direct fixed sd0: 4091MB, 3708 cyl, 20 head,
I built me a router
So anyway, I got this whole router thing done and installed. Did some tests across it before the big rush back tomorrow for everyone. I started documenting it so others can get an idea of what to expect. I've got the basic description done but was not sure what people would want to see as far as performance statistics? All I have really done was used iperf across the router in two different directions (eg: em1 - em2, em3 - em4 and one int em5) and measured pps (via netstat) and interrupts (via vmstat) and the resulting iperf data. The other downer is the lack of some gigabit devices to hammer it at gigabit speeds. I am stuck pushing 100MB at it... The more I look at that stuff, the less it has meaning. Under the above, the router handles 25k/pps at about 25-30% interrupts... but if I set the iperf packet size down to 68bytes, it jumps significantly higher but the interupts soar for obvious reasons. So it all starts seeming like marketing bull. Aside from the box and configuration, what would someone who was smarter than me that was considering doing this want to know? During the day its running for business, but nights I can pound on it all I want, as long as I don't lock it up... long drive back in. Any measurement suggestions would be welcome! Bill PS. Thanks to those along the way that gave advice, a smack in the right direction, or questioned my sanity :) -- Bill Chmura Director of Internet Technology Explosivo ITG Wolcott, CT p: 860.621.8693 e: [EMAIL PROTECTED] w. http://www.explosivo.com
Re: I built me a router - addendeum
I should note that this is not an internet router, but for the middle of a 100MB network... Its not for a lower usage internet connection. On Tue, 6 Sep 2005 00:22:29 -0400 Bill [EMAIL PROTECTED] wrote: So anyway, I got this whole router thing done and installed. Did some tests across it before the big rush back tomorrow for everyone. I started documenting it so others can get an idea of what to expect. I've got the basic description done but was not sure what people would want to see as far as performance statistics? All I have really done was used iperf across the router in two different directions (eg: em1 - em2, em3 - em4 and one int em5) and measured pps (via netstat) and interrupts (via vmstat) and the resulting iperf data. The other downer is the lack of some gigabit devices to hammer it at gigabit speeds. I am stuck pushing 100MB at it... The more I look at that stuff, the less it has meaning. Under the above, the router handles 25k/pps at about 25-30% interrupts... but if I set the iperf packet size down to 68bytes, it jumps significantly higher but the interupts soar for obvious reasons. So it all starts seeming like marketing bull. Aside from the box and configuration, what would someone who was smarter than me that was considering doing this want to know? During the day its running for business, but nights I can pound on it all I want, as long as I don't lock it up... long drive back in. Any measurement suggestions would be welcome! Bill PS. Thanks to those along the way that gave advice, a smack in the right direction, or questioned my sanity :) --
Re: Floppy problems... (fdc missing in /dev)
Don't forget the basics... is the floppy ribbon cable connected? is the floppy ribbon cable known to be good? are the connectors fully seated, try reseating them? is the power connected to the drive? is the drive connected after the cable twist? is the drive known to be good? -- John Brooks [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Antti Nykdnen Sent: Monday, September 05, 2005 2:52 PM To: misc@openbsd.org Subject: Re: Floppy problems... (fdc missing in /dev) On 2005-09-05 at 21:31, [EMAIL PROTECTED] wrote: I've noticed that fdc isn't in /dev/. I noticed it during I tried to boot a floppy. You probably want to access a floppy drive, which are called fd*, not fdc*. From fdc(4): The standard names of a floppy drive will take the form /dev/fd{0,1,2,3}{,B,C,D,E,F,G,H}[a-p]. On a working system you'd supposedly get something like: fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec HTH
Re: Jose Nazario's dmesg explained for OpenBSD
On 9/5/05, Nick Holland [EMAIL PROTECTED] wrote: The first word of most dmesg lines is a device driver, and in this case, they all are: pchb, ppb, pci, vga, wsdisplay, pcib, pciide, wd. And (get this!) they each have a man page! Is that cool or what? :) So, you want to learn about wsdisplay, man 4 wsdisplay. IMO, this is one of the best features of the *BSDs. Once when ssh'd into a Linux box and failing to remember the proper module parameter syntax for parport and parport_pc, I thought something was seriously wrong with the system when 'man 4 parport' failed to return anything, until I remembered that they didn't have man pages for every driver in Linux. (I suppose you could argue that something *is* seriously wrong with that, albeit by design.) I eventually found what I was looking for, either somewhere in the kernel tree, or by running strings on parport.ko, but a man page would have been a lot nicer! yeah, I probably should write up a how to read a dmesg article, probably be a little long for the FAQ (or maybe not, I *do* get to make those decisions!), but there are other places it could be put. We could end up with a whole chorus of people on misc@ beating the snot out of people who don't post dmesgs or snip them down to only the part THEY think we need. Might be a good thing. :) 'Twould be nice. I can parse a dmesg pretty well, but there are some esoterica in it I'm not sure about, such as the stuff at the end of the dmesg like this: === a) biomask e74d netmask ff4d ttymask ffef b) pctr: no performance counters in CPU c) dkcsum: wd0 matched BIOS disk 80 d) root on wd0a e) rootdev=0x0 rrootdev=0x300 rawdev=0x302 === a) I suppose these are masks that work much like umask, but I have no idea how to parse them. b) pctr has a man page, ok, easy enough... it's telling me a 486 lacks a TSC.. c) no man page for dkcsum but I can guess that it's computing a checksum of each [sw]d? hard disk (its MBR?) and comparing it to the BIOS disk list, which goes 0x80, 0x81, etc. to pair them up, although I thought that at this point in the boot process we're not using the BIOS INT13 routines any more, so it's purely informational. Close? d) Obvious to any competent user, I'd hope. e) The major/minor device numbers in /dev. wd0a is 0,0; rwd0a is 3,0; rwd0c is 3,2. Might not be obvious to someone not familiar with mknod, etc. (Hell, an explanation of the difference between wd0a and rwd0a would be a good FAQ entry); using device names (like wd0a) may be an improvement, unless the in-kernel device table is minimal, in which case there's no need to bloat it out. Putting an article in the FAQ would be nice, even if it's just most drivers have a man page in section 4, as that's the first place I look after the man pages, as is occasionally more useful, such as for ppp -- it gives a nice basic config, but both the ppp.conf example file and the man page are LONG. Which isn't necessarily bad, but sometimes simple instructions are better. I see a little blip about section 4 for devices in FAQ 9.1, but it doesn't mention the dmesg there. While I'm on it, I can throw up a couple dmesgen from vastly different i386 boxen (and maybe a mac68k) and comment them, subject to your correction of course, if you'd like. Andrew
Re: Jose Nazario's dmesg explained for OpenBSD
On 9/5/05, Nick Holland [EMAIL PROTECTED] wrote: Siju George wrote: Hi, In there an online openbsd version of http://linuxgazette.net/issue59/nazario.html by Jose?? I understad that it is there in his book but am unable to place it on the web :-( Please let me know if it exists on the web!!! Haven't seen such a beast. LONG ago (before nick@), I actually sat down to start working on such an article for my own (now mostly abandoned) OpenBSD help pages. That was back when I was mostly writing in Windows and uploading to OpenBSD web servers, and it was a royal pain in the butt to write, as almost every line in a dmesg points to a man page ('course, with what I know now, I could automate that part of the task with a little scripting. :) yeah, I probably should write up a how to read a dmesg article, probably be a little long for the FAQ (or maybe not, I *do* get to make those decisions!), but there are other places it could be put. We could end up with a whole chorus of people on misc@ beating the snot out of people who don't post dmesgs or snip them down to only the part THEY think we need. Might be a good thing. :) Thankyou so much Nick for the detailed reply. You are so kind :-) Yes Nick, if thr FAQ has how to read a dmesg it would be really nice. Thankyou so much once again. Kind regards Siju