Re: could not read symbols File truncated
Ted Unangst wrote: sounds like the file got truncated. reinstall the full version. That's the first thing I did, actually. I totally reinstalled x.org from the latest snapshot tarballs. Note that I can reproduce this on another box with a different snapshot/architecture. Thanks for the pointer though. Antoine
An error on the website
Hi, There seems to be an error on the website: http://www.openbsd.org/cgi-bin/man.cgi/faq.html It is not possible to load the gzip'd tar of 3.5 up until current. Friendly, Rico
Re: RAID for dummies
On Mon, Oct 10, 2005 at 11:09:39PM -0500, J Moore wrote: I want to set up an OBSD box as a file server for some Windoze boxes. I think a RAID 1 setup will provide sufficient reliability - and it appears to be the cheapest way to go. I don't desire to become an expert on RAID, I don't want to spend a lot of money, and I'm confused by what I've read on the subject. Here's how I'd like it to work: One of the disks craps out... an alarm goes off... I walk in with a new drive, and replace the failed one (hot-swap?)... beeping stops... no data is lost, system heals itself by taking care of the new drive... years pass, and life is good. Is this feasible - can I remain ignorant of the RAID details and jargon, and still benefit from it? Thanks, Jay Having just had a - more or less - positive experience with my shiny new (software) RAID-1 over two 'shiny' old, old 4 GB IDE disks I dug out of somewhere on my 'shiny' 'new' PII machine, I can say a couple of things. Note that this is just out of personal experience, this is the first RAID I've ever built outside of testing with two loopback files on Linux, and that I've read TFM a couple of times. In my case, I sat down at the console. I tried to log in, and was greeted by the kernel aborting transactions to the second IDE bus, and very little happening. The system was unresponsive (not totally, but quite annoyingly so) and wouldn't log me in, from what I could guess, from not being able to update logs and wtmp. I powered down, examined the disk, powered up, noticed the second IDE interface was disabled according to dmesg, and was greeted by a flurry of parity rebuild (which failed immediately, unsurprisingly) and fsck messages. After some verification and rebuilding /var/run/ld.so.hints (which, apparently, got hit a little too close by fsck), the machine was back in business. RAID is cool. However, having some technical knowledge is always required. I don't find it overly complex - if you can get to -stable, you can get a (software, never had the chance to tinker with hardware) RAID working. And backups are very, very useful. Even if only because RAID makes you feel slightly too confident, which isn't justified when newfs'ing the wrong partition. (For those interested, the above was set up as a testing box, built out of mostly untrusted components; it managed to compile -stable and a couple of ports, twice, so memory c seem to be good - but one disk didn't want to work at all, and a second died as described above. Two down, two to go... I'll look at replacement parts. And yes, I newfs'ed the wrong partition. It was late, I knew there was nothing important on the box, and I was pretty confident in the RAID. After newfs'ing /, it was time for a reinstall...) Joachim
Re: Compatibility question for the New Sun X4100 server with 4FastEthernet as possible BGP routers, or stick with HP DL-145 G2?
I just came across an interesting white paper with lots more detail: http://www.computerworld.com/x64/pdfs/ Sun_Fire_X4100_and_4200_WP_v14.pdf Sam
SCSI HBA support questions
Can anyone confirm that an Adaptec AHA-1542 works with anything since 3.6? I found that support for it was silently broken sometime in 3.x, even though it's listed as supported hardware for x86. Also, I have 3 PCI Bustek adapters (BT-958D, BT-958, BT-946C) in a different machine, but booting up the 3.5 or 3.6 install disks hangs during autoprobe. So does NetBSD 2.x, although strangely NetBSD 1.6.2 is running on it just fine. I only bring this up because this may give some clue as to when the code for these cards stopped working (it is my impression that some code gets shared between the two, although I do not know exactly how or in what direction). Also, there's another compute, a Compaq PPro server, with a dual integrated Adaptec AIC-7xxx controller, but I got various SCSI errors trying to install on it. I have details at home and can post them if necessary. I like BSD, but it's really picky about hardware sometimes, and I've been forced to install Linux instead on more than one occasion because BSDs simply wouldn't boot. -- http://www.lightconsulting.com/~travis/ -- GPG fingerprint: 50A1 15C5 A9DE 23B9 ED98 C93E 38E9 204A 94C2 641B
Re: SCSI HBA support questions
Can anyone confirm that an Adaptec AHA-1542 works with anything since 3.6? I found that support for it was silently broken sometime in 3.x, even though it's listed as supported hardware for x86. I'm afraid the driver does not work, unless your machine has 16MB of memory (or less). Fixing this is on my list, but real-life issue have been in the way. Miod
Audio play too fast on AC97 onboard
misc@openbsd.org Audio play too fast on AC97 onboard Hello I noticed it with OpenBSD 3.4 it didn't change up to 3.7. I didn't report that because i din't use sound so much before 3.7. Now i'm using OBSD much more so sound start to be important for me:) First of all, the audio play too fast. I searched on mailing list archives, i find that it's nothing new because some audio chips works with 48000Hz. The solution was to set playing rate to 44100 with audioctl. So this is what # audioctl -a gives me: name=VIA VT82C686A version= config=auvia encodings=ulinear:8,mulaw:8*,alaw:8*,slinear:8*,slinear_le:16,ulinear_le:16*,slinear_be:16*,ulinear_be:16* properties=full_duplex,mmap,independent full_duplex=0 fullduplex=0 blocksize=9600 hiwat=6 lowat=1 monitor_gain=0 mode= play.rate=48000 play.channels=2 play.precision=16 play.encoding=slinear_le play.gain=127 play.balance=32 play.port=0x0 play.avail_ports=0x0 play.seek=9600 play.samples=26874240 play.eof=0 play.pause=0 play.error=1 play.waiting=0 play.open=0 play.active=0 play.buffer_size=65536 record.rate=48000 record.channels=1 record.precision=8 record.encoding=mulaw record.gain=191 record.balance=32 record.port=0x1 record.avail_ports=0x7 record.seek=0 record.samples=0 record.eof=0 record.pause=0 record.error=0 record.waiting=0 record.open=0 record.active=0 record.buffer_size=65536 record.errors=0 I try to make # audioctl play.rate=44100 but the answer was: audioctl: set failed: Invalid argument I read that sometimes even witht hat notice it is working. But not thios time. Play rate is still 48000. Another intresting thing is that sometimes i get notice on terminal like this: auvia0: codec invalid. Here is my dmesg: OpenBSD 3.7 (GENERIC) #50: Sun Mar 20 00:01:57 MST 2005 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: AMD Duron(tm) Processor (AuthenticAMD 686-class) 952 MHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR real mem = 267952128 (261672K) avail mem = 237600768 (232032K) using 3296 buffers containing 13500416 bytes (13184K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(3b) BIOS, date 12/16/02, BIOS32 rev. 0 @ 0xfb350 apm0 at bios0: Power Management spec V1.2 apm0: AC on, battery charge unknown pcibios0 at bios0: rev 2.1 @ 0xf/0xb7d0 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdce0/112 (5 entries) pcibios0: PCI Exclusive IRQs: 7 10 11 pcibios0: PCI Interrupt Router at 000:07:0 (VIA VT82C596A ISA rev 0x00) pcibios0: PCI bus #1 is the last bus bios0: ROM list: 0xc/0xd000 cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 VIA VT8363 Host rev 0x02 ppb0 at pci0 dev 1 function 0 VIA VT8363 AGP rev 0x00 pci1 at ppb0 bus 1 vga1 at pci1 dev 0 function 0 vendor ATI, unknown product 0x4153 rev 0x00 wsdisplay0 at vga1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) vendor ATI, unknown product 0x4173 (class display subclass miscellaneous, rev 0x00) at pci1 dev 0 function 1 not configured pcib0 at pci0 dev 7 function 0 VIA VT82C686 ISA rev 0x22 pciide0 at pci0 dev 7 function 1 VIA VT82C571 IDE rev 0x10: ATA66, channel 0 configured to compatibility, channel 1 configured to compatibility wd0 at pciide0 channel 0 drive 0: Maxtor 6Y060L0 wd0: 16-sector PIO, LBA, 58644MB, 120103200 sectors atapiscsi0 at pciide0 channel 0 drive 1 scsibus0 at atapiscsi0: 2 targets sd0 at scsibus0 targ 0 lun 0: MITBISHI, LS-120 COSM 05, 0512 SCSI0 0/direct removable sd0(atapiscsi0:0:0): Check Condition (error 0x70) on opcode 0x1b SENSE KEY: Not Ready ASC/ASCQ: Medium Not Present sd0: drive offline wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 4 sd0(pciide0:0:1): using PIO mode 0 atapiscsi1 at pciide0 channel 1 drive 0 scsibus1 at atapiscsi1: 2 targets cd0 at scsibus1 targ 0 lun 0: _NEC, CD-RW NR-9100A, 2.12 SCSI0 5/cdrom removable atapiscsi2 at pciide0 channel 1 drive 1 scsibus2 at atapiscsi2: 2 targets cd1 at scsibus2 targ 0 lun 0: _NEC, DVD_RW ND-3520A, 1.04 SCSI0 5/cdrom removable cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2 cd1(pciide0:1:1): using PIO mode 4, Ultra-DMA mode 2 uhci0 at pci0 dev 7 function 2 VIA VT83C572 USB rev 0x10: irq 11 usb0 at uhci0: USB revision 1.0 uhub0 at usb0 uhub0: VIA UHCI root hub, class 9/0, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered uhci1 at pci0 dev 7 function 3 VIA VT83C572 USB rev 0x10: irq 11 usb1 at uhci1: USB revision 1.0 uhub1 at usb1 uhub1: VIA UHCI root hub, class 9/0, rev 1.00/1.00, addr 1 uhub1: 2 ports with 2 removable, self powered viaenv0 at pci0 dev 7 function 4 VIA VT82C686 SMBus rev 0x30 auvia0 at pci0 dev 7 function 5 VIA VT82C686 AC97 rev 0x20: irq 7 ac97: codec id 0x83847609 (SigmaTel STAC9721/23) ac97: codec features 18 bit DAC, 18 bit ADC, SigmaTel 3D audio0 at auvia0 rl0 at pci0 dev 8 function 0 Realtek 8139 rev 0x10: irq 10 address 00:c0:df:12:12:f1 rlphy0 at rl0 phy 0: RTL internal phy xl0 at pci0
Re: Audio play too fast on AC97 onboard
--On 11 October 2005 12:21 +0200, Marcin Wilk wrote: Audio play too fast on AC97 onboard Can anyone suggest some solution for me please ? http://archives.neohapsis.com/archives/openbsd/2004-01/0764.html
isakmpd.conf multinet question
Hi, currently I have a VPN consisting of this: (..snip..) [tunnel-opengw-cisco] Phase= 2 ISAKMP-peer=cisco Configuration= quick-mode Local-ID= net-opengw Remote-ID= net-remote (..snip..) Can I add a second net to the remote end like this: Remote-ID= net-remote, net-remote2 -- Runo Fxrrisdahl - TeleComputing IS http://www.telecomputing.no/
Re: RAID for dummies
Rod.. Whitworth wrote: On Mon, 10 Oct 2005 23:09:39 -0500, J Moore wrote: I want to set up an OBSD box as a file server for some Windoze boxes. I think a RAID 1 setup will provide sufficient reliability - and it appears to be the cheapest way to go. I don't desire to become an expert on RAID, I don't want to spend a lot of money, and I'm confused by what I've read on the subject. Here's how I'd like it to work: Danger! Danger! :) One of the disks craps out... an alarm goes off... I walk in with a new drive, and replace the failed one (hot-swap?)... beeping stops... no data is lost, system heals itself by taking care of the new drive... years pass, and life is good. Is this feasible - can I remain ignorant of the RAID details and jargon, and still benefit from it? Well, gee. That sounds like such a reasonable request. For HW RAID, this should be possible, unfortunately, it is rarely that simple. There's only one RAID system that I think is anything close to as simple as you desire: ... Accusys ACS-7500 or its competitors. No equity position in any of them. And yes, that's it. :) I'll admit to a lot of sweat equity in the Accusys ACS7500. I love the things -- the simplicity, the fact that they usually just work, etc. As close as they are to Just Working, I still felt the following notes are important: http://www.holland-consulting.net/tech/acs7500.html I also note that if you google for ACS7500, you end up seeing that page before seeing the Accusys website...their site is really lame. There's some stuff I'm finding burried under the covers of their website...I'll be updating my page sometime soon (hopefully). I've recently found the ACS7500 has a mostly-hidden serial interface and apparently has the ability to be managed/monitored via the ATA interface and that serial interface. That leads to some interesting possibilities (though, at the moment, ONLY possibilities -- there is no OpenBSD support for the ATA-based management at the moment, and the serial interface is mostly undocumented)... I will also (hopefully) be getting an ACS7630 soon, I'm sure I'll have something to say about it when I get it... Anyway...you HAVE to spend time getting to know whatever RAID solution you are using. Practice, practice, practice!!! Try swapping drives -- what happens if you swap a drive with a larger drive? smaller drive? how does it indicate errors? etc... In short: never trust anyone else to haul your butt out of the fire. Nick.
Re: isakmpd.conf multinet question
I did it by specifying each net-to-net connection. I need to look at the new 3.8 Ipsec tools to see if I can clean this up. Another example (and the one I initially referenced) can be found in /usr/share/ipsec/isakmpd/VPN-3way-template.conf . (isakmpd via OBSD 3.6): [Phase 1] 1.2.3.4=ISAKMP-Remote [Phase 2] Connections=Remote-Net1,Remote-Net2,Remote-Net3 [ISAKMP-Remote] Phase= 1 Transport= udp Address=1.2.3.4 Configuration= Main-Mode Authentication= somecrazylookingword [Remote-Net1] Phase= 2 Configuration= Quick-Mode Local-ID= Local-Net1 Remote-ID= Remote-Net1 ISAKMP-peer=ISAKMP-Remote [Remote-Net2] Phase= 2 Configuration= Quick-Mode Local-ID= Local-Net1 Remote-ID= Remote-Net2 ISAKMP-peer=ISAKMP-Remote [Remote-Net3] Phase= 2 Configuration= Quick-Mode Local-ID= Local-Net1 Remote-ID= Remote-Net3 ISAKMP-peer=ISAKMP-Remote [Local-Net1] ID-type=IPV4_ADDR_SUBNET Network=2.3.4.0 Netmask=255.255.254.0 [Remote-Net1] ID-type=IPV4_ADDR_SUBNET Network=1.2.4.0 Netmask=255.255.255.0 [Remote-Net2] ID-type=IPV4_ADDR_SUBNET Network=1.2.6.0 Netmask=255.255.255.128 [Remote-Net3] ID-type=IPV4_ADDR_SUBNET Network=1.2.7.0 Netmask=255.255.255.0 snip use your same main/quick modes snip On Tue, 2005-10-11 at 12:42 +0200, Runo Forrisdahl wrote: Hi, currently I have a VPN consisting of this: (..snip..) [tunnel-opengw-cisco] Phase= 2 ISAKMP-peer=cisco Configuration= quick-mode Local-ID= net-opengw Remote-ID= net-remote (..snip..) Can I add a second net to the remote end like this: Remote-ID= net-remote, net-remote2
audio problem with latest macppc snapshot
Hi, I'm running 3.8-current under macppc and since the last snapshot I experience a strange problem. Basically, after some random time (usually after 5 or 10 minutes playing audio), my sound stops working. Each time I try to listen to an audio file after that, I get a scratch noise then no output. I tried with different audio apps to make sure it was not just coming from one of them. The only way to restore audio output is to reboot the computer. I can't provide you with a lot of information since _nothing_ appears in the logs. I included the dmesg. Antoine -- $ mixerctl -a monitor.output=speaker monitor.master=255,255 record.source=line record.record=0,0 $ audioctl -a name=SNAPPER version= config=snapper encodings=slinear:16,slinear_be:16,slinear_le:16*,ulinear_be:16*,ulinear_le:16*,mulaw:8*,alaw:8*,slinear:8*,ulinear:8* properties=full_duplex full_duplex=0 fullduplex=0 blocksize=8192 hiwat=8 lowat=1 monitor_gain=0 mode= play.rate=44100 play.channels=2 play.precision=16 play.encoding=slinear_be play.gain=255 play.balance=32 play.port=0x1 play.avail_ports=0x3 play.seek=0 play.samples=0 play.eof=1 play.pause=0 play.error=0 play.waiting=0 play.open=0 play.active=0 play.buffer_size=65536 record.rate=44100 record.channels=2 record.precision=16 record.encoding=slinear_be record.gain=0 record.balance=32 record.port=0x2 record.avail_ports=0x7 record.seek=0 record.samples=0 record.eof=0 record.pause=0 record.error=0 record.waiting=0 record.open=0 record.active=0 record.buffer_size=65536 record.errors=0 console out [ATY,Jasper_A]console in [keyboard] USB and ADB found, using USB using parent ATY,JasperParent:: memaddr b800 size 800, : consaddr b8008000, : ioaddr b002, size 2: memtag 8000, iotag 8000: width 1440 linebytes 1536 height 900 depth 8 Copyright (c) 1982, 1986, 1989, 1991, 1993 The Regents of the University of California. All rights reserved. Copyright (c) 1995-2005 OpenBSD. All rights reserved. http://www.OpenBSD.org OpenBSD 3.8-current (GENERIC) #501: Sat Oct 8 19:06:23 MDT 2005 [EMAIL PROTECTED]:/usr/src/sys/arch/macppc/compile/GENERIC real mem = 536870912 (524288K) avail mem = 483282944 (471956K) using 1254 buffers containing 26841088 bytes of memory mainbus0 (root) cpu0 at mainbus0: 7447A (Revision 0x101): 1499 MHz: 512KB L2 cache memc0 at mainbus0: uni-n mpcpcibr0 at mainbus0 pci: uni-north, Revision 0xff find_node_intr unable to find step size pci0 at mpcpcibr0 bus 0 pchb0 at pci0 dev 11 function 0 Apple UniNorth AGP rev 0x00 vgafb0 at pci0 dev 16 function 0 ATI Radeon Mobility M10 NP rev 0x00, mmio wsdisplay0 at vgafb0 mux 1: console (std, vt100 emulation) mpcpcibr1 at mainbus0 pci: uni-north, Revision 0x5 pci1 at mpcpcibr1 bus 0 pchb1 at pci1 dev 11 function 0 Apple UniNorth PCI rev 0x00 Broadcom BCM4306 rev 0x03 at pci1 dev 18 function 0 not configured cbb0 at pci1 dev 19 function 0 Texas Instruments PCI1510 CardBus rev 0x00: irq 53 macobio0 at pci1 dev 23 function 0 Apple Intrepid rev 0x00 openpic0 at macobio0: version 0x4614 macgpio0 at macobio0 macgpio1 at macgpio0 offset 0x9 irq 47 programmer-switch at macgpio0 offset 0x11 not configured cpu-vcore-select at macgpio0 offset 0x6b not configured gpio4 at macgpio0 offset 0x1e not configured gpio5 at macgpio0 offset 0x6f not configured gpio6 at macgpio0 offset 0x70 not configured extint-gpio4 at macgpio0 offset 0x5c not configured gpio11 at macgpio0 offset 0x75 not configured extint-gpio15 at macgpio0 offset 0x67 not configured zsc0 at macobio0: irq 22,23 zstty0 at zsc0 channel 0 zstty1 at zsc0 channel 1 snapper0 at macobio0: irq 30,1,2 adb0 at macobio0 irq 25: via-pmu, 3 targets aed0 at adb0 addr 0: ADB Event device akbd0 at adb0 addr 2: iBook keyboard with inverted T (ISO layout) wskbd0 at akbd0 mux 1 wskbd0: connecting to wsdisplay0 ams0 at adb0 addr 3: EMP trackpad tpad 4-button, 400 dpi wsmouse0 at ams0 mux 0 abtn0 at adb0 addr 7: brightness/volume/eject buttons apm0 at adb0: battery flags 0x5, 98% charged ki2c0 at macobio0 wdc0 at macobio0 irq 24: DMA atapiscsi0 at wdc0 channel 0 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: MATSHITA, DVD-R UJ-825, DAND SCSI0 5/cdrom removable cd0(wdc0:0:0): using BIOS timings, DMA mode 2 audio0 at snapper0 ohci0 at pci1 dev 24 function 0 Apple Intrepid USB rev 0x00: irq 0, version 1.0, legacy support usb0 at ohci0: USB revision 1.0 uhub0 at usb0 uhub0: Apple OHCI root hub, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered ohci1 at pci1 dev 25 function 0 Apple Intrepid USB rev 0x00: irq 0, version 1.0, legacy support usb1 at ohci1: USB revision 1.0 uhub1 at usb1 uhub1: Apple OHCI root hub, rev 1.00/1.00, addr 1 uhub1: 2 ports with 2 removable, self powered ohci2 at pci1 dev 26 function 0 Apple Intrepid USB rev 0x00: irq 29, version 1.0, legacy support usb2 at ohci2: USB revision 1.0 uhub2 at usb2 uhub2: Apple OHCI root hub, rev 1.00/1.00, addr 1 uhub2: 2 ports with 2 removable, self powered ohci3 at pci1 dev 27
Re: OpenBSD Metastore: update
Szechuan Death wrote: The MetaStore has been updated - comments are now enabled, you can post comments under each item listed. Drivers for hardware are also listed. Some other categories have been added, and some other stuff has changed in the background. Also, some new items have been added. The more hardware that is submitted, the more useful this resource is. Posted the link on some forum... :)
Re: RAID for dummies
On Mon, 10 Oct 2005, J Moore wrote: I want to set up an OBSD box as a file server for some Windoze boxes. I think a RAID 1 setup will provide sufficient reliability - and it appears to be the cheapest way to go. Yep, do it all the time. One of the disks craps out... an alarm goes off... I walk in with a new drive, and replace the failed one (hot-swap?)... beeping stops... no data is lost, system heals itself by taking care of the new drive... years pass, and life is good. If you want good reliability minimum cost, we use RaidFrame all the time. Only two problems with your scenario: 1) The parity rebuild times can get pretty long (30+ minutes); 2) Your 'alarm' would be the nightly email saying that the drive set did not pass parity check (i.e. not realtime). Is this feasible - can I remain ignorant of the RAID details and jargon, and still benefit from it? If you don't want to use s/w raid, get a BIOS-level like the AccuSys already mentioned. Lee
Re: pf and altq group interface ...
Unless things have changed since I last asked this same question,
interface groups don't work in altq. Next time search the archives.
Jason
On 10/10/05, Karl-Heinz Wild [EMAIL PROTECTED] wrote:
maybe i've missed something.
ifconfig rl0 group wan_if
pf.conf:
- altq on wan_if cbq bandwidth 100Mb queue { http ssh }
produce an error when loading the ruleset.
but every other rules like
- pass in on wan_if proto tcp to port ssh keep state queue ssh
will be accepted.
isn't that a bit confusing?
Karl-Heinz
add wireless router using openbsd-3.8 (i386)
Hello, I recently tried to setup a wireless AP machine using openbsd-3.8 (i386) without any luck. I tried to search the google to find out the way to solve my problem with no success. Can anyone show me the direction to do it ? Thanks for your time . clarence ps. 1. the hardware is Dlink 802.11b prism2.5 2. I can use wicontrol -l to list the connected machine. 3. I can use ssh from the window-xp to the AP machine 4. here is the diagram of my case internet -- adsl - obsd-3.6 - switch - wired clients | AP (obsd3.8) | wireless clients ___ 7Q'Y.I,(l7s email 3q*!H $U8| Yahoo! Messenger http://messenger.yahoo.com.hk
ppp connect problem - Change route failed: errno: Network is unreachable
Hi, ppp does connect, over my bridging dsl router, but it drops the connection after approx 20 seconds. I think the important log entry is this: tun0: Warning: 0.0.0.0/0: Change route failed: errno: Network is unreachable I tried with and without my regular ppp.linkup so I'm sure it's nothing in there. I'm working on this from about 10.5k miles remote so I've got to be a bit careful, but I've bunged my public key in .ssh/authorized_keys and added passwordless sudo for meself so I can do a fair bit with my precious 20 seconds. I've included the log between two redials below, followed closely by my ppp.conf, ppp.linkup and finally a 'netstat -nrfinet'. Please cc me in replies as I'm not on list. thanks a lot rgds Tom Ryan Oct 12 01:14:55 fairfield ppp[24551]: tun0: Phase: deflink: HUPing 25083 Oct 12 01:14:55 fairfield ppp[24551]: tun0: Phase: deflink: hangup - opening Oct 12 01:14:55 fairfield ppp[24551]: tun0: Phase: deflink: Enter pause (15) for redialing. Oct 12 01:14:55 fairfield ppp[24551]: tun0: Chat: deflink: Reconnect try 328 of 1 Oct 12 01:15:10 fairfield ppp[24551]: tun0: Chat: deflink: Redial timer expired. Oct 12 01:15:10 fairfield ppp[24551]: tun0: Warning: Carrier settings ignored Oct 12 01:15:10 fairfield ppp[24551]: tun0: Phase: deflink: Connected! Oct 12 01:15:10 fairfield ppp[24551]: tun0: Phase: deflink: opening - dial Oct 12 01:15:10 fairfield ppp[24551]: tun0: Phase: deflink: dial - carrier Oct 12 01:15:10 fairfield ppp[24551]: tun0: Phase: deflink: carrier - login Oct 12 01:15:10 fairfield ppp[24551]: tun0: Phase: deflink: login - lcp Oct 12 01:15:10 fairfield ppp[24551]: tun0: LCP: FSM: Using deflink as a transport Oct 12 01:15:10 fairfield ppp[24551]: tun0: LCP: deflink: State change Initial -- Closed Oct 12 01:15:10 fairfield ppp[24551]: tun0: LCP: deflink: State change Closed -- Stopped Oct 12 01:15:11 fairfield ppp[24551]: tun0: LCP: deflink: LayerStart Oct 12 01:15:11 fairfield ppp[24551]: tun0: LCP: deflink: SendConfigReq(247) state = Stopped Oct 12 01:15:11 fairfield ppp[24551]: tun0: LCP: MRU[4] 1500 Oct 12 01:15:11 fairfield ppp[24551]: tun0: LCP: MAGICNUM[6] 0x12e40f3c Oct 12 01:15:11 fairfield ppp[24551]: tun0: LCP: QUALPROTO[8] proto c025, interval 5000ms Oct 12 01:15:11 fairfield ppp[24551]: tun0: LCP: deflink: State change Stopped -- Req-Sent Oct 12 01:15:11 fairfield ppp[24551]: tun0: LCP: deflink: RecvConfigReq(117) state = Req-Sent Oct 12 01:15:11 fairfield ppp[24551]: tun0: LCP: MRU[4] 1492 Oct 12 01:15:11 fairfield ppp[24551]: tun0: LCP: AUTHPROTO[5] 0xc223 (CHAP 0x05) Oct 12 01:15:11 fairfield ppp[24551]: tun0: LCP: MAGICNUM[6] 0x78576f89 Oct 12 01:15:11 fairfield ppp[24551]: tun0: LCP: deflink: SendConfigAck(117) state = Req-Sent Oct 12 01:15:11 fairfield ppp[24551]: tun0: LCP: MRU[4] 1492 Oct 12 01:15:11 fairfield ppp[24551]: tun0: LCP: AUTHPROTO[5] 0xc223 (CHAP 0x05) Oct 12 01:15:11 fairfield ppp[24551]: tun0: LCP: MAGICNUM[6] 0x78576f89 Oct 12 01:15:11 fairfield ppp[24551]: tun0: LCP: deflink: State change Req-Sent -- Ack-Sent Oct 12 01:15:11 fairfield ppp[24551]: tun0: LCP: deflink: RecvConfigRej(247) state = Ack-Sent Oct 12 01:15:11 fairfield ppp[24551]: tun0: LCP: QUALPROTO[8] proto c025, interval 5000ms Oct 12 01:15:11 fairfield ppp[24551]: tun0: LCP: deflink: SendConfigReq(248) state = Ack-Sent Oct 12 01:15:11 fairfield ppp[24551]: tun0: LCP: MRU[4] 1500 Oct 12 01:15:11 fairfield ppp[24551]: tun0: LCP: MAGICNUM[6] 0x12e40f3c Oct 12 01:15:11 fairfield ppp[24551]: tun0: LCP: deflink: RecvConfigAck(248) state = Ack-Sent Oct 12 01:15:11 fairfield ppp[24551]: tun0: LCP: MRU[4] 1500 Oct 12 01:15:11 fairfield ppp[24551]: tun0: LCP: MAGICNUM[6] 0x12e40f3c Oct 12 01:15:11 fairfield ppp[24551]: tun0: LCP: deflink: State change Ack-Sent -- Opened Oct 12 01:15:11 fairfield ppp[24551]: tun0: LCP: deflink: LayerUp Oct 12 01:15:11 fairfield ppp[24551]: tun0: LCP: deflink: SendEchoRequest(0) state = Opened Oct 12 01:15:11 fairfield ppp[24551]: tun0: Phase: bundle: Authenticate Oct 12 01:15:11 fairfield ppp[24551]: tun0: Phase: deflink: his = CHAP 0x05, mine = none Oct 12 01:15:11 fairfield ppp[24551]: tun0: Phase: Chap Input: CHALLENGE (16 bytes from vez8-exhibition) Oct 12 01:15:11 fairfield ppp[24551]: tun0: Phase: Chap Output: RESPONSE (###) Oct 12 01:15:11 fairfield ppp[24551]: tun0: LCP: deflink: RecvEchoReply(0) state = Opened Oct 12 01:15:13 fairfield ppp[24551]: tun0: LCP: deflink: RecvConfigReq(2) state = Opened Oct 12 01:15:13 fairfield ppp[24551]: tun0: LCP: deflink: LayerDown Oct 12 01:15:13 fairfield ppp[24551]: tun0: LCP: AUTHPROTO[5] 0xc223 (CHAP 0x05) Oct 12 01:15:13 fairfield ppp[24551]: tun0: LCP: MAGICNUM[6] 0x78e2a657 Oct 12 01:15:13 fairfield ppp[24551]: tun0: LCP: deflink: SendConfigReq(249) state = Opened Oct 12 01:15:13 fairfield ppp[24551]: tun0: LCP: MRU[4] 1500 Oct 12 01:15:13 fairfield ppp[24551]: tun0: LCP: MAGICNUM[6] 0x4273c88f Oct 12 01:15:13 fairfield ppp[24551]: tun0: LCP: QUALPROTO[8] proto
very, very slow usb data transfer speed on 3.7
Hey guys! I'm running 3.7 and am getting really, really crappy usb throughput :( - # dd if=/dev/sd0c of=/dev/null bs=819200 count=100 100+0 records in 100+0 records out 8192 bytes transferred in 175.970 secs (465533 bytes/sec) Here's an excerpt from my dmesg - uhci0 at pci0 dev 29 function 0 Intel 82801DB USB rev 0x01: irq 11 usb0 at uhci0: USB revision 1.0 uhub0 at usb0 uhub0: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered uhci1 at pci0 dev 29 function 1 Intel 82801DB USB rev 0x01: irq 10 usb1 at uhci1: USB revision 1.0 uhub1 at usb1 uhub1: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1 uhub1: 2 ports with 2 removable, self powered uhci2 at pci0 dev 29 function 2 Intel 82801DB USB rev 0x01: irq 9 usb2 at uhci2: USB revision 1.0 uhub2 at usb2 uhub2: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1 uhub2: 2 ports with 2 removable, self powered ehci0 at pci0 dev 29 function 7 Intel 82801DB USB rev 0x01: irq 3 ehci0: EHCI version 1.0 ehci0: companion controllers, 2 ports each: uhci0 uhci1 uhci2 usb3 at ehci0: USB revision 2.0 uhub3 at usb3 uhub3: Intel EHCI root hub, class 9/0, rev 2.00/1.00, addr 1 uhub3: single transaction translator uhub3: 6 ports with 6 removable, self powered ... umass0 at uhub3 port 2 configuration 1 interface 0 umass0: vendor 0x0457 USB Mass Storage Device, rev 2.00/1.00, addr 2 umass0: using SCSI over Bulk-Only scsibus1 at umass0: 2 targets sd0 at scsibus1 targ 1 lun 0: OCZ, ET1208AD, 1.0 SCSI2 0/direct removable sd0: 2000MB, 2000 cyl, 64 head, 32 sec, 512 bytes/sec, 4096000 sec total Looks like sd0 is attached to the EHCI controller. On DragonflyBSD, same h/w, I get 13MB/s when I use ehci .. -- [EMAIL PROTECTED]: /usr/src/sys/i386/conf (11:09) -- # dd if=/dev/da0 of=/dev/null bs=8192000 count=100 100+0 records in 100+0 records out 81920 bytes transferred in 59.371990 secs (13797752 bytes/sec) when I use uhci on Dragonfly, I get - -- [EMAIL PROTECTED]: /home/atrens (11:07) -- # dd if=/dev/da0 bs=8192000 of=/dev/null count=100 ^C5+0 records in 5+0 records out 4096 bytes transferred in 45.750635 secs (895288 bytes/sec) which is still double what I'm seeing on OpenBSD 3.7 Hope it's something dumb on my side (and therefore easy to fix) :( ... Andrew.
Re: very, very slow usb data transfer speed on 3.7
Yes dumb. Where are the whole dmesg? If you had sent them we could have told you if you ran into the hlt hlt bug. On Tue, Oct 11, 2005 at 12:20:45PM -0400, Andrew Atrens wrote: Hey guys! I'm running 3.7 and am getting really, really crappy usb throughput :( - # dd if=/dev/sd0c of=/dev/null bs=819200 count=100 100+0 records in 100+0 records out 8192 bytes transferred in 175.970 secs (465533 bytes/sec) Here's an excerpt from my dmesg - uhci0 at pci0 dev 29 function 0 Intel 82801DB USB rev 0x01: irq 11 usb0 at uhci0: USB revision 1.0 uhub0 at usb0 uhub0: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered uhci1 at pci0 dev 29 function 1 Intel 82801DB USB rev 0x01: irq 10 usb1 at uhci1: USB revision 1.0 uhub1 at usb1 uhub1: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1 uhub1: 2 ports with 2 removable, self powered uhci2 at pci0 dev 29 function 2 Intel 82801DB USB rev 0x01: irq 9 usb2 at uhci2: USB revision 1.0 uhub2 at usb2 uhub2: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1 uhub2: 2 ports with 2 removable, self powered ehci0 at pci0 dev 29 function 7 Intel 82801DB USB rev 0x01: irq 3 ehci0: EHCI version 1.0 ehci0: companion controllers, 2 ports each: uhci0 uhci1 uhci2 usb3 at ehci0: USB revision 2.0 uhub3 at usb3 uhub3: Intel EHCI root hub, class 9/0, rev 2.00/1.00, addr 1 uhub3: single transaction translator uhub3: 6 ports with 6 removable, self powered ... umass0 at uhub3 port 2 configuration 1 interface 0 umass0: vendor 0x0457 USB Mass Storage Device, rev 2.00/1.00, addr 2 umass0: using SCSI over Bulk-Only scsibus1 at umass0: 2 targets sd0 at scsibus1 targ 1 lun 0: OCZ, ET1208AD, 1.0 SCSI2 0/direct removable sd0: 2000MB, 2000 cyl, 64 head, 32 sec, 512 bytes/sec, 4096000 sec total Looks like sd0 is attached to the EHCI controller. On DragonflyBSD, same h/w, I get 13MB/s when I use ehci .. -- [EMAIL PROTECTED]: /usr/src/sys/i386/conf (11:09) -- # dd if=/dev/da0 of=/dev/null bs=8192000 count=100 100+0 records in 100+0 records out 81920 bytes transferred in 59.371990 secs (13797752 bytes/sec) when I use uhci on Dragonfly, I get - -- [EMAIL PROTECTED]: /home/atrens (11:07) -- # dd if=/dev/da0 bs=8192000 of=/dev/null count=100 ^C5+0 records in 5+0 records out 4096 bytes transferred in 45.750635 secs (895288 bytes/sec) which is still double what I'm seeing on OpenBSD 3.7 Hope it's something dumb on my side (and therefore easy to fix) :( ... Andrew.
Re: Blocking p2p via pf
On Oct 11, 2005, at 11:15 AM, David Elze wrote: Hi, I'm trying to block p2p traffic via pf on OpenBSD 3.x. Unfortunately, all new p2p-clients are able to use dynamic ports or even (ab-)use http-ports etc. so blocking well known p2p-ports is not enough. http://marc.theaimsgroup.com/?l=openbsd-pfm=104592911709710w=2 -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net
Re: very, very slow usb data transfer speed on 3.7
Just for fun I ran 'top' during the said slow transfer, and it says - load averages: 0.55, 0.20, 0.12 11:41:59 22 processes: 21 idle, 1 on processor CPU states: 0.2% user, 0.0% nice, 0.2% system, 0.8% interrupt, 98.9% idle Memory: Real: 8932K/100M act/tot Free: 904M Swap: 0K/2048M used/tot Can someone point me to the cvs commit that fixes 'hlt hlt'. I'm thinking (hoping) it could easily be applied on top of 3.7 Release. Andrew.
Re: very, very slow usb data transfer speed on 3.7
--On 11 October 2005 12:39 -0400, Andrew Atrens wrote: Can someone point me to the cvs commit that fixes 'hlt hlt'. I'm thinking (hoping) it could easily be applied on top of 3.7 Release. google hlt hlt openbsd gives this: http://marc.theaimsgroup.com/?l=openbsd-cvsm=111859519015510w=2
Re: Blocking p2p via pf
On Tue, 11 Oct 2005, Jason Dixon wrote: On Oct 11, 2005, at 11:15 AM, David Elze wrote: Hi, I'm trying to block p2p traffic via pf on OpenBSD 3.x. Unfortunately, all new p2p-clients are able to use dynamic ports or even (ab-)use http-ports etc. so blocking well known p2p-ports is not enough. http://marc.theaimsgroup.com/?l=openbsd-pfm=104592911709710w=2 While auth/socks and accountability is your long term solution; for a quick stopgap: http://www.webweaving.org/kzdetect/ http://wleiden.webweaving.org:8080/svn/node-config/factory/trunk/kzdetect/ may help. Dw.
Re: Blocking p2p via pf
--On 11 October 2005 17:15 +0200, David Elze wrote:
Apart from blocking ports I just see two possibilities:
[..]
You might investigate how many source states users would normally use
for permitted protocols, how many states are involved with
non-permitted use, and (ab?)use max-src-states with an overload table
to try and contain the problem. Expect both false positives and false
negatives. beck@ recently suggested using overload tables in
conjunction with a http redirector to a website saying you've been
{evil|stupid} paraphrasing :) which may be appropriate depending on
your client base...
- slow connections down very hard on well known
p2p-ports, so the p2p-clients can connect but
don't get speed at all (still, other dynamic
ports could be used)
that's not a bad idea, but over time I'd not be surprised to see
software to test speeds on different ports in an attempt to circumvent
this type of thing.
Some other ideas involve proxies - either block everything except to
trusted proxies, or permit other traffic but heavily throttle it.
Re: very, very slow usb data transfer speed on 3.7
On Tue, 11 Oct 2005 12:30:30 -0400 Andrew Atrens [EMAIL PROTECTED] wrote: Marco Peereboom wrote: Yes dumb. Where are the whole dmesg? haha! If you had sent them we could have told you if you ran into the hlt hlt bug. Sure here it is - -- [EMAIL PROTECTED]: /usr/src/sys/arch/i386/conf (11:35) -- # dmesg OpenBSD 3.7 (BOOKEND) #0: Wed Oct 5 14:02:08 EST 2005 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/BOOKEND How about trying it with a GENRIC kernel? snip On Tue, Oct 11, 2005 at 12:20:45PM -0400, Andrew Atrens wrote: Hey guys! I'm running 3.7 and am getting really, really crappy usb throughput :( - # dd if=/dev/sd0c of=/dev/null bs=819200 count=100 100+0 records in 100+0 records out 8192 bytes transferred in 175.970 secs (465533 bytes/sec) Here's an excerpt from my dmesg - uhci0 at pci0 dev 29 function 0 Intel 82801DB USB rev 0x01: irq 11 usb0 at uhci0: USB revision 1.0 uhub0 at usb0 uhub0: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered uhci1 at pci0 dev 29 function 1 Intel 82801DB USB rev 0x01: irq 10 usb1 at uhci1: USB revision 1.0 uhub1 at usb1 uhub1: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1 uhub1: 2 ports with 2 removable, self powered uhci2 at pci0 dev 29 function 2 Intel 82801DB USB rev 0x01: irq 9 usb2 at uhci2: USB revision 1.0 uhub2 at usb2 uhub2: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1 uhub2: 2 ports with 2 removable, self powered ehci0 at pci0 dev 29 function 7 Intel 82801DB USB rev 0x01: irq 3 ehci0: EHCI version 1.0 ehci0: companion controllers, 2 ports each: uhci0 uhci1 uhci2 usb3 at ehci0: USB revision 2.0 uhub3 at usb3 uhub3: Intel EHCI root hub, class 9/0, rev 2.00/1.00, addr 1 uhub3: single transaction translator uhub3: 6 ports with 6 removable, self powered ... umass0 at uhub3 port 2 configuration 1 interface 0 umass0: vendor 0x0457 USB Mass Storage Device, rev 2.00/1.00, addr 2 umass0: using SCSI over Bulk-Only scsibus1 at umass0: 2 targets sd0 at scsibus1 targ 1 lun 0: OCZ, ET1208AD, 1.0 SCSI2 0/direct removable sd0: 2000MB, 2000 cyl, 64 head, 32 sec, 512 bytes/sec, 4096000 sec total Looks like sd0 is attached to the EHCI controller. On DragonflyBSD, same h/w, I get 13MB/s when I use ehci .. -- [EMAIL PROTECTED]: /usr/src/sys/i386/conf (11:09) -- # dd if=/dev/da0 of=/dev/null bs=8192000 count=100 100+0 records in 100+0 records out 81920 bytes transferred in 59.371990 secs (13797752 bytes/sec) when I use uhci on Dragonfly, I get - -- [EMAIL PROTECTED]: /home/atrens (11:07) -- # dd if=/dev/da0 bs=8192000 of=/dev/null count=100 ^C5+0 records in 5+0 records out 4096 bytes transferred in 45.750635 secs (895288 bytes/sec) which is still double what I'm seeing on OpenBSD 3.7 Hope it's something dumb on my side (and therefore easy to fix) :( ... Andrew. -- Security is decided by quality -- Theo de Raadt
Cards/chips supporting hostap mode
I'm trying to find what wireless PCI cards or chipsets support hostap mode. The Prism 2/2.5/3 is referenced everywhere. Is that that the only one or do any of the others such as Atheros support hostap mode?
Little log advice needed
Good day everyone In my battles to centralize my PF and other logs with a secure means I have decided to dump syslog because well, it couldn't handle the data loads without dropping data and I can't be loosing logs. I also don't want to install 3rd party software on my systems where possible as I want them to do only what is needed while limiting risks This being said, I have taken a little differnt approach and could use some advice so here goes. I created a file that has the following info and made it executable to root and the wheel group and no access to everyone. This file sits in /usr/local/bin with the name logkick #!/bin/sh # this file is used to roll over the PFLog file to a new file so that # it can be transfered to the Corporate log server every hour DATE=$(date +%d%m%y%H) HOSTNM=$(hostname) sudo mv /var/log/pflog /var/log/pflog-$DATE$HOSTNM chmod 660 /var/log/pflog-$DATE$HOSTNM touch /var/log/pflog sudo kill -HUP `cat /var/run/pflogd.pid` I have created an account on my firewalls and logging system which is in the sudoers file with ability to do all with nopassword being prompted for (probably risky but this is why I'm asking for feedback). This user is also part of the wheel group On, my logging system, I created a script in the users home folder called loggrab. this is mod 700 ssh [EMAIL PROTECTED] /usr/local/bin/./logkick scp [EMAIL PROTECTED]:/var/log/pflog-* /home/USERNAME/ ssh [EMAIL PROTECTED] rm /var/log/pflog-* I have created a public/private key pair as to make sure the ssh and scp connections can happen securely and without password prompts. This is as far as I have gotten thus far, but I do plan to add an hourly cron job to run this script Can you offer me advice on my risk levels for this.. I am using a crazy 30 character length password with symbols, caps, numbers etc so I think the account is pretty safe. I think the risk here would be if someone hacked this account, they could do anything on my systems, but with a long password like this I think it would be a little tough to accomplish. I am also looking at shutting down SSH unless you tunnel in first and then you can SSH to the server via the internal IP. Anyhow, any suggestions on this would be great as I want to make sure the risks associated with the sudoers process is not to risky and if there is a better way I could do this as in limiting exactly what someone using sudo can do as they only have to HUP the pflogd process as thats the only thing I couldn't get working until I took that step. thanks again James
Re: Blocking p2p via pf
I don't know if pf can do this, but I've seen ISPs throttle connections
the longer they're open. This allows legitimate traffic like HTTP to get
their small webpage, but larger downloads (such as P2P, but also large
HTTP downloads) take exponentially longer.
This can still be circumvented by stopping and resuming p2p downloads, but
it catches the less savvy p2p users. I agree that the real long term
solution is to use a content proxy.
ml
On Tue, 11 Oct 2005, Stuart Henderson wrote:
--On 11 October 2005 17:15 +0200, David Elze wrote:
Apart from blocking ports I just see two possibilities:
[..]
You might investigate how many source states users would normally use for
permitted protocols, how many states are involved with non-permitted use, and
(ab?)use max-src-states with an overload table to try and contain the
problem. Expect both false positives and false negatives. beck@ recently
suggested using overload tables in conjunction with a http redirector to a
website saying you've been {evil|stupid} paraphrasing :) which may be
appropriate depending on your client base...
- slow connections down very hard on well known
p2p-ports, so the p2p-clients can connect but
don't get speed at all (still, other dynamic
ports could be used)
that's not a bad idea, but over time I'd not be surprised to see software to
test speeds on different ports in an attempt to circumvent this type of
thing.
Some other ideas involve proxies - either block everything except to trusted
proxies, or permit other traffic but heavily throttle it.
Re: Cards/chips supporting hostap mode
On Tue, Oct 11, 2005 at 10:16:40AM -0700, Steve B wrote: I'm trying to find what wireless PCI cards or chipsets support hostap mode. The Prism 2/2.5/3 is referenced everywhere. Is that that the only one or do any of the others such as Atheros support hostap mode? ral(4) and ural(4) should support hostap, too. Ciao, Kili
Re: Cards/chips supporting hostap mode
* Steve B [EMAIL PROTECTED]: I'm trying to find what wireless PCI cards or chipsets support hostap mode. The Prism 2/2.5/3 is referenced everywhere. Is that that the only one or do any of the others such as Atheros support hostap mode? I'm using a ral-based card (Sitecom) running without any problems as hostap on 3.8-current. As a matter of fact, it works better (i.e. range) than my old Prism2. -- Fridtjof Busse
Installing gnucash docs ./configure error
Hello List, I have been trying to install gnucash docs with ./configure and the error is checking for dbopen... yes checking for db_185.h... no checking for db1/db.h... no checking for db4/bd_185.h... no configure: error: Berkeley db library required for GnuCash I perform a find and shows /usr/local/include/db4/db_185.h /usr/local/include/db/db_185.h I have sent an e-mail to gnucash list without a response, tried Google and reading (1) pkg-config man to see about changing the path to point to the right path without figuring it out. Any help is appreciated. Thank you, rogern John 3:16 --
Re: Cards/chips supporting hostap mode
Thanks everyone!
Re: RAID for dummies
On Tue, 11 Oct 2005 21:55:30 +1000 Rod.. Whitworth [EMAIL PROTECTED] wrote: RAID 1 (or any RAID really) is NOT a backup. It is a high availability system. High availability does NOT mean never unavailable. Hello again Rod, I've been looking at ways to make a redundant and load balanced SAN. As you put it, it's not high reliability, once you get a problem with RAID, or the box that it's attached to, you can consider the data 'unknown'. The best solution that I have seen is, although a bit of overkill, AFS (Andrew File System). It's kerberos based authentication on a token basis. Although I have not implemented it I see that it falls short because the tokens (if used) expire after 10 hours, which might require a cron job (if that fails does hell break loose?). Because it is limited to a single read/write node per volume, I see that a volume would be required for every directory that might take more than a few minutes to replicate to the read only nodes to avoid hammering the read/write node. All the other network distributed file systems seem under developed or unstable. FWIW there is something called DRBD which is considered the closest thing to RAID-0 over a network, it can fail sometimes with flaky results in testing. I have found it to be troublesom when problems occur during sync. Do you or anyone else know of anything that works better? -- Regards, Ed http://www.usenix.org.uk
Re: RAID for dummies
From: ed [mailto:[EMAIL PROTECTED] I've been looking at ways to make a redundant and load balanced SAN. As you put it, it's not high reliability, once you get a problem with RAID, or the box that it's attached to, you can consider the data 'unknown'. The best solution that I have seen is, although a bit of overkill, AFS (Andrew File System). It's kerberos based authentication on a token basis. And this is available in OpenBSD: http://www.stacken.kth.se/projekt/arla/ DS
Re: Installing gnucash docs ./configure error
Roger Neth Jr wrote: Hello List, I have been trying to install gnucash docs with gnucash is in packages and the docs are included. # Han
I' searching job as OpenBSD admin
Hello I,m searching job as OpenBSD ( or other BSD systems / and also as Linux/Windows admin, it helpdesk ) I have 4 years - experience Location Edinburgh my english is not good but i'm still learning Contact [EMAIL PROTECTED] my website www.techexpo.aplus.pl
Re: Installing gnucash docs ./configure error
Hello and thank you for the replies. I am running 3.7-stable and patches. I used pkg_add to install gnucash 1.8.11 from the 3.7/i386 (which I'm running on). When I access help it gives me Not Found; The specified URL could not be loaded. /usr/local/bin ./gnucash on term gives me this when I open the help. (0.0023s) [list] _*_helvetica-*-*-*-*-*-*-*-*-*-*-IS08859-1 - 64 (0.0034s) [load] _*_helvetica-bold-r-*-*-15*-*-*-*-*-*-IS08859-1 - 0x3c69a3c0 (0.0005s) [load] _*_helvetica-medium-r-*-*-12-*-*-*-*-*-IS08859-1 - 0x3c69a580 I opened and closed other windows on gnucash and the term stayed at the above points. Exited gnucash back to $ I did a regular install, no special directories or anything. Any more ideas is appreciated. Thank you, rogern John 3:16 On 10/11/05, Han Boetes [EMAIL PROTECTED] wrote: Roger Neth Jr wrote: Hello List, I have been trying to install gnucash docs with gnucash is in packages and the docs are included. # Han --
using mount -f with softdep to alleviate long fscks
Hello, I have my filesystems mounted softdep... /dev/wd0a / ffs rw,softdep 1 1 /dev/wd0f /home ffs rw,softdep,nodev,nosuid 1 2 /dev/wd0e /tmp ffs rw,softdep,nodev,nosuid 1 2 /dev/wd0d /usr ffs rw,softdep,nodev 1 2 /dev/wd0g /var ffs rw,softdep,nodev,nosuid 1 2 ... and I've read that if you use softdep, fsck is only necessary to recover lost disk space ... http://marc.theaimsgroup.com/?l=openbsd-miscm=109668072628188w=2 ... but when I pull out the fsck (basically commented out lines 87 to 119 in /etc/rc and do a -f on mount as suggested ... 128c124 mount -a -f -t nonfs --- mount -a -t nonfs ... I get kernel messages panics on hard reboots. I clearly am missing something. I would be grateful if anybody had any suggestions. --SL Access over 1 million songs. Try it free. http://music.yahoo.com/unlimited/
Re: Audio play too fast on AC97 onboard
Thank You all for help! I have made /etc/mplayer/mplayer.conf file put there: srate=48000 framedrop=1 fs=1 af-adv=force=1 vf=pp=lb For all other software i have put in the /etc/esd.conf file: auto_spawn=1 spawn_options=-r 48000 -nobeeps -as 2 spawm_wait_ms=100 i will ocnfigure all other software for using esound. Thank You all again :)
PHP + SSH2
Hi all, Good Afternoon, I am with some problems when trying to compile libssh2 in OpenBSD 3.7, Somebody already qualified PHP + LIBSSH2 in the OpenBSD and could give an aid to me? it follows below the errros! Error: # make all install gcc -o channel.o channel.c -c -g -O2 -I/usr/include -I/usr/include -Wall -g -I../include/ -fPIC In file included from channel.c:38: ../include/libssh2_priv.h:206: error: `MD5_DIGEST_LENGTH' undeclared here (not in a function) ../include/libssh2_priv.h:209: error: `SHA_DIGEST_LENGTH' undeclared here (not in a function) *** Error code 1 Stop in /root/libssh2-0.11/src (line 16 of Makefile). *** Error code 1 Stop in /root/libssh2-0.11 (line 20 of Makefile). # Thanks.. -- Vitor Acioli Linux User #365713 E-mail: [EMAIL PROTECTED]
Re: httpd.conf, allow from lu can't get it to work
Hi, sorry to repost this one. (obsd 3.8 with httpd 1.3.29) I still can't get it to work and was not able to find any related info in the faq or in the httpd manual, so I give it a second and last try on the list. I'm trying to use an allow from lu directive, only .lu domains should have access to the directory. Unfortunately it doesn't work. I've tried every possible combination. I also tried entire host names etc, no way ... The only combination that works, is with IP Adresses/Networks (allow from 10.0.0.10 etc...) I only get this in the error_log, it looks like the allow from lu directive is simply ignored. error_log sample: [Tue Sep 27 14:28:26 2005] [error] [client x.y.z.y] client denied by server configuration: /htdocs/download and this in access_log: client x.y.z.y - - [11/Oct/2005:22:16:48 +0200] GET /sav/ HTTP/1.1 403 214 All clients do resolve correctly to .lu domains. Could someone please help? Directory /var/www/htdocs/download DAV On SSLRequireSSL Options Indexes AllowOverride None AuthType Basic AuthName Restricted Area AuthUserFile /var/www/conf/htpasswd Require user test Order deny,allow Deny from all Allow from lu /Directory I tried from different workstations (from different IPs and different lu domains), all get access denied. error_log sample: [Tue Sep 27 14:28:26 2005] [error] [client x.y.z.y] client denied by server configuration: /htdocs/download
Fw:FDDI-Ethernet Conversion
- Forwarded by Tru H Le/GD_AAAV/GDAS on 10/11/2005 16:39 - [EMAIL PROTECTED] 10/11/2005 16:34 To [EMAIL PROTECTED] cc Subject Message rejected Your message to misc@openbsd.org was rejected because it was not explicitly addressed to the misc mailing list. If you intended to send a blind carbon copy, you must include a valid Bcc: header. - Message from [EMAIL PROTECTED] on Tue, 11 Oct 2005 15:37:08 -0400 - To: [EMAIL PROTECTED] cc: [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: FDDI-Ethernet mirror/bridge? I have the same questions too: Any idea, how I can convert the FDDI to Ethernet and via versa. I want to take all traffic on the FDDI ring and dump it over to the FastEthernet network. Thanks, Tru Le ([EMAIL PROTECTED]) General Dynamics (W) 703 490 7548 On Thu, 27 Apr 2000, Tyler Allison wrote: Anybody have experience with using an OBSD boxes to create a low cost FDDI to FastEthernet converter? I want to take all traffic on the FDDI ring and dump it over to the FastEthernet network. I'm having the darndest time even finding a hardware solution for this from any Vendor. Any ideas would be appreciated. Technically, because FDDI can have enormous frame sizes, you can't simply produce a converted - there's no way to do that at the DLC layer. IP, on the other hand, has a really neat feature called packet fragmentation :-). But then, the device you're looking for is called a router - and lots of people make those. *IF* you can configure every single host on the FDDI ring to use a framesize of no more than 1545 (?) bytes, then you can use a simple bridge or media converter. A media converter is not, strictly speaking, even theoretically possible. A media converter simply translates the electrical characteristics of a signal into some other form. For example, 10b2 (coax) ethernet to 10bT (twisted pair) ethernet conversion would use a media converter - also commonly known as a transceiver. You're asking for the same type of device as an Ethernet-to-Token-Ring converter. They only work under very strict conditions, and they wind up operating (at least) like a bridge, at layer 2. Take an OpenBSD box. Add one ethernet card. Add one FDDI card. Configure the br0 device - there's been LOTS of discussion recently on these lists about setting up bridge groups under OpenBSD. If you want a standalone solution that you don't have to put together, go to www.blackbox.com, and search (one at a time...) for these product numbers, and you'll find a number of devices that may suit your needs: LT0003A-4DMI, 38460, LT0002A, WS-C1924F-A, NP-1F-D-MM= (note - those last two #s are actually Cisco product, which can probably be found cheaper elsewhere) Sorry, but ethernet and FDDI just aren't directly compatible. It's definitely do-able (I've seen it done with FreeBSD, anyway) but there are other solutions out there, too. -Adam -- Adam Thompson, MCNE, MCSE, CWT, A+ Vice-President / Chief Technology Officer, Commerce Design Inc. [EMAIL PROTECTED] tel: (204) 942-1648, fax: (204) 989-8080, cell: (204) 782-6198 This is an e-mail from General Dynamics Land Systems. It is for the intended recipient only and may contain confidential and privileged information. No one else may read, print, store, copy, forward or act in reliance on it or its attachments. If you are not the intended recipient, please return this message to the sender and delete the message and any attachments from your computer. Your cooperation is appreciated. This is an e-mail from General Dynamics Land Systems. It is for the intended recipient only and may contain confidential and privileged information. No one else may read, print, store, copy, forward or act in reliance on it or its attachments. If you are not the intended recipient, please return this message to the sender and delete the message and any attachments from your computer. Your cooperation is appreciated.
Re: RAID for dummies
On Tue, Oct 11, 2005 at 08:07:49PM +0100, ed wrote: On Tue, 11 Oct 2005 21:55:30 +1000 Rod.. Whitworth [EMAIL PROTECTED] wrote: RAID 1 (or any RAID really) is NOT a backup. It is a high availability system. High availability does NOT mean never unavailable. Hello again Rod, I've been looking at ways to make a redundant and load balanced SAN. As you put it, it's not high reliability, once you get a problem with RAID, or the box that it's attached to, you can consider the data 'unknown'. The best solution that I have seen is, although a bit of overkill, AFS (Andrew File System). It's kerberos based authentication on a token basis. Although I have not implemented it I see that it falls short because the tokens (if used) expire after 10 hours, which might require a cron job (if that fails does hell break loose?). Because it is limited to a single read/write node per volume, I see that a volume would be required for every directory that might take more than a few minutes to replicate to the read only nodes to avoid hammering the read/write node. All the other network distributed file systems seem under developed or unstable. FWIW there is something called DRBD which is considered the closest thing to RAID-0 over a network, it can fail sometimes with flaky results in testing. I have found it to be troublesom when problems occur during sync. Do you or anyone else know of anything that works better? DRBD is RAID-1, actually (with n-way replication under development last time I checked). I assume that was just a typo. ;-) I can't say much more. Testing showed that running DRBD is possible and replication does occur, under fairly non-loaded 'lab' conditions and only testing failover in case of manually failing drives. However, I ultimately decided not to pursue DRBD further. I haven't looked at AFS too much, but seem to recall not looking into it further after realizing the Kerberos auth issue you mentioned. Joachim
Remote server hanging on boot please read
This is the day I've been dreading for just under two years of trouble free service. My colocated server which is a 4 hour drive away has broken. It is hanging on the white-on-blue boot message at Kernelized Raidframe activated and will proceed no further. According to the on site tech there appears to be no HDD activity. If the parity set was dirty it would continue past this to the 'raid0: Initiating re-write of parity' message. Box details - OpenBSD3.4 release i386 generic with raidframe, 2x200GB EIDE drives in raidframe mirror, 1u rack, IDE DVD-Rom, PIII 1.2Ghz, 1GB Ram. I've never seen it hang at this line before. The tech says he can shift-page-up/page-down but alt-ctrl-del and enter are non-responsive. Please has anyone experienced this before? The box was being rebooted at the time and was working perfectly just seconds before. Can anyone suggest a course of action? would you advise yanking a HD one after the other to see what happens or perhaps trying to boot in single user (and if so how and what to try)? many thanks in advance Gary
Re : Re: httpd.conf, allow from lu can't get it to work
Hi, Thanks a lot for answering. My actual host is consistent: ~ # host 158.64.125.153 153.125.64.158.in-addr.arpa domain name pointer ppp-125-153.adsl.restena.lu. ~ # host ppp-125-153.adsl.restena.lu ppp-125-153.adsl.restena.lu has address 158.64.125.153 While connecting to the www server I used tcpdump on the server, I noticed that the server did not issue any dns queries?! Thx Didier - Message d'origine - De: Darrin Chandler [EMAIL PROTECTED] Date: Mardi, Octobre 11, 2005 11:17 pm Objet: Re: httpd.conf, allow from lu can't get it to work From Apache mod_access docs: Only if the forward and reverse DNS are consistent and the hostname matches will access be allowed. This means that many, many hostnames will *not* work. If you want to use hostnames anyway, then test with a host that you *know* the forward and reverse DNS are consistent.
Re: very, very slow usb data transfer speed on 3.7
Making, drinking tea and reading an opus magnum from Andrew Atrens: [Charset ISO-8859-1 unsupported, filtering to ASCII...] Okay, I've upgraded to a kernel with tag=OPENBSD_3_7 which looks to be the -stable or 'patch' tag, and while the situation has improved, performance is still off by a factor of 5. speaking about your ide benchmarks ... you cann seriously oncsider any measurment that too ~1sec try running it for at least 10 seconds (I added the wd test below because with the 3.7 kernel it (interestingly) matched that of the flash stick. Now with the -stable kernel wd is performing better, as is the flash stick, but both are still too slow. ) -- [EMAIL PROTECTED]: ~ (17:13) -- # dd if=/dev/wd0c of=/dev/null bs=819200 count=20 20+0 records in 20+0 records out 16384000 bytes transferred in 1.129 secs (14509606 bytes/sec) -- [EMAIL PROTECTED]: ~ (17:14) -- # dd if=/dev/sd0c of=/dev/null bs=819200 count=20 20+0 records in 20+0 records out 16384000 bytes transferred in 6.017 secs (2722767 bytes/sec) On DragonFly-Stable for comparisons, the flash stick is *fast* - -- [EMAIL PROTECTED]: /usr/src/sys/compile/AB-MOBILE-FAST_IPSEC (18:11) -- # dd if=/dev/da0 of=/dev/null bs=819200 count=20 20+0 records in 20+0 records out 16384000 bytes transferred in 1.223731 secs (13388563 bytes/sec) I have 3 identical boxen here (they're Dell GX240's). For fun I just bounced onto the third box (FreeBSD 4.9) and tried the ata test - -- [EMAIL PROTECTED]: /home/atrens (18:24) -- # dd if=/dev/ad0 of=/dev/null bs=819200 count=20 20+0 records in 20+0 records out 16384000 bytes transferred in 0.336737 secs (48655194 bytes/sec) I'm not sure what this means, because we're now comparing completely different ata subsystems - but the FreeBSD ata subsystem looks to be 3x faster than 3.7. This is the ata disk in question, btw - wd0 at pciide0 channel 0 drive 0: Maxtor 6Y080L0 wd0: 16-sector PIO, LBA, 78167MB, 160086528 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5 I'm curious what performance other people are getting with this disk... :) since both subsystems (scsi/usb and ide) have both linearly improved, but, let's be a bit fuzzy and say, are both still off where they should be by *roughly* a factor of 4. Andrew. -- paranoic mickey (my employers have changed but, the name has remained)
Re: very, very slow usb data transfer speed on 3.7
Michael Shalayeff wrote: Making, drinking tea and reading an opus magnum from Andrew Atrens: [Charset ISO-8859-1 unsupported, filtering to ASCII...] Okay, I've upgraded to a kernel with tag=OPENBSD_3_7 which looks to be the -stable or 'patch' tag, and while the situation has improved, performance is still off by a factor of 5. speaking about your ide benchmarks ... you cann seriously oncsider any measurment that too ~1sec try running it for at least 10 seconds Agreed. But I was lazy. Here ya go, kernel without apm0: - -- [EMAIL PROTECTED]: ~ (17:56) -- # dd if=/dev/wd0c of=/dev/null bs=819200 count=400 400+0 records in 400+0 records out 32768 bytes transferred in 14.244 secs (23004549 bytes/sec) Note the consistency with the other numbers. I ran these a number of times, btw. :) :) :) Andrew.
Re: very, very slow usb data transfer speed on 3.7
I've got a USB external drive that is virtually unusable because it is so slow. mount dev/sd0a on / type ffs (local) /dev/sd0p on /backup type ffs (local, nodev, nosuid, softdep) /dev/sd0o on /destdir type ffs (local, nodev, nosuid, softdep) /dev/sd0d on /home type ffs (local, nodev, nosuid, softdep) /dev/sd0n on /releasedir type ffs (local, nodev, nosuid, softdep) /dev/sd0e on /tmp type ffs (local, nodev, nosuid, softdep) /dev/sd0f on /usr type ffs (local, nodev, softdep) /dev/sd0g on /usr/X11R6 type ffs (local, nodev, softdep) /dev/sd0h on /usr/local type ffs (local, nodev, softdep) /dev/sd0i on /cvs type ffs (local, nodev, nosuid, softdep) /dev/sd0j on /usr/src type ffs (local, nodev, nosuid, softdep) /dev/sd0k on /var type ffs (local, nodev, nosuid, softdep) /dev/sd0l on /var/qmail/bin type ffs (local, nodev, softdep) /dev/sd0m on /var/qmail/queue type ffs (local, nodev, nosuid) /dev/sd1a on /log type ffs (local, nodev, nosuid, softdep) /dev/sd1d on /offline type ffs (local, nodev, nosuid, softdep) /dev/sd1e on /wal type ffs (local, nodev, nosuid, softdep) mfs:13470 on /var/mfs type mfs (asynchronous, local, size=200 512-blocks) /dev/sd2a on /usb_drive type ffs (local) (write a file to the usb drive) time sudo dd if=/dev/zero of=/usb_drive/test_file count=100 100+0 records in 100+0 records out 51200 bytes transferred in 452.234 secs (1132156 bytes/sec) 7m32.69s real 0m0.51s user 0m3.88s system (write a file to the crappy 3WARE RAID1) time sudo dd if=/dev/zero of=/offline/test_file count=100 100+0 records in 100+0 records out 51200 bytes transferred in 9.298 secs (55064036 bytes/sec) 0m13.68s real 0m0.58s user 0m3.78s system dmesg: OpenBSD 3.8-current (GENERIC) #0: Wed Sep 14 22:05:15 MDT 2005 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel(R) Xeon(TM) CPU 2.66GHz (GenuineIntel 686-class) 2.67 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,CNXT-ID real mem = 2147000320 (2096680K) avail mem = 1953087488 (1907312K) using 4278 buffers containing 107454464 bytes (104936K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(00) BIOS, date 02/04/03, BIOS32 rev. 0 @ 0xf0010 pcibios0 at bios0: rev 2.1 @ 0xf/0x1 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf2fb0/256 (14 entries) pcibios0: PCI Interrupt Router at 000:31:0 (Intel 82801CA LPC rev 0x00) pcibios0: PCI bus #4 is the last bus bios0: ROM list: 0xc/0x8000 0xc8000/0x1000 0xc9800/0x800 0xca000/0x1800 cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 Intel E7501 MCH Host rev 0x01 ppb0 at pci0 dev 2 function 0 Intel E7500 MCH rev 0x01 pci1 at ppb0 bus 1 Intel 82870P2 IOxAPIC rev 0x04 at pci1 dev 28 function 0 not configured ppb1 at pci1 dev 29 function 0 Intel 82870P2 PCI-PCI rev 0x04 pci2 at ppb1 bus 2 em0 at pci2 dev 1 function 0 Intel PRO/1000MT (82545EM) rev 0x01: irq 10, address: 00:e0:81:28:e9:71 Intel 82870P2 IOxAPIC rev 0x04 at pci1 dev 30 function 0 not configured ppb2 at pci1 dev 31 function 0 Intel 82870P2 PCI-PCI rev 0x04 pci3 at ppb2 bus 3 ahc1 at pci3 dev 3 function 0 Adaptec AHA-29160 U160 rev 0x02: irq 10 scsibus0 at ahc1: 16 targets st0 at scsibus0 targ 6 lun 0: SEAGATE, DAT 9SP40-000, 910B SCSI3 1/sequential removable st0: density code 0x26, 512-byte blocks, write-enabled twe0 at pci3 dev 6 function 0 3ware Escalade IDE RAID rev 0x01: irq 10 twe0: Escalade V1.3 scsibus1 at twe0: 16 targets sd0 at scsibus1 targ 0 lun 0: 3WARE, Host drive #00, SCSI2 0/direct fixed sd0: 117799MB, 15017 cyl, 255 head, 63 sec, 512 bytes/sec, 241252672 sec total sd1 at scsibus1 targ 2 lun 0: 3WARE, Host drive #02, SCSI2 0/direct fixed sd1: 117799MB, 15017 cyl, 255 head, 63 sec, 512 bytes/sec, 241252672 sec total uhci0 at pci0 dev 29 function 0 Intel 82801CA/CAM USB rev 0x02: irq 10 usb0 at uhci0: USB revision 1.0 uhub0 at usb0 uhub0: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered uhci1 at pci0 dev 29 function 1 Intel 82801CA/CAM USB rev 0x02: irq 9 usb1 at uhci1: USB revision 1.0 uhub1 at usb1 uhub1: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub1: 2 ports with 2 removable, self powered uhci2 at pci0 dev 29 function 2 Intel 82801CA/CAM USB rev 0x02: irq 11 usb2 at uhci2: USB revision 1.0 uhub2 at usb2 uhub2: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub2: 2 ports with 2 removable, self powered ppb3 at pci0 dev 30 function 0 Intel 82801BA AGP rev 0x42 pci4 at ppb3 bus 4 fxp0 at pci4 dev 1 function 0 Intel 82557 rev 0x10, i82551: irq 5, address 00:e0:81:28:e9:70 inphy0 at fxp0 phy 1: i82555 10/100 PHY, rev. 4 vga1 at pci4 dev 2 function 0 ATI Rage XL rev 0x27 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) fxp1 at pci4 dev 3 function 0 Intel 82557 rev 0x05, i82558: irq 11, address 00:90:27:2a:33:a6 inphy1 at fxp1
Re: Little log advice needed
--On 11 October 2005 11:31 -0400, James Mackinnon wrote:
I created a file that has the following info and made it executable to
root and the wheel group and no access to everyone. This file sits in
/usr/local/bin with the name logkick
# !/bin/sh
# this file is used to roll over the PFLog file to a new file so that
# it can be transfered to the Corporate log server every hour
DATE=$(date +%d%m%y%H)
HOSTNM=$(hostname)
sudo mv /var/log/pflog /var/log/pflog-$DATE$HOSTNM
chmod 660 /var/log/pflog-$DATE$HOSTNM
touch /var/log/pflog
sudo kill -HUP `cat /var/run/pflogd.pid`
I have created an account on my firewalls and logging system which is
in the sudoers file with ability to do all with nopassword being
prompted for (probably risky but this is why I'm asking for
feedback). This user is also part of the wheel group
See newsyslog.conf(5) - it can signal pflogd for you. Set the gid on
the log to one shared by the account used to transfer the log, and use
the -f option to pflogd to place the log in a directory with write
permissions to that same gid, then your script needs neither root nor
wheel access.
I have created a public/private key pair
Good.
I am using a crazy 30 character length password with symbols,
caps, numbers etc so I think the account is pretty safe.
You can disable password-based access to that account ('vipw' and
change the encrypted password field to *, like is done for the various
pre-created daemon accounts), that way the only access can be via the
relevant ssh key/s.
Anyhow, any suggestions on this would be great as I want to make sure
the risks associated with the sudoers process is not to risky and if
there is a better way I could do this as in limiting exactly what
someone using sudo can do as they only have to HUP the pflogd process
as thats the only thing I couldn't get working until I took that step.
Look at sudoers(5) if you want to find out how you can control which
commands may be executed by which user with/without passwords. There's
a lot more that you can do than is demonstrated in the sample sudoers
file.
Re: Blocking p2p via pf
David Elze wrote: Hi, I'm trying to block p2p traffic via pf on OpenBSD 3.x. Unfortunately, all new p2p-clients are able to use dynamic ports or even (ab-)use http-ports etc. so blocking well known p2p-ports is not enough. yep. Apart from blocking ports I just see two possibilities: - slow connections down very hard on well known p2p-ports, so the p2p-clients can connect but don't get speed at all (still, other dynamic ports could be used) - try to look into each datagram and scan for typical p2p-stuff (what is typical, this approach would cost to much computing time) - think outside the traditional box. :) Any hints? Unfortunately, I didn't find a lot of stuff regarding this exept the well known 'iptables-p2p' which is a match module for iptables but hey, I love pf :-) If there are too many IP addresses and ports to effectively block, maybe look for something else...like, maybe mangle the DNS queries. One tiny little DNS block, and kazaa goes bye-bye. Two, and AIM is blocked. Theoretically, this is a weak solution. However, PRACTICALLY speaking, it's simple and very effective. Other than blocked services opening up alternative entry points, I've not actually seen anyone bypass this system in real life (for example, AOL offered a web-based IM alternative, that required an additional block). It isn't a secure solution, but it seems mighty effective. http://www.holland-consulting.net/tech/imblock.html Nick.
Anyone tried this hardware raid solution?
Hi everyone, I am wondering if anyone tried this (http://www.allmediait.com/html/araid.html) hardware raid solution. It seems to only support PATA. Anyways I was just wondering if anyone had any experiences with this box. Anyone ever compared it to an Accusys 7500? On a side note, anyone knows hardware raid solution similar to this or to Accusys's 7500 solution but SATA? Jd http://www.allmediait.com/html/araid.html
Re: Blocking p2p via pf
On Tue, 11 Oct 2005 20:24:01 -0400, Nick Holland wrote: David Elze wrote: Hi, I'm trying to block p2p traffic via pf on OpenBSD 3.x. Unfortunately, all new p2p-clients are able to use dynamic ports or even (ab-)use http-ports etc. so blocking well known p2p-ports is not enough. yep. Apart from blocking ports I just see two possibilities: - slow connections down very hard on well known p2p-ports, so the p2p-clients can connect but don't get speed at all (still, other dynamic ports could be used) - try to look into each datagram and scan for typical p2p-stuff (what is typical, this approach would cost to much computing time) - think outside the traditional box. :) Any hints? Unfortunately, I didn't find a lot of stuff regarding this exept the well known 'iptables-p2p' which is a match module for iptables but hey, I love pf :-) If there are too many IP addresses and ports to effectively block, maybe look for something else...like, maybe mangle the DNS queries. One tiny little DNS block, and kazaa goes bye-bye. Two, and AIM is blocked. Theoretically, this is a weak solution. However, PRACTICALLY speaking, it's simple and very effective. Other than blocked services opening up alternative entry points, I've not actually seen anyone bypass this system in real life (for example, AOL offered a web-based IM alternative, that required an additional block). It isn't a secure solution, but it seems mighty effective. http://www.holland-consulting.net/tech/imblock.html Nick. dsniff (IIRC a package, certainly a port) contains dnsspoof that will easily let you return 127.0.0.1 as the address for any wildcarded hostname you put in its dnsspoof.hosts file. A certain teenager next door was bewildered about what happened to Kazaa. Just install dsniff on your gateway and edit the file and shazam! BTW HUPping dnsspoof appears to have it not reread the hostlist. I use a script to pkill it and restart it. From the land down under: Australia. Do we look umop apisdn from up over? Do NOT CC me - I am subscribed to the list. Replies to the sender address will fail except from the list-server.
Re: Anyone tried this hardware raid solution?
Jean-Daniel Beaubien wrote: Hi everyone, I am wondering if anyone tried this (http://www.allmediait.com/html/araid.html) hardware raid solution. It seems to only support PATA. Anyways I was just wondering if anyone had any experiences with this box. Anyone ever compared it to an Accusys 7500? On a side note, anyone knows hardware raid solution similar to this or to Accusys's 7500 solution but SATA? I've been using these in a few places for disk-based backups that we take offsite. Good results so far. There are also SATA versions. Contact me off list for more info.
Re: very, very slow usb data transfer speed on 3.7
On Tue, 11 Oct 2005 17:27:27 -0600 (MDT) Jeff Ross [EMAIL PROTECTED] wrote: : I've got a USB external drive that is virtually unusable because it : is so slow. : [snip] : (write a file to the usb drive) : : time sudo dd if=/dev/zero of=/usb_drive/test_file count=100 : : 100+0 records in : 100+0 records out : 51200 bytes transferred in 452.234 secs (1132156 bytes/sec) : 7m32.69s real 0m0.51s user 0m3.88s system Over 8Mbits/sec, keep this number in mind. : dmesg: : : OpenBSD 3.8-current (GENERIC) #0: Wed Sep 14 22:05:15 MDT 2005 : [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC ... : uhci0 at pci0 dev 29 function 0 Intel 82801CA/CAM USB rev 0x02: irq : 10 usb0 at uhci0: USB revision 1.0 : uhub0 at usb0 : uhub0: Intel UHCI root hub, rev 1.00/1.00, addr 1 : uhub0: 2 ports with 2 removable, self powered ... : umass0 at uhub0 port 2 configuration 1 interface 0 : umass0: Prolific Technology Inc. Mass Storage Device, rev 2.00/1.00, : umass0: addr 2 using SCSI over Bulk-Only : scsibus3 at umass0: 2 targets : sd2 at scsibus3 targ 1 lun 0: WDC WD20, 00JB-00GVA0, 08.0 SCSI0 0/ : direct fixed : sd2: 190782MB, 190782 cyl, 64 head, 32 sec, 512 bytes/sec, 390721969 : sec total uhci is USB1, which theoretically tops out at 11Mbits/sec. You won't get much faster access unless you get USB2, which tops out at 480Mbits/sec. -- It is not enough to succeed. Others must fail. -- Gore Vidal
Re: very, very slow usb data transfer speed on 3.7
I don't see the 'EHCI' controller in there anywhere. :( UHCI == usb1.1 EHCI == usb2.0 Top speed for usb1.1 is roughly 1MB/s. Your getting that. :| Two possibilities - your mobo doesn't do usb2.0 - or the ehci device probe isn't grokking your hardware. Andrew. Jeff Ross wrote: I've got a USB external drive that is virtually unusable because it is so slow. mount dev/sd0a on / type ffs (local) /dev/sd0p on /backup type ffs (local, nodev, nosuid, softdep) /dev/sd0o on /destdir type ffs (local, nodev, nosuid, softdep) /dev/sd0d on /home type ffs (local, nodev, nosuid, softdep) /dev/sd0n on /releasedir type ffs (local, nodev, nosuid, softdep) /dev/sd0e on /tmp type ffs (local, nodev, nosuid, softdep) /dev/sd0f on /usr type ffs (local, nodev, softdep) /dev/sd0g on /usr/X11R6 type ffs (local, nodev, softdep) /dev/sd0h on /usr/local type ffs (local, nodev, softdep) /dev/sd0i on /cvs type ffs (local, nodev, nosuid, softdep) /dev/sd0j on /usr/src type ffs (local, nodev, nosuid, softdep) /dev/sd0k on /var type ffs (local, nodev, nosuid, softdep) /dev/sd0l on /var/qmail/bin type ffs (local, nodev, softdep) /dev/sd0m on /var/qmail/queue type ffs (local, nodev, nosuid) /dev/sd1a on /log type ffs (local, nodev, nosuid, softdep) /dev/sd1d on /offline type ffs (local, nodev, nosuid, softdep) /dev/sd1e on /wal type ffs (local, nodev, nosuid, softdep) mfs:13470 on /var/mfs type mfs (asynchronous, local, size=200 512-blocks) /dev/sd2a on /usb_drive type ffs (local) (write a file to the usb drive) time sudo dd if=/dev/zero of=/usb_drive/test_file count=100 100+0 records in 100+0 records out 51200 bytes transferred in 452.234 secs (1132156 bytes/sec) 7m32.69s real 0m0.51s user 0m3.88s system (write a file to the crappy 3WARE RAID1) time sudo dd if=/dev/zero of=/offline/test_file count=100 100+0 records in 100+0 records out 51200 bytes transferred in 9.298 secs (55064036 bytes/sec) 0m13.68s real 0m0.58s user 0m3.78s system dmesg: OpenBSD 3.8-current (GENERIC) #0: Wed Sep 14 22:05:15 MDT 2005 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel(R) Xeon(TM) CPU 2.66GHz (GenuineIntel 686-class) 2.67 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,CNXT-ID real mem = 2147000320 (2096680K) avail mem = 1953087488 (1907312K) using 4278 buffers containing 107454464 bytes (104936K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(00) BIOS, date 02/04/03, BIOS32 rev. 0 @ 0xf0010 pcibios0 at bios0: rev 2.1 @ 0xf/0x1 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf2fb0/256 (14 entries) pcibios0: PCI Interrupt Router at 000:31:0 (Intel 82801CA LPC rev 0x00) pcibios0: PCI bus #4 is the last bus bios0: ROM list: 0xc/0x8000 0xc8000/0x1000 0xc9800/0x800 0xca000/0x1800 cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 Intel E7501 MCH Host rev 0x01 ppb0 at pci0 dev 2 function 0 Intel E7500 MCH rev 0x01 pci1 at ppb0 bus 1 Intel 82870P2 IOxAPIC rev 0x04 at pci1 dev 28 function 0 not configured ppb1 at pci1 dev 29 function 0 Intel 82870P2 PCI-PCI rev 0x04 pci2 at ppb1 bus 2 em0 at pci2 dev 1 function 0 Intel PRO/1000MT (82545EM) rev 0x01: irq 10, address: 00:e0:81:28:e9:71 Intel 82870P2 IOxAPIC rev 0x04 at pci1 dev 30 function 0 not configured ppb2 at pci1 dev 31 function 0 Intel 82870P2 PCI-PCI rev 0x04 pci3 at ppb2 bus 3 ahc1 at pci3 dev 3 function 0 Adaptec AHA-29160 U160 rev 0x02: irq 10 scsibus0 at ahc1: 16 targets st0 at scsibus0 targ 6 lun 0: SEAGATE, DAT 9SP40-000, 910B SCSI3 1/sequential removable st0: density code 0x26, 512-byte blocks, write-enabled twe0 at pci3 dev 6 function 0 3ware Escalade IDE RAID rev 0x01: irq 10 twe0: Escalade V1.3 scsibus1 at twe0: 16 targets sd0 at scsibus1 targ 0 lun 0: 3WARE, Host drive #00, SCSI2 0/direct fixed sd0: 117799MB, 15017 cyl, 255 head, 63 sec, 512 bytes/sec, 241252672 sec total sd1 at scsibus1 targ 2 lun 0: 3WARE, Host drive #02, SCSI2 0/direct fixed sd1: 117799MB, 15017 cyl, 255 head, 63 sec, 512 bytes/sec, 241252672 sec total uhci0 at pci0 dev 29 function 0 Intel 82801CA/CAM USB rev 0x02: irq 10 usb0 at uhci0: USB revision 1.0 uhub0 at usb0 uhub0: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered uhci1 at pci0 dev 29 function 1 Intel 82801CA/CAM USB rev 0x02: irq 9 usb1 at uhci1: USB revision 1.0 uhub1 at usb1 uhub1: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub1: 2 ports with 2 removable, self powered uhci2 at pci0 dev 29 function 2 Intel 82801CA/CAM USB rev 0x02: irq 11 usb2 at uhci2: USB revision 1.0 uhub2 at usb2 uhub2: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub2: 2 ports with 2 removable, self powered ppb3 at pci0 dev 30 function 0 Intel 82801BA AGP rev 0x42 pci4 at ppb3 bus 4 fxp0 at pci4 dev 1 function 0 Intel 82557 rev 0x10, i82551: irq 5, address 00:e0:81:28:e9:70 inphy0 at fxp0 phy 1:
Re: Blocking p2p via pf
From: Nick Holland [mailto:[EMAIL PROTECTED] Theoretically, this is a weak solution. However, PRACTICALLY speaking, it's simple and very effective. Other than blocked services opening up alternative entry points, I've not actually seen anyone bypass this system in real life (for example, AOL offered a web-based IM alternative, that required an additional block). It isn't a secure solution, but it seems mighty effective. Simply for the sake of pointing it out, there is also the IDS method. This comes with the same disclaimer of it being an imperfect solution (false positives being one possible downfall) but carries the advantage that you don't need to focus on IP addresses or ports which can change - you focus on the protocol itself. While we haven't had great results with tracking P2P use with stock Snort signatures, we've found the Bleeding Snort collection to have a lot of capabilities for detection of P2P and spyware traffic. Throw this inline with the snort to pf utilities that were discussed recently in the archives and it makes a respectable way of blocking traffic. We haven't found the false positives level of this to be overly prohibitive either, actually. DS
Re: Motherboard Recommendation
On Tue, Oct 11, 2005 at 11:09:41PM +0100, the unit calling itself Simon Morgan wrote: Hi, I'm interested in building a machine for use as an OpenBSD workstation and would appreciate any recommendations on AMD64 motherboards that are well supported. I assume there are people on this list using OpenBSD as their primary OS and would be interested to hear what you're using. I've had good luck with Tyan. This would be a damned sight easier if manufacturers didn't insist on including everything but the kitchen sink on-board and failing to document which chipsets they're using. Can you even buy desktop motherboards that don't come with on-board sound and network these days? Any advice is appreciated. Certainly without sound, and I'm sure there are a few w/o networking... but they tend to be the low-end products that don't offer good value. I think the reason for higher integration is that it makes the board more versatile (I may want to put this in a 1U enclosure don't want to or can't add PCI cards, risers, etc). All of these peripheral features can be disabled via jumpers if you prefer to use your own brand via PCI card. Jay
Re: Anyone tried this hardware raid solution?
On Tue, Oct 11, 2005 at 08:24:11PM -0400, the unit calling itself Jean-Daniel Beaubien wrote: Hi everyone, I am wondering if anyone tried this (http://www.allmediait.com/html/araid.html) hardware raid solution. It seems to only support PATA. Anyways I was just wondering if anyone had any experiences with this box. Anyone ever compared it to an Accusys 7500? On a side note, anyone knows hardware raid solution similar to this or to Accusys's 7500 solution but SATA? These allmediait guys look like resellers for Accordance hardware: http://www.accordancesystems.com/ The other designer/manufacturer I've found is: http://www.arcoide.com/ It appears they both offer SATA options. Accusys claims they offer SATA-to-SATA (ACS-75170, -76130 -76510), but their webpage is so lame that it's hard to tell (http://www.accusys.com.tw/prod.htm). It appears that Accusys has the lowest priced solution in their ACS 7500. It strikes me that all three of these guys make good looking hardware that oughta be a hit, but it's almost impossible to find a retailer for any of them (e.g. look for any of this stuff on pricegrabber.) Jay
Re: using mount -f with softdep to alleviate long fscks
On 10/11/05, Joe Advisor [EMAIL PROTECTED] wrote: ... and I've read that if you use softdep, fsck is only necessary to recover lost disk space ... http://marc.theaimsgroup.com/?l=openbsd-miscm=109668072628188w=2 ... but when I pull out the fsck (basically commented out lines 87 to 119 in /etc/rc and do a -f on mount as suggested ... ... I get kernel messages panics on hard reboots. I clearly am missing something. I would be grateful if anybody had any suggestions. i don't know what you're missing, but we are missing any sort of useful information that could be used to help you.
Re: very, very slow usb data transfer speed on 3.7
-- [EMAIL PROTECTED]: ~ (17:39) -- # dd if=/dev/wd0c of=/dev/null bs=819200 count=20 20+0 records in 20+0 records out 16384000 bytes transferred in 0.711 secs (23012820 bytes/sec) recall the old speed with apm0: - -- [EMAIL PROTECTED]: ~ (17:13) -- # dd if=/dev/wd0c of=/dev/null bs=819200 count=20 20+0 records in 20+0 records out 16384000 bytes transferred in 1.129 secs (14509606 bytes/sec) that's pretty harsh if other people can reproduce it. :( Incidentally usb transfers *weren't* improved by removing apm0 - -- [EMAIL PROTECTED]: ~ (17:39) -- # dd if=/dev/sd0c of=/dev/null bs=819200 count=20 20+0 records in 20+0 records out 16384000 bytes transferred in 6.017 secs (2722653 bytes/sec) so there's some other factor limiting those. I'm getting the same speed on a snapshot from 09/21 with amd64 on a brand new amd 64 3800+. Lately I was copying around 40G of data onto a usb 2.0 hard disk (yes it was attached to EHCI) and wondered why it took so long, but I didn't pursue the issue further. I also tried with different blocksizes and to eliminate the issue of a too short benchmark I ran for a couple of minutes (about count=500). Actually wait a minute ... /dev/sd0c and /dev/wd0c ? Are you SUPPOSED to read of a block device ? SHOULDN'T it be /dev/rsd0c and /dev/rwd0c ??? ^ ^ RAW DEVICE With the raw devices the speed looks QUITE different: BLOCK DEVICE: sudo dd if=/dev/wd0c of=/dev/null bs=512k count=500 500+0 records in 500+0 records out 262144000 bytes transferred in 16.957 secs (15458831 bytes/sec) # Top shows CPU usage as 28.7% system, 27.9% interrupt, 41.9% idle RAW DEVICE: sudo dd if=/dev/rwd0c of=/dev/null bs=512k count=200 200+0 records in 200+0 records out 104857600 bytes transferred in 1.787 secs (58666485 bytes/sec) # Top shows CPU usage as 4.6% system, 5.4% interrupt, 90.0% idle (same with USB device) BLOCK DEVICE: sudo dd if=/dev/sd0c of=/dev/null bs=512k count=500 500+0 records in 500+0 records out 262144000 bytes transferred in 96.561 secs (2714791 bytes/sec) # Top shows CPU usage as 4.7% system, 10.8% interrupt, 84.6% idle RAW DEVICE: sudo dd if=/dev/rsd0c of=/dev/null bs=512k count=500 500+0 records in 500+0 records out 262144000 bytes transferred in 19.015 secs (13785462 bytes/sec) # Top shows CPU usage as 1.6% system, 2.3% interrupt, 96.1% idle I'm sorry if I understood something wrong, but my understanding was/is that you only use RAW devices with dd (since it uses it's own blocks ). Please tell me if I'm wrong, since (right) knowledge is valueable! Regards, ahb
