help switching from linux to openbsd
Hello, until recently I've been a Linux user but have decided to get my feet wet with OpenBSD. I had a few basic questions that I wasn't able to solve after reading the FAQ and doing some web searches and was hoping someone could point me in the right direction. (I'm running a freshly built 3.8-current on an amd64 machine). In any case, here are the things I'm trying to do: 1. I'd like to switch consoles with Alt-FN instead of Ctrl-Alt-FN. How can I do that? (The main reason is that I prefer to be able to switch consoles with one hand and using the Ctrl key is a bit awkward for me to do without using both hands.) 2. My mouse doesn't seem to work under X. I have a USB mouse and see the following message in dmesg: uhub0: device problem, disabling port 1 and not sure if this is the indicating the problem. In any case, I've enclosed the full dmesg below and I'm happy to give out any more information that's needed. Thanks very much for any help, Daniel OpenBSD 3.8-current (GENERIC) #0: Mon Jan 16 19:21:53 EST 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/GENERIC real mem = 938012672 (916028K) avail mem = 791314432 (772768K) using 22937 buffers containing 94007296 bytes (91804K) of memory mainbus0 (root) cpu0 at mainbus0: (uniprocessor) cpu0: AMD Athlon(tm) 64 Processor 3000+, 1791.09 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SSE3,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 64b/line 16-way L2 cache cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu0: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative pci0 at mainbus0 bus 0: configuration mode 1 pchb0 at pci0 dev 0 function 0 ATI RS480 Host rev 0x00 ppb0 at pci0 dev 1 function 0 ATI RS480 PCIE rev 0x00 pci1 at ppb0 bus 1 vga1 at pci1 dev 5 function 0 ATI Radeon XPRESS 200 rev 0x00 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) pciide0 at pci0 dev 17 function 0 ATI IXP400 SATA rev 0x00: DMA pciide0: using irq 11 for native-PCI interrupt pciide1 at pci0 dev 18 function 0 ATI IXP400 SATA rev 0x00: DMA pciide1: using irq 10 for native-PCI interrupt pciide1: port 0: device present, speed: 1.5Gb/s wd0 at pciide1 channel 0 drive 0: ST3160827AS wd0: 16-sector PIO, LBA48, 152627MB, 312581808 sectors wd0(pciide1:0:0): using BIOS timings, Ultra-DMA mode 6 ohci0 at pci0 dev 19 function 0 ATI IXP400 USB rev 0x00: irq 10, version 1.0, legacy support usb0 at ohci0: USB revision 1.0 uhub0 at usb0 uhub0: ATI OHCI root hub, rev 1.00/1.00, addr 1 uhub0: 4 ports with 4 removable, self powered ohci1 at pci0 dev 19 function 1 ATI IXP400 USB rev 0x00: irq 10, version 1.0, legacy support usb1 at ohci1: USB revision 1.0 uhub1 at usb1 uhub1: ATI OHCI root hub, rev 1.00/1.00, addr 1 uhub1: 4 ports with 4 removable, self powered ehci0 at pci0 dev 19 function 2 ATI IXP400 USB2 rev 0x00: irq 10 usb2 at ehci0: USB revision 2.0 uhub2 at usb2 uhub2: ATI EHCI root hub, rev 2.00/1.00, addr 1 uhub2: 8 ports with 8 removable, self powered ATI IXP400 SMBus rev 0x04 at pci0 dev 20 function 0 not configured pciide2 at pci0 dev 20 function 1 ATI IXP400 IDE rev 0x00: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility atapiscsi0 at pciide2 channel 1 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: HL-DT-ST, RW/DVD GCC-4480B, 1.02 SCSI0 5/cdrom removable cd0(pciide2:1:0): using PIO mode 4, DMA mode 2, Ultra-DMA mode 2 pcib0 at pci0 dev 20 function 3 ATI IXP400 ISA rev 0x00 ppb1 at pci0 dev 20 function 4 ATI IXP400 PCI rev 0x00 pci2 at ppb1 bus 2 Texas Instruments ACX100A rev 0x00 at pci2 dev 0 function 0 not configured rl0 at pci2 dev 3 function 0 Realtek 8139 rev 0x10: irq 5, address 00:13:d3:09:d0:99 rlphy0 at rl0 phy 0: RTL internal phy VIA VT6306 FireWire rev 0x80 at pci2 dev 4 function 0 not configured auixp0 at pci0 dev 20 function 5 ATI IXP400 AC97 rev 0x00: irq 3 auixp0: soft resetting aclink pchb1 at pci0 dev 24 function 0 AMD AMD64 HyperTransport rev 0x00 pchb2 at pci0 dev 24 function 1 AMD AMD64 Address Map rev 0x00 pchb3 at pci0 dev 24 function 2 AMD AMD64 DRAM Cfg rev 0x00 pchb4 at pci0 dev 24 function 3 AMD AMD64 Misc Cfg rev 0x00 isa0 at pcib0 isadma0 at isa0 com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pcppi0 at isa0 port 0x61 midi0 at pcppi0: PC speaker spkr0 at pcppi0 sysbeep0 at pcppi0 lpt0 at isa0 port 0x378/4 irq 7 fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 uhub0: device problem, disabling port 1 dkcsum: wd0 matches BIOS drive 0x80 root on wd0a rootdev=0x0 rrootdev=0x300 rawdev=0x302 ac97: codec id 0x414c4780 (Avance Logic ALC658) ac97: codec features 20 bit DAC, 18 bit ADC, No 3D Stereo audio0 at auixp0
Re: Novice compile question
Didier Wiroth wrote: Hello, (I'm a compile novice) Then you shouldn't be cross-compiling. In fact, cross-compiling isn't supported on OpenBSD for end-users at all. Check the archive to see reams of discussion on this. If you want your fast amd64 machine to make i386 snapshots, then consider maintaining an i386 installation on a secondary disk and booting to that to make your i386 builds. -d
Re: df -h stats for same file systems display different result son AMD64 then on i386 (Source solved)
OK, Here is the source of the problem. The cache file generated by webazolver is the source of the problem. Based on the information of the software webalizer, as this: Cached DNS addresses have a TTL (time to live) of 3 days. This may be changed at compile time by editing the dns_resolv.h header file and changing the value for DNS_CACHE_TTL. The cache file is process each night, and the records older then 3 days are remove, but somehow that file become a sparse file in the process and when copy else where show it's real size. In my case that file was using a bit over 4 millions blocks more then it should have and give me the 4GB+ difference in mirroring the content. So, as far as I can see it, this process of expiring the records from the cache file that is always reuse doesn't shrink the file really, but somehow just mark the records inside the file as bad, or something like that. So, nothing to do with OpenBSD at all but I would think there is a bug in the portion of webalizer however base on what I see from it's usage. Now the source of the problem was found and many thanks to all that stick with me along the way. Always feel good to know in the end! Thanks to Otto, Ted and Tom. Daniel
Re: mssql.so
On Tue, Jan 17, 2006 at 12:47:02AM -0200, Ricardo Lucas wrote: Ok, so that's happening, I've got the freetds-current.tgz and freetds-stable.tgz but stop in this error when I try to make any: first ./configure --enable-msdblib Am I doing something wrong?! Yes, you are trying to install freedts twice. You are also failing to understand that there is a very real benefit to be had from the ports system, via installing the sygate package, as you have been told many times now. Joachim
Re: Using freshports.org ports
Ok, thanks! On 1/16/06, Josh Grosse [EMAIL PROTECTED] wrote: On Mon, Jan 16, 2006 at 06:06:20PM -0300, Jo?o Salvatti wrote: Hi all, I'd like to know if I can use the ports at http://www.freshports.org/ in my OpenBSD system. These are FreeBSD ports. Binaries from these ports may be used in some circumstances, see compat_freebsd(8) for details. -- Joco Salvatti Undergraduating in Computer Science Federal University of Para - UFPA web: http://salvatti.expert.com.br e-mail: [EMAIL PROTECTED]
mod_gzip and 3.8 SOLVED
Hello misc@, I've synced my kernel with 3.8 STABLE via CVS (Sun Jan 15 13:10:47 CET 2006) and mod_gzip-1.3.26.1ap0 now works like a charm. The issue was: http://marc.theaimsgroup.com/?t=11344297545r=1w=2 Remember the problem it's not related to zlib (mod_gzip doesn't use zlib at all). Just for the record. regards, Juanjo -- Desarrollo y sistemas: http://www.usebox.net/ Pagina Personal: http://www.usebox.net/jjm/
Re: help switching from linux to openbsd
On Mon, Jan 16, 2006 at 10:40:38PM -0800, Daniel Dickman wrote: Hello, until recently I've been a Linux user but have decided to get my feet wet with OpenBSD. I had a few basic questions that I wasn't able to solve after reading the FAQ and doing some web searches and was hoping someone could point me in the right direction. (I'm running a freshly built 3.8-current on an amd64 machine). In any case, here are the things I'm trying to do: 1. I'd like to switch consoles with Alt-FN instead of Ctrl-Alt-FN. How can I do that? (The main reason is that I prefer to be able to switch consoles with one hand and using the Ctrl key is a bit awkward for me to do without using both hands.) I'm sorry, I don't know. I'll gladly point you to screen, though, which is available under ports - switching consoles is as easy as Ctrl-A 2, or somesuch, and it has loads of other nice features. 2. My mouse doesn't seem to work under X. I have a USB mouse and see the following message in dmesg: uhub0: device problem, disabling port 1 and not sure if this is the indicating the problem. In any case, I've enclosed the full dmesg below and I'm happy to give out any more information that's needed. Yes, this is the problem. It is likely the mouse is either defective or not supported; what mouse is it? OpenBSD 3.8-current (GENERIC) #0: Mon Jan 16 19:21:53 EST 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/GENERIC Hmm... you like living on the edge, don't you? ;-) Joachim
Re: which cf wifi card for a Zaurus C3100?
On Mon, Jan 16, 2006 at 05:29:02PM +0100, Maik Kuendig wrote: can someone recommend a CF WiFi card for a Zaurus C3100? My dealer has the following cards available: - D-Link DCF-660W - Linksys WCF12-EU I use a Linksys WCF12 (no ``-EU'', bought in the US). Works great. -Ray-
Re: ipv6 tentative address generation
On Tue, Jan 17, 2006 at 01:11:29AM -0600, Travers Buda wrote: Ipv6 allows for stateless configuration of a interface. The IEEE (aka MAC or hardware address) is generally used to generate tentative addresses which commonly end up being the assigned address provided stateful addressing does not exist on the network (such as DHCP.) This is the case in OpenBSD's import of KAME. Since the same method to generate an IP is used over an over (the host has an unchanging, persistant address,) the traffic generated and recieved by hosts would be open to many forms of analysis not necessairly confined to the computing world. For example, when some is at home, at work; what they access could be more easily tied to them (and the hardware they use,) decreasing anonymity. The problem and solution are outlined in RFC 3041. http://www.ietf.org/rfc/rfc3041.txt The solution is to use random data to generate ipv6 stateless addresses. Trying to be productive and not an asshole, Is there a question? If you wish to generate random ipv6 stateless addresses, ``jot -rs: -w%.2x 6 0 255'' and ifconfig(8) work. -Ray-
Re: mssql.so
Sorry about that. I had thought that the sybase was seemed with mssql function, but the usage are different, this is why I've not installed this pkg befor, but now everything works fine!!! Thank's all Best regards 2006/1/17, Joachim Schipper [EMAIL PROTECTED]: On Tue, Jan 17, 2006 at 12:47:02AM -0200, Ricardo Lucas wrote: Ok, so that's happening, I've got the freetds-current.tgz and freetds-stable.tgz but stop in this error when I try to make any: first ./configure --enable-msdblib Am I doing something wrong?! Yes, you are trying to install freedts twice. You are also failing to understand that there is a very real benefit to be had from the ports system, via installing the sygate package, as you have been told many times now. Joachim -- Abragos Ricardo Lucas We have to stop been egoist and think more on ourselves.
Re: df -h stats for same file systems display different result son AMD64 then on i386 (Source solved)
On Tue, 17 Jan 2006, Daniel Ouellet wrote: OK, Here is the source of the problem. The cache file generated by webazolver is the source of the problem. Based on the information of the software webalizer, as this: Cached DNS addresses have a TTL (time to live) of 3 days. This may be changed at compile time by editing the dns_resolv.h header file and changing the value for DNS_CACHE_TTL. The cache file is process each night, and the records older then 3 days are remove, but somehow that file become a sparse file in the process and when copy else where show it's real size. In my case that file was using a bit over 4 millions blocks more then it should have and give me the 4GB+ difference in mirroring the content. So, as far as I can see it, this process of expiring the records from the cache file that is always reuse doesn't shrink the file really, but somehow just mark the records inside the file as bad, or something like that. So, nothing to do with OpenBSD at all but I would think there is a bug in the portion of webalizer however base on what I see from it's usage. Now the source of the problem was found and many thanks to all that stick with me along the way. You are wrong in thinking sparse files are a problem. Having sparse files quite a nifty feature, I would say. -Otto
Re: ipsec.conf, win xp
Am Freitag, 13. Januar 2006 10:41 schrieb raff: i'm using ipsecctl with win xp home client and shared passwords My dad's laptop uses Win XP Home-Edition, is it also possible to use ipsecctl with it?
Re: help switching from linux to openbsd
Daniel Dickman wrote: Hello, until recently I've been a Linux user but have decided to get my feet wet with OpenBSD. I had a few basic questions that I wasn't able to solve after reading the FAQ and doing some web searches and was hoping someone could point me in the right direction. (I'm running a freshly built 3.8-current on an amd64 machine). In any case, here are the things I'm trying to do: Hi 1. I'd like to switch consoles with Alt-FN instead of Ctrl-Alt-FN. How can I do that? (The main reason is that I prefer to be able to switch consoles with one hand and using the Ctrl key is a bit awkward for me to do without using both hands.) After using OpenBSD for a few years now, I try hard to minimize deviations from the base system. The possible drawbacks are minimal compared to the gained simplicity, e.g. concerning upgrades. You will find (and most likely have already found) many differences from Linux. My suggestion is that you just get used to your new OpenBSD system and realize that it is a different OS. Tweaking will most likely, sooner or later, get you into trouble and you cannot (and should not) expect any help from the community with issues coming from tweaking a perfectly working system. Of course, this is generally speaking, and there may exist some simple configuration setting (nb. run-time, not compile-time) that does what you want. Feel free to use it if so (but I don't recommend it anyway). 2. My mouse doesn't seem to work under X. I have a USB mouse and see the following message in dmesg: uhub0: device problem, disabling port 1 and not sure if this is the indicating the problem. In any case, I've enclosed the full dmesg below and I'm happy to give out any more information that's needed. Full dmesg. Super. Seems like a crappy mouse. Doesn't work in console either I suppose? (man wsmoused) Thanks very much for any help, Daniel /Alexander
Re: Kernel panic on fresh 3.8 amd64 after make build
On Tue, Jan 17, 2006 at 03:02:09PM +0100, Koen Van Impe wrote: cd /usr/src ftp ftp://ftp.openbsd.org/pub/OpenBSD/3.8/src.tar.gz tar zxvf src.tar.gz Should stick a -p in here as well.. cd /usr/src cvs -d [EMAIL PROTECTED]:/cvs -q up -rOPENBSD_3_8 -Pd cd /usr/src/sys/arch/amd64/conf/ /usr/sbin/config GENERIC cd /usr/src/sys/arch/amd64/compile/GENERIC/ make clean make depend make cd /usr/src/sys/arch/amd64/compile/GENERIC/ cp /bsd /bsd-old cp bsd /bsd reboot cd /usr/src rm -r /usr/obj/* make obj make build I usually update the sources, then make build, then compile the kernel , install the kernel and reboot. Staying with -current that way hasn't given me any stress in the last year afaik. And even -current is somewhat forgiving if you don't update or mergemaster your rc files, devices and chroot sandboxes immediately. I understand you track -stable, I don't have experience with that, but try booting with the backed up kernel then making build and then compiling the kernel again and use that on next boot. -peter
Re: mssql.so
On Tue, Jan 17, 2006 at 11:26:02AM -0200, Ricardo Lucas wrote: Sorry about that. I had thought that the sybase was seemed with mssql function, but the usage are different, this is why I've not installed this pkg befor, but now everything works fine!!! From the cursory look I've had at the documentation, there indeed is a difference in functionality. If it bites you, go with freetds from packages and compile whatever else you need. If, as is most likely, it doesn't - better to stay with packages that actually work. Joachim
Re: ipsec.conf, win xp
On Tue, Jan 17, 2006 at 03:39:58PM +0100, Christoph Fritz wrote: Am Freitag, 13. Januar 2006 10:41 schrieb raff: i'm using ipsecctl with win xp home client and shared passwords My dad's laptop uses Win XP Home-Edition, is it also possible to use ipsecctl with it? Yes, in theory. raff was talking about using Microsoft Windows XP Home Edition as a client to an IPsec gateway, utilizing shared passwords. But since that's a little long, he left out some stuff. Joachim
Re: df -h stats for same file systems display different result son AMD64 then on i386 (Source solved)
On Tue, Jan 17, 2006 at 02:15:57PM +0100, Otto Moerbeek wrote: On Tue, 17 Jan 2006, Daniel Ouellet wrote: OK, Here is the source of the problem. The cache file generated by webazolver is the source of the problem. Based on the information of the software webalizer, as this: Cached DNS addresses have a TTL (time to live) of 3 days. This may be changed at compile time by editing the dns_resolv.h header file and changing the value for DNS_CACHE_TTL. The cache file is process each night, and the records older then 3 days are remove, but somehow that file become a sparse file in the process and when copy else where show it's real size. In my case that file was using a bit over 4 millions blocks more then it should have and give me the 4GB+ difference in mirroring the content. So, as far as I can see it, this process of expiring the records from the cache file that is always reuse doesn't shrink the file really, but somehow just mark the records inside the file as bad, or something like that. So, nothing to do with OpenBSD at all but I would think there is a bug in the portion of webalizer however base on what I see from it's usage. Now the source of the problem was found and many thanks to all that stick with me along the way. You are wrong in thinking sparse files are a problem. Having sparse files quite a nifty feature, I would say. Are we talking about webazolver or OpenBSD? I'd argue that relying on the OS handling sparse files this way instead of handling your own log data in an efficient way *is* a problem, as evidenced by Daniels post. After all, it's reasonable to copy data to, say, a different drive and expect it to take about as much space as the original. On the other hand, I agree with you that handling sparse files efficiently is rather neat in an OS. Joachim
Re: mssql.so
It's working fine for me!!! Thank's a lot 2006/1/17, Joachim Schipper [EMAIL PROTECTED]: On Tue, Jan 17, 2006 at 11:26:02AM -0200, Ricardo Lucas wrote: Sorry about that. I had thought that the sybase was seemed with mssql function, but the usage are different, this is why I've not installed this pkg befor, but now everything works fine!!! From the cursory look I've had at the documentation, there indeed is a difference in functionality. If it bites you, go with freetds from packages and compile whatever else you need. If, as is most likely, it doesn't - better to stay with packages that actually work. Joachim -- Abragos Ricardo Lucas We have to stop been egoist and think more on ourselves.
how many transactions for second can i have?
hello boys: i need to now how many transactions for second can i have with a fw redundant using CARP, in the other hand i would like to now where i can find information or statis about speed of this kind of transactions thanks
Re: postfix w/ encrypted virtual mailboxes: delivery failure file too large
I had a problem with postfix on a mailserver that we used for member communications. Many, many bounces as the list got more stale. These bounces would fill up a mailbox. Solution we found, in main.cf: mailbox_size_limit = 1073741824 Prior to this setting, postfix had some ridiculously low idea of how big a mailbox should be allowed to be (at least for this application). Hope this is helpful. -- Jack Bates Venice, CA, USA I play Texas Hold'Em at http://www.fulltiltpoker.com
Re: please: openbsd mailing list request for patch/errata announcement
On 1/16/06, Didier Wiroth [EMAIL PROTECTED] wrote: Do you think it would be possible to send a small mail to [EMAIL PROTECTED] when there are patches available? This has been discussed many times. See the archives. Subscribe to the http://undeadly.org/cgi?action=errata RSS feed. Check it daily. -- http://erdelynet.com/ Support OpenBSD! http://www.openbsd.org/orders.html
Re: df -h stats for same file systems display different result son AMD64 then on i386 (Source solved)
On Tue, 17 Jan 2006, Joachim Schipper wrote: On Tue, Jan 17, 2006 at 02:15:57PM +0100, Otto Moerbeek wrote: You are wrong in thinking sparse files are a problem. Having sparse files quite a nifty feature, I would say. Are we talking about webazolver or OpenBSD? I'd argue that relying on the OS handling sparse files this way instead of handling your own log data in an efficient way *is* a problem, as evidenced by Daniels post. After all, it's reasonable to copy data to, say, a different drive and expect it to take about as much space as the original. Now that's a wrong assumption. A file is a row of bytes. The only thing I can assume is that if I write a byte at a certain position, I will get the same byte back when reading the file. Furthermoe, the file size (not the disk space used!) is the largest position written. If I assume anything more, I'm assuming too much. For an application, having sparse files is completely transparant. The application doesn't even know the difference. How the OS stores the file is up to the OS. Again, assuming a copy of a file takes up as much space as the original is wrong. On the other hand, I agree with you that handling sparse files efficiently is rather neat in an OS. -Otto
Looking for motherboard with pcix,133Mhz,64bit NICs and Openbsd friendly.
Hi all, I'm looking for a motherboard with pci-x,133Mhz,64bit NICs and 100% works with Openbsd 3.8. I have done some search back in the list. It seems that the Tyan Thunder K8S Pro (S2882) is the most popular one. Please correct me if i'm wrong. This board is PCI-X, 133Mhz bus with 64bit BCM NICs connect to it? I think it is, I just want some feedback to make sure before roll out the money for it. :) This board seems to have some console redirection issues but i'm not bothered about that. Is there any other gotchas I should look out for on this board? http://www.tyan.com/products/html/thunderk8spro_spec.html Is there any other motherboard out there that someone would recommend beside this? I'm switching from a P3-800, PCI 33Mhz 10/100 32bit Intel NICs to this. I wonder how much difference in performence gain? :) Comments Recommendations are highly appreciated. many thanks. Regards. Kent.
pf and FR tcp flags
Hi! We are running a pretty nice commercial firewall which obviously is based on a stripped version of OpenBSD and pf ;) (yes I know... we are planning on switching to our own OpenBSD installation as soon as possibly, still in the learning process though). Anyway we get alot of warnings about connections to a valid www server on the dmz like this: Jan 17 19:41:01 Denied incoming WAN 83.248.186.3 1162 192.168.78.6 80 TCP flags F, seq 0, size 0 ack 1 win 65535, no frags and this: Jan 17 19:39:26 Denied incoming WAN 85.112.166.15 11406 192.168.78.6 80 TCP flags R, seq 1305210837, size 0 ack 2803852444 win 0 With some detetctive work I think the firewall has the following pf.conf settings for allowing traffic to the www server (fake public ip address): binat on $EXTIF inet from 192.168.78.6 to any - 20.1.1.1 pass in quick on $EXTIF inet proto tcp from any to 192.178.78.6 port www flags S/SA modulate state I think scrub are used on the ext inferface So now to my question: is the above denied connections correct or should they be allowed to the www server, eg. using S/SAFR in the pass rule? Thanks, Johan
Re: Looking for motherboard with pcix,133Mhz,64bit NICs and Openbsd friendly.
There is an issue with support of Sil3114 in 3.8 which will eventually led to a panic and trashed filesystem. Fixed in current. I've been using the Tyan 2881 board (essentially the same as 2882) without any problems after merging in the changes for Sil3114 support. Use ATA drives or drop in a scsi adapter. --On Wednesday, January 18, 2006 3:30 AM +0800 Kent Ho [EMAIL PROTECTED] wrote: I have done some search back in the list. It seems that the Tyan Thunder K8S Pro (S2882) is the most popular one. Please correct me if i'm wrong. This board is PCI-X, 133Mhz bus with 64bit BCM NICs connect to it? I think it is, I just want some feedback to make sure before roll out the money for it. :) This board seems to have some console redirection issues but i'm not bothered about that. Is there any other gotchas I should look out for on this board?
Re: df -h stats for same file systems display different result son AMD64 then on i386 (Source solved)
You are wrong in thinking sparse files are a problem. Having sparse files quite a nifty feature, I would say. Are we talking about webazolver or OpenBSD? I'd argue that relying on the OS handling sparse files this way instead of handling your own log data in an efficient way *is* a problem, as evidenced by Daniels post. After all, it's reasonable to copy data to, say, a different drive and expect it to take about as much space as the original. Just as feedback the size showed something like 150MB or so as the original file on OpenBSD. Using RSYNC to copy it over makes it almost 5GB in size, well I wouldn't call that good. But again, before I say no definitely, there is always something that I may not understands, so I am welling to leave some space for that here. But not much! (: On the other hand, I agree with you that handling sparse files efficiently is rather neat in an OS. I am not sure that the OS handle it well or not. Again, no punch intended, but if it was, why copy no data then? Obviously something I don't understand for sure. However, here is something I didn't include in my previous email with all the stats and may be very interesting to know. I didn't think it was so important at the time, but if you talk about handling it properly, may be it might be relevant. The test were done with three servers. The file showing ~150MB in size was on www1. Then copying it to www2 with the -S switch in rsync regardless got it to ~5GB. Then copying the same file from www2 to www3 using the same rsync -S setup go that file back to the size it was on www1. So, why not in the www2 in that case. So, it the the OS, or is that the rsync. Was it handle properly or wasn't it? I am not sure. If it was, then the www2 file should not have been ~5GB should it? So the picture was www1-www2-www3 www1 cache DB show 150MB rsync -e ssh -aSuqz --delete /var/www/sites/ [EMAIL PROTECTED]:/var/www/sites www2 cache DB show ~5GB rsync -e ssh -aSuqz --delete /var/www/sites/ [EMAIL PROTECTED]:/var/www/sites www3 cache DB show ~150MB Why not 150Mb on www2??? One think that I haven't tried and regret not have done that not to know is just copying that file on www1 to a different name and then copying it again to it's original name and check the size at the and and the transfer of that file as well I without the -S switch to see if the OS did copy the empty data or not. I guess the question would be, should it, or shouldn't it do it? My own opinion right now is the file should show the size it really is. So, if it is 5GB and only 100MB is good on it, shouldn't it show it to be 5GB? I don't know, better mind then me sure have the answer to this one, right now, I do not for sure.
Re: df -h stats for same file systems display different result son AMD64 then on i386 (Source solved)
On Tue, Jan 17, 2006 at 05:49:24PM +0100, Otto Moerbeek wrote: On Tue, 17 Jan 2006, Joachim Schipper wrote: On Tue, Jan 17, 2006 at 02:15:57PM +0100, Otto Moerbeek wrote: You are wrong in thinking sparse files are a problem. Having sparse files quite a nifty feature, I would say. Are we talking about webazolver or OpenBSD? I'd argue that relying on the OS handling sparse files this way instead of handling your own log data in an efficient way *is* a problem, as evidenced by Daniels post. After all, it's reasonable to copy data to, say, a different drive and expect it to take about as much space as the original. Now that's a wrong assumption. A file is a row of bytes. The only thing I can assume is that if I write a byte at a certain position, I will get the same byte back when reading the file. Furthermoe, the file size (not the disk space used!) is the largest position written. If I assume anything more, I'm assuming too much. For an application, having sparse files is completely transparant. The application doesn't even know the difference. How the OS stores the file is up to the OS. Again, assuming a copy of a file takes up as much space as the original is wrong. On the other hand, I agree with you that handling sparse files efficiently is rather neat in an OS. Okay - I understand your logic, and yes, I do know about sparse files and how they are typically handled. And yes, you are right that there are very good reasons for handling sparse files this way. And yes, application are right to make use of this feature where applicable. However, in this case, it's a simple log file, and what the application did, while very much technically correct, clearly violated the principle of least astonishment, for no real reason I can see. Sure, trying to make efficient use of every single byte may not be very efficient - but just zeroing out the first five GB of the file is more than a little hackish, and not really necessary. Joachim
Re: df -h stats for same file systems display different result son AMD64 then on i386 (Source solved)
On Tue, Jan 17, 2006 at 02:36:44PM -0500, Daniel Ouellet wrote: [...] But having a file that is let say 1MB of valid data that grow very quickly to 4 and 6GB quickly and takes time to rsync between servers were in one instance fill the fill system and create other problem. (: I wouldn't call that a feature. As Otto noted, you've distinguish between file size (that's what stat(2) and friends report, and at the same time it's the number of bytes you can read sequentially from the file), and a file's disk usage. For more explanations, see the RATIONALE section at http://www.opengroup.org/onlinepubs/009695399/utilities/du.html (You may have to register, but it doesn't hurt) See also the reference to lseek(2) mentioned there. But at the same time, I wasn't using the -S switch in rsync, so my own stupidity there. However, why spend lots of time processing empty files I still don't understand that however. Please note that -S in rsync does not *guarantee* that source and destination files are *identical* in terms of holes or disk usage. For example: $ dd if=/dev/zero of=foo bs=1m count=42 $ rsync -S foo host: $ du foo $ ssh host du foo Got it? The local foo is *not* sparse (no holes), but the remote one has been optimized by rsync's -S switch. We recently had a very controverse (and flaming) discussion at our local UG on such optimizations (or heuristics, as in GNU cp). IMO, if they have to be explicitely enabled (like `-S' for rsync), that's o.k. The other direction (copy is *not* sparse by default) is exactly what I would expect. Telling wether a sequence of zeroes is a hole or just a (real) block of zeroes isn't possible in userland -- it's a filesystem implementation detail. To copy the *exact* contents of an existing filesystem including all holes to another disk (or system), you *have* to use filesystem-specific tools, such as dump(8) and restore(8). Period. I did research on google for sparse files and try to get more informations about it. In some cases I would assume like if you do round database type of stuff where you have a fix file that you write in at various place or something, would be good and useful, but a sparse file that keep growing over time uncontrol, I may be wrong, but I don't call that useful feature. Sparse files for databases on heavy load (many insertions and updates) ar the death of performance -- you'll get files with blocks spreaded all over your filesystem. OTH, *spare* databases such as quotas files (potentially large, but growing very slowly) are good candidates for sparse files. Ciao, Kili
Re: pf and FR tcp flags
On Tue, Jan 17, 2006 at 08:21:52PM +, Johan Linner wrote: Hi! We are running a pretty nice commercial firewall which obviously is based on a stripped version of OpenBSD and pf ;) (yes I know... we are planning on switching to our own OpenBSD installation as soon as possibly, still in the learning process though). Anyway we get alot of warnings about connections to a valid www server on the dmz like this: Jan 17 19:41:01 Denied incoming WAN 83.248.186.31162 192.168.78.6 80 TCP flags F, seq 0, size 0 ack 1 win 65535, no frags and this: Jan 17 19:39:26 Denied incoming WAN 85.112.166.15 11406 192.168.78.6 80 TCP flags R, seq 1305210837, size 0 ack 2803852444 win 0 Okay, these seem to be either scans or valid connections that were too late in closing - the first is a FIN packet, the second a RST packet. In either case, if there aren't too many, ignore them - zombies and misconfigured hosts litter the internet. If it happens too often, you may want to observe for a while with tcpdump, and try to discover if the issue is indeed valid connections timing out. If so, increase the timeout values in sysctl (I wouldn't know which off the top of my head, but it should be in the man page). The firewall might also be overloaded, in which case increasing the timeouts is likely to make it worse. In any case, though, dropping RST and FIN packets will, at worst, cause the hosts behind the firewall to keep sockets open for too long - which can be a performance hit, but will not cause lost connections or somesuch. With some detetctive work I think the firewall has the following pf.conf settings for allowing traffic to the www server (fake public ip address): binat on $EXTIF inet from 192.168.78.6 to any - 20.1.1.1 pass in quick on $EXTIF inet proto tcp from any to 192.178.78.6 port www flags S/SA modulate state I think scrub are used on the ext inferface So now to my question: is the above denied connections correct or should they be allowed to the www server, eg. using S/SAFR in the pass rule? They are probably correct. Due to 'keep state' (ok, 'modulate state' - but that's simply 'keep state' with some added features), traffic belonging to the original connection is automatically allowed. This should include the above FIN and RST packets. BTW, S/SAFR will allow packets that have SYN set, but not ACK, FIN or RST. This does not do what you think it does, I suppose. Joachim
Re: df -h stats for same file systems display different result son AMD64 then on i386 (Source solved)
Hi all, First let me start with my apology to some of you for having waisted your time! As much as this was/is interesting and puzzling to me and that I am trying obviously to get my hands around this issue and usage of sparse files, the big picture of it, is obviously something missing in my understanding at this time. I am doing more research on my own, so lets kill this tread and sorry to have waisted any of your time with my lack of understanding of this aspect! I am not trying to be a fucking idiot on the list, but it's obvious that I don't understand this at this time. So, lets drop it and I will continue my homework! Big thanks to all that try to help me as well! Daniel
Re: pf and FR tcp flags
pass in quick on $EXTIF inet proto tcp from any to 192.178.78.6 port www flags S/SA modulate state I think scrub are used on the ext inferface Check to see if you use scrub or not then that would answer your question below. So now to my question: is the above denied connections correct or should they be allowed to the www server, eg. using S/SAFR in the pass rule? While this is practical and safe, it is also unnecessary to check the FIN and RST flags if traffic is also being scrubbed. From FAQ. Daniel
Apache + PHP + FreeTDS
Hello, I am trying to connect to a Microsoft SQL Server with an Apache+PHP but always get an error. This are the packages on my system (OpenBSD 3.7). Only this 3 packages (it's a new box) freetds-0.62.4p0project to document and implement the TDS protocol libiconv-1.9.2 character set conversion library libxml-2.6.16p0 XML parsing library I have download PHP 5.1.2 and compile with this commands: # cd /tmp # ftp url_to_php/php-5.1.2.tar.gz # tar -xvzf php-5.1.2.tar.gz # ./configure --with-apxs=/usr/sbin/apxs --with-mssql # make # make install # vi /var/www/conf/httpd.conf I add: LoadModule php5_module/usr/lib/apache/modules/libphp5.so AddType application/x-httpd-php .php # apachectl start put phpinfo.php file in /var/www/htdocs/ this is the result of mssql section: mssql MSSQL Support enabled Active Persistent Links 0 Active Links 0 Library version FreeTDS Directive Local Value Master Value mssql.allow_persistent On On mssql.batchsize 0 0 mssql.charset no value no value mssql.compatability_mode Off Off mssql.connect_timeout 5 5 mssql.datetimeconvert On On mssql.max_links Unlimited Unlimited mssql.max_persistent Unlimited Unlimited mssql.max_procs Unlimited Unlimited mssql.min_error_severity 10 10 mssql.min_message_severity 10 10 mssql.secure_connection Off Off mssql.textlimit Server default Server default mssql.textsize Server default Server default mssql.timeout 60 60 but when I try to connect to the SQL server with a simple command ? $conectID = mssql_connect(192.168.81.52:1433,user,password); ? the response is: Warning: mssql_connect() [function.mssql-connect]: Unable to connect to server: 192.168.81.52:1433 in /htdocs/index2.php on line 2 Ping and telnet works fine. # ping 192.168.81.52 # telnet 192.168.81.52 1433. Also I can connect executing '# tsql -H 192.168.81.52 -p 1433 -U user' But from the script PHP it doesn't work. Apache is chrooted (by default in OBSD). But if I download Apache and compile Apache2, then compile PHP (and leave Apache not chrooted) the script works fine... My question: I have to do something with chroot and FreeTDS? (I don't know what to do). Or this is a known problem of Apache 1.3.29? (I don't find anything in google about a problem) and Apache can't be chrooted? Thanks in advance. Helio.
openbsd newbie question - lfs, ffs, and cf cards
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi folks,
I'm working on a embedded project and have been cycling through some
tradeoffs wrt using cf cards as disks.
I know these devices support wear-leveling, but I'm not sure how this
could work well without knowledge about the filesystem wrt what is a
free block and what is an 'in-use' block. I suppose the algorithm could
keep track of how many times a block has been written to, and remap with
less used block - maybe using some kind of priority queue data structure
to keep that process relatively efficient.
At least I'm *hoping* that the cf device's wear levelling algo isn't
dependent on using a FAT filesystem or some other horrible hack :(
So that's my primary concern. Toshiba devices are typically good for
1 multi-cell write/erase cycles (see Kingston website). I'm thinking
if wear levelling works that means that doubling the device size
I use means effectively doubling the device's lifespan. Obviously I'd
like the device I'm working on to last forever, but 7 years is a good
engineering number to use I think. :)
Now, on to filesystems. :) I have a FreeBSD/DragonFly background ('bout
12 years) and am relatively new (6 months) to OpenBSD.
Wrt LFS .. is it production ready? I know it's seriously bitrotted on
Free/DragonFly.
And finally one last question that applies to both FFS and LFS - file
access/creation/modification metadata updates. Specifically I'm thinking
of atime's. Is there any way to switch off atime updates ? They don't
add much value for me, and I'm worried they might unduly age my flash. :)
Long term I'm planning to run my root fs out of RAM and minimize flash
writes, but I'm a bit time-limited on this project and if I could get
away with treating a CF card as though it were a regular disk it would
simplify my life in more than one way. :)
Thanks for any help, advice, and even justified abuse (hehe if you think
I'm being an idiot and/or missing something obvious) you can provide would
be greatly appreciated.
Cheers,
Andrew.
- -BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2 (FreeBSD)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFDzV9n8It2CaCdeMwRAruQAJ0TksxIT8O3ThiKMuSgUdgD0gDTZgCeJhZi
eh1rCVmU1xR3h7YVuo8C+Ds=
=UO+m
- -END PGP SIGNATURE-
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFDzWxj8It2CaCdeMwRAoNcAJ98+QpDPOKVtIxY1lsBBhaKnoX2jACffzkL
cwEpIni+R+MCrAJKTj8cZXY=
=Xw2o
-END PGP SIGNATURE-
Re: Apache + PHP + FreeTDS
At 10:55 PM 1/17/2006 +, Helio Santana wrote: Hello, I am trying to connect to a Microsoft SQL Server with an Apache+PHP but always get an error. This are the packages on my system (OpenBSD 3.7). Only this 3 packages (it's a new box) freetds-0.62.4p0project to document and implement the TDS protocol libiconv-1.9.2 character set conversion library libxml-2.6.16p0 XML parsing library My question: I have to do something with chroot and FreeTDS? (I don't know what to do). Or this is a known problem of Apache 1.3.29? (I don't find anything in google about a problem) and Apache can't be chrooted? Don't have any specific info, .. but, in general, to use chroot'd Apache all of the files needed must be located IN the chroot. For example, if you need /bin/sh, there must be a copy in /var/www/bin/sh (assuming /var/www is your chroot). I would wager the files do NOT install inside the chroot, so copying them there should fix teh problem. Lee
Re: openbsd newbie question - lfs, ffs, and cf cards
Andrew Atrens wrote: ... And finally one last question that applies to both FFS and LFS - file access/creation/modification metadata updates. Specifically I'm thinking of atime's. Is there any way to switch off atime updates ? They don't add much value for me, and I'm worried they might unduly age my flash. :) man mount look for noatime
Re: openbsd newbie question - lfs, ffs, and cf cards
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Alexander Hall wrote: Andrew Atrens wrote: ... And finally one last question that applies to both FFS and LFS - file access/creation/modification metadata updates. Specifically I'm thinking of atime's. Is there any way to switch off atime updates ? They don't add much value for me, and I'm worried they might unduly age my flash. :) man mount look for noatime Got it, thanks :) Interesting I hadn't considered it before, huh, I wonder why it isn't the default, historical reasons I suppose. Andrew Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDzYEP8It2CaCdeMwRAoONAJ9+1I/3s8v9oGM2unyqKVX23+yGXACgmxrS xWb7jF1hmm6ZiYhURH083fo= =v4r7 -END PGP SIGNATURE-
Re: openbsd newbie question - lfs, ffs, and cf cards
On 1/17/06, Andrew Atrens [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [a little paranoid, are we?] Wrt LFS .. is it production ready? no, it's a disaster.
Re: ral0 bugs on openbsd 3.8 i386?
Hi, You can download the last rt driver and compile it. You can find it on the cvs at sys/dev/ic/rt2560.* (According to Damien Bergamini advices on his forum (http://damien.bergamini.free.fr)) Good luck On 1/16/06, Theo de Raadt [EMAIL PROTECTED] wrote: Hey guys, I'm having problem with ral0 running in hostap mode on my openbsd box (i386, running 3.8-stable). By running -stable, this is a choice you make. That choice is: Do I want to track fixes made as they head to the next release or Do I want only 10-20 super-important fixes over a 6 month period You chose the latter. Therefore even though there have been about 40 commits to the ral driver, those will *NEVER* make it into -stable and therefore, you are hosed by your own choice.
Re: how many transactions for second can i have?
i don't know which hardware will we use, and definitly i'm talking about TCP packetes. do you know how can i obtain yield statistics, what software can i use?, or somewhere there this kind of analysis. thanks 2006/1/17, Joachim Schipper [EMAIL PROTECTED]: On Tue, Jan 17, 2006 at 10:27:13AM -0600, Vmctor Gonzalez Salcedo wrote: hello boys: i need to now how many transactions for second can i have with a fw redundant using CARP, in the other hand i would like to now where i can find information or statis about speed of this kind of transactions Are we talking packets here? Or SQL transactions? Or online banking transactions? Or ...? What hardware are you using? CARP is rather quick, but that does not mean that the unCARPed firewall need not be beefy enough to handle the load. Joachim
Re: question related to Ethereal 10.14 port
OK try the http://www.linbsd.org/ethereal.tgz I fixed it so it's not fatal. It appears that setgroup() is failing, I think this is due to some default setuid() that might be called. Let me know how it works. -Ober On Tue, 17 Jan 2006, Eichert, Diana wrote: Date: Tue, 17 Jan 2006 17:28:05 -0700 From: Eichert, Diana [EMAIL PROTECTED] To: ober [EMAIL PROTECTED] Subject: RE: question related to Ethereal 10.14 port 3.8, running as root. diana -Original Message- From: ober [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 17, 2006 5:24 PM To: Eichert, Diana Subject: RE: question related to Ethereal 10.14 port Which version are you using? 3.7? 3.8? Also I assume you are launching it as root. It works for me on current, but let me try fixing it to be more verbose as the error could be any of multiple things. -Ober On Tue, 17 Jan 2006, Eichert, Diana wrote: Date: Tue, 17 Jan 2006 17:12:17 -0700 From: Eichert, Diana [EMAIL PROTECTED] To: ober [EMAIL PROTECTED] Subject: RE: question related to Ethereal 10.14 port Is priv sep working for tethereal? I tried using it from the 10.14 port you created # tethereal -n -q -z conv,ip Capturing on sis0 can't drop privileges# --- WITH THIS ERROR diana -Original Message- From: ober [mailto:[EMAIL PROTECTED] Sent: Monday, January 09, 2006 2:55 PM To: Eichert, Diana Subject: RE: question related to Ethereal 10.14 port Working on it. :D -Ober
Re: Openbsd 3.8, sun ultra 30, install problems
Huh? CDROMs are just about the only devices out there that don't use 512. By default CDROMs use 2048 as the sector size. I can't say this for sure about these machines but I would be very surprised to see something like this. Is this a sun thing? On Mon, Jan 16, 2006 at 11:54:51PM +, Sevan / Venture37 wrote: check the jumper settings on the CDROM, you need it set to 512byte sectors, other wise it wont work, if there are no jumper settings for it on the drive then its not compatible with your system. Sevan
Re: Openbsd 3.8, sun ultra 30, install problems
Huh? CDROMs are just about the only devices out there that don't use 512. By default CDROMs use 2048 as the sector size. I can't say this for sure about these machines but I would be very surprised to see something like this. Is this a sun thing? No. Almost all early Unix cdrom drives did this because the system boot roms wered limited to dealing with 512 byte blocks. Sun, SGI, HP at least. So the vendors changed the cdroms rather than change the boot roms in the existing machines. Some early cdrom vendors conviently put jumper pads on the drive so you could fix it one way or another; later other vendors had code which tried to guess what the system wanted. To the vendors it was easier. In time, things became more adaptable. I am sure that google would have told you this same history.
Need advice about VPN
I need some advices about VPN. We have 2 offices, each is connected via ADSL to the Internet with a dynamic IP. One office uses OpenBSD as the firewall and the other uses the firewall functions of the ADSL modem. That can be changed so that both offices use OpenBSD for firewalls. We have full access to the firewalls at the 2 offices. And we also have 2 servers with static IPs. They are hosted (colo) by a hosting company in an other country. We have no idea what sort of firewall the hosting company is using. We need to have VPN between the 2 offices and optionally with the hosting servers. All the PCs in 2 offices need to see each other. Should we use IPSec or use OpenVPN? Any pros and cons b/w the 2 ways for our environments? Thanks, Zoong
Re: ipv6 tentative address generation
On Tuesday 17 January 2006 07:21, Ray Lai wrote: On Tue, Jan 17, 2006 at 01:11:29AM -0600, Travers Buda wrote: Ipv6 allows for stateless configuration of a interface. The IEEE (aka MAC or hardware address) is generally used to generate tentative addresses which commonly end up being the assigned address provided stateful addressing does not exist on the network (such as DHCP.) This is the case in OpenBSD's import of KAME. Since the same method to generate an IP is used over an over (the host has an unchanging, persistant address,) the traffic generated and recieved by hosts would be open to many forms of analysis not necessairly confined to the computing world. For example, when some is at home, at work; what they access could be more easily tied to them (and the hardware they use,) decreasing anonymity. The problem and solution are outlined in RFC 3041. http://www.ietf.org/rfc/rfc3041.txt The solution is to use random data to generate ipv6 stateless addresses. Trying to be productive and not an asshole, Is there a question? If you wish to generate random ipv6 stateless addresses, ``jot -rs: -w%.2x 6 0 255'' and ifconfig(8) work. -Ray- I'm suggesting it as the default behavior. Ya' know, secure by default. Travers Buda
Re: PF config for exchange
More to follow as I need to get access and clean up these files.. the PF rule base is approx 11 pages, the ISAKMPD file is just huge with 200 tunnels being created. As a prior poster said, posting sanitized pf.conf (and isakmpd.conf) files is going to be a necessity for anyone to take a real shot at helping debug things--particularly given that there are FIVE NICs in your config. My suspicion is that it's one of the Microsoft Exchange-specific TCP mail ports (I think there are two, if memory serves) that need to be opened up, but without seeing pf.conf, we're only guessing. Best, Kevin -- http://www.ebiinc.com : background screening from EBI Employment background investigations worldwide.
