Re: hardware: Sun x2100 test results
On 2/22/06, Jonathan Gray [EMAIL PROTECTED] wrote: 2) nfe(4) shows a constant 100/interrupts a seconds without having a link; only configured with ifconfig nfe0 127.0.0.1 255.0.0.0; it also has the same interrupt rate when configured normally This should be fixed in -current by damien. Indeed. Just tried with if_nfe.c (r1.47). 0 interrupts/seconds without activity. Also, under the stress test, systat vmstat shows around 55% system idle (r1.47). Previously, it was 0% (r1.45). 3) nfe(4) stops responding during stress-testing with netperf This also possibly. Still happens. Settings the receiver (nfe0) socket buffer size to 256K rendered x2100/nfe0 useless. Still, only a reboot helps. This happened before (r.1.45) with socket buffer of 128K; now, it's just pushed a bit further.
Re: Intel SRCS16 RAID Controller Card
Hi! Some days ago i asked about similar RAID controller. Also i asked to intel, they said that in SCSI RAID controllers they uses LSI chips. SRCU42L is suported. Sevan / Venture37 wrote: Hi Guys Can anyone confirm if the Intel SRCS16 controller is compatible with OpenBSD, It seems from the freebsd amr (4) man page that this is a MegaRAID controller. Sevan
Intel SRCS16 RAID Controller Card
[EMAIL PROTECTED] wrote: Hi Guys Can anyone confirm if the Intel SRCS16 controller is compatible with OpenBSD, It seems from the freebsd amr (4) man page that this is a MegaRAID controller. Sevan DO YOU SEE these controllers MegaRAID SCSI 320-1E MegaRAID SCSI 320-2E MegaRAID SCSI 320-4E MegaRAID SCSI 320-0X MegaRAID SCSI 320-2X MegaRAID SCSI 320-4X MegaRAID SATA 300-4X MegaRAID SATA 300-8X MegaRAID SATA 150-4 MegaRAID SATA 150-6 ... Intel RAID Controller SRCS16 Intel RAID Controller SRCU42X listed on http://www.FreeBSD.org/cgi/man.cgi?query=amrapropos=0sektion=0manpath=FreeBSD+6.0-RELEASE+and+Portsformat=html ? DO YOU SEE these controllers - LSI/AMI/Symbios MegaRAID, MegaRAID 320, MegaRAID 320-1, MegaRAID 320-2E, MegaRAID i4, 523 SATA, MegaRAID 150-4, MegaRAID 150-6, MegaRAID 300-8x listed on http://www.openbsd.org/cgi-bin/man.cgi?query=amiapropos=0sektion=0manpath=OpenBSD+Currentarch=i386format=html ? DAMN! DO YOU SEE similarities? i think the answer is: yes, SRCS16 is LSI-based and ami(4) on OpenBSD. the only possible cons is: SRCS16 device/vendor id MAYBE unknown for OpenBSD's ami(4) driver. if so, see here http://www.openbsd.org/cgi-bin/cvsweb.cgi/src/sys/dev/pci/ami_pci.c.diff?r1=1.25r2=1.26f=h how to add unknown controller model to ami(4).
Re: Intel SRCU42L
browse archives: any information about any LSI-based controller would apply to your SRCU42 as it is LSI by nature. edgarz wrote: Thanks Alexey :) Maybe you have expirience with this controller? I'm interested in performance of this model :) Alexey E. Suslikov wrote: [EMAIL PROTECTED] wrote: Hello Stuart, Thanks for your reply. Yes i was looking on DELL servers too, but here is one BUT :) DELL server i must buy from shop, but other servers i can get from starage, difference in prices is about 15-20% :) But i will look for separate PERC RAID controller :) And btw, are they comaptible with any manufacturers server, or only with DELL? I didn't see that posts about intel RAID controllers, sounds good for me. :) Thanks :) If you read http://marc.theaimsgroup.com/?l=openbsd-miscw=2r=1s=srcu42lq=b Diego says SRCU42L works ok for him. But I think that you should continue to look for an LSI card if you can - bioctl is useful. Intel SRCU42L is just a rebagged LSI card, so SRCU42X is ami(4). http://www.openbsd.org/cgi-bin/cvsweb.cgi/src/sys/dev/pci/ami_pci.c.diff?r1=1.25r2=1.26f=h
IPsec NAT
Hello,
I was recently asked to setup a VPN tunnel, where I was told to use a
Local-ID other than my internal net, as that was already in use at the peer.
I saw some discussions on the list regarding this, where a solution was
given along the lines of set up isakmpd with the requested net, then
use ipsecadm to add your internal net as well, then nat on enc0.
That did not work, as that new SA added with ipsecadm is negotiated with
the peer as well, who rejects it (of course).
As solving this was non-obvious to me, I'll just share my solution for
anyone else having the same problem.
My solution was to add a loopback interface with an ip on the net I was
requested to use for the SA, then route the remote network to that loX
interface and last add a nat for traffic to that net on loX.
The setup:
My internal net (A.A.A/24)
|
|
My gw
|
|
{ inet }
|
|
Remote gw
|
|
Their internal net I wish to access (B.B.B/24)
I am told by the remote guys to set up the VPN with an IPsec-connection
configured with a Local-ID that is the network C.C.C/24 to their
B.B.B/24 network.
Set up isakmpd as requested, the IPsec-connection part like this
[VPN-conn]
Local-ID= internal-net
Remote-ID= remote-net
...
[internal-net]
ID-type= IPV4_ADDR_SUBNET
Network= C.C.C.0
Netmask= 255.255.255.0
[remote-net]
ID-type= IPV4_ADDR_SUBNET
Network= B.B.B.0
Netmask= 255.255.255.0
Add a loopback interface, with an IP on the net I was asked to use
$ ifconfig lo1 create
$ ifconfig lo1 inet C.C.C.1 netmask 255.255.255.0 link1
Route traffic to their remote net on that interface
$ route add -net B.B.B -interface C.C.C.1
In pf.conf add a nat:
nat on lo1 proto {tcp, udp, icmp} from !C.C.C.1 to B.B.B/24 - C.C.C.1
Start isakmpd, and now it works!
http://www.papamike.ca/tutorials/pub/obsd_ipsec.html#openbsd
http://www.papamike.ca/tutorials/pub/obsd_ipsec.html#openbsd
LSI MEGARAID 150-4 bioctl/dmesg
this bioctl/dmesg were dumped from box using cheap LSI MEGARAID 150-4 (4-port Serial ATA RAID controller). it is ami(4) too. $ sudo bioctl ami0 Password: Volume Status Size Device ami0 0 Online 240063086592 sd0 RAID5 0 Online80021028864 0:0.0 noencl SAMSUNG HD080HJ ZH10 1 Online80021028864 0:1.0 noencl SAMSUNG HD080HJ ZH10 2 Online80021028864 0:2.0 noencl SAMSUNG HD080HJ ZH10 3 Online80021028864 0:3.0 noencl SAMSUNG HD080HJ ZH10 $ dmesg OpenBSD 3.8-stable (GENERIC) #1: Sat Jan 14 17:40:45 EET 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel(R) Pentium(R) 4 CPU 3.00GHz (GenuineIntel 686-class) 3 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,EST,CNXT-ID cpu0: Enhanced SpeedStep 1500 MHz (1420 mV): unknown EST cpu, no changes possible real mem = 2137497600 (2087400K) avail mem = 1944379392 (1898808K) using 4278 buffers containing 106979328 bytes (104472K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(d6) BIOS, date 10/07/05, BIOS32 rev. 0 @ 0xfa000 apm0 at bios0: Power Management spec V1.2 apm0: AC on, battery charge unknown apm0: flags 70102 dobusy 1 doidle 1 pcibios0 at bios0: rev 3.0 @ 0xf/0xcb84 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfca20/336 (19 entries) pcibios0: PCI Exclusive IRQs: 5 9 10 12 pcibios0: no compatible PCI ICU found: ICU vendor 0x8086 product 0x2640 pcibios0: Warning, unable to fix up PCI interrupt routing pcibios0: PCI bus #5 is the last bus bios0: ROM list: 0xc/0x9400! 0xcc000/0x2200 cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 Intel E7221 MCH Host rev 0x05 ppb0 at pci0 dev 1 function 0 Intel E7221 PCIE rev 0x05 pci1 at ppb0 bus 1 ppb1 at pci1 dev 0 function 0 Intel PCIE-PCIE rev 0x09 pci2 at ppb1 bus 2 ami0 at pci2 dev 1 function 0 Symbios Logic MegaRAID rev 0x01: irq 12 LSI 523 64b/lhc ami0: FW 713N, BIOS vG119, 64MB RAM ami0: 1 channels, 0 FC loops, 1 logical drives scsibus0 at ami0: 40 targets sd0 at scsibus0 targ 0 lun 0: AMI, Host drive #00, SCSI2 0/direct fixed sd0: 228942MB, 29186 cyl, 255 head, 63 sec, 512 bytes/sec, 468873216 sec total scsibus1 at ami0: 16 targets vendor Intel, unknown product 0x0326 (class system subclass interrupt, rev 0x09) at pci1 dev 0 function 1 not configured vga1 at pci0 dev 2 function 0 Intel E7221 Video rev 0x05: aperture at 0xd050, size 0x800 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) ppb2 at pci0 dev 28 function 0 Intel 82801FB PCIE rev 0x03 pci3 at ppb2 bus 3 bge0 at pci3 dev 0 function 0 Broadcom BCM5721 rev 0x11, BCM5750 B1 (0x4101): irq 12 address 00:30:48:86:01:00 brgphy0 at bge0 phy 1: BCM5750 10/100/1000baseT PHY, rev. 0 ppb3 at pci0 dev 28 function 1 Intel 82801FB PCIE rev 0x03 pci4 at ppb3 bus 4 bge1 at pci4 dev 0 function 0 Broadcom BCM5721 rev 0x11, BCM5750 B1 (0x4101): irq 5 address 00:30:48:86:01:01 brgphy1 at bge1 phy 1: BCM5750 10/100/1000baseT PHY, rev. 0 uhci0 at pci0 dev 29 function 0 Intel 82801FB USB rev 0x03: irq 9 usb0 at uhci0: USB revision 1.0 uhub0 at usb0 uhub0: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered uhci1 at pci0 dev 29 function 1 Intel 82801FB USB rev 0x03: irq 10 usb1 at uhci1: USB revision 1.0 uhub1 at usb1 uhub1: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub1: 2 ports with 2 removable, self powered uhci2 at pci0 dev 29 function 2 Intel 82801FB USB rev 0x03: irq 10 usb2 at uhci2: USB revision 1.0 uhub2 at usb2 uhub2: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub2: 2 ports with 2 removable, self powered uhci3 at pci0 dev 29 function 3 Intel 82801FB USB rev 0x03: irq 12 usb3 at uhci3: USB revision 1.0 uhub3 at usb3 uhub3: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub3: 2 ports with 2 removable, self powered ehci0 at pci0 dev 29 function 7 Intel 82801FB USB rev 0x03: irq 9 usb4 at ehci0: USB revision 2.0 uhub4 at usb4 uhub4: Intel EHCI root hub, rev 2.00/1.00, addr 1 uhub4: 8 ports with 8 removable, self powered ppb4 at pci0 dev 30 function 0 Intel 82801BA AGP rev 0xd3 pci5 at ppb4 bus 5 ichpcib0 at pci0 dev 31 function 0 Intel 82801FB LPC rev 0x03: PM disabled pciide0 at pci0 dev 31 function 1 Intel 82801FB IDE rev 0x03: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility atapiscsi0 at pciide0 channel 0 drive 0 scsibus2 at atapiscsi0: 2 targets cd0 at scsibus2 targ 0 lun 0: TEAC, CD-224E, 1.9A SCSI0 5/cdrom removable cd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2 pciide0: channel 1 disabled (no drives) pciide1 at pci0 dev 31 function 2 Intel 82801FR SATA rev 0x03: DMA, channel 0 configured to native-PCI, channel 1 configured to native-PCI pciide1: using irq 10 for native-PCI interrupt Intel 82801FB SMBus rev 0x03 at
dns caching server error
Hi A simple question. How to enable dns server to only make dns cache service to my LAN ? I running OpenBSD 3.7 and with: named_flags= in rc.conf.local but I have this output : server1# dig @127.0.0.1 yahoo.com ; DiG 9.3.0 @127.0.0.1 yahoo.com ;; global options: printcmd ;; connection timed out; no servers could be reached server1# I not using pf. Thanks for any help. roberto -- Ing. Roberto Pereyra ContenidosOnline Servidores BSD, Solaris y Linux Soporte ticnico ISPs Jabber ID: [EMAIL PROTECTED] For reliable and professional DNS, use DNS Made Easy! http://www.dnsmadeeasy.com/u/14989
Re: dns caching server error
Yes, this is my resolv.conf: lookup file bind nameserver 127.0.0.1 roberto 2006/2/23, Timo Schoeler [EMAIL PROTECTED]: thus Roberto Pereyra spake: Hi A simple question. How to enable dns server to only make dns cache service to my LAN ? I running OpenBSD 3.7 and with: named_flags= in rc.conf.local but I have this output : server1# dig @127.0.0.1 yahoo.com ; DiG 9.3.0 @127.0.0.1 yahoo.com ;; global options: printcmd ;; connection timed out; no servers could be reached server1# have you put 'nameserver 127.0.0.1' in your /etc/resolv.conf? I not using pf. Thanks for any help. roberto -- Ing. Roberto Pereyra ContenidosOnline Servidores BSD, Solaris y Linux Soporte ticnico ISPs Jabber ID: [EMAIL PROTECTED] For reliable and professional DNS, use DNS Made Easy! http://www.dnsmadeeasy.com/u/14989 HTH, -- Timo Schoeler | http://riscworks.net/~tis | [EMAIL PROTECTED] RISCworks -- Perfection is a powerful message ISP | POWER PowerPC afficinados | Networking, Security BSD services GPG Key fingerprint = B5F6 68A4 EC45 C309 6770 38C4 50E8 2740 9E0C F20A There are 10 types of people in the world. Those who understand binary and those who don't. -- Ing. Roberto Pereyra ContenidosOnline Servidores BSD, Solaris y Linux Soporte ticnico ISPs Jabber ID: [EMAIL PROTECTED] For reliable and professional DNS, use DNS Made Easy! http://www.dnsmadeeasy.com/u/14989
Re: Intel SRCU42L
We have a couple of PCs with Intel SRCU42L that are recognised as gdt0 with OpenBSD AMD64 3.8 GENERIC. And they work perfectly. Here it is the relevant part of the dmsg: gdt0 at pci0 dev 13 function 0 Intel GDT RAID rev 0x00: irq 5 dpmem eff0 2-bus 1 cache device gdt0: ver 222, cache on, strategy 2, writeback on, blksz 32 gdt0: raw feat 1 cache feat 101 scsibus0 at gdt0: 35 targets sd0 at scsibus0 targ 0 lun 0: ICP, Host drive #00, SCSI2 0/direct fixed sd0: 139941MB, 17840 cyl, 255 head, 63 sec, 512 bytes/sec, 286599600 sec total scsibus1 at gdt0: 16 targets scsibus2 at gdt0: 16 targets Bye. Alexey E. Suslikov wrote: browse archives: any information about any LSI-based controller would apply to your SRCU42 as it is LSI by nature. edgarz wrote: Thanks Alexey :) Maybe you have expirience with this controller? I'm interested in performance of this model :) Alexey E. Suslikov wrote: [EMAIL PROTECTED] wrote: Hello Stuart, Thanks for your reply. Yes i was looking on DELL servers too, but here is one BUT :) DELL server i must buy from shop, but other servers i can get from starage, difference in prices is about 15-20% :) But i will look for separate PERC RAID controller :) And btw, are they comaptible with any manufacturers server, or only with DELL? I didn't see that posts about intel RAID controllers, sounds good for me. :) Thanks :) If you read http://marc.theaimsgroup.com/?l=openbsd-miscw=2r=1s=srcu42lq=b Diego says SRCU42L works ok for him. But I think that you should continue to look for an LSI card if you can - bioctl is useful. Intel SRCU42L is just a rebagged LSI card, so SRCU42X is ami(4). http://www.openbsd.org/cgi-bin/cvsweb.cgi/src/sys/dev/pci/ami_pci.c.diff?r1=1.25r2=1.26f=h -- ___ __ |- [EMAIL PROTECTED] |ederico Giannici http://www.neomedia.it ___
Re: Intel SRCU42L
waa-haa-haa! :)) looks like Intel does it's job well: sales different cards based on different vendors' chipsets under the same brand. anyway, gdt(4) is supported too. with minus of bioctl. my dmesg for SRCU42X can be found here http://marc.theaimsgroup.com/?l=openbsd-techm=111667421201209w=2 so one can just look briefly on chip: GC80302 found on SRCU42X is LSI and will be ami(4). Federico, what chip is on your SRCU42L? Federico Giannici wrote: We have a couple of PCs with Intel SRCU42L that are recognised as gdt0 with OpenBSD AMD64 3.8 GENERIC. And they work perfectly. Here it is the relevant part of the dmsg: gdt0 at pci0 dev 13 function 0 Intel GDT RAID rev 0x00: irq 5 dpmem eff0 2-bus 1 cache device gdt0: ver 222, cache on, strategy 2, writeback on, blksz 32 gdt0: raw feat 1 cache feat 101 scsibus0 at gdt0: 35 targets sd0 at scsibus0 targ 0 lun 0: ICP, Host drive #00, SCSI2 0/direct fixed sd0: 139941MB, 17840 cyl, 255 head, 63 sec, 512 bytes/sec, 286599600 sec total scsibus1 at gdt0: 16 targets scsibus2 at gdt0: 16 targets Bye. Alexey E. Suslikov wrote: browse archives: any information about any LSI-based controller would apply to your SRCU42 as it is LSI by nature. edgarz wrote: Thanks Alexey :) Maybe you have expirience with this controller? I'm interested in performance of this model :) Alexey E. Suslikov wrote: [EMAIL PROTECTED] wrote: Hello Stuart, Thanks for your reply. Yes i was looking on DELL servers too, but here is one BUT :) DELL server i must buy from shop, but other servers i can get from starage, difference in prices is about 15-20% :) But i will look for separate PERC RAID controller :) And btw, are they comaptible with any manufacturers server, or only with DELL? I didn't see that posts about intel RAID controllers, sounds good for me. :) Thanks :) If you read http://marc.theaimsgroup.com/?l=openbsd-miscw=2r=1s=srcu42lq=b Diego says SRCU42L works ok for him. But I think that you should continue to look for an LSI card if you can - bioctl is useful. Intel SRCU42L is just a rebagged LSI card, so SRCU42X is ami(4). http://www.openbsd.org/cgi-bin/cvsweb.cgi/src/sys/dev/pci/ami_pci.c.diff?r1=1.25r2=1.26f=h
Newsletter della 9� settimana 2006
[IMAGE] [IMAGE] Borghi Toscani | E - mail | Registrati | Inserisci un locale | Meteo | News [IMAGE] NUOVI INSERIMENTI Newsletter della 9B0 settimana 2006 LINK CONSIGLIATI Le Coste LAST MINUTE IN TOSCANA OFFERTE SOGGIORNI IN TOSCANA OFFERTE LAST MINUTE FIRENZE Last Minute Abetone Offerte Abetone News, eventi e manifestazioni in Toscana questa settimana Data Evento Tipologia 22/02/2006 Gentile da Fabriano FIRENZE (Mostre) 22/02/2006 Dal Romanticismo al risorgimento BAGNO A RIPOLI (Mostre) 22/02/2006 Anteprima del Chianti Classico 2005 FIRENZE (Mostre) 23/02/2006 Trofeo Sanpaolo PULICCHIO (Gare) 24/02/2006 Cioccolando 2006 LIVORNO (Sagre e Fiere) 25/02/2006 Padule di Fucecchio Visita (Escursioni) 25/02/2006 Trofeo Ciatti ABETONE (Gare) 25/02/2006 Pinocchio sugli Sci PULICCHIO (Gare) 25/02/2006 Stracult PIETRASANTA (Teatro) 25/02/2006 Pupi di Stac BAGNO A RIPOLI (Teatro) 26/02/2006 Carnevale di Vinci (Feste Paesane) 26/02/2006 Carnevale foianese FOIANO DELLA CHIANA (Folklore) 26/02/2006 Carnevale del Mare SAN VINCENZO (Folklore) 26/02/2006 Pinocchio sugli Sci PULICCHIO (Gare) 26/02/2006 La domenica del tarlo SANSEPOLCRO (Mercatini) 27/02/2006 Siena Roma SIENA (Mostre) 28/02/2006 Corso di Degustazione di Vini BAGNO A RIPOLI (Mostre) 02/03/2006 Il frantoio centro arti formative FUCECCHIO (Mostre) 03/03/2006 QuotidianitC la fotografia di Walter Viaggi CASCINA (Mostre) 03/03/2006 The New Landscape la pittura di Pierbellini CASCINA (Mostre) escursioni toscana CARNEVALE VIAREGGIO 2006 CIOCCOLANDO 2006 Settembre luccheseViareggio C( una cittC nota ai piC9 per le sue spiagge ed il suo mare, durante l'estate, ed il fastoso carnevale nel periodo invernale. Il Carnevale di Viareggio ha ben 133 anni di storia ed C( sicuramente la piC9 nota manifestazione in Italia. Il Carnevale 2006, in programma dal 12 Carnevale Viareggio 2006 Settembre luccheseCioccolando 2006, a Livorno 3 giorni di dolci golositC Cioccolando, la fiera del cioccolato artigianale, torna a Livorno per regalare tre giorni di emozioni intense e dolcissime. Dopo il successo della prima edizione che ha richiamato piC9 di 8000 visitatori, l'agenzia SpazioEventi, propone Cioccolando 2006 Raccolta delle informazioni e Registrazione ai servizi Piramedia srl, in qualitC di titolare del trattamento, Ti informa che i dati personali che ci avrai fornito, volontariamente o automaticamente attraverso i nostri portali, saranno trattati, con il tuo consenso allo scopo di trasmetterti i servizi da te richiesti. In particolare ti verranno inviate tramite posta elettronica o sms, informative o offerte a carattere commerciale o pubblicitario, inerenti al Turismo. Ti verranno inviate inoltre comunicazioni circa modifiche, miglioramenti, o cambiamenti dei servizi da noi proposti. In coda ad ognuno di questi messaggi sarC sempre presente il modo perchC) tu possa rimuovere i tuoi dati dal nostro archivio. Piramedia srl, non raccoglierC in nessun modo dati ritenuti sensibili e si impegna a non utilizzare i tuoi dati, o cederli a terzi, per finalitC che siano diverse da quelle qui sopra elencate. Formula di acquisizione del consenso dell'interessato. Il/la sottoscritto/a, acquisite le informazioni fornite dal titolare del trattamento ai sensi dell'articolo 13 del D.Lgs. 196/2003, l'interessato: - presta il suo consenso al trattamento dei dati personali per i fini indicati nella suddetta informativa. - presta il suo consenso per la comunicazione dei dati personali per le finalitC ed ai soggetti indicati nell'informativa. - presta il suo consenso per la diffusione dei dati personali per le finalitC e nell'ambito indicato nell'informativa. DISDETTA Se non vuoi piC9 ricevere l'edizione gratuita di BorghiToscani.com clicca su questo link: disdetta Vecoli Cottage Vecoli Tenuta il Cicalino Tenuta il Cicalino Centro Velico Naregno Centro Velico Naregno Tirrenia Ferries Tirrenia Ferries Hotel Le Acacie Hotel Le Acacie Hotel Tornese Hotel Tornese Mediterranea BB Da Anna Il Giardinetto Immob. Massarosa Bel Soggiorno Villa Jessica Il Belvedere Podere tre Cipressi Tenuta Sant'Agnese Hotel Croce di Malta Hotel Privilege Hotel I Presidi Argentario Divers Lorenzo il Magnifico San Domenico Podere gli Olmi MaranathC Youth Residence PLP guest house Rooms with a view Althea rooms Park Hotel Argentario Camping Il Gabbiano Le Cannelle Argentario Osa Talamone Camping Hotel Telamonio Hotel Capo Duomo Pian dei Pini La Valentina Cavalleggeri Hotel L'Etrusco Le Colombe Borgo Dolciano Locanda dei Guelfi Villino Il Magnifico Villa Elea Fontecastello Hotel Massimo Hotel Alex A casa di Dante BB Gilda 1999 - 2005 - Copyright and Project by Piramedia srl - Tutti I Diritti Riservati -Privacy [IMAGE]
Re: Pf questions for larger implementation
On Thu, 23 Feb 2006, Ryan McBride wrote: SNIP In my opinion if you're talking about NATing 750 Windows boxes doing regular Windows-type things, you're going to want to at least at crank the limits on states and turn on adaptive timeouts; I wouldn't go any further than that unless you run into actual problems, but you can also think about using some of the other connection limiting features to prevent trojaned systems from filling the state table and impacting other users. I help a friend out with the FW in front of their company webservers. I agree with Ryan's observation, one because I'm pretty sure he knows what he's doing, two because I have direct experience in attempting to protect Windows systems. On more than one occasion the owner of the business has called me up to say there's a problem with the FW, everytime they've said that it was related to one of their Windows systems getting tilted. Things to think about (roughly in order of aggressiveness): - 'set limit states' - adaptive timeouts - 'set optimization' SNIP -Ryan diana Past hissy-fits are not a predictor of future hissy-fits. Nick Holland(06 Dec 2005)
Re: dns caching server error
Thanks to all, I solved this issue. The dns server is behind a firewall and I don't NAT enable for this server .. I very stupid I know .. :) roberto 2006/2/23, Roberto Pereyra [EMAIL PROTECTED]: Yes, this is my resolv.conf: lookup file bind nameserver 127.0.0.1 roberto 2006/2/23, Timo Schoeler [EMAIL PROTECTED]: thus Roberto Pereyra spake: Hi A simple question. How to enable dns server to only make dns cache service to my LAN ? I running OpenBSD 3.7 and with: named_flags= in rc.conf.local but I have this output : server1# dig @127.0.0.1 yahoo.com ; DiG 9.3.0 @ 127.0.0.1 yahoo.com ;; global options: printcmd ;; connection timed out; no servers could be reached server1# have you put 'nameserver 127.0.0.1' in your /etc/resolv.conf? I not using pf. Thanks for any help. roberto -- Ing. Roberto Pereyra ContenidosOnline Servidores BSD, Solaris y Linux Soporte ticnico ISPs Jabber ID: [EMAIL PROTECTED] For reliable and professional DNS, use DNS Made Easy! http://www.dnsmadeeasy.com/u/14989 HTH, -- Timo Schoeler | http://riscworks.net/~tis http://riscworks.net/%7Etis| [EMAIL PROTECTED] RISCworks -- Perfection is a powerful message ISP | POWER PowerPC afficinados | Networking, Security BSD services GPG Key fingerprint = B5F6 68A4 EC45 C309 6770 38C4 50E8 2740 9E0C F20A There are 10 types of people in the world. Those who understand binary and those who don't. -- Ing. Roberto Pereyra ContenidosOnline Servidores BSD, Solaris y Linux Soporte ticnico ISPs Jabber ID: [EMAIL PROTECTED] For reliable and professional DNS, use DNS Made Easy! http://www.dnsmadeeasy.com/u/14989 -- Ing. Roberto Pereyra ContenidosOnline Servidores BSD, Solaris y Linux Soporte ticnico ISPs Jabber ID: [EMAIL PROTECTED] For reliable and professional DNS, use DNS Made Easy! http://www.dnsmadeeasy.com/u/14989
Re: writev() on a nonblocking Unix-domain SOCK_STREAM socket
* Alexander Farber [EMAIL PROTECTED] [2006-02-21 16:59]: do I need to retry writev() on a nonblocking Unix-domain SOCK_STREAM socket or will it always write out the exact number of bytes I wanted? it will tell you wether it wrote out both. on non-blocking sockets you have to account for partial reads. And another question: is it possible to find out that such a socket has been disconnected before I call writev() on it (so that I reconnect it first)? Or will I have to check for EPIPE? (too bad - because then I won't know how many bytes have been transmitted successfully) writev() returning 0 means connection closed. -- BS Web Services, http://www.bsws.de/ OpenBSD-based Webhosting, Mail Services, Managed Servers, ... Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie)
Re: writev() on a nonblocking Unix-domain SOCK_STREAM socket
* Henning Brauer [EMAIL PROTECTED] [2006-02-23 15:11]: * Alexander Farber [EMAIL PROTECTED] [2006-02-21 16:59]: do I need to retry writev() on a nonblocking Unix-domain SOCK_STREAM socket or will it always write out the exact number of bytes I wanted? it will tell you wether it wrote out both. on non-blocking sockets you have to account for partial reads. wow, two errors in two sentences. let me try again. it will tell you wether it wrote out everything. on non-blocking sockets you have to account for partial writes. also I suggest reading usr.sbin/bgpd/buffer.c, especially buf_write (using write) and msgbuf_write (using sendmsg, but logic is teh same). -- BS Web Services, http://www.bsws.de/ OpenBSD-based Webhosting, Mail Services, Managed Servers, ... Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie)
Re: auto-adding bad hosts to a table
Daniel Ouellet wrote:
Ray Lai wrote:
I thought you meant you could do something like:
block in log-table zombie to port 25
where zombie is updated automatically.
If you read on the PF and look at what I send you, you will see that
bad-ssh IS updated automatically.
That's what the line:
(max-src-conn-rate 5/30, overload bad_ssh flush global)
does. After 5 connection in 30 seconds, the IP address is put
automatically into the table bad_ssh and flush global remove any state
in the PF table.
Just adjust the max-src-conn-rate 5/30 for what you want.
Hope this make it more clear.
Side note:
It's possible to have more than one rule, to approximate a curve
of sorts. I have the following rules on my router:
pass in on $ext_if proto tcp from any to ($ext_if) port ssh \
flags S/SA modulate state \
( max-src-conn-rate 5/30, overload denied-hosts flush global )
pass in on $ext_if proto tcp from any to ($ext_if) port ssh \
flags S/SA modulate state \
( max-src-conn-rate 8/60, overload denied-hosts flush global )
The second catches the slightly slower scans that may skirt by the first
rule. The curve for such scans can be approximated by as many of
these rules as necessary, though I've found that just the two seems to
work fine for me.
I have performed only the most cursory inspection of the code and
therefore am not entirely qualified to comment, but believe that it
ought not be prohibitively difficult to allow the construction of a
list of such rates within a single rule for optimization purposes
and/or easier readability of the configuration file, e.g.
pass in on $ext_if proto tcp from any to ($ext_if) port ssh \
flags S/SA modulate state \
( max-src-conn-rate { 5/30, 8/60, ... }, \
overload denied-hosts flush global )
... with the table portion being an implicit or of those rates
(5 in 30 OR 8 in 60 OR ...). I see a relatively small number of
functions and structures that would need to be changed, in net/pf.c
and net/pfvar.h mostly (change of pf_threshold structures to permit
multiple count/time/limit triads and logic to update them) with a wee
bit of spanking for the parser to get it to understand the table
specification for rate curves in addition to the current limit/time
specification. (Perhaps a new curve data structure, to go along with
the table structures? That seems to have some interesting implications
for some pf knobs used in certain places for queueing, timeout settings,
and so forth.)
Again, I am speaking ex ano, and expect (rightly) to be ignored until
I can produce a patch; I merely bring it up for comment. This behavior
can, as noted, be approximated with the current state of pf.
--
(c) 2005 Unscathed Haze via Central Plexus [EMAIL PROTECTED]
I am Chaos. I am alive, and I tell you that you are Free. -Eris
Big Brother is watching you. Learn to become Invisible.
| Your message must be this wide to ride the Internet. |
Re: auto-adding bad hosts to a table
On Wednesday 22 February 2006 16:48, Daniel Ouellet wrote: If you read on the PF and look at what I send you, you will see that bad-ssh IS updated automatically. That's what the line: (max-src-conn-rate 5/30, overload bad_ssh flush global) does. After 5 connection in 30 seconds, the IP address is put automatically into the table bad_ssh and flush global remove any state in the PF table. Just adjust the max-src-conn-rate 5/30 for what you want. But with max-src-conn-rate aren't you actually allowing connections? The first I want to do is block connections, not allow them. Will use of max-src-conn-rate work with a block? With attempted connections that never get allowed? Chris
Re: auto-adding bad hosts to a table
On Wednesday 22 February 2006 15:37, Ray Lai wrote: Do ``block in log on port 25'' and listen to pflog0 to add bad hosts. Bit of a openBSD n00b here. How would I go about listening to pflog0? I thought that required tcpdump running. What I want it running continuously on a small, dedicated firewall box (concerned about processing power as well as security)? Chris
Re: Obtaining virtual MAC associated with a Carp interface
On 2006/02/23 10:16, Kevin Taylor wrote: Short question: How can I obtain the virtual MAC associated with a given carp interface from the command line on that server? 00:00:5e:00:01:XX where XX is VRID in hex.
basic fail-over mechanism for home networking.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Dear misc readers. i have soekris box to do basic nat/rdr on my home networking, one comp is a squid proxy server and a client machines http requests are redirected to that machine trough soekris box. now i would like to have some kind of basic fail-over mechanism to it, so if that squid proxy machine is not available it would redirect the requests to another proxy server in this case the one that ISP offers but only for that time until the main squid machine is available again. What kind of basic solutions would you recommend? -BEGIN PGP SIGNATURE- Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 2.4 wkYEARECAAYFAkP93OUACgkQVjWY/fP2rrUXJACfbb433lS+2QSwT7ZyJUWjKwcAkU8A n35j/AL9vu+22yaBWL9K6nIGt1Gu =u+qj -END PGP SIGNATURE-
Re: auto-adding bad hosts to a table
On Wednesday 22 February 2006 16:19, Stuart Henderson wrote: recent (preferably -current/snapshot ports) smtp-vilter handles this quite nicely. Thanks but it's probably not a solution in this case. I'm not that experienced with openBSD but I'm a bit leery about running -current on a dedicated firewall/router (or maintaining a -current installation otherwise). Also it isn't the mail server which is a Linux box running Postfix. Was hoping for a pure pf solution. Chris
NetBSD imported iSCSI framework
quote from http://www.netbsd.org/Changes/#iscsi-target 22 Feb 2006 - NetBSD iSCSI Status and HOWTOs (top) Alistair G. Crooks has recently added support for an iSCSI target to NetBSD, and written HOWTOs for using it. iSCSI is specified in RFC 3720 and describes a method for encapsulating SCSI commands in TCP/IP to remotely access block-level storage. In iSCSI, the party offering a SCSI device (the server) is called a target, and the party using that device (the client) is called an initiator, so the iSCSI target exports blocks to the iSCSI initiators.
Re: auto-adding bad hosts to a table
* Chris Smith [EMAIL PROTECTED] [2006-02-23 09:34]: On Wednesday 22 February 2006 15:37, Ray Lai wrote: Do ``block in log on port 25'' and listen to pflog0 to add bad hosts. Bit of a openBSD n00b here. How would I go about listening to pflog0? I thought that required tcpdump running. What I want it running continuously on a small, dedicated firewall box (concerned about processing power as well as security)? Chris man pflog If you have ADD and can't read the whole thing man pflog | grep tcpdump
Re: basic fail-over mechanism for home networking.
two boxes at home, carped and pfsynced. Primary runs your squid, backup either runs a backup squid yourself, or does an rdr for the connections to it to the isp's proxy. -Bob * [EMAIL PROTECTED] [EMAIL PROTECTED] [2006-02-23 09:40]: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Dear misc readers. i have soekris box to do basic nat/rdr on my home networking, one comp is a squid proxy server and a client machines http requests are redirected to that machine trough soekris box. now i would like to have some kind of basic fail-over mechanism to it, so if that squid proxy machine is not available it would redirect the requests to another proxy server in this case the one that ISP offers but only for that time until the main squid machine is available again. What kind of basic solutions would you recommend? -BEGIN PGP SIGNATURE- Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 2.4 wkYEARECAAYFAkP93OUACgkQVjWY/fP2rrUXJACfbb433lS+2QSwT7ZyJUWjKwcAkU8A n35j/AL9vu+22yaBWL9K6nIGt1Gu =u+qj -END PGP SIGNATURE- -- | | | The ASCII Fork Campaign \|/ against gratuitous use of threads. |
Re: auto-adding bad hosts to a table
Chris Smith wrote: But with max-src-conn-rate aren't you actually allowing connections? The first I want to do is block connections, not allow them. Will use of max-src-conn-rate work with a block? With attempted connections that never get allowed? A block rule will just block all connections. That's easy: block in on $if proto tcp from any to ($if) port ssh Done. No SSH traffic is gonna get through that, that's fer-damned- sure. (I'll demonstrate first with my own SSH-scanner rule, that being what I have at hand to work with. Your requirements will be covered below.) However, if you want to trigger on something, you need to use a pass rule first, to let those connections in: pass in on $if proto tcp from any to ($if) port ssh \ EXCEPT for those originating from those thrice-damned SSH spam-scanners (may their souls be rent with iron claws in the sulfur-pits of Gehenna) which you want to consign to the Outer Darkness; we discover these after their fifth (or third, or eighth, or however many-th) connection attempt in a specified timeframe (here, 30 seconds), which is not normal behavior for SSH: ( max-src-conn-rate 5/30, \ ... and when that is triggered, you want to not only add them to the Outer Darkness table, which you block with an earlier rule in pf.conf: overload OuterDarknessTable \ (referencing previous rule: block in quick on $if from OuterDarknessTable to any) ... you want to flush all states associated with that IP, preventing it from using a previously-established connection for any nastiness: flush \ ... and you want that to apply to states generated from any rule, to boot: global ) Think of that max-src-conn-rate as an exception: Pass these in, BUT, if the connection meets this criteria (#conns/time), add it to this table and purge all states containing this address. That is necessary for the triggering behavior of which you speak. For your purposes, I would *guess* that the following would work: pass in on $net_if proto tcp from ($internal_net) to (! $mailhost) \ port smtp \ ( max-src-conn-rate 1/60, overload InfectedTable, \ flush global ) with a corresponding rule: block in on $net_if from InfectedTable to any That should trigger the first time someone diddles an SMTP port that doesn't belong to your mailserver (the behavior you're looking for), chucking the unfortunate host onto a blacklist, which you are presumably checking on a periodic basis (cronjob perhaps, run once every minute or five, pfctl -t InfectedHosts -Tshow - that should mail you only if there is output of that command, i.e. if a host has been added to that table.) Caveat: these rules will have to be replicated for each internal network interface you have. Caveat #2: unless there's one network interface on your pf box for each host, the host will still be able to send traffic to anything on its segment. Restated: you will only be able to quarantine your network on a per-interface basis. Hope that helps! -- (c) 2005 Unscathed Haze via Central Plexus [EMAIL PROTECTED] I am Chaos. I am alive, and I tell you that you are Free. -Eris Big Brother is watching you. Learn to become Invisible. | Your message must be this wide to ride the Internet. |
Re: auto-adding bad hosts to a table
On Thursday 23 February 2006 11:40, Bob Beck wrote: Bit of a openBSD n00b here. How would I go about listening to pflog0? I thought that required tcpdump running. What I want it running continuously on a small, dedicated firewall box (concerned about processing power as well as security)? man pflog If you have ADD and can't read the whole thing man pflog | grep tcpdump I don't have ADD but apparently I don't spell all that correctly. So with the misspelled word What replaced with Would, parts of my previous post might make some more sense: --- How would I go about listening to pflog0? I thought that required tcpdump running. Would I want it running continuously on a small, dedicated firewall box (concerned about processing power as well as security)? --- IOW, from your experience, is tcpdump safe in this scenario and is it's overhead minimal? Thanks. Chris
Generate MAC for a given carp interface
For future reference, here is the script I generated to provide a MAC
address for a given carp interface. Much thanks to Stuart Henderson in
answering my original question on this topic. This is no rocket
science, but it might save a few people 2 minutes in the future.
-Kevin
#!/usr/bin/perl
#
# This script takes a single carp interface name as an argument,
# collects the vhid from ifconfig, and then provides the appropriate
# MAC address for that interface.
#
if ( $#ARGV == 0 )
{
if ($ARGV[0] =~ /carp[0-9]+/)
{
if (`ifconfig $ARGV[0]` =~ /.*?vhid\ ([0-9]+).*/)
{
printf 00:00:5e:00:01:%02x\n,$1;
}
}
else
{
print Interface \$ARGV[0]\ is invalid,
gen_carp_mac.pl only accepts carp interface names\n;
exit;
}
}
else
{
print Usage: gen_carp_mac.pl interface\nThis program requires
a single carp interface name as an argument.\n;
exit;
}
Re: auto-adding bad hosts to a table
On 2006-02-23 12:07:03 -0500, Chris Smith wrote: --- How would I go about listening to pflog0? I http://www.openbsd.org/faq/pf/logging.html IOW, from your experience, is tcpdump safe in this scenario and is it's overhead minimal? Overhead of the FAQ solution is minimal here (DSL fw single host). But that depends on your traffic. Best Martin -- http://www.tm.oneiros.de
Re: network distributed storage with windows?
This has plenty to do with OpenBSD, the central server is OpenBSD and getting it to play nice with windows has to do with it also. Henning Brauer wrote: this has nothing to do with openbsd. please take it elsewhere. * Daniel A. Ramaley [EMAIL PROTECTED] [2006-02-21 03:42]: On Thursday 16 February 2006 01:58, A Rossi wrote: My client didn't really like the idea of just making a windows partition and disallowing the users from accessing it with permissions, because then they'd know about something... And some might complain about it being broken - they have several older people on staff who aren't as computer literate. It is possible to not only deny permissions to a drive, but also to completely hide the drive from the user interface. Hiding drives from the interface can be done through group policies (either local policies or via Active Directory). Take a look at Microsoft Knowledge Base article Q231289: Using Group Policy Objects to hide specified drives in My Computer for Windows 2000. Since Windows administration is quite off-topic, if you need further help please e-mail me off list. I haven't hidden drives from users before, but i work with someone who administers Windows and does this so it would be easy for me to ask more questions on how it is done. Dan RamaleyDial Center 118, Drake University Network Programmer/Analyst 2407 Carpenter Ave +1 515 271-4540Des Moines IA 50311 USA
Info on major/minor device mappings for device drivers
I know you are going to tell me to rtfm, it's bound to be in there but I can't find anything relevant here so assume I'm stupid and please point me at something obvious :P I have just become acquainted with the differences between FreeBSD and OpenBSD by porting over the ubtbcmfw driver which seems to build into my Kernel quite happily and I can plug in the Blutonium based USB dongle and my driver recognises it. great!.. However, programming device drivers on OpenBSD isn't quite like I was expecting.. I have modified a few up to now but not brought a new one into the tree before. FreeBSD has a make_dev call to actually make the device nodes for the driver. OpenBSD has makedev which I think does something similar, however, the majority of the drivers that I have examined don't use it. They don't actually seem to have anything within the driver itself that identifies with me as a registration of major and minor device numbers that I can correlate with a simple mknod command so I'm assuming that there is an element of automatic assignment on the part of the device numbers (or maybe I missed some macro that does something for you.. I don't know). Looking at the counterpart driver for this device (ubt) I can't see any reference to major, minor device numbers so I picked something more obvious. the wd driver and I can't figure out how this maps to major number 16 at all. (it's been a long day working from home and the smallest baby has been screaming all day too :(). Can someone give me a hint or point me at a relevant man page about how device numbers are managed in the Kernel source tree this would save me a lot of head scratching... even at the risk of having to slap myself on the forehead and shout DOH!. -Andy
Simple question about appletalk
I need to put a laptop running Mac OS X (10.3 I think) in my OpenBSD powered network - OpenBSD router/firewall. The problem is that I don't know if I need Appletalk or not installed (I have an urgent problem that must be solved with this laptop, but it's not mine and I haven't worked too much with Apple computers). At this moment I don't have the laptop, but I need it up and running in the second when it appears so I need to know in advance if I need to enable Appletalk in the network (this laptop needs only www access). And another problem: in /etc/pf.conf I have scrub in all reassembe tcp - is this a problem with Mac OS X (I have some problems with some Mandriva Linux machines here and I think this is the problem). Thank you very much in advance. Respectfully yours, Gabriel George POPA
Re: network distributed storage with windows?
Thank you all and good night! Chris Zakelj wrote: A Rossi wrote: Hi, I've been hired by a client to perform a number of network services for him, most of which are completely unrelated to my topic. Now, onto my topic: He asked me if I could partition all of his workstation computers (running windows XP Professional SP2) with a windows partition, and a hidden partition which occupies most of the disk, that is accessible over the network to OpenBSD (actually he asked for FreeBSD, but I will change his mind...) to back up his server. He doesn't want his employees to know about it or to be able to interact with this hidden partition in any way. I told him that it is not possible, because windows controls the hardware (being the OS on the system) and the only way it would work was if he had *BSD on the system. But, because he is paying me, I thought I should give him the benefit of the doubt, and ask the pros in this area. So, is it possible for OpenBSD to access a bunch of hidden (I put it into quotes because it could be any non-windows compatible partition, because it won't show it then) partitions on networked workgroup computers and treat them like one big disk for backup? My apologies for such a long post. I am new to OpenBSD, but I like what I see. Thanks, A Rossi I'm certainly no guru, but I can tell you this: If the OS in control of the system does not understand the file system of the partition, then no other system will be able to access it in any meaningful way. That said, I think you could create a C partition, and house the user's Windows installation and applications on it. Then create a second D partition, and lock the view/use rights for that partition to administrator accounts only. Share that partition with the usual Windows file and printer sharing, then access it through SAMBA with administrator credentials.
Re: Simple question about appletalk
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Feb 23, 2006, at 1:52 PM, Gabriel George POPA wrote: I need to put a laptop running Mac OS X (10.3 I think) in my OpenBSD powered network - OpenBSD router/firewall. The problem is that I don't know if I need Appletalk or not installed Mac OS X is based on FreeBSD. It is just another commercial UNIX. AppleTalk has not been required for Mac OS general use networking in quite some time. - -- Bryan Allen [EMAIL PROTECTED] http://bda.mirrorshades.net Cyberpunk is dead. Long live cyberpunk. iD8DBQFD/ge88DRlpnH/NmoRArKQAJwLLAzp2iIzktppXQGRWy6IleHPPQCfTIuR nclfAzmrEYt8xbsovVX4fhM= =64W3 -END PGP SIGNATURE-
Re: Info on major/minor device mappings for device drivers
On 2/23/06, Andrew Smith [EMAIL PROTECTED] wrote: Looking at the counterpart driver for this device (ubt) I can't see any reference to major, minor device numbers so I picked something more obvious. the wd driver and I can't figure out how this maps to major number 16 at all. (it's been a long day working from home and the smallest baby has been screaming all day too :(). Can someone give me a hint or point me at a relevant man page about how device numbers are managed in the Kernel source tree this would save me a lot of head scratching... even at the risk of having to slap myself on the forehead and shout DOH!. see arch/arch/conf.c
Re: basic fail-over mechanism for home networking.
reformatted for 80 columns
On Thu, Feb 23, 2006 at 06:04:31PM +0200, [EMAIL PROTECTED] wrote:
Dear misc readers.
i have soekris box to do basic nat/rdr on my home networking, one comp
is a squid proxy server and a client machines http requests are
redirected to that machine trough soekris box. now i would like to
have some kind of basic fail-over mechanism to it, so if that squid
proxy machine is not available it would redirect the requests to
another proxy server in this case the one that ISP offers but only for
that time until the main squid machine is available again. What kind
of basic solutions would you recommend?
For sufficiently basic stuff, there's no reason not to go with a cron
job run as root. Create /etc/pf.conf and /etc/pf.conf.failover, then do
a lynx -dump www.google.com or whatever your site of choice is. Be sure
to set http_proxy in the environment first.
Once this is set up, go with something like the following (which looks
long, but it's really only ten lines plus exception handling), run from
cron, say, every five minutes.
#!/bin/sh
TMPFILE=`mktemp /tmp/fw.` || exit 1;
http_proxy='my.proxy.net';
export http_proxy;
if ! [ -e /etc/pf.nofailover ] \
! [ -e /var/run/fw.error ] \
lynx -dump www.google.com /dev/null 21; then
if [ -e /var/run/fw.running_backup ]; then
if pfctl -f /etc/pf.conf $TMPFILE 21; then
if rm /var/run/fw.running_backup; then
echo 'ok' | mail -s 'Firewall failback' root;
else
{ touch /var/run/fw.error; \
echo 'Could not remove'; \
echo '/var/run/fw.running_backup?!'; \
} 21 | \
mail -s 'Firewall failback: weird error';
fi
else
{ touch /var/run/fw.error; \
echo 'Failed:'; \
echo; \
cat $TMPFILE; \
echo 'Please fix /etc/pf.conf or whatever caused'; \
echo 'the failure and remove /var/run/fw.error'; \
} 21 | \
mail -s 'Firewall failed to failback; stalled' root;
fi
fi
else
if ! [ -e /var/run/fw.running_backup ]; then
if pfctl -f /etc/pf.conf.failover $TMPFILE 21; then
if touch /var/run/fw.running_backup; then
echo 'ok' | mail -s 'Firewall failover' root
else
{ touch /var/run/fw.error; \
echo 'Could not touch'; \
echo '/var/run/fw.running_backup; \
} 21 | \
mail -s 'Firewall failover: weird error';
else
{ touch /var/run/fw.error; \
echo 'Failed:'; \
echo; \
cat $TMPFILE; \
echo 'Please fix /etc/pf.conf.failover or whatever'; \
echo 'caused the failure and remove'; \
echo '/var/run/fw.error'; \
} 21 | \
mail -s 'Firewall failed to failover; stalled' root;
fi
fi
fi
rm $TMPFILE
This is of course rather simplistic (and only guards against the proxy
malfunctioning completely - no attempt is made to detect a proxy that
will only serve up cached pages, for instance), and it should be
possible to improve upon this design, but for a quick and dirty
solution, it works fine. I suppose - I haven't tested it.
Of course, this isn't exactly realtime failover. It should be very much
possible to get (near-)realtime failover, but that will be quite a bit
more difficult. Feel free to ask if that's what you're looking for.
Joachim
Re: trunk in interface groups?
* Per-Olov Sj?holm [EMAIL PROTECTED] [2006-02-23 22:08]: Hi misc Saw a post from june 2005 by Henning regarding the work he and Ryan did on code cleanup and the addition code of interface groups. I think I am on my way to abuse these groups as simple alias to make PF totaly independant from the hardware and put all my interface stuff in the hostname.if files only. The question: Is it possible to add a trunk interface as well to an interface group and then refer to that group as an interface in PF? the type of an interface should (I'm inclined to say: must) not matter for interface groups. -- BS Web Services, http://www.bsws.de/ OpenBSD-based Webhosting, Mail Services, Managed Servers, ... Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie)
Re: make build | securelevel=2
On 1/26/06, Joachim Schipper [EMAIL PROTECTED] wrote: I agree with your assessment - but disallowing mounts in securelevel 2 fixes the most obvious attack (that anybody with even a little UNIX no, it fixes nothing. root can alter processes' memory. you gain *nothing* by preventing mount. anyone who thinks that securelevels ever really helped solve any security problems hasn't got a brain, or they have not used it in a while.
3.8 mountd -n
Trying to get OS X to mount an openbsd nfs share. I can force OS X to use reserved ports by using mount_nfs -P from the command line, but users mounting from the finder don't have that option. OpenBSD man page for mountd says that there is an -n option to allow mounting from unreserved ports, but running mountd with that option doesn't seem to make a difference. Any ideas? Also, if this flag worked, I'm not sure how one would put it in /etc/rc.conf.local Thanks in advance.
Re: 3.8 mountd -n
Will H. Backman wrote: Trying to get OS X to mount an openbsd nfs share. I can force OS X to use reserved ports by using mount_nfs -P from the command line, but users mounting from the finder don't have that option. OpenBSD man page for mountd says that there is an -n option to allow mounting from unreserved ports, but running mountd with that option doesn't seem to make a difference. Any ideas? Also, if this flag worked, I'm not sure how one would put it in /etc/rc.conf.local Thanks in advance. Replying to myself: On http://www.openbsd.org/plus31.html, I see: Remove requirement for reserved ports in the NFS server by using the vfs.nfs.norsvport sysctl(8) But sysctl says third level name norsvport in vfs.nfs.norsvport is invalid Searching the archives for vfs.nfs.norsvport show a message that it was later removed. Am I chasing a silly idea?
openbsd 3.9beta -- panic when installing to IDE on soekris net4801
hi, i've moved 1 net4801 from openbsd 3.8 to 3.9beta (snap feb 20) successfully. this one uses only CF for storage runs happily. next stage is running the same beast from a 20GB IDE - tested known good in a spare laptop. i boot from tftp, using PXEBOOT/DHCP. unfortunately i get a panic during the point i'd normally get to run disklabel. panic: root filesystem has size 0 just before that i get the following warnings wd1(pciide0:0:1): timeout type: ata c_bcount: 8192 c_skip: 0 pciide0:0:1: bus-master DMA error: missing interrupt, status=0x41 so after reading up: http://article.gmane.org/gmane.os.openbsd.misc/93704 and setting config wd0 0xffc0, i get a little further: wd1(pciide0:0:1): timeout type: ata c_bcount: 8192 c_skip: 0 pciide0:0:1: bus-master DMA error: missing interrupt, status=0x60 i.e. not really any much further along :-( 2 questions: what DMA mode (or whatever) should i be using to get this to work? what are the meaning of 0xffc0 ? i've read the man pages below and don't feel anymore enlightened. http://www.openbsd.org/cgi-bin/man.cgi?query=configapropos=0sektion=0manpath=OpenBSD+Currentarch=i386format=html and http://www.openbsd.org/cgi-bin/man.cgi?query=wdapropos=0sektion=0manpath=OpenBSD+Currentarch=i386format=html dmesg follows, from the CF install.. no its not generic, but it IS a 4801 built using flashdist. i've not gotten a dmesg from the hanging GENERIC successfully. cheers, scorch -- out of the frying pan and into the fire OpenBSD 3.9-beta (NET4801) #2: Wed Feb 22 00:29:21 CET 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/NET4801 cpu0: Geode(TM) Integrated Processor by National Semi (Geode by NSC 586-class) 267 MHz cpu0: FPU,TSC,MSR,CX8,CMOV,MMX cpu0: TSC disabled real mem = 133799936 (130664K) avail mem = 119648256 (116844K) using 1658 buffers containing 6791168 bytes (6632K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(00) BIOS, date 20/50/29, BIOS32 rev. 0 @ 0xf7840 pcibios0 at bios0: rev 2.0 @ 0xf/0x1 pcibios0: pcibios_get_intr_routing - function not supported pcibios0: PCI IRQ Routing information unavailable. pcibios0: PCI bus #0 is the last bus bios0: ROM list: 0xc8000/0x9000 cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 0 function 0 Cyrix GXm PCI rev 0x00 sis0 at pci0 dev 6 function 0 NS DP83815 10/100 rev 0x00, DP83816A: irq 10, address 00:00:24:c5:37:30 nsphyter0 at sis0 phy 0: DP83815 10/100 PHY, rev. 1 sis1 at pci0 dev 7 function 0 NS DP83815 10/100 rev 0x00, DP83816A: irq 10, address 00:00:24:c5:37:31 nsphyter1 at sis1 phy 0: DP83815 10/100 PHY, rev. 1 sis2 at pci0 dev 8 function 0 NS DP83815 10/100 rev 0x00, DP83816A: irq 10, address 00:00:24:c5:37:32 nsphyter2 at sis2 phy 0: DP83815 10/100 PHY, rev. 1 gscpcib0 at pci0 dev 18 function 0 NS SC1100 ISA rev 0x00 gpio0 at gscpcib0: 64 pins NS SC1100 SMI rev 0x00 at pci0 dev 18 function 1 not configured pciide0 at pci0 dev 18 function 2 NS SCx200 IDE rev 0x01: DMA, channel 0 wired to compatibility, channel 1 wired to compati bility wd0 at pciide0 channel 0 drive 0: Ritek Corporation wd0: 1-sector PIO, LBA, 122MB, 250368 sectors wd1 at pciide0 channel 0 drive 1: IBM-DJSA-220 wd1: 16-sector PIO, LBA, 19077MB, 39070080 sectors wd0(pciide0:0:0): using PIO mode 2 wd1(pciide0:0:1): using PIO mode 4, Ultra-DMA mode 2 geodesc0 at pci0 dev 18 function 5 NS SC1100 X-Bus rev 0x00: iid 6 revision 3 wdstatus 0 ohci0 at pci0 dev 19 function 0 Compaq USB OpenHost rev 0x08: irq 11, version 1.0, legacy support usb0 at ohci0: USB revision 1.0 uhub0 at usb0 uhub0: Compaq OHCI root hub, rev 1.00/1.00, addr 1 uhub0: 3 ports with 3 removable, self powered isa at gscpcib0 not configured isa0 at mainbus0 isadma0 at isa0 nsclpcsio0 at isa0 port 0x2e/2: NSC PC87366 rev 9: GPIO VLM TMS gpio1 at nsclpcsio0: 29 pins gscsio0 at isa0 port 0x15c/2: SC1100 SIO rev 1: npx0 at isa0 port 0xf0/16: using exception 16 pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo pccom0: console pccom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo biomask fbe7 netmask ffe7 ttymask ffe7 dkcsum: wd0 matches BIOS drive 0x80 dkcsum: wd1 matches BIOS drive 0x81 root on wd0a rootdev=0x0 rrootdev=0x300 rawdev=0x302 /dev/rwd0a: file system is clean; not checking mfs: mounting /tmp... mfs: populating /tmp... databases: dev securelevel: kern.securelevel: 0 - 1 watchdog: kern.watchdog.period: 0 - 32 watchdog: kern.watchdog.auto: 1 - 1 hostname: setting hostname to akai... inet: configuring IP on system interfaces... route: adding default route... add net default: gateway 10.0.0.1 pf/nat: configuring and enabling... pf enabled syslogd: starting log daemon...
Can net-snmp show the interface description for ifAlias?
Is it possible to get net-snmp's snmpd to return an interface
description for ifAlias[1]? If so, how?
I am sure that it is, but I am hoping that someone has an example
because I am not sure how to figure out how to match it to the
interfaces ifIndex value.
It looks like net-snmp 5.2 there is going to be some ifXTable support
for Red Hat. However, I only want ifAlias for MRTG, so has anyone done
anything like that? or does this need to go on my free time list?
It appears that the entries in ifTable[3] are in the same order that
ifconfig outputs. Does anyone know if that is the case for sure? If
so, a script to do what I want shouldn't be too tough.
I tried adding this to my /etc/snmpd.conf:
# A good attemt, too bad it failed.
exec .1.3.6.1.2.1.31.1.1.1.18 /home/andrew/ifAlias
where the ifAlias script is this:
#!/bin/sh
# The whitespace in the grep is a tab
INTERFACES=`ifconfig | grep -v ^| sed 's/:.*$//'`
for i in ${INTERFACES}; do
ifconfig $i | grep description | sed -e 's/^.*description:.//'
done
Unfortunanately, that doesn't work :-(
$ snmpwalk -v1 -c public testhost .1.3.6.1.2.1.31.1.1.1.18
IF-MIB::ifAlias.1.1 = Wrong Type (should be OCTET STRING): INTEGER: 1
IF-MIB::ifAlias.2.1 = STRING: /home/andrew/ifAlias
IF-MIB::ifAlias.3.1 = STRING:
IF-MIB::ifAlias.100.1 = Wrong Type (should be OCTET STRING): INTEGER: 1
IF-MIB::ifAlias.101.1 = STRING: No such file or directory
IF-MIB::ifAlias.102.1 = Wrong Type (should be OCTET STRING): INTEGER: 0
IF-MIB::ifAlias.103.1 = STRING:
So, that probably means writing a script to do pass through control[5] and
that looks to be a bit of a pain, so I am hoping someone has one already.
[1] .1.3.6.1.2.1.31.1.1.1.18 [2]
[2]
.iso.org.dod.internet.mgmt.mib-2.ifMIB.ifMIBObjects.ifXTable.ifXEntry.ifAlias
[3] .1.3.6.1.2.1.2.2 [4]
[4] .iso.org.dod.internet.mgmt.mib-2.interfaces.ifTable
[5] look here[6] for MIP-Specific Extension Commands
[6] http://www.net-snmp.net/docs/man/snmpd.conf.html
l8rZ,
--
andrew - ICQ# 253198 - JID: [EMAIL PROTECTED]
Proud member: http://www.mad-techies.org
BOFH excuse of the day: Police are examining all internet packets in
the search for a narco-net-trafficker
Re: Simple question about appletalk
Sorry for the top-post but there jsut wasn't anywhere appropriate for a snip type of thing. If the laptop only needs www access no appletalk is needed. Appletalk is purely a file serving mechanism, like samba or nfs. If you need appletalk it's pretty easy to set up on OpenBSD. --Bryan On 2/23/06, Gabriel George POPA [EMAIL PROTECTED] wrote: I need to put a laptop running Mac OS X (10.3 I think) in my OpenBSD powered network - OpenBSD router/firewall. The problem is that I don't know if I need Appletalk or not installed (I have an urgent problem that must be solved with this laptop, but it's not mine and I haven't worked too much with Apple computers). At this moment I don't have the laptop, but I need it up and running in the second when it appears so I need to know in advance if I need to enable Appletalk in the network (this laptop needs only www access). And another problem: in /etc/pf.conf I have scrub in all reassembe tcp - is this a problem with Mac OS X (I have some problems with some Mandriva Linux machines here and I think this is the problem). Thank you very much in advance. Respectfully yours, Gabriel George POPA
Re: OpenSparc T1
No this is only processor documentation. http://marc.theaimsgroup.com/?l=openbsd-miscm=113398028623246w=2 Let me be clear. Imagine if we only had processor documentation for Intel-based machines: This is what a real i386 dmesg would look like. Look carefully. And I am not making a joke. OpenBSD 3.9-beta (GENERIC.MP) #571: Wed Jan 18 19:54:24 MST 2006 [EMAIL PROTECTED]:/sys/arch/i386/compile/GENERIC.MP cpu0: Intel(R) Xeon(TM) CPU 3.06GHz (GenuineIntel 686-class) 3.06 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,ACPI, MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,CNXT-ID real mem = 2147000320 (2096680K) avail mem = 1952940032 (1907168K) using 4278 buffers containing 107454464 bytes (104936K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(00) BIOS, date 07/09/03, BIOS32 rev. 0 @ 0xfdb30 apm0 at bios0: Power Management spec V1.2 apm0: AC on, battery charge unknown apm0: flags 30102 dobusy 0 doidle 1 pcibios0 at bios0: rev 2.1 @ 0xf/0x1 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf4880/160 (8 entries) pcibios0: PCI Interrupt Router at 000:01:7 (ServerWorks CSB5 rev 0x00) pcibios0: PCI bus #0 is the last bus bios0: ROM list: 0xc/0x8000 0xc8000/0x4e00! mainbus0: Intel MP Specification (Version 1.4) (AMI GCHE) cpu0 at mainbus0: apid 0 (boot processor) cpu0: apic clock running at 132 MHz cpu1 at mainbus0: apid 1 (application processor) cpu1: Intel(R) Xeon(TM) CPU 3.06GHz (GenuineIntel 686-class) 3.06 GHz cpu1: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,ACPI, MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,CNXT-ID cpu2 at mainbus0: apid 6 (application processor) cpu2: Intel(R) Xeon(TM) CPU 3.06GHz (GenuineIntel 686-class) 3.06 GHz cpu2: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,ACPI, MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,CNXT-ID cpu3 at mainbus0: apid 7 (application processor) cpu3: Intel(R) Xeon(TM) CPU 3.06GHz (GenuineIntel 686-class) 3.06 GHz cpu3: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,ACPI, MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,CNXT-ID mainbus not configured panic: root not found
Re: network distributed storage with windows?
Once again, openafs would allow you to make every windows box a server hosting data in a flat named space setup. There is now a port in current for setting up a master server. -Ober Richard Chesler: [Reading a piece of paper] The first rule of Fight Club is you don't talk about Fight Club? Narrator: [Voice-over] I'm half asleep again; I must've left the original in the copy machine. Richard Chesler: The second rule of Fight Club - is this yours? Narrator: Huh? Richard Chesler: Pretend you're me, make a managerial decision: you find this, what would you do? On Thu, 23 Feb 2006, A Rossi wrote: Date: Thu, 23 Feb 2006 10:53:09 -0800 From: A Rossi [EMAIL PROTECTED] To: misc@openbsd.org Subject: Re: network distributed storage with windows? Thank you all and good night! Chris Zakelj wrote: A Rossi wrote: Hi, I've been hired by a client to perform a number of network services for him, most of which are completely unrelated to my topic. Now, onto my topic: He asked me if I could partition all of his workstation computers (running windows XP Professional SP2) with a windows partition, and a hidden partition which occupies most of the disk, that is accessible over the network to OpenBSD (actually he asked for FreeBSD, but I will change his mind...) to back up his server. He doesn't want his employees to know about it or to be able to interact with this hidden partition in any way. I told him that it is not possible, because windows controls the hardware (being the OS on the system) and the only way it would work was if he had *BSD on the system. But, because he is paying me, I thought I should give him the benefit of the doubt, and ask the pros in this area. So, is it possible for OpenBSD to access a bunch of hidden (I put it into quotes because it could be any non-windows compatible partition, because it won't show it then) partitions on networked workgroup computers and treat them like one big disk for backup? My apologies for such a long post. I am new to OpenBSD, but I like what I see. Thanks, A Rossi I'm certainly no guru, but I can tell you this: If the OS in control of the system does not understand the file system of the partition, then no other system will be able to access it in any meaningful way. That said, I think you could create a C partition, and house the user's Windows installation and applications on it. Then create a second D partition, and lock the view/use rights for that partition to administrator accounts only. Share that partition with the usual Windows file and printer sharing, then access it through SAMBA with administrator credentials.
Re: ADSL modem intern
Are there any plans to import ueaglectl to OpenBSD? http://damien.bergamini.free.fr/ueagle/ The whole idea is to one day fix this so that it can just work automatically, using ifconfig. Please read a posting about 2 weeks ago by dlg comparing bioctl to ifconfig. Please google for it. And then stop being ridiculous. Should we have a special tool for every special device? I think not.
Re: Can net-snmp show the interface description for ifAlias?
On Thu, Feb 23, 2006 at 05:51:24PM -0700, andrew fresh wrote:
Is it possible to get net-snmp's snmpd to return an interface
description for ifAlias[1]? If so, how?
Well, nevermind, it got my interest up so here is a way that works.
It doesn't check for bad input as well as it probably should. But the
stuff that is passed in is never actually used as a shell command so
although it might through some strange errors I don't think it is a
security risk.
However, cfgmaker from MRTG doesn't think that it should check for
ifAlias because there is no Vendor returned by default and so it can't
even attempt to match it. But, change cfgmaker to always query ifAlias
and w00 h00 my configs now have descriptions!
Anyway, mostly for the archives, here is how it ends up:
add something like this into your snmpd.conf
pass .1.3.6.1.2.1.31.1.1.1.18 /usr/local/libexec/ifAlias
and this script in /usr/local/libexec/ifAlias
--- BEGIN ---
#!/bin/sh
# $RedRiver: ifAlias,v 1.3 2006/02/24 03:47:59 andrew Exp $
BASE='.1.3.6.1.2.1.31.1.1.1.18'
# The whitespace here for the grep needs to be a tab
set -A INTERFACES `ifconfig | grep -v ^ | sed 's/:.*$//'`
if [ $1 = -s ]; then
#echo $* /tmp/passtest.log
exit 0
fi
REQ=$2
ID=${REQ##${BASE}.}
if [ X${REQ} = X${BASE} ]; then
ID=0
fi
if [ $1 = -n ]; then
INDEX=$ID
ID=$(( $ID + 1 ))
else
INDEX=$(( $ID - 1 ))
fi
if [ X$ID = X ] || [ X$ID = X0 ] || [ X$ID = X-1 ]; then
exit 0
fi
INTERFACE=${INTERFACES[$INDEX]}
echo ${BASE}.${ID}
if [ X${INTERFACE} = X ]; then
echo noSuchName
exit 0
fi
echo string
echo `ifconfig ${INTERFACE} | grep description | \
sed -e 's/^.*description:.//'`
exit 0
--- END ---
l8rZ,
--
andrew - ICQ# 253198 - JID: [EMAIL PROTECTED]
Proud member: http://www.mad-techies.org
BOFH excuse of the day: The file system is full of it
Re: OpenSparc T1
On Thu, 23 Feb 2006 19:59:05 -0700 Theo de Raadt [EMAIL PROTECTED] wrote: No this is only processor documentation. http://marc.theaimsgroup.com/?l=openbsd-miscm=113398028623246w=2 Let me be clear. Imagine if we only had processor documentation for Intel-based machines: Its actually not only processor documentation though. Its docs for the new sun4v arch, specifically so people can port operating systems to it. Operating systems run on the hypervisor, not on the hardware. http://opensparc.sunsource.net/specs/Hypervisor-api-current-draft.pdf That includes PCI I/O Services, so its definately more than just CPU info. The Sun people are under the impression that the docs up there are everything that's needed to port an OS, so if there's something missing, tell us specifically what it is so we can get on Sun's case about it. Adam
Re: OpenSparc T1
Its actually not only processor documentation though. Its docs for the new sun4v arch, specifically so people can port operating systems to it. Operating systems run on the hypervisor, not on the hardware. http://opensparc.sunsource.net/specs/Hypervisor-api-current-draft.pdf That includes PCI I/O Services, so its definately more than just CPU info. The Sun people are under the impression that the docs up there are everything that's needed to port an OS, so if there's something missing, tell us specifically what it is so we can get on Sun's case about it. If you know so much, write the code. Fact is, you don't. You just believe their lies. Until we support UltrasparcIII, there is no point in supporting another stupid Sun trap.
Re: OpenSparc T1
On Thu, 23 Feb 2006 21:08:26 -0700 Theo de Raadt [EMAIL PROTECTED] wrote: Its actually not only processor documentation though. Its docs for the new sun4v arch, specifically so people can port operating systems to it. Operating systems run on the hypervisor, not on the hardware. http://opensparc.sunsource.net/specs/Hypervisor-api-current-draft.pdf That includes PCI I/O Services, so its definately more than just CPU info. The Sun people are under the impression that the docs up there are everything that's needed to port an OS, so if there's something missing, tell us specifically what it is so we can get on Sun's case about it. If you know so much, write the code. Fact is, you don't. You just believe their lies. Until we support UltrasparcIII, there is no point in supporting another stupid Sun trap. If you don't want to support sun4v that's up to you, I don't care. I was simply pointing out that it is full arch docs. Claiming you can't support it because of missing docs gives the impression that you want to support it. Just say we don't like Sun instead and you won't have to be bothered with people pointing you to the docs. Adam
PHP5 patch for FastCGI support.
Has anyone successfully gotten the patch provided by Frank Denis (of PureFTPD), found here: ftp://ftp.c9x.org/OpenBSD/misc/php5-fastcgi.patch to actually patch php5? If so, could you please lend a little insight in how you managed to do so. Thanks. -- [EMAIL PROTECTED] -- http://www.fastmail.fm - Send your email first class
Re: OpenSparc T1
On 2/24/06, Adam [EMAIL PROTECTED] wrote: On Thu, 23 Feb 2006 21:08:26 -0700 Theo de Raadt [EMAIL PROTECTED] wrote: Its actually not only processor documentation though. Its docs for the new sun4v arch, specifically so people can port operating systems to it. Operating systems run on the hypervisor, not on the hardware. http://opensparc.sunsource.net/specs/Hypervisor-api-current-draft.pdf That includes PCI I/O Services, so its definately more than just CPU info. The Sun people are under the impression that the docs up there are everything that's needed to port an OS, so if there's something missing, tell us specifically what it is so we can get on Sun's case about it. If you know so much, write the code. Fact is, you don't. You just believe their lies. Until we support UltrasparcIII, there is no point in supporting another stupid Sun trap. If you don't want to support sun4v that's up to you, I don't care. I was simply pointing out that it is full arch docs. Claiming you can't support it because of missing docs gives the impression that you want to support it. Just say we don't like Sun instead and you won't have to be bothered with people pointing you to the docs. No Adam, The case is that from experience it is found impossible to get all the necessarry docs to resonably support their hardware. I am experiencing the frustration of not even getting replies from people who got on stage in differrent meetings and spoke about open source and freeing documentation and those who promised to help :-( They are not fully Open as they claim to be, and ( at least I feel ) they really are not serious about opening up either. They just want to misinform people make a feeling that they are for the open cause and get some marketting benefit when they really are not! ( At least this is what I feel from experience) Kind Regards Siju
Re: python2.4 glitch
On Wed, Feb 22, 2006 at 03:21:38AM -0800, Tony Sterrett wrote: I just compiled python2.4 which recommended for Zope 2.9.0. There a small glitch in configure. You'll get an error like below. Its late so just all reference to define_xopen_source starting around 1488. this has to do with select. But the configure file is not set up to handle kqueue/kqueue declartion of u_short and u_long. This configuration file doesn't handle 3.8 either. After removing define_xopen_source it compiled and tested. --- OpenBSD/2.* | OpenBSD/3.@:@0123456@:@) define_xopen_source=no;; why don't you use the python-2.4 packages, or the ports system? This was the python version recommended. The last python available from ports was installed at the time it was recognized by the build script and gave me the option of forcing the use of the older version. How's that for service. I'm just trying to reduce the space which i will have to search when a problem occurs. Respectfully, Tony Sterrett [EMAIL PROTECTED] Consultant in Open Source Software, featuring OpenBSD and Linux. www.sterrett.net (858) 433-1467 San Diego (408) 705-2135 San Jose
Re: OpenSparc T1
We don't even have any documentation for Sun's ethernet chipsets, even the old gem found in machines which showed up on the market about 8-10 years ago. Let alone their newer chipsets, or their pci chipsets. And largely we suspect we don't get documentation because it would show how buggy their hardware is. And now we should use some binary middle layer, and let me guess -- it will be bug free, or wait, when there are bugs found, they will help us fix them? Right
