Re: md5 failed on snapshot files from ftp.openbsd.org
Sorry false alarm :/ After third time everything is ok. -- best regards q#
Re: OT hardware IDE RAID cards
thus Greg Thomas spake: On 8/16/06, Ioan Nemes [EMAIL PROTECTED] wrote: Jaye Mathisen [EMAIL PROTECTED] 08/17 9:25 am We switched from SCSI to SATA, and have seen no significant difference in reliability You didn't looked hard enugh! and a whole lot of savings in $'s. Not on the long term, very bad purchasing decision! But we don't buy the cheapest POS drive at the lowest pricepoint on pricewatch.com either. Don't confuse technology with cost! In short, the SCSI is better theory may be true for a short while longer, but is more likely just the result of inertia, and bad experiencese with cheap crappy IDE drives on crappy controllers, not quality components. Go away and do your homework first! Or better, get a job in marketing! Interesting. A bunch of venom and not a single fact. there are facts, but there are no number. get the numbers yourself as an implicite message. I work for a company that has more employees than the population of your fair city, that's certainly no reference. M$ has almost 60,000 employees, this company never had a single product that was of some worth. (or did i miss something?). McKinsey consists of 6,000 managers and lawyers -- biggest cluster of dumbness on the planet. Halliburton? well, um... we use plenty of SATA in mission critical applications, yeah, and having two hot spares for each drive in use. welcome to resource and energy waste land. we use SATA for storage of redundant data only; system and primary storage is SCSI, and it's cheaper than using SATA and having trouble all the time. and I really don't think that's going to change. but that doesn't really affect a single person on the planet outside your company (that is, as long as you're not into nuclear power plants or something; if so, there's education necessary). SCSI is not only far more reliable, it consists a far more sophisticated protocol underlying. there are reasons why a porsche is slightly more expensive than a (hey, what's the crappiest car you have in the US? Mercedes Benz E-class? ;) Greg timo :)
New (?) OpenBSD-based live-dvd
... Bundled with OpenOffice and more... :) http://quetzal.matem.unam.mx/ Have fun, Bruno.
Reply on your mail
[English version follows Dutch text] DIT IS EEN AUTOMATISCH ANTWOORD Dank u voor uw e-mail. Hierbij bevestigen wij dat deze is ontvangen. Alle meldingen zullen zorgvuldig onderzocht worden, mits deze goed gedocumenteerd zijn. Indien niet noodzakelijk, zult u geen persoonlijk antwoord van ons ontvangen. Om onderzoek te kunnen plegen, hebben wij alle beschikbare logfiles of headerinformatie nodig. Zonder de juiste informatie kunnen wij geen actie ondernemen. Indien u deze informatie nog niet verstuurd heeft, verzoeken wij u dit alsnog te doen. De informatie die wij nodig hebben aangaande e-mail incidenten, kunt u vinden via de volgende pagina: http://www.kpnadsl.nl/support/abuse-email-dadsl.html De informatie die wij nodig hebben aangaande netwerk incidenten (onder andere poortscans, hackpogingen en virussen), kunt u vinden via de volgende pagina: http://www.kpnadsl.nl/support/abuse-portscans-dadsl.html De informatie die wij nodig hebben aangaande nieuwsgroep incidenten, kunt u vinden via de volgende pagina: http://www.kpnadsl.nl/support/abuse-spam-dadsl.html Mocht u een verzoek willen doen tot het blokkeren van bepaalde informatie, dan kunt u hiervoor een document vinden op de volgende pagina: http://www.kpnadsl.nl/support/abuse-copyright-dadsl.html Wij verzoeken u met klem om: - niet meerdere berichten over hetzelfde onderwerp te sturen; - niet meerdere klachten in iin melding te sturen; - niet complete logfiles te sturen, maar alleen de relevante logregels; - niet bijlagen te sturen, of dit te beperken tot bijlagen in tekstformaat; - niet trace routes, whois lookups of ping resultaten te sturen. Een uitgebreide uitleg over de blacklist en/of whitelist van Direct ADSL kunt u vinden op: http://www.kpn-cert.nl/index.php?page=policies.overviewlanguage=nl Recente virussen [EMAIL PROTECTED] http://virusalert.nl/?show=virusid=953[EMAIL PROTECTED] VBS.Nukip http://virusalert.nl/?show=virusid=952name=VBS.Nukip [EMAIL PROTECTED] http://virusalert.nl/?show=virusid=950[EMAIL PROTECTED] Actieve virussen [EMAIL PROTECTED] http://virusalert.nl/?show=virusid=929 W32.Netsky.I t/m P http://www.virusalert.nl/?show=virusid=640 [EMAIL PROTECTED] http://virusalert.nl/?show=virusid=905 THIS IS AN AUTOMATED REPLY Thank you for your e-mail. We hereby acknowledge that your message has been received. All cases will be carefully investigated, if properly documented. Please note, in case it is not necessary, you may not receive a personal response from our department. In order to investigate your case, we need all available logfiles or headers. Without the proper information, we will not be able to take any action. If you have not already done so, please send us all information you have. The information we need concerning e-mail incidents, can be found at the following site: http://www.kpnadsl.nl/support/abuse-aanmelden-dadsl-e.html The information we need concerning network incidents (among other things portscans, hackattempts and virusses), can be found at the following site: http://www.kpnadsl.nl/support/abuse-portscans-dadsl-e.html The information we need concerning newsgroup incidents, can be found at the following site: http://www.kpnadsl.nl/support/abuse-spam-dadsl-e.html In case you would like to make a request to block or remove certain information, a document of this can be found at the following site: http://www.kpnadsl.nl/support/abuse-copyright-dadsl-e.html We kindly urge you: - not to send repeated messages regarding the same event; - not to send multiple complaints in a single message; - not to send an entire log file, include only portions of the log that pertain to the IP address and event in question; - not to send attachments, or limit this to attachments in plain text format; - not to send trace routes, whois lookups, or ping results. A detailed explanation about the blacklist/whitelist from Direct ADSL can be found at: http://www.kpn-cert.nl/index.php?page=policies.overviewlanguage=en Recent virusses [EMAIL PROTECTED] http://securityresponse.symantec.com/avcenter/venc/data/[EMAIL PROTECTED] VBS.Nukip http://securityresponse.symantec.com/avcenter/venc/data/vbs.nukip.html [EMAIL PROTECTED] http://securityresponse.symantec.com/avcenter/venc/data/[EMAIL PROTECTED] Active virusses [EMAIL PROTECTED] http://securityresponse.symantec.com/avcenter/venc/data/[EMAIL PROTECTED] W32.Netsky.I t/m P http://securityresponse.symantec.com/avcenter/venc/data/[EMAIL PROTECTED] [EMAIL PROTECTED] http://securityresponse.symantec.com/avcenter/venc/data/[EMAIL PROTECTED]
Re: New (?) OpenBSD-based live-dvd
On Thu, 17 Aug 2006 11:15:57 +0400, Bruno Carnazzi wrote: ... Bundled with OpenOffice and more... :) I downloaded it. No OOo component ran when clicked. I don't have time to find out why yet. It is pig slow on a 1.4G Thinkpad with 1GB ram. I think I'll have to debug it and run on the metal instead of the vapour-disk. http://quetzal.matem.unam.mx/ Have fun, Bruno. From the land down under: Australia. Do we look umop apisdn from up over? Do NOT CC me - I am subscribed to the list. Replies to the sender address will fail except from the list-server. Your IP address will also be greytrapped for 24 hours after any attempt. I am continually amazed by the people who run OpenBSD who don't take this advice. I always expected a smarter class. I guess not.
Re: New (?) OpenBSD-based live-dvd
2006/8/17, Rod.. Whitworth [EMAIL PROTECTED]: On Thu, 17 Aug 2006 11:15:57 +0400, Bruno Carnazzi wrote: ... Bundled with OpenOffice and more... :) I downloaded it. No OOo component ran when clicked. I don't have time to find out why yet. The documentation explains the needed tricks to make it run (lock file problem)... It is pig slow on a 1.4G Thinkpad with 1GB ram. I think I'll have to debug it and run on the metal instead of the vapour-disk. http://quetzal.matem.unam.mx/ Have fun, Bruno. From the land down under: Australia. Do we look umop apisdn from up over? Do NOT CC me - I am subscribed to the list. Replies to the sender address will fail except from the list-server. Your IP address will also be greytrapped for 24 hours after any attempt. I am continually amazed by the people who run OpenBSD who don't take this advice. I always expected a smarter class. I guess not.
current kernel cvs up from 3.9
Hi all
I am trying to upgrade to current
but building a kernel after cvs up didn't work.
did some fresh installs and updates, on 2 divert machines (base install
goes fine)
a. install via bsd.rd to 3.9
b. get src by ftp for 3.9 = can build kernel (+ world still compiling?)
c. when I do updates like
c.1 = cvsup src tree
cd /usr
export [EMAIL PROTECTED]:/cvs
cvs -d$CVSROOT checkout -P src
or
c.2=
cd /usr/src
export [EMAIL PROTECTED]:/cvs
cvs -d$CVSROOT up -Pd
c.3= just
install sys.tar.gz and src.tar.gz from ftp and do
cd /usr/src cvs up -Pd
Things end up at the same point that kernel won't build
# cd /usr/src/sys/arch/i386/conf
config GENERIC
# cd ../compile/GENERIC/
# make
sh /usr/src/sys/arch/i386/compile/GENERIC/../../../../kern/genassym.sh
cc -Werr
or -Wall -Wstrict-prototypes -Wmissing-prototypes -Wno-uninitialized
-Wno-forma
t -Wno-main -Wstack-larger-than-2047 -fno-builtin-printf
-fno-builtin-log -O2
-pipe -nostdinc -I.
-I/usr/src/sys/arch/i386/compile/GENERIC/../../../../arch -I
/usr/src/sys/arch/i386/compile/GENERIC/../../../.. -DDDB -DDIAGNOSTIC
-DKTRACE -
DACCOUNTING -DKMEMSTATS -DPTRACE -DCRYPTO -DSYSVMSG -DSYSVSEM -DSYSVSHM
-DUVM_SW
AP_ENCRYPT -DCOMPAT_35 -DCOMPAT_43 -DLKM -DFFS -DFFS_SOFTUPDATES
-DUFS_DIRHASH -
DQUOTA -DEXT2FS -DMFS -DXFS -DTCP_SACK -DTCP_ECN -DTCP_SIGNATURE
-DNFSCLIENT -DN
FSSERVER -DCD9660 -DUDF -DMSDOSFS -DFIFO -DPORTAL -DINET -DALTQ -DINET6
-DIPSEC
-DPPP_BSDCOMP -DPPP_DEFLATE -DMROUTING -DBOOT_CONFIG -DI386_CPU
-DI486_CPU -DI58
6_CPU -DI686_CPU -DUSER_PCICONF -DUSER_LDT -DAPERTURE -DCOMPAT_SVR4
-DCOMPAT_IBC
S2 -DCOMPAT_LINUX -DCOMPAT_FREEBSD -DCOMPAT_BSDOS -DCOMPAT_AOUT -DPROCFS
-DPCIVE
RBOSE -DEISAVERBOSE -DUSBVERBOSE -DONEWIREVERBOSE -DWSDISPLAY_COMPAT_USL
-DWSDIS
PLAY_COMPAT_RAWKBD -DWSDISPLAY_DEFAULTSCREENS=6
-DWSDISPLAY_COMPAT_PCVT -DPCIA
GP -D_KERNEL -Di386 -DMAXUSERS=32
/usr/src/sys/arch/i386/compile/GENERIC/../.
./../../arch/i386/i386/genassym.cf assym.h.tmp mv -f assym.h.tmp
assym.h
cc1: error: unrecognized option `-Wstack-larger-than-2047'
*** Error code 1
Stop in /usr/src/sys/arch/i386/compile/GENERIC (line 715 of Makefile).
I tried several options/ways with make clean and make depend and
several reposities/update.
Just the questions:
Am I doing some wrong here?
The build seems to go further on when leaving to
-Wstack-larger-than-2047 option out the make file like this:
# diff -c Makefile Makefile.org
*** MakefileTue Aug 22 14:24:14 2006
--- Makefile.orgTue Aug 22 14:26:43 2006
***
*** 38,49
INCLUDES= -nostdinc -I. -I$S/arch -I$S
CPPFLAGS= ${INCLUDES} ${IDENT} -D_KERNEL -Di386
- #CDIAGFLAGS= -Werror -Wall -Wstrict-prototypes -Wmissing-prototypes \
- # -Wno-uninitialized -Wno-format -Wno-main \
- # -Wstack-larger-than-2047
CDIAGFLAGS= -Werror -Wall -Wstrict-prototypes -Wmissing-prototypes \
! -Wno-uninitialized -Wno-format -Wno-main # \
! # -Wstack-larger-than-2047
.if !${IDENT:M-DI386_CPU}
CMACHFLAGS= -march=i486
--- 38,46
INCLUDES= -nostdinc -I. -I$S/arch -I$S
CPPFLAGS= ${INCLUDES} ${IDENT} -D_KERNEL -Di386
CDIAGFLAGS= -Werror -Wall -Wstrict-prototypes -Wmissing-prototypes \
! -Wno-uninitialized -Wno-format -Wno-main \
! -Wstack-larger-than-2047
.if !${IDENT:M-DI386_CPU}
CMACHFLAGS= -march=i486
#
kind regards,
Marten
Re: current kernel cvs up from 3.9
Just the questions: Am I doing some wrong here? Yes, you are not reading the ``following -current'' faq (http://www.openbsd.org/faq/current.html). Miod
Re: current kernel cvs up from 3.9
On 8/17/06, Marten [EMAIL PROTECTED] wrote: Hi all I am trying to upgrade to current but building a kernel after cvs up didn't work. Upgrade with snapshots first. # make cc1: error: unrecognized option `-Wstack-larger-than-2047' Am I doing some wrong here? Yea, not reading the faq. http://www.openbsd.org/faq/current.html Always wanting to compile from scratch, its like masturbation, but without the release.
patch for ppp
Hi, Recently I wrote patch for ppp(8) that adds acct-terminate-cause attribute to radius accounting packets. Currently supported acct-terminate-causes are: RAD_TERM_IDLE_TIMEOUT, RAD_TERM_USER_REQUEST, RAD_TERM_SESSION_TIMEOUT Can anybody add this patch to source tree? Best regards, Dinar [demime 1.01d removed an attachment of type application/octet-stream which had a name of ppp.patch]
AS path prepending [OpenBGPD]
Hi all,
(obsd3.8 / i386)
So fare I've used 'weight' and 'localpref' between our peers in order to
put one in favour of the other (mainly for pricing). Now I'm adding
third peer and wan't to use AS path prepending in ordet to compensate
for one of my old peer's inappropriate peering agreements in .eu making
the old peer a sort of backup peer only.
I expect that the attribute 'prepend-self' is the one I should use one
the peer I wan't to prepend/prefix/make less attractive, like:
neighbor $slowjoe {
remote-as
descr slowjoe
set localpref 100
set weight 45
announce self
announce IPv6 none
tcp md5sig passwd x
prepend-self 2
}
... right ?
And while I'm at it:
- if I wan't to make sure that $slowjoe is chosen as a last resort, how
many times (0-9) should I prepend ?
- in short, how will the 'prepend-[self|neighbor]' attributes affect the
'localpref' and/or 'weight' ?
- In contrast to 'prepend-self' when should the 'prepend-neighbor'
attribute be used ?
Thank you in advance.
/per
[EMAIL PROTECTED]
Re: AS path prepending [OpenBGPD]
On Thu, Aug 17, 2006 at 05:32:52PM +0200, Per Engelbrecht wrote:
Hi all,
(obsd3.8 / i386)
So fare I've used 'weight' and 'localpref' between our peers in order to
put one in favour of the other (mainly for pricing). Now I'm adding
third peer and wan't to use AS path prepending in ordet to compensate
for one of my old peer's inappropriate peering agreements in .eu making
the old peer a sort of backup peer only.
I expect that the attribute 'prepend-self' is the one I should use one
the peer I wan't to prepend/prefix/make less attractive, like:
neighbor $slowjoe {
remote-as
descr slowjoe
set localpref 100
set weight 45
announce self
announce IPv6 none
tcp md5sig passwd x
prepend-self 2
}
... right ?
Nope. prepend-self is an outgoing thing. You most probably need to use
prepend-neighbor.
And while I'm at it:
- if I wan't to make sure that $slowjoe is chosen as a last resort, how
many times (0-9) should I prepend ?
More than 5 is normaly not needed as the avarage path is about that long.
Normaly it is easier to use localpref to make a backup session only
eligible if no other route is aroung. Just lower the localpref of your
backup neighbor.
- in short, how will the 'prepend-[self|neighbor]' attributes affect the
'localpref' and/or 'weight' ?
The decision path is roughly like this:
1. nexthop
2. localpref
3. aspath lenght
4. origin
5. MED/metric
6. EBGP/IBGP
7. weight
- In contrast to 'prepend-self' when should the 'prepend-neighbor'
attribute be used ?
prepend-self is for outgoing filters (it adds your own AS) whereas
prepend-neighbor is for incomming filters (it adds the AS of the
neighbor). Prepend-self on incomming filters will render all sent prefixes
invalid because the aspath is not loop free.
Thank you in advance.
/per
[EMAIL PROTECTED]
--
:wq Claudio
em(4) Intel PRO/1000PT Dual Port
On Tue, 15 Aug 2006, jared r r spiegel wrote: it's onboard; i don't use that NIC anymore in favour of the em(4). Speaking of em(4), does the Intel PRO/1000PT dual-port PCIe card work on 3.9 i386? This (http://archives.neohapsis.com/archives/openbsd/2006-07/0389.html) dmesg shows it working (presumably) on amd64, but the parent seems to indicate that it does not work. However, it's listed in the em(4) man page. I tried to use this card. em0 worked fine. But as soon as I would plug into em1 the whole machine would freeze. No panic, just frozen. The dmesg below shows one such boot with a lot of other devices stil in the machine. I also tried it stripped down and with all onboard devices (bge0, com0, lpt0) disabled in the bios with the same result. -- Kyle George [EMAIL PROTECTED] Dell PowerEdge SC420: OpenBSD 3.9 (GENERIC) #617: Thu Mar 2 02:26:48 MST 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel(R) Pentium(R) 4 CPU 2.80GHz (GenuineIntel 686-class) 2.80 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CF LUSH,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,CNXT-ID real mem = 526544896 (514204K) avail mem = 473415680 (462320K) using 4278 buffers containing 26431488 bytes (25812K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(00) BIOS, date 02/06/06, BIOS32 rev. 0 @ 0xffe90 apm0 at bios0: Power Management spec V1.2 apm0: APM get power status: unknown error code? (83) apm0: flags 30102 dobusy 0 doidle 1 pcibios0 at bios0: rev 2.1 @ 0xf/0x1 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfeb00/240 (13 entries) pcibios0: PCI Interrupt Router at 000:31:0 (Intel 82801FB LPC rev 0x00) pcibios0: PCI bus #4 is the last bus bios0: ROM list: 0xc/0x9800! 0xc9800/0x2800 cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 Intel E7221 MCH Host rev 0x04 ppb0 at pci0 dev 1 function 0 Intel E7221 PCIE rev 0x04 pci1 at ppb0 bus 1 em0 at pci1 dev 0 function 0 Intel PRO/1000 PT (82571EB) rev 0x06: irq 11, add ress xx:xx:xx:xx:xx:xx em1 at pci1 dev 0 function 1 Intel PRO/1000 PT (82571EB) rev 0x06: irq 3, addr ess xx:xx:xx:xx:xx:xx vga1 at pci0 dev 2 function 0 Intel E7221 Video rev 0x04: aperture at 0xdff800 00, size 0x800 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) ppb1 at pci0 dev 28 function 0 Intel 82801FB PCIE rev 0x03 pci2 at ppb1 bus 2 bge0 at pci2 dev 0 function 0 Broadcom BCM5751 rev 0x01, BCM5750 A1 (0x4001): irq 11, address xx:xx:xx:xx:xx:xx brgphy0 at bge0 phy 1: BCM5750 10/100/1000baseT PHY, rev. 0 ppb2 at pci0 dev 28 function 1 Intel 82801FB PCIE rev 0x03 pci3 at ppb2 bus 3 ppb3 at pci0 dev 30 function 0 Intel 82801BA AGP rev 0xd3 pci4 at ppb3 bus 4 skc0 at pci4 dev 1 function 0 D-Link Systems DGE-560T_2 rev 0x11, Marvell Yuko n Lite (0x9): irq 10 sk0 at skc0 port A, address xx:xx:xx:xx:xx:xx eephy0 at sk0 phy 0: Marvell 88E1011 Gigabit PHY, rev. 5 skc1 at pci4 dev 2 function 0 D-Link Systems DGE-560T_2 rev 0x11, Marvell Yuko n Lite (0x9): irq 3 sk1 at skc1 port A, address xx:xx:xx:xx:xx:xx eephy1 at sk1 phy 0: Marvell 88E1011 Gigabit PHY, rev. 5 ichpcib0 at pci0 dev 31 function 0 Intel 82801FB LPC rev 0x03: PM disabled pciide0 at pci0 dev 31 function 1 Intel 82801FB IDE rev 0x03: DMA, channel 0 c onfigured to compatibility, channel 1 configured to compatibility atapiscsi0 at pciide0 channel 0 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: HL-DT-ST, CD-ROM GCR-8483B, 1.05 SCSI0 5/cdrom r emovable cd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2 pciide0: channel 1 ignored (disabled) pciide1 at pci0 dev 31 function 2 Intel 82801FR SATA rev 0x03: DMA, channel 0 configured to native-PCI, channel 1 configured to native-PCI pciide1: using irq 5 for native-PCI interrupt wd0 at pciide1 channel 0 drive 0: WDC WD1600JS-55NCB1 wd0: 16-sector PIO, LBA48, 152627MB, 312581808 sectors wd0(pciide1:0:0): using PIO mode 4, Ultra-DMA mode 5 wd1 at pciide1 channel 1 drive 0: Maxtor 6Y080M0 wd1: 16-sector PIO, LBA, 76293MB, 15625 sectors wd1(pciide1:1:0): using PIO mode 4, Ultra-DMA mode 5 ichiic0 at pci0 dev 31 function 3 Intel 82801FB SMBus rev 0x03: irq 10 iic0 at ichiic0 isa0 at ichpcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pcppi0 at isa0 port 0x61 midi0 at pcppi0: PC speaker spkr0 at pcppi0 lpt0 at isa0 port 0x378/4 irq 7 npx0 at isa0 port 0xf0/16: using exception 16 pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo biomask f765 netmask ff6d ttymask ffef pctr: user-level cycle counter enabled dkcsum: wd0 matches BIOS drive 0x80 dkcsum: wd1 matches BIOS drive 0x81 root on wd0a rootdev=0x0 rrootdev=0x300 rawdev=0x302
RE: AS path prepending [OpenBGPD]
neighbor $slowjoe {
remote-as
descr slowjoe
set localpref 100
set weight 45
announce self
announce IPv6 none
tcp md5sig passwd x
prepend-self 2
}
... right ?
And while I'm at it:
- if I wan't to make sure that $slowjoe is chosen as a last resort,
how
many times (0-9) should I prepend ?
See the combined explanation below...
- in short, how will the 'prepend-[self|neighbor]' attributes affect
the
'localpref' and/or 'weight' ?
It's my understanding that prepending excludes the 'weight'
decision-making so long as the paths being compared are no longer of
equal as-path length... so to answer your question 'how many times
should I prepend' I'd answer... 'as many times until the $slowjoe
as-path appears longer than the other carrier as-paths.' Keep checking a
looking glass (preferably $slowjoe's if they have one) for $slowjoe's
announcements of your blocks to be sure.
- In contrast to 'prepend-self' when should the 'prepend-neighbor'
attribute be used ?
It's also my understanding that if you are looking to make $slowjoe your
backup peer, then you could use 'prepend-self' for your outgoing
announcements, and 'prepend-neighbor' for their incoming announcements.
The former would make reachability to you via $slowjoe less attractive
than via other carriers you have, and the latter makes the routes you
receive from $slowjoe less attractive than routes you received from
other carriers... so imho, use both.
Thank you in advance.
/per
[EMAIL PROTECTED]
If I'm wrong about these statements, please let me know...
NFS over 2 PF firewalls with CARP/pfsync
I have 2 OpenBSD 4.0beta firewalls arranged in a CARP failover configuration with PFsync. It seems to work very well for everything except NFS. My ssh, remote desktop and telnet connections seem to survive a failover very nicely. Unfortunately we do a little NFS and have linux clients on one side and a netapp on one of the other interfaces. The linux clients are all fedora 5 making hard interuptable mounts using TCP with the netapp set to NFS version 3. When there is a failover any NFS file copy operation hangs and in fact the whole mount seems to hang and not come back even if I fail back to the first firewall. I can however immediately create a new mount. I cant find anything on the net about this. All I can find is info about clustered OpenBSD NFS servers. Is there something I can do on the NFS side of things or anything on the PF config side? Would mounts using UDP have this issue. Would NFS 4 be the solution. Unfortunately we only have one netapp and its live so experimenting is awkward. I was hoping I wasnt the first to try and do NFS across a redundant OpenBSD firewall. This is an internal firewall between departments not across the public internet! Any help or suggestions would be much appreciated. All the best, Sincerely, Alastair Johnson
Re: NFS over 2 PF firewalls with CARP/pfsync
On 8/17/06, Alastair Johnson [EMAIL PROTECTED] wrote: I have 2 OpenBSD 4.0beta firewalls arranged in a CARP failover configuration with PFsync. It seems to work very well for everything except NFS. My ssh, remote desktop and telnet connections seem to survive a failover very nicely. I've never tried it, but pf.conf(5) states that scrub (assuming you're scrubbing traffic) can cause problems with NFS unless 'no-df' keyword is specified.. I don't really know if that is related at all to what you're experiencing but figured I'd mention it. Kian
OT: BSDi 4.0 - 4.1
Can any of the BSD gurus here please tell me: - the relationship of the OS Formerly Known as BSDi to modern BSD's? - where I might be able to obtain reliable cuts of BSDi 4.0 | 4.1? Thank you! --- Jack J. Woehr Director of Development Absolute Performance, Inc. [EMAIL PROTECTED] 303-443-7000 ext. 527
Re: NFS over 2 PF firewalls with CARP/pfsync
From: Alastair Johnson I have 2 OpenBSD 4.0beta firewalls arranged in a CARP failover configuration with PFsync. It seems to work very well for everything except NFS. My ssh, remote desktop and telnet connections seem to survive a failover very nicely. [snip] Unfortunately we only have one netapp and its live so experimenting is awkward. I was hoping I wasnt the first to try and do NFS across a redundant OpenBSD firewall. This is an internal firewall between departments not across the public internet! Any help or suggestions would be much appreciated. Sounds to be along the lines of what I'd recently asked. http://marc.theaimsgroup.com/?l=openbsd-miscm=115513950532728w=2 I haven't found a really great answer to what I was looking at, which amounted to clients trying to access file handles on the new server that were only recognized in the context of the NFS session with the old server. Two ideas that were proposed to me were to use amd to access the NFS exports, and to set the NFS state directory to a shared medium so as to have common state information between nodes (also something about a -n switch to statd on that second one, but I can't find reference to statd anywhere...) DS
Re: NFS over 2 PF firewalls with CARP/pfsync
Kian Mohageri wrote: On 8/17/06, Alastair Johnson [EMAIL PROTECTED] wrote: I have 2 OpenBSD 4.0beta firewalls arranged in a CARP failover configuration with PFsync. It seems to work very well for everything except NFS. My ssh, remote desktop and telnet connections seem to survive a failover very nicely. I've never tried it, but pf.conf(5) states that scrub (assuming you're scrubbing traffic) can cause problems with NFS unless 'no-df' keyword is specified.. I don't really know if that is related at all to what you're experiencing but figured I'd mention it. Many thanks for the suggestion but I already had that: scrub in on em0 no-df scrub in on em1 no-df All the best, Sincerely, Alastair Johnson
looking for more altq docs (OpenBSD 3.9).
Hi,
Can anyone tell me it its possible to establish a group/table of queues and
assign each queue to 1 ip with an outbound rule without needing a rule for
each ip and respective queue? All I'm really looking for is a way to
guarantee a minimum bandwidth to each client on our network instead of using
a few queues for different types of traffic. Any docs or links would be
great. I've looked through the pf users guide and the pf, altq man pages.
We do plan to use RED.
Can I / How do I compact a series of rules like this?
pass out on int from to userA queue user1
pass out on int from to userB queue user2
...
pass out on int from to userC queue userA
...
pass out on int from to userFF queue userFF
To something more compact like this for the max amount of queues supported?
pass out on int from to {any of these users} queue {the queue thats
magically assigned to $user}
Is there a different shaping utility that would work better for what we need
to do?
--
Joe
[off topic] proliant DL380 G2 with LSI MegaRAID SCSI 320-2
Hi Folks, this is a bit off-topic, I know. I've got a Compaq (HP) ProLiant DL380 G2, which has an on-board Compaq Smart Array RAID controller. Unfortunately, the Smart Array (SA) 5i is not (yet) supported by bioctl(4). Thus I procured an LSI-Logic MegaRAID SCSI 320-2 controller and stuck it in. As soon as I have defined a logical drive on the MegaRAID controller *with* a valid boot block, the systems hangs in BIOS, just after the MegaRAID BIOS has printed its messages. It looks like this: BIOS Compaq Remote Insight (Hit [F8] to configure) (the above line comes from the system BIOS, just before it passes control to the MegaRAID BIOS) BIOS LSI MegaRAID BIOS Version G121 Dec 09, 2004 BIOS Copyright(c) 2004 LSI Logic Corp. BIOS HA -0 (Bus 7 Dev 4) MegaRAID SCSI 320-2 BIOS Standard FW 1L47 DRAM=12MB (SDRAM) BIOS 1 Logical Drives found on the host adapter. BIOS 1 Logical Drive(s) handled by BIOS BIOS Press CtrlM or ENTER to Run MegaRAID Configuration Utility BIOS or Press CtrlH for WebBIOS ***hang*** If I go into the configuration utility and delete the logical drive, the BIOS does not hang. If I disable the MegaRAID BIOS, the system BIOS also does not hang. I haven't verified it, but I'm pretty sure the system BIOS only hangs when a logical drive is configured *and* there is a valid boot block on the logical drive. In the ProLiant BIOS configuration, there are two menus related to boot order, a Standard Boot Order menu, where I can rearrange CDROM and Floppy (and nothing else), and a Boot Controller Order menu, where I can have: 1. Compaq Integrated Smart Array (SA) 2. Compaq Integrated PCI IDE controller (IDE) 3. RAID Mass Storage Controller (the MegaRAID) I can make the MegaRAID first and the SA last (the IDE cannot be moved), but it makes no difference. The SA appears in this menu even if it has been disabled from the PCI devices BIOS menu. I also tried removing the SA entirely (which involved flipping a SCSI Interlock Disable Switch in order to get the system to agree to power up). In this case the SA disappears from the Boot Controller Order menu, and the MegaRAID is fixed as the first device, but it STILL HANGS IN BIOS. sob. Does anyone have some magic ProLiant trick for getting this misable system to boot from the MegaRAID controller? Rob Urban
New Marvell/SysKonnect Gigabit driver
Last night I checked in a driver, msk(4), for the previously unsupported Marvell and SysKonnect Gigabit NICs. The driver works pretty well for me on the new Mac mini, but could really use some more testing, especially on different hardware. If you have such hardware please compile yourself a fresh kernel (or fetch tourself today's snapshot) and send me the dmesg, and a short report how well the driver works for you. Thanks, Mark
Re: OT: BSDi 4.0 - 4.1
On 8/17/06, Jack J. Woehr [EMAIL PROTECTED] wrote: Can any of the BSD gurus here please tell me: - the relationship of the OS Formerly Known as BSDi to modern BSD's? - where I might be able to obtain reliable cuts of BSDi 4.0 | 4.1? Thank you! Search the archives. This came across recently.
Re: OT: BSDi 4.0 - 4.1
On Aug 17, 2006, at 1:36 PM, Nick Guenther wrote: - the relationship of the OS Formerly Known as BSDi to modern BSD's? - where I might be able to obtain reliable cuts of BSDi 4.0 | 4.1? Search the archives. This came across recently. Hmm, don't find anything terribly recent, searched misc, tech, www ... However, from what I find on the web, I conclude: 1. BSDi is dead, Jim 2. Most of the talent folded into FreeBSD or OpenBSD 3. There are few or no ways in Hades to get a CDROM of 4.0/4.1 ``Never Mind'' --- Jack J. Woehr Director of Development Absolute Performance, Inc. [EMAIL PROTECTED] 303-443-7000 ext. 527
Re: OT: BSDi 4.0 - 4.1
thus Jack J. Woehr spake: On Aug 17, 2006, at 1:36 PM, Nick Guenther wrote: - the relationship of the OS Formerly Known as BSDi to modern BSD's? - where I might be able to obtain reliable cuts of BSDi 4.0 | 4.1? Search the archives. This came across recently. Hmm, don't find anything terribly recent, searched misc, tech, www ... However, from what I find on the web, I conclude: 1. BSDi is dead, Jim 2. Most of the talent folded into FreeBSD or OpenBSD NetBSD? :) 3. There are few or no ways in Hades to get a CDROM of 4.0/4.1 timo
Re: OT: BSDi 4.0 - 4.1
thus Jack J. Woehr spake: 3. There are few or no ways in Hades to get a CDROM of 4.0/4.1 eBay?
amd64 build machine needed for OpenOffice.Org
Hi everyone. I think everyone realized that we have OpenOffice imported to our ports tree (even if it is not built by default at the moment.) Currently the only supported arch is i386. If people want to have OpenOffice.Org on their amd64 boxes we need an amd64 build box. If someone has a spare one in Europe and can donate it to the project, please contact me. The other possibilty is to donate money so I can buy an amd64 machine here in Hungary. I've checked the prices and a useable configuration would cost about 500 EUR. If you want to help me getting this machine by sending some money, you can also contact me. Thank you for your support.
Re: NFS over 2 PF firewalls with CARP/pfsync
Spruell, Darren-Perot [EMAIL PROTECTED] wrote: Unfortunately we only have one netapp and its live so experimenting is awkward. I was hoping I wasnt the first to try and do NFS across a redundant OpenBSD firewall. This is an internal firewall between departments not across the public internet! Any help or suggestions would be much appreciated. Sounds to be along the lines of what I'd recently asked. Not really. Your problem is that the NFS server file handles and other attributes are not replicated between NFS servers (much like pfsync would replicate state tabless between pf firewalls). You need an application/kernel interfaces developed to accomplish this task. Alastair's problem is that his TCP mounts fail when the firewall changes, even though translations/states are supposed to be kept between the firewalls with pfsync. Without analyzing his network traffic or replicating his setup, it's hard to determine what is failing. Trying to simply the configration is the first thing I would do, at least to get a clearer picture of what's happening (Removing pf rules, scrub, moving from tcp mounts to udp, disable pf completely, etc)
Re: OT: BSDi 4.0 - 4.1
On Aug 17, 2006, at 2:49 PM, Diana Eichert wrote: thus Jack J. Woehr spake: 3. There are few or no ways in Hades to get a CDROM of 4.0/4.1 eBay? Speaking of Hades ... :-) --- Jack J. Woehr Director of Development Absolute Performance, Inc. [EMAIL PROTECTED] 303-443-7000 ext. 527
scan of /var/db/spamd failed
Hi all! I made a question yesterday, and had no answers. I think I gave poor informations. So, trying again. I'm having trouble with spamd on a OpenBSD 3.9 I am using spamd in greylisting mode, starting it on rc.conf like this: spamd_flags=-v -G 25:4:864 # for spamd_grey=YES # use spamd greylisting if YES The problem appears on /var/log/messages. It's giving messages saying: Aug 17 09:30:02 hostname spamd[4159]: scan of /var/db/spamd failed It i appears every minute. Always this same message. Looking the source code, it log is made by the function greyscanner on /usr/src/libexec/spamd/grey.c. It seems a problem while manipulating the data on the DB /var/db/spamd . Have you ever seem this error sometime? Could be a corrupted DB? Or its size (70MB)? Or, this list isn't the most apropriate to this question? :) Thanks for any help, Thiago.
newsyslog.conf help?
Hi, All my logs rotate as expected except 1, my amavisd.log. My newsyslog.conf file follows and I have the amavisd.log set up the same as the rest of them. I have no idea what's wrong, any suggestions? thanks, -- # # configuration file for newsyslog # # logfile_name owner:group mode count size when flags /var/cron/log root:wheel 600 3 10 * Z /var/log/aculog uucp:dialer 660 7 * 24Z /var/log/authlogroot:wheel 640 7 * 168 Z /var/log/daemon 640 5 30 * Z /var/log/lpd-errs 640 7 10 * Z /var/log/maillog600 7 * 24Z /var/log/messages 644 5 30 * Z /var/log/secure 600 7 * 168 Z /var/log/wtmp 644 7 * 168 ZB /var/log/xferlog640 7 250 * Z /var/log/ppp.log640 7 250 * Z /var/log/pflog 600 3 250 * ZB /var/run/pflogd.pid /var/amavisd/logs/amavisd.log _amavisd:_amavisd 644 5 * 24Z /var/amavisd/clamav/log/clamd.log _amavisd:_amavisd 644 5 * 168 Z ~ Charles Farinella Appropriate Solutions, Inc. (www.AppropriateSolutions.com) [EMAIL PROTECTED] 603.924.6079
Re: newsyslog.conf help?
can you port the output of syslogd -d? --Bryan On 17 Aug 2006 17:56:40 -0400, Charles Farinella [EMAIL PROTECTED] wrote: Hi, All my logs rotate as expected except 1, my amavisd.log. My newsyslog.conf file follows and I have the amavisd.log set up the same as the rest of them. I have no idea what's wrong, any suggestions? thanks, -- # # configuration file for newsyslog # # logfile_name owner:group mode count size when flags /var/cron/log root:wheel 600 3 10 * Z /var/log/aculog uucp:dialer 660 7 * 24Z /var/log/authlogroot:wheel 640 7 * 168 Z /var/log/daemon 640 5 30 * Z /var/log/lpd-errs 640 7 10 * Z /var/log/maillog600 7 * 24Z /var/log/messages 644 5 30 * Z /var/log/secure 600 7 * 168 Z /var/log/wtmp 644 7 * 168 ZB /var/log/xferlog640 7 250 * Z /var/log/ppp.log640 7 250 * Z /var/log/pflog 600 3 250 * ZB /var/run/pflogd.pid /var/amavisd/logs/amavisd.log _amavisd:_amavisd 644 5 * 24Z /var/amavisd/clamav/log/clamd.log _amavisd:_amavisd 644 5 * 168 Z ~ Charles Farinella Appropriate Solutions, Inc. (www.AppropriateSolutions.com) [EMAIL PROTECTED] 603.924.6079
Re: OT: BSDi 4.0 - 4.1
- where I might be able to obtain reliable cuts of BSDi 4.0 | 4.1? Forgoing reliable, there's always P2P (edonkey network). ed2k://|file|bsdi_4.1_install.nrg.zip|381105546|64BB9033949FF5F35825912C4C21C5AF|/
Re: OT: BSDi 4.0 - 4.1
Diana Eichert wrote: thus Jack J. Woehr spake: 3. There are few or no ways in Hades to get a CDROM of 4.0/4.1 eBay? I have 2 copies ... Any high bids?! -- Best regards, Chris Nothing improves an innovation like lack of controls.
Re: New Marvell/SysKonnect Gigabit driver
Mark Kettenis wrote: Last night I checked in a driver, msk(4), for the previously unsupported Marvell and SysKonnect Gigabit NICs. I couldn't wait to get home! I downloaded the latest snapshot (today's from ftp.openbsd.org) and burned cd40.iso to a CD-RW. I rebooted my Mac Mini (purchased from Apple's store in early March '06) and booted into the OpenBSD 4.0 beta boot CD (I did install the latest Boot Camp Beta-1.1 before rebooting). When it came to the USB ports, it still takes forever, but eventually gets through it (forever is measured in 10s of minutes). Then, I'm prompted to install, like usual. But, when I get to setting up the network, it detects msk0, but whether using DHCP or manual IP, the install process freezes and never (for small, meaning 10s of minutes, definitions of never) continues to the next step. Mark To be honest, I'm interested in having OpenBSD boot on my Intel Mac Mini, but it's not the most important thing ever. So I didn't bother to write down the DMESG and type it for you guys. Let me know if there's anything else I can test. I did try opting for (S)hell and running dhclient msk0, but I did not try manually IP'ing msk0 from (S)hell. Thanks for your efforts. -ME
Web access to sysctl hw.sensors
I'd like to be able to remotely observe my server's hardware health. I'd like to see my motherboard hardware sensors output from sysctl: $sysctl hw.sensors and I'd like to check on my RAID status with $sudo raidctl -s raid0 But... to get an web shell script (/var/www/cgi-bin/sensors.sh) containing sysctl hw.sensors to work, I had to turn off chroot (starting httpd with -u) (BTW using OBSD3.7-amd64) I saw the FAQ about chroot (www.openbsd.org/faq/faq10.html#httpdchroot) so I see the basics of what is required to move things into a chroot. So I was hoping to get opinion on: 1. Is there an easier way to remotely observe such hardware status? 2a. Is NOT chroot such a bad security hole vs. 2b. would converting sysctl to a apache chroot setup be even feasible? (I'm guessing not even possible considering it accesses the kernel) 3. To run raidctl, I have to sudo, since /dev/raid0a* permissions are crw-r- Is there a better way to view the RAID status over the web, vs. what are the security risks of changing the permission of /dev/raid0* Thanks for your thoughts. dmaus
Re: Web access to sysctl hw.sensors
On Fri, Aug 18, 2006 at 01:13:49AM +, Douglas Maus wrote: I'd like to be able to remotely observe my server's hardware health. snip I saw the FAQ about chroot (www.openbsd.org/faq/faq10.html#httpdchroot) so I see the basics of what is required to move things into a chroot. So I was hoping to get opinion on: 1. Is there an easier way to remotely observe such hardware status? 2a. Is NOT chroot such a bad security hole vs. 2b. would converting sysctl to a apache chroot setup be even feasible? (I'm guessing not even possible considering it accesses the kernel) 3. To run raidctl, I have to sudo, since /dev/raid0a* permissions are crw-r- Is there a better way to view the RAID status over the web, vs. what are the security risks of changing the permission of /dev/raid0* There are probably a lot of ways to accomplish this. The first that comes to mind is to schedule a cron job to put the information into the chroot. It wouldn't be real-time, but it could be close. -- Darrin Chandler| Phoenix BSD Users Group [EMAIL PROTECTED] | http://bsd.phoenix.az.us/ http://www.stilyagin.com/ |
Re: Web access to sysctl hw.sensors
On Fri, Aug 18, 2006 at 01:13:49AM +, Douglas Maus wrote:
1. Is there an easier way to remotely observe such hardware status?
SNMP (for better or worse) or any number of real monitoring products
do that for you; nagios and munin are both in ports.
If you really want to write your own, consider logging information
from hw.sensors to a file available in the chroot and running your
CGI on that.
--
o--{ Will Maier }--o
| web:...http://www.lfod.us/ | [EMAIL PROTECTED] |
*--[ BSD Unix: Live Free or Die ]--*
Re: newsyslog.conf help?
At 5:56 PM -0400 8/17/06, Charles Farinella wrote: Hi, All my logs rotate as expected except 1, my amavisd.log. My newsyslog.conf file follows and I have the amavisd.log set up the same as the rest of them. I have no idea what's wrong, any suggestions? Try running newsyslog by hand, and include the '-v' option, so you get a more verbose output of what it thinks is going on. That might be helpful. -- Garance Alistair Drosehn= [EMAIL PROTECTED] Senior Systems Programmer or [EMAIL PROTECTED] Rensselaer Polytechnic Instituteor [EMAIL PROTECTED]
Re: AS path prepending [OpenBGPD]
Claudio Jeker wrote:
On Thu, Aug 17, 2006 at 05:32:52PM +0200, Per Engelbrecht wrote:
Hi all,
(obsd3.8 / i386)
So fare I've used 'weight' and 'localpref' between our peers in order to
put one in favour of the other (mainly for pricing). Now I'm adding
third peer and wan't to use AS path prepending in ordet to compensate
for one of my old peer's inappropriate peering agreements in .eu making
the old peer a sort of backup peer only.
I expect that the attribute 'prepend-self' is the one I should use one
the peer I wan't to prepend/prefix/make less attractive, like:
neighbor $slowjoe {
remote-as
descr slowjoe
set localpref 100
set weight 45
announce self
announce IPv6 none
tcp md5sig passwd x
prepend-self 2
}
... right ?
Nope. prepend-self is an outgoing thing. You most probably need to use
prepend-neighbor.
And while I'm at it:
- if I wan't to make sure that $slowjoe is chosen as a last resort, how
many times (0-9) should I prepend ?
More than 5 is normaly not needed as the avarage path is about that long.
Normaly it is easier to use localpref to make a backup session only
eligible if no other route is aroung. Just lower the localpref of your
backup neighbor.
- in short, how will the 'prepend-[self|neighbor]' attributes affect the
'localpref' and/or 'weight' ?
The decision path is roughly like this:
1. nexthop
2. localpref
3. aspath lenght
4. origin
5. MED/metric
6. EBGP/IBGP
7. weight
- In contrast to 'prepend-self' when should the 'prepend-neighbor'
attribute be used ?
prepend-self is for outgoing filters (it adds your own AS) whereas
prepend-neighbor is for incomming filters (it adds the AS of the
neighbor). Prepend-self on incomming filters will render all sent prefixes
invalid because the aspath is not loop free.
Hi Claudio,
Just to make absolutely sure:
If I want to express a policy with prepend rules to prefer INCOMING
traffic via my better-connected $primetime peer and only use my
$slowjoe peer as a backup, I should do:
...
prepend-neighbor 5
...
If I want to express a policy with prepend rules to prefer OUTGOING
traffic via my better-connected $primetime peer and only use my $slowjoe
peer as a backup, I should do:
...
prepend-self 2
...
The last part of your reply: Prepend-self on incomming filters will
render all sent prefixes invalid because the as path is not loop free.
kind of confuses me, the filter-part that is.
Based on the syntax in bgpd.conf how can I (from what you're saying)
ever avoid creating a loop if/when using prepend-self ?
example:
neighbor $slowjoe {
remote-as
descr slowjoe
set localpref 100
set weight 45
announce self
announce IPv6 none
tcp md5sig passwd x
prepend-self 2
prepend-neighbor 5
}
... from what you're saying, I've just created at loop ?
I would appreciate you answer very much.
The best
/per
[EMAIL PROTECTED]
Thank you in advance.
/per
[EMAIL PROTECTED]
Re: Web access to sysctl hw.sensors
Douglas Maus wrote: I'd like to be able to remotely observe my server's hardware health. I recently wrote something that might help achieve what you want. It's a bit of a poor-man's SNMP with a slightly different target audience. It's still alpha, but the documentation is complete, making it usable ... I think: http://xsi.kolabore.ath.cx/ Only OpenBSD 3.9 and newer are supported, and it depends on textproc/libxml. Any feedback would be highly appreciated. and I'd like to check on my RAID status with $sudo raidctl -s raid0 XSI can't do that, yet ... looks easy enough to implement, though. For that to work, xsi would have to be a member of the operator group, however. I'll think about this, and how it should show up in the grammar. Moritz
