Re: Ideas on improving single connection bandwidth?
On Sat, 10 Mar 2007, Jeff Bromberger wrote: Scott Radvan wrote: On Fri, 09 Mar 2007 16:57:37 -0600 Jeff Bromberger [EMAIL PROTECTED] wrote: Hello, I have listed my dmesg and ifconfig at the end of this post for reference. The problem I'm having is that any ftp or lynx traffic to an external (ie. outside of my LAN) host comes in at 200KB/sec. Meanwhile, my Windows boxes which are on the same switch, router and cable modem, can pull down from the net at over 800KB/sec. I have swapped cables, tried different ports on the switch and done every other type of A/B test to no avail. I have also tried both physical nics on the off chance that I had a hardware issue with one of them. When I transfer between the OpenBSD machine and an XP machine over the gigabit ethernet (again using ftp) I get 7500KB/sec. That's obviously a lot better, but when I transfer between two XP machines (again with ftp) I get 17000KB/sec. But here's where it gets really weird (to me at least). I can run 3 ftp or lynx sessions at the same time and get 200KB/sec on each of them. So obviously the NIC, router, cable modem, etc. are capable of the total throughput that I'm after, but I can't seem to get it in any one connection. The throughput is always so close to 200KB/sec regardless of the client, server, server load, etc. that I can't help but think that there's some kind of throttling limitation in effect here. Of course the fact that the local LAN traffic is not limited to this rate blows that theory, unless the limitation is actually based on the media type (100MBit vs. 1000MBit). I'm pretty much out of ideas! Any thoughts? You might like to check your net.inet.tcp.recvspace and net.inet.tcp.sendspace sysctl settings, as mentioned here in the FAQ, Section 6.6.4. http://www.openbsd.org/faq/faq6.html#Tuning I saw a similar problem on my ADSL2+ line, until changing these particular parameters. With any luck, it will allow you to make full use of your connection speed and resolve the issues you are having. Wow, what a difference. THANK YOU so much. I'm now getting 700KB/sec instead of 200KB/sec. That's with those parameters set to 131072 instead of 16384 the default. I tried 256k and it didn't see to improve any more so I backed it back down. Thanks again! Jeff I'm seeing this also, The thing to watch for is high latency on a high bandwitdh line. When I switched provider, I was seeing lower throughput than my previous line, which actually had lower bandwitdh. My old line had a ping time to the first router of about 7ms, my current line has a ping time of 23ms to the first router. That sucks a bit for interactive work, bur it's cheap, and with the increased buffer size I get 15Mbit/s. -Otto
Re: Do you *need* to build -stable userland with a -stable kernel?
Excuse me if this sounds rude, but can you be a bit more precise about Yes, kernel- and user-land want to be in sync.. I mean, I have read the FAQ, it says -stable userland and packages must run on a -stable kernel... which is what I have now, I am running -stable userland on -stable kernel. But the part I want to fix/clarify here is the process of building the userland. Must -stable userland build by a -stable kernel? I have tried to build -stable userland with a -stable kernel, which crashed the system. The userland has already been build now with a -release kernel; and I have booted the system using -stable kernel, so it is indeed in sync as now. 2007/3/10, STeve Andre' [EMAIL PROTECTED]: On Saturday 10 March 2007 02:49:04 Sunnz wrote: Oh btw I am running -stable kernel now. But I had to run on -release kernel when I built the -stable userland. 2007/3/10, Sunnz [EMAIL PROTECTED]: Trying to follow 4.0-stable branch here. I have updated the source tree, and rebuilt the kernel. But I was not able to build the userland with -stable kernel, the make build process just hangs. I rebooted using -release kernel, which built userland successfully. But I am not sure if this is the right thing to do, or will there be problems in the future? You might be running, but you did something wrong, and I haven't the slightest idea if something is going to nip you in the ass later, or not. Yes, kernel- and user-land want to be in sync. That your system froze when using your new kernal says that the kernel wasn't built right. I know its frustrating, but you shoud start the process of building everything again. --STeve Andre' -- Please avoid sending me Word or PowerPoint attachments. See http://www.gnu.org/philosophy/no-word-attachments.html
Re: updating installed ports
Peter wrote: Are you serious? I thought that was only for straight packages. It actually fetches code from third party repositories? What 3rd party repositories? What are straight packages? --- Lars Hansson
Re: Do you *need* to build -stable userland with a -stable kernel?
On Saturday 10 March 2007 03:25:16 Sunnz wrote: Excuse me if this sounds rude, but can you be a bit more precise about Yes, kernel- and user-land want to be in sync.. I mean, I have read the FAQ, it says -stable userland and packages must run on a -stable kernel... which is what I have now, I am running -stable userland on -stable kernel. But the part I want to fix/clarify here is the process of building the userland. Must -stable userland build by a -stable kernel? I have tried to build -stable userland with a -stable kernel, which crashed the system. The userland has already been build now with a -release kernel; and I have booted the system using -stable kernel, so it is indeed in sync as now. You aren't being rude--I was being imprecise. The kernel- and user-land are seperate parts, but need to be in sync, meaning that when kernel changes are made, those changes can affect userland, so the two need to be updated together. When you compile a new kernel and boot with that you are out of sync, but normally works. When it doesn't the developers call a flag day, meaning that you may have to get a new snapshot of the system and use that, rather than compile. This doesn't happen that often, though. In your case, you compiled a new -stable kernel but found that it didn't work when compiling userland. Compiling the newer userland with the older kernel seems to have worked for you, but you don't really know--not really. In your case you might well be OK, but I'd be hesitant to run something production on it. I'd try the process again and figure out what you did wrong. I hope I wrote something readable this time. ;-) --STeve Andre'
Re: Do you *need* to build -stable userland with a -stable kernel?
Very well thanks for the explanation that's very kind of you. :) So essentially if things does not work, this could be a flag day and I could get a snapshot of compiled -stable userland somewhere? Maybe a more fundamental question... `make build` did not have any errors when it was done under the older kernel, so the userland should have been already been built have they? (Which means it should now be running stable kernel with stable userland.) Anyway, I have just rebuild the stable kernel, and if the my assumption above is true, then now I have just build the stable kernel with stable userland running on a stable kernel? Now I have rebooted again, running the kernel I just have built, and now running `make build` again... but now it is a bit different, since I am already on stable userland. (still waiting for it to finish.) 2007/3/10, STeve Andre' [EMAIL PROTECTED]: On Saturday 10 March 2007 03:25:16 Sunnz wrote: Excuse me if this sounds rude, but can you be a bit more precise about Yes, kernel- and user-land want to be in sync.. I mean, I have read the FAQ, it says -stable userland and packages must run on a -stable kernel... which is what I have now, I am running -stable userland on -stable kernel. But the part I want to fix/clarify here is the process of building the userland. Must -stable userland build by a -stable kernel? I have tried to build -stable userland with a -stable kernel, which crashed the system. The userland has already been build now with a -release kernel; and I have booted the system using -stable kernel, so it is indeed in sync as now. You aren't being rude--I was being imprecise. The kernel- and user-land are seperate parts, but need to be in sync, meaning that when kernel changes are made, those changes can affect userland, so the two need to be updated together. When you compile a new kernel and boot with that you are out of sync, but normally works. When it doesn't the developers call a flag day, meaning that you may have to get a new snapshot of the system and use that, rather than compile. This doesn't happen that often, though. In your case, you compiled a new -stable kernel but found that it didn't work when compiling userland. Compiling the newer userland with the older kernel seems to have worked for you, but you don't really know--not really. In your case you might well be OK, but I'd be hesitant to run something production on it. I'd try the process again and figure out what you did wrong. I hope I wrote something readable this time. ;-) --STeve Andre' -- Please avoid sending me Word or PowerPoint attachments. See http://www.gnu.org/philosophy/no-word-attachments.html
Re: Do you *need* to build -stable userland with a -stable kernel?
Oh of course, I did a `make clean` in /usr/src/sys/arch/i386/compile/GENERIC.MP/ and /usr/src and `rm -rf /usr/obj/*` before I start rebuild the kernel, userland. 2007/3/10, Sunnz [EMAIL PROTECTED]: Very well thanks for the explanation that's very kind of you. :) So essentially if things does not work, this could be a flag day and I could get a snapshot of compiled -stable userland somewhere? Maybe a more fundamental question... `make build` did not have any errors when it was done under the older kernel, so the userland should have been already been built have they? (Which means it should now be running stable kernel with stable userland.) Anyway, I have just rebuild the stable kernel, and if the my assumption above is true, then now I have just build the stable kernel with stable userland running on a stable kernel? Now I have rebooted again, running the kernel I just have built, and now running `make build` again... but now it is a bit different, since I am already on stable userland. (still waiting for it to finish.) 2007/3/10, STeve Andre' [EMAIL PROTECTED]: On Saturday 10 March 2007 03:25:16 Sunnz wrote: Excuse me if this sounds rude, but can you be a bit more precise about Yes, kernel- and user-land want to be in sync.. I mean, I have read the FAQ, it says -stable userland and packages must run on a -stable kernel... which is what I have now, I am running -stable userland on -stable kernel. But the part I want to fix/clarify here is the process of building the userland. Must -stable userland build by a -stable kernel? I have tried to build -stable userland with a -stable kernel, which crashed the system. The userland has already been build now with a -release kernel; and I have booted the system using -stable kernel, so it is indeed in sync as now. You aren't being rude--I was being imprecise. The kernel- and user-land are seperate parts, but need to be in sync, meaning that when kernel changes are made, those changes can affect userland, so the two need to be updated together. When you compile a new kernel and boot with that you are out of sync, but normally works. When it doesn't the developers call a flag day, meaning that you may have to get a new snapshot of the system and use that, rather than compile. This doesn't happen that often, though. In your case, you compiled a new -stable kernel but found that it didn't work when compiling userland. Compiling the newer userland with the older kernel seems to have worked for you, but you don't really know--not really. In your case you might well be OK, but I'd be hesitant to run something production on it. I'd try the process again and figure out what you did wrong. I hope I wrote something readable this time. ;-) --STeve Andre' -- Please avoid sending me Word or PowerPoint attachments. See http://www.gnu.org/philosophy/no-word-attachments.html -- Please avoid sending me Word or PowerPoint attachments. See http://www.gnu.org/philosophy/no-word-attachments.html
Re: Do you *need* to build -stable userland with a -stable kernel?
On Saturday 10 March 2007 02:49:04 Sunnz wrote: Oh btw I am running -stable kernel now. But I had to run on -release kernel when I built the -stable userland. 2007/3/10, Sunnz [EMAIL PROTECTED]: Trying to follow 4.0-stable branch here. I have updated the source tree, and rebuilt the kernel. But I was not able to build the userland with -stable kernel, the make build process just hangs. I rebooted using -release kernel, which built userland successfully. But I am not sure if this is the right thing to do, or will there be problems in the future? You might be running, but you did something wrong, and I haven't the slightest idea if something is going to nip you in the ass later, or not. Yes, kernel- and user-land want to be in sync. That your system froze when using your new kernal says that the kernel wasn't built right. I know its frustrating, but you shoud start the process of building everything again. --STeve Andre'
Re: Ideas on improving single connection bandwidth?
On 2007/03/09 16:57, Jeff Bromberger wrote: ppb0 at pci0 dev 1 function 0 ServerWorks HT-1000 PCI rev 0x00 bge0 at pci2 dev 3 function 0 Broadcom BCM5704C rev 0x10, BCM5704 B0 (0x2100): apic 3 int 8 (irq 9), address 00:30:48:5a:c5:e0 00:30:48 is Supermicro, HT1000 chipset... if that's an H8SSL then here are some clues which might not be directly relevant to your current problem (unless you run 'top' and have high interrupt% all the time) - but might come in useful if you have odd problems later (losing nics, lockups etc): These seem to work best with snapshots/4.1, acpi enabled, and updated BIOS (8SSL7156.ROM). Also, if you have problems with PCI-X devices (esp. newer intel quad em) corrupting data, try dropping the bus to X/66MHz via jumper. You might need to disable USB devices too (ohic/ehci) though I haven't had problems with that recently after doing the above...
Patching and/or updating
I've the stable branch of OpenBSD 4.0 on an i386 and am searching for a concise description of how to apply a patch and how to upgrade a specific application. Currently the FAQ[1] and Following Stable[2] have no concrete examples. (At least nothing that jumps out and bites me.) So what steps would I take to do the following? 1) Apply the time zone patch http://www.openbsd.org/errata40.html#timezone 2) Upgrade OpenSSH from 4.4 to 4.6? (If 4.6 is not in the stable branch, what is way with lowest maintenance possible to mix in individual applications?) Regards, -Lars [1] http://www.openbsd.org/faq/faq10.html#Patches [2] http://www.openbsd.org/stable.html Lars NoodC)n ([EMAIL PROTECTED]) Ensure access to your data now and in the future http://opendocumentfellowship.org/about_us/contribute
Re: updating installed ports
On Fri, Mar 09, 2007 at 11:08:30PM -0500, Peter wrote: Le Vendredi 9 Mars 2007 18:24, Joachim Schipper a ?crit?: On Fri, Mar 09, 2007 at 06:05:58PM -0500, Peter wrote: On 4.0, besides uninstalling ports, updating the ports tree, and re-installing is there any other way to do this? What is standard practice? # pkg_add -ui Are you serious? I thought that was only for straight packages. It actually fetches code from third party repositories? The pkg_add man page could be clearer but I see it now in ports(7). It appears we don't really understand each other. The standard way of updating installed packages is something like # export PKG_PATH=ftp://ftp.openbsd.org/pub/OpenBSD/snapshots/4.0/i386 # pkg_add -ui but you are right that this only updates packages. Yes, it does fetch stuff from third-party repositories if told to, so you could change PKG_PATH to point to one of your own machines (listing this machine first, and then the rest, doesn't work as one would like to, though). Of course, this covers only packages. Almost all ports produce packages that may be redistributed, but this is not always the case; if not, the standard procedure is more along the lines of # cd /usr/ports/archivers/freeze # make update or # cd /usr/ports/archivers/freeze # make package # pkg_add -ri /usr/ports/packages/i386/all/freeze-2.5.tgz which is equivalent, but gives you the time to run any test suites the port might have before installing it, etc. Also, is there any global way to change the default destination (/usr/ports/packages/arch/all) of the eventual binary package that is created when a port is installed? Yes, there certainly is. In such cases, first review ports(7), which doesn't contain the answer IIRC, and then bsd.port.mk(5), which does. Ok, got it. Thank you very much. No problem! Joachim
Re: Do you *need* to build -stable userland with a -stable kernel?
Please correct me if I am wrong... but I thought that if the same source and make file etc. was used, the kernel that was used to build it is irrelevant, i.e. the same version of gcc running or newer and older version of kernel should ultimately 'spit out' the same binary, given the same source, makefile, etc.?? No? BTW, `make build` has been completed, on the new kernel, new userland, without errors. 2007/3/10, STeve Andre' [EMAIL PROTECTED]: No, when things don't work, its MUCH more common that you messed something up, rather than a flag day or the developers messing up. ;-) Seriously, when I started compiling stuff I made all sorts of mistakes. I quickly learned that the vast majority of blunders were mine and mine alone. Flag days typically have notices put in misc@, and the FAQ. They don't happen that often. That the make build didn't get any errors is all well and good, but errors could still lurk. One example could be the 'ps' program: if the kernel data structures changed, ps may well have to be modified to deal with them. Having a mis-match between kernel and userland would then cause ps to do strange things. Thats one example, and it happened to me some time ago when I thought I could skip building a new kernel. If I am understanding you correctly, you've built userland on the older kernel, and are now building the kernel. This is backwards, and might work, but it isn't 'right'. Some would say You're on your own, not doing things the documented way. If you have another system to play on I'd suggest doing everything over again. It's late (or very early) where I am so I am off now. --STeve Andre' On Saturday 10 March 2007 04:03:20 Sunnz wrote: Oh of course, I did a `make clean` in /usr/src/sys/arch/i386/compile/GENERIC.MP/ and /usr/src and `rm -rf /usr/obj/*` before I start rebuild the kernel, userland. 2007/3/10, Sunnz [EMAIL PROTECTED]: Very well thanks for the explanation that's very kind of you. :) So essentially if things does not work, this could be a flag day and I could get a snapshot of compiled -stable userland somewhere? Maybe a more fundamental question... `make build` did not have any errors when it was done under the older kernel, so the userland should have been already been built have they? (Which means it should now be running stable kernel with stable userland.) Anyway, I have just rebuild the stable kernel, and if the my assumption above is true, then now I have just build the stable kernel with stable userland running on a stable kernel? Now I have rebooted again, running the kernel I just have built, and now running `make build` again... but now it is a bit different, since I am already on stable userland. (still waiting for it to finish.) 2007/3/10, STeve Andre' [EMAIL PROTECTED]: On Saturday 10 March 2007 03:25:16 Sunnz wrote: Excuse me if this sounds rude, but can you be a bit more precise about Yes, kernel- and user-land want to be in sync.. I mean, I have read the FAQ, it says -stable userland and packages must run on a -stable kernel... which is what I have now, I am running -stable userland on -stable kernel. But the part I want to fix/clarify here is the process of building the userland. Must -stable userland build by a -stable kernel? I have tried to build -stable userland with a -stable kernel, which crashed the system. The userland has already been build now with a -release kernel; and I have booted the system using -stable kernel, so it is indeed in sync as now. You aren't being rude--I was being imprecise. The kernel- and user-land are seperate parts, but need to be in sync, meaning that when kernel changes are made, those changes can affect userland, so the two need to be updated together. When you compile a new kernel and boot with that you are out of sync, but normally works. When it doesn't the developers call a flag day, meaning that you may have to get a new snapshot of the system and use that, rather than compile. This doesn't happen that often, though. In your case, you compiled a new -stable kernel but found that it didn't work when compiling userland. Compiling the newer userland with the older kernel seems to have worked for you, but you don't really know--not really. In your case you might well be OK, but I'd be hesitant to run something production on it. I'd try the process again and figure out what you did wrong. I hope I wrote something readable this time. ;-) --STeve Andre' -- Please avoid sending me Word or PowerPoint attachments. See http://www.gnu.org/philosophy/no-word-attachments.html -- Please avoid sending me Word or PowerPoint attachments. See http://www.gnu.org/philosophy/no-word-attachments.html
Re: Patching and/or updating
Hi Lars, Currently the FAQ[1] and Following Stable[2] have no concrete examples. (At least nothing that jumps out and bites me.) So what steps would I take to do the following? Read release(8) and follow that procedure. Build once, deploy at will. 2) Upgrade OpenSSH from 4.4 to 4.6? (If 4.6 is not in the stable branch, what is way with lowest maintenance possible to mix in individual applications?) If it's not in the stable branch, you don't want it. Stick to -stable. IIRC from a thread earlier this week, 4.6 will probably be merged with 4.0-stable, but you'll have to check the archives. HTH... Nico
Re: Do you *need* to build -stable userland with a -stable kernel?
Hi Sunnz, So essentially if things does not work, this could be a flag day and I could get a snapshot of compiled -stable userland somewhere? AFAIK, there are no flag days when following -stable. -stable rebuilds Just Work (TM). You probably messed up slightly somewhere along the line or have troubles with your hardware that haven't reached the surface yet. Good luck... Nico
Re: Do you *need* to build -stable userland with a -stable kernel?
No, when things don't work, its MUCH more common that you messed something up, rather than a flag day or the developers messing up. ;-) Seriously, when I started compiling stuff I made all sorts of mistakes. I quickly learned that the vast majority of blunders were mine and mine alone. Flag days typically have notices put in misc@, and the FAQ. They don't happen that often. That the make build didn't get any errors is all well and good, but errors could still lurk. One example could be the 'ps' program: if the kernel data structures changed, ps may well have to be modified to deal with them. Having a mis-match between kernel and userland would then cause ps to do strange things. Thats one example, and it happened to me some time ago when I thought I could skip building a new kernel. If I am understanding you correctly, you've built userland on the older kernel, and are now building the kernel. This is backwards, and might work, but it isn't 'right'. Some would say You're on your own, not doing things the documented way. If you have another system to play on I'd suggest doing everything over again. It's late (or very early) where I am so I am off now. --STeve Andre' On Saturday 10 March 2007 04:03:20 Sunnz wrote: Oh of course, I did a `make clean` in /usr/src/sys/arch/i386/compile/GENERIC.MP/ and /usr/src and `rm -rf /usr/obj/*` before I start rebuild the kernel, userland. 2007/3/10, Sunnz [EMAIL PROTECTED]: Very well thanks for the explanation that's very kind of you. :) So essentially if things does not work, this could be a flag day and I could get a snapshot of compiled -stable userland somewhere? Maybe a more fundamental question... `make build` did not have any errors when it was done under the older kernel, so the userland should have been already been built have they? (Which means it should now be running stable kernel with stable userland.) Anyway, I have just rebuild the stable kernel, and if the my assumption above is true, then now I have just build the stable kernel with stable userland running on a stable kernel? Now I have rebooted again, running the kernel I just have built, and now running `make build` again... but now it is a bit different, since I am already on stable userland. (still waiting for it to finish.) 2007/3/10, STeve Andre' [EMAIL PROTECTED]: On Saturday 10 March 2007 03:25:16 Sunnz wrote: Excuse me if this sounds rude, but can you be a bit more precise about Yes, kernel- and user-land want to be in sync.. I mean, I have read the FAQ, it says -stable userland and packages must run on a -stable kernel... which is what I have now, I am running -stable userland on -stable kernel. But the part I want to fix/clarify here is the process of building the userland. Must -stable userland build by a -stable kernel? I have tried to build -stable userland with a -stable kernel, which crashed the system. The userland has already been build now with a -release kernel; and I have booted the system using -stable kernel, so it is indeed in sync as now. You aren't being rude--I was being imprecise. The kernel- and user-land are seperate parts, but need to be in sync, meaning that when kernel changes are made, those changes can affect userland, so the two need to be updated together. When you compile a new kernel and boot with that you are out of sync, but normally works. When it doesn't the developers call a flag day, meaning that you may have to get a new snapshot of the system and use that, rather than compile. This doesn't happen that often, though. In your case, you compiled a new -stable kernel but found that it didn't work when compiling userland. Compiling the newer userland with the older kernel seems to have worked for you, but you don't really know--not really. In your case you might well be OK, but I'd be hesitant to run something production on it. I'd try the process again and figure out what you did wrong. I hope I wrote something readable this time. ;-) --STeve Andre' -- Please avoid sending me Word or PowerPoint attachments. See http://www.gnu.org/philosophy/no-word-attachments.html
Re: Mapping disk sector to file name
On Fri, Mar 09, 2007 at 09:40:40AM -0800, Ted Unangst wrote: then i'd modify fsck (or maybe write your own, it may be simpler) tool to start at the filesystem root and scan ahead until it finds an inode pointing to the bad block. If the bad blocks produce read errors then tar will tell you the file: tar cf /dev/null /bad_blocks_mount on a read error tar will print out the affected file name. -- Brett Lymn
Re: Patching and/or updating
Thanks. On Sat, 10 Mar 2007, Nico Meijer wrote: Read release(8) and follow that procedure. Build once, deploy at will. Building my own release looks useful when I deal with more machines later. I didn't this time so, so there is no /usr/src directory to work with. ie. The first step in that document fails: cd /usr/src cvs up -r OPENBSD_4_0 ksh: cd: /usr/src - No such file or directory However, it looks like the only way: Patches for the OpenBSD Operating System are ... NOT distributed in binary form. This means that to patch your system you must have the source code from the RELEASE version of OpenBSD readily available. In general, you should have the entire source tree available - http://www.openbsd.org/faq/faq10.html#Patches If it's not in the stable branch, you don't want it. Stick to -stable. Works for me. :) IIRC from a thread earlier this week, 4.6 will probably be merged with 4.0-stable, but you'll have to check the archives. Very nice. -Lars Lars NoodC)n ([EMAIL PROTECTED]) Ensure access to your data now and in the future http://opendocumentfellowship.org/about_us/contribute
strange configuration file
Hey folks, good morning. i have just remote installed one openbsd box. While doing initial configuration, i realized a strange file inside /etc tree. Every time i installed openbsd i had to create it by hand, it is resolv.conf.tail. Every other installation i had performed so far it never existed. Does anybody now what resolv.conf.tail means? Where did it come from ? Thanks in advance.
Re: strange configuration file
On Sat, Mar 10, 2007 at 09:22:02AM -0300, Gustavo Rios wrote: Does anybody now what resolv.conf.tail means? Where did it come from ? $ man resolv.conf.tail
Question about IP
Sorry for offtopic, but I'm trying to solve this myself and I can't find correct answer. I've googled, wikipedia-ied, etc. for hours now. And because in misc@ there are lot of people who understand IP, routing and all that stuff very well I decided to ask here. I'm solving quiz and question where I don't have certain answer is: Which of these IP addresses you will not find allocated to PC, which can work in internet through IP protocol? (you can choose only one variant) a: 192.168.0.3 b: 230.30.3.3 c: 2001:16c8:ffd7::b:33.255.3.2 d: 2001:16d8:ffd7::405 e: 10.40.20.0 f: fe80::2c0:26ff:2001:16d8 Variants a,c and d seems fine to me, but I'm not certain which of the rest - e (IPv4 ending with .0), b (IPv4 multicast) and f (IPv6 link-local) - would be most correct answer to this question? Thanks!
Re: Question about IP
On Sat, Mar 10, 2007 at 04:58:05PM +0200, Akin Nomad wrote: | Sorry for offtopic, but I'm trying to solve this myself and I can't | find correct answer. I've googled, wikipedia-ied, etc. for hours now. | And because in misc@ there are lot of people who understand IP, | routing and all that stuff very well I decided to ask here. | | I'm solving quiz and question where I don't have certain answer is: | | Which of these IP addresses you will not find allocated to PC, which | can work in internet through IP protocol? (you can choose only one | variant) | a: 192.168.0.3 | b: 230.30.3.3 | c: 2001:16c8:ffd7::b:33.255.3.2 | d: 2001:16d8:ffd7::405 | e: 10.40.20.0 | f: fe80::2c0:26ff:2001:16d8 | | Variants a,c and d seems fine to me, but I'm not certain which | of the rest - e (IPv4 ending with .0), b (IPv4 multicast) and f | (IPv6 link-local) - would be most correct answer to this question? Bogus question. First I'd say that these days, using the term IP protocol still refers to IPv4, not IPv6 or both v4 and v6. Second, I can configure all six addresses on my local machine and still access the internet through a 7th IP. a and e are RFC1918 private address space addresses so they should not be used on the internet (an IP address ending in 0 can easily be valid with a given netmask (say 255.255.0.0 in the case of e)). b is, like you already pointed out, IPv4 multicast. Where did you find this quiz ? It's total rubbish if you ask me. Cheers, Paul 'WEiRD' de Weerd -- [++-]+++.+++[---].+++[+ +++-].++[-]+.--.[-] http://www.weirdnet.nl/ [demime 1.01d removed an attachment of type application/pgp-signature]
ERR R and booting a compact flash card
I have a compact flash card that is giving an ERR R on boot. I have looked at the boot (http://www.openbsd.org/faq/faq14.html), which told me that my PBR was most likely messed. Unfortunately I am still at a loss as to how I screwed up. This is in a Soekris net4501 and the script used to create the image is here: http://webapp.gordonturner.ca/greenfrog/image.sh.txt (The script is based on flashdist, OpenSoekris and install.(sh,sub,md).) The problem arose as a result of trying to setup a new compact flash card. The 128mb cards used previously are longer big enough. It is entirely likely that I preformed an action on the previous 128mb cards waaay back when I started work on this project that I did not included in the script that allowed them to boot properly. Details: - OpenBSD 4.0 GENERIC - project website: http://webapp.gordonturner.ca/greenfrog/ - Writing attempted with a usb-cf adapter and a PCMCIA-cf adapter - Was using binaries packages and kernel from published cd - disklabel, fdisk and dmesg attached - boot from console on Soekris 4501 attached Any pointers and 'clue by fours' graciously accepted. Gordo. -- http://www.gordonturner.ca # dd if=soekris.img of=/dev/rsd0c bs=20m 24+1 records in 24+1 records out 519192576 bytes transferred in 659.159 secs (787658 bytes/sec) # disklabel sd0 # Inside MBR partition 3: type A6 start 63 size 1013985 # /dev/rsd0c: type: ESDI disk: vnd device label: soekris flags: bytes/sector: 512 sectors/track: 63 tracks/cylinder: 16 sectors/cylinder: 1008 cylinders: 1006 total sectors: 1014048 rpm: 3600 interleave: 1 trackskew: 0 cylinderskew: 0 headswitch: 0 # microseconds track-to-track seek: 0 # microseconds drivedata: 0 16 partitions: # sizeoffset fstype [fsize bsize cpg] a: 101398463 4.2BSD 2048 16384 328 # Cyl 0*- 1005* b: 1 1014047swap # Cyl 1005*- 1005 c: 1014048 0 unused 0 0 # Cyl 0 - 1005 # fdisk sd0 fdisk: sysctl(machdep.bios.diskinfo): Device not configured Disk: sd0 geometry: 1006/16/63 [1014048 Sectors] Offset: 0 Signature: 0xAA55 Starting Ending LBA Info: #: idC H S -C H S [ start: size ] 0: 000 0 0 -0 0 0 [ 0: 0 ] unused 1: 000 0 0 -0 0 0 [ 0: 0 ] unused 2: 000 0 0 -0 0 0 [ 0: 0 ] unused *3: A60 1 1 - 1005 15 63 [ 63: 1013985 ] OpenBSD # dmesg OpenBSD 4.0 (RAMDISK_CD) #39: Sat Sep 16 19:34:26 MDT 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/RAMDISK_CD cpu0: Intel(R) Pentium(R) D CPU 2.80GHz (GenuineIntel 686-class) 2.82 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,SSE3,DS-CPL,CX16 real mem = 267939840 (261660K) avail mem = 238141440 (232560K) using 3296 buffers containing 13500416 bytes (13184K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(ad) BIOS, date 12/03/05, BIOS32 rev. 0 @ 0xfd880, SMBIOS rev. 2.31 @ 0xe0010 (45 entries) bios0: VMware, Inc. VMware Virtual Platform apm0 at bios0: Power Management spec V1.2 apm0: flags 30102 dobusy 0 doidle 1 pcibios0 at bios0: rev 2.1 @ 0xfd880/0x780 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdf30/176 (9 entries) pcibios0: PCI Interrupt Router at 000:07:0 (Intel 82371FB ISA rev 0x00) pcibios0: PCI bus #1 is the last bus bios0: ROM list: 0xc/0x8000 0xc8000/0x1000 0xdc000/0x4000! 0xe/0x4000! cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 Intel 82443BX AGP rev 0x01 ppb0 at pci0 dev 1 function 0 Intel 82443BX AGP rev 0x01 pci1 at ppb0 bus 1 pcib0 at pci0 dev 7 function 0 Intel 82371AB PIIX4 ISA rev 0x08 pciide0 at pci0 dev 7 function 1 Intel 82371AB IDE rev 0x01: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility wd0 at pciide0 channel 0 drive 0: VMware Virtual IDE Hard Drive wd0: 64-sector PIO, LBA, 10240MB, 20971520 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2 atapiscsi0 at pciide0 channel 1 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: SONY, DVD-ROM DDU1621, S1.5 SCSI0 5/cdrom removable cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2 uhci0 at pci0 dev 7 function 2 Intel 82371AB USB rev 0x00: irq 9 usb0 at uhci0: USB revision 1.0 uhub0 at usb0 uhub0: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered Intel 82371AB Power rev 0x08 at pci0 dev 7 function 3 not configured vga1 at pci0 dev 15 function 0 VMware Virtual SVGA II rev 0x00 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) bha3 at pci0 dev 16 function 0 BusLogic MultiMaster rev 0x01: irq 11,
Re: ERR R and booting a compact flash card
On Sat, Mar 10, 2007 at 11:33:29AM -0500, Gordon Turner wrote: | I have a compact flash card that is giving an ERR R on boot. I have looked at | the boot (http://www.openbsd.org/faq/faq14.html), which told me that my PBR was | most likely messed. Unfortunately I am still at a loss as to how I screwed up. Check out the biosboot(8) manpage. This describes all possible error conditions from the biosboot program. Cheers, Paul 'WEiRD' de Weerd -- [++-]+++.+++[---].+++[+ +++-].++[-]+.--.[-] http://www.weirdnet.nl/ [demime 1.01d removed an attachment of type application/pgp-signature]
Re: Question about IP
First of all, thanks for replying and not trashing this mail. Bogus question. First I'd say that these days, using the term IP protocol still refers to IPv4, not IPv6 or both v4 and v6. Second, I can configure all six addresses on my local machine and still access the internet through a 7th IP. Yes, you can, but can you use all of them to get Internet connection? I can set e, but: on OpenBSD I can ping e and use it (route, use Internet) even when it's netmask is 255.255.255.0 (not 255.255.0.0 as you pointed), but I can't even ping it on other OS'es. (which is right? I guess the OpenBSD way, but why?) And b I can't nor ping, nor use (even on OpenBSD). How can you access internet through 7th IP? Isn't IPv6 link-local only available on direct links? a and e are RFC1918 private address space addresses so they should not be used on the internet (an IP address ending in 0 can easily be valid with a given netmask (say 255.255.0.0 in the case of e)). b is, like you already pointed out, IPv4 multicast. IMHO, a is ok, because it is valid IP, it is both routable and NAT-able. Or in other words, you can have Internet when your pc's IP is RFC1918. Where did you find this quiz ? It's total rubbish if you ask me. I find that question dumb, too. It's in one vortal, in country I live (ex-USSR). The author is complete moron. He even got named selfish-bastard IRL by RMS in conference about patents. The problem with this question is that I have to answer it, I have to choose only one variant and I must do it in next ~12 hours. Which would you choose? If I must choose one, I would take b, because it seems the right one. Of what I know about multicast - that IP is not usable, it's just virtual (as orientier) and only routers deal with them, but no PCs use it as it's IP. Please correct me if I'm wrong.
Re: Question about IP
Akin Nomad wrote: Which of these IP addresses you will not find allocated to PC, which can work in internet through IP protocol? (you can choose only one variant) a: 192.168.0.3 b: 230.30.3.3 c: 2001:16c8:ffd7::b:33.255.3.2 d: 2001:16d8:ffd7::405 e: 10.40.20.0 f: fe80::2c0:26ff:2001:16d8 Variants a,c and d seems fine to me, but I'm not certain which of the rest - e (IPv4 ending with .0), b (IPv4 multicast) and f (IPv6 link-local) - would be most correct answer to this question? It's a bad question (is it a Cisco certification by any chance?) I'm going to split hairs and guess the key word is allocated which infers exclusive. So I'd choose (b), since the address represents a group which would be joined by zero or more hosts. As far as I can tell all of the other addresses are valid unicast. Weak question = Weak answer.
Re: updating installed ports
On 3/10/07, Joachim Schipper [EMAIL PROTECTED] wrote: On Fri, Mar 09, 2007 at 11:08:30PM -0500, Peter wrote: Le Vendredi 9 Mars 2007 18:24, Joachim Schipper a ?crit?: On Fri, Mar 09, 2007 at 06:05:58PM -0500, Peter wrote: On 4.0, besides uninstalling ports, updating the ports tree, and re-installing is there any other way to do this? What is standard practice? # pkg_add -ui Are you serious? I thought that was only for straight packages. It actually fetches code from third party repositories? The pkg_add man page could be clearer but I see it now in ports(7). It appears we don't really understand each other. The standard way of updating installed packages is something like # export PKG_PATH=ftp://ftp.openbsd.org/pub/OpenBSD/snapshots/4.0/i386 # pkg_add -ui but you are right that this only updates packages. Yes, it does fetch stuff from third-party repositories if told to, so you could change PKG_PATH to point to one of your own machines (listing this machine first, and then the rest, doesn't work as one would like to, though). Of course, this covers only packages. Almost all ports produce packages that may be redistributed, but this is not always the case; if not, the standard procedure is more along the lines of # cd /usr/ports/archivers/freeze # make update or # cd /usr/ports/archivers/freeze # make package # pkg_add -ri /usr/ports/packages/i386/all/freeze-2.5.tgz which is equivalent, but gives you the time to run any test suites the port might have before installing it, etc. I had similar questions I hadn't gotten around to figuring out yet. These suggestions were exactly what I was looking for. Greg
Re: spamd unnecessarily abrasive?
On Tue, Feb 20, 2007 at 02:16:49PM +0100, the unit calling itself Peter N. M. Hansteen wrote: Isn't this a bit over the top? Well, people don't read these strings at all unless they're looking at spamd source code or doing a telnet yourhost.tld smtp for debugging purposes. The message you quote here is essentially just a preserved version of the telnet to smtp case. So - are you saying that these strings will never show up in the headers of an email message returned to a legitimate sender? FWIW, this is a sincere question. Occasionally, I have legit business contacts that report their messages to me don't get delivered. I would not want potentially offensive messages to show up in the headers of their bounced messages. Thanks, Jay
Re: spamd unnecessarily abrasive?
On 3/10/07, J Moore [EMAIL PROTECTED] wrote: On Tue, Feb 20, 2007 at 02:16:49PM +0100, the unit calling itself Peter N. M. Hansteen wrote: Isn't this a bit over the top? Well, people don't read these strings at all unless they're looking at spamd source code or doing a telnet yourhost.tld smtp for debugging purposes. The message you quote here is essentially just a preserved version of the telnet to smtp case. So - are you saying that these strings will never show up in the headers of an email message returned to a legitimate sender? No. Headers and message are sent in the SMTP DATA portion. The communications in the delivery setup are outside of that. FWIW, this is a sincere question. Occasionally, I have legit business contacts that report their messages to me don't get delivered. I would not want potentially offensive messages to show up in the headers of their bounced messages. Considering that a greylisted or blacklisted delivery by definition never reaches the MTA, there's nothing about spamd to result in bounces in the first place. DS
Re: ERR R and booting a compact flash card
On Sat, 10 Mar 2007 17:31:54 +0100, Paul de Weerd [EMAIL PROTECTED] wrote: On Sat, Mar 10, 2007 at 11:33:29AM -0500, Gordon Turner wrote: | I have a compact flash card that is giving an ERR R on boot. I have looked at | the boot (http://www.openbsd.org/faq/faq14.html), which told me that my PBR was | most likely messed. Unfortunately I am still at a loss as to how I screwed up. Check out the biosboot(8) manpage. This describes all possible error conditions from the biosboot program. Absolutely, which includes: --SNIP from biosboot-- When biosboot receives control from either the BIOS or the master boot record (MBR) it will print the message: Loading followed by a dot for every filesystem block it attempts to load. If /boot is loaded successfully, biosboot will put the cursor on the next line just before transferring control to the newly-loaded program. --SNIP from biosboot-- --SNIP from biosboot-- ERR RRead error. The BIOS returned an error indication when biosboot attempted to read a disk sector. This might be any media error, including bad sectors (common on floppy disks), and invalid sec- tors (can occur with bad geometry translations). --SNIP from biosboot-- Which of course is what I am seeing. Based on pluging the cf card in the soekris, I get what I believe to be the correct geometry, which is confirmed by disklabel when the card is in the cf reader. CYLINDERS=1006 HEADS=16 SECTORSPERTRACK=63 1. Is there any way of getting more diagonstic information? Turning kernel logging on? 2. Is this consistent with getting the CHS geometry of the compact flash card wrong? Thanks! Gord Turner.
Re: spamd unnecessarily abrasive?
On 3/10/07, Darren Spruell [EMAIL PROTECTED] wrote: On 3/10/07, J Moore [EMAIL PROTECTED] wrote: ... So - are you saying that these strings will never show up in the headers of an email message returned to a legitimate sender? No. Headers and message are sent in the SMTP DATA portion. The communications in the delivery setup are outside of that. They (the text in SMTP responses) won't show up in the headers, but they may show up in the body of DSNs or bounces generated by the client. Yes, that can happen even when the response is a 4xy temporary failure if the client has hit its report delay timeout or give up completely timeout for delivery attempts. That won't occur under normal circumstances with normal timeouts, but let's imagine that connectivity to your mailserver was disrupted for a day (backhoe induced fadeout?); clients may hit their delay timeout right after their first chance to connect to you. Unlikely, but possible. Philip Guenther
Re: spamd unnecessarily abrasive?
On 3/10/07, Philip Guenther [EMAIL PROTECTED] wrote: On 3/10/07, Darren Spruell [EMAIL PROTECTED] wrote: On 3/10/07, J Moore [EMAIL PROTECTED] wrote: ... So - are you saying that these strings will never show up in the headers of an email message returned to a legitimate sender? No. Headers and message are sent in the SMTP DATA portion. The communications in the delivery setup are outside of that. They (the text in SMTP responses) won't show up in the headers, but they may show up in the body of DSNs or bounces generated by the client. Yes, that can happen even when the response is a 4xy temporary failure if the client has hit its report delay timeout or give up completely timeout for delivery attempts. That won't occur under normal circumstances with normal timeouts, but let's imagine that connectivity to your mailserver was disrupted for a day (backhoe induced fadeout?); clients may hit their delay timeout right after their first chance to connect to you. Unlikely, but possible. I'm referring to the HELO/EHLO, RCPT TO, and MAIL FROM verbs. Under no circumstances I'm aware of will you see the output of these verbs in a bounce message. Is this not so? DS
Re: Do you *need* to build -stable userland with a -stable kernel?
On 3/10/07, Sunnz [EMAIL PROTECTED] wrote: Please correct me if I am wrong... but I thought that if the same source and make file etc. was used, the kernel that was used to build it is irrelevant, i.e. the same version of gcc running or newer and older version of kernel should ultimately 'spit out' the same binary, given the same source, makefile, etc.?? No? BTW, `make build` has been completed, on the new kernel, new userland, without errors. [...] I think there is a bit of misunderstanding here. The rules STeve stated apply if you track -current, which is not what you do. There are never any flag days on -stable and no snapshots. If your system crashed (as in kernel panic) while building -stable on a -release system I would start to investigate the hardware (depending on the exact nature of the crash). If you get compilation errors then most likely you did something bad. At this point since we have no details on the error you obtained (or even which arch you are on), I can not help you further. As for having a stable system, if you sucessfully build the userland and the kernel from the same sources without rebooting or voodoo in between, you should be fine. -- I'm trying to launch the internet; so I open a terminal and go percent sign 'Internet' at the prompt and it doesn't work. What gives??!! -- random troll
Re: Patching and/or updating
On 3/10/07, Lars D. NoodC)n [EMAIL PROTECTED] wrote: Thanks. On Sat, 10 Mar 2007, Nico Meijer wrote: Read release(8) and follow that procedure. Build once, deploy at will. Building my own release looks useful when I deal with more machines later. I didn't this time so, so there is no /usr/src directory to work with. ie. The first step in that document fails: cd /usr/src cvs up -r OPENBSD_4_0 ksh: cd: /usr/src - No such file or directory How about mkdir /usr/src and then going on with the rest? This should be obvious. However, it looks like the only way: Patches for the OpenBSD Operating System are ... NOT distributed in binary form. This means that to patch your system you must have the source code from the RELEASE version of OpenBSD readily available. In general, you should have the entire source tree available - http://www.openbsd.org/faq/faq10.html#Patches If it's not in the stable branch, you don't want it. Stick to -stable. Works for me. :) IIRC from a thread earlier this week, 4.6 will probably be merged with 4.0-stable, but you'll have to check the archives. Very nice. -Lars Lars NoodC)n ([EMAIL PROTECTED]) Ensure access to your data now and in the future http://opendocumentfellowship.org/about_us/contribute -- I'm trying to launch the internet; so I open a terminal and go percent sign 'Internet' at the prompt and it doesn't work. What gives??!! -- random troll
Re: spamd unnecessarily abrasive?
On 3/10/07, Darren Spruell [EMAIL PROTECTED] wrote: On 3/10/07, Philip Guenther [EMAIL PROTECTED] wrote: ... They (the text in SMTP responses) won't show up in the headers, but they may show up in the body of DSNs or bounces generated by the client. Yes, that can happen even when the response is a 4xy temporary failure if the client has hit its report delay timeout or give up completely timeout for delivery attempts. That won't occur under normal circumstances with normal timeouts, but let's imagine that connectivity to your mailserver was disrupted for a day (backhoe induced fadeout?); clients may hit their delay timeout right after their first chance to connect to you. Unlikely, but possible. I'm referring to the HELO/EHLO, RCPT TO, and MAIL FROM verbs. Under no circumstances I'm aware of will you see the output of these verbs in a bounce message. Is this not so? Don't read many bounces, eh? Bounce messages *normally* contain the complete output from the last command sent for a recipient on the most recent delivery attempt. That is, if the delivery attempt failed (or was delayed past the delay timeout) by a 4xy or 5xy response to the MAIL FROM, the complete text of that response will be included in the bounce message. Ditto for RCPT TO, and I would expect the same of HELO/EHLO. For example, here's the text/plain part from the top of a random joe-job bounce spam from my quarantine... The original message was received at Mon, 19 Feb 2007 06:04:48 -0600 from XXX.YYY.com [##.##.##.##] - The following addresses had permanent fatal errors - 550 User account is over quota. Mailbox full. (reason: 550 5.1.1 User unknown) (expanded from: [EMAIL PROTECTED]) - Transcript of session follows - 550 5.1.1 550 User account is over quota. Mailbox full User unknown That sure looks like a response from a RCPT TO command to me. I vaguely recall seeing the text of the *successful* commands before a failed RCPT on occasion too, though I may be confusing that with how MH handled failed submission attempts... Philip Guenther
Re: OpenSSH ciphers
On Sat, 10 Mar 2007, Lars D. NoodC)n wrote: Hopefully this is not too off topic, but I wonder where I can find the authoritative 'homepages' for the ciphers used in OpenSSH: AES, 3DES, Blowfish, Arcfour, and CAST128 The search engines turn out lame references to wikipedia or wikipedia clones or to marketeering non-information. I'm looking for the specs or, better, the web page for the specs maintainers. The ssh manual page contains a lot or references, all RFCs that are publicly available. RFC 4344 contains the specs of the encryption modes, including so called normative and informative references. -Otto
Re: Question about IP
On Sat, 10 Mar 2007, Steve Welham wrote: Akin Nomad wrote: Which of these IP addresses you will not find allocated to PC, which can work in internet through IP protocol? (you can choose only one variant) a: 192.168.0.3 b: 230.30.3.3 c: 2001:16c8:ffd7::b:33.255.3.2 d: 2001:16d8:ffd7::405 e: 10.40.20.0 f: fe80::2c0:26ff:2001:16d8 Variants a,c and d seems fine to me, but I'm not certain which of the rest - e (IPv4 ending with .0), b (IPv4 multicast) and f (IPv6 link-local) - would be most correct answer to this question? It's a bad question (is it a Cisco certification by any chance?) I'm going to split hairs and guess the key word is allocated which infers exclusive. So I'd choose (b), since the address represents a group which would be joined by zero or more hosts. As far as I can tell all of the other addresses are valid unicast. Weak question = Weak answer. To me it just looks like a badly translated exam or homework question. I think we shouldn't answer those. -Otto
Re: ERR R and booting a compact flash card
On Sat, Mar 10, 2007 at 02:24:13PM -0500, Gordon Turner wrote: | --SNIP from biosboot-- | ERR RRead error. The BIOS returned an error indication when biosboot | attempted to read a disk sector. This might be any media error, | including bad sectors (common on floppy disks), and invalid sec- | tors (can occur with bad geometry translations). | --SNIP from biosboot-- I'm not sure, but it looks like you missed this part, may be of significance : If this error occurs during an LBA boot (no `;' after ``Loading''), then a CHS boot may succeed. To do this, you should reboot, then hold down either Shift key before biosboot starts. You should see a `!' before ``Loading'' as confirmation that your override was accepted. | CYLINDERS=1006 | HEADS=16 | SECTORSPERTRACK=63 | | 1. Is there any way of getting more diagonstic information? Turning kernel logging on? biosboot(8) runs before the kernel is loaded, so no luck there. | 2. Is this consistent with getting the CHS geometry of the compact flash card wrong? Try the workaround from the manpage, post back if that makes a difference. Cheers, Paul 'WEiRD' de Weerd -- [++-]+++.+++[---].+++[+ +++-].++[-]+.--.[-] http://www.weirdnet.nl/ [demime 1.01d removed an attachment of type application/pgp-signature]
Re: spamd unnecessarily abrasive?
J Moore [EMAIL PROTECTED] writes: So - are you saying that these strings will never show up in the headers of an email message returned to a legitimate sender? The way spamd works your message does not get handled by a real smtp daemon until it clears greylisting, in contrast to the various greylisting MTA plugins (postgrey which lives inside postfix adds a rather verbose message to headers IIRC). bsdly.net runs spamd, so studying your logs or inbox to fish out any reference to the message I'm answering now will produce the answer you are looking for. Did the delivery of this message produce anything you would rather not have your friends or customers to see? FWIW, this is a sincere question. Occasionally, I have legit business contacts that report their messages to me don't get delivered. I would not want potentially offensive messages to show up in the headers of their bounced messages. False postitives are bad, bad, bad. I would not want to make any sweeping assertions without studying your setup, but I suspect you are either bit by side effects of a badly maintained blacklist or the senders whos mail isn't getting delivered misconfigured mail servers which do not retry properly. Cheers, -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://www.blug.linux.no/rfc1149/ http://www.datadok.no/ http://www.nuug.no/ First, we kill all the spammers The Usenet Bard, Twice-forwarded tales delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: Wireless PCI card recommendation needed
Thomas Mullins wrote: We are going to build a wireless network using OpenBSD. I have looked at http://www.openbsd.com/i386.html#hardware to see the supported wireless PCI cards. Could someone please recommend an 802.11g card that has a stronger transmit power? Or another card they have had good success with? If you can't find a card with the transmit power you want, you may be able to get the range you're looking for from antenna gain and type. I'm using the Linksys WMP54G v4 wireless card with the ral driver. I had problems with weak signal. I improved it greatly by using the Hawking HSB2 Signal Booster, along with a Linksys high gain antenna. It now runs in 802.11g mode at 54Mb Now I have a decently supported card, with reasonable range and am satisfied with the performance. Ed
Re: spamd unnecessarily abrasive?
On Sat, Mar 10, 2007 at 11:29:04PM +0100, Peter N. M. Hansteen wrote: J Moore [EMAIL PROTECTED] writes: So - are you saying that these strings will never show up in the headers of an email message returned to a legitimate sender? The way spamd works your message does not get handled by a real smtp daemon until it clears greylisting, in contrast to the various greylisting MTA plugins (postgrey which lives inside postfix adds a rather verbose message to headers IIRC). bsdly.net runs spamd, so studying your logs or inbox to fish out any reference to the message I'm answering now will produce the answer you are looking for. Did the delivery of this message produce anything you would rather not have your friends or customers to see? I suspect I'm not the only person who's had the spamd messages come back from someone who's message didn't come through. While in normal circumstances these messages don't show, there are enough email providers out there (large, commonly used ones) that retry a given email in a round-robin fashion through a pool of outgoing servers. Since that won't ever whitelist they get the usual 4 hour warning, and later the bounce. In the handful of cases I've personally dealt with, it hasn't caused more than a slight embarassment. *Slight* because the messages aren't really abrasive, but they do raise an eyebrow. But the point is... legitimate senders *do* see these messages in certain circumstances. -- Darrin Chandler | Phoenix BSD Users Group [EMAIL PROTECTED] | http://bsd.phoenix.az.us/ http://www.stilyagin.com/darrin/ |
Re: spamd unnecessarily abrasive?
Darrin Chandler [EMAIL PROTECTED] writes: I suspect I'm not the only person who's had the spamd messages come back from someone who's message didn't come through. While in normal circumstances these messages don't show, there are enough email providers out there (large, commonly used ones) that retry a given email in a round-robin fashion through a pool of outgoing servers. Since that won't ever whitelist they get the usual 4 hour warning, and later the bounce. That does happen in cases where the retries for a message come from a different IP address than the original delivery attempt. It had slipped my mind (it's been a while since I had it happen), but as you are correctly pointing out there are some sites which are problematic for that reason. For some reason Gmail appears to be a special case - they appear to have their outgoing severs spread thinly over several address ranges, but they tend to get through anyway. Then again, it's likely you end up whitelisting the affected networks once you identify them. -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://www.blug.linux.no/rfc1149/ http://www.datadok.no/ http://www.nuug.no/ First, we kill all the spammers The Usenet Bard, Twice-forwarded tales delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: updating installed ports
Le Samedi 10 Mars 2007 03:43, Lars Hansson a icrit : Peter wrote: Are you serious? I thought that was only for straight packages. It actually fetches code from third party repositories? What 3rd party repositories? What are straight packages? AFAIK, In this context, a 3rd party repository is a place that dishes out code that is independent of OpenBSD. I just installed the unarj port and I remember it downloading stuff from some weird Russian site. I guess that's one example. A straight package is a binary kit that is put together by the OpenBSD team. Not one that is subsequently built by the port system. Pedro
slow dvd copy on 4.1
I'm copying some stuff from a dvd+rw and getting just about 4 MB/s. I can set/tune something to increase this? Using another BSD (nbsd/fbsd) i get the normal throughput, about 20 MB/s. OpenBSD 4.1 (GENERIC) #1434: Thu Mar 8 22:56:57 MST 2007 wd0 at pciide0 channel 0 drive 0: Maxtor 6Y120L0 wd0: 16-sector PIO, LBA, 117246MB, 240121728 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 6 cd0 at scsibus0 targ 0 lun 0: HL-DT-ST, DVD-RAM GSA-H20N, 1.01 SCSI0 5/cdrom removable cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2 Thanks in advance.
IPcomp - bad-ip-version-2 *or* gre-proto-0x100 proto 47 unreachable
have two machines with hifn 7955 in them, trying to get IPcomp working across an existing esp tunnel. local is 4.1 current from mar.7; remote is 4.0 stable. there are other peers currently in the IPsec ESP bandwagon, but these two are the only ones i'm trying IPcomp with, because they're the only ones with hifn(4)s and when i try IPcomp with 'comp deflate' it still gives that 'XFORM for no TBD received' stuff from a while ago. these two peers work fine with i don't try to do IPcomp and just run them like i normally configure things (without the extra IPcomp layer in between the bgp layer and the ESP layer). ike esp \ from 172.16.7.30 to 172.16.196.1 peer remote public ip\ main auth hmac-sha1 enc aes group modp2048 life 7200 \ quick auth hmac-sha1 enc aes group modp2048 life 7200 \ psk blahblahblah flow ipcomp from 172.18.7.196 to 172.18.196.7 type use ipcomp from 172.18.7.196 to 172.18.196.7 spi 0x07c4 comp lzs ipcomp from 172.18.196.7 to 172.18.7.196 spi 0xc407 comp lzs enc0: flags=41UP,RUNNING mtu 1536 inet 172.16.7.30 netmask 0x gre70196: flags=9011UP,POINTOPOINT,LINK0,MULTICAST mtu 1476 groups: gre physical address inet 172.18.7.196 -- 172.18.196.7 inet6 fe80::200:24ff:fec4:3e6c%gre70196 - prefixlen 64 scopeid 0xe inet 172.17.7.196 -- 172.17.196.7 netmask 0x gre77: flags=9111UP,POINTOPOINT,PROMISC,LINK0,MULTICAST mtu 1476 groups: gre physical address inet 172.16.7.30 -- 172.16.196.1 inet6 fe80::200:24ff:fec4:3e6c%gre77 - prefixlen 64 scopeid 0x12 inet 172.18.7.196 -- 172.18.196.7 netmask 0x yielding: FLOWS: @0 flow esp in from 172.16.196.1 to 172.16.7.30 peer remote public ip srcid local public ip/32 dstid remote public ip/32 type use @1 flow esp out from 172.16.7.30 to 172.16.196.1 peer remote public ip srcid local public ip/32 dstid remote public ip/32 type require @2 flow esp in for unrelated other peer @3 flow esp out for unrelated other peer @4 flow ipcomp in from 172.18.196.7 to 172.18.7.196 peer 172.18.196.7 type use @5 flow ipcomp out from 172.18.7.196 to 172.18.196.7 peer 172.18.196.7 type use SAD: @0 ipcomp tunnel from 172.18.7.196 to 172.18.196.7 spi 0x07c4 enc lzs sa: cpi 0x07c4 comp lzs state mature replay 0 flags 4 lifetime_cur: alloc 0 bytes 5929222 add 1173583406 first 1173583408 address_src: 172.18.7.196 address_dst: 172.18.196.7 lifetime_lastuse: alloc 0 bytes 0 add 0 first 1173589170 @0 ipcomp tunnel from 172.18.196.7 to 172.18.7.196 spi 0xc407 enc lzs sa: cpi 0xc407 comp lzs state mature replay 0 flags 4 lifetime_cur: alloc 0 bytes 4698191 add 1173583406 first 1173583406 address_src: 172.18.196.7 address_dst: 172.18.7.196 lifetime_lastuse: alloc 0 bytes 0 add 0 first 1173589170 @0 esp tunnel from local public ip to remote public ip spi 0x13b6897b auth hmac-sha1 enc aes sa: spi 0x13b6897b auth hmac-sha1 enc aes state mature replay 16 flags 4 lifetime_cur: alloc 0 bytes 84584 add 1173589006 first 1173589007 lifetime_hard: alloc 0 bytes 0 add 1200 first 0 lifetime_soft: alloc 0 bytes 0 add 1080 first 0 address_src: local public ip address_dst: remote public ip identity_src: type prefix id 0: local public ip/32 identity_dst: type prefix id 0: remote public ip/32 lifetime_lastuse: alloc 0 bytes 0 add 0 first 1173589170 @0 esp tunnel from remote public ip to local public ip spi 0x3fd4f099 auth hmac-sha1 enc aes sa: spi 0x3fd4f099 auth hmac-sha1 enc aes state mature replay 16 flags 4 lifetime_cur: alloc 0 bytes 85568 add 1173589006 first 1173589007 lifetime_hard: alloc 0 bytes 0 add 1200 first 0 lifetime_soft: alloc 0 bytes 0 add 1080 first 0 address_src: remote public ip address_dst: local public ip identity_src: type prefix id 0: remote public ip/32 identity_dst: type prefix id 0: local public ip/32 lifetime_lastuse: alloc 0 bytes 0 add 0 first 1173589170 @0 esp tunnel from other peer to local spi 0x687c9718 auth hmac-sha1 enc aes @0 esp tunnel from local to other peer spi 0x80951171 auth hmac-sha1 enc aes so packets of random sizes work, other packets of random sizes don't. the ones that don't show up in tcpdump with this 'bad-ip-version 2' information. here is tcpdump on my local peer for me trying to ssh from a local LAN host to the remote peer: the '172.18' stuff is from watching tcpdump on gre77 with -Xs1500, and the '192.168' stuff is from watching tcpdump on gre70196, they're both 'd in the same terminal: --- 00:09:22.310124 192.168.7.18.6530 192.168.196.1.22: S [tcp sum ok] 3422320407:3422320407(0) win 16384 mss 1460,nop,nop,sackOK,nop,wscale 0,nop,nop,timestamp 256240599
corrupted MAC on input came back
http://marc.theaimsgroup.com/?l=openbsd-miscw=2r=1s=corrupted+mac+inputq=b happening for anyone else with: OpenBSD 4.1 (GENERIC) #1430: Wed Mar 7 01:04:27 MST 2007 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC have been running a 3.9-current on there up till last week with no corrupted MAC on input, did a snapshot, now it's back all over the place. ssh to the machine and just hit enter a lot, it dies anywhere between 16s and 2m with: --- Received disconnect from 192.168.7.27: 2: Corrupted MAC on input. --- ssh -v has no more info from the client side; from the server side, -Dd doesn't seem to say anything interesting when it dies: debug3: tty_parse_modes: 93 0 debug1: server_input_channel_req: channel 0 request shell reply 0 debug1: session_by_channel: session 0 channel 0 debug1: session_input_channel_req: session 0 req shell debug2: fd 4 setting TCP_NODELAY debug2: channel 0: rfd 11 isatty debug2: fd 11 setting O_NONBLOCK debug3: fd 10 is O_NONBLOCK debug1: Setting controlling tty using TIOCSCTTY. Disconnecting: Corrupted MAC on input. debug3: channel 0: close_fds r 11 w 10 e -1 c -1 debug1: do_cleanup debug1: do_cleanup debug1: session_pty_cleanup: session 0 release /dev/ttyp0 when i did the snapshot, the ssh configs changed a bit: $ sudo diff -U0 /var/backups/etc_ssh_ssh_config.backup /var/backups/etc_ssh_ssh_config.current --- /var/backups/etc_ssh_ssh_config.backup Mon Apr 3 17:50:50 2006 +++ /var/backups/etc_ssh_ssh_config.current Sun Jun 25 18:26:43 2006 @@ -1 +1 @@ -# $OpenBSD: ssh_config,v 1.21 2005/12/06 22:38:27 reyk Exp $ +# $OpenBSD: ssh_config,v 1.22 2006/05/29 12:56:33 dtucker Exp $ @@ -26,0 +27,2 @@ +# GSSAPIAuthentication no +# GSSAPIDelegateCredentials no $ sudo diff -U0 /var/backups/etc_ssh_sshd_config.backup /var/backups/etc_ssh_sshd_config.current --- /var/backups/etc_ssh_sshd_config.backup Thu Oct 12 10:56:18 2006 +++ /var/backups/etc_ssh_sshd_config.currentWed Mar 7 17:01:53 2007 @@ -1 +1 @@ -# $OpenBSD: sshd_config,v 1.73 2005/12/06 22:38:28 reyk Exp $ +# $OpenBSD: sshd_config,v 1.74 2006/07/19 13:07:10 dtucker Exp $ @@ -13 +12,0 @@ -#Protocol 2 @@ -37 +35,0 @@ -PermitRootLogin forced-commands-only @@ -90 +87,0 @@ -PermitTunnel ethernet @@ -96,0 +94,6 @@ + +# Example of overriding settings on a per-user basis +#Match User anoncvs +# X11Forwarding no +# AllowTcpForwarding no +# ForceCommand cvs server reverting the PermitTunnel doesn't do anything to make it stop -- jared