ROOTBACKUP=1 corruption problems on amd64 (OPENBSD_4_0)
Hello, I'm using ROOTBACKUP=1 to have daily backups on several boxes running amd64 OPENBSD_4_0. Actually I noticed that on 1 box (the hardware is +/- 3 month old), the partition is *always* corrupted after the backup. The corruption happens every day. Does anyone have an idea what could be the problem? I'm using a LSI Megaraid controller (see dmesg below), here is the output. #bioctl ami0 Volume Status Size Device ami0 0 Online 10485760 sd0 RAID5 0 Online 400083124224 0:0.0 noencl ST3400620NS 3.AE 1 Online 400083124224 0:1.0 noencl ST3400620NS 3.AE 2 Online 400083124224 0:2.0 noencl ST3400620NS 3.AE 3 Online 400083124224 0:3.0 noencl ST3400620NS 3.AE 4 Online 400083124224 0:4.0 noencl ST3400620NS 3.AE ami0 1 Online2097152 sd1 RAID0 0 Online 400083124224 0:0.0 noencl ST3400620NS 3.AE 1 Online 400083124224 0:1.0 noencl ST3400620NS 3.AE 2 Online 400083124224 0:2.0 noencl ST3400620NS 3.AE 3 Online 400083124224 0:3.0 noencl ST3400620NS 3.AE 4 Online 400083124224 0:4.0 noencl ST3400620NS 3.AE ami0 2 Online 73924608 sd2 RAID5 0 Online 400083124224 0:0.0 noencl ST3400620NS 3.AE 1 Online 400083124224 0:1.0 noencl ST3400620NS 3.AE 2 Online 400083124224 0:2.0 noencl ST3400620NS 3.AE 3 Online 400083124224 0:3.0 noencl ST3400620NS 3.AE 4 Online 400083124224 0:4.0 noencl ST3400620NS 3.AE ami0 3 Online 739451600896 sd3 RAID5 0 Online 400083124224 0:0.0 noencl ST3400620NS 3.AE 1 Online 400083124224 0:1.0 noencl ST3400620NS 3.AE 2 Online 400083124224 0:2.0 noencl ST3400620NS 3.AE 3 Online 400083124224 0:3.0 noencl ST3400620NS 3.AE 4 Online 400083124224 0:4.0 noencl ST3400620NS 3.AE ami0 4 Hot spare400083124224 0:5.0 noencl ST3400620NS 3.AE Here is the daily mail report I get: Backing up root filesystem: copying /dev/rsd0a to /dev/rsd0h 262139+1 records in 262139+1 records out 2147443200 bytes transferred in 548.279 secs (3916696 bytes/sec) ** /dev/rsd0h ** Last Mounted on / ** Phase 1 - Check Blocks and Sizes ** Phase 2 - Check Pathnames ** Phase 3 - Check Connectivity ** Phase 4 - Check Reference Counts UNREF FILE I=103073 OWNER=root MODE=100555 SIZE=282672 MTIME=Feb 13 08:58 2007 CLEAR? yes UNREF FILE I=103086 OWNER=root MODE=100555 SIZE=106928 MTIME=Feb 13 08:58 2007 CLEAR? yes UNREF FILE I=103113 OWNER=root MODE=100500 SIZE=255536 MTIME=Feb 13 08:58 2007 CLEAR? yes ** Phase 5 - Check Cyl groups FREE BLK COUNT(S) WRONG IN SUPERBLK SALVAGE? yes SUMMARY INFORMATION BAD SALVAGE? yes BLK(S) MISSING IN BIT MAPS SALVAGE? yes 3116 files, 24391 used, 1007208 free (280 frags, 125866 blocks, 0.0% fragmentation) MARK FILE SYSTEM CLEAN? yes end snip -- Here is the dmesg: OpenBSD 4.0-stable (GENERIC.MP) #0: Mon Jan 8 12:54:22 CET 2007 [EMAIL PROTECTED]:/home/sources/src/sys/arch/amd64/compile/G ENERIC.MP real mem = 2146562048 (2096252K) avail mem = 1834729472 (1791728K) using 22937 buffers containing 214863872 bytes (209828K) of memory mainbus0 (root) bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xf0690 (74 entries) bios0: stem manufacturer P5WDG2 WS PRO mainbus0: Intel MP Specification (Version 1.4) (INTELPRO ) cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Core(TM)2 CPU 6600 @ 2.40GHz, 2404.44 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36, CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,LONG cpu0: 4MB 64b/line 16-way L2 cache cpu0: apic clock running at 267MHz cpu1 at mainbus0: apid 1 (application processor) cpu1: Intel(R) Core(TM)2 CPU 6600 @ 2.40GHz, 2404.11 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36, CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,LONG cpu1: 4MB 64b/line 16-way L2 cache mpbios: bus 0 is type PCI mpbios: bus 1 is type PCI mpbios: bus 2 is type PCI mpbios: bus 3 is type PCI mpbios: bus 4 is type PCI mpbios: bus 5 is type PCI mpbios: bus 6 is type ISA ioapic0 at mainbus0 apid 2 pa 0xfec0, version 20, 24 pins ioapic1 at mainbus0 apid 3 pa 0xfec1, version 20, 24 pins pci0 at mainbus0 bus 0: configuration mode 1 pchb0 at pci0 dev 0 function 0 vendor Intel, unknown product 0x277c rev 0xc0 ppb0 at pci0 dev 1 function 0 vendor Intel, unknown product 0x277d rev 0xc0 pci1 at ppb0 bus 5 vga1 at pci1 dev 0 function 0 vendor NVIDIA, unknown product 0x0163 rev 0xa1 mpbios: bus 3 is type PCI mpbios: bus 4 is type PCI mpbios: bus 5 is type PCI mpbios: bus 6 is type ISA ioapic0 at mainbus0 apid 2 pa 0xfec0, version 20, 24 pins ioapic1 at mainbus0 apid 3 pa 0xfec1, version
Re: ntpd not synching
On Wed, 28 Mar 2007, [EMAIL PROTECTED] wrote: hi, On Tue, Mar 27, 2007 at 01:49:16PM +0200, Otto Moerbeek wrote: It looks like your clock drifts more that ntpd can compensate. Please share some details on your setup, like the dmesg. Also, if you remove the drift file, you must reboot, since otherwise the existing frequency compensations stays in effect. ok, i cleared the drift-file and rebooted. as near as i can figure (i had to boot multiple times, and unclean at that) this is what happend slightly bfore/during/after the last boot (the times are so screwed i can't really make it out). Yep, this configrms it. Your clock is drifting so much that ntpd can't keep up. I'm afraid there's not a lot I can do about that. -Otto Mar 28 20:12:46 ntpd[6515]: adjusting local clock by 950.304366s Mar 28 20:17:11 ntpd[6515]: adjusting local clock by 954.223055s Mar 28 22:53:00 ntpd[18691]: ntp engine ready Mar 28 20:49:13 ntpd[14539]: set local clock to Wed Mar 28 20:49:13 CEST 2007 (offset -7427.749161s) Mar 28 20:49:13 ntpd[18691]: reply from 213.246.63.72: negative delay -7427.686509s, next query 3068s Mar 28 20:49:13 ntpd[18691]: reply from 62.220.226.2: negative delay -7427.684053s, next query 3199s Mar 28 20:49:13 ntpd[18691]: reply from 149.156.70.5: negative delay -7427.676747s, next query 3149s Mar 28 20:49:13 ntpd[18691]: reply from 193.11.184.180: negative delay -7427.676303s, next query 3136s Mar 28 20:49:13 ntpd[18691]: reply from 194.215.7.39: not synced, next query 3052s Mar 28 20:49:13 ntpd[18691]: reply from 128.241.238.31: negative delay -7427.633371s, next query 3083s Mar 28 20:49:13 savecore: no core dump Mar 28 20:58:54 ntpd[3522]: peer 80.240.210.253 now valid [peers snipped] Mar 28 20:59:57 ntpd[31863]: adjusting local clock by 2.284285s Mar 28 21:02:37 ntpd[18773]: ntp engine ready Mar 28 21:02:37 ntpd[18773]: reply from 194.215.7.39: not synced, next query 3110s Mar 28 21:02:37 savecore: no core dump Mar 28 21:02:52 ntpd[18773]: peer 217.150.242.8 now valid Mar 28 21:02:59 ntpd[18773]: peer 213.246.63.72 now valid Mar 28 21:02:59 ntpd[18773]: peer 193.11.184.180 now valid Mar 28 21:02:59 ntpd[18773]: peer 128.241.238.31 now valid Mar 28 21:03:00 ntpd[18773]: peer 149.156.70.5 now valid Mar 28 21:03:03 ntpd[18773]: peer 62.220.226.2 now valid Mar 28 21:03:57 ntpd[2354]: adjusting local clock by 6.573991s Mar 28 21:06:04 ntpd[2354]: adjusting local clock by 3.905197s Mar 28 21:08:37 ntpd[2354]: adjusting local clock by 8.475628s Mar 28 21:08:37 ntpd[18773]: clock is now synced Mar 28 21:10:49 ntpd[2354]: adjusting local clock by 8.951453s Mar 28 21:10:49 ntpd[18773]: clock is now unsynced Mar 28 21:15:06 ntpd[2354]: adjusting local clock by 12.813542s Mar 28 21:15:06 ntpd[18773]: clock is now synced Mar 28 21:19:15 ntpd[2354]: adjusting local clock by 15.447946s Mar 28 21:19:15 ntpd[18773]: clock is now unsynced Mar 28 21:23:05 ntpd[2354]: adjusting local clock by 15.624800s Mar 28 21:23:10 ntpd[18773]: peer 213.246.63.72 now invalid Mar 28 21:25:45 ntpd[2354]: adjusting local clock by 16.648412s Mar 28 21:27:49 ntpd[2354]: adjusting local clock by 20.718507s Mar 28 21:31:04 ntpd[2354]: adjusting local clock by 16.498430s Mar 28 21:33:13 ntpd[2354]: adjusting local clock by 20.223130s Mar 28 21:35:57 ntpd[2354]: adjusting local clock by 20.095667s as i write this, the local clock is already 29 seconds behind what 'rdate -p pool.ntp.org' reports. dmesg : OpenBSD 4.0 (GENERIC) #1107: Sat Sep 16 19:15:58 MDT 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: VIA Esther processor 1500MHz (CentaurHauls 686-class) 1.51 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,APIC,SEP,MTRR,PGE,CMOV,PAT,CFLUSH,ACPI,MMX,FXSR,SSE,SSE2,TM,SBF,SSE3 cpu0: RNG AES AES-CTR SHA1 SHA256 RSA real mem = 468152320 (457180K) avail mem = 418967552 (409148K) using 4256 buffers containing 23511040 bytes (22960K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(d9) BIOS, date 09/15/06, BIOS32 rev. 0 @ 0xfa960, SMBIOS rev. 2.3 @ 0xf (33 entries) apm0 at bios0: Power Management spec V1.2 apm0: AC on, battery charge unknown apm0: flags 70102 dobusy 1 doidle 1 pcibios0 at bios0: rev 2.1 @ 0xf/0xcce4 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfcc20/192 (10 entries) pcibios0: bad IRQ table checksum pcibios0: PCI BIOS has 10 Interrupt Routing table entries pcibios0: PCI Exclusive IRQs: 5 10 11 15 pcibios0: PCI Interrupt Router at 000:17:0 (VIA VT8237 ISA rev 0x00) pcibios0: PCI bus #1 is the last bus bios0: ROM list: 0xc/0xfc00 0xd/0x1000 0xd1000/0x1000 0xd2000/0x5000! cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 VIA CN700 Host rev 0x00 pchb1 at pci0 dev 0 function 1 VIA CN700 Host rev 0x00 pchb2 at pci0 dev 0 function 2 VIA CN700 Host rev 0x00 pchb3 at pci0 dev 0 function 3
Re: ipsec between openbsd 4.0 and checkpoint
On Thu, Mar 29 2007 at 44:08, Sebastian Reitenbach wrote: Hi list, Hi, I have a problem to setup an ipsec tunnel between my openbsd box and a checkpoint firewall. [...] I had no problem to get a tunnel working between two openbsd 4.0 hosts with the above configuration file, so I think my problem can only be the timings of the renegotiations. What are the default renegotiation timings, and where should i configure these? The default SA lifetime are described in the man page of isakmpd.conf : [General] Default-phase-1-lifetime= 3600,60:86400 Default-phase-2-lifetime= 1200,60:86400 OpenBSD will accept lifetimes between 60 and 86400 seconds with a default of 1 hour for phase 1 and 20 minutes for phase 2. As you wrote, default Checkpoint lifetime are 1440 min for phase 1 (86400 seconds) and 3600 seconds for phase 2. I doubt it's a lifetime problem. The configuration should work, at least it works here between Checkpoint R61 and OpenBSD 4.0. Could you provide us some error messages pleas? Messages from the Checkpoint side would help too :) Claer
prioritize internet browse than download
Hi Guys, Is it possible to prioritize Internet browsing than downloading a file like downloading installers or iso files? It eats up our network bandwidth. Any advice? Thanks! cheers, kintaro Oe - Sucker-punch spam with award-winning protection. Try the free Yahoo! Mail Beta.
Re: ROOTBACKUP=1 corruption problems on amd64 (OPENBSD_4_0)
On Thu, 29 Mar 2007, Didier Wiroth wrote: Hello, I'm using ROOTBACKUP=1 to have daily backups on several boxes running amd64 OPENBSD_4_0. Actually I noticed that on 1 box (the hardware is +/- 3 month old), the partition is *always* corrupted after the backup. The corruption happens every day. Does anyone have an idea what could be the problem? You're copying a life filessytem. Inconsitencies are to be expected. It's the reason why fsck is run. -Otto I'm using a LSI Megaraid controller (see dmesg below), here is the output. #bioctl ami0 Volume Status Size Device ami0 0 Online 10485760 sd0 RAID5 0 Online 400083124224 0:0.0 noencl ST3400620NS 3.AE 1 Online 400083124224 0:1.0 noencl ST3400620NS 3.AE 2 Online 400083124224 0:2.0 noencl ST3400620NS 3.AE 3 Online 400083124224 0:3.0 noencl ST3400620NS 3.AE 4 Online 400083124224 0:4.0 noencl ST3400620NS 3.AE ami0 1 Online2097152 sd1 RAID0 0 Online 400083124224 0:0.0 noencl ST3400620NS 3.AE 1 Online 400083124224 0:1.0 noencl ST3400620NS 3.AE 2 Online 400083124224 0:2.0 noencl ST3400620NS 3.AE 3 Online 400083124224 0:3.0 noencl ST3400620NS 3.AE 4 Online 400083124224 0:4.0 noencl ST3400620NS 3.AE ami0 2 Online 73924608 sd2 RAID5 0 Online 400083124224 0:0.0 noencl ST3400620NS 3.AE 1 Online 400083124224 0:1.0 noencl ST3400620NS 3.AE 2 Online 400083124224 0:2.0 noencl ST3400620NS 3.AE 3 Online 400083124224 0:3.0 noencl ST3400620NS 3.AE 4 Online 400083124224 0:4.0 noencl ST3400620NS 3.AE ami0 3 Online 739451600896 sd3 RAID5 0 Online 400083124224 0:0.0 noencl ST3400620NS 3.AE 1 Online 400083124224 0:1.0 noencl ST3400620NS 3.AE 2 Online 400083124224 0:2.0 noencl ST3400620NS 3.AE 3 Online 400083124224 0:3.0 noencl ST3400620NS 3.AE 4 Online 400083124224 0:4.0 noencl ST3400620NS 3.AE ami0 4 Hot spare400083124224 0:5.0 noencl ST3400620NS 3.AE Here is the daily mail report I get: Backing up root filesystem: copying /dev/rsd0a to /dev/rsd0h 262139+1 records in 262139+1 records out 2147443200 bytes transferred in 548.279 secs (3916696 bytes/sec) ** /dev/rsd0h ** Last Mounted on / ** Phase 1 - Check Blocks and Sizes ** Phase 2 - Check Pathnames ** Phase 3 - Check Connectivity ** Phase 4 - Check Reference Counts UNREF FILE I=103073 OWNER=root MODE=100555 SIZE=282672 MTIME=Feb 13 08:58 2007 CLEAR? yes UNREF FILE I=103086 OWNER=root MODE=100555 SIZE=106928 MTIME=Feb 13 08:58 2007 CLEAR? yes UNREF FILE I=103113 OWNER=root MODE=100500 SIZE=255536 MTIME=Feb 13 08:58 2007 CLEAR? yes ** Phase 5 - Check Cyl groups FREE BLK COUNT(S) WRONG IN SUPERBLK SALVAGE? yes SUMMARY INFORMATION BAD SALVAGE? yes BLK(S) MISSING IN BIT MAPS SALVAGE? yes 3116 files, 24391 used, 1007208 free (280 frags, 125866 blocks, 0.0% fragmentation) MARK FILE SYSTEM CLEAN? yes end snip -- Here is the dmesg: OpenBSD 4.0-stable (GENERIC.MP) #0: Mon Jan 8 12:54:22 CET 2007 [EMAIL PROTECTED]:/home/sources/src/sys/arch/amd64/compile/G ENERIC.MP real mem = 2146562048 (2096252K) avail mem = 1834729472 (1791728K) using 22937 buffers containing 214863872 bytes (209828K) of memory mainbus0 (root) bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xf0690 (74 entries) bios0: stem manufacturer P5WDG2 WS PRO mainbus0: Intel MP Specification (Version 1.4) (INTELPRO ) cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Core(TM)2 CPU 6600 @ 2.40GHz, 2404.44 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36, CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,LONG cpu0: 4MB 64b/line 16-way L2 cache cpu0: apic clock running at 267MHz cpu1 at mainbus0: apid 1 (application processor) cpu1: Intel(R) Core(TM)2 CPU 6600 @ 2.40GHz, 2404.11 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36, CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,LONG cpu1: 4MB 64b/line 16-way L2 cache mpbios: bus 0 is type PCI mpbios: bus 1 is type PCI mpbios: bus 2 is type PCI mpbios: bus 3 is type PCI mpbios: bus 4 is type PCI mpbios: bus 5 is type PCI mpbios: bus 6 is type ISA ioapic0 at mainbus0 apid 2 pa 0xfec0, version 20, 24 pins ioapic1 at mainbus0 apid 3 pa 0xfec1, version 20, 24 pins pci0 at mainbus0 bus 0: configuration mode 1 pchb0 at pci0 dev 0 function 0 vendor Intel, unknown product 0x277c rev 0xc0 ppb0 at pci0 dev 1 function 0 vendor Intel, unknown product 0x277d rev 0xc0
Re: prioritize internet browse than download
On Thu, 29 Mar 2007 01:25:26 -0700 (PDT) kintaro oe [EMAIL PROTECTED] wrote: Hi Guys, Is it possible to prioritize Internet browsing than downloading a file like downloading installers or iso files? It eats up our network bandwidth. Any advice? Thanks! man pf.conf /QUEUE
Re: prioritize internet browse than download
On 3/29/07, Kamil Monticolo [EMAIL PROTECTED] wrote: On Thu, 29 Mar 2007 01:25:26 -0700 (PDT) kintaro oe [EMAIL PROTECTED] wrote: Hi Guys, Is it possible to prioritize Internet browsing than downloading a file like downloading installers or iso files? It eats up our network bandwidth. Any advice? Thanks! man pf.conf /QUEUE this is good for limiting bandwidth based on ( source and destination ) domain names, IP address, port numbers, protocols, IP versions etc. but PF cannot process URLs and filter/queue using file types like *.iso, *.msi, *.exe, *.wmv, *.mpe etc. kind Regards Siju Siju
Re: prioritize internet browse than download
hi, kintaro oe wrote: Is it possible to prioritize Internet browsing than downloading a file like downloading installers or iso files? It eats up our network bandwidth. Any advice? Thanks! Take a look at squid and its delay pools. That should do it. mfG -- stefan --
Re: Not getting much bandwidth through the firewall
On Thu, Mar 29, 2007 at 02:18:30AM -0400, Kyle George wrote: On Wed, 28 Mar 2007, Watson Crick wrote: I've got OpenBSD 4.0 (release) on a laptop setup up as a router between 2 subnets, and providing internet access through a 3rd nic to a DSL modem. The problem is the bandwidth between the two subnets. I'm only getting a maximum of about 500 KB/s between two 100mbit cards. Top shows ~70% interrupt (~29% idle) while these transfers are going on. I don't know what the bottleneck is in the system. Are the Linksys PCMCIA nics crappy? Did I screw something else up? Try http://www.openbsd.org/faq/faq6.html#Tuning. Increase net.inet.tcp.{send,recv}space. Try this before worrying about your hardware. The send and receive socket buffer space has nothing to do with forwarding performance. This will only affect connections from and to the box itself. I think the bigger problem are the PCMCIA nics. PCMCIA is a slow bus comparable to ISA and most PCMCIA cards are evil old clones of already terrible MAC chips. Also check the duplex mode -- autonegotiation can fail with older cards. -- :wq Claudio
Re: Long WEP key
I am curious about this too, so if anyone got the link it would be great to post it, thanks. So VPN is the way to go if you really want to secure your wireless network? 2007/3/29, Nick ! [EMAIL PROTECTED]: On 3/29/07, Lars Hansson [EMAIL PROTECTED] wrote: Maxime DERCHE wrote: IMHO you should think to configure your AP to provide a WAP-based encryption... WAP-based encryption? Do you mean WPA? And to answer the original question: because OpenBSD doesn't support WPA, and Theo has claimed somewhere that I can never find the link to that WPA gives a false sense of security anyway. -Nick -- Please avoid sending me Word or PowerPoint attachments. See http://www.gnu.org/philosophy/no-word-attachments.html
Re: Long WEP key
Sunnz wrote: So VPN is the way to go if you really want to secure your wireless network? VPN only secures traffic to and from the gateway, not *among* machines connected to the AP. If your AP is OpenBSD then VPN would work but most off-the-shelf AP's cant act as VPN endpoints and for those WEP and WPA are the only ways to secure your all your wireless traffic. --- Lars Hansson
Re: Long WEP key
Then is it possible/practical to connect to a VPN machine on your LAN and use the VPN's machines connection? For a simplistic example, say I've got a wireless router gateway, with a cable connected OpenBSD server, and I connect to the server 's VPN via the router wirelessly from my laptop. 2007/3/29, Lars Hansson [EMAIL PROTECTED]: Sunnz wrote: So VPN is the way to go if you really want to secure your wireless network? VPN only secures traffic to and from the gateway, not *among* machines connected to the AP. If your AP is OpenBSD then VPN would work but most off-the-shelf AP's cant act as VPN endpoints and for those WEP and WPA are the only ways to secure your all your wireless traffic. --- Lars Hansson -- Please avoid sending me Word or PowerPoint attachments. See http://www.gnu.org/philosophy/no-word-attachments.html
Re: Long WEP key
On 2007/03/29 21:44, Sunnz wrote: I am curious about this too, so if anyone got the link it would be great to post it, thanks. So VPN is the way to go if you really want to secure your wireless network? VPN is good at adding privacy and authentication protection to transmitted data. I'm not sure you can really use 'really secure' when you're talking about 802.11 DSSS, though. One point to note is that the network management frames are unprotected (even with WPA).
Re: prioritize internet browse than download
On Thu, 29 Mar 2007 16:12:07 +0530 Siju George [EMAIL PROTECTED] wrote: On 3/29/07, Kamil Monticolo [EMAIL PROTECTED] wrote: On Thu, 29 Mar 2007 01:25:26 -0700 (PDT) kintaro oe [EMAIL PROTECTED] wrote: Hi Guys, Is it possible to prioritize Internet browsing than downloading a file like downloading installers or iso files? It eats up our network bandwidth. Any advice? Thanks! man pf.conf /QUEUE this is good for limiting bandwidth based on ( source and destination ) domain names, IP address, port numbers, protocols, IP versions etc. but PF cannot process URLs and filter/queue using file types like *.iso, *.msi, *.exe, *.wmv, *.mpe etc. kind Regards Siju Siju Sorry, You are right. I misunderstanding that a bit. Kamil Monticolo
The move Closing party
The move (100m voor sotto's) Buke 182 /// 9620 ZOTTEGEM Vrijdag 30 maart '07 'Closing party' The move is overgenomen door nieuwe eigenaars (hun bedoeling is nog niet bekend). Nu vrijdag is 'the move' de laatste maal open met resident dj benny. Wij danken iedereen die 'the move' bezocht heeft en hopen dat jullie er nu vrijdag voor de laatste maal nog eens zullen bij zijn. Alle dranken gratis en a volonti: INKOM 10 Dj Benny Greetz The Move crew [demime 1.01d removed an attachment of type image/jpeg which had a name of sluiting movekl.JPG]
Re: Long WEP key
On 3/29/07, Sunnz [EMAIL PROTECTED] wrote: 2007/3/29, Nick ! [EMAIL PROTECTED]: On 3/29/07, Lars Hansson [EMAIL PROTECTED] wrote: Maxime DERCHE wrote: IMHO you should think to configure your AP to provide a WAP-based encryption... WAP-based encryption? Do you mean WPA? And to answer the original question: because OpenBSD doesn't support WPA, and Theo has claimed somewhere that I can never find the link to that WPA gives a false sense of security anyway. I am curious about this too, so if anyone got the link it would be great to post it, thanks. Here you go: -- Forwarded message -- From: Jon Radel [EMAIL PROTECTED] Date: Mar 29, 2007 1:17 AM Subject: Re: Long WEP key To: Nick ! [EMAIL PROTECTED] Nick ! wrote: Theo has claimed somewhere that I can never find the link to http://www.tjrforum.com/archive/index.php/t-2513.html gives a quote but I can't find the original source.
Good afternoon, COMCAST.NET, I ask to make working entering and outcoming mail Outlook Express to authorize. My name: brandglobe The password: topbrand2005 Independently to make mail working could not. Many thanks to you. All kindest. My e-mail: [EMAIL PROTECTED] Valeriy Mamayev
Re: ROOTBACKUP=1 corruption problems on amd64 (OPENBSD_4_0)
On Thu, Mar 29, 2007 at 09:11:36AM +0200, Didier Wiroth wrote: Hello, I'm using ROOTBACKUP=1 to have daily backups on several boxes running amd64 OPENBSD_4_0. Actually I noticed that on 1 box (the hardware is +/- 3 month old), the partition is *always* corrupted after the backup. The corruption happens every day. Does anyone have an idea what could be the problem? Here's a guess: you updated your system, but haven't rebooted since building userland. If that's the case, reboot and I bet the next backup is a *lot* cleaner. If that's not the case, then what Otto said. ;) -- Darrin Chandler| Phoenix BSD User Group | MetaBUG [EMAIL PROTECTED] | http://phxbug.org/ | http://metabug.org/ http://www.stilyagin.com/ | Daemons in the Desert | Global BUG Federation
Re: Long WEP key
Hmmm had Theo ever talked about this on the list? I think many people are/will find this to be very strange... WPA is considered as broken and insecure, which is understandable for a OS that focuses on security... but it _does_ provide WEP, a even more broken, insecure solution? 2007/3/29, Nick ! [EMAIL PROTECTED]: On 3/29/07, Sunnz [EMAIL PROTECTED] wrote: 2007/3/29, Nick ! [EMAIL PROTECTED]: On 3/29/07, Lars Hansson [EMAIL PROTECTED] wrote: Maxime DERCHE wrote: IMHO you should think to configure your AP to provide a WAP-based encryption... WAP-based encryption? Do you mean WPA? And to answer the original question: because OpenBSD doesn't support WPA, and Theo has claimed somewhere that I can never find the link to that WPA gives a false sense of security anyway. I am curious about this too, so if anyone got the link it would be great to post it, thanks. Here you go: -- Forwarded message -- From: Jon Radel [EMAIL PROTECTED] Date: Mar 29, 2007 1:17 AM Subject: Re: Long WEP key To: Nick ! [EMAIL PROTECTED] Nick ! wrote: Theo has claimed somewhere that I can never find the link to http://www.tjrforum.com/archive/index.php/t-2513.html gives a quote but I can't find the original source. -- Please avoid sending me Word or PowerPoint attachments. See http://www.gnu.org/philosophy/no-word-attachments.html
Notre dossier spécial informatique et télécom. Recevez votre devis en 48H.
Ce message est au format HTML. Si vous ne parvenez pas ` le lire, cliquez ici. [IMAGE] GESTION D'ENTREPRISE MARKETING ET COMMUNICATION NOUVELLES TECHNOLOGIES GESTION DU PERSONNEL LOGISTIQUE ET EQUIPEMENT VEHICULES ET UTILITAIRES BOUTIQUE EN LIGNE [IMAGE] Informatique, Tilicom, Tiliphonie, Vidio Surveillance, Giolocalisation, Infogirence. Autant de nouveaux domaines et de nouvelles technologies qui peuvent booster votre activiti, vous aider ` amiliorer votre productiviti ` une seule et mjme condition : Travailler avec le bon prestataire ! Travaillez-vous aujourd'hui avec le bon prestataire ? Consultez la liste de prestataires que nous vous conseillons sur cet e- mail. Trouvez le bon prestataire en quelques clics ! Ne perdez plus de temps ` rechercher et comparer vos prestataires ! Sur chacune de nos fiches prestataires, vous verrez en temps riel la notation du prestataire par les clients l'ayant dhj` pratiqui et le nombre de connexion sur sa page. Aprhs, il ne vous reste plus qu'` faire une ou plusieurs demandes gratuites de devis et on s'occupe de vous ! Nos conseillers sont ` votre disposition toute la semaine de 09h00 ` 18h00 pour vous renseigner et vous guider dans le choix de vos prestataires PLUS DE 200 PRESTATAIRES SUR 55 SERVICES 24H/24 - 7J/7 www.guidedesprestataires.com Silectionnez parmi nos prestataires labellisis en cochant dans les annonces ci-dessous Vous disirez accider aux donnies de votre entreprise de n'importe oy? C'est possible avec nos solutions NOMADE ! Etes-vous contraint de rester au bureau pour accider aux donnies de votre entreprise? Pas du tout ! Que vous soyez en diplacement, chez vous ou en dimonstration chez un client vous pouvez accider aux donnies de l'entreprise 24 h/24 et 7j/7 en toute sicuriti. Dicouvrez les solutions IC CENTREX d\'IC TELECOM Trouvez les meilleures solutions pour vos installations tiliphoniques. Dicouvrez de nouvelles technologies avec IC CENTREX, votre tiliphonie par voie IP. AMPTECH couvre l\'ensemble des services informatique de votre entreprise. Du dipannage rapide ` la prestaation spicialisie. AMPTECH couvre lensemble des besoins informatique d'une entreprise. Les spicialitis de ce prestataire est tout d'abord le dipannage informatique, l'assistance a distance, les sauvegardes en lignes pour une meilleure sicuriti, l'hibergement de site Internet. AMPTECH vous offre un mois sur votre contrat d'assistance ! La tili-assistance pour une meilleure gestion de votre parc informatique Avec la multiplication des virus, des problhmes de messagerie, de Spam et autres, vous jtes tous les jours confrontis ` divers problhmes informatiques. La tili-assistance permet de prendre le contrtle de votre parc informatique et de risoudre votre problhme en moins de 5 MN ! Tiliphonie mobile pour professionnels. Dicouvrez les illimitis de Bouygues Tilicom Des forfaits illimitis en tiliphonie mobile, adaptis a toutes les entreprises de la plus petite ` la plus grande.Profitez des offres et tiliphonie mobile ` partir de 59 ht par mois.Avec ALTER TELCOM dicouvrez la mobiliti sur PDA(ordinateur de poche)avec des forfait ` 19 ht / mois ! MA VISION : Le spicialiste de la vidio IP Gardez un oeil sur votre activiti avec la Vidio sur IP Dopez vos ventes en communiquant par fax Envoyez vos tilicopies depuis n'importe quels logiciels en quelques clics... VISIBLESITE: Les solutions de Rifirencement! Amiliorez votre visibiliti sur les principaux moteurs de recherche! Simplifiez votre messagerie avec MICROSOFT EXCHANGE! Au bureau ou en diplacement, consultez votre messagerie MICROSOFT EXCHANGE. Pas d'installation, pas de serveur, pas de soucis! BSI conseil 100% impression! Dicouvrez des tilicopieurs professionnels: Le tout en un! ACPL France: Opirateur en tilicommunication et en infogirance Confiez la gestion et le diveloppement de votre informatique ` des spicialistes Trouvez des solutions pour financer votre parc informatique! FIPARC: votre solution locative informatique et tilicom. LES INCONTOURNABLES Silectionnez parmi nos prestataires labellisis en cochant dans les annonces ci-dessous Assurance: Payez-vous le meilleur prix ? AUDIT CHORUS CONSEIL est un bureau d'itude spicialisi en audit des risques des assurances. Que vous soyez ` la recherche de Mutuelle, d'une assurance privoyance ou simplement pour l'assurance des bris de machines, AUDIT CHORUS est le prestataire qu'il vous faut. Une iquipe soudie, en parfait accord! Dicouvrez toutes les formations nicessaires ` la gestion de votre personnel. Que vous soyez dirigeant, cadre ou manager trouvez la solution grbce aux formations sur mesure de KEY CONCEPT. Gio-localiser pour mieux girer! OCEAN, la mithode de
Re: Not getting much bandwidth through the firewall
On 3/29/07, Kyle George [EMAIL PROTECTED] wrote: On Wed, 28 Mar 2007, Watson Crick wrote: I've got OpenBSD 4.0 (release) on a laptop setup up as a router between 2 subnets, and providing internet access through a 3rd nic to a DSL modem. The problem is the bandwidth between the two subnets. I'm only getting a maximum of about 500 KB/s between two 100mbit cards. Top shows ~70% interrupt (~29% idle) while these transfers are going on. I don't know what the bottleneck is in the system. Are the Linksys PCMCIA nics crappy? Did I screw something else up? Try http://www.openbsd.org/faq/faq6.html#Tuning. Increase net.inet.tcp.{send,recv}space. It says You would normally use this to allow for routing or connection problems. Of course, for it to be most effective, both sides of the connection need to use similar values. If you have an ISP that gives you IP aadrees ( using PPPOE ) it there a way to measure or detect the valuse on the ISP's side? The main problem being the support personnel mostly doesnot know these things :-( Thankyou so much kind regards Siju
Apple hardware support?
Is there anyone working on porting OpenBSD to Intel Apple hardware? Such as the Macbook? I can't imagine it would be particularly hard; there'd need to be a way of loading and running a kernel via EFI, and then tweaking the hardware detection. The reason why I ask is that I've been eyeing the new Apple TV with a certain amount of interest. For only 150 UKP, you get a rather nice little box with very low power requirements and some decent hardware, which would be ideal as a home server. And I know the hardware is very similar to the Macbook. And, of course, the best server software is OpenBSD. -- bbb o=o=o o=o=o=o=o=o=o=oo=o=o= bbb http://www.cowlark.com bbbbbbbbbbbbbbbbbbb b Thou who might be our Father, who perhaps may be in Heaven, hallowed be b Thy Name, if Name Thou hast and any desire to see it hallowed... --- b _Creatures of Light and Darkness_ [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Re: Apple hardware support?
On 3/29/07, David Given [EMAIL PROTECTED] wrote: Is there anyone working on porting OpenBSD to Intel Apple hardware? Such as the Macbook? Scan the freakin' email archives. There are several recent notes about the laptops, nothing about the AppleTV yet that I've noticed. Greg
Re: Not getting much bandwidth through the firewall
On 2007/03/29 22:55, Siju George wrote: On 3/29/07, Kyle George [EMAIL PROTECTED] wrote: On Wed, 28 Mar 2007, Watson Crick wrote: I've got OpenBSD 4.0 (release) on a laptop setup up as a router between 2 subnets, and providing internet access through a 3rd nic to a DSL modem. The problem is the bandwidth between the two subnets. I'm only getting a maximum of about 500 KB/s between two 100mbit cards. Top shows ~70% interrupt (~29% idle) while these transfers are going on. I don't know what the bottleneck is in the system. Are the Linksys PCMCIA nics crappy? Did I screw something else up? Try http://www.openbsd.org/faq/faq6.html#Tuning. Increase net.inet.tcp.{send,recv}space. It says You would normally use this to allow for routing or connection problems. Of course, for it to be most effective, both sides of the connection need to use similar values. If you have an ISP that gives you IP aadrees ( using PPPOE ) it there a way to measure or detect the valuse on the ISP's side? The ISP don't normally have anything to do with this (excepting any connections to their servers) (but see below about proxies). The relevant settings are those on the endpoints of the TCP connection. You might want to increase {send,recv}space if you have a connection which has high bandwidth *and* high latency (i.e. ping times). But it will only make a difference when you connect to servers which also have high window sizes configured; often busy servers don't since it increases the memory requirements. If you're interested to see how altering this looks from the perspective of network packets, run tcpdump(8) and watch how the values in TCP SYN packets change as you vary the sysctl values and make connections. If there is a proxy in the path between you and the real endpoint, the TCP endpoints are then your machine and that proxy. In those cases, the ISP (or whoever) does have control over these tuning parameters.
Re: Apple hardware support?
Is there anyone working on porting OpenBSD to Intel Apple hardware? Such as the Macbook? The i386 GENERIC.MP kernel runs fine on Intel Macs. You just need to enable ACPI with config -ef bsd.mp (or on the boot prompt). I can't imagine it would be particularly hard; there'd need to be a way of loading and running a kernel via EFI, and then tweaking the hardware detection. EFI emulates a normal PC BIOS if there's no Mac OS X on the harddisk. OpenBSD boots fine (though it doesn't feel like booting if no monitor is attached, but you can emulate one easily with a dongle, and automatic restart on power failure needs a little software trick). And, of course, the best server software is OpenBSD. That's true! :-) Tas.
Re: Apple hardware support?
Scan the freakin' email archives. There are several recent notes about the laptops, nothing about the AppleTV yet that I've noticed. I just searched a bit about this Apple TV: It might be necessary to remove the harddisk to copy OpenBSD on it, but otherwise it could work (as a server, not as a multimedia device). An interesting link I found: http://www.roughlydrafted.com/RD/RDM.Tech.Q1.07/E1D8A057-6FBB-4269-A348-27AF9010FB19.html Tas.
Re: Apple hardware support?
On Thu, 29 Mar 2007, David Given wrote: Is there anyone working on porting OpenBSD to Intel Apple hardware? Such as the Macbook? I can't imagine it would be particularly hard; there'd need to be a way of loading and running a kernel via EFI, and then tweaking the hardware detection. Work on your imagination and don't jump to conclusions. Apple managed to make i386 hardware that is slightly different than other PC hardware and with it own set of quircks/bugs. Some progress has been made, but depending on the model and processor (e.g. Core Duo vs Core Duo 2) the Apple Intels either works mostly or don't work (yet). The reason why I ask is that I've been eyeing the new Apple TV with a certain amount of interest. For only 150 UKP, you get a rather nice little box with very low power requirements and some decent hardware, which would be ideal as a home server. And I know the hardware is very similar to the Macbook. And, of course, the best server software is OpenBSD. Similar hardware is not enough to know. The devil is in the details. Sending an Apple TV to an interested developer might speed things up. -Otto
Re: Apple hardware support?
On Thu, 29 Mar 2007, Tasmanian Devil wrote: Is there anyone working on porting OpenBSD to Intel Apple hardware? Such as the Macbook? The i386 GENERIC.MP kernel runs fine on Intel Macs. You just need to enable ACPI with config -ef bsd.mp (or on the boot prompt). This is not true. At least it has been reported that the MacBook Pro with Core Due 2 processor does not run. I can't imagine it would be particularly hard; there'd need to be a way of loading and running a kernel via EFI, and then tweaking the hardware detection. EFI emulates a normal PC BIOS if there's no Mac OS X on the harddisk. OpenBSD boots fine (though it doesn't feel like booting if no monitor is attached, but you can emulate one easily with a dongle, and automatic restart on power failure needs a little software trick). BTW, you can install OpenBSD on a BootCamp partition. After creating the Bootcamp partition using the wizard, boot using the OpenBSD CD, and in the fdisk step in the installer, set the partition type to A6, make it active and update the MBR. -Otto
Re: Not getting much bandwidth through the firewall
The send and receive socket buffer space has nothing to do with forwarding performance. This will only affect connections from and to the box itself. but don't routed packets go to and from the box itself? My download speeds on my mythtv/ubuntu system jumped from 1.5Mb/s to 12Mb/s after increasing those on my firewall. I think the bigger problem are the PCMCIA nics. PCMCIA is a slow bus comparable to ISA and most PCMCIA cards are evil old clones of already terrible MAC chips. Also check the duplex mode -- autonegotiation can fail with older cards. I tend to agree that the problem is likely here. Laptops tend to not have superfast bus speeds. I also wonder if he actually meant that capital B. 500KB isn't too shabby (what's that 4Mb?) while 500Kb isn't so good. If he's actually pushing 4Mb through his laptops crappy old pcmcia that may be as good as it gets. --Bryan
Re: Apple hardware support?
Is there anyone working on porting OpenBSD to Intel Apple hardware? Such as the Macbook? The i386 GENERIC.MP kernel runs fine on Intel Macs. You just need to enable ACPI with config -ef bsd.mp (or on the boot prompt). This is not true. At least it has been reported that the MacBook Pro with Core Due 2 processor does not run. Oh, sorry, I didn't know that. Thank you for correcting me! Tas.
Re: Not getting much bandwidth through the firewall
* Bryan Irvine [EMAIL PROTECTED] [2007-03-29 21:11]: The send and receive socket buffer space has nothing to do with forwarding performance. This will only affect connections from and to the box itself. but don't routed packets go to and from the box itself? they don't go to or thru the socket buffers you increased. -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg Amsterdam
Re: Long WEP key
I'd be more scared of the hacker that can bypass wep, than the average joe without wep. The hacker knows how to exploit your wep-decrypted network traffic, the average joe doesn't even if it were plain-text data.
Re: Long WEP key
On 29-Mar-07, at 9:59 AM, Nick ! wrote: Nick ! wrote: Theo has claimed somewhere that I can never find the link to http://www.tjrforum.com/archive/index.php/t-2513.html gives a quote but I can't find the original source. I'd like to hear an actual developer position on that statement. I read it as a criticism of the way WPA is used more than of the protocol itself. As in, it's of little value to encrypt the traffic if you allow anybody to access it. If Theo was saying that it sucks even when you're using some sufficient form of authentication (other than that it's maybe too complicated), I'd love to have it explained. Jeremy
Re: Long WEP key
Well, I'd be more scared of the hacker that can bypass wep, than the average joe without wep. The hacker knows how to exploit your wep-decrypted network traffic, the average joe doesn't even if it were plain-text data. it's not always about sniffing something, sometimes it's about access only. If somebody does something bad with my unencrypted access-point using my internet-access, here in germany I am liable. If I configure feeble WEP64/40 I am not since there is at least some protection to be illegaly bypassed before the network can be used. Same with your car, leave the door open and the key in the lock for everybody even minor to drive and the accident will be your problem since the car hasn't been stolen. Lock the car and not matter if you can short and open the thing with your fingers only it's a different story since the car is stolen. So even though WEP is trash, from certain points of view it's a usefull as a cheap padlock on the garden hood so the next neighbours children don't kill themself with the axe or whatever is in there. If they break the window and get in there, it's their problem. Not that this is a lot more difficult then cracking WEP. /pun Cracking windows just makes more noise. Of course this is all a bit simplified but maybe some of the people here declaring that WEP is trash and shouldn't be used wake up and see that even trashy protection has it's use as long as it offers some protection. -sm
Re: Long WEP key
Hi, I'd like to hear an actual developer position on that statement. I read it as a criticism of the way WPA is used more than of the protocol itself. As in, it's of little value to encrypt the traffic if you allow anybody to access it. If Theo was saying that it sucks even when you're using some sufficient form of authentication (other than that it's maybe too complicated), I'd love to have it explained. not in the mood to search for it, but I've seen people demonstrating that WPA is as useless as WEP, just different approach and different software. WPA2 is a bit better but there are still a few underlying design flaws which make the whole stuff on it's own rather insecure. can't recall though that anybody had WPA2 exploited at the time but that's more then a year in the past so I wouldn't trust it. however, google should find the stuff somewhere, it was demonstrated on a few events, docs should be on the net, no need to bother theo with this. -sm
Re: Not getting much bandwidth through the firewall
On 3/29/07, Siju George [EMAIL PROTECTED] wrote: On 3/29/07, Kyle George [EMAIL PROTECTED] wrote: On Wed, 28 Mar 2007, Watson Crick wrote: I've got OpenBSD 4.0 (release) on a laptop setup up as a router between 2 subnets, and providing internet access through a 3rd nic to a DSL modem. The problem is the bandwidth between the two subnets. I'm only getting a maximum of about 500 KB/s between two 100mbit cards. Top If you have an ISP that gives you IP aadrees ( using PPPOE ) it there a way to measure or detect the valuse on the ISP's side? why the hell does the isp matter routing when between two local subnets?
Re: login_ldap
On Wed, Mar 28, 2007 at 12:45:04PM -0400, Mike Erdely wrote: What I've decided to do since I can't make this work ('cause I'm an idiot) and pserver is insecure and sucks, I'm going to set local passwords for users that require pserver that are different from their LDAP password. That way, their LDAP password won't go in the clear. Just another thought I had 1/2 a second after hitting 'send'... Maybe SSH tunneling and/or authpf is useful here? You could get fancy with a full VPN - IPsec is well-supported by OpenBSD, and can be made to work on other systems, and OpenVPN is easy to install - but forwarding 2401/tcp most likely suffices. Joachim
Re: login_ldap
On Wed, Mar 28, 2007 at 12:45:04PM -0400, Mike Erdely wrote: Joachim Schipper wrote: On Tue, Mar 27, 2007 at 04:49:05PM -0400, Mike Erdely wrote: I'm trying to get login_ldap to work with cvs pserver (run out of inetd). I think you are misunderstanding some things, or doing something that doesn't work; however, since I've never tried to set up a pserver, you'd best check what I'm going to say next. I tried to give as much info as I could... First, read login.conf(5), and note that just adding the above isn't going to help any. You must define a new login class, at least, and change master.passwd(5) to make sure the appropriate user has your newly defined login class (the value of 'appropriate' depends on whether or not the stuff below is correct...). I did read login.conf(5) and I must have missed something. But, I think you're not understanding how this stuff works: Quite possibly, hence the above caveat. 1. I installed the login_ldap package. 2. I added a ldap section to login.conf 3. I configured my users to be part of the ldap class (using vipw). Users have no local password set. 4. I tested using CVS over SSH and it works as expected. 5. I tried using pserver and cannot authenticate. 6. I set a local password that is different from my ldap password (ssh still uses ldap. sudo still uses ldap). 7. I tried pserver and was able to authenticate with the local password but not ldap's password. I had previously had a similar problem with ftp until I made this change to login.conf: - auth-ftp-defaults:auth-ftp=password: + auth-ftp-defaults:auth-ftp=-ldap: Then, you should have whatever daemon your users use to connect with the usual BSD login mechanism (which might be called bsdauth, or whatever). I don't believe GNU CVS does that, and OpenCVS doesn't do authentication at all. Your best bet is probably setting up ssh; sshd uses the BSD authentication routines by default. You would think that the daemon would use the usual BSD login mechanism but ftpd doesn't. And pserver running out of inetd doesn't either. I don't know if the fact that I'm using inetd for pserver has any bearing on this issue, but I thought giving all information would be helpful. Actually, ftpd does. inetd doesn't do authentication at all, and pserver... well, see below. I know my best bet is using ssh. I'd much rather use ssh. But you can't always do what you want. Some of my 50 developers are using COTS development tools that ONLY know pserver. They don't like it either, but it's required for the project they're working on. So, while pserver sucks, it's necessary in this case. However, unless I am sorely mistaken, by this point, there's no need to set up inetd and what you have is a CVS repository, but *not* a pserver. What I've decided to do since I can't make this work ('cause I'm an idiot) and pserver is insecure and sucks, I'm going to set local passwords for users that require pserver that are different from their LDAP password. That way, their LDAP password won't go in the clear. That is a good solution. The problem is, in fact, rather simple: pserver does, in fact, not use bsd authentication. This is documented in http://ximbiot.com/cvs/manual/cvs-1.12.13/cvs_2.html#SEC31 and elsewhere; however, that page also suggests that you could create a custom password file. Maybe a small script is in order (get 'cvspass' from LDAP, format text file, mv it over the old one, repeat every x minutes)? Anyway, good luck, and let us know if you have any more problems. Joachim
Re: May I have a cluestick, please?
On Wed, Mar 28, 2007 at 03:52:44PM -0400, STeve Andre' wrote: I have a -current system thats working just fine as a web server. Everything is working as it should, save for updating the wtmp for logins. The last entry in the wtmp was the reboot for going live-- since then logins work as expected but there is no record of them. Suggestions as to what to look for, to fix this? File perms aren't a problem, and nothing seems unusual to me. This is a -current system compiled on March 14th. Not that I have any particular idea, but what constitutes a 'login'? Joachim
Re: Long WEP key
On Thu, Mar 29, 2007 at 10:22:36PM +1000, Sunnz wrote: Then is it possible/practical to connect to a VPN machine on your LAN and use the VPN's machines connection? For a simplistic example, say I've got a wireless router gateway, with a cable connected OpenBSD server, and I connect to the server 's VPN via the router wirelessly from my laptop. Yes, this would work. There are still some issues [1], but it would work. Joachim [1] For one, it doesn't prevent someone from just flooding the AP...
Re: ntpd not synching
On Thu, Mar 29, 2007 at 09:13:56AM +0200, Otto Moerbeek wrote: On Wed, 28 Mar 2007, [EMAIL PROTECTED] wrote: hi, On Tue, Mar 27, 2007 at 01:49:16PM +0200, Otto Moerbeek wrote: It looks like your clock drifts more that ntpd can compensate. Please share some details on your setup, like the dmesg. Also, if you remove the drift file, you must reboot, since otherwise the existing frequency compensations stays in effect. ok, i cleared the drift-file and rebooted. as near as i can figure (i had to boot multiple times, and unclean at that) this is what happend slightly bfore/during/after the last boot (the times are so screwed i can't really make it out). Yep, this configrms it. Your clock is drifting so much that ntpd can't keep up. I'm afraid there's not a lot I can do about that. Unless I'm very confused, though, repeated use of something like rdate(8) will work, or, rather, 'work'... Joachim
Re: SMP causing uvm_fault
Hi Ive finally got the current version running and the problem below has disappeared. I was wondering however if the problem has actually been solved. The line of code that Im crashing on is line 3005 of pmap.c in version 4.0: 3005if (pve-pv_ptp (PDE(pve-pv_pmap, 3006 pdei(pve-pv_va)) PG_FRAME) != 3007 VM_PAGE_TO_PHYS(pve-pv_ptp)) { Specifically its crashing on PDE(pve-pv_pmap, pdei(pve-pv_val) because of a page fault. This code has disappeared in -current, but does anybody who was working on this section of code now why I was having this problem or if its been fixed? Thank you Jonathan Steel Jon Steel wrote: Hi Im having a very similar problem as the one reported in Bug Query 5374. Im trying to solve the problem but Im finding it very hard to even get started. Is there somewhere besides the code that I can start to try and understand how SMP is being handled? http://cvs.openbsd.org/cgi-bin/query-pr-wrapper?full=yesnumbers=5374 I can usually duplicate the crash by running the follwing script several times concurrently. #!/usr/bin/perl system(tcpdump -i em1 -w /var/crashTest1.pcap); system(tcpdump -i em1 -w /var/crashTest2.pcap); system(tcpdump -i em1 -w /var/crashTest3.pcap); system(tcpdump -i em1 -w /var/crashTest4.pcap); system(tcpdump -i em1 -w /var/crashTest5.pcap); system(tcpdump -i em1 -w /var/crashTest6.pcap); system(tcpdump -i em1 -w /var/crashTest7.pcap); while (1) { system(nmap 192.168.66.90); } Then after about an hour, when you try and reboot, I get an error: uvm_fault(0x..., 0x..., 0, 1) - e kernel: page fault trap, code = 0 stopped at pmap_page_remove_86+0x114: 0(%eax, %edx, 4), %eax The trace output is: pmap_page_remove_86(d0d31420,c0,e9b57e2c,d04adeb9,e99f) at pmap_page_remove_86+0x114 uvm_vnp_terminate(d8034e04,0,0,0,0,14,0,d7e95004) at uvm_vnpterminate+0x31f uvm_attach(d8034e04,0,2,0,d7f38378) at uvn_attach+0x2b5 uvm_unmap_detach(d7e959a4,0,d7f3841c,1) at uvm_unmap_detach+-x62 uvmspace_free(d7f38378,6,d08120e0) at uvmspace_free+0xfd uvm_exit(d7fbb868,14,8,286) at uvm_exit+0x19 reaper(d80df430) at reaper+0x90 Bad frame pointer: 0xd0913eb8 A couple times the error has also occured on its own without saying 'reboot' when running a ton of nmaps and tcpdumps at the same time. This trace is remarkably similar to the one in Bug Query 5374. Additionally I am using the same processor as he is. There is an unkown core statement in my dmesg but both cores seem to be working correctly. Here is my dmesg: OpenBSD 4.0 (GENERIC.MP) #936: Sat Sep 16 19:27:28 MDT 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC.MP cpu0: Intel(R) Core(TM)2 CPU 6400 @ 2.13GHz (GenuineIntel 686-class) 2.13 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CF LUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,CX16 real mem = 2145869824 (2095576K) avail mem = 1949290496 (1903604K) using 4256 buffers containing 107397120 bytes (104880K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(e6) BIOS, date 10/30/06, BIOS32 rev. 0 @ 0xfd470, SMB IOS rev. 2.51 @ 0x7feea000 (33 entries) bios0: Supermicro PDSMi pcibios0 at bios0: rev 2.1 @ 0xfd470/0xb90 pcibios0: PCI BIOS has 20 Interrupt Routing table entries pcibios0: PCI Interrupt Router at 000:31:0 (Intel 82801GB LPC rev 0x00) pcibios0: PCI bus #15 is the last bus bios0: ROM list: 0xc/0xb000 0xcb000/0x1000 0xcc000/0x1000 0xcd000/0x1000 ipmi at mainbus0 not configured mainbus0: Intel MP Specification (Version 1.4) (INTELMUKILTEO) cpu0 at mainbus0: apid 0 (boot processor) cpu0: unknown Core FSB_FREQ value 0 (0x4208) cpu0: apic clock running at 266 MHz cpu1 at mainbus0: apid 1 (application processor) cpu1: Intel(R) Core(TM)2 CPU 6400 @ 2.13GHz (GenuineIntel 686-class) 2.13 GHz cpu1: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CF LUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,CX16 mainbus0: bus 0 is type PCI mainbus0: bus 9 is type PCI mainbus0: bus 10 is type PCI mainbus0: bus 13 is type PCI mainbus0: bus 14 is type PCI mainbus0: bus 15 is type PCI mainbus0: bus 16 is type ISA ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins ioapic1 at mainbus0: apid 3 pa 0xfec1, version 20, 24 pins pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 Intel E7230 MCH rev 0xc0 ppb0 at pci0 dev 1 function 0 Intel E7230 PCIE rev 0xc0 pci1 at ppb0 bus 1 ppb1 at pci0 dev 28 function 0 Intel 82801GB PCIE rev 0x01 pci2 at ppb1 bus 9 ppb2 at pci2 dev 0 function 0 Intel PCIE-PCIE rev 0x09 pci3 at ppb2 bus 10 em0 at pci3 dev 1 function 0 Intel PRO/1000GT (82541GI) rev 0x05: apic 3 int 0 (irq 11), address 00:0e:0c:b6:80:9e Intel IOxAPIC rev 0x09 at pci2 dev 0 function 1 not configured ppb3 at pci0 dev 28 function 4 Intel 82801G PCIE rev
GENERIC config failed in current
Hi When I installed the current version of the source, my computer froze when starting up after the message mtrr: Pentium Pro MTRR support. When I used the GENERIC config file that came with 4.0, everything worked fine. Just wanted to let the developers know in case there is an issue. My dmesg is included below. Thanks Jonathan Steel OpenBSD 4.0 (GENERIC.MP) #936: Sat Sep 16 19:27:28 MDT 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC.MP cpu0: Intel(R) Core(TM)2 CPU 6400 @ 2.13GHz (GenuineIntel 686-class) 2.13 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CF LUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,CX16 real mem = 2145869824 (2095576K) avail mem = 1949290496 (1903604K) using 4256 buffers containing 107397120 bytes (104880K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(e6) BIOS, date 10/30/06, BIOS32 rev. 0 @ 0xfd470, SMB IOS rev. 2.51 @ 0x7feea000 (33 entries) bios0: Supermicro PDSMi pcibios0 at bios0: rev 2.1 @ 0xfd470/0xb90 pcibios0: PCI BIOS has 20 Interrupt Routing table entries pcibios0: PCI Interrupt Router at 000:31:0 (Intel 82801GB LPC rev 0x00) pcibios0: PCI bus #15 is the last bus bios0: ROM list: 0xc/0xb000 0xcb000/0x1000 0xcc000/0x1000 0xcd000/0x1000 ipmi at mainbus0 not configured mainbus0: Intel MP Specification (Version 1.4) (INTELMUKILTEO) cpu0 at mainbus0: apid 0 (boot processor) cpu0: unknown Core FSB_FREQ value 0 (0x4208) cpu0: apic clock running at 266 MHz cpu1 at mainbus0: apid 1 (application processor) cpu1: Intel(R) Core(TM)2 CPU 6400 @ 2.13GHz (GenuineIntel 686-class) 2.13 GHz cpu1: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CF LUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,CX16 mainbus0: bus 0 is type PCI mainbus0: bus 9 is type PCI mainbus0: bus 10 is type PCI mainbus0: bus 13 is type PCI mainbus0: bus 14 is type PCI mainbus0: bus 15 is type PCI mainbus0: bus 16 is type ISA ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins ioapic1 at mainbus0: apid 3 pa 0xfec1, version 20, 24 pins pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 Intel E7230 MCH rev 0xc0 ppb0 at pci0 dev 1 function 0 Intel E7230 PCIE rev 0xc0 pci1 at ppb0 bus 1 ppb1 at pci0 dev 28 function 0 Intel 82801GB PCIE rev 0x01 pci2 at ppb1 bus 9 ppb2 at pci2 dev 0 function 0 Intel PCIE-PCIE rev 0x09 pci3 at ppb2 bus 10 em0 at pci3 dev 1 function 0 Intel PRO/1000GT (82541GI) rev 0x05: apic 3 int 0 (irq 11), address 00:0e:0c:b6:80:9e Intel IOxAPIC rev 0x09 at pci2 dev 0 function 1 not configured ppb3 at pci0 dev 28 function 4 Intel 82801G PCIE rev 0x01 pci4 at ppb3 bus 13 em1 at pci4 dev 0 function 0 Intel PRO/1000MT (82573E) rev 0x03: apic 2 int 16 (irq 11), address 00:30:48:8a:ca:f8 ppb4 at pci0 dev 28 function 5 Intel 82801G PCIE rev 0x01 pci5 at ppb4 bus 14 em2 at pci5 dev 0 function 0 Intel PRO/1000MT (82573L) rev 0x00: apic 2 int 17 (irq 11), address 00:30:48:8a:ca:f9 uhci0 at pci0 dev 29 function 0 Intel 82801GB USB rev 0x01: apic 2 int 23 (irq 10) usb0 at uhci0: USB revision 1.0 uhub0 at usb0 uhub0: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered uhci1 at pci0 dev 29 function 1 Intel 82801GB USB rev 0x01: apic 2 int 19 (irq 11) usb1 at uhci1: USB revision 1.0 uhub1 at usb1 uhub1: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub1: 2 ports with 2 removable, self powered uhci2 at pci0 dev 29 function 2 Intel 82801GB USB rev 0x01: apic 2 int 18 (irq 5) usb2 at uhci2: USB revision 1.0 uhub2 at usb2 uhub2: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub2: 2 ports with 2 removable, self powered uhci3 at pci0 dev 29 function 3 Intel 82801GB USB rev 0x01: apic 2 int 16 (irq 11) usb3 at uhci3: USB revision 1.0 uhub3 at usb3 uhub3: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub3: 2 ports with 2 removable, self powered ehci0 at pci0 dev 29 function 7 Intel 82801GB USB rev 0x01: apic 2 int 23 (irq 10) usb4 at ehci0: USB revision 2.0 uhub4 at usb4 uhub4: Intel EHCI root hub, rev 2.00/1.00, addr 1 uhub4: 8 ports with 8 removable, self powered ppb5 at pci0 dev 30 function 0 Intel 82801BA AGP rev 0xe1 pci6 at ppb5 bus 15 vga1 at pci6 dev 0 function 0 ATI ES1000 rev 0x02 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) ichpcib0 at pci0 dev 31 function 0 Intel 82801GB LPC rev 0x01: PM disabled pciide0 at pci0 dev 31 function 1 Intel 82801GB IDE rev 0x01: DMA, channel 0 c onfigured to compatibility, channel 1 configured to compatibility atapiscsi0 at pciide0 channel 0 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: TEAC, CD-224E-N, 1.AA SCSI0 5/cdrom removable cd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2 pciide0: channel 1 disabled (no drives) pciide1 at pci0 dev 31
Re: Not getting much bandwidth through the firewall
Hi, Original-Nachricht Datum: Wed, 28 Mar 2007 20:30:39 -0700 (PDT) Von: Watson Crick [EMAIL PROTECTED] An: misc@openbsd.org Betreff: Not getting much bandwidth through the firewall Hi, I've got OpenBSD 4.0 (release) on a laptop setup up as a router between 2 subnets, and providing internet access through a 3rd nic to a DSL modem. The problem is the bandwidth between the two subnets. I'm only getting a maximum of about 500 KB/s between two 100mbit cards. Top shows ~70% interrupt (~29% idle) while these transfers are going on. I don't know what the bottleneck is in the system. Are the Linksys PCMCIA nics crappy? Did I screw something else up? As a test I turned off pf and did ftp transfers from the OpenBSD machine to/from each subnet, and the bandwidth was still limited to ~500 KB/s, so I don't think it's anything in my pf setup. Thanks There is a big difference in performance between 16bit and 32bit PCMCIA-Cards. From my experience you won't get anything higher as 1000KByte/sec from a 16bit card. I don't know the linksys cards but you should test your setup with two 32bit cards. And this has probably nothing to do with operating systems. Regards Stefan Kell
Re: Apple hardware support?
Otto Moerbeek wrote: On Thu, 29 Mar 2007, Tasmanian Devil wrote: The i386 GENERIC.MP kernel runs fine on Intel Macs. You just need to enable ACPI with config -ef bsd.mp (or on the boot prompt). This is not true. At least it has been reported that the MacBook Pro with Core Due 2 processor does not run. Tas is right. I have my MacBook Pro Core 2 Duo dual booting with OS X and OpenBSD (snap around 3/10). I _think_ my installation process was this (since I didn't do make release with -current): 1. Install 4.0 from the CD. 2. Copy an ACPI-enabled bsd.rd to a CDROM, boot to OpenBSD and copy to the hard drive. 3. Reboot and boot to bsd.rd and install the snapshot using FTP. Note: Wifi did not work. Video used VESA driver. I didn't test much else. Next time I get a chance, I'll send a dmesg to [EMAIL PROTECTED] BTW, you can install OpenBSD on a BootCamp partition. After creating the Bootcamp partition using the wizard, boot using the OpenBSD CD, and in the fdisk step in the installer, set the partition type to A6, make it active and update the MBR. I did this. -ME
Re: SMP causing uvm_fault
I forgot to add: In the log of pmap.c I found revision 1.97 date: 2007/02/20 21:15:01; author: tom; state: Exp; lines: +204 -500 Revert PAE pmap for now, until the strange bug is found. This stops the freezes many of us are seeing (especially on amd64 machines running OpenBSD/i386). Much testing by nick@ (as always - thanks!), hugh@, ian@, kettenis@ and Sam Smith (s (at) msmith (dot) net). Requested by, input from, and ok deraadt@ ok art@, kettenis@, miod@ What is the strange bug? Thanks again Jon Steel wrote: Hi Ive finally got the current version running and the problem below has disappeared. I was wondering however if the problem has actually been solved. The line of code that Im crashing on is line 3005 of pmap.c in version 4.0: 3005if (pve-pv_ptp (PDE(pve-pv_pmap, 3006 pdei(pve-pv_va)) PG_FRAME) != 3007 VM_PAGE_TO_PHYS(pve-pv_ptp)) { Specifically its crashing on PDE(pve-pv_pmap, pdei(pve-pv_val) because of a page fault. This code has disappeared in -current, but does anybody who was working on this section of code now why I was having this problem or if its been fixed? Thank you Jonathan Steel Jon Steel wrote: Hi Im having a very similar problem as the one reported in Bug Query 5374. Im trying to solve the problem but Im finding it very hard to even get started. Is there somewhere besides the code that I can start to try and understand how SMP is being handled? http://cvs.openbsd.org/cgi-bin/query-pr-wrapper?full=yesnumbers=5374 I can usually duplicate the crash by running the follwing script several times concurrently. #!/usr/bin/perl system(tcpdump -i em1 -w /var/crashTest1.pcap); system(tcpdump -i em1 -w /var/crashTest2.pcap); system(tcpdump -i em1 -w /var/crashTest3.pcap); system(tcpdump -i em1 -w /var/crashTest4.pcap); system(tcpdump -i em1 -w /var/crashTest5.pcap); system(tcpdump -i em1 -w /var/crashTest6.pcap); system(tcpdump -i em1 -w /var/crashTest7.pcap); while (1) { system(nmap 192.168.66.90); } Then after about an hour, when you try and reboot, I get an error: uvm_fault(0x..., 0x..., 0, 1) - e kernel: page fault trap, code = 0 stopped at pmap_page_remove_86+0x114: 0(%eax, %edx, 4), %eax The trace output is: pmap_page_remove_86(d0d31420,c0,e9b57e2c,d04adeb9,e99f) at pmap_page_remove_86+0x114 uvm_vnp_terminate(d8034e04,0,0,0,0,14,0,d7e95004) at uvm_vnpterminate+0x31f uvm_attach(d8034e04,0,2,0,d7f38378) at uvn_attach+0x2b5 uvm_unmap_detach(d7e959a4,0,d7f3841c,1) at uvm_unmap_detach+-x62 uvmspace_free(d7f38378,6,d08120e0) at uvmspace_free+0xfd uvm_exit(d7fbb868,14,8,286) at uvm_exit+0x19 reaper(d80df430) at reaper+0x90 Bad frame pointer: 0xd0913eb8 A couple times the error has also occured on its own without saying 'reboot' when running a ton of nmaps and tcpdumps at the same time. This trace is remarkably similar to the one in Bug Query 5374. Additionally I am using the same processor as he is. There is an unkown core statement in my dmesg but both cores seem to be working correctly. Here is my dmesg: OpenBSD 4.0 (GENERIC.MP) #936: Sat Sep 16 19:27:28 MDT 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC.MP cpu0: Intel(R) Core(TM)2 CPU 6400 @ 2.13GHz (GenuineIntel 686-class) 2.13 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CF LUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,CX16 real mem = 2145869824 (2095576K) avail mem = 1949290496 (1903604K) using 4256 buffers containing 107397120 bytes (104880K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(e6) BIOS, date 10/30/06, BIOS32 rev. 0 @ 0xfd470, SMB IOS rev. 2.51 @ 0x7feea000 (33 entries) bios0: Supermicro PDSMi pcibios0 at bios0: rev 2.1 @ 0xfd470/0xb90 pcibios0: PCI BIOS has 20 Interrupt Routing table entries pcibios0: PCI Interrupt Router at 000:31:0 (Intel 82801GB LPC rev 0x00) pcibios0: PCI bus #15 is the last bus bios0: ROM list: 0xc/0xb000 0xcb000/0x1000 0xcc000/0x1000 0xcd000/0x1000 ipmi at mainbus0 not configured mainbus0: Intel MP Specification (Version 1.4) (INTELMUKILTEO) cpu0 at mainbus0: apid 0 (boot processor) cpu0: unknown Core FSB_FREQ value 0 (0x4208) cpu0: apic clock running at 266 MHz cpu1 at mainbus0: apid 1 (application processor) cpu1: Intel(R) Core(TM)2 CPU 6400 @ 2.13GHz (GenuineIntel 686-class) 2.13 GHz cpu1: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CF LUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,CX16 mainbus0: bus 0 is type PCI mainbus0: bus 9 is type PCI mainbus0: bus 10 is type PCI mainbus0: bus 13 is type PCI mainbus0: bus 14 is type PCI mainbus0: bus 15 is type PCI mainbus0: bus 16 is type ISA ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins ioapic1 at mainbus0: apid 3 pa 0xfec1, version 20, 24 pins pci0 at mainbus0 bus 0:
[OT] Re: Long WEP key
From: Nick ! [EMAIL PROTECTED] Date: 29 March 2007 2:16:31 PM To: OpenBSD-Misc misc@openbsd.org Subject: Re: Long WEP key On 3/29/07, Lars Hansson [EMAIL PROTECTED] wrote: Maxime DERCHE wrote: IMHO you should think to configure your AP to provide a WAP-based encryption... WAP-based encryption? Do you mean WPA? And to answer the original question: because OpenBSD doesn't support WPA, and Theo has claimed somewhere that I can never find the link to that WPA gives a false sense of security anyway. -Nick From most of my reading a few months ago WPA-PSK is considered reasonably secure provided the pre-shared key is long enough... for some reason I can't find my references, but from memory depending on the source a minimum of around 34 to 39 random ASCII characters (50+ alphanumeric characters) is quoted. Obviously that's a very long passphrase in anyone's language and that's the problem. Most people (understandably) choose a passphrase at most one-third that length and in this situation WPA-PSK may be considered even less secure than the (deservedly) derided WEP.
Re: Long WEP key
* Siegbert Marschall [EMAIL PROTECTED] [2007-03-29 22:13]: If somebody does something bad with my unencrypted access-point using my internet-access, here in germany I am liable. no, you're not. it's not that easy. (and I just leave mine wide open) -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg Amsterdam
Re: Video choppy with mplayer and vlc under xenocara?
* viq [EMAIL PROTECTED] [2007-03-29 23:10:41]: Did anyone experience this? My box was able to play videos fine even when compiling under old XF4, and now after switching to xenocara both mplayer and vlc don't play videos smoothly... dmesg.boot attached, any other info I should provide? I have a multi-head setup (mga,) and the xvideo extension is now only present on screen 0 with the new xenocara. You can check with xvinfo. I have not looked into this. -- Travers Buda
Re: Apple hardware support?
Mike Erdely wrote: [...] Tas is right. I have my MacBook Pro Core 2 Duo dual booting with OS X and OpenBSD (snap around 3/10). I _think_ my installation process was this (since I didn't do make release with -current): 1. Install 4.0 from the CD. 2. Copy an ACPI-enabled bsd.rd to a CDROM, boot to OpenBSD and copy to the hard drive. 3. Reboot and boot to bsd.rd and install the snapshot using FTP. Note: Wifi did not work. Video used VESA driver. I didn't test much else. Next time I get a chance, I'll send a dmesg to [EMAIL PROTECTED] Good to know --- that means there's probably enough there to work, although there's no guarantee that the Apple TV uses sane hardware with OpenBSD drivers. It's also worth pointing out that the Apple EFI implementation is... uh... basic, and doesn't have things in it like the EFI shell, and until recently didn't even have the legacy BIOS emulation. Which means there's no guarantee that the Apple TV has it. Which means I may need a mechanism for booting the OpenBSD kernel directly from EFI --- I don't suppose anyone has been thinking about this? Or GPT partition table support? If I'm really lucky the Apple TV EFI implementation will have a legacy BIOS that will happily boot an MBR disk if it sees one. Do I really think that'll happen? Hell no. I suppose the only thing to do would be to get one and try it. There only mention of Apple on the website is in relation to the macppc port, BTW. -- bbb o=o=o o=o=o=o=o=o=o=oo=o=o= bbb http://www.cowlark.com bbbbbbbbbbbbbbbbbbb b Parents let children ride bicycles on the street. But parents do not b allow children to hear vulgar words. Therefore we can deduce that cursing b is more dangerous than being hit by a car. --- Scott Adams [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
dmesg for 29 10/100 Ethernet Ports in one PC
hello misc@ I bought a collection of old quad port NICS from Ebay and put them in a old gateway server, just to see what would happen. Everything worked great the only trouble I had was *if* the plug and play os option in bios was set to yes. the GENERIC kernel will panic on boot up, however with the plug and play os option in bios set to NO I get the following dmesg. anyone have any ideas on how to use pf to basically emulate a 10/100 switch (with built in firewall support :) ) any ideas are welcome. Sam Fourman Jr. below is a dmesg OpenBSD 4.1-current (GENERIC) #1445: Thu Mar 22 11:06:59 MDT 2007 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel Pentium II (GenuineIntel 686-class, 512KB L2 cache) 400 MHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR real mem = 402223104 (392796K) avail mem = 358932480 (350520K) using 4278 buffers containing 20234240 bytes (19760K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+ BIOS, date 03/01/99, BIOS32 rev. 0 @ 0xfd840, SMBIOS rev. 2.2 @ 0xf2590 (29 entries) bios0: Gateway ALR 7200 pcibios0 at bios0: rev 2.1 @ 0xfd840/0x7c0 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdef0/240 (13 entries) pcibios0: PCI Interrupt Router at 000:02:0 (Intel 82371FB ISA rev 0x00) pcibios0: PCI bus #9 is the last bus bios0: ROM list: 0xc/0x8000 0xc8000/0x5000 0xcd000/0x800 cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 Intel 82443BX AGP rev 0x03 ppb0 at pci0 dev 1 function 0 Intel 82443BX AGP rev 0x03 pci1 at ppb0 bus 1 pcib0 at pci0 dev 2 function 0 Intel 82371AB PIIX4 ISA rev 0x02 pciide0 at pci0 dev 2 function 1 Intel 82371AB IDE rev 0x01: DMA, channel 0 wired to compatibility, channel 1 wired to compatibility pciide0: channel 0 disabled (no drives) pciide0: channel 1 disabled (no drives) uhci0 at pci0 dev 2 function 2 Intel 82371AB USB rev 0x01: irq 11 piixpm0 at pci0 dev 2 function 3 Intel 82371AB Power rev 0x02: SMI iic0 at piixpm0 fxp0 at pci0 dev 3 function 0 Intel 8255x rev 0x05, i82558: irq 9, address 00:c0:0d:00:85:f4 inphy0 at fxp0 phy 1: i82555 10/100 PHY, rev. 0 vga1 at pci0 dev 4 function 0 Cirrus Logic CL-GD5430 rev 0x22 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) ppb1 at pci0 dev 5 function 0 DEC 21150 PCI-PCI rev 0x04 pci2 at ppb1 bus 2 ahc0 at pci2 dev 1 function 0 Adaptec AIC-7890/1 U2 rev 0x00: irq 9 scsibus0 at ahc0: 16 targets sd0 at scsibus0 targ 1 lun 0: IBM, DCAS-34330W, S61A SCSI2 0/direct fixed sd0: 4134MB, 8205 cyl, 6 head, 171 sec, 512 bytes/sec, 8467200 sec total ppb2 at pci2 dev 4 function 0 DEC 21152 PCI-PCI rev 0x03 pci3 at ppb2 bus 3 dc0 at pci3 dev 4 function 0 DEC 21142/3 rev 0x30: irq 9, address 00:c0:95:e1:03:28 dcphy0 at dc0 phy 31: internal PHY dc1 at pci3 dev 5 function 0 DEC 21142/3 rev 0x30: irq 9, address 00:c0:95:e1:03:29 dcphy1 at dc1 phy 31: internal PHY dc2 at pci3 dev 6 function 0 DEC 21142/3 rev 0x30: irq 10, address 00:c0:95:e1:03:2a dcphy2 at dc2 phy 31: internal PHY dc3 at pci3 dev 7 function 0 DEC 21142/3 rev 0x30: irq 11, address 00:c0:95:e1:03:2b dcphy3 at dc3 phy 31: internal PHY ppb3 at pci2 dev 5 function 0 DEC 21152 PCI-PCI rev 0x03 pci4 at ppb3 bus 4 dc4 at pci4 dev 4 function 0 DEC 21142/3 rev 0x41: irq 9, address 00:c0:95:e2:4f:04 dcphy4 at dc4 phy 31: internal PHY dc5 at pci4 dev 5 function 0 DEC 21142/3 rev 0x41: irq 10, address 00:c0:95:e2:4f:05 dcphy5 at dc5 phy 31: internal PHY dc6 at pci4 dev 6 function 0 DEC 21142/3 rev 0x41: irq 11, address 00:c0:95:e2:4f:06 dcphy6 at dc6 phy 31: internal PHY dc7 at pci4 dev 7 function 0 DEC 21142/3 rev 0x41: irq 9, address 00:c0:95:e2:4f:07 dcphy7 at dc7 phy 31: internal PHY ppb4 at pci2 dev 6 function 0 DEC 21152 PCI-PCI rev 0x03 pci5 at ppb4 bus 5 dc8 at pci5 dev 4 function 0 DEC 21142/3 rev 0x30: irq 10, address 00:c0:95:e0:bb:40 dcphy8 at dc8 phy 31: internal PHY dc9 at pci5 dev 5 function 0 DEC 21142/3 rev 0x30: irq 11, address 00:c0:95:e0:bb:41 dcphy9 at dc9 phy 31: internal PHY dc10 at pci5 dev 6 function 0 DEC 21142/3 rev 0x30: irq 9, address 00:c0:95:e0:bb:42 dcphy10 at dc10 phy 31: internal PHY dc11 at pci5 dev 7 function 0 DEC 21142/3 rev 0x30: irq 9, address 00:c0:95:e0:bb:43 dcphy11 at dc11 phy 31: internal PHY ppb5 at pci2 dev 7 function 0 DEC 21152 PCI-PCI rev 0x03 pci6 at ppb5 bus 6 de0 at pci6 dev 4 function 0 DEC 21140 rev 0x22, Cogent EM440TX 21140A pass 2.2: irq 11, address 00:00:d1:1f:d0:11 de1 at pci6 dev 5 function 0 DEC 21140 rev 0x22de2 at pci6 dev 6 function 0 DEC 21140 rev 0x22de3 at pci6 dev 7 function 0 DEC 21140 rev 0x22ahc1 at pci2 dev 9 function 0 Adaptec AIC-7890/1 U2 rev 0x00: irq 9 scsibus1 at ahc1: 16 targets cd0 at scsibus1 targ 5 lun 0: PLEXTOR, CD-ROM PX-32TS, 1.03 SCSI2 5/cdrom removable ppb6 at pci0 dev 18 function 0 DEC 21152 PCI-PCI rev 0x03 pci7 at ppb6 bus 7 de4 at pci7 dev 4 function 0 DEC 21140 rev 0x22, Cogent EM440TX 21140A pass
Re: Long WEP key
Right. As long as we understand that it sucks, it's OK to use? I know when I think about securing my data I'm interested in keeping only the average joes out. I don't know about you, but I use wireless security as an extra layer. It might suck, but it keeps the next door neighbour's laptop from authenticating on my network without his (or my) permission. I just tunnel a VPN over the top and route that through to the wired side. Safe, secure, and it keeps average joe schmuck from always logging onto my network then coming and complaining that i am hacking his laptop when he sees it log onto my network. WEP/WPA have their uses, just not in security. If you understand that you dont' get any security you can add another layer! If you don't understand it, then you're probably not qualified to be deploying a wireless network anyway. Maybe it's OK to run telnetd so long as it's on port 10023 too? Not funny: I've seen people advise moving the port number of all sorts of services for security then recommending turning off all of the inconvenient security options in the daemon now that it is securly on another port that nobody will ever think to look at, and if they do they won't know what server is there anyway. This was from a supposed IT security expert.. A
Re: dmesg for 29 10/100 Ethernet Ports in one PC
On 2007/03/29 18:57, Sam Fourman Jr. wrote: anyone have any ideas on how to use pf to basically emulate a 10/100 switch (with built in firewall support :) ) bridge(4), brconfig(8).
Re: dmesg for 29 10/100 Ethernet Ports in one PC
Sam Fourman Jr. wrote: hello misc@ I bought a collection of old quad port NICS from Ebay and put them in a old gateway server, just to see what would happen. Everything worked great the only trouble I had was *if* the plug and play os option in bios was set to yes. the GENERIC kernel will panic on boot up, however with the plug and play os option in bios set to NO I get the following dmesg. anyone have any ideas on how to use pf to basically emulate a 10/100 switch (with built in firewall support :) ) any ideas are welcome. Sam Fourman Jr. you have me beat there (I've done 20 dc(4) ports, 5xQuads a few years ago). Seven PCI slots? (assuming your fxp is on-board. Took me a while to find #29. :) Wow. Bridge 'em all together, you got yourself an unmanaged switch. Add filtering, you got yourself something that is pretty sophisticated, but before you get too carried away, keep in mind you probably will run out of PCI bus bandwidth long before you saturate more than a few of those NICs... Plus, those things generate a fair amount of heat, make sure air is flowing through there while you are playing with it, hate to have you smoke a bunch of cards you had plans for while having fun... I simplified your dmesg a bit, I was having trouble finding a bunch of the NICs due to odd wrapping problems. fxp0 at pci0 dev 3 function 0 Intel 8255x rev 0x05, i82558: irq 9, dc0 at pci3 dev 4 function 0 DEC 21142/3 rev 0x30: irq 9, address dc1 at pci3 dev 5 function 0 DEC 21142/3 rev 0x30: irq 9, address dc2 at pci3 dev 6 function 0 DEC 21142/3 rev 0x30: irq 10, address dc3 at pci3 dev 7 function 0 DEC 21142/3 rev 0x30: irq 11, address dc4 at pci4 dev 4 function 0 DEC 21142/3 rev 0x41: irq 9, address dc5 at pci4 dev 5 function 0 DEC 21142/3 rev 0x41: irq 10, address dc6 at pci4 dev 6 function 0 DEC 21142/3 rev 0x41: irq 11, address dc7 at pci4 dev 7 function 0 DEC 21142/3 rev 0x41: irq 9, address dc8 at pci5 dev 4 function 0 DEC 21142/3 rev 0x30: irq 10, address dc9 at pci5 dev 5 function 0 DEC 21142/3 rev 0x30: irq 11, address dc10 at pci5 dev 6 function 0 DEC 21142/3 rev 0x30: irq 9, address dc11 at pci5 dev 7 function 0 DEC 21142/3 rev 0x30: irq 9, address de0 at pci6 dev 4 function 0 DEC 21140 rev 0x22, Cogent EM440TX de1 at pci6 dev 5 function 0 DEC 21140 rev 0x22 de2 at pci6 dev 6 function 0 DEC 21140 rev 0x22 de3 at pci6 dev 7 function 0 DEC 21140 rev 0x22 de4 at pci7 dev 4 function 0 DEC 21140 rev 0x22, Cogent EM440TX de5 at pci7 dev 5 function 0 DEC 21140 rev 0x22 de6 at pci7 dev 6 function 0 DEC 21140 rev 0x22 de7 at pci7 dev 7 function 0 DEC 21140 rev 0x22 de8 at pci8 dev 4 function 0 DEC 21140 rev 0x22, Cogent EM440TX de9 at pci8 dev 5 function 0 DEC 21140 rev 0x22 de10 at pci8 dev 6 function 0 DEC 21140 rev 0x22 de11 at pci8 dev 7 function 0 DEC 21140 rev 0x22 de12 at pci9 dev 4 function 0 DEC 21140 rev 0x22, Cogent EM440TX de13 at pci9 dev 5 function 0 DEC 21140 rev 0x22 de14 at pci9 dev 6 function 0 DEC 21140 rev 0x22 de15 at pci9 dev 7 function 0 DEC 21140 rev 0x22 NICk.
Re: [OT] Re: Long WEP key
Actually I always uses a sha1sum of a random file that I have and I make sure I have that file on all my computers... should be random and long enough? 2007/3/30, Damon McMahon [EMAIL PROTECTED]: From: Nick ! [EMAIL PROTECTED] Date: 29 March 2007 2:16:31 PM To: OpenBSD-Misc misc@openbsd.org Subject: Re: Long WEP key On 3/29/07, Lars Hansson [EMAIL PROTECTED] wrote: Maxime DERCHE wrote: IMHO you should think to configure your AP to provide a WAP-based encryption... WAP-based encryption? Do you mean WPA? And to answer the original question: because OpenBSD doesn't support WPA, and Theo has claimed somewhere that I can never find the link to that WPA gives a false sense of security anyway. -Nick From most of my reading a few months ago WPA-PSK is considered reasonably secure provided the pre-shared key is long enough... for some reason I can't find my references, but from memory depending on the source a minimum of around 34 to 39 random ASCII characters (50+ alphanumeric characters) is quoted. Obviously that's a very long passphrase in anyone's language and that's the problem. Most people (understandably) choose a passphrase at most one-third that length and in this situation WPA-PSK may be considered even less secure than the (deservedly) derided WEP. -- Please avoid sending me Word or PowerPoint attachments. See http://www.gnu.org/philosophy/no-word-attachments.html
Re: [OT] Re: Long WEP key
The obvious problem with that is that you're only choosing a limited character and we all know it now ;). Also, what's your definition of random file? Jeremy On 29-Mar-07, at 9:58 PM, Sunnz wrote: Actually I always uses a sha1sum of a random file that I have and I make sure I have that file on all my computers... should be random and long enough? 2007/3/30, Damon McMahon [EMAIL PROTECTED]: From: Nick ! [EMAIL PROTECTED] Date: 29 March 2007 2:16:31 PM To: OpenBSD-Misc misc@openbsd.org Subject: Re: Long WEP key On 3/29/07, Lars Hansson [EMAIL PROTECTED] wrote: Maxime DERCHE wrote: IMHO you should think to configure your AP to provide a WAP- based encryption... WAP-based encryption? Do you mean WPA? And to answer the original question: because OpenBSD doesn't support WPA, and Theo has claimed somewhere that I can never find the link to that WPA gives a false sense of security anyway. -Nick From most of my reading a few months ago WPA-PSK is considered reasonably secure provided the pre-shared key is long enough... for some reason I can't find my references, but from memory depending on the source a minimum of around 34 to 39 random ASCII characters (50+ alphanumeric characters) is quoted. Obviously that's a very long passphrase in anyone's language and that's the problem. Most people (understandably) choose a passphrase at most one-third that length and in this situation WPA-PSK may be considered even less secure than the (deservedly) derided WEP. -- Please avoid sending me Word or PowerPoint attachments. See http://www.gnu.org/philosophy/no-word-attachments.html
Re: Long WEP key
Jeremy Huiskamp wrote: I'd like to hear an actual developer position on that statement. Check the archives for Reyk's comments on WPA. It will be in OpenBSD one day because, secure or not, it is gaining traction and is/will be required by many AP's (especially enterprise AP's). --- Lars Hansson
Re: [OT] Re: Long WEP key
Um, excuse my poor writing. I meant .. choosing from a limited character set ... On 29-Mar-07, at 10:35 PM, I wrote: The obvious problem with that is that you're only choosing a limited character and we all know it now ;). Also, what's your definition of random file? Jeremy On 29-Mar-07, at 9:58 PM, Sunnz wrote: Actually I always uses a sha1sum of a random file that I have and I make sure I have that file on all my computers... should be random and long enough? 2007/3/30, Damon McMahon [EMAIL PROTECTED]: From: Nick ! [EMAIL PROTECTED] Date: 29 March 2007 2:16:31 PM To: OpenBSD-Misc misc@openbsd.org Subject: Re: Long WEP key On 3/29/07, Lars Hansson [EMAIL PROTECTED] wrote: Maxime DERCHE wrote: IMHO you should think to configure your AP to provide a WAP- based encryption... WAP-based encryption? Do you mean WPA? And to answer the original question: because OpenBSD doesn't support WPA, and Theo has claimed somewhere that I can never find the link to that WPA gives a false sense of security anyway. -Nick From most of my reading a few months ago WPA-PSK is considered reasonably secure provided the pre-shared key is long enough... for some reason I can't find my references, but from memory depending on the source a minimum of around 34 to 39 random ASCII characters (50+ alphanumeric characters) is quoted. Obviously that's a very long passphrase in anyone's language and that's the problem. Most people (understandably) choose a passphrase at most one-third that length and in this situation WPA-PSK may be considered even less secure than the (deservedly) derided WEP. -- Please avoid sending me Word or PowerPoint attachments. See http://www.gnu.org/philosophy/no-word-attachments.html
Re: dmesg for 29 10/100 Ethernet Ports in one PC
On Thursday 29 March 2007 16:57, Sam Fourman Jr. wrote: Everything worked great the only trouble I had was *if* the plug and play os option in bios was set to yes. the GENERIC kernel will panic on boot up, however with the plug and play os option in bios set to NO I get the following dmesg. Sam, You didn't specifically mention model numbers, so I'm unable to check if this is even applicable; you might want to try making sure each of the cards is running current firmware. Depending on the mfg age (and/or firmware revision), this *might* make a difference to plug-n-play. Same is true for your system bios firmware. It's a long shot but worth a try. Also clearing the system cache of ACPI data in the bios, then adding the cards one at a time might help to get past the pnp conflict (i.e. conflict is stored). The largest test I've done was years ago with 20+ ports with various brands of NIC's. It works but you need to realize the limitations of your PCI buses. If you try to do max bandwidth across all ports, you can expect poor performance since you will be saturating the PCI buses. -jcr
Re: Not getting much bandwidth through the firewall
On 3/30/07, Ted Unangst [EMAIL PROTECTED] wrote: On 3/29/07, Siju George [EMAIL PROTECTED] wrote: On 3/29/07, Kyle George [EMAIL PROTECTED] wrote: On Wed, 28 Mar 2007, Watson Crick wrote: I've got OpenBSD 4.0 (release) on a laptop setup up as a router between 2 subnets, and providing internet access through a 3rd nic to a DSL modem. The problem is the bandwidth between the two subnets. I'm only getting a maximum of about 500 KB/s between two 100mbit cards. Top If you have an ISP that gives you IP aadrees ( using PPPOE ) it there a way to measure or detect the valuse on the ISP's side? why the hell does the isp matter routing when between two local subnets? :-) I was asking another thing I have an Internet Connection 1Mbps. If I connect a Windows XP tp it I get about 800Kbps Speed but on OpenBSD it never Goes beyond 380Kbps. I have another ISP with 1 Mbps Speed Connection. Both Windows XP and OpenBSD shows aroungd 800 Kbps Speed when Connected Directly to it. So was just wondering what the cause is :-) Just wondering if Increasing net.inet.tcp.{send,recv}space. would solve the problem. Thanks tedu for your response :-) Kind Regards Siju
Re: dmesg for 29 10/100 Ethernet Ports in one PC
On Thu, Mar 29, 2007 at 06:57:17PM -0500, Sam Fourman Jr. wrote: hello misc@ I bought a collection of old quad port NICS from Ebay and put them in a old gateway server, just to see what would happen. Everything worked great the only trouble I had was *if* the plug and play os option in bios was set to yes. the GENERIC kernel will panic on boot up, however with the plug and play os option in bios set to NO I get the following dmesg. fun! anyone have any ideas on how to use pf to basically emulate a 10/100 switch (with built in firewall support :) ) your backplane will be a bit slow... any ideas are welcome. Sam Fourman Jr. feedback about tests with the new RSTP bridge code is welcome... (simply start a bridge, add all ports, enable stp on all ports [rstp is the new default], and plug in some random ethernet devices, dhcp servers and whatever). reyk below is a dmesg OpenBSD 4.1-current (GENERIC) #1445: Thu Mar 22 11:06:59 MDT 2007 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel Pentium II (GenuineIntel 686-class, 512KB L2 cache) 400 MHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR real mem = 402223104 (392796K) avail mem = 358932480 (350520K) using 4278 buffers containing 20234240 bytes (19760K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+ BIOS, date 03/01/99, BIOS32 rev. 0 @ 0xfd840, SMBIOS rev. 2.2 @ 0xf2590 (29 entries) bios0: Gateway ALR 7200 pcibios0 at bios0: rev 2.1 @ 0xfd840/0x7c0 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdef0/240 (13 entries) pcibios0: PCI Interrupt Router at 000:02:0 (Intel 82371FB ISA rev 0x00) pcibios0: PCI bus #9 is the last bus bios0: ROM list: 0xc/0x8000 0xc8000/0x5000 0xcd000/0x800 cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 Intel 82443BX AGP rev 0x03 ppb0 at pci0 dev 1 function 0 Intel 82443BX AGP rev 0x03 pci1 at ppb0 bus 1 pcib0 at pci0 dev 2 function 0 Intel 82371AB PIIX4 ISA rev 0x02 pciide0 at pci0 dev 2 function 1 Intel 82371AB IDE rev 0x01: DMA, channel 0 wired to compatibility, channel 1 wired to compatibility pciide0: channel 0 disabled (no drives) pciide0: channel 1 disabled (no drives) uhci0 at pci0 dev 2 function 2 Intel 82371AB USB rev 0x01: irq 11 piixpm0 at pci0 dev 2 function 3 Intel 82371AB Power rev 0x02: SMI iic0 at piixpm0 fxp0 at pci0 dev 3 function 0 Intel 8255x rev 0x05, i82558: irq 9, address 00:c0:0d:00:85:f4 inphy0 at fxp0 phy 1: i82555 10/100 PHY, rev. 0 vga1 at pci0 dev 4 function 0 Cirrus Logic CL-GD5430 rev 0x22 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) ppb1 at pci0 dev 5 function 0 DEC 21150 PCI-PCI rev 0x04 pci2 at ppb1 bus 2 ahc0 at pci2 dev 1 function 0 Adaptec AIC-7890/1 U2 rev 0x00: irq 9 scsibus0 at ahc0: 16 targets sd0 at scsibus0 targ 1 lun 0: IBM, DCAS-34330W, S61A SCSI2 0/direct fixed sd0: 4134MB, 8205 cyl, 6 head, 171 sec, 512 bytes/sec, 8467200 sec total ppb2 at pci2 dev 4 function 0 DEC 21152 PCI-PCI rev 0x03 pci3 at ppb2 bus 3 dc0 at pci3 dev 4 function 0 DEC 21142/3 rev 0x30: irq 9, address 00:c0:95:e1:03:28 dcphy0 at dc0 phy 31: internal PHY dc1 at pci3 dev 5 function 0 DEC 21142/3 rev 0x30: irq 9, address 00:c0:95:e1:03:29 dcphy1 at dc1 phy 31: internal PHY dc2 at pci3 dev 6 function 0 DEC 21142/3 rev 0x30: irq 10, address 00:c0:95:e1:03:2a dcphy2 at dc2 phy 31: internal PHY dc3 at pci3 dev 7 function 0 DEC 21142/3 rev 0x30: irq 11, address 00:c0:95:e1:03:2b dcphy3 at dc3 phy 31: internal PHY ppb3 at pci2 dev 5 function 0 DEC 21152 PCI-PCI rev 0x03 pci4 at ppb3 bus 4 dc4 at pci4 dev 4 function 0 DEC 21142/3 rev 0x41: irq 9, address 00:c0:95:e2:4f:04 dcphy4 at dc4 phy 31: internal PHY dc5 at pci4 dev 5 function 0 DEC 21142/3 rev 0x41: irq 10, address 00:c0:95:e2:4f:05 dcphy5 at dc5 phy 31: internal PHY dc6 at pci4 dev 6 function 0 DEC 21142/3 rev 0x41: irq 11, address 00:c0:95:e2:4f:06 dcphy6 at dc6 phy 31: internal PHY dc7 at pci4 dev 7 function 0 DEC 21142/3 rev 0x41: irq 9, address 00:c0:95:e2:4f:07 dcphy7 at dc7 phy 31: internal PHY ppb4 at pci2 dev 6 function 0 DEC 21152 PCI-PCI rev 0x03 pci5 at ppb4 bus 5 dc8 at pci5 dev 4 function 0 DEC 21142/3 rev 0x30: irq 10, address 00:c0:95:e0:bb:40 dcphy8 at dc8 phy 31: internal PHY dc9 at pci5 dev 5 function 0 DEC 21142/3 rev 0x30: irq 11, address 00:c0:95:e0:bb:41 dcphy9 at dc9 phy 31: internal PHY dc10 at pci5 dev 6 function 0 DEC 21142/3 rev 0x30: irq 9, address 00:c0:95:e0:bb:42 dcphy10 at dc10 phy 31: internal PHY dc11 at pci5 dev 7 function 0 DEC 21142/3 rev 0x30: irq 9, address 00:c0:95:e0:bb:43 dcphy11 at dc11 phy 31: internal PHY ppb5 at pci2 dev 7 function 0 DEC 21152 PCI-PCI rev 0x03 pci6 at ppb5 bus 6 de0 at pci6 dev 4 function 0 DEC 21140 rev 0x22, Cogent EM440TX 21140A pass 2.2: irq 11, address 00:00:d1:1f:d0:11 de1 at pci6 dev 5 function
Re: dmesg for 29 10/100 Ethernet Ports in one PC
On Thursday 29 March 2007 21:06, J.C. Roberts wrote: On Thursday 29 March 2007 16:57, Sam Fourman Jr. wrote: Everything worked great the only trouble I had was *if* the plug and play os option in bios was set to yes. the GENERIC kernel will panic on boot up, however with the plug and play os option in bios set to NO I get the following dmesg. Sam, You didn't specifically mention model numbers, so I'm unable to check if this is even applicable; you might want to try making sure each of the cards is running current firmware. Depending on the mfg age (and/or firmware revision), this *might* make a difference to plug-n-play. Same is true for your system bios firmware. It's a long shot but worth a try. Also clearing the system cache of ACPI data in the bios, then adding the cards one at a time might help to get past the pnp conflict (i.e. conflict is stored). The largest test I've done was years ago with 20+ ports with various brands of NIC's. It works but you need to realize the limitations of your PCI buses. If you try to do max bandwidth across all ports, you can expect poor performance since you will be saturating the PCI buses. -jcr crap! s/ACPI/ESCD The problematic configuration data can be cached/stored in the Extended System Configuration Data (ECSD) not the ACPI. Sorry for the brain fade. jcr
Re: encrypted svnd and disk throughput
In article [EMAIL PROTECTED], Jacob Yocom-Piatt wrote: MachineSize K/sec %CP K/sec %CP K/sec %CP K/sec %CP K/sec %CP databank.x 300M 18877 91 22440 71 11985 77 20317 75 30745 68 -- You have a 150MB (roughly) machine? processor and 1 GB of 400 MHz DDR2 RAM on i386 4.0-release. Oh, nope. if there is anything further that i can do to up the write and read speeds of these drives besides what i've mentioned above, please let me know. Use a larger test case to test your hypothesis. using 4256 buffers containing 53764096 bytes (52504K) of memory So, out of your 300MB test, 52MB was likely cached in various ways. That being said, svnd/vnd devices have not really been optimized for speed. They are there and work, but could likely stand to be changed and developed significantly. -- [100~Plax]sb16i0A2172656B63616820636420726568746F6E61207473754A[dZ1!=b]salax
Re: Long WEP key
On Fri, Mar 30, 2007 at 01:03:32AM +0200, Henning Brauer wrote: * Siegbert Marschall [EMAIL PROTECTED] [2007-03-29 22:13]: If somebody does something bad with my unencrypted access-point using my internet-access, here in germany I am liable. no, you're not. it's not that easy. (and I just leave mine wide open) How do you know that? http://www.ifross.de/ifross_html/art28.pdf (sorry all in german) The last chapter. I thought about it like Siegbert does. But I'm not sure all about. -- GnuPG: 5755FB64 Per aspera ad astra.
Re: Long WEP key
On Fri, Mar 30, 2007 at 10:51:23AM +0800, Lars Hansson wrote: Jeremy Huiskamp wrote: I'd like to hear an actual developer position on that statement. Check the archives for Reyk's comments on WPA. It will be in OpenBSD one day because, secure or not, it is gaining traction and is/will be required by many AP's (especially enterprise AP's). --- Lars Hansson Why bother adding WPA when you can turn many wlan cards into AP-mode and have an OpenBSD box serve wireless computers with IPsec capabilities. You then have an AP with many more capabilities than any linksys/netgear/whatever AP. And btw, as I can't control radio waves, I consider it inherently insecure. Therefore I don't leave sensitive data traveling in the air. -- Linux is for Windows(c) haters while BSD is for UNIX lovers. http://teardrop.free.fr/
Re: Apple hardware support?
On Thu, 29 Mar 2007, Mike Erdely wrote: Otto Moerbeek wrote: On Thu, 29 Mar 2007, Tasmanian Devil wrote: The i386 GENERIC.MP kernel runs fine on Intel Macs. You just need to enable ACPI with config -ef bsd.mp (or on the boot prompt). This is not true. At least it has been reported that the MacBook Pro with Core Due 2 processor does not run. Tas is right. I have my MacBook Pro Core 2 Duo dual booting with OS X and OpenBSD (snap around 3/10). I _think_ my installation process was this (since I didn't do make release with -current): 1. Install 4.0 from the CD. 2. Copy an ACPI-enabled bsd.rd to a CDROM, boot to OpenBSD and copy to the hard drive. 3. Reboot and boot to bsd.rd and install the snapshot using FTP. That's different than the report fom Jason Dixon. He was trying current bsd.rd. Anyway, as you mention some problems remain. To me the most annyoing is the UKC prompt not working, which means you can't enable ACPI on a stock bsd.rd and you have to compile a bsd.rd with ACPI enabled. Other than that my MacBook (with Core Duo (no 2)) works quite ok, apart from the sound and wireless, which do not work. Even X works, but you'll have to use the 915 resolution port to get native resolution. -Otto Note: Wifi did not work. Video used VESA driver. I didn't test much else. Next time I get a chance, I'll send a dmesg to [EMAIL PROTECTED] BTW, you can install OpenBSD on a BootCamp partition. After creating the Bootcamp partition using the wizard, boot using the OpenBSD CD, and in the fdisk step in the installer, set the partition type to A6, make it active and update the MBR. I did this. -ME
Re: encrypted svnd and disk throughput
have done a bit of testing with bonnie++ on encrypted svnd devices Very interesting devices, I made first tests with them, too. if anyone else has gotten similar performance results i'd like to see them. Yes, I had similar results. I had a MySQL database running on an encrypted SVND, and though I didn't measured it precisely, I had roughly 15 seconds for a query with the database files on the encrypted device and roughly 5 seconds for the same query with the files directly on the harddisk. But it all depends on what you want to do with it. If you have static files, e.g. for a download page on a webserver, you can copy them to a RAM disk (mfs) before starting the webserver (add a GB RAM if necessary), and you won't care about the svnd speed anymore as it's get read only once at startup. In my case, which will most probably be a MySQL database, I'll experiment also with a RAM disk soon: I'll create the RAM disk with the database files from the encrypted disk and start MySQL with the files in RAM (which should be quite fast as long as there's enough RAM) and copy them back with a script after shutting down MySQL. Additionally I'll run a second MySQL server as a slave, probably as a first test even on the same machine, for database replication directly to the encrypted disk. Performance is quite unimportant for the replication server in my case and it doesn't affect the master at all, it just reads the master's log files (from the RAM disk) and keeps a database copy for the case of power failure. I'm quite sure there are more workarounds depending of what you want to do with your encrypted data, but if you want want to use encryption, it will always be slower on the same hardware. That's the price for encryption, at least that's how I see it. Tas.
Re: [OT] Long WEP key
no, you're not. it's not that easy. (and I just leave mine wide open) As far as I know, if you leave it open you're not liable because you cannot prove who would have strolled by. If you put any sort of security at all to prevent outsiders it can be reasonably assumed that you were the person who did whatever you did... Now, I am not a lawyer but I have had interesting discussions with legal types about it. There is mixed views and there was no precedent last we discussed it. A
AVG 7.0 für Lotus Notes fand einen Virus im Anhang:
Von: misc@openbsd.org An: [EMAIL PROTECTED] Eingangsdatum: 29.03.2007 07:28:37 Betreff: [SPAM detected by Phion] Returned mail: Data format error Virus Virus identifiziert: I-Worm/Mydoom.O erkannt im Anhang pewag.com.zip