google team and the DIY way of life
-- Forwarded message -- From: xavier brinon [EMAIL PROTECTED] Date: Nov 12, 2007 10:12 AM Subject: Re: google team and the DIY way of life To: michael hamerski [EMAIL PROTECTED] I'm working for a French ISP where the dev team seems to live in a kind of secret chamber. I tried 3 times to code my own tools, sharing it with collegues. I've been told to quickly remove them, even if the tools helped a lot my collegues and myself. It's a shame, they didn't look at it and we were all back to the old tools. It's just for me to show that sharing code inside a company and having the ability to work with it is not available for everyone. It's not what they do, it's the way they work that is important for me here. I don't know how your company deals with that kind of thing, mine just don't. you must read that post like : hey, what you do here is great ! Even big companies know that ! I can post it in every open source community list, but i'm just an openBSD fan. And Misc@ seemed the most relevant to me. Sorry if it is not. On Nov 11, 2007 11:15 PM, michael hamerski [EMAIL PROTECTED] wrote: Posted by Reza Behforooz, Software Engineer In my first month at Google, I complained to a friend on the Gmail team about a couple of small things that I disliked about Gmail. I ... Dear Google, Could you get Reza to fix contact/label whitelisting in Gmail while he's at it? thanks, mike
Re: Any Ethereal, Wireshark related software in 4.2 ports?
On 2007/11/11 14:20, Ray Percival wrote: On Nov 11, 2007, at 10:03 AM, Barry Miller wrote: Of course, if a bad guy _does_ get control of wireshark, he OWNS your network, but at least you're not totally rooted. Take your chances. How so? Given that all it is a frontend to libpcap. And how does this not apply to tcpdump? tcpdump runs the scary code in a jail.
Re: MacBook remote control
On Nov 10, 2007 10:03 PM, Richard Storm [EMAIL PROTECTED] wrote: Hello! I have macbook: hw.model=Intel(R) Core(TM)2 CPU T7400 @ 2.16GHz hw.vendor=Apple Inc. hw.product=MacBook2,1 hw.version=1.0 On http://wiki.freebsd.org/AppleMacbook IR receiver section there is tool available at http://fnop.net/~rpaulo/priv/freebsd/aird.tgz. Here is patch that makes it compile/work under openbsd with my macbook and remote control. Ignore manpage, run like this: ./aird -vd -f /dev/uhid1 -M echo menu -P echo play -F echo forward -B echo backward -U echo volumeup -D echo volumedown --- aird.c.orig Tue Jul 31 21:26:36 2007 +++ aird.c Sat Nov 10 22:56:10 2007 @@ -50,7 +50,6 @@ */ #include sys/cdefs.h -__FBSDID($FreeBSD$); #include err.h #include errno.h @@ -69,24 +68,17 @@ #include sys/ioctl.h #include sys/stat.h -#include libutil.h #include dev/usb/usb.h #include dev/usb/usbhid.h -static struct pidfh *pfh; - static voidsighandler(int sig); static voidusage(void); static voidruncmd(const char *cmd, int fd); -static void -sighandler(__unused int sig) +static void sighandler(int sig) { - if (pfh) - pidfile_remove(pfh); - exit(EXIT_SUCCESS); } @@ -96,7 +88,7 @@ fprintf(stderr, usage: %s [-vd] [-p pidfile] -f device [-M menu command]\n\t[-P play command] [-F forward command] [-B backward command]\n\t[-U volume up command] - [-D volume down command]\n, getprogname()); + [-D volume down command]\n, aird); exit(1); } @@ -132,8 +124,6 @@ const char *deventry; unsigned char key; - pfh = NULL; - signal(SIGHUP, sighandler); signal(SIGINT, sighandler); signal(SIGCHLD, SIG_IGN); @@ -207,23 +197,9 @@ err(EXIT_FAILURE, open %s, deventry); if (!foreground) { - pfh = pidfile_open(pidfile, 0600, otherpid); - if (pfh == NULL) { - if (errno == EEXIST) { - errx(EXIT_FAILURE, - Daemon already running, pid: %jd., - (intmax_t)otherpid); - } - /* If we cannot create pidfile from other reasons, - only warn. */ - warn(Cannot open or create pidfile); - } - if (daemon(0, 0) 0) { - pidfile_remove(pfh); err(EXIT_FAILURE, daemon); } - pidfile_write(pfh); } memset(prevbuf, 0, sizeof(prevbuf)); @@ -243,9 +219,6 @@ exit(EXIT_SUCCESS); } - if (key buf[3] != key) - continue; - /* * Check for key repeats. */ @@ -273,7 +246,7 @@ repeating = 0; } - switch (buf[4]) { + switch (buf[3]) { /* Menu */ case 0x02: case 0x03: @@ -308,7 +281,6 @@ } } - pidfile_remove(pfh); close(fd); return (0); Cool! I'm slacking behind on my coding so I really need to update my source and see if my bluetooth patches works. I'll see if I get time to test this when I get home. BR dunceor
Re: OpenBSD 4.2 on Intel Board S3000AHLX + QuadNic EXPI9404PT =couldn't map interrupt
Hi, with help form Insan Praja, I able to enable acpi now. But I have still the same problems with the QuadPort NIC. :( My last try was to build on this system a fresh new Kernel from the current CVS but still the same problem. dmesg from the snapshot from Thu Nov 8: OpenBSD 4.2-current (GENERIC) #2: Thu Nov 8 10:46:42 WIT 2007 [EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/GENERIC real mem = 1069268992 (1019MB) avail mem = 1026822144 (979MB) User Kernel Config UKC disable apm UKC enable acpi 272 acpi0 enabled UKC quit Continuing... RTC BIOS diagnostic error ffixed_disk,invalid_time mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.4 @ 0x3fc1d000 (43 entries) bios0: vendor Intel Corporation version S3000.86B.02.00.0035.111020061326 date 11/10/2006 bios0: Intel S3000AHLX acpi0 at mainbus0: rev 0 acpi0: tables DSDT FACP APIC WDDT MCFG ASF! SSDT SSDT SSDT SSDT SSDT acpi0: wakeup devices SLPB(S4) P32_(S4) UAR1(S1) PEX4(S4) PEX5(S4) UHC1(S1) UHC2(S1) UHC3(S1) UHC4(S1) EHCI(S1) AC9M(S4) AZAL(S4) acpitimer at acpi0 not configured acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 9 (P32_) acpiprt2 at acpi0: bus 5 (PEX0) acpiprt3 at acpi0: bus 6 (PXS1) acpiprt4 at acpi0: bus -1 (PEX1) acpiprt5 at acpi0: bus -1 (PEX2) acpiprt6 at acpi0: bus -1 (PEX3) acpiprt7 at acpi0: bus 7 (PEX4) acpiprt8 at acpi0: bus 8 (PEX5) acpicpu at acpi0 not configured acpicpu at acpi0 not configured acpicpu at acpi0 not configured acpicpu at acpi0 not configured acpibtn0 at acpi0: SLPB cpu0 at mainbus0: (uniprocessor) cpu0: Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz, 2200.25 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36, CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,EST,TM2 ,CX16,xTPR,NXE,LONG cpu0: 2MB 64b/line 8-way L2 cache pci0 at mainbus0 bus 0: configuration mode 1 pchb0 at pci0 dev 0 function 0 Intel E7230 MCH rev 0x00 ppb0 at pci0 dev 1 function 0 Intel E7230 PCIE rev 0x00 pci1 at ppb0 bus 1 ppb1 at pci1 dev 0 function 0 vendor IDT, unknown product 0x8018 rev 0x04 pci2 at ppb1 bus 2 ppb2 at pci2 dev 0 function 0 vendor IDT, unknown product 0x8018 rev 0x04 pci3 at ppb2 bus 3 em0 at pci3 dev 0 function 0 Intel PRO/1000 QP (82571EB) rev 0x06pci_intr_map: bad interrupt line 128 : couldn't map interrupt em0: Allocation of PCI resources failed em1 at pci3 dev 0 function 1 Intel PRO/1000 QP (82571EB) rev 0x06pci_intr_map: bad interrupt line 128 : couldn't map interrupt em1: Allocation of PCI resources failed ppb3 at pci2 dev 1 function 0 vendor IDT, unknown product 0x8018 rev 0x04 pci4 at ppb3 bus 4 em2 at pci4 dev 0 function 0 Intel PRO/1000 QP (82571EB) rev 0x06pci_intr_map: bad interrupt line 128 : couldn't map interrupt em2: Allocation of PCI resources failed em3 at pci4 dev 0 function 1 Intel PRO/1000 QP (82571EB) rev 0x06pci_intr_map: bad interrupt line 128 : couldn't map interrupt em3: Allocation of PCI resources failed ppb4 at pci0 dev 28 function 0 Intel 82801GB PCIE rev 0x01 pci5 at ppb4 bus 5 ppb5 at pci5 dev 0 function 0 Intel PCIE-PCIE rev 0x09 pci6 at ppb5 bus 6 ppb6 at pci0 dev 28 function 4 Intel 82801G PCIE rev 0x01 pci7 at ppb6 bus 7 ppb7 at pci0 dev 28 function 5 Intel 82801G PCIE rev 0x01 pci8 at ppb7 bus 8 em4 at pci8 dev 0 function 0 Intel PRO/1000MT (82573E) rev 0x03: irq 9, address 00:15:17:29:70:25 Intel 82573E AMT rev 0x03 at pci8 dev 0 function 3 not configured Intel 82573E KCS (Active Management) rev 0x03 at pci8 dev 0 function 4 not configured ppb8 at pci0 dev 30 function 0 Intel 82801BA AGP rev 0xe1 pci9 at ppb8 bus 9 vga1 at pci9 dev 4 function 0 ATI ES1000 rev 0x02 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) em5 at pci9 dev 5 function 0 Intel PRO/1000MT (82541GI) rev 0x05: irq 9, address 00:15:17:29:70:26 pcib0 at pci0 dev 31 function 0 Intel 82801GB LPC rev 0x01 pciide0 at pci0 dev 31 function 1 Intel 82801GB IDE rev 0x01: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility atapiscsi0 at pciide0 channel 0 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: Optiarc, DVD RW AD-7540A, 1.01 SCSI0 5/cdrom removable cd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2 pciide0: channel 1 disabled (no drives) pciide1 at pci0 dev 31 function 2 Intel 82801GB SATA rev 0x01: DMA, channel 0 configured to native-PCI, channel 1 configured to native-PCI pciide1: using irq 10 for native-PCI interrupt wd0 at pciide1 channel 0 drive 0: Hitachi HDS721680PLA380 wd0: 16-sector PIO, LBA48, 76319MB, 156301488 sectors wd0(pciide1:0:0): using PIO mode 4, Ultra-DMA mode 5 ichiic0 at pci0 dev 31 function 3 Intel 82801GB SMBus rev 0x01: irq 10 iic0 at ichiic0 adt0 at iic0 addr 0x2e: emc6d100 rev 0x69 spdmem0 at iic0 addr 0x50: 512MB DDR2 SDRAM ECC PC2-5300CL5 spdmem1 at iic0 addr 0x52: 512MB DDR2 SDRAM ECC PC2-5300CL5 isa0 at pcib0 isadma0 at isa0 com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo pckbc0 at isa0 port 0x60/5 pckbd0 at
anyone succeeded with compiling cvsup on linux recently?
Hi, I have been trying to compile ezm3 and bootstrap for linuxlibc6 to use with cvup-snap-16.1h but to no avail. I would be interested in hearing if anyone on this list has succeeded with installing cvsup on linux, and if so would they be willing to share their knowledge. Zlfar M. E. Johnson Sk}rr [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] 569 5100 http://www.skyrr.is http://www.skyrr.is http://www.skyrr.is/legal/disclaimer.txt http://www.skyrr.is/legal/disclaimer.txt
Re: Seeking info for RAID 1 on OpenBSD
On Aug 4, 2007 9:26 PM, Greg Oster [EMAIL PROTECTED] wrote: L. V. Lammert writes: On Fri, 3 Aug 2007, Joel Knight wrote: --- Quoting HDC on 2007/08/02 at 20:26 -0300: Read this... http://www.packetmischief.ca/openbsd/doc/raidadmin/http://www.packetmisc hief .ca/openbsd/ I used to use raidframe and followed the procedures in that doc for doing so, but now there's no point. If the system requires any type of raid, go hardware. Long live bio(4). IF you choose to NOT use a h/w controller, use rsync instead. Permits quick recovery in the case of a drive failure (swap drive cables reboot), does not require lengthy parity rebuild. And you only lose the data written since the last rsync... and your system probably goes down instead of staying up until you can fix it.. RAIDframe, like hardware RAID and rsync, is just another tool. Understand the pros and cons of each, but be willing to accept the risks associated with whatever you choose... (if you think hardware RAID is riskless, then you've never had a 2TB RAID set suddenly decide that all components were offline and mark them as such!) For the folks who dislike the long parity checks... If you're willing to accept a window during which some of your data *might* be at risk, change: raidctl -P all to something like sleep 3600 ; raidctl -P all Greg does a minor correction it should actually be (sleep 3600 ; raidctl -P all) What I do id I comment out raidctl -P all in /etc/rc and put (sleep 600; raidctl -P all) at the end of /etc/rc.local. So the parity rebuild starts only 10 minutes after the system is up an running from the master disk. thanks :-) Siju in /etc/rc . This will, of course, delay the start of the parity computation for an hour or so, giving your system a chance to do the fscks and get back to multi-user as quickly as possible. The risk here is as follows (this is for RAID 1.. risks for RAID 5 are slightly higher): 1) even though parity is marked 'dirty', it might actually be in sync. In this case if you have a component failure, your data is fine. 2) until the parity check is done, only the 'master' component is used for reading. But any writes will be done are mirrored to both components. That means that when the fsck is being done, any problems found will be fixed on *both* components, and writes will keep the two in sync even before parity is checked. 3) Where the risk of data loss comes in is if the master dies before the parity check gets done. In this case, data on the master that was not re-written or that was out-of-sync with the slave will be lost. This could result in the loss of pretty much anything. The important thing here is for you to evaluate your situation and decide whether this level of risk is acceptable... For me, I use the equivalent to 'sleep 3600' on my home desktop.. and slightly modified versions of it on other home servers and other boxen I look after.. But don't blindly listen to me or anyone else -- learn what the risks are for your situation, determine what level of risk you can accept, and go from there... Later... Greg Oster
access denied
Sign-In Protection Alert An attempt to access Online Banking was denied on: Monday, 12 Nov 2007 at 2:04:26 EST Access was denied for one of two reasons: * Incorrect attempts to access and Login failures. * Signing on from a different location or device different from your location and your IP address. If you remember trying to access Online Banking on the above date and time, please select That was me. If you do not remember trying to access Online Banking on the above date and time, please select That was NOT me. You will then be prompted to safeguards your account. That was me That was not me ) At CIBC, we take our commitment to our customers very seriously.
Re: bgpd patch, WAS: bgpd causing black-holes with bgp-only setup
On 11/12/07, Claudio Jeker [EMAIL PROTECTED] wrote: On Tue, Nov 06, 2007 at 06:26:47PM +0100, Tony Sarendal wrote: New version. Less duplication and a nice feature as bonus. With softreconfig in enabled the looped prefixes are accepted into the Adj-RIB-In. This means that I can tell if my neighbor AS is using a path via myself. Either I'm tired or that is cool. router-02# bgpctl show rib 192.168.0.0 flags: * = Valid, = Selected, I = via IBGP, A = Announced origin: i = IGP, e = EGP, ? = Incomplete flags destination gateway lpref med aspath origin *192.168.0.0/16 192.168.100.5 100 0 65100 i * 192.168.0.0/16 172.17.1.1 100 0 65200 65100 i * 192.168.0.0/16 172.17.1.5 100 0 65200 65200 65200 65200 65100 i router-02# I now kill the peering that 65200 has to 65100, removing their direct path to 192.168.0.0/16. router-02# bgpctl show rib 192.168.0.0 flags: * = Valid, = Selected, I = via IBGP, A = Announced origin: i = IGP, e = EGP, ? = Incomplete flags destination gateway lpref med aspath origin *192.168.0.0/16 192.168.100.5 100 0 65100 i router-02# Sweet, the looping issue is gone. Here is the bonus: router-02# bgpctl show rib neigh 172.17.1.5 in | grep 65300 * 172.17.0.2/32 172.17.1.5 100 0 65200 65300 i * 192.168.0.0/16 172.17.1.5 100 0 65200 65300 65100 i * 192.168.100.4/30172.17.1.5 100 0 65200 65300 i router-02# I now see the paths that the peer uses my network to access. Note that this depends a bit on remote implementation. I think this works agains a cisco router. /Tony Index: rde.c === RCS file: /cvs/src/usr.sbin/bgpd/rde.c,v retrieving revision 1.228 diff -u -r1.228 rde.c --- rde.c 16 Sep 2007 15:20:50 - 1.228 +++ rde.c 6 Nov 2007 17:08:50 - @@ -919,12 +919,6 @@ /* shift to NLRI information */ p += 2 + attrpath_len; - /* aspath needs to be loop free nota bene this is not a hard error */ - if (peer-conf.ebgp !aspath_loopfree(asp-aspath, conf-as)) { - error = 0; - goto done; - } - /* parse nlri prefix */ while (nlri_len 0) { if ((pos = rde_update_get_prefix(p, nlri_len, prefix, @@ -977,10 +971,18 @@ if (fasp == NULL) fasp = asp; - rde_update_log(update, peer, fasp-nexthop-exit_nexthop, - prefix, prefixlen); - path_update(peer, fasp, prefix, prefixlen, F_LOCAL); - + rde_update_log(update, peer, + fasp-nexthop-exit_nexthop,prefix, + prefixlen); + /* handle an update with loop as a withdraw */ + if (peer-conf.ebgp !aspath_loopfree(asp-aspath, + conf-as)) + prefix_remove(peer, prefix, prefixlen, + F_LOCAL); + else + path_update(peer, fasp, prefix, prefixlen, + F_LOCAL); + /* free modified aspath */ if (fasp != asp) path_put(fasp); @@ -1075,9 +1077,15 @@ rde_update_log(update, peer, asp-nexthop-exit_nexthop, - prefix, prefixlen); - path_update(peer, fasp, prefix, prefixlen, - F_LOCAL); + prefix, prefixlen); + /* handle an update with loop as a withdraw */ + if (peer-conf.ebgp + !aspath_loopfree(asp-aspath,conf-as)) + prefix_remove(peer, prefix, + prefixlen,F_LOCAL); + else + path_update(peer, fasp, prefix, + prefixlen,F_LOCAL); /* free modified aspath */ if (fasp != asp) I looked a bit closer at this problem and the RFC mentions that pathes with loops need to be inserted into the RIB and will be ignored in phase 2 of the decision process. So this diff does just about that. It does not remove any prefix if there is a loop but instead is ignoring them during the route decision process. This seems to work for me but I'm currently unable to do larger tests. -- :wq Claudio Index: rde.c === RCS file: /cvs/src/usr.sbin/bgpd/rde.c,v retrieving revision 1.228 diff -u -p -r1.228 rde.c --- rde.c 16
Re: Any Ethereal, Wireshark related software in 4.2 ports?
On Nov 12, 2007 3:09 PM, Stuart Henderson [EMAIL PROTECTED] wrote: On 2007/11/11 14:20, Ray Percival wrote: On Nov 11, 2007, at 10:03 AM, Barry Miller wrote: Of course, if a bad guy _does_ get control of wireshark, he OWNS your network, but at least you're not totally rooted. Take your chances. How so? Given that all it is a frontend to libpcap. And how does this not apply to tcpdump? tcpdump runs the scary code in a jail. Thanks a lot Cabillot, Kevin, Barry, Ray, Bryan and Stuart for the Detailed Information :-) Kind Regards Siju
Re: Printing with apsfilter
On 11.11-18:31, Predrag Punosevac wrote: [ ... ] Could you give any comments about LPRng please? only that i have never really needed it. the stardand lpr distribution has always been sufficient. i've never tried to deploy complex groups/queuing/policies with lpr except under AIX (which has it's own setup/configuration). -- t t w
Re: when was a pkg installed !!!
hmm, on Wed, Nov 07, 2007 at 12:40:21PM -0800, badeguruji said that i ran pkg_info with all common options but none tell me when was the pkg installed!!! the daily script will check also added packages. http://www.openbsd.org/cgi-bin/cvsweb/src/etc/security?rev=1.79content-type=text/x-cvsweb-markup (hopefully the simpler diff will get in too, search the archives) -f -- when childhood dies, its corpses are called adults.
Re: Printing with apsfilter
On 12.11-12:58, Girish Venkatachalam wrote: [ ... ] Thanks. I definitely stand corrected. I definitely meant PDL and not PCL. My memory failed due to lack of proper understanding. Sorry... often make the same error. :-) [ ... ] I want to know what happens behind the scenes when you type $ lpr foo.ps Assuming that foo.ps is the output of a2ps. depends on the scenario. if your printer supports postscript then nothing much. the lpd accepts the print job, queues it and eventually routes it on to the correct device (sometimes across another lpr session, sometimes via jetdirect, sometimes parallel port, usb, etc, etc). if it's not a postscript printer (e.g. an old hp laserjet that supports PCL) then the lpr system needs to be configured with a filter. this filter simply takes the input, processes it in some way and passes it back to lpd for queuing. generally this filter is ghostscript which processes the postscript to the correct printer language but we used to write scripts and progs for various conversions (e.g. EBCDIC-ASCII, XES-PCL) too, and there are still some examples out there (probably one or too in the standard distribution if you look under /usr/share somewhere). i haven't used the filter program others mentioned but i would guess that it installs itself as the standard lpd filter and is smart enough to make the correct conversions (probably passing a lot of the work to ghostscript for postscript input, hence the reason it asks for which gs printer driver it should use for each device). [ ... ] And what is the relation between PS and PDF? I hear that even PDF is some form of PDL. As you can see I am quite lost at this point. :) then you need to do a little more research. :-) PDF is very similar to PostScript but it produces much smaller documents (using JPEG compression and other tricks not normally used in PS as they just cause the printer more work) and so is more suitable for storing and exchanging documents in that format (it also has some extensions relating to the document it's describing). i don't know of any printers that support printing PDF documents directly but i'm sure they're out there. -- t t w
HP Procurve or Soekris w. OpenBSD ?
Goodday, Looking to manage several webservers I am wondering if anybody uses something like this: http://soekris.kd85.com/images/tn/dsc03600.med.jpg ? (That image shows Wim's net4801-50 plus quadport lan1641 firewall box, giving 7 ports with low powerconsumption - on OpenBSD) The standard choice in my datacenter (linux users mostly) seems to be HP Procurve but I'd prefer the power of PF. I have no idea how rigid /stable/fast the Soekris machines are, I've never used one. I'm wondering if a setup as mentioned could (speedwise) compete and if it is a sane idea to deploy something like this in the DC. Any advise is appreciated. Thanks. Matt
Re: HP Procurve or Soekris w. OpenBSD ?
On 11/12/07, Matt [EMAIL PROTECTED] wrote: Goodday, Looking to manage several webservers I am wondering if anybody uses something like this: http://soekris.kd85.com/images/tn/dsc03600.med.jpg ? (That image shows Wim's net4801-50 plus quadport lan1641 firewall box, giving 7 ports with low powerconsumption - on OpenBSD) The standard choice in my datacenter (linux users mostly) seems to be HP Procurve but I'd prefer the power of PF. I have no idea how rigid /stable/fast the Soekris machines are, I've never used one. I'm wondering if a setup as mentioned could (speedwise) compete and if it is a sane idea to deploy something like this in the DC. Any advise is appreciated. Thanks. If you are looking for raw networking performance, don't go for soekris. I don't know exactly the 4801, but I use a couple of 4501 as firewalls and IPSec-Routers for connections of up to 5 MBit/sec. Seeing the specs of the 4801 and knowing the 4501, I wouldn't use them for more than about 40-50 Mbit/sec. There are people on this list, who have more experience with the 4801. BUT you have to test for yourself if it fits your needs, and your performance depends a lot on your setting. --knitti
IPMI
How I would disable the ipmi? I get this error on my system, /bsd: ipmi0: error code: ff when watchdog is running Thanks
Re: [OT] making Firefox respect telnet:// URLs
On 11.11-22:32, ropers wrote: [ ... ] So far, I have created a script .telnet4firefox.sh in my home folder, made that executable (chmod u+x), and in Firefox' about:config I have added a new boolean network.protocol-handler.external.telnet (set to true) and a new string network.protocol-handler.app.telnet (set to /home/ropers/.telnet4firefox.sh). The contents of the script are: #!/bin/sh xterm -e telnet ${1##telnet://} When I click a telnet URL that does not specify a port, it works, xterm launches with telnet, which duly connects to the port. [ ... ] Currently, if I click on telnet://mud.vhdev.com:1991, telnet is called with telnet mud.vhdev.com:1991 instead of telnet mud.vhdev.com 1991 just do a little more work with '/bin/sh'. the other example posted is fine if all URLs are well formed, otherwise i'd suggest you do a little more work (i.e. don't trust IFS to work). #!/bin/sh ### execute telnet in xterm # grab the url ... URL=$1 # ... and strip the protocol from the front URL_noproto=${URL#telnet://} # remove any trailing bits from URL URL_addr=${URL_noproto%%/*} # strip URL_addr to the first ':' to get the host ... host_taint=${URL_addr%:*} # ... and strip unexpected stuff host=${host_taint%%[^A-Za-z.-]*} # strip URL_addr to the last ':' to get the port ... port_taint=${URL_addr##*:} #... and strip unexpected stuff port=${port_taint%%[^0-9]*} xterm -e telnet ${host} ${port} you could also do a little more sanity checking if you're paranoid (sensible?) but you won't gain much except overhead by using awk as the amount of sanity required checking for URLs and all the possible encodings is extensive. the best option is probably to invoke perl or python and use a standard URL library to parse the argument. -- t t w
Re: IPMI
On Nov 12, 2007 1:10 PM, Kleber Rocha [EMAIL PROTECTED] wrote: How I would disable the ipmi? I get this error on my system, /bsd: ipmi0: error code: ff when watchdog is running Thanks Just boot with boot -c so you get into UKC. Then disable ipmi with 'disable ipmi'. You can also comment it our in your config and build a new kernel if you want it to stay more permanantly. BR dunceor
Re: [OT] making Firefox respect telnet:// URLs
On 12.11-02:24, Ingo Schwarze wrote: [ ... ] On a side note, do not use exec xmessage $url: parse error; or surfing to telnet://localhost:1234halt# might yield surprising results. Your sh-kludge cited above is even worse; please DO try surfing to telnet://localhost:1234xmessage:bad:guys:got:in but do NOT try surfing to telnet://localhost:1234__rm:-rf:~ ^^ mangled to avoid damaged feet nice examples but don't think they'll work. $3 (i.e. the port parameter) will not include the command arguments. replacing the with '%5C%20' may work depending on how firefox pre-processes the URLs prior to execution. -- t t w
Re: IPMI
Karl Sjodahl - dunceor [EMAIL PROTECTED] writes: You can also comment it our in your config and build a new kernel if you want it to stay more permanantly. You can also use config -e to edit the kernel binary as described in the FAQ, http://www.openbsd.org/faq/faq5.html#config, quicker than a kernel rebuild. -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.datadok.no/ http://www.nuug.no/ Remember to set the evil bit on all malicious network traffic delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: OpenBSD 4.2 on Intel Board S3000AHLX + QuadNic EXPI9404PT =couldn't map interrupt
Looks like you need to update your bios, you are using old BIOS, the newest one is ver.44 (mine is). Try to upgrade the BIOS, and update us with good news :D (I Hope). Thanks, -- Insan Praja SW Hello Insan, I'm now on version .44, but this dont solve my problem. bios0 at mainbus0: SMBIOS rev. 2.4 @ 0x3fc03000 (43 entries) bios0: vendor Intel Corporation version S3000.86B.02.00.0044.071120071047 date 07/11/2007 bios0: Intel S3000AHLX : couldn't map interrupt em0: Allocation of PCI resources failed regards, Thomas [demime 1.01d removed an attachment of type application/x-pkcs7-signature which had a name of smime.p7s]
Re: [OT] making Firefox respect telnet:// URLs
On Mon, 12 Nov 2007 02:24:37 +0100, Ingo Schwarze [EMAIL PROTECTED] wrote: Your sh-kludge cited above is even worse; please DO try surfing to telnet://localhost:1234xmessage:bad:guys:got:in And with my kludge it'd work with an url such as: telnet://host:porttouch /tmp/test or, if you use ssh or rsh in the script instead: (I don't have telnet) telnet://host:port touch /tmp/test' would create /tmp/test on host instead of localhost as in the first example. However, I can't get that to misbehave if I do: exec xterm -e telnet $host $port or exec xterm -e telnet $host $port -- Using Opera's revolutionary e-mail client: http://www.opera.com/mail/
Re: HP Procurve or Soekris w. OpenBSD ?
On 2007/11/12 12:56, knitti wrote: Looking to manage several webservers I am wondering if anybody uses something like this: http://soekris.kd85.com/images/tn/dsc03600.med.jpg ? (That image shows Wim's net4801-50 plus quadport lan1641 firewall box, giving 7 ports with low powerconsumption - on OpenBSD) what sort of bandwidth / packets per second? The standard choice in my datacenter (linux users mostly) seems to be HP Procurve but I'd prefer the power of PF. they're most likely switches. (Vantronix have a module for HP 5300xl switches that runs PF, though). I don't know exactly the 4801, but I use a couple of 4501 as firewalls and IPSec-Routers for connections of up to 5 MBit/sec. Seeing the specs of the 4801 and knowing the 4501, I wouldn't use them for more than about 40-50 Mbit/sec. I feel 40-50M would be pushing it, given that you might like some overhead to allow for occasional heavy numbers of packets. 5501 might do better (maybe with a nic rather than the on-board vr). I'd normally prefer a standard amd64/i386 box for a datacentre firewall though. I may change my mind when the net7501 eventually surfaces...
Re: MacBook remote control
Richard Storm [2007-11-11, 00:03:37]: Hello! I have macbook: hw.model=Intel(R) Core(TM)2 CPU T7400 @ 2.16GHz hw.vendor=Apple Inc. hw.product=MacBook2,1 hw.version=1.0 On http://wiki.freebsd.org/AppleMacbook IR receiver section there is tool available at http://fnop.net/~rpaulo/priv/freebsd/aird.tgz. Here is patch that makes it compile/work under openbsd with my macbook and remote control. Ignore manpage, run like this: ./aird -vd -f /dev/uhid1 -M echo menu -P echo play -F echo forward -B echo backward -U echo volumeup -D echo volumedown works nicely on my macbook. maybe this can be added to the ports tree?
Re: OpenBSD 4.2 on Intel Board S3000AHLX + QuadNic EXPI9404PT =couldn't map interrupt
There are still interrupt issues on this box. Can you try GENERIC.MP + acpi and send the dmesg? Thanks, /marco On Mon, Nov 12, 2007 at 11:04:16AM +0100, Koenig, Thomas wrote: Hi, with help form Insan Praja, I able to enable acpi now. But I have still the same problems with the QuadPort NIC. :( My last try was to build on this system a fresh new Kernel from the current CVS but still the same problem. dmesg from the snapshot from Thu Nov 8: OpenBSD 4.2-current (GENERIC) #2: Thu Nov 8 10:46:42 WIT 2007 [EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/GENERIC real mem = 1069268992 (1019MB) avail mem = 1026822144 (979MB) User Kernel Config UKC disable apm UKC enable acpi 272 acpi0 enabled UKC quit Continuing... RTC BIOS diagnostic error ffixed_disk,invalid_time mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.4 @ 0x3fc1d000 (43 entries) bios0: vendor Intel Corporation version S3000.86B.02.00.0035.111020061326 date 11/10/2006 bios0: Intel S3000AHLX acpi0 at mainbus0: rev 0 acpi0: tables DSDT FACP APIC WDDT MCFG ASF! SSDT SSDT SSDT SSDT SSDT acpi0: wakeup devices SLPB(S4) P32_(S4) UAR1(S1) PEX4(S4) PEX5(S4) UHC1(S1) UHC2(S1) UHC3(S1) UHC4(S1) EHCI(S1) AC9M(S4) AZAL(S4) acpitimer at acpi0 not configured acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 9 (P32_) acpiprt2 at acpi0: bus 5 (PEX0) acpiprt3 at acpi0: bus 6 (PXS1) acpiprt4 at acpi0: bus -1 (PEX1) acpiprt5 at acpi0: bus -1 (PEX2) acpiprt6 at acpi0: bus -1 (PEX3) acpiprt7 at acpi0: bus 7 (PEX4) acpiprt8 at acpi0: bus 8 (PEX5) acpicpu at acpi0 not configured acpicpu at acpi0 not configured acpicpu at acpi0 not configured acpicpu at acpi0 not configured acpibtn0 at acpi0: SLPB cpu0 at mainbus0: (uniprocessor) cpu0: Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz, 2200.25 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36, CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,EST,TM2 ,CX16,xTPR,NXE,LONG cpu0: 2MB 64b/line 8-way L2 cache pci0 at mainbus0 bus 0: configuration mode 1 pchb0 at pci0 dev 0 function 0 Intel E7230 MCH rev 0x00 ppb0 at pci0 dev 1 function 0 Intel E7230 PCIE rev 0x00 pci1 at ppb0 bus 1 ppb1 at pci1 dev 0 function 0 vendor IDT, unknown product 0x8018 rev 0x04 pci2 at ppb1 bus 2 ppb2 at pci2 dev 0 function 0 vendor IDT, unknown product 0x8018 rev 0x04 pci3 at ppb2 bus 3 em0 at pci3 dev 0 function 0 Intel PRO/1000 QP (82571EB) rev 0x06pci_intr_map: bad interrupt line 128 : couldn't map interrupt em0: Allocation of PCI resources failed em1 at pci3 dev 0 function 1 Intel PRO/1000 QP (82571EB) rev 0x06pci_intr_map: bad interrupt line 128 : couldn't map interrupt em1: Allocation of PCI resources failed ppb3 at pci2 dev 1 function 0 vendor IDT, unknown product 0x8018 rev 0x04 pci4 at ppb3 bus 4 em2 at pci4 dev 0 function 0 Intel PRO/1000 QP (82571EB) rev 0x06pci_intr_map: bad interrupt line 128 : couldn't map interrupt em2: Allocation of PCI resources failed em3 at pci4 dev 0 function 1 Intel PRO/1000 QP (82571EB) rev 0x06pci_intr_map: bad interrupt line 128 : couldn't map interrupt em3: Allocation of PCI resources failed ppb4 at pci0 dev 28 function 0 Intel 82801GB PCIE rev 0x01 pci5 at ppb4 bus 5 ppb5 at pci5 dev 0 function 0 Intel PCIE-PCIE rev 0x09 pci6 at ppb5 bus 6 ppb6 at pci0 dev 28 function 4 Intel 82801G PCIE rev 0x01 pci7 at ppb6 bus 7 ppb7 at pci0 dev 28 function 5 Intel 82801G PCIE rev 0x01 pci8 at ppb7 bus 8 em4 at pci8 dev 0 function 0 Intel PRO/1000MT (82573E) rev 0x03: irq 9, address 00:15:17:29:70:25 Intel 82573E AMT rev 0x03 at pci8 dev 0 function 3 not configured Intel 82573E KCS (Active Management) rev 0x03 at pci8 dev 0 function 4 not configured ppb8 at pci0 dev 30 function 0 Intel 82801BA AGP rev 0xe1 pci9 at ppb8 bus 9 vga1 at pci9 dev 4 function 0 ATI ES1000 rev 0x02 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) em5 at pci9 dev 5 function 0 Intel PRO/1000MT (82541GI) rev 0x05: irq 9, address 00:15:17:29:70:26 pcib0 at pci0 dev 31 function 0 Intel 82801GB LPC rev 0x01 pciide0 at pci0 dev 31 function 1 Intel 82801GB IDE rev 0x01: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility atapiscsi0 at pciide0 channel 0 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: Optiarc, DVD RW AD-7540A, 1.01 SCSI0 5/cdrom removable cd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2 pciide0: channel 1 disabled (no drives) pciide1 at pci0 dev 31 function 2 Intel 82801GB SATA rev 0x01: DMA, channel 0 configured to native-PCI, channel 1 configured to native-PCI pciide1: using irq 10 for native-PCI interrupt wd0 at pciide1 channel 0 drive 0: Hitachi HDS721680PLA380 wd0: 16-sector PIO, LBA48, 76319MB, 156301488 sectors wd0(pciide1:0:0): using PIO mode 4, Ultra-DMA mode 5 ichiic0 at pci0 dev 31 function 3 Intel 82801GB SMBus rev 0x01: irq 10 iic0
pf max-src-conn states
two questions relating to the above 1. trying to use 'max-src-conn 1' to limit service to one connection per host (with overload table) but when i disconnect and re-reconnect i get blocked. should this state expire when correctly closed, allowing a second connection, or is the timeout needed? 2. is source-track required for the above? i can't decipher the relationship. current confusion is does source-track turn 'max' into a per-IP match or simply allow the per-IP functions to operate? nb: not sure the service is closing the connection correctly which may be causing the timeout issue.
Re: OpenBSD 4.2 on Intel Board S3000AHLX + QuadNic EXPI9404PT =couldn't map interrupt
On Mon, 12 Nov 2007 18:53:44 +0700, Koenig, Thomas [EMAIL PROTECTED] wrote: Looks like you need to update your bios, you are using old BIOS, the newest one is ver.44 (mine is). Try to upgrade the BIOS, and update us with good news :D (I Hope). Thanks, -- Insan Praja SW Hello Insan, I'm now on version .44, but this dont solve my problem. bios0 at mainbus0: SMBIOS rev. 2.4 @ 0x3fc03000 (43 entries) bios0: vendor Intel Corporation version S3000.86B.02.00.0044.071120071047 date 07/11/2007 bios0: Intel S3000AHLX : couldn't map interrupt em0: Allocation of PCI resources failed regards, Thomas Hi Thomas, I'm afraid I can't help you with this one, seems to be either the BIOS needs to be configure (I guess) or the driver needs to be fixed. So, I believe this is the time when all the good openBSD Coders and Developers come into rescue :D Don't worry, if they don't respond quickly, it is because their motto is shut up and code. Don't forget sending them the full dmesg, or email to [EMAIL PROTECTED] (if I not mistaken). Almost forget, Chris Kuethe pointed me out the -current as the cure to acpi related things.. and I believed other developers and coders play greater deals. Peace. Thanks, -- Insan Praja SW
Re: OpenBSD 4.2 on Intel Board S3000AHLX + QuadNic EXPI9404PT =couldn't map interrupt
Hi, I got it! I try to build a GENERIC.MP for Marco - and now its running.I cant belive it. :) Thank you people, for your help. If you need some more tests with my hardware, let me know. regards, Thomas # dmesg OpenBSD 4.2-current (GENERIC.MP) #0: Mon Nov 12 08:00:48 MST 2007 [EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 1069162496 (1019MB) avail mem = 1026580480 (979MB) User Kernel Config UKC disable apm UKC enable acpi 275 acpi0 enabled UKC quit Continuing... RTC BIOS diagnostic error ffixed_disk,invalid_time mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.4 @ 0x3fc03000 (43 entries) bios0: vendor Intel Corporation version S3000.86B.02.00.0044.071120071047 date 07/11/2007 bios0: Intel S3000AHLX acpi0 at mainbus0: rev 0 acpi0: tables DSDT FACP APIC WDDT MCFG ASF! SSDT SSDT SSDT SSDT SSDT acpi0: wakeup devices SLPB(S4) P32_(S4) UAR1(S1) PEX4(S4) PEX5(S4) UHC1(S1) UHC2(S1) UHC3(S1) UHC4(S1) EHCI(S1) AC9M(S4) AZAL(S4) acpitimer at acpi0 not configured acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz, 2200.22 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36, CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,EST,TM2 ,CX16,xTPR,NXE,LONG cpu0: 2MB 64b/line 8-way L2 cache cpu0: apic clock running at 199MHz cpu1 at mainbus0: apid 1 (application processor) cpu1: Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz, 2199.92 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36, CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,EST,TM2 ,CX16,xTPR,NXE,LONG cpu1: 2MB 64b/line 8-way L2 cache ioapic0 at mainbus0 apid 5 pa 0xfec0, version 20, 24 pins ioapic0: misconfigured as apic 0, remapped to apid 5 ioapic1 at mainbus0 apid 6 pa 0xfec1, version 20, 24 pins acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 9 (P32_) acpiprt2 at acpi0: bus 5 (PEX0) acpiprt3 at acpi0: bus 6 (PXS1) acpiprt4 at acpi0: bus -1 (PEX1) acpiprt5 at acpi0: bus -1 (PEX2) acpiprt6 at acpi0: bus -1 (PEX3) acpiprt7 at acpi0: bus 7 (PEX4) acpiprt8 at acpi0: bus 8 (PEX5) acpicpu at acpi0 not configured acpicpu at acpi0 not configured acpicpu at acpi0 not configured acpicpu at acpi0 not configured acpibtn0 at acpi0: SLPB pci0 at mainbus0 bus 0: configuration mode 1 pchb0 at pci0 dev 0 function 0 Intel E7230 MCH rev 0x00 ppb0 at pci0 dev 1 function 0 Intel E7230 PCIE rev 0x00 pci1 at ppb0 bus 1 ppb1 at pci1 dev 0 function 0 vendor IDT, unknown product 0x8018 rev 0x04 pci2 at ppb1 bus 2 ppb2 at pci2 dev 0 function 0 vendor IDT, unknown product 0x8018 rev 0x04 pci3 at ppb2 bus 3 em0 at pci3 dev 0 function 0 Intel PRO/1000 QP (82571EB) rev 0x06: apic 5 int 16 (irq 128), address 00:15:17:4d:fe:c8 em1 at pci3 dev 0 function 1 Intel PRO/1000 QP (82571EB) rev 0x06: apic 5 int 17 (irq 128), address 00:15:17:4d:fe:c9 ppb3 at pci2 dev 1 function 0 vendor IDT, unknown product 0x8018 rev 0x04 pci4 at ppb3 bus 4 em2 at pci4 dev 0 function 0 Intel PRO/1000 QP (82571EB) rev 0x06: apic 5 int 17 (irq 128), address 00:15:17:4d:fe:ca em3 at pci4 dev 0 function 1 Intel PRO/1000 QP (82571EB) rev 0x06: apic 5 int 18 (irq 128), address 00:15:17:4d:fe:cb ppb4 at pci0 dev 28 function 0 Intel 82801GB PCIE rev 0x01 pci5 at ppb4 bus 5 ppb5 at pci5 dev 0 function 0 Intel PCIE-PCIE rev 0x09 pci6 at ppb5 bus 6 ppb6 at pci0 dev 28 function 4 Intel 82801G PCIE rev 0x01 pci7 at ppb6 bus 7 ppb7 at pci0 dev 28 function 5 Intel 82801G PCIE rev 0x01 pci8 at ppb7 bus 8 em4 at pci8 dev 0 function 0 Intel PRO/1000MT (82573E) rev 0x03: apic 5 int 17 (irq 9), address 00:15:17:29:70:25 Intel 82573E AMT rev 0x03 at pci8 dev 0 function 3 not configured Intel 82573E KCS (Active Management) rev 0x03 at pci8 dev 0 function 4 not configured ppb8 at pci0 dev 30 function 0 Intel 82801BA AGP rev 0xe1 pci9 at ppb8 bus 9 vga1 at pci9 dev 4 function 0 ATI ES1000 rev 0x02 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) em5 at pci9 dev 5 function 0 Intel PRO/1000MT (82541GI) rev 0x05: apic 5 int 17 (irq 9), address 00:15:17:29:70:26 pcib0 at pci0 dev 31 function 0 Intel 82801GB LPC rev 0x01 pciide0 at pci0 dev 31 function 1 Intel 82801GB IDE rev 0x01: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility atapiscsi0 at pciide0 channel 0 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: Optiarc, DVD RW AD-7540A, 1.01 SCSI0 5/cdrom removable cd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2 pciide0: channel 1 disabled (no drives) pciide1 at pci0 dev 31 function 2 Intel 82801GB SATA rev 0x01: DMA, channel 0 configured to native-PCI, channel 1 configured to native-PCI pciide1: using apic 5 int 19 (irq 10) for native-PCI interrupt wd0 at pciide1 channel 0 drive 0: Hitachi HDS721680PLA380 wd0: 16-sector PIO, LBA48, 76319MB, 156301488 sectors wd0(pciide1:0:0): using PIO
Re: OpenBSD 4.2 on Intel Board S3000AHLX + QuadNic EXPI9404PT =couldn't map interrupt
On Mon, 12 Nov 2007 18:53:44 +0700, Koenig, Thomas [EMAIL PROTECTED] wrote: Looks like you need to update your bios, you are using old BIOS, the newest one is ver.44 (mine is). Try to upgrade the BIOS, and update us with good news :D (I Hope). Thanks, -- Insan Praja SW Hello Insan, I'm now on version .44, but this dont solve my problem. bios0 at mainbus0: SMBIOS rev. 2.4 @ 0x3fc03000 (43 entries) bios0: vendor Intel Corporation version S3000.86B.02.00.0044.071120071047 date 07/11/2007 bios0: Intel S3000AHLX : couldn't map interrupt em0: Allocation of PCI resources failed regards, Thomas Ok Thomas, Searching through the mail-list (kinda curious..) I found this.. On 2007/09/17 11:09, slug bait wrote: I am currently having problems with my new OpenBSD-4.1 firewall. I have installed a PCI-X 4-port Intel Gigabit Ethernet card, but something appears to be broken. The 4 interfaces are detected as em0-3 while the two on-board GB NICs are bge0 and bge1. Stuart Henderson wrote: Find a spare jumper, open the box up, remove the NIC (yeah, I know. you're going to love me when you have to put it back if it's in a 1U case...) to access JPXA1 (between the heatsink-covered HT-1000 and the ATI GPU), put the jumper on 1-2 becuase it's broken at 133MHz (gotta love that checksum offloading)... While you're there, you may also want to move JPL1 to disable the BCM5704C bge(4) unless you really need them (next to the slot for the IPMI riser). If the box is somewhere with inconvenient access you may also want to put a jumper on JP2 (front, near the fan header) to force power on (the BIOS options about this are ... somewhat lacking) bios0 at mainbus0: AT/286+ BIOS, date 03/26/07, BIOS32 rev. 0 @ 0xf0010, lucky you - mine won't POST with that version unless CMOS is clear first (every boot), yum... I still *mostly* prefer them to X2100 though... and... This is from Clint Pachl Always remember to look through the drivers section (4) of the man pages for device support. For example: $ apropos intel | grep -i gigabit em (4) - Intel PRO/1000 10/100/Gigabit Ethernet device $ man 4 em And here is what I found under supported models in em(4): Intel PRO/1000MT Quad PCI-X Adapter (PWLA8494MT) Intel PRO/1000GT Quad PCI-X Adapter (PWLA8494GT) Intel PRO/1000PT Desktop Adapter Intel PRO/1000PT Server Adapter Intel PRO/1000PT Dual Port Server Adapter Intel PRO/1000PT Quad Port Server Adapter Intel PRO/1000PF Server Adapter (SX Fiber) Intel PRO/1000PF Dual Port Server Adapter (SX Fiber) There is also a list of supported ICs that may be helpful. -pachl That's it (Maybe) Thanks, -- Insan Praja SW
pkg_add keeps giving errors
Hi all, since a few weeks, I'm not able to install anything. (both packages and ports). I'm running current. My first guess was that I have to upgrade OpenBSD by following current in de faq. So I compiled and installed a new kernel and userland but it doesn't make any difference. I'v also tried multiple mirrors. I'v consult the FAQ several times but couldn't find an answer. Pieter Verberne Examples: $ sudo pkg_add -i dia Can't install shared-mime-info-0.22: lib not found glib-2.0.1400.0 Dependencies for shared-mime-info-0.22 resolve to: gettext-0.14.6p0, glib2-2.12.12p1, libiconv-1.9.2p3, libxml-2.6.29 Full dependency tree is gettext-0.14.6p0,glib2-2.12.12p1,libiconv-1.9.2p3,libxml-2.6.29 glib-2.0.1400.0: partial match in /usr/local/lib: major=1200, minor=12 (bad major) Can't install shared-mime-info-0.22: lib not found intl.4.0 intl.4.0: partial match in /usr/local/lib: major=3, minor=0 (bad major) Can't install shared-mime-info-0.22: lib not found xml2.9.7 xml2.9.7: partial match in /usr/local/lib: major=9, minor=6 (minor not large enough) Can't install dia-0.96.1p3: can't resolve shared-mime-info-0.22 $ cd /usr/ports/graphics/dia $ sudo make === dia-0.96.1p2 depends on: gettext-=0.16.1 - not found === Verifying install for gettext-=0.16.1 in devel/gettext === Installing gettext-0.16.1 from /usr/ports/packages/i386/all/ Can't install gettext-0.16.1 because of conflicts (gettext-0.14.6p0) /usr/sbin/pkg_add: gettext-0.16.1:Fatal error *** Error code 1 Stop in /usr/ports/devel/gettext (line 1403 of /usr/ports/infrastructure/mk/bsd.port.mk). *** Error code 1 Stop in /usr/ports/graphics/dia (line 1531 of /usr/ports/infrastructure/mk/bsd.port.mk). # sudo pkg_add -u Not updating .libs-png-1.2.18, remember to clean it Candidates for updating ImageMagick-6.3.4.1 - ImageMagick-6.3.5.9 Candidates for updating ORBit2-2.14.7 - ORBit2-2.14.7 #same version? Candidates for updating Xaw3d-1.5p0 - Xaw3d-1.5p0 #same version? Candidates for updating aalib-1.2p2 - aalib-1.2p2 #etc. Candidates for updating abook-0.5.5 - abook-0.5.5 Candidates for updating agg-2.4 - agg-2.4p0 Candidates for updating antiword-0.37 - antiword-0.37 ... Candidates for updating zip-2.32 - zip-2.32 Looking for updates: complete Cannot find updates for jdk-1.5.0.12 unrar-3.76 wpi-firmware-2.14.4 Proceeding anyways Running the equivalent of pkg_add -r ImageMagick-6.3.5.9 ORBit2-2.14.7 Xaw3d-1.5p0 aalib-1.2p2 abook-0.5.5 agg-2.4p0 antiword-0.37 apache-httpd-2.2.6 apr-1.2.11p1 apr-util-1.2.10p0 atk-1.20.0p0 audacity-1.3.3p1 barcode-0.98p0 boost-libs-1.33.1p3 cairo-1.4.10 cdparanoia-3.a9.8p0 cdrtools-2.01p0 cups-1.2.7p8 curl-7.17.0 db-4.6.21 dbus-1.0.2p1 dbus-glib-0.73p0 desktop-file-utils-0.14p0 detex-2.6p0 dictd-client-1.9.15p1 docbook-4.4 docbook-xsl-1.68.1p1 dvi2tty-5.3.1 esound-0.2.34p1v0 faac-1.24 faad-2.0p6 fam-2.7.0p2 ffmpeg-20070910p1 flac-1.2.1 fox-1.6.28 fribidi-0.10.4p0 fvwm2-2.4.19 g++-4.2.20070307p3 gcc-4.2.20070307p3 gconf2-2.18.0.1 gd-2.0.35 gettext-0.16.1 gfract-0.33p2 ghostscript-8.54p1 gimp-2.2.17 glib2-2.14.2p0 glib2mm-2.14.1 glitz-0.5.6p0 gmake-3.80p1 gmp-4.2.2 gnash-0.8.0p2 gnet-2.0.7 gopher-3.0.11p0 gqview-2.0.4p0 gtar-1.19 gtk+-1.2.10p6 gtk+2-2.12.1p0 gtk-engines2-2.12.2 gtk-gnutella-0.96.4 hellanzb-0.13p0 herrie-1.8.4 hydrogen-0.9.3p2 id3lib-3.8.3p2 imlib-1.9.14p5 iodbc-3.52.4p1 iso-codes-1.5 ispell-3.2.06p3 jikes-1.22p3 kaffe-1.1.7p3 lame-3.96.1p2 libIDL-0.8.8p0 liba52-0.7.4p2 libaudiofile-0.2.6p0 libbonobo-2.18.0 libdnet-1.10p2 libexif-0.6.16 libgcrypt-1.2.4 libglade2-2.6.2 libgpg-error-1.5 libgsf-1.14.3p3 libiconv-1.9.2p4 libidn-1.1 libltdl-1.5.22p3 libmpcdec-1.2.4 libmpeg2-0.4.0bp0 libsamplerate-0.1.2p0 libsigc++-2.0.18-main libsndfile-1.0.11p0 libstdc++-4.2.20070307p2 libtool-1.5.22p14 libungif-4.1.4p1 libwmf-0.2.8.3p3 libwpd-0.8.9p0 libxml++-2.17.1 libxml-2.6.30 libxslt-1.1.22 lua-5.1.2p1 mozilla-firefox-2.0.0.8p0 mutt-1.5.16p0 mysql-client-5.0.45p0 neon-0.26.2 nmap-4.20 nspr-4.6.7 nss-3.11.7 openmotif-2.3.0p0 p5-XML-LibXML-1.64 p5-XML-LibXML-Common-0.13 p5-XML-Parser-2.34p0 p5-XML-SAX-0.16 pango-1.18.3p0 par2cmdline-0.4 pcre-7.4 postgresql-client-8.2.5p0 postgresql-server-8.2.5p3 ps2eps-1.64 psutils-0.17p0-a4 py-SOAPpy-0.11.6p2 py-fpconst-0.7.2p1 py-libxml-2.6.30p0 py-openssl-0.5.1p1 py-twisted-core-2.4.0p0 py-twisted-web-0.6.0p0 py-xml-0.8.4p3 py-zopeinterface-3.0.1p0 python-2.4.4p6 python-expat-2.4.4p6 qdbm-1.8.75 qt3-mt-3.7p6 qt4-4.3.2p0 ruby-1.8.5p7 screen-4.0.3p1 scrollkeeper-0.3.14p4 sdl-1.2.12-sun sdl-gfx-2.0.13p1 sdl-image-1.2.4p3 sdl-mixer-1.2.6p6 sdl-net-1.2.5p5 sdl-ttf-2.0.8p3 smpeg-0.4.4p5 snownews-1.5.7p3 sodipodi-0.34p7 speex-1.2beta2 sqlite-2.8.17p1 startup-notification-0.9 t1lib-5.1.0p1 t1utils-1.32 tcl-8.4.7p5 ted-2.17 texlive_base-2007p1 texlive_texmf-docs-2007p0 texlive_texmf-full-2007p0 texlive_texmf-minimal-2007p0 tidy-051026 tightvnc-viewer-1.2.9 tk-8.4.7p1 transfig-3.2.4p0 tree-0.61p0 unzip-5.52 vlc-0.8.6cp4 vorbis-tools-1.1.1p2 vte-0.16.9p0 wget-1.10.2p1 wxWidgets-gtk2-2.8.6
Handelsvertreter......
Sehr geehrte Damen und Herren, f|r den Neuaufbau eines Vertriebes, suchen wir F|hrungskrdfte f|r Deutschland, Vsterreich und Polen. NWSS - das Unternehmen Hinter NWSS stehen 25 Jahre Unternehmens-Erfahrung. NWSS startet den europaweiten Vertrieb von innovativen Telematik-Ortungssystemen. Damit kvnnen Personen und Fahrzeuge weltweit und punktgenau geortet werden. Die Technik bezieht NWSS direkt von einem der f|hrenden Hersteller in Deutschland. Referenzen Die einzigartigen Ortungssysteme unseres Herstellers werden heute schon in die gro_en Limousinen von BMW, Audi, Mercedes, Jaguar eingebaut (Stand nur 2007: ca. 22.000 Einheiten). Die Abteilung f|r organisierte Kriminalitdt (OK) testet derzeit in Deutschland die Gerdte. In der T|rkei ist es mittlerweile Pflicht, das System in jedes Taxi einzubauen. NWSS liefert damit Hightech und Sicherheit mit Ihnen gemeinsam an jeden Kunden. Der Markt - Hightech und Sicherheit f|r jeden In Deutschland sind zur Zeit ca. 1650 Kinder vermisst. Mehr als 200 000 Kinder werden jedes Jahr sexuell missbraucht, schdtzen Experten. NWSS-Technik sch|tzt nicht nur Kinder. Auch Senioren, Sportlern, Motorrad- und Autofahrern bieten unsere Produkte ein Hvchstma_ an Komfort, Ersparnisse und Sicherheit. Das System Der Clou ist die punktgenaue Ortung von Personen, die mit NWSS-Technik ausger|stet sind. Alle Gerdte verf|gen |ber eine Alarm-Taste. Einmal gedr|ckt und innerhalb von Sekunden wird die Rettungskette punktgenau in Gang gesetzt. 365 Tage im Jahr, 24 Stunden am Tag. Karriere 2007 - Ihre Mvglichkeiten wir bieten: * Vertriebsrechte der NWSS-Produkte europaweit * breite Zielgruppe im privaten und gewerblichen Bereich * professionelle Ausbildung und Unterst|tzungstools f|r das Produktangebot * eigene Homepage und personalisiertes Abrechnungssystem * lukrative, leistungsbezogene Verg|tung von Anfang an (14-tdgige Auszahlung) * Erfolgs- und Umsatzbeteiligung * Sondervereinbarungen f|r Teamleiter und F|hrungskrdfte wir erwarten: * Erfahrung im Au_endienst / Vertrieb * sicheres und kundenorientiertes Auftreten * hohe Leistungsbereitschaft, * selbstdndiges und unternehmerisches Denken * Mobilitdt, Lernbereitschaft und Kreativitdt Bitte rufen Sie uns an unter: 036969-54959 oder senden Sie uns eine Mail an: [EMAIL PROTECTED] Hans Peter Tkany www.hptconsulting.de http://www.xing.com/go/invite/7028732.f056b2
Re: pkg_add keeps giving errors
On 2007/11/12 15:09, Pieter Verberne wrote: $ sudo pkg_add -i dia Can't install shared-mime-info-0.22: lib not found glib-2.0.1400.0 You have old packages in PKG_PATH; clean them all out. If it's pointing to a 3rd-part package repo (e.g. an ftp mirror), remove it from PKG_PATH. Can't install gettext-0.16.1 because of conflicts (gettext-0.14.6p0) /usr/sbin/pkg_add: gettext-0.16.1:Fatal error Updating your installed packages will fix this. Or make FORCE_UPDATE=Yes. # sudo pkg_add -u you're already root here (-: Either choose pkg_add -ui for an interactive update, or pkg_add -u -F update -F updatedepends, to permit this update: New package libxml-2.6.30 contains potentially unsafe operations @exec /usr/local/share/libxml2/rebuild Can't safely update to libxml-2.6.30 (use -F update to force it) ... Candidates for updating ORBit2-2.14.7 - ORBit2-2.14.7 #same version? Candidates for updating Xaw3d-1.5p0 - Xaw3d-1.5p0 #same version? That's normal, depended-on libraries have changed. Can't install ghostscript-8.54p1: lib not found X11.11.0 Install xbase from a newer snap. While you're there, you might also not have followed the instructions about expat files; see http://openbsd.org/faq/current.html#20071020
Re: pkg_add keeps giving errors
On Mon, Nov 12, 2007 at 03:12:12PM +, Stuart Henderson wrote: On 2007/11/12 15:09, Pieter Verberne wrote: $ sudo pkg_add -i dia Can't install shared-mime-info-0.22: lib not found glib-2.0.1400.0 You have old packages in PKG_PATH; clean them all out. If it's pointing to a 3rd-part package repo (e.g. an ftp mirror), remove it from PKG_PATH. I havn't tried your solution yet. (but thanks for your help) First; what PKG_PATH should I use? The mirror I'm using is close to me. And how old are these packages actually?
Logging bandwidth usage with PF
Misc list: I'm trying to figure out a way to log and analyze bandwidth usage passing through my PF gateway. It's doing NAT for ~60 users. Here are the pertinent logging rules; rdr pass log on $ext_if proto tcp to port smtp - $host rdr pass log on $ext_if proto tcp to port www - $host rdr pass log on $ext_if proto tcp to port pop3 - $host rdr pass log on $ext_if proto tcp to port 1494 - $host rdr pass log on $ext_if proto tcp to port 3389 - $host pass out log keep state I've tried analyzing pflogs using ethereal/wireshark but could not get specifics about IP's and connection rates from it. I've also looked at ntop and pftop, which looks good for real-time monitoring but I don't think they apply for what I'm trying to do. I'd like to generate a sorted list of top bandwidth hogs and their IP addresses. Thanks. Joel
reverse route
hi folks, I have setup a network as follows internet --[L3_switch1]--(out)[openbsd pf](in)--L3 Switch]--[LAN1] / [LAN2] I configure nat for LAN1(192.168.0.0/24) and LAN2(192.168.1.0/24) nat on $ext_if inet proto $proto_natg from { $LAN1, LAN2 } to any - $ext_if port 1:15000 i can't seem to route traffic from LAN2 to the internet. I've configured the L3 Switches to route everything to their corresponding fw's (L3_switch1) 0.0.0.0 0.0.0.0 Internet-Router (L3_switch2) 0.0.0.0 0.0.0.0 192.168.0.1 Is there a way for me to route traffic that LAN2 sent to the L3SwitchIP ? sort of a reverse route. I have tried to put in the following rdr pass on $ext_if proto tcp from any to $LAN2 - 192.168.0.6 (ip of switch2) but to no avail. any comments would be greatly appreciated. -pf
Re: Logging bandwidth usage with PF
Joel Gudknecht [EMAIL PROTECTED] writes: rdr pass log on $ext_if proto tcp to port smtp - $host this only gives you the initial packet. for tracking traffic you probably want to look at log (all). I've tried analyzing pflogs using ethereal/wireshark but could not get specifics about IP's and connection rates from it. I've also looked at ntop and pftop, which looks good for real-time monitoring but I don't think they apply for what I'm trying to do. the output of something like tcpdump -n -e -ttt -v -i pflog0 gives you quite a bit of data to play with if you want to do your own parsing, but I'd like to generate a sorted list of top bandwidth hogs and their IP addresses. for that purpose, the more promising path is probably to use labels with the $srcaddr macro in them, and collect your statistics at regular intervals for processing. -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.datadok.no/ http://www.nuug.no/ Remember to set the evil bit on all malicious network traffic delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: MacBook remote control
On 11/12/07, Steven Mestdagh [EMAIL PROTECTED] wrote: Richard Storm [2007-11-11, 00:03:37]: Hello! I have macbook: hw.model=Intel(R) Core(TM)2 CPU T7400 @ 2.16GHz hw.vendor=Apple Inc. hw.product=MacBook2,1 hw.version=1.0 On http://wiki.freebsd.org/AppleMacbook IR receiver section there is tool available at http://fnop.net/~rpaulo/priv/freebsd/aird.tgz. Here is patch that makes it compile/work under openbsd with my macbook and remote control. Ignore manpage, run like this: ./aird -vd -f /dev/uhid1 -M echo menu -P echo play -F echo forward -B echo backward -U echo volumeup -D echo volumedown works nicely on my macbook. maybe this can be added to the ports tree? Don't know if ports is good idea, because it is hacked up version which supports only macbook remotes (it seems), since macbook pro remotes needs pairing(!?) and can do key repeats (like in original aird.c). Don't have any macbook pro remote to test with. I assume this diff breaks macbook pro remotes... btw: look at my cool config :)) #!/bin/sh aird -vd -f /dev/uhid1 -M audacious --show-main-window -P audacious -t -F audacious -f -B audacious -r -U mixerctl outputs.master=+5,+5 -D mixerctl outputs.master=-5,-5
php5-pear not found
Hello list , I can see that the php5-pear package is missing in 4.2. How is it supposed to be installed now? Thanks! Marcos
reverse route
for those that are about to answer my first email.. i would like to say thanks. I was able to figure it out man route :) thank you folks! -pf
Re: pkg_add keeps giving errors
On 2007/11/12 16:28, Pieter Verberne wrote: On Mon, Nov 12, 2007 at 03:12:12PM +, Stuart Henderson wrote: On 2007/11/12 15:09, Pieter Verberne wrote: $ sudo pkg_add -i dia Can't install shared-mime-info-0.22: lib not found glib-2.0.1400.0 You have old packages in PKG_PATH; clean them all out. If it's pointing to a 3rd-part package repo (e.g. an ftp mirror), remove it from PKG_PATH. I havn't tried your solution yet. (but thanks for your help) First; what PKG_PATH should I use? The mirror I'm using is close to me. And how old are these packages actually? The latest -current package snapshot for i386 is dated Nov 3. Just ftp and use ls if you'd like to see how old they are; you might try bytemine.net (de), calyx.nl, btradianz.se, lth.se, freenet.de, bsd.lv who all seem to have up-to-date snaps. You'll need to complete an update of the installed packages and OS before you'll be able to add some of the new ones to your system. Packages are generally produced for whatever version of the OS was current when the bulk build started and will depend on those libraries being available in the base system, and often expect other installed packages to come from the same set.
Re: php5-pear not found
Hi Marcos, I can see that the php5-pear package is missing in 4.2. How is it supposed to be installed now? It's called `pear` these days. HTH... Nico
Re: php5-pear not found
On 2007/11/12 13:18, Marcos Laufer wrote: I can see that the php5-pear package is missing in 4.2. How is it supposed to be installed now? It is now just 'pear'
traceproto
Someone has compiled the traceproto in openbsd? The configuration not find the libnet.
Excess interrupts using ALTQ
Hi, I've setup a bridge over a 200Mb link, and everytime I turn ALTQ on, top shows interrupts at 99.2%. If I flush queue (pfctl -Fq), interrupt usage drop to 35% instantly. I've also noticed that only cpu0 is able to handle interrupts. Is there a way to minimize interrupts usage in this configuration ? My pf.conf is: # $OpenBSD: pf.conf,v 1.34 2007/02/24 19:30:59 millert Exp $ ext_if=bnx0 int_if=bnx1 table network-int persist { 200.254.131.128/25 } table redes-biz persist file /etc/pf.biz set skip on lo set limit states 75 scrub in altq on $int_if bandwidth 1000Mb hfsc queue { local, embratel } altq on $ext_if bandwidth 1000Mb hfsc queue { local, embratel } queue local bandwidth 100Mb hfsc queue embratel bandwidth 200Mb hfsc(ecn realtime 200Mb upperlimit 200Mb )\ { Q-pri Q-icmp Q-vpn Q-biz Q-mail Q-http Q-ftp Q-def } queue Q-pri bandwidth 25Mb hfsc(realtime 15Mb linkshare 25Mb upperlimit 180Mb) priority 7 queue Q-icmp bandwidth 25Mb hfsc(realtime 15Mb linkshare 25Mb upperlimit 30Mb) priority 7 queue Q-vpn bandwidth 25Mb hfsc(realtime 15Mb linkshare 25Mb upperlimit 180Mb) priority 6 queue Q-biz bandwidth 25Mb hfsc(realtime 15Mb linkshare 25Mb upperlimit 180Mb) priority 6 queue Q-mail bandwidth 25Mb hfsc(realtime 15Mb linkshare 25Mb upperlimit 180Mb) priority 4 queue Q-http bandwidth 25Mb hfsc(realtime 15Mb linkshare 25Mb upperlimit 180Mb) priority 4 queue Q-ftp bandwidth 25Mb hfsc(realtime 15Mb linkshare 25Mb upperlimit 180Mb) priority 4 queue Q-def bandwidth 25Mb hfsc(defaultlinkshare 25Mb upperlimit 128Mb) priority 0 block in log pass out antispoof quick for { lo $ext_if } pass in quick on lo0 no state ## Regras de merovingio -- bridge pass in on $ext_if proto tcp to ($ext_if) port ssh queue(local) pass in on $int_if queue(Q-def Q-pri) label int-DEFA pass in on $int_if proto icmp queue(Q-icmp ) label int-ICMP pass in on $int_if proto gre queue(Q-vpn ) label int-VPN-gre pass in on $int_if proto esp queue(Q-vpn ) label int-VPN-esp pass in on $int_if proto ah queue(Q-vpn ) label int-VPN-ah pass in on $int_if proto l2tp queue(Q-vpn ) label int-VPN-l2tp pass in on $int_if proto { tcp udp } to port { 500 4500 } queue(Q-vpn ) label int-VPN-ipsec pass in on $int_if proto { tcp udp } to port { pptp } queue(Q-vpn ) label int-VPN-pptp pass in on $int_if proto tcp to port { snmp } queue(Q-icmp Q-pri) label int-ICMP-snmp pass in on $int_if proto tcp to port { www} queue(Q-http Q-pri) label int-HTTP pass in on $int_if proto tcp to port { https } queue(Q-biz Q-pri) label int-BIZZ-https pass in on $int_if proto { tcp udp } to port { domain ntp } queue( Q-pri) label int-PRII pass in on $int_if to redes-biz queue(Q-biz Q-pri) label int-BIZZ-redes pass in on $int_if proto tcp to port { smtp pop3 imap 465 995 } queue(Q-mail q-pri) label int-MAIL pass in on $ext_if queue(Q-def Q-pri) label ext-DEFA pass in on $ext_if proto icmp queue(Q-icmp ) label ext-ICMP pass in on $ext_if proto gre queue(Q-vpn ) label ext-VPN-gre pass in on $ext_if proto esp queue(Q-vpn ) label ext-VPN-esp pass in on $ext_if proto ah queue(Q-vpn ) label ext-VPN-ah pass in on $ext_if proto l2tp queue(Q-vpn ) label ext-VPN-l2tp pass in on $ext_if proto { tcp udp } to port { 500 4500 } queue(Q-vpn ) label ext-VPN-ipsec pass in on $ext_if proto { tcp udp } to port { pptp } queue(Q-vpn ) label ext-VPN-pptp pass in on $ext_if proto tcp to port { snmp } queue(Q-icmp Q-pri) label ext-ICMP-snmp pass in on $ext_if proto tcp to port { www} queue(Q-http Q-pri) label ext-HTTP pass in on $ext_if proto tcp to port { https } queue(Q-biz Q-pri) label ext-BIZZ-https pass in on $ext_if proto { tcp udp } to port { domain ntp } queue( Q-pri) label ext-PRII pass in on $ext_if from redes-biz queue(Q-biz Q-pri) label ext-BIZZ-https pass in on $ext_if proto tcp to port { smtp pop3 imap 465 995 } queue(Q-mail q-pri) label ext-MAIL dmesg follows: OpenBSD 4.2 (GENERIC.MP) #1378: Tue Aug 28 10:48:58 MDT 2007 [EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 3488907264 (3327MB) avail mem = 3373899776 (3217MB) mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xcffbc000 (62 entries) bios0: vendor Dell Inc. version 1.3.7 date 03/26/2007 bios0: Dell Inc. PowerEdge 1950 acpi at mainbus0 not configured ipmi0 at mainbus0: version 2.0 interface KCS iobase 0xca8/8 spacing 4 mainbus0: Intel MP Specification (Version 1.4) cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Xeon(R) CPU E5345 @ 2.33GHz, 2327.87 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,CX16,xTPR,NXE,LONG cpu0: 4MB 64b/line 16-way L2 cache cpu0: apic clock running at 332MHz cpu1 at mainbus0:
Re: Logging bandwidth usage with PF
--- Joel Gudknecht [EMAIL PROTECTED] wrote: Misc list: I'm trying to figure out a way to log and analyze bandwidth usage passing through my PF gateway. It's doing NAT for ~60 users. Here are the pertinent logging rules; rdr pass log on $ext_if proto tcp to port smtp - $host rdr pass log on $ext_if proto tcp to port www - $host rdr pass log on $ext_if proto tcp to port pop3 - $host rdr pass log on $ext_if proto tcp to port 1494 - $host rdr pass log on $ext_if proto tcp to port 3389 - $host pass out log keep state I've tried analyzing pflogs using ethereal/wireshark but could not get specifics about IP's and connection rates from it. I've also looked at ntop and pftop, which looks good for real-time monitoring but I don't think they apply for what I'm trying to do. I'd like to generate a sorted list of top bandwidth hogs and their IP addresses. I don't think there is any built-in way of doing this. What I did was write a shell script that interacts with labels contained in pf.conf. The script runs every five minutes and processes the data. I used to have it according to IP and protocol but eventually got rid of the IP side as my pf.conf was getting really messy. // juan Ask a question on any topic and get answers from real people. Go to Yahoo! Answers and share what you know at http://ca.answers.yahoo.com
Re: [OT] making Firefox respect telnet:// URLs
On Mon, Nov 12, 2007 at 02:02:32AM +0100, Linus Swdlas wrote: On Mon, 12 Nov 2007 00:25:29 +0100, ropers [EMAIL PROTECTED] wrote: The ${var##string} part is ksh or bash specific, see Parameter Expansion in the bash man page if you're using bash. I see your #! line says /bin/sh but to my knowledge a real sh, not emulated by bash or ksh doesn't support ${##} and friends, if I'm wrong feel free to correct me. =) This kind of parameter substitution is in the POSIX 1 specification for sh. See the parameters section of the man page for sh(1). Yes. $@ is also all the positional parameters, they expand differently when expanded inside . A full explaination can be found under Special Parameters in the bash man page. Since the other person is using sh, at the moment, it is probably more apt to point to the Parameters section of the man page for sh(1). But I wouldn't, I'd let bash do it: Probably better to use sh, or ksh, since they are in OpenBSD by default, and are more than up to the task. cheers, -b
Re: Any Ethereal, Wireshark related software in 4.2 ports?
Stuart Henderson wrote: tcpdump runs the scary code in a jail. Doesn't http://marc.info/?m=117390704628262 do the same thing? I haven't looked at it, just saw the post.
Re: google team and the DIY way of life
On 11/11/07, Sean Darby [EMAIL PROTECTED] wrote: If anybody from the OpenBSD team ever works for Google, it will certainly be a very wise move on behalf of Google for hiring them. do the people currently working at google count? or does it have to be a new hire?
Re: pf max-src-conn states
* [EMAIL PROTECTED] [EMAIL PROTECTED] [2007-11-12 15:14]: two questions relating to the above 1.trying to use 'max-src-conn 1' to limit service to one connection per host (with overload table) but when i disconnect and re-reconnect i get blocked. should this state expire when correctly closed, allowing a second connection, or is the timeout needed? there is always a 2*MSL timeout - any better book covering TCP/IP basics should give you the plethora of reasons. 2.is source-track required for the above? i can't decipher the relationship. current confusion is does source-track turn 'max' into a per-IP match or simply allow the per-IP functions to operate? it makes use of sr ctrack yes,but you don't need tomanually enable anything. nb: not sure the service is closing the connection correctly which may be causing the timeout issue. that would extend the timeout a lot. -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg Amsterdam
Re: pkg_add keeps giving errors
On Mon, Nov 12, 2007 at 03:12:12PM +, Stuart Henderson wrote: Either choose pkg_add -ui for an interactive update, or pkg_add -u -F update -F updatedepends, to permit this update: Done that. If I do this again I get the following output: Can't install ghostscript-8.54p1: lib not found X11.11.0 Install xbase from a newer snap. Done that.
Re: pkg_add keeps giving errors
On Mon, Nov 12, 2007 at 07:19:19PM +0100, Pieter Verberne wrote: On Mon, Nov 12, 2007 at 03:12:12PM +, Stuart Henderson wrote: Either choose pkg_add -ui for an interactive update, or pkg_add -u -F update -F updatedepends, to permit this update: Done that. If I do this again I get the following output: Can't install ghostscript-8.54p1: lib not found X11.11.0 Install xbase from a newer snap. Done that. Sorry, I meant to postpone this message. However, I don't know exactly what I did, and I don't know what went exacly wrong but it looks like it's working now. But right now I'm updating, so I still have to see..
Ntop
It is possible to compile the ntop - 3.3 in openbsd?
Re: Logging bandwidth usage with PF
Joel, Check out pfflowd. This site has a how to. Configuration of NetFlow, Flowtools, pfflowd on OpenBSD Have you ever wanted to keep track of every packet going through your firewall? How about getting some stats on the hosts using your network. Stats like most bandwidth used or most popular ports or ip's. Well NetFlow is what your looking for. NetFlow is an open but proprietary network protocol developed by Cisco Systems to run on Cisco IOS-enabled equipment for collecting IP traffic information. http://www.pantz.org/software/flowtools/configflowtoolspfflow.html -- Calomel @ http://calomel.org Open Source Research and Reference On Mon, Nov 12, 2007 at 09:31:08AM -0600, Joel Gudknecht wrote: Misc list: I'm trying to figure out a way to log and analyze bandwidth usage passing through my PF gateway. It's doing NAT for ~60 users. Here are the pertinent logging rules; rdr pass log on $ext_if proto tcp to port smtp - $host rdr pass log on $ext_if proto tcp to port www - $host rdr pass log on $ext_if proto tcp to port pop3 - $host rdr pass log on $ext_if proto tcp to port 1494 - $host rdr pass log on $ext_if proto tcp to port 3389 - $host pass out log keep state I've tried analyzing pflogs using ethereal/wireshark but could not get specifics about IP's and connection rates from it. I've also looked at ntop and pftop, which looks good for real-time monitoring but I don't think they apply for what I'm trying to do. I'd like to generate a sorted list of top bandwidth hogs and their IP addresses. Thanks. Joel
Re: pkg_add keeps giving errors
On Mon, 12 Nov 2007 19:19:19 +0100, Pieter Verberne wrote On Mon, Nov 12, 2007 at 03:12:12PM +, Stuart Henderson wrote: Either choose pkg_add -ui for an interactive update, or pkg_add -u -F update -F updatedepends, to permit this update: Done that. If I do this again I get the following output: Can't install ghostscript-8.54p1: lib not found X11.11.0 Install xbase from a newer snap. Done that. X11.11.0 was a 30 September patch: http://www.openbsd.org/cgi-bin/cvsweb/xenocara/lib/libX11/Makefile.bsd-wrapper?sortby=date The latest xbase42.tgz contains: -rw-r--r-- root/wheel 1040088 2007-11-03 00:58 ./usr/X11R6/lib/libX11.so.11.0 -rw-r--r-- root/wheel 1386880 2007-11-03 00:58 ./usr/X11R6/lib/libX11.a -rw-r--r-- root/wheel 849 2007-11-03 00:58 ./usr/X11R6/lib/libX11.la Check to make sure you have the appropriate libX11 files in /usr/X11R6/lib.
Re: pkg_add keeps giving errors
On Mon, Nov 12, 2007 at 01:41:19PM -0500, Josh Grosse wrote: X11.11.0 was a 30 September patch: http://www.openbsd.org/cgi-bin/cvsweb/xenocara/lib/libX11/Makefile.bsd-wrapper?sortby=date The latest xbase42.tgz contains: -rw-r--r-- root/wheel 1040088 2007-11-03 00:58 ./usr/X11R6/lib/libX11.so.11.0 -rw-r--r-- root/wheel 1386880 2007-11-03 00:58 ./usr/X11R6/lib/libX11.a -rw-r--r-- root/wheel 849 2007-11-03 00:58 ./usr/X11R6/lib/libX11.la Check to make sure you have the appropriate libX11 files in /usr/X11R6/lib. I checkt, but I was very sure about it. I just downloaded xbase42.tgz a hour ago and installed it.
mount_cd9660 options
hi there, i just noticed that i see an option i haven't seen before.. /dev/cd0c on /cdrom type cd9660 (local, noexec, read-only, norrip) what is norrip? it is not in mount_cd9660(8) or in mount(8)... -f -- the borg assimilated my race all i got was this t-shirt
ASUS P5B-VM SE and 3 sata drives, GURU need help ...
I have a problem initializing SATA HDDs in OpenBDS, please help: ASUS P5B-VM SE, there is an onboard controller: SATA Intel (4) and IDE Jmicron (1). I have 3 SATA drives connected (160GB, 500GB and 500GB), no RAID configured, and one CD-ROM drive, so the BIOS recognize them correctly as hd0+*, hd1+, hd2, cd0. When I finished installing the OS I could see only wd0 and wd1 (160MB and 500MB) connected ONLY(!) via SATA 3 and 4 ports on motherboard (and any HHDs connected to this one, 500+500, 500+160 and etc), and wd2 is always unavailable no matter how and what I dob What else should I try? :,( -- View this message in context: http://www.nabble.com/ASUS-P5B-VM-SE-and-3-sata-drives%2C-GURU-need-help-...- tf4793593.html#a13713393 Sent from the openbsd user - misc mailing list archive at Nabble.com.
Re: mount_cd9660 options
On Mon, Nov 12, 2007 at 08:57:24PM +0100, frantisek holop wrote: i just noticed that i see an option i haven't seen before.. /dev/cd0c on /cdrom type cd9660 (local, noexec, read-only, norrip) what is norrip? it is not in mount_cd9660(8) or in mount(8)... if you mount a cd9660 filesystem w/ -R (no rockridge extensions) you get norrip in the output. i don;t think you can specify this as a mount option though, so i'm not sure where we'd document this. jmc
Re: ASUS P5B-VM SE and 3 sata drives, GURU need help ...
On Nov 12, 2007 9:21 PM, Rover [EMAIL PROTECTED] wrote: I have a problem initializing SATA HDDs in OpenBDS, please help: ASUS P5B-VM SE, there is an onboard controller: SATA Intel (4) and IDE Jmicron (1). I have 3 SATA drives connected (160GB, 500GB and 500GB), no RAID configured, and one CD-ROM drive, so the BIOS recognize them correctly as hd0+*, hd1+, hd2, cd0. When I finished installing the OS I could see only wd0 and wd1 (160MB and 500MB) connected ONLY(!) via SATA 3 and 4 ports on motherboard (and any HHDs connected to this one, 500+500, 500+160 and etc), and wd2 is always unavailable no matter how and what I dob What else should I try? :,( -- You could start by posting the full dmesg output, so people can see what kind of hardware you have and which version of OpenBSD. =Adriaan=
Re: HP Procurve or Soekris w. OpenBSD ?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 11/12/07 5:01 AM, Stuart Henderson wrote: On 2007/11/12 12:56, knitti wrote: Looking to manage several webservers I am wondering if anybody uses something like this: http://soekris.kd85.com/images/tn/dsc03600.med.jpg ? (That image shows Wim's net4801-50 plus quadport lan1641 firewall box, giving 7 ports with low powerconsumption - on OpenBSD) what sort of bandwidth / packets per second? The standard choice in my datacenter (linux users mostly) seems to be HP Procurve but I'd prefer the power of PF. they're most likely switches. (Vantronix have a module for HP 5300xl switches that runs PF, though). I don't know exactly the 4801, but I use a couple of 4501 as firewalls and IPSec-Routers for connections of up to 5 MBit/sec. Seeing the specs of the 4801 and knowing the 4501, I wouldn't use them for more than about 40-50 Mbit/sec. I feel 40-50M would be pushing it, given that you might like some overhead to allow for occasional heavy numbers of packets. 5501 might do better (maybe with a nic rather than the on-board vr). I'd normally prefer a standard amd64/i386 box for a datacentre firewall though. I may change my mind when the net7501 eventually surfaces... I was just about to ask about this. I've been very happy with Nexcom 1563s as pf firewalls, especially with the disk-on-chip. No moving parts is good. (And thanks misc@ for this recommendation.) But the Nexcoms have only 100Base-T interfaces and now I've got a requirement for gig boxes in a couple of data centers. Any recommendations for carp/pfsync hardware with these specs on each box? - - at least 3 x 1000Base-T (mandatory) - - disk on chip if possible (not mandatory) - - fanless (not mandatory) - - rack-mountable (not manadatory) Any reasonable RAM and CPU speed considered, in the context of pushing traffic at ~100-300 Mbit/s. Or am I better off just buying el cheapo PCs and relying on carp and pfsync for redundancy? thanks dn iD8DBQFHOLiRyPxGVjntI4IRAp1hAJ9Uy0cbbip3EEXIlQ+Nnzlqr21ECwCg18g5 vDFGHhVj2htXbuEGqfgXFRY= =wNZl -END PGP SIGNATURE-
Re: mount_cd9660 options
hmm, on Mon, Nov 12, 2007 at 08:24:40PM +0001, Jason McIntyre said that On Mon, Nov 12, 2007 at 08:57:24PM +0100, frantisek holop wrote: i just noticed that i see an option i haven't seen before.. /dev/cd0c on /cdrom type cd9660 (local, noexec, read-only, norrip) what is norrip? it is not in mount_cd9660(8) or in mount(8)... if you mount a cd9660 filesystem w/ -R (no rockridge extensions) you get norrip in the output. i don;t think you can specify this as a mount option though, so i'm not sure where we'd document this. well, there might be a NOTE(S) section in mount_cd9660... and i've meant to ask this for some time now: the disc in question is a dvd... so it's udf and udf is considered to be a replacement of ISO 9660, and today is widely used for (re)writable optical media. so if cd9660 != udf and one is the replacement of the other, i was wondering if mount_cd9660 might be overhauled a bit to reflect this situation... -f -- i'm not old. i'm chronologically gifted.
Re: ASUS P5B-VM SE and 3 sata drives, GURU need help ...
Adriaan schrieb: On Nov 12, 2007 9:21 PM, Rover [EMAIL PROTECTED] wrote: I have a problem initializing SATA HDDs in OpenBDS, please help: ASUS P5B-VM SE, there is an onboard controller: SATA Intel (4) and IDE Jmicron (1). I have 3 SATA drives connected (160GB, 500GB and 500GB), no RAID configured, and one CD-ROM drive, so the BIOS recognize them correctly as hd0+*, hd1+, hd2, cd0. When I finished installing the OS I could see only wd0 and wd1 (160MB and 500MB) connected ONLY(!) via SATA 3 and 4 ports on motherboard (and any HHDs connected to this one, 500+500, 500+160 and etc), and wd2 is always unavailable no matter how and what I dob What else should I try? :,( -- You could start by posting the full dmesg output, so people can see what kind of hardware you have and which version of OpenBSD. =Adriaan= Have you tried playing with the bios settings? I had some issues with an ide controller in native or legacy mode. I think legacy mode works better. Regards, Dorian
Re: Any Ethereal, Wireshark related software in 4.2 ports?
On 2007/11/12 12:38, Steve Shockley wrote: Stuart Henderson wrote: tcpdump runs the scary code in a jail. Doesn't http://marc.info/?m=117390704628262 do the same thing? I haven't looked at it, just saw the post. ah, Nikns' port: this isn't a full jail, but it does drop privileges so it's a start. http://wiki.wireshark.org/Development/PrivilegeSeparation references this (so, some wireshark developers do recognise it needs to be done). IIRC (it's a while since I looked at it) there are some problems: you run the whole thing as root (including the GUI, which uses toolkits which are specifically not meant to be run as root), then after opening the capture device privs are dropped, at which point you can no longer access files you should have access to. There is another hackish workaround: mkfifo a file, then use tcpdump to do the capture into that. Run wireshark as a normal or (better) jailed user, and read from the FIFO. Messy, though... Anyway, this is probably of limited interest on misc@, so if anyone is interested in continuing this, ports@ is a better place (or the wireshark lists).
uvm_fault crash on fresh 4.2
I just installed an old compaq desktop that I intend to use as a webserver. I haven't installed anything on it yet, it's using vanilla 4.2-RELEASE. Twice now, I've booted it and left it running, intending to ssh in and work on it, except I've found that I couldn't because it's crashed on me. It has literally nothing running except the standard daemons (ntpd, sshd, httpd...) when this (faithfully transcribed) happens: uvm_fault(0xd687875c, 0xcfc7, 0, 1) - e kernel: page fault trap, code=0 Stopped at pmap_enter+0xaf:movl0(%edx,%eax,4),%eax ddb trace pmap_enter(d69c7a2c, 1c022000, 2353000,5,20,1c027000,da433ea4,0) at pmap_enter+0xaf uvm_fault(d687875c,1c023000,0,1,da3efea0) at uvm_fault+0xd0c trap() at trap+0x269 --- trap (number 6) -- 0x1c023261: ddb ps PID PPIDPGRPUID S FLAGS WAITCOMMAND 131117544 648 0 2 0 sh *22991 17544 648 0 7 0 sh 17544 14843 648 0 3 0x80pause sh 14843 27930 648 0 3 0x4080 piperd sh 22189 648 648 0 3 0x4080 piperd mail 15690 648 648 0 3 0x4080 piperd tee 27930 648 648 0 3 0x4080 pause sh 648 11321 648 0 3 0x4080 pause sh 11321 446844680 3 0x80piperd cron 63211 63210 3 0x4082 ttyin getty 16590 1 16590 0 3 0x4082 ttyin getty 28581 1 28581 0 3 0x4082 ttyin getty 29125 1 29125 0 3 0x4082 ttyin getty 13313 1 13313 0 3 0x4082 ttyin getty 44681 44680 3 0x80select cron 30525 1 30525 0 3 0x80select sshd 14729 5611561167 3 0x180 netcon httpd 11199 5611561167 3 0x180 netcon httpd 20250 5611561167 3 0x180 netcon httpd 76975611561167 3 0x180 netcon httpd 18435611561167 3 0x180 netcon httpd 24949 1 24949 0 3 0x40180 select sendmail 87521 87520 3 0x180 select inetd 56111 561167 3 0x180 select httpd 20884 29121 29121 83 3 0x180 pollntpd 29121 1 29121 0 3 0x80pollntpd 13148 1 12414 73 2 0x180 syslogd 12414 1 12414 0 3 0x88netio syslogd 36281 362877 3 0x180 polldhclient 14719 1 24228 0 3 0x82polldhclient 16 0 0 0 3 0x100200crypto_wait crypto 15 0 0 0 3 0x100200aiodonedaiodoned 14 0 0 0 3 0x100200syncer update 13 0 0 0 3 0x100200cleaner cleaner 12 0 0 0 3 0x100200reaper reaper 11 0 0 0 3 0x100200pgdaemon pagedaemon 10 0 0 0 3 0x100200pftmpfpurge 9 0 0 0 3 0x100200usbevt usb4 8 0 0 0 3 0x100200usbevt usb3 7 0 0 0 3 0x100200usbevt usb2 6 0 0 0 3 0x100200usbevt usb1 5 0 0 0 3 0x100200usbtsl usbtask 4 0 0 0 3 0x100200usbevt usb0 3 0 0 0 3 0x100200bored syswq 2 0 0 0 3 0x100200kmalloc kmthread 1 0 1 0 3 0x4080 waitinit 0 -1 0 0 3 0x80200 scheduler swapper So what's the deal? Is this a bug? Is it flakey hardware? I mixed and matched the RAM a bit, could that be it? Could the RAM be slightly unseated? I found this, which has the same issue: http://archive.netbsd.se/?ml=openbsd-newbiesa=2005-08m=1127711 dmesg: OpenBSD 4.2 (GENERIC) #375: Tue Aug 28 10:38:44 MDT 2007 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: AMD Duron(tm) Processor (AuthenticAMD 686-class, 64KB L2 cache) 902 MHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR real mem = 528052224 (503MB) avail mem = 502943744 (479MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 05/03/01, BIOS32 rev. 0 @ 0xfa100, SMBIOS rev. 2.3 @ 0xf (19 entries) bios0: vendor Compaq version 786K3 date 05/03/2001 bios0: Compaq Presario 5100CA 470013-866 pcibios0 at bios0: rev 2.1 @ 0xfa040/0x1000 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfa040/128 (6 entries) pcibios0: PCI Interrupt Router at 000:20:0 (VIA VT82C686 ISA rev 0x00) pcibios0: PCI bus #1 is the last bus bios0: ROM list: 0xc/0x1
Re: [OT] making Firefox respect telnet:// URLs
On Mon, 12 Nov 2007 18:25:57 +0100, William Boshuck [EMAIL PROTECTED] wrote: On Mon, Nov 12, 2007 at 02:02:32AM +0100, Linus Swdlas wrote: On Mon, 12 Nov 2007 00:25:29 +0100, ropers [EMAIL PROTECTED] wrote: feel free to correct me. =) This kind of parameter substitution is in the POSIX 1 specification for sh. See the parameters section of the man page for sh(1). I stand corrected. ;) But I wouldn't, I'd let bash do it: Probably better to use sh, or ksh, since they are in OpenBSD by default, and are more than up to the task. OpenBSD's ksh is great, I've never bothered to check if it's available for Solaris for example. I've just assumed that it's not, and bash is. And I use Linux too, so, I personally prefer bash. =) Though in this case I agree with you, at least if he doesn't already have bash installed. =) -- Using Opera's revolutionary e-mail client: http://www.opera.com/mail/
Subversion/Apache Mod dav
Howdy? I'm trying to install mod_dav_svn and mod_authz_svn with apache 2.0.xx and find that they have been moved into the ap2-subversion-1.4.4 package that requires apache 2.2. When I go to the ports tree there is nothing equivalent to this module. Does anyone know what is going on? Is subversion under apache 2.0 no longer supported? Any help would be greatly appreciated. Thanks, Dhu
OS not seeing all RAM (1GiB less)
What would cause an 4.1 machine running on a Dell PowerEdge 1950 to see only 3,220,439,040 bytes of RAM as opposed to the 4GB that it really has (confirmed by BIOS)?
Re: uvm_fault crash on fresh 4.2
On Nov 12, 2007 7:25 PM, Nick Guenther [EMAIL PROTECTED] wrote: I just installed an old compaq desktop that I intend to use as a Stopped at pmap_enter+0xaf:movl0(%edx,%eax,4),%eax ddb trace pmap_enter(d69c7a2c, 1c022000, 2353000,5,20,1c027000,da433ea4,0) at pmap_enter+0xaf uvm_fault(d687875c,1c023000,0,1,da3efea0) at uvm_fault+0xd0c trap() at trap+0x269 every fault i've had in the area of pmap on i386 has been due to bad ram, at least 6 or more times in my experience with garbage resecued machines.
CARP Advertisement Issue
Heya In the network: OpenBSD Firewall (x2) -- Metropolitan Layer 2 Network -- ISP(s) CARP advertisements are forming some 7% of the 'noise' traffic across the Metro L2 resulting in complaints from other clients of the Metro L2 provider. All production and testing done with: OpenBSD 4.0 release + errata OpenBSD 4.1 release + errata I have read through the 4.1 to 4.2 changes documentation (http://www.openbsd.org/plus42.html). I can see nothing there that would alter the below results. Thanks in advance for all suggestions and/or recommendations. I have some Feature Requests as a result of this testing, but will hold off on those until feedback is received. :) Upon receiving a request from the L2 provider, we thought of or tried the following: * Unicast CARP advertisements; Unlike pfsync, CARP does not currently have support for Unicast communications. * lladdr filtering by the L2 provider; All of the CARP advertisements are coming from the shared lladdr of the carp interface, not from the lladdr of the carpdev's. (True also on the other carp interfaces.) * netstart + pf + ifstated; Start the external facing carpdev's configured and down and the internal facing carpdev's configured and up on boot. Use pf to explicitly allow CARP advertisements on the internal facing carpdev's and block all others (including the external facing carpdev's). Use ifstated to monitor the state changes on the internal facing carp devices. Run 'ifconfig $carp [up|down]' on the external facing carp devices depending upon the state of the internal facing carp devices. /etc/netstart currently does not deal with configuring and then setting an interface to down upon boot. example /etc/hostname.if: inet 192.168.0.1 255.255.255.0 NONE down CARP seems inconsistent in its handling of the carpdev status. Discovered that upon booting with all physical cables unplugged that carp interfaces enter master state despite carpdev's (em - Intel PRO/1000 10/100/Gigabit Ethernet devices) not having physical network connectivity. In general, this setup is not considered an optimal solution anyway. Thanks Again Shane Lazarus Infrastructure Engineer DataTorque +64 21 529278 [EMAIL PROTECTED]
Re: OS not seeing all RAM (1GiB less)
On Mon, 2007-11-12 at 22:40 -0500, C Thala wrote: What would cause an 4.1 machine running on a Dell PowerEdge 1950 to see only 3,220,439,040 bytes of RAM as opposed to the 4GB that it really has (confirmed by BIOS)? A little something-something called PAE. You're probably running 4.1/i386? What you want to do is install the amd64 release on the 9th gen. ~BAS
Re: Logging bandwidth usage with PF
On Nov 12, 2007, at 10:31 AM, Joel Gudknecht wrote: Misc list: I'm trying to figure out a way to log and analyze bandwidth usage passing through my PF gateway. It's doing NAT for ~60 users. Here are the pertinent logging rules; rdr pass log on $ext_if proto tcp to port smtp - $host rdr pass log on $ext_if proto tcp to port www - $host rdr pass log on $ext_if proto tcp to port pop3 - $host rdr pass log on $ext_if proto tcp to port 1494 - $host rdr pass log on $ext_if proto tcp to port 3389 - $host pass out log keep state I've tried analyzing pflogs using ethereal/wireshark but could not get specifics about IP's and connection rates from it. I've also looked at ntop and pftop, which looks good for real-time monitoring but I don't think they apply for what I'm trying to do. I'd like to generate a sorted list of top bandwidth hogs and their IP addresses. You've gotten some good suggestions. For no particular reason at all, I figured I would mention this related project. I don't know the author, but it looks vaguely interesting. Rumors are it will have a port for OpenBSD when it's ready for testing. It's designed to read in data from flowd (via fifo). The examples are live NetFlow streams generated by pfflowd. http://www.netflowdashboard.com/demo/ user = guest pass = guest --- Jason Dixon DixonGroup Consulting http://www.dixongroup.net
Prihvati izazov, nastavi igru
Poklon za znanje - bod za prijateljstvo http://www.e-topshop.tv http://images.studio-moderna.com/upload/dormeonewen/image/mailing/px.gi f Hvala Ti na odluci da se igra9 sa nama! Sakupljaj bodove i osvoji LCD TV, digitalnu kameru ili Walkman mobilni telefon. I to nije sve... Podsefamo Te da moe9 osvojiti i bodove za prijateljstvo! Svaki prijatelj koga pozove9 na uhe9fe i koji tahno odgovori na na9e nagradno pitanje donosi Ti dodatnih 5 poena... Ni to nije sve! Ukoliko pozove9 najmanje 1 prijatelja dobija9 10% popusta na bilo koji proizvod iz specijalno odabrane grupe najpopularnijih Top Shop proizvoda. Pozovi prijatelje i uvefaj zbir svojih bodova. http://www.e-topshop.tv/igra/recommend.asp?vid=1779920sid=36871email= misc@openbsd.orgmed=emtyp=efdorig=intbrd=tsctn=scgvir=yesreferrer =scg_thankyousrc=scg_thankyou Svako dobija! Svaki uhesnik nagradne igre dobija besplatnu e-knjigu Ljubav, zdravlje i jo9 po ne9to sa brojnim savetima o ljubavi, zdravlju, lepoti, fitnesu, roditeljstvu... Osvoji poklon za znanje! U naredna dva meseca, na Tvoju e-mail adresu stifi fe jo9 5 pitanja. Svaki tahan odgovor donosi Ti dodatne poene i to - svako pitanje - sve vi9e i vi9e! Prihvati izazov... Pokai znanje, pozovi prijatelje i uvefaj broj svojih bodova i 9anse da osvoji9 neki od vrednih poklona! Vi9e bodova - vi9e 9anse za poklon! Pozovi prijatelje i uvefaj zbir svojih bodova. http://www.e-topshop.tv/igra/recommend.asp?vid=1779920sid=36871email= misc@openbsd.orgmed=emtyp=efdorig=intbrd=tsctn=scgvir=yesreferrer =scg_thankyousrc=scg_thankyou Srefno! Top Shophttp://images.studio-moderna.com/upload/topshop_SCG/image/viral_img /TopShop_officiallogo.jpg Poklon #1 LCD TV! LCD TV http://www.e-topshop.tv/igra/recommend.asp?vid=1779920sid=36871email= misc@openbsd.orgmed=emtyp=efdorig=intbrd=tsctn=scgvir=yesreferrer =scg_thankyousrc=scg_thankyou http://images.studio-moderna.com/upload/topshop_SCG/image/viral_sr/offe r_box_b.jpg http://images.studio-moderna.com/upload/dormeonewen/image/mailing/px.gi f Poklon #2 http://images.studio-moderna.com/upload/dormeonewen/image/mailing/px.gi f Digitalna kamera! Digitalna kamera http://www.e-topshop.tv/igra/recommend.asp?vid=1779920sid=36871email= misc@openbsd.orgmed=emtyp=efdorig=intbrd=tsctn=scgvir=yesreferrer =scg_thankyousrc=scg_thankyou http://images.studio-moderna.com/upload/topshop_SCG/image/viral_sr/offe r_box_b.jpg http://images.studio-moderna.com/upload/dormeonewen/image/mailing/px.gi f Poklon #3 http://images.studio-moderna.com/upload/dormeonewen/image/mailing/px.gi f Mobilni telefon! Mobilni telefon http://www.e-topshop.tv/igra/recommend.asp?vid=1779920sid=36871email= misc@openbsd.orgmed=emtyp=efdorig=intbrd=tsctn=scgvir=yesreferrer =scg_thankyousrc=scg_thankyou http://images.studio-moderna.com/upload/topshop_SCG/image/viral_sr/offe r_box_b.jpg http://images.studio-moderna.com/upload/dormeonewen/image/mailing/px.gi f VA.NO! Tahan odgovor samo jednog prijatelja donosi ti 10% popusta na odabrane proizvode. http://images.studio-moderna.com/upload/dormeonewen/image/mailing/px.gi f .elim da vidim op9irnija pravila nagradne igre. Ukoliko vi9e ne elite da primate e-mailove od nas kliknite ovde. http://ca.avenija.com/unsubscribe/unsubscribe.asp Studio Moderna d.o.o., Laze Nanhifa 50, 21 000 Novi Sad, Srbija
Re: Subversion/Apache Mod dav
On Mon, 12 Nov 2007 20:49:08 -0600 Duncan Patton a Campbell [EMAIL PROTECTED] wrote: Howdy? I'm trying to install mod_dav_svn and mod_authz_svn with apache 2.0.xx and find that they have been moved into the ap2-subversion-1.4.4 package that requires apache 2.2. When I go to the ports tree there is nothing equivalent to this module. Does anyone know what is going on? Is subversion under apache 2.0 no longer supported? Any help would be greatly appreciated. Thanks, Dhu Addenedum: subversion 1.4.5 now appears to build on OBSD with mod_dav_svn, so this is less problematic.. still(?) Dhu